summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2013-11-08 22:14:07 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2013-11-08 22:17:10 +0100
commit76c93d23c073ef8b885503b7d28a31ffe2add6d8 (patch)
tree1dd2d22a197bc40c5330e516969a7cb1ae9bc96f /lib
parent559a144f6bbcbb611453f82e655dd7438c14d1a7 (diff)
downloadgnutls-76c93d23c073ef8b885503b7d28a31ffe2add6d8.tar.gz
reindented code
Diffstat (limited to 'lib')
-rw-r--r--lib/abstract_int.h122
-rw-r--r--lib/accelerated/accelerated.c15
-rw-r--r--lib/accelerated/cryptodev-gcm.c360
-rw-r--r--lib/accelerated/cryptodev.c676
-rw-r--r--lib/accelerated/cryptodev.h6
-rw-r--r--lib/accelerated/x86/aes-gcm-padlock.c134
-rw-r--r--lib/accelerated/x86/aes-gcm-x86.c319
-rw-r--r--lib/accelerated/x86/aes-padlock.c578
-rw-r--r--lib/accelerated/x86/aes-padlock.h43
-rw-r--r--lib/accelerated/x86/aes-x86.c272
-rw-r--r--lib/accelerated/x86/aes-x86.h44
-rw-r--r--lib/accelerated/x86/hmac-padlock.c385
-rw-r--r--lib/accelerated/x86/sha-padlock.c476
-rw-r--r--lib/accelerated/x86/sha-padlock.h23
-rw-r--r--lib/accelerated/x86/x86.h12
-rw-r--r--lib/algorithms.h354
-rw-r--r--lib/algorithms/cert_types.c47
-rw-r--r--lib/algorithms/ciphers.c211
-rw-r--r--lib/algorithms/ciphersuites.c1852
-rw-r--r--lib/algorithms/ecc.c276
-rw-r--r--lib/algorithms/kx.c246
-rw-r--r--lib/algorithms/mac.c236
-rw-r--r--lib/algorithms/protocols.c180
-rw-r--r--lib/algorithms/publickey.c210
-rw-r--r--lib/algorithms/secparams.c157
-rw-r--r--lib/algorithms/sign.c306
-rw-r--r--lib/auth/anon.c226
-rw-r--r--lib/auth/anon.h25
-rw-r--r--lib/auth/anon_ecdh.c162
-rw-r--r--lib/auth/cert.c3935
-rw-r--r--lib/auth/cert.h223
-rw-r--r--lib/auth/dh_common.c489
-rw-r--r--lib/auth/dh_common.h37
-rw-r--r--lib/auth/dhe.c227
-rw-r--r--lib/auth/dhe_psk.c744
-rw-r--r--lib/auth/ecdhe.c529
-rw-r--r--lib/auth/ecdhe.h29
-rw-r--r--lib/auth/psk.c502
-rw-r--r--lib/auth/psk.h67
-rw-r--r--lib/auth/psk_passwd.c294
-rw-r--r--lib/auth/psk_passwd.h6
-rw-r--r--lib/auth/rsa.c455
-rw-r--r--lib/auth/rsa_common.h6
-rw-r--r--lib/auth/rsa_psk.c640
-rw-r--r--lib/auth/srp.c1601
-rw-r--r--lib/auth/srp.h47
-rw-r--r--lib/auth/srp_passwd.c763
-rw-r--r--lib/auth/srp_passwd.h25
-rw-r--r--lib/auth/srp_rsa.c398
-rw-r--r--lib/auth/srp_sb64.c622
-rw-r--r--lib/crypto-api.c306
-rw-r--r--lib/crypto-backend.c319
-rw-r--r--lib/crypto-backend.h449
-rw-r--r--lib/crypto.h12
-rw-r--r--lib/debug.c171
-rw-r--r--lib/debug.h18
-rw-r--r--lib/ext/alpn.c484
-rw-r--r--lib/ext/alpn.h15
-rw-r--r--lib/ext/cert_type.c367
-rw-r--r--lib/ext/ecc.c380
-rw-r--r--lib/ext/ecc.h3
-rw-r--r--lib/ext/heartbeat.c673
-rw-r--r--lib/ext/heartbeat.h4
-rw-r--r--lib/ext/max_record.c376
-rw-r--r--lib/ext/new_record_padding.c162
-rw-r--r--lib/ext/safe_renegotiation.c770
-rw-r--r--lib/ext/safe_renegotiation.h33
-rw-r--r--lib/ext/server_name.c693
-rw-r--r--lib/ext/server_name.h18
-rw-r--r--lib/ext/session_ticket.c1166
-rw-r--r--lib/ext/session_ticket.h4
-rw-r--r--lib/ext/signature.c658
-rw-r--r--lib/ext/signature.h31
-rw-r--r--lib/ext/srp.c403
-rw-r--r--lib/ext/srp.h7
-rw-r--r--lib/ext/srtp.c940
-rw-r--r--lib/ext/srtp.h15
-rw-r--r--lib/ext/status_request.c767
-rw-r--r--lib/ext/status_request.h6
-rw-r--r--lib/extras/randomart.c203
-rw-r--r--lib/extras/randomart.h9
-rw-r--r--lib/gnutls_alert.c396
-rw-r--r--lib/gnutls_anon_cred.c43
-rw-r--r--lib/gnutls_asn1_tab.c126
-rw-r--r--lib/gnutls_auth.c471
-rw-r--r--lib/gnutls_auth.h60
-rw-r--r--lib/gnutls_buffers.c2029
-rw-r--r--lib/gnutls_buffers.h100
-rw-r--r--lib/gnutls_cert.c834
-rw-r--r--lib/gnutls_cipher.c1863
-rw-r--r--lib/gnutls_cipher.h19
-rw-r--r--lib/gnutls_cipher_int.c590
-rw-r--r--lib/gnutls_cipher_int.h195
-rw-r--r--lib/gnutls_compress.c495
-rw-r--r--lib/gnutls_compress.h51
-rw-r--r--lib/gnutls_constate.c997
-rw-r--r--lib/gnutls_constate.h101
-rw-r--r--lib/gnutls_datum.c53
-rw-r--r--lib/gnutls_datum.h10
-rw-r--r--lib/gnutls_db.c321
-rw-r--r--lib/gnutls_db.h8
-rw-r--r--lib/gnutls_dh.c246
-rw-r--r--lib/gnutls_dh.h15
-rw-r--r--lib/gnutls_dh_primes.c679
-rw-r--r--lib/gnutls_dtls.c1306
-rw-r--r--lib/gnutls_dtls.h70
-rw-r--r--lib/gnutls_ecc.c135
-rw-r--r--lib/gnutls_ecc.h8
-rw-r--r--lib/gnutls_errors.c1053
-rw-r--r--lib/gnutls_errors.h34
-rw-r--r--lib/gnutls_extensions.c1020
-rw-r--r--lib/gnutls_extensions.h109
-rw-r--r--lib/gnutls_global.c263
-rw-r--r--lib/gnutls_global.h6
-rw-r--r--lib/gnutls_handshake.c5868
-rw-r--r--lib/gnutls_handshake.h59
-rw-r--r--lib/gnutls_hash_int.c787
-rw-r--r--lib/gnutls_hash_int.h135
-rw-r--r--lib/gnutls_helper.c15
-rw-r--r--lib/gnutls_helper.h2
-rw-r--r--lib/gnutls_int.h1338
-rw-r--r--lib/gnutls_kx.c1147
-rw-r--r--lib/gnutls_kx.h30
-rw-r--r--lib/gnutls_mbuffers.c352
-rw-r--r--lib/gnutls_mbuffers.h104
-rw-r--r--lib/gnutls_mem.c71
-rw-r--r--lib/gnutls_mem.h12
-rw-r--r--lib/gnutls_mpi.c542
-rw-r--r--lib/gnutls_mpi.h25
-rw-r--r--lib/gnutls_num.c68
-rw-r--r--lib/gnutls_num.h136
-rw-r--r--lib/gnutls_pcert.c450
-rw-r--r--lib/gnutls_pk.c625
-rw-r--r--lib/gnutls_pk.h49
-rw-r--r--lib/gnutls_priority.c1604
-rw-r--r--lib/gnutls_privkey.c1141
-rw-r--r--lib/gnutls_psk.c273
-rw-r--r--lib/gnutls_pubkey.c2513
-rw-r--r--lib/gnutls_range.c419
-rw-r--r--lib/gnutls_record.c2191
-rw-r--r--lib/gnutls_record.h44
-rw-r--r--lib/gnutls_rsa_export.c101
-rw-r--r--lib/gnutls_session.c168
-rw-r--r--lib/gnutls_session_pack.c1383
-rw-r--r--lib/gnutls_session_pack.h8
-rw-r--r--lib/gnutls_sig.c1293
-rw-r--r--lib/gnutls_sig.h56
-rw-r--r--lib/gnutls_srp.c813
-rw-r--r--lib/gnutls_srp.h22
-rw-r--r--lib/gnutls_state.c1507
-rw-r--r--lib/gnutls_state.h64
-rw-r--r--lib/gnutls_str.c1103
-rw-r--r--lib/gnutls_str.h110
-rw-r--r--lib/gnutls_str_array.h129
-rw-r--r--lib/gnutls_supplemental.c250
-rw-r--r--lib/gnutls_supplemental.h8
-rw-r--r--lib/gnutls_ui.c828
-rw-r--r--lib/gnutls_v2_compat.c395
-rw-r--r--lib/gnutls_v2_compat.h4
-rw-r--r--lib/gnutls_x509.c3142
-rw-r--r--lib/gnutls_x509.h18
-rw-r--r--lib/includes/gnutls/abstract.h709
-rw-r--r--lib/includes/gnutls/compat.h523
-rw-r--r--lib/includes/gnutls/crypto.h132
-rw-r--r--lib/includes/gnutls/dtls.h63
-rw-r--r--lib/includes/gnutls/gnutlsxx.h790
-rw-r--r--lib/includes/gnutls/ocsp.h287
-rw-r--r--lib/includes/gnutls/openpgp.h553
-rw-r--r--lib/includes/gnutls/pkcs11.h419
-rw-r--r--lib/includes/gnutls/pkcs12.h173
-rw-r--r--lib/includes/gnutls/tpm.h49
-rw-r--r--lib/includes/gnutls/x509.h1865
-rw-r--r--lib/includes/gnutls/xssl.h116
-rw-r--r--lib/locks.c17
-rw-r--r--lib/minitasn1/coding.c1782
-rw-r--r--lib/minitasn1/decoding.c4972
-rw-r--r--lib/minitasn1/element.c1238
-rw-r--r--lib/minitasn1/element.h10
-rw-r--r--lib/minitasn1/errors.c65
-rw-r--r--lib/minitasn1/gstr.c56
-rw-r--r--lib/minitasn1/gstr.h5
-rw-r--r--lib/minitasn1/int.h65
-rw-r--r--lib/minitasn1/libtasn1.h305
-rw-r--r--lib/minitasn1/parser_aux.c1390
-rw-r--r--lib/minitasn1/parser_aux.h91
-rw-r--r--lib/minitasn1/structure.c1736
-rw-r--r--lib/minitasn1/structure.h12
-rw-r--r--lib/minitasn1/version.c9
-rw-r--r--lib/nettle/cipher.c661
-rw-r--r--lib/nettle/egd.c385
-rw-r--r--lib/nettle/egd.h4
-rw-r--r--lib/nettle/gcm-camellia.c31
-rw-r--r--lib/nettle/gcm-camellia.h22
-rw-r--r--lib/nettle/init.c8
-rw-r--r--lib/nettle/mac.c638
-rw-r--r--lib/nettle/mpi.c874
-rw-r--r--lib/nettle/pk.c2093
-rw-r--r--lib/nettle/rnd.c641
-rw-r--r--lib/opencdk/armor.c933
-rw-r--r--lib/opencdk/context.h168
-rw-r--r--lib/opencdk/filters.h115
-rw-r--r--lib/opencdk/kbnode.c679
-rw-r--r--lib/opencdk/keydb.c3965
-rw-r--r--lib/opencdk/keydb.h68
-rw-r--r--lib/opencdk/literal.c479
-rw-r--r--lib/opencdk/main.h130
-rw-r--r--lib/opencdk/misc.c427
-rw-r--r--lib/opencdk/new-packet.c1112
-rw-r--r--lib/opencdk/opencdk.h1324
-rw-r--r--lib/opencdk/packet.h35
-rw-r--r--lib/opencdk/pubkey.c785
-rw-r--r--lib/opencdk/read-packet.c1865
-rw-r--r--lib/opencdk/seskey.c60
-rw-r--r--lib/opencdk/sig-check.c1015
-rw-r--r--lib/opencdk/stream.c1994
-rw-r--r--lib/opencdk/stream.h119
-rw-r--r--lib/opencdk/types.h2
-rw-r--r--lib/opencdk/write-packet.c1438
-rw-r--r--lib/openpgp/compat.c253
-rw-r--r--lib/openpgp/extras.c365
-rw-r--r--lib/openpgp/gnutls_openpgp.c896
-rw-r--r--lib/openpgp/gnutls_openpgp.h68
-rw-r--r--lib/openpgp/openpgp_int.h71
-rw-r--r--lib/openpgp/output.c934
-rw-r--r--lib/openpgp/pgp.c2143
-rw-r--r--lib/openpgp/pgpverify.c133
-rw-r--r--lib/openpgp/privkey.c1725
-rw-r--r--lib/pin.c21
-rw-r--r--lib/pin.h2
-rw-r--r--lib/pkcs11.c4715
-rw-r--r--lib/pkcs11_int.h324
-rw-r--r--lib/pkcs11_privkey.c1179
-rw-r--r--lib/pkcs11_secret.c202
-rw-r--r--lib/pkcs11_write.c1430
-rw-r--r--lib/pkix_asn1_tab.c999
-rw-r--r--lib/random.c41
-rw-r--r--lib/random.h23
-rw-r--r--lib/system.c972
-rw-r--r--lib/system.h53
-rw-r--r--lib/system_override.c41
-rw-r--r--lib/tpm.c2605
-rw-r--r--lib/vasprintf.c27
-rw-r--r--lib/vasprintf.h2
-rw-r--r--lib/verify-tofu.c1208
-rw-r--r--lib/x509/common.c2891
-rw-r--r--lib/x509/common.h166
-rw-r--r--lib/x509/crl.c1369
-rw-r--r--lib/x509/crl_write.c555
-rw-r--r--lib/x509/crq.c3351
-rw-r--r--lib/x509/dn.c1531
-rw-r--r--lib/x509/extensions.c2227
-rw-r--r--lib/x509/key_decode.c400
-rw-r--r--lib/x509/key_encode.c1312
-rw-r--r--lib/x509/mpi.c420
-rw-r--r--lib/x509/ocsp.c3127
-rw-r--r--lib/x509/ocsp_output.c1025
-rw-r--r--lib/x509/output.c4782
-rw-r--r--lib/x509/pbkdf2-sha1.c275
-rw-r--r--lib/x509/pbkdf2-sha1.h6
-rw-r--r--lib/x509/pkcs12.c3002
-rw-r--r--lib/x509/pkcs12_bag.c1008
-rw-r--r--lib/x509/pkcs12_encr.c292
-rw-r--r--lib/x509/pkcs7.c1366
-rw-r--r--lib/x509/privkey.c2429
-rw-r--r--lib/x509/privkey_openssl.c548
-rw-r--r--lib/x509/privkey_pkcs8.c4315
-rw-r--r--lib/x509/rfc2818_hostname.c107
-rw-r--r--lib/x509/sign.c206
-rw-r--r--lib/x509/verify-high.c882
-rw-r--r--lib/x509/verify-high.h4
-rw-r--r--lib/x509/verify-high2.c459
-rw-r--r--lib/x509/verify.c1539
-rw-r--r--lib/x509/x509.c4824
-rw-r--r--lib/x509/x509_dn.c260
-rw-r--r--lib/x509/x509_int.h466
-rw-r--r--lib/x509/x509_write.c2266
-rw-r--r--lib/x509_b64.c546
-rw-r--r--lib/x509_b64.h12
-rw-r--r--lib/xssl.c998
-rw-r--r--lib/xssl.h22
-rw-r--r--lib/xssl_getline.c148
281 files changed, 90545 insertions, 92687 deletions
diff --git a/lib/abstract_int.h b/lib/abstract_int.h
index 0ea7f4c327..e6524bc2ea 100644
--- a/lib/abstract_int.h
+++ b/lib/abstract_int.h
@@ -21,93 +21,91 @@
*/
#ifndef _ABSTRACT_INT_H
-# define _ABSTRACT_INT_H
+#define _ABSTRACT_INT_H
#include <gnutls/abstract.h>
-struct gnutls_privkey_st
-{
- gnutls_privkey_type_t type;
- gnutls_pk_algorithm_t pk_algorithm;
+struct gnutls_privkey_st {
+ gnutls_privkey_type_t type;
+ gnutls_pk_algorithm_t pk_algorithm;
- union
- {
- gnutls_x509_privkey_t x509;
+ union {
+ gnutls_x509_privkey_t x509;
#ifdef ENABLE_PKCS11
- gnutls_pkcs11_privkey_t pkcs11;
+ gnutls_pkcs11_privkey_t pkcs11;
#endif
#ifdef ENABLE_OPENPGP
- gnutls_openpgp_privkey_t openpgp;
+ gnutls_openpgp_privkey_t openpgp;
#endif
- struct {
- gnutls_privkey_sign_func sign_func;
- gnutls_privkey_decrypt_func decrypt_func;
- gnutls_privkey_deinit_func deinit_func;
- void* userdata;
- } ext;
- } key;
-
- unsigned int flags;
- struct pin_info_st pin;
+ struct {
+ gnutls_privkey_sign_func sign_func;
+ gnutls_privkey_decrypt_func decrypt_func;
+ gnutls_privkey_deinit_func deinit_func;
+ void *userdata;
+ } ext;
+ } key;
+
+ unsigned int flags;
+ struct pin_info_st pin;
};
-struct gnutls_pubkey_st
-{
- gnutls_pk_algorithm_t pk_algorithm;
- unsigned int bits; /* an indication of the security parameter */
-
- /* the size of params depends on the public
- * key algorithm
- * RSA: [0] is modulus
- * [1] is public exponent
- * DSA: [0] is p
- * [1] is q
- * [2] is g
- * [3] is public key
- */
- gnutls_pk_params_st params;
+struct gnutls_pubkey_st {
+ gnutls_pk_algorithm_t pk_algorithm;
+ unsigned int bits; /* an indication of the security parameter */
+
+ /* the size of params depends on the public
+ * key algorithm
+ * RSA: [0] is modulus
+ * [1] is public exponent
+ * DSA: [0] is p
+ * [1] is q
+ * [2] is g
+ * [3] is public key
+ */
+ gnutls_pk_params_st params;
#ifdef ENABLE_OPENPGP
- uint8_t openpgp_key_id[GNUTLS_OPENPGP_KEYID_SIZE];
- unsigned int openpgp_key_id_set;
+ uint8_t openpgp_key_id[GNUTLS_OPENPGP_KEYID_SIZE];
+ unsigned int openpgp_key_id_set;
- uint8_t openpgp_key_fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
- unsigned int openpgp_key_fpr_set:1;
+ uint8_t openpgp_key_fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
+ unsigned int openpgp_key_fpr_set:1;
#endif
- unsigned int key_usage; /* bits from GNUTLS_KEY_* */
-
- struct pin_info_st pin;
+ unsigned int key_usage; /* bits from GNUTLS_KEY_* */
+
+ struct pin_info_st pin;
};
-int _gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
- gnutls_pk_params_st*);
+int _gnutls_privkey_get_public_mpis(gnutls_privkey_t key,
+ gnutls_pk_params_st *);
-int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st* params);
-int _gnutls_pubkey_compatible_with_sig(gnutls_session_t, gnutls_pubkey_t pubkey,
- const version_entry_st* ver, gnutls_sign_algorithm_t sign);
+int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params);
+int _gnutls_pubkey_compatible_with_sig(gnutls_session_t,
+ gnutls_pubkey_t pubkey,
+ const version_entry_st * ver,
+ gnutls_sign_algorithm_t sign);
int _gnutls_pubkey_is_over_rsa_512(gnutls_pubkey_t pubkey);
int
-_gnutls_pubkey_get_mpis (gnutls_pubkey_t key,
- gnutls_pk_params_st * params);
+_gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st * params);
int
-pubkey_verify_hashed_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st * algo,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * issuer_params);
+pubkey_verify_hashed_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * algo,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * issuer_params);
-int pubkey_verify_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st * algo,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * issuer_params);
+int pubkey_verify_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * algo,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * issuer_params);
-const mac_entry_st*
-_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo,
- const gnutls_pk_params_st* params, unsigned int* hash_len);
+const mac_entry_st *_gnutls_dsa_q_to_hash(gnutls_pk_algorithm_t algo,
+ const gnutls_pk_params_st *
+ params, unsigned int *hash_len);
#endif
diff --git a/lib/accelerated/accelerated.c b/lib/accelerated/accelerated.c
index 21b36edf62..86983746a3 100644
--- a/lib/accelerated/accelerated.c
+++ b/lib/accelerated/accelerated.c
@@ -23,19 +23,18 @@
#include <config.h>
#include <accelerated.h>
#if defined(ASM_X86)
-# include <x86/aes-x86.h>
-# include <x86/x86.h>
+#include <x86/aes-x86.h>
+#include <x86/x86.h>
#endif
void _gnutls_register_accel_crypto(void)
{
#if defined(ASM_X86)
- if (gnutls_have_cpuid() != 0)
- {
- register_x86_crypto ();
- register_padlock_crypto ();
- }
+ if (gnutls_have_cpuid() != 0) {
+ register_x86_crypto();
+ register_padlock_crypto();
+ }
#endif
- return;
+ return;
}
diff --git a/lib/accelerated/cryptodev-gcm.c b/lib/accelerated/cryptodev-gcm.c
index 61bb544802..dd4e8fdc0e 100644
--- a/lib/accelerated/cryptodev-gcm.c
+++ b/lib/accelerated/cryptodev-gcm.c
@@ -45,259 +45,243 @@
#define GCM_BLOCK_SIZE 16
-struct cryptodev_gcm_ctx
-{
- struct session_op sess;
- struct crypt_auth_op cryp;
- uint8_t iv[GCM_BLOCK_SIZE];
- uint8_t tag[GCM_BLOCK_SIZE];
-
- void* auth_data;
- unsigned int auth_data_size;
-
- int op; /* whether encryption op has been executed */
-
- int cfd;
+struct cryptodev_gcm_ctx {
+ struct session_op sess;
+ struct crypt_auth_op cryp;
+ uint8_t iv[GCM_BLOCK_SIZE];
+ uint8_t tag[GCM_BLOCK_SIZE];
+
+ void *auth_data;
+ unsigned int auth_data_size;
+
+ int op; /* whether encryption op has been executed */
+
+ int cfd;
};
-static void
-aes_gcm_deinit (void *_ctx)
+static void aes_gcm_deinit(void *_ctx)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
- ioctl (ctx->cfd, CIOCFSESSION, &ctx->sess.ses);
- gnutls_free (ctx);
+ ioctl(ctx->cfd, CIOCFSESSION, &ctx->sess.ses);
+ gnutls_free(ctx);
}
static const int cipher_map[] = {
- [GNUTLS_CIPHER_AES_128_GCM] = CRYPTO_AES_GCM,
- [GNUTLS_CIPHER_AES_256_GCM] = CRYPTO_AES_GCM,
+ [GNUTLS_CIPHER_AES_128_GCM] = CRYPTO_AES_GCM,
+ [GNUTLS_CIPHER_AES_256_GCM] = CRYPTO_AES_GCM,
};
static int
-aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ int enc)
{
- struct cryptodev_gcm_ctx *ctx;
+ struct cryptodev_gcm_ctx *ctx;
- *_ctx = gnutls_calloc (1, sizeof (struct cryptodev_gcm_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ *_ctx = gnutls_calloc(1, sizeof(struct cryptodev_gcm_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx = *_ctx;
+ ctx = *_ctx;
- ctx->cfd = _gnutls_cryptodev_fd;
- ctx->sess.cipher = cipher_map[algorithm];
- ctx->cryp.iv = ctx->iv;
+ ctx->cfd = _gnutls_cryptodev_fd;
+ ctx->sess.cipher = cipher_map[algorithm];
+ ctx->cryp.iv = ctx->iv;
- return 0;
+ return 0;
}
static int
-aes_gcm_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
- ctx->sess.keylen = keysize;
- ctx->sess.key = (void*)userkey;
+ ctx->sess.keylen = keysize;
+ ctx->sess.key = (void *) userkey;
- if (ioctl (ctx->cfd, CIOCGSESSION, &ctx->sess))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
- ctx->cryp.ses = ctx->sess.ses;
+ if (ioctl(ctx->cfd, CIOCGSESSION, &ctx->sess)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ ctx->cryp.ses = ctx->sess.ses;
- return 0;
+ return 0;
}
-static int
-aes_gcm_setiv (void *_ctx, const void *iv, size_t iv_size)
+static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
- if (iv_size != GCM_BLOCK_SIZE - 4)
- return GNUTLS_E_INVALID_REQUEST;
+ if (iv_size != GCM_BLOCK_SIZE - 4)
+ return GNUTLS_E_INVALID_REQUEST;
- memcpy (ctx->iv, iv, GCM_BLOCK_SIZE - 4);
+ memcpy(ctx->iv, iv, GCM_BLOCK_SIZE - 4);
- ctx->cryp.iv = (void*)ctx->iv;
+ ctx->cryp.iv = (void *) ctx->iv;
- return 0;
+ return 0;
}
static int
-aes_gcm_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
-
- /* the GCM in kernel will place the tag after the
- * encrypted data.
- */
- if (dst_size < src_size + GCM_BLOCK_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ctx->cryp.len = src_size;
- ctx->cryp.src = (void *) src;
- ctx->cryp.dst = dst;
- ctx->cryp.op = COP_ENCRYPT;
-
- ctx->cryp.auth_len = ctx->auth_data_size;
- ctx->cryp.auth_src = ctx->auth_data;
-
- if (ioctl (ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
-
- ctx->cryp.auth_len = 0;
- ctx->op = 1;
- memcpy(ctx->tag, &((uint8_t*)dst)[src_size], GCM_BLOCK_SIZE);
- return 0;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
+
+ /* the GCM in kernel will place the tag after the
+ * encrypted data.
+ */
+ if (dst_size < src_size + GCM_BLOCK_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ctx->cryp.len = src_size;
+ ctx->cryp.src = (void *) src;
+ ctx->cryp.dst = dst;
+ ctx->cryp.op = COP_ENCRYPT;
+
+ ctx->cryp.auth_len = ctx->auth_data_size;
+ ctx->cryp.auth_src = ctx->auth_data;
+
+ if (ioctl(ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ ctx->cryp.auth_len = 0;
+ ctx->op = 1;
+ memcpy(ctx->tag, &((uint8_t *) dst)[src_size], GCM_BLOCK_SIZE);
+ return 0;
}
static int
-aes_gcm_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
-
- /* the GCM in kernel will place the tag after the
- * encrypted data.
- */
- ctx->cryp.len = src_size + GCM_BLOCK_SIZE;
- ctx->cryp.src = (void *) src;
- ctx->cryp.dst = dst;
- ctx->cryp.op = COP_DECRYPT;
-
- ctx->cryp.auth_len = ctx->auth_data_size;
- ctx->cryp.auth_src = ctx->auth_data;
-
- if (ioctl (ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
-
- ctx->cryp.auth_len = 0;
- ctx->op = 1;
- memcpy(ctx->tag, &((uint8_t*)dst)[src_size], GCM_BLOCK_SIZE);
- return 0;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
+
+ /* the GCM in kernel will place the tag after the
+ * encrypted data.
+ */
+ ctx->cryp.len = src_size + GCM_BLOCK_SIZE;
+ ctx->cryp.src = (void *) src;
+ ctx->cryp.dst = dst;
+ ctx->cryp.op = COP_DECRYPT;
+
+ ctx->cryp.auth_len = ctx->auth_data_size;
+ ctx->cryp.auth_src = ctx->auth_data;
+
+ if (ioctl(ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ ctx->cryp.auth_len = 0;
+ ctx->op = 1;
+ memcpy(ctx->tag, &((uint8_t *) dst)[src_size], GCM_BLOCK_SIZE);
+ return 0;
}
-static int
-aes_gcm_auth (void *_ctx, const void *src, size_t src_size)
+static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
- ctx->op = 0;
- ctx->auth_data = (void*)src;
- ctx->auth_data_size = src_size;
+ ctx->op = 0;
+ ctx->auth_data = (void *) src;
+ ctx->auth_data_size = src_size;
- return 0;
+ return 0;
}
-static void
-aes_gcm_tag (void *_ctx, void *tag, size_t tagsize)
+static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
{
- struct cryptodev_gcm_ctx *ctx = _ctx;
-
- if (ctx->op == 0)
- {
- ctx->cryp.len = 0;
- ctx->cryp.src = NULL;
- ctx->cryp.dst = ctx->tag;
- ctx->cryp.op = COP_ENCRYPT;
-
- ctx->cryp.auth_len = ctx->auth_data_size;
- ctx->cryp.auth_src = ctx->auth_data;
-
- if (ioctl (ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp))
- {
- gnutls_assert ();
- return;
- }
- }
-
- memcpy(tag, ctx->tag, tagsize);
- ctx->op = 0;
+ struct cryptodev_gcm_ctx *ctx = _ctx;
+
+ if (ctx->op == 0) {
+ ctx->cryp.len = 0;
+ ctx->cryp.src = NULL;
+ ctx->cryp.dst = ctx->tag;
+ ctx->cryp.op = COP_ENCRYPT;
+
+ ctx->cryp.auth_len = ctx->auth_data_size;
+ ctx->cryp.auth_src = ctx->auth_data;
+
+ if (ioctl(ctx->cfd, CIOCAUTHCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return;
+ }
+ }
+
+ memcpy(tag, ctx->tag, tagsize);
+ ctx->op = 0;
}
static const gnutls_crypto_cipher_st cipher_struct = {
- .init = aes_gcm_cipher_init,
- .setkey = aes_gcm_cipher_setkey,
- .setiv = aes_gcm_setiv,
- .encrypt = aes_gcm_encrypt,
- .decrypt = aes_gcm_decrypt,
- .deinit = aes_gcm_deinit,
- .tag = aes_gcm_tag,
- .auth = aes_gcm_auth,
+ .init = aes_gcm_cipher_init,
+ .setkey = aes_gcm_cipher_setkey,
+ .setiv = aes_gcm_setiv,
+ .encrypt = aes_gcm_encrypt,
+ .decrypt = aes_gcm_decrypt,
+ .deinit = aes_gcm_deinit,
+ .tag = aes_gcm_tag,
+ .auth = aes_gcm_auth,
};
-int
-_cryptodev_register_gcm_crypto (int cfd)
+int _cryptodev_register_gcm_crypto(int cfd)
{
- struct session_op sess;
- uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- unsigned int i;
- int ret;
+ struct session_op sess;
+ uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ unsigned int i;
+ int ret;
#ifdef CIOCGSESSINFO
- struct session_info_op siop;
+ struct session_info_op siop;
- memset(&siop, 0, sizeof(siop));
+ memset(&siop, 0, sizeof(siop));
#endif
- memset (&sess, 0, sizeof (sess));
-
- for (i = 0; i < sizeof (cipher_map) / sizeof (cipher_map[0]);
- i++)
- {
- if (cipher_map[i] == 0)
- continue;
+ memset(&sess, 0, sizeof(sess));
- /* test if a cipher is support it and if yes register it */
- sess.cipher = cipher_map[i];
- sess.keylen = gnutls_cipher_get_key_size (i);
- sess.key = fake_key;
+ for (i = 0; i < sizeof(cipher_map) / sizeof(cipher_map[0]); i++) {
+ if (cipher_map[i] == 0)
+ continue;
- if (ioctl (cfd, CIOCGSESSION, &sess))
- {
- continue;
- }
+ /* test if a cipher is support it and if yes register it */
+ sess.cipher = cipher_map[i];
+ sess.keylen = gnutls_cipher_get_key_size(i);
+ sess.key = fake_key;
+ if (ioctl(cfd, CIOCGSESSION, &sess)) {
+ continue;
+ }
#ifdef CIOCGSESSINFO
- siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
- if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
- {
- if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
- {
- ioctl (cfd, CIOCFSESSION, &sess.ses);
- continue;
- }
- }
+ siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
+ if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0) {
+ if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) {
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
+ continue;
+ }
+ }
#endif
- ioctl (cfd, CIOCFSESSION, &sess.ses);
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
- _gnutls_debug_log ("/dev/crypto: registering: %s\n",
- gnutls_cipher_get_name (i));
- ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ _gnutls_debug_log("/dev/crypto: registering: %s\n",
+ gnutls_cipher_get_name(i));
+ ret =
+ gnutls_crypto_single_cipher_register(i, 90,
+ &cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- }
+ }
- return 0;
+ return 0;
}
-#endif /* CIOCAUTHCRYPT */
+#endif /* CIOCAUTHCRYPT */
-#endif /* ENABLE_CRYPTODEV */
+#endif /* ENABLE_CRYPTODEV */
diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c
index 6a2f2fc3cb..012221dffb 100644
--- a/lib/accelerated/cryptodev.c
+++ b/lib/accelerated/cryptodev.c
@@ -42,259 +42,242 @@
int _gnutls_cryptodev_fd = -1;
-static int register_mac_digest (int cfd);
+static int register_mac_digest(int cfd);
-struct cryptodev_ctx
-{
- struct session_op sess;
- struct crypt_op cryp;
- uint8_t iv[EALG_MAX_BLOCK_LEN];
+struct cryptodev_ctx {
+ struct session_op sess;
+ struct crypt_op cryp;
+ uint8_t iv[EALG_MAX_BLOCK_LEN];
- int cfd;
+ int cfd;
};
static const int gnutls_cipher_map[] = {
- [GNUTLS_CIPHER_AES_128_CBC] = CRYPTO_AES_CBC,
- [GNUTLS_CIPHER_AES_192_CBC] = CRYPTO_AES_CBC,
- [GNUTLS_CIPHER_AES_256_CBC] = CRYPTO_AES_CBC,
- [GNUTLS_CIPHER_3DES_CBC] = CRYPTO_3DES_CBC,
- [GNUTLS_CIPHER_CAMELLIA_128_CBC] = CRYPTO_CAMELLIA_CBC,
- [GNUTLS_CIPHER_CAMELLIA_192_CBC] = CRYPTO_CAMELLIA_CBC,
- [GNUTLS_CIPHER_CAMELLIA_256_CBC] = CRYPTO_CAMELLIA_CBC,
- [GNUTLS_CIPHER_DES_CBC] = CRYPTO_DES_CBC,
+ [GNUTLS_CIPHER_AES_128_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_AES_192_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_AES_256_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_3DES_CBC] = CRYPTO_3DES_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_128_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_192_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_256_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_DES_CBC] = CRYPTO_DES_CBC,
};
static int
-cryptodev_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+cryptodev_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ int enc)
{
- struct cryptodev_ctx *ctx;
- int cipher = gnutls_cipher_map[algorithm];
+ struct cryptodev_ctx *ctx;
+ int cipher = gnutls_cipher_map[algorithm];
- *_ctx = gnutls_calloc (1, sizeof (struct cryptodev_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ *_ctx = gnutls_calloc(1, sizeof(struct cryptodev_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx = *_ctx;
+ ctx = *_ctx;
- ctx->cfd = _gnutls_cryptodev_fd;
- ctx->sess.cipher = cipher;
- ctx->cryp.iv = ctx->iv;
+ ctx->cfd = _gnutls_cryptodev_fd;
+ ctx->sess.cipher = cipher;
+ ctx->cryp.iv = ctx->iv;
- return 0;
+ return 0;
}
static int
-cryptodev_cipher_setkey (void *_ctx, const void *key, size_t keysize)
+cryptodev_cipher_setkey(void *_ctx, const void *key, size_t keysize)
{
- struct cryptodev_ctx *ctx = _ctx;
+ struct cryptodev_ctx *ctx = _ctx;
- ctx->sess.keylen = keysize;
- ctx->sess.key = (void*)key;
+ ctx->sess.keylen = keysize;
+ ctx->sess.key = (void *) key;
- if (ioctl (ctx->cfd, CIOCGSESSION, &ctx->sess))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
- ctx->cryp.ses = ctx->sess.ses;
+ if (ioctl(ctx->cfd, CIOCGSESSION, &ctx->sess)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ ctx->cryp.ses = ctx->sess.ses;
- return 0;
+ return 0;
}
-static int
-cryptodev_setiv (void *_ctx, const void *iv, size_t iv_size)
+static int cryptodev_setiv(void *_ctx, const void *iv, size_t iv_size)
{
- struct cryptodev_ctx *ctx = _ctx;
+ struct cryptodev_ctx *ctx = _ctx;
- memcpy (ctx->iv, iv, iv_size);
+ memcpy(ctx->iv, iv, iv_size);
- return 0;
+ return 0;
}
static int
-cryptodev_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+cryptodev_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct cryptodev_ctx *ctx = _ctx;
- ctx->cryp.len = src_size;
- ctx->cryp.src = (void *) src;
- ctx->cryp.dst = dst;
- ctx->cryp.op = COP_ENCRYPT;
- ctx->cryp.flags = COP_FLAG_WRITE_IV;
-
- if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
-
- return 0;
+ struct cryptodev_ctx *ctx = _ctx;
+ ctx->cryp.len = src_size;
+ ctx->cryp.src = (void *) src;
+ ctx->cryp.dst = dst;
+ ctx->cryp.op = COP_ENCRYPT;
+ ctx->cryp.flags = COP_FLAG_WRITE_IV;
+
+ if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ return 0;
}
static int
-cryptodev_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+cryptodev_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct cryptodev_ctx *ctx = _ctx;
+ struct cryptodev_ctx *ctx = _ctx;
- ctx->cryp.len = src_size;
- ctx->cryp.src = (void *) src;
- ctx->cryp.dst = dst;
- ctx->cryp.op = COP_DECRYPT;
- ctx->cryp.flags = COP_FLAG_WRITE_IV;
+ ctx->cryp.len = src_size;
+ ctx->cryp.src = (void *) src;
+ ctx->cryp.dst = dst;
+ ctx->cryp.op = COP_DECRYPT;
+ ctx->cryp.flags = COP_FLAG_WRITE_IV;
- if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
+ if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
- return 0;
+ return 0;
}
-static void
-cryptodev_deinit (void *_ctx)
+static void cryptodev_deinit(void *_ctx)
{
- struct cryptodev_ctx *ctx = _ctx;
+ struct cryptodev_ctx *ctx = _ctx;
- ioctl (ctx->cfd, CIOCFSESSION, &ctx->sess.ses);
- gnutls_free (ctx);
+ ioctl(ctx->cfd, CIOCFSESSION, &ctx->sess.ses);
+ gnutls_free(ctx);
}
static const gnutls_crypto_cipher_st cipher_struct = {
- .init = cryptodev_cipher_init,
- .setkey = cryptodev_cipher_setkey,
- .setiv = cryptodev_setiv,
- .encrypt = cryptodev_encrypt,
- .decrypt = cryptodev_decrypt,
- .deinit = cryptodev_deinit,
+ .init = cryptodev_cipher_init,
+ .setkey = cryptodev_cipher_setkey,
+ .setiv = cryptodev_setiv,
+ .encrypt = cryptodev_encrypt,
+ .decrypt = cryptodev_decrypt,
+ .deinit = cryptodev_deinit,
};
-static int
-register_crypto (int cfd)
+static int register_crypto(int cfd)
{
- struct session_op sess;
- uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- unsigned int i;
- int ret;
+ struct session_op sess;
+ uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ unsigned int i;
+ int ret;
#ifdef CIOCGSESSINFO
- struct session_info_op siop;
+ struct session_info_op siop;
#endif
- memset (&sess, 0, sizeof (sess));
-
- for (i = 0; i < sizeof (gnutls_cipher_map) / sizeof (gnutls_cipher_map[0]);
- i++)
- {
- if (gnutls_cipher_map[i] == 0)
- continue;
+ memset(&sess, 0, sizeof(sess));
- /* test if a cipher is supported and if yes register it */
- sess.cipher = gnutls_cipher_map[i];
- sess.keylen = gnutls_cipher_get_key_size (i);
- sess.key = fake_key;
+ for (i = 0;
+ i < sizeof(gnutls_cipher_map) / sizeof(gnutls_cipher_map[0]);
+ i++) {
+ if (gnutls_cipher_map[i] == 0)
+ continue;
- if (ioctl (cfd, CIOCGSESSION, &sess))
- {
- continue;
- }
+ /* test if a cipher is supported and if yes register it */
+ sess.cipher = gnutls_cipher_map[i];
+ sess.keylen = gnutls_cipher_get_key_size(i);
+ sess.key = fake_key;
+ if (ioctl(cfd, CIOCGSESSION, &sess)) {
+ continue;
+ }
#ifdef CIOCGSESSINFO
- memset(&siop, 0, sizeof(siop));
-
- siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
- if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
- {
- if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
- {
- ioctl (cfd, CIOCFSESSION, &sess.ses);
- continue;
- }
- }
+ memset(&siop, 0, sizeof(siop));
+
+ siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
+ if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0) {
+ if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) {
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
+ continue;
+ }
+ }
#endif
- ioctl (cfd, CIOCFSESSION, &sess.ses);
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
- _gnutls_debug_log ("/dev/crypto: registering: %s\n",
- gnutls_cipher_get_name (i));
- ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ _gnutls_debug_log("/dev/crypto: registering: %s\n",
+ gnutls_cipher_get_name(i));
+ ret =
+ gnutls_crypto_single_cipher_register(i, 90,
+ &cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- }
+ }
#ifdef CIOCAUTHCRYPT
- return _cryptodev_register_gcm_crypto(cfd);
+ return _cryptodev_register_gcm_crypto(cfd);
#else
- return 0;
+ return 0;
#endif
}
-int
-_gnutls_cryptodev_init (void)
+int _gnutls_cryptodev_init(void)
{
- int ret;
-
- /* Open the crypto device */
- _gnutls_cryptodev_fd = open ("/dev/crypto", O_RDWR, 0);
- if (_gnutls_cryptodev_fd < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_DEVICE_ERROR;
- }
-
+ int ret;
+
+ /* Open the crypto device */
+ _gnutls_cryptodev_fd = open("/dev/crypto", O_RDWR, 0);
+ if (_gnutls_cryptodev_fd < 0) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_DEVICE_ERROR;
+ }
#ifndef CRIOGET_NOT_NEEDED
- {
- int cfd = -1;
- /* Clone file descriptor */
- if (ioctl (_gnutls_cryptodev_fd, CRIOGET, &cfd))
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
-
- /* Set close-on-exec (not really neede here) */
- if (fcntl (cfd, F_SETFD, 1) == -1)
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
-
- close (_gnutls_cryptodev_fd);
- _gnutls_cryptodev_fd = cfd;
- }
+ {
+ int cfd = -1;
+ /* Clone file descriptor */
+ if (ioctl(_gnutls_cryptodev_fd, CRIOGET, &cfd)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ /* Set close-on-exec (not really neede here) */
+ if (fcntl(cfd, F_SETFD, 1) == -1) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ close(_gnutls_cryptodev_fd);
+ _gnutls_cryptodev_fd = cfd;
+ }
#endif
- ret = register_crypto (_gnutls_cryptodev_fd);
- if (ret < 0)
- gnutls_assert ();
+ ret = register_crypto(_gnutls_cryptodev_fd);
+ if (ret < 0)
+ gnutls_assert();
- if (ret >= 0)
- {
- ret = register_mac_digest (_gnutls_cryptodev_fd);
- if (ret < 0)
- gnutls_assert ();
- }
+ if (ret >= 0) {
+ ret = register_mac_digest(_gnutls_cryptodev_fd);
+ if (ret < 0)
+ gnutls_assert();
+ }
- if (ret < 0)
- {
- gnutls_assert ();
- close (_gnutls_cryptodev_fd);
- }
+ if (ret < 0) {
+ gnutls_assert();
+ close(_gnutls_cryptodev_fd);
+ }
- return ret;
+ return ret;
}
-void
-_gnutls_cryptodev_deinit (void)
+void _gnutls_cryptodev_deinit(void)
{
- if (_gnutls_cryptodev_fd != -1) close (_gnutls_cryptodev_fd);
+ if (_gnutls_cryptodev_fd != -1)
+ close(_gnutls_cryptodev_fd);
}
/* MAC and digest stuff */
@@ -304,223 +287,212 @@ _gnutls_cryptodev_deinit (void)
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_RESET)
static const int gnutls_mac_map[] = {
- [GNUTLS_MAC_MD5] = CRYPTO_MD5_HMAC,
- [GNUTLS_MAC_SHA1] = CRYPTO_SHA1_HMAC,
- [GNUTLS_MAC_SHA256] = CRYPTO_SHA2_256_HMAC,
- [GNUTLS_MAC_SHA384] = CRYPTO_SHA2_384_HMAC,
- [GNUTLS_MAC_SHA512] = CRYPTO_SHA2_512_HMAC,
+ [GNUTLS_MAC_MD5] = CRYPTO_MD5_HMAC,
+ [GNUTLS_MAC_SHA1] = CRYPTO_SHA1_HMAC,
+ [GNUTLS_MAC_SHA256] = CRYPTO_SHA2_256_HMAC,
+ [GNUTLS_MAC_SHA384] = CRYPTO_SHA2_384_HMAC,
+ [GNUTLS_MAC_SHA512] = CRYPTO_SHA2_512_HMAC,
};
static int
-cryptodev_mac_fast (gnutls_mac_algorithm_t algo,
- const void *key, size_t key_size, const void *text,
- size_t text_size, void *digest)
+cryptodev_mac_fast(gnutls_mac_algorithm_t algo,
+ const void *key, size_t key_size, const void *text,
+ size_t text_size, void *digest)
{
-struct cryptodev_ctx ctx;
-int ret;
-
- memset(&ctx, 0, sizeof(ctx));
- ctx.cfd = _gnutls_cryptodev_fd;
- ctx.sess.mac = gnutls_mac_map[algo];
-
- ctx.sess.mackeylen = key_size;
- ctx.sess.mackey = (void*)key;
-
- if (ioctl (ctx.cfd, CIOCGSESSION, &ctx.sess))
- return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
-
- ctx.cryp.ses = ctx.sess.ses;
-
- ctx.cryp.len = text_size;
- ctx.cryp.src = (void *) text;
- ctx.cryp.dst = NULL;
- ctx.cryp.op = COP_ENCRYPT;
- ctx.cryp.mac = digest;
-
- ret = ioctl (ctx.cfd, CIOCCRYPT, &ctx.cryp);
-
- ioctl (_gnutls_cryptodev_fd, CIOCFSESSION, &ctx.sess.ses);
- if (ret != 0)
- return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
-
- return 0;
+ struct cryptodev_ctx ctx;
+ int ret;
+
+ memset(&ctx, 0, sizeof(ctx));
+ ctx.cfd = _gnutls_cryptodev_fd;
+ ctx.sess.mac = gnutls_mac_map[algo];
+
+ ctx.sess.mackeylen = key_size;
+ ctx.sess.mackey = (void *) key;
+
+ if (ioctl(ctx.cfd, CIOCGSESSION, &ctx.sess))
+ return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
+
+ ctx.cryp.ses = ctx.sess.ses;
+
+ ctx.cryp.len = text_size;
+ ctx.cryp.src = (void *) text;
+ ctx.cryp.dst = NULL;
+ ctx.cryp.op = COP_ENCRYPT;
+ ctx.cryp.mac = digest;
+
+ ret = ioctl(ctx.cfd, CIOCCRYPT, &ctx.cryp);
+
+ ioctl(_gnutls_cryptodev_fd, CIOCFSESSION, &ctx.sess.ses);
+ if (ret != 0)
+ return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
+
+ return 0;
}
#define cryptodev_mac_deinit cryptodev_deinit
static const gnutls_crypto_mac_st mac_struct = {
- .init = NULL,
- .setkey = NULL,
- .setnonce = NULL,
- .hash = NULL,
- .output = NULL,
- .deinit = NULL,
- .fast = cryptodev_mac_fast
+ .init = NULL,
+ .setkey = NULL,
+ .setnonce = NULL,
+ .hash = NULL,
+ .output = NULL,
+ .deinit = NULL,
+ .fast = cryptodev_mac_fast
};
/* Digest algorithms */
static const int gnutls_digest_map[] = {
- [GNUTLS_DIG_MD5] = CRYPTO_MD5,
- [GNUTLS_DIG_SHA1] = CRYPTO_SHA1,
- [GNUTLS_DIG_SHA256] = CRYPTO_SHA2_256,
- [GNUTLS_DIG_SHA384] = CRYPTO_SHA2_384,
- [GNUTLS_DIG_SHA512] = CRYPTO_SHA2_512,
+ [GNUTLS_DIG_MD5] = CRYPTO_MD5,
+ [GNUTLS_DIG_SHA1] = CRYPTO_SHA1,
+ [GNUTLS_DIG_SHA256] = CRYPTO_SHA2_256,
+ [GNUTLS_DIG_SHA384] = CRYPTO_SHA2_384,
+ [GNUTLS_DIG_SHA512] = CRYPTO_SHA2_512,
};
static int
-cryptodev_digest_fast (gnutls_digest_algorithm_t algo,
- const void *text, size_t text_size,
- void *digest)
+cryptodev_digest_fast(gnutls_digest_algorithm_t algo,
+ const void *text, size_t text_size, void *digest)
{
-struct cryptodev_ctx ctx;
-int ret;
-
- memset(&ctx, 0, sizeof(ctx));
- ctx.cfd = _gnutls_cryptodev_fd;
- ctx.sess.mac = gnutls_digest_map[algo];
-
- if (ioctl (ctx.cfd, CIOCGSESSION, &ctx.sess))
- return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
-
- ctx.cryp.ses = ctx.sess.ses;
-
- ctx.cryp.len = text_size;
- ctx.cryp.src = (void *) text;
- ctx.cryp.dst = NULL;
- ctx.cryp.op = COP_ENCRYPT;
- ctx.cryp.mac = digest;
-
- ret = ioctl (ctx.cfd, CIOCCRYPT, &ctx.cryp);
-
- ioctl (_gnutls_cryptodev_fd, CIOCFSESSION, &ctx.sess.ses);
- if (ret != 0)
- return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
-
- return 0;
+ struct cryptodev_ctx ctx;
+ int ret;
+
+ memset(&ctx, 0, sizeof(ctx));
+ ctx.cfd = _gnutls_cryptodev_fd;
+ ctx.sess.mac = gnutls_digest_map[algo];
+
+ if (ioctl(ctx.cfd, CIOCGSESSION, &ctx.sess))
+ return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
+
+ ctx.cryp.ses = ctx.sess.ses;
+
+ ctx.cryp.len = text_size;
+ ctx.cryp.src = (void *) text;
+ ctx.cryp.dst = NULL;
+ ctx.cryp.op = COP_ENCRYPT;
+ ctx.cryp.mac = digest;
+
+ ret = ioctl(ctx.cfd, CIOCCRYPT, &ctx.cryp);
+
+ ioctl(_gnutls_cryptodev_fd, CIOCFSESSION, &ctx.sess.ses);
+ if (ret != 0)
+ return gnutls_assert_val(GNUTLS_E_CRYPTODEV_IOCTL_ERROR);
+
+ return 0;
}
static const gnutls_crypto_digest_st digest_struct = {
- .init = NULL,
- .hash = NULL,
- .output = NULL,
- .deinit = NULL,
- .fast = cryptodev_digest_fast
+ .init = NULL,
+ .hash = NULL,
+ .output = NULL,
+ .deinit = NULL,
+ .fast = cryptodev_digest_fast
};
-static int
-register_mac_digest (int cfd)
+static int register_mac_digest(int cfd)
{
- struct session_op sess;
- uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- unsigned int i;
- int ret;
+ struct session_op sess;
+ uint8_t fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ unsigned int i;
+ int ret;
#ifdef CIOCGSESSINFO
- struct session_info_op siop;
+ struct session_info_op siop;
#endif
- memset (&sess, 0, sizeof (sess));
- for (i = 0; i < sizeof (gnutls_mac_map) / sizeof (gnutls_mac_map[0]); i++)
- {
- if (gnutls_mac_map[i] == 0)
- continue;
-
- sess.mac = gnutls_mac_map[i];
- sess.mackeylen = 8;
- sess.mackey = fake_key;
+ memset(&sess, 0, sizeof(sess));
+ for (i = 0; i < sizeof(gnutls_mac_map) / sizeof(gnutls_mac_map[0]);
+ i++) {
+ if (gnutls_mac_map[i] == 0)
+ continue;
- if (ioctl (cfd, CIOCGSESSION, &sess))
- {
- continue;
- }
+ sess.mac = gnutls_mac_map[i];
+ sess.mackeylen = 8;
+ sess.mackey = fake_key;
+ if (ioctl(cfd, CIOCGSESSION, &sess)) {
+ continue;
+ }
#ifdef CIOCGSESSINFO
- memset(&siop, 0, sizeof(siop));
-
- siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
- if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
- {
- if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
- {
- ioctl (cfd, CIOCFSESSION, &sess.ses);
- continue;
- }
- }
+ memset(&siop, 0, sizeof(siop));
+
+ siop.ses = sess.ses; /* do not register ciphers that are not hw accelerated */
+ if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0) {
+ if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) {
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
+ continue;
+ }
+ }
#endif
- _gnutls_debug_log ("/dev/crypto: registering: HMAC-%s\n",
- gnutls_mac_get_name (i));
-
- ioctl (cfd, CIOCFSESSION, &sess.ses);
-
- ret = gnutls_crypto_single_mac_register (i, 90, &mac_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- memset (&sess, 0, sizeof (sess));
- for (i = 0; i < sizeof (gnutls_digest_map) / sizeof (gnutls_digest_map[0]); i++)
- {
- if (gnutls_digest_map[i] == 0)
- continue;
-
- sess.mac = gnutls_digest_map[i];
-
- if (ioctl (cfd, CIOCGSESSION, &sess))
- {
- continue;
- }
-
+ _gnutls_debug_log("/dev/crypto: registering: HMAC-%s\n",
+ gnutls_mac_get_name(i));
+
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
+
+ ret =
+ gnutls_crypto_single_mac_register(i, 90, &mac_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ memset(&sess, 0, sizeof(sess));
+ for (i = 0;
+ i < sizeof(gnutls_digest_map) / sizeof(gnutls_digest_map[0]);
+ i++) {
+ if (gnutls_digest_map[i] == 0)
+ continue;
+
+ sess.mac = gnutls_digest_map[i];
+
+ if (ioctl(cfd, CIOCGSESSION, &sess)) {
+ continue;
+ }
#ifdef CIOCGSESSINFO
- memset(&siop, 0, sizeof(siop));
-
- siop.ses = sess.ses;
- if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0)
- {
- if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
- {
- ioctl (cfd, CIOCFSESSION, &sess.ses);
- continue;
- }
- }
+ memset(&siop, 0, sizeof(siop));
+
+ siop.ses = sess.ses;
+ if (ioctl(cfd, CIOCGSESSINFO, &siop) == 0) {
+ if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) {
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
+ continue;
+ }
+ }
#endif
- ioctl (cfd, CIOCFSESSION, &sess.ses);
+ ioctl(cfd, CIOCFSESSION, &sess.ses);
- _gnutls_debug_log ("/dev/crypto: registering: %s\n",
- gnutls_mac_get_name (i));
- ret = gnutls_crypto_single_digest_register (i, 90, &digest_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ _gnutls_debug_log("/dev/crypto: registering: %s\n",
+ gnutls_mac_get_name(i));
+ ret =
+ gnutls_crypto_single_digest_register(i, 90,
+ &digest_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
- return 0;
+ return 0;
}
#else
-static int
-register_mac_digest (int cfd)
+static int register_mac_digest(int cfd)
{
- return 0;
+ return 0;
}
-#endif /* defined(COP_FLAG_UPDATE) */
+#endif /* defined(COP_FLAG_UPDATE) */
-#else /* ENABLE_CRYPTODEV */
-int
-_gnutls_cryptodev_init (void)
+#else /* ENABLE_CRYPTODEV */
+int _gnutls_cryptodev_init(void)
{
- return 0;
+ return 0;
}
-void
-_gnutls_cryptodev_deinit (void)
+void _gnutls_cryptodev_deinit(void)
{
- return;
+ return;
}
-#endif /* ENABLE_CRYPTODEV */
+#endif /* ENABLE_CRYPTODEV */
diff --git a/lib/accelerated/cryptodev.h b/lib/accelerated/cryptodev.h
index a430bddf0e..b77fa6e89e 100644
--- a/lib/accelerated/cryptodev.h
+++ b/lib/accelerated/cryptodev.h
@@ -1,5 +1,5 @@
extern int _gnutls_cryptodev_fd;
-void _gnutls_cryptodev_deinit (void);
-int _gnutls_cryptodev_init (void);
-int _cryptodev_register_gcm_crypto (int cfd);
+void _gnutls_cryptodev_deinit(void);
+int _gnutls_cryptodev_init(void);
+int _cryptodev_register_gcm_crypto(int cfd);
diff --git a/lib/accelerated/x86/aes-gcm-padlock.c b/lib/accelerated/x86/aes-gcm-padlock.c
index 721dec4c86..9a19622b29 100644
--- a/lib/accelerated/x86/aes-gcm-padlock.c
+++ b/lib/accelerated/x86/aes-gcm-padlock.c
@@ -46,121 +46,119 @@
struct gcm_padlock_aes_ctx GCM_CTX(struct padlock_ctx);
static void padlock_aes_encrypt(void *_ctx,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
+ unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- struct padlock_ctx *ctx = _ctx;
- struct padlock_cipher_data *pce;
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pce;
- pce = ALIGN16(&ctx->expanded_key);
+ pce = ALIGN16(&ctx->expanded_key);
- padlock_ecb_encrypt(dst, src, pce, length);
+ padlock_ecb_encrypt(dst, src, pce, length);
}
static void padlock_aes_set_encrypt_key(struct padlock_ctx *_ctx,
- unsigned length, const uint8_t *key)
+ unsigned length,
+ const uint8_t * key)
{
- struct padlock_ctx *ctx = _ctx;
- ctx->enc = 1;
-
- padlock_aes_cipher_setkey(_ctx, key, length);
+ struct padlock_ctx *ctx = _ctx;
+ ctx->enc = 1;
+
+ padlock_aes_cipher_setkey(_ctx, key, length);
}
-static void
-aes_gcm_deinit (void *_ctx)
+static void aes_gcm_deinit(void *_ctx)
{
- gnutls_free (_ctx);
+ gnutls_free(_ctx);
}
static int
-aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ int enc)
{
- /* we use key size to distinguish */
- if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
- algorithm != GNUTLS_CIPHER_AES_256_GCM)
- return GNUTLS_E_INVALID_REQUEST;
-
- *_ctx = gnutls_calloc (1, sizeof (struct gcm_padlock_aes_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ /* we use key size to distinguish */
+ if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+ algorithm != GNUTLS_CIPHER_AES_256_GCM)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ *_ctx = gnutls_calloc(1, sizeof(struct gcm_padlock_aes_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
static int
-aes_gcm_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
- GCM_SET_KEY(ctx, padlock_aes_set_encrypt_key, padlock_aes_encrypt, keysize, userkey);
+ GCM_SET_KEY(ctx, padlock_aes_set_encrypt_key, padlock_aes_encrypt,
+ keysize, userkey);
- return 0;
+ return 0;
}
-static int
-aes_gcm_setiv (void *_ctx, const void *iv, size_t iv_size)
+static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+
+ if (iv_size != GCM_BLOCK_SIZE - 4)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- if (iv_size != GCM_BLOCK_SIZE - 4)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- GCM_SET_IV(ctx, iv_size, iv);
+ GCM_SET_IV(ctx, iv_size, iv);
- return 0;
+ return 0;
}
static int
-aes_gcm_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t length)
+aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t length)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
- GCM_ENCRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
+ GCM_ENCRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
- return 0;
+ return 0;
}
static int
-aes_gcm_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
- GCM_DECRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
- return 0;
+ GCM_DECRYPT(ctx, padlock_aes_encrypt, src_size, dst, src);
+ return 0;
}
-static int
-aes_gcm_auth (void *_ctx, const void *src, size_t src_size)
+static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
- GCM_UPDATE(ctx, src_size, src);
+ GCM_UPDATE(ctx, src_size, src);
- return 0;
+ return 0;
}
-static void
-aes_gcm_tag (void *_ctx, void *tag, size_t tagsize)
+static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
{
- struct gcm_padlock_aes_ctx *ctx = _ctx;
-
- GCM_DIGEST(ctx, padlock_aes_encrypt, tagsize, tag);
+ struct gcm_padlock_aes_ctx *ctx = _ctx;
+
+ GCM_DIGEST(ctx, padlock_aes_encrypt, tagsize, tag);
}
const gnutls_crypto_cipher_st aes_gcm_padlock_struct = {
- .init = aes_gcm_cipher_init,
- .setkey = aes_gcm_cipher_setkey,
- .setiv = aes_gcm_setiv,
- .encrypt = aes_gcm_encrypt,
- .decrypt = aes_gcm_decrypt,
- .deinit = aes_gcm_deinit,
- .tag = aes_gcm_tag,
- .auth = aes_gcm_auth,
+ .init = aes_gcm_cipher_init,
+ .setkey = aes_gcm_cipher_setkey,
+ .setiv = aes_gcm_setiv,
+ .encrypt = aes_gcm_encrypt,
+ .decrypt = aes_gcm_decrypt,
+ .deinit = aes_gcm_deinit,
+ .tag = aes_gcm_tag,
+ .auth = aes_gcm_auth,
};
#endif
diff --git a/lib/accelerated/x86/aes-gcm-x86.c b/lib/accelerated/x86/aes-gcm-x86.c
index e7f463fa3e..d506553465 100644
--- a/lib/accelerated/x86/aes-gcm-x86.c
+++ b/lib/accelerated/x86/aes-gcm-x86.c
@@ -37,234 +37,231 @@
/* GCM mode */
-typedef struct
-{
- uint64_t hi, lo;
+typedef struct {
+ uint64_t hi, lo;
} u128;
/* This is the gcm128 structure used in openssl. It
* is compatible with the included assembly code.
*/
-struct gcm128_context
-{
- union
- {
- uint64_t u[2];
- uint32_t d[4];
- uint8_t c[16];
- } Yi, EKi, EK0, len, Xi, H;
- u128 Htable[16];
+struct gcm128_context {
+ union {
+ uint64_t u[2];
+ uint32_t d[4];
+ uint8_t c[16];
+ } Yi, EKi, EK0, len, Xi, H;
+ u128 Htable[16];
};
-struct aes_gcm_ctx
-{
- AES_KEY expanded_key;
- struct gcm128_context gcm;
+struct aes_gcm_ctx {
+ AES_KEY expanded_key;
+ struct gcm128_context gcm;
};
-void gcm_init_clmul (u128 Htable[16], const u64 Xi[2]);
-void gcm_ghash_clmul (uint64_t Xi[2], const u128 Htable[16],
- const uint8_t * inp, size_t len);
-void gcm_gmult_clmul (u64 Xi[2], const u128 Htable[16]);
+void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]);
+void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16],
+ const uint8_t * inp, size_t len);
+void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]);
-static void
-aes_gcm_deinit (void *_ctx)
+static void aes_gcm_deinit(void *_ctx)
{
- gnutls_free (_ctx);
+ gnutls_free(_ctx);
}
static int
-aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+ int enc)
{
- /* we use key size to distinguish */
- if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
- algorithm != GNUTLS_CIPHER_AES_256_GCM)
- return GNUTLS_E_INVALID_REQUEST;
-
- *_ctx = gnutls_calloc (1, sizeof (struct aes_gcm_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ /* we use key size to distinguish */
+ if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+ algorithm != GNUTLS_CIPHER_AES_256_GCM)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ *_ctx = gnutls_calloc(1, sizeof(struct aes_gcm_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
static int
-aes_gcm_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
- struct aes_gcm_ctx *ctx = _ctx;
- int ret;
+ struct aes_gcm_ctx *ctx = _ctx;
+ int ret;
- ret = aesni_set_encrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key));
- if (ret != 0)
- return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
+ ret =
+ aesni_set_encrypt_key(userkey, keysize * 8,
+ ALIGN16(&ctx->expanded_key));
+ if (ret != 0)
+ return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
- aesni_ecb_encrypt (ctx->gcm.H.c, ctx->gcm.H.c,
- GCM_BLOCK_SIZE, ALIGN16(&ctx->expanded_key), 1);
+ aesni_ecb_encrypt(ctx->gcm.H.c, ctx->gcm.H.c,
+ GCM_BLOCK_SIZE, ALIGN16(&ctx->expanded_key), 1);
- ctx->gcm.H.u[0] = bswap_64 (ctx->gcm.H.u[0]);
- ctx->gcm.H.u[1] = bswap_64 (ctx->gcm.H.u[1]);
+ ctx->gcm.H.u[0] = bswap_64(ctx->gcm.H.u[0]);
+ ctx->gcm.H.u[1] = bswap_64(ctx->gcm.H.u[1]);
- gcm_init_clmul (ctx->gcm.Htable, ctx->gcm.H.u);
+ gcm_init_clmul(ctx->gcm.Htable, ctx->gcm.H.u);
- return 0;
+ return 0;
}
-static int
-aes_gcm_setiv (void *_ctx, const void *iv, size_t iv_size)
+static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
{
- struct aes_gcm_ctx *ctx = _ctx;
+ struct aes_gcm_ctx *ctx = _ctx;
- if (iv_size != GCM_BLOCK_SIZE - 4)
- return GNUTLS_E_INVALID_REQUEST;
+ if (iv_size != GCM_BLOCK_SIZE - 4)
+ return GNUTLS_E_INVALID_REQUEST;
- memset (ctx->gcm.Xi.c, 0, sizeof (ctx->gcm.Xi.c));
- memset (ctx->gcm.len.c, 0, sizeof (ctx->gcm.len.c));
+ memset(ctx->gcm.Xi.c, 0, sizeof(ctx->gcm.Xi.c));
+ memset(ctx->gcm.len.c, 0, sizeof(ctx->gcm.len.c));
- memcpy (ctx->gcm.Yi.c, iv, GCM_BLOCK_SIZE - 4);
- ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 4] = 0;
- ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 3] = 0;
- ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 2] = 0;
- ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 1;
+ memcpy(ctx->gcm.Yi.c, iv, GCM_BLOCK_SIZE - 4);
+ ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 4] = 0;
+ ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 3] = 0;
+ ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 2] = 0;
+ ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 1;
- aesni_ecb_encrypt (ctx->gcm.Yi.c, ctx->gcm.EK0.c,
- GCM_BLOCK_SIZE, ALIGN16(&ctx->expanded_key), 1);
- ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 2;
- return 0;
+ aesni_ecb_encrypt(ctx->gcm.Yi.c, ctx->gcm.EK0.c,
+ GCM_BLOCK_SIZE, ALIGN16(&ctx->expanded_key), 1);
+ ctx->gcm.Yi.c[GCM_BLOCK_SIZE - 1] = 2;
+ return 0;
}
static void
-gcm_ghash (struct aes_gcm_ctx *ctx, const uint8_t * src, size_t src_size)
+gcm_ghash(struct aes_gcm_ctx *ctx, const uint8_t * src, size_t src_size)
{
- size_t rest = src_size % GCM_BLOCK_SIZE;
- size_t aligned_size = src_size - rest;
+ size_t rest = src_size % GCM_BLOCK_SIZE;
+ size_t aligned_size = src_size - rest;
- if (aligned_size > 0)
- gcm_ghash_clmul (ctx->gcm.Xi.u, ctx->gcm.Htable, src, aligned_size);
+ if (aligned_size > 0)
+ gcm_ghash_clmul(ctx->gcm.Xi.u, ctx->gcm.Htable, src,
+ aligned_size);
- if (rest > 0)
- {
- memxor (ctx->gcm.Xi.c, src + aligned_size, rest);
- gcm_gmult_clmul (ctx->gcm.Xi.u, ctx->gcm.Htable);
- }
+ if (rest > 0) {
+ memxor(ctx->gcm.Xi.c, src + aligned_size, rest);
+ gcm_gmult_clmul(ctx->gcm.Xi.u, ctx->gcm.Htable);
+ }
}
static inline void
-ctr_encrypt_last (struct aes_gcm_ctx *ctx, const uint8_t * src,
- uint8_t * dst, size_t pos, size_t length)
+ctr_encrypt_last(struct aes_gcm_ctx *ctx, const uint8_t * src,
+ uint8_t * dst, size_t pos, size_t length)
{
- uint8_t tmp[GCM_BLOCK_SIZE];
- uint8_t out[GCM_BLOCK_SIZE];
+ uint8_t tmp[GCM_BLOCK_SIZE];
+ uint8_t out[GCM_BLOCK_SIZE];
- memcpy (tmp, &src[pos], length);
- aesni_ctr32_encrypt_blocks (tmp, out, 1, ALIGN16(&ctx->expanded_key), ctx->gcm.Yi.c);
+ memcpy(tmp, &src[pos], length);
+ aesni_ctr32_encrypt_blocks(tmp, out, 1,
+ ALIGN16(&ctx->expanded_key),
+ ctx->gcm.Yi.c);
- memcpy (&dst[pos], out, length);
+ memcpy(&dst[pos], out, length);
}
static int
-aes_gcm_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t length)
+aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t length)
{
- struct aes_gcm_ctx *ctx = _ctx;
- int blocks = src_size / GCM_BLOCK_SIZE;
- int exp_blocks = blocks * GCM_BLOCK_SIZE;
- int rest = src_size - (exp_blocks);
- uint32_t counter;
-
- if (blocks > 0)
- {
- aesni_ctr32_encrypt_blocks (src, dst,
- blocks, ALIGN16(&ctx->expanded_key),
- ctx->gcm.Yi.c);
-
- counter = _gnutls_read_uint32 (ctx->gcm.Yi.c + 12);
- counter += blocks;
- _gnutls_write_uint32 (counter, ctx->gcm.Yi.c + 12);
- }
-
- if (rest > 0) /* last incomplete block */
- ctr_encrypt_last (ctx, src, dst, exp_blocks, rest);
-
- gcm_ghash (ctx, dst, src_size);
- ctx->gcm.len.u[1] += src_size;
-
- return 0;
+ struct aes_gcm_ctx *ctx = _ctx;
+ int blocks = src_size / GCM_BLOCK_SIZE;
+ int exp_blocks = blocks * GCM_BLOCK_SIZE;
+ int rest = src_size - (exp_blocks);
+ uint32_t counter;
+
+ if (blocks > 0) {
+ aesni_ctr32_encrypt_blocks(src, dst,
+ blocks,
+ ALIGN16(&ctx->expanded_key),
+ ctx->gcm.Yi.c);
+
+ counter = _gnutls_read_uint32(ctx->gcm.Yi.c + 12);
+ counter += blocks;
+ _gnutls_write_uint32(counter, ctx->gcm.Yi.c + 12);
+ }
+
+ if (rest > 0) /* last incomplete block */
+ ctr_encrypt_last(ctx, src, dst, exp_blocks, rest);
+
+ gcm_ghash(ctx, dst, src_size);
+ ctx->gcm.len.u[1] += src_size;
+
+ return 0;
}
static int
-aes_gcm_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct aes_gcm_ctx *ctx = _ctx;
- int blocks = src_size / GCM_BLOCK_SIZE;
- int exp_blocks = blocks * GCM_BLOCK_SIZE;
- int rest = src_size - (exp_blocks);
- uint32_t counter;
-
- gcm_ghash (ctx, src, src_size);
- ctx->gcm.len.u[1] += src_size;
-
- if (blocks > 0)
- {
- aesni_ctr32_encrypt_blocks (src, dst,
- blocks, ALIGN16(&ctx->expanded_key),
- ctx->gcm.Yi.c);
-
- counter = _gnutls_read_uint32 (ctx->gcm.Yi.c + 12);
- counter += blocks;
- _gnutls_write_uint32 (counter, ctx->gcm.Yi.c + 12);
- }
-
- if (rest > 0) /* last incomplete block */
- ctr_encrypt_last (ctx, src, dst, exp_blocks, rest);
-
- return 0;
+ struct aes_gcm_ctx *ctx = _ctx;
+ int blocks = src_size / GCM_BLOCK_SIZE;
+ int exp_blocks = blocks * GCM_BLOCK_SIZE;
+ int rest = src_size - (exp_blocks);
+ uint32_t counter;
+
+ gcm_ghash(ctx, src, src_size);
+ ctx->gcm.len.u[1] += src_size;
+
+ if (blocks > 0) {
+ aesni_ctr32_encrypt_blocks(src, dst,
+ blocks,
+ ALIGN16(&ctx->expanded_key),
+ ctx->gcm.Yi.c);
+
+ counter = _gnutls_read_uint32(ctx->gcm.Yi.c + 12);
+ counter += blocks;
+ _gnutls_write_uint32(counter, ctx->gcm.Yi.c + 12);
+ }
+
+ if (rest > 0) /* last incomplete block */
+ ctr_encrypt_last(ctx, src, dst, exp_blocks, rest);
+
+ return 0;
}
-static int
-aes_gcm_auth (void *_ctx, const void *src, size_t src_size)
+static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
{
- struct aes_gcm_ctx *ctx = _ctx;
+ struct aes_gcm_ctx *ctx = _ctx;
- gcm_ghash (ctx, src, src_size);
- ctx->gcm.len.u[0] += src_size;
+ gcm_ghash(ctx, src, src_size);
+ ctx->gcm.len.u[0] += src_size;
- return 0;
+ return 0;
}
-static void
-aes_gcm_tag (void *_ctx, void *tag, size_t tagsize)
+static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
{
- struct aes_gcm_ctx *ctx = _ctx;
- uint8_t buffer[GCM_BLOCK_SIZE];
- uint64_t alen, clen;
+ struct aes_gcm_ctx *ctx = _ctx;
+ uint8_t buffer[GCM_BLOCK_SIZE];
+ uint64_t alen, clen;
- alen = ctx->gcm.len.u[0] * 8;
- clen = ctx->gcm.len.u[1] * 8;
+ alen = ctx->gcm.len.u[0] * 8;
+ clen = ctx->gcm.len.u[1] * 8;
- _gnutls_write_uint64 (alen, buffer);
- _gnutls_write_uint64 (clen, &buffer[8]);
+ _gnutls_write_uint64(alen, buffer);
+ _gnutls_write_uint64(clen, &buffer[8]);
- gcm_ghash_clmul (ctx->gcm.Xi.u, ctx->gcm.Htable, buffer, GCM_BLOCK_SIZE);
+ gcm_ghash_clmul(ctx->gcm.Xi.u, ctx->gcm.Htable, buffer,
+ GCM_BLOCK_SIZE);
- ctx->gcm.Xi.u[0] ^= ctx->gcm.EK0.u[0];
- ctx->gcm.Xi.u[1] ^= ctx->gcm.EK0.u[1];
+ ctx->gcm.Xi.u[0] ^= ctx->gcm.EK0.u[0];
+ ctx->gcm.Xi.u[1] ^= ctx->gcm.EK0.u[1];
- memcpy (tag, ctx->gcm.Xi.c, MIN (GCM_BLOCK_SIZE, tagsize));
+ memcpy(tag, ctx->gcm.Xi.c, MIN(GCM_BLOCK_SIZE, tagsize));
}
const gnutls_crypto_cipher_st aes_gcm_struct = {
- .init = aes_gcm_cipher_init,
- .setkey = aes_gcm_cipher_setkey,
- .setiv = aes_gcm_setiv,
- .encrypt = aes_gcm_encrypt,
- .decrypt = aes_gcm_decrypt,
- .deinit = aes_gcm_deinit,
- .tag = aes_gcm_tag,
- .auth = aes_gcm_auth,
+ .init = aes_gcm_cipher_init,
+ .setkey = aes_gcm_cipher_setkey,
+ .setiv = aes_gcm_setiv,
+ .encrypt = aes_gcm_encrypt,
+ .decrypt = aes_gcm_decrypt,
+ .deinit = aes_gcm_deinit,
+ .tag = aes_gcm_tag,
+ .auth = aes_gcm_auth,
};
diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c
index 4e3729a89c..f4b1b168c8 100644
--- a/lib/accelerated/x86/aes-padlock.c
+++ b/lib/accelerated/x86/aes-padlock.c
@@ -32,379 +32,359 @@
#include <aes-x86.h>
#include <x86.h>
#ifdef HAVE_LIBNETTLE
-#include <nettle/aes.h> /* for key generation in 192 and 256 bits */
+#include <nettle/aes.h> /* for key generation in 192 and 256 bits */
#include <sha-padlock.h>
#endif
#include <aes-padlock.h>
static int
-aes_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
+aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
{
- /* we use key size to distinguish */
- if (algorithm != GNUTLS_CIPHER_AES_128_CBC
- && algorithm != GNUTLS_CIPHER_AES_192_CBC
- && algorithm != GNUTLS_CIPHER_AES_256_CBC)
- return GNUTLS_E_INVALID_REQUEST;
-
- *_ctx = gnutls_calloc (1, sizeof (struct padlock_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ((struct padlock_ctx *) (*_ctx))->enc = enc;
- return 0;
+ /* we use key size to distinguish */
+ if (algorithm != GNUTLS_CIPHER_AES_128_CBC
+ && algorithm != GNUTLS_CIPHER_AES_192_CBC
+ && algorithm != GNUTLS_CIPHER_AES_256_CBC)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ *_ctx = gnutls_calloc(1, sizeof(struct padlock_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ((struct padlock_ctx *) (*_ctx))->enc = enc;
+ return 0;
}
int
-padlock_aes_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
- struct padlock_ctx *ctx = _ctx;
- struct padlock_cipher_data *pce;
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pce;
#ifdef HAVE_LIBNETTLE
- struct aes_ctx nc;
+ struct aes_ctx nc;
#endif
- memset (_ctx, 0, sizeof (struct padlock_cipher_data));
+ memset(_ctx, 0, sizeof(struct padlock_cipher_data));
- pce = ALIGN16 (&ctx->expanded_key);
+ pce = ALIGN16(&ctx->expanded_key);
- pce->cword.b.encdec = (ctx->enc == 0);
+ pce->cword.b.encdec = (ctx->enc == 0);
- switch (keysize)
- {
- case 16:
- pce->cword.b.ksize = 0;
- pce->cword.b.rounds = 10;
- memcpy (pce->ks.rd_key, userkey, 16);
- pce->cword.b.keygen = 0;
- break;
+ switch (keysize) {
+ case 16:
+ pce->cword.b.ksize = 0;
+ pce->cword.b.rounds = 10;
+ memcpy(pce->ks.rd_key, userkey, 16);
+ pce->cword.b.keygen = 0;
+ break;
#ifdef HAVE_LIBNETTLE
- case 24:
- pce->cword.b.ksize = 1;
- pce->cword.b.rounds = 12;
- goto common_24_32;
- case 32:
- pce->cword.b.ksize = 2;
- pce->cword.b.rounds = 14;
- common_24_32:
- /* expand key using nettle */
- if (ctx->enc)
- aes_set_encrypt_key (&nc, keysize, userkey);
- else
- aes_set_decrypt_key (&nc, keysize, userkey);
-
- memcpy (pce->ks.rd_key, nc.keys, sizeof (nc.keys));
- pce->ks.rounds = nc.nrounds;
-
- pce->cword.b.keygen = 1;
- break;
+ case 24:
+ pce->cword.b.ksize = 1;
+ pce->cword.b.rounds = 12;
+ goto common_24_32;
+ case 32:
+ pce->cword.b.ksize = 2;
+ pce->cword.b.rounds = 14;
+ common_24_32:
+ /* expand key using nettle */
+ if (ctx->enc)
+ aes_set_encrypt_key(&nc, keysize, userkey);
+ else
+ aes_set_decrypt_key(&nc, keysize, userkey);
+
+ memcpy(pce->ks.rd_key, nc.keys, sizeof(nc.keys));
+ pce->ks.rounds = nc.nrounds;
+
+ pce->cword.b.keygen = 1;
+ break;
#endif
- default:
- return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
- }
+ default:
+ return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
+ }
- padlock_reload_key ();
+ padlock_reload_key();
- return 0;
+ return 0;
}
-static int
-aes_setiv (void *_ctx, const void *iv, size_t iv_size)
+static int aes_setiv(void *_ctx, const void *iv, size_t iv_size)
{
- struct padlock_ctx *ctx = _ctx;
- struct padlock_cipher_data *pce;
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pce;
- pce = ALIGN16 (&ctx->expanded_key);
+ pce = ALIGN16(&ctx->expanded_key);
- memcpy (pce->iv, iv, 16);
+ memcpy(pce->iv, iv, 16);
- return 0;
+ return 0;
}
static int
-padlock_aes_cbc_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+padlock_aes_cbc_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct padlock_ctx *ctx = _ctx;
- struct padlock_cipher_data *pce;
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pce;
- pce = ALIGN16 (&ctx->expanded_key);
+ pce = ALIGN16(&ctx->expanded_key);
- padlock_cbc_encrypt (dst, src, pce, src_size);
+ padlock_cbc_encrypt(dst, src, pce, src_size);
- return 0;
+ return 0;
}
static int
-padlock_aes_cbc_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+padlock_aes_cbc_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct padlock_ctx *ctx = _ctx;
- struct padlock_cipher_data *pcd;
+ struct padlock_ctx *ctx = _ctx;
+ struct padlock_cipher_data *pcd;
- pcd = ALIGN16 (&ctx->expanded_key);
+ pcd = ALIGN16(&ctx->expanded_key);
- padlock_cbc_encrypt (dst, src, pcd, src_size);
+ padlock_cbc_encrypt(dst, src, pcd, src_size);
- return 0;
+ return 0;
}
-static void
-aes_deinit (void *_ctx)
+static void aes_deinit(void *_ctx)
{
- gnutls_free (_ctx);
+ gnutls_free(_ctx);
}
static const gnutls_crypto_cipher_st aes_padlock_struct = {
- .init = aes_cipher_init,
- .setkey = padlock_aes_cipher_setkey,
- .setiv = aes_setiv,
- .encrypt = padlock_aes_cbc_encrypt,
- .decrypt = padlock_aes_cbc_decrypt,
- .deinit = aes_deinit,
+ .init = aes_cipher_init,
+ .setkey = padlock_aes_cipher_setkey,
+ .setiv = aes_setiv,
+ .encrypt = padlock_aes_cbc_encrypt,
+ .decrypt = padlock_aes_cbc_decrypt,
+ .deinit = aes_deinit,
};
-static int
-check_padlock (void)
+static int check_padlock(void)
{
- unsigned int edx = padlock_capability ();
+ unsigned int edx = padlock_capability();
- return ((edx & (0x3 << 6)) == (0x3 << 6));
+ return ((edx & (0x3 << 6)) == (0x3 << 6));
}
-static int
-check_phe (void)
+static int check_phe(void)
{
- unsigned int edx = padlock_capability ();
+ unsigned int edx = padlock_capability();
- return ((edx & (0x3 << 10)) == (0x3 << 10));
+ return ((edx & (0x3 << 10)) == (0x3 << 10));
}
/* We are actually checking for SHA512 */
-static int
-check_phe_sha512 (void)
+static int check_phe_sha512(void)
{
- unsigned int edx = padlock_capability ();
+ unsigned int edx = padlock_capability();
- return ((edx & (0x3 << 25)) == (0x3 << 25));
+ return ((edx & (0x3 << 25)) == (0x3 << 25));
}
-static int
-check_phe_partial (void)
+static int check_phe_partial(void)
{
- const char* text = "test and test";
- uint32_t iv[5] = { 0x67452301UL, 0xEFCDAB89UL,
- 0x98BADCFEUL, 0x10325476UL, 0xC3D2E1F0UL };
-
- padlock_sha1_blocks (iv, text, sizeof(text)-1);
- padlock_sha1_blocks (iv, text, sizeof(text)-1);
-
- if (iv[0] == 0x9096E2D8UL && iv[1] == 0xA33074EEUL &&
- iv[2] == 0xCDBEE447UL && iv[3] == 0xEC7979D2UL &&
- iv[4] == 0x9D3FF5CFUL)
- return 1;
- else
- return 0;
+ const char *text = "test and test";
+ uint32_t iv[5] = { 0x67452301UL, 0xEFCDAB89UL,
+ 0x98BADCFEUL, 0x10325476UL, 0xC3D2E1F0UL
+ };
+
+ padlock_sha1_blocks(iv, text, sizeof(text) - 1);
+ padlock_sha1_blocks(iv, text, sizeof(text) - 1);
+
+ if (iv[0] == 0x9096E2D8UL && iv[1] == 0xA33074EEUL &&
+ iv[2] == 0xCDBEE447UL && iv[3] == 0xEC7979D2UL &&
+ iv[4] == 0x9D3FF5CFUL)
+ return 1;
+ else
+ return 0;
}
-static unsigned
-check_via (void)
+static unsigned check_via(void)
{
- unsigned int a, b, c, d;
- gnutls_cpuid (0, &a, &b, &c, &d);
+ unsigned int a, b, c, d;
+ gnutls_cpuid(0, &a, &b, &c, &d);
- if ((memcmp (&b, "Cent", 4) == 0 &&
- memcmp (&d, "aurH", 4) == 0 && memcmp (&c, "auls", 4) == 0))
- {
- return 1;
- }
+ if ((memcmp(&b, "Cent", 4) == 0 &&
+ memcmp(&d, "aurH", 4) == 0 && memcmp(&c, "auls", 4) == 0)) {
+ return 1;
+ }
- return 0;
+ return 0;
}
-void
-register_padlock_crypto (void)
+void register_padlock_crypto(void)
{
- int ret, phe;
-
- if (check_via () == 0)
- return;
- if (check_padlock ())
- {
- _gnutls_debug_log ("Padlock AES accelerator was detected\n");
- ret =
- gnutls_crypto_single_cipher_register
- (GNUTLS_CIPHER_AES_128_CBC, 80, &aes_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- /* register GCM ciphers */
- ret =
- gnutls_crypto_single_cipher_register
- (GNUTLS_CIPHER_AES_128_GCM, 80, &aes_gcm_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
+ int ret, phe;
+
+ if (check_via() == 0)
+ return;
+ if (check_padlock()) {
+ _gnutls_debug_log
+ ("Padlock AES accelerator was detected\n");
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_128_CBC, 80, &aes_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ /* register GCM ciphers */
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_128_GCM, 80,
+ &aes_gcm_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
#ifdef HAVE_LIBNETTLE
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_192_CBC,
- 80, &aes_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_CBC,
- 80, &aes_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM,
- 80, &aes_gcm_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_192_CBC, 80, &aes_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_256_CBC, 80, &aes_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_256_GCM, 80,
+ &aes_gcm_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
#endif
- }
-
+ }
#ifdef HAVE_LIBNETTLE
- phe = check_phe ();
-
- if (phe && check_phe_partial ())
- {
- _gnutls_debug_log ("Padlock SHA1 and SHA256 (partial) accelerator was detected\n");
- if (check_phe_sha512 ())
- {
- _gnutls_debug_log ("Padlock SHA512 (partial) accelerator was detected\n");
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA384,
- 80,
- &sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA512,
- 80,
- &sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA384,
- 80,
- &hmac_sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA512,
- 80,
- &hmac_sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
- }
-
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA1,
- 80, &sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA224,
- 80, &sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA256,
- 80, &sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA1,
- 80, &hmac_sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- /* we don't register MAC_SHA224 because it is not used by TLS */
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA256,
- 80, &hmac_sha_padlock_nano_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
- }
- else if (phe)
- {
- /* Original padlock PHE. Does not support incremental operations.
- */
- _gnutls_debug_log ("Padlock SHA1 and SHA256 accelerator was detected\n");
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA1,
- 80, &sha_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA256,
- 80, &sha_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA1,
- 80, &hmac_sha_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA256,
- 80, &hmac_sha_padlock_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
- }
+ phe = check_phe();
+
+ if (phe && check_phe_partial()) {
+ _gnutls_debug_log
+ ("Padlock SHA1 and SHA256 (partial) accelerator was detected\n");
+ if (check_phe_sha512()) {
+ _gnutls_debug_log
+ ("Padlock SHA512 (partial) accelerator was detected\n");
+ ret =
+ gnutls_crypto_single_digest_register
+ (GNUTLS_DIG_SHA384, 80,
+ &sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_digest_register
+ (GNUTLS_DIG_SHA512, 80,
+ &sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_mac_register
+ (GNUTLS_MAC_SHA384, 80,
+ &hmac_sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_mac_register
+ (GNUTLS_MAC_SHA512, 80,
+ &hmac_sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+ }
+
+ ret =
+ gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1,
+ 80,
+ &sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA224,
+ 80,
+ &sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA256,
+ 80,
+ &sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA1,
+ 80,
+ &hmac_sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ /* we don't register MAC_SHA224 because it is not used by TLS */
+
+ ret =
+ gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA256,
+ 80,
+ &hmac_sha_padlock_nano_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+ } else if (phe) {
+ /* Original padlock PHE. Does not support incremental operations.
+ */
+ _gnutls_debug_log
+ ("Padlock SHA1 and SHA256 accelerator was detected\n");
+ ret =
+ gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1,
+ 80,
+ &sha_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA256,
+ 80,
+ &sha_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA1,
+ 80,
+ &hmac_sha_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA256,
+ 80,
+ &hmac_sha_padlock_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+ }
#endif
- return;
+ return;
}
diff --git a/lib/accelerated/x86/aes-padlock.h b/lib/accelerated/x86/aes-padlock.h
index ccb8359af3..cd5d437c8f 100644
--- a/lib/accelerated/x86/aes-padlock.h
+++ b/lib/accelerated/x86/aes-padlock.h
@@ -1,30 +1,30 @@
#ifndef AES_PADLOCK_H
-# define AES_PADLOCK_H
+#define AES_PADLOCK_H
#include <gnutls_int.h>
#include <aes-x86.h>
struct padlock_cipher_data {
- unsigned char iv[16]; /* Initialization vector */
- union {
- unsigned int pad[4];
- struct {
- int rounds:4;
- int dgst:1; /* n/a in C3 */
- int align:1; /* n/a in C3 */
- int ciphr:1; /* n/a in C3 */
- unsigned int keygen:1;
- int interm:1;
- unsigned int encdec:1;
- int ksize:2;
- } b;
- } cword; /* Control word */
- AES_KEY ks; /* Encryption key */
+ unsigned char iv[16]; /* Initialization vector */
+ union {
+ unsigned int pad[4];
+ struct {
+ int rounds:4;
+ int dgst:1; /* n/a in C3 */
+ int align:1; /* n/a in C3 */
+ int ciphr:1; /* n/a in C3 */
+ unsigned int keygen:1;
+ int interm:1;
+ unsigned int encdec:1;
+ int ksize:2;
+ } b;
+ } cword; /* Control word */
+ AES_KEY ks; /* Encryption key */
};
struct padlock_ctx {
- struct padlock_cipher_data expanded_key;
- int enc;
+ struct padlock_cipher_data expanded_key;
+ int enc;
};
extern const gnutls_crypto_cipher_st aes_gcm_padlock_struct;
@@ -34,13 +34,14 @@ extern const gnutls_crypto_digest_st sha_padlock_struct;
extern const gnutls_crypto_mac_st hmac_sha_padlock_nano_struct;
extern const gnutls_crypto_digest_st sha_padlock_nano_struct;
-int padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize);
+int padlock_aes_cipher_setkey(void *_ctx, const void *userkey,
+ size_t keysize);
/* asm */
unsigned int padlock_capability(void);
void padlock_reload_key(void);
int padlock_ecb_encrypt(void *out, const void *inp,
- struct padlock_cipher_data *ctx, size_t len);
+ struct padlock_cipher_data *ctx, size_t len);
int padlock_cbc_encrypt(void *out, const void *inp,
- struct padlock_cipher_data *ctx, size_t len);
+ struct padlock_cipher_data *ctx, size_t len);
#endif
diff --git a/lib/accelerated/x86/aes-x86.c b/lib/accelerated/x86/aes-x86.c
index f3738bcde5..59e2b13280 100644
--- a/lib/accelerated/x86/aes-x86.c
+++ b/lib/accelerated/x86/aes-x86.c
@@ -32,192 +32,184 @@
#include <aes-x86.h>
#include <x86.h>
-struct aes_ctx
-{
- AES_KEY expanded_key;
- uint8_t iv[16];
- int enc;
+struct aes_ctx {
+ AES_KEY expanded_key;
+ uint8_t iv[16];
+ int enc;
};
static int
-aes_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
-{
- /* we use key size to distinguish */
- if (algorithm != GNUTLS_CIPHER_AES_128_CBC
- && algorithm != GNUTLS_CIPHER_AES_192_CBC
- && algorithm != GNUTLS_CIPHER_AES_256_CBC)
- return GNUTLS_E_INVALID_REQUEST;
-
- *_ctx = gnutls_calloc (1, sizeof (struct aes_ctx));
- if (*_ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ((struct aes_ctx*)(*_ctx))->enc = enc;
-
- return 0;
-}
-
-static int
-aes_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
+aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
{
- struct aes_ctx *ctx = _ctx;
- int ret;
+ /* we use key size to distinguish */
+ if (algorithm != GNUTLS_CIPHER_AES_128_CBC
+ && algorithm != GNUTLS_CIPHER_AES_192_CBC
+ && algorithm != GNUTLS_CIPHER_AES_256_CBC)
+ return GNUTLS_E_INVALID_REQUEST;
- if (ctx->enc)
- ret = aesni_set_encrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key));
- else
- ret = aesni_set_decrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key));
+ *_ctx = gnutls_calloc(1, sizeof(struct aes_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- if (ret != 0)
- return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
+ ((struct aes_ctx *) (*_ctx))->enc = enc;
- return 0;
+ return 0;
}
static int
-aes_setiv (void *_ctx, const void *iv, size_t iv_size)
+aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
- struct aes_ctx *ctx = _ctx;
+ struct aes_ctx *ctx = _ctx;
+ int ret;
+
+ if (ctx->enc)
+ ret =
+ aesni_set_encrypt_key(userkey, keysize * 8,
+ ALIGN16(&ctx->expanded_key));
+ else
+ ret =
+ aesni_set_decrypt_key(userkey, keysize * 8,
+ ALIGN16(&ctx->expanded_key));
+
+ if (ret != 0)
+ return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
+
+ return 0;
+}
+
+static int aes_setiv(void *_ctx, const void *iv, size_t iv_size)
+{
+ struct aes_ctx *ctx = _ctx;
- memcpy (ctx->iv, iv, 16);
- return 0;
+ memcpy(ctx->iv, iv, 16);
+ return 0;
}
static int
-aes_encrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_encrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct aes_ctx *ctx = _ctx;
+ struct aes_ctx *ctx = _ctx;
- aesni_cbc_encrypt (src, dst, src_size, ALIGN16(&ctx->expanded_key), ctx->iv, 1);
- return 0;
+ aesni_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
+ ctx->iv, 1);
+ return 0;
}
static int
-aes_decrypt (void *_ctx, const void *src, size_t src_size,
- void *dst, size_t dst_size)
+aes_decrypt(void *_ctx, const void *src, size_t src_size,
+ void *dst, size_t dst_size)
{
- struct aes_ctx *ctx = _ctx;
+ struct aes_ctx *ctx = _ctx;
- aesni_cbc_encrypt (src, dst, src_size, ALIGN16(&ctx->expanded_key), ctx->iv, 0);
+ aesni_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
+ ctx->iv, 0);
- return 0;
+ return 0;
}
-static void
-aes_deinit (void *_ctx)
+static void aes_deinit(void *_ctx)
{
- gnutls_free (_ctx);
+ gnutls_free(_ctx);
}
static const gnutls_crypto_cipher_st cipher_struct = {
- .init = aes_cipher_init,
- .setkey = aes_cipher_setkey,
- .setiv = aes_setiv,
- .encrypt = aes_encrypt,
- .decrypt = aes_decrypt,
- .deinit = aes_deinit,
+ .init = aes_cipher_init,
+ .setkey = aes_cipher_setkey,
+ .setiv = aes_setiv,
+ .encrypt = aes_encrypt,
+ .decrypt = aes_decrypt,
+ .deinit = aes_deinit,
};
-static unsigned
-check_optimized_aes (void)
+static unsigned check_optimized_aes(void)
{
- unsigned int a, b, c, d;
- gnutls_cpuid (1, &a, &b, &c, &d);
+ unsigned int a, b, c, d;
+ gnutls_cpuid(1, &a, &b, &c, &d);
- return (c & 0x2000000);
+ return (c & 0x2000000);
}
#ifdef ASM_X86_64
-static unsigned
-check_pclmul (void)
+static unsigned check_pclmul(void)
{
- unsigned int a, b, c, d;
- gnutls_cpuid (1, &a, &b, &c, &d);
+ unsigned int a, b, c, d;
+ gnutls_cpuid(1, &a, &b, &c, &d);
- return (c & 0x2);
+ return (c & 0x2);
}
#endif
-static unsigned
-check_intel_or_amd (void)
+static unsigned check_intel_or_amd(void)
{
- unsigned int a, b, c, d;
- gnutls_cpuid (0, &a, &b, &c, &d);
-
- if ((memcmp (&b, "Genu", 4) == 0 &&
- memcmp (&d, "ineI", 4) == 0 &&
- memcmp (&c, "ntel", 4) == 0) ||
- (memcmp (&b, "Auth", 4) == 0 &&
- memcmp (&d, "enti", 4) == 0 && memcmp (&c, "cAMD", 4) == 0))
- {
- return 1;
- }
-
- return 0;
+ unsigned int a, b, c, d;
+ gnutls_cpuid(0, &a, &b, &c, &d);
+
+ if ((memcmp(&b, "Genu", 4) == 0 &&
+ memcmp(&d, "ineI", 4) == 0 &&
+ memcmp(&c, "ntel", 4) == 0) ||
+ (memcmp(&b, "Auth", 4) == 0 &&
+ memcmp(&d, "enti", 4) == 0 && memcmp(&c, "cAMD", 4) == 0)) {
+ return 1;
+ }
+
+ return 0;
}
-void
-register_x86_crypto (void)
+void register_x86_crypto(void)
{
- int ret;
-
- if (check_intel_or_amd () == 0)
- return;
-
- if (check_optimized_aes ())
- {
- _gnutls_debug_log ("Intel AES accelerator was detected\n");
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_128_CBC, 80,
- &cipher_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_192_CBC, 80,
- &cipher_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_CBC, 80,
- &cipher_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
+ int ret;
+
+ if (check_intel_or_amd() == 0)
+ return;
+
+ if (check_optimized_aes()) {
+ _gnutls_debug_log("Intel AES accelerator was detected\n");
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_128_CBC, 80, &cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_192_CBC, 80, &cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_256_CBC, 80, &cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
#ifdef ASM_X86_64
- if (check_pclmul ())
- {
- /* register GCM ciphers */
- _gnutls_debug_log ("Intel GCM accelerator was detected\n");
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_128_GCM,
- 80, &aes_gcm_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- ret =
- gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM,
- 80, &aes_gcm_struct);
- if (ret < 0)
- {
- gnutls_assert ();
- }
- }
+ if (check_pclmul()) {
+ /* register GCM ciphers */
+ _gnutls_debug_log
+ ("Intel GCM accelerator was detected\n");
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_128_GCM, 80,
+ &aes_gcm_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret =
+ gnutls_crypto_single_cipher_register
+ (GNUTLS_CIPHER_AES_256_GCM, 80,
+ &aes_gcm_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+ }
#endif
- }
+ }
- return;
+ return;
}
diff --git a/lib/accelerated/x86/aes-x86.h b/lib/accelerated/x86/aes-x86.h
index 33764fe4fe..379dbe6fd7 100644
--- a/lib/accelerated/x86/aes-x86.h
+++ b/lib/accelerated/x86/aes-x86.h
@@ -1,9 +1,9 @@
#ifndef AES_X86_H
-# define AES_X86_H
+#define AES_X86_H
#include <gnutls_int.h>
-void register_x86_crypto (void);
+void register_x86_crypto(void);
void register_padlock_crypto(void);
#define ALIGN16(x) \
@@ -11,32 +11,30 @@ void register_padlock_crypto(void);
#define AES_KEY_ALIGN_SIZE 4
#define AES_MAXNR 14
-typedef struct
-{
- /* We add few more integers to allow alignment
- * on a 16-byte boundary.
- */
- uint32_t rd_key[4 * (AES_MAXNR + 1)+AES_KEY_ALIGN_SIZE];
- uint32_t rounds;
+typedef struct {
+ /* We add few more integers to allow alignment
+ * on a 16-byte boundary.
+ */
+ uint32_t rd_key[4 * (AES_MAXNR + 1) + AES_KEY_ALIGN_SIZE];
+ uint32_t rounds;
} AES_KEY;
-void aesni_ecb_encrypt (const unsigned char *in, unsigned char *out,
- size_t len, const AES_KEY * key,
- int enc);
+void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY * key, int enc);
-void aesni_cbc_encrypt (const unsigned char *in, unsigned char *out,
- size_t len, const AES_KEY * key,
- unsigned char *ivec, const int enc);
-int aesni_set_decrypt_key (const unsigned char *userKey, const int bits,
- AES_KEY * key);
-int aesni_set_encrypt_key (const unsigned char *userKey, const int bits,
- AES_KEY * key);
+void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY * key,
+ unsigned char *ivec, const int enc);
+int aesni_set_decrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY * key);
+int aesni_set_encrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY * key);
void aesni_ctr32_encrypt_blocks(const unsigned char *in,
- unsigned char *out,
- size_t blocks,
- const void *key,
- const unsigned char *ivec);
+ unsigned char *out,
+ size_t blocks,
+ const void *key,
+ const unsigned char *ivec);
extern const gnutls_crypto_cipher_st aes_gcm_struct;
diff --git a/lib/accelerated/x86/hmac-padlock.c b/lib/accelerated/x86/hmac-padlock.c
index 8e281f9a94..eb76a9d607 100644
--- a/lib/accelerated/x86/hmac-padlock.c
+++ b/lib/accelerated/x86/hmac-padlock.c
@@ -44,312 +44,305 @@ typedef void (*update_func) (void *, unsigned, const uint8_t *);
typedef void (*digest_func) (void *, unsigned, uint8_t *);
typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
-struct padlock_hmac_ctx
-{
- union
- {
- struct hmac_sha224_ctx sha224;
- struct hmac_sha256_ctx sha256;
- struct hmac_sha384_ctx sha384;
- struct hmac_sha512_ctx sha512;
- struct hmac_sha1_ctx sha1;
- } ctx;
-
- void *ctx_ptr;
- gnutls_mac_algorithm_t algo;
- size_t length;
- update_func update;
- digest_func digest;
- set_key_func setkey;
+struct padlock_hmac_ctx {
+ union {
+ struct hmac_sha224_ctx sha224;
+ struct hmac_sha256_ctx sha256;
+ struct hmac_sha384_ctx sha384;
+ struct hmac_sha512_ctx sha512;
+ struct hmac_sha1_ctx sha1;
+ } ctx;
+
+ void *ctx_ptr;
+ gnutls_mac_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
+ set_key_func setkey;
};
static void
-padlock_hmac_sha1_set_key (struct hmac_sha1_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+padlock_hmac_sha1_set_key(struct hmac_sha1_ctx *ctx,
+ unsigned key_length, const uint8_t * key)
{
- HMAC_SET_KEY (ctx, &padlock_sha1, key_length, key);
+ HMAC_SET_KEY(ctx, &padlock_sha1, key_length, key);
}
static void
-padlock_hmac_sha1_update (struct hmac_sha1_ctx *ctx,
- unsigned length, const uint8_t * data)
+padlock_hmac_sha1_update(struct hmac_sha1_ctx *ctx,
+ unsigned length, const uint8_t * data)
{
- padlock_sha1_update (&ctx->state, length, data);
+ padlock_sha1_update(&ctx->state, length, data);
}
static void
-padlock_hmac_sha1_digest (struct hmac_sha1_ctx *ctx,
- unsigned length, uint8_t * digest)
+padlock_hmac_sha1_digest(struct hmac_sha1_ctx *ctx,
+ unsigned length, uint8_t * digest)
{
- HMAC_DIGEST (ctx, &padlock_sha1, length, digest);
+ HMAC_DIGEST(ctx, &padlock_sha1, length, digest);
}
static void
-padlock_hmac_sha256_set_key (struct hmac_sha256_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+padlock_hmac_sha256_set_key(struct hmac_sha256_ctx *ctx,
+ unsigned key_length, const uint8_t * key)
{
- HMAC_SET_KEY (ctx, &padlock_sha256, key_length, key);
+ HMAC_SET_KEY(ctx, &padlock_sha256, key_length, key);
}
static void
-padlock_hmac_sha256_update (struct hmac_sha256_ctx *ctx,
- unsigned length, const uint8_t * data)
+padlock_hmac_sha256_update(struct hmac_sha256_ctx *ctx,
+ unsigned length, const uint8_t * data)
{
- padlock_sha256_update (&ctx->state, length, data);
+ padlock_sha256_update(&ctx->state, length, data);
}
static void
-padlock_hmac_sha256_digest (struct hmac_sha256_ctx *ctx,
- unsigned length, uint8_t * digest)
+padlock_hmac_sha256_digest(struct hmac_sha256_ctx *ctx,
+ unsigned length, uint8_t * digest)
{
- HMAC_DIGEST (ctx, &padlock_sha256, length, digest);
+ HMAC_DIGEST(ctx, &padlock_sha256, length, digest);
}
static void
-padlock_hmac_sha224_set_key (struct hmac_sha224_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+padlock_hmac_sha224_set_key(struct hmac_sha224_ctx *ctx,
+ unsigned key_length, const uint8_t * key)
{
- HMAC_SET_KEY (ctx, &padlock_sha224, key_length, key);
+ HMAC_SET_KEY(ctx, &padlock_sha224, key_length, key);
}
static void
-padlock_hmac_sha224_digest (struct hmac_sha224_ctx *ctx,
- unsigned length, uint8_t * digest)
+padlock_hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
+ unsigned length, uint8_t * digest)
{
- HMAC_DIGEST (ctx, &padlock_sha224, length, digest);
+ HMAC_DIGEST(ctx, &padlock_sha224, length, digest);
}
static void
-padlock_hmac_sha384_set_key (struct hmac_sha384_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+padlock_hmac_sha384_set_key(struct hmac_sha384_ctx *ctx,
+ unsigned key_length, const uint8_t * key)
{
- HMAC_SET_KEY (ctx, &padlock_sha384, key_length, key);
+ HMAC_SET_KEY(ctx, &padlock_sha384, key_length, key);
}
static void
-padlock_hmac_sha384_digest (struct hmac_sha384_ctx *ctx,
- unsigned length, uint8_t * digest)
+padlock_hmac_sha384_digest(struct hmac_sha384_ctx *ctx,
+ unsigned length, uint8_t * digest)
{
- HMAC_DIGEST (ctx, &padlock_sha384, length, digest);
+ HMAC_DIGEST(ctx, &padlock_sha384, length, digest);
}
static void
-padlock_hmac_sha512_set_key (struct hmac_sha512_ctx *ctx,
- unsigned key_length, const uint8_t * key)
+padlock_hmac_sha512_set_key(struct hmac_sha512_ctx *ctx,
+ unsigned key_length, const uint8_t * key)
{
- HMAC_SET_KEY (ctx, &padlock_sha512, key_length, key);
+ HMAC_SET_KEY(ctx, &padlock_sha512, key_length, key);
}
static void
-padlock_hmac_sha512_update (struct hmac_sha512_ctx *ctx,
- unsigned length, const uint8_t * data)
+padlock_hmac_sha512_update(struct hmac_sha512_ctx *ctx,
+ unsigned length, const uint8_t * data)
{
- padlock_sha512_update (&ctx->state, length, data);
+ padlock_sha512_update(&ctx->state, length, data);
}
static void
-padlock_hmac_sha512_digest (struct hmac_sha512_ctx *ctx,
- unsigned length, uint8_t * digest)
+padlock_hmac_sha512_digest(struct hmac_sha512_ctx *ctx,
+ unsigned length, uint8_t * digest)
{
- HMAC_DIGEST (ctx, &padlock_sha512, length, digest);
+ HMAC_DIGEST(ctx, &padlock_sha512, length, digest);
}
static int
-_hmac_ctx_init (gnutls_mac_algorithm_t algo, struct padlock_hmac_ctx *ctx)
+_hmac_ctx_init(gnutls_mac_algorithm_t algo, struct padlock_hmac_ctx *ctx)
{
- switch (algo)
- {
- case GNUTLS_MAC_SHA1:
- ctx->update = (update_func) padlock_hmac_sha1_update;
- ctx->digest = (digest_func) padlock_hmac_sha1_digest;
- ctx->setkey = (set_key_func) padlock_hmac_sha1_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha1;
- ctx->length = SHA1_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA224:
- ctx->update = (update_func) padlock_hmac_sha256_update;
- ctx->digest = (digest_func) padlock_hmac_sha224_digest;
- ctx->setkey = (set_key_func) padlock_hmac_sha224_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA256:
- ctx->update = (update_func) padlock_hmac_sha256_update;
- ctx->digest = (digest_func) padlock_hmac_sha256_digest;
- ctx->setkey = (set_key_func) padlock_hmac_sha256_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha256;
- ctx->length = SHA256_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA384:
- ctx->update = (update_func) padlock_hmac_sha512_update;
- ctx->digest = (digest_func) padlock_hmac_sha384_digest;
- ctx->setkey = (set_key_func) padlock_hmac_sha384_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha384;
- ctx->length = SHA384_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA512:
- ctx->update = (update_func) padlock_hmac_sha512_update;
- ctx->digest = (digest_func) padlock_hmac_sha512_digest;
- ctx->setkey = (set_key_func) padlock_hmac_sha512_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha512;
- ctx->length = SHA512_DIGEST_SIZE;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ switch (algo) {
+ case GNUTLS_MAC_SHA1:
+ ctx->update = (update_func) padlock_hmac_sha1_update;
+ ctx->digest = (digest_func) padlock_hmac_sha1_digest;
+ ctx->setkey = (set_key_func) padlock_hmac_sha1_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA224:
+ ctx->update = (update_func) padlock_hmac_sha256_update;
+ ctx->digest = (digest_func) padlock_hmac_sha224_digest;
+ ctx->setkey = (set_key_func) padlock_hmac_sha224_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA256:
+ ctx->update = (update_func) padlock_hmac_sha256_update;
+ ctx->digest = (digest_func) padlock_hmac_sha256_digest;
+ ctx->setkey = (set_key_func) padlock_hmac_sha256_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA384:
+ ctx->update = (update_func) padlock_hmac_sha512_update;
+ ctx->digest = (digest_func) padlock_hmac_sha384_digest;
+ ctx->setkey = (set_key_func) padlock_hmac_sha384_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA512:
+ ctx->update = (update_func) padlock_hmac_sha512_update;
+ ctx->digest = (digest_func) padlock_hmac_sha512_digest;
+ ctx->setkey = (set_key_func) padlock_hmac_sha512_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
-static int
-wrap_padlock_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx)
+static int wrap_padlock_hmac_init(gnutls_mac_algorithm_t algo, void **_ctx)
{
- struct padlock_hmac_ctx *ctx;
- int ret;
+ struct padlock_hmac_ctx *ctx;
+ int ret;
- ctx = gnutls_calloc (1, sizeof (struct padlock_hmac_ctx));
- if (ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ctx = gnutls_calloc(1, sizeof(struct padlock_hmac_ctx));
+ if (ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx->algo = algo;
+ ctx->algo = algo;
- ret = _hmac_ctx_init (algo, ctx);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ ret = _hmac_ctx_init(algo, ctx);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- *_ctx = ctx;
+ *_ctx = ctx;
- return 0;
+ return 0;
}
static int
-wrap_padlock_hmac_setkey (void *_ctx, const void *key, size_t keylen)
+wrap_padlock_hmac_setkey(void *_ctx, const void *key, size_t keylen)
{
- struct padlock_hmac_ctx *ctx = _ctx;
+ struct padlock_hmac_ctx *ctx = _ctx;
- ctx->setkey (ctx->ctx_ptr, keylen, key);
+ ctx->setkey(ctx->ctx_ptr, keylen, key);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
static int
-wrap_padlock_hmac_update (void *_ctx, const void *text, size_t textsize)
+wrap_padlock_hmac_update(void *_ctx, const void *text, size_t textsize)
{
- struct padlock_hmac_ctx *ctx = _ctx;
+ struct padlock_hmac_ctx *ctx = _ctx;
- ctx->update (ctx->ctx_ptr, textsize, text);
+ ctx->update(ctx->ctx_ptr, textsize, text);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
static int
-wrap_padlock_hmac_output (void *src_ctx, void *digest, size_t digestsize)
+wrap_padlock_hmac_output(void *src_ctx, void *digest, size_t digestsize)
{
- struct padlock_hmac_ctx *ctx;
- ctx = src_ctx;
+ struct padlock_hmac_ctx *ctx;
+ ctx = src_ctx;
- if (digestsize < ctx->length)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (digestsize < ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- ctx->digest (ctx->ctx_ptr, digestsize, digest);
+ ctx->digest(ctx->ctx_ptr, digestsize, digest);
- return 0;
+ return 0;
}
-static void
-wrap_padlock_hmac_deinit (void *hd)
+static void wrap_padlock_hmac_deinit(void *hd)
{
- gnutls_free (hd);
+ gnutls_free(hd);
}
static int
-wrap_padlock_hmac_fast (gnutls_mac_algorithm_t algo,
- const void* nonce, size_t nonce_size,
- const void *key, size_t key_size, const void *text,
- size_t text_size, void *digest)
+wrap_padlock_hmac_fast(gnutls_mac_algorithm_t algo,
+ const void *nonce, size_t nonce_size,
+ const void *key, size_t key_size, const void *text,
+ size_t text_size, void *digest)
{
- if (algo == GNUTLS_MAC_SHA1 || algo == GNUTLS_MAC_SHA256)
- {
- unsigned char *pad;
- unsigned char pad2[SHA1_DATA_SIZE + MAX_SHA_DIGEST_SIZE];
- unsigned char hkey[MAX_SHA_DIGEST_SIZE];
- unsigned int digest_size = _gnutls_mac_get_algo_len (mac_to_entry(algo));
+ if (algo == GNUTLS_MAC_SHA1 || algo == GNUTLS_MAC_SHA256) {
+ unsigned char *pad;
+ unsigned char pad2[SHA1_DATA_SIZE + MAX_SHA_DIGEST_SIZE];
+ unsigned char hkey[MAX_SHA_DIGEST_SIZE];
+ unsigned int digest_size =
+ _gnutls_mac_get_algo_len(mac_to_entry(algo));
- if (key_size > SHA1_DATA_SIZE)
- {
- wrap_padlock_hash_fast ((gnutls_digest_algorithm_t)algo, key, key_size, hkey);
- key = hkey;
- key_size = digest_size;
- }
+ if (key_size > SHA1_DATA_SIZE) {
+ wrap_padlock_hash_fast((gnutls_digest_algorithm_t)
+ algo, key, key_size, hkey);
+ key = hkey;
+ key_size = digest_size;
+ }
- pad = gnutls_malloc (text_size + SHA1_DATA_SIZE);
- if (pad == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ pad = gnutls_malloc(text_size + SHA1_DATA_SIZE);
+ if (pad == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- memset (pad, IPAD, SHA1_DATA_SIZE);
- memxor (pad, key, key_size);
+ memset(pad, IPAD, SHA1_DATA_SIZE);
+ memxor(pad, key, key_size);
- memcpy (&pad[SHA1_DATA_SIZE], text, text_size);
+ memcpy(&pad[SHA1_DATA_SIZE], text, text_size);
- wrap_padlock_hash_fast ((gnutls_digest_algorithm_t)algo, pad, text_size + SHA1_DATA_SIZE,
- &pad2[SHA1_DATA_SIZE]);
+ wrap_padlock_hash_fast((gnutls_digest_algorithm_t) algo,
+ pad, text_size + SHA1_DATA_SIZE,
+ &pad2[SHA1_DATA_SIZE]);
- gnutls_free (pad);
+ gnutls_free(pad);
- memset (pad2, OPAD, SHA1_DATA_SIZE);
- memxor (pad2, key, key_size);
+ memset(pad2, OPAD, SHA1_DATA_SIZE);
+ memxor(pad2, key, key_size);
- wrap_padlock_hash_fast ((gnutls_digest_algorithm_t)algo, pad2, digest_size + SHA1_DATA_SIZE,
- digest);
+ wrap_padlock_hash_fast((gnutls_digest_algorithm_t) algo,
+ pad2, digest_size + SHA1_DATA_SIZE,
+ digest);
- }
- else
- {
- struct padlock_hmac_ctx ctx;
- int ret;
+ } else {
+ struct padlock_hmac_ctx ctx;
+ int ret;
- ret = _hmac_ctx_init (algo, &ctx);
- if (ret < 0)
- return gnutls_assert_val (ret);
- ctx.algo = algo;
+ ret = _hmac_ctx_init(algo, &ctx);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ ctx.algo = algo;
- wrap_padlock_hmac_setkey (&ctx, key, key_size);
+ wrap_padlock_hmac_setkey(&ctx, key, key_size);
- wrap_padlock_hmac_update (&ctx, text, text_size);
+ wrap_padlock_hmac_update(&ctx, text, text_size);
- wrap_padlock_hmac_output (&ctx, digest, ctx.length);
- wrap_padlock_hmac_deinit (&ctx);
- }
+ wrap_padlock_hmac_output(&ctx, digest, ctx.length);
+ wrap_padlock_hmac_deinit(&ctx);
+ }
- return 0;
+ return 0;
}
const gnutls_crypto_mac_st hmac_sha_padlock_struct = {
- .init = NULL,
- .setkey = NULL,
- .setnonce = NULL,
- .hash = NULL,
- .output = NULL,
- .deinit = NULL,
- .fast = wrap_padlock_hmac_fast
+ .init = NULL,
+ .setkey = NULL,
+ .setnonce = NULL,
+ .hash = NULL,
+ .output = NULL,
+ .deinit = NULL,
+ .fast = wrap_padlock_hmac_fast
};
const gnutls_crypto_mac_st hmac_sha_padlock_nano_struct = {
- .init = wrap_padlock_hmac_init,
- .setkey = wrap_padlock_hmac_setkey,
- .setnonce = NULL,
- .hash = wrap_padlock_hmac_update,
- .output = wrap_padlock_hmac_output,
- .deinit = wrap_padlock_hmac_deinit,
- .fast = wrap_padlock_hmac_fast,
+ .init = wrap_padlock_hmac_init,
+ .setkey = wrap_padlock_hmac_setkey,
+ .setnonce = NULL,
+ .hash = wrap_padlock_hmac_update,
+ .output = wrap_padlock_hmac_output,
+ .deinit = wrap_padlock_hmac_deinit,
+ .fast = wrap_padlock_hmac_fast,
};
-#endif /* HAVE_LIBNETTLE */
+#endif /* HAVE_LIBNETTLE */
diff --git a/lib/accelerated/x86/sha-padlock.c b/lib/accelerated/x86/sha-padlock.c
index 1ba5a08f2e..bafe637184 100644
--- a/lib/accelerated/x86/sha-padlock.c
+++ b/lib/accelerated/x86/sha-padlock.c
@@ -38,38 +38,35 @@ typedef void (*digest_func) (void *, unsigned, uint8_t *);
typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
typedef void (*init_func) (void *);
-struct padlock_hash_ctx
-{
- union
- {
- struct sha1_ctx sha1;
- struct sha224_ctx sha224;
- struct sha256_ctx sha256;
- struct sha384_ctx sha384;
- struct sha512_ctx sha512;
- } ctx;
- void *ctx_ptr;
- gnutls_digest_algorithm_t algo;
- size_t length;
- update_func update;
- digest_func digest;
- init_func init;
+struct padlock_hash_ctx {
+ union {
+ struct sha1_ctx sha1;
+ struct sha224_ctx sha224;
+ struct sha256_ctx sha256;
+ struct sha384_ctx sha384;
+ struct sha512_ctx sha512;
+ } ctx;
+ void *ctx_ptr;
+ gnutls_digest_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
+ init_func init;
};
static int
-wrap_padlock_hash_update (void *_ctx, const void *text, size_t textsize)
+wrap_padlock_hash_update(void *_ctx, const void *text, size_t textsize)
{
- struct padlock_hash_ctx *ctx = _ctx;
+ struct padlock_hash_ctx *ctx = _ctx;
- ctx->update (ctx->ctx_ptr, textsize, text);
+ ctx->update(ctx->ctx_ptr, textsize, text);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
-static void
-wrap_padlock_hash_deinit (void *hd)
+static void wrap_padlock_hash_deinit(void *hd)
{
- gnutls_free (hd);
+ gnutls_free(hd);
}
#define SHA1_COMPRESS(ctx, data) (padlock_sha1_blocks((void*)(ctx)->state, data, 1))
@@ -78,293 +75,280 @@ wrap_padlock_hash_deinit (void *hd)
void
padlock_sha1_update(struct sha1_ctx *ctx,
- unsigned length, const uint8_t *data)
+ unsigned length, const uint8_t * data)
{
- MD_UPDATE (ctx, length, data, SHA1_COMPRESS, MD_INCR(ctx));
+ MD_UPDATE(ctx, length, data, SHA1_COMPRESS, MD_INCR(ctx));
}
void
padlock_sha256_update(struct sha256_ctx *ctx,
- unsigned length, const uint8_t *data)
+ unsigned length, const uint8_t * data)
{
- MD_UPDATE (ctx, length, data, SHA256_COMPRESS, MD_INCR(ctx));
+ MD_UPDATE(ctx, length, data, SHA256_COMPRESS, MD_INCR(ctx));
}
void
padlock_sha512_update(struct sha512_ctx *ctx,
- unsigned length, const uint8_t *data)
+ unsigned length, const uint8_t * data)
{
- MD_UPDATE (ctx, length, data, SHA512_COMPRESS, MD_INCR(ctx));
+ MD_UPDATE(ctx, length, data, SHA512_COMPRESS, MD_INCR(ctx));
}
static void
-_nettle_write_be32(unsigned length, uint8_t *dst,
- uint32_t *src)
+_nettle_write_be32(unsigned length, uint8_t * dst, uint32_t * src)
{
- unsigned i;
- unsigned words;
- unsigned leftover;
-
- words = length / 4;
- leftover = length % 4;
-
- for (i = 0; i < words; i++, dst += 4)
- WRITE_UINT32(dst, src[i]);
-
- if (leftover)
- {
- uint32_t word;
- unsigned j = leftover;
-
- word = src[i];
-
- switch (leftover)
- {
- default:
- abort();
- case 3:
- dst[--j] = (word >> 8) & 0xff;
- /* Fall through */
- case 2:
- dst[--j] = (word >> 16) & 0xff;
- /* Fall through */
- case 1:
- dst[--j] = (word >> 24) & 0xff;
+ unsigned i;
+ unsigned words;
+ unsigned leftover;
+
+ words = length / 4;
+ leftover = length % 4;
+
+ for (i = 0; i < words; i++, dst += 4)
+ WRITE_UINT32(dst, src[i]);
+
+ if (leftover) {
+ uint32_t word;
+ unsigned j = leftover;
+
+ word = src[i];
+
+ switch (leftover) {
+ default:
+ abort();
+ case 3:
+ dst[--j] = (word >> 8) & 0xff;
+ /* Fall through */
+ case 2:
+ dst[--j] = (word >> 16) & 0xff;
+ /* Fall through */
+ case 1:
+ dst[--j] = (word >> 24) & 0xff;
+ }
}
- }
}
static void
padlock_sha1_digest(struct sha1_ctx *ctx,
- unsigned length, uint8_t *digest)
+ unsigned length, uint8_t * digest)
{
- uint32_t high, low;
+ uint32_t high, low;
- assert(length <= SHA1_DIGEST_SIZE);
+ assert(length <= SHA1_DIGEST_SIZE);
- MD_PAD(ctx, 8, SHA1_COMPRESS);
+ MD_PAD(ctx, 8, SHA1_COMPRESS);
- /* There are 512 = 2^9 bits in one block */
- high = (ctx->count_high << 9) | (ctx->count_low >> 23);
- low = (ctx->count_low << 9) | (ctx->index << 3);
+ /* There are 512 = 2^9 bits in one block */
+ high = (ctx->count_high << 9) | (ctx->count_low >> 23);
+ low = (ctx->count_low << 9) | (ctx->index << 3);
- /* append the 64 bit count */
- WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 8), high);
- WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 4), low);
- SHA1_COMPRESS(ctx, ctx->block);
+ /* append the 64 bit count */
+ WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 8), high);
+ WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 4), low);
+ SHA1_COMPRESS(ctx, ctx->block);
- _nettle_write_be32(length, digest, ctx->state);
+ _nettle_write_be32(length, digest, ctx->state);
}
static void
padlock_sha256_digest(struct sha256_ctx *ctx,
- unsigned length,
- uint8_t *digest)
+ unsigned length, uint8_t * digest)
{
- uint32_t high, low;
+ uint32_t high, low;
- assert(length <= SHA256_DIGEST_SIZE);
+ assert(length <= SHA256_DIGEST_SIZE);
- MD_PAD(ctx, 8, SHA256_COMPRESS);
+ MD_PAD(ctx, 8, SHA256_COMPRESS);
- /* There are 512 = 2^9 bits in one block */
- high = (ctx->count_high << 9) | (ctx->count_low >> 23);
- low = (ctx->count_low << 9) | (ctx->index << 3);
+ /* There are 512 = 2^9 bits in one block */
+ high = (ctx->count_high << 9) | (ctx->count_low >> 23);
+ low = (ctx->count_low << 9) | (ctx->index << 3);
- /* This is slightly inefficient, as the numbers are converted to
- big-endian format, and will be converted back by the compression
- function. It's probably not worth the effort to fix this. */
- WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 8), high);
- WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 4), low);
- SHA256_COMPRESS(ctx, ctx->block);
+ /* This is slightly inefficient, as the numbers are converted to
+ big-endian format, and will be converted back by the compression
+ function. It's probably not worth the effort to fix this. */
+ WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 8), high);
+ WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 4), low);
+ SHA256_COMPRESS(ctx, ctx->block);
- _nettle_write_be32(length, digest, ctx->state);
+ _nettle_write_be32(length, digest, ctx->state);
}
static void
padlock_sha512_digest(struct sha512_ctx *ctx,
- unsigned length,
- uint8_t *digest)
+ unsigned length, uint8_t * digest)
{
- uint64_t high, low;
+ uint64_t high, low;
- unsigned i;
- unsigned words;
- unsigned leftover;
+ unsigned i;
+ unsigned words;
+ unsigned leftover;
- assert(length <= SHA512_DIGEST_SIZE);
+ assert(length <= SHA512_DIGEST_SIZE);
- MD_PAD(ctx, 16, SHA512_COMPRESS);
+ MD_PAD(ctx, 16, SHA512_COMPRESS);
- /* There are 1024 = 2^10 bits in one block */
- high = (ctx->count_high << 10) | (ctx->count_low >> 54);
- low = (ctx->count_low << 10) | (ctx->index << 3);
+ /* There are 1024 = 2^10 bits in one block */
+ high = (ctx->count_high << 10) | (ctx->count_low >> 54);
+ low = (ctx->count_low << 10) | (ctx->index << 3);
- /* This is slightly inefficient, as the numbers are converted to
- big-endian format, and will be converted back by the compression
- function. It's probably not worth the effort to fix this. */
- WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 16), high);
- WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 8), low);
- SHA512_COMPRESS(ctx, ctx->block);
+ /* This is slightly inefficient, as the numbers are converted to
+ big-endian format, and will be converted back by the compression
+ function. It's probably not worth the effort to fix this. */
+ WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 16), high);
+ WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 8), low);
+ SHA512_COMPRESS(ctx, ctx->block);
- words = length / 8;
- leftover = length % 8;
+ words = length / 8;
+ leftover = length % 8;
- for (i = 0; i < words; i++, digest += 8)
- WRITE_UINT64(digest, ctx->state[i]);
+ for (i = 0; i < words; i++, digest += 8)
+ WRITE_UINT64(digest, ctx->state[i]);
- if (leftover)
- {
- /* Truncate to the right size */
- uint64_t word = ctx->state[i] >> (8*(8 - leftover));
+ if (leftover) {
+ /* Truncate to the right size */
+ uint64_t word = ctx->state[i] >> (8 * (8 - leftover));
- do {
- digest[--leftover] = word & 0xff;
- word >>= 8;
- } while (leftover);
- }
+ do {
+ digest[--leftover] = word & 0xff;
+ word >>= 8;
+ } while (leftover);
+ }
}
-static int _ctx_init(gnutls_digest_algorithm_t algo, struct padlock_hash_ctx *ctx)
+static int _ctx_init(gnutls_digest_algorithm_t algo,
+ struct padlock_hash_ctx *ctx)
{
- switch (algo)
- {
- case GNUTLS_DIG_SHA1:
- sha1_init (&ctx->ctx.sha1);
- ctx->update = (update_func) padlock_sha1_update;
- ctx->digest = (digest_func) padlock_sha1_digest;
- ctx->init = (init_func)sha1_init;
- ctx->ctx_ptr = &ctx->ctx.sha1;
- ctx->length = SHA1_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA224:
- sha224_init (&ctx->ctx.sha224);
- ctx->update = (update_func) padlock_sha256_update;
- ctx->digest = (digest_func) padlock_sha256_digest;
- ctx->init = (init_func)sha224_init;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA256:
- sha256_init (&ctx->ctx.sha256);
- ctx->update = (update_func) padlock_sha256_update;
- ctx->digest = (digest_func) padlock_sha256_digest;
- ctx->init = (init_func)sha256_init;
- ctx->ctx_ptr = &ctx->ctx.sha256;
- ctx->length = SHA256_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA384:
- sha384_init (&ctx->ctx.sha384);
- ctx->update = (update_func) padlock_sha512_update;
- ctx->digest = (digest_func) padlock_sha512_digest;
- ctx->init = (init_func)sha384_init;
- ctx->ctx_ptr = &ctx->ctx.sha384;
- ctx->length = SHA384_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA512:
- sha512_init (&ctx->ctx.sha512);
- ctx->update = (update_func) padlock_sha512_update;
- ctx->digest = (digest_func) padlock_sha512_digest;
- ctx->init = (init_func)sha512_init;
- ctx->ctx_ptr = &ctx->ctx.sha512;
- ctx->length = SHA512_DIGEST_SIZE;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ switch (algo) {
+ case GNUTLS_DIG_SHA1:
+ sha1_init(&ctx->ctx.sha1);
+ ctx->update = (update_func) padlock_sha1_update;
+ ctx->digest = (digest_func) padlock_sha1_digest;
+ ctx->init = (init_func) sha1_init;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA224:
+ sha224_init(&ctx->ctx.sha224);
+ ctx->update = (update_func) padlock_sha256_update;
+ ctx->digest = (digest_func) padlock_sha256_digest;
+ ctx->init = (init_func) sha224_init;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA256:
+ sha256_init(&ctx->ctx.sha256);
+ ctx->update = (update_func) padlock_sha256_update;
+ ctx->digest = (digest_func) padlock_sha256_digest;
+ ctx->init = (init_func) sha256_init;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA384:
+ sha384_init(&ctx->ctx.sha384);
+ ctx->update = (update_func) padlock_sha512_update;
+ ctx->digest = (digest_func) padlock_sha512_digest;
+ ctx->init = (init_func) sha384_init;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA512:
+ sha512_init(&ctx->ctx.sha512);
+ ctx->update = (update_func) padlock_sha512_update;
+ ctx->digest = (digest_func) padlock_sha512_digest;
+ ctx->init = (init_func) sha512_init;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
static int
-wrap_padlock_hash_init (gnutls_digest_algorithm_t algo, void **_ctx)
+wrap_padlock_hash_init(gnutls_digest_algorithm_t algo, void **_ctx)
{
- struct padlock_hash_ctx *ctx;
- int ret;
+ struct padlock_hash_ctx *ctx;
+ int ret;
- ctx = gnutls_malloc (sizeof (struct padlock_hash_ctx));
- if (ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ctx = gnutls_malloc(sizeof(struct padlock_hash_ctx));
+ if (ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx->algo = algo;
+ ctx->algo = algo;
- if ((ret=_ctx_init( algo, ctx)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if ((ret = _ctx_init(algo, ctx)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- *_ctx = ctx;
+ *_ctx = ctx;
- return 0;
+ return 0;
}
static int
-wrap_padlock_hash_output (void *src_ctx, void *digest, size_t digestsize)
+wrap_padlock_hash_output(void *src_ctx, void *digest, size_t digestsize)
{
- struct padlock_hash_ctx *ctx;
- ctx = src_ctx;
+ struct padlock_hash_ctx *ctx;
+ ctx = src_ctx;
- if (digestsize < ctx->length)
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ if (digestsize < ctx->length)
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- ctx->digest (ctx->ctx_ptr, digestsize, digest);
+ ctx->digest(ctx->ctx_ptr, digestsize, digest);
- ctx->init( ctx->ctx_ptr);
+ ctx->init(ctx->ctx_ptr);
- return 0;
+ return 0;
}
-int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo,
- const void* text, size_t text_size,
- void* digest)
+int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo,
+ const void *text, size_t text_size,
+ void *digest)
{
- if (algo == GNUTLS_DIG_SHA1)
- {
- uint32_t iv[5] =
- {
- 0x67452301UL,
- 0xEFCDAB89UL,
- 0x98BADCFEUL,
- 0x10325476UL,
- 0xC3D2E1F0UL,
- };
- padlock_sha1_oneshot (iv, text, text_size);
- _nettle_write_be32(20, digest, iv);
- }
- else if (algo == GNUTLS_DIG_SHA256)
- {
- uint32_t iv[8] =
- {
- 0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL, 0xa54ff53aUL,
- 0x510e527fUL, 0x9b05688cUL, 0x1f83d9abUL, 0x5be0cd19UL,
- };
- padlock_sha256_oneshot (iv, text, text_size);
- _nettle_write_be32(32, digest, iv);
- }
- else
- {
- struct padlock_hash_ctx ctx;
- int ret;
-
- ret = _ctx_init(algo, &ctx);
- if (ret < 0)
- return gnutls_assert_val(ret);
- ctx.algo = algo;
-
- wrap_padlock_hash_update(&ctx, text, text_size);
-
- wrap_padlock_hash_output(&ctx, digest, ctx.length);
- wrap_padlock_hash_deinit(&ctx);
- }
-
- return 0;
+ if (algo == GNUTLS_DIG_SHA1) {
+ uint32_t iv[5] = {
+ 0x67452301UL,
+ 0xEFCDAB89UL,
+ 0x98BADCFEUL,
+ 0x10325476UL,
+ 0xC3D2E1F0UL,
+ };
+ padlock_sha1_oneshot(iv, text, text_size);
+ _nettle_write_be32(20, digest, iv);
+ } else if (algo == GNUTLS_DIG_SHA256) {
+ uint32_t iv[8] = {
+ 0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL,
+ 0xa54ff53aUL,
+ 0x510e527fUL, 0x9b05688cUL, 0x1f83d9abUL,
+ 0x5be0cd19UL,
+ };
+ padlock_sha256_oneshot(iv, text, text_size);
+ _nettle_write_be32(32, digest, iv);
+ } else {
+ struct padlock_hash_ctx ctx;
+ int ret;
+
+ ret = _ctx_init(algo, &ctx);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ ctx.algo = algo;
+
+ wrap_padlock_hash_update(&ctx, text, text_size);
+
+ wrap_padlock_hash_output(&ctx, digest, ctx.length);
+ wrap_padlock_hash_deinit(&ctx);
+ }
+
+ return 0;
}
const struct nettle_hash padlock_sha1 = _NETTLE_HASH(sha1, SHA1);
@@ -374,19 +358,19 @@ const struct nettle_hash padlock_sha384 = _NETTLE_HASH(sha384, SHA384);
const struct nettle_hash padlock_sha512 = _NETTLE_HASH(sha512, SHA512);
const gnutls_crypto_digest_st sha_padlock_struct = {
- .init = NULL,
- .hash = NULL,
- .output = NULL,
- .deinit = NULL,
- .fast = wrap_padlock_hash_fast
+ .init = NULL,
+ .hash = NULL,
+ .output = NULL,
+ .deinit = NULL,
+ .fast = wrap_padlock_hash_fast
};
const gnutls_crypto_digest_st sha_padlock_nano_struct = {
- .init = wrap_padlock_hash_init,
- .hash = wrap_padlock_hash_update,
- .output = wrap_padlock_hash_output,
- .deinit = wrap_padlock_hash_deinit,
- .fast = wrap_padlock_hash_fast,
+ .init = wrap_padlock_hash_init,
+ .hash = wrap_padlock_hash_update,
+ .output = wrap_padlock_hash_output,
+ .deinit = wrap_padlock_hash_deinit,
+ .fast = wrap_padlock_hash_fast,
};
-#endif /* HAVE_LIBNETTLE */
+#endif /* HAVE_LIBNETTLE */
diff --git a/lib/accelerated/x86/sha-padlock.h b/lib/accelerated/x86/sha-padlock.h
index 5d1959a2a4..05af543075 100644
--- a/lib/accelerated/x86/sha-padlock.h
+++ b/lib/accelerated/x86/sha-padlock.h
@@ -1,25 +1,28 @@
#ifndef SHA_PADLOCK_H
-# define SHA_PADLOCK_H
+#define SHA_PADLOCK_H
#include <nettle/sha.h>
void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
-void padlock_sha1_blocks(unsigned int *ctx,const void *inp,size_t blocks);
-void padlock_sha256_blocks(unsigned int *ctx,const void *inp,size_t blocks);
-void padlock_sha512_blocks(unsigned int *ctx,const void *inp,size_t blocks);
+void padlock_sha1_blocks(unsigned int *ctx, const void *inp,
+ size_t blocks);
+void padlock_sha256_blocks(unsigned int *ctx, const void *inp,
+ size_t blocks);
+void padlock_sha512_blocks(unsigned int *ctx, const void *inp,
+ size_t blocks);
-int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo,
- const void* text, size_t text_size,
- void* digest);
+int wrap_padlock_hash_fast(gnutls_digest_algorithm_t algo,
+ const void *text, size_t text_size,
+ void *digest);
void padlock_sha1_update(struct sha1_ctx *ctx,
- unsigned length, const uint8_t *data);
+ unsigned length, const uint8_t * data);
void padlock_sha256_update(struct sha256_ctx *ctx,
- unsigned length, const uint8_t *data);
+ unsigned length, const uint8_t * data);
void padlock_sha512_update(struct sha512_ctx *ctx,
- unsigned length, const uint8_t *data);
+ unsigned length, const uint8_t * data);
extern const struct nettle_hash padlock_sha1;
extern const struct nettle_hash padlock_sha224;
diff --git a/lib/accelerated/x86/x86.h b/lib/accelerated/x86/x86.h
index f19168e70e..cfa03fe377 100644
--- a/lib/accelerated/x86/x86.h
+++ b/lib/accelerated/x86/x86.h
@@ -24,13 +24,13 @@
#if defined(ASM_X86)
-void gnutls_cpuid(unsigned int func, unsigned int *ax, unsigned int *bx, unsigned int *cx, unsigned int* dx);
+void gnutls_cpuid(unsigned int func, unsigned int *ax, unsigned int *bx,
+ unsigned int *cx, unsigned int *dx);
-# ifdef ASM_X86_32
+#ifdef ASM_X86_32
unsigned int gnutls_have_cpuid(void);
-# else
-# define gnutls_have_cpuid() 1
-# endif /* ASM_X86_32 */
+#else
+#define gnutls_have_cpuid() 1
+#endif /* ASM_X86_32 */
#endif
-
diff --git a/lib/algorithms.h b/lib/algorithms.h
index e2c89e4941..d57e48fd3f 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -32,58 +32,57 @@
#define MAX_CIPHERSUITE_SIZE 512
/* Functions for version handling. */
-const version_entry_st* version_to_entry(gnutls_protocol_t c);
-gnutls_protocol_t _gnutls_version_lowest (gnutls_session_t session);
-gnutls_protocol_t _gnutls_version_max (gnutls_session_t session);
-int _gnutls_version_priority (gnutls_session_t session,
- gnutls_protocol_t version);
-int _gnutls_version_is_supported (gnutls_session_t session,
- const gnutls_protocol_t version);
-gnutls_protocol_t _gnutls_version_get (uint8_t major, uint8_t minor);
+const version_entry_st *version_to_entry(gnutls_protocol_t c);
+gnutls_protocol_t _gnutls_version_lowest(gnutls_session_t session);
+gnutls_protocol_t _gnutls_version_max(gnutls_session_t session);
+int _gnutls_version_priority(gnutls_session_t session,
+ gnutls_protocol_t version);
+int _gnutls_version_is_supported(gnutls_session_t session,
+ const gnutls_protocol_t version);
+gnutls_protocol_t _gnutls_version_get(uint8_t major, uint8_t minor);
/* Functions for feature checks */
inline static int
-_gnutls_version_has_selectable_prf (const version_entry_st* ver)
+_gnutls_version_has_selectable_prf(const version_entry_st * ver)
{
- if (unlikely(ver==NULL))
- return 0;
- return ver->selectable_prf;
+ if (unlikely(ver == NULL))
+ return 0;
+ return ver->selectable_prf;
}
inline static int
-_gnutls_version_has_selectable_sighash (const version_entry_st* ver)
+_gnutls_version_has_selectable_sighash(const version_entry_st * ver)
{
- if (unlikely(ver==NULL))
- return 0;
- return ver->selectable_sighash;
+ if (unlikely(ver == NULL))
+ return 0;
+ return ver->selectable_sighash;
}
inline static
-int _gnutls_version_has_extensions (const version_entry_st* ver)
+int _gnutls_version_has_extensions(const version_entry_st * ver)
{
- if (unlikely(ver==NULL))
- return 0;
- return ver->extensions;
+ if (unlikely(ver == NULL))
+ return 0;
+ return ver->extensions;
}
inline static
-int _gnutls_version_has_explicit_iv (const version_entry_st* ver)
+int _gnutls_version_has_explicit_iv(const version_entry_st * ver)
{
- if (unlikely(ver==NULL))
- return 0;
- return ver->explicit_iv;
+ if (unlikely(ver == NULL))
+ return 0;
+ return ver->explicit_iv;
}
/* Functions for MACs. */
-const mac_entry_st* mac_to_entry(gnutls_mac_algorithm_t c);
+const mac_entry_st *mac_to_entry(gnutls_mac_algorithm_t c);
-inline static int
-_gnutls_mac_is_ok (const mac_entry_st * e)
+inline static int _gnutls_mac_is_ok(const mac_entry_st * e)
{
- if (unlikely(e==NULL) || e->id == 0)
- return 0;
- else
- return 1;
+ if (unlikely(e == NULL) || e->id == 0)
+ return 0;
+ else
+ return 1;
}
/*-
@@ -95,230 +94,223 @@ _gnutls_mac_is_ok (const mac_entry_st * e)
* Returns: length (in bytes) of the MAC output size, or 0 if the
* given MAC algorithm is invalid.
-*/
-inline static size_t
-_gnutls_mac_get_algo_len (const mac_entry_st * e)
+inline static size_t _gnutls_mac_get_algo_len(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return 0;
- else
- return e->output_size;
+ if (unlikely(e == NULL))
+ return 0;
+ else
+ return e->output_size;
}
-inline static const char*
-_gnutls_x509_mac_to_oid (const mac_entry_st * e)
+inline static const char *_gnutls_x509_mac_to_oid(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return NULL;
- else
- return e->oid;
+ if (unlikely(e == NULL))
+ return NULL;
+ else
+ return e->oid;
}
-inline static const char*
-_gnutls_mac_get_name (const mac_entry_st * e)
+inline static const char *_gnutls_mac_get_name(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return NULL;
- else
- return e->name;
+ if (unlikely(e == NULL))
+ return NULL;
+ else
+ return e->name;
}
-inline static int
-_gnutls_mac_block_size (const mac_entry_st * e)
+inline static int _gnutls_mac_block_size(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return 0;
- else
- return e->block_size;
+ if (unlikely(e == NULL))
+ return 0;
+ else
+ return e->block_size;
}
-inline static int
-_gnutls_mac_get_key_size (const mac_entry_st * e)
+inline static int _gnutls_mac_get_key_size(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return 0;
- else
- return e->key_size;
+ if (unlikely(e == NULL))
+ return 0;
+ else
+ return e->key_size;
}
-gnutls_digest_algorithm_t _gnutls_x509_oid_to_digest (const char *oid);
+gnutls_digest_algorithm_t _gnutls_x509_oid_to_digest(const char *oid);
/* Functions for digests. */
#define _gnutls_x509_digest_to_oid _gnutls_x509_mac_to_oid
#define _gnutls_digest_get_name _gnutls_mac_get_name
#define _gnutls_hash_get_algo_len _gnutls_mac_get_algo_len
-inline static int
-_gnutls_digest_is_secure (const mac_entry_st * e)
+inline static int _gnutls_digest_is_secure(const mac_entry_st * e)
{
- if (unlikely(e==NULL))
- return 0;
- else
- return e->secure;
+ if (unlikely(e == NULL))
+ return 0;
+ else
+ return e->secure;
}
/* Functions for cipher suites. */
-int _gnutls_supported_ciphersuites (gnutls_session_t session,
- uint8_t* cipher_suites,
- unsigned int max_cipher_suite_size);
-const char *_gnutls_cipher_suite_get_name (const uint8_t suite[2]);
-gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf (const uint8_t suite[2]);
-const cipher_entry_st* _gnutls_cipher_suite_get_cipher_algo (const
- uint8_t suite[2]);
-gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const uint8_t suite[2]);
-const mac_entry_st* _gnutls_cipher_suite_get_mac_algo (const
- uint8_t suite[2]);
+int _gnutls_supported_ciphersuites(gnutls_session_t session,
+ uint8_t * cipher_suites,
+ unsigned int max_cipher_suite_size);
+const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2]);
+gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf(const uint8_t
+ suite[2]);
+const cipher_entry_st *_gnutls_cipher_suite_get_cipher_algo(const uint8_t
+ suite[2]);
+gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo(const uint8_t
+ suite[2]);
+const mac_entry_st *_gnutls_cipher_suite_get_mac_algo(const uint8_t
+ suite[2]);
int
-_gnutls_cipher_suite_get_id (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm, uint8_t suite[2]);
+_gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm,
+ gnutls_cipher_algorithm_t cipher_algorithm,
+ gnutls_mac_algorithm_t mac_algorithm,
+ uint8_t suite[2]);
/* Functions for ciphers. */
-const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c);
+const cipher_entry_st *cipher_to_entry(gnutls_cipher_algorithm_t c);
-inline static int
-_gnutls_cipher_is_block (const cipher_entry_st* e)
-{
- if (unlikely(e==NULL))
- return 0;
- return e->block;
+inline static int _gnutls_cipher_is_block(const cipher_entry_st * e)
+{
+ if (unlikely(e == NULL))
+ return 0;
+ return e->block;
}
-inline static int
-_gnutls_cipher_get_block_size (const cipher_entry_st* e)
-{
- if (unlikely(e==NULL))
- return 0;
- return e->blocksize;
+inline static int _gnutls_cipher_get_block_size(const cipher_entry_st * e)
+{
+ if (unlikely(e == NULL))
+ return 0;
+ return e->blocksize;
}
inline static int
-_gnutls_cipher_get_implicit_iv_size (const cipher_entry_st* e)
-{
- if (unlikely(e==NULL))
- return 0;
- return e->iv;
+_gnutls_cipher_get_implicit_iv_size(const cipher_entry_st * e)
+{
+ if (unlikely(e == NULL))
+ return 0;
+ return e->iv;
}
-inline static int
-_gnutls_cipher_get_key_size (const cipher_entry_st* e)
-{
- if (unlikely(e==NULL))
- return 0;
- return e->keysize;
+inline static int _gnutls_cipher_get_key_size(const cipher_entry_st * e)
+{
+ if (unlikely(e == NULL))
+ return 0;
+ return e->keysize;
}
-inline static const char*
-_gnutls_cipher_get_name (const cipher_entry_st* e)
-{
- if (unlikely(e==NULL))
- return NULL;
- return e->name;
+inline static const char *_gnutls_cipher_get_name(const cipher_entry_st *
+ e)
+{
+ if (unlikely(e == NULL))
+ return NULL;
+ return e->name;
}
-inline static int
-_gnutls_cipher_algo_is_aead (const cipher_entry_st* e)
+inline static int _gnutls_cipher_algo_is_aead(const cipher_entry_st * e)
{
- if (unlikely(e==NULL))
- return 0;
- return e->aead;
+ if (unlikely(e == NULL))
+ return 0;
+ return e->aead;
}
-inline static int
-_gnutls_cipher_is_ok (const cipher_entry_st* e)
+inline static int _gnutls_cipher_is_ok(const cipher_entry_st * e)
{
- if (unlikely(e==NULL) || e->id == 0)
- return 0;
- else
- return 1;
+ if (unlikely(e == NULL) || e->id == 0)
+ return 0;
+ else
+ return 1;
}
-inline static int
-_gnutls_cipher_get_tag_size (const cipher_entry_st* e)
+inline static int _gnutls_cipher_get_tag_size(const cipher_entry_st * e)
{
- size_t ret = 0;
+ size_t ret = 0;
- if (unlikely(e==NULL))
- return ret;
+ if (unlikely(e == NULL))
+ return ret;
- if (e->aead)
- ret = e->blocksize; /* FIXME: happens to be the same for now */
- else
- ret = 0;
- return ret;
+ if (e->aead)
+ ret = e->blocksize; /* FIXME: happens to be the same for now */
+ else
+ ret = 0;
+ return ret;
}
/* Functions for key exchange. */
-int _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm);
-int _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm);
-mod_auth_st *_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm);
-int _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm);
+int _gnutls_kx_needs_dh_params(gnutls_kx_algorithm_t algorithm);
+int _gnutls_kx_needs_rsa_params(gnutls_kx_algorithm_t algorithm);
+mod_auth_st *_gnutls_kx_auth_struct(gnutls_kx_algorithm_t algorithm);
+int _gnutls_kx_is_ok(gnutls_kx_algorithm_t algorithm);
/* Type to KX mappings. */
-gnutls_kx_algorithm_t _gnutls_map_kx_get_kx (gnutls_credentials_type_t type,
- int server);
-gnutls_credentials_type_t _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t
- algorithm, int server);
+gnutls_kx_algorithm_t _gnutls_map_kx_get_kx(gnutls_credentials_type_t type,
+ int server);
+gnutls_credentials_type_t _gnutls_map_kx_get_cred(gnutls_kx_algorithm_t
+ algorithm, int server);
/* KX to PK mapping. */
/* DSA + RSA + ECC */
#define GNUTLS_DISTINCT_PK_ALGORITHMS 3
-gnutls_pk_algorithm_t _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t
- kx_algorithm);
-gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm (const char *oid);
-const char *_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t pk);
+gnutls_pk_algorithm_t _gnutls_map_pk_get_pk(gnutls_kx_algorithm_t
+ kx_algorithm);
+gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm(const char *oid);
+const char *_gnutls_x509_pk_to_oid(gnutls_pk_algorithm_t pk);
-enum encipher_type
-{ CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
+enum encipher_type { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
-enum encipher_type _gnutls_kx_encipher_type (gnutls_kx_algorithm_t algorithm);
+enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm_t
+ algorithm);
/* Functions for sign algorithms. */
-gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm (const char *oid);
-gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign);
-const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
- gnutls_digest_algorithm_t mac);
-gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st *
- aid);
-const sign_algorithm_st* _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign);
-
-int _gnutls_mac_priority (gnutls_session_t session,
- gnutls_mac_algorithm_t algorithm);
-int _gnutls_cipher_priority (gnutls_session_t session,
- gnutls_cipher_algorithm_t a);
-int _gnutls_kx_priority (gnutls_session_t session,
- gnutls_kx_algorithm_t algorithm);
-
-unsigned int _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits);
+gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm(const char *oid);
+gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk(gnutls_sign_algorithm_t
+ sign);
+const char *_gnutls_x509_sign_to_oid(gnutls_pk_algorithm_t,
+ gnutls_digest_algorithm_t mac);
+gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign(const sign_algorithm_st *
+ aid);
+const sign_algorithm_st *_gnutls_sign_to_tls_aid(gnutls_sign_algorithm_t
+ sign);
+
+int _gnutls_mac_priority(gnutls_session_t session,
+ gnutls_mac_algorithm_t algorithm);
+int _gnutls_cipher_priority(gnutls_session_t session,
+ gnutls_cipher_algorithm_t a);
+int _gnutls_kx_priority(gnutls_session_t session,
+ gnutls_kx_algorithm_t algorithm);
+
+unsigned int _gnutls_pk_bits_to_subgroup_bits(unsigned int pk_bits);
/* ECC */
-struct gnutls_ecc_curve_entry_st
-{
- const char *name;
- const char* oid;
- gnutls_ecc_curve_t id;
- int tls_id; /* The RFC4492 namedCurve ID */
- int size; /* the size in bytes */
+struct gnutls_ecc_curve_entry_st {
+ const char *name;
+ const char *oid;
+ gnutls_ecc_curve_t id;
+ int tls_id; /* The RFC4492 namedCurve ID */
+ int size; /* the size in bytes */
};
typedef struct gnutls_ecc_curve_entry_st gnutls_ecc_curve_entry_st;
-const gnutls_ecc_curve_entry_st * _gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve);
-gnutls_ecc_curve_t _gnutls_ecc_curve_get_id (const char *name);
-int _gnutls_tls_id_to_ecc_curve (int num);
-int _gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc);
-const char * _gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve);
-gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid);
-gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve (int bits);
+const gnutls_ecc_curve_entry_st
+ *_gnutls_ecc_curve_get_params(gnutls_ecc_curve_t curve);
+gnutls_ecc_curve_t _gnutls_ecc_curve_get_id(const char *name);
+int _gnutls_tls_id_to_ecc_curve(int num);
+int _gnutls_ecc_curve_get_tls_id(gnutls_ecc_curve_t supported_ecc);
+const char *_gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve);
+gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve(const char *oid);
+gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(int bits);
#define MAX_ECC_CURVE_SIZE 66
static inline int _gnutls_kx_is_ecc(gnutls_kx_algorithm_t kx)
{
- if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA ||
- kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK)
- return 1;
+ if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA ||
+ kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK)
+ return 1;
- return 0;
+ return 0;
}
#endif
diff --git a/lib/algorithms/cert_types.c b/lib/algorithms/cert_types.c
index 303438b759..7ccab552e3 100644
--- a/lib/algorithms/cert_types.c
+++ b/lib/algorithms/cert_types.c
@@ -34,17 +34,17 @@
* Returns: a string that contains the name of the specified
* certificate type, or %NULL in case of unknown types.
**/
-const char *
-gnutls_certificate_type_get_name (gnutls_certificate_type_t type)
+const char *gnutls_certificate_type_get_name(gnutls_certificate_type_t
+ type)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- if (type == GNUTLS_CRT_X509)
- ret = "X.509";
- if (type == GNUTLS_CRT_OPENPGP)
- ret = "OPENPGP";
+ if (type == GNUTLS_CRT_X509)
+ ret = "X.509";
+ if (type == GNUTLS_CRT_OPENPGP)
+ ret = "OPENPGP";
- return ret;
+ return ret;
}
/**
@@ -56,23 +56,23 @@ gnutls_certificate_type_get_name (gnutls_certificate_type_t type)
* Returns: a #gnutls_certificate_type_t for the specified in a
* string certificate type, or %GNUTLS_CRT_UNKNOWN on error.
**/
-gnutls_certificate_type_t
-gnutls_certificate_type_get_id (const char *name)
+gnutls_certificate_type_t gnutls_certificate_type_get_id(const char *name)
{
- gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN;
+ gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN;
- if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0)
- return GNUTLS_CRT_X509;
- if (strcasecmp (name, "OPENPGP") == 0)
- return GNUTLS_CRT_OPENPGP;
+ if (strcasecmp(name, "X.509") == 0
+ || strcasecmp(name, "X509") == 0)
+ return GNUTLS_CRT_X509;
+ if (strcasecmp(name, "OPENPGP") == 0)
+ return GNUTLS_CRT_OPENPGP;
- return ret;
+ return ret;
}
static const gnutls_certificate_type_t supported_certificate_types[] = {
- GNUTLS_CRT_X509,
- GNUTLS_CRT_OPENPGP,
- 0
+ GNUTLS_CRT_X509,
+ GNUTLS_CRT_OPENPGP,
+ 0
};
/**
@@ -83,12 +83,7 @@ static const gnutls_certificate_type_t supported_certificate_types[] = {
* Returns: a (0)-terminated list of #gnutls_certificate_type_t
* integers indicating the available certificate types.
**/
-const gnutls_certificate_type_t *
-gnutls_certificate_type_list (void)
+const gnutls_certificate_type_t *gnutls_certificate_type_list(void)
{
- return supported_certificate_types;
+ return supported_certificate_types;
}
-
-
-
-
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index 2d57933e7a..a0d372818b 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -34,46 +34,67 @@
* Make sure to update MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well.
*/
static const cipher_entry_st algorithms[] = {
- {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 16, 0},
- {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 16, 0},
- {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 16, 0},
- {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
- {"ESTREAM-SALSA20-256", GNUTLS_CIPHER_ESTREAM_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 8, 0},
- {"SALSA20-256", GNUTLS_CIPHER_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 8, 0},
- {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
- 16, 16, 0},
- {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24, CIPHER_BLOCK,
- 16, 16, 0},
- {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK,
- 16, 16, 0},
- {"CAMELLIA-128-GCM", GNUTLS_CIPHER_CAMELLIA_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"CAMELLIA-256-GCM", GNUTLS_CIPHER_CAMELLIA_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 8, 0},
- {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 8, 0},
- {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 0, 0},
- {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 8, 0},
+ {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK,
+ 16, 16, 0},
+ {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK,
+ 16, 16, 0},
+ {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK,
+ 16, 16, 0},
+ {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM,
+ AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM,
+ AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0,
+ 0, 0},
+ {"ESTREAM-SALSA20-256", GNUTLS_CIPHER_ESTREAM_SALSA20_256, 64, 32,
+ CIPHER_STREAM, 8, 8, 0},
+ {"SALSA20-256", GNUTLS_CIPHER_SALSA20_256, 64, 32, CIPHER_STREAM,
+ 8, 8, 0},
+ {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32,
+ CIPHER_BLOCK,
+ 16, 16, 0},
+ {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24,
+ CIPHER_BLOCK,
+ 16, 16, 0},
+ {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16,
+ CIPHER_BLOCK,
+ 16, 16, 0},
+ {"CAMELLIA-128-GCM", GNUTLS_CIPHER_CAMELLIA_128_GCM, 16, 16,
+ CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"CAMELLIA-256-GCM", GNUTLS_CIPHER_CAMELLIA_256_GCM, 16, 32,
+ CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 8, 0},
+ {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 8, 0},
+ {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 0,
+ 0},
+ {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 8, 0},
#ifdef ENABLE_OPENPGP
- {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 8, 0},
- {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK, 8, 8, 0},
- {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 8, 0},
- {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8,
- 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 8, 0},
- {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16,
- CIPHER_BLOCK, 8, 8, 0},
- {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16, CIPHER_BLOCK, 16,
- 16, 0},
- {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24, CIPHER_BLOCK, 16,
- 16, 0},
- {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32, CIPHER_BLOCK, 16,
- 16, 0},
- {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16, CIPHER_BLOCK, 16,
- 16, 0},
+ {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK,
+ 8, 8, 0},
+ {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK,
+ 8, 8, 0},
+ {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK,
+ 8, 8, 0},
+ {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8,
+ 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 8, 0},
+ {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16,
+ CIPHER_BLOCK, 8, 8, 0},
+ {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16,
+ CIPHER_BLOCK, 16,
+ 16, 0},
+ {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24,
+ CIPHER_BLOCK, 16,
+ 16, 0},
+ {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32,
+ CIPHER_BLOCK, 16,
+ 16, 0},
+ {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16,
+ CIPHER_BLOCK, 16,
+ 16, 0},
#endif
- {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0, 0},
- {0, 0, 0, 0, 0, 0, 0}
+ {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0}
};
#define GNUTLS_CIPHER_LOOP(b) \
@@ -85,11 +106,11 @@ static const cipher_entry_st algorithms[] = {
/* CIPHER functions */
-const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c)
+const cipher_entry_st *cipher_to_entry(gnutls_cipher_algorithm_t c)
{
- GNUTLS_CIPHER_LOOP (if (c==p->id) return p);
+ GNUTLS_CIPHER_LOOP(if (c == p->id) return p);
- return NULL;
+ return NULL;
}
/**
@@ -100,12 +121,11 @@ const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c)
*
* Since: 2.10.0
**/
-int
-gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
+int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t algorithm)
{
- size_t ret = 0;
- GNUTLS_ALG_LOOP (ret = p->blocksize);
- return ret;
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->blocksize);
+ return ret;
}
@@ -117,10 +137,9 @@ gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
*
* Since: 3.2.2
**/
-int
-gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm)
+int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t algorithm)
{
- return _gnutls_cipher_get_tag_size(cipher_to_entry(algorithm));
+ return _gnutls_cipher_get_tag_size(cipher_to_entry(algorithm));
}
/**
@@ -133,27 +152,27 @@ gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm)
*
* Since: 3.2.0
**/
-int
-gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm)
+int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm)
{
- size_t ret = 0;
- GNUTLS_ALG_LOOP (ret = p->cipher_iv);
- return ret;
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->cipher_iv);
+ return ret;
}
/* returns the priority */
int
-_gnutls_cipher_priority (gnutls_session_t session,
- gnutls_cipher_algorithm_t algorithm)
+_gnutls_cipher_priority(gnutls_session_t session,
+ gnutls_cipher_algorithm_t algorithm)
{
- unsigned int i;
- for (i = 0; i < session->internals.priorities.cipher.algorithms; i++)
- {
- if (session->internals.priorities.cipher.priority[i] == algorithm)
- return i;
- }
- return -1;
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.cipher.algorithms;
+ i++) {
+ if (session->internals.priorities.cipher.priority[i] ==
+ algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -165,12 +184,11 @@ _gnutls_cipher_priority (gnutls_session_t session,
* Returns: length (in bytes) of the given cipher's key size, or 0 if
* the given cipher is invalid.
**/
-size_t
-gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
-{ /* In bytes */
- size_t ret = 0;
- GNUTLS_ALG_LOOP (ret = p->keysize);
- return ret;
+size_t gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm)
+{ /* In bytes */
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->keysize);
+ return ret;
}
@@ -183,15 +201,14 @@ gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
* Returns: a pointer to a string that contains the name of the
* specified cipher, or %NULL.
**/
-const char *
-gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm)
+const char *gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -203,20 +220,18 @@ gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm)
* Returns: return a #gnutls_cipher_algorithm_t value corresponding to
* the specified cipher, or %GNUTLS_CIPHER_UNKNOWN on error.
**/
-gnutls_cipher_algorithm_t
-gnutls_cipher_get_id (const char *name)
+gnutls_cipher_algorithm_t gnutls_cipher_get_id(const char *name)
{
- gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN;
+ gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN;
- GNUTLS_CIPHER_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_CIPHER_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -233,22 +248,20 @@ gnutls_cipher_get_id (const char *name)
* integers indicating the available ciphers.
*
**/
-const gnutls_cipher_algorithm_t *
-gnutls_cipher_list (void)
+const gnutls_cipher_algorithm_t *gnutls_cipher_list(void)
{
-static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] = {0};
+ static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] =
+ { 0 };
- if (supported_ciphers[0] == 0)
- {
- int i = 0;
+ if (supported_ciphers[0] == 0) {
+ int i = 0;
- GNUTLS_CIPHER_LOOP (
- if (_gnutls_cipher_exists(p->id))
- supported_ciphers[i++]=p->id;
- );
- supported_ciphers[i++]=0;
- }
+ GNUTLS_CIPHER_LOOP(
+ if (_gnutls_cipher_exists(p->id))
+ supported_ciphers[i++] = p->id;
+ );
+ supported_ciphers[i++] = 0;
+ }
- return supported_ciphers;
+ return supported_ciphers;
}
-
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 03b2118fcc..b9637d71f6 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -31,18 +31,17 @@
#define ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf ) \
{ #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf}
-typedef struct
-{
- const char *name;
- const uint8_t id[2];
- gnutls_cipher_algorithm_t block_algorithm;
- gnutls_kx_algorithm_t kx_algorithm;
- gnutls_mac_algorithm_t mac_algorithm;
- gnutls_protocol_t min_version; /* this cipher suite is supported
- * from 'version' and above;
- */
- gnutls_protocol_t min_dtls_version; /* DTLS min version */
- gnutls_mac_algorithm_t prf;
+typedef struct {
+ const char *name;
+ const uint8_t id[2];
+ gnutls_cipher_algorithm_t block_algorithm;
+ gnutls_kx_algorithm_t kx_algorithm;
+ gnutls_mac_algorithm_t mac_algorithm;
+ gnutls_protocol_t min_version; /* this cipher suite is supported
+ * from 'version' and above;
+ */
+ gnutls_protocol_t min_dtls_version; /* DTLS min version */
+ gnutls_mac_algorithm_t prf;
} gnutls_cipher_suite_entry;
/* RSA with NULL cipher and MD5 MAC
@@ -312,764 +311,764 @@ typedef struct
#define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1)
static const gnutls_cipher_suite_entry cs_algorithms[] = {
- /* RSA-NULL */
- ENTRY (GNUTLS_RSA_NULL_MD5,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_NULL_SHA256,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
-
- /* RSA */
- ENTRY (GNUTLS_RSA_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_RSA_ARCFOUR_128_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
+ /* RSA-NULL */
+ ENTRY(GNUTLS_RSA_NULL_MD5,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_NULL_SHA256,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+
+ /* RSA */
+ ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
/* GCM */
- ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_RSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
/* Salsa20 */
- ENTRY (GNUTLS_RSA_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_RSA_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- /* DHE_DSS */
+ ENTRY(GNUTLS_RSA_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_RSA_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ /* DHE_DSS */
#ifdef ENABLE_DHE
- ENTRY (GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
/* GCM */
- ENTRY (GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
- /* DHE_RSA */
- ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+ /* DHE_RSA */
+ ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
/* GCM */
- ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-#endif /* DHE */
+ ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+#endif /* DHE */
#ifdef ENABLE_ECDHE
/* ECC-RSA */
- ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- /* ECDHE-ECDSA */
- ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- /* More ECC */
-
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
- ENTRY (GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ /* ECDHE-ECDSA */
+ ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ /* More ECC */
+
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+ ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
/* Salsa20 */
- ENTRY (GNUTLS_ECDHE_RSA_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
#endif
#ifdef ENABLE_PSK
- /* ECC - PSK */
- ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
- ENTRY (GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_ECDHE_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
- ENTRY (GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-
- ENTRY (GNUTLS_ECDHE_PSK_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- /* PSK */
- ENTRY (GNUTLS_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_PSK_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_PSK_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
-
- ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- ENTRY (GNUTLS_PSK_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_PSK_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- /* RSA-PSK */
- ENTRY (GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
-
- ENTRY (GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY_PRF (GNUTLS_RSA_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF (GNUTLS_RSA_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
-
- /* DHE-PSK */
- ENTRY (GNUTLS_DHE_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ /* ECC - PSK */
+ ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
+ ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
+ ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
+
+ ENTRY(GNUTLS_ECDHE_PSK_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ /* PSK */
+ ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+
+ ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ ENTRY(GNUTLS_PSK_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_PSK_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ /* RSA-PSK */
+ ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+
+ ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+
+ /* DHE-PSK */
+ ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
#endif
#ifdef ENABLE_ANON
- /* DH_ANON */
- ENTRY (GNUTLS_DH_ANON_ARCFOUR_128_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
- GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ /* DH_ANON */
+ ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
/* ECC-ANON */
- ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
#endif
#ifdef ENABLE_SRP
- /* SRP */
- ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
+ /* SRP */
+ ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
#endif
- {0, {0, 0}, 0, 0, 0, 0, 0, 0}
+ {0, {0, 0}, 0, 0, 0, 0, 0, 0}
};
#define CIPHER_SUITE_LOOP(b) \
@@ -1081,72 +1080,70 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
/* Cipher Suite's functions */
-const cipher_entry_st*
-_gnutls_cipher_suite_get_cipher_algo (const uint8_t suite[2])
+const cipher_entry_st *_gnutls_cipher_suite_get_cipher_algo(const uint8_t
+ suite[2])
{
- int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm);
- return cipher_to_entry(ret);
+ int ret = 0;
+ CIPHER_SUITE_ALG_LOOP(ret = p->block_algorithm);
+ return cipher_to_entry(ret);
}
gnutls_kx_algorithm_t
-_gnutls_cipher_suite_get_kx_algo (const uint8_t suite[2])
+_gnutls_cipher_suite_get_kx_algo(const uint8_t suite[2])
{
- int ret = 0;
+ int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm);
- return ret;
+ CIPHER_SUITE_ALG_LOOP(ret = p->kx_algorithm);
+ return ret;
}
-gnutls_mac_algorithm_t
-_gnutls_cipher_suite_get_prf (const uint8_t suite[2])
+gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf(const uint8_t suite[2])
{
- int ret = 0;
+ int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->prf);
- return ret;
+ CIPHER_SUITE_ALG_LOOP(ret = p->prf);
+ return ret;
}
-const mac_entry_st*
-_gnutls_cipher_suite_get_mac_algo (const uint8_t suite[2])
-{ /* In bytes */
- int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm);
- return mac_to_entry(ret);
+const mac_entry_st *_gnutls_cipher_suite_get_mac_algo(const uint8_t
+ suite[2])
+{ /* In bytes */
+ int ret = 0;
+ CIPHER_SUITE_ALG_LOOP(ret = p->mac_algorithm);
+ return mac_to_entry(ret);
}
-const char *
-_gnutls_cipher_suite_get_name (const uint8_t suite[2])
+const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2])
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1);
+ /* avoid prefix */
+ CIPHER_SUITE_ALG_LOOP(ret = p->name + sizeof("GNUTLS_") - 1);
- return ret;
+ return ret;
}
-static const gnutls_cipher_suite_entry *
-cipher_suite_get (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm)
+static const gnutls_cipher_suite_entry
+ *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm,
+ gnutls_cipher_algorithm_t cipher_algorithm,
+ gnutls_mac_algorithm_t mac_algorithm)
{
- const gnutls_cipher_suite_entry *ret = NULL;
-
- CIPHER_SUITE_LOOP (
- if (kx_algorithm == p->kx_algorithm &&
- cipher_algorithm == p->block_algorithm && mac_algorithm == p->mac_algorithm)
- {
- ret = p;
- break;
- }
- );
-
- return ret;
+ const gnutls_cipher_suite_entry *ret = NULL;
+
+ CIPHER_SUITE_LOOP(
+ if (kx_algorithm == p->kx_algorithm &&
+ cipher_algorithm == p->block_algorithm
+ && mac_algorithm == p->mac_algorithm) {
+ ret = p;
+ break;
+ }
+ );
+
+ return ret;
}
@@ -1162,18 +1159,21 @@ cipher_suite_get (gnutls_kx_algorithm_t kx_algorithm,
* Returns: a string that contains the name of a TLS cipher suite,
* specified by the given algorithms, or %NULL.
**/
-const char *
-gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm)
+const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t
+ kx_algorithm,
+ gnutls_cipher_algorithm_t
+ cipher_algorithm,
+ gnutls_mac_algorithm_t
+ mac_algorithm)
{
-const gnutls_cipher_suite_entry * ce;
-
- ce = cipher_suite_get (kx_algorithm, cipher_algorithm, mac_algorithm);
- if (ce == NULL)
- return NULL;
- else
- return ce->name + sizeof ("GNUTLS_") - 1;
+ const gnutls_cipher_suite_entry *ce;
+
+ ce = cipher_suite_get(kx_algorithm, cipher_algorithm,
+ mac_algorithm);
+ if (ce == NULL)
+ return NULL;
+ else
+ return ce->name + sizeof("GNUTLS_") - 1;
}
/*-
@@ -1188,21 +1188,22 @@ const gnutls_cipher_suite_entry * ce;
* Returns: 0 on success or a negative error code otherwise.
-*/
int
-_gnutls_cipher_suite_get_id (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm, uint8_t suite[2])
+_gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm,
+ gnutls_cipher_algorithm_t cipher_algorithm,
+ gnutls_mac_algorithm_t mac_algorithm,
+ uint8_t suite[2])
{
-const gnutls_cipher_suite_entry * ce;
-
- ce = cipher_suite_get (kx_algorithm, cipher_algorithm, mac_algorithm);
- if (ce == NULL)
- return GNUTLS_E_INVALID_REQUEST;
- else
- {
- suite[0] = ce->id[0];
- suite[1] = ce->id[1];
- }
- return 0;
+ const gnutls_cipher_suite_entry *ce;
+
+ ce = cipher_suite_get(kx_algorithm, cipher_algorithm,
+ mac_algorithm);
+ if (ce == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+ else {
+ suite[0] = ce->id[0];
+ suite[1] = ce->id[1];
+ }
+ return 0;
}
/**
@@ -1223,44 +1224,42 @@ const gnutls_cipher_suite_entry * ce;
* about the cipher suite in the output variables. If @idx is out of
* bounds, %NULL is returned.
**/
-const char *
-gnutls_cipher_suite_info (size_t idx,
- unsigned char *cs_id,
- gnutls_kx_algorithm_t * kx,
- gnutls_cipher_algorithm_t * cipher,
- gnutls_mac_algorithm_t * mac,
- gnutls_protocol_t * min_version)
+const char *gnutls_cipher_suite_info(size_t idx,
+ unsigned char *cs_id,
+ gnutls_kx_algorithm_t * kx,
+ gnutls_cipher_algorithm_t * cipher,
+ gnutls_mac_algorithm_t * mac,
+ gnutls_protocol_t * min_version)
{
- if (idx >= CIPHER_SUITES_COUNT)
- return NULL;
-
- if (cs_id)
- memcpy (cs_id, cs_algorithms[idx].id, 2);
- if (kx)
- *kx = cs_algorithms[idx].kx_algorithm;
- if (cipher)
- *cipher = cs_algorithms[idx].block_algorithm;
- if (mac)
- *mac = cs_algorithms[idx].mac_algorithm;
- if (min_version)
- *min_version = cs_algorithms[idx].min_version;
-
- return cs_algorithms[idx].name + sizeof ("GNU") - 1;
+ if (idx >= CIPHER_SUITES_COUNT)
+ return NULL;
+
+ if (cs_id)
+ memcpy(cs_id, cs_algorithms[idx].id, 2);
+ if (kx)
+ *kx = cs_algorithms[idx].kx_algorithm;
+ if (cipher)
+ *cipher = cs_algorithms[idx].block_algorithm;
+ if (mac)
+ *mac = cs_algorithms[idx].mac_algorithm;
+ if (min_version)
+ *min_version = cs_algorithms[idx].min_version;
+
+ return cs_algorithms[idx].name + sizeof("GNU") - 1;
}
-static inline int
-_gnutls_cipher_suite_is_ok (const uint8_t suite[2])
+static inline int _gnutls_cipher_suite_is_ok(const uint8_t suite[2])
{
- size_t ret;
- const char *name = NULL;
+ size_t ret;
+ const char *name = NULL;
- CIPHER_SUITE_ALG_LOOP (name = p->name);
- if (name != NULL)
- ret = 0;
- else
- ret = 1;
- return ret;
+ CIPHER_SUITE_ALG_LOOP(name = p->name);
+ if (name != NULL)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
@@ -1277,47 +1276,63 @@ _gnutls_cipher_suite_is_ok (const uint8_t suite[2])
*
-*/
int
-_gnutls_supported_ciphersuites (gnutls_session_t session,
- uint8_t *cipher_suites, unsigned int max_cipher_suite_size)
+_gnutls_supported_ciphersuites(gnutls_session_t session,
+ uint8_t * cipher_suites,
+ unsigned int max_cipher_suite_size)
{
- unsigned int i, ret_count, j, z, k=0;
- const gnutls_cipher_suite_entry * ce;
- const version_entry_st* version = get_version( session);
- unsigned int is_dtls = IS_DTLS(session);
-
- for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
- for (j = 0; j < session->internals.priorities.cipher.algorithms; j++)
- for (z = 0; z < session->internals.priorities.mac.algorithms; z++)
- {
- ce = cipher_suite_get(session->internals.priorities.kx.priority[i],
- session->internals.priorities.cipher.priority[j],
- session->internals.priorities.mac.priority[z]);
-
- if (ce == NULL) continue;
-
- if (is_dtls == 0 && !(version->id >= ce->min_version))
- continue;
- else if (is_dtls != 0 && !(version->id >= ce->min_dtls_version))
-
- if (k+2 > max_cipher_suite_size)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- memcpy (&cipher_suites[k], ce->id, 2);
- k+=2;
- }
-
- ret_count = k;
-
- /* This function can no longer return 0 cipher suites.
- * It returns an error code instead.
- */
- if (ret_count == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CIPHER_SUITES;
- }
- return ret_count;
+ unsigned int i, ret_count, j, z, k = 0;
+ const gnutls_cipher_suite_entry *ce;
+ const version_entry_st *version = get_version(session);
+ unsigned int is_dtls = IS_DTLS(session);
+
+ for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
+ for (j = 0;
+ j < session->internals.priorities.cipher.algorithms;
+ j++)
+ for (z = 0;
+ z <
+ session->internals.priorities.mac.algorithms;
+ z++) {
+ ce = cipher_suite_get(session->internals.
+ priorities.kx.
+ priority[i],
+ session->internals.
+ priorities.cipher.
+ priority[j],
+ session->internals.
+ priorities.mac.
+ priority[z]);
+
+ if (ce == NULL)
+ continue;
+
+ if (is_dtls == 0
+ && !(version->id >= ce->min_version))
+ continue;
+ else if (is_dtls != 0
+ && !(version->id >=
+ ce->min_dtls_version))
+
+ if (k + 2 > max_cipher_suite_size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ memcpy(&cipher_suites[k], ce->id, 2);
+ k += 2;
+ }
+
+ ret_count = k;
+
+ /* This function can no longer return 0 cipher suites.
+ * It returns an error code instead.
+ */
+ if (ret_count == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CIPHER_SUITES;
+ }
+ return ret_count;
}
/**
@@ -1337,32 +1352,37 @@ _gnutls_supported_ciphersuites (gnutls_session_t session,
* Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise.
**/
int
-gnutls_priority_get_cipher_suite_index (gnutls_priority_t pcache, unsigned int idx, unsigned int *sidx)
+gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
+ unsigned int idx,
+ unsigned int *sidx)
{
-int mac_idx, cipher_idx, kx_idx;
-unsigned int i;
-unsigned int total = pcache->mac.algorithms * pcache->cipher.algorithms * pcache->kx.algorithms;
-
- if (idx >= total)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
- mac_idx = idx % pcache->mac.algorithms;
-
- idx /= pcache->mac.algorithms;
- cipher_idx = idx % pcache->cipher.algorithms;
-
- idx /= pcache->cipher.algorithms;
- kx_idx = idx % pcache->kx.algorithms;
-
- for (i=0;i<CIPHER_SUITES_COUNT;i++)
- {
- if (cs_algorithms[i].kx_algorithm == pcache->kx.priority[kx_idx] &&
- cs_algorithms[i].block_algorithm == pcache->cipher.priority[cipher_idx] &&
- cs_algorithms[i].mac_algorithm == pcache->mac.priority[mac_idx])
- {
- *sidx = i;
- return 0;
- }
- }
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ int mac_idx, cipher_idx, kx_idx;
+ unsigned int i;
+ unsigned int total =
+ pcache->mac.algorithms * pcache->cipher.algorithms *
+ pcache->kx.algorithms;
+
+ if (idx >= total)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ mac_idx = idx % pcache->mac.algorithms;
+
+ idx /= pcache->mac.algorithms;
+ cipher_idx = idx % pcache->cipher.algorithms;
+
+ idx /= pcache->cipher.algorithms;
+ kx_idx = idx % pcache->kx.algorithms;
+
+ for (i = 0; i < CIPHER_SUITES_COUNT; i++) {
+ if (cs_algorithms[i].kx_algorithm ==
+ pcache->kx.priority[kx_idx]
+ && cs_algorithms[i].block_algorithm ==
+ pcache->cipher.priority[cipher_idx]
+ && cs_algorithms[i].mac_algorithm ==
+ pcache->mac.priority[mac_idx]) {
+ *sidx = i;
+ return 0;
+ }
+ }
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
}
diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c
index c574036ae9..3aa4000f9d 100644
--- a/lib/algorithms/ecc.c
+++ b/lib/algorithms/ecc.c
@@ -30,42 +30,42 @@
*/
static const gnutls_ecc_curve_entry_st ecc_curves[] = {
- {
- .name = "SECP192R1",
- .oid = "1.2.840.10045.3.1.1",
- .id = GNUTLS_ECC_CURVE_SECP192R1,
- .tls_id = 19,
- .size = 24,
- },
- {
- .name = "SECP224R1",
- .oid = "1.3.132.0.33",
- .id = GNUTLS_ECC_CURVE_SECP224R1,
- .tls_id = 21,
- .size = 28,
- },
- {
- .name = "SECP256R1",
- .oid = "1.2.840.10045.3.1.7",
- .id = GNUTLS_ECC_CURVE_SECP256R1,
- .tls_id = 23,
- .size = 32,
- },
- {
- .name = "SECP384R1",
- .oid = "1.3.132.0.34",
- .id = GNUTLS_ECC_CURVE_SECP384R1,
- .tls_id = 24,
- .size = 48,
- },
- {
- .name = "SECP521R1",
- .oid = "1.3.132.0.35",
- .id = GNUTLS_ECC_CURVE_SECP521R1,
- .tls_id = 25,
- .size = 66,
- },
- {0, 0, 0}
+ {
+ .name = "SECP192R1",
+ .oid = "1.2.840.10045.3.1.1",
+ .id = GNUTLS_ECC_CURVE_SECP192R1,
+ .tls_id = 19,
+ .size = 24,
+ },
+ {
+ .name = "SECP224R1",
+ .oid = "1.3.132.0.33",
+ .id = GNUTLS_ECC_CURVE_SECP224R1,
+ .tls_id = 21,
+ .size = 28,
+ },
+ {
+ .name = "SECP256R1",
+ .oid = "1.2.840.10045.3.1.7",
+ .id = GNUTLS_ECC_CURVE_SECP256R1,
+ .tls_id = 23,
+ .size = 32,
+ },
+ {
+ .name = "SECP384R1",
+ .oid = "1.3.132.0.34",
+ .id = GNUTLS_ECC_CURVE_SECP384R1,
+ .tls_id = 24,
+ .size = 48,
+ },
+ {
+ .name = "SECP521R1",
+ .oid = "1.3.132.0.35",
+ .id = GNUTLS_ECC_CURVE_SECP521R1,
+ .tls_id = 25,
+ .size = 66,
+ },
+ {0, 0, 0}
};
#define GNUTLS_ECC_CURVE_LOOP(b) \
@@ -75,20 +75,15 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = {
/* Returns the TLS id of the given curve
*/
-int
-_gnutls_tls_id_to_ecc_curve (int num)
+int _gnutls_tls_id_to_ecc_curve(int num)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
-
- GNUTLS_ECC_CURVE_LOOP (
- if (p->tls_id == num)
- {
- ret = p->id;
- break;
- }
- );
-
- return ret;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+
+ GNUTLS_ECC_CURVE_LOOP(if (p->tls_id == num) {
+ ret = p->id; break;}
+ );
+
+ return ret;
}
/**
@@ -101,41 +96,35 @@ _gnutls_tls_id_to_ecc_curve (int num)
* Returns: Return a (0)-terminated list of #gnutls_ecc_curve_t
* integers indicating the available curves.
**/
-const gnutls_ecc_curve_t *
-gnutls_ecc_curve_list (void)
+const gnutls_ecc_curve_t *gnutls_ecc_curve_list(void)
{
-static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 };
+ static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 };
- if (supported_curves[0] == 0)
- {
- int i = 0;
+ if (supported_curves[0] == 0) {
+ int i = 0;
- GNUTLS_ECC_CURVE_LOOP (
- supported_curves[i++]=p->id;
- );
- supported_curves[i++]=0;
- }
+ GNUTLS_ECC_CURVE_LOOP(supported_curves[i++] = p->id;);
+ supported_curves[i++] = 0;
+ }
- return supported_curves;
+ return supported_curves;
}
/* Maps numbers to TLS NamedCurve IDs (RFC4492).
* Returns a negative number on error.
*/
-int
-_gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc)
+int _gnutls_ecc_curve_get_tls_id(gnutls_ecc_curve_t supported_ecc)
{
- int ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-
- GNUTLS_ECC_CURVE_LOOP (
- if (p->id == supported_ecc)
- {
- ret = p->tls_id;
- break;
- }
- );
-
- return ret;
+ int ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == supported_ecc) {
+ ret = p->tls_id;
+ break;
+ }
+ );
+
+ return ret;
}
/*-
@@ -145,19 +134,18 @@ _gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc)
* Returns: return a #gnutls_ecc_curve_t value corresponding to
* the specified OID, or %GNUTLS_ECC_CURVE_INVALID on error.
-*/
-gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid)
+gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve(const char *oid)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
- GNUTLS_ECC_CURVE_LOOP (
- if (strcasecmp (p->oid, oid) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (strcasecmp(p->oid, oid) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -169,20 +157,18 @@ gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid)
* Returns: return a #gnutls_ecc_curve_t value corresponding to
* the specified curve, or %GNUTLS_ECC_CURVE_INVALID on error.
-*/
-gnutls_ecc_curve_t
-_gnutls_ecc_curve_get_id (const char *name)
+gnutls_ecc_curve_t _gnutls_ecc_curve_get_id(const char *name)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
- GNUTLS_ECC_CURVE_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -192,20 +178,18 @@ _gnutls_ecc_curve_get_id (const char *name)
* Returns: return a #gnutls_ecc_curve_t value corresponding to
* the specified bit length, or %GNUTLS_ECC_CURVE_INVALID on error.
-*/
-gnutls_ecc_curve_t
-_gnutls_ecc_bits_to_curve (int bits)
+gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(int bits)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP224R1;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP224R1;
- GNUTLS_ECC_CURVE_LOOP (
- if (8*p->size >= bits)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (8 * p->size >= bits) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -219,20 +203,18 @@ _gnutls_ecc_bits_to_curve (int bits)
*
* Since: 3.0
**/
-const char *
-gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve)
+const char *gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p->name;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -244,20 +226,18 @@ gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve)
* Returns: a string that contains the name of the specified
* curve or %NULL.
-*/
-const char *
-_gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve)
+const char *_gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p->oid;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p->oid;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -268,20 +248,19 @@ _gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve)
*
* Returns: a pointer to #gnutls_ecc_curve_entry_st or %NULL.
-*/
-const gnutls_ecc_curve_entry_st *
-_gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve)
+const gnutls_ecc_curve_entry_st
+ *_gnutls_ecc_curve_get_params(gnutls_ecc_curve_t curve)
{
- const gnutls_ecc_curve_entry_st *ret = NULL;
+ const gnutls_ecc_curve_entry_st *ret = NULL;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -294,17 +273,16 @@ _gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve)
*
* Since: 3.0
**/
-int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve)
+int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve)
{
- int ret = 0;
+ int ret = 0;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p->size;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p->size;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
diff --git a/lib/algorithms/kx.c b/lib/algorithms/kx.c
index eb7e11ac78..3fa8a317e0 100644
--- a/lib/algorithms/kx.c
+++ b/lib/algorithms/kx.c
@@ -46,30 +46,33 @@ extern mod_auth_st srp_dss_auth_struct;
* FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
* more than one credentials type.
*/
-typedef struct
-{
- gnutls_kx_algorithm_t algorithm;
- gnutls_credentials_type_t client_type;
- gnutls_credentials_type_t server_type; /* The type of credentials a server
- * needs to set */
+typedef struct {
+ gnutls_kx_algorithm_t algorithm;
+ gnutls_credentials_type_t client_type;
+ gnutls_credentials_type_t server_type; /* The type of credentials a server
+ * needs to set */
} gnutls_cred_map;
static const gnutls_cred_map cred_mappings[] = {
- {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
- {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
- {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
- {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
- {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
- {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
- {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
- {0, 0, 0}
+ {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
+ {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
+ {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
+ {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+ {0, 0, 0}
};
#define GNUTLS_KX_MAP_LOOP(b) \
@@ -79,48 +82,48 @@ static const gnutls_cred_map cred_mappings[] = {
#define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
-struct gnutls_kx_algo_entry
-{
- const char *name;
- gnutls_kx_algorithm_t algorithm;
- mod_auth_st *auth_struct;
- int needs_dh_params;
+struct gnutls_kx_algo_entry {
+ const char *name;
+ gnutls_kx_algorithm_t algorithm;
+ mod_auth_st *auth_struct;
+ int needs_dh_params;
};
typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry;
static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
#if defined(ENABLE_ANON) && defined(ENABLE_DHE)
- {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1},
+ {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1},
#endif
#if defined(ENABLE_ANON) && defined(ENABLE_ECDHE)
- {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0},
+ {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0},
#endif
- {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct},
+ {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct},
#ifdef ENABLE_DHE
- {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
- {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
+ {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
+ {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
#endif
#ifdef ENABLE_ECDHE
- {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
- {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0},
+ {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
+ {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct,
+ 0},
#endif
#ifdef ENABLE_SRP
- {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0},
- {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0},
- {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0},
+ {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0},
+ {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0},
+ {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0},
#endif
#ifdef ENABLE_PSK
- {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0},
- {"RSA-PSK", GNUTLS_KX_RSA_PSK, &rsa_psk_auth_struct, 0},
-# ifdef ENABLE_DHE
- {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
- 1 /* needs DHE params */},
-# endif
-# ifdef ENABLE_ECDHE
- {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
-# endif
+ {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0},
+ {"RSA-PSK", GNUTLS_KX_RSA_PSK, &rsa_psk_auth_struct, 0},
+#ifdef ENABLE_DHE
+ {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
+ 1 /* needs DHE params */ },
+#endif
+#ifdef ENABLE_ECDHE
+ {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
#endif
- {0, 0, 0, 0}
+#endif
+ {0, 0, 0, 0}
};
#define GNUTLS_KX_LOOP(b) \
@@ -132,26 +135,25 @@ static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
/* Key EXCHANGE functions */
-mod_auth_st *
-_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm)
+mod_auth_st *_gnutls_kx_auth_struct(gnutls_kx_algorithm_t algorithm)
{
- mod_auth_st *ret = NULL;
- GNUTLS_KX_ALG_LOOP (ret = p->auth_struct);
- return ret;
+ mod_auth_st *ret = NULL;
+ GNUTLS_KX_ALG_LOOP(ret = p->auth_struct);
+ return ret;
}
int
-_gnutls_kx_priority (gnutls_session_t session,
- gnutls_kx_algorithm_t algorithm)
+_gnutls_kx_priority(gnutls_session_t session,
+ gnutls_kx_algorithm_t algorithm)
{
- unsigned int i;
- for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
- {
- if (session->internals.priorities.kx.priority[i] == algorithm)
- return i;
- }
- return -1;
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.kx.algorithms; i++) {
+ if (session->internals.priorities.kx.priority[i] ==
+ algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -163,15 +165,14 @@ _gnutls_kx_priority (gnutls_session_t session,
* Returns: a pointer to a string that contains the name of the
* specified key exchange algorithm, or %NULL.
**/
-const char *
-gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm)
+const char *gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_KX_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_KX_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -184,20 +185,18 @@ gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm)
* Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN
* on error.
**/
-gnutls_kx_algorithm_t
-gnutls_kx_get_id (const char *name)
+gnutls_kx_algorithm_t gnutls_kx_get_id(const char *name)
{
- gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN;
+ gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN;
- GNUTLS_KX_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->algorithm;
- break;
- }
- );
+ GNUTLS_KX_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->algorithm;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -210,77 +209,66 @@ gnutls_kx_get_id (const char *name)
* Returns: a (0)-terminated list of #gnutls_kx_algorithm_t integers
* indicating the available key exchange algorithms.
**/
-const gnutls_kx_algorithm_t *
-gnutls_kx_list (void)
+const gnutls_kx_algorithm_t *gnutls_kx_list(void)
{
-static gnutls_kx_algorithm_t supported_kxs[MAX_ALGOS] = {0};
+ static gnutls_kx_algorithm_t supported_kxs[MAX_ALGOS] = { 0 };
- if (supported_kxs[0] == 0)
- {
- int i = 0;
+ if (supported_kxs[0] == 0) {
+ int i = 0;
- GNUTLS_KX_LOOP (supported_kxs[i++]=p->algorithm);
- supported_kxs[i++]=0;
- }
+ GNUTLS_KX_LOOP(supported_kxs[i++] = p->algorithm);
+ supported_kxs[i++] = 0;
+ }
- return supported_kxs;
+ return supported_kxs;
}
-int
-_gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm)
+int _gnutls_kx_is_ok(gnutls_kx_algorithm_t algorithm)
{
- ssize_t ret = -1;
- GNUTLS_KX_ALG_LOOP (ret = p->algorithm);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
+ ssize_t ret = -1;
+ GNUTLS_KX_ALG_LOOP(ret = p->algorithm);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
-int
-_gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm)
+int _gnutls_kx_needs_dh_params(gnutls_kx_algorithm_t algorithm)
{
- ssize_t ret = 0;
- GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params);
- return ret;
+ ssize_t ret = 0;
+ GNUTLS_KX_ALG_LOOP(ret = p->needs_dh_params);
+ return ret;
}
/* Type to KX mappings */
gnutls_kx_algorithm_t
-_gnutls_map_kx_get_kx (gnutls_credentials_type_t type, int server)
+_gnutls_map_kx_get_kx(gnutls_credentials_type_t type, int server)
{
- gnutls_kx_algorithm_t ret = -1;
-
- if (server)
- {
- GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
- }
- else
- {
- GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
- }
- return ret;
+ gnutls_kx_algorithm_t ret = -1;
+
+ if (server) {
+ GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm);
+ } else {
+ GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm);
+ }
+ return ret;
}
/* Returns the credentials type required for this
* Key exchange method.
*/
gnutls_credentials_type_t
-_gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server)
+_gnutls_map_kx_get_cred(gnutls_kx_algorithm_t algorithm, int server)
{
- gnutls_credentials_type_t ret = -1;
- if (server)
- {
- GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
- p->server_type);
- }
- else
- {
- GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
- p->client_type);
- }
-
- return ret;
+ gnutls_credentials_type_t ret = -1;
+ if (server) {
+ GNUTLS_KX_MAP_LOOP(if (p->algorithm == algorithm) ret =
+ p->server_type);
+ } else {
+ GNUTLS_KX_MAP_LOOP(if (p->algorithm == algorithm) ret =
+ p->client_type);
+ }
+
+ return ret;
}
-
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index a2fc83688d..595eab348e 100644
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -26,19 +26,24 @@
#include <x509/common.h>
static const mac_entry_st hash_algorithms[] = {
- {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1, 64},
- {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0, 64},
- {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1, 64},
- {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1, 64},
- {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1, 64},
- {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1, 64},
- {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},
- {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1, 0},
- {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1, 0},
- {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0, 0}, /* not used as MAC */
- {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1, 64},
- {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0, 0},
- {0, 0, 0, 0, 0, 0, 0, 0}
+ {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1, 64},
+ {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0, 64},
+ {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1,
+ 64},
+ {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1,
+ 64},
+ {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1,
+ 64},
+ {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1,
+ 64},
+ {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},
+ {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1, 0},
+ {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1, 0},
+ {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0, 0}, /* not used as MAC */
+ {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1,
+ 64},
+ {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0}
};
@@ -49,24 +54,24 @@ static const mac_entry_st hash_algorithms[] = {
#define GNUTLS_HASH_ALG_LOOP(a) \
GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
-const mac_entry_st* mac_to_entry(gnutls_mac_algorithm_t c)
+const mac_entry_st *mac_to_entry(gnutls_mac_algorithm_t c)
{
- GNUTLS_HASH_LOOP (if (c==p->id) return p);
+ GNUTLS_HASH_LOOP(if (c == p->id) return p);
- return NULL;
+ return NULL;
}
int
-_gnutls_mac_priority (gnutls_session_t session,
- gnutls_mac_algorithm_t algorithm)
-{ /* actually returns the priority */
- unsigned int i;
- for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
- {
- if (session->internals.priorities.mac.priority[i] == algorithm)
- return i;
- }
- return -1;
+_gnutls_mac_priority(gnutls_session_t session,
+ gnutls_mac_algorithm_t algorithm)
+{ /* actually returns the priority */
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.mac.algorithms; i++) {
+ if (session->internals.priorities.mac.priority[i] ==
+ algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -78,15 +83,14 @@ _gnutls_mac_priority (gnutls_session_t session,
* Returns: a string that contains the name of the specified MAC
* algorithm, or %NULL.
**/
-const char *
-gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
+const char *gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -98,20 +102,18 @@ gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
* Returns: a string that contains the name of the specified digest
* algorithm, or %NULL.
**/
-const char *
-gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm)
+const char *gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_HASH_LOOP (
- if (algorithm == (unsigned)p->id && p->oid != NULL)
- {
- ret = p->name;
- break;
- }
- );
+ GNUTLS_HASH_LOOP(
+ if (algorithm == (unsigned) p->id && p->oid != NULL) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -124,20 +126,18 @@ gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm)
* Returns: a #gnutls_digest_algorithm_t id of the specified MAC
* algorithm string, or %GNUTLS_DIG_UNKNOWN on failures.
**/
-gnutls_digest_algorithm_t
-gnutls_digest_get_id (const char *name)
+gnutls_digest_algorithm_t gnutls_digest_get_id(const char *name)
{
- gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
+ gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
- GNUTLS_HASH_LOOP (
- if (p->oid != NULL && strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_HASH_LOOP(
+ if (p->oid != NULL && strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -150,20 +150,18 @@ gnutls_digest_get_id (const char *name)
* Returns: a #gnutls_mac_algorithm_t id of the specified MAC
* algorithm string, or %GNUTLS_MAC_UNKNOWN on failures.
**/
-gnutls_mac_algorithm_t
-gnutls_mac_get_id (const char *name)
+gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name)
{
- gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
+ gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
- GNUTLS_HASH_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_HASH_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -175,15 +173,14 @@ gnutls_mac_get_id (const char *name)
* Returns: length (in bytes) of the given MAC key size, or 0 if the
* given MAC algorithm is invalid.
**/
-size_t
-gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
+size_t gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm)
{
- size_t ret = 0;
+ size_t ret = 0;
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->key_size);
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP(ret = p->key_size);
- return ret;
+ return ret;
}
/**
@@ -196,15 +193,14 @@ gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
*
* Since: 3.2.0
**/
-size_t
-gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm)
+size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm)
{
- size_t ret = 0;
+ size_t ret = 0;
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->nonce_size);
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP(ret = p->nonce_size);
- return ret;
+ return ret;
}
/**
@@ -217,23 +213,21 @@ gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm)
* Returns: Return a (0)-terminated list of #gnutls_mac_algorithm_t
* integers indicating the available MACs.
**/
-const gnutls_mac_algorithm_t *
-gnutls_mac_list (void)
+const gnutls_mac_algorithm_t *gnutls_mac_list(void)
{
-static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
+ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
- if (supported_macs[0] == 0)
- {
- int i = 0;
+ if (supported_macs[0] == 0) {
+ int i = 0;
- GNUTLS_HASH_LOOP (
- if (p->placeholder != 0 || _gnutls_mac_exists(p->id))
- supported_macs[i++]=p->id;
- );
- supported_macs[i++]=0;
- }
+ GNUTLS_HASH_LOOP(
+ if (p->placeholder != 0 || _gnutls_mac_exists(p->id))
+ supported_macs[i++] = p->id;
+ );
+ supported_macs[i++] = 0;
+ }
- return supported_macs;
+ return supported_macs;
}
/**
@@ -246,39 +240,39 @@ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
* Returns: Return a (0)-terminated list of #gnutls_digest_algorithm_t
* integers indicating the available digests.
**/
-const gnutls_digest_algorithm_t *
-gnutls_digest_list (void)
+const gnutls_digest_algorithm_t *gnutls_digest_list(void)
{
-static gnutls_digest_algorithm_t supported_digests[MAX_ALGOS] = { 0 };
-
- if (supported_digests[0] == 0)
- {
- int i = 0;
-
- GNUTLS_HASH_LOOP (
- if (p->oid != NULL && (p->placeholder != 0 || _gnutls_mac_exists(p->id)))
- supported_digests[i++]=p->id;
- );
- supported_digests[i++]=0;
- }
-
- return supported_digests;
+ static gnutls_digest_algorithm_t supported_digests[MAX_ALGOS] =
+ { 0 };
+
+ if (supported_digests[0] == 0) {
+ int i = 0;
+
+ GNUTLS_HASH_LOOP(
+ if (p->oid != NULL && (p->placeholder != 0 ||
+ _gnutls_mac_exists(p->id))) {
+
+ supported_digests[i++] = p->id;
+ }
+ );
+ supported_digests[i++] = 0;
+ }
+
+ return supported_digests;
}
-gnutls_digest_algorithm_t
-_gnutls_x509_oid_to_digest (const char *oid)
+gnutls_digest_algorithm_t _gnutls_x509_oid_to_digest(const char *oid)
{
- gnutls_digest_algorithm_t ret = 0;
-
- GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
- {
- ret = (gnutls_digest_algorithm_t)p->id;
- break;
- }
- );
-
- if (ret == 0)
- return GNUTLS_DIG_UNKNOWN;
- return ret;
+ gnutls_digest_algorithm_t ret = 0;
+
+ GNUTLS_HASH_LOOP(
+ if (p->oid && strcmp(oid, p->oid) == 0) {
+ ret = (gnutls_digest_algorithm_t) p->id;
+ break;
+ }
+ );
+
+ if (ret == 0)
+ return GNUTLS_DIG_UNKNOWN;
+ return ret;
}
-
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c
index 1f7a15804d..1ad022013e 100644
--- a/lib/algorithms/protocols.c
+++ b/lib/algorithms/protocols.c
@@ -27,14 +27,14 @@
/* TLS Versions */
static const version_entry_st sup_versions[] = {
- {"SSL3.0", GNUTLS_SSL3, 3, 0, GNUTLS_STREAM, 1, 0, 0, 0, 0},
- {"TLS1.0", GNUTLS_TLS1, 3, 1, GNUTLS_STREAM, 1, 0, 1, 0, 0},
- {"TLS1.1", GNUTLS_TLS1_1, 3, 2, GNUTLS_STREAM, 1, 1, 1, 0, 0},
- {"TLS1.2", GNUTLS_TLS1_2, 3, 3, GNUTLS_STREAM, 1, 1, 1, 1, 1},
- {"DTLS0.9", GNUTLS_DTLS0_9, 1, 0, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */
- {"DTLS1.0", GNUTLS_DTLS1_0, 254, 255, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* 1.1 over datagram */
- {"DTLS1.2", GNUTLS_DTLS1_2, 254, 253, GNUTLS_DGRAM, 1, 1, 1, 1, 1}, /* 1.2 over datagram */
- {0, 0, 0, 0, 0}
+ {"SSL3.0", GNUTLS_SSL3, 3, 0, GNUTLS_STREAM, 1, 0, 0, 0, 0},
+ {"TLS1.0", GNUTLS_TLS1, 3, 1, GNUTLS_STREAM, 1, 0, 1, 0, 0},
+ {"TLS1.1", GNUTLS_TLS1_1, 3, 2, GNUTLS_STREAM, 1, 1, 1, 0, 0},
+ {"TLS1.2", GNUTLS_TLS1_2, 3, 3, GNUTLS_STREAM, 1, 1, 1, 1, 1},
+ {"DTLS0.9", GNUTLS_DTLS0_9, 1, 0, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */
+ {"DTLS1.0", GNUTLS_DTLS1_0, 254, 255, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* 1.1 over datagram */
+ {"DTLS1.2", GNUTLS_DTLS1_2, 254, 253, GNUTLS_DGRAM, 1, 1, 1, 1, 1}, /* 1.2 over datagram */
+ {0, 0, 0, 0, 0}
};
#define GNUTLS_VERSION_LOOP(b) \
@@ -44,68 +44,71 @@ static const version_entry_st sup_versions[] = {
#define GNUTLS_VERSION_ALG_LOOP(a) \
GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
-const version_entry_st* version_to_entry(gnutls_protocol_t version)
+const version_entry_st *version_to_entry(gnutls_protocol_t version)
{
- GNUTLS_VERSION_ALG_LOOP (return p);
- return NULL;
+ GNUTLS_VERSION_ALG_LOOP(return p);
+ return NULL;
}
/* Return the priority of the provided version number */
int
-_gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version)
+_gnutls_version_priority(gnutls_session_t session,
+ gnutls_protocol_t version)
{
- unsigned int i;
-
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
- {
- if (session->internals.priorities.protocol.priority[i] == version)
- return i;
- }
- return -1;
+ unsigned int i;
+
+ for (i = 0; i < session->internals.priorities.protocol.algorithms;
+ i++) {
+ if (session->internals.priorities.protocol.priority[i] ==
+ version)
+ return i;
+ }
+ return -1;
}
/* Returns the lowest TLS version number in the priorities.
*/
-gnutls_protocol_t
-_gnutls_version_lowest (gnutls_session_t session)
+gnutls_protocol_t _gnutls_version_lowest(gnutls_session_t session)
{
- unsigned int i, min = 0xff;
- gnutls_protocol_t cur_prot;
+ unsigned int i, min = 0xff;
+ gnutls_protocol_t cur_prot;
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
- {
- cur_prot = session->internals.priorities.protocol.priority[i];
+ for (i=0;i< session->internals.priorities.protocol.algorithms;i++) {
+ cur_prot =
+ session->internals.priorities.protocol.priority[i];
- if (cur_prot < min && _gnutls_version_is_supported(session, cur_prot))
- min = cur_prot;
- }
+ if (cur_prot < min
+ && _gnutls_version_is_supported(session, cur_prot))
+ min = cur_prot;
+ }
- if (min == 0xff)
- return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+ if (min == 0xff)
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
- return min;
+ return min;
}
/* Returns the maximum version in the priorities
*/
-gnutls_protocol_t
-_gnutls_version_max (gnutls_session_t session)
+gnutls_protocol_t _gnutls_version_max(gnutls_session_t session)
{
- unsigned int i, max = 0x00;
- gnutls_protocol_t cur_prot;
+ unsigned int i, max = 0x00;
+ gnutls_protocol_t cur_prot;
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
- {
- cur_prot = session->internals.priorities.protocol.priority[i];
+ for (i = 0; i < session->internals.priorities.protocol.algorithms;
+ i++) {
+ cur_prot =
+ session->internals.priorities.protocol.priority[i];
- if (cur_prot > max && _gnutls_version_is_supported(session, cur_prot))
- max = cur_prot;
- }
+ if (cur_prot > max
+ && _gnutls_version_is_supported(session, cur_prot))
+ max = cur_prot;
+ }
- if (max == 0x00)
- return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+ if (max == 0x00)
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
- return max;
+ return max;
}
@@ -118,14 +121,13 @@ _gnutls_version_max (gnutls_session_t session)
* Returns: a string that contains the name of the specified TLS
* version (e.g., "TLS1.0"), or %NULL.
**/
-const char *
-gnutls_protocol_get_name (gnutls_protocol_t version)
+const char *gnutls_protocol_get_name(gnutls_protocol_t version)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_VERSION_ALG_LOOP (ret = p->name);
- return ret;
+ /* avoid prefix */
+ GNUTLS_VERSION_ALG_LOOP(ret = p->name);
+ return ret;
}
/**
@@ -137,20 +139,18 @@ gnutls_protocol_get_name (gnutls_protocol_t version)
* Returns: an id of the specified protocol, or
* %GNUTLS_VERSION_UNKNOWN on error.
**/
-gnutls_protocol_t
-gnutls_protocol_get_id (const char *name)
+gnutls_protocol_t gnutls_protocol_get_id(const char *name)
{
- gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN;
+ gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN;
- GNUTLS_VERSION_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_VERSION_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -164,50 +164,50 @@ gnutls_protocol_get_id (const char *name)
* indicating the available protocols.
*
**/
-const gnutls_protocol_t *
-gnutls_protocol_list (void)
+const gnutls_protocol_t *gnutls_protocol_list(void)
{
-static gnutls_protocol_t supported_protocols[MAX_ALGOS] = {0};
+ static gnutls_protocol_t supported_protocols[MAX_ALGOS] = { 0 };
- if (supported_protocols[0] == 0)
- {
- int i = 0;
+ if (supported_protocols[0] == 0) {
+ int i = 0;
- GNUTLS_VERSION_LOOP (supported_protocols[i++]=p->id);
- supported_protocols[i++]=0;
- }
+ GNUTLS_VERSION_LOOP(supported_protocols[i++] = p->id);
+ supported_protocols[i++] = 0;
+ }
- return supported_protocols;
+ return supported_protocols;
}
/* Returns a version number given the major and minor numbers.
*/
-gnutls_protocol_t
-_gnutls_version_get (uint8_t major, uint8_t minor)
+gnutls_protocol_t _gnutls_version_get(uint8_t major, uint8_t minor)
{
- int ret = -1;
+ int ret = -1;
- GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor))
- ret = p->id);
- return ret;
+ GNUTLS_VERSION_LOOP(
+ if ((p->major == major) && (p->minor == minor))
+ ret = p->id
+ );
+ return ret;
}
/* Version Functions */
int
-_gnutls_version_is_supported (gnutls_session_t session,
- const gnutls_protocol_t version)
+_gnutls_version_is_supported(gnutls_session_t session,
+ const gnutls_protocol_t version)
{
- int ret = 0;
+ int ret = 0;
- GNUTLS_VERSION_ALG_LOOP (ret = p->supported && p->transport == session->internals.transport);
+ GNUTLS_VERSION_ALG_LOOP(
+ ret = p->supported && p->transport == session->internals.transport
+ );
- if (ret == 0)
- return 0;
+ if (ret == 0)
+ return 0;
- if (_gnutls_version_priority (session, version) < 0)
- return 0; /* disabled by the user */
- else
- return 1;
+ if (_gnutls_version_priority(session, version) < 0)
+ return 0; /* disabled by the user */
+ else
+ return 1;
}
-
diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c
index f504c7b72f..59738d6ccf 100644
--- a/lib/algorithms/publickey.c
+++ b/lib/algorithms/publickey.c
@@ -27,17 +27,16 @@
/* KX mappings to PK algorithms */
-typedef struct
-{
- gnutls_kx_algorithm_t kx_algorithm;
- gnutls_pk_algorithm_t pk_algorithm;
- enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
- * for encryption, CIPHER_SIGN if signature only,
- * CIPHER_IGN if this does not apply at all.
- *
- * This is useful to certificate cipher suites, which check
- * against the certificate key usage bits.
- */
+typedef struct {
+ gnutls_kx_algorithm_t kx_algorithm;
+ gnutls_pk_algorithm_t pk_algorithm;
+ enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
+ * for encryption, CIPHER_SIGN if signature only,
+ * CIPHER_IGN if this does not apply at all.
+ *
+ * This is useful to certificate cipher suites, which check
+ * against the certificate key usage bits.
+ */
} gnutls_pk_map;
/* This table maps the Key exchange algorithms to
@@ -46,15 +45,15 @@ typedef struct
* use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
*/
static const gnutls_pk_map pk_mappings[] = {
- {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
- {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
- {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
- {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
- {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
- {0, 0, 0}
+ {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
+ {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+ {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+ {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
+ {0, 0, 0}
};
#define GNUTLS_PK_MAP_LOOP(b) \
@@ -69,37 +68,36 @@ static const gnutls_pk_map pk_mappings[] = {
* the given gnutls_kx_algorithm_t.
*/
gnutls_pk_algorithm_t
-_gnutls_map_pk_get_pk (gnutls_kx_algorithm_t kx_algorithm)
+_gnutls_map_pk_get_pk(gnutls_kx_algorithm_t kx_algorithm)
{
- gnutls_pk_algorithm_t ret = -1;
+ gnutls_pk_algorithm_t ret = -1;
- GNUTLS_PK_MAP_ALG_LOOP (ret = p->pk_algorithm) return ret;
+ GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm) return ret;
}
/* pk algorithms;
*/
-struct gnutls_pk_entry
-{
- const char *name;
- const char *oid;
- gnutls_pk_algorithm_t id;
+struct gnutls_pk_entry {
+ const char *name;
+ const char *oid;
+ gnutls_pk_algorithm_t id;
};
typedef struct gnutls_pk_entry gnutls_pk_entry;
static const gnutls_pk_entry pk_algorithms[] = {
- /* having duplicate entries is ok, as long as the one
- * we want to return OID from is first */
- {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN},
- {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
- {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
- {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
- {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
- {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
- {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
- {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
- {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
- {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
- {0, 0, 0}
+ /* having duplicate entries is ok, as long as the one
+ * we want to return OID from is first */
+ {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN},
+ {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
+ {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
+ {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
+ {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
+ {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
+ {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
+ {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
+ {0, 0, 0}
};
#define GNUTLS_PK_LOOP(b) \
@@ -116,20 +114,18 @@ static const gnutls_pk_entry pk_algorithms[] = {
* Returns: a string that contains the name of the specified public
* key algorithm, or %NULL.
**/
-const char *
-gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm)
+const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_PK_LOOP(
- if (p->id == algorithm)
- {
- ret = p->name;
- break;
- }
- );
+ GNUTLS_PK_LOOP(
+ if (p->id == algorithm) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -144,20 +140,21 @@ gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm)
*
* Since: 2.6.0
**/
-const gnutls_pk_algorithm_t *
-gnutls_pk_list (void)
+const gnutls_pk_algorithm_t *gnutls_pk_list(void)
{
-static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = {0};
+ static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = { 0 };
- if (supported_pks[0] == 0)
- {
- int i = 0;
+ if (supported_pks[0] == 0) {
+ int i = 0;
- GNUTLS_PK_LOOP (if (p->id != GNUTLS_PK_UNKNOWN && supported_pks[i>0?(i-1):0]!=p->id) supported_pks[i++]=p->id);
- supported_pks[i++]=0;
- }
+ GNUTLS_PK_LOOP(
+ if (p->id != GNUTLS_PK_UNKNOWN && supported_pks[i > 0 ? (i - 1) : 0] != p->id)
+ supported_pks[i++] = p->id
+ );
+ supported_pks[i++] = 0;
+ }
- return supported_pks;
+ return supported_pks;
}
/**
@@ -173,20 +170,18 @@ static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = {0};
*
* Since: 2.6.0
**/
-gnutls_pk_algorithm_t
-gnutls_pk_get_id (const char *name)
+gnutls_pk_algorithm_t gnutls_pk_get_id(const char *name)
{
- gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
- const gnutls_pk_entry *p;
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (name && strcmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (name && strcmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
- return ret;
+ return ret;
}
/**
@@ -200,52 +195,46 @@ gnutls_pk_get_id (const char *name)
*
* Since: 2.6.0
**/
-const char *
-gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm)
+const char *gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm)
{
- const char *ret = "Unknown";
- const gnutls_pk_entry *p;
+ const char *ret = "Unknown";
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (algorithm == p->id)
- {
- ret = p->name;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (algorithm == p->id) {
+ ret = p->name;
+ break;
+ }
- return ret;
+ return ret;
}
-gnutls_pk_algorithm_t
-_gnutls_x509_oid2pk_algorithm (const char *oid)
+gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm(const char *oid)
{
- gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
- const gnutls_pk_entry *p;
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (p->oid && strcmp (p->oid, oid) == 0)
- {
- ret = p->id;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (p->oid && strcmp(p->oid, oid) == 0) {
+ ret = p->id;
+ break;
+ }
- return ret;
+ return ret;
}
-const char *
-_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm)
+const char *_gnutls_x509_pk_to_oid(gnutls_pk_algorithm_t algorithm)
{
- const char *ret = NULL;
- const gnutls_pk_entry *p;
+ const char *ret = NULL;
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (p->id == algorithm)
- {
- ret = p->oid;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (p->id == algorithm) {
+ ret = p->oid;
+ break;
+ }
- return ret;
+ return ret;
}
/* Returns the encipher type for the given key exchange algorithm.
@@ -254,10 +243,11 @@ _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm)
* ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
*/
enum encipher_type
-_gnutls_kx_encipher_type (gnutls_kx_algorithm_t kx_algorithm)
+_gnutls_kx_encipher_type(gnutls_kx_algorithm_t kx_algorithm)
{
- int ret = CIPHER_IGN;
- GNUTLS_PK_MAP_ALG_LOOP (ret = p->encipher_type) return ret;
+ int ret = CIPHER_IGN;
+ GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type)
-}
+ return ret;
+}
diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c
index 36a1ebfa64..2dc04b7256 100644
--- a/lib/algorithms/secparams.c
+++ b/lib/algorithms/secparams.c
@@ -25,30 +25,29 @@
#include <gnutls_errors.h>
#include <x509/common.h>
-typedef struct
-{
- const char *name;
- gnutls_sec_param_t sec_param;
- unsigned int bits; /* security level */
- unsigned int pk_bits; /* DH, RSA, SRP */
- unsigned int dsa_bits; /* bits for DSA. Handled differently since
- * choice of key size in DSA is political.
- */
- unsigned int subgroup_bits; /* subgroup bits */
- unsigned int ecc_bits; /* bits for ECC keys */
+typedef struct {
+ const char *name;
+ gnutls_sec_param_t sec_param;
+ unsigned int bits; /* security level */
+ unsigned int pk_bits; /* DH, RSA, SRP */
+ unsigned int dsa_bits; /* bits for DSA. Handled differently since
+ * choice of key size in DSA is political.
+ */
+ unsigned int subgroup_bits; /* subgroup bits */
+ unsigned int ecc_bits; /* bits for ECC keys */
} gnutls_sec_params_entry;
static const gnutls_sec_params_entry sec_params[] = {
- {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0},
- {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 150, 0},
- {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 160, 0},
- {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160},
- {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
- {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},
- {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
- {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
- {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
- {NULL, 0, 0, 0, 0, 0}
+ {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0},
+ {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 150, 0},
+ {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 160, 0},
+ {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160},
+ {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
+ {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},
+ {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
+ {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
+ {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
+ {NULL, 0, 0, 0, 0, 0}
};
#define GNUTLS_SEC_PARAM_LOOP(b) \
@@ -71,41 +70,40 @@ static const gnutls_sec_params_entry sec_params[] = {
* Since: 2.12.0
**/
unsigned int
-gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
- gnutls_sec_param_t param)
+gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,
+ gnutls_sec_param_t param)
{
- unsigned int ret = 0;
-
- /* handle DSA differently */
- GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
- {
- if (algo == GNUTLS_PK_DSA)
- ret = p->dsa_bits;
- else if (algo == GNUTLS_PK_EC)
- ret = p->ecc_bits;
- else
- ret = p->pk_bits;
- break;
- }
- );
- return ret;
+ unsigned int ret = 0;
+
+ /* handle DSA differently */
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->sec_param == param) {
+ if (algo == GNUTLS_PK_DSA)
+ ret = p->dsa_bits;
+ else if (algo == GNUTLS_PK_EC)
+ ret = p->ecc_bits;
+ else
+ ret = p->pk_bits; break;
+ }
+ );
+ return ret;
}
/* Returns the corresponding size for subgroup bits (q),
* given the group bits (p).
*/
-unsigned int
-_gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits)
+unsigned int _gnutls_pk_bits_to_subgroup_bits(unsigned int pk_bits)
{
- unsigned int ret = 0;
+ unsigned int ret = 0;
- GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits >= pk_bits)
- {
- ret = p->subgroup_bits; break;
- }
- );
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->pk_bits >= pk_bits) {
+ ret = p->subgroup_bits;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -119,18 +117,18 @@ _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits)
*
* Since: 2.12.0
**/
-const char *
-gnutls_sec_param_get_name (gnutls_sec_param_t param)
+const char *gnutls_sec_param_get_name(gnutls_sec_param_t param)
{
- const char *ret = "Unknown";
+ const char *ret = "Unknown";
- GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
- {
- ret = p->name; break;
- }
- );
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->sec_param == param) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -147,29 +145,28 @@ gnutls_sec_param_get_name (gnutls_sec_param_t param)
* Since: 2.12.0
**/
gnutls_sec_param_t
-gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits)
+gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo, unsigned int bits)
{
- gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_INSECURE;
-
- if (bits == 0)
- return GNUTLS_SEC_PARAM_UNKNOWN;
-
- if (algo == GNUTLS_PK_EC)
- {
- GNUTLS_SEC_PARAM_LOOP (if (p->ecc_bits > bits)
- {
- break;
- }
- ret = p->sec_param;);
- }
- else
- {
- GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits > bits)
- {
- break;
- }
- ret = p->sec_param;);
- }
-
- return ret;
+ gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_INSECURE;
+
+ if (bits == 0)
+ return GNUTLS_SEC_PARAM_UNKNOWN;
+
+ if (algo == GNUTLS_PK_EC) {
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->ecc_bits > bits) {
+ break;
+ }
+ ret = p->sec_param;
+ );
+ } else {
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->pk_bits > bits) {
+ break;
+ }
+ ret = p->sec_param;
+ );
+ }
+
+ return ret;
}
diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 29348e9baa..04f2645a4b 100644
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -27,16 +27,15 @@
/* signature algorithms;
*/
-struct gnutls_sign_entry
-{
- const char *name;
- const char *oid;
- gnutls_sign_algorithm_t id;
- gnutls_pk_algorithm_t pk;
- gnutls_digest_algorithm_t mac;
- /* See RFC 5246 HashAlgorithm and SignatureAlgorithm
- for values to use in aid struct. */
- const sign_algorithm_st aid;
+struct gnutls_sign_entry {
+ const char *name;
+ const char *oid;
+ gnutls_sign_algorithm_t id;
+ gnutls_pk_algorithm_t pk;
+ gnutls_digest_algorithm_t mac;
+ /* See RFC 5246 HashAlgorithm and SignatureAlgorithm
+ for values to use in aid struct. */
+ const sign_algorithm_st aid;
};
typedef struct gnutls_sign_entry gnutls_sign_entry;
@@ -44,43 +43,57 @@ typedef struct gnutls_sign_entry gnutls_sign_entry;
static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN;
static const gnutls_sign_entry sign_algorithms[] = {
- {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA1, {2, 1}},
- {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA1, {2, 1}},
- {"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA224, {3, 1}},
- {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA256, {4, 1}},
- {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA384, {5, 1}},
- {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA512, {6, 1}},
- {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA,
- GNUTLS_DIG_RMD160, TLS_SIGN_AID_UNKNOWN},
- {"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA1, {2, 2}},
- {"DSA-SHA1", "1.3.14.3.2.27", GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA1, {2, 2}},
- {"DSA-SHA224", SIG_DSA_SHA224_OID, GNUTLS_SIGN_DSA_SHA224, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA224, {3, 2}},
- {"DSA-SHA256", SIG_DSA_SHA256_OID, GNUTLS_SIGN_DSA_SHA256, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA256, {4, 2}},
- {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
- GNUTLS_DIG_MD5, {1, 1}},
- {"RSA-MD5", "1.3.14.3.2.25", GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
- GNUTLS_DIG_MD5, {1, 1}},
- {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
- GNUTLS_DIG_MD2, TLS_SIGN_AID_UNKNOWN},
- {"ECDSA-SHA1", "1.2.840.10045.4.1", GNUTLS_SIGN_ECDSA_SHA1, GNUTLS_PK_EC, GNUTLS_DIG_SHA1, {2, 3}},
- {"ECDSA-SHA224", "1.2.840.10045.4.3.1", GNUTLS_SIGN_ECDSA_SHA224, GNUTLS_PK_EC, GNUTLS_DIG_SHA224, {3, 3}},
- {"ECDSA-SHA256", "1.2.840.10045.4.3.2", GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_PK_EC, GNUTLS_DIG_SHA256, {4, 3}},
- {"ECDSA-SHA384", "1.2.840.10045.4.3.3", GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_PK_EC, GNUTLS_DIG_SHA384, {5, 3}},
- {"ECDSA-SHA512", "1.2.840.10045.4.3.4", GNUTLS_SIGN_ECDSA_SHA512, GNUTLS_PK_EC, GNUTLS_DIG_SHA512, {6, 3}},
- {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0,
- TLS_SIGN_AID_UNKNOWN},
- {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN},
- {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
+ {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA1, {2, 1}},
+ {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA1, {2, 1}},
+ {"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA224, {3, 1}},
+ {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA256, {4, 1}},
+ {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA384, {5, 1}},
+ {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA512, {6, 1}},
+ {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_RMD160, TLS_SIGN_AID_UNKNOWN},
+ {"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA1, {2, 2}},
+ {"DSA-SHA1", "1.3.14.3.2.27", GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA1, {2, 2}},
+ {"DSA-SHA224", SIG_DSA_SHA224_OID, GNUTLS_SIGN_DSA_SHA224,
+ GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA224, {3, 2}},
+ {"DSA-SHA256", SIG_DSA_SHA256_OID, GNUTLS_SIGN_DSA_SHA256,
+ GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA256, {4, 2}},
+ {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
+ GNUTLS_DIG_MD5, {1, 1}},
+ {"RSA-MD5", "1.3.14.3.2.25", GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
+ GNUTLS_DIG_MD5, {1, 1}},
+ {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
+ GNUTLS_DIG_MD2, TLS_SIGN_AID_UNKNOWN},
+ {"ECDSA-SHA1", "1.2.840.10045.4.1", GNUTLS_SIGN_ECDSA_SHA1,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA1, {2, 3}},
+ {"ECDSA-SHA224", "1.2.840.10045.4.3.1", GNUTLS_SIGN_ECDSA_SHA224,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA224, {3, 3}},
+ {"ECDSA-SHA256", "1.2.840.10045.4.3.2", GNUTLS_SIGN_ECDSA_SHA256,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA256, {4, 3}},
+ {"ECDSA-SHA384", "1.2.840.10045.4.3.3", GNUTLS_SIGN_ECDSA_SHA384,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA384, {5, 3}},
+ {"ECDSA-SHA512", "1.2.840.10045.4.3.4", GNUTLS_SIGN_ECDSA_SHA512,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA512, {6, 3}},
+ {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0,
+ TLS_SIGN_AID_UNKNOWN},
+ {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0,
+ TLS_SIGN_AID_UNKNOWN},
+ {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
};
#define GNUTLS_SIGN_LOOP(b) \
@@ -101,16 +114,15 @@ static const gnutls_sign_entry sign_algorithms[] = {
* Returns: a string that contains the name of the specified sign
* algorithm, or %NULL.
**/
-const char *
-gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)
+const char *gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm)
{
- gnutls_sign_algorithm_t sign = algorithm;
- const char *ret = NULL;
+ gnutls_sign_algorithm_t sign = algorithm;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_SIGN_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_SIGN_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -119,19 +131,18 @@ gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)
*
* Returns: Non-zero if the provided signature algorithm is considered to be secure.
**/
-int
-gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm)
+int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm)
{
- gnutls_sign_algorithm_t sign = algorithm;
- gnutls_digest_algorithm_t dig = GNUTLS_DIG_UNKNOWN;
+ gnutls_sign_algorithm_t sign = algorithm;
+ gnutls_digest_algorithm_t dig = GNUTLS_DIG_UNKNOWN;
+
+ /* avoid prefix */
+ GNUTLS_SIGN_ALG_LOOP(dig = p->mac);
- /* avoid prefix */
- GNUTLS_SIGN_ALG_LOOP (dig = p->mac);
-
- if (dig != GNUTLS_DIG_UNKNOWN)
- return _gnutls_digest_is_secure(mac_to_entry(dig));
+ if (dig != GNUTLS_DIG_UNKNOWN)
+ return _gnutls_digest_is_secure(mac_to_entry(dig));
- return 0;
+ return 0;
}
/**
@@ -143,20 +154,18 @@ gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm)
* integers indicating the available ciphers.
*
**/
-const gnutls_sign_algorithm_t *
-gnutls_sign_list (void)
+const gnutls_sign_algorithm_t *gnutls_sign_list(void)
{
-static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = {0};
+ static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = { 0 };
- if (supported_sign[0] == 0)
- {
- int i = 0;
+ if (supported_sign[0] == 0) {
+ int i = 0;
- GNUTLS_SIGN_LOOP (supported_sign[i++]=p->id);
- supported_sign[i++]=0;
- }
+ GNUTLS_SIGN_LOOP(supported_sign[i++] = p->id);
+ supported_sign[i++] = 0;
+ }
- return supported_sign;
+ return supported_sign;
}
/**
@@ -168,41 +177,35 @@ static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = {0};
* Returns: return a #gnutls_sign_algorithm_t value corresponding to
* the specified algorithm, or %GNUTLS_SIGN_UNKNOWN on error.
**/
-gnutls_sign_algorithm_t
-gnutls_sign_get_id (const char *name)
+gnutls_sign_algorithm_t gnutls_sign_get_id(const char *name)
{
- gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
+ gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
- GNUTLS_SIGN_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_SIGN_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
-gnutls_sign_algorithm_t
-_gnutls_x509_oid2sign_algorithm (const char *oid)
+gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm(const char *oid)
{
- gnutls_sign_algorithm_t ret = 0;
-
- GNUTLS_SIGN_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
- {
- ret = p->id;
- break;
- }
- );
-
- if (ret == 0)
- {
- _gnutls_debug_log ("Unknown SIGN OID: '%s'\n", oid);
- return GNUTLS_SIGN_UNKNOWN;
- }
- return ret;
+ gnutls_sign_algorithm_t ret = 0;
+
+ GNUTLS_SIGN_LOOP(
+ if (p->oid && strcmp(oid, p->oid) == 0) {
+ ret = p->id; break;}
+ );
+
+ if (ret == 0) {
+ _gnutls_debug_log("Unknown SIGN OID: '%s'\n", oid);
+ return GNUTLS_SIGN_UNKNOWN;
+ }
+ return ret;
}
/**
@@ -216,33 +219,34 @@ _gnutls_x509_oid2sign_algorithm (const char *oid)
* Returns: return a #gnutls_sign_algorithm_t value, or %GNUTLS_SIGN_UNKNOWN on error.
**/
gnutls_sign_algorithm_t
-gnutls_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
+gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
{
- gnutls_sign_algorithm_t ret = 0;
-
- GNUTLS_SIGN_LOOP (if (pk == p->pk && hash == p->mac)
- {
- ret = p->id; break;}
- );
-
- if (ret == 0)
- return GNUTLS_SIGN_UNKNOWN;
- return ret;
+ gnutls_sign_algorithm_t ret = 0;
+
+ GNUTLS_SIGN_LOOP(
+ if (pk == p->pk && hash == p->mac) {
+ ret = p->id;
+ break;
+ }
+ );
+
+ if (ret == 0)
+ return GNUTLS_SIGN_UNKNOWN;
+ return ret;
}
-const char *
-_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t mac)
+const char *_gnutls_x509_sign_to_oid(gnutls_pk_algorithm_t pk,
+ gnutls_digest_algorithm_t mac)
{
- gnutls_sign_algorithm_t sign;
- const char *ret = NULL;
+ gnutls_sign_algorithm_t sign;
+ const char *ret = NULL;
- sign = gnutls_pk_to_sign (pk, mac);
- if (sign == GNUTLS_SIGN_UNKNOWN)
- return NULL;
+ sign = gnutls_pk_to_sign(pk, mac);
+ if (sign == GNUTLS_SIGN_UNKNOWN)
+ return NULL;
- GNUTLS_SIGN_ALG_LOOP (ret = p->oid);
- return ret;
+ GNUTLS_SIGN_ALG_LOOP(ret = p->oid);
+ return ret;
}
/**
@@ -257,13 +261,13 @@ _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
* Returns: return a #gnutls_digest_algorithm_t value, or %GNUTLS_DIG_UNKNOWN on error.
**/
gnutls_digest_algorithm_t
-gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
+gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign)
{
- gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
+ gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
- GNUTLS_SIGN_ALG_LOOP (ret = p->mac);
+ GNUTLS_SIGN_ALG_LOOP(ret = p->mac);
- return ret;
+ return ret;
}
/**
@@ -278,46 +282,48 @@ gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
* Returns: return a #gnutls_pk_algorithm_t value, or %GNUTLS_PK_UNKNOWN on error.
**/
gnutls_pk_algorithm_t
-gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign)
+gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign)
{
- gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
- GNUTLS_SIGN_ALG_LOOP (ret = p->pk);
+ GNUTLS_SIGN_ALG_LOOP(ret = p->pk);
- return ret;
+ return ret;
}
gnutls_sign_algorithm_t
-_gnutls_tls_aid_to_sign (const sign_algorithm_st * aid)
+_gnutls_tls_aid_to_sign(const sign_algorithm_st * aid)
{
- gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
+ gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
- if (memcmp(aid, &unknown_tls_aid, sizeof(*aid))==0)
- return ret;
+ if (memcmp(aid, &unknown_tls_aid, sizeof(*aid)) == 0)
+ return ret;
- GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm
- && p->aid.sign_algorithm == aid->sign_algorithm)
- {
- ret = p->id; break;
- }
- );
+ GNUTLS_SIGN_LOOP(
+ if (p->aid.hash_algorithm == aid->hash_algorithm &&
+ p->aid.sign_algorithm == aid->sign_algorithm) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+
+ return ret;
}
/* Returns NULL if a valid AID is not found
*/
-const sign_algorithm_st*
-_gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign)
+const sign_algorithm_st *_gnutls_sign_to_tls_aid(gnutls_sign_algorithm_t
+ sign)
{
- const sign_algorithm_st * ret = NULL;
+ const sign_algorithm_st *ret = NULL;
- GNUTLS_SIGN_ALG_LOOP (ret = &p->aid);
+ GNUTLS_SIGN_ALG_LOOP(ret = &p->aid);
- if (ret != NULL && memcmp(ret, &unknown_tls_aid, sizeof(*ret))==0)
- return NULL;
+ if (ret != NULL
+ && memcmp(ret, &unknown_tls_aid, sizeof(*ret)) == 0)
+ return NULL;
- return ret;
+ return ret;
}
-
diff --git a/lib/auth/anon.c b/lib/auth/anon.c
index e30261dcf4..54548300eb 100644
--- a/lib/auth/anon.c
+++ b/lib/auth/anon.c
@@ -38,136 +38,134 @@
#include <gnutls_state.h>
#include <auth/dh_common.h>
-static int gen_anon_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_anon_client_kx (gnutls_session_t, uint8_t *, size_t);
-static int proc_anon_server_kx (gnutls_session_t, uint8_t *, size_t);
+static int gen_anon_server_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_anon_client_kx(gnutls_session_t, uint8_t *, size_t);
+static int proc_anon_server_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st anon_auth_struct = {
- "ANON",
- NULL,
- NULL,
- gen_anon_server_kx,
- _gnutls_gen_dh_common_client_kx, /* this can be shared */
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- proc_anon_server_kx,
- proc_anon_client_kx,
- NULL,
- NULL
+ "ANON",
+ NULL,
+ NULL,
+ gen_anon_server_kx,
+ _gnutls_gen_dh_common_client_kx, /* this can be shared */
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_anon_server_kx,
+ proc_anon_client_kx,
+ NULL,
+ NULL
};
static int
-gen_anon_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_anon_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- bigint_t g, p;
- const bigint_t *mpis;
- int ret;
- gnutls_dh_params_t dh_params;
- gnutls_anon_server_credentials_t cred;
-
- cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_dh_set_group (session, g, p);
-
- ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ bigint_t g, p;
+ const bigint_t *mpis;
+ int ret;
+ gnutls_dh_params_t dh_params;
+ gnutls_anon_server_credentials_t cred;
+
+ cred = (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_dh_set_group(session, g, p);
+
+ ret =
+ _gnutls_dh_common_print_server_kx(session, g, p,
+ dh_params->q_bits, data);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
static int
-proc_anon_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_anon_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- gnutls_anon_server_credentials_t cred;
- int ret;
- bigint_t p, g;
- gnutls_dh_params_t dh_params;
- const bigint_t *mpis;
-
- cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- ret = _gnutls_proc_dh_common_client_kx (session, data, _data_size, g, p, NULL);
-
- return ret;
+ gnutls_anon_server_credentials_t cred;
+ int ret;
+ bigint_t p, g;
+ gnutls_dh_params_t dh_params;
+ const bigint_t *mpis;
+
+ cred = (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ ret =
+ _gnutls_proc_dh_common_client_kx(session, data, _data_size, g,
+ p, NULL);
+
+ return ret;
}
int
-proc_anon_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_anon_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret;
-
- /* set auth_info */
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_proc_dh_common_server_kx (session, data, _data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret;
+
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE_ANON */
+#endif /* ENABLE_ANON */
diff --git a/lib/auth/anon.h b/lib/auth/anon.h
index b17c10cfc3..6424fdd9a7 100644
--- a/lib/auth/anon.h
+++ b/lib/auth/anon.h
@@ -24,24 +24,21 @@
#include <gnutls_auth.h>
#include <auth/dh_common.h>
-typedef struct gnutls_anon_server_credentials_st
-{
- gnutls_dh_params_t dh_params;
- /* this callback is used to retrieve the DH or RSA
- * parameters.
- */
- gnutls_params_function *params_func;
+typedef struct gnutls_anon_server_credentials_st {
+ gnutls_dh_params_t dh_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
} anon_server_credentials_st;
-typedef struct gnutls_anon_client_credentials_st
-{
- int dummy;
+typedef struct gnutls_anon_client_credentials_st {
+ int dummy;
} anon_client_credentials_st;
-typedef struct anon_auth_info_st
-{
- dh_info_st dh;
- gnutls_ecc_curve_t curve;
+typedef struct anon_auth_info_st {
+ dh_info_st dh;
+ gnutls_ecc_curve_t curve;
} *anon_auth_info_t;
typedef struct anon_auth_info_st anon_auth_info_st;
diff --git a/lib/auth/anon_ecdh.c b/lib/auth/anon_ecdh.c
index 3a99c482c6..7fc99e59b6 100644
--- a/lib/auth/anon_ecdh.c
+++ b/lib/auth/anon_ecdh.c
@@ -27,7 +27,7 @@
#include <gnutls_int.h>
-#if defined(ENABLE_ANON) && defined(ENABLE_ECDHE)
+#if defined(ENABLE_ANON) && defined(ENABLE_ECDHE)
#include "gnutls_auth.h"
#include "gnutls_errors.h"
@@ -39,101 +39,101 @@
#include <auth/ecdhe.h>
#include <ext/ecc.h>
-static int gen_anon_ecdh_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_anon_ecdh_client_kx (gnutls_session_t, uint8_t *, size_t);
-static int proc_anon_ecdh_server_kx (gnutls_session_t, uint8_t *, size_t);
+static int gen_anon_ecdh_server_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_anon_ecdh_client_kx(gnutls_session_t, uint8_t *, size_t);
+static int proc_anon_ecdh_server_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st anon_ecdh_auth_struct = {
- "ANON ECDH",
- NULL,
- NULL,
- gen_anon_ecdh_server_kx,
- _gnutls_gen_ecdh_common_client_kx, /* this can be shared */
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- proc_anon_ecdh_server_kx,
- proc_anon_ecdh_client_kx,
- NULL,
- NULL
+ "ANON ECDH",
+ NULL,
+ NULL,
+ gen_anon_ecdh_server_kx,
+ _gnutls_gen_ecdh_common_client_kx, /* this can be shared */
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_anon_ecdh_server_kx,
+ proc_anon_ecdh_client_kx,
+ NULL,
+ NULL
};
static int
-gen_anon_ecdh_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_anon_ecdh_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret;
- gnutls_anon_server_credentials_t cred;
-
- cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_ecdh_common_print_server_kx (session, data, _gnutls_session_ecc_curve_get(session));
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ int ret;
+ gnutls_anon_server_credentials_t cred;
+
+ cred = (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_ecdh_common_print_server_kx(session, data,
+ _gnutls_session_ecc_curve_get
+ (session));
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
static int
-proc_anon_ecdh_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_anon_ecdh_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- gnutls_anon_server_credentials_t cred;
-
- cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- return _gnutls_proc_ecdh_common_client_kx (session, data, _data_size,
- _gnutls_session_ecc_curve_get(session), NULL);
+ gnutls_anon_server_credentials_t cred;
+
+ cred = (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ return _gnutls_proc_ecdh_common_client_kx(session, data,
+ _data_size,
+ _gnutls_session_ecc_curve_get
+ (session), NULL);
}
int
-proc_anon_ecdh_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_anon_ecdh_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret;
-
- /* set auth_info */
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_proc_ecdh_common_server_kx (session, data, _data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret;
+
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_proc_ecdh_common_server_kx(session, data, _data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE_ANON */
+#endif /* ENABLE_ANON */
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 9a5f5590c5..606e798607 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -47,98 +47,95 @@
#ifdef ENABLE_OPENPGP
#include "openpgp/gnutls_openpgp.h"
-static gnutls_privkey_t alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t
- key, int deinit);
-static gnutls_pcert_st *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert);
+static gnutls_privkey_t alloc_and_load_pgp_key(const
+ gnutls_openpgp_privkey_t
+ key, int deinit);
+static gnutls_pcert_st *alloc_and_load_pgp_certs(gnutls_openpgp_crt_t
+ cert);
#endif
-static gnutls_pcert_st *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs,
- unsigned);
-static gnutls_privkey_t alloc_and_load_x509_key (gnutls_x509_privkey_t key,
- int deinit);
+static gnutls_pcert_st *alloc_and_load_x509_certs(gnutls_x509_crt_t *
+ certs, unsigned);
+static gnutls_privkey_t alloc_and_load_x509_key(gnutls_x509_privkey_t key,
+ int deinit);
#ifdef ENABLE_PKCS11
-static gnutls_privkey_t alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t
- key, int deinit);
+static gnutls_privkey_t alloc_and_load_pkcs11_key(gnutls_pkcs11_privkey_t
+ key, int deinit);
#endif
#define MAX_CLIENT_SIGN_ALGOS 3
#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
typedef enum CertificateSigType
-{ RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
+ { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
} CertificateSigType;
/* Copies data from a internal certificate struct (gnutls_pcert_st) to
* exported certificate struct (cert_auth_info_t)
*/
-static int
-_gnutls_copy_certificate_auth_info (cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts, /* openpgp only */
- void *keyid)
+static int _gnutls_copy_certificate_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts, /* openpgp only */
+ void *keyid)
{
- /* Copy peer's information to auth_info_t
- */
- int ret;
- size_t i, j;
-
- if (info->raw_certificate_list != NULL)
- {
- for (j = 0; j < info->ncerts; j++)
- _gnutls_free_datum (&info->raw_certificate_list[j]);
- gnutls_free (info->raw_certificate_list);
- }
-
- if (ncerts == 0)
- {
- info->raw_certificate_list = NULL;
- info->ncerts = 0;
- return 0;
- }
-
- info->raw_certificate_list =
- gnutls_calloc (ncerts, sizeof (gnutls_datum_t));
- if (info->raw_certificate_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (i = 0; i < ncerts; i++)
- {
- if (certs[i].cert.size > 0)
- {
- ret =
- _gnutls_set_datum (&info->raw_certificate_list[i],
- certs[i].cert.data, certs[i].cert.size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto clear;
- }
- }
- }
- info->ncerts = ncerts;
- info->cert_type = certs[0].type;
+ /* Copy peer's information to auth_info_t
+ */
+ int ret;
+ size_t i, j;
+
+ if (info->raw_certificate_list != NULL) {
+ for (j = 0; j < info->ncerts; j++)
+ _gnutls_free_datum(&info->raw_certificate_list[j]);
+ gnutls_free(info->raw_certificate_list);
+ }
+
+ if (ncerts == 0) {
+ info->raw_certificate_list = NULL;
+ info->ncerts = 0;
+ return 0;
+ }
+
+ info->raw_certificate_list =
+ gnutls_calloc(ncerts, sizeof(gnutls_datum_t));
+ if (info->raw_certificate_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < ncerts; i++) {
+ if (certs[i].cert.size > 0) {
+ ret =
+ _gnutls_set_datum(&info->
+ raw_certificate_list[i],
+ certs[i].cert.data,
+ certs[i].cert.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto clear;
+ }
+ }
+ }
+ info->ncerts = ncerts;
+ info->cert_type = certs[0].type;
#ifdef ENABLE_OPENPGP
- if (certs[0].type == GNUTLS_CRT_OPENPGP)
- {
- if (keyid)
- memcpy (info->subkey_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
- }
+ if (certs[0].type == GNUTLS_CRT_OPENPGP) {
+ if (keyid)
+ memcpy(info->subkey_id, keyid,
+ GNUTLS_OPENPGP_KEYID_SIZE);
+ }
#endif
- return 0;
+ return 0;
-clear:
+ clear:
- for (j = 0; j < i; j++)
- _gnutls_free_datum (&info->raw_certificate_list[j]);
+ for (j = 0; j < i; j++)
+ _gnutls_free_datum(&info->raw_certificate_list[j]);
- gnutls_free (info->raw_certificate_list);
- info->raw_certificate_list = NULL;
+ gnutls_free(info->raw_certificate_list);
+ info->raw_certificate_list = NULL;
- return ret;
+ return ret;
}
@@ -148,19 +145,17 @@ clear:
* -1 otherwise.
*/
inline static int
-_gnutls_check_pk_algo_in_list (const gnutls_pk_algorithm_t *
- pk_algos, int pk_algos_length,
- gnutls_pk_algorithm_t algo_to_check)
+_gnutls_check_pk_algo_in_list(const gnutls_pk_algorithm_t *
+ pk_algos, int pk_algos_length,
+ gnutls_pk_algorithm_t algo_to_check)
{
- int i;
- for (i = 0; i < pk_algos_length; i++)
- {
- if (algo_to_check == pk_algos[i])
- {
- return 0;
- }
- }
- return -1;
+ int i;
+ for (i = 0; i < pk_algos_length; i++) {
+ if (algo_to_check == pk_algos[i]) {
+ return 0;
+ }
+ }
+ return -1;
}
@@ -168,46 +163,48 @@ _gnutls_check_pk_algo_in_list (const gnutls_pk_algorithm_t *
* specified in cert.
*/
static int
-_gnutls_cert_get_issuer_dn (gnutls_pcert_st * cert, gnutls_datum_t * odn)
+_gnutls_cert_get_issuer_dn(gnutls_pcert_st * cert, gnutls_datum_t * odn)
{
- ASN1_TYPE dn;
- int len, result;
- int start, end;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&dn, cert->cert.data, cert->cert.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- gnutls_assert ();
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding_startEnd (dn, cert->cert.data, cert->cert.size,
- "tbsCertificate.issuer", &start, &end);
-
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- gnutls_assert ();
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
- asn1_delete_structure (&dn);
-
- len = end - start + 1;
-
- odn->size = len;
- odn->data = &cert->cert.data[start];
-
- return 0;
+ ASN1_TYPE dn;
+ int len, result;
+ int start, end;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.Certificate",
+ &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&dn, cert->cert.data, cert->cert.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding_startEnd(dn, cert->cert.data,
+ cert->cert.size,
+ "tbsCertificate.issuer", &start,
+ &end);
+
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
+ asn1_delete_structure(&dn);
+
+ len = end - start + 1;
+
+ odn->size = len;
+ odn->data = &cert->cert.data[start];
+
+ return 0;
}
@@ -218,80 +215,85 @@ _gnutls_cert_get_issuer_dn (gnutls_pcert_st * cert, gnutls_datum_t * odn)
* CAs and sign algorithms supported by the peer server.
*/
static int
-_find_x509_cert (const gnutls_certificate_credentials_t cred,
- uint8_t * _data, size_t _data_size,
- const gnutls_pk_algorithm_t * pk_algos,
- int pk_algos_length, int *indx)
+_find_x509_cert(const gnutls_certificate_credentials_t cred,
+ uint8_t * _data, size_t _data_size,
+ const gnutls_pk_algorithm_t * pk_algos,
+ int pk_algos_length, int *indx)
{
- unsigned size;
- gnutls_datum_t odn = { NULL, 0 };
- uint8_t *data = _data;
- ssize_t data_size = _data_size;
- unsigned i, j;
- int result, cert_pk;
-
- *indx = -1;
-
- /* If peer doesn't send any issuers and we have a single certificate
- * then send that one.
- */
- if (data_size == 0 && cred->ncerts == 1)
- {
- *indx = 0;
- return 0;
- }
-
- do
- {
- DECR_LENGTH_RET (data_size, 2, 0);
- size = _gnutls_read_uint16 (data);
- DECR_LENGTH_RET (data_size, size, 0);
- data += 2;
-
- for (i = 0; i < cred->ncerts; i++)
- {
- for (j = 0; j < cred->certs[i].cert_list_length; j++)
- {
- if ((result =
- _gnutls_cert_get_issuer_dn (&cred->certs[i].cert_list[j],
- &odn)) < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if (odn.size != size)
- continue;
-
- /* If the DN matches and
- * the *_SIGN algorithm matches
- * the cert is our cert!
- */
- cert_pk =
- gnutls_pubkey_get_pk_algorithm (cred->certs[i].cert_list[0].pubkey,
- NULL);
-
- if ((memcmp (odn.data, data, size) == 0) &&
- (_gnutls_check_pk_algo_in_list
- (pk_algos, pk_algos_length, cert_pk) == 0))
- {
- *indx = i;
- break;
- }
- }
- if (*indx != -1)
- break;
- }
-
- if (*indx != -1)
- break;
-
- /* move to next record */
- data += size;
- }
- while (1);
-
- return 0;
+ unsigned size;
+ gnutls_datum_t odn = { NULL, 0 };
+ uint8_t *data = _data;
+ ssize_t data_size = _data_size;
+ unsigned i, j;
+ int result, cert_pk;
+
+ *indx = -1;
+
+ /* If peer doesn't send any issuers and we have a single certificate
+ * then send that one.
+ */
+ if (data_size == 0 && cred->ncerts == 1) {
+ *indx = 0;
+ return 0;
+ }
+
+ do {
+ DECR_LENGTH_RET(data_size, 2, 0);
+ size = _gnutls_read_uint16(data);
+ DECR_LENGTH_RET(data_size, size, 0);
+ data += 2;
+
+ for (i = 0; i < cred->ncerts; i++) {
+ for (j = 0; j < cred->certs[i].cert_list_length;
+ j++) {
+ if ((result =
+ _gnutls_cert_get_issuer_dn(&cred->
+ certs[i].
+ cert_list
+ [j],
+ &odn)) <
+ 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (odn.size != size)
+ continue;
+
+ /* If the DN matches and
+ * the *_SIGN algorithm matches
+ * the cert is our cert!
+ */
+ cert_pk =
+ gnutls_pubkey_get_pk_algorithm(cred->
+ certs
+ [i].
+ cert_list
+ [0].
+ pubkey,
+ NULL);
+
+ if ((memcmp(odn.data, data, size) == 0) &&
+ (_gnutls_check_pk_algo_in_list
+ (pk_algos, pk_algos_length,
+ cert_pk) == 0)) {
+ *indx = i;
+ break;
+ }
+ }
+ if (*indx != -1)
+ break;
+ }
+
+ if (*indx != -1)
+ break;
+
+ /* move to next record */
+ data += size;
+ }
+ while (1);
+
+ return 0;
}
@@ -299,37 +301,38 @@ _find_x509_cert (const gnutls_certificate_credentials_t cred,
/* Locates the most appropriate openpgp cert
*/
static int
-_find_openpgp_cert (const gnutls_certificate_credentials_t cred,
- gnutls_pk_algorithm_t * pk_algos,
- int pk_algos_length, int *indx)
+_find_openpgp_cert(const gnutls_certificate_credentials_t cred,
+ gnutls_pk_algorithm_t * pk_algos,
+ int pk_algos_length, int *indx)
{
- unsigned i, j;
-
- *indx = -1;
-
- for (i = 0; i < cred->ncerts; i++)
- {
- for (j = 0; j < cred->certs[i].cert_list_length; j++)
- {
-
- /* If the *_SIGN algorithm matches
- * the cert is our cert!
- */
- if ((_gnutls_check_pk_algo_in_list
- (pk_algos, pk_algos_length,
- gnutls_pubkey_get_pk_algorithm (cred->certs[i].cert_list[0].pubkey,
- NULL)) == 0)
- && (cred->certs[i].cert_list[0].type == GNUTLS_CRT_OPENPGP))
- {
- *indx = i;
- break;
- }
- }
- if (*indx != -1)
- break;
- }
-
- return 0;
+ unsigned i, j;
+
+ *indx = -1;
+
+ for (i = 0; i < cred->ncerts; i++) {
+ for (j = 0; j < cred->certs[i].cert_list_length; j++) {
+
+ /* If the *_SIGN algorithm matches
+ * the cert is our cert!
+ */
+ if ((_gnutls_check_pk_algo_in_list
+ (pk_algos, pk_algos_length,
+ gnutls_pubkey_get_pk_algorithm(cred->
+ certs[i].
+ cert_list[0].
+ pubkey,
+ NULL)) == 0)
+ && (cred->certs[i].cert_list[0].type ==
+ GNUTLS_CRT_OPENPGP)) {
+ *indx = i;
+ break;
+ }
+ }
+ if (*indx != -1)
+ break;
+ }
+
+ return 0;
}
#endif
@@ -337,343 +340,318 @@ _find_openpgp_cert (const gnutls_certificate_credentials_t cred,
* certificate request packet.
*/
static int
-get_issuers_num (gnutls_session_t session, uint8_t * data, ssize_t data_size)
+get_issuers_num(gnutls_session_t session, uint8_t * data,
+ ssize_t data_size)
{
- int issuers_dn_len = 0, result;
- unsigned size;
+ int issuers_dn_len = 0, result;
+ unsigned size;
- /* Count the number of the given issuers;
- * This is used to allocate the issuers_dn without
- * using realloc().
- */
+ /* Count the number of the given issuers;
+ * This is used to allocate the issuers_dn without
+ * using realloc().
+ */
- if (data_size == 0 || data == NULL)
- return 0;
+ if (data_size == 0 || data == NULL)
+ return 0;
- if (data_size > 0)
- do
- {
- /* This works like DECR_LEN()
- */
- result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- DECR_LENGTH_COM (data_size, 2, goto error);
- size = _gnutls_read_uint16 (data);
+ if (data_size > 0)
+ do {
+ /* This works like DECR_LEN()
+ */
+ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ DECR_LENGTH_COM(data_size, 2, goto error);
+ size = _gnutls_read_uint16(data);
- result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- DECR_LENGTH_COM (data_size, size, goto error);
+ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ DECR_LENGTH_COM(data_size, size, goto error);
- data += 2;
+ data += 2;
- if (size > 0)
- {
- issuers_dn_len++;
- data += size;
- }
+ if (size > 0) {
+ issuers_dn_len++;
+ data += size;
+ }
- if (data_size == 0)
- break;
+ if (data_size == 0)
+ break;
- }
- while (1);
+ }
+ while (1);
- return issuers_dn_len;
+ return issuers_dn_len;
-error:
- return result;
+ error:
+ return result;
}
/* Returns the issuers in the server's certificate request
* packet.
*/
static int
-get_issuers (gnutls_session_t session,
- gnutls_datum_t * issuers_dn, int issuers_len,
- uint8_t * data, size_t data_size)
+get_issuers(gnutls_session_t session,
+ gnutls_datum_t * issuers_dn, int issuers_len,
+ uint8_t * data, size_t data_size)
{
- int i;
- unsigned size;
+ int i;
+ unsigned size;
- if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
- return 0;
+ if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+ return 0;
- /* put the requested DNs to req_dn, only in case
- * of X509 certificates.
- */
- if (issuers_len > 0)
- {
+ /* put the requested DNs to req_dn, only in case
+ * of X509 certificates.
+ */
+ if (issuers_len > 0) {
- for (i = 0; i < issuers_len; i++)
- {
- /* The checks here for the buffer boundaries
- * are not needed since the buffer has been
- * parsed above.
- */
- data_size -= 2;
+ for (i = 0; i < issuers_len; i++) {
+ /* The checks here for the buffer boundaries
+ * are not needed since the buffer has been
+ * parsed above.
+ */
+ data_size -= 2;
- size = _gnutls_read_uint16 (data);
+ size = _gnutls_read_uint16(data);
- data += 2;
+ data += 2;
- issuers_dn[i].data = data;
- issuers_dn[i].size = size;
+ issuers_dn[i].data = data;
+ issuers_dn[i].size = size;
- data += size;
- }
- }
+ data += size;
+ }
+ }
- return 0;
+ return 0;
}
-static void
-st_to_st2 (gnutls_retr2_st * st2, gnutls_retr_st * st)
+static void st_to_st2(gnutls_retr2_st * st2, gnutls_retr_st * st)
{
- st2->cert_type = st->type;
- if (st->type == GNUTLS_CRT_OPENPGP)
- {
- st2->key_type = GNUTLS_PRIVKEY_OPENPGP;
- }
- else
- {
- st2->key_type = GNUTLS_PRIVKEY_X509;
- }
- st2->ncerts = st->ncerts;
- st2->deinit_all = st->deinit_all;
-
- switch (st2->cert_type)
- {
- case GNUTLS_CRT_OPENPGP:
- st2->cert.pgp = st->cert.pgp;
- st2->key.pgp = st->key.pgp;
- break;
- case GNUTLS_CRT_X509:
- st2->cert.x509 = st->cert.x509;
- st2->key.x509 = st->key.x509;
- break;
- default:
- return;
- }
+ st2->cert_type = st->type;
+ if (st->type == GNUTLS_CRT_OPENPGP) {
+ st2->key_type = GNUTLS_PRIVKEY_OPENPGP;
+ } else {
+ st2->key_type = GNUTLS_PRIVKEY_X509;
+ }
+ st2->ncerts = st->ncerts;
+ st2->deinit_all = st->deinit_all;
+
+ switch (st2->cert_type) {
+ case GNUTLS_CRT_OPENPGP:
+ st2->cert.pgp = st->cert.pgp;
+ st2->key.pgp = st->key.pgp;
+ break;
+ case GNUTLS_CRT_X509:
+ st2->cert.x509 = st->cert.x509;
+ st2->key.x509 = st->key.x509;
+ break;
+ default:
+ return;
+ }
}
/* Calls the client get callback.
*/
static int
-call_get_cert_callback (gnutls_session_t session,
- const gnutls_datum_t * issuers_dn,
- int issuers_dn_length,
- gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
+call_get_cert_callback(gnutls_session_t session,
+ const gnutls_datum_t * issuers_dn,
+ int issuers_dn_length,
+ gnutls_pk_algorithm_t * pk_algos,
+ int pk_algos_length)
{
- unsigned i;
- gnutls_pcert_st *local_certs = NULL;
- gnutls_privkey_t local_key = NULL;
- int ret = GNUTLS_E_INTERNAL_ERROR;
- gnutls_certificate_type_t type = gnutls_certificate_type_get (session);
- gnutls_certificate_credentials_t cred;
- gnutls_retr2_st st2;
- gnutls_pcert_st *pcert = NULL;
- unsigned int pcert_length = 0;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- memset (&st2, 0, sizeof (st2));
-
- if (cred->get_cert_callback2)
- {
- /* we avoid all allocations and transformations */
- ret = cred->get_cert_callback2 (session, issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length,
- &pcert, &pcert_length, &local_key);
- if (ret < 0)
- return gnutls_assert_val (GNUTLS_E_USER_ERROR);
-
- if (pcert_length > 0 && type != pcert[0].type)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- if (pcert_length == 0)
- {
- pcert = NULL;
- local_key = NULL;
- }
- _gnutls_selected_certs_set (session, pcert, pcert_length, local_key, 0);
-
- return 0;
-
- }
- else if (cred->get_cert_callback)
- {
- ret = cred->get_cert_callback (session, issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length, &st2);
-
- }
- else
- { /* compatibility mode */
- gnutls_retr_st st;
- memset (&st, 0, sizeof (st));
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (cred->server_get_cert_callback == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = cred->server_get_cert_callback (session, &st);
- if (ret >= 0)
- st_to_st2 (&st2, &st);
- }
- else
- { /* CLIENT */
-
- if (cred->client_get_cert_callback == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = cred->client_get_cert_callback (session,
- issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length,
- &st);
- if (ret >= 0)
- st_to_st2 (&st2, &st);
- }
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_USER_ERROR;
- }
-
- if (st2.ncerts == 0)
- return 0; /* no certificate was selected */
-
- if (type != st2.cert_type)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
-
- if (type == GNUTLS_CRT_X509)
- {
- local_certs = alloc_and_load_x509_certs (st2.cert.x509, st2.ncerts);
- }
- else
- { /* PGP */
- if (st2.ncerts > 1)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
+ unsigned i;
+ gnutls_pcert_st *local_certs = NULL;
+ gnutls_privkey_t local_key = NULL;
+ int ret = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_certificate_type_t type =
+ gnutls_certificate_type_get(session);
+ gnutls_certificate_credentials_t cred;
+ gnutls_retr2_st st2;
+ gnutls_pcert_st *pcert = NULL;
+ unsigned int pcert_length = 0;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ memset(&st2, 0, sizeof(st2));
+
+ if (cred->get_cert_callback2) {
+ /* we avoid all allocations and transformations */
+ ret =
+ cred->get_cert_callback2(session, issuers_dn,
+ issuers_dn_length, pk_algos,
+ pk_algos_length, &pcert,
+ &pcert_length, &local_key);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_USER_ERROR);
+
+ if (pcert_length > 0 && type != pcert[0].type)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (pcert_length == 0) {
+ pcert = NULL;
+ local_key = NULL;
+ }
+ _gnutls_selected_certs_set(session, pcert, pcert_length,
+ local_key, 0);
+
+ return 0;
+
+ } else if (cred->get_cert_callback) {
+ ret =
+ cred->get_cert_callback(session, issuers_dn,
+ issuers_dn_length, pk_algos,
+ pk_algos_length, &st2);
+
+ } else { /* compatibility mode */
+ gnutls_retr_st st;
+ memset(&st, 0, sizeof(st));
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (cred->server_get_cert_callback == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = cred->server_get_cert_callback(session, &st);
+ if (ret >= 0)
+ st_to_st2(&st2, &st);
+ } else { /* CLIENT */
+
+ if (cred->client_get_cert_callback == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = cred->client_get_cert_callback(session,
+ issuers_dn,
+ issuers_dn_length,
+ pk_algos,
+ pk_algos_length,
+ &st);
+ if (ret >= 0)
+ st_to_st2(&st2, &st);
+ }
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_USER_ERROR;
+ }
+
+ if (st2.ncerts == 0)
+ return 0; /* no certificate was selected */
+
+ if (type != st2.cert_type) {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+
+ if (type == GNUTLS_CRT_X509) {
+ local_certs =
+ alloc_and_load_x509_certs(st2.cert.x509, st2.ncerts);
+ } else { /* PGP */
+ if (st2.ncerts > 1) {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
#ifdef ENABLE_OPENPGP
- {
- local_certs = alloc_and_load_pgp_certs (st2.cert.pgp);
- }
+ {
+ local_certs =
+ alloc_and_load_pgp_certs(st2.cert.pgp);
+ }
#else
- ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
- goto cleanup;
+ ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ goto cleanup;
#endif
- }
-
- if (local_certs == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- switch (st2.key_type)
- {
- case GNUTLS_PRIVKEY_OPENPGP:
+ }
+
+ if (local_certs == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ switch (st2.key_type) {
+ case GNUTLS_PRIVKEY_OPENPGP:
#ifdef ENABLE_OPENPGP
- if (st2.key.pgp != NULL)
- {
- local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
+ if (st2.key.pgp != NULL) {
+ local_key =
+ alloc_and_load_pgp_key(st2.key.pgp,
+ st2.deinit_all);
+ if (local_key == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
#endif
- break;
- case GNUTLS_PRIVKEY_PKCS11:
+ break;
+ case GNUTLS_PRIVKEY_PKCS11:
#ifdef ENABLE_PKCS11
- if (st2.key.pkcs11 != NULL)
- {
- local_key =
- alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
+ if (st2.key.pkcs11 != NULL) {
+ local_key =
+ alloc_and_load_pkcs11_key(st2.key.pkcs11,
+ st2.deinit_all);
+ if (local_key == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
#endif
- break;
- case GNUTLS_PRIVKEY_X509:
- if (st2.key.x509 != NULL)
- {
- local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all);
- if (local_key == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
- }
- break;
- default:
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- _gnutls_selected_certs_set (session, local_certs,
- (local_certs != NULL) ? st2.ncerts : 0,
- local_key, 1);
-
- ret = 0;
-
-cleanup:
-
- if (st2.cert_type == GNUTLS_CRT_X509)
- {
- if (st2.deinit_all)
- {
- for (i = 0; i < st2.ncerts; i++)
- {
- gnutls_x509_crt_deinit (st2.cert.x509[i]);
- }
- gnutls_free(st2.cert.x509);
- }
- }
- else
- {
+ break;
+ case GNUTLS_PRIVKEY_X509:
+ if (st2.key.x509 != NULL) {
+ local_key =
+ alloc_and_load_x509_key(st2.key.x509,
+ st2.deinit_all);
+ if (local_key == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
+ break;
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ _gnutls_selected_certs_set(session, local_certs,
+ (local_certs != NULL) ? st2.ncerts : 0,
+ local_key, 1);
+
+ ret = 0;
+
+ cleanup:
+
+ if (st2.cert_type == GNUTLS_CRT_X509) {
+ if (st2.deinit_all) {
+ for (i = 0; i < st2.ncerts; i++) {
+ gnutls_x509_crt_deinit(st2.cert.x509[i]);
+ }
+ gnutls_free(st2.cert.x509);
+ }
+ } else {
#ifdef ENABLE_OPENPGP
- if (st2.deinit_all)
- {
- gnutls_openpgp_crt_deinit (st2.cert.pgp);
- }
+ if (st2.deinit_all) {
+ gnutls_openpgp_crt_deinit(st2.cert.pgp);
+ }
#endif
- }
+ }
- if (ret < 0)
- {
- if (local_key != NULL)
- gnutls_privkey_deinit (local_key);
- }
+ if (ret < 0) {
+ if (local_key != NULL)
+ gnutls_privkey_deinit(local_key);
+ }
- return ret;
+ return ret;
}
/* Finds the appropriate certificate depending on the cA Distinguished name
@@ -684,358 +662,365 @@ cleanup:
* algorithm (only in automatic mode).
*/
static int
-_select_client_cert (gnutls_session_t session,
- uint8_t * _data, size_t _data_size,
- gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
+_select_client_cert(gnutls_session_t session,
+ uint8_t * _data, size_t _data_size,
+ gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
{
- int result;
- int indx = -1;
- gnutls_certificate_credentials_t cred;
- uint8_t *data = _data;
- ssize_t data_size = _data_size;
- int issuers_dn_length;
- gnutls_datum_t *issuers_dn = NULL;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (cred->client_get_cert_callback != NULL
- || cred->get_cert_callback != NULL || cred->get_cert_callback2 != NULL)
- {
-
- /* use a callback to get certificate
- */
- if (session->security_parameters.cert_type != GNUTLS_CRT_X509)
- issuers_dn_length = 0;
- else
- {
- issuers_dn_length = get_issuers_num (session, data, data_size);
- if (issuers_dn_length < 0)
- {
- gnutls_assert ();
- return issuers_dn_length;
- }
-
- if (issuers_dn_length > 0)
- {
- issuers_dn =
- gnutls_malloc (sizeof (gnutls_datum_t) * issuers_dn_length);
- if (issuers_dn == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result =
- get_issuers (session, issuers_dn, issuers_dn_length,
- data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- }
-
- result =
- call_get_cert_callback (session, issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length);
- goto cleanup;
-
- }
- else
- {
- /* If we have no callbacks, try to guess.
- */
- result = 0;
-
- if (session->security_parameters.cert_type == GNUTLS_CRT_X509)
- result =
- _find_x509_cert (cred, _data, _data_size,
- pk_algos, pk_algos_length, &indx);
+ int result;
+ int indx = -1;
+ gnutls_certificate_credentials_t cred;
+ uint8_t *data = _data;
+ ssize_t data_size = _data_size;
+ int issuers_dn_length;
+ gnutls_datum_t *issuers_dn = NULL;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (cred->client_get_cert_callback != NULL
+ || cred->get_cert_callback != NULL
+ || cred->get_cert_callback2 != NULL) {
+
+ /* use a callback to get certificate
+ */
+ if (session->security_parameters.cert_type !=
+ GNUTLS_CRT_X509)
+ issuers_dn_length = 0;
+ else {
+ issuers_dn_length =
+ get_issuers_num(session, data, data_size);
+ if (issuers_dn_length < 0) {
+ gnutls_assert();
+ return issuers_dn_length;
+ }
+
+ if (issuers_dn_length > 0) {
+ issuers_dn =
+ gnutls_malloc(sizeof(gnutls_datum_t) *
+ issuers_dn_length);
+ if (issuers_dn == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ get_issuers(session, issuers_dn,
+ issuers_dn_length, data,
+ data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ }
+
+ result =
+ call_get_cert_callback(session, issuers_dn,
+ issuers_dn_length, pk_algos,
+ pk_algos_length);
+ goto cleanup;
+
+ } else {
+ /* If we have no callbacks, try to guess.
+ */
+ result = 0;
+
+ if (session->security_parameters.cert_type ==
+ GNUTLS_CRT_X509)
+ result =
+ _find_x509_cert(cred, _data, _data_size,
+ pk_algos, pk_algos_length,
+ &indx);
#ifdef ENABLE_OPENPGP
- else if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP)
- result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx);
+ else if (session->security_parameters.cert_type ==
+ GNUTLS_CRT_OPENPGP)
+ result =
+ _find_openpgp_cert(cred, pk_algos,
+ pk_algos_length, &indx);
#endif
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if (indx >= 0)
- {
- _gnutls_selected_certs_set (session,
- &cred->certs[indx].cert_list[0],
- cred->certs[indx].cert_list_length,
- cred->pkey[indx], 0);
- }
- else
- {
- _gnutls_selected_certs_set (session, NULL, 0, NULL, 0);
- }
-
- result = 0;
- }
-
-cleanup:
- gnutls_free (issuers_dn);
- return result;
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (indx >= 0) {
+ _gnutls_selected_certs_set(session,
+ &cred->certs[indx].
+ cert_list[0],
+ cred->certs[indx].
+ cert_list_length,
+ cred->pkey[indx], 0);
+ } else {
+ _gnutls_selected_certs_set(session, NULL, 0, NULL,
+ 0);
+ }
+
+ result = 0;
+ }
+
+ cleanup:
+ gnutls_free(issuers_dn);
+ return result;
}
/* Generate certificate message
*/
static int
-_gnutls_gen_x509_crt (gnutls_session_t session, gnutls_buffer_st * data)
+_gnutls_gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret, i;
- gnutls_pcert_st *apr_cert_list;
- gnutls_privkey_t apr_pkey;
- int apr_cert_list_length;
-
- /* find the appropriate certificate
- */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = 3;
- for (i = 0; i < apr_cert_list_length; i++)
- {
- ret += apr_cert_list[i].cert.size + 3;
- /* hold size
- * for uint24 */
- }
-
- /* if no certificates were found then send:
- * 0B 00 00 03 00 00 00 // Certificate with no certs
- * instead of:
- * 0B 00 00 00 // empty certificate handshake
- *
- * ( the above is the whole handshake message, not
- * the one produced here )
- */
-
- ret = _gnutls_buffer_append_prefix (data, 24, ret - 3);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- for (i = 0; i < apr_cert_list_length; i++)
- {
- ret =
- _gnutls_buffer_append_data_prefix (data, 24,
- apr_cert_list[i].cert.data,
- apr_cert_list[i].cert.size);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
-
- return data->length;
+ int ret, i;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+
+ /* find the appropriate certificate
+ */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = 3;
+ for (i = 0; i < apr_cert_list_length; i++) {
+ ret += apr_cert_list[i].cert.size + 3;
+ /* hold size
+ * for uint24 */
+ }
+
+ /* if no certificates were found then send:
+ * 0B 00 00 03 00 00 00 // Certificate with no certs
+ * instead of:
+ * 0B 00 00 00 // empty certificate handshake
+ *
+ * ( the above is the whole handshake message, not
+ * the one produced here )
+ */
+
+ ret = _gnutls_buffer_append_prefix(data, 24, ret - 3);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < apr_cert_list_length; i++) {
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 24,
+ apr_cert_list[i].
+ cert.data,
+ apr_cert_list[i].
+ cert.size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return data->length;
}
enum PGPKeyDescriptorType
-{ PGP_EMPTY_KEY=1, PGP_KEY_SUBKEY, PGP_KEY_FINGERPRINT_SUBKEY };
+ { PGP_EMPTY_KEY = 1, PGP_KEY_SUBKEY, PGP_KEY_FINGERPRINT_SUBKEY };
#ifdef ENABLE_OPENPGP
static int
-_gnutls_gen_openpgp_certificate (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_openpgp_certificate(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret;
- gnutls_pcert_st *apr_cert_list;
- gnutls_privkey_t apr_pkey;
- int apr_cert_list_length;
- unsigned int subkey;
- uint8_t type;
- uint8_t fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
- char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1];
- size_t fpr_size;
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = 3 + 1 + 3;
-
- if (apr_cert_list_length > 0)
- {
- fpr_size = sizeof (fpr);
- ret =
- gnutls_pubkey_get_openpgp_key_id (apr_cert_list[0].pubkey, 0, fpr,
- &fpr_size, &subkey);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret += 1 + fpr_size; /* for the keyid */
- _gnutls_handshake_log("Sending PGP key ID %s (%s)\n", _gnutls_bin2hex(fpr, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL),
- subkey?"subkey":"master");
-
- ret += apr_cert_list[0].cert.size;
- }
-
- ret = _gnutls_buffer_append_prefix (data, 24, ret - 3);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
-
- if (apr_cert_list_length > 0)
- {
- type = PGP_KEY_SUBKEY;
-
- ret = _gnutls_buffer_append_data (data, &type, 1);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret = _gnutls_buffer_append_data_prefix (data, 8, fpr, fpr_size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret =
- _gnutls_buffer_append_data_prefix (data, 24,
- apr_cert_list[0].cert.data,
- apr_cert_list[0].cert.size);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
- else /* empty - no certificate */
- {
- type = PGP_EMPTY_KEY;
-
- ret = _gnutls_buffer_append_data (data, &type, 1);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret = _gnutls_buffer_append_prefix (data, 24, 0);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
-
- return data->length;
+ int ret;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ unsigned int subkey;
+ uint8_t type;
+ uint8_t fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
+ char buf[2 * GNUTLS_OPENPGP_KEYID_SIZE + 1];
+ size_t fpr_size;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = 3 + 1 + 3;
+
+ if (apr_cert_list_length > 0) {
+ fpr_size = sizeof(fpr);
+ ret =
+ gnutls_pubkey_get_openpgp_key_id(apr_cert_list[0].
+ pubkey, 0, fpr,
+ &fpr_size, &subkey);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret += 1 + fpr_size; /* for the keyid */
+ _gnutls_handshake_log("Sending PGP key ID %s (%s)\n",
+ _gnutls_bin2hex(fpr,
+ GNUTLS_OPENPGP_KEYID_SIZE,
+ buf, sizeof(buf),
+ NULL),
+ subkey ? "subkey" : "master");
+
+ ret += apr_cert_list[0].cert.size;
+ }
+
+ ret = _gnutls_buffer_append_prefix(data, 24, ret - 3);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+
+ if (apr_cert_list_length > 0) {
+ type = PGP_KEY_SUBKEY;
+
+ ret = _gnutls_buffer_append_data(data, &type, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 8, fpr,
+ fpr_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 24,
+ apr_cert_list[0].
+ cert.data,
+ apr_cert_list[0].
+ cert.size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else { /* empty - no certificate */
+
+ type = PGP_EMPTY_KEY;
+
+ ret = _gnutls_buffer_append_data(data, &type, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_buffer_append_prefix(data, 24, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return data->length;
}
static int
-_gnutls_gen_openpgp_certificate_fpr (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_openpgp_certificate_fpr(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret, packet_size;
- uint8_t type, fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
- uint8_t id[GNUTLS_OPENPGP_KEYID_SIZE];
- unsigned int subkey;
- size_t fpr_size, id_size;
- gnutls_pcert_st *apr_cert_list;
- gnutls_privkey_t apr_pkey;
- int apr_cert_list_length;
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (apr_cert_list_length <= 0)
- return _gnutls_gen_openpgp_certificate (session, data);
-
- id_size = sizeof (id);
- ret =
- gnutls_pubkey_get_openpgp_key_id (apr_cert_list[0].pubkey, 0, id,
- &id_size, &subkey);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- fpr_size = sizeof (fpr);
- ret =
- gnutls_pubkey_get_openpgp_key_id (apr_cert_list[0].pubkey,
- GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT,
- fpr, &fpr_size, NULL);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- packet_size = 3 + 1;
- packet_size += 1 + fpr_size; /* for the keyid */
-
- /* Only v4 fingerprints are sent
- */
- packet_size += 20 + 1;
-
- ret = _gnutls_buffer_append_prefix (data, 24, packet_size - 3);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- type = PGP_KEY_FINGERPRINT_SUBKEY;
- ret = _gnutls_buffer_append_data (data, &type, 1);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret = _gnutls_buffer_append_data_prefix (data, 8, id, id_size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret = _gnutls_buffer_append_data_prefix (data, 8, fpr, fpr_size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- return data->length;
+ int ret, packet_size;
+ uint8_t type, fpr[GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE];
+ uint8_t id[GNUTLS_OPENPGP_KEYID_SIZE];
+ unsigned int subkey;
+ size_t fpr_size, id_size;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (apr_cert_list_length <= 0)
+ return _gnutls_gen_openpgp_certificate(session, data);
+
+ id_size = sizeof(id);
+ ret =
+ gnutls_pubkey_get_openpgp_key_id(apr_cert_list[0].pubkey, 0,
+ id, &id_size, &subkey);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ fpr_size = sizeof(fpr);
+ ret =
+ gnutls_pubkey_get_openpgp_key_id(apr_cert_list[0].pubkey,
+ GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT,
+ fpr, &fpr_size, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ packet_size = 3 + 1;
+ packet_size += 1 + fpr_size; /* for the keyid */
+
+ /* Only v4 fingerprints are sent
+ */
+ packet_size += 20 + 1;
+
+ ret = _gnutls_buffer_append_prefix(data, 24, packet_size - 3);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ type = PGP_KEY_FINGERPRINT_SUBKEY;
+ ret = _gnutls_buffer_append_data(data, &type, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_buffer_append_data_prefix(data, 8, id, id_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_buffer_append_data_prefix(data, 8, fpr, fpr_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return data->length;
}
#endif
int
-_gnutls_gen_cert_client_crt (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_cert_client_crt(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- switch (session->security_parameters.cert_type)
- {
+ switch (session->security_parameters.cert_type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- if (_gnutls_openpgp_send_fingerprint (session) == 0)
- return _gnutls_gen_openpgp_certificate (session, data);
- else
- return _gnutls_gen_openpgp_certificate_fpr (session, data);
+ case GNUTLS_CRT_OPENPGP:
+ if (_gnutls_openpgp_send_fingerprint(session) == 0)
+ return _gnutls_gen_openpgp_certificate(session,
+ data);
+ else
+ return _gnutls_gen_openpgp_certificate_fpr(session,
+ data);
#endif
- case GNUTLS_CRT_X509:
- return _gnutls_gen_x509_crt (session, data);
+ case GNUTLS_CRT_X509:
+ return _gnutls_gen_x509_crt(session, data);
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
int
-_gnutls_gen_cert_server_crt (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_cert_server_crt(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- switch (session->security_parameters.cert_type)
- {
+ switch (session->security_parameters.cert_type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return _gnutls_gen_openpgp_certificate (session, data);
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_gen_openpgp_certificate(session, data);
#endif
- case GNUTLS_CRT_X509:
- return _gnutls_gen_x509_crt (session, data);
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ case GNUTLS_CRT_X509:
+ return _gnutls_gen_x509_crt(session, data);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
/* Process server certificate
@@ -1043,385 +1028,360 @@ _gnutls_gen_cert_server_crt (gnutls_session_t session,
#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) gnutls_pcert_deinit(&peer_certificate_list[x])
static int
-_gnutls_proc_x509_server_crt (gnutls_session_t session,
- uint8_t * data, size_t data_size)
+_gnutls_proc_x509_server_crt(gnutls_session_t session,
+ uint8_t * data, size_t data_size)
{
- int size, len, ret;
- uint8_t *p = data;
- cert_auth_info_t info;
- gnutls_certificate_credentials_t cred;
- ssize_t dsize = data_size;
- int i;
- gnutls_pcert_st *peer_certificate_list;
- size_t peer_certificate_list_size = 0, j, x;
- gnutls_datum_t tmp;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
-
- if (data == NULL || data_size == 0)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- DECR_LEN (dsize, 3);
- size = _gnutls_read_uint24 (p);
- p += 3;
-
- /* some implementations send 0B 00 00 06 00 00 03 00 00 00
- * instead of just 0B 00 00 03 00 00 00 as an empty certificate message.
- */
- if (size == 0 || size == 3)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- i = dsize;
- while (i > 0)
- {
- DECR_LEN (dsize, 3);
- len = _gnutls_read_uint24 (p);
- p += 3;
- DECR_LEN (dsize, len);
- peer_certificate_list_size++;
- p += len;
- i -= len + 3;
- }
-
- if (peer_certificate_list_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- /* Ok we now allocate the memory to hold the
- * certificate list
- */
-
- peer_certificate_list =
- gnutls_calloc (1,
- sizeof (gnutls_pcert_st) * (peer_certificate_list_size));
- if (peer_certificate_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- p = data + 3;
-
- /* Now we start parsing the list (again).
- * We don't use DECR_LEN since the list has
- * been parsed before.
- */
-
- for (j = 0; j < peer_certificate_list_size; j++)
- {
- len = _gnutls_read_uint24 (p);
- p += 3;
-
- tmp.size = len;
- tmp.data = p;
-
- ret =
- gnutls_pcert_import_x509_raw (&peer_certificate_list
- [j], &tmp, GNUTLS_X509_FMT_DER, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- peer_certificate_list_size = j;
- goto cleanup;
- }
-
- p += len;
- }
-
-
- if ((ret =
- _gnutls_copy_certificate_auth_info (info,
- peer_certificate_list,
- peer_certificate_list_size,
- NULL)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((ret =
- _gnutls_check_key_usage (&peer_certificate_list[0],
- gnutls_kx_get (session))) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- CLEAR_CERTS;
- gnutls_free (peer_certificate_list);
- return ret;
+ int size, len, ret;
+ uint8_t *p = data;
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ ssize_t dsize = data_size;
+ int i;
+ gnutls_pcert_st *peer_certificate_list;
+ size_t peer_certificate_list_size = 0, j, x;
+ gnutls_datum_t tmp;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+
+ if (data == NULL || data_size == 0) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ DECR_LEN(dsize, 3);
+ size = _gnutls_read_uint24(p);
+ p += 3;
+
+ /* some implementations send 0B 00 00 06 00 00 03 00 00 00
+ * instead of just 0B 00 00 03 00 00 00 as an empty certificate message.
+ */
+ if (size == 0 || size == 3) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ i = dsize;
+ while (i > 0) {
+ DECR_LEN(dsize, 3);
+ len = _gnutls_read_uint24(p);
+ p += 3;
+ DECR_LEN(dsize, len);
+ peer_certificate_list_size++;
+ p += len;
+ i -= len + 3;
+ }
+
+ if (peer_certificate_list_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* Ok we now allocate the memory to hold the
+ * certificate list
+ */
+
+ peer_certificate_list =
+ gnutls_calloc(1,
+ sizeof(gnutls_pcert_st) *
+ (peer_certificate_list_size));
+ if (peer_certificate_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p = data + 3;
+
+ /* Now we start parsing the list (again).
+ * We don't use DECR_LEN since the list has
+ * been parsed before.
+ */
+
+ for (j = 0; j < peer_certificate_list_size; j++) {
+ len = _gnutls_read_uint24(p);
+ p += 3;
+
+ tmp.size = len;
+ tmp.data = p;
+
+ ret =
+ gnutls_pcert_import_x509_raw(&peer_certificate_list
+ [j], &tmp,
+ GNUTLS_X509_FMT_DER, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ peer_certificate_list_size = j;
+ goto cleanup;
+ }
+
+ p += len;
+ }
+
+
+ if ((ret =
+ _gnutls_copy_certificate_auth_info(info,
+ peer_certificate_list,
+ peer_certificate_list_size,
+ NULL)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_check_key_usage(&peer_certificate_list[0],
+ gnutls_kx_get(session))) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ CLEAR_CERTS;
+ gnutls_free(peer_certificate_list);
+ return ret;
}
#ifdef ENABLE_OPENPGP
static int
-_gnutls_proc_openpgp_server_crt (gnutls_session_t session,
- uint8_t * data, size_t data_size)
+_gnutls_proc_openpgp_server_crt(gnutls_session_t session,
+ uint8_t * data, size_t data_size)
{
- int size, ret, len;
- uint8_t *p = data;
- cert_auth_info_t info;
- gnutls_certificate_credentials_t cred;
- ssize_t dsize = data_size;
- int key_type;
- gnutls_pcert_st *peer_certificate_list = NULL;
- gnutls_datum_t tmp, akey = { NULL, 0 };
- unsigned int compat = 0;
- uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
-
- if (data == NULL || data_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- DECR_LEN (dsize, 3);
- size = _gnutls_read_uint24 (p);
- p += 3;
-
- if (size == 0)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- /* Read PGPKeyDescriptor */
- DECR_LEN (dsize, 1);
- key_type = *p;
- p++;
-
- /* Try to read the keyid if present */
- if (key_type == PGP_KEY_FINGERPRINT_SUBKEY || key_type == PGP_KEY_SUBKEY)
- {
- /* check size */
- if (*p != GNUTLS_OPENPGP_KEYID_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
- DECR_LEN (dsize, 1);
- p++;
-
- DECR_LEN (dsize, GNUTLS_OPENPGP_KEYID_SIZE);
- memcpy (subkey_id, p, GNUTLS_OPENPGP_KEYID_SIZE);
- p += GNUTLS_OPENPGP_KEYID_SIZE;
- }
-
- if (key_type == PGP_KEY_FINGERPRINT_SUBKEY)
- {
- DECR_LEN (dsize, 1);
- len = (uint8_t) * p;
- p++;
-
- if (len != 20)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
- }
-
- DECR_LEN (dsize, 20);
-
- /* request the actual key from our database, or
- * a key server or anything.
- */
- if ((ret =
- _gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- tmp = akey;
- }
- else if (key_type == PGP_KEY_SUBKEY)
- { /* the whole key */
-
- /* Read the actual certificate */
- DECR_LEN (dsize, 3);
- len = _gnutls_read_uint24 (p);
- p += 3;
-
- if (len == 0)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- }
-
- DECR_LEN (dsize, len);
-
- tmp.size = len;
- tmp.data = p;
-
- }
- else if (key_type == PGP_EMPTY_KEY)
- { /* the whole key */
-
- /* Read the actual certificate */
- DECR_LEN (dsize, 3);
- len = _gnutls_read_uint24 (p);
- p += 3;
-
- if (len == 0) /* PGP_EMPTY_KEY */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- /* Uncomment to remove compatibility with RFC5081.
- else
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);*/
-
- DECR_LEN (dsize, len);
-
- tmp.size = len;
- tmp.data = p;
-
- compat = 1;
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
- /* ok we now have the peer's key in tmp datum
- */
- peer_certificate_list =
- gnutls_calloc (1, sizeof (gnutls_pcert_st));
- if (peer_certificate_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret =
- gnutls_pcert_import_openpgp_raw (&peer_certificate_list[0],
- &tmp,
- GNUTLS_OPENPGP_FMT_RAW,
- (compat==0)?subkey_id:NULL,
- 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (compat != 0)
- {
- size_t t = sizeof(subkey_id);
- gnutls_pubkey_get_openpgp_key_id(peer_certificate_list[0].pubkey, 0, subkey_id, &t, NULL);
- }
-
- ret =
- _gnutls_copy_certificate_auth_info (info,
- peer_certificate_list,
- 1, subkey_id);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((ret =
- _gnutls_check_key_usage (&peer_certificate_list[0],
- gnutls_kx_get (session))) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- _gnutls_free_datum (&akey);
- gnutls_pcert_deinit(&peer_certificate_list[0]);
- gnutls_free (peer_certificate_list);
- return ret;
+ int size, ret, len;
+ uint8_t *p = data;
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ ssize_t dsize = data_size;
+ int key_type;
+ gnutls_pcert_st *peer_certificate_list = NULL;
+ gnutls_datum_t tmp, akey = { NULL, 0 };
+ unsigned int compat = 0;
+ uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+
+ if (data == NULL || data_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ DECR_LEN(dsize, 3);
+ size = _gnutls_read_uint24(p);
+ p += 3;
+
+ if (size == 0) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* Read PGPKeyDescriptor */
+ DECR_LEN(dsize, 1);
+ key_type = *p;
+ p++;
+
+ /* Try to read the keyid if present */
+ if (key_type == PGP_KEY_FINGERPRINT_SUBKEY
+ || key_type == PGP_KEY_SUBKEY) {
+ /* check size */
+ if (*p != GNUTLS_OPENPGP_KEYID_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ DECR_LEN(dsize, 1);
+ p++;
+
+ DECR_LEN(dsize, GNUTLS_OPENPGP_KEYID_SIZE);
+ memcpy(subkey_id, p, GNUTLS_OPENPGP_KEYID_SIZE);
+ p += GNUTLS_OPENPGP_KEYID_SIZE;
+ }
+
+ if (key_type == PGP_KEY_FINGERPRINT_SUBKEY) {
+ DECR_LEN(dsize, 1);
+ len = (uint8_t) * p;
+ p++;
+
+ if (len != 20) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
+ }
+
+ DECR_LEN(dsize, 20);
+
+ /* request the actual key from our database, or
+ * a key server or anything.
+ */
+ if ((ret =
+ _gnutls_openpgp_request_key(session, &akey, cred, p,
+ 20)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ tmp = akey;
+ } else if (key_type == PGP_KEY_SUBKEY) { /* the whole key */
+
+ /* Read the actual certificate */
+ DECR_LEN(dsize, 3);
+ len = _gnutls_read_uint24(p);
+ p += 3;
+
+ if (len == 0) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ }
+
+ DECR_LEN(dsize, len);
+
+ tmp.size = len;
+ tmp.data = p;
+
+ } else if (key_type == PGP_EMPTY_KEY) { /* the whole key */
+
+ /* Read the actual certificate */
+ DECR_LEN(dsize, 3);
+ len = _gnutls_read_uint24(p);
+ p += 3;
+
+ if (len == 0) /* PGP_EMPTY_KEY */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ /* Uncomment to remove compatibility with RFC5081.
+ else
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); */
+
+ DECR_LEN(dsize, len);
+
+ tmp.size = len;
+ tmp.data = p;
+
+ compat = 1;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ /* ok we now have the peer's key in tmp datum
+ */
+ peer_certificate_list = gnutls_calloc(1, sizeof(gnutls_pcert_st));
+ if (peer_certificate_list == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_pcert_import_openpgp_raw(&peer_certificate_list[0],
+ &tmp,
+ GNUTLS_OPENPGP_FMT_RAW,
+ (compat ==
+ 0) ? subkey_id : NULL, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (compat != 0) {
+ size_t t = sizeof(subkey_id);
+ gnutls_pubkey_get_openpgp_key_id(peer_certificate_list[0].
+ pubkey, 0, subkey_id, &t,
+ NULL);
+ }
+
+ ret =
+ _gnutls_copy_certificate_auth_info(info,
+ peer_certificate_list,
+ 1, subkey_id);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_check_key_usage(&peer_certificate_list[0],
+ gnutls_kx_get(session))) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ _gnutls_free_datum(&akey);
+ gnutls_pcert_deinit(&peer_certificate_list[0]);
+ gnutls_free(peer_certificate_list);
+ return ret;
}
#endif
int
-_gnutls_proc_crt (gnutls_session_t session, uint8_t * data, size_t data_size)
+_gnutls_proc_crt(gnutls_session_t session, uint8_t * data,
+ size_t data_size)
{
- int ret;
- gnutls_certificate_credentials_t cred;
-
- cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
- GNUTLS_CRD_CERTIFICATE,
- NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- switch (session->security_parameters.cert_type)
- {
+ int ret;
+ gnutls_certificate_credentials_t cred;
+
+ cred =
+ (gnutls_certificate_credentials_t) _gnutls_get_cred(session,
+ GNUTLS_CRD_CERTIFICATE,
+ NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ switch (session->security_parameters.cert_type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- ret = _gnutls_proc_openpgp_server_crt (session,
- data, data_size);
- break;
+ case GNUTLS_CRT_OPENPGP:
+ ret = _gnutls_proc_openpgp_server_crt(session,
+ data, data_size);
+ break;
#endif
- case GNUTLS_CRT_X509:
- ret = _gnutls_proc_x509_server_crt (session, data, data_size);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- return ret;
+ case GNUTLS_CRT_X509:
+ ret =
+ _gnutls_proc_x509_server_crt(session, data, data_size);
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return ret;
}
@@ -1430,352 +1390,332 @@ _gnutls_proc_crt (gnutls_session_t session, uint8_t * data, size_t data_size)
* if true;
*/
inline static int
-_gnutls_check_supported_sign_algo (CertificateSigType algo)
+_gnutls_check_supported_sign_algo(CertificateSigType algo)
{
- switch (algo)
- {
- case RSA_SIGN:
- return GNUTLS_PK_RSA;
- case DSA_SIGN:
- return GNUTLS_PK_DSA;
- case ECDSA_SIGN:
- return GNUTLS_PK_EC;
- }
-
- return -1;
+ switch (algo) {
+ case RSA_SIGN:
+ return GNUTLS_PK_RSA;
+ case DSA_SIGN:
+ return GNUTLS_PK_DSA;
+ case ECDSA_SIGN:
+ return GNUTLS_PK_EC;
+ }
+
+ return -1;
}
int
-_gnutls_proc_cert_cert_req (gnutls_session_t session, uint8_t * data,
- size_t data_size)
+_gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data,
+ size_t data_size)
{
- int size, ret;
- uint8_t *p;
- gnutls_certificate_credentials_t cred;
- ssize_t dsize;
- int i;
- gnutls_pk_algorithm_t pk_algos[MAX_CLIENT_SIGN_ALGOS];
- int pk_algos_length;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 0)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- p = data;
- dsize = data_size;
-
- DECR_LEN (dsize, 1);
- size = p[0];
- p++;
- /* check if the sign algorithm is supported.
- */
- pk_algos_length = 0;
- for (i = 0; i < size; i++, p++)
- {
- DECR_LEN (dsize, 1);
- if ((ret = _gnutls_check_supported_sign_algo (*p)) > 0)
- {
- if (pk_algos_length < MAX_CLIENT_SIGN_ALGOS)
- {
- pk_algos[pk_algos_length++] = ret;
- }
- }
- }
-
- if (pk_algos_length == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- /* read supported hashes */
- int hash_num;
- DECR_LEN (dsize, 2);
- hash_num = _gnutls_read_uint16 (p);
- p += 2;
- DECR_LEN (dsize, hash_num);
-
- ret = _gnutls_sign_algorithm_parse_data (session, p, hash_num);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- p += hash_num;
- }
-
- /* read the certificate authorities */
- DECR_LEN (dsize, 2);
- size = _gnutls_read_uint16 (p);
- p += 2;
-
- if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP
- && size != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- DECR_LEN (dsize, size);
-
- /* now we ask the user to tell which one
- * he wants to use.
- */
- if ((ret =
- _select_client_cert (session, p, size, pk_algos, pk_algos_length)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* We should reply with a certificate message,
- * even if we have no certificate to send.
- */
- session->key.crt_requested = 1;
-
- return 0;
+ int size, ret;
+ uint8_t *p;
+ gnutls_certificate_credentials_t cred;
+ ssize_t dsize;
+ int i;
+ gnutls_pk_algorithm_t pk_algos[MAX_CLIENT_SIGN_ALGOS];
+ int pk_algos_length;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ p = data;
+ dsize = data_size;
+
+ DECR_LEN(dsize, 1);
+ size = p[0];
+ p++;
+ /* check if the sign algorithm is supported.
+ */
+ pk_algos_length = 0;
+ for (i = 0; i < size; i++, p++) {
+ DECR_LEN(dsize, 1);
+ if ((ret = _gnutls_check_supported_sign_algo(*p)) > 0) {
+ if (pk_algos_length < MAX_CLIENT_SIGN_ALGOS) {
+ pk_algos[pk_algos_length++] = ret;
+ }
+ }
+ }
+
+ if (pk_algos_length == 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ /* read supported hashes */
+ int hash_num;
+ DECR_LEN(dsize, 2);
+ hash_num = _gnutls_read_uint16(p);
+ p += 2;
+ DECR_LEN(dsize, hash_num);
+
+ ret =
+ _gnutls_sign_algorithm_parse_data(session, p,
+ hash_num);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ p += hash_num;
+ }
+
+ /* read the certificate authorities */
+ DECR_LEN(dsize, 2);
+ size = _gnutls_read_uint16(p);
+ p += 2;
+
+ if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP
+ && size != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ DECR_LEN(dsize, size);
+
+ /* now we ask the user to tell which one
+ * he wants to use.
+ */
+ if ((ret =
+ _select_client_cert(session, p, size, pk_algos,
+ pk_algos_length)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* We should reply with a certificate message,
+ * even if we have no certificate to send.
+ */
+ session->key.crt_requested = 1;
+
+ return 0;
}
int
-_gnutls_gen_cert_client_crt_vrfy (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret;
- gnutls_pcert_st *apr_cert_list;
- gnutls_privkey_t apr_pkey;
- int apr_cert_list_length;
- gnutls_datum_t signature = { NULL, 0 };
- gnutls_sign_algorithm_t sign_algo;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (apr_cert_list_length > 0)
- {
- if ((ret =
- _gnutls_handshake_sign_crt_vrfy (session,
- &apr_cert_list[0],
- apr_pkey, &signature)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- sign_algo = ret;
- }
- else
- {
- return 0;
- }
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- const sign_algorithm_st *aid;
- uint8_t p[2];
- /* error checking is not needed here since we have used those algorithms */
- aid = _gnutls_sign_to_tls_aid (sign_algo);
- if (aid == NULL)
- return gnutls_assert_val (GNUTLS_E_UNKNOWN_ALGORITHM);
-
- p[0] = aid->hash_algorithm;
- p[1] = aid->sign_algorithm;
- ret = _gnutls_buffer_append_data (data, p, 2);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- ret =
- _gnutls_buffer_append_data_prefix (data, 16, signature.data,
- signature.size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = data->length;
-
-cleanup:
- _gnutls_free_datum (&signature);
- return ret;
+ int ret;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ gnutls_datum_t signature = { NULL, 0 };
+ gnutls_sign_algorithm_t sign_algo;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (apr_cert_list_length > 0) {
+ if ((ret =
+ _gnutls_handshake_sign_crt_vrfy(session,
+ &apr_cert_list[0],
+ apr_pkey,
+ &signature)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ sign_algo = ret;
+ } else {
+ return 0;
+ }
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ const sign_algorithm_st *aid;
+ uint8_t p[2];
+ /* error checking is not needed here since we have used those algorithms */
+ aid = _gnutls_sign_to_tls_aid(sign_algo);
+ if (aid == NULL)
+ return
+ gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
+
+ p[0] = aid->hash_algorithm;
+ p[1] = aid->sign_algorithm;
+ ret = _gnutls_buffer_append_data(data, p, 2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, signature.data,
+ signature.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = data->length;
+
+ cleanup:
+ _gnutls_free_datum(&signature);
+ return ret;
}
int
-_gnutls_proc_cert_client_crt_vrfy (gnutls_session_t session,
- uint8_t * data, size_t data_size)
+_gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session,
+ uint8_t * data, size_t data_size)
{
- int size, ret;
- ssize_t dsize = data_size;
- uint8_t *pdata = data;
- gnutls_datum_t sig;
- cert_auth_info_t info = _gnutls_get_auth_info (session);
- gnutls_pcert_st peer_cert;
- gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL))
- {
- gnutls_assert ();
- /* we need this in order to get peer's certificate */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- sign_algorithm_st aid;
-
- DECR_LEN (dsize, 2);
- aid.hash_algorithm = pdata[0];
- aid.sign_algorithm = pdata[1];
-
- sign_algo = _gnutls_tls_aid_to_sign (&aid);
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
- pdata += 2;
- }
-
- ret = _gnutls_session_sign_algo_enabled (session, sign_algo);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
-
- DECR_LEN (dsize, 2);
- size = _gnutls_read_uint16 (pdata);
- pdata += 2;
-
- DECR_LEN (dsize, size);
-
- sig.data = pdata;
- sig.size = size;
-
- ret = _gnutls_get_auth_info_pcert (&peer_cert,
- session->security_parameters.cert_type,
- info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if ((ret =
- _gnutls_handshake_verify_crt_vrfy (session, &peer_cert, &sig,
- sign_algo)) < 0)
- {
- gnutls_assert ();
- gnutls_pcert_deinit (&peer_cert);
- return ret;
- }
- gnutls_pcert_deinit (&peer_cert);
-
- return 0;
+ int size, ret;
+ ssize_t dsize = data_size;
+ uint8_t *pdata = data;
+ gnutls_datum_t sig;
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+ gnutls_pcert_st peer_cert;
+ gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL)) {
+ gnutls_assert();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ sign_algorithm_st aid;
+
+ DECR_LEN(dsize, 2);
+ aid.hash_algorithm = pdata[0];
+ aid.sign_algorithm = pdata[1];
+
+ sign_algo = _gnutls_tls_aid_to_sign(&aid);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+ pdata += 2;
+ }
+
+ ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+
+ DECR_LEN(dsize, 2);
+ size = _gnutls_read_uint16(pdata);
+ pdata += 2;
+
+ DECR_LEN(dsize, size);
+
+ sig.data = pdata;
+ sig.size = size;
+
+ ret = _gnutls_get_auth_info_pcert(&peer_cert,
+ session->security_parameters.
+ cert_type, info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if ((ret =
+ _gnutls_handshake_verify_crt_vrfy(session, &peer_cert, &sig,
+ sign_algo)) < 0) {
+ gnutls_assert();
+ gnutls_pcert_deinit(&peer_cert);
+ return ret;
+ }
+ gnutls_pcert_deinit(&peer_cert);
+
+ return 0;
}
int
-_gnutls_gen_cert_server_cert_req (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_cert_server_cert_req(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- gnutls_certificate_credentials_t cred;
- int ret;
- uint8_t tmp_data[CERTTYPE_SIZE];
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* Now we need to generate the RDN sequence. This is
- * already in the CERTIFICATE_CRED structure, to improve
- * performance.
- */
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- tmp_data[0] = CERTTYPE_SIZE - 1;
- tmp_data[1] = RSA_SIGN;
- tmp_data[2] = DSA_SIGN;
- tmp_data[3] = ECDSA_SIGN; /* only these for now */
-
- ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- uint8_t p[MAX_SIGN_ALGO_SIZE];
-
- ret =
- _gnutls_sign_algorithm_write_params (session, p, MAX_SIGN_ALGO_SIZE);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_buffer_append_data (data, p, ret);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
-
- if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
- session->internals.ignore_rdn_sequence == 0)
- {
- ret =
- _gnutls_buffer_append_data_prefix (data, 16,
- cred->x509_rdn_sequence.data,
- cred->x509_rdn_sequence.size);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
- else
- {
- ret = _gnutls_buffer_append_prefix (data, 16, 0);
- if (ret < 0)
- return gnutls_assert_val (ret);
- }
-
- return data->length;
+ gnutls_certificate_credentials_t cred;
+ int ret;
+ uint8_t tmp_data[CERTTYPE_SIZE];
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* Now we need to generate the RDN sequence. This is
+ * already in the CERTIFICATE_CRED structure, to improve
+ * performance.
+ */
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ tmp_data[0] = CERTTYPE_SIZE - 1;
+ tmp_data[1] = RSA_SIGN;
+ tmp_data[2] = DSA_SIGN;
+ tmp_data[3] = ECDSA_SIGN; /* only these for now */
+
+ ret = _gnutls_buffer_append_data(data, tmp_data, CERTTYPE_SIZE);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ uint8_t p[MAX_SIGN_ALGO_SIZE];
+
+ ret =
+ _gnutls_sign_algorithm_write_params(session, p,
+ MAX_SIGN_ALGO_SIZE);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_append_data(data, p, ret);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
+ session->internals.ignore_rdn_sequence == 0) {
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16,
+ cred->
+ x509_rdn_sequence.
+ data,
+ cred->
+ x509_rdn_sequence.
+ size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else {
+ ret = _gnutls_buffer_append_prefix(data, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return data->length;
}
@@ -1787,187 +1727,176 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session,
*
*/
int
-_gnutls_get_selected_cert (gnutls_session_t session,
- gnutls_pcert_st ** apr_cert_list,
- int *apr_cert_list_length,
- gnutls_privkey_t * apr_pkey)
+_gnutls_get_selected_cert(gnutls_session_t session,
+ gnutls_pcert_st ** apr_cert_list,
+ int *apr_cert_list_length,
+ gnutls_privkey_t * apr_pkey)
{
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
- /* select_client_cert() has been called before.
- */
+ /* select_client_cert() has been called before.
+ */
- *apr_cert_list = session->internals.selected_cert_list;
- *apr_pkey = session->internals.selected_key;
- *apr_cert_list_length = session->internals.selected_cert_list_length;
+ *apr_cert_list = session->internals.selected_cert_list;
+ *apr_pkey = session->internals.selected_key;
+ *apr_cert_list_length =
+ session->internals.selected_cert_list_length;
- if (*apr_cert_list_length == 0 || *apr_cert_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ if (*apr_cert_list_length == 0 || *apr_cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- }
- else
- { /* CLIENT SIDE
- */
+ } else { /* CLIENT SIDE
+ */
- /* we have already decided which certificate
- * to send.
- */
- *apr_cert_list = session->internals.selected_cert_list;
- *apr_cert_list_length = session->internals.selected_cert_list_length;
- *apr_pkey = session->internals.selected_key;
+ /* we have already decided which certificate
+ * to send.
+ */
+ *apr_cert_list = session->internals.selected_cert_list;
+ *apr_cert_list_length =
+ session->internals.selected_cert_list_length;
+ *apr_pkey = session->internals.selected_key;
- }
+ }
- return 0;
+ return 0;
}
/* converts the given x509 certificate list to gnutls_pcert_st* and allocates
* space for them.
*/
-static gnutls_pcert_st *
-alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, unsigned ncerts)
+static gnutls_pcert_st *alloc_and_load_x509_certs(gnutls_x509_crt_t *
+ certs, unsigned ncerts)
{
- gnutls_pcert_st *local_certs;
- int ret = 0;
- unsigned i, j;
-
- if (certs == NULL)
- return NULL;
-
- local_certs = gnutls_malloc (sizeof (gnutls_pcert_st) * ncerts);
- if (local_certs == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- for (i = 0; i < ncerts; i++)
- {
- ret = gnutls_pcert_import_x509 (&local_certs[i], certs[i], 0);
- if (ret < 0)
- break;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- for (j = 0; j < i; j++)
- {
- gnutls_pcert_deinit (&local_certs[j]);
- }
- gnutls_free (local_certs);
- return NULL;
- }
-
- return local_certs;
+ gnutls_pcert_st *local_certs;
+ int ret = 0;
+ unsigned i, j;
+
+ if (certs == NULL)
+ return NULL;
+
+ local_certs = gnutls_malloc(sizeof(gnutls_pcert_st) * ncerts);
+ if (local_certs == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ for (i = 0; i < ncerts; i++) {
+ ret =
+ gnutls_pcert_import_x509(&local_certs[i], certs[i], 0);
+ if (ret < 0)
+ break;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ for (j = 0; j < i; j++) {
+ gnutls_pcert_deinit(&local_certs[j]);
+ }
+ gnutls_free(local_certs);
+ return NULL;
+ }
+
+ return local_certs;
}
/* converts the given x509 key to gnutls_privkey* and allocates
* space for it.
*/
static gnutls_privkey_t
-alloc_and_load_x509_key (gnutls_x509_privkey_t key, int deinit)
+alloc_and_load_x509_key(gnutls_x509_privkey_t key, int deinit)
{
- gnutls_privkey_t local_key;
- int ret = 0;
-
- if (key == NULL)
- return NULL;
-
- ret = gnutls_privkey_init (&local_key);
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret =
- gnutls_privkey_import_x509 (local_key, key,
- deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE :
- 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_privkey_deinit (local_key);
- return NULL;
- }
-
- return local_key;
+ gnutls_privkey_t local_key;
+ int ret = 0;
+
+ if (key == NULL)
+ return NULL;
+
+ ret = gnutls_privkey_init(&local_key);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret =
+ gnutls_privkey_import_x509(local_key, key,
+ deinit ?
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE :
+ 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_privkey_deinit(local_key);
+ return NULL;
+ }
+
+ return local_key;
}
/* converts the given pgp certificate to gnutls_cert* and allocates
* space for them.
*/
#ifdef ENABLE_OPENPGP
-static gnutls_pcert_st *
-alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert)
+static gnutls_pcert_st *alloc_and_load_pgp_certs(gnutls_openpgp_crt_t cert)
{
- gnutls_pcert_st *local_certs;
- int ret = 0;
-
- if (cert == NULL)
- return NULL;
-
- local_certs = gnutls_malloc (sizeof (gnutls_pcert_st));
- if (local_certs == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret = gnutls_pcert_import_openpgp (local_certs, cert, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_pcert_deinit (local_certs);
- gnutls_free (local_certs);
- return NULL;
- }
-
- return local_certs;
+ gnutls_pcert_st *local_certs;
+ int ret = 0;
+
+ if (cert == NULL)
+ return NULL;
+
+ local_certs = gnutls_malloc(sizeof(gnutls_pcert_st));
+ if (local_certs == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret = gnutls_pcert_import_openpgp(local_certs, cert, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_pcert_deinit(local_certs);
+ gnutls_free(local_certs);
+ return NULL;
+ }
+
+ return local_certs;
}
/* converts the given raw key to gnutls_privkey* and allocates
* space for it.
*/
static gnutls_privkey_t
-alloc_and_load_pgp_key (gnutls_openpgp_privkey_t key, int deinit)
+alloc_and_load_pgp_key(gnutls_openpgp_privkey_t key, int deinit)
{
- gnutls_privkey_t local_key;
- int ret = 0;
-
- if (key == NULL)
- return NULL;
-
- ret = gnutls_privkey_init (&local_key);
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret =
- gnutls_privkey_import_openpgp (local_key, key,
- deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
- : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_privkey_deinit (local_key);
- return NULL;
- }
-
- return local_key;
+ gnutls_privkey_t local_key;
+ int ret = 0;
+
+ if (key == NULL)
+ return NULL;
+
+ ret = gnutls_privkey_init(&local_key);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret =
+ gnutls_privkey_import_openpgp(local_key, key,
+ deinit ?
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ : 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_privkey_deinit(local_key);
+ return NULL;
+ }
+
+ return local_key;
}
#endif
@@ -1977,91 +1906,92 @@ alloc_and_load_pgp_key (gnutls_openpgp_privkey_t key, int deinit)
* space for it.
*/
static gnutls_privkey_t
-alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t key, int deinit)
+alloc_and_load_pkcs11_key(gnutls_pkcs11_privkey_t key, int deinit)
{
- gnutls_privkey_t local_key;
- int ret = 0;
-
- if (key == NULL)
- return NULL;
-
- ret = gnutls_privkey_init (&local_key);
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret =
- gnutls_privkey_import_pkcs11 (local_key, key,
- deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
- : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_privkey_deinit (local_key);
- return NULL;
- }
-
- return local_key;
+ gnutls_privkey_t local_key;
+ int ret = 0;
+
+ if (key == NULL)
+ return NULL;
+
+ ret = gnutls_privkey_init(&local_key);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret =
+ gnutls_privkey_import_pkcs11(local_key, key,
+ deinit ?
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ : 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_privkey_deinit(local_key);
+ return NULL;
+ }
+
+ return local_key;
}
#endif
-void
-_gnutls_selected_certs_deinit (gnutls_session_t session)
+void _gnutls_selected_certs_deinit(gnutls_session_t session)
{
- if (session->internals.selected_need_free != 0)
- {
- int i;
-
- for (i = 0; i < session->internals.selected_cert_list_length; i++)
- {
- gnutls_pcert_deinit (&session->internals.selected_cert_list[i]);
- }
- gnutls_free (session->internals.selected_cert_list);
- session->internals.selected_cert_list = NULL;
- session->internals.selected_cert_list_length = 0;
-
- gnutls_privkey_deinit(session->internals.selected_key);
- session->internals.selected_key = NULL;
- }
-
- return;
+ if (session->internals.selected_need_free != 0) {
+ int i;
+
+ for (i = 0;
+ i < session->internals.selected_cert_list_length;
+ i++) {
+ gnutls_pcert_deinit(&session->internals.
+ selected_cert_list[i]);
+ }
+ gnutls_free(session->internals.selected_cert_list);
+ session->internals.selected_cert_list = NULL;
+ session->internals.selected_cert_list_length = 0;
+
+ gnutls_privkey_deinit(session->internals.selected_key);
+ session->internals.selected_key = NULL;
+ }
+
+ return;
}
void
-_gnutls_selected_certs_set (gnutls_session_t session,
- gnutls_pcert_st * certs, int ncerts,
- gnutls_privkey_t key, int need_free)
+_gnutls_selected_certs_set(gnutls_session_t session,
+ gnutls_pcert_st * certs, int ncerts,
+ gnutls_privkey_t key, int need_free)
{
- _gnutls_selected_certs_deinit (session);
+ _gnutls_selected_certs_deinit(session);
- session->internals.selected_cert_list = certs;
- session->internals.selected_cert_list_length = ncerts;
- session->internals.selected_key = key;
- session->internals.selected_need_free = need_free;
+ session->internals.selected_cert_list = certs;
+ session->internals.selected_cert_list_length = ncerts;
+ session->internals.selected_key = key;
+ session->internals.selected_need_free = need_free;
}
-static void get_server_name(gnutls_session_t session, uint8_t* name, size_t max_name_size)
+static void get_server_name(gnutls_session_t session, uint8_t * name,
+ size_t max_name_size)
{
-int ret, i;
-size_t max_name;
-unsigned int type;
-
- ret = 0;
- for (i=0; !(ret<0);i++)
- {
- max_name = max_name_size;
- ret = gnutls_server_name_get (session, name, &max_name, &type, i);
- if (ret >= 0 && type == GNUTLS_NAME_DNS)
- return;
- }
-
- name[0] = 0;
-
- return;
+ int ret, i;
+ size_t max_name;
+ unsigned int type;
+
+ ret = 0;
+ for (i = 0; !(ret < 0); i++) {
+ max_name = max_name_size;
+ ret =
+ gnutls_server_name_get(session, name, &max_name, &type,
+ i);
+ if (ret >= 0 && type == GNUTLS_NAME_DNS)
+ return;
+ }
+
+ name[0] = 0;
+
+ return;
}
/* finds the most appropriate certificate in the cert list.
@@ -2075,98 +2005,109 @@ unsigned int type;
*
*/
int
-_gnutls_server_select_cert (gnutls_session_t session,
- gnutls_pk_algorithm_t * pk_algos,
- size_t pk_algos_size)
+_gnutls_server_select_cert(gnutls_session_t session,
+ gnutls_pk_algorithm_t * pk_algos,
+ size_t pk_algos_size)
{
- unsigned i, j;
- int idx, ret;
- gnutls_certificate_credentials_t cred;
- char server_name[MAX_CN];
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* If the callback which retrieves certificate has been set,
- * use it and leave.
- */
- if (cred->server_get_cert_callback || cred->get_cert_callback
- || cred->get_cert_callback2)
- {
- ret = call_get_cert_callback (session, NULL, 0, NULL, 0);
- if (ret < 0)
- return gnutls_assert_val (ret);
- return ret;
- }
-
- /* Otherwise... */
-
- get_server_name(session, (unsigned char*)server_name, sizeof(server_name));
-
- idx = -1; /* default is use no certificate */
-
- /* find certificates that match the requested server_name
- */
-
- if (server_name[0] != 0)
- {
- for (i = 0; i < cred->ncerts; i++)
- {
- if (cred->certs[i].names != NULL && _gnutls_str_array_match(cred->certs[i].names, server_name) != 0)
- {
- /* if requested algorithms are also compatible select it */
- gnutls_pk_algorithm pk =
- gnutls_pubkey_get_pk_algorithm (cred->certs[i].cert_list[0].pubkey,
- NULL);
-
- _gnutls_handshake_log("HSK[%p]: Requested server name: '%s', ctype: %s (%d)", session, server_name,
- gnutls_certificate_type_get_name (session->security_parameters.cert_type),
- session->security_parameters.cert_type);
-
- if (session->security_parameters.cert_type == cred->certs[i].cert_list[0].type)
- {
- for (j = 0; j < pk_algos_size; j++)
- if (pk_algos[j] == pk)
- {
- idx = i;
- goto finished;
- }
- }
- }
- }
- }
-
- for (j = 0; j < pk_algos_size; j++)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Requested PK algorithm: %s (%d) -- ctype: %s (%d)\n",
- session, gnutls_pk_get_name (pk_algos[j]), pk_algos[j],
- gnutls_certificate_type_get_name (session->security_parameters.
- cert_type),
- session->security_parameters.cert_type);
-
- for (i = 0; i < cred->ncerts; i++)
- {
- gnutls_pk_algorithm pk =
- gnutls_pubkey_get_pk_algorithm (cred->certs[i].cert_list[0].pubkey,
- NULL);
- /* find one compatible certificate
- */
- _gnutls_handshake_log
- ("HSK[%p]: certificate[%d] PK algorithm: %s (%d) - ctype: %s (%d)\n",
- session, i, gnutls_pk_get_name (pk), pk,
- gnutls_certificate_type_get_name (cred->certs[i].cert_list[0].type),
- cred->certs[i].cert_list[0].type);
-
- if (pk_algos[j] == pk)
- {
- /* if cert type matches
- */
+ unsigned i, j;
+ int idx, ret;
+ gnutls_certificate_credentials_t cred;
+ char server_name[MAX_CN];
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* If the callback which retrieves certificate has been set,
+ * use it and leave.
+ */
+ if (cred->server_get_cert_callback || cred->get_cert_callback
+ || cred->get_cert_callback2) {
+ ret = call_get_cert_callback(session, NULL, 0, NULL, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ return ret;
+ }
+
+ /* Otherwise... */
+
+ get_server_name(session, (unsigned char *) server_name,
+ sizeof(server_name));
+
+ idx = -1; /* default is use no certificate */
+
+ /* find certificates that match the requested server_name
+ */
+
+ if (server_name[0] != 0) {
+ for (i = 0; i < cred->ncerts; i++) {
+ if (cred->certs[i].names != NULL
+ && _gnutls_str_array_match(cred->certs[i].
+ names,
+ server_name) != 0) {
+ /* if requested algorithms are also compatible select it */
+ gnutls_pk_algorithm pk =
+ gnutls_pubkey_get_pk_algorithm(cred->
+ certs
+ [i].
+ cert_list
+ [0].
+ pubkey,
+ NULL);
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Requested server name: '%s', ctype: %s (%d)",
+ session, server_name,
+ gnutls_certificate_type_get_name
+ (session->security_parameters.
+ cert_type),
+ session->security_parameters.
+ cert_type);
+
+ if (session->security_parameters.
+ cert_type ==
+ cred->certs[i].cert_list[0].type) {
+ for (j = 0; j < pk_algos_size; j++)
+ if (pk_algos[j] == pk) {
+ idx = i;
+ goto finished;
+ }
+ }
+ }
+ }
+ }
+
+ for (j = 0; j < pk_algos_size; j++) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Requested PK algorithm: %s (%d) -- ctype: %s (%d)\n",
+ session, gnutls_pk_get_name(pk_algos[j]), pk_algos[j],
+ gnutls_certificate_type_get_name(session->
+ security_parameters.cert_type),
+ session->security_parameters.cert_type);
+
+ for (i = 0; i < cred->ncerts; i++) {
+ gnutls_pk_algorithm pk =
+ gnutls_pubkey_get_pk_algorithm(cred->certs[i].
+ cert_list[0].
+ pubkey,
+ NULL);
+ /* find one compatible certificate
+ */
+ _gnutls_handshake_log
+ ("HSK[%p]: certificate[%d] PK algorithm: %s (%d) - ctype: %s (%d)\n",
+ session, i, gnutls_pk_get_name(pk), pk,
+ gnutls_certificate_type_get_name(cred->
+ certs[i].
+ cert_list[0].
+ type),
+ cred->certs[i].cert_list[0].type);
+
+ if (pk_algos[j] == pk) {
+ /* if cert type matches
+ */
/* *INDENT-OFF* */
if (session->security_parameters.cert_type == cred->certs[i].cert_list[0].type)
{
@@ -2174,191 +2115,181 @@ _gnutls_server_select_cert (gnutls_session_t session,
goto finished;
}
/* *INDENT-ON* */
- }
- }
- }
-
- /* store the certificate pointer for future use, in the handshake.
- * (This will allow not calling this callback again.)
- */
-finished:
- if (idx >= 0)
- {
- _gnutls_selected_certs_set (session,
- &cred->certs[idx].cert_list[0],
- cred->certs[idx].cert_list_length,
- cred->pkey[idx], 0);
- }
- else
- {
- gnutls_assert ();
- /* Certificate does not support REQUESTED_ALGO. */
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- return 0;
+ }
+ }
+ }
+
+ /* store the certificate pointer for future use, in the handshake.
+ * (This will allow not calling this callback again.)
+ */
+ finished:
+ if (idx >= 0) {
+ _gnutls_selected_certs_set(session,
+ &cred->certs[idx].cert_list[0],
+ cred->certs[idx].
+ cert_list_length,
+ cred->pkey[idx], 0);
+ } else {
+ gnutls_assert();
+ /* Certificate does not support REQUESTED_ALGO. */
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ return 0;
}
/* Frees the rsa_info_st structure.
*/
-void
-_gnutls_free_rsa_info (rsa_info_st * rsa)
+void _gnutls_free_rsa_info(rsa_info_st * rsa)
{
- _gnutls_free_datum (&rsa->modulus);
- _gnutls_free_datum (&rsa->exponent);
+ _gnutls_free_datum(&rsa->modulus);
+ _gnutls_free_datum(&rsa->exponent);
}
-int _gnutls_gen_dhe_signature(gnutls_session_t session, gnutls_buffer_st* data,
- uint8_t* plain, unsigned plain_size)
+int _gnutls_gen_dhe_signature(gnutls_session_t session,
+ gnutls_buffer_st * data, uint8_t * plain,
+ unsigned plain_size)
{
-gnutls_pcert_st *apr_cert_list;
-gnutls_privkey_t apr_pkey;
-int apr_cert_list_length;
-gnutls_datum_t signature = { NULL, 0 }, ddata;
-gnutls_sign_algorithm_t sign_algo;
-const version_entry_st* ver = get_version (session);
-int ret;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ddata.data = plain;
- ddata.size = plain_size;
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (apr_cert_list_length > 0)
- {
- if ((ret =
- _gnutls_handshake_sign_data (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature,
- &sign_algo)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- else
- {
- gnutls_assert ();
- ret = 0; /* ANON-DH, do not put a signature - ILLEGAL! */
- goto cleanup;
- }
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- const sign_algorithm_st *aid;
- uint8_t p[2];
-
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- ret = GNUTLS_E_UNKNOWN_ALGORITHM;
- goto cleanup;
- }
-
- aid = _gnutls_sign_to_tls_aid (sign_algo);
- if (aid == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_UNKNOWN_ALGORITHM;
- goto cleanup;
- }
-
- p[0] = aid->hash_algorithm;
- p[1] = aid->sign_algorithm;
-
- ret = _gnutls_buffer_append_data(data, p, 2);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = _gnutls_buffer_append_data_prefix(data, 16, signature.data, signature.size);
- if (ret < 0)
- {
- gnutls_assert();
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&signature);
- return ret;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ gnutls_datum_t signature = { NULL, 0 }, ddata;
+ gnutls_sign_algorithm_t sign_algo;
+ const version_entry_st *ver = get_version(session);
+ int ret;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ddata.data = plain;
+ ddata.size = plain_size;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (apr_cert_list_length > 0) {
+ if ((ret =
+ _gnutls_handshake_sign_data(session,
+ &apr_cert_list[0],
+ apr_pkey, &ddata,
+ &signature,
+ &sign_algo)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else {
+ gnutls_assert();
+ ret = 0; /* ANON-DH, do not put a signature - ILLEGAL! */
+ goto cleanup;
+ }
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ const sign_algorithm_st *aid;
+ uint8_t p[2];
+
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ aid = _gnutls_sign_to_tls_aid(sign_algo);
+ if (aid == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ p[0] = aid->hash_algorithm;
+ p[1] = aid->sign_algorithm;
+
+ ret = _gnutls_buffer_append_data(data, p, 2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, signature.data,
+ signature.size);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&signature);
+ return ret;
}
int
-_gnutls_proc_dhe_signature (gnutls_session_t session, uint8_t * data,
- size_t _data_size, gnutls_datum_t* vparams)
+_gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data,
+ size_t _data_size, gnutls_datum_t * vparams)
{
- int sigsize;
- gnutls_datum_t signature;
- int ret;
- cert_auth_info_t info = _gnutls_get_auth_info (session);
- ssize_t data_size = _data_size;
- gnutls_pcert_st peer_cert;
- gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL))
- {
- gnutls_assert ();
- /* we need this in order to get peer's certificate */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* VERIFY SIGNATURE */
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- sign_algorithm_st aid;
-
- DECR_LEN (data_size, 1);
- aid.hash_algorithm = *data++;
- DECR_LEN (data_size, 1);
- aid.sign_algorithm = *data++;
- sign_algo = _gnutls_tls_aid_to_sign (&aid);
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- _gnutls_debug_log("unknown signature %d.%d\n", aid.sign_algorithm, aid.hash_algorithm);
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
- }
- DECR_LEN (data_size, 2);
- sigsize = _gnutls_read_uint16 (data);
- data += 2;
-
- DECR_LEN (data_size, sigsize);
- signature.data = data;
- signature.size = sigsize;
-
- if ((ret =
- _gnutls_get_auth_info_pcert (&peer_cert,
- session->security_parameters.cert_type,
- info)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_handshake_verify_data (session, &peer_cert, vparams, &signature,
- sign_algo);
-
- gnutls_pcert_deinit (&peer_cert);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int sigsize;
+ gnutls_datum_t signature;
+ int ret;
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+ ssize_t data_size = _data_size;
+ gnutls_pcert_st peer_cert;
+ gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL)) {
+ gnutls_assert();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* VERIFY SIGNATURE */
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ sign_algorithm_st aid;
+
+ DECR_LEN(data_size, 1);
+ aid.hash_algorithm = *data++;
+ DECR_LEN(data_size, 1);
+ aid.sign_algorithm = *data++;
+ sign_algo = _gnutls_tls_aid_to_sign(&aid);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ _gnutls_debug_log("unknown signature %d.%d\n",
+ aid.sign_algorithm,
+ aid.hash_algorithm);
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+ }
+ DECR_LEN(data_size, 2);
+ sigsize = _gnutls_read_uint16(data);
+ data += 2;
+
+ DECR_LEN(data_size, sigsize);
+ signature.data = data;
+ signature.size = sigsize;
+
+ if ((ret =
+ _gnutls_get_auth_info_pcert(&peer_cert,
+ session->security_parameters.
+ cert_type, info)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_handshake_verify_data(session, &peer_cert, vparams,
+ &signature, sign_algo);
+
+ gnutls_pcert_deinit(&peer_cert);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
diff --git a/lib/auth/cert.h b/lib/auth/cert.h
index 3bf59b1eb1..f6295e9576 100644
--- a/lib/auth/cert.h
+++ b/lib/auth/cert.h
@@ -31,142 +31,139 @@
#include <gnutls_str_array.h>
typedef struct {
- gnutls_pcert_st * cert_list; /* a certificate chain */
- unsigned int cert_list_length; /* its length */
- gnutls_str_array_t names; /* the names in the first certificate */
+ gnutls_pcert_st *cert_list; /* a certificate chain */
+ unsigned int cert_list_length; /* its length */
+ gnutls_str_array_t names; /* the names in the first certificate */
} certs_st;
/* This structure may be complex, but it's the only way to
* support a server that has multiple certificates
*/
-typedef struct gnutls_certificate_credentials_st
-{
- gnutls_dh_params_t dh_params;
- /* this callback is used to retrieve the DH or RSA
- * parameters.
- */
- gnutls_params_function *params_func;
-
- certs_st *certs;
- unsigned ncerts; /* the number of certs */
-
- gnutls_privkey_t *pkey;
- /* private keys. It contains ncerts private
- * keys. pkey[i] corresponds to certificate in
- * cert_list[i][0].
- */
+typedef struct gnutls_certificate_credentials_st {
+ gnutls_dh_params_t dh_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
+
+ certs_st *certs;
+ unsigned ncerts; /* the number of certs */
+
+ gnutls_privkey_t *pkey;
+ /* private keys. It contains ncerts private
+ * keys. pkey[i] corresponds to certificate in
+ * cert_list[i][0].
+ */
#ifdef ENABLE_OPENPGP
- /* OpenPGP specific stuff */
- gnutls_openpgp_keyring_t keyring;
+ /* OpenPGP specific stuff */
+ gnutls_openpgp_keyring_t keyring;
#endif
- /* X509 specific stuff */
- gnutls_x509_trust_list_t tlist;
- unsigned int verify_flags; /* flags to be used at
- * certificate verification.
- */
- unsigned int verify_depth;
- unsigned int verify_bits;
-
- /* holds a sequence of the
- * RDNs of the CAs above.
- * This is better than
- * generating on every handshake.
- */
- gnutls_datum_t x509_rdn_sequence;
-
- /* It's a mess here. However we need to keep the old 3 functions
- * for compatibility */
- gnutls_certificate_retrieve_function *get_cert_callback; /* deprecated */
- gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */
- gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */
- gnutls_certificate_retrieve_function2 *get_cert_callback2;
-
- gnutls_certificate_verify_function *verify_callback;
-
- struct pin_info_st pin;
- /* temporarily hold the PIN if set_key_file2() is used with a PIN */
- char pin_tmp[GNUTLS_PKCS11_MAX_PIN_LEN];
-
- /* OCSP */
- gnutls_status_request_ocsp_func ocsp_func;
- void *ocsp_func_ptr;
- char *ocsp_response_file;
+ /* X509 specific stuff */
+ gnutls_x509_trust_list_t tlist;
+ unsigned int verify_flags; /* flags to be used at
+ * certificate verification.
+ */
+ unsigned int verify_depth;
+ unsigned int verify_bits;
+
+ /* holds a sequence of the
+ * RDNs of the CAs above.
+ * This is better than
+ * generating on every handshake.
+ */
+ gnutls_datum_t x509_rdn_sequence;
+
+ /* It's a mess here. However we need to keep the old 3 functions
+ * for compatibility */
+ gnutls_certificate_retrieve_function *get_cert_callback; /* deprecated */
+ gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */
+ gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */
+ gnutls_certificate_retrieve_function2 *get_cert_callback2;
+
+ gnutls_certificate_verify_function *verify_callback;
+
+ struct pin_info_st pin;
+ /* temporarily hold the PIN if set_key_file2() is used with a PIN */
+ char pin_tmp[GNUTLS_PKCS11_MAX_PIN_LEN];
+
+ /* OCSP */
+ gnutls_status_request_ocsp_func ocsp_func;
+ void *ocsp_func_ptr;
+ char *ocsp_response_file;
} certificate_credentials_st;
-typedef struct rsa_info_st
-{
- gnutls_datum_t modulus;
- gnutls_datum_t exponent;
+typedef struct rsa_info_st {
+ gnutls_datum_t modulus;
+ gnutls_datum_t exponent;
} rsa_info_st;
/* This is the information we keep for the peer
* certificate.
*/
-typedef struct cert_auth_info_st
-{
- /* These (dh/rsa) are just copies from the credentials_t structure.
- * They must be freed.
- */
- dh_info_st dh;
-
- gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
- * peer.
- */
- unsigned int ncerts; /* holds the size of the list above */
-
- gnutls_certificate_type_t cert_type;
+typedef struct cert_auth_info_st {
+ /* These (dh/rsa) are just copies from the credentials_t structure.
+ * They must be freed.
+ */
+ dh_info_st dh;
+
+ gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
+ * peer.
+ */
+ unsigned int ncerts; /* holds the size of the list above */
+
+ gnutls_certificate_type_t cert_type;
#ifdef ENABLE_OPENPGP
- uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
+ uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
#endif
} *cert_auth_info_t;
typedef struct cert_auth_info_st cert_auth_info_st;
-void _gnutls_free_rsa_info (rsa_info_st * rsa);
+void _gnutls_free_rsa_info(rsa_info_st * rsa);
/* AUTH X509 functions */
-int _gnutls_gen_cert_server_crt (gnutls_session_t, gnutls_buffer_st *);
-int _gnutls_gen_cert_client_crt (gnutls_session_t, gnutls_buffer_st *);
-int _gnutls_gen_cert_client_crt_vrfy (gnutls_session_t, gnutls_buffer_st *);
-int _gnutls_gen_cert_server_cert_req (gnutls_session_t, gnutls_buffer_st *);
-int _gnutls_proc_cert_cert_req (gnutls_session_t, uint8_t *, size_t);
-int _gnutls_proc_cert_client_crt_vrfy (gnutls_session_t, uint8_t *, size_t);
-int _gnutls_proc_crt (gnutls_session_t, uint8_t *, size_t);
-int _gnutls_get_selected_cert (gnutls_session_t session,
- gnutls_pcert_st ** apr_cert_list,
- int *apr_cert_list_length,
- gnutls_privkey_t * apr_pkey);
-
-int _gnutls_server_select_cert (struct gnutls_session_int *,
- gnutls_pk_algorithm_t*, size_t);
-void _gnutls_selected_certs_deinit (gnutls_session_t session);
-void _gnutls_selected_certs_set (gnutls_session_t session,
- gnutls_pcert_st * certs, int ncerts,
- gnutls_privkey_t key, int need_free);
-
-int _gnutls_get_auth_info_pcert (gnutls_pcert_st* gcert,
- gnutls_certificate_type_t type,
- cert_auth_info_t info);
-
-int certificate_credential_append_crt_list (gnutls_certificate_credentials_t
- res, gnutls_str_array_t names,
- gnutls_pcert_st* crt, int nr);
-int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
- gnutls_privkey_t pkey);
-
-int _gnutls_selected_cert_supported_kx (struct gnutls_session_int *session,
- gnutls_kx_algorithm_t * alg,
- int *alg_size);
-
-int
-_gnutls_check_key_cert_match (gnutls_certificate_credentials_t res);
-
-int _gnutls_gen_dhe_signature(gnutls_session_t session, gnutls_buffer_st* data,
- uint8_t* plain, unsigned plain_size);
-int
-_gnutls_proc_dhe_signature (gnutls_session_t session, uint8_t * data,
- size_t _data_size, gnutls_datum_t *vparams);
+int _gnutls_gen_cert_server_crt(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_gen_cert_client_crt(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_gen_cert_client_crt_vrfy(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_gen_cert_server_cert_req(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_proc_cert_cert_req(gnutls_session_t, uint8_t *, size_t);
+int _gnutls_proc_cert_client_crt_vrfy(gnutls_session_t, uint8_t *, size_t);
+int _gnutls_proc_crt(gnutls_session_t, uint8_t *, size_t);
+int _gnutls_get_selected_cert(gnutls_session_t session,
+ gnutls_pcert_st ** apr_cert_list,
+ int *apr_cert_list_length,
+ gnutls_privkey_t * apr_pkey);
+
+int _gnutls_server_select_cert(struct gnutls_session_int *,
+ gnutls_pk_algorithm_t *, size_t);
+void _gnutls_selected_certs_deinit(gnutls_session_t session);
+void _gnutls_selected_certs_set(gnutls_session_t session,
+ gnutls_pcert_st * certs, int ncerts,
+ gnutls_privkey_t key, int need_free);
+
+int _gnutls_get_auth_info_pcert(gnutls_pcert_st * gcert,
+ gnutls_certificate_type_t type,
+ cert_auth_info_t info);
+
+int certificate_credential_append_crt_list(gnutls_certificate_credentials_t
+ res, gnutls_str_array_t names,
+ gnutls_pcert_st * crt, int nr);
+int certificate_credentials_append_pkey(gnutls_certificate_credentials_t
+ res, gnutls_privkey_t pkey);
+
+int _gnutls_selected_cert_supported_kx(struct gnutls_session_int *session,
+ gnutls_kx_algorithm_t * alg,
+ int *alg_size);
+
+int _gnutls_check_key_cert_match(gnutls_certificate_credentials_t res);
+
+int _gnutls_gen_dhe_signature(gnutls_session_t session,
+ gnutls_buffer_st * data, uint8_t * plain,
+ unsigned plain_size);
+int _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data,
+ size_t _data_size,
+ gnutls_datum_t * vparams);
#endif
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 0d7f088cb7..1efb4a2771 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -42,287 +42,282 @@
/* Frees the dh_info_st structure.
*/
-void
-_gnutls_free_dh_info (dh_info_st * dh)
+void _gnutls_free_dh_info(dh_info_st * dh)
{
- dh->secret_bits = 0;
- _gnutls_free_datum (&dh->prime);
- _gnutls_free_datum (&dh->generator);
- _gnutls_free_datum (&dh->public_key);
+ dh->secret_bits = 0;
+ _gnutls_free_datum(&dh->prime);
+ _gnutls_free_datum(&dh->generator);
+ _gnutls_free_datum(&dh->public_key);
}
int
-_gnutls_proc_dh_common_client_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size,
- bigint_t g, bigint_t p,
- gnutls_datum_t* psk_key)
+_gnutls_proc_dh_common_client_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size,
+ bigint_t g, bigint_t p,
+ gnutls_datum_t * psk_key)
{
- uint16_t n_Y;
- size_t _n_Y;
- int ret;
- ssize_t data_size = _data_size;
+ uint16_t n_Y;
+ size_t _n_Y;
+ int ret;
+ ssize_t data_size = _data_size;
- DECR_LEN (data_size, 2);
- n_Y = _gnutls_read_uint16 (&data[0]);
- _n_Y = n_Y;
+ DECR_LEN(data_size, 2);
+ n_Y = _gnutls_read_uint16(&data[0]);
+ _n_Y = n_Y;
- DECR_LEN (data_size, n_Y);
- if (_gnutls_mpi_scan_nz (&session->key.client_Y, &data[2], _n_Y))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ DECR_LEN(data_size, n_Y);
+ if (_gnutls_mpi_scan_nz(&session->key.client_Y, &data[2], _n_Y)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- _gnutls_dh_set_peer_public (session, session->key.client_Y);
+ _gnutls_dh_set_peer_public(session, session->key.client_Y);
- ret =
- gnutls_calc_dh_key (&session->key.KEY, session->key.client_Y, session->key.dh_secret, p);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ gnutls_calc_dh_key(&session->key.KEY, session->key.client_Y,
+ session->key.dh_secret, p);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- _gnutls_mpi_release (&session->key.client_Y);
- _gnutls_mpi_release (&session->key.dh_secret);
+ _gnutls_mpi_release(&session->key.client_Y);
+ _gnutls_mpi_release(&session->key.dh_secret);
- if (psk_key == NULL)
- {
- ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
- }
- else /* In DHE_PSK the key is set differently */
- {
- gnutls_datum_t tmp_dh_key;
- ret = _gnutls_mpi_dprint (session->key.KEY, &tmp_dh_key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (psk_key == NULL) {
+ ret =
+ _gnutls_mpi_dprint(session->key.KEY,
+ &session->key.key);
+ } else { /* In DHE_PSK the key is set differently */
- ret = _gnutls_set_psk_session_key (session, psk_key, &tmp_dh_key);
- _gnutls_free_datum (&tmp_dh_key);
+ gnutls_datum_t tmp_dh_key;
+ ret = _gnutls_mpi_dprint(session->key.KEY, &tmp_dh_key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- }
+ ret =
+ _gnutls_set_psk_session_key(session, psk_key,
+ &tmp_dh_key);
+ _gnutls_free_datum(&tmp_dh_key);
- _gnutls_mpi_release (&session->key.KEY);
+ }
- if (ret < 0)
- {
- return ret;
- }
+ _gnutls_mpi_release(&session->key.KEY);
- return 0;
+ if (ret < 0) {
+ return ret;
+ }
+
+ return 0;
}
-int _gnutls_gen_dh_common_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+int _gnutls_gen_dh_common_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- return _gnutls_gen_dh_common_client_kx_int(session, data, NULL);
+ return _gnutls_gen_dh_common_client_kx_int(session, data, NULL);
}
int
-_gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* data, gnutls_datum_t* pskkey)
+_gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
+ gnutls_buffer_st * data,
+ gnutls_datum_t * pskkey)
{
- bigint_t x = NULL, X = NULL;
- int ret;
-
- ret = gnutls_calc_dh_secret (&X, &x, session->key.client_g,
- session->key.client_p, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x));
-
- ret = _gnutls_buffer_append_mpi( data, 16, X, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
-
- /* calculate the key after calculating the message */
- ret =
- gnutls_calc_dh_key (&session->key.KEY, session->key.client_Y, x, session->key.client_p);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
-
- /* THESE SHOULD BE DISCARDED */
- _gnutls_mpi_release (&session->key.client_Y);
- _gnutls_mpi_release (&session->key.client_p);
- _gnutls_mpi_release (&session->key.client_g);
-
- if (_gnutls_cipher_suite_get_kx_algo
- (session->security_parameters.cipher_suite)
- != GNUTLS_KX_DHE_PSK)
- {
- ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
- }
- else /* In DHE_PSK the key is set differently */
- {
- gnutls_datum_t tmp_dh_key;
-
- ret = _gnutls_mpi_dprint (session->key.KEY, &tmp_dh_key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_set_psk_session_key (session, pskkey, &tmp_dh_key);
- _gnutls_free_datum (&tmp_dh_key);
- }
-
- _gnutls_mpi_release (&session->key.KEY);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = data->length;
-
-error:
- _gnutls_mpi_release (&x);
- _gnutls_mpi_release (&X);
- return ret;
+ bigint_t x = NULL, X = NULL;
+ int ret;
+
+ ret = gnutls_calc_dh_secret(&X, &x, session->key.client_g,
+ session->key.client_p, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(x));
+
+ ret = _gnutls_buffer_append_mpi(data, 16, X, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* calculate the key after calculating the message */
+ ret =
+ gnutls_calc_dh_key(&session->key.KEY, session->key.client_Y, x,
+ session->key.client_p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* THESE SHOULD BE DISCARDED */
+ _gnutls_mpi_release(&session->key.client_Y);
+ _gnutls_mpi_release(&session->key.client_p);
+ _gnutls_mpi_release(&session->key.client_g);
+
+ if (_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.cipher_suite)
+ != GNUTLS_KX_DHE_PSK) {
+ ret =
+ _gnutls_mpi_dprint(session->key.KEY,
+ &session->key.key);
+ } else { /* In DHE_PSK the key is set differently */
+
+ gnutls_datum_t tmp_dh_key;
+
+ ret = _gnutls_mpi_dprint(session->key.KEY, &tmp_dh_key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret =
+ _gnutls_set_psk_session_key(session, pskkey,
+ &tmp_dh_key);
+ _gnutls_free_datum(&tmp_dh_key);
+ }
+
+ _gnutls_mpi_release(&session->key.KEY);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = data->length;
+
+ error:
+ _gnutls_mpi_release(&x);
+ _gnutls_mpi_release(&X);
+ return ret;
}
/* Returns the bytes parsed */
int
-_gnutls_proc_dh_common_server_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size)
+_gnutls_proc_dh_common_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size)
{
- uint16_t n_Y, n_g, n_p;
- size_t _n_Y, _n_g, _n_p;
- uint8_t *data_p;
- uint8_t *data_g;
- uint8_t *data_Y;
- int i, bits, ret;
- ssize_t data_size = _data_size;
-
- i = 0;
-
- DECR_LEN (data_size, 2);
- n_p = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_p);
- data_p = &data[i];
- i += n_p;
-
- DECR_LEN (data_size, 2);
- n_g = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_g);
- data_g = &data[i];
- i += n_g;
-
- DECR_LEN (data_size, 2);
- n_Y = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_Y);
- data_Y = &data[i];
-
- _n_Y = n_Y;
- _n_g = n_g;
- _n_p = n_p;
-
- if (_gnutls_mpi_scan_nz (&session->key.client_Y, data_Y, _n_Y) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (_gnutls_mpi_scan_nz (&session->key.client_g, data_g, _n_g) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
- if (_gnutls_mpi_scan_nz (&session->key.client_p, data_p, _n_p) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- bits = _gnutls_dh_get_min_prime_bits (session);
- if (bits < 0)
- {
- gnutls_assert ();
- return bits;
- }
-
- if (_gnutls_mpi_get_nbits (session->key.client_p) < (size_t) bits)
- {
- /* the prime used by the peer is not acceptable
- */
- gnutls_assert ();
- _gnutls_debug_log("Received a prime of %u bits, limit is %u\n", (unsigned)_gnutls_mpi_get_nbits (session->key.client_p),
- (unsigned)bits);
- return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
- }
-
- _gnutls_dh_set_group (session, session->key.client_g,
- session->key.client_p);
- _gnutls_dh_set_peer_public (session, session->key.client_Y);
-
- ret = n_Y + n_p + n_g + 6;
-
- return ret;
+ uint16_t n_Y, n_g, n_p;
+ size_t _n_Y, _n_g, _n_p;
+ uint8_t *data_p;
+ uint8_t *data_g;
+ uint8_t *data_Y;
+ int i, bits, ret;
+ ssize_t data_size = _data_size;
+
+ i = 0;
+
+ DECR_LEN(data_size, 2);
+ n_p = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_p);
+ data_p = &data[i];
+ i += n_p;
+
+ DECR_LEN(data_size, 2);
+ n_g = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_g);
+ data_g = &data[i];
+ i += n_g;
+
+ DECR_LEN(data_size, 2);
+ n_Y = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_Y);
+ data_Y = &data[i];
+
+ _n_Y = n_Y;
+ _n_g = n_g;
+ _n_p = n_p;
+
+ if (_gnutls_mpi_scan_nz(&session->key.client_Y, data_Y, _n_Y) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan_nz(&session->key.client_g, data_g, _n_g) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ if (_gnutls_mpi_scan_nz(&session->key.client_p, data_p, _n_p) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ bits = _gnutls_dh_get_min_prime_bits(session);
+ if (bits < 0) {
+ gnutls_assert();
+ return bits;
+ }
+
+ if (_gnutls_mpi_get_nbits(session->key.client_p) < (size_t) bits) {
+ /* the prime used by the peer is not acceptable
+ */
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Received a prime of %u bits, limit is %u\n",
+ (unsigned) _gnutls_mpi_get_nbits(session->key.
+ client_p),
+ (unsigned) bits);
+ return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
+ }
+
+ _gnutls_dh_set_group(session, session->key.client_g,
+ session->key.client_p);
+ _gnutls_dh_set_peer_public(session, session->key.client_Y);
+
+ ret = n_Y + n_p + n_g + 6;
+
+ return ret;
}
int
-_gnutls_dh_common_print_server_kx (gnutls_session_t session,
- bigint_t g, bigint_t p, unsigned int q_bits,
- gnutls_buffer_st* data)
+_gnutls_dh_common_print_server_kx(gnutls_session_t session,
+ bigint_t g, bigint_t p,
+ unsigned int q_bits,
+ gnutls_buffer_st * data)
{
- bigint_t x, Y;
- int ret;
-
- /* Y=g^x mod p */
- ret = gnutls_calc_dh_secret (&Y, &x, g, p, q_bits);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- session->key.dh_secret = x;
- _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x));
-
- ret = _gnutls_buffer_append_mpi(data, 16, p, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_mpi(data, 16, g, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_mpi(data, 16, Y, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = data->length;
-cleanup:
- _gnutls_mpi_release (&Y);
-
- return ret;
+ bigint_t x, Y;
+ int ret;
+
+ /* Y=g^x mod p */
+ ret = gnutls_calc_dh_secret(&Y, &x, g, p, q_bits);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ session->key.dh_secret = x;
+ _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(x));
+
+ ret = _gnutls_buffer_append_mpi(data, 16, p, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_buffer_append_mpi(data, 16, g, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_buffer_append_mpi(data, 16, Y, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = data->length;
+ cleanup:
+ _gnutls_mpi_release(&Y);
+
+ return ret;
}
#endif
diff --git a/lib/auth/dh_common.h b/lib/auth/dh_common.h
index 8ab25a70a4..8bfaaaecff 100644
--- a/lib/auth/dh_common.h
+++ b/lib/auth/dh_common.h
@@ -25,26 +25,27 @@
#include <gnutls_auth.h>
-typedef struct
-{
- int secret_bits;
+typedef struct {
+ int secret_bits;
- gnutls_datum_t prime;
- gnutls_datum_t generator;
- gnutls_datum_t public_key;
+ gnutls_datum_t prime;
+ gnutls_datum_t generator;
+ gnutls_datum_t public_key;
} dh_info_st;
-void _gnutls_free_dh_info (dh_info_st * dh);
-int _gnutls_gen_dh_common_client_kx_int (gnutls_session_t, gnutls_buffer_st*, gnutls_datum_t *pskkey);
-int _gnutls_gen_dh_common_client_kx (gnutls_session_t, gnutls_buffer_st*);
-int _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size,
- bigint_t p, bigint_t g,
- gnutls_datum_t* psk_key);
-int _gnutls_dh_common_print_server_kx (gnutls_session_t, bigint_t g,
- bigint_t p, unsigned int q_bits,
- gnutls_buffer_st* data);
-int _gnutls_proc_dh_common_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size);
+void _gnutls_free_dh_info(dh_info_st * dh);
+int _gnutls_gen_dh_common_client_kx_int(gnutls_session_t,
+ gnutls_buffer_st *,
+ gnutls_datum_t * pskkey);
+int _gnutls_gen_dh_common_client_kx(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_proc_dh_common_client_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size,
+ bigint_t p, bigint_t g,
+ gnutls_datum_t * psk_key);
+int _gnutls_dh_common_print_server_kx(gnutls_session_t, bigint_t g,
+ bigint_t p, unsigned int q_bits,
+ gnutls_buffer_st * data);
+int _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size);
#endif
diff --git a/lib/auth/dhe.c b/lib/auth/dhe.c
index 24732d6f92..546194cdca 100644
--- a/lib/auth/dhe.c
+++ b/lib/auth/dhe.c
@@ -39,142 +39,145 @@
#include <auth/dh_common.h>
#include <auth/ecdhe.h>
-static int gen_dhe_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_dhe_server_kx (gnutls_session_t, uint8_t *, size_t);
-static int proc_dhe_client_kx (gnutls_session_t, uint8_t *, size_t);
+static int gen_dhe_server_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_dhe_server_kx(gnutls_session_t, uint8_t *, size_t);
+static int proc_dhe_client_kx(gnutls_session_t, uint8_t *, size_t);
#ifdef ENABLE_DHE
const mod_auth_st dhe_rsa_auth_struct = {
- "DHE_RSA",
- _gnutls_gen_cert_server_crt,
- _gnutls_gen_cert_client_crt,
- gen_dhe_server_kx,
- _gnutls_gen_dh_common_client_kx,
- _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
-
- _gnutls_proc_crt,
- _gnutls_proc_crt,
- proc_dhe_server_kx,
- proc_dhe_client_kx,
- _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ "DHE_RSA",
+ _gnutls_gen_cert_server_crt,
+ _gnutls_gen_cert_client_crt,
+ gen_dhe_server_kx,
+ _gnutls_gen_dh_common_client_kx,
+ _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_crt,
+ _gnutls_proc_crt,
+ proc_dhe_server_kx,
+ proc_dhe_client_kx,
+ _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
const mod_auth_st dhe_dss_auth_struct = {
- "DHE_DSS",
- _gnutls_gen_cert_server_crt,
- _gnutls_gen_cert_client_crt,
- gen_dhe_server_kx,
- _gnutls_gen_dh_common_client_kx,
- _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
-
- _gnutls_proc_crt,
- _gnutls_proc_crt,
- proc_dhe_server_kx,
- proc_dhe_client_kx,
- _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ "DHE_DSS",
+ _gnutls_gen_cert_server_crt,
+ _gnutls_gen_cert_client_crt,
+ gen_dhe_server_kx,
+ _gnutls_gen_dh_common_client_kx,
+ _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_crt,
+ _gnutls_proc_crt,
+ proc_dhe_server_kx,
+ proc_dhe_client_kx,
+ _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
#endif
static int
-gen_dhe_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- bigint_t g, p;
- const bigint_t *mpis;
- int ret = 0;
- gnutls_certificate_credentials_t cred;
- gnutls_dh_params_t dh_params;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
-
- if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 0)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- _gnutls_dh_set_group (session, g, p);
-
- ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Generate the signature. */
- return _gnutls_gen_dhe_signature(session, data, data->data, data->length);
+ bigint_t g, p;
+ const bigint_t *mpis;
+ int ret = 0;
+ gnutls_certificate_credentials_t cred;
+ gnutls_dh_params_t dh_params;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st),
+ 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ _gnutls_dh_set_group(session, g, p);
+
+ ret =
+ _gnutls_dh_common_print_server_kx(session, g, p,
+ dh_params->q_bits, data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Generate the signature. */
+ return _gnutls_gen_dhe_signature(session, data, data->data,
+ data->length);
}
static int
-proc_dhe_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_dhe_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
-gnutls_datum_t vdata;
-int ret;
+ gnutls_datum_t vdata;
+ int ret;
- ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- vdata.data = data;
- vdata.size = ret;
+ vdata.data = data;
+ vdata.size = ret;
- return _gnutls_proc_dhe_signature(session, data+ret, _data_size-ret, &vdata);
+ return _gnutls_proc_dhe_signature(session, data + ret,
+ _data_size - ret, &vdata);
}
static int
-proc_dhe_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_dhe_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- gnutls_certificate_credentials_t cred;
- bigint_t p, g;
- const bigint_t *mpis;
- gnutls_dh_params_t dh_params;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- return gnutls_assert_val(GNUTLS_E_NO_TEMPORARY_DH_PARAMS);
-
- p = mpis[0];
- g = mpis[1];
-
- return _gnutls_proc_dh_common_client_kx (session, data, _data_size, g, p, NULL);
+ gnutls_certificate_credentials_t cred;
+ bigint_t p, g;
+ const bigint_t *mpis;
+ gnutls_dh_params_t dh_params;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL)
+ return gnutls_assert_val(GNUTLS_E_NO_TEMPORARY_DH_PARAMS);
+
+ p = mpis[0];
+ g = mpis[1];
+
+ return _gnutls_proc_dh_common_client_kx(session, data, _data_size,
+ g, p, NULL);
}
diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c
index a51aaa1305..08dc3ef8cc 100644
--- a/lib/auth/dhe_psk.c
+++ b/lib/auth/dhe_psk.c
@@ -44,424 +44,418 @@
#include <auth/psk_passwd.h>
static int
-proc_ecdhe_psk_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size);
-static int gen_dhe_psk_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int gen_dhe_psk_client_kx (gnutls_session_t, gnutls_buffer_st*);
-static int gen_ecdhe_psk_client_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_ecdhe_psk_client_kx (gnutls_session_t, uint8_t *, size_t);
-static int proc_dhe_psk_server_kx (gnutls_session_t, uint8_t *, size_t);
-static int gen_ecdhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data);
-static int proc_dhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size);
+proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size);
+static int gen_dhe_psk_server_kx(gnutls_session_t, gnutls_buffer_st *);
+static int gen_dhe_psk_client_kx(gnutls_session_t, gnutls_buffer_st *);
+static int gen_ecdhe_psk_client_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_ecdhe_psk_client_kx(gnutls_session_t, uint8_t *, size_t);
+static int proc_dhe_psk_server_kx(gnutls_session_t, uint8_t *, size_t);
+static int gen_ecdhe_psk_server_kx(gnutls_session_t session,
+ gnutls_buffer_st * data);
+static int proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size);
#ifdef ENABLE_DHE
const mod_auth_st dhe_psk_auth_struct = {
- "DHE PSK",
- NULL,
- NULL,
- gen_dhe_psk_server_kx,
- gen_dhe_psk_client_kx,
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- proc_dhe_psk_server_kx,
- proc_dhe_psk_client_kx,
- NULL,
- NULL
+ "DHE PSK",
+ NULL,
+ NULL,
+ gen_dhe_psk_server_kx,
+ gen_dhe_psk_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_dhe_psk_server_kx,
+ proc_dhe_psk_client_kx,
+ NULL,
+ NULL
};
#endif
#ifdef ENABLE_ECDHE
const mod_auth_st ecdhe_psk_auth_struct = {
- "ECDHE PSK",
- NULL,
- NULL,
- gen_ecdhe_psk_server_kx,
- gen_ecdhe_psk_client_kx,
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- proc_ecdhe_psk_server_kx,
- proc_ecdhe_psk_client_kx,
- NULL,
- NULL
+ "ECDHE PSK",
+ NULL,
+ NULL,
+ gen_ecdhe_psk_server_kx,
+ gen_ecdhe_psk_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_ecdhe_psk_server_kx,
+ proc_ecdhe_psk_client_kx,
+ NULL,
+ NULL
};
#endif
static int
-gen_ecdhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret, free;
- gnutls_psk_client_credentials_t cred;
- gnutls_datum_t username, key;
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, username.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* The PSK key is set in there */
- ret = _gnutls_gen_ecdh_common_client_kx_int (session, data, &key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = data->length;
-
-cleanup:
- if (free)
- {
- _gnutls_free_datum(&username);
- _gnutls_free_datum(&key);
- }
-
- return ret;
+ int ret, free;
+ gnutls_psk_client_credentials_t cred;
+ gnutls_datum_t username, key;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL)
+ return
+ gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, username.data,
+ username.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* The PSK key is set in there */
+ ret = _gnutls_gen_ecdh_common_client_kx_int(session, data, &key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = data->length;
+
+ cleanup:
+ if (free) {
+ _gnutls_free_datum(&username);
+ _gnutls_free_datum(&key);
+ }
+
+ return ret;
}
static int
-gen_dhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret, free;
- gnutls_psk_client_credentials_t cred;
- gnutls_datum_t username, key;
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, username.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* The PSK key is set in there */
- ret = _gnutls_gen_dh_common_client_kx_int (session, data, &key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = data->length;
-
-cleanup:
- if (free)
- {
- _gnutls_free_datum(&username);
- _gnutls_free_datum(&key);
- }
-
- return ret;
+ int ret, free;
+ gnutls_psk_client_credentials_t cred;
+ gnutls_datum_t username, key;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL)
+ return
+ gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, username.data,
+ username.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* The PSK key is set in there */
+ ret = _gnutls_gen_dh_common_client_kx_int(session, data, &key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = data->length;
+
+ cleanup:
+ if (free) {
+ _gnutls_free_datum(&username);
+ _gnutls_free_datum(&key);
+ }
+
+ return ret;
}
static int
-gen_dhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_dhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- bigint_t g, p;
- const bigint_t *mpis;
- int ret;
- gnutls_dh_params_t dh_params;
- gnutls_psk_server_credentials_t cred;
-
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_dh_set_group (session, g, p);
-
- ret = _gnutls_buffer_append_prefix(data, 16, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data);
- if (ret < 0)
- gnutls_assert ();
-
- return ret;
+ bigint_t g, p;
+ const bigint_t *mpis;
+ int ret;
+ gnutls_dh_params_t dh_params;
+ gnutls_psk_server_credentials_t cred;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_dh_set_group(session, g, p);
+
+ ret = _gnutls_buffer_append_prefix(data, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_dh_common_print_server_kx(session, g, p,
+ dh_params->q_bits, data);
+ if (ret < 0)
+ gnutls_assert();
+
+ return ret;
}
static int
-gen_ecdhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret;
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_buffer_append_prefix(data, 16, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_ecdh_common_print_server_kx (session, data,
- _gnutls_session_ecc_curve_get(session));
- if (ret < 0)
- gnutls_assert ();
-
- return ret;
+ int ret;
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_append_prefix(data, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_ecdh_common_print_server_kx(session, data,
+ _gnutls_session_ecc_curve_get
+ (session));
+ if (ret < 0)
+ gnutls_assert();
+
+ return ret;
}
static int
-proc_dhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret;
- bigint_t p, g;
- gnutls_dh_params_t dh_params;
- const bigint_t *mpis;
- gnutls_datum_t psk_key;
- gnutls_psk_server_credentials_t cred;
- psk_auth_info_t info;
- gnutls_datum_t username;
- ssize_t data_size = _data_size;
-
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- dh_params =
- _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = _gnutls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- DECR_LEN (data_size, 2);
- username.size = _gnutls_read_uint16 (&data[0]);
-
- DECR_LEN (data_size, username.size);
-
- username.data = &data[2];
-
- /* copy the username to the auth info structures
- */
- info = _gnutls_get_auth_info (session);
-
- if (username.size > MAX_USERNAME_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- memcpy (info->username, username.data, username.size);
- info->username[username.size] = 0;
-
- /* Adjust the data */
- data += username.size + 2;
-
- ret = _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_proc_dh_common_client_kx (session, data, data_size,
- g, p, &psk_key);
-
- _gnutls_free_datum(&psk_key);
-
- return ret;
+ int ret;
+ bigint_t p, g;
+ gnutls_dh_params_t dh_params;
+ const bigint_t *mpis;
+ gnutls_datum_t psk_key;
+ gnutls_psk_server_credentials_t cred;
+ psk_auth_info_t info;
+ gnutls_datum_t username;
+ ssize_t data_size = _data_size;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params(cred->dh_params, cred->params_func,
+ session);
+ mpis = _gnutls_dh_params_to_mpi(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ DECR_LEN(data_size, 2);
+ username.size = _gnutls_read_uint16(&data[0]);
+
+ DECR_LEN(data_size, username.size);
+
+ username.data = &data[2];
+
+ /* copy the username to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session);
+
+ if (username.size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ memcpy(info->username, username.data, username.size);
+ info->username[username.size] = 0;
+
+ /* Adjust the data */
+ data += username.size + 2;
+
+ ret =
+ _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_proc_dh_common_client_kx(session, data, data_size,
+ g, p, &psk_key);
+
+ _gnutls_free_datum(&psk_key);
+
+ return ret;
}
static int
-proc_ecdhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret;
- gnutls_psk_server_credentials_t cred;
- gnutls_datum_t psk_key;
- psk_auth_info_t info;
- gnutls_datum_t username;
- ssize_t data_size = _data_size;
-
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- DECR_LEN (data_size, 2);
- username.size = _gnutls_read_uint16 (&data[0]);
-
- DECR_LEN (data_size, username.size);
-
- username.data = &data[2];
-
- /* copy the username to the auth info structures
- */
- info = _gnutls_get_auth_info (session);
-
- if (username.size > MAX_USERNAME_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- memcpy (info->username, username.data, username.size);
- info->username[username.size] = 0;
-
- /* Adjust the data */
- data += username.size + 2;
-
- /* should never fail. It will always return a key even if it is
- * a random one */
- ret = _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_proc_ecdh_common_client_kx(session, data, data_size,
- _gnutls_session_ecc_curve_get(session), &psk_key);
-
- _gnutls_free_datum(&psk_key);
-
- return ret;
+ int ret;
+ gnutls_psk_server_credentials_t cred;
+ gnutls_datum_t psk_key;
+ psk_auth_info_t info;
+ gnutls_datum_t username;
+ ssize_t data_size = _data_size;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ DECR_LEN(data_size, 2);
+ username.size = _gnutls_read_uint16(&data[0]);
+
+ DECR_LEN(data_size, username.size);
+
+ username.data = &data[2];
+
+ /* copy the username to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session);
+
+ if (username.size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ memcpy(info->username, username.data, username.size);
+ info->username[username.size] = 0;
+
+ /* Adjust the data */
+ data += username.size + 2;
+
+ /* should never fail. It will always return a key even if it is
+ * a random one */
+ ret =
+ _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_proc_ecdh_common_client_kx(session, data, data_size,
+ _gnutls_session_ecc_curve_get
+ (session), &psk_key);
+
+ _gnutls_free_datum(&psk_key);
+
+ return ret;
}
static int
-proc_dhe_psk_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret, psk_size;
- ssize_t data_size = _data_size;
-
- /* set auth_info */
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- DECR_LEN (data_size, 2);
- psk_size = _gnutls_read_uint16 (data);
- DECR_LEN (data_size, psk_size);
- data += 2 + psk_size;
-
- ret = _gnutls_proc_dh_common_server_kx (session, data, data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret, psk_size;
+ ssize_t data_size = _data_size;
+
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ DECR_LEN(data_size, 2);
+ psk_size = _gnutls_read_uint16(data);
+ DECR_LEN(data_size, psk_size);
+ data += 2 + psk_size;
+
+ ret = _gnutls_proc_dh_common_server_kx(session, data, data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
static int
-proc_ecdhe_psk_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- int ret, psk_size;
- ssize_t data_size = _data_size;
-
- /* set auth_info */
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- DECR_LEN (data_size, 2);
- psk_size = _gnutls_read_uint16 (data);
- DECR_LEN (data_size, psk_size);
- data += 2 + psk_size;
-
- ret = _gnutls_proc_ecdh_common_server_kx (session, data, data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret, psk_size;
+ ssize_t data_size = _data_size;
+
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ DECR_LEN(data_size, 2);
+ psk_size = _gnutls_read_uint16(data);
+ DECR_LEN(data_size, psk_size);
+ data += 2 + psk_size;
+
+ ret = _gnutls_proc_ecdh_common_server_kx(session, data, data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE_PSK */
+#endif /* ENABLE_PSK */
diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c
index 060c683233..8e8abbe498 100644
--- a/lib/auth/ecdhe.c
+++ b/lib/auth/ecdhe.c
@@ -42,308 +42,341 @@
#include <auth/cert.h>
#include <gnutls_pk.h>
-static int gen_ecdhe_server_kx (gnutls_session_t, gnutls_buffer_st*);
+static int gen_ecdhe_server_kx(gnutls_session_t, gnutls_buffer_st *);
static int
-proc_ecdhe_server_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size);
+proc_ecdhe_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size);
static int
-proc_ecdhe_client_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size);
+proc_ecdhe_client_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size);
#if defined(ENABLE_ECDHE)
const mod_auth_st ecdhe_ecdsa_auth_struct = {
- "ECDHE_ECDSA",
- _gnutls_gen_cert_server_crt,
- _gnutls_gen_cert_client_crt,
- gen_ecdhe_server_kx,
- _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */
- _gnutls_gen_cert_client_crt_vrfy,
- _gnutls_gen_cert_server_cert_req,
-
- _gnutls_proc_crt,
- _gnutls_proc_crt,
- proc_ecdhe_server_kx,
- proc_ecdhe_client_kx,
- _gnutls_proc_cert_client_crt_vrfy,
- _gnutls_proc_cert_cert_req
+ "ECDHE_ECDSA",
+ _gnutls_gen_cert_server_crt,
+ _gnutls_gen_cert_client_crt,
+ gen_ecdhe_server_kx,
+ _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */
+ _gnutls_gen_cert_client_crt_vrfy,
+ _gnutls_gen_cert_server_cert_req,
+
+ _gnutls_proc_crt,
+ _gnutls_proc_crt,
+ proc_ecdhe_server_kx,
+ proc_ecdhe_client_kx,
+ _gnutls_proc_cert_client_crt_vrfy,
+ _gnutls_proc_cert_cert_req
};
const mod_auth_st ecdhe_rsa_auth_struct = {
- "ECDHE_RSA",
- _gnutls_gen_cert_server_crt,
- _gnutls_gen_cert_client_crt,
- gen_ecdhe_server_kx,
- _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */
- _gnutls_gen_cert_client_crt_vrfy,
- _gnutls_gen_cert_server_cert_req,
-
- _gnutls_proc_crt,
- _gnutls_proc_crt,
- proc_ecdhe_server_kx,
- proc_ecdhe_client_kx,
- _gnutls_proc_cert_client_crt_vrfy,
- _gnutls_proc_cert_cert_req
+ "ECDHE_RSA",
+ _gnutls_gen_cert_server_crt,
+ _gnutls_gen_cert_client_crt,
+ gen_ecdhe_server_kx,
+ _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */
+ _gnutls_gen_cert_client_crt_vrfy,
+ _gnutls_gen_cert_server_cert_req,
+
+ _gnutls_proc_crt,
+ _gnutls_proc_crt,
+ proc_ecdhe_server_kx,
+ proc_ecdhe_client_kx,
+ _gnutls_proc_cert_client_crt_vrfy,
+ _gnutls_proc_cert_cert_req
};
-static int calc_ecdh_key( gnutls_session_t session, gnutls_datum_t * psk_key,
- gnutls_ecc_curve_t curve)
+static int calc_ecdh_key(gnutls_session_t session,
+ gnutls_datum_t * psk_key,
+ gnutls_ecc_curve_t curve)
{
-gnutls_pk_params_st pub;
-int ret;
-
- memset(&pub,0,sizeof(pub));
- pub.params[ECC_X] = session->key.ecdh_x;
- pub.params[ECC_Y] = session->key.ecdh_y;
- pub.flags = curve;
-
- if (psk_key == NULL)
- ret = _gnutls_pk_derive(GNUTLS_PK_EC, &session->key.key, &session->key.ecdh_params, &pub);
- else
- {
- gnutls_datum_t tmp_dh_key;
-
- ret = _gnutls_pk_derive(GNUTLS_PK_EC, &tmp_dh_key, &session->key.ecdh_params, &pub);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = _gnutls_set_psk_session_key (session, psk_key, &tmp_dh_key);
- _gnutls_free_datum (&tmp_dh_key);
- }
-
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- /* no longer needed */
- _gnutls_mpi_release (&session->key.ecdh_x);
- _gnutls_mpi_release (&session->key.ecdh_y);
- gnutls_pk_params_release( &session->key.ecdh_params);
- return ret;
+ gnutls_pk_params_st pub;
+ int ret;
+
+ memset(&pub, 0, sizeof(pub));
+ pub.params[ECC_X] = session->key.ecdh_x;
+ pub.params[ECC_Y] = session->key.ecdh_y;
+ pub.flags = curve;
+
+ if (psk_key == NULL)
+ ret =
+ _gnutls_pk_derive(GNUTLS_PK_EC, &session->key.key,
+ &session->key.ecdh_params, &pub);
+ else {
+ gnutls_datum_t tmp_dh_key;
+
+ ret =
+ _gnutls_pk_derive(GNUTLS_PK_EC, &tmp_dh_key,
+ &session->key.ecdh_params, &pub);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_set_psk_session_key(session, psk_key,
+ &tmp_dh_key);
+ _gnutls_free_datum(&tmp_dh_key);
+ }
+
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ /* no longer needed */
+ _gnutls_mpi_release(&session->key.ecdh_x);
+ _gnutls_mpi_release(&session->key.ecdh_y);
+ gnutls_pk_params_release(&session->key.ecdh_params);
+ return ret;
}
int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session,
- uint8_t * data, size_t _data_size,
- gnutls_ecc_curve_t curve,
- gnutls_datum_t* psk_key)
+ uint8_t * data, size_t _data_size,
+ gnutls_ecc_curve_t curve,
+ gnutls_datum_t * psk_key)
{
- ssize_t data_size = _data_size;
- int ret, i = 0;
- int point_size;
-
- if (curve == GNUTLS_ECC_CURVE_INVALID)
- return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
-
- DECR_LEN (data_size, 1);
- point_size = data[i];
- i+=1;
-
- DECR_LEN (data_size, point_size);
- ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size, &session->key.ecdh_x, &session->key.ecdh_y);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* generate pre-shared key */
- ret = calc_ecdh_key(session, psk_key, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
+ ssize_t data_size = _data_size;
+ int ret, i = 0;
+ int point_size;
+
+ if (curve == GNUTLS_ECC_CURVE_INVALID)
+ return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
+
+ DECR_LEN(data_size, 1);
+ point_size = data[i];
+ i += 1;
+
+ DECR_LEN(data_size, point_size);
+ ret =
+ _gnutls_ecc_ansi_x963_import(&data[i], point_size,
+ &session->key.ecdh_x,
+ &session->key.ecdh_y);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* generate pre-shared key */
+ ret = calc_ecdh_key(session, psk_key, curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
static int
-proc_ecdhe_client_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size)
+proc_ecdhe_client_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size)
{
- gnutls_certificate_credentials_t cred;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- return _gnutls_proc_ecdh_common_client_kx(session, data, _data_size,
- _gnutls_session_ecc_curve_get(session), NULL);
+ gnutls_certificate_credentials_t cred;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ return _gnutls_proc_ecdh_common_client_kx(session, data,
+ _data_size,
+ _gnutls_session_ecc_curve_get
+ (session), NULL);
}
int
-_gnutls_gen_ecdh_common_client_kx (gnutls_session_t session,
- gnutls_buffer_st* data)
+_gnutls_gen_ecdh_common_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- return _gnutls_gen_ecdh_common_client_kx_int(session, data, NULL);
+ return _gnutls_gen_ecdh_common_client_kx_int(session, data, NULL);
}
int
-_gnutls_gen_ecdh_common_client_kx_int (gnutls_session_t session,
- gnutls_buffer_st* data,
- gnutls_datum_t * psk_key)
+_gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
+ gnutls_buffer_st * data,
+ gnutls_datum_t * psk_key)
{
- int ret;
- gnutls_datum_t out;
- int curve = _gnutls_session_ecc_curve_get(session);
-
- /* generate temporal key */
- ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key.ecdh_params);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_ecc_ansi_x963_export(curve, session->key.ecdh_params.params[ECC_X] /* x */,
- session->key.ecdh_params.params[ECC_Y] /* y */, &out);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data_prefix(data, 8, out.data, out.size);
-
- _gnutls_free_datum(&out);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* generate pre-shared key */
- ret = calc_ecdh_key(session, psk_key, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return data->length;
+ int ret;
+ gnutls_datum_t out;
+ int curve = _gnutls_session_ecc_curve_get(session);
+
+ /* generate temporal key */
+ ret =
+ _gnutls_pk_generate(GNUTLS_PK_EC, curve,
+ &session->key.ecdh_params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_ecc_ansi_x963_export(curve,
+ session->key.ecdh_params.
+ params[ECC_X] /* x */ ,
+ session->key.ecdh_params.
+ params[ECC_Y] /* y */ , &out);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 8, out.data, out.size);
+
+ _gnutls_free_datum(&out);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* generate pre-shared key */
+ ret = calc_ecdh_key(session, psk_key, curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return data->length;
}
static int
-proc_ecdhe_server_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size)
+proc_ecdhe_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size)
{
-int ret;
-gnutls_datum_t vparams;
+ int ret;
+ gnutls_datum_t vparams;
- ret = _gnutls_proc_ecdh_common_server_kx(session, data, _data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_proc_ecdh_common_server_kx(session, data, _data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- vparams.data = data;
- vparams.size = ret;
+ vparams.data = data;
+ vparams.size = ret;
- return _gnutls_proc_dhe_signature(session, data+ret, _data_size-ret, &vparams);
+ return _gnutls_proc_dhe_signature(session, data + ret,
+ _data_size - ret, &vparams);
}
int
-_gnutls_proc_ecdh_common_server_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size)
+_gnutls_proc_ecdh_common_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size)
{
- int i, ret, point_size;
- gnutls_ecc_curve_t curve;
- ssize_t data_size = _data_size;
+ int i, ret, point_size;
+ gnutls_ecc_curve_t curve;
+ ssize_t data_size = _data_size;
- i = 0;
- DECR_LEN (data_size, 1);
- if (data[i++] != 3)
- return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
-
- DECR_LEN (data_size, 2);
- curve = _gnutls_tls_id_to_ecc_curve(_gnutls_read_uint16 (&data[i]));
- i += 2;
+ i = 0;
+ DECR_LEN(data_size, 1);
+ if (data[i++] != 3)
+ return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
- ret = _gnutls_session_supports_ecc_curve(session, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ DECR_LEN(data_size, 2);
+ curve = _gnutls_tls_id_to_ecc_curve(_gnutls_read_uint16(&data[i]));
+ i += 2;
- _gnutls_session_ecc_curve_set(session, curve);
+ ret = _gnutls_session_supports_ecc_curve(session, curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- DECR_LEN (data_size, 1);
- point_size = data[i];
- i++;
+ _gnutls_session_ecc_curve_set(session, curve);
- DECR_LEN (data_size, point_size);
- ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size, &session->key.ecdh_x, &session->key.ecdh_y);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ DECR_LEN(data_size, 1);
+ point_size = data[i];
+ i++;
- i+=point_size;
+ DECR_LEN(data_size, point_size);
+ ret =
+ _gnutls_ecc_ansi_x963_import(&data[i], point_size,
+ &session->key.ecdh_x,
+ &session->key.ecdh_y);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- return i;
+ i += point_size;
+
+ return i;
}
/* If the psk flag is set, then an empty psk_identity_hint will
* be inserted */
-int _gnutls_ecdh_common_print_server_kx (gnutls_session_t session, gnutls_buffer_st* data,
- gnutls_ecc_curve_t curve)
+int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session,
+ gnutls_buffer_st * data,
+ gnutls_ecc_curve_t curve)
{
- uint8_t p;
- int ret;
- gnutls_datum_t out;
-
- if (curve == GNUTLS_ECC_CURVE_INVALID)
- return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
-
- /* curve type */
- p = 3;
-
- ret = _gnutls_buffer_append_data(data, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_prefix(data, 16, _gnutls_ecc_curve_get_tls_id(curve));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* generate temporal key */
- ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key.ecdh_params);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_ecc_ansi_x963_export(curve, session->key.ecdh_params.params[ECC_X] /* x */,
- session->key.ecdh_params.params[ECC_Y] /* y */, &out);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data_prefix(data, 8, out.data, out.size);
-
- _gnutls_free_datum(&out);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return data->length;
+ uint8_t p;
+ int ret;
+ gnutls_datum_t out;
+
+ if (curve == GNUTLS_ECC_CURVE_INVALID)
+ return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
+
+ /* curve type */
+ p = 3;
+
+ ret = _gnutls_buffer_append_data(data, &p, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_prefix(data, 16,
+ _gnutls_ecc_curve_get_tls_id
+ (curve));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* generate temporal key */
+ ret =
+ _gnutls_pk_generate(GNUTLS_PK_EC, curve,
+ &session->key.ecdh_params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_ecc_ansi_x963_export(curve,
+ session->key.ecdh_params.
+ params[ECC_X] /* x */ ,
+ session->key.ecdh_params.
+ params[ECC_Y] /* y */ , &out);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 8, out.data, out.size);
+
+ _gnutls_free_datum(&out);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return data->length;
}
static int
-gen_ecdhe_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- int ret = 0;
- gnutls_certificate_credentials_t cred;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 0)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_ecdh_common_print_server_kx (session, data, _gnutls_session_ecc_curve_get(session));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Generate the signature. */
- return _gnutls_gen_dhe_signature(session, data, data->data, data->length);
+ int ret = 0;
+ gnutls_certificate_credentials_t cred;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st),
+ 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_ecdh_common_print_server_kx(session, data,
+ _gnutls_session_ecc_curve_get
+ (session));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Generate the signature. */
+ return _gnutls_gen_dhe_signature(session, data, data->data,
+ data->length);
}
#endif
diff --git a/lib/auth/ecdhe.h b/lib/auth/ecdhe.h
index 1401b19a22..33a0f47bb8 100644
--- a/lib/auth/ecdhe.h
+++ b/lib/auth/ecdhe.h
@@ -26,24 +26,25 @@
#include <gnutls_auth.h>
int
-_gnutls_gen_ecdh_common_client_kx (gnutls_session_t session,
- gnutls_buffer_st* data);
+_gnutls_gen_ecdh_common_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data);
int
-_gnutls_gen_ecdh_common_client_kx_int (gnutls_session_t session,
- gnutls_buffer_st* data,
- gnutls_datum_t * psk_key);
+_gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
+ gnutls_buffer_st * data,
+ gnutls_datum_t * psk_key);
int
-_gnutls_proc_ecdh_common_client_kx (gnutls_session_t session,
- uint8_t * data, size_t _data_size,
- gnutls_ecc_curve_t curve,
- gnutls_datum_t *psk_key);
-
-int _gnutls_ecdh_common_print_server_kx (gnutls_session_t, gnutls_buffer_st* data,
- gnutls_ecc_curve_t curve);
-int _gnutls_proc_ecdh_common_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size);
+_gnutls_proc_ecdh_common_client_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size,
+ gnutls_ecc_curve_t curve,
+ gnutls_datum_t * psk_key);
+
+int _gnutls_ecdh_common_print_server_kx(gnutls_session_t,
+ gnutls_buffer_st * data,
+ gnutls_ecc_curve_t curve);
+int _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session,
+ uint8_t * data, size_t _data_size);
diff --git a/lib/auth/psk.c b/lib/auth/psk.c
index 053f6027fa..828ded4ff8 100644
--- a/lib/auth/psk.c
+++ b/lib/auth/psk.c
@@ -35,113 +35,111 @@
#include <gnutls_datum.h>
-int _gnutls_proc_psk_client_kx (gnutls_session_t, uint8_t *, size_t);
+int _gnutls_proc_psk_client_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st psk_auth_struct = {
- "PSK",
- NULL,
- NULL,
- _gnutls_gen_psk_server_kx,
- _gnutls_gen_psk_client_kx,
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- _gnutls_proc_psk_server_kx,
- _gnutls_proc_psk_client_kx,
- NULL,
- NULL
+ "PSK",
+ NULL,
+ NULL,
+ _gnutls_gen_psk_server_kx,
+ _gnutls_gen_psk_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ _gnutls_proc_psk_server_kx,
+ _gnutls_proc_psk_client_kx,
+ NULL,
+ NULL
};
/* Set the PSK premaster secret.
*/
int
-_gnutls_set_psk_session_key (gnutls_session_t session,
- gnutls_datum_t * ppsk /* key */,
- gnutls_datum_t * dh_secret)
+_gnutls_set_psk_session_key(gnutls_session_t session,
+ gnutls_datum_t * ppsk /* key */ ,
+ gnutls_datum_t * dh_secret)
{
- gnutls_datum_t pwd_psk = { NULL, 0 };
- size_t dh_secret_size;
- uint8_t * p;
- int ret;
-
- if (dh_secret == NULL)
- dh_secret_size = ppsk->size;
- else
- dh_secret_size = dh_secret->size;
-
- /* set the session key
- */
- session->key.key.size = 4 + dh_secret_size + ppsk->size;
- session->key.key.data = gnutls_malloc (session->key.key.size);
- if (session->key.key.data == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* format of the premaster secret:
- * (uint16_t) psk_size
- * psk_size bytes of (0)s
- * (uint16_t) psk_size
- * the psk
- */
- p = session->key.key.data;
- _gnutls_write_uint16 (dh_secret_size, p);
- p+=2;
- if (dh_secret == NULL)
- memset (p, 0, dh_secret_size);
- else
- memcpy (p, dh_secret->data, dh_secret->size);
-
- p += dh_secret_size;
- _gnutls_write_uint16 (ppsk->size, p);
- if (ppsk->data != NULL)
- memcpy (p+2, ppsk->data, ppsk->size);
-
- ret = 0;
-
-error:
- _gnutls_free_datum (&pwd_psk);
- return ret;
+ gnutls_datum_t pwd_psk = { NULL, 0 };
+ size_t dh_secret_size;
+ uint8_t *p;
+ int ret;
+
+ if (dh_secret == NULL)
+ dh_secret_size = ppsk->size;
+ else
+ dh_secret_size = dh_secret->size;
+
+ /* set the session key
+ */
+ session->key.key.size = 4 + dh_secret_size + ppsk->size;
+ session->key.key.data = gnutls_malloc(session->key.key.size);
+ if (session->key.key.data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* format of the premaster secret:
+ * (uint16_t) psk_size
+ * psk_size bytes of (0)s
+ * (uint16_t) psk_size
+ * the psk
+ */
+ p = session->key.key.data;
+ _gnutls_write_uint16(dh_secret_size, p);
+ p += 2;
+ if (dh_secret == NULL)
+ memset(p, 0, dh_secret_size);
+ else
+ memcpy(p, dh_secret->data, dh_secret->size);
+
+ p += dh_secret_size;
+ _gnutls_write_uint16(ppsk->size, p);
+ if (ppsk->data != NULL)
+ memcpy(p + 2, ppsk->data, ppsk->size);
+
+ ret = 0;
+
+ error:
+ _gnutls_free_datum(&pwd_psk);
+ return ret;
}
/* returns the username and they key for the PSK session.
* Free is non (0) if they have to be freed.
*/
-int _gnutls_find_psk_key( gnutls_session_t session, gnutls_psk_client_credentials_t cred,
- gnutls_datum_t * username, gnutls_datum_t* key, int* free)
+int _gnutls_find_psk_key(gnutls_session_t session,
+ gnutls_psk_client_credentials_t cred,
+ gnutls_datum_t * username, gnutls_datum_t * key,
+ int *free)
{
-char* user_p;
-int ret;
-
- *free = 0;
-
- if (cred->username.data != NULL && cred->key.data != NULL)
- {
- username->data = cred->username.data;
- username->size = cred->username.size;
- key->data = cred->key.data;
- key->size = cred->key.size;
- }
- else if (cred->get_function != NULL)
- {
- ret = cred->get_function (session, &user_p, key);
- if (ret)
- return gnutls_assert_val(ret);
-
- username->data = (uint8_t*)user_p;
- username->size = strlen(user_p);
-
- *free = 1;
- }
- else
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- return 0;
+ char *user_p;
+ int ret;
+
+ *free = 0;
+
+ if (cred->username.data != NULL && cred->key.data != NULL) {
+ username->data = cred->username.data;
+ username->size = cred->username.size;
+ key->data = cred->key.data;
+ key->size = cred->key.size;
+ } else if (cred->get_function != NULL) {
+ ret = cred->get_function(session, &user_p, key);
+ if (ret)
+ return gnutls_assert_val(ret);
+
+ username->data = (uint8_t *) user_p;
+ username->size = strlen(user_p);
+
+ *free = 1;
+ } else
+ return
+ gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ return 0;
}
@@ -156,117 +154,113 @@ int ret;
*
*/
int
-_gnutls_gen_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_psk_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret, free;
- gnutls_datum_t username;
- gnutls_datum_t key;
- gnutls_psk_client_credentials_t cred;
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_set_psk_session_key (session, &key, NULL);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, username.size);
- if (ret < 0)
- {
- gnutls_assert();
- }
-
-cleanup:
- if (free)
- {
- gnutls_free(username.data);
- gnutls_free(key.data);
- }
-
- return ret;
+ int ret, free;
+ gnutls_datum_t username;
+ gnutls_datum_t key;
+ gnutls_psk_client_credentials_t cred;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_set_psk_session_key(session, &key, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, username.data,
+ username.size);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ if (free) {
+ gnutls_free(username.data);
+ gnutls_free(key.data);
+ }
+
+ return ret;
}
/* just read the username from the client key exchange.
*/
int
-_gnutls_proc_psk_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+_gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- ssize_t data_size = _data_size;
- int ret;
- gnutls_datum_t username, psk_key;
- gnutls_psk_server_credentials_t cred;
- psk_auth_info_t info;
+ ssize_t data_size = _data_size;
+ int ret;
+ gnutls_datum_t username, psk_key;
+ gnutls_psk_server_credentials_t cred;
+ psk_auth_info_t info;
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- DECR_LEN (data_size, 2);
- username.size = _gnutls_read_uint16 (&data[0]);
+ DECR_LEN(data_size, 2);
+ username.size = _gnutls_read_uint16(&data[0]);
- DECR_LEN (data_size, username.size);
+ DECR_LEN(data_size, username.size);
- username.data = &data[2];
+ username.data = &data[2];
- /* copy the username to the auth info structures
- */
- info = _gnutls_get_auth_info (session);
+ /* copy the username to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session);
- if (username.size > MAX_USERNAME_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
+ if (username.size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
- memcpy (info->username, username.data, username.size);
- info->username[username.size] = 0;
+ memcpy(info->username, username.data, username.size);
+ info->username[username.size] = 0;
- ret = _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_psk_pwd_find_entry(session, info->username, &psk_key);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_set_psk_session_key (session, &psk_key, NULL);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ ret = _gnutls_set_psk_session_key(session, &psk_key, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
- ret = 0;
+ ret = 0;
-error:
- _gnutls_free_datum(&psk_key);
+ error:
+ _gnutls_free_datum(&psk_key);
- return ret;
+ return ret;
}
@@ -282,94 +276,90 @@ error:
*
*/
int
-_gnutls_gen_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_psk_server_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- gnutls_psk_server_credentials_t cred;
- gnutls_datum_t hint;
+ gnutls_psk_server_credentials_t cred;
+ gnutls_datum_t hint;
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- /* Abort sending this message if there is no PSK identity hint. */
- if (cred->hint == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INT_RET_0;
- }
+ /* Abort sending this message if there is no PSK identity hint. */
+ if (cred->hint == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INT_RET_0;
+ }
- hint.data = (uint8_t*)cred->hint;
- hint.size = strlen (cred->hint);
+ hint.data = (uint8_t *) cred->hint;
+ hint.size = strlen(cred->hint);
- return _gnutls_buffer_append_data_prefix(data, 16, hint.data, hint.size);
+ return _gnutls_buffer_append_data_prefix(data, 16, hint.data,
+ hint.size);
}
/* just read the hint from the server key exchange.
*/
int
-_gnutls_proc_psk_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+_gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- ssize_t data_size = _data_size;
- int ret;
- gnutls_datum_t hint;
- gnutls_psk_client_credentials_t cred;
- psk_auth_info_t info;
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- DECR_LENGTH_RET (data_size, 2, 0);
- hint.size = _gnutls_read_uint16 (&data[0]);
-
- DECR_LEN (data_size, hint.size);
-
- hint.data = &data[2];
-
- /* copy the hint to the auth info structures
- */
- info = _gnutls_get_auth_info (session);
-
- if (hint.size > MAX_USERNAME_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- memcpy (info->hint, hint.data, hint.size);
- info->hint[hint.size] = 0;
-
- ret = _gnutls_set_psk_session_key (session, &cred->key, NULL);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = 0;
-
-error:
- return ret;
+ ssize_t data_size = _data_size;
+ int ret;
+ gnutls_datum_t hint;
+ gnutls_psk_client_credentials_t cred;
+ psk_auth_info_t info;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ DECR_LENGTH_RET(data_size, 2, 0);
+ hint.size = _gnutls_read_uint16(&data[0]);
+
+ DECR_LEN(data_size, hint.size);
+
+ hint.data = &data[2];
+
+ /* copy the hint to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session);
+
+ if (hint.size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ memcpy(info->hint, hint.data, hint.size);
+ info->hint[hint.size] = 0;
+
+ ret = _gnutls_set_psk_session_key(session, &cred->key, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ return ret;
}
-#endif /* ENABLE_PSK */
+#endif /* ENABLE_PSK */
diff --git a/lib/auth/psk.h b/lib/auth/psk.h
index 1507425f47..3322493762 100644
--- a/lib/auth/psk.h
+++ b/lib/auth/psk.h
@@ -26,38 +26,35 @@
#include <gnutls_auth.h>
#include <auth/dh_common.h>
-typedef struct gnutls_psk_client_credentials_st
-{
- gnutls_datum_t username;
- gnutls_datum_t key;
- gnutls_psk_client_credentials_function *get_function;
+typedef struct gnutls_psk_client_credentials_st {
+ gnutls_datum_t username;
+ gnutls_datum_t key;
+ gnutls_psk_client_credentials_function *get_function;
} psk_client_credentials_st;
-typedef struct gnutls_psk_server_credentials_st
-{
- char *password_file;
- /* callback function, instead of reading the
- * password files.
- */
- gnutls_psk_server_credentials_function *pwd_callback;
+typedef struct gnutls_psk_server_credentials_st {
+ char *password_file;
+ /* callback function, instead of reading the
+ * password files.
+ */
+ gnutls_psk_server_credentials_function *pwd_callback;
- /* For DHE_PSK */
- gnutls_dh_params_t dh_params;
- /* this callback is used to retrieve the DH or RSA
- * parameters.
- */
- gnutls_params_function *params_func;
+ /* For DHE_PSK */
+ gnutls_dh_params_t dh_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
- /* Identity hint. */
- char *hint;
+ /* Identity hint. */
+ char *hint;
} psk_server_cred_st;
/* these structures should not use allocated data */
-typedef struct psk_auth_info_st
-{
- char username[MAX_USERNAME_SIZE + 1];
- dh_info_st dh;
- char hint[MAX_USERNAME_SIZE + 1];
+typedef struct psk_auth_info_st {
+ char username[MAX_USERNAME_SIZE + 1];
+ dh_info_st dh;
+ char hint[MAX_USERNAME_SIZE + 1];
} *psk_auth_info_t;
@@ -66,17 +63,21 @@ typedef struct psk_auth_info_st
typedef struct psk_auth_info_st psk_auth_info_st;
int
-_gnutls_set_psk_session_key (gnutls_session_t session, gnutls_datum_t* key, gnutls_datum_t * psk2);
-int _gnutls_gen_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data);
-int _gnutls_gen_psk_client_kx (gnutls_session_t, gnutls_buffer_st*);
-int _gnutls_proc_psk_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size);
+_gnutls_set_psk_session_key(gnutls_session_t session, gnutls_datum_t * key,
+ gnutls_datum_t * psk2);
+int _gnutls_gen_psk_server_kx(gnutls_session_t session,
+ gnutls_buffer_st * data);
+int _gnutls_gen_psk_client_kx(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size);
-int _gnutls_find_psk_key( gnutls_session_t session, gnutls_psk_client_credentials_t cred,
- gnutls_datum_t * username, gnutls_datum_t* key, int* free);
+int _gnutls_find_psk_key(gnutls_session_t session,
+ gnutls_psk_client_credentials_t cred,
+ gnutls_datum_t * username, gnutls_datum_t * key,
+ int *free);
#else
#define _gnutls_set_psk_session_key(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE
-#endif /* ENABLE_PSK */
+#endif /* ENABLE_PSK */
#endif
diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c
index b27161a663..5f39955c9c 100644
--- a/lib/auth/psk_passwd.c
+++ b/lib/auth/psk_passwd.c
@@ -42,50 +42,46 @@
/* this function parses passwd.psk file. Format is:
* string(username):hex(passwd)
*/
-static int
-pwd_put_values (gnutls_datum_t * psk, char *str)
+static int pwd_put_values(gnutls_datum_t * psk, char *str)
{
- char *p;
- int len, ret;
- size_t size;
-
- p = strchr (str, ':');
- if (p == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- /* skip username
- */
-
- /* read the key
- */
- len = strlen (p);
- if (p[len - 1] == '\n' || p[len - 1] == ' ')
- len--;
-
- size = psk->size = len / 2;
- psk->data = gnutls_malloc (size);
- if (psk->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_hex2bin (p, len, psk->data, &size);
- psk->size = (unsigned int) size;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
-
- return 0;
+ char *p;
+ int len, ret;
+ size_t size;
+
+ p = strchr(str, ':');
+ if (p == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ /* skip username
+ */
+
+ /* read the key
+ */
+ len = strlen(p);
+ if (p[len - 1] == '\n' || p[len - 1] == ' ')
+ len--;
+
+ size = psk->size = len / 2;
+ psk->data = gnutls_malloc(size);
+ if (psk->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_hex2bin(p, len, psk->data, &size);
+ psk->size = (unsigned int) size;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+
+ return 0;
}
@@ -93,132 +89,118 @@ pwd_put_values (gnutls_datum_t * psk, char *str)
/* Randomizes the given password entry. It actually sets a random password.
* Returns 0 on success.
*/
-static int
-_randomize_psk (gnutls_datum_t * psk)
+static int _randomize_psk(gnutls_datum_t * psk)
{
- int ret;
+ int ret;
- psk->data = gnutls_malloc (16);
- if (psk->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ psk->data = gnutls_malloc(16);
+ if (psk->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- psk->size = 16;
+ psk->size = 16;
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, (char *) psk->data, 16);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, (char *) psk->data, 16);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/* Returns the PSK key of the given user.
* If the user doesn't exist a random password is returned instead.
*/
int
-_gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username,
- gnutls_datum_t * psk)
+_gnutls_psk_pwd_find_entry(gnutls_session_t session, char *username,
+ gnutls_datum_t * psk)
{
- gnutls_psk_server_credentials_t cred;
- FILE *fd;
- char line[2 * 1024];
- unsigned i, len;
- int ret;
-
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* if the callback which sends the parameters is
- * set, use it.
- */
- if (cred->pwd_callback != NULL)
- {
- ret = cred->pwd_callback (session, username, psk);
-
- if (ret == 1)
- { /* the user does not exist */
- ret = _randomize_psk (psk);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- return 0;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_ERROR;
- }
-
- return 0;
- }
-
- /* The callback was not set. Proceed.
- */
- if (cred->password_file == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_ERROR;
- }
-
- /* Open the selected password file.
- */
- fd = fopen (cred->password_file, "r");
- if (fd == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_ERROR;
- }
-
- len = strlen (username);
- while (fgets (line, sizeof (line), fd) != NULL)
- {
- /* move to first ':' */
- i = 0;
- while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
-
- if (strncmp (username, line, MAX (i, len)) == 0)
- {
- ret = pwd_put_values (psk, line);
- fclose (fd);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_ERROR;
- }
- return 0;
- }
- }
- fclose (fd);
-
- /* user was not found. Fake him.
- * the last index found and randomize the entry.
- */
- ret = _randomize_psk (psk);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ gnutls_psk_server_credentials_t cred;
+ FILE *fd;
+ char line[2 * 1024];
+ unsigned i, len;
+ int ret;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* if the callback which sends the parameters is
+ * set, use it.
+ */
+ if (cred->pwd_callback != NULL) {
+ ret = cred->pwd_callback(session, username, psk);
+
+ if (ret == 1) { /* the user does not exist */
+ ret = _randomize_psk(psk);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ return 0;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ return 0;
+ }
+
+ /* The callback was not set. Proceed.
+ */
+ if (cred->password_file == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ /* Open the selected password file.
+ */
+ fd = fopen(cred->password_file, "r");
+ if (fd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ len = strlen(username);
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ /* move to first ':' */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0')
+ && (i < sizeof(line))) {
+ i++;
+ }
+
+ if (strncmp(username, line, MAX(i, len)) == 0) {
+ ret = pwd_put_values(psk, line);
+ fclose(fd);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+ return 0;
+ }
+ }
+ fclose(fd);
+
+ /* user was not found. Fake him.
+ * the last index found and randomize the entry.
+ */
+ ret = _randomize_psk(psk);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE PSK */
+#endif /* ENABLE PSK */
diff --git a/lib/auth/psk_passwd.h b/lib/auth/psk_passwd.h
index 9af98d4651..f09df621d5 100644
--- a/lib/auth/psk_passwd.h
+++ b/lib/auth/psk_passwd.h
@@ -23,7 +23,7 @@
#ifdef ENABLE_PSK
/* this is locally allocated. It should be freed using the provided function */
-int _gnutls_psk_pwd_find_entry (gnutls_session_t, char *username,
- gnutls_datum_t * key);
+int _gnutls_psk_pwd_find_entry(gnutls_session_t, char *username,
+ gnutls_datum_t * key);
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index 5a17627f62..aaaeb95888 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -42,177 +42,166 @@
#include <abstract_int.h>
#include <auth/rsa_common.h>
-int _gnutls_gen_rsa_client_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_rsa_client_kx (gnutls_session_t, uint8_t *, size_t);
+int _gnutls_gen_rsa_client_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_rsa_client_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st rsa_auth_struct = {
- "RSA",
- _gnutls_gen_cert_server_crt,
- _gnutls_gen_cert_client_crt,
- NULL, /* gen server kx */
- _gnutls_gen_rsa_client_kx,
- _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
-
- _gnutls_proc_crt,
- _gnutls_proc_crt,
- NULL, /* proc server kx */
- proc_rsa_client_kx, /* proc client kx */
- _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ "RSA",
+ _gnutls_gen_cert_server_crt,
+ _gnutls_gen_cert_client_crt,
+ NULL, /* gen server kx */
+ _gnutls_gen_rsa_client_kx,
+ _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_crt,
+ _gnutls_proc_crt,
+ NULL, /* proc server kx */
+ proc_rsa_client_kx, /* proc client kx */
+ _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
/* This function reads the RSA parameters from peer's certificate;
*/
int
-_gnutls_get_public_rsa_params (gnutls_session_t session,
- gnutls_pk_params_st * params)
+_gnutls_get_public_rsa_params(gnutls_session_t session,
+ gnutls_pk_params_st * params)
{
- int ret;
- cert_auth_info_t info;
- gnutls_pcert_st peer_cert;
-
- /* normal non export case */
-
- info = _gnutls_get_auth_info (session);
-
- if (info == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret =
- _gnutls_get_auth_info_pcert (&peer_cert,
- session->security_parameters.cert_type,
- info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- gnutls_pk_params_init(params);
-
- ret = _gnutls_pubkey_get_mpis(peer_cert.pubkey, params);
- if (ret < 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- goto cleanup2;
- }
-
- gnutls_pcert_deinit (&peer_cert);
- return 0;
-
-cleanup2:
- gnutls_pcert_deinit (&peer_cert);
-
- return ret;
+ int ret;
+ cert_auth_info_t info;
+ gnutls_pcert_st peer_cert;
+
+ /* normal non export case */
+
+ info = _gnutls_get_auth_info(session);
+
+ if (info == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ _gnutls_get_auth_info_pcert(&peer_cert,
+ session->security_parameters.
+ cert_type, info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ gnutls_pk_params_init(params);
+
+ ret = _gnutls_pubkey_get_mpis(peer_cert.pubkey, params);
+ if (ret < 0) {
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ goto cleanup2;
+ }
+
+ gnutls_pcert_deinit(&peer_cert);
+ return 0;
+
+ cleanup2:
+ gnutls_pcert_deinit(&peer_cert);
+
+ return ret;
}
static int
-proc_rsa_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- gnutls_datum_t plaintext;
- gnutls_datum_t ciphertext;
- int ret, dsize;
- int randomize_key = 0;
- ssize_t data_size = _data_size;
-
- if (get_num_version (session) == GNUTLS_SSL3)
- {
- /* SSL 3.0
- */
- ciphertext.data = data;
- ciphertext.size = data_size;
- }
- else
- {
- /* TLS 1.0
- */
- DECR_LEN (data_size, 2);
- ciphertext.data = &data[2];
- dsize = _gnutls_read_uint16 (data);
-
- if (dsize != data_size)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- ciphertext.size = dsize;
- }
-
- ret =
- gnutls_privkey_decrypt_data (session->internals.selected_key, 0,
- &ciphertext, &plaintext);
-
- if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
- {
- /* In case decryption fails then don't inform
- * the peer. Just use a random key. (in order to avoid
- * attack against pkcs-1 formating).
- */
- gnutls_assert ();
- _gnutls_audit_log (session, "auth_rsa: Possible PKCS #1 format attack\n");
- randomize_key = 1;
- }
- else
- {
- /* If the secret was properly formatted, then
- * check the version number.
- */
- if (_gnutls_get_adv_version_major (session) != plaintext.data[0] ||
- (session->internals.priorities.allow_wrong_pms == 0 &&
- _gnutls_get_adv_version_minor (session) != plaintext.data[1]))
- {
- /* No error is returned here, if the version number check
- * fails. We proceed normally.
- * That is to defend against the attack described in the paper
- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
- * Ondej Pokorny and Tomas Rosa.
- */
- gnutls_assert ();
- _gnutls_audit_log
- (session, "auth_rsa: Possible PKCS #1 version check format attack\n");
- }
- }
-
- if (randomize_key != 0)
- {
- session->key.key.size = GNUTLS_MASTER_SIZE;
- session->key.key.data = gnutls_malloc (session->key.key.size);
- if (session->key.key.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* we do not need strong random numbers here.
- */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key.key.data,
- session->key.key.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- }
- else
- {
- session->key.key.data = plaintext.data;
- session->key.key.size = plaintext.size;
- }
-
- /* This is here to avoid the version check attack
- * discussed above.
- */
- session->key.key.data[0] = _gnutls_get_adv_version_major (session);
- session->key.key.data[1] = _gnutls_get_adv_version_minor (session);
-
- return 0;
+ gnutls_datum_t plaintext;
+ gnutls_datum_t ciphertext;
+ int ret, dsize;
+ int randomize_key = 0;
+ ssize_t data_size = _data_size;
+
+ if (get_num_version(session) == GNUTLS_SSL3) {
+ /* SSL 3.0
+ */
+ ciphertext.data = data;
+ ciphertext.size = data_size;
+ } else {
+ /* TLS 1.0
+ */
+ DECR_LEN(data_size, 2);
+ ciphertext.data = &data[2];
+ dsize = _gnutls_read_uint16(data);
+
+ if (dsize != data_size) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ ciphertext.size = dsize;
+ }
+
+ ret =
+ gnutls_privkey_decrypt_data(session->internals.selected_key, 0,
+ &ciphertext, &plaintext);
+
+ if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) {
+ /* In case decryption fails then don't inform
+ * the peer. Just use a random key. (in order to avoid
+ * attack against pkcs-1 formating).
+ */
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "auth_rsa: Possible PKCS #1 format attack\n");
+ randomize_key = 1;
+ } else {
+ /* If the secret was properly formatted, then
+ * check the version number.
+ */
+ if (_gnutls_get_adv_version_major(session) !=
+ plaintext.data[0]
+ || (session->internals.priorities.allow_wrong_pms == 0
+ && _gnutls_get_adv_version_minor(session) !=
+ plaintext.data[1])) {
+ /* No error is returned here, if the version number check
+ * fails. We proceed normally.
+ * That is to defend against the attack described in the paper
+ * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
+ * Ondej Pokorny and Tomas Rosa.
+ */
+ gnutls_assert();
+ _gnutls_audit_log
+ (session,
+ "auth_rsa: Possible PKCS #1 version check format attack\n");
+ }
+ }
+
+ if (randomize_key != 0) {
+ session->key.key.size = GNUTLS_MASTER_SIZE;
+ session->key.key.data =
+ gnutls_malloc(session->key.key.size);
+ if (session->key.key.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* we do not need strong random numbers here.
+ */
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data,
+ session->key.key.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ } else {
+ session->key.key.data = plaintext.data;
+ session->key.key.size = plaintext.size;
+ }
+
+ /* This is here to avoid the version check attack
+ * discussed above.
+ */
+ session->key.key.data[0] = _gnutls_get_adv_version_major(session);
+ session->key.key.data[1] = _gnutls_get_adv_version_minor(session);
+
+ return 0;
}
@@ -220,82 +209,78 @@ proc_rsa_client_kx (gnutls_session_t session, uint8_t * data,
/* return RSA(random) using the peers public key
*/
int
-_gnutls_gen_rsa_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_rsa_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- cert_auth_info_t auth = session->key.auth_info;
- gnutls_datum_t sdata; /* data to send */
- gnutls_pk_params_st params;
- int ret;
-
- if (auth == NULL)
- {
- /* this shouldn't have happened. The proc_certificate
- * function should have detected that.
- */
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- session->key.key.size = GNUTLS_MASTER_SIZE;
- session->key.key.data = gnutls_malloc (session->key.key.size);
-
- if (session->key.key.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key.key.data,
- session->key.key.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (session->internals.rsa_pms_version[0] == 0)
- {
- session->key.key.data[0] = _gnutls_get_adv_version_major(session);
- session->key.key.data[1] = _gnutls_get_adv_version_minor(session);
- }
- else
- { /* use the version provided */
- session->key.key.data[0] = session->internals.rsa_pms_version[0];
- session->key.key.data[1] = session->internals.rsa_pms_version[1];
- }
-
- /* move RSA parameters to key (session).
- */
- if ((ret =
- _gnutls_get_public_rsa_params (session, &params)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_pk_encrypt (GNUTLS_PK_RSA, &sdata, &session->key.key,
- &params);
-
- gnutls_pk_params_release(&params);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
-
- if (get_num_version (session) == GNUTLS_SSL3)
- {
- /* SSL 3.0 */
- _gnutls_buffer_replace_data( data, &sdata);
-
- return data->length;
- }
- else
- { /* TLS 1 */
- ret = _gnutls_buffer_append_data_prefix( data, 16, sdata.data, sdata.size);
-
- _gnutls_free_datum (&sdata);
- return ret;
- }
+ cert_auth_info_t auth = session->key.auth_info;
+ gnutls_datum_t sdata; /* data to send */
+ gnutls_pk_params_st params;
+ int ret;
+
+ if (auth == NULL) {
+ /* this shouldn't have happened. The proc_certificate
+ * function should have detected that.
+ */
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ session->key.key.size = GNUTLS_MASTER_SIZE;
+ session->key.key.data = gnutls_malloc(session->key.key.size);
+
+ if (session->key.key.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data,
+ session->key.key.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (session->internals.rsa_pms_version[0] == 0) {
+ session->key.key.data[0] =
+ _gnutls_get_adv_version_major(session);
+ session->key.key.data[1] =
+ _gnutls_get_adv_version_minor(session);
+ } else { /* use the version provided */
+ session->key.key.data[0] =
+ session->internals.rsa_pms_version[0];
+ session->key.key.data[1] =
+ session->internals.rsa_pms_version[1];
+ }
+
+ /* move RSA parameters to key (session).
+ */
+ if ((ret = _gnutls_get_public_rsa_params(session, &params)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &session->key.key,
+ &params);
+
+ gnutls_pk_params_release(&params);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+
+ if (get_num_version(session) == GNUTLS_SSL3) {
+ /* SSL 3.0 */
+ _gnutls_buffer_replace_data(data, &sdata);
+
+ return data->length;
+ } else { /* TLS 1 */
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, sdata.data,
+ sdata.size);
+
+ _gnutls_free_datum(&sdata);
+ return ret;
+ }
}
diff --git a/lib/auth/rsa_common.h b/lib/auth/rsa_common.h
index e1d2f39479..38ee264d6c 100644
--- a/lib/auth/rsa_common.h
+++ b/lib/auth/rsa_common.h
@@ -28,12 +28,12 @@
*/
#ifndef AUTH_RSA_COMMON
-# define AUTH_RSA_COMMON
+#define AUTH_RSA_COMMON
#include <abstract_int.h>
int
-_gnutls_get_public_rsa_params (gnutls_session_t session,
- gnutls_pk_params_st * params);
+_gnutls_get_public_rsa_params(gnutls_session_t session,
+ gnutls_pk_params_st * params);
#endif
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
index e72d55d32a..23ff898bcd 100644
--- a/lib/auth/rsa_psk.c
+++ b/lib/auth/rsa_psk.c
@@ -49,68 +49,68 @@
#include <gnutls_datum.h>
#include <gnutls_state.h>
-static int _gnutls_gen_rsa_psk_client_kx (gnutls_session_t session,
- gnutls_buffer_st * data);
-static int _gnutls_proc_rsa_psk_client_kx (gnutls_session_t, uint8_t *,
- size_t);
+static int _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data);
+static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t, uint8_t *,
+ size_t);
const mod_auth_st rsa_psk_auth_struct = {
- "RSA PSK",
- _gnutls_gen_cert_server_crt,
- NULL, /* generate_client_certificate */
- _gnutls_gen_psk_server_kx,
- _gnutls_gen_rsa_psk_client_kx,
- NULL, /* generate_client_cert_vrfy */
- NULL, /* generate_server_certificate_request */
- _gnutls_proc_crt,
- NULL, /* process_client_certificate */
- _gnutls_proc_psk_server_kx,
- _gnutls_proc_rsa_psk_client_kx,
- NULL, /* process_client_cert_vrfy */
- NULL /* process_server_certificate_reuqest */
+ "RSA PSK",
+ _gnutls_gen_cert_server_crt,
+ NULL, /* generate_client_certificate */
+ _gnutls_gen_psk_server_kx,
+ _gnutls_gen_rsa_psk_client_kx,
+ NULL, /* generate_client_cert_vrfy */
+ NULL, /* generate_server_certificate_request */
+ _gnutls_proc_crt,
+ NULL, /* process_client_certificate */
+ _gnutls_proc_psk_server_kx,
+ _gnutls_proc_rsa_psk_client_kx,
+ NULL, /* process_client_cert_vrfy */
+ NULL /* process_server_certificate_reuqest */
};
/* Set the PSK premaster secret.
*/
static int
-set_rsa_psk_session_key (gnutls_session_t session,
- gnutls_datum_t *ppsk, gnutls_datum_t * rsa_secret)
+set_rsa_psk_session_key(gnutls_session_t session,
+ gnutls_datum_t * ppsk, gnutls_datum_t * rsa_secret)
{
- unsigned char *p;
- size_t rsa_secret_size;
- int ret;
-
-
- rsa_secret_size = rsa_secret->size;
-
- /* set the session key
- */
- session->key.key.size = 2 + rsa_secret_size + 2 + ppsk->size;
- session->key.key.data = gnutls_malloc (session->key.key.size);
- if (session->key.key.data == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* format of the premaster secret:
- * (uint16_t) other_secret size (48)
- * other_secret: 2 byte version + 46 byte random
- * (uint16_t) psk_size
- * the psk
- */
- _gnutls_write_uint16 (rsa_secret_size, session->key.key.data);
- memcpy (&session->key.key.data[2], rsa_secret->data, rsa_secret->size);
- p = &session->key.key.data[rsa_secret_size + 2];
- _gnutls_write_uint16 (ppsk->size, p);
- if (ppsk->data != NULL)
- memcpy (p + 2, ppsk->data, ppsk->size);
-
- ret = 0;
-
-error:
- return ret;
+ unsigned char *p;
+ size_t rsa_secret_size;
+ int ret;
+
+
+ rsa_secret_size = rsa_secret->size;
+
+ /* set the session key
+ */
+ session->key.key.size = 2 + rsa_secret_size + 2 + ppsk->size;
+ session->key.key.data = gnutls_malloc(session->key.key.size);
+ if (session->key.key.data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* format of the premaster secret:
+ * (uint16_t) other_secret size (48)
+ * other_secret: 2 byte version + 46 byte random
+ * (uint16_t) psk_size
+ * the psk
+ */
+ _gnutls_write_uint16(rsa_secret_size, session->key.key.data);
+ memcpy(&session->key.key.data[2], rsa_secret->data,
+ rsa_secret->size);
+ p = &session->key.key.data[rsa_secret_size + 2];
+ _gnutls_write_uint16(ppsk->size, p);
+ if (ppsk->data != NULL)
+ memcpy(p + 2, ppsk->data, ppsk->size);
+
+ ret = 0;
+
+ error:
+ return ret;
}
/* Generate client key exchange message
@@ -124,297 +124,285 @@ error:
* } ClientKeyExchange;
*/
static int
-_gnutls_gen_rsa_psk_client_kx (gnutls_session_t session,
- gnutls_buffer_st * data)
+_gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- cert_auth_info_t auth = session->key.auth_info;
- gnutls_datum_t sdata; /* data to send */
- gnutls_pk_params_st params;
- gnutls_psk_client_credentials_t cred;
- gnutls_datum_t username, key;
- int ret, free;
-
- if (auth == NULL)
- {
- /* this shouldn't have happened. The proc_certificate
- * function should have detected that.
- */
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- gnutls_datum_t premaster_secret;
- premaster_secret.size = GNUTLS_MASTER_SIZE;
- premaster_secret.data = gnutls_secure_malloc (premaster_secret.size);
-
- if (premaster_secret.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Generate random */
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, premaster_secret.data,
- premaster_secret.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Set version */
- if (session->internals.rsa_pms_version[0] == 0)
- {
- premaster_secret.data[0] = _gnutls_get_adv_version_major (session);
- premaster_secret.data[1] = _gnutls_get_adv_version_minor (session);
- }
- else
- { /* use the version provided */
- premaster_secret.data[0] = session->internals.rsa_pms_version[0];
- premaster_secret.data[1] = session->internals.rsa_pms_version[1];
- }
-
- /* move RSA parameters to key (session).
- */
- if ((ret = _gnutls_get_public_rsa_params (session, &params)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Encrypt premaster secret */
- if ((ret =
- _gnutls_pk_encrypt (GNUTLS_PK_RSA, &sdata, &premaster_secret,
- &params)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- gnutls_pk_params_release (&params);
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Here we set the PSK key */
- ret = set_rsa_psk_session_key (session, &key, &premaster_secret);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Create message for client key exchange
- *
- * struct {
- * uint8_t psk_identity<0..2^16-1>;
- * EncryptedPreMasterSecret;
- * }
- */
-
- /* Write psk_identity and EncryptedPreMasterSecret into data stream
- */
- ret = _gnutls_buffer_append_data_prefix (data, 16, cred->username.data,
- cred->username.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_data_prefix (data, 16, sdata.data, sdata.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&sdata);
- _gnutls_free_datum (&premaster_secret);
- if (free)
- {
- gnutls_free(key.data);
- gnutls_free(username.data);
- }
-
- return data->length;
+ cert_auth_info_t auth = session->key.auth_info;
+ gnutls_datum_t sdata; /* data to send */
+ gnutls_pk_params_st params;
+ gnutls_psk_client_credentials_t cred;
+ gnutls_datum_t username, key;
+ int ret, free;
+
+ if (auth == NULL) {
+ /* this shouldn't have happened. The proc_certificate
+ * function should have detected that.
+ */
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ gnutls_datum_t premaster_secret;
+ premaster_secret.size = GNUTLS_MASTER_SIZE;
+ premaster_secret.data =
+ gnutls_secure_malloc(premaster_secret.size);
+
+ if (premaster_secret.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Generate random */
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, premaster_secret.data,
+ premaster_secret.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Set version */
+ if (session->internals.rsa_pms_version[0] == 0) {
+ premaster_secret.data[0] =
+ _gnutls_get_adv_version_major(session);
+ premaster_secret.data[1] =
+ _gnutls_get_adv_version_minor(session);
+ } else { /* use the version provided */
+ premaster_secret.data[0] =
+ session->internals.rsa_pms_version[0];
+ premaster_secret.data[1] =
+ session->internals.rsa_pms_version[1];
+ }
+
+ /* move RSA parameters to key (session).
+ */
+ if ((ret = _gnutls_get_public_rsa_params(session, &params)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Encrypt premaster secret */
+ if ((ret =
+ _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &premaster_secret,
+ &params)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ gnutls_pk_params_release(&params);
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Here we set the PSK key */
+ ret = set_rsa_psk_session_key(session, &key, &premaster_secret);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Create message for client key exchange
+ *
+ * struct {
+ * uint8_t psk_identity<0..2^16-1>;
+ * EncryptedPreMasterSecret;
+ * }
+ */
+
+ /* Write psk_identity and EncryptedPreMasterSecret into data stream
+ */
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16,
+ cred->username.data,
+ cred->username.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, sdata.data,
+ sdata.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&sdata);
+ _gnutls_free_datum(&premaster_secret);
+ if (free) {
+ gnutls_free(key.data);
+ gnutls_free(username.data);
+ }
+
+ return data->length;
}
/*
Process the client key exchange message
*/
static int
-_gnutls_proc_rsa_psk_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+_gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- gnutls_datum_t username;
- psk_auth_info_t info;
- gnutls_datum_t plaintext;
- gnutls_datum_t ciphertext;
- gnutls_datum_t pwd_psk = {NULL, 0};
- int ret, dsize;
- int randomize_key = 0;
- ssize_t data_size = _data_size;
- gnutls_psk_server_credentials_t cred;
- gnutls_datum_t premaster_secret = {NULL, 0};
-
- cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- ret = _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ gnutls_datum_t username;
+ psk_auth_info_t info;
+ gnutls_datum_t plaintext;
+ gnutls_datum_t ciphertext;
+ gnutls_datum_t pwd_psk = { NULL, 0 };
+ int ret, dsize;
+ int randomize_key = 0;
+ ssize_t data_size = _data_size;
+ gnutls_psk_server_credentials_t cred;
+ gnutls_datum_t premaster_secret = { NULL, 0 };
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ ret = _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
/*** 1. Extract user psk_identity ***/
- DECR_LEN (data_size, 2);
- username.size = _gnutls_read_uint16 (&data[0]);
+ DECR_LEN(data_size, 2);
+ username.size = _gnutls_read_uint16(&data[0]);
- DECR_LEN (data_size, username.size);
+ DECR_LEN(data_size, username.size);
- username.data = &data[2];
+ username.data = &data[2];
- /* copy the username to the auth info structures
- */
- info = _gnutls_get_auth_info (session);
+ /* copy the username to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session);
- if (username.size > MAX_USERNAME_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
+ if (username.size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
- memcpy (info->username, username.data, username.size);
- info->username[username.size] = 0;
+ memcpy(info->username, username.data, username.size);
+ info->username[username.size] = 0;
- /* Adjust data so it points to EncryptedPreMasterSecret */
- data += username.size + 2;
+ /* Adjust data so it points to EncryptedPreMasterSecret */
+ data += username.size + 2;
/*** 2. Decrypt and extract EncryptedPreMasterSecret ***/
- DECR_LEN (data_size, 2);
- ciphertext.data = &data[2];
- dsize = _gnutls_read_uint16 (data);
-
- if (dsize != data_size)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- ciphertext.size = dsize;
-
- ret = gnutls_privkey_decrypt_data (session->internals.selected_key, 0,
- &ciphertext, &plaintext);
- if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
- {
- /* In case decryption fails then don't inform
- * the peer. Just use a random key. (in order to avoid
- * attack against pkcs-1 formating).
- */
- gnutls_assert ();
- _gnutls_debug_log ("auth_rsa_psk: Possible PKCS #1 format attack\n");
- randomize_key = 1;
- }
- else
- {
- /* If the secret was properly formatted, then
- * check the version number.
- */
- if (_gnutls_get_adv_version_major (session) != plaintext.data[0] ||
- (session->internals.priorities.allow_wrong_pms == 0 &&
- _gnutls_get_adv_version_minor (session) != plaintext.data[1]))
- {
- /* No error is returned here, if the version number check
- * fails. We proceed normally.
- * That is to defend against the attack described in the paper
- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
- * Ondej Pokorny and Tomas Rosa.
- */
- gnutls_assert ();
- _gnutls_debug_log
- ("auth_rsa: Possible PKCS #1 version check format attack\n");
- }
- }
-
-
- if (randomize_key != 0)
- {
- premaster_secret.size = GNUTLS_MASTER_SIZE;
- premaster_secret.data = gnutls_malloc (premaster_secret.size);
- if (premaster_secret.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* we do not need strong random numbers here.
- */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, premaster_secret.data,
- premaster_secret.size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- else
- {
- premaster_secret.data = plaintext.data;
- premaster_secret.size = plaintext.size;
- }
-
- /* This is here to avoid the version check attack
- * discussed above.
- */
-
- premaster_secret.data[0] = _gnutls_get_adv_version_major (session);
- premaster_secret.data[1] = _gnutls_get_adv_version_minor (session);
-
- /* find the key of this username
- */
- ret = _gnutls_psk_pwd_find_entry (session, info->username, &pwd_psk);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = set_rsa_psk_session_key (session, &pwd_psk, &premaster_secret);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-cleanup:
- _gnutls_free_datum (&pwd_psk);
- _gnutls_free_datum (&premaster_secret);
-
- return ret;
+ DECR_LEN(data_size, 2);
+ ciphertext.data = &data[2];
+ dsize = _gnutls_read_uint16(data);
+
+ if (dsize != data_size) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ ciphertext.size = dsize;
+
+ ret =
+ gnutls_privkey_decrypt_data(session->internals.selected_key, 0,
+ &ciphertext, &plaintext);
+ if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) {
+ /* In case decryption fails then don't inform
+ * the peer. Just use a random key. (in order to avoid
+ * attack against pkcs-1 formating).
+ */
+ gnutls_assert();
+ _gnutls_debug_log
+ ("auth_rsa_psk: Possible PKCS #1 format attack\n");
+ randomize_key = 1;
+ } else {
+ /* If the secret was properly formatted, then
+ * check the version number.
+ */
+ if (_gnutls_get_adv_version_major(session) !=
+ plaintext.data[0]
+ || (session->internals.priorities.allow_wrong_pms == 0
+ && _gnutls_get_adv_version_minor(session) !=
+ plaintext.data[1])) {
+ /* No error is returned here, if the version number check
+ * fails. We proceed normally.
+ * That is to defend against the attack described in the paper
+ * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
+ * Ondej Pokorny and Tomas Rosa.
+ */
+ gnutls_assert();
+ _gnutls_debug_log
+ ("auth_rsa: Possible PKCS #1 version check format attack\n");
+ }
+ }
+
+
+ if (randomize_key != 0) {
+ premaster_secret.size = GNUTLS_MASTER_SIZE;
+ premaster_secret.data =
+ gnutls_malloc(premaster_secret.size);
+ if (premaster_secret.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* we do not need strong random numbers here.
+ */
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
+ premaster_secret.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else {
+ premaster_secret.data = plaintext.data;
+ premaster_secret.size = plaintext.size;
+ }
+
+ /* This is here to avoid the version check attack
+ * discussed above.
+ */
+
+ premaster_secret.data[0] = _gnutls_get_adv_version_major(session);
+ premaster_secret.data[1] = _gnutls_get_adv_version_minor(session);
+
+ /* find the key of this username
+ */
+ ret =
+ _gnutls_psk_pwd_find_entry(session, info->username, &pwd_psk);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ set_rsa_psk_session_key(session, &pwd_psk, &premaster_secret);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ _gnutls_free_datum(&pwd_psk);
+ _gnutls_free_datum(&premaster_secret);
+
+ return ret;
}
-#endif /* ENABLE_PSK */
+#endif /* ENABLE_PSK */
diff --git a/lib/auth/srp.c b/lib/auth/srp.c
index 8a0b1d7b7f..d5a0af3618 100644
--- a/lib/auth/srp.c
+++ b/lib/auth/srp.c
@@ -36,20 +36,20 @@
#include <ext/srp.h>
const mod_auth_st srp_auth_struct = {
- "SRP",
- NULL,
- NULL,
- _gnutls_gen_srp_server_kx,
- _gnutls_gen_srp_client_kx,
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- _gnutls_proc_srp_server_kx,
- _gnutls_proc_srp_client_kx,
- NULL,
- NULL
+ "SRP",
+ NULL,
+ NULL,
+ _gnutls_gen_srp_server_kx,
+ _gnutls_gen_srp_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ _gnutls_proc_srp_server_kx,
+ _gnutls_proc_srp_client_kx,
+ NULL,
+ NULL
};
@@ -66,41 +66,40 @@ const mod_auth_st srp_auth_struct = {
* Returns a proper error code in that case, and 0 when
* all are ok.
*/
-inline static int
-check_param_mod_n (bigint_t a, bigint_t n, int is_a)
+inline static int check_param_mod_n(bigint_t a, bigint_t n, int is_a)
{
- int ret, err = 0;
- bigint_t r;
-
- r = _gnutls_mpi_mod (a, n);
- if (r == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_mpi_cmp_ui (r, 0);
- if (ret == 0) err = 1;
-
- if (is_a != 0)
- {
- ret = _gnutls_mpi_cmp_ui (r, 1);
- if (ret == 0) err = 1;
-
- _gnutls_mpi_add_ui(r, r, 1);
- ret = _gnutls_mpi_cmp (r, n);
- if (ret == 0) err = 1;
- }
-
- _gnutls_mpi_release (&r);
-
- if (err != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- return 0;
+ int ret, err = 0;
+ bigint_t r;
+
+ r = _gnutls_mpi_mod(a, n);
+ if (r == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_mpi_cmp_ui(r, 0);
+ if (ret == 0)
+ err = 1;
+
+ if (is_a != 0) {
+ ret = _gnutls_mpi_cmp_ui(r, 1);
+ if (ret == 0)
+ err = 1;
+
+ _gnutls_mpi_add_ui(r, r, 1);
+ ret = _gnutls_mpi_cmp(r, n);
+ if (ret == 0)
+ err = 1;
+ }
+
+ _gnutls_mpi_release(&r);
+
+ if (err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ return 0;
}
@@ -108,307 +107,292 @@ check_param_mod_n (bigint_t a, bigint_t n, int is_a)
* Data is allocated by the caller, and should have data_size size.
*/
int
-_gnutls_gen_srp_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_srp_server_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret;
- char *username;
- SRP_PWD_ENTRY *pwd_entry;
- srp_server_auth_info_t info;
- size_t tmp_size;
- extension_priv_data_t epriv;
- srp_ext_st *priv;
-
- ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
- if (ret < 0) /* peer didn't send a username */
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_SRP_USERNAME;
- }
- priv = epriv.ptr;
-
- if ((ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
- sizeof (srp_server_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- username = info->username;
-
- _gnutls_str_cpy (username, MAX_USERNAME_SIZE, priv->username);
-
- ret = _gnutls_srp_pwd_read_entry (session, username, &pwd_entry);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* copy from pwd_entry to local variables (actually in session) */
- tmp_size = pwd_entry->g.size;
- if (_gnutls_mpi_scan_nz (&G, pwd_entry->g.data, tmp_size) < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- tmp_size = pwd_entry->n.size;
- if (_gnutls_mpi_scan_nz (&N, pwd_entry->n.data, tmp_size) < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- tmp_size = pwd_entry->v.size;
- if (_gnutls_mpi_scan_nz (&V, pwd_entry->v.data, tmp_size) < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- /* Calculate: B = (k*v + g^b) % N
- */
- B = _gnutls_calc_srp_B (&_b, G, N, V);
- if (B == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- /* copy N (mod n)
- */
- ret = _gnutls_buffer_append_data_prefix( data, 16, pwd_entry->n.data,
- pwd_entry->n.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* copy G (generator) to data
- */
- ret = _gnutls_buffer_append_data_prefix( data, 16, pwd_entry->g.data,
- pwd_entry->g.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* copy the salt
- */
- ret = _gnutls_buffer_append_data_prefix( data, 8, pwd_entry->salt.data,
- pwd_entry->salt.size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* Copy the B value
- */
-
- ret = _gnutls_buffer_append_mpi( data, 16, B, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- _gnutls_mpi_log ("SRP B: ", B);
-
- ret = data->length;
-
-cleanup:
- _gnutls_srp_entry_free (pwd_entry);
- return ret;
+ int ret;
+ char *username;
+ SRP_PWD_ENTRY *pwd_entry;
+ srp_server_auth_info_t info;
+ size_t tmp_size;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRP,
+ &epriv);
+ if (ret < 0) { /* peer didn't send a username */
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
+ }
+ priv = epriv.ptr;
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_SRP,
+ sizeof(srp_server_auth_info_st),
+ 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+ username = info->username;
+
+ _gnutls_str_cpy(username, MAX_USERNAME_SIZE, priv->username);
+
+ ret = _gnutls_srp_pwd_read_entry(session, username, &pwd_entry);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* copy from pwd_entry to local variables (actually in session) */
+ tmp_size = pwd_entry->g.size;
+ if (_gnutls_mpi_scan_nz(&G, pwd_entry->g.data, tmp_size) < 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ tmp_size = pwd_entry->n.size;
+ if (_gnutls_mpi_scan_nz(&N, pwd_entry->n.data, tmp_size) < 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ tmp_size = pwd_entry->v.size;
+ if (_gnutls_mpi_scan_nz(&V, pwd_entry->v.data, tmp_size) < 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ /* Calculate: B = (k*v + g^b) % N
+ */
+ B = _gnutls_calc_srp_B(&_b, G, N, V);
+ if (B == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ /* copy N (mod n)
+ */
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, pwd_entry->n.data,
+ pwd_entry->n.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* copy G (generator) to data
+ */
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, pwd_entry->g.data,
+ pwd_entry->g.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* copy the salt
+ */
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 8,
+ pwd_entry->salt.data,
+ pwd_entry->salt.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Copy the B value
+ */
+
+ ret = _gnutls_buffer_append_mpi(data, 16, B, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_mpi_log("SRP B: ", B);
+
+ ret = data->length;
+
+ cleanup:
+ _gnutls_srp_entry_free(pwd_entry);
+ return ret;
}
/* return A = g^a % N */
int
-_gnutls_gen_srp_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_srp_client_kx(gnutls_session_t session,
+ gnutls_buffer_st * data)
{
- int ret;
- char *username, *password;
- gnutls_srp_client_credentials_t cred;
- extension_priv_data_t epriv;
- srp_ext_st *priv;
-
- ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
- if (ret < 0) /* peer didn't send a username */
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_SRP_USERNAME;
- }
- priv = epriv.ptr;
-
- cred = (gnutls_srp_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (priv->username == NULL)
- {
- username = cred->username;
- password = cred->password;
- }
- else
- {
-
- username = priv->username;
- password = priv->password;
- }
-
- if (username == NULL || password == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* calc A = g^a % N
- */
- if (G == NULL || N == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- A = _gnutls_calc_srp_A (&_a, G, N);
- if (A == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Rest of SRP calculations
- */
-
- /* calculate u */
- session->key.u = _gnutls_calc_srp_u (A, B, N);
- if (session->key.u == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _gnutls_mpi_log ("SRP U: ", session->key.u);
-
- /* S = (B - g^x) ^ (a + u * x) % N */
- S = _gnutls_calc_srp_S2 (B, G, session->key.x, _a, session->key.u, N);
- if (S == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _gnutls_mpi_log ("SRP B: ", B);
-
- _gnutls_mpi_release (&_b);
- _gnutls_mpi_release (&V);
- _gnutls_mpi_release (&session->key.u);
- _gnutls_mpi_release (&B);
-
- ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
- _gnutls_mpi_release (&S);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_buffer_append_mpi(data, 16, A, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _gnutls_mpi_log ("SRP A: ", A);
-
- _gnutls_mpi_release (&A);
-
- return data->length;
+ int ret;
+ char *username, *password;
+ gnutls_srp_client_credentials_t cred;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRP,
+ &epriv);
+ if (ret < 0) { /* peer didn't send a username */
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
+ }
+ priv = epriv.ptr;
+
+ cred = (gnutls_srp_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_SRP, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (priv->username == NULL) {
+ username = cred->username;
+ password = cred->password;
+ } else {
+
+ username = priv->username;
+ password = priv->password;
+ }
+
+ if (username == NULL || password == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* calc A = g^a % N
+ */
+ if (G == NULL || N == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ A = _gnutls_calc_srp_A(&_a, G, N);
+ if (A == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Rest of SRP calculations
+ */
+
+ /* calculate u */
+ session->key.u = _gnutls_calc_srp_u(A, B, N);
+ if (session->key.u == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log("SRP U: ", session->key.u);
+
+ /* S = (B - g^x) ^ (a + u * x) % N */
+ S = _gnutls_calc_srp_S2(B, G, session->key.x, _a, session->key.u,
+ N);
+ if (S == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log("SRP B: ", B);
+
+ _gnutls_mpi_release(&_b);
+ _gnutls_mpi_release(&V);
+ _gnutls_mpi_release(&session->key.u);
+ _gnutls_mpi_release(&B);
+
+ ret = _gnutls_mpi_dprint(session->key.KEY, &session->key.key);
+ _gnutls_mpi_release(&S);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_append_mpi(data, 16, A, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_mpi_log("SRP A: ", A);
+
+ _gnutls_mpi_release(&A);
+
+ return data->length;
}
/* just read A and put it to session */
int
-_gnutls_proc_srp_client_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+_gnutls_proc_srp_client_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- size_t _n_A;
- ssize_t data_size = _data_size;
- int ret;
-
- DECR_LEN (data_size, 2);
- _n_A = _gnutls_read_uint16 (&data[0]);
-
- DECR_LEN (data_size, _n_A);
- if (_gnutls_mpi_scan_nz (&A, &data[2], _n_A) || A == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- _gnutls_mpi_log ("SRP A: ", A);
- _gnutls_mpi_log ("SRP B: ", B);
-
- /* Checks if A % n == 0.
- */
- if ((ret = check_param_mod_n (A, N, 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Start the SRP calculations.
- * - Calculate u
- */
- session->key.u = _gnutls_calc_srp_u (A, B, N);
- if (session->key.u == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _gnutls_mpi_log ("SRP U: ", session->key.u);
-
- /* S = (A * v^u) ^ b % N
- */
- S = _gnutls_calc_srp_S1 (A, _b, session->key.u, V, N);
- if (S == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _gnutls_mpi_log ("SRP S: ", S);
-
- _gnutls_mpi_release (&A);
- _gnutls_mpi_release (&_b);
- _gnutls_mpi_release (&V);
- _gnutls_mpi_release (&session->key.u);
- _gnutls_mpi_release (&B);
-
- ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
- _gnutls_mpi_release (&S);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ size_t _n_A;
+ ssize_t data_size = _data_size;
+ int ret;
+
+ DECR_LEN(data_size, 2);
+ _n_A = _gnutls_read_uint16(&data[0]);
+
+ DECR_LEN(data_size, _n_A);
+ if (_gnutls_mpi_scan_nz(&A, &data[2], _n_A) || A == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ _gnutls_mpi_log("SRP A: ", A);
+ _gnutls_mpi_log("SRP B: ", B);
+
+ /* Checks if A % n == 0.
+ */
+ if ((ret = check_param_mod_n(A, N, 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Start the SRP calculations.
+ * - Calculate u
+ */
+ session->key.u = _gnutls_calc_srp_u(A, B, N);
+ if (session->key.u == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log("SRP U: ", session->key.u);
+
+ /* S = (A * v^u) ^ b % N
+ */
+ S = _gnutls_calc_srp_S1(A, _b, session->key.u, V, N);
+ if (S == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log("SRP S: ", S);
+
+ _gnutls_mpi_release(&A);
+ _gnutls_mpi_release(&_b);
+ _gnutls_mpi_release(&V);
+ _gnutls_mpi_release(&session->key.u);
+ _gnutls_mpi_release(&B);
+
+ ret = _gnutls_mpi_dprint(session->key.KEY, &session->key.key);
+ _gnutls_mpi_release(&S);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
@@ -418,260 +402,298 @@ _gnutls_proc_srp_client_kx (gnutls_session_t session, uint8_t * data,
* and _gnutls_srp_entry_free() should be changed.
*/
static const unsigned char srp_params_1024[] = {
- 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6,
- 0x9C, 0x33, 0xF8, 0x0A, 0xFA, 0x8F, 0xC5, 0xE8,
- 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B,
- 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76,
- 0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3,
- 0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0,
- 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4,
- 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1,
- 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6,
- 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49,
- 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85,
- 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC,
- 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0,
- 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 0xAA, 0x9A,
- 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B,
- 0x9F, 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3
+ 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6,
+ 0x9C, 0x33, 0xF8, 0x0A, 0xFA, 0x8F, 0xC5, 0xE8,
+ 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B,
+ 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76,
+ 0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3,
+ 0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0,
+ 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4,
+ 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1,
+ 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6,
+ 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49,
+ 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85,
+ 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC,
+ 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0,
+ 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 0xAA, 0x9A,
+ 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B,
+ 0x9F, 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3
};
static const unsigned char srp_generator = 0x02;
static const unsigned char srp3072_generator = 0x05;
const gnutls_datum_t gnutls_srp_1024_group_prime = {
- (void *) srp_params_1024, sizeof (srp_params_1024)
+ (void *) srp_params_1024, sizeof(srp_params_1024)
};
const gnutls_datum_t gnutls_srp_1024_group_generator = {
- (void *) &srp_generator, sizeof (srp_generator)
+ (void *) &srp_generator, sizeof(srp_generator)
};
static const unsigned char srp_params_1536[] = {
- 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1,
- 0xF1, 0x2A, 0x86, 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5,
- 0x1D, 0xF4, 0x99, 0xAC, 0x4C, 0x80, 0xBE, 0xEE, 0xA9,
- 0x61, 0x4B, 0x19, 0xCC, 0x4D, 0x5F, 0x4F, 0x5F, 0x55,
- 0x6E, 0x27, 0xCB, 0xDE, 0x51, 0xC6, 0xA9, 0x4B, 0xE4,
- 0x60, 0x7A, 0x29, 0x15, 0x58, 0x90, 0x3B, 0xA0, 0xD0,
- 0xF8, 0x43, 0x80, 0xB6, 0x55, 0xBB, 0x9A, 0x22, 0xE8,
- 0xDC, 0xDF, 0x02, 0x8A, 0x7C, 0xEC, 0x67, 0xF0, 0xD0,
- 0x81, 0x34, 0xB1, 0xC8, 0xB9, 0x79, 0x89, 0x14, 0x9B,
- 0x60, 0x9E, 0x0B, 0xE3, 0xBA, 0xB6, 0x3D, 0x47, 0x54,
- 0x83, 0x81, 0xDB, 0xC5, 0xB1, 0xFC, 0x76, 0x4E, 0x3F,
- 0x4B, 0x53, 0xDD, 0x9D, 0xA1, 0x15, 0x8B, 0xFD, 0x3E,
- 0x2B, 0x9C, 0x8C, 0xF5, 0x6E, 0xDF, 0x01, 0x95, 0x39,
- 0x34, 0x96, 0x27, 0xDB, 0x2F, 0xD5, 0x3D, 0x24, 0xB7,
- 0xC4, 0x86, 0x65, 0x77, 0x2E, 0x43, 0x7D, 0x6C, 0x7F,
- 0x8C, 0xE4, 0x42, 0x73, 0x4A, 0xF7, 0xCC, 0xB7, 0xAE,
- 0x83, 0x7C, 0x26, 0x4A, 0xE3, 0xA9, 0xBE, 0xB8, 0x7F,
- 0x8A, 0x2F, 0xE9, 0xB8, 0xB5, 0x29, 0x2E, 0x5A, 0x02,
- 0x1F, 0xFF, 0x5E, 0x91, 0x47, 0x9E, 0x8C, 0xE7, 0xA2,
- 0x8C, 0x24, 0x42, 0xC6, 0xF3, 0x15, 0x18, 0x0F, 0x93,
- 0x49, 0x9A, 0x23, 0x4D, 0xCF, 0x76, 0xE3, 0xFE, 0xD1,
- 0x35, 0xF9, 0xBB
+ 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1,
+ 0xF1, 0x2A, 0x86, 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5,
+ 0x1D, 0xF4, 0x99, 0xAC, 0x4C, 0x80, 0xBE, 0xEE, 0xA9,
+ 0x61, 0x4B, 0x19, 0xCC, 0x4D, 0x5F, 0x4F, 0x5F, 0x55,
+ 0x6E, 0x27, 0xCB, 0xDE, 0x51, 0xC6, 0xA9, 0x4B, 0xE4,
+ 0x60, 0x7A, 0x29, 0x15, 0x58, 0x90, 0x3B, 0xA0, 0xD0,
+ 0xF8, 0x43, 0x80, 0xB6, 0x55, 0xBB, 0x9A, 0x22, 0xE8,
+ 0xDC, 0xDF, 0x02, 0x8A, 0x7C, 0xEC, 0x67, 0xF0, 0xD0,
+ 0x81, 0x34, 0xB1, 0xC8, 0xB9, 0x79, 0x89, 0x14, 0x9B,
+ 0x60, 0x9E, 0x0B, 0xE3, 0xBA, 0xB6, 0x3D, 0x47, 0x54,
+ 0x83, 0x81, 0xDB, 0xC5, 0xB1, 0xFC, 0x76, 0x4E, 0x3F,
+ 0x4B, 0x53, 0xDD, 0x9D, 0xA1, 0x15, 0x8B, 0xFD, 0x3E,
+ 0x2B, 0x9C, 0x8C, 0xF5, 0x6E, 0xDF, 0x01, 0x95, 0x39,
+ 0x34, 0x96, 0x27, 0xDB, 0x2F, 0xD5, 0x3D, 0x24, 0xB7,
+ 0xC4, 0x86, 0x65, 0x77, 0x2E, 0x43, 0x7D, 0x6C, 0x7F,
+ 0x8C, 0xE4, 0x42, 0x73, 0x4A, 0xF7, 0xCC, 0xB7, 0xAE,
+ 0x83, 0x7C, 0x26, 0x4A, 0xE3, 0xA9, 0xBE, 0xB8, 0x7F,
+ 0x8A, 0x2F, 0xE9, 0xB8, 0xB5, 0x29, 0x2E, 0x5A, 0x02,
+ 0x1F, 0xFF, 0x5E, 0x91, 0x47, 0x9E, 0x8C, 0xE7, 0xA2,
+ 0x8C, 0x24, 0x42, 0xC6, 0xF3, 0x15, 0x18, 0x0F, 0x93,
+ 0x49, 0x9A, 0x23, 0x4D, 0xCF, 0x76, 0xE3, 0xFE, 0xD1,
+ 0x35, 0xF9, 0xBB
};
const gnutls_datum_t gnutls_srp_1536_group_prime = {
- (void *) srp_params_1536, sizeof (srp_params_1536)
+ (void *) srp_params_1536, sizeof(srp_params_1536)
};
const gnutls_datum_t gnutls_srp_1536_group_generator = {
- (void *) &srp_generator, sizeof (srp_generator)
+ (void *) &srp_generator, sizeof(srp_generator)
};
static const unsigned char srp_params_2048[] = {
- 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1,
- 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72,
- 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, 0xFC, 0x31, 0x92,
- 0x94, 0x3D, 0xB5, 0x60, 0x50, 0xA3, 0x73, 0x29, 0xCB,
- 0xB4, 0xA0, 0x99, 0xED, 0x81, 0x93, 0xE0, 0x75, 0x77,
- 0x67, 0xA1, 0x3D, 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03,
- 0x31, 0x0D, 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD,
- 0x50, 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0,
- 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 0x66,
- 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, 0x29, 0x18,
- 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, 0x55, 0xF9, 0x79,
- 0x93, 0xEC, 0x97, 0x5E, 0xEA, 0xA8, 0x0D, 0x74, 0x0A,
- 0xDB, 0xF4, 0xFF, 0x74, 0x73, 0x59, 0xD0, 0x41, 0xD5,
- 0xC3, 0x3E, 0xA7, 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14,
- 0x77, 0x3B, 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80,
- 0x16, 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81,
- 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 0x5B,
- 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, 0x54, 0x45,
- 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, 0x5E, 0xA7, 0x7A,
- 0x27, 0x75, 0xD2, 0xEC, 0xFA, 0x03, 0x2C, 0xFB, 0xDB,
- 0xF5, 0x2F, 0xB3, 0x78, 0x61, 0x60, 0x27, 0x90, 0x04,
- 0xE5, 0x7A, 0xE6, 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE,
- 0x53, 0x29, 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08,
- 0xD8, 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82,
- 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 0x94,
- 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, 0x35, 0xDE,
- 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, 0x9B, 0x65, 0xE3,
- 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 0x0F, 0xA7, 0x11, 0x1F,
- 0x9E, 0x4A, 0xFF, 0x73
+ 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1,
+ 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72,
+ 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, 0xFC, 0x31, 0x92,
+ 0x94, 0x3D, 0xB5, 0x60, 0x50, 0xA3, 0x73, 0x29, 0xCB,
+ 0xB4, 0xA0, 0x99, 0xED, 0x81, 0x93, 0xE0, 0x75, 0x77,
+ 0x67, 0xA1, 0x3D, 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03,
+ 0x31, 0x0D, 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD,
+ 0x50, 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0,
+ 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 0x66,
+ 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, 0x29, 0x18,
+ 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, 0x55, 0xF9, 0x79,
+ 0x93, 0xEC, 0x97, 0x5E, 0xEA, 0xA8, 0x0D, 0x74, 0x0A,
+ 0xDB, 0xF4, 0xFF, 0x74, 0x73, 0x59, 0xD0, 0x41, 0xD5,
+ 0xC3, 0x3E, 0xA7, 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14,
+ 0x77, 0x3B, 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80,
+ 0x16, 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81,
+ 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 0x5B,
+ 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, 0x54, 0x45,
+ 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, 0x5E, 0xA7, 0x7A,
+ 0x27, 0x75, 0xD2, 0xEC, 0xFA, 0x03, 0x2C, 0xFB, 0xDB,
+ 0xF5, 0x2F, 0xB3, 0x78, 0x61, 0x60, 0x27, 0x90, 0x04,
+ 0xE5, 0x7A, 0xE6, 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE,
+ 0x53, 0x29, 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08,
+ 0xD8, 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82,
+ 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 0x94,
+ 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, 0x35, 0xDE,
+ 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, 0x9B, 0x65, 0xE3,
+ 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 0x0F, 0xA7, 0x11, 0x1F,
+ 0x9E, 0x4A, 0xFF, 0x73
};
const gnutls_datum_t gnutls_srp_2048_group_prime = {
- (void *) srp_params_2048, sizeof (srp_params_2048)
+ (void *) srp_params_2048, sizeof(srp_params_2048)
};
const gnutls_datum_t gnutls_srp_2048_group_generator = {
- (void *) &srp_generator, sizeof (srp_generator)
+ (void *) &srp_generator, sizeof(srp_generator)
};
static const unsigned char srp_params_3072[] = {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9,
- 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6,
- 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E,
- 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
- 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E,
- 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A,
- 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14,
- 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4,
- 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF,
- 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B,
- 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
- 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC,
- 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63,
- 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3,
- 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C,
- 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5,
- 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35,
- 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
- 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E,
- 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E,
- 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2,
- 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39,
- 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2,
- 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, 0x8E,
- 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
- 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF,
- 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB,
- 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C,
- 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E,
- 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3,
- 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA,
- 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
- 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17,
- 0x7B, 0x20, 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61,
- 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46,
- 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B,
- 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9,
+ 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6,
+ 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E,
+ 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E,
+ 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A,
+ 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14,
+ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4,
+ 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF,
+ 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B,
+ 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC,
+ 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63,
+ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3,
+ 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C,
+ 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5,
+ 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35,
+ 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E,
+ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E,
+ 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2,
+ 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39,
+ 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2,
+ 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, 0x8E,
+ 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF,
+ 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB,
+ 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C,
+ 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E,
+ 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3,
+ 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA,
+ 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17,
+ 0x7B, 0x20, 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61,
+ 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46,
+ 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B,
+ 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
const gnutls_datum_t gnutls_srp_3072_group_generator = {
- (void *) &srp3072_generator, sizeof (srp3072_generator)
+ (void *) &srp3072_generator, sizeof(srp3072_generator)
};
const gnutls_datum_t gnutls_srp_3072_group_prime = {
- (void *) srp_params_3072, sizeof (srp_params_3072)
+ (void *) srp_params_3072, sizeof(srp_params_3072)
};
static const unsigned char srp_params_4096[] = {
-0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
-0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
-0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
-0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
-0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
-0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
-0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
-0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
-0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
-0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
-0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
-0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
-0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
-0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
-0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
-0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
-0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
-0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
-0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
-0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
-0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
-0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
-0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
-0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
-0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
-0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
-0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
-0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
-0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
-0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
-0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
-0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
-0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
-0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA,
+ 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C,
+ 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE,
+ 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04,
+ 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A,
+ 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2,
+ 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42,
+ 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7,
+ 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24,
+ 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B,
+ 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48,
+ 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF,
+ 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3,
+ 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96,
+ 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C,
+ 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE,
+ 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83,
+ 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52,
+ 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49,
+ 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05,
+ 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17,
+ 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA,
+ 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71,
+ 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4,
+ 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94,
+ 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE,
+ 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02,
+ 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20,
+ 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88,
+ 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB,
+ 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1,
+ 0x20,
+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6,
+ 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27,
+ 0x18,
+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B,
+ 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2,
+ 0xDB,
+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA,
+ 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96,
+ 0x4F,
+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7,
+ 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD,
+ 0x76,
+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A,
+ 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7,
+ 0xDC,
+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31,
+ 0x99,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
const gnutls_datum_t gnutls_srp_4096_group_generator = {
- (void *) &srp3072_generator, sizeof (srp3072_generator)
+ (void *) &srp3072_generator, sizeof(srp3072_generator)
};
const gnutls_datum_t gnutls_srp_4096_group_prime = {
- (void *) srp_params_4096, sizeof (srp_params_4096)
+ (void *) srp_params_4096, sizeof(srp_params_4096)
};
/* Check if G and N are parameters from the SRP draft.
*/
static int
-check_g_n (const uint8_t * g, size_t n_g, const uint8_t * n, size_t n_n)
+check_g_n(const uint8_t * g, size_t n_g, const uint8_t * n, size_t n_n)
{
- if ((n_n == sizeof (srp_params_3072) &&
- memcmp (srp_params_3072, n, n_n) == 0) ||
- (n_n == sizeof (srp_params_4096) &&
- memcmp (srp_params_4096, n, n_n) == 0))
- {
- if (n_g != 1 || g[0] != srp3072_generator)
- {
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- }
- return 0;
- }
-
- if (n_g != 1 || g[0] != srp_generator)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- if (n_n == sizeof (srp_params_1024) &&
- memcmp (srp_params_1024, n, n_n) == 0)
- {
- return 0;
- }
-
- if (n_n == sizeof (srp_params_1536) &&
- memcmp (srp_params_1536, n, n_n) == 0)
- {
- return 0;
- }
-
- if (n_n == sizeof (srp_params_2048) &&
- memcmp (srp_params_2048, n, n_n) == 0)
- {
- return 0;
- }
-
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ if ((n_n == sizeof(srp_params_3072) &&
+ memcmp(srp_params_3072, n, n_n) == 0) ||
+ (n_n == sizeof(srp_params_4096) &&
+ memcmp(srp_params_4096, n, n_n) == 0)) {
+ if (n_g != 1 || g[0] != srp3072_generator) {
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ }
+ return 0;
+ }
+
+ if (n_g != 1 || g[0] != srp_generator) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ if (n_n == sizeof(srp_params_1024) &&
+ memcmp(srp_params_1024, n, n_n) == 0) {
+ return 0;
+ }
+
+ if (n_n == sizeof(srp_params_1536) &&
+ memcmp(srp_params_1536, n, n_n) == 0) {
+ return 0;
+ }
+
+ if (n_n == sizeof(srp_params_2048) &&
+ memcmp(srp_params_2048, n, n_n) == 0) {
+ return 0;
+ }
+
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
/* Check if N is a prime and G a generator of the
@@ -679,273 +701,254 @@ check_g_n (const uint8_t * g, size_t n_g, const uint8_t * n, size_t n_n)
* Otherwise only the included parameters must be used.
*/
static int
-group_check_g_n (gnutls_session_t session, bigint_t g, bigint_t n)
+group_check_g_n(gnutls_session_t session, bigint_t g, bigint_t n)
{
- bigint_t q = NULL, two = NULL, w = NULL;
- int ret;
-
- if (_gnutls_mpi_get_nbits (n) < (session->internals.srp_prime_bits
- ? session->internals.srp_prime_bits
- : 2048))
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- /* N must be of the form N=2q+1
- * where q is also a prime.
- */
- if (_gnutls_prime_check (n) != 0)
- {
- _gnutls_mpi_log ("no prime N: ", n);
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- two = _gnutls_mpi_new (4);
- if (two == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- q = _gnutls_mpi_alloc_like (n);
- if (q == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* q = n-1
- */
- _gnutls_mpi_sub_ui (q, n, 1);
-
- /* q = q/2, remember that q is divisible by 2 (prime - 1)
- */
- _gnutls_mpi_set_ui (two, 2);
- _gnutls_mpi_div (q, q, two);
-
- if (_gnutls_prime_check (q) != 0)
- {
- /* N was not on the form N=2q+1, where q = prime
- */
- _gnutls_mpi_log ("no prime Q: ", q);
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- /* We also check whether g is a generator,
- */
-
- /* check if g < q < N
- */
- if (_gnutls_mpi_cmp (g, q) >= 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- goto error;
- }
-
- w = _gnutls_mpi_alloc_like (q);
- if (w == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* check if g^q mod N == N-1
- * w = g^q mod N
- */
- _gnutls_mpi_powm (w, g, q, n);
-
- /* w++
- */
- _gnutls_mpi_add_ui (w, w, 1);
-
- if (_gnutls_mpi_cmp (w, n) != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- goto error;
- }
-
- ret = 0;
-
-error:
- _gnutls_mpi_release (&q);
- _gnutls_mpi_release (&two);
- _gnutls_mpi_release (&w);
-
- return ret;
+ bigint_t q = NULL, two = NULL, w = NULL;
+ int ret;
+
+ if (_gnutls_mpi_get_nbits(n) < (session->internals.srp_prime_bits
+ ? session->internals.srp_prime_bits
+ : 2048)) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ /* N must be of the form N=2q+1
+ * where q is also a prime.
+ */
+ if (_gnutls_prime_check(n) != 0) {
+ _gnutls_mpi_log("no prime N: ", n);
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ two = _gnutls_mpi_new(4);
+ if (two == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ q = _gnutls_mpi_alloc_like(n);
+ if (q == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* q = n-1
+ */
+ _gnutls_mpi_sub_ui(q, n, 1);
+
+ /* q = q/2, remember that q is divisible by 2 (prime - 1)
+ */
+ _gnutls_mpi_set_ui(two, 2);
+ _gnutls_mpi_div(q, q, two);
+
+ if (_gnutls_prime_check(q) != 0) {
+ /* N was not on the form N=2q+1, where q = prime
+ */
+ _gnutls_mpi_log("no prime Q: ", q);
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ /* We also check whether g is a generator,
+ */
+
+ /* check if g < q < N
+ */
+ if (_gnutls_mpi_cmp(g, q) >= 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto error;
+ }
+
+ w = _gnutls_mpi_alloc_like(q);
+ if (w == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* check if g^q mod N == N-1
+ * w = g^q mod N
+ */
+ _gnutls_mpi_powm(w, g, q, n);
+
+ /* w++
+ */
+ _gnutls_mpi_add_ui(w, w, 1);
+
+ if (_gnutls_mpi_cmp(w, n) != 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ _gnutls_mpi_release(&q);
+ _gnutls_mpi_release(&two);
+ _gnutls_mpi_release(&w);
+
+ return ret;
}
/* receive the key exchange message ( n, g, s, B)
*/
int
-_gnutls_proc_srp_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+_gnutls_proc_srp_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- uint8_t n_s;
- uint16_t n_g, n_n, n_b;
- size_t _n_g, _n_n, _n_b;
- const uint8_t *data_n;
- const uint8_t *data_g;
- const uint8_t *data_s;
- const uint8_t *data_b;
- int i, ret;
- uint8_t hd[SRP_MAX_HASH_SIZE];
- char *username, *password;
- ssize_t data_size = _data_size;
- gnutls_srp_client_credentials_t cred;
- extension_priv_data_t epriv;
- srp_ext_st *priv;
-
- ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_SRP_USERNAME;
- }
- priv = epriv.ptr;
-
- cred = (gnutls_srp_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (priv->username == NULL)
- {
- username = cred->username;
- password = cred->password;
- }
- else
- {
- username = priv->username;
- password = priv->password;
- }
-
- if (username == NULL || password == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- i = 0;
-
- /* Read N
- */
- DECR_LEN (data_size, 2);
- n_n = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_n);
- data_n = &data[i];
- i += n_n;
-
- /* Read G
- */
- DECR_LEN (data_size, 2);
- n_g = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_g);
- data_g = &data[i];
- i += n_g;
-
- /* Read salt
- */
- DECR_LEN (data_size, 1);
- n_s = data[i];
- i += 1;
-
- DECR_LEN (data_size, n_s);
- data_s = &data[i];
- i += n_s;
-
- /* Read B
- */
- DECR_LEN (data_size, 2);
- n_b = _gnutls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_b);
- data_b = &data[i];
- i += n_b;
-
- _n_g = n_g;
- _n_n = n_n;
- _n_b = n_b;
-
- if (_gnutls_mpi_scan_nz (&N, data_n, _n_n) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (_gnutls_mpi_scan_nz (&G, data_g, _n_g) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (_gnutls_mpi_scan_nz (&B, data_b, _n_b) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
-
- /* Check if the g and n are from the SRP
- * draft. Otherwise check if N is a prime and G
- * a generator.
- */
- if ((ret = check_g_n (data_g, _n_g, data_n, _n_n)) < 0)
- {
- _gnutls_audit_log (session, "SRP group parameters are not in the white list. Checking validity.\n");
- if ((ret = group_check_g_n (session, G, N)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- /* Checks if b % n == 0
- */
- if ((ret = check_param_mod_n (B, N, 0)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
-
- /* generate x = SHA(s | SHA(U | ":" | p))
- * (or the equivalent using bcrypt)
- */
- if ((ret =
- _gnutls_calc_srp_x (username, password, (uint8_t *) data_s, n_s,
- &_n_g, hd)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (_gnutls_mpi_scan_nz (&session->key.x, hd, _n_g) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
-
- return i; /* return the processed data
- * needed in auth_srp_rsa.
- */
+ uint8_t n_s;
+ uint16_t n_g, n_n, n_b;
+ size_t _n_g, _n_n, _n_b;
+ const uint8_t *data_n;
+ const uint8_t *data_g;
+ const uint8_t *data_s;
+ const uint8_t *data_b;
+ int i, ret;
+ uint8_t hd[SRP_MAX_HASH_SIZE];
+ char *username, *password;
+ ssize_t data_size = _data_size;
+ gnutls_srp_client_credentials_t cred;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRP,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
+ }
+ priv = epriv.ptr;
+
+ cred = (gnutls_srp_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_SRP, NULL);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (priv->username == NULL) {
+ username = cred->username;
+ password = cred->password;
+ } else {
+ username = priv->username;
+ password = priv->password;
+ }
+
+ if (username == NULL || password == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ i = 0;
+
+ /* Read N
+ */
+ DECR_LEN(data_size, 2);
+ n_n = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_n);
+ data_n = &data[i];
+ i += n_n;
+
+ /* Read G
+ */
+ DECR_LEN(data_size, 2);
+ n_g = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_g);
+ data_g = &data[i];
+ i += n_g;
+
+ /* Read salt
+ */
+ DECR_LEN(data_size, 1);
+ n_s = data[i];
+ i += 1;
+
+ DECR_LEN(data_size, n_s);
+ data_s = &data[i];
+ i += n_s;
+
+ /* Read B
+ */
+ DECR_LEN(data_size, 2);
+ n_b = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_b);
+ data_b = &data[i];
+ i += n_b;
+
+ _n_g = n_g;
+ _n_n = n_n;
+ _n_b = n_b;
+
+ if (_gnutls_mpi_scan_nz(&N, data_n, _n_n) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan_nz(&G, data_g, _n_g) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan_nz(&B, data_b, _n_b) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+
+ /* Check if the g and n are from the SRP
+ * draft. Otherwise check if N is a prime and G
+ * a generator.
+ */
+ if ((ret = check_g_n(data_g, _n_g, data_n, _n_n)) < 0) {
+ _gnutls_audit_log(session,
+ "SRP group parameters are not in the white list. Checking validity.\n");
+ if ((ret = group_check_g_n(session, G, N)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ /* Checks if b % n == 0
+ */
+ if ((ret = check_param_mod_n(B, N, 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+
+ /* generate x = SHA(s | SHA(U | ":" | p))
+ * (or the equivalent using bcrypt)
+ */
+ if ((ret =
+ _gnutls_calc_srp_x(username, password, (uint8_t *) data_s,
+ n_s, &_n_g, hd)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (_gnutls_mpi_scan_nz(&session->key.x, hd, _n_g) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+
+ return i; /* return the processed data
+ * needed in auth_srp_rsa.
+ */
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/auth/srp.h b/lib/auth/srp.h
index e7723e1884..2bfce81474 100644
--- a/lib/auth/srp.h
+++ b/lib/auth/srp.h
@@ -25,44 +25,41 @@
#include <gnutls_auth.h>
-typedef struct gnutls_srp_client_credentials_st
-{
- char *username;
- char *password;
- gnutls_srp_client_credentials_function *get_function;
+typedef struct gnutls_srp_client_credentials_st {
+ char *username;
+ char *password;
+ gnutls_srp_client_credentials_function *get_function;
} srp_client_credentials_st;
-typedef struct gnutls_srp_server_credentials_st
-{
- char *password_file;
- char *password_conf_file;
- /* callback function, instead of reading the
- * password files.
- */
- gnutls_srp_server_credentials_function *pwd_callback;
+typedef struct gnutls_srp_server_credentials_st {
+ char *password_file;
+ char *password_conf_file;
+ /* callback function, instead of reading the
+ * password files.
+ */
+ gnutls_srp_server_credentials_function *pwd_callback;
} srp_server_cred_st;
/* these structures should not use allocated data */
-typedef struct srp_server_auth_info_st
-{
- char username[MAX_USERNAME_SIZE + 1];
+typedef struct srp_server_auth_info_st {
+ char username[MAX_USERNAME_SIZE + 1];
} *srp_server_auth_info_t;
#ifdef ENABLE_SRP
-int _gnutls_proc_srp_server_hello (gnutls_session_t state,
- const uint8_t * data, size_t data_size);
-int _gnutls_gen_srp_server_hello (gnutls_session_t state, uint8_t * data,
- size_t data_size);
+int _gnutls_proc_srp_server_hello(gnutls_session_t state,
+ const uint8_t * data, size_t data_size);
+int _gnutls_gen_srp_server_hello(gnutls_session_t state, uint8_t * data,
+ size_t data_size);
-int _gnutls_gen_srp_server_kx (gnutls_session_t, gnutls_buffer_st*);
-int _gnutls_gen_srp_client_kx (gnutls_session_t, gnutls_buffer_st*);
+int _gnutls_gen_srp_server_kx(gnutls_session_t, gnutls_buffer_st *);
+int _gnutls_gen_srp_client_kx(gnutls_session_t, gnutls_buffer_st *);
-int _gnutls_proc_srp_server_kx (gnutls_session_t, uint8_t *, size_t);
-int _gnutls_proc_srp_client_kx (gnutls_session_t, uint8_t *, size_t);
+int _gnutls_proc_srp_server_kx(gnutls_session_t, uint8_t *, size_t);
+int _gnutls_proc_srp_client_kx(gnutls_session_t, uint8_t *, size_t);
typedef struct srp_server_auth_info_st srp_server_auth_info_st;
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
#endif
diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c
index a9693d886e..a97114a2c1 100644
--- a/lib/auth/srp_passwd.c
+++ b/lib/auth/srp_passwd.c
@@ -39,160 +39,148 @@
#include <gnutls_num.h>
#include <random.h>
-static int _randomize_pwd_entry (SRP_PWD_ENTRY * entry);
+static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry);
/* this function parses tpasswd.conf file. Format is:
* string(username):base64(v):base64(salt):int(index)
*/
-static int
-parse_tpasswd_values (SRP_PWD_ENTRY * entry, char *str)
+static int parse_tpasswd_values(SRP_PWD_ENTRY * entry, char *str)
{
- char *p;
- int len, ret;
- uint8_t *verifier;
- size_t verifier_size;
- int indx;
-
- p = strrchr (str, ':'); /* we have index */
- if (p == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- indx = atoi (p);
- if (indx == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- /* now go for salt */
- p = strrchr (str, ':'); /* we have salt */
- if (p == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- len = strlen (p);
-
- entry->salt.size = _gnutls_sbase64_decode (p, len, &entry->salt.data);
-
- if (entry->salt.size <= 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- /* now go for verifier */
- p = strrchr (str, ':'); /* we have verifier */
- if (p == NULL)
- {
- _gnutls_free_datum (&entry->salt);
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- len = strlen (p);
- ret = _gnutls_sbase64_decode (p, len, &verifier);
- if (ret <= 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&entry->salt);
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- verifier_size = ret;
- entry->v.data = verifier;
- entry->v.size = verifier_size;
-
- /* now go for username */
- *p = '\0';
-
- entry->username = gnutls_strdup (str);
- if (entry->username == NULL)
- {
- _gnutls_free_datum (&entry->salt);
- _gnutls_free_datum (&entry->v);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return indx;
+ char *p;
+ int len, ret;
+ uint8_t *verifier;
+ size_t verifier_size;
+ int indx;
+
+ p = strrchr(str, ':'); /* we have index */
+ if (p == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ indx = atoi(p);
+ if (indx == 0) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ /* now go for salt */
+ p = strrchr(str, ':'); /* we have salt */
+ if (p == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ len = strlen(p);
+
+ entry->salt.size =
+ _gnutls_sbase64_decode(p, len, &entry->salt.data);
+
+ if (entry->salt.size <= 0) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ /* now go for verifier */
+ p = strrchr(str, ':'); /* we have verifier */
+ if (p == NULL) {
+ _gnutls_free_datum(&entry->salt);
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ len = strlen(p);
+ ret = _gnutls_sbase64_decode(p, len, &verifier);
+ if (ret <= 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&entry->salt);
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ verifier_size = ret;
+ entry->v.data = verifier;
+ entry->v.size = verifier_size;
+
+ /* now go for username */
+ *p = '\0';
+
+ entry->username = gnutls_strdup(str);
+ if (entry->username == NULL) {
+ _gnutls_free_datum(&entry->salt);
+ _gnutls_free_datum(&entry->v);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return indx;
}
/* this function parses tpasswd.conf file. Format is:
* int(index):base64(n):int(g)
*/
-static int
-parse_tpasswd_conf_values (SRP_PWD_ENTRY * entry, char *str)
+static int parse_tpasswd_conf_values(SRP_PWD_ENTRY * entry, char *str)
{
- char *p;
- int len;
- uint8_t *tmp;
- int ret;
-
- p = strrchr (str, ':'); /* we have g */
- if (p == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- /* read the generator */
- len = strlen (p);
- if (p[len - 1] == '\n' || p[len - 1] == ' ')
- len--;
- ret = _gnutls_sbase64_decode (p, len, &tmp);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- entry->g.data = tmp;
- entry->g.size = ret;
-
- /* now go for n - modulo */
- p = strrchr (str, ':'); /* we have n */
- if (p == NULL)
- {
- _gnutls_free_datum (&entry->g);
- gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- *p = '\0';
- p++;
-
- len = strlen (p);
- ret = _gnutls_sbase64_decode (p, len, &tmp);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&entry->g);
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
-
- entry->n.data = tmp;
- entry->n.size = ret;
-
- return 0;
+ char *p;
+ int len;
+ uint8_t *tmp;
+ int ret;
+
+ p = strrchr(str, ':'); /* we have g */
+ if (p == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ /* read the generator */
+ len = strlen(p);
+ if (p[len - 1] == '\n' || p[len - 1] == ' ')
+ len--;
+ ret = _gnutls_sbase64_decode(p, len, &tmp);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ entry->g.data = tmp;
+ entry->g.size = ret;
+
+ /* now go for n - modulo */
+ p = strrchr(str, ':'); /* we have n */
+ if (p == NULL) {
+ _gnutls_free_datum(&entry->g);
+ gnutls_assert();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ len = strlen(p);
+ ret = _gnutls_sbase64_decode(p, len, &tmp);
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&entry->g);
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ entry->n.data = tmp;
+ entry->n.size = ret;
+
+ return 0;
}
@@ -200,283 +188,256 @@ parse_tpasswd_conf_values (SRP_PWD_ENTRY * entry, char *str)
* values. They are put in the entry.
*/
static int
-pwd_read_conf (const char *pconf_file, SRP_PWD_ENTRY * entry, int idx)
+pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx)
{
- FILE *fd;
- char line[2 * 1024];
- unsigned i, len;
- char indexstr[10];
- int ret;
-
- snprintf (indexstr, sizeof(indexstr), "%u", (unsigned int)idx);
-
- fd = fopen (pconf_file, "r");
- if (fd == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- len = strlen (indexstr);
- while (fgets (line, sizeof (line), fd) != NULL)
- {
- /* move to first ':' */
- i = 0;
- while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
- if (strncmp (indexstr, line, MAX (i, len)) == 0)
- {
- if ((idx = parse_tpasswd_conf_values (entry, line)) >= 0)
- {
- ret = 0;
- goto cleanup;
- }
- else
- {
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
- }
- }
- ret = GNUTLS_E_SRP_PWD_ERROR;
-
-cleanup:
- fclose(fd);
- return ret;
+ FILE *fd;
+ char line[2 * 1024];
+ unsigned i, len;
+ char indexstr[10];
+ int ret;
+
+ snprintf(indexstr, sizeof(indexstr), "%u", (unsigned int) idx);
+
+ fd = fopen(pconf_file, "r");
+ if (fd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ len = strlen(indexstr);
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ /* move to first ':' */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0')
+ && (i < sizeof(line))) {
+ i++;
+ }
+ if (strncmp(indexstr, line, MAX(i, len)) == 0) {
+ if ((idx =
+ parse_tpasswd_conf_values(entry,
+ line)) >= 0) {
+ ret = 0;
+ goto cleanup;
+ } else {
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+ }
+ }
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+
+ cleanup:
+ fclose(fd);
+ return ret;
}
int
-_gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username,
- SRP_PWD_ENTRY ** _entry)
+_gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username,
+ SRP_PWD_ENTRY ** _entry)
{
- gnutls_srp_server_credentials_t cred;
- FILE *fd = NULL;
- char line[2 * 1024];
- unsigned i, len;
- int ret;
- int idx;
- SRP_PWD_ENTRY *entry = NULL;
-
- *_entry = gnutls_calloc (1, sizeof (SRP_PWD_ENTRY));
- if (*_entry == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- entry = *_entry;
-
- cred = (gnutls_srp_server_credentials_t)
- _gnutls_get_cred (state, GNUTLS_CRD_SRP, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- goto cleanup;
- }
-
- /* if the callback which sends the parameters is
- * set, use it.
- */
- if (cred->pwd_callback != NULL)
- {
- ret = cred->pwd_callback (state, username, &entry->salt,
- &entry->v, &entry->g, &entry->n);
-
- if (ret == 1)
- { /* the user does not exist */
- if (entry->g.size != 0 && entry->n.size != 0)
- {
- ret = _randomize_pwd_entry (entry);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- return 0;
- }
- else
- {
- gnutls_assert ();
- ret = -1; /* error in the callback */
- }
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
-
- return 0;
- }
-
- /* The callback was not set. Proceed.
- */
-
- if (cred->password_file == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
-
- /* Open the selected password file.
- */
- fd = fopen (cred->password_file, "r");
- if (fd == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
-
- len = strlen (username);
- while (fgets (line, sizeof (line), fd) != NULL)
- {
- /* move to first ':' */
- i = 0;
- while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
- {
- i++;
- }
-
- if (strncmp (username, line, MAX (i, len)) == 0)
- {
- if ((idx = parse_tpasswd_values (entry, line)) >= 0)
- {
- /* Keep the last index in memory, so we can retrieve fake parameters (g,n)
- * when the user does not exist.
- */
- if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0)
- {
- goto found;
- }
- else
- {
- gnutls_assert ();
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
- }
- else
- {
- gnutls_assert ();
- ret = GNUTLS_E_SRP_PWD_ERROR;
- goto cleanup;
- }
- }
- }
-
- /* user was not found. Fake him. Actually read the g,n values from
- * the last index found and randomize the entry.
- */
- if (pwd_read_conf (cred->password_conf_file, entry, 1) == 0)
- {
- ret = _randomize_pwd_entry (entry);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- goto found;
- }
-
- ret = GNUTLS_E_SRP_PWD_ERROR;
-cleanup:
- gnutls_assert ();
- if (fd) fclose(fd);
- _gnutls_srp_entry_free (entry);
- return ret;
-
-found:
- if (fd) fclose(fd);
- return 0;
+ gnutls_srp_server_credentials_t cred;
+ FILE *fd = NULL;
+ char line[2 * 1024];
+ unsigned i, len;
+ int ret;
+ int idx;
+ SRP_PWD_ENTRY *entry = NULL;
+
+ *_entry = gnutls_calloc(1, sizeof(SRP_PWD_ENTRY));
+ if (*_entry == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ entry = *_entry;
+
+ cred = (gnutls_srp_server_credentials_t)
+ _gnutls_get_cred(state, GNUTLS_CRD_SRP, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ goto cleanup;
+ }
+
+ /* if the callback which sends the parameters is
+ * set, use it.
+ */
+ if (cred->pwd_callback != NULL) {
+ ret = cred->pwd_callback(state, username, &entry->salt,
+ &entry->v, &entry->g, &entry->n);
+
+ if (ret == 1) { /* the user does not exist */
+ if (entry->g.size != 0 && entry->n.size != 0) {
+ ret = _randomize_pwd_entry(entry);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ return 0;
+ } else {
+ gnutls_assert();
+ ret = -1; /* error in the callback */
+ }
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+
+ return 0;
+ }
+
+ /* The callback was not set. Proceed.
+ */
+
+ if (cred->password_file == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+
+ /* Open the selected password file.
+ */
+ fd = fopen(cred->password_file, "r");
+ if (fd == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+
+ len = strlen(username);
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ /* move to first ':' */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0')
+ && (i < sizeof(line))) {
+ i++;
+ }
+
+ if (strncmp(username, line, MAX(i, len)) == 0) {
+ if ((idx = parse_tpasswd_values(entry, line)) >= 0) {
+ /* Keep the last index in memory, so we can retrieve fake parameters (g,n)
+ * when the user does not exist.
+ */
+ if (pwd_read_conf
+ (cred->password_conf_file, entry,
+ idx) == 0) {
+ goto found;
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ goto cleanup;
+ }
+ }
+ }
+
+ /* user was not found. Fake him. Actually read the g,n values from
+ * the last index found and randomize the entry.
+ */
+ if (pwd_read_conf(cred->password_conf_file, entry, 1) == 0) {
+ ret = _randomize_pwd_entry(entry);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ goto found;
+ }
+
+ ret = GNUTLS_E_SRP_PWD_ERROR;
+ cleanup:
+ gnutls_assert();
+ if (fd)
+ fclose(fd);
+ _gnutls_srp_entry_free(entry);
+ return ret;
+
+ found:
+ if (fd)
+ fclose(fd);
+ return 0;
}
/* Randomizes the given password entry. It actually sets the verifier
* and the salt. Returns 0 on success.
*/
-static int
-_randomize_pwd_entry (SRP_PWD_ENTRY * entry)
+static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry)
{
- unsigned char rnd;
- int ret;
-
- if (entry->g.size == 0 || entry->n.size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- entry->salt.size = (rnd % 10) + 9;
-
- entry->v.data = gnutls_malloc (20);
- entry->v.size = 20;
- if (entry->v.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, entry->v.data, 20);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- entry->salt.data = gnutls_malloc (entry->salt.size);
- if (entry->salt.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, entry->salt.data, entry->salt.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ unsigned char rnd;
+ int ret;
+
+ if (entry->g.size == 0 || entry->n.size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, &rnd, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ entry->salt.size = (rnd % 10) + 9;
+
+ entry->v.data = gnutls_malloc(20);
+ entry->v.size = 20;
+ if (entry->v.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, entry->v.data, 20);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ entry->salt.data = gnutls_malloc(entry->salt.size);
+ if (entry->salt.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ _gnutls_rnd(GNUTLS_RND_NONCE, entry->salt.data,
+ entry->salt.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/* Free all the entry parameters, except if g and n are
* the static ones defined in gnutls.h
*/
-void
-_gnutls_srp_entry_free (SRP_PWD_ENTRY * entry)
+void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry)
{
- _gnutls_free_datum (&entry->v);
- _gnutls_free_datum (&entry->salt);
-
- if ((entry->g.data != gnutls_srp_1024_group_generator.data)
- && (entry->g.data != gnutls_srp_3072_group_generator.data))
- _gnutls_free_datum (&entry->g);
-
- if (entry->n.data != gnutls_srp_1024_group_prime.data &&
- entry->n.data != gnutls_srp_1536_group_prime.data &&
- entry->n.data != gnutls_srp_2048_group_prime.data &&
- entry->n.data != gnutls_srp_3072_group_prime.data &&
- entry->n.data != gnutls_srp_4096_group_prime.data)
- _gnutls_free_datum (&entry->n);
-
- gnutls_free (entry->username);
- gnutls_free (entry);
+ _gnutls_free_datum(&entry->v);
+ _gnutls_free_datum(&entry->salt);
+
+ if ((entry->g.data != gnutls_srp_1024_group_generator.data)
+ && (entry->g.data != gnutls_srp_3072_group_generator.data))
+ _gnutls_free_datum(&entry->g);
+
+ if (entry->n.data != gnutls_srp_1024_group_prime.data &&
+ entry->n.data != gnutls_srp_1536_group_prime.data &&
+ entry->n.data != gnutls_srp_2048_group_prime.data &&
+ entry->n.data != gnutls_srp_3072_group_prime.data &&
+ entry->n.data != gnutls_srp_4096_group_prime.data)
+ _gnutls_free_datum(&entry->n);
+
+ gnutls_free(entry->username);
+ gnutls_free(entry);
}
-#endif /* ENABLE SRP */
+#endif /* ENABLE SRP */
diff --git a/lib/auth/srp_passwd.h b/lib/auth/srp_passwd.h
index a04b4466ee..71bcc220de 100644
--- a/lib/auth/srp_passwd.h
+++ b/lib/auth/srp_passwd.h
@@ -22,21 +22,20 @@
#ifdef ENABLE_SRP
-typedef struct
-{
- char *username;
+typedef struct {
+ char *username;
- gnutls_datum_t salt;
- gnutls_datum_t v;
- gnutls_datum_t g;
- gnutls_datum_t n;
+ gnutls_datum_t salt;
+ gnutls_datum_t v;
+ gnutls_datum_t g;
+ gnutls_datum_t n;
} SRP_PWD_ENTRY;
/* this is locally allocated. It should be freed using the provided function */
-int _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username,
- SRP_PWD_ENTRY **);
-void _gnutls_srp_entry_free (SRP_PWD_ENTRY * entry);
-int _gnutls_sbase64_decode (char * data, size_t data_size,
- uint8_t ** result);
+int _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username,
+ SRP_PWD_ENTRY **);
+void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry);
+int _gnutls_sbase64_decode(char *data, size_t data_size,
+ uint8_t ** result);
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/auth/srp_rsa.c b/lib/auth/srp_rsa.c
index 97b5e918f5..83799ee388 100644
--- a/lib/auth/srp_rsa.c
+++ b/lib/auth/srp_rsa.c
@@ -40,222 +40,214 @@
#include <gnutls_x509.h>
#include <algorithms.h>
-static int gen_srp_cert_server_kx (gnutls_session_t, gnutls_buffer_st*);
-static int proc_srp_cert_server_kx (gnutls_session_t, uint8_t *, size_t);
+static int gen_srp_cert_server_kx(gnutls_session_t, gnutls_buffer_st *);
+static int proc_srp_cert_server_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st srp_rsa_auth_struct = {
- "SRP",
- _gnutls_gen_cert_server_crt,
- NULL,
- gen_srp_cert_server_kx,
- _gnutls_gen_srp_client_kx,
- NULL,
- NULL,
-
- _gnutls_proc_crt,
- NULL, /* certificate */
- proc_srp_cert_server_kx,
- _gnutls_proc_srp_client_kx,
- NULL,
- NULL
+ "SRP",
+ _gnutls_gen_cert_server_crt,
+ NULL,
+ gen_srp_cert_server_kx,
+ _gnutls_gen_srp_client_kx,
+ NULL,
+ NULL,
+
+ _gnutls_proc_crt,
+ NULL, /* certificate */
+ proc_srp_cert_server_kx,
+ _gnutls_proc_srp_client_kx,
+ NULL,
+ NULL
};
const mod_auth_st srp_dss_auth_struct = {
- "SRP",
- _gnutls_gen_cert_server_crt,
- NULL,
- gen_srp_cert_server_kx,
- _gnutls_gen_srp_client_kx,
- NULL,
- NULL,
-
- _gnutls_proc_crt,
- NULL, /* certificate */
- proc_srp_cert_server_kx,
- _gnutls_proc_srp_client_kx,
- NULL,
- NULL
+ "SRP",
+ _gnutls_gen_cert_server_crt,
+ NULL,
+ gen_srp_cert_server_kx,
+ _gnutls_gen_srp_client_kx,
+ NULL,
+ NULL,
+
+ _gnutls_proc_crt,
+ NULL, /* certificate */
+ proc_srp_cert_server_kx,
+ _gnutls_proc_srp_client_kx,
+ NULL,
+ NULL
};
static int
-gen_srp_cert_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
+gen_srp_cert_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
- ssize_t ret;
- gnutls_datum_t signature, ddata;
- gnutls_certificate_credentials_t cred;
- gnutls_pcert_st *apr_cert_list;
- gnutls_privkey_t apr_pkey;
- int apr_cert_list_length;
- gnutls_sign_algorithm_t sign_algo;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ret = _gnutls_gen_srp_server_kx (session, data);
-
- if (ret < 0)
- return ret;
-
- ddata.data = data->data;
- ddata.size = data->length;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if ((ret =
- _gnutls_handshake_sign_data (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature,
- &sign_algo)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- const sign_algorithm_st *aid;
- uint8_t p[2];
-
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- ret = GNUTLS_E_UNKNOWN_ALGORITHM;
- goto cleanup;
- }
-
- aid = _gnutls_sign_to_tls_aid (sign_algo);
- if (aid == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_UNKNOWN_ALGORITHM;
- goto cleanup;
- }
-
- p[0] = aid->hash_algorithm;
- p[1] = aid->sign_algorithm;
-
- ret = _gnutls_buffer_append_data(data, p, 2);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = _gnutls_buffer_append_data_prefix( data, 16, signature.data, signature.size);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = data->length;
-
-cleanup:
- _gnutls_free_datum (&signature);
- return ret;
+ ssize_t ret;
+ gnutls_datum_t signature, ddata;
+ gnutls_certificate_credentials_t cred;
+ gnutls_pcert_st *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ gnutls_sign_algorithm_t sign_algo;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ret = _gnutls_gen_srp_server_kx(session, data);
+
+ if (ret < 0)
+ return ret;
+
+ ddata.data = data->data;
+ ddata.size = data->length;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if ((ret =
+ _gnutls_handshake_sign_data(session, &apr_cert_list[0],
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ const sign_algorithm_st *aid;
+ uint8_t p[2];
+
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ aid = _gnutls_sign_to_tls_aid(sign_algo);
+ if (aid == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ p[0] = aid->hash_algorithm;
+ p[1] = aid->sign_algorithm;
+
+ ret = _gnutls_buffer_append_data(data, p, 2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(data, 16, signature.data,
+ signature.size);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = data->length;
+
+ cleanup:
+ _gnutls_free_datum(&signature);
+ return ret;
}
static int
-proc_srp_cert_server_kx (gnutls_session_t session, uint8_t * data,
- size_t _data_size)
+proc_srp_cert_server_kx(gnutls_session_t session, uint8_t * data,
+ size_t _data_size)
{
- ssize_t ret;
- int sigsize;
- gnutls_datum_t vparams, signature;
- ssize_t data_size;
- cert_auth_info_t info;
- gnutls_pcert_st peer_cert;
- uint8_t *p;
- gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ret = _gnutls_proc_srp_server_kx (session, data, _data_size);
- if (ret < 0)
- return ret;
-
- data_size = _data_size - ret;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- /* we need this in order to get peer's certificate */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* VERIFY SIGNATURE */
-
- vparams.size = ret; /* all the data minus the signature */
- vparams.data = data;
-
- p = &data[vparams.size];
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- sign_algorithm_st aid;
-
- DECR_LEN (data_size, 1);
- aid.hash_algorithm = *p++;
- DECR_LEN (data_size, 1);
- aid.sign_algorithm = *p++;
- sign_algo = _gnutls_tls_aid_to_sign (&aid);
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- _gnutls_debug_log("unknown signature %d.%d\n", aid.sign_algorithm, aid.hash_algorithm);
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
- }
- }
-
- DECR_LEN (data_size, 2);
- sigsize = _gnutls_read_uint16 (p);
-
- DECR_LEN (data_size, sigsize);
- signature.data = &p[2];
- signature.size = sigsize;
-
- ret =
- _gnutls_get_auth_info_pcert (&peer_cert,
- session->security_parameters.cert_type,
- info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
- sign_algo);
-
- gnutls_pcert_deinit (&peer_cert);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ ssize_t ret;
+ int sigsize;
+ gnutls_datum_t vparams, signature;
+ ssize_t data_size;
+ cert_auth_info_t info;
+ gnutls_pcert_st peer_cert;
+ uint8_t *p;
+ gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ret = _gnutls_proc_srp_server_kx(session, data, _data_size);
+ if (ret < 0)
+ return ret;
+
+ data_size = _data_size - ret;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* VERIFY SIGNATURE */
+
+ vparams.size = ret; /* all the data minus the signature */
+ vparams.data = data;
+
+ p = &data[vparams.size];
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ sign_algorithm_st aid;
+
+ DECR_LEN(data_size, 1);
+ aid.hash_algorithm = *p++;
+ DECR_LEN(data_size, 1);
+ aid.sign_algorithm = *p++;
+ sign_algo = _gnutls_tls_aid_to_sign(&aid);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ _gnutls_debug_log("unknown signature %d.%d\n",
+ aid.sign_algorithm,
+ aid.hash_algorithm);
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+ }
+
+ DECR_LEN(data_size, 2);
+ sigsize = _gnutls_read_uint16(p);
+
+ DECR_LEN(data_size, sigsize);
+ signature.data = &p[2];
+ signature.size = sigsize;
+
+ ret =
+ _gnutls_get_auth_info_pcert(&peer_cert,
+ session->security_parameters.
+ cert_type, info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_handshake_verify_data(session, &peer_cert, &vparams,
+ &signature, sign_algo);
+
+ gnutls_pcert_deinit(&peer_cert);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/auth/srp_sb64.c b/lib/auth/srp_sb64.c
index 47ae259fe5..852eb4dc09 100644
--- a/lib/auth/srp_sb64.c
+++ b/lib/auth/srp_sb64.c
@@ -31,115 +31,106 @@
* It seems that everybody makes their own base64 conversion.
*/
static const uint8_t b64table[] =
- "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+ "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
static const uint8_t asciitable[128] = {
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0x3e, 0x3f,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
- 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a,
- 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
- 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
- 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c,
- 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22,
- 0x23, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0x24, 0x25, 0x26, 0x27, 0x28,
- 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e,
- 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34,
- 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a,
- 0x3b, 0x3c, 0x3d, 0xff, 0xff, 0xff,
- 0xff, 0xff
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x3e, 0x3f,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
+ 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a,
+ 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+ 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c,
+ 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22,
+ 0x23, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x24, 0x25, 0x26, 0x27, 0x28,
+ 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e,
+ 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a,
+ 0x3b, 0x3c, 0x3d, 0xff, 0xff, 0xff,
+ 0xff, 0xff
};
-inline static int
-encode (uint8_t * result, const uint8_t * rdata, int left)
+inline static int encode(uint8_t * result, const uint8_t * rdata, int left)
{
- int data_len;
- int c, ret = 4;
- uint8_t data[3];
-
- if (left > 3)
- data_len = 3;
- else
- data_len = left;
-
- data[0] = data[1] = data[2] = 0;
- memcpy (data, rdata, data_len);
-
- switch (data_len)
- {
- case 3:
- result[0] = b64table[((data[0] & 0xfc) >> 2)];
- result[1] =
- b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
- ((data[1] & 0xf0) >> 4))];
- result[2] =
- b64table[((((data[1] & 0x0f) << 2) & 0xff) |
- ((data[2] & 0xc0) >> 6))];
- result[3] = b64table[(data[2] & 0x3f) & 0xff];
- break;
- case 2:
- if ((c = ((data[0] & 0xf0) >> 4)) != 0)
- {
- result[0] = b64table[c];
- result[1] =
- b64table[((((data[0] & 0x0f) << 2) & 0xff) |
- ((data[1] & 0xc0) >> 6))];
- result[2] = b64table[(data[1] & 0x3f) & 0xff];
- result[3] = '\0';
- ret -= 1;
- }
- else
- {
- if ((c = ((data[0] & 0x0f) << 2) | ((data[1] & 0xc0) >> 6)) != 0)
- {
- result[0] = b64table[c];
- result[1] = b64table[data[1] & 0x3f];
- result[2] = '\0';
- result[3] = '\0';
- ret -= 2;
- }
- else
- {
- result[0] = b64table[data[0] & 0x3f];
- result[1] = '\0';
- result[2] = '\0';
- result[3] = '\0';
- ret -= 3;
- }
- }
- break;
- case 1:
- if ((c = ((data[0] & 0xc0) >> 6)) != 0)
- {
- result[0] = b64table[c];
- result[1] = b64table[(data[0] & 0x3f) & 0xff];
- result[2] = '\0';
- result[3] = '\0';
- ret -= 2;
- }
- else
- {
- result[0] = b64table[(data[0] & 0x3f) & 0xff];
- result[1] = '\0';
- result[2] = '\0';
- result[3] = '\0';
- ret -= 3;
- }
- break;
- default:
- return -1;
- }
-
- return ret;
+ int data_len;
+ int c, ret = 4;
+ uint8_t data[3];
+
+ if (left > 3)
+ data_len = 3;
+ else
+ data_len = left;
+
+ data[0] = data[1] = data[2] = 0;
+ memcpy(data, rdata, data_len);
+
+ switch (data_len) {
+ case 3:
+ result[0] = b64table[((data[0] & 0xfc) >> 2)];
+ result[1] =
+ b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
+ ((data[1] & 0xf0) >> 4))];
+ result[2] =
+ b64table[((((data[1] & 0x0f) << 2) & 0xff) |
+ ((data[2] & 0xc0) >> 6))];
+ result[3] = b64table[(data[2] & 0x3f) & 0xff];
+ break;
+ case 2:
+ if ((c = ((data[0] & 0xf0) >> 4)) != 0) {
+ result[0] = b64table[c];
+ result[1] =
+ b64table[((((data[0] & 0x0f) << 2) & 0xff) |
+ ((data[1] & 0xc0) >> 6))];
+ result[2] = b64table[(data[1] & 0x3f) & 0xff];
+ result[3] = '\0';
+ ret -= 1;
+ } else {
+ if ((c =
+ ((data[0] & 0x0f) << 2) | ((data[1] & 0xc0) >>
+ 6)) != 0) {
+ result[0] = b64table[c];
+ result[1] = b64table[data[1] & 0x3f];
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 2;
+ } else {
+ result[0] = b64table[data[0] & 0x3f];
+ result[1] = '\0';
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 3;
+ }
+ }
+ break;
+ case 1:
+ if ((c = ((data[0] & 0xc0) >> 6)) != 0) {
+ result[0] = b64table[c];
+ result[1] = b64table[(data[0] & 0x3f) & 0xff];
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 2;
+ } else {
+ result[0] = b64table[(data[0] & 0x3f) & 0xff];
+ result[1] = '\0';
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 3;
+ }
+ break;
+ default:
+ return -1;
+ }
+
+ return ret;
}
@@ -147,56 +138,52 @@ encode (uint8_t * result, const uint8_t * rdata, int left)
* The result_size is the return value
*/
static int
-_gnutls_sbase64_encode (uint8_t * data, size_t data_size, char ** result)
+_gnutls_sbase64_encode(uint8_t * data, size_t data_size, char **result)
{
- unsigned i, j;
- int ret, tmp;
- uint8_t tmpres[4];
- int mod = data_size % 3;
+ unsigned i, j;
+ int ret, tmp;
+ uint8_t tmpres[4];
+ int mod = data_size % 3;
- ret = mod;
- if (ret != 0)
- ret = 4;
- else
- ret = 0;
+ ret = mod;
+ if (ret != 0)
+ ret = 4;
+ else
+ ret = 0;
- ret += (data_size * 4) / 3;
+ ret += (data_size * 4) / 3;
- (*result) = gnutls_calloc (1, ret + 1);
- if ((*result) == NULL)
- return -1;
+ (*result) = gnutls_calloc(1, ret + 1);
+ if ((*result) == NULL)
+ return -1;
- i = j = 0;
+ i = j = 0;
/* encode the bytes that are not a multiple of 3
*/
- if (mod > 0)
- {
- tmp = encode (tmpres, &data[0], mod);
- if (tmp < 0)
- {
- gnutls_free ((*result));
- return tmp;
- }
-
- memcpy (&(*result)[0], tmpres, tmp);
- i = mod;
- j = tmp;
-
- }
+ if (mod > 0) {
+ tmp = encode(tmpres, &data[0], mod);
+ if (tmp < 0) {
+ gnutls_free((*result));
+ return tmp;
+ }
+
+ memcpy(&(*result)[0], tmpres, tmp);
+ i = mod;
+ j = tmp;
+
+ }
/* encode the rest
*/
- for (; i < data_size; i += 3, j += 4)
- {
- tmp = encode (tmpres, &data[i], data_size - i);
- if (tmp < 0)
- {
- gnutls_free ((*result));
- return tmp;
- }
- memcpy (&(*result)[j], tmpres, tmp);
- }
-
- return strlen (*result);
+ for (; i < data_size; i += 3, j += 4) {
+ tmp = encode(tmpres, &data[i], data_size - i);
+ if (tmp < 0) {
+ gnutls_free((*result));
+ return tmp;
+ }
+ memcpy(&(*result)[j], tmpres, tmp);
+ }
+
+ return strlen(*result);
}
@@ -204,42 +191,41 @@ _gnutls_sbase64_encode (uint8_t * data, size_t data_size, char ** result)
* result should be 3 bytes
*/
#define TOASCII(c) (c < 127 ? asciitable[c] : 0xff)
-inline static int
-decode (uint8_t * result, const uint8_t * data)
+inline static int decode(uint8_t * result, const uint8_t * data)
{
- uint8_t a1, a2;
- int ret = 3;
-
- memset (result, 0, 3);
-
- a1 = TOASCII (data[3]);
- a2 = TOASCII (data[2]);
- if (a1 != 0xff)
- result[2] = a1 & 0xff;
- else
- return -1;
- if (a2 != 0xff)
- result[2] |= ((a2 & 0x03) << 6) & 0xff;
-
- a1 = a2;
- a2 = TOASCII (data[1]);
- if (a1 != 0xff)
- result[1] = ((a1 & 0x3c) >> 2);
- if (a2 != 0xff)
- result[1] |= ((a2 & 0x0f) << 4);
- else if (a1 == 0xff || result[1] == 0)
- ret--;
-
- a1 = a2;
- a2 = TOASCII (data[0]);
- if (a1 != 0xff)
- result[0] = (((a1 & 0x30) >> 4) & 0xff);
- if (a2 != 0xff)
- result[0] |= ((a2 << 2) & 0xff);
- else if (a1 == 0xff || result[0] == 0)
- ret--;
-
- return ret;
+ uint8_t a1, a2;
+ int ret = 3;
+
+ memset(result, 0, 3);
+
+ a1 = TOASCII(data[3]);
+ a2 = TOASCII(data[2]);
+ if (a1 != 0xff)
+ result[2] = a1 & 0xff;
+ else
+ return -1;
+ if (a2 != 0xff)
+ result[2] |= ((a2 & 0x03) << 6) & 0xff;
+
+ a1 = a2;
+ a2 = TOASCII(data[1]);
+ if (a1 != 0xff)
+ result[1] = ((a1 & 0x3c) >> 2);
+ if (a2 != 0xff)
+ result[1] |= ((a2 & 0x0f) << 4);
+ else if (a1 == 0xff || result[1] == 0)
+ ret--;
+
+ a1 = a2;
+ a2 = TOASCII(data[0]);
+ if (a1 != 0xff)
+ result[0] = (((a1 & 0x30) >> 4) & 0xff);
+ if (a2 != 0xff)
+ result[0] |= ((a2 << 2) & 0xff);
+ else if (a1 == 0xff || result[0] == 0)
+ ret--;
+
+ return ret;
}
/* decodes data and puts the result into result (locally allocated)
@@ -248,63 +234,59 @@ decode (uint8_t * result, const uint8_t * data)
* before calling it.
*/
int
-_gnutls_sbase64_decode (char * data, size_t idata_size, uint8_t ** result)
+_gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result)
{
- unsigned i, j;
- int ret, left;
- int data_size, tmp;
- uint8_t datrev[4];
- uint8_t tmpres[3];
-
- data_size = (idata_size / 4) * 4;
- left = idata_size % 4;
-
- ret = (data_size / 4) * 3;
-
- if (left > 0)
- ret += 3;
-
- (*result) = gnutls_malloc (ret + 1);
- if ((*result) == NULL)
- return -1;
-
- /* the first "block" is treated with special care */
- tmp = 0;
- if (left > 0)
- {
- memset (datrev, 0, 4);
- memcpy (&datrev[4 - left], data, left);
-
- tmp = decode (tmpres, datrev);
- if (tmp < 0)
- {
- gnutls_free ((*result));
- *result = NULL;
- return tmp;
- }
-
- memcpy (*result, &tmpres[3 - tmp], tmp);
- if (tmp < 3)
- ret -= (3 - tmp);
- }
-
- /* rest data */
- for (i = left, j = tmp; i < idata_size; i += 4)
- {
- tmp = decode (tmpres, (uint8_t*)&data[i]);
- if (tmp < 0)
- {
- gnutls_free ((*result));
- *result = NULL;
- return tmp;
- }
- memcpy (&(*result)[j], tmpres, tmp);
- if (tmp < 3)
- ret -= (3 - tmp);
- j += 3;
- }
-
- return ret;
+ unsigned i, j;
+ int ret, left;
+ int data_size, tmp;
+ uint8_t datrev[4];
+ uint8_t tmpres[3];
+
+ data_size = (idata_size / 4) * 4;
+ left = idata_size % 4;
+
+ ret = (data_size / 4) * 3;
+
+ if (left > 0)
+ ret += 3;
+
+ (*result) = gnutls_malloc(ret + 1);
+ if ((*result) == NULL)
+ return -1;
+
+ /* the first "block" is treated with special care */
+ tmp = 0;
+ if (left > 0) {
+ memset(datrev, 0, 4);
+ memcpy(&datrev[4 - left], data, left);
+
+ tmp = decode(tmpres, datrev);
+ if (tmp < 0) {
+ gnutls_free((*result));
+ *result = NULL;
+ return tmp;
+ }
+
+ memcpy(*result, &tmpres[3 - tmp], tmp);
+ if (tmp < 3)
+ ret -= (3 - tmp);
+ }
+
+ /* rest data */
+ for (i = left, j = tmp; i < idata_size; i += 4) {
+ tmp = decode(tmpres, (uint8_t *) & data[i]);
+ if (tmp < 0) {
+ gnutls_free((*result));
+ *result = NULL;
+ return tmp;
+ }
+ memcpy(&(*result)[j], tmpres, tmp);
+ if (tmp < 3)
+ ret -= (3 - tmp);
+ j += 3;
+ }
+
+ return ret;
}
/**
@@ -325,30 +307,27 @@ _gnutls_sbase64_decode (char * data, size_t idata_size, uint8_t ** result)
* long enough, or 0 on success.
**/
int
-gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
- size_t * result_size)
+gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result,
+ size_t * result_size)
{
- char *res;
- int size;
-
- size = _gnutls_sbase64_encode (data->data, data->size, &res);
- if (size < 0)
- return size;
-
- if (result == NULL || *result_size < (size_t) size)
- {
- gnutls_free (res);
- *result_size = size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- memcpy (result, res, size);
- gnutls_free (res);
- *result_size = size;
- }
-
- return 0;
+ char *res;
+ int size;
+
+ size = _gnutls_sbase64_encode(data->data, data->size, &res);
+ if (size < 0)
+ return size;
+
+ if (result == NULL || *result_size < (size_t) size) {
+ gnutls_free(res);
+ *result_size = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ memcpy(result, res, size);
+ gnutls_free(res);
+ *result_size = size;
+ }
+
+ return 0;
}
/**
@@ -369,28 +348,25 @@ gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
* Returns: 0 on success, or an error code.
**/
int
-gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
- gnutls_datum_t * result)
+gnutls_srp_base64_encode_alloc(const gnutls_datum_t * data,
+ gnutls_datum_t * result)
{
- char *res;
- int size;
-
- size = _gnutls_sbase64_encode (data->data, data->size, &res);
- if (size < 0)
- return size;
-
- if (result == NULL)
- {
- gnutls_free (res);
- return GNUTLS_E_INVALID_REQUEST;
- }
- else
- {
- result->data = (uint8_t*)res;
- result->size = size;
- }
-
- return 0;
+ char *res;
+ int size;
+
+ size = _gnutls_sbase64_encode(data->data, data->size, &res);
+ if (size < 0)
+ return size;
+
+ if (result == NULL) {
+ gnutls_free(res);
+ return GNUTLS_E_INVALID_REQUEST;
+ } else {
+ result->data = (uint8_t *) res;
+ result->size = size;
+ }
+
+ return 0;
}
/**
@@ -411,30 +387,29 @@ gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
* long enough, or 0 on success.
**/
int
-gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
- size_t * result_size)
+gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result,
+ size_t * result_size)
{
- uint8_t *res;
- int size;
-
- size = _gnutls_sbase64_decode ((char*)b64_data->data, b64_data->size, &res);
- if (size < 0)
- return size;
-
- if (result == NULL || *result_size < (size_t) size)
- {
- gnutls_free (res);
- *result_size = size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- memcpy (result, res, size);
- gnutls_free (res);
- *result_size = size;
- }
-
- return 0;
+ uint8_t *res;
+ int size;
+
+ size =
+ _gnutls_sbase64_decode((char *) b64_data->data, b64_data->size,
+ &res);
+ if (size < 0)
+ return size;
+
+ if (result == NULL || *result_size < (size_t) size) {
+ gnutls_free(res);
+ *result_size = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ memcpy(result, res, size);
+ gnutls_free(res);
+ *result_size = size;
+ }
+
+ return 0;
}
/**
@@ -454,28 +429,27 @@ gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
* Returns: 0 on success, or an error code.
**/
int
-gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
- gnutls_datum_t * result)
+gnutls_srp_base64_decode_alloc(const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result)
{
- uint8_t *ret;
- int size;
-
- size = _gnutls_sbase64_decode ((char*)b64_data->data, b64_data->size, &ret);
- if (size < 0)
- return size;
-
- if (result == NULL)
- {
- gnutls_free (ret);
- return GNUTLS_E_INVALID_REQUEST;
- }
- else
- {
- result->data = ret;
- result->size = size;
- }
-
- return 0;
+ uint8_t *ret;
+ int size;
+
+ size =
+ _gnutls_sbase64_decode((char *) b64_data->data, b64_data->size,
+ &ret);
+ if (size < 0)
+ return size;
+
+ if (result == NULL) {
+ gnutls_free(ret);
+ return GNUTLS_E_INVALID_REQUEST;
+ } else {
+ result->data = ret;
+ result->size = size;
+ }
+
+ return 0;
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 53e6276f7a..4a56bedd3c 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -29,10 +29,9 @@
#include <random.h>
#include <crypto.h>
-typedef struct api_cipher_hd_st
-{
- cipher_hd_st ctx_enc;
- cipher_hd_st ctx_dec;
+typedef struct api_cipher_hd_st {
+ cipher_hd_st ctx_enc;
+ cipher_hd_st ctx_dec;
} api_cipher_hd_st;
/**
@@ -52,27 +51,31 @@ typedef struct api_cipher_hd_st
* Since: 2.10.0
**/
int
-gnutls_cipher_init (gnutls_cipher_hd_t * handle,
- gnutls_cipher_algorithm_t cipher,
- const gnutls_datum_t * key, const gnutls_datum_t * iv)
+gnutls_cipher_init(gnutls_cipher_hd_t * handle,
+ gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key, const gnutls_datum_t * iv)
{
-api_cipher_hd_st * h;
-int ret;
-
- *handle = gnutls_calloc (1, sizeof (api_cipher_hd_st));
- if (*handle == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- h = *handle;
- ret = _gnutls_cipher_init (&h->ctx_enc, cipher_to_entry(cipher), key, iv, 1);
-
- if (ret >= 0 && _gnutls_cipher_is_aead(&h->ctx_enc) == 0) /* AEAD ciphers are stream - so far */
- ret = _gnutls_cipher_init (&h->ctx_dec, cipher_to_entry(cipher), key, iv, 0);
-
- return ret;
+ api_cipher_hd_st *h;
+ int ret;
+
+ *handle = gnutls_calloc(1, sizeof(api_cipher_hd_st));
+ if (*handle == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ h = *handle;
+ ret =
+ _gnutls_cipher_init(&h->ctx_enc, cipher_to_entry(cipher), key,
+ iv, 1);
+
+ if (ret >= 0 && _gnutls_cipher_is_aead(&h->ctx_enc) == 0) /* AEAD ciphers are stream - so far */
+ ret =
+ _gnutls_cipher_init(&h->ctx_dec,
+ cipher_to_entry(cipher), key, iv,
+ 0);
+
+ return ret;
}
/**
@@ -90,16 +93,16 @@ int ret;
* Since: 3.0
**/
int
-gnutls_cipher_tag (gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
+gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
- if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- _gnutls_cipher_tag( &h->ctx_enc, tag, tag_size);
-
- return 0;
+ _gnutls_cipher_tag(&h->ctx_enc, tag, tag_size);
+
+ return 0;
}
/**
@@ -118,16 +121,17 @@ api_cipher_hd_st * h = handle;
* Since: 3.0
**/
int
-gnutls_cipher_add_auth (gnutls_cipher_hd_t handle, const void *text, size_t text_size)
+gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *text,
+ size_t text_size)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
+
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ _gnutls_cipher_auth(&h->ctx_enc, text, text_size);
- _gnutls_cipher_auth( &h->ctx_enc, text, text_size);
-
- return 0;
+ return 0;
}
/**
@@ -142,14 +146,14 @@ api_cipher_hd_st * h = handle;
* Since: 3.0
**/
void
-gnutls_cipher_set_iv (gnutls_cipher_hd_t handle, void *iv, size_t ivlen)
+gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv, size_t ivlen)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
- _gnutls_cipher_setiv( &h->ctx_enc, iv, ivlen);
+ _gnutls_cipher_setiv(&h->ctx_enc, iv, ivlen);
- if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
- _gnutls_cipher_setiv( &h->ctx_dec, iv, ivlen);
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) == 0)
+ _gnutls_cipher_setiv(&h->ctx_dec, iv, ivlen);
}
/**
@@ -166,11 +170,12 @@ api_cipher_hd_st * h = handle;
* Since: 2.10.0
**/
int
-gnutls_cipher_encrypt (gnutls_cipher_hd_t handle, void *text, size_t textlen)
+gnutls_cipher_encrypt(gnutls_cipher_hd_t handle, void *text,
+ size_t textlen)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
- return _gnutls_cipher_encrypt (&h->ctx_enc, text, textlen);
+ return _gnutls_cipher_encrypt(&h->ctx_enc, text, textlen);
}
/**
@@ -190,15 +195,17 @@ api_cipher_hd_st * h = handle;
* Since: 2.10.0
**/
int
-gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext,
- size_t ciphertextlen)
+gnutls_cipher_decrypt(gnutls_cipher_hd_t handle, void *ciphertext,
+ size_t ciphertextlen)
{
-api_cipher_hd_st * h = handle;
-
- if (_gnutls_cipher_is_aead(&h->ctx_enc)!=0)
- return _gnutls_cipher_decrypt (&h->ctx_enc, ciphertext, ciphertextlen);
- else
- return _gnutls_cipher_decrypt (&h->ctx_dec, ciphertext, ciphertextlen);
+ api_cipher_hd_st *h = handle;
+
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) != 0)
+ return _gnutls_cipher_decrypt(&h->ctx_enc, ciphertext,
+ ciphertextlen);
+ else
+ return _gnutls_cipher_decrypt(&h->ctx_dec, ciphertext,
+ ciphertextlen);
}
/**
@@ -217,13 +224,14 @@ api_cipher_hd_st * h = handle;
* Since: 2.12.0
**/
int
-gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, const void *text, size_t textlen,
- void *ciphertext, size_t ciphertextlen)
+gnutls_cipher_encrypt2(gnutls_cipher_hd_t handle, const void *text,
+ size_t textlen, void *ciphertext,
+ size_t ciphertextlen)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
- return _gnutls_cipher_encrypt2 (&h->ctx_enc, text, textlen,
- ciphertext, ciphertextlen);
+ return _gnutls_cipher_encrypt2(&h->ctx_enc, text, textlen,
+ ciphertext, ciphertextlen);
}
/**
@@ -245,17 +253,19 @@ api_cipher_hd_st * h = handle;
* Since: 2.12.0
**/
int
-gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext,
- size_t ciphertextlen, void *text, size_t textlen)
+gnutls_cipher_decrypt2(gnutls_cipher_hd_t handle, const void *ciphertext,
+ size_t ciphertextlen, void *text, size_t textlen)
{
-api_cipher_hd_st * h = handle;
-
- if (_gnutls_cipher_is_aead(&h->ctx_enc)!=0)
- return _gnutls_cipher_decrypt2 (&h->ctx_enc, ciphertext,
- ciphertextlen, text, textlen);
- else
- return _gnutls_cipher_decrypt2 (&h->ctx_dec, ciphertext,
- ciphertextlen, text, textlen);
+ api_cipher_hd_st *h = handle;
+
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) != 0)
+ return _gnutls_cipher_decrypt2(&h->ctx_enc, ciphertext,
+ ciphertextlen, text,
+ textlen);
+ else
+ return _gnutls_cipher_decrypt2(&h->ctx_dec, ciphertext,
+ ciphertextlen, text,
+ textlen);
}
/**
@@ -267,15 +277,14 @@ api_cipher_hd_st * h = handle;
*
* Since: 2.10.0
**/
-void
-gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
+void gnutls_cipher_deinit(gnutls_cipher_hd_t handle)
{
-api_cipher_hd_st * h = handle;
+ api_cipher_hd_st *h = handle;
- _gnutls_cipher_deinit (&h->ctx_enc);
- if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
- _gnutls_cipher_deinit (&h->ctx_dec);
- gnutls_free (handle);
+ _gnutls_cipher_deinit(&h->ctx_enc);
+ if (_gnutls_cipher_is_aead(&h->ctx_enc) == 0)
+ _gnutls_cipher_deinit(&h->ctx_dec);
+ gnutls_free(handle);
}
@@ -301,19 +310,18 @@ api_cipher_hd_st * h = handle;
* Since: 2.10.0
**/
int
-gnutls_hmac_init (gnutls_hmac_hd_t * dig,
- gnutls_mac_algorithm_t algorithm,
- const void *key, size_t keylen)
+gnutls_hmac_init(gnutls_hmac_hd_t * dig,
+ gnutls_mac_algorithm_t algorithm,
+ const void *key, size_t keylen)
{
- *dig = gnutls_malloc (sizeof (mac_hd_st));
- if (*dig == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return _gnutls_mac_init (((mac_hd_st *) * dig),
- mac_to_entry(algorithm), key, keylen);
+ *dig = gnutls_malloc(sizeof(mac_hd_st));
+ if (*dig == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return _gnutls_mac_init(((mac_hd_st *) * dig),
+ mac_to_entry(algorithm), key, keylen);
}
/**
@@ -327,9 +335,10 @@ gnutls_hmac_init (gnutls_hmac_hd_t * dig,
* Since: 3.2.0
**/
void
-gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_len)
+gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle, const void *nonce,
+ size_t nonce_len)
{
- _gnutls_mac_set_nonce ((mac_hd_st *) handle, nonce, nonce_len);
+ _gnutls_mac_set_nonce((mac_hd_st *) handle, nonce, nonce_len);
}
/**
@@ -345,10 +354,9 @@ gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_
*
* Since: 2.10.0
**/
-int
-gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen)
+int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, size_t textlen)
{
- return _gnutls_mac ((mac_hd_st *) handle, text, textlen);
+ return _gnutls_mac((mac_hd_st *) handle, text, textlen);
}
/**
@@ -361,10 +369,9 @@ gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen)
*
* Since: 2.10.0
**/
-void
-gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
+void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest)
{
- _gnutls_mac_output ((mac_hd_st *) handle, digest);
+ _gnutls_mac_output((mac_hd_st *) handle, digest);
}
/**
@@ -377,11 +384,10 @@ gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
*
* Since: 2.10.0
**/
-void
-gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
+void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest)
{
- _gnutls_mac_deinit ((mac_hd_st *) handle, digest);
- gnutls_free (handle);
+ _gnutls_mac_deinit((mac_hd_st *) handle, digest);
+ gnutls_free(handle);
}
/**
@@ -395,10 +401,9 @@ gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
*
* Since: 2.10.0
**/
-int
-gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm)
+int gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm)
{
- return _gnutls_mac_get_algo_len (mac_to_entry(algorithm));
+ return _gnutls_mac_get_algo_len(mac_to_entry(algorithm));
}
/**
@@ -418,11 +423,12 @@ gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm)
* Since: 2.10.0
**/
int
-gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm,
- const void *key, size_t keylen,
- const void *text, size_t textlen, void *digest)
+gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm,
+ const void *key, size_t keylen,
+ const void *text, size_t textlen, void *digest)
{
- return _gnutls_mac_fast (algorithm, key, keylen, text, textlen, digest);
+ return _gnutls_mac_fast(algorithm, key, keylen, text, textlen,
+ digest);
}
/* HASH */
@@ -442,16 +448,17 @@ gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm,
* Since: 2.10.0
**/
int
-gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm)
+gnutls_hash_init(gnutls_hash_hd_t * dig,
+ gnutls_digest_algorithm_t algorithm)
{
- *dig = gnutls_malloc (sizeof (digest_hd_st));
- if (*dig == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return _gnutls_hash_init (((digest_hd_st *) * dig), mac_to_entry(algorithm));
+ *dig = gnutls_malloc(sizeof(digest_hd_st));
+ if (*dig == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return _gnutls_hash_init(((digest_hd_st *) * dig),
+ mac_to_entry(algorithm));
}
/**
@@ -467,10 +474,9 @@ gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm)
*
* Since: 2.10.0
**/
-int
-gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen)
+int gnutls_hash(gnutls_hash_hd_t handle, const void *text, size_t textlen)
{
- return _gnutls_hash ((digest_hd_st *) handle, text, textlen);
+ return _gnutls_hash((digest_hd_st *) handle, text, textlen);
}
/**
@@ -483,10 +489,9 @@ gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen)
*
* Since: 2.10.0
**/
-void
-gnutls_hash_output (gnutls_hash_hd_t handle, void *digest)
+void gnutls_hash_output(gnutls_hash_hd_t handle, void *digest)
{
- _gnutls_hash_output ((digest_hd_st *) handle, digest);
+ _gnutls_hash_output((digest_hd_st *) handle, digest);
}
/**
@@ -499,11 +504,10 @@ gnutls_hash_output (gnutls_hash_hd_t handle, void *digest)
*
* Since: 2.10.0
**/
-void
-gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
+void gnutls_hash_deinit(gnutls_hash_hd_t handle, void *digest)
{
- _gnutls_hash_deinit ((digest_hd_st *) handle, digest);
- gnutls_free (handle);
+ _gnutls_hash_deinit((digest_hd_st *) handle, digest);
+ gnutls_free(handle);
}
/**
@@ -517,10 +521,9 @@ gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
*
* Since: 2.10.0
**/
-int
-gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm)
+int gnutls_hash_get_len(gnutls_digest_algorithm_t algorithm)
{
- return _gnutls_hash_get_algo_len (mac_to_entry(algorithm));
+ return _gnutls_hash_get_algo_len(mac_to_entry(algorithm));
}
/**
@@ -538,10 +541,10 @@ gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm)
* Since: 2.10.0
**/
int
-gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest)
+gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest)
{
- return _gnutls_hash_fast (algorithm, text, textlen, digest);
+ return _gnutls_hash_fast(algorithm, text, textlen, digest);
}
/**
@@ -557,26 +560,23 @@ gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
*
* Since: 3.0
**/
-int
-gnutls_key_generate (gnutls_datum_t * key, unsigned int key_size)
+int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size)
{
- int ret;
-
- key->size = key_size;
- key->data = gnutls_malloc (key->size);
- if (!key->data)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, key->data, key->size);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (key);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ key->size = key_size;
+ key->data = gnutls_malloc(key->size);
+ if (!key->data) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, key->data, key->size);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(key);
+ return ret;
+ }
+
+ return 0;
}
diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c
index ebc67a9f2a..8840b1c123 100644
--- a/lib/crypto-backend.c
+++ b/lib/crypto-backend.c
@@ -35,12 +35,11 @@ int crypto_mac_prio = INT_MAX;
int crypto_digest_prio = INT_MAX;
int crypto_cipher_prio = INT_MAX;
-typedef struct algo_list
-{
- int algorithm;
- int priority;
- const void *alg_data;
- struct algo_list *next;
+typedef struct algo_list {
+ int algorithm;
+ int priority;
+ const void *alg_data;
+ struct algo_list *next;
} algo_list;
#define cipher_list algo_list
@@ -48,104 +47,92 @@ typedef struct algo_list
#define digest_list algo_list
static int
-_algo_register (algo_list * al, int algorithm, int priority, const void *s)
+_algo_register(algo_list * al, int algorithm, int priority, const void *s)
{
- algo_list *cl;
- algo_list *last_cl = al;
-
- if (al == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* look if there is any cipher with lowest priority. In that case do not add.
- */
- cl = al;
- while (cl && cl->alg_data)
- {
- if (cl->algorithm == algorithm)
- {
- if (cl->priority < priority)
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
- }
- else
- {
- /* the current has higher priority -> overwrite */
- cl->algorithm = algorithm;
- cl->priority = priority;
- cl->alg_data = s;
- return 0;
- }
- }
- cl = cl->next;
- if (cl)
- last_cl = cl;
- }
-
- cl = gnutls_calloc (1, sizeof (cipher_list));
-
- if (cl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- last_cl->algorithm = algorithm;
- last_cl->priority = priority;
- last_cl->alg_data = s;
- last_cl->next = cl;
-
- return 0;
+ algo_list *cl;
+ algo_list *last_cl = al;
+
+ if (al == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* look if there is any cipher with lowest priority. In that case do not add.
+ */
+ cl = al;
+ while (cl && cl->alg_data) {
+ if (cl->algorithm == algorithm) {
+ if (cl->priority < priority) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ } else {
+ /* the current has higher priority -> overwrite */
+ cl->algorithm = algorithm;
+ cl->priority = priority;
+ cl->alg_data = s;
+ return 0;
+ }
+ }
+ cl = cl->next;
+ if (cl)
+ last_cl = cl;
+ }
+
+ cl = gnutls_calloc(1, sizeof(cipher_list));
+
+ if (cl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ last_cl->algorithm = algorithm;
+ last_cl->priority = priority;
+ last_cl->alg_data = s;
+ last_cl->next = cl;
+
+ return 0;
}
-static const void *
-_get_algo (algo_list * al, int algo)
+static const void *_get_algo(algo_list * al, int algo)
{
- cipher_list *cl;
-
- /* look if there is any cipher with lowest priority. In that case do not add.
- */
- cl = al;
- while (cl && cl->alg_data)
- {
- if (cl->algorithm == algo)
- {
- return cl->alg_data;
- }
- cl = cl->next;
- }
-
- return NULL;
+ cipher_list *cl;
+
+ /* look if there is any cipher with lowest priority. In that case do not add.
+ */
+ cl = al;
+ while (cl && cl->alg_data) {
+ if (cl->algorithm == algo) {
+ return cl->alg_data;
+ }
+ cl = cl->next;
+ }
+
+ return NULL;
}
static cipher_list glob_cl = { GNUTLS_CIPHER_NULL, 0, NULL, NULL };
static mac_list glob_ml = { GNUTLS_MAC_NULL, 0, NULL, NULL };
static digest_list glob_dl = { GNUTLS_MAC_NULL, 0, NULL, NULL };
-static void
-_deregister (algo_list * cl)
+static void _deregister(algo_list * cl)
{
- algo_list *next;
-
- next = cl->next;
- cl->next = NULL;
- cl = next;
-
- while (cl)
- {
- next = cl->next;
- gnutls_free (cl);
- cl = next;
- }
+ algo_list *next;
+
+ next = cl->next;
+ cl->next = NULL;
+ cl = next;
+
+ while (cl) {
+ next = cl->next;
+ gnutls_free(cl);
+ cl = next;
+ }
}
-void
-_gnutls_crypto_deregister (void)
+void _gnutls_crypto_deregister(void)
{
- _deregister (&glob_cl);
- _deregister (&glob_ml);
- _deregister (&glob_dl);
+ _deregister(&glob_cl);
+ _deregister(&glob_ml);
+ _deregister(&glob_dl);
}
/*-
@@ -170,17 +157,17 @@ _gnutls_crypto_deregister (void)
* Since: 2.6.0
-*/
int
-gnutls_crypto_single_cipher_register (gnutls_cipher_algorithm_t algorithm,
- int priority,
- const gnutls_crypto_cipher_st * s)
+gnutls_crypto_single_cipher_register(gnutls_cipher_algorithm_t algorithm,
+ int priority,
+ const gnutls_crypto_cipher_st * s)
{
- return _algo_register (&glob_cl, algorithm, priority, s);
+ return _algo_register(&glob_cl, algorithm, priority, s);
}
-const gnutls_crypto_cipher_st *
-_gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo)
+const gnutls_crypto_cipher_st
+ *_gnutls_get_crypto_cipher(gnutls_cipher_algorithm_t algo)
{
- return _get_algo (&glob_cl, algo);
+ return _get_algo(&glob_cl, algo);
}
/*-
@@ -204,17 +191,15 @@ _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo)
* Since: 2.6.0
-*/
int
-gnutls_crypto_rnd_register (int priority,
- const gnutls_crypto_rnd_st * s)
+gnutls_crypto_rnd_register(int priority, const gnutls_crypto_rnd_st * s)
{
- if (crypto_rnd_prio > priority)
- {
- memcpy (&_gnutls_rnd_ops, s, sizeof (*s));
- crypto_rnd_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_rnd_prio > priority) {
+ memcpy(&_gnutls_rnd_ops, s, sizeof(*s));
+ crypto_rnd_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
/*-
@@ -239,17 +224,17 @@ gnutls_crypto_rnd_register (int priority,
* Since: 2.6.0
-*/
int
-gnutls_crypto_single_mac_register (gnutls_mac_algorithm_t algorithm,
- int priority,
- const gnutls_crypto_mac_st * s)
+gnutls_crypto_single_mac_register(gnutls_mac_algorithm_t algorithm,
+ int priority,
+ const gnutls_crypto_mac_st * s)
{
- return _algo_register (&glob_ml, algorithm, priority, s);
+ return _algo_register(&glob_ml, algorithm, priority, s);
}
-const gnutls_crypto_mac_st *
-_gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo)
+const gnutls_crypto_mac_st *_gnutls_get_crypto_mac(gnutls_mac_algorithm_t
+ algo)
{
- return _get_algo (&glob_ml, algo);
+ return _get_algo(&glob_ml, algo);
}
/*-
@@ -274,17 +259,17 @@ _gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo)
* Since: 2.6.0
-*/
int
-gnutls_crypto_single_digest_register (gnutls_digest_algorithm_t algorithm,
- int priority,
- const gnutls_crypto_digest_st * s)
+gnutls_crypto_single_digest_register(gnutls_digest_algorithm_t algorithm,
+ int priority,
+ const gnutls_crypto_digest_st * s)
{
- return _algo_register (&glob_dl, algorithm, priority, s);
+ return _algo_register(&glob_dl, algorithm, priority, s);
}
-const gnutls_crypto_digest_st *
-_gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo)
+const gnutls_crypto_digest_st
+ *_gnutls_get_crypto_digest(gnutls_digest_algorithm_t algo)
{
- return _get_algo (&glob_dl, algo);
+ return _get_algo(&glob_dl, algo);
}
/*-
@@ -311,17 +296,16 @@ _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo)
* Since: 2.6.0
-*/
int
-gnutls_crypto_bigint_register (int priority,
- const gnutls_crypto_bigint_st * s)
+gnutls_crypto_bigint_register(int priority,
+ const gnutls_crypto_bigint_st * s)
{
- if (crypto_bigint_prio > priority)
- {
- memcpy (&_gnutls_mpi_ops, s, sizeof (*s));
- crypto_bigint_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_bigint_prio > priority) {
+ memcpy(&_gnutls_mpi_ops, s, sizeof(*s));
+ crypto_bigint_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
/*-
@@ -347,18 +331,15 @@ gnutls_crypto_bigint_register (int priority,
*
* Since: 2.6.0
-*/
-int
-gnutls_crypto_pk_register (int priority,
- const gnutls_crypto_pk_st * s)
+int gnutls_crypto_pk_register(int priority, const gnutls_crypto_pk_st * s)
{
- if (crypto_pk_prio > priority)
- {
- memcpy (&_gnutls_pk_ops, s, sizeof (*s));
- crypto_pk_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_pk_prio > priority) {
+ memcpy(&_gnutls_pk_ops, s, sizeof(*s));
+ crypto_pk_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
/*-
@@ -382,17 +363,16 @@ gnutls_crypto_pk_register (int priority,
* Since: 2.6.0
-*/
int
-gnutls_crypto_cipher_register (int priority,
- const gnutls_crypto_cipher_st * s)
+gnutls_crypto_cipher_register(int priority,
+ const gnutls_crypto_cipher_st * s)
{
- if (crypto_cipher_prio > priority)
- {
- memcpy (&_gnutls_cipher_ops, s, sizeof (*s));
- crypto_cipher_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_cipher_prio > priority) {
+ memcpy(&_gnutls_cipher_ops, s, sizeof(*s));
+ crypto_cipher_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
/*-
@@ -416,17 +396,15 @@ gnutls_crypto_cipher_register (int priority,
* Since: 2.6.0
-*/
int
-gnutls_crypto_mac_register (int priority,
- const gnutls_crypto_mac_st * s)
+gnutls_crypto_mac_register(int priority, const gnutls_crypto_mac_st * s)
{
- if (crypto_mac_prio > priority)
- {
- memcpy (&_gnutls_mac_ops, s, sizeof (*s));
- crypto_mac_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_mac_prio > priority) {
+ memcpy(&_gnutls_mac_ops, s, sizeof(*s));
+ crypto_mac_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
/*-
@@ -450,15 +428,14 @@ gnutls_crypto_mac_register (int priority,
* Since: 2.6.0
-*/
int
-gnutls_crypto_digest_register (int priority,
- const gnutls_crypto_digest_st * s)
+gnutls_crypto_digest_register(int priority,
+ const gnutls_crypto_digest_st * s)
{
- if (crypto_digest_prio > priority)
- {
- memcpy (&_gnutls_digest_ops, s, sizeof (*s));
- crypto_digest_prio = priority;
- return 0;
- }
-
- return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ if (crypto_digest_prio > priority) {
+ memcpy(&_gnutls_digest_ops, s, sizeof(*s));
+ crypto_digest_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
}
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
index 53e71f62a8..ad0e92d37e 100644
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -21,77 +21,74 @@
*/
#ifndef GNUTLS_CRYPTO_BACKEND_H
-# define GNUTLS_CRYPTO_BACKEND_H
-
-# include <gnutls/crypto.h>
-
-# define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
-# define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
-# define gnutls_crypto_single_digest_st gnutls_crypto_digest_st
-
- typedef struct
- {
- int (*init) (gnutls_cipher_algorithm_t, void **ctx, int enc);
- int (*setkey) (void *ctx, const void *key, size_t keysize);
- int (*setiv) (void *ctx, const void *iv, size_t ivsize);
- int (*encrypt) (void *ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize);
- int (*decrypt) (void *ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize);
- int (*auth) (void *ctx, const void *data, size_t datasize);
- void (*tag) (void *ctx, void *tag, size_t tagsize);
- void (*deinit) (void *ctx);
-
- /* Not needed for registered on run-time. Only included
- * should define it. */
- int (*exists) (gnutls_cipher_algorithm_t); /* true/false */
- } gnutls_crypto_cipher_st;
-
- typedef struct
- {
- int (*init) (gnutls_mac_algorithm_t, void **ctx);
- int (*setkey) (void *ctx, const void *key, size_t keysize);
- int (*setnonce) (void *ctx, const void *nonce, size_t noncesize);
- int (*hash) (void *ctx, const void *text, size_t textsize);
- int (*output) (void *src_ctx, void *digest, size_t digestsize);
- void (*deinit) (void *ctx);
- int (*fast)(gnutls_mac_algorithm_t, const void* nonce, size_t nonce_size,
- const void *key, size_t keysize, const void *text, size_t textsize, void *digest);
-
- /* Not needed for registered on run-time. Only included
- * should define it. */
- int (*exists) (gnutls_mac_algorithm_t);
- } gnutls_crypto_mac_st;
-
- typedef struct
- {
- int (*init) (gnutls_digest_algorithm_t, void **ctx);
- int (*hash) (void *ctx, const void *src, size_t srcsize);
- int (*output) (void *src_ctx, void *digest, size_t digestsize);
- void (*deinit) (void *ctx);
- int (*fast)(gnutls_digest_algorithm_t, const void *src, size_t srcsize, void *digest);
-
- /* Not needed for registered on run-time. Only included
- * should define it. */
- int (*exists) (gnutls_digest_algorithm_t);
- } gnutls_crypto_digest_st;
-
- typedef struct gnutls_crypto_rnd
- {
- int (*init) (void **ctx);
- int (*rnd) (void *ctx, int level, void *data, size_t datasize);
- void (*rnd_refresh) (void *ctx);
- void (*deinit) (void *ctx);
- } gnutls_crypto_rnd_st;
-
- typedef void *bigint_t;
-
- typedef struct
- {
- bigint_t g; /* group generator */
- bigint_t p; /* prime */
- int q_bits; /* the number of bits of q */
- } gnutls_group_st;
+#define GNUTLS_CRYPTO_BACKEND_H
+
+#include <gnutls/crypto.h>
+
+#define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
+#define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
+#define gnutls_crypto_single_digest_st gnutls_crypto_digest_st
+
+typedef struct {
+ int (*init) (gnutls_cipher_algorithm_t, void **ctx, int enc);
+ int (*setkey) (void *ctx, const void *key, size_t keysize);
+ int (*setiv) (void *ctx, const void *iv, size_t ivsize);
+ int (*encrypt) (void *ctx, const void *plain, size_t plainsize,
+ void *encr, size_t encrsize);
+ int (*decrypt) (void *ctx, const void *encr, size_t encrsize,
+ void *plain, size_t plainsize);
+ int (*auth) (void *ctx, const void *data, size_t datasize);
+ void (*tag) (void *ctx, void *tag, size_t tagsize);
+ void (*deinit) (void *ctx);
+
+ /* Not needed for registered on run-time. Only included
+ * should define it. */
+ int (*exists) (gnutls_cipher_algorithm_t); /* true/false */
+} gnutls_crypto_cipher_st;
+
+typedef struct {
+ int (*init) (gnutls_mac_algorithm_t, void **ctx);
+ int (*setkey) (void *ctx, const void *key, size_t keysize);
+ int (*setnonce) (void *ctx, const void *nonce, size_t noncesize);
+ int (*hash) (void *ctx, const void *text, size_t textsize);
+ int (*output) (void *src_ctx, void *digest, size_t digestsize);
+ void (*deinit) (void *ctx);
+ int (*fast) (gnutls_mac_algorithm_t, const void *nonce,
+ size_t nonce_size, const void *key, size_t keysize,
+ const void *text, size_t textsize, void *digest);
+
+ /* Not needed for registered on run-time. Only included
+ * should define it. */
+ int (*exists) (gnutls_mac_algorithm_t);
+} gnutls_crypto_mac_st;
+
+typedef struct {
+ int (*init) (gnutls_digest_algorithm_t, void **ctx);
+ int (*hash) (void *ctx, const void *src, size_t srcsize);
+ int (*output) (void *src_ctx, void *digest, size_t digestsize);
+ void (*deinit) (void *ctx);
+ int (*fast) (gnutls_digest_algorithm_t, const void *src,
+ size_t srcsize, void *digest);
+
+ /* Not needed for registered on run-time. Only included
+ * should define it. */
+ int (*exists) (gnutls_digest_algorithm_t);
+} gnutls_crypto_digest_st;
+
+typedef struct gnutls_crypto_rnd {
+ int (*init) (void **ctx);
+ int (*rnd) (void *ctx, int level, void *data, size_t datasize);
+ void (*rnd_refresh) (void *ctx);
+ void (*deinit) (void *ctx);
+} gnutls_crypto_rnd_st;
+
+typedef void *bigint_t;
+
+typedef struct {
+ bigint_t g; /* group generator */
+ bigint_t p; /* prime */
+ int q_bits; /* the number of bits of q */
+} gnutls_group_st;
/**
* gnutls_bigint_format_t:
@@ -102,85 +99,88 @@
*
* Enumeration of different bignum integer encoding formats.
*/
- typedef enum
- {
- /* raw unsigned integer format */
- GNUTLS_MPI_FORMAT_USG = 0,
- /* raw signed integer format - always a leading zero when positive */
- GNUTLS_MPI_FORMAT_STD = 1,
- /* the pgp integer format */
- GNUTLS_MPI_FORMAT_PGP = 2
- } gnutls_bigint_format_t;
+typedef enum {
+ /* raw unsigned integer format */
+ GNUTLS_MPI_FORMAT_USG = 0,
+ /* raw signed integer format - always a leading zero when positive */
+ GNUTLS_MPI_FORMAT_STD = 1,
+ /* the pgp integer format */
+ GNUTLS_MPI_FORMAT_PGP = 2
+} gnutls_bigint_format_t;
/* Multi precision integer arithmetic */
- typedef struct gnutls_crypto_bigint
- {
- bigint_t (*bigint_new) (int nbits);
- void (*bigint_release) (bigint_t n);
- void (*bigint_clear) (bigint_t n); /* zeros the int */
- /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */
- int (*bigint_cmp) (const bigint_t m1, const bigint_t m2);
- /* as bigint_cmp */
- int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2);
- /* ret = a % b */
- bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b);
- /* a = b -> ret == a */
- bigint_t (*bigint_set) (bigint_t a, const bigint_t b);
- /* a = b -> ret == a */
- bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b);
- unsigned int (*bigint_get_nbits) (const bigint_t a);
- /* w = b ^ e mod m */
- bigint_t (*bigint_powm) (bigint_t w, const bigint_t b,
- const bigint_t e, const bigint_t m);
- /* w = a + b mod m */
- bigint_t (*bigint_addm) (bigint_t w, const bigint_t a,
- const bigint_t b, const bigint_t m);
- /* w = a - b mod m */
- bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m);
- /* w = a * b mod m */
- bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m);
- /* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a,
- const bigint_t b);
- /* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a,
- const bigint_t b);
- /* w = a * b */
- bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b);
- /* w = a + b */
- bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a,
- unsigned long b);
- /* w = a - b */
- bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a,
- unsigned long b);
- /* w = a * b */
- bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a,
- unsigned long b);
- /* q = a / b */
- bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b);
- /* 0 if prime */
- int (*bigint_prime_check) (const bigint_t pp);
- int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits);
-
- /* reads a bigint from a buffer */
- /* stores a bigint into the buffer. returns
- * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to
- * store this integer, and updates the buf_size;
- */
- bigint_t (*bigint_scan) (const void *buf, size_t buf_size,
- gnutls_bigint_format_t format);
- int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size,
- gnutls_bigint_format_t format);
- } gnutls_crypto_bigint_st;
+typedef struct gnutls_crypto_bigint {
+ bigint_t(*bigint_new) (int nbits);
+ void (*bigint_release) (bigint_t n);
+ void (*bigint_clear) (bigint_t n); /* zeros the int */
+ /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */
+ int (*bigint_cmp) (const bigint_t m1, const bigint_t m2);
+ /* as bigint_cmp */
+ int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2);
+ /* ret = a % b */
+ bigint_t(*bigint_mod) (const bigint_t a, const bigint_t b);
+ /* a = b -> ret == a */
+ bigint_t(*bigint_set) (bigint_t a, const bigint_t b);
+ /* a = b -> ret == a */
+ bigint_t(*bigint_set_ui) (bigint_t a, unsigned long b);
+ unsigned int (*bigint_get_nbits) (const bigint_t a);
+ /* w = b ^ e mod m */
+ bigint_t(*bigint_powm) (bigint_t w, const bigint_t b,
+ const bigint_t e, const bigint_t m);
+ /* w = a + b mod m */
+ bigint_t(*bigint_addm) (bigint_t w, const bigint_t a,
+ const bigint_t b, const bigint_t m);
+ /* w = a - b mod m */
+ bigint_t(*bigint_subm) (bigint_t w, const bigint_t a,
+ const bigint_t b, const bigint_t m);
+ /* w = a * b mod m */
+ bigint_t(*bigint_mulm) (bigint_t w, const bigint_t a,
+ const bigint_t b, const bigint_t m);
+ /* w = a + b */ bigint_t(*bigint_add) (bigint_t w,
+ const bigint_t a,
+ const bigint_t b);
+ /* w = a - b */ bigint_t(*bigint_sub) (bigint_t w,
+ const bigint_t a,
+ const bigint_t b);
+ /* w = a * b */
+ bigint_t(*bigint_mul) (bigint_t w, const bigint_t a,
+ const bigint_t b);
+ /* w = a + b */
+ bigint_t(*bigint_add_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* w = a - b */
+ bigint_t(*bigint_sub_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* w = a * b */
+ bigint_t(*bigint_mul_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* q = a / b */
+ bigint_t(*bigint_div) (bigint_t q, const bigint_t a,
+ const bigint_t b);
+ /* 0 if prime */
+ int (*bigint_prime_check) (const bigint_t pp);
+ int (*bigint_generate_group) (gnutls_group_st * gg,
+ unsigned int bits);
+
+ /* reads a bigint from a buffer */
+ /* stores a bigint into the buffer. returns
+ * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to
+ * store this integer, and updates the buf_size;
+ */
+ bigint_t(*bigint_scan) (const void *buf, size_t buf_size,
+ gnutls_bigint_format_t format);
+ int (*bigint_print) (const bigint_t a, void *buf,
+ size_t * buf_size,
+ gnutls_bigint_format_t format);
+} gnutls_crypto_bigint_st;
#define GNUTLS_MAX_PK_PARAMS 16
- typedef struct
- {
- bigint_t params[GNUTLS_MAX_PK_PARAMS];
- unsigned int params_nr; /* the number of parameters */
- unsigned int flags;
- } gnutls_pk_params_st;
+typedef struct {
+ bigint_t params[GNUTLS_MAX_PK_PARAMS];
+ unsigned int params_nr; /* the number of parameters */
+ unsigned int flags;
+} gnutls_pk_params_st;
/**
* gnutls_pk_flag_t:
@@ -188,18 +188,17 @@
*
* Enumeration of public-key flag.
*/
- typedef enum
- {
- GNUTLS_PK_FLAG_NONE = 0
- } gnutls_pk_flag_t;
+typedef enum {
+ GNUTLS_PK_FLAG_NONE = 0
+} gnutls_pk_flag_t;
- void gnutls_pk_params_release (gnutls_pk_params_st * p);
- void gnutls_pk_params_clear (gnutls_pk_params_st * p);
- void gnutls_pk_params_init (gnutls_pk_params_st * p);
+void gnutls_pk_params_release(gnutls_pk_params_st * p);
+void gnutls_pk_params_clear(gnutls_pk_params_st * p);
+void gnutls_pk_params_init(gnutls_pk_params_st * p);
-#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
+#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
/* parameters should not be larger than this limit */
#define DSA_PUBLIC_PARAMS 4
@@ -207,7 +206,7 @@
#define ECC_PUBLIC_PARAMS 2
-#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
+#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
/* parameters should not be larger than this limit */
#define DSA_PRIVATE_PARAMS 5
@@ -286,83 +285,81 @@
*
* Enumeration of different directions.
*/
- typedef enum
- {
- GNUTLS_IMPORT = 0,
- GNUTLS_EXPORT = 1
- } gnutls_direction_t;
+typedef enum {
+ GNUTLS_IMPORT = 0,
+ GNUTLS_EXPORT = 1
+} gnutls_direction_t;
/* Public key algorithms */
- typedef struct gnutls_crypto_pk
- {
- /* The params structure should contain the private or public key
- * parameters, depending on the operation */
- int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- const gnutls_pk_params_st * pub);
- int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- const gnutls_pk_params_st * priv);
-
- int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
- const gnutls_datum_t * data,
- const gnutls_pk_params_st * priv);
- int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data,
- const gnutls_datum_t * sig,
- const gnutls_pk_params_st * pub);
- /* given a signature and the public parameters,
- * suggest a hash algorithm */
- int (*hash_algorithm) (gnutls_pk_algorithm_t,
- const gnutls_datum_t * sig,
- gnutls_pk_params_st * issuer_params,
- gnutls_digest_algorithm_t*);
- /* sanity checks the public key parameters */
- int (*verify_params) (gnutls_pk_algorithm_t,
- const gnutls_pk_params_st * pub);
- int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits,
- gnutls_pk_params_st *);
- /* this function should convert params to ones suitable
- * for the above functions
- */
- int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t,
- gnutls_pk_params_st *);
- int (*derive) (gnutls_pk_algorithm_t, gnutls_datum_t * out,
- const gnutls_pk_params_st * priv,
- const gnutls_pk_params_st * pub);
-
-
- } gnutls_crypto_pk_st;
+typedef struct gnutls_crypto_pk {
+ /* The params structure should contain the private or public key
+ * parameters, depending on the operation */
+ int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pub);
+ int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * priv);
+
+ int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
+ const gnutls_datum_t * data,
+ const gnutls_pk_params_st * priv);
+ int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data,
+ const gnutls_datum_t * sig,
+ const gnutls_pk_params_st * pub);
+ /* given a signature and the public parameters,
+ * suggest a hash algorithm */
+ int (*hash_algorithm) (gnutls_pk_algorithm_t,
+ const gnutls_datum_t * sig,
+ gnutls_pk_params_st * issuer_params,
+ gnutls_digest_algorithm_t *);
+ /* sanity checks the public key parameters */
+ int (*verify_params) (gnutls_pk_algorithm_t,
+ const gnutls_pk_params_st * pub);
+ int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits,
+ gnutls_pk_params_st *);
+ /* this function should convert params to ones suitable
+ * for the above functions
+ */
+ int (*pk_fixup_private_params) (gnutls_pk_algorithm_t,
+ gnutls_direction_t,
+ gnutls_pk_params_st *);
+ int (*derive) (gnutls_pk_algorithm_t, gnutls_datum_t * out,
+ const gnutls_pk_params_st * priv,
+ const gnutls_pk_params_st * pub);
+
+
+} gnutls_crypto_pk_st;
/* priority: infinity for backend algorithms, 90 for kernel
algorithms, lowest wins
*/
- int gnutls_crypto_single_cipher_register (gnutls_cipher_algorithm_t
- algorithm, int priority,
- const
- gnutls_crypto_single_cipher_st *
- s);
- int gnutls_crypto_single_mac_register (gnutls_mac_algorithm_t algorithm,
- int priority,
- const gnutls_crypto_single_mac_st *
- s);
- int gnutls_crypto_single_digest_register (gnutls_digest_algorithm_t
- algorithm, int priority,
- const
- gnutls_crypto_single_digest_st *
- s);
-
- int gnutls_crypto_cipher_register (int priority,
- const gnutls_crypto_cipher_st * s);
- int gnutls_crypto_mac_register (int priority,
- const gnutls_crypto_mac_st * s);
- int gnutls_crypto_digest_register (int priority,
- const gnutls_crypto_digest_st * s);
-
- int gnutls_crypto_rnd_register (int priority,
- const gnutls_crypto_rnd_st * s);
- int gnutls_crypto_pk_register (int priority,
- const gnutls_crypto_pk_st * s);
- int gnutls_crypto_bigint_register (int priority,
- const gnutls_crypto_bigint_st * s);
+int gnutls_crypto_single_cipher_register(gnutls_cipher_algorithm_t
+ algorithm, int priority,
+ const
+ gnutls_crypto_single_cipher_st *
+ s);
+int gnutls_crypto_single_mac_register(gnutls_mac_algorithm_t algorithm,
+ int priority,
+ const gnutls_crypto_single_mac_st *
+ s);
+int gnutls_crypto_single_digest_register(gnutls_digest_algorithm_t
+ algorithm, int priority,
+ const
+ gnutls_crypto_single_digest_st *
+ s);
+
+int gnutls_crypto_cipher_register(int priority,
+ const gnutls_crypto_cipher_st * s);
+int gnutls_crypto_mac_register(int priority,
+ const gnutls_crypto_mac_st * s);
+int gnutls_crypto_digest_register(int priority,
+ const gnutls_crypto_digest_st * s);
+
+int gnutls_crypto_rnd_register(int priority,
+ const gnutls_crypto_rnd_st * s);
+int gnutls_crypto_pk_register(int priority, const gnutls_crypto_pk_st * s);
+int gnutls_crypto_bigint_register(int priority,
+ const gnutls_crypto_bigint_st * s);
#endif
diff --git a/lib/crypto.h b/lib/crypto.h
index 2ba236db84..d084420a3c 100644
--- a/lib/crypto.h
+++ b/lib/crypto.h
@@ -24,11 +24,11 @@
#define CRYPTO_H
const gnutls_crypto_cipher_st
- * _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo);
+ * _gnutls_get_crypto_cipher(gnutls_cipher_algorithm_t algo);
const gnutls_crypto_digest_st
- * _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo);
-const gnutls_crypto_mac_st *_gnutls_get_crypto_mac (gnutls_mac_algorithm_t
- algo);
-void _gnutls_crypto_deregister (void);
+ * _gnutls_get_crypto_digest(gnutls_digest_algorithm_t algo);
+const gnutls_crypto_mac_st *_gnutls_get_crypto_mac(gnutls_mac_algorithm_t
+ algo);
+void _gnutls_crypto_deregister(void);
-#endif /* CRYPTO_H */
+#endif /* CRYPTO_H */
diff --git a/lib/debug.c b/lib/debug.c
index cff40b2d11..a131519e81 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -28,49 +28,46 @@
#include <gnutls_mpi.h>
#ifdef DEBUG
-void
-_gnutls_dump_mpi (const char *prefix, bigint_t a)
+void _gnutls_dump_mpi(const char *prefix, bigint_t a)
{
- char buf[400];
- char buf_hex[2 * sizeof (buf)];
- size_t n = sizeof buf;
+ char buf[400];
+ char buf_hex[2 * sizeof(buf)];
+ size_t n = sizeof buf;
- if (_gnutls_mpi_print (a, buf, &n))
- strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */
- _gnutls_debug_log ("MPI: length: %d\n\t%s%s\n", (int) n, prefix,
- _gnutls_bin2hex (buf, n, buf_hex, sizeof (buf_hex),
- NULL));
+ if (_gnutls_mpi_print(a, buf, &n))
+ strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */
+ _gnutls_debug_log("MPI: length: %d\n\t%s%s\n", (int) n, prefix,
+ _gnutls_bin2hex(buf, n, buf_hex, sizeof(buf_hex),
+ NULL));
}
void
-_gnutls_dump_vector (const char *prefix, const uint8_t *a, size_t a_size)
+_gnutls_dump_vector(const char *prefix, const uint8_t * a, size_t a_size)
{
- char buf_hex[2 * a_size];
+ char buf_hex[2 * a_size];
- _gnutls_debug_log ("Vector: length: %d\n\t%s%s\n", (int) a_size, prefix,
- _gnutls_bin2hex (a, a_size, buf_hex, sizeof (buf_hex),
- NULL));
+ _gnutls_debug_log("Vector: length: %d\n\t%s%s\n", (int) a_size,
+ prefix, _gnutls_bin2hex(a, a_size, buf_hex,
+ sizeof(buf_hex), NULL));
}
#endif
-const char *
-_gnutls_packet2str (content_type_t packet)
+const char *_gnutls_packet2str(content_type_t packet)
{
- switch (packet)
- {
- case GNUTLS_CHANGE_CIPHER_SPEC:
- return "ChangeCipherSpec";
- case GNUTLS_ALERT:
- return "Alert";
- case GNUTLS_HANDSHAKE:
- return "Handshake";
- case GNUTLS_APPLICATION_DATA:
- return "Application Data";
- case GNUTLS_HEARTBEAT:
- return "HeartBeat";
- default:
- return "Unknown Packet";
- }
+ switch (packet) {
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ return "ChangeCipherSpec";
+ case GNUTLS_ALERT:
+ return "Alert";
+ case GNUTLS_HANDSHAKE:
+ return "Handshake";
+ case GNUTLS_APPLICATION_DATA:
+ return "Application Data";
+ case GNUTLS_HEARTBEAT:
+ return "HeartBeat";
+ default:
+ return "Unknown Packet";
+ }
}
/**
@@ -82,60 +79,60 @@ _gnutls_packet2str (content_type_t packet)
* Returns: a string that contains the name of the specified handshake
* message or %NULL.
**/
-const char *
-gnutls_handshake_description_get_name (gnutls_handshake_description_t type)
+const char
+ *gnutls_handshake_description_get_name(gnutls_handshake_description_t
+ type)
{
- switch (type)
- {
- case GNUTLS_HANDSHAKE_HELLO_REQUEST:
- return "HELLO REQUEST";
- break;
- case GNUTLS_HANDSHAKE_CLIENT_HELLO:
- return "CLIENT HELLO";
- break;
- case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
- return "SSL2 CLIENT HELLO";
- break;
- case GNUTLS_HANDSHAKE_SERVER_HELLO:
- return "SERVER HELLO";
- break;
- case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
- return "HELLO VERIFY REQUEST";
- break;
- case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
- return "CERTIFICATE";
- break;
- case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
- return "SERVER KEY EXCHANGE";
- break;
- case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
- return "CERTIFICATE REQUEST";
- break;
- case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
- return "SERVER HELLO DONE";
- break;
- case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
- return "CERTIFICATE VERIFY";
- break;
- case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
- return "CLIENT KEY EXCHANGE";
- break;
- case GNUTLS_HANDSHAKE_FINISHED:
- return "FINISHED";
- break;
- case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
- return "SUPPLEMENTAL";
- break;
- case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
- return "CERTIFICATE STATUS";
- break;
- case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
- return "NEW SESSION TICKET";
- break;
- case GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC:
- return "CHANGE CIPHER SPEC";
- break;
- default:
- return "Unknown Handshake packet";
- }
+ switch (type) {
+ case GNUTLS_HANDSHAKE_HELLO_REQUEST:
+ return "HELLO REQUEST";
+ break;
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO:
+ return "CLIENT HELLO";
+ break;
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
+ return "SSL2 CLIENT HELLO";
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_HELLO:
+ return "SERVER HELLO";
+ break;
+ case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
+ return "HELLO VERIFY REQUEST";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
+ return "CERTIFICATE";
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
+ return "SERVER KEY EXCHANGE";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
+ return "CERTIFICATE REQUEST";
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
+ return "SERVER HELLO DONE";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ return "CERTIFICATE VERIFY";
+ break;
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ return "CLIENT KEY EXCHANGE";
+ break;
+ case GNUTLS_HANDSHAKE_FINISHED:
+ return "FINISHED";
+ break;
+ case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
+ return "SUPPLEMENTAL";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
+ return "CERTIFICATE STATUS";
+ break;
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
+ return "NEW SESSION TICKET";
+ break;
+ case GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC:
+ return "CHANGE CIPHER SPEC";
+ break;
+ default:
+ return "Unknown Handshake packet";
+ }
}
diff --git a/lib/debug.h b/lib/debug.h
index e8b9a3428e..1c3ab1b013 100644
--- a/lib/debug.h
+++ b/lib/debug.h
@@ -20,12 +20,16 @@
*
*/
-const char *_gnutls_packet2str (content_type_t packet);
-inline static const char* _gnutls_handshake2str(unsigned x)
+const char *_gnutls_packet2str(content_type_t packet);
+inline static const char *_gnutls_handshake2str(unsigned x)
{
-const char* s = gnutls_handshake_description_get_name(x);
- if (s == NULL) return "Unknown Handshake packet";
- else return s;
+ const char *s = gnutls_handshake_description_get_name(x);
+ if (s == NULL)
+ return "Unknown Handshake packet";
+ else
+ return s;
}
-void _gnutls_dump_mpi (const char *prefix, bigint_t a);
-void _gnutls_dump_vector (const char *prefix, const uint8_t *a, size_t a_size);
+
+void _gnutls_dump_mpi(const char *prefix, bigint_t a);
+void _gnutls_dump_vector(const char *prefix, const uint8_t * a,
+ size_t a_size);
diff --git a/lib/ext/alpn.c b/lib/ext/alpn.c
index 3179d3aed6..b2f0f11a13 100644
--- a/lib/ext/alpn.c
+++ b/lib/ext/alpn.c
@@ -24,160 +24,174 @@
#include "gnutls_num.h"
#include <ext/alpn.h>
-static int _gnutls_alpn_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_alpn_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
+static int _gnutls_alpn_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_alpn_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
-static int _gnutls_alpn_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int _gnutls_alpn_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
-static void _gnutls_alpn_deinit_data (extension_priv_data_t priv);
+static int _gnutls_alpn_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_alpn_pack(extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void _gnutls_alpn_deinit_data(extension_priv_data_t priv);
extension_entry_st ext_mod_alpn = {
- .name = "ALPN",
- .type = GNUTLS_EXTENSION_ALPN,
- .parse_type = GNUTLS_EXT_APPLICATION,
-
- .recv_func = _gnutls_alpn_recv_params,
- .send_func = _gnutls_alpn_send_params,
- .pack_func = _gnutls_alpn_pack,
- .unpack_func = _gnutls_alpn_unpack,
- .deinit_func = _gnutls_alpn_deinit_data,
+ .name = "ALPN",
+ .type = GNUTLS_EXTENSION_ALPN,
+ .parse_type = GNUTLS_EXT_APPLICATION,
+
+ .recv_func = _gnutls_alpn_recv_params,
+ .send_func = _gnutls_alpn_send_params,
+ .pack_func = _gnutls_alpn_pack,
+ .unpack_func = _gnutls_alpn_unpack,
+ .deinit_func = _gnutls_alpn_deinit_data,
};
static int
-_gnutls_alpn_recv_params (gnutls_session_t session,
- const uint8_t *data, size_t _data_size)
+_gnutls_alpn_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- unsigned int i;
- int ret;
- const uint8_t *p = data;
- unsigned len1, len;
- ssize_t data_size = _data_size;
- alpn_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN,
- &epriv);
- if (ret < 0)
- return 0;
-
- priv = epriv.ptr;
-
- DECR_LENGTH_RET (data_size, 2, 0);
- len = _gnutls_read_uint16 (p);
- p += 2;
-
- if (len > data_size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- while(data_size > 0)
- {
- DECR_LENGTH_RET (data_size, 1, 0);
- len1 = *p;
- p += 1;
- DECR_LENGTH_RET (data_size, len1, 0);
-
- for (i=0;i<priv->size;i++)
- if (priv->protocol_size[i] == len1 && memcmp(p, priv->protocols[i], len1) == 0)
- {
- priv->selected_protocol = priv->protocols[i];
- priv->selected_protocol_size = priv->protocol_size[i];
- break;
- }
- p += len1;
- }
- }
- else
- {
- DECR_LENGTH_RET (data_size, 1, 0);
- len1 = *p;
- p += 1;
- DECR_LENGTH_RET (data_size, len1, 0);
-
- for (i=0;i<priv->size;i++)
- if (priv->protocol_size[i] == len1 && memcmp(p, priv->protocols[i], len1) == 0)
- {
- priv->selected_protocol = priv->protocols[i];
- priv->selected_protocol_size = priv->protocol_size[i];
- break;
- }
- p += len1;
- }
-
- if (priv->selected_protocol == NULL && (priv->flags & GNUTLS_ALPN_MAND))
- return gnutls_assert_val(GNUTLS_E_NO_APPLICATION_PROTOCOL);
-
- return 0;
+ unsigned int i;
+ int ret;
+ const uint8_t *p = data;
+ unsigned len1, len;
+ ssize_t data_size = _data_size;
+ alpn_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_ALPN,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ priv = epriv.ptr;
+
+ DECR_LENGTH_RET(data_size, 2, 0);
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ if (len > data_size)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ while (data_size > 0) {
+ DECR_LENGTH_RET(data_size, 1, 0);
+ len1 = *p;
+ p += 1;
+ DECR_LENGTH_RET(data_size, len1, 0);
+
+ for (i = 0; i < priv->size; i++)
+ if (priv->protocol_size[i] == len1
+ && memcmp(p, priv->protocols[i],
+ len1) == 0) {
+ priv->selected_protocol =
+ priv->protocols[i];
+ priv->selected_protocol_size =
+ priv->protocol_size[i];
+ break;
+ }
+ p += len1;
+ }
+ } else {
+ DECR_LENGTH_RET(data_size, 1, 0);
+ len1 = *p;
+ p += 1;
+ DECR_LENGTH_RET(data_size, len1, 0);
+
+ for (i = 0; i < priv->size; i++)
+ if (priv->protocol_size[i] == len1
+ && memcmp(p, priv->protocols[i], len1) == 0) {
+ priv->selected_protocol =
+ priv->protocols[i];
+ priv->selected_protocol_size =
+ priv->protocol_size[i];
+ break;
+ }
+ p += len1;
+ }
+
+ if (priv->selected_protocol == NULL
+ && (priv->flags & GNUTLS_ALPN_MAND))
+ return gnutls_assert_val(GNUTLS_E_NO_APPLICATION_PROTOCOL);
+
+ return 0;
}
static int
-_gnutls_alpn_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata)
+_gnutls_alpn_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- unsigned i;
- int total_size = 0, ret;
- alpn_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN,
- &epriv);
- if (ret < 0)
- return 0;
-
- priv = epriv.ptr;
-
- if (priv->size == 0)
- return 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (priv->selected_protocol_size == 0)
- return 0;
-
- ret = _gnutls_buffer_append_prefix(extdata, 16, priv->selected_protocol_size+1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- total_size += 2;
-
- ret = _gnutls_buffer_append_data_prefix(extdata, 8, priv->selected_protocol, priv->selected_protocol_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- total_size += 1+priv->selected_protocol_size;
- }
- else
- {
- int t = 0;
- for (i=0;i<priv->size;i++)
- t += priv->protocol_size[i] + 1;
-
- ret = _gnutls_buffer_append_prefix(extdata, 16, t);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- total_size += 2;
-
- for (i=0;i<priv->size;i++)
- {
- ret = _gnutls_buffer_append_data_prefix(extdata, 8, priv->protocols[i], priv->protocol_size[i]);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- total_size += 1+priv->protocol_size[i];
- }
- }
-
- return total_size;
+ unsigned i;
+ int total_size = 0, ret;
+ alpn_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_ALPN,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ priv = epriv.ptr;
+
+ if (priv->size == 0)
+ return 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (priv->selected_protocol_size == 0)
+ return 0;
+
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ priv->
+ selected_protocol_size +
+ 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ total_size += 2;
+
+ ret =
+ _gnutls_buffer_append_data_prefix(extdata, 8,
+ priv->
+ selected_protocol,
+ priv->
+ selected_protocol_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ total_size += 1 + priv->selected_protocol_size;
+ } else {
+ int t = 0;
+ for (i = 0; i < priv->size; i++)
+ t += priv->protocol_size[i] + 1;
+
+ ret = _gnutls_buffer_append_prefix(extdata, 16, t);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ total_size += 2;
+
+ for (i = 0; i < priv->size; i++) {
+ ret =
+ _gnutls_buffer_append_data_prefix(extdata, 8,
+ priv->
+ protocols[i],
+ priv->
+ protocol_size
+ [i]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ total_size += 1 + priv->protocol_size[i];
+ }
+ }
+
+ return total_size;
}
/**
@@ -195,31 +209,32 @@ _gnutls_alpn_send_params (gnutls_session_t session,
* Since 3.1.11
**/
int
-gnutls_alpn_get_selected_protocol (gnutls_session_t session,
- gnutls_datum_t * protocol)
+gnutls_alpn_get_selected_protocol(gnutls_session_t session,
+ gnutls_datum_t * protocol)
{
- alpn_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
+ alpn_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_ALPN,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- priv = epriv.ptr;
+ priv = epriv.ptr;
- if (priv->selected_protocol_size == 0)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ if (priv->selected_protocol_size == 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- protocol->data = priv->selected_protocol;
- protocol->size = priv->selected_protocol_size;
+ protocol->data = priv->selected_protocol;
+ protocol->size = priv->selected_protocol_size;
- return 0;
+ return 0;
}
/**
@@ -241,95 +256,90 @@ gnutls_alpn_get_selected_protocol (gnutls_session_t session,
* Since 3.1.11
**/
int
-gnutls_alpn_set_protocols (gnutls_session_t session,
- const gnutls_datum_t * protocols, unsigned protocols_size,
- unsigned int flags)
+gnutls_alpn_set_protocols(gnutls_session_t session,
+ const gnutls_datum_t * protocols,
+ unsigned protocols_size, unsigned int flags)
{
- int ret;
- alpn_ext_st *priv;
- extension_priv_data_t epriv;
- unsigned i;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN,
- &epriv);
- if (ret < 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_ALPN,
- epriv);
- }
- else
- priv = epriv.ptr;
-
- if (protocols_size > MAX_ALPN_PROTOCOLS)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- for (i=0;i<protocols_size;i++)
- {
- if (protocols[i].size >= MAX_ALPN_PROTOCOL_NAME)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- memcpy(priv->protocols[i], protocols[i].data, protocols[i].size);
- priv->protocol_size[i] = protocols[i].size;
- priv->size++;
- }
- priv->flags = flags;
-
- return 0;
+ int ret;
+ alpn_ext_st *priv;
+ extension_priv_data_t epriv;
+ unsigned i;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_ALPN,
+ &epriv);
+ if (ret < 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_ALPN, epriv);
+ } else
+ priv = epriv.ptr;
+
+ if (protocols_size > MAX_ALPN_PROTOCOLS)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ for (i = 0; i < protocols_size; i++) {
+ if (protocols[i].size >= MAX_ALPN_PROTOCOL_NAME)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ memcpy(priv->protocols[i], protocols[i].data,
+ protocols[i].size);
+ priv->protocol_size[i] = protocols[i].size;
+ priv->size++;
+ }
+ priv->flags = flags;
+
+ return 0;
}
-static void
-_gnutls_alpn_deinit_data (extension_priv_data_t priv)
+static void _gnutls_alpn_deinit_data(extension_priv_data_t priv)
{
- gnutls_free (priv.ptr);
+ gnutls_free(priv.ptr);
}
static int
-_gnutls_alpn_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_alpn_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- alpn_ext_st *priv = epriv.ptr;
- int ret;
+ alpn_ext_st *priv = epriv.ptr;
+ int ret;
- BUFFER_APPEND_PFX4 (ps, priv->selected_protocol, priv->selected_protocol_size);
+ BUFFER_APPEND_PFX4(ps, priv->selected_protocol,
+ priv->selected_protocol_size);
- return 0;
+ return 0;
}
static int
-_gnutls_alpn_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+_gnutls_alpn_unpack(gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
- alpn_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_NUM (ps, priv->protocol_size[0]);
- BUFFER_POP (ps, &priv->protocols[0], priv->protocol_size[0]);
- priv->size++;
- priv->selected_protocol_size = priv->protocol_size[0];
- priv->selected_protocol = priv->protocols[0];
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- gnutls_free (priv);
- return ret;
+ alpn_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_NUM(ps, priv->protocol_size[0]);
+ BUFFER_POP(ps, &priv->protocols[0], priv->protocol_size[0]);
+ priv->size++;
+ priv->selected_protocol_size = priv->protocol_size[0];
+ priv->selected_protocol = priv->protocols[0];
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ gnutls_free(priv);
+ return ret;
}
diff --git a/lib/ext/alpn.h b/lib/ext/alpn.h
index 5784f1de9c..739879a2d1 100644
--- a/lib/ext/alpn.h
+++ b/lib/ext/alpn.h
@@ -25,14 +25,13 @@
#define MAX_ALPN_PROTOCOLS 8
#define MAX_ALPN_PROTOCOL_NAME 32
-typedef struct
-{
- uint8_t protocols[MAX_ALPN_PROTOCOLS][MAX_ALPN_PROTOCOL_NAME];
- unsigned protocol_size[MAX_ALPN_PROTOCOLS];
- unsigned size;
- uint8_t *selected_protocol;
- unsigned selected_protocol_size;
- unsigned flags;
+typedef struct {
+ uint8_t protocols[MAX_ALPN_PROTOCOLS][MAX_ALPN_PROTOCOL_NAME];
+ unsigned protocol_size[MAX_ALPN_PROTOCOLS];
+ unsigned size;
+ uint8_t *selected_protocol;
+ unsigned selected_protocol_size;
+ unsigned flags;
} alpn_ext_st;
extern extension_entry_st ext_mod_alpn;
diff --git a/lib/ext/cert_type.c b/lib/ext/cert_type.c
index 763e569b23..698884fc67 100644
--- a/lib/ext/cert_type.c
+++ b/lib/ext/cert_type.c
@@ -34,24 +34,24 @@
/* Maps record size to numbers according to the
* extensions draft.
*/
-inline static int _gnutls_num2cert_type (int num);
-inline static int _gnutls_cert_type2num (int record_size);
-static int _gnutls_cert_type_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_cert_type_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata);
+inline static int _gnutls_num2cert_type(int num);
+inline static int _gnutls_cert_type2num(int record_size);
+static int _gnutls_cert_type_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_cert_type_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
extension_entry_st ext_mod_cert_type = {
- .name = "CERT TYPE",
- .type = GNUTLS_EXTENSION_CERT_TYPE,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_cert_type_recv_params,
- .send_func = _gnutls_cert_type_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = NULL
+ .name = "CERT TYPE",
+ .type = GNUTLS_EXTENSION_CERT_TYPE,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_cert_type_recv_params,
+ .send_func = _gnutls_cert_type_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL
};
/*
@@ -64,197 +64,186 @@ extension_entry_st ext_mod_cert_type = {
*/
static int
-_gnutls_cert_type_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_cert_type_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- int new_type = -1, ret, i;
- ssize_t data_size = _data_size;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (data_size > 0)
- {
- if (data_size != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- new_type = _gnutls_num2cert_type (data[0]);
-
- if (new_type < 0)
- {
- gnutls_assert ();
- return new_type;
- }
-
- /* Check if we support this cert_type */
- if ((ret =
- _gnutls_session_cert_type_supported (session, new_type)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_session_cert_type_set (session, new_type);
- }
- }
- else
- { /* SERVER SIDE - we must check if the sent cert type is the right one
- */
- if (data_size > 1)
- {
- uint8_t len;
-
- DECR_LEN (data_size, 1);
- len = data[0];
- DECR_LEN (data_size, len);
-
- for (i = 0; i < len; i++)
- {
- new_type = _gnutls_num2cert_type (data[i + 1]);
-
- if (new_type < 0)
- continue;
-
- /* Check if we support this cert_type */
- if ((ret =
- _gnutls_session_cert_type_supported (session,
- new_type)) < 0)
- {
- gnutls_assert ();
- continue;
- }
- else
- break;
- /* new_type is ok */
- }
-
- if (new_type < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- if ((ret =
- _gnutls_session_cert_type_supported (session, new_type)) < 0)
- {
- gnutls_assert ();
- /* The peer has requested unsupported certificate
- * types. Instead of failing, procceed normally.
- * (the ciphersuite selection would fail, or a
- * non certificate ciphersuite will be selected).
- */
- return 0;
- }
-
- _gnutls_session_cert_type_set (session, new_type);
- }
- }
-
- return 0;
+ int new_type = -1, ret, i;
+ ssize_t data_size = _data_size;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (data_size > 0) {
+ if (data_size != 1) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ new_type = _gnutls_num2cert_type(data[0]);
+
+ if (new_type < 0) {
+ gnutls_assert();
+ return new_type;
+ }
+
+ /* Check if we support this cert_type */
+ if ((ret =
+ _gnutls_session_cert_type_supported(session,
+ new_type))
+ < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_session_cert_type_set(session, new_type);
+ }
+ } else { /* SERVER SIDE - we must check if the sent cert type is the right one
+ */
+ if (data_size > 1) {
+ uint8_t len;
+
+ DECR_LEN(data_size, 1);
+ len = data[0];
+ DECR_LEN(data_size, len);
+
+ for (i = 0; i < len; i++) {
+ new_type =
+ _gnutls_num2cert_type(data[i + 1]);
+
+ if (new_type < 0)
+ continue;
+
+ /* Check if we support this cert_type */
+ if ((ret =
+ _gnutls_session_cert_type_supported
+ (session, new_type)) < 0) {
+ gnutls_assert();
+ continue;
+ } else
+ break;
+ /* new_type is ok */
+ }
+
+ if (new_type < 0) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ if ((ret =
+ _gnutls_session_cert_type_supported(session,
+ new_type))
+ < 0) {
+ gnutls_assert();
+ /* The peer has requested unsupported certificate
+ * types. Instead of failing, procceed normally.
+ * (the ciphersuite selection would fail, or a
+ * non certificate ciphersuite will be selected).
+ */
+ return 0;
+ }
+
+ _gnutls_session_cert_type_set(session, new_type);
+ }
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_cert_type_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+_gnutls_cert_type_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- unsigned len, i;
- int ret;
- uint8_t p;
-
- /* this function sends the client extension data (dnsname) */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
-
- if (session->internals.priorities.cert_type.algorithms > 0)
- {
-
- len = session->internals.priorities.cert_type.algorithms;
-
- if (len == 1 &&
- session->internals.priorities.cert_type.priority[0] ==
- GNUTLS_CRT_X509)
- {
- /* We don't use this extension if X.509 certificates
- * are used.
- */
- return 0;
- }
-
- /* this is a vector!
- */
- p = (uint8_t) len;
- ret = _gnutls_buffer_append_data(extdata, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- for (i = 0; i < len; i++)
- {
- p =
- _gnutls_cert_type2num (session->internals.priorities.
- cert_type.priority[i]);
- ret = _gnutls_buffer_append_data(extdata, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- return len + 1;
- }
-
- }
- else
- { /* server side */
- if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE)
- {
- len = 1;
-
- p =
- _gnutls_cert_type2num (session->security_parameters.cert_type);
- ret = _gnutls_buffer_append_data(extdata, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return len;
- }
-
-
- }
-
- return 0;
+ unsigned len, i;
+ int ret;
+ uint8_t p;
+
+ /* this function sends the client extension data (dnsname) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+
+ if (session->internals.priorities.cert_type.algorithms > 0) {
+
+ len =
+ session->internals.priorities.cert_type.
+ algorithms;
+
+ if (len == 1 &&
+ session->internals.priorities.cert_type.
+ priority[0] == GNUTLS_CRT_X509) {
+ /* We don't use this extension if X.509 certificates
+ * are used.
+ */
+ return 0;
+ }
+
+ /* this is a vector!
+ */
+ p = (uint8_t) len;
+ ret = _gnutls_buffer_append_data(extdata, &p, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < len; i++) {
+ p = _gnutls_cert_type2num(session->
+ internals.
+ priorities.cert_type.
+ priority[i]);
+ ret =
+ _gnutls_buffer_append_data(extdata, &p,
+ 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ return len + 1;
+ }
+
+ } else { /* server side */
+ if (session->security_parameters.cert_type !=
+ DEFAULT_CERT_TYPE) {
+ len = 1;
+
+ p = _gnutls_cert_type2num(session->
+ security_parameters.
+ cert_type);
+ ret = _gnutls_buffer_append_data(extdata, &p, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return len;
+ }
+
+
+ }
+
+ return 0;
}
/* Maps numbers to record sizes according to the
* extensions draft.
*/
-inline static int
-_gnutls_num2cert_type (int num)
+inline static int _gnutls_num2cert_type(int num)
{
- switch (num)
- {
- case 0:
- return GNUTLS_CRT_X509;
- case 1:
- return GNUTLS_CRT_OPENPGP;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+ switch (num) {
+ case 0:
+ return GNUTLS_CRT_X509;
+ case 1:
+ return GNUTLS_CRT_OPENPGP;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
/* Maps record size to numbers according to the
* extensions draft.
*/
-inline static int
-_gnutls_cert_type2num (int cert_type)
+inline static int _gnutls_cert_type2num(int cert_type)
{
- switch (cert_type)
- {
- case GNUTLS_CRT_X509:
- return 0;
- case GNUTLS_CRT_OPENPGP:
- return 1;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+ switch (cert_type) {
+ case GNUTLS_CRT_X509:
+ return 0;
+ case GNUTLS_CRT_OPENPGP:
+ return 1;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
diff --git a/lib/ext/ecc.c b/lib/ext/ecc.c
index 8f9eddbae0..b913cb09be 100644
--- a/lib/ext/ecc.c
+++ b/lib/ext/ecc.c
@@ -36,40 +36,41 @@
* extensions draft.
*/
-static int _gnutls_supported_ecc_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_supported_ecc_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata);
-
-static int _gnutls_supported_ecc_pf_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_supported_ecc_pf_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata);
+static int _gnutls_supported_ecc_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_supported_ecc_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
+
+static int _gnutls_supported_ecc_pf_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_supported_ecc_pf_send_params(gnutls_session_t session,
+ gnutls_buffer_st *
+ extdata);
extension_entry_st ext_mod_supported_ecc = {
- .name = "SUPPORTED ECC",
- .type = GNUTLS_EXTENSION_SUPPORTED_ECC,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_supported_ecc_recv_params,
- .send_func = _gnutls_supported_ecc_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = NULL
+ .name = "SUPPORTED ECC",
+ .type = GNUTLS_EXTENSION_SUPPORTED_ECC,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_supported_ecc_recv_params,
+ .send_func = _gnutls_supported_ecc_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL
};
extension_entry_st ext_mod_supported_ecc_pf = {
- .name = "SUPPORTED ECC POINT FORMATS",
- .type = GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_supported_ecc_pf_recv_params,
- .send_func = _gnutls_supported_ecc_pf_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = NULL
+ .name = "SUPPORTED ECC POINT FORMATS",
+ .type = GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_supported_ecc_pf_recv_params,
+ .send_func = _gnutls_supported_ecc_pf_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL
};
/*
@@ -81,111 +82,118 @@ extension_entry_st ext_mod_supported_ecc_pf = {
*
*/
static int
-_gnutls_supported_ecc_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_supported_ecc_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- int new_type = -1, ret, i;
- ssize_t data_size = _data_size;
- uint16_t len;
- const uint8_t* p = data;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- /* A client shouldn't receive this extension */
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
- }
- else
- { /* SERVER SIDE - we must check if the sent supported ecc type is the right one
- */
- if (data_size < 2)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
-
- DECR_LEN (data_size, 2);
- len = _gnutls_read_uint16(p);
- p += 2;
-
- DECR_LEN (data_size, len);
-
- for (i = 0; i < len; i+=2)
- {
- new_type = _gnutls_tls_id_to_ecc_curve (_gnutls_read_uint16(&p[i]));
- if (new_type < 0)
- continue;
-
- /* Check if we support this supported_ecc */
- if ((ret =
- _gnutls_session_supports_ecc_curve (session, new_type)) < 0)
- {
- continue;
- }
- else
- break;
- /* new_type is ok */
- }
-
- if (new_type < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- if ((ret =
- _gnutls_session_supports_ecc_curve (session, new_type)) < 0)
- {
- /* The peer has requested unsupported ecc
- * types. Instead of failing, procceed normally.
- * (the ciphersuite selection would fail, or a
- * non certificate ciphersuite will be selected).
- */
- return gnutls_assert_val(0);
- }
-
- _gnutls_session_ecc_curve_set (session, new_type);
- }
-
- return 0;
+ int new_type = -1, ret, i;
+ ssize_t data_size = _data_size;
+ uint16_t len;
+ const uint8_t *p = data;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ /* A client shouldn't receive this extension */
+ return
+ gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+ } else { /* SERVER SIDE - we must check if the sent supported ecc type is the right one
+ */
+ if (data_size < 2)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+
+ DECR_LEN(data_size, 2);
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ DECR_LEN(data_size, len);
+
+ for (i = 0; i < len; i += 2) {
+ new_type =
+ _gnutls_tls_id_to_ecc_curve(_gnutls_read_uint16
+ (&p[i]));
+ if (new_type < 0)
+ continue;
+
+ /* Check if we support this supported_ecc */
+ if ((ret =
+ _gnutls_session_supports_ecc_curve(session,
+ new_type))
+ < 0) {
+ continue;
+ } else
+ break;
+ /* new_type is ok */
+ }
+
+ if (new_type < 0) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ if ((ret =
+ _gnutls_session_supports_ecc_curve(session,
+ new_type)) < 0) {
+ /* The peer has requested unsupported ecc
+ * types. Instead of failing, procceed normally.
+ * (the ciphersuite selection would fail, or a
+ * non certificate ciphersuite will be selected).
+ */
+ return gnutls_assert_val(0);
+ }
+
+ _gnutls_session_ecc_curve_set(session, new_type);
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_supported_ecc_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+_gnutls_supported_ecc_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- unsigned len, i;
- int ret;
- uint16_t p;
-
- /* this extension is only being sent on client side */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
-
- if (session->internals.priorities.supported_ecc.algorithms > 0)
- {
-
- len = session->internals.priorities.supported_ecc.algorithms;
-
- /* this is a vector!
- */
- ret = _gnutls_buffer_append_prefix(extdata, 16, len*2);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- for (i = 0; i < len; i++)
- {
- p =
- _gnutls_ecc_curve_get_tls_id (session->internals.priorities.
- supported_ecc.priority[i]);
- ret = _gnutls_buffer_append_prefix(extdata, 16, p);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- return (len + 1)*2;
- }
-
- }
-
- return 0;
+ unsigned len, i;
+ int ret;
+ uint16_t p;
+
+ /* this extension is only being sent on client side */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+
+ if (session->internals.priorities.supported_ecc.
+ algorithms > 0) {
+
+ len =
+ session->internals.priorities.supported_ecc.
+ algorithms;
+
+ /* this is a vector!
+ */
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ len * 2);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < len; i++) {
+ p = _gnutls_ecc_curve_get_tls_id(session->
+ internals.
+ priorities.supported_ecc.
+ priority
+ [i]);
+ ret =
+ _gnutls_buffer_append_prefix(extdata,
+ 16, p);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ return (len + 1) * 2;
+ }
+
+ }
+
+ return 0;
}
/*
@@ -197,56 +205,61 @@ _gnutls_supported_ecc_send_params (gnutls_session_t session, gnutls_buffer_st* e
*
*/
static int
-_gnutls_supported_ecc_pf_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_supported_ecc_pf_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t _data_size)
{
-int len, i;
-int uncompressed = 0;
-int data_size = _data_size;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (data_size < 1)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
-
- len = data[0];
- DECR_LEN (data_size, len+1);
-
- for (i=1;i<=len;i++)
- if (data[i] == 0) /* uncompressed */
- uncompressed = 1;
-
- if (uncompressed == 0)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
- }
- else
- {
- /* only sanity check here. We only support uncompressed points
- * and a client must support it thus nothing to check.
- */
- if (_data_size < 1)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
- }
-
- return 0;
+ int len, i;
+ int uncompressed = 0;
+ int data_size = _data_size;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (data_size < 1)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+
+ len = data[0];
+ DECR_LEN(data_size, len + 1);
+
+ for (i = 1; i <= len; i++)
+ if (data[i] == 0) /* uncompressed */
+ uncompressed = 1;
+
+ if (uncompressed == 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+ } else {
+ /* only sanity check here. We only support uncompressed points
+ * and a client must support it thus nothing to check.
+ */
+ if (_data_size < 1)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_supported_ecc_pf_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+_gnutls_supported_ecc_pf_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- const uint8_t p[2] = {0x01, 0x00}; /* only support uncompressed point format */
-
- if (session->security_parameters.entity == GNUTLS_SERVER && !_gnutls_session_is_ecc(session))
- return 0;
-
- if (session->internals.priorities.supported_ecc.algorithms > 0)
- {
- _gnutls_buffer_append_data(extdata, p, 2);
- return 2;
- }
- return 0;
+ const uint8_t p[2] = { 0x01, 0x00 }; /* only support uncompressed point format */
+
+ if (session->security_parameters.entity == GNUTLS_SERVER
+ && !_gnutls_session_is_ecc(session))
+ return 0;
+
+ if (session->internals.priorities.supported_ecc.algorithms > 0) {
+ _gnutls_buffer_append_data(extdata, p, 2);
+ return 2;
+ }
+ return 0;
}
@@ -254,18 +267,21 @@ _gnutls_supported_ecc_pf_send_params (gnutls_session_t session, gnutls_buffer_st
* session. A negative error value is returned otherwise.
*/
int
-_gnutls_session_supports_ecc_curve (gnutls_session_t session, unsigned int ecc_type)
+_gnutls_session_supports_ecc_curve(gnutls_session_t session,
+ unsigned int ecc_type)
{
- unsigned i;
-
- if (session->internals.priorities.supported_ecc.algorithms > 0)
- {
- for (i = 0; i < session->internals.priorities.supported_ecc.algorithms; i++)
- {
- if (session->internals.priorities.supported_ecc.priority[i] == ecc_type)
- return 0;
- }
- }
-
- return GNUTLS_E_ECC_UNSUPPORTED_CURVE;
+ unsigned i;
+
+ if (session->internals.priorities.supported_ecc.algorithms > 0) {
+ for (i = 0;
+ i <
+ session->internals.priorities.supported_ecc.
+ algorithms; i++) {
+ if (session->internals.priorities.supported_ecc.
+ priority[i] == ecc_type)
+ return 0;
+ }
+ }
+
+ return GNUTLS_E_ECC_UNSUPPORTED_CURVE;
}
diff --git a/lib/ext/ecc.h b/lib/ext/ecc.h
index d9a713651c..268ca8e1f8 100644
--- a/lib/ext/ecc.h
+++ b/lib/ext/ecc.h
@@ -28,6 +28,7 @@ extern extension_entry_st ext_mod_supported_ecc;
extern extension_entry_st ext_mod_supported_ecc_pf;
int
-_gnutls_session_supports_ecc_curve (gnutls_session_t session, unsigned int ecc_type);
+_gnutls_session_supports_ecc_curve(gnutls_session_t session,
+ unsigned int ecc_type);
#endif
diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c
index 1c796acd24..70d3466d65 100644
--- a/lib/ext/heartbeat.c
+++ b/lib/ext/heartbeat.c
@@ -49,14 +49,13 @@
*
* Since: 3.1.2
**/
-void
-gnutls_heartbeat_enable (gnutls_session_t session, unsigned int type)
+void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type)
{
- extension_priv_data_t epriv;
+ extension_priv_data_t epriv;
- epriv.num = type;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_HEARTBEAT,
- epriv);
+ epriv.num = type;
+ _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_HEARTBEAT,
+ epriv);
}
/**
@@ -71,24 +70,21 @@ gnutls_heartbeat_enable (gnutls_session_t session, unsigned int type)
*
* Since: 3.1.2
**/
-int
-gnutls_heartbeat_allowed (gnutls_session_t session, unsigned int type)
+int gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type)
{
- extension_priv_data_t epriv;
-
- if (_gnutls_ext_get_session_data
- (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0)
- return 0; /* Not enabled */
-
- if (type == GNUTLS_HB_LOCAL_ALLOWED_TO_SEND)
- {
- if (epriv.num & LOCAL_ALLOWED_TO_SEND)
- return 1;
- }
- else if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND)
- return 1;
-
- return 0;
+ extension_priv_data_t epriv;
+
+ if (_gnutls_ext_get_session_data
+ (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0)
+ return 0; /* Not enabled */
+
+ if (type == GNUTLS_HB_LOCAL_ALLOWED_TO_SEND) {
+ if (epriv.num & LOCAL_ALLOWED_TO_SEND)
+ return 1;
+ } else if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND)
+ return 1;
+
+ return 0;
}
#define DEFAULT_PAYLOAD_SIZE 16
@@ -97,39 +93,42 @@ gnutls_heartbeat_allowed (gnutls_session_t session, unsigned int type)
* Sends heartbeat data.
*/
static int
-heartbeat_send_data (gnutls_session_t session, const void *data,
- size_t data_size, uint8_t type)
+heartbeat_send_data(gnutls_session_t session, const void *data,
+ size_t data_size, uint8_t type)
{
- int ret, pos;
- uint8_t * response;
-
- response = gnutls_malloc(1+2+data_size+DEFAULT_PAYLOAD_SIZE);
- if (response == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- pos = 0;
- response[pos++] = type;
-
- _gnutls_write_uint16(data_size, &response[pos]);
- pos += 2;
-
- memcpy(&response[pos], data, data_size);
- pos += data_size;
-
- ret = gnutls_rnd (GNUTLS_RND_NONCE, &response[pos], DEFAULT_PAYLOAD_SIZE);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- pos += DEFAULT_PAYLOAD_SIZE;
-
- ret = _gnutls_send_int (session, GNUTLS_HEARTBEAT, -1, EPOCH_WRITE_CURRENT,
- response, pos, MBUFFER_FLUSH);
-
-cleanup:
- gnutls_free(response);
- return ret;
+ int ret, pos;
+ uint8_t *response;
+
+ response = gnutls_malloc(1 + 2 + data_size + DEFAULT_PAYLOAD_SIZE);
+ if (response == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ pos = 0;
+ response[pos++] = type;
+
+ _gnutls_write_uint16(data_size, &response[pos]);
+ pos += 2;
+
+ memcpy(&response[pos], data, data_size);
+ pos += data_size;
+
+ ret =
+ gnutls_rnd(GNUTLS_RND_NONCE, &response[pos],
+ DEFAULT_PAYLOAD_SIZE);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ pos += DEFAULT_PAYLOAD_SIZE;
+
+ ret =
+ _gnutls_send_int(session, GNUTLS_HEARTBEAT, -1,
+ EPOCH_WRITE_CURRENT, response, pos,
+ MBUFFER_FLUSH);
+
+ cleanup:
+ gnutls_free(response);
+ return ret;
}
/**
@@ -151,103 +150,116 @@ cleanup:
* Since: 3.1.2
**/
int
-gnutls_heartbeat_ping (gnutls_session_t session, size_t data_size,
- unsigned int max_tries, unsigned int flags)
+gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
+ unsigned int max_tries, unsigned int flags)
{
- int ret;
- unsigned int retries = 1, diff;
- struct timespec now;
-
- if (data_size > MAX_HEARTBEAT_LENGTH)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (gnutls_heartbeat_allowed(session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND)==0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* resume previous call if interrupted */
- if (session->internals.record_send_buffer.byte_length > 0 &&
- session->internals.record_send_buffer.head != NULL &&
- session->internals.record_send_buffer.head->type == GNUTLS_HEARTBEAT)
- return _gnutls_io_write_flush (session);
-
- switch(session->internals.hb_state)
- {
- case SHB_SEND1:
- if (data_size > DEFAULT_PAYLOAD_SIZE)
- data_size -= DEFAULT_PAYLOAD_SIZE;
- else
- data_size = 0;
-
- _gnutls_buffer_reset(&session->internals.hb_local_data);
-
- ret = _gnutls_buffer_resize (&session->internals.hb_local_data, data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->internals.hb_local_data.data, data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- gettime (&session->internals.hb_ping_start);
- session->internals.hb_local_data.length = data_size;
- session->internals.hb_state = SHB_SEND2;
- case SHB_SEND2:
- session->internals.hb_actual_retrans_timeout_ms = session->internals.hb_retrans_timeout_ms;
-retry:
- ret = heartbeat_send_data (session, session->internals.hb_local_data.data,
- session->internals.hb_local_data.length,
- HEARTBEAT_REQUEST);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- gettime (&session->internals.hb_ping_sent);
-
- if (!(flags & GNUTLS_HEARTBEAT_WAIT))
- {
- session->internals.hb_state = SHB_SEND1;
- break;
- }
-
- session->internals.hb_state = SHB_RECV;
-
- case SHB_RECV:
- ret = _gnutls_recv_int(session, GNUTLS_HEARTBEAT, -1, NULL, 0, NULL, session->internals.hb_actual_retrans_timeout_ms);
- if (ret == GNUTLS_E_HEARTBEAT_PONG_RECEIVED)
- {
- session->internals.hb_state = SHB_SEND1;
- break;
- }
- else if (ret == GNUTLS_E_TIMEDOUT)
- {
- retries++;
- if (max_tries > 0 && retries > max_tries)
- {
- session->internals.hb_state = SHB_SEND1;
- return gnutls_assert_val(ret);
- }
-
- gettime(&now);
- diff = timespec_sub_ms(&now, &session->internals.hb_ping_start);
- if (diff > session->internals.hb_total_timeout_ms)
- {
- session->internals.hb_state = SHB_SEND1;
- return gnutls_assert_val(GNUTLS_E_TIMEDOUT);
- }
-
- session->internals.hb_actual_retrans_timeout_ms *= 2;
- session->internals.hb_actual_retrans_timeout_ms %= MAX_DTLS_TIMEOUT;
-
- session->internals.hb_state = SHB_SEND2;
- goto retry;
- }
- else if (ret < 0)
- {
- session->internals.hb_state = SHB_SEND1;
- return gnutls_assert_val(ret);
- }
- }
-
- return 0;
+ int ret;
+ unsigned int retries = 1, diff;
+ struct timespec now;
+
+ if (data_size > MAX_HEARTBEAT_LENGTH)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (gnutls_heartbeat_allowed
+ (session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* resume previous call if interrupted */
+ if (session->internals.record_send_buffer.byte_length > 0 &&
+ session->internals.record_send_buffer.head != NULL &&
+ session->internals.record_send_buffer.head->type ==
+ GNUTLS_HEARTBEAT)
+ return _gnutls_io_write_flush(session);
+
+ switch (session->internals.hb_state) {
+ case SHB_SEND1:
+ if (data_size > DEFAULT_PAYLOAD_SIZE)
+ data_size -= DEFAULT_PAYLOAD_SIZE;
+ else
+ data_size = 0;
+
+ _gnutls_buffer_reset(&session->internals.hb_local_data);
+
+ ret =
+ _gnutls_buffer_resize(&session->internals.
+ hb_local_data, data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_rnd(GNUTLS_RND_NONCE,
+ session->internals.hb_local_data.data,
+ data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ gettime(&session->internals.hb_ping_start);
+ session->internals.hb_local_data.length = data_size;
+ session->internals.hb_state = SHB_SEND2;
+ case SHB_SEND2:
+ session->internals.hb_actual_retrans_timeout_ms =
+ session->internals.hb_retrans_timeout_ms;
+ retry:
+ ret =
+ heartbeat_send_data(session,
+ session->internals.hb_local_data.
+ data,
+ session->internals.hb_local_data.
+ length, HEARTBEAT_REQUEST);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ gettime(&session->internals.hb_ping_sent);
+
+ if (!(flags & GNUTLS_HEARTBEAT_WAIT)) {
+ session->internals.hb_state = SHB_SEND1;
+ break;
+ }
+
+ session->internals.hb_state = SHB_RECV;
+
+ case SHB_RECV:
+ ret =
+ _gnutls_recv_int(session, GNUTLS_HEARTBEAT, -1, NULL,
+ 0, NULL,
+ session->internals.
+ hb_actual_retrans_timeout_ms);
+ if (ret == GNUTLS_E_HEARTBEAT_PONG_RECEIVED) {
+ session->internals.hb_state = SHB_SEND1;
+ break;
+ } else if (ret == GNUTLS_E_TIMEDOUT) {
+ retries++;
+ if (max_tries > 0 && retries > max_tries) {
+ session->internals.hb_state = SHB_SEND1;
+ return gnutls_assert_val(ret);
+ }
+
+ gettime(&now);
+ diff =
+ timespec_sub_ms(&now,
+ &session->internals.
+ hb_ping_start);
+ if (diff > session->internals.hb_total_timeout_ms) {
+ session->internals.hb_state = SHB_SEND1;
+ return
+ gnutls_assert_val(GNUTLS_E_TIMEDOUT);
+ }
+
+ session->internals.hb_actual_retrans_timeout_ms *=
+ 2;
+ session->internals.hb_actual_retrans_timeout_ms %=
+ MAX_DTLS_TIMEOUT;
+
+ session->internals.hb_state = SHB_SEND2;
+ goto retry;
+ } else if (ret < 0) {
+ session->internals.hb_state = SHB_SEND1;
+ return gnutls_assert_val(ret);
+ }
+ }
+
+ return 0;
}
/**
@@ -261,95 +273,106 @@ retry:
*
* Since: 3.1.2
**/
-int
-gnutls_heartbeat_pong (gnutls_session_t session, unsigned int flags)
+int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags)
{
-int ret;
+ int ret;
- if (session->internals.record_send_buffer.byte_length > 0 &&
- session->internals.record_send_buffer.head != NULL &&
- session->internals.record_send_buffer.head->type == GNUTLS_HEARTBEAT)
- return _gnutls_io_write_flush (session);
+ if (session->internals.record_send_buffer.byte_length > 0 &&
+ session->internals.record_send_buffer.head != NULL &&
+ session->internals.record_send_buffer.head->type ==
+ GNUTLS_HEARTBEAT)
+ return _gnutls_io_write_flush(session);
- if (session->internals.hb_remote_data.length == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (session->internals.hb_remote_data.length == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- ret = heartbeat_send_data (session, session->internals.hb_remote_data.data,
- session->internals.hb_remote_data.length,
- HEARTBEAT_RESPONSE);
+ ret =
+ heartbeat_send_data(session,
+ session->internals.hb_remote_data.data,
+ session->internals.hb_remote_data.length,
+ HEARTBEAT_RESPONSE);
- _gnutls_buffer_reset (&session->internals.hb_remote_data);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
+ _gnutls_buffer_reset(&session->internals.hb_remote_data);
- return 0;
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
/*
* Processes a heartbeat message.
*/
-int
-_gnutls_heartbeat_handle (gnutls_session_t session, mbuffer_st * bufel)
+int _gnutls_heartbeat_handle(gnutls_session_t session, mbuffer_st * bufel)
{
- int ret;
- unsigned type;
- unsigned pos;
- uint8_t *msg = _mbuffer_get_udata_ptr (bufel);
- size_t hb_len, len = _mbuffer_get_udata_size (bufel);
-
- if (gnutls_heartbeat_allowed(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND) == 0)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET);
-
- if (len < 4)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- pos = 0;
- type = msg[pos++];
-
- hb_len = _gnutls_read_uint16 (&msg[pos]);
- if (hb_len > len - 3)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- pos += 2;
-
- switch (type)
- {
- case HEARTBEAT_REQUEST:
- _gnutls_buffer_reset(&session->internals.hb_remote_data);
-
- ret = _gnutls_buffer_resize (&session->internals.hb_remote_data, hb_len);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (hb_len > 0)
- memcpy(session->internals.hb_remote_data.data, &msg[pos], hb_len);
- session->internals.hb_remote_data.length = hb_len;
-
- return gnutls_assert_val(GNUTLS_E_HEARTBEAT_PING_RECEIVED);
-
- case HEARTBEAT_RESPONSE:
-
- if (hb_len != session->internals.hb_local_data.length)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET);
-
- if (hb_len > 0 &&
- memcmp (&msg[pos], session->internals.hb_local_data.data, hb_len) != 0)
- {
- if (IS_DTLS(session))
- return gnutls_assert_val( GNUTLS_E_AGAIN); /* ignore it */
- else
- return gnutls_assert_val( GNUTLS_E_UNEXPECTED_PACKET);
- }
-
- _gnutls_buffer_reset (&session->internals.hb_local_data);
-
- return gnutls_assert_val(GNUTLS_E_HEARTBEAT_PONG_RECEIVED);
- default:
- _gnutls_record_log
- ("REC[%p]: HB: received unknown type %u\n", session, type);
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET);
- }
+ int ret;
+ unsigned type;
+ unsigned pos;
+ uint8_t *msg = _mbuffer_get_udata_ptr(bufel);
+ size_t hb_len, len = _mbuffer_get_udata_size(bufel);
+
+ if (gnutls_heartbeat_allowed
+ (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND) == 0)
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
+ if (len < 4)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ pos = 0;
+ type = msg[pos++];
+
+ hb_len = _gnutls_read_uint16(&msg[pos]);
+ if (hb_len > len - 3)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ pos += 2;
+
+ switch (type) {
+ case HEARTBEAT_REQUEST:
+ _gnutls_buffer_reset(&session->internals.hb_remote_data);
+
+ ret =
+ _gnutls_buffer_resize(&session->internals.
+ hb_remote_data, hb_len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (hb_len > 0)
+ memcpy(session->internals.hb_remote_data.data,
+ &msg[pos], hb_len);
+ session->internals.hb_remote_data.length = hb_len;
+
+ return gnutls_assert_val(GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+
+ case HEARTBEAT_RESPONSE:
+
+ if (hb_len != session->internals.hb_local_data.length)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
+ if (hb_len > 0 &&
+ memcmp(&msg[pos],
+ session->internals.hb_local_data.data,
+ hb_len) != 0) {
+ if (IS_DTLS(session))
+ return gnutls_assert_val(GNUTLS_E_AGAIN); /* ignore it */
+ else
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+ }
+
+ _gnutls_buffer_reset(&session->internals.hb_local_data);
+
+ return gnutls_assert_val(GNUTLS_E_HEARTBEAT_PONG_RECEIVED);
+ default:
+ _gnutls_record_log
+ ("REC[%p]: HB: received unknown type %u\n", session,
+ type);
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+ }
}
/**
@@ -366,17 +389,18 @@ _gnutls_heartbeat_handle (gnutls_session_t session, mbuffer_st * bufel)
*
* Since: 3.1.2
**/
-unsigned int gnutls_heartbeat_get_timeout (gnutls_session_t session)
+unsigned int gnutls_heartbeat_get_timeout(gnutls_session_t session)
{
-struct timespec now;
-unsigned int diff;
-
- gettime(&now);
- diff = timespec_sub_ms(&now, &session->internals.hb_ping_sent);
- if (diff >= session->internals.hb_actual_retrans_timeout_ms)
- return 0;
- else
- return session->internals.hb_actual_retrans_timeout_ms - diff;
+ struct timespec now;
+ unsigned int diff;
+
+ gettime(&now);
+ diff = timespec_sub_ms(&now, &session->internals.hb_ping_sent);
+ if (diff >= session->internals.hb_actual_retrans_timeout_ms)
+ return 0;
+ else
+ return session->internals.hb_actual_retrans_timeout_ms -
+ diff;
}
/**
@@ -396,142 +420,143 @@ unsigned int diff;
*
* Since: 3.1.2
**/
-void gnutls_heartbeat_set_timeouts (gnutls_session_t session, unsigned int retrans_timeout,
- unsigned int total_timeout)
+void gnutls_heartbeat_set_timeouts(gnutls_session_t session,
+ unsigned int retrans_timeout,
+ unsigned int total_timeout)
{
- session->internals.hb_retrans_timeout_ms = retrans_timeout;
- session->internals.hb_total_timeout_ms = total_timeout;
+ session->internals.hb_retrans_timeout_ms = retrans_timeout;
+ session->internals.hb_total_timeout_ms = total_timeout;
}
static int
-_gnutls_heartbeat_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_heartbeat_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- unsigned policy;
- extension_priv_data_t epriv;
-
- if (_gnutls_ext_get_session_data
- (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0)
- {
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- return gnutls_assert_val (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- return 0; /* Not enabled */
- }
-
- if (_data_size == 0)
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-
- policy = epriv.num;
-
- if (data[0] == 1)
- policy |= LOCAL_ALLOWED_TO_SEND;
- else if (data[0] == 2)
- policy |= LOCAL_NOT_ALLOWED_TO_SEND;
- else
- return gnutls_assert_val (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
-
- epriv.num = policy;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_HEARTBEAT,
- epriv);
-
- return 0;
+ unsigned policy;
+ extension_priv_data_t epriv;
+
+ if (_gnutls_ext_get_session_data
+ (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0) {
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return 0; /* Not enabled */
+ }
+
+ if (_data_size == 0)
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+
+ policy = epriv.num;
+
+ if (data[0] == 1)
+ policy |= LOCAL_ALLOWED_TO_SEND;
+ else if (data[0] == 2)
+ policy |= LOCAL_NOT_ALLOWED_TO_SEND;
+ else
+ return
+ gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
+ epriv.num = policy;
+ _gnutls_ext_set_session_data(session, GNUTLS_EXTENSION_HEARTBEAT,
+ epriv);
+
+ return 0;
}
static int
-_gnutls_heartbeat_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata)
+_gnutls_heartbeat_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- extension_priv_data_t epriv;
- uint8_t p;
+ extension_priv_data_t epriv;
+ uint8_t p;
- if (_gnutls_ext_get_session_data
- (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0)
- return 0; /* nothing to send - not enabled */
+ if (_gnutls_ext_get_session_data
+ (session, GNUTLS_EXTENSION_HEARTBEAT, &epriv) < 0)
+ return 0; /* nothing to send - not enabled */
- if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND)
- p = 1;
- else /*if (epriv.num & GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND)*/
- p = 2;
+ if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND)
+ p = 1;
+ else /*if (epriv.num & GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND) */
+ p = 2;
- if (_gnutls_buffer_append_data (extdata, &p, 1) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ if (_gnutls_buffer_append_data(extdata, &p, 1) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- return 1;
+ return 1;
}
static int
-_gnutls_heartbeat_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_heartbeat_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- int ret;
+ int ret;
- BUFFER_APPEND_NUM (ps, epriv.num);
+ BUFFER_APPEND_NUM(ps, epriv.num);
- return 0;
+ return 0;
}
static int
-_gnutls_heartbeat_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+_gnutls_heartbeat_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
- extension_priv_data_t epriv;
- int ret;
+ extension_priv_data_t epriv;
+ int ret;
- BUFFER_POP_NUM (ps, epriv.num);
+ BUFFER_POP_NUM(ps, epriv.num);
- *_priv = epriv;
+ *_priv = epriv;
- ret = 0;
-error:
- return ret;
+ ret = 0;
+ error:
+ return ret;
}
extension_entry_st ext_mod_heartbeat = {
- .name = "HEARTBEAT",
- .type = GNUTLS_EXTENSION_HEARTBEAT,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_heartbeat_recv_params,
- .send_func = _gnutls_heartbeat_send_params,
- .pack_func = _gnutls_heartbeat_pack,
- .unpack_func = _gnutls_heartbeat_unpack,
- .deinit_func = NULL
+ .name = "HEARTBEAT",
+ .type = GNUTLS_EXTENSION_HEARTBEAT,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_heartbeat_recv_params,
+ .send_func = _gnutls_heartbeat_send_params,
+ .pack_func = _gnutls_heartbeat_pack,
+ .unpack_func = _gnutls_heartbeat_unpack,
+ .deinit_func = NULL
};
#else
-void
-gnutls_heartbeat_enable (gnutls_session_t session, unsigned int type)
+void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type)
{
}
-int
-gnutls_heartbeat_allowed (gnutls_session_t session, unsigned int type)
+int gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type)
{
- return 0;
+ return 0;
}
int
-gnutls_heartbeat_ping (gnutls_session_t session, size_t data_size,
- unsigned int max_tries, unsigned int flags)
+gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
+ unsigned int max_tries, unsigned int flags)
{
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
-int
-gnutls_heartbeat_pong (gnutls_session_t session, unsigned int flags)
+int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags)
{
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
-unsigned int gnutls_heartbeat_get_timeout (gnutls_session_t session)
+unsigned int gnutls_heartbeat_get_timeout(gnutls_session_t session)
{
- return 0;
+ return 0;
}
-void gnutls_heartbeat_set_timeouts (gnutls_session_t session, unsigned int retrans_timeout,
- unsigned int total_timeout)
+void gnutls_heartbeat_set_timeouts(gnutls_session_t session,
+ unsigned int retrans_timeout,
+ unsigned int total_timeout)
{
- return;
+ return;
}
#endif
diff --git a/lib/ext/heartbeat.h b/lib/ext/heartbeat.h
index 503506cea1..ceb09bb737 100644
--- a/lib/ext/heartbeat.h
+++ b/lib/ext/heartbeat.h
@@ -38,6 +38,6 @@
extern extension_entry_st ext_mod_heartbeat;
-int _gnutls_heartbeat_handle (gnutls_session_t session, mbuffer_st * bufel);
-int _gnutls_heartbeat_enabled (gnutls_session_t session, int local);
+int _gnutls_heartbeat_handle(gnutls_session_t session, mbuffer_st * bufel);
+int _gnutls_heartbeat_enabled(gnutls_session_t session, int local);
#endif
diff --git a/lib/ext/max_record.c b/lib/ext/max_record.c
index fd3097a6b2..b2811253b5 100644
--- a/lib/ext/max_record.c
+++ b/lib/ext/max_record.c
@@ -29,34 +29,34 @@
#include <gnutls_extensions.h>
#include <ext/max_record.h>
-static int _gnutls_max_record_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_max_record_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
+static int _gnutls_max_record_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_max_record_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
-static int _gnutls_max_record_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int _gnutls_max_record_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
+static int _gnutls_max_record_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_max_record_pack(extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
/* Maps record size to numbers according to the
* extensions draft.
*/
-static int _gnutls_mre_num2record (int num);
-static int _gnutls_mre_record2num (uint16_t record_size);
+static int _gnutls_mre_num2record(int num);
+static int _gnutls_mre_record2num(uint16_t record_size);
extension_entry_st ext_mod_max_record_size = {
- .name = "MAX RECORD SIZE",
- .type = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_max_record_recv_params,
- .send_func = _gnutls_max_record_send_params,
- .pack_func = _gnutls_max_record_pack,
- .unpack_func = _gnutls_max_record_unpack,
- .deinit_func = NULL
+ .name = "MAX RECORD SIZE",
+ .type = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_max_record_recv_params,
+ .send_func = _gnutls_max_record_send_params,
+ .pack_func = _gnutls_max_record_pack,
+ .unpack_func = _gnutls_max_record_unpack,
+ .deinit_func = NULL
};
/*
@@ -70,195 +70,179 @@ extension_entry_st ext_mod_max_record_size = {
*/
static int
-_gnutls_max_record_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_max_record_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- ssize_t new_size;
- ssize_t data_size = _data_size;
- extension_priv_data_t epriv;
- int ret;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (data_size > 0)
- {
- DECR_LEN (data_size, 1);
-
- new_size = _gnutls_mre_num2record (data[0]);
-
- if (new_size < 0)
- {
- gnutls_assert ();
- return new_size;
- }
-
- session->security_parameters.max_record_send_size = new_size;
- session->security_parameters.max_record_recv_size = new_size;
- }
- }
- else
- { /* CLIENT SIDE - we must check if the sent record size is the right one
- */
- if (data_size > 0)
- {
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (data_size != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- new_size = _gnutls_mre_num2record (data[0]);
-
- if (new_size < 0 || new_size != (ssize_t)epriv.num)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
- else
- {
- session->security_parameters.max_record_recv_size = epriv.num;
- }
-
- }
-
-
- }
-
- return 0;
+ ssize_t new_size;
+ ssize_t data_size = _data_size;
+ extension_priv_data_t epriv;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (data_size > 0) {
+ DECR_LEN(data_size, 1);
+
+ new_size = _gnutls_mre_num2record(data[0]);
+
+ if (new_size < 0) {
+ gnutls_assert();
+ return new_size;
+ }
+
+ session->security_parameters.max_record_send_size =
+ new_size;
+ session->security_parameters.max_record_recv_size =
+ new_size;
+ }
+ } else { /* CLIENT SIDE - we must check if the sent record size is the right one
+ */
+ if (data_size > 0) {
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (data_size != 1) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ new_size = _gnutls_mre_num2record(data[0]);
+
+ if (new_size < 0
+ || new_size != (ssize_t) epriv.num) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ } else {
+ session->security_parameters.
+ max_record_recv_size = epriv.num;
+ }
+
+ }
+
+
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_max_record_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+_gnutls_max_record_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- uint8_t p;
- int ret;
-
- /* this function sends the client extension data (dnsname) */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- extension_priv_data_t epriv;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- &epriv);
- if (ret < 0) /* it is ok not to have it */
- {
- return 0;
- }
-
- if (epriv.num != DEFAULT_MAX_RECORD_SIZE)
- {
- p = (uint8_t) _gnutls_mre_record2num (epriv.num);
- ret = _gnutls_buffer_append_data( extdata, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 1;
- }
-
- }
- else
- { /* server side */
-
- if (session->security_parameters.max_record_recv_size !=
- DEFAULT_MAX_RECORD_SIZE)
- {
- p =
- (uint8_t)
- _gnutls_mre_record2num
- (session->security_parameters.max_record_recv_size);
-
- ret = _gnutls_buffer_append_data( extdata, &p, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 1;
- }
- }
-
- return 0;
+ uint8_t p;
+ int ret;
+
+ /* this function sends the client extension data (dnsname) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ &epriv);
+ if (ret < 0) { /* it is ok not to have it */
+ return 0;
+ }
+
+ if (epriv.num != DEFAULT_MAX_RECORD_SIZE) {
+ p = (uint8_t) _gnutls_mre_record2num(epriv.num);
+ ret = _gnutls_buffer_append_data(extdata, &p, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 1;
+ }
+
+ } else { /* server side */
+
+ if (session->security_parameters.max_record_recv_size !=
+ DEFAULT_MAX_RECORD_SIZE) {
+ p = (uint8_t)
+ _gnutls_mre_record2num
+ (session->security_parameters.
+ max_record_recv_size);
+
+ ret = _gnutls_buffer_append_data(extdata, &p, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 1;
+ }
+ }
+
+ return 0;
}
static int
-_gnutls_max_record_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_max_record_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- int ret;
+ int ret;
- BUFFER_APPEND_NUM (ps, epriv.num);
+ BUFFER_APPEND_NUM(ps, epriv.num);
- return 0;
+ return 0;
}
static int
-_gnutls_max_record_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+_gnutls_max_record_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
- extension_priv_data_t epriv;
- int ret;
+ extension_priv_data_t epriv;
+ int ret;
- BUFFER_POP_NUM (ps, epriv.num);
+ BUFFER_POP_NUM(ps, epriv.num);
- *_priv = epriv;
+ *_priv = epriv;
- ret = 0;
-error:
- return ret;
+ ret = 0;
+ error:
+ return ret;
}
/* Maps numbers to record sizes according to the
* extensions draft.
*/
-static int
-_gnutls_mre_num2record (int num)
+static int _gnutls_mre_num2record(int num)
{
- switch (num)
- {
- case 1:
- return 512;
- case 2:
- return 1024;
- case 3:
- return 2048;
- case 4:
- return 4096;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+ switch (num) {
+ case 1:
+ return 512;
+ case 2:
+ return 1024;
+ case 3:
+ return 2048;
+ case 4:
+ return 4096;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
/* Maps record size to numbers according to the
* extensions draft.
*/
-static int
-_gnutls_mre_record2num (uint16_t record_size)
+static int _gnutls_mre_record2num(uint16_t record_size)
{
- switch (record_size)
- {
- case 512:
- return 1;
- case 1024:
- return 2;
- case 2048:
- return 3;
- case 4096:
- return 4;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+ switch (record_size) {
+ case 512:
+ return 1;
+ case 1024:
+ return 2;
+ case 2048:
+ return 3;
+ case 4096:
+ return 4;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
@@ -271,13 +255,12 @@ _gnutls_mre_record2num (uint16_t record_size)
*
* Returns: The maximum record packet size in this connection.
**/
-size_t
-gnutls_record_get_max_size (gnutls_session_t session)
+size_t gnutls_record_get_max_size(gnutls_session_t session)
{
- /* Recv will hold the negotiated max record size
- * always.
- */
- return session->security_parameters.max_record_recv_size;
+ /* Recv will hold the negotiated max record size
+ * always.
+ */
+ return session->security_parameters.max_record_recv_size;
}
@@ -301,28 +284,27 @@ gnutls_record_get_max_size (gnutls_session_t session)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
-ssize_t
-gnutls_record_set_max_size (gnutls_session_t session, size_t size)
+ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size)
{
- ssize_t new_size;
- extension_priv_data_t epriv;
+ ssize_t new_size;
+ extension_priv_data_t epriv;
- if (session->security_parameters.entity == GNUTLS_SERVER)
- return GNUTLS_E_INVALID_REQUEST;
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return GNUTLS_E_INVALID_REQUEST;
- new_size = _gnutls_mre_record2num (size);
+ new_size = _gnutls_mre_record2num(size);
- if (new_size < 0)
- {
- gnutls_assert ();
- return new_size;
- }
+ if (new_size < 0) {
+ gnutls_assert();
+ return new_size;
+ }
- session->security_parameters.max_record_send_size = size;
- epriv.num = size;
+ session->security_parameters.max_record_send_size = size;
+ epriv.num = size;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_MAX_RECORD_SIZE,
- epriv);
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ epriv);
- return 0;
+ return 0;
}
diff --git a/lib/ext/new_record_padding.c b/lib/ext/new_record_padding.c
index d16da658e8..aceec7c4b9 100644
--- a/lib/ext/new_record_padding.c
+++ b/lib/ext/new_record_padding.c
@@ -29,104 +29,98 @@
#include <gnutls_extensions.h>
#include <ext/new_record_padding.h>
-static int new_record_padding_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int new_record_padding_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
-static int new_record_padding_before_epoch_change(gnutls_session_t session);
+static int new_record_padding_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int new_record_padding_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
+static int new_record_padding_before_epoch_change(gnutls_session_t
+ session);
extension_entry_st ext_mod_new_record_padding = {
- .name = "NEW_RECORD_PADDING",
- .type = GNUTLS_EXTENSION_NEW_RECORD_PADDING,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = new_record_padding_recv_params,
- .send_func = new_record_padding_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = NULL,
- .epoch_func = new_record_padding_before_epoch_change
+ .name = "NEW_RECORD_PADDING",
+ .type = GNUTLS_EXTENSION_NEW_RECORD_PADDING,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = new_record_padding_recv_params,
+ .send_func = new_record_padding_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL,
+ .epoch_func = new_record_padding_before_epoch_change
};
static int
-new_record_padding_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+new_record_padding_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- ssize_t data_size = _data_size;
- extension_priv_data_t epriv;
-
- if (data_size > 0)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (session->internals.priorities.new_record_padding != 0)
- {
- epriv.num = 1;
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_NEW_RECORD_PADDING,
- epriv);
- }
- }
- else /* client */
- {
- if (session->internals.priorities.new_record_padding != 0)
- {
- epriv.num = 1;
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_NEW_RECORD_PADDING,
- epriv);
- }
- }
-
- return 0;
+ ssize_t data_size = _data_size;
+ extension_priv_data_t epriv;
+
+ if (data_size > 0)
+ return
+ gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (session->internals.priorities.new_record_padding != 0) {
+ epriv.num = 1;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_NEW_RECORD_PADDING,
+ epriv);
+ }
+ } else { /* client */
+
+ if (session->internals.priorities.new_record_padding != 0) {
+ epriv.num = 1;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_NEW_RECORD_PADDING,
+ epriv);
+ }
+ }
+
+ return 0;
}
static int new_record_padding_before_epoch_change(gnutls_session_t session)
{
- extension_priv_data_t epriv;
- int ret;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_NEW_RECORD_PADDING,
- &epriv);
- if (ret < 0)
- return 0; /* fine */
-
- if (epriv.num != 0)
- session->security_parameters.new_record_padding = 1;
-
- return 0;
+ extension_priv_data_t epriv;
+ int ret;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_NEW_RECORD_PADDING,
+ &epriv);
+ if (ret < 0)
+ return 0; /* fine */
+
+ if (epriv.num != 0)
+ session->security_parameters.new_record_padding = 1;
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-new_record_padding_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+new_record_padding_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
-extension_priv_data_t epriv;
-int ret;
-
- /* this function sends the client extension data (dnsname) */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (session->internals.priorities.new_record_padding != 0)
- return GNUTLS_E_INT_RET_0; /* advertize it */
- }
- else
- { /* server side */
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_NEW_RECORD_PADDING,
- &epriv);
- if (ret < 0)
- return 0;
-
- if (epriv.num != 0)
- return GNUTLS_E_INT_RET_0;
- }
-
- return 0;
+ extension_priv_data_t epriv;
+ int ret;
+
+ /* this function sends the client extension data (dnsname) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (session->internals.priorities.new_record_padding != 0)
+ return GNUTLS_E_INT_RET_0; /* advertize it */
+ } else { /* server side */
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_NEW_RECORD_PADDING,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ if (epriv.num != 0)
+ return GNUTLS_E_INT_RET_0;
+ }
+
+ return 0;
}
-
-
diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c
index 43b17956dc..e8c8b1d730 100644
--- a/lib/ext/safe_renegotiation.c
+++ b/lib/ext/safe_renegotiation.c
@@ -25,416 +25,390 @@
#include <gnutls_errors.h>
-static int _gnutls_sr_recv_params (gnutls_session_t state,
- const uint8_t * data, size_t data_size);
-static int _gnutls_sr_send_params (gnutls_session_t state, gnutls_buffer_st*);
-static void _gnutls_sr_deinit_data (extension_priv_data_t priv);
+static int _gnutls_sr_recv_params(gnutls_session_t state,
+ const uint8_t * data, size_t data_size);
+static int _gnutls_sr_send_params(gnutls_session_t state,
+ gnutls_buffer_st *);
+static void _gnutls_sr_deinit_data(extension_priv_data_t priv);
extension_entry_st ext_mod_sr = {
- .name = "SAFE RENEGOTIATION",
- .type = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- .parse_type = GNUTLS_EXT_MANDATORY,
-
- .recv_func = _gnutls_sr_recv_params,
- .send_func = _gnutls_sr_send_params,
- .pack_func = NULL,
- .unpack_func = NULL,
- .deinit_func = _gnutls_sr_deinit_data,
+ .name = "SAFE RENEGOTIATION",
+ .type = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ .parse_type = GNUTLS_EXT_MANDATORY,
+
+ .recv_func = _gnutls_sr_recv_params,
+ .send_func = _gnutls_sr_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = _gnutls_sr_deinit_data,
};
int
-_gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
- size_t vdata_size, int dir)
+_gnutls_ext_sr_finished(gnutls_session_t session, void *vdata,
+ size_t vdata_size, int dir)
{
- int ret;
- sr_ext_st *priv;
- extension_priv_data_t epriv;
-
- if (session->internals.priorities.sr == SR_DISABLED)
- {
- return 0;
- }
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- priv = epriv.ptr;
-
- /* Save data for safe renegotiation.
- */
- if (vdata_size > MAX_VERIFY_DATA_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if ((session->security_parameters.entity == GNUTLS_CLIENT && dir == 0) ||
- (session->security_parameters.entity == GNUTLS_SERVER && dir == 1))
- {
- priv->client_verify_data_len = vdata_size;
- memcpy (priv->client_verify_data, vdata, vdata_size);
- }
- else
- {
- priv->server_verify_data_len = vdata_size;
- memcpy (priv->server_verify_data, vdata, vdata_size);
- }
-
- return 0;
+ int ret;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ if (session->internals.priorities.sr == SR_DISABLED) {
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ priv = epriv.ptr;
+
+ /* Save data for safe renegotiation.
+ */
+ if (vdata_size > MAX_VERIFY_DATA_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((session->security_parameters.entity == GNUTLS_CLIENT
+ && dir == 0)
+ || (session->security_parameters.entity == GNUTLS_SERVER
+ && dir == 1)) {
+ priv->client_verify_data_len = vdata_size;
+ memcpy(priv->client_verify_data, vdata, vdata_size);
+ } else {
+ priv->server_verify_data_len = vdata_size;
+ memcpy(priv->server_verify_data, vdata, vdata_size);
+ }
+
+ return 0;
}
-int
-_gnutls_ext_sr_verify (gnutls_session_t session)
+int _gnutls_ext_sr_verify(gnutls_session_t session)
{
- int ret;
- sr_ext_st *priv = NULL;
- extension_priv_data_t epriv;
-
- if (session->internals.priorities.sr == SR_DISABLED)
- {
- gnutls_assert ();
- return 0;
- }
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret >= 0)
- priv = epriv.ptr;
-
- /* Safe renegotiation */
-
- if (priv && priv->safe_renegotiation_received)
- {
- if ((priv->ri_extension_data_len < priv->client_verify_data_len) ||
- (memcmp (priv->ri_extension_data,
- priv->client_verify_data, priv->client_verify_data_len)))
- {
- gnutls_assert ();
- _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n",
- session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if ((priv->ri_extension_data_len !=
- priv->client_verify_data_len + priv->server_verify_data_len) ||
- memcmp (priv->ri_extension_data + priv->client_verify_data_len,
- priv->server_verify_data,
- priv->server_verify_data_len) != 0)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Safe renegotiation failed [2]\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
- else /* Make sure there are 0 extra bytes */
- {
- if (priv->ri_extension_data_len != priv->client_verify_data_len)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Safe renegotiation failed [3]\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
-
- _gnutls_handshake_log ("HSK[%p]: Safe renegotiation succeeded\n",
- session);
- }
- else /* safe renegotiation not received... */
- {
- if (priv && priv->connection_using_safe_renegotiation)
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Peer previously asked for safe renegotiation\n",
- session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
-
- /* Clients can't tell if it's an initial negotiation */
- if (session->internals.initial_negotiation_completed)
- {
- if (session->internals.priorities.sr < SR_PARTIAL)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Allowing unsafe (re)negotiation\n", session);
- }
- else
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Denying unsafe (re)negotiation\n", session);
- return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
- }
- }
- else
- {
- if (session->internals.priorities.sr < SR_SAFE)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Allowing unsafe initial negotiation\n", session);
- }
- else
- {
- gnutls_assert ();
- _gnutls_handshake_log
- ("HSK[%p]: Denying unsafe initial negotiation\n", session);
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
- }
- }
-
- return 0;
+ int ret;
+ sr_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ if (session->internals.priorities.sr == SR_DISABLED) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret >= 0)
+ priv = epriv.ptr;
+
+ /* Safe renegotiation */
+
+ if (priv && priv->safe_renegotiation_received) {
+ if ((priv->ri_extension_data_len <
+ priv->client_verify_data_len)
+ ||
+ (memcmp
+ (priv->ri_extension_data, priv->client_verify_data,
+ priv->client_verify_data_len))) {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [1]\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if ((priv->ri_extension_data_len !=
+ priv->client_verify_data_len +
+ priv->server_verify_data_len)
+ || memcmp(priv->ri_extension_data +
+ priv->client_verify_data_len,
+ priv->server_verify_data,
+ priv->server_verify_data_len) != 0) {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [2]\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ } else { /* Make sure there are 0 extra bytes */
+
+ if (priv->ri_extension_data_len !=
+ priv->client_verify_data_len) {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [3]\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation succeeded\n", session);
+ } else { /* safe renegotiation not received... */
+
+ if (priv && priv->connection_using_safe_renegotiation) {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Peer previously asked for safe renegotiation\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ /* Clients can't tell if it's an initial negotiation */
+ if (session->internals.initial_negotiation_completed) {
+ if (session->internals.priorities.sr < SR_PARTIAL) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Allowing unsafe (re)negotiation\n",
+ session);
+ } else {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Denying unsafe (re)negotiation\n",
+ session);
+ return
+ GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
+ }
+ } else {
+ if (session->internals.priorities.sr < SR_SAFE) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Allowing unsafe initial negotiation\n",
+ session);
+ } else {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: Denying unsafe initial negotiation\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+ }
+
+ return 0;
}
/* if a server received the special ciphersuite.
*/
-int
-_gnutls_ext_sr_recv_cs (gnutls_session_t session)
+int _gnutls_ext_sr_recv_cs(gnutls_session_t session)
{
- int ret, set = 0;
- sr_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0)
- {
- set = 1;
- }
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (set != 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- }
- else
- priv = epriv.ptr;
-
- priv->safe_renegotiation_received = 1;
- priv->connection_using_safe_renegotiation = 1;
-
- if (set != 0)
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
-
- return 0;
+ int ret, set = 0;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0) {
+ set = 1;
+ } else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (set != 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ } else
+ priv = epriv.ptr;
+
+ priv->safe_renegotiation_received = 1;
+ priv->connection_using_safe_renegotiation = 1;
+
+ if (set != 0)
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
+
+ return 0;
}
-int
-_gnutls_ext_sr_send_cs (gnutls_session_t session)
+int _gnutls_ext_sr_send_cs(gnutls_session_t session)
{
- int ret, set = 0;
- sr_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0)
- {
- set = 1;
- }
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (set != 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- }
-
- if (set != 0)
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
-
- return 0;
+ int ret, set = 0;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0) {
+ set = 1;
+ } else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (set != 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ }
+
+ if (set != 0)
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
+
+ return 0;
}
static int
-_gnutls_sr_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_sr_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- unsigned int len = data[0];
- ssize_t data_size = _data_size;
- sr_ext_st *priv;
- extension_priv_data_t epriv;
- int set = 0, ret;
-
- DECR_LEN (data_size, len + 1 /* count the first byte and payload */ );
-
- if (session->internals.priorities.sr == SR_DISABLED)
- {
- gnutls_assert ();
- return 0;
- }
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0 && session->security_parameters.entity == GNUTLS_SERVER)
- {
- set = 1;
- }
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (set != 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- }
- else
- priv = epriv.ptr;
-
- /* It is not legal to receive this extension on a renegotiation and
- * not receive it on the initial negotiation.
- */
- if (session->internals.initial_negotiation_completed != 0 &&
- priv->connection_using_safe_renegotiation == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
-
- if (len > sizeof (priv->ri_extension_data))
- {
- gnutls_assert ();
- return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
- }
-
- if (len > 0)
- memcpy (priv->ri_extension_data, &data[1], len);
- priv->ri_extension_data_len = len;
-
- /* "safe renegotiation received" means on *this* handshake; "connection using
- * safe renegotiation" means that the initial hello received on the connection
- * indicated safe renegotiation.
- */
- priv->safe_renegotiation_received = 1;
- priv->connection_using_safe_renegotiation = 1;
-
- if (set != 0)
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
- return 0;
+ unsigned int len = data[0];
+ ssize_t data_size = _data_size;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+ int set = 0, ret;
+
+ DECR_LEN(data_size,
+ len + 1 /* count the first byte and payload */ );
+
+ if (session->internals.priorities.sr == SR_DISABLED) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0
+ && session->security_parameters.entity == GNUTLS_SERVER) {
+ set = 1;
+ } else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (set != 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ } else
+ priv = epriv.ptr;
+
+ /* It is not legal to receive this extension on a renegotiation and
+ * not receive it on the initial negotiation.
+ */
+ if (session->internals.initial_negotiation_completed != 0 &&
+ priv->connection_using_safe_renegotiation == 0) {
+ gnutls_assert();
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (len > sizeof(priv->ri_extension_data)) {
+ gnutls_assert();
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (len > 0)
+ memcpy(priv->ri_extension_data, &data[1], len);
+ priv->ri_extension_data_len = len;
+
+ /* "safe renegotiation received" means on *this* handshake; "connection using
+ * safe renegotiation" means that the initial hello received on the connection
+ * indicated safe renegotiation.
+ */
+ priv->safe_renegotiation_received = 1;
+ priv->connection_using_safe_renegotiation = 1;
+
+ if (set != 0)
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
+ return 0;
}
static int
-_gnutls_sr_send_params (gnutls_session_t session, gnutls_buffer_st* extdata)
+_gnutls_sr_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- /* The format of this extension is a one-byte length of verify data followed
- * by the verify data itself. Note that the length byte does not include
- * itself; IOW, empty verify data is represented as a length of 0. That means
- * the minimum extension is one byte: 0x00.
- */
- sr_ext_st *priv;
- int ret, set = 0, len;
- extension_priv_data_t epriv;
- size_t init_length = extdata->length;
-
- if (session->internals.priorities.sr == SR_DISABLED)
- {
- gnutls_assert ();
- return 0;
- }
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0)
- {
- set = 1;
- }
-
- if (set != 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
-
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- epriv);
- }
- else
- priv = epriv.ptr;
-
- /* Always offer the extension if we're a client */
- if (priv->connection_using_safe_renegotiation ||
- session->security_parameters.entity == GNUTLS_CLIENT)
- {
- len = priv->client_verify_data_len;
- if (session->security_parameters.entity == GNUTLS_SERVER)
- len += priv->server_verify_data_len;
-
- ret = _gnutls_buffer_append_prefix(extdata, 8, len);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data(extdata, priv->client_verify_data,
- priv->client_verify_data_len);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- ret = _gnutls_buffer_append_data(extdata, priv->server_verify_data,
- priv->server_verify_data_len);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
- else
- return 0;
-
- return extdata->length - init_length;
+ /* The format of this extension is a one-byte length of verify data followed
+ * by the verify data itself. Note that the length byte does not include
+ * itself; IOW, empty verify data is represented as a length of 0. That means
+ * the minimum extension is one byte: 0x00.
+ */
+ sr_ext_st *priv;
+ int ret, set = 0, len;
+ extension_priv_data_t epriv;
+ size_t init_length = extdata->length;
+
+ if (session->internals.priorities.sr == SR_DISABLED) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0) {
+ set = 1;
+ }
+
+ if (set != 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
+ } else
+ priv = epriv.ptr;
+
+ /* Always offer the extension if we're a client */
+ if (priv->connection_using_safe_renegotiation ||
+ session->security_parameters.entity == GNUTLS_CLIENT) {
+ len = priv->client_verify_data_len;
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ len += priv->server_verify_data_len;
+
+ ret = _gnutls_buffer_append_prefix(extdata, 8, len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data(extdata,
+ priv->client_verify_data,
+ priv->
+ client_verify_data_len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ ret =
+ _gnutls_buffer_append_data(extdata,
+ priv->
+ server_verify_data,
+ priv->
+ server_verify_data_len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ } else
+ return 0;
+
+ return extdata->length - init_length;
}
-static void
-_gnutls_sr_deinit_data (extension_priv_data_t priv)
+static void _gnutls_sr_deinit_data(extension_priv_data_t priv)
{
- gnutls_free (priv.ptr);
+ gnutls_free(priv.ptr);
}
/**
@@ -449,22 +423,20 @@ _gnutls_sr_deinit_data (extension_priv_data_t priv)
*
* Since: 2.10.0
**/
-int
-gnutls_safe_renegotiation_status (gnutls_session_t session)
+int gnutls_safe_renegotiation_status(gnutls_session_t session)
{
- int ret;
- sr_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return 0;
- }
- priv = epriv.ptr;
-
- return priv->connection_using_safe_renegotiation;
+ int ret;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ return priv->connection_using_safe_renegotiation;
}
diff --git a/lib/ext/safe_renegotiation.h b/lib/ext/safe_renegotiation.h
index 124c9295e0..cd334158a3 100644
--- a/lib/ext/safe_renegotiation.h
+++ b/lib/ext/safe_renegotiation.h
@@ -25,26 +25,25 @@
#include <gnutls_extensions.h>
-typedef struct
-{
- uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE];
- size_t client_verify_data_len;
- uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE];
- size_t server_verify_data_len;
- uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */
- size_t ri_extension_data_len;
+typedef struct {
+ uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE];
+ size_t client_verify_data_len;
+ uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE];
+ size_t server_verify_data_len;
+ uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */
+ size_t ri_extension_data_len;
- unsigned int safe_renegotiation_received:1;
- unsigned int initial_negotiation_completed:1;
- unsigned int connection_using_safe_renegotiation:1;
+ unsigned int safe_renegotiation_received:1;
+ unsigned int initial_negotiation_completed:1;
+ unsigned int connection_using_safe_renegotiation:1;
} sr_ext_st;
extern extension_entry_st ext_mod_sr;
-int _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
- size_t vdata_size, int dir);
-int _gnutls_ext_sr_recv_cs (gnutls_session_t session);
-int _gnutls_ext_sr_verify (gnutls_session_t session);
-int _gnutls_ext_sr_send_cs (gnutls_session_t);
+int _gnutls_ext_sr_finished(gnutls_session_t session, void *vdata,
+ size_t vdata_size, int dir);
+int _gnutls_ext_sr_recv_cs(gnutls_session_t session);
+int _gnutls_ext_sr_verify(gnutls_session_t session);
+int _gnutls_ext_sr_send_cs(gnutls_session_t);
-#endif /* EXT_SAFE_RENEGOTIATION_H */
+#endif /* EXT_SAFE_RENEGOTIATION_H */
diff --git a/lib/ext/server_name.c b/lib/ext/server_name.c
index c78a3c30d0..11240280e1 100644
--- a/lib/ext/server_name.c
+++ b/lib/ext/server_name.c
@@ -26,29 +26,29 @@
#include "gnutls_num.h"
#include <ext/server_name.h>
-static int _gnutls_server_name_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_server_name_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
+static int _gnutls_server_name_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_server_name_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
-static int _gnutls_server_name_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int _gnutls_server_name_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
-static void _gnutls_server_name_deinit_data (extension_priv_data_t priv);
+static int _gnutls_server_name_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_server_name_pack(extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void _gnutls_server_name_deinit_data(extension_priv_data_t priv);
extension_entry_st ext_mod_server_name = {
- .name = "SERVER NAME",
- .type = GNUTLS_EXTENSION_SERVER_NAME,
- .parse_type = GNUTLS_EXT_APPLICATION,
-
- .recv_func = _gnutls_server_name_recv_params,
- .send_func = _gnutls_server_name_send_params,
- .pack_func = _gnutls_server_name_pack,
- .unpack_func = _gnutls_server_name_unpack,
- .deinit_func = _gnutls_server_name_deinit_data,
+ .name = "SERVER NAME",
+ .type = GNUTLS_EXTENSION_SERVER_NAME,
+ .parse_type = GNUTLS_EXT_APPLICATION,
+
+ .recv_func = _gnutls_server_name_recv_params,
+ .send_func = _gnutls_server_name_send_params,
+ .pack_func = _gnutls_server_name_pack,
+ .unpack_func = _gnutls_server_name_unpack,
+ .deinit_func = _gnutls_server_name_deinit_data,
};
/*
@@ -61,191 +61,189 @@ extension_entry_st ext_mod_server_name = {
*
*/
static int
-_gnutls_server_name_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+_gnutls_server_name_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- int i;
- const unsigned char *p;
- uint16_t len, type;
- ssize_t data_size = _data_size;
- int server_names = 0;
- server_name_ext_st *priv;
- extension_priv_data_t epriv;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- DECR_LENGTH_RET (data_size, 2, 0);
- len = _gnutls_read_uint16 (data);
-
- if (len != data_size)
- {
- /* This is unexpected packet length, but
- * just ignore it, for now.
- */
- gnutls_assert ();
- return 0;
- }
-
- p = data + 2;
-
- /* Count all server_names in the packet. */
- while (data_size > 0)
- {
- DECR_LENGTH_RET (data_size, 1, 0);
- p++;
-
- DECR_LEN (data_size, 2);
- len = _gnutls_read_uint16 (p);
- p += 2;
-
- if (len > 0)
- {
- DECR_LENGTH_RET (data_size, len, 0);
- server_names++;
- p += len;
- }
- else
- _gnutls_handshake_log
- ("HSK[%p]: Received (0) size server name (under attack?)\n",
- session);
-
- }
-
- /* we cannot accept more server names.
- */
- if (server_names > MAX_SERVER_NAME_EXTENSIONS)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Too many server names received (under attack?)\n",
- session);
- server_names = MAX_SERVER_NAME_EXTENSIONS;
- }
-
- if (server_names == 0)
- return 0; /* no names found */
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- priv->server_names_size = server_names;
-
- p = data + 2;
- for (i = 0; i < server_names; i++)
- {
- type = *p;
- p++;
-
- len = _gnutls_read_uint16 (p);
- p += 2;
-
- switch (type)
- {
- case 0: /* NAME_DNS */
- if (len <= MAX_SERVER_NAME_SIZE)
- {
- memcpy (priv->server_names[i].name, p, len);
- priv->server_names[i].name_length = len;
- priv->server_names[i].type = GNUTLS_NAME_DNS;
- break;
- }
- }
-
- /* move to next record */
- p += len;
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- epriv);
-
- }
-
- return 0;
+ int i;
+ const unsigned char *p;
+ uint16_t len, type;
+ ssize_t data_size = _data_size;
+ int server_names = 0;
+ server_name_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ DECR_LENGTH_RET(data_size, 2, 0);
+ len = _gnutls_read_uint16(data);
+
+ if (len != data_size) {
+ /* This is unexpected packet length, but
+ * just ignore it, for now.
+ */
+ gnutls_assert();
+ return 0;
+ }
+
+ p = data + 2;
+
+ /* Count all server_names in the packet. */
+ while (data_size > 0) {
+ DECR_LENGTH_RET(data_size, 1, 0);
+ p++;
+
+ DECR_LEN(data_size, 2);
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ if (len > 0) {
+ DECR_LENGTH_RET(data_size, len, 0);
+ server_names++;
+ p += len;
+ } else
+ _gnutls_handshake_log
+ ("HSK[%p]: Received (0) size server name (under attack?)\n",
+ session);
+
+ }
+
+ /* we cannot accept more server names.
+ */
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Too many server names received (under attack?)\n",
+ session);
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
+ }
+
+ if (server_names == 0)
+ return 0; /* no names found */
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ priv->server_names_size = server_names;
+
+ p = data + 2;
+ for (i = 0; i < server_names; i++) {
+ type = *p;
+ p++;
+
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ switch (type) {
+ case 0: /* NAME_DNS */
+ if (len <= MAX_SERVER_NAME_SIZE) {
+ memcpy(priv->server_names[i].name,
+ p, len);
+ priv->server_names[i].name_length =
+ len;
+ priv->server_names[i].type =
+ GNUTLS_NAME_DNS;
+ break;
+ }
+ }
+
+ /* move to next record */
+ p += len;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SERVER_NAME,
+ epriv);
+
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_server_name_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata)
+_gnutls_server_name_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- uint16_t len;
- unsigned i;
- int total_size = 0, ret;
- server_name_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- &epriv);
- if (ret < 0)
- return 0;
-
-
- /* this function sends the client extension data (dnsname)
- */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- priv = epriv.ptr;
-
- if (priv->server_names_size == 0)
- return 0;
-
- /* uint16_t
- */
- total_size = 2;
- for (i = 0; i < priv->server_names_size; i++)
- {
- /* count the total size
- */
- len = priv->server_names[i].name_length;
-
- /* uint8_t + uint16_t + size
- */
- total_size += 1 + 2 + len;
- }
-
- /* UINT16: write total size of all names
- */
- ret = _gnutls_buffer_append_prefix(extdata, 16, total_size - 2);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- for (i = 0; i < priv->server_names_size; i++)
- {
-
- switch (priv->server_names[i].type)
- {
- case GNUTLS_NAME_DNS:
- len = priv->server_names[i].name_length;
- if (len == 0)
- break;
-
- /* UINT8: type of this extension
- * UINT16: size of the first name
- * LEN: the actual server name.
- */
- ret = _gnutls_buffer_append_prefix(extdata, 8, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data_prefix(extdata, 16, priv->server_names[i].name, len);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- }
- }
-
- return total_size;
+ uint16_t len;
+ unsigned i;
+ int total_size = 0, ret;
+ server_name_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+
+ /* this function sends the client extension data (dnsname)
+ */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ priv = epriv.ptr;
+
+ if (priv->server_names_size == 0)
+ return 0;
+
+ /* uint16_t
+ */
+ total_size = 2;
+ for (i = 0; i < priv->server_names_size; i++) {
+ /* count the total size
+ */
+ len = priv->server_names[i].name_length;
+
+ /* uint8_t + uint16_t + size
+ */
+ total_size += 1 + 2 + len;
+ }
+
+ /* UINT16: write total size of all names
+ */
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ total_size - 2);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < priv->server_names_size; i++) {
+
+ switch (priv->server_names[i].type) {
+ case GNUTLS_NAME_DNS:
+ len = priv->server_names[i].name_length;
+ if (len == 0)
+ break;
+
+ /* UINT8: type of this extension
+ * UINT16: size of the first name
+ * LEN: the actual server name.
+ */
+ ret =
+ _gnutls_buffer_append_prefix(extdata,
+ 8, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_data_prefix
+ (extdata, 16,
+ priv->server_names[i].name, len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+ }
+
+ return total_size;
}
/**
@@ -277,56 +275,51 @@ _gnutls_server_name_send_params (gnutls_session_t session,
* otherwise a negative error code is returned.
**/
int
-gnutls_server_name_get (gnutls_session_t session, void *data,
- size_t * data_length,
- unsigned int *type, unsigned int indx)
+gnutls_server_name_get(gnutls_session_t session, void *data,
+ size_t * data_length,
+ unsigned int *type, unsigned int indx)
{
- char *_data = data;
- server_name_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- priv = epriv.ptr;
-
- if (indx + 1 > priv->server_names_size)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- *type = priv->server_names[indx].type;
-
- if (*data_length > /* greater since we need one extra byte for the null */
- priv->server_names[indx].name_length)
- {
- *data_length = priv->server_names[indx].name_length;
- memcpy (data, priv->server_names[indx].name, *data_length);
-
- if (*type == GNUTLS_NAME_DNS) /* null terminate */
- _data[(*data_length)] = 0;
-
- }
- else
- {
- *data_length = priv->server_names[indx].name_length + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- return 0;
+ char *_data = data;
+ server_name_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ priv = epriv.ptr;
+
+ if (indx + 1 > priv->server_names_size) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ *type = priv->server_names[indx].type;
+
+ if (*data_length > /* greater since we need one extra byte for the null */
+ priv->server_names[indx].name_length) {
+ *data_length = priv->server_names[indx].name_length;
+ memcpy(data, priv->server_names[indx].name, *data_length);
+
+ if (*type == GNUTLS_NAME_DNS) /* null terminate */
+ _data[(*data_length)] = 0;
+
+ } else {
+ *data_length = priv->server_names[indx].name_length + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ return 0;
}
/**
@@ -350,123 +343,117 @@ gnutls_server_name_get (gnutls_session_t session, void *data,
* otherwise a negative error code is returned.
**/
int
-gnutls_server_name_set (gnutls_session_t session,
- gnutls_server_name_type_t type,
- const void *name, size_t name_length)
+gnutls_server_name_set(gnutls_session_t session,
+ gnutls_server_name_type_t type,
+ const void *name, size_t name_length)
{
- int server_names, ret;
- server_name_ext_st *priv;
- extension_priv_data_t epriv;
- int set = 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (name_length > MAX_SERVER_NAME_SIZE)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- &epriv);
- if (ret < 0)
- {
- set = 1;
- }
-
- if (set != 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- }
- else
- priv = epriv.ptr;
-
- server_names = priv->server_names_size + 1;
-
- if (server_names > MAX_SERVER_NAME_EXTENSIONS)
- server_names = MAX_SERVER_NAME_EXTENSIONS;
-
- priv->server_names[server_names - 1].type = type;
- memcpy (priv->server_names[server_names - 1].name, name, name_length);
- priv->server_names[server_names - 1].name_length = name_length;
-
- priv->server_names_size = server_names;
-
- if (set != 0)
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
- epriv);
-
- return 0;
+ int server_names, ret;
+ server_name_ext_st *priv;
+ extension_priv_data_t epriv;
+ int set = 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (name_length > MAX_SERVER_NAME_SIZE)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
+ if (ret < 0) {
+ set = 1;
+ }
+
+ if (set != 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ } else
+ priv = epriv.ptr;
+
+ server_names = priv->server_names_size + 1;
+
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS)
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
+
+ priv->server_names[server_names - 1].type = type;
+ memcpy(priv->server_names[server_names - 1].name, name,
+ name_length);
+ priv->server_names[server_names - 1].name_length = name_length;
+
+ priv->server_names_size = server_names;
+
+ if (set != 0)
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SERVER_NAME,
+ epriv);
+
+ return 0;
}
-static void
-_gnutls_server_name_deinit_data (extension_priv_data_t priv)
+static void _gnutls_server_name_deinit_data(extension_priv_data_t priv)
{
- gnutls_free (priv.ptr);
+ gnutls_free(priv.ptr);
}
static int
-_gnutls_server_name_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_server_name_pack(extension_priv_data_t epriv,
+ gnutls_buffer_st * ps)
{
- server_name_ext_st *priv = epriv.ptr;
- unsigned int i;
- int ret;
-
- BUFFER_APPEND_NUM (ps, priv->server_names_size);
- for (i = 0; i < priv->server_names_size; i++)
- {
- BUFFER_APPEND_NUM (ps, priv->server_names[i].type);
- BUFFER_APPEND_PFX4 (ps, priv->server_names[i].name,
- priv->server_names[i].name_length);
- }
- return 0;
+ server_name_ext_st *priv = epriv.ptr;
+ unsigned int i;
+ int ret;
+
+ BUFFER_APPEND_NUM(ps, priv->server_names_size);
+ for (i = 0; i < priv->server_names_size; i++) {
+ BUFFER_APPEND_NUM(ps, priv->server_names[i].type);
+ BUFFER_APPEND_PFX4(ps, priv->server_names[i].name,
+ priv->server_names[i].name_length);
+ }
+ return 0;
}
static int
-_gnutls_server_name_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+_gnutls_server_name_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
- server_name_ext_st *priv;
- unsigned int i;
- int ret;
- extension_priv_data_t epriv;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_NUM (ps, priv->server_names_size);
- for (i = 0; i < priv->server_names_size; i++)
- {
- BUFFER_POP_NUM (ps, priv->server_names[i].type);
- BUFFER_POP_NUM (ps, priv->server_names[i].name_length);
- if (priv->server_names[i].name_length >
- sizeof (priv->server_names[i].name))
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
- BUFFER_POP (ps, priv->server_names[i].name,
- priv->server_names[i].name_length);
- }
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- gnutls_free (priv);
- return ret;
+ server_name_ext_st *priv;
+ unsigned int i;
+ int ret;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_NUM(ps, priv->server_names_size);
+ for (i = 0; i < priv->server_names_size; i++) {
+ BUFFER_POP_NUM(ps, priv->server_names[i].type);
+ BUFFER_POP_NUM(ps, priv->server_names[i].name_length);
+ if (priv->server_names[i].name_length >
+ sizeof(priv->server_names[i].name)) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+ BUFFER_POP(ps, priv->server_names[i].name,
+ priv->server_names[i].name_length);
+ }
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ gnutls_free(priv);
+ return ret;
}
diff --git a/lib/ext/server_name.h b/lib/ext/server_name.h
index 98fb3da293..fbc52177dc 100644
--- a/lib/ext/server_name.h
+++ b/lib/ext/server_name.h
@@ -24,20 +24,18 @@
#include <gnutls_extensions.h>
-typedef struct
-{
- uint8_t name[MAX_SERVER_NAME_SIZE];
- unsigned name_length;
- gnutls_server_name_type_t type;
+typedef struct {
+ uint8_t name[MAX_SERVER_NAME_SIZE];
+ unsigned name_length;
+ gnutls_server_name_type_t type;
} server_name_st;
#define MAX_SERVER_NAME_EXTENSIONS 3
-typedef struct
-{
- server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
- /* limit server_name extensions */
- unsigned server_names_size;
+typedef struct {
+ server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
+ /* limit server_name extensions */
+ unsigned server_names_size;
} server_name_ext_st;
extern extension_entry_st ext_mod_server_name;
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 0799fd788c..aa7707f472 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -41,26 +41,27 @@
#define MAC_SIZE 32
-static int session_ticket_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t data_size);
-static int session_ticket_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
-static int session_ticket_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int session_ticket_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
-static void session_ticket_deinit_data (extension_priv_data_t priv);
+static int session_ticket_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int session_ticket_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
+static int session_ticket_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int session_ticket_pack(extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void session_ticket_deinit_data(extension_priv_data_t priv);
extension_entry_st ext_mod_session_ticket = {
- .name = "SESSION TICKET",
- .type = GNUTLS_EXTENSION_SESSION_TICKET,
- .parse_type = GNUTLS_EXT_MANDATORY,
-
- .recv_func = session_ticket_recv_params,
- .send_func = session_ticket_send_params,
- .pack_func = session_ticket_pack,
- .unpack_func = session_ticket_unpack,
- .deinit_func = session_ticket_deinit_data,
+ .name = "SESSION TICKET",
+ .type = GNUTLS_EXTENSION_SESSION_TICKET,
+ .parse_type = GNUTLS_EXT_MANDATORY,
+
+ .recv_func = session_ticket_recv_params,
+ .send_func = session_ticket_send_params,
+ .pack_func = session_ticket_pack,
+ .unpack_func = session_ticket_unpack,
+ .deinit_func = session_ticket_deinit_data,
};
#define SESSION_KEY_SIZE (SESSION_TICKET_KEY_NAME_SIZE+SESSION_TICKET_KEY_SIZE+SESSION_TICKET_MAC_SECRET_SIZE)
@@ -68,396 +69,383 @@ extension_entry_st ext_mod_session_ticket = {
#define KEY_POS (SESSION_TICKET_KEY_NAME_SIZE)
#define MAC_SECRET_POS (SESSION_TICKET_KEY_NAME_SIZE+SESSION_TICKET_KEY_SIZE)
-typedef struct
-{
- int session_ticket_enable;
- int session_ticket_renew;
- uint8_t session_ticket_IV[SESSION_TICKET_IV_SIZE];
+typedef struct {
+ int session_ticket_enable;
+ int session_ticket_renew;
+ uint8_t session_ticket_IV[SESSION_TICKET_IV_SIZE];
- uint8_t *session_ticket;
- int session_ticket_len;
+ uint8_t *session_ticket;
+ int session_ticket_len;
- uint8_t key[SESSION_KEY_SIZE];
+ uint8_t key[SESSION_KEY_SIZE];
} session_ticket_ext_st;
-struct ticket
-{
- uint8_t key_name[KEY_NAME_SIZE];
- uint8_t IV[IV_SIZE];
- uint8_t *encrypted_state;
- uint16_t encrypted_state_len;
- uint8_t mac[MAC_SIZE];
+struct ticket {
+ uint8_t key_name[KEY_NAME_SIZE];
+ uint8_t IV[IV_SIZE];
+ uint8_t *encrypted_state;
+ uint16_t encrypted_state_len;
+ uint8_t mac[MAC_SIZE];
};
static int
-digest_ticket (const gnutls_datum_t * key, struct ticket *ticket,
- uint8_t * digest)
+digest_ticket(const gnutls_datum_t * key, struct ticket *ticket,
+ uint8_t * digest)
{
- mac_hd_st digest_hd;
- uint16_t length16;
- int ret;
-
- ret = _gnutls_mac_init (&digest_hd, mac_to_entry(GNUTLS_MAC_SHA256),
- key->data, key->size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- _gnutls_mac (&digest_hd, ticket->key_name, KEY_NAME_SIZE);
- _gnutls_mac (&digest_hd, ticket->IV, IV_SIZE);
- length16 = _gnutls_conv_uint16 (ticket->encrypted_state_len);
- _gnutls_mac (&digest_hd, &length16, 2);
- _gnutls_mac (&digest_hd, ticket->encrypted_state,
- ticket->encrypted_state_len);
- _gnutls_mac_deinit (&digest_hd, digest);
-
- return 0;
+ mac_hd_st digest_hd;
+ uint16_t length16;
+ int ret;
+
+ ret = _gnutls_mac_init(&digest_hd, mac_to_entry(GNUTLS_MAC_SHA256),
+ key->data, key->size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ _gnutls_mac(&digest_hd, ticket->key_name, KEY_NAME_SIZE);
+ _gnutls_mac(&digest_hd, ticket->IV, IV_SIZE);
+ length16 = _gnutls_conv_uint16(ticket->encrypted_state_len);
+ _gnutls_mac(&digest_hd, &length16, 2);
+ _gnutls_mac(&digest_hd, ticket->encrypted_state,
+ ticket->encrypted_state_len);
+ _gnutls_mac_deinit(&digest_hd, digest);
+
+ return 0;
}
static int
-decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
- struct ticket *ticket)
+decrypt_ticket(gnutls_session_t session, session_ticket_ext_st * priv,
+ struct ticket *ticket)
{
- cipher_hd_st cipher_hd;
- gnutls_datum_t key, IV, mac_secret, state;
- uint8_t final[MAC_SECRET_SIZE];
- time_t timestamp = gnutls_time (0);
- int ret;
-
- /* Check the integrity of ticket using HMAC-SHA-256. */
- mac_secret.data = (void *) &priv->key[MAC_SECRET_POS];
- mac_secret.size = MAC_SECRET_SIZE;
- ret = digest_ticket (&mac_secret, ticket, final);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (memcmp (ticket->mac, final, MAC_SIZE))
- {
- gnutls_assert ();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
-
- /* Decrypt encrypted_state using 128-bit AES in CBC mode. */
- key.data = (void *) &priv->key[KEY_POS];
- key.size = KEY_SIZE;
- IV.data = ticket->IV;
- IV.size = IV_SIZE;
- ret =
- _gnutls_cipher_init (&cipher_hd, cipher_to_entry(GNUTLS_CIPHER_AES_128_CBC),
- &key, &IV, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- ret = _gnutls_cipher_decrypt (&cipher_hd, ticket->encrypted_state,
- ticket->encrypted_state_len);
- _gnutls_cipher_deinit (&cipher_hd);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Unpack security parameters. */
- state.data = ticket->encrypted_state;
- state.size = ticket->encrypted_state_len;
- ret = _gnutls_session_unpack (session, &state);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (timestamp - session->internals.resumed_security_parameters.timestamp >
- session->internals.expire_time
- || session->internals.resumed_security_parameters.timestamp > timestamp)
- {
- gnutls_assert ();
- return GNUTLS_E_EXPIRED;
- }
-
- session->internals.resumed = RESUME_TRUE;
-
- return 0;
+ cipher_hd_st cipher_hd;
+ gnutls_datum_t key, IV, mac_secret, state;
+ uint8_t final[MAC_SECRET_SIZE];
+ time_t timestamp = gnutls_time(0);
+ int ret;
+
+ /* Check the integrity of ticket using HMAC-SHA-256. */
+ mac_secret.data = (void *) &priv->key[MAC_SECRET_POS];
+ mac_secret.size = MAC_SECRET_SIZE;
+ ret = digest_ticket(&mac_secret, ticket, final);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (memcmp(ticket->mac, final, MAC_SIZE)) {
+ gnutls_assert();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ /* Decrypt encrypted_state using 128-bit AES in CBC mode. */
+ key.data = (void *) &priv->key[KEY_POS];
+ key.size = KEY_SIZE;
+ IV.data = ticket->IV;
+ IV.size = IV_SIZE;
+ ret =
+ _gnutls_cipher_init(&cipher_hd,
+ cipher_to_entry(GNUTLS_CIPHER_AES_128_CBC),
+ &key, &IV, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ ret = _gnutls_cipher_decrypt(&cipher_hd, ticket->encrypted_state,
+ ticket->encrypted_state_len);
+ _gnutls_cipher_deinit(&cipher_hd);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Unpack security parameters. */
+ state.data = ticket->encrypted_state;
+ state.size = ticket->encrypted_state_len;
+ ret = _gnutls_session_unpack(session, &state);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (timestamp -
+ session->internals.resumed_security_parameters.timestamp >
+ session->internals.expire_time
+ || session->internals.resumed_security_parameters.timestamp >
+ timestamp) {
+ gnutls_assert();
+ return GNUTLS_E_EXPIRED;
+ }
+
+ session->internals.resumed = RESUME_TRUE;
+
+ return 0;
}
static int
-encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
- struct ticket *ticket)
+encrypt_ticket(gnutls_session_t session, session_ticket_ext_st * priv,
+ struct ticket *ticket)
{
- cipher_hd_st cipher_hd;
- gnutls_datum_t key, IV, mac_secret, state, encrypted_state;
- int blocksize;
- int ret;
-
- /* Pack security parameters. */
- ret = _gnutls_session_pack (session, &state);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- blocksize = gnutls_cipher_get_block_size (GNUTLS_CIPHER_AES_128_CBC);
-
- encrypted_state.size =
- ((state.size + blocksize - 1) / blocksize) * blocksize;
- encrypted_state.data = gnutls_malloc (encrypted_state.size);
- if (!encrypted_state.data)
- {
- gnutls_assert ();
- _gnutls_free_datum (&state);
- return GNUTLS_E_MEMORY_ERROR;
- }
- memset (encrypted_state.data, 0, encrypted_state.size);
- memcpy (encrypted_state.data, state.data, state.size);
- _gnutls_free_datum (&state);
-
- /* Encrypt state using 128-bit AES in CBC mode. */
- key.data = (void *) &priv->key[KEY_POS];
- key.size = KEY_SIZE;
- IV.data = priv->session_ticket_IV;
- IV.size = IV_SIZE;
- ret =
- _gnutls_cipher_init (&cipher_hd, cipher_to_entry(GNUTLS_CIPHER_AES_128_CBC),
- &key, &IV, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&encrypted_state);
- return ret;
- }
-
- ret = _gnutls_cipher_encrypt (&cipher_hd, encrypted_state.data,
- encrypted_state.size);
- _gnutls_cipher_deinit (&cipher_hd);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&encrypted_state);
- return ret;
- }
-
- /* Fill the ticket structure to compute MAC. */
- memcpy (ticket->key_name, &priv->key[NAME_POS], KEY_NAME_SIZE);
- memcpy (ticket->IV, IV.data, IV.size);
- ticket->encrypted_state_len = encrypted_state.size;
- ticket->encrypted_state = encrypted_state.data;
-
- mac_secret.data = &priv->key[MAC_SECRET_POS];
- mac_secret.size = MAC_SECRET_SIZE;
- ret = digest_ticket (&mac_secret, ticket, ticket->mac);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&encrypted_state);
- return ret;
- }
-
- return 0;
+ cipher_hd_st cipher_hd;
+ gnutls_datum_t key, IV, mac_secret, state, encrypted_state;
+ int blocksize;
+ int ret;
+
+ /* Pack security parameters. */
+ ret = _gnutls_session_pack(session, &state);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ blocksize =
+ gnutls_cipher_get_block_size(GNUTLS_CIPHER_AES_128_CBC);
+
+ encrypted_state.size =
+ ((state.size + blocksize - 1) / blocksize) * blocksize;
+ encrypted_state.data = gnutls_malloc(encrypted_state.size);
+ if (!encrypted_state.data) {
+ gnutls_assert();
+ _gnutls_free_datum(&state);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memset(encrypted_state.data, 0, encrypted_state.size);
+ memcpy(encrypted_state.data, state.data, state.size);
+ _gnutls_free_datum(&state);
+
+ /* Encrypt state using 128-bit AES in CBC mode. */
+ key.data = (void *) &priv->key[KEY_POS];
+ key.size = KEY_SIZE;
+ IV.data = priv->session_ticket_IV;
+ IV.size = IV_SIZE;
+ ret =
+ _gnutls_cipher_init(&cipher_hd,
+ cipher_to_entry(GNUTLS_CIPHER_AES_128_CBC),
+ &key, &IV, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&encrypted_state);
+ return ret;
+ }
+
+ ret = _gnutls_cipher_encrypt(&cipher_hd, encrypted_state.data,
+ encrypted_state.size);
+ _gnutls_cipher_deinit(&cipher_hd);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&encrypted_state);
+ return ret;
+ }
+
+ /* Fill the ticket structure to compute MAC. */
+ memcpy(ticket->key_name, &priv->key[NAME_POS], KEY_NAME_SIZE);
+ memcpy(ticket->IV, IV.data, IV.size);
+ ticket->encrypted_state_len = encrypted_state.size;
+ ticket->encrypted_state = encrypted_state.data;
+
+ mac_secret.data = &priv->key[MAC_SECRET_POS];
+ mac_secret.size = MAC_SECRET_SIZE;
+ ret = digest_ticket(&mac_secret, ticket, ticket->mac);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&encrypted_state);
+ return ret;
+ }
+
+ return 0;
}
static int
-session_ticket_recv_params (gnutls_session_t session,
- const uint8_t * data, size_t _data_size)
+session_ticket_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- ssize_t data_size = _data_size;
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
- int ret;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
- if (ret < 0)
- {
- return 0;
- }
- priv = epriv.ptr;
-
- if (!priv->session_ticket_enable)
- return 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- struct ticket ticket;
- const uint8_t *encrypted_state;
- int ret;
-
- /* The client requested a new session ticket. */
- if (data_size == 0)
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
-
- DECR_LEN (data_size, KEY_NAME_SIZE);
- memcpy (ticket.key_name, data, KEY_NAME_SIZE);
- data += KEY_NAME_SIZE;
-
- /* If the key name of the ticket does not match the one that we
- hold, issue a new ticket. */
- if (memcmp (ticket.key_name, &priv->key[NAME_POS], KEY_NAME_SIZE))
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
-
- DECR_LEN (data_size, IV_SIZE);
- memcpy (ticket.IV, data, IV_SIZE);
- data += IV_SIZE;
-
- DECR_LEN (data_size, 2);
- ticket.encrypted_state_len = _gnutls_read_uint16 (data);
- data += 2;
-
- encrypted_state = data;
-
- DECR_LEN (data_size, ticket.encrypted_state_len);
- data += ticket.encrypted_state_len;
-
- DECR_LEN (data_size, MAC_SIZE);
- memcpy (ticket.mac, data, MAC_SIZE);
-
- ticket.encrypted_state = gnutls_malloc (ticket.encrypted_state_len);
- if (!ticket.encrypted_state)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- memcpy (ticket.encrypted_state, encrypted_state,
- ticket.encrypted_state_len);
-
- ret = decrypt_ticket (session, priv, &ticket);
- gnutls_free (ticket.encrypted_state);
- if (ret < 0)
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
- }
- else /* Client */
- {
- if (data_size == 0)
- {
- priv->session_ticket_renew = 1;
- return 0;
- }
- }
-
- return 0;
+ ssize_t data_size = _data_size;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ int ret;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret < 0) {
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ if (!priv->session_ticket_enable)
+ return 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ struct ticket ticket;
+ const uint8_t *encrypted_state;
+ int ret;
+
+ /* The client requested a new session ticket. */
+ if (data_size == 0) {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+
+ DECR_LEN(data_size, KEY_NAME_SIZE);
+ memcpy(ticket.key_name, data, KEY_NAME_SIZE);
+ data += KEY_NAME_SIZE;
+
+ /* If the key name of the ticket does not match the one that we
+ hold, issue a new ticket. */
+ if (memcmp
+ (ticket.key_name, &priv->key[NAME_POS],
+ KEY_NAME_SIZE)) {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+
+ DECR_LEN(data_size, IV_SIZE);
+ memcpy(ticket.IV, data, IV_SIZE);
+ data += IV_SIZE;
+
+ DECR_LEN(data_size, 2);
+ ticket.encrypted_state_len = _gnutls_read_uint16(data);
+ data += 2;
+
+ encrypted_state = data;
+
+ DECR_LEN(data_size, ticket.encrypted_state_len);
+ data += ticket.encrypted_state_len;
+
+ DECR_LEN(data_size, MAC_SIZE);
+ memcpy(ticket.mac, data, MAC_SIZE);
+
+ ticket.encrypted_state =
+ gnutls_malloc(ticket.encrypted_state_len);
+ if (!ticket.encrypted_state) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memcpy(ticket.encrypted_state, encrypted_state,
+ ticket.encrypted_state_len);
+
+ ret = decrypt_ticket(session, priv, &ticket);
+ gnutls_free(ticket.encrypted_state);
+ if (ret < 0) {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+ } else { /* Client */
+
+ if (data_size == 0) {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+ }
+
+ return 0;
}
/* returns a positive number if we send the extension data, (0) if we
do not want to send it, and a negative number on failure.
*/
static int
-session_ticket_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata)
+session_ticket_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
- int ret;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
- if (ret >= 0)
- priv = epriv.ptr;
-
- if (priv == NULL || !priv->session_ticket_enable)
- return 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (priv && priv->session_ticket_renew)
- {
- return GNUTLS_E_INT_RET_0;
- }
- }
- else
- {
- ret =
- _gnutls_ext_get_resumed_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
- if (ret >= 0)
- priv = epriv.ptr;
-
- /* no previous data. Just advertize it */
- if (ret < 0)
- return GNUTLS_E_INT_RET_0;
-
- /* previous data had session tickets disabled. Don't advertize. Ignore. */
- if (!priv->session_ticket_enable)
- return 0;
-
- if (priv->session_ticket_len > 0)
- {
- ret = _gnutls_buffer_append_data( extdata, priv->session_ticket, priv->session_ticket_len);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return priv->session_ticket_len;
- }
- }
- return 0;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ int ret;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret >= 0)
+ priv = epriv.ptr;
+
+ if (priv == NULL || !priv->session_ticket_enable)
+ return 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (priv && priv->session_ticket_renew) {
+ return GNUTLS_E_INT_RET_0;
+ }
+ } else {
+ ret =
+ _gnutls_ext_get_resumed_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret >= 0)
+ priv = epriv.ptr;
+
+ /* no previous data. Just advertize it */
+ if (ret < 0)
+ return GNUTLS_E_INT_RET_0;
+
+ /* previous data had session tickets disabled. Don't advertize. Ignore. */
+ if (!priv->session_ticket_enable)
+ return 0;
+
+ if (priv->session_ticket_len > 0) {
+ ret =
+ _gnutls_buffer_append_data(extdata,
+ priv->
+ session_ticket,
+ priv->
+ session_ticket_len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return priv->session_ticket_len;
+ }
+ }
+ return 0;
}
-static void
-session_ticket_deinit_data (extension_priv_data_t epriv)
+static void session_ticket_deinit_data(extension_priv_data_t epriv)
{
- session_ticket_ext_st *priv = epriv.ptr;
+ session_ticket_ext_st *priv = epriv.ptr;
- gnutls_free (priv->session_ticket);
- gnutls_free (priv);
+ gnutls_free(priv->session_ticket);
+ gnutls_free(priv);
}
static int
-session_ticket_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+session_ticket_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- session_ticket_ext_st *priv = epriv.ptr;
- int ret;
+ session_ticket_ext_st *priv = epriv.ptr;
+ int ret;
- BUFFER_APPEND_PFX4 (ps, priv->session_ticket, priv->session_ticket_len);
- BUFFER_APPEND_NUM (ps, priv->session_ticket_enable);
+ BUFFER_APPEND_PFX4(ps, priv->session_ticket,
+ priv->session_ticket_len);
+ BUFFER_APPEND_NUM(ps, priv->session_ticket_enable);
- return 0;
+ return 0;
}
static int
-session_ticket_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv)
+session_ticket_unpack(gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
- session_ticket_ext_st *priv = NULL;
- int ret;
- extension_priv_data_t epriv;
- gnutls_datum_t ticket;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_DATUM (ps, &ticket);
- priv->session_ticket = ticket.data;
- priv->session_ticket_len = ticket.size;
- BUFFER_POP_NUM (ps, priv->session_ticket_enable);
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- gnutls_free (priv);
- return ret;
+ session_ticket_ext_st *priv = NULL;
+ int ret;
+ extension_priv_data_t epriv;
+ gnutls_datum_t ticket;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_DATUM(ps, &ticket);
+ priv->session_ticket = ticket.data;
+ priv->session_ticket_len = ticket.size;
+ BUFFER_POP_NUM(ps, priv->session_ticket_enable);
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ gnutls_free(priv);
+ return ret;
}
@@ -475,10 +463,9 @@ error:
*
* Since: 2.10.0
**/
-int
-gnutls_session_ticket_key_generate (gnutls_datum_t * key)
+int gnutls_session_ticket_key_generate(gnutls_datum_t * key)
{
- return gnutls_key_generate(key, SESSION_KEY_SIZE);
+ return gnutls_key_generate(key, SESSION_KEY_SIZE);
}
/**
@@ -493,31 +480,29 @@ gnutls_session_ticket_key_generate (gnutls_datum_t * key)
*
* Since: 2.10.0
**/
-int
-gnutls_session_ticket_enable_client (gnutls_session_t session)
+int gnutls_session_ticket_enable_client(gnutls_session_t session)
{
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
-
- if (!session)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- priv->session_ticket_enable = 1;
- epriv.ptr = priv;
-
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET, epriv);
-
- return 0;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ if (!session) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ priv->session_ticket_enable = 1;
+ epriv.ptr = priv;
+
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ epriv);
+
+ return 0;
}
/**
@@ -535,206 +520,211 @@ gnutls_session_ticket_enable_client (gnutls_session_t session)
* Since: 2.10.0
**/
int
-gnutls_session_ticket_enable_server (gnutls_session_t session,
- const gnutls_datum_t * key)
+gnutls_session_ticket_enable_server(gnutls_session_t session,
+ const gnutls_datum_t * key)
{
- int ret;
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
-
- if (!session || !key
- || key->size != SESSION_KEY_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, priv->session_ticket_IV, IV_SIZE);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- memcpy (&priv->key, key->data, key->size);
- priv->session_ticket_enable = 1;
-
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET, epriv);
-
- return 0;
+ int ret;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ if (!session || !key || key->size != SESSION_KEY_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+
+ ret =
+ _gnutls_rnd(GNUTLS_RND_NONCE, priv->session_ticket_IV,
+ IV_SIZE);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ memcpy(&priv->key, key->data, key->size);
+ priv->session_ticket_enable = 1;
+
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ epriv);
+
+ return 0;
}
-int
-_gnutls_send_new_session_ticket (gnutls_session_t session, int again)
+int _gnutls_send_new_session_ticket(gnutls_session_t session, int again)
{
- mbuffer_st *bufel = NULL;
- uint8_t *data = NULL, *p;
- int data_size = 0;
- int ret;
- struct ticket ticket;
- uint16_t ticket_len;
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
- uint16_t epoch_saved = session->security_parameters.epoch_write;
-
- if (again == 0)
- {
- ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
- if (ret < 0)
- return 0;
- priv = epriv.ptr;
-
- if (!priv->session_ticket_renew)
- return 0;
-
- /* XXX: Temporarily set write algorithms to be used.
- _gnutls_write_connection_state_init() does this job, but it also
- triggers encryption, while NewSessionTicket should not be
- encrypted in the record layer. */
- ret =
- _gnutls_epoch_set_keys (session,
- session->security_parameters.epoch_next);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- session->security_parameters.epoch_write =
- session->security_parameters.epoch_next;
-
- ret = encrypt_ticket (session, priv, &ticket);
- session->security_parameters.epoch_write = epoch_saved;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ticket_len = KEY_NAME_SIZE + IV_SIZE + 2 + ticket.encrypted_state_len
- + MAC_SIZE;
-
- bufel = _gnutls_handshake_alloc (session, 4 + 2 + ticket_len, 4+2+ticket_len);
- if (!bufel)
- {
- gnutls_assert ();
- gnutls_free (ticket.encrypted_state);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- data = _mbuffer_get_udata_ptr (bufel);
- p = data;
-
- _gnutls_write_uint32 (session->internals.expire_time, p);
- p += 4;
-
- _gnutls_write_uint16 (ticket_len, p);
- p += 2;
-
- memcpy (p, ticket.key_name, KEY_NAME_SIZE);
- p += KEY_NAME_SIZE;
-
- memcpy (p, ticket.IV, IV_SIZE);
- p += IV_SIZE;
-
- _gnutls_write_uint16 (ticket.encrypted_state_len, p);
- p += 2;
-
- memcpy (p, ticket.encrypted_state, ticket.encrypted_state_len);
- gnutls_free (ticket.encrypted_state);
- p += ticket.encrypted_state_len;
-
- memcpy (p, ticket.mac, MAC_SIZE);
- p += MAC_SIZE;
-
- data_size = p - data;
-
- session->internals.ticket_sent = 1;
- }
- return _gnutls_send_handshake (session, data_size ? bufel : NULL,
- GNUTLS_HANDSHAKE_NEW_SESSION_TICKET);
+ mbuffer_st *bufel = NULL;
+ uint8_t *data = NULL, *p;
+ int data_size = 0;
+ int ret;
+ struct ticket ticket;
+ uint16_t ticket_len;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ uint16_t epoch_saved = session->security_parameters.epoch_write;
+
+ if (again == 0) {
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret < 0)
+ return 0;
+ priv = epriv.ptr;
+
+ if (!priv->session_ticket_renew)
+ return 0;
+
+ /* XXX: Temporarily set write algorithms to be used.
+ _gnutls_write_connection_state_init() does this job, but it also
+ triggers encryption, while NewSessionTicket should not be
+ encrypted in the record layer. */
+ ret =
+ _gnutls_epoch_set_keys(session,
+ session->security_parameters.
+ epoch_next);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ session->security_parameters.epoch_write =
+ session->security_parameters.epoch_next;
+
+ ret = encrypt_ticket(session, priv, &ticket);
+ session->security_parameters.epoch_write = epoch_saved;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ticket_len =
+ KEY_NAME_SIZE + IV_SIZE + 2 +
+ ticket.encrypted_state_len + MAC_SIZE;
+
+ bufel =
+ _gnutls_handshake_alloc(session, 4 + 2 + ticket_len,
+ 4 + 2 + ticket_len);
+ if (!bufel) {
+ gnutls_assert();
+ gnutls_free(ticket.encrypted_state);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ data = _mbuffer_get_udata_ptr(bufel);
+ p = data;
+
+ _gnutls_write_uint32(session->internals.expire_time, p);
+ p += 4;
+
+ _gnutls_write_uint16(ticket_len, p);
+ p += 2;
+
+ memcpy(p, ticket.key_name, KEY_NAME_SIZE);
+ p += KEY_NAME_SIZE;
+
+ memcpy(p, ticket.IV, IV_SIZE);
+ p += IV_SIZE;
+
+ _gnutls_write_uint16(ticket.encrypted_state_len, p);
+ p += 2;
+
+ memcpy(p, ticket.encrypted_state,
+ ticket.encrypted_state_len);
+ gnutls_free(ticket.encrypted_state);
+ p += ticket.encrypted_state_len;
+
+ memcpy(p, ticket.mac, MAC_SIZE);
+ p += MAC_SIZE;
+
+ data_size = p - data;
+
+ session->internals.ticket_sent = 1;
+ }
+ return _gnutls_send_handshake(session, data_size ? bufel : NULL,
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET);
}
-int
-_gnutls_recv_new_session_ticket (gnutls_session_t session)
+int _gnutls_recv_new_session_ticket(gnutls_session_t session)
{
- uint8_t *p;
- int data_size;
- gnutls_buffer_st buf;
- uint16_t ticket_len;
- int ret;
- session_ticket_ext_st *priv = NULL;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return 0;
- }
- priv = epriv.ptr;
-
- if (!priv->session_ticket_renew)
- return 0;
-
- ret = _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
- 0, &buf);
- if (ret < 0)
- return gnutls_assert_val_fatal(ret);
-
- p = buf.data;
- data_size = buf.length;
-
- DECR_LENGTH_COM (data_size, 4, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
- /* skip over lifetime hint */
- p += 4;
-
- DECR_LENGTH_COM (data_size, 2, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
- ticket_len = _gnutls_read_uint16 (p);
- p += 2;
-
- DECR_LENGTH_COM (data_size, ticket_len, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
- priv->session_ticket = gnutls_realloc_fast (priv->session_ticket, ticket_len);
- if (!priv->session_ticket)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
- memcpy (priv->session_ticket, p, ticket_len);
- priv->session_ticket_len = ticket_len;
-
- /* Discard the current session ID. (RFC5077 3.4) */
- ret = _gnutls_generate_session_id (session->security_parameters.session_id,
- &session->
- security_parameters.session_id_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (priv->session_ticket);
- priv->session_ticket = NULL;
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto error;
- }
- ret = 0;
-
-error:
- _gnutls_buffer_clear (&buf);
-
- return ret;
+ uint8_t *p;
+ int data_size;
+ gnutls_buffer_st buf;
+ uint16_t ticket_len;
+ int ret;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ if (!priv->session_ticket_renew)
+ return 0;
+
+ ret = _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
+ 0, &buf);
+ if (ret < 0)
+ return gnutls_assert_val_fatal(ret);
+
+ p = buf.data;
+ data_size = buf.length;
+
+ DECR_LENGTH_COM(data_size, 4, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+ /* skip over lifetime hint */
+ p += 4;
+
+ DECR_LENGTH_COM(data_size, 2, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+ ticket_len = _gnutls_read_uint16(p);
+ p += 2;
+
+ DECR_LENGTH_COM(data_size, ticket_len, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+ priv->session_ticket =
+ gnutls_realloc_fast(priv->session_ticket, ticket_len);
+ if (!priv->session_ticket) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+ memcpy(priv->session_ticket, p, ticket_len);
+ priv->session_ticket_len = ticket_len;
+
+ /* Discard the current session ID. (RFC5077 3.4) */
+ ret =
+ _gnutls_generate_session_id(session->security_parameters.
+ session_id,
+ &session->security_parameters.
+ session_id_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(priv->session_ticket);
+ priv->session_ticket = NULL;
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto error;
+ }
+ ret = 0;
+
+ error:
+ _gnutls_buffer_clear(&buf);
+
+ return ret;
}
diff --git a/lib/ext/session_ticket.h b/lib/ext/session_ticket.h
index bf10a9f054..8c76a7a271 100644
--- a/lib/ext/session_ticket.h
+++ b/lib/ext/session_ticket.h
@@ -27,7 +27,7 @@
extern extension_entry_st ext_mod_session_ticket;
-int _gnutls_send_new_session_ticket (gnutls_session_t session, int again);
-int _gnutls_recv_new_session_ticket (gnutls_session_t session);
+int _gnutls_send_new_session_ticket(gnutls_session_t session, int again);
+int _gnutls_recv_new_session_ticket(gnutls_session_t session);
#endif
diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index 69ce76f1d4..799a08aaf1 100644
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -34,78 +34,85 @@
#include <algorithms.h>
#include <abstract_int.h>
-static int _gnutls_signature_algorithm_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_signature_algorithm_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata);
-static void signature_algorithms_deinit_data (extension_priv_data_t priv);
-static int signature_algorithms_pack (extension_priv_data_t epriv,
- gnutls_buffer_st * ps);
-static int signature_algorithms_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
+static int _gnutls_signature_algorithm_recv_params(gnutls_session_t
+ session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_signature_algorithm_send_params(gnutls_session_t
+ session,
+ gnutls_buffer_st *
+ extdata);
+static void signature_algorithms_deinit_data(extension_priv_data_t priv);
+static int signature_algorithms_pack(extension_priv_data_t epriv,
+ gnutls_buffer_st * ps);
+static int signature_algorithms_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
extension_entry_st ext_mod_sig = {
- .name = "SIGNATURE ALGORITHMS",
- .type = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_signature_algorithm_recv_params,
- .send_func = _gnutls_signature_algorithm_send_params,
- .pack_func = signature_algorithms_pack,
- .unpack_func = signature_algorithms_unpack,
- .deinit_func = signature_algorithms_deinit_data,
+ .name = "SIGNATURE ALGORITHMS",
+ .type = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_signature_algorithm_recv_params,
+ .send_func = _gnutls_signature_algorithm_send_params,
+ .pack_func = signature_algorithms_pack,
+ .unpack_func = signature_algorithms_unpack,
+ .deinit_func = signature_algorithms_deinit_data,
};
-typedef struct
-{
- /* TLS 1.2 signature algorithms */
- gnutls_sign_algorithm_t sign_algorithms[MAX_SIGNATURE_ALGORITHMS];
- uint16_t sign_algorithms_size;
+typedef struct {
+ /* TLS 1.2 signature algorithms */
+ gnutls_sign_algorithm_t sign_algorithms[MAX_SIGNATURE_ALGORITHMS];
+ uint16_t sign_algorithms_size;
} sig_ext_st;
/* generates a SignatureAndHashAlgorithm structure with length as prefix
* by using the setup priorities.
*/
int
-_gnutls_sign_algorithm_write_params (gnutls_session_t session, uint8_t * data,
- size_t max_data_size)
+_gnutls_sign_algorithm_write_params(gnutls_session_t session,
+ uint8_t * data, size_t max_data_size)
{
- uint8_t *p = data, *len_p;
- unsigned int len, i, j;
- const sign_algorithm_st *aid;
-
- if (max_data_size < (session->internals.priorities.sign_algo.algorithms*2) + 2)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- len = 0;
- len_p = p;
-
- p += 2;
-
- for (i = j = 0; j < session->internals.priorities.sign_algo.algorithms; i += 2, j++)
- {
- aid =
- _gnutls_sign_to_tls_aid (session->internals.priorities.
- sign_algo.priority[j]);
-
- if (aid == NULL)
- continue;
-
- _gnutls_handshake_log ("EXT[%p]: sent signature algo (%d.%d) %s\n", session, aid->hash_algorithm,
- aid->sign_algorithm, gnutls_sign_get_name(session->internals.priorities.sign_algo.priority[j]));
- *p = aid->hash_algorithm;
- p++;
- *p = aid->sign_algorithm;
- p++;
- len+=2;
- }
-
- _gnutls_write_uint16 (len, len_p);
- return len + 2;
+ uint8_t *p = data, *len_p;
+ unsigned int len, i, j;
+ const sign_algorithm_st *aid;
+
+ if (max_data_size <
+ (session->internals.priorities.sign_algo.algorithms * 2) + 2) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ len = 0;
+ len_p = p;
+
+ p += 2;
+
+ for (i = j = 0;
+ j < session->internals.priorities.sign_algo.algorithms;
+ i += 2, j++) {
+ aid =
+ _gnutls_sign_to_tls_aid(session->internals.
+ priorities.sign_algo.
+ priority[j]);
+
+ if (aid == NULL)
+ continue;
+
+ _gnutls_handshake_log
+ ("EXT[%p]: sent signature algo (%d.%d) %s\n", session,
+ aid->hash_algorithm, aid->sign_algorithm,
+ gnutls_sign_get_name(session->internals.priorities.
+ sign_algo.priority[j]));
+ *p = aid->hash_algorithm;
+ p++;
+ *p = aid->sign_algorithm;
+ p++;
+ len += 2;
+ }
+
+ _gnutls_write_uint16(len, len_p);
+ return len + 2;
}
@@ -113,45 +120,48 @@ _gnutls_sign_algorithm_write_params (gnutls_session_t session, uint8_t * data,
* session->security_parameters.extensions.
*/
int
-_gnutls_sign_algorithm_parse_data (gnutls_session_t session,
- const uint8_t * data, size_t data_size)
+_gnutls_sign_algorithm_parse_data(gnutls_session_t session,
+ const uint8_t * data, size_t data_size)
{
- unsigned int sig, i;
- sig_ext_st *priv;
- extension_priv_data_t epriv;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (i = 0; i < data_size; i += 2)
- {
- sign_algorithm_st aid;
-
- aid.hash_algorithm = data[i];
- aid.sign_algorithm = data[i + 1];
-
- sig = _gnutls_tls_aid_to_sign (&aid);
-
- _gnutls_handshake_log ("EXT[%p]: rcvd signature algo (%d.%d) %s\n", session, aid.hash_algorithm,
- aid.sign_algorithm, gnutls_sign_get_name(sig));
-
- if (sig != GNUTLS_SIGN_UNKNOWN)
- {
- priv->sign_algorithms[priv->sign_algorithms_size++] = sig;
- if (priv->sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS)
- break;
- }
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv);
-
- return 0;
+ unsigned int sig, i;
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < data_size; i += 2) {
+ sign_algorithm_st aid;
+
+ aid.hash_algorithm = data[i];
+ aid.sign_algorithm = data[i + 1];
+
+ sig = _gnutls_tls_aid_to_sign(&aid);
+
+ _gnutls_handshake_log
+ ("EXT[%p]: rcvd signature algo (%d.%d) %s\n", session,
+ aid.hash_algorithm, aid.sign_algorithm,
+ gnutls_sign_get_name(sig));
+
+ if (sig != GNUTLS_SIGN_UNKNOWN) {
+ priv->sign_algorithms[priv->
+ sign_algorithms_size++] =
+ sig;
+ if (priv->sign_algorithms_size ==
+ MAX_SIGNATURE_ALGORITHMS)
+ break;
+ }
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ epriv);
+
+ return 0;
}
/*
@@ -164,131 +174,131 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session,
*/
static int
-_gnutls_signature_algorithm_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t _data_size)
+_gnutls_signature_algorithm_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t _data_size)
{
- ssize_t data_size = _data_size;
- int ret;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- /* nothing for now */
- gnutls_assert ();
- /* Although TLS 1.2 mandates that we must not accept reply
- * to this message, there are good reasons to just ignore it. Check
- * http://www.ietf.org/mail-archive/web/tls/current/msg03880.html
- */
- /* return GNUTLS_E_UNEXPECTED_PACKET; */
- }
- else
- {
- /* SERVER SIDE - we must check if the sent cert type is the right one
- */
- if (data_size > 2)
- {
- uint16_t len;
-
- DECR_LEN (data_size, 2);
- len = _gnutls_read_uint16 (data);
- DECR_LEN (data_size, len);
-
- ret = _gnutls_sign_algorithm_parse_data (session, data + 2, len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- }
-
- return 0;
+ ssize_t data_size = _data_size;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ /* nothing for now */
+ gnutls_assert();
+ /* Although TLS 1.2 mandates that we must not accept reply
+ * to this message, there are good reasons to just ignore it. Check
+ * http://www.ietf.org/mail-archive/web/tls/current/msg03880.html
+ */
+ /* return GNUTLS_E_UNEXPECTED_PACKET; */
+ } else {
+ /* SERVER SIDE - we must check if the sent cert type is the right one
+ */
+ if (data_size > 2) {
+ uint16_t len;
+
+ DECR_LEN(data_size, 2);
+ len = _gnutls_read_uint16(data);
+ DECR_LEN(data_size, len);
+
+ ret =
+ _gnutls_sign_algorithm_parse_data(session,
+ data + 2,
+ len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
static int
-_gnutls_signature_algorithm_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata)
+_gnutls_signature_algorithm_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- int ret;
- size_t init_length = extdata->length;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* this function sends the client extension data */
- if (session->security_parameters.entity == GNUTLS_CLIENT
- && _gnutls_version_has_selectable_sighash (ver))
- {
- if (session->internals.priorities.sign_algo.algorithms > 0)
- {
- uint8_t p[MAX_SIGN_ALGO_SIZE];
-
- ret =
- _gnutls_sign_algorithm_write_params (session, p, sizeof(p));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_buffer_append_data(extdata, p, ret);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return extdata->length - init_length;
- }
- }
-
- /* if we are here it means we don't send the extension */
- return 0;
+ int ret;
+ size_t init_length = extdata->length;
+ const version_entry_st *ver = get_version(session);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* this function sends the client extension data */
+ if (session->security_parameters.entity == GNUTLS_CLIENT
+ && _gnutls_version_has_selectable_sighash(ver)) {
+ if (session->internals.priorities.sign_algo.algorithms > 0) {
+ uint8_t p[MAX_SIGN_ALGO_SIZE];
+
+ ret =
+ _gnutls_sign_algorithm_write_params(session, p,
+ sizeof(p));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_buffer_append_data(extdata, p, ret);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return extdata->length - init_length;
+ }
+ }
+
+ /* if we are here it means we don't send the extension */
+ return 0;
}
/* Returns a requested by the peer signature algorithm that
* matches the given certificate's public key algorithm.
*/
gnutls_sign_algorithm_t
-_gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pcert_st* cert)
+_gnutls_session_get_sign_algo(gnutls_session_t session,
+ gnutls_pcert_st * cert)
{
- unsigned i;
- int ret;
- const version_entry_st* ver = get_version (session);
- sig_ext_st *priv;
- extension_priv_data_t epriv;
- unsigned int cert_algo;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- cert_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
-
- ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
- priv = epriv.ptr;
-
- if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver)
- || priv->sign_algorithms_size == 0)
- /* none set, allow SHA-1 only */
- {
- return gnutls_pk_to_sign (cert_algo, GNUTLS_DIG_SHA1);
- }
-
- for (i = 0; i < priv->sign_algorithms_size; i++)
- {
- if (gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == cert_algo)
- {
- if (_gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver, priv->sign_algorithms[i]) < 0)
- continue;
-
- if (_gnutls_session_sign_algo_enabled(session, priv->sign_algorithms[i]) < 0)
- continue;
-
- return priv->sign_algorithms[i];
- }
- }
-
- return GNUTLS_SIGN_UNKNOWN;
+ unsigned i;
+ int ret;
+ const version_entry_st *ver = get_version(session);
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+ unsigned int cert_algo;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ cert_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
+ priv = epriv.ptr;
+
+ if (ret < 0 || !_gnutls_version_has_selectable_sighash(ver)
+ || priv->sign_algorithms_size == 0)
+ /* none set, allow SHA-1 only */
+ {
+ return gnutls_pk_to_sign(cert_algo, GNUTLS_DIG_SHA1);
+ }
+
+ for (i = 0; i < priv->sign_algorithms_size; i++) {
+ if (gnutls_sign_get_pk_algorithm(priv->sign_algorithms[i])
+ == cert_algo) {
+ if (_gnutls_pubkey_compatible_with_sig
+ (session, cert->pubkey, ver,
+ priv->sign_algorithms[i]) < 0)
+ continue;
+
+ if (_gnutls_session_sign_algo_enabled
+ (session, priv->sign_algorithms[i]) < 0)
+ continue;
+
+ return priv->sign_algorithms[i];
+ }
+ }
+
+ return GNUTLS_SIGN_UNKNOWN;
}
/* Check if the given signature algorithm is supported.
@@ -296,96 +306,92 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pcert_st* cert)
* and in case of a server a matching certificate exists.
*/
int
-_gnutls_session_sign_algo_enabled (gnutls_session_t session,
- gnutls_sign_algorithm_t sig)
+_gnutls_session_sign_algo_enabled(gnutls_session_t session,
+ gnutls_sign_algorithm_t sig)
{
- unsigned i;
- int ret;
- const version_entry_st* ver = get_version (session);
- sig_ext_st *priv;
- extension_priv_data_t epriv;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return 0;
- }
- priv = epriv.ptr;
-
- if (!_gnutls_version_has_selectable_sighash (ver)
- || priv->sign_algorithms_size == 0)
- /* none set, allow all */
- {
- return 0;
- }
-
- for (i = 0; i < session->internals.priorities.sign_algo.algorithms; i++)
- {
- if (session->internals.priorities.sign_algo.priority[i] == sig)
- {
- return 0; /* ok */
- }
- }
-
- return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ unsigned i;
+ int ret;
+ const version_entry_st *ver = get_version(session);
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ if (!_gnutls_version_has_selectable_sighash(ver)
+ || priv->sign_algorithms_size == 0)
+ /* none set, allow all */
+ {
+ return 0;
+ }
+
+ for (i = 0; i < session->internals.priorities.sign_algo.algorithms;
+ i++) {
+ if (session->internals.priorities.sign_algo.priority[i] ==
+ sig) {
+ return 0; /* ok */
+ }
+ }
+
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
-static void
-signature_algorithms_deinit_data (extension_priv_data_t priv)
+static void signature_algorithms_deinit_data(extension_priv_data_t priv)
{
- gnutls_free (priv.ptr);
+ gnutls_free(priv.ptr);
}
static int
-signature_algorithms_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+signature_algorithms_pack(extension_priv_data_t epriv,
+ gnutls_buffer_st * ps)
{
- sig_ext_st *priv = epriv.ptr;
- int ret, i;
-
- BUFFER_APPEND_NUM (ps, priv->sign_algorithms_size);
- for (i = 0; i < priv->sign_algorithms_size; i++)
- {
- BUFFER_APPEND_NUM (ps, priv->sign_algorithms[i]);
- }
- return 0;
+ sig_ext_st *priv = epriv.ptr;
+ int ret, i;
+
+ BUFFER_APPEND_NUM(ps, priv->sign_algorithms_size);
+ for (i = 0; i < priv->sign_algorithms_size; i++) {
+ BUFFER_APPEND_NUM(ps, priv->sign_algorithms[i]);
+ }
+ return 0;
}
static int
-signature_algorithms_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+signature_algorithms_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
{
- sig_ext_st *priv;
- int i, ret;
- extension_priv_data_t epriv;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_NUM (ps, priv->sign_algorithms_size);
- for (i = 0; i < priv->sign_algorithms_size; i++)
- {
- BUFFER_POP_NUM (ps, priv->sign_algorithms[i]);
- }
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- gnutls_free (priv);
- return ret;
+ sig_ext_st *priv;
+ int i, ret;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_NUM(ps, priv->sign_algorithms_size);
+ for (i = 0; i < priv->sign_algorithms_size; i++) {
+ BUFFER_POP_NUM(ps, priv->sign_algorithms[i]);
+ }
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ gnutls_free(priv);
+ return ret;
}
@@ -412,42 +418,38 @@ error:
* Since: 2.10.0
**/
int
-gnutls_sign_algorithm_get_requested (gnutls_session_t session,
- size_t indx,
- gnutls_sign_algorithm_t * algo)
+gnutls_sign_algorithm_get_requested(gnutls_session_t session,
+ size_t indx,
+ gnutls_sign_algorithm_t * algo)
{
- const version_entry_st* ver = get_version (session);
- sig_ext_st *priv;
- extension_priv_data_t epriv;
- int ret;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- priv = epriv.ptr;
-
- if (!_gnutls_version_has_selectable_sighash (ver)
- || priv->sign_algorithms_size == 0)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (indx < priv->sign_algorithms_size)
- {
- *algo = priv->sign_algorithms[indx];
- return 0;
- }
- else
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ const version_entry_st *ver = get_version(session);
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+ int ret;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ priv = epriv.ptr;
+
+ if (!_gnutls_version_has_selectable_sighash(ver)
+ || priv->sign_algorithms_size == 0) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (indx < priv->sign_algorithms_size) {
+ *algo = priv->sign_algorithms[indx];
+ return 0;
+ } else
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
/**
@@ -461,10 +463,9 @@ gnutls_sign_algorithm_get_requested (gnutls_session_t session,
*
* Since: 3.1.1
**/
-int
-gnutls_sign_algorithm_get (gnutls_session_t session)
+int gnutls_sign_algorithm_get(gnutls_session_t session)
{
- return session->security_parameters.server_sign_algo;
+ return session->security_parameters.server_sign_algo;
}
/**
@@ -478,8 +479,7 @@ gnutls_sign_algorithm_get (gnutls_session_t session)
*
* Since: 3.1.11
**/
-int
-gnutls_sign_algorithm_get_client (gnutls_session_t session)
+int gnutls_sign_algorithm_get_client(gnutls_session_t session)
{
- return session->security_parameters.client_sign_algo;
+ return session->security_parameters.client_sign_algo;
}
diff --git a/lib/ext/signature.h b/lib/ext/signature.h
index 55e9540cc2..93858ef725 100644
--- a/lib/ext/signature.h
+++ b/lib/ext/signature.h
@@ -30,23 +30,28 @@
extern extension_entry_st ext_mod_sig;
gnutls_sign_algorithm_t
-_gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pcert_st* cert);
-int _gnutls_sign_algorithm_parse_data (gnutls_session_t session,
- const uint8_t * data, size_t data_size);
-int _gnutls_sign_algorithm_write_params (gnutls_session_t session,
- uint8_t * data, size_t max_data_size);
-int _gnutls_session_sign_algo_enabled (gnutls_session_t session,
- gnutls_sign_algorithm_t sig);
+_gnutls_session_get_sign_algo(gnutls_session_t session,
+ gnutls_pcert_st * cert);
+int _gnutls_sign_algorithm_parse_data(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+int _gnutls_sign_algorithm_write_params(gnutls_session_t session,
+ uint8_t * data,
+ size_t max_data_size);
+int _gnutls_session_sign_algo_enabled(gnutls_session_t session,
+ gnutls_sign_algorithm_t sig);
-static inline void
-gnutls_sign_algorithm_set_server (gnutls_session_t session, gnutls_sign_algorithm_t sign)
+static inline void
+gnutls_sign_algorithm_set_server(gnutls_session_t session,
+ gnutls_sign_algorithm_t sign)
{
- session->security_parameters.server_sign_algo = sign;
+ session->security_parameters.server_sign_algo = sign;
}
-static inline void
-gnutls_sign_algorithm_set_client (gnutls_session_t session, gnutls_sign_algorithm_t sign)
+static inline void
+gnutls_sign_algorithm_set_client(gnutls_session_t session,
+ gnutls_sign_algorithm_t sign)
{
- session->security_parameters.client_sign_algo = sign;
+ session->security_parameters.client_sign_algo = sign;
}
#endif
diff --git a/lib/ext/srp.c b/lib/ext/srp.c
index 403abd8d72..7dd98df74e 100644
--- a/lib/ext/srp.c
+++ b/lib/ext/srp.c
@@ -32,238 +32,237 @@
#include <gnutls_num.h>
#include <gnutls_extensions.h>
-static int _gnutls_srp_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int _gnutls_srp_pack (extension_priv_data_t epriv,
- gnutls_buffer_st * ps);
-static void _gnutls_srp_deinit_data (extension_priv_data_t epriv);
-static int _gnutls_srp_recv_params (gnutls_session_t state,
- const uint8_t * data, size_t data_size);
-static int _gnutls_srp_send_params (gnutls_session_t state, gnutls_buffer_st * extdata);
+static int _gnutls_srp_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_srp_pack(extension_priv_data_t epriv,
+ gnutls_buffer_st * ps);
+static void _gnutls_srp_deinit_data(extension_priv_data_t epriv);
+static int _gnutls_srp_recv_params(gnutls_session_t state,
+ const uint8_t * data, size_t data_size);
+static int _gnutls_srp_send_params(gnutls_session_t state,
+ gnutls_buffer_st * extdata);
extension_entry_st ext_mod_srp = {
- .name = "SRP",
- .type = GNUTLS_EXTENSION_SRP,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = _gnutls_srp_recv_params,
- .send_func = _gnutls_srp_send_params,
- .pack_func = _gnutls_srp_pack,
- .unpack_func = _gnutls_srp_unpack,
- .deinit_func = _gnutls_srp_deinit_data
+ .name = "SRP",
+ .type = GNUTLS_EXTENSION_SRP,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_srp_recv_params,
+ .send_func = _gnutls_srp_send_params,
+ .pack_func = _gnutls_srp_pack,
+ .unpack_func = _gnutls_srp_unpack,
+ .deinit_func = _gnutls_srp_deinit_data
};
static int
-_gnutls_srp_recv_params (gnutls_session_t session, const uint8_t * data,
- size_t _data_size)
+_gnutls_srp_recv_params(gnutls_session_t session, const uint8_t * data,
+ size_t _data_size)
{
- uint8_t len;
- ssize_t data_size = _data_size;
- extension_priv_data_t epriv;
- srp_ext_st *priv;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (data_size > 0)
- {
- len = data[0];
- DECR_LEN (data_size, len);
-
- if (MAX_USERNAME_SIZE < len)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- priv->username = gnutls_malloc (len + 1);
- if (priv->username)
- {
- memcpy (priv->username, &data[1], len);
- /* null terminated */
- priv->username[len] = 0;
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
- }
- }
- return 0;
+ uint8_t len;
+ ssize_t data_size = _data_size;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (data_size > 0) {
+ len = data[0];
+ DECR_LEN(data_size, len);
+
+ if (MAX_USERNAME_SIZE < len) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ priv->username = gnutls_malloc(len + 1);
+ if (priv->username) {
+ memcpy(priv->username, &data[1], len);
+ /* null terminated */
+ priv->username[len] = 0;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRP,
+ epriv);
+ }
+ }
+ return 0;
}
/* returns data_size or a negative number on failure
* data is allocated locally
*/
static int
-_gnutls_srp_send_params (gnutls_session_t session,
- gnutls_buffer_st * extdata)
+_gnutls_srp_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- unsigned len;
- int ret;
- extension_priv_data_t epriv;
- srp_ext_st *priv = NULL;
- char *username = NULL, *password = NULL;
-
- if (_gnutls_kx_priority (session, GNUTLS_KX_SRP) < 0 &&
- _gnutls_kx_priority (session, GNUTLS_KX_SRP_DSS) < 0 &&
- _gnutls_kx_priority (session, GNUTLS_KX_SRP_RSA) < 0)
- {
- /* algorithm was not allowed in this session
- */
- return 0;
- }
-
- /* this function sends the client extension data (username) */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- gnutls_srp_client_credentials_t cred = (gnutls_srp_client_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL);
-
- if (cred == NULL)
- return 0;
-
- priv = gnutls_malloc (sizeof (*priv));
- if (priv == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- if (cred->username != NULL)
- { /* send username */
- len = MIN (strlen (cred->username), 255);
-
- ret = _gnutls_buffer_append_data_prefix(extdata, 8, cred->username, len);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- priv->username = strdup(cred->username);
- if (priv->username == NULL)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- priv->password = strdup(cred->password);
- if (priv->password == NULL)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
-
- return len + 1;
- }
- else if (cred->get_function != NULL)
- {
- /* Try the callback
- */
-
- if (cred->get_function (session, &username, &password) < 0
- || username == NULL || password == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
-
- len = MIN (strlen (username), 255);
-
- priv->username = username;
- priv->password = password;
-
- ret = _gnutls_buffer_append_data_prefix(extdata, 8, username, len);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
-
- return len + 1;
- }
- }
- return 0;
-
-cleanup:
- gnutls_free (username);
- gnutls_free (password);
- gnutls_free (priv);
-
- return ret;
+ unsigned len;
+ int ret;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv = NULL;
+ char *username = NULL, *password = NULL;
+
+ if (_gnutls_kx_priority(session, GNUTLS_KX_SRP) < 0 &&
+ _gnutls_kx_priority(session, GNUTLS_KX_SRP_DSS) < 0 &&
+ _gnutls_kx_priority(session, GNUTLS_KX_SRP_RSA) < 0) {
+ /* algorithm was not allowed in this session
+ */
+ return 0;
+ }
+
+ /* this function sends the client extension data (username) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ gnutls_srp_client_credentials_t cred =
+ (gnutls_srp_client_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_SRP, NULL);
+
+ if (cred == NULL)
+ return 0;
+
+ priv = gnutls_malloc(sizeof(*priv));
+ if (priv == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ if (cred->username != NULL) { /* send username */
+ len = MIN(strlen(cred->username), 255);
+
+ ret =
+ _gnutls_buffer_append_data_prefix(extdata, 8,
+ cred->
+ username,
+ len);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ priv->username = strdup(cred->username);
+ if (priv->username == NULL) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ priv->password = strdup(cred->password);
+ if (priv->password == NULL) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRP,
+ epriv);
+
+ return len + 1;
+ } else if (cred->get_function != NULL) {
+ /* Try the callback
+ */
+
+ if (cred->
+ get_function(session, &username, &password) < 0
+ || username == NULL || password == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ len = MIN(strlen(username), 255);
+
+ priv->username = username;
+ priv->password = password;
+
+ ret =
+ _gnutls_buffer_append_data_prefix(extdata, 8,
+ username,
+ len);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRP,
+ epriv);
+
+ return len + 1;
+ }
+ }
+ return 0;
+
+ cleanup:
+ gnutls_free(username);
+ gnutls_free(password);
+ gnutls_free(priv);
+
+ return ret;
}
-static void
-_gnutls_srp_deinit_data (extension_priv_data_t epriv)
+static void _gnutls_srp_deinit_data(extension_priv_data_t epriv)
{
- srp_ext_st *priv = epriv.ptr;
+ srp_ext_st *priv = epriv.ptr;
- gnutls_free (priv->username);
- gnutls_free (priv->password);
- gnutls_free (priv);
+ gnutls_free(priv->username);
+ gnutls_free(priv->password);
+ gnutls_free(priv);
}
static int
-_gnutls_srp_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_srp_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- srp_ext_st *priv = epriv.ptr;
- int ret;
- int password_len = 0, username_len = 0;
+ srp_ext_st *priv = epriv.ptr;
+ int ret;
+ int password_len = 0, username_len = 0;
- if (priv->username)
- username_len = strlen (priv->username);
+ if (priv->username)
+ username_len = strlen(priv->username);
- if (priv->password)
- password_len = strlen (priv->password);
+ if (priv->password)
+ password_len = strlen(priv->password);
- BUFFER_APPEND_PFX4 (ps, priv->username, username_len);
- BUFFER_APPEND_PFX4 (ps, priv->password, password_len);
+ BUFFER_APPEND_PFX4(ps, priv->username, username_len);
+ BUFFER_APPEND_PFX4(ps, priv->password, password_len);
- return 0;
+ return 0;
}
static int
-_gnutls_srp_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv)
+_gnutls_srp_unpack(gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
- srp_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
- gnutls_datum_t username = { NULL, 0 };
- gnutls_datum_t password = { NULL, 0 };
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_DATUM (ps, &username);
- BUFFER_POP_DATUM (ps, &password);
-
- priv->username = (char*)username.data;
- priv->password = (char*)password.data;
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- _gnutls_free_datum (&username);
- _gnutls_free_datum (&password);
- return ret;
+ srp_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+ gnutls_datum_t username = { NULL, 0 };
+ gnutls_datum_t password = { NULL, 0 };
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_DATUM(ps, &username);
+ BUFFER_POP_DATUM(ps, &password);
+
+ priv->username = (char *) username.data;
+ priv->password = (char *) password.data;
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ _gnutls_free_datum(&username);
+ _gnutls_free_datum(&password);
+ return ret;
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/ext/srp.h b/lib/ext/srp.h
index 432dbc8c3c..77e275dfc1 100644
--- a/lib/ext/srp.h
+++ b/lib/ext/srp.h
@@ -32,10 +32,9 @@
extern extension_entry_st ext_mod_srp;
-typedef struct
-{
- char *username;
- char *password;
+typedef struct {
+ char *username;
+ char *password;
} srp_ext_st;
#endif
diff --git a/lib/ext/srtp.c b/lib/ext/srtp.c
index 0953da4d45..bb21f60850 100644
--- a/lib/ext/srtp.c
+++ b/lib/ext/srtp.c
@@ -26,100 +26,89 @@
#include "gnutls_num.h"
#include <ext/srtp.h>
-static int _gnutls_srtp_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
-static int _gnutls_srtp_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata);
+static int _gnutls_srtp_recv_params(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size);
+static int _gnutls_srtp_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata);
-static int _gnutls_srtp_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv);
-static int _gnutls_srtp_pack (extension_priv_data_t _priv,
- gnutls_buffer_st * ps);
-static void _gnutls_srtp_deinit_data (extension_priv_data_t priv);
+static int _gnutls_srtp_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_srtp_pack(extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void _gnutls_srtp_deinit_data(extension_priv_data_t priv);
extension_entry_st ext_mod_srtp = {
- .name = "SRTP",
- .type = GNUTLS_EXTENSION_SRTP,
- .parse_type = GNUTLS_EXT_APPLICATION,
-
- .recv_func = _gnutls_srtp_recv_params,
- .send_func = _gnutls_srtp_send_params,
- .pack_func = _gnutls_srtp_pack,
- .unpack_func = _gnutls_srtp_unpack,
- .deinit_func = _gnutls_srtp_deinit_data,
+ .name = "SRTP",
+ .type = GNUTLS_EXTENSION_SRTP,
+ .parse_type = GNUTLS_EXT_APPLICATION,
+
+ .recv_func = _gnutls_srtp_recv_params,
+ .send_func = _gnutls_srtp_send_params,
+ .pack_func = _gnutls_srtp_pack,
+ .unpack_func = _gnutls_srtp_unpack,
+ .deinit_func = _gnutls_srtp_deinit_data,
};
-typedef struct
-{
- const char *name;
- gnutls_srtp_profile_t id;
- unsigned int key_length;
- unsigned int salt_length;
+typedef struct {
+ const char *name;
+ gnutls_srtp_profile_t id;
+ unsigned int key_length;
+ unsigned int salt_length;
} srtp_profile_st;
static const srtp_profile_st profile_names[] = {
- {
- "SRTP_AES128_CM_HMAC_SHA1_80",
- GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80,
- 16,14
- },
- {
- "SRTP_AES128_CM_HMAC_SHA1_32",
- GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32,
- 16,14
- },
- {
- "SRTP_NULL_HMAC_SHA1_80",
- GNUTLS_SRTP_NULL_HMAC_SHA1_80,
- 16,14
- },
- {
- "SRTP_NULL_SHA1_32",
- GNUTLS_SRTP_NULL_HMAC_SHA1_32,
- 16,14
- },
- {
- NULL,
- 0,0,0
- }
+ {
+ "SRTP_AES128_CM_HMAC_SHA1_80",
+ GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80,
+ 16, 14},
+ {
+ "SRTP_AES128_CM_HMAC_SHA1_32",
+ GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32,
+ 16, 14},
+ {
+ "SRTP_NULL_HMAC_SHA1_80",
+ GNUTLS_SRTP_NULL_HMAC_SHA1_80,
+ 16, 14},
+ {
+ "SRTP_NULL_SHA1_32",
+ GNUTLS_SRTP_NULL_HMAC_SHA1_32,
+ 16, 14},
+ {
+ NULL,
+ 0, 0, 0}
};
-static const srtp_profile_st *get_profile (gnutls_srtp_profile_t profile)
+static const srtp_profile_st *get_profile(gnutls_srtp_profile_t profile)
{
- const srtp_profile_st *p = profile_names;
- while (p->name != NULL)
- {
- if (p->id == profile)
- return p;
- p++;
- }
- return NULL;
+ const srtp_profile_st *p = profile_names;
+ while (p->name != NULL) {
+ if (p->id == profile)
+ return p;
+ p++;
+ }
+ return NULL;
}
-static gnutls_srtp_profile_t find_profile (const char *str, const char *end)
+static gnutls_srtp_profile_t find_profile(const char *str, const char *end)
{
- const srtp_profile_st *prof = profile_names;
- unsigned int len;
- if (end != NULL)
- {
- len = end - str;
- }
- else
- {
- len = strlen (str);
- }
-
- while (prof->name != NULL)
- {
- if (strlen (prof->name) == len && !strncmp (str, prof->name, len))
- {
- return prof->id;
- }
- prof++;
- }
- return 0;
+ const srtp_profile_st *prof = profile_names;
+ unsigned int len;
+ if (end != NULL) {
+ len = end - str;
+ } else {
+ len = strlen(str);
+ }
+
+ while (prof->name != NULL) {
+ if (strlen(prof->name) == len
+ && !strncmp(str, prof->name, len)) {
+ return prof->id;
+ }
+ prof++;
+ }
+ return 0;
}
/**
@@ -134,15 +123,14 @@ static gnutls_srtp_profile_t find_profile (const char *str, const char *end)
*
* Since 3.1.4
**/
-int gnutls_srtp_get_profile_id (const char *name,
- gnutls_srtp_profile_t *profile)
+int gnutls_srtp_get_profile_id(const char *name,
+ gnutls_srtp_profile_t * profile)
{
- *profile = find_profile (name, NULL);
- if (*profile == 0)
- {
- return GNUTLS_E_ILLEGAL_PARAMETER;
- }
- return 0;
+ *profile = find_profile(name, NULL);
+ if (*profile == 0) {
+ return GNUTLS_E_ILLEGAL_PARAMETER;
+ }
+ return 0;
}
#define MAX_PROFILES_IN_SRTP_EXTENSION 256
@@ -159,144 +147,147 @@ int gnutls_srtp_get_profile_id (const char *name,
*
* Since 3.1.4
**/
-const char *gnutls_srtp_get_profile_name (gnutls_srtp_profile_t profile)
+const char *gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile)
{
- const srtp_profile_st *p = get_profile(profile);
-
- if (p != NULL)
- return p->name;
-
- return NULL;
+ const srtp_profile_st *p = get_profile(profile);
+
+ if (p != NULL)
+ return p->name;
+
+ return NULL;
}
static int
-_gnutls_srtp_recv_params (gnutls_session_t session,
- const uint8_t *data, size_t _data_size)
+_gnutls_srtp_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t _data_size)
{
- unsigned int i;
- int ret;
- const uint8_t *p = data;
- int len;
- ssize_t data_size = _data_size;
- srtp_ext_st *priv;
- extension_priv_data_t epriv;
- uint16_t profile;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- return 0;
-
- priv = epriv.ptr;
-
- DECR_LENGTH_RET (data_size, 2, 0);
- len = _gnutls_read_uint16 (p);
- p += 2;
-
- if (len+1 > data_size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- if (len > MAX_PROFILES_IN_SRTP_EXTENSION*2)
- return 0;
- }
- else
- {
- if (len != 2)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- }
-
- priv->selected_profile = 0;
-
- while (len > 0)
- {
- DECR_LEN (data_size, 2);
- profile = _gnutls_read_uint16 (p);
-
- for (i = 0; i < priv->profiles_size && priv->selected_profile == 0; i++)
- {
- if (priv->profiles[i] == profile)
- {
- priv->selected_profile = profile;
- break;
- }
- }
- p += 2;
- len -= 2;
- }
-
- DECR_LEN (data_size, 1);
- priv->mki_size = *p;
- p++;
-
- if (priv->mki_size > 0)
- {
- DECR_LEN (data_size, priv->mki_size);
- memcpy(priv->mki, p, priv->mki_size);
- priv->mki_received = 1;
- }
-
- return 0;
+ unsigned int i;
+ int ret;
+ const uint8_t *p = data;
+ int len;
+ ssize_t data_size = _data_size;
+ srtp_ext_st *priv;
+ extension_priv_data_t epriv;
+ uint16_t profile;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ priv = epriv.ptr;
+
+ DECR_LENGTH_RET(data_size, 2, 0);
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ if (len + 1 > data_size)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (len > MAX_PROFILES_IN_SRTP_EXTENSION * 2)
+ return 0;
+ } else {
+ if (len != 2)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ }
+
+ priv->selected_profile = 0;
+
+ while (len > 0) {
+ DECR_LEN(data_size, 2);
+ profile = _gnutls_read_uint16(p);
+
+ for (i = 0;
+ i < priv->profiles_size
+ && priv->selected_profile == 0; i++) {
+ if (priv->profiles[i] == profile) {
+ priv->selected_profile = profile;
+ break;
+ }
+ }
+ p += 2;
+ len -= 2;
+ }
+
+ DECR_LEN(data_size, 1);
+ priv->mki_size = *p;
+ p++;
+
+ if (priv->mki_size > 0) {
+ DECR_LEN(data_size, priv->mki_size);
+ memcpy(priv->mki, p, priv->mki_size);
+ priv->mki_received = 1;
+ }
+
+ return 0;
}
static int
-_gnutls_srtp_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata)
+_gnutls_srtp_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- unsigned i;
- int total_size = 0, ret;
- srtp_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- return 0;
-
- priv = epriv.ptr;
-
- if (priv->profiles_size == 0)
- return 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- /* Don't send anything if no matching profile was found */
- if (priv->selected_profile == 0)
- return 0;
-
- ret = _gnutls_buffer_append_prefix(extdata, 16, 2);
- if (ret < 0)
- return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_prefix(extdata, 16, priv->selected_profile);
- if (ret < 0)
- return gnutls_assert_val(ret);
- total_size = 4;
- }
- else
- {
- ret = _gnutls_buffer_append_prefix(extdata, 16, 2 * priv->profiles_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- for (i = 0; i < priv->profiles_size; i++)
- {
- ret = _gnutls_buffer_append_prefix(extdata, 16, priv->profiles[i]);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- total_size = 2 + 2 * priv->profiles_size;
- }
-
- /* use_mki */
- ret = _gnutls_buffer_append_data_prefix(extdata, 8, priv->mki, priv->mki_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- total_size += 1 + priv->mki_size;
-
- return total_size;
+ unsigned i;
+ int total_size = 0, ret;
+ srtp_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ priv = epriv.ptr;
+
+ if (priv->profiles_size == 0)
+ return 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ /* Don't send anything if no matching profile was found */
+ if (priv->selected_profile == 0)
+ return 0;
+
+ ret = _gnutls_buffer_append_prefix(extdata, 16, 2);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ priv->selected_profile);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ total_size = 4;
+ } else {
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ 2 * priv->profiles_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < priv->profiles_size; i++) {
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ priv->
+ profiles[i]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ total_size = 2 + 2 * priv->profiles_size;
+ }
+
+ /* use_mki */
+ ret =
+ _gnutls_buffer_append_data_prefix(extdata, 8, priv->mki,
+ priv->mki_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ total_size += 1 + priv->mki_size;
+
+ return total_size;
}
/**
@@ -312,32 +303,30 @@ _gnutls_srtp_send_params (gnutls_session_t session,
* Since 3.1.4
**/
int
-gnutls_srtp_get_selected_profile (gnutls_session_t session,
- gnutls_srtp_profile_t *profile)
+gnutls_srtp_get_selected_profile(gnutls_session_t session,
+ gnutls_srtp_profile_t * profile)
{
- srtp_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
+ srtp_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- priv = epriv.ptr;
+ priv = epriv.ptr;
- if (priv->selected_profile == 0)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (priv->selected_profile == 0) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- *profile = priv->selected_profile;
+ *profile = priv->selected_profile;
- return 0;
+ return 0;
}
/**
@@ -354,29 +343,31 @@ gnutls_srtp_get_selected_profile (gnutls_session_t session,
*
* Since 3.1.4
**/
-int
-gnutls_srtp_get_mki (gnutls_session_t session,
- gnutls_datum_t *mki)
+int gnutls_srtp_get_mki(gnutls_session_t session, gnutls_datum_t * mki)
{
- srtp_ext_st *priv;
- int ret;
- extension_priv_data_t epriv;
+ srtp_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ priv = epriv.ptr;
- priv = epriv.ptr;
+ if (priv->mki_received == 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- if (priv->mki_received == 0)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- mki->data = priv->mki;
- mki->size = priv->mki_size;
+ mki->data = priv->mki;
+ mki->size = priv->mki_size;
- return 0;
+ return 0;
}
/**
@@ -393,40 +384,34 @@ gnutls_srtp_get_mki (gnutls_session_t session,
* Since 3.1.4
**/
int
-gnutls_srtp_set_mki (gnutls_session_t session,
- const gnutls_datum_t *mki)
+gnutls_srtp_set_mki(gnutls_session_t session, const gnutls_datum_t * mki)
{
- int ret;
- srtp_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRTP,
- epriv);
- }
- else
- priv = epriv.ptr;
-
- if (mki->size > 0 && mki->size <= sizeof(priv->mki))
- {
- priv->mki_size = mki->size;
- memcpy(priv->mki, mki->data, mki->size);
- }
- else
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- return 0;
+ int ret;
+ srtp_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRTP, epriv);
+ } else
+ priv = epriv.ptr;
+
+ if (mki->size > 0 && mki->size <= sizeof(priv->mki)) {
+ priv->mki_size = mki->size;
+ memcpy(priv->mki, mki->data, mki->size);
+ } else
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ return 0;
}
/**
@@ -443,36 +428,33 @@ gnutls_srtp_set_mki (gnutls_session_t session,
* Since 3.1.4
**/
int
-gnutls_srtp_set_profile (gnutls_session_t session,
- gnutls_srtp_profile_t profile)
+gnutls_srtp_set_profile(gnutls_session_t session,
+ gnutls_srtp_profile_t profile)
{
- int ret;
- srtp_ext_st *priv;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- {
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRTP,
- epriv);
- }
- else
- priv = epriv.ptr;
-
- if (priv->profiles_size < MAX_SRTP_PROFILES)
- priv->profiles_size++;
- priv->profiles[priv->profiles_size - 1] = profile;
-
- return 0;
+ int ret;
+ srtp_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0) {
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRTP, epriv);
+ } else
+ priv = epriv.ptr;
+
+ if (priv->profiles_size < MAX_SRTP_PROFILES)
+ priv->profiles_size++;
+ priv->profiles[priv->profiles_size - 1] = profile;
+
+ return 0;
}
/**
@@ -491,61 +473,55 @@ gnutls_srtp_set_profile (gnutls_session_t session,
* Since 3.1.4
**/
int
-gnutls_srtp_set_profile_direct (gnutls_session_t session,
- const char *profiles, const char **err_pos)
+gnutls_srtp_set_profile_direct(gnutls_session_t session,
+ const char *profiles, const char **err_pos)
{
- int ret;
- srtp_ext_st *priv;
- extension_priv_data_t epriv;
- int set = 0;
- const char *col;
- gnutls_srtp_profile_t id;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRTP,
- &epriv);
- if (ret < 0)
- {
- set = 1;
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- if (err_pos != NULL)
- *err_pos = profiles;
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- epriv.ptr = priv;
- }
- else
- priv = epriv.ptr;
-
- do
- {
- col = strchr (profiles, ':');
- id = find_profile (profiles, col);
- if (id == 0)
- {
- if (set != 0)
- gnutls_free (priv);
- if (err_pos != NULL)
- *err_pos = profiles;
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (priv->profiles_size < MAX_SRTP_PROFILES)
- {
- priv->profiles_size++;
- }
- priv->profiles[priv->profiles_size - 1] = id;
- profiles = col + 1;
- } while (col != NULL);
-
- if (set != 0)
- _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRTP,
- epriv);
-
- return 0;
+ int ret;
+ srtp_ext_st *priv;
+ extension_priv_data_t epriv;
+ int set = 0;
+ const char *col;
+ gnutls_srtp_profile_t id;
+
+ ret =
+ _gnutls_ext_get_session_data(session, GNUTLS_EXTENSION_SRTP,
+ &epriv);
+ if (ret < 0) {
+ set = 1;
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ if (err_pos != NULL)
+ *err_pos = profiles;
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ } else
+ priv = epriv.ptr;
+
+ do {
+ col = strchr(profiles, ':');
+ id = find_profile(profiles, col);
+ if (id == 0) {
+ if (set != 0)
+ gnutls_free(priv);
+ if (err_pos != NULL)
+ *err_pos = profiles;
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (priv->profiles_size < MAX_SRTP_PROFILES) {
+ priv->profiles_size++;
+ }
+ priv->profiles[priv->profiles_size - 1] = id;
+ profiles = col + 1;
+ } while (col != NULL);
+
+ if (set != 0)
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_SRTP, epriv);
+
+ return 0;
}
/**
@@ -571,131 +547,123 @@ gnutls_srtp_set_profile_direct (gnutls_session_t session,
* Since 3.1.4
**/
int
-gnutls_srtp_get_keys (gnutls_session_t session,
- void *key_material,
- unsigned int key_material_size,
- gnutls_datum_t *client_key,
- gnutls_datum_t *client_salt,
- gnutls_datum_t *server_key,
- gnutls_datum_t *server_salt)
-{
-int ret;
-const srtp_profile_st *p;
-gnutls_srtp_profile_t profile;
-unsigned int msize;
-uint8_t *km = key_material;
-
- ret = gnutls_srtp_get_selected_profile (session, &profile);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- p = get_profile(profile);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
-
- msize = 2*(p->key_length+p->salt_length);
- if (msize > key_material_size)
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
-
- if (msize == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = gnutls_prf(session, sizeof("EXTRACTOR-dtls_srtp")-1, "EXTRACTOR-dtls_srtp", 0, 0,
- NULL, msize, key_material);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (client_key)
- {
- client_key->data = km;
- client_key->size = p->key_length;
- }
-
- if (server_key)
- {
- server_key->data = km + p->key_length;
- server_key->size = p->key_length;
- }
-
- if (client_salt)
- {
- client_salt->data = km + 2*p->key_length;
- client_salt->size = p->salt_length;
- }
-
- if (server_salt)
- {
- server_salt->data = km + 2*p->key_length + p->salt_length;
- server_salt->size = p->salt_length;
- }
-
- return msize;
+gnutls_srtp_get_keys(gnutls_session_t session,
+ void *key_material,
+ unsigned int key_material_size,
+ gnutls_datum_t * client_key,
+ gnutls_datum_t * client_salt,
+ gnutls_datum_t * server_key,
+ gnutls_datum_t * server_salt)
+{
+ int ret;
+ const srtp_profile_st *p;
+ gnutls_srtp_profile_t profile;
+ unsigned int msize;
+ uint8_t *km = key_material;
+
+ ret = gnutls_srtp_get_selected_profile(session, &profile);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ p = get_profile(profile);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
+
+ msize = 2 * (p->key_length + p->salt_length);
+ if (msize > key_material_size)
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+
+ if (msize == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret =
+ gnutls_prf(session, sizeof("EXTRACTOR-dtls_srtp") - 1,
+ "EXTRACTOR-dtls_srtp", 0, 0, NULL, msize,
+ key_material);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (client_key) {
+ client_key->data = km;
+ client_key->size = p->key_length;
+ }
+
+ if (server_key) {
+ server_key->data = km + p->key_length;
+ server_key->size = p->key_length;
+ }
+
+ if (client_salt) {
+ client_salt->data = km + 2 * p->key_length;
+ client_salt->size = p->salt_length;
+ }
+
+ if (server_salt) {
+ server_salt->data =
+ km + 2 * p->key_length + p->salt_length;
+ server_salt->size = p->salt_length;
+ }
+
+ return msize;
}
-static void
-_gnutls_srtp_deinit_data (extension_priv_data_t priv)
+static void _gnutls_srtp_deinit_data(extension_priv_data_t priv)
{
- gnutls_free (priv.ptr);
+ gnutls_free(priv.ptr);
}
static int
-_gnutls_srtp_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_srtp_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- srtp_ext_st *priv = epriv.ptr;
- unsigned int i;
- int ret;
-
- BUFFER_APPEND_NUM (ps, priv->profiles_size);
- for (i = 0; i < priv->profiles_size; i++)
- {
- BUFFER_APPEND_NUM (ps, priv->profiles[i]);
- }
-
- BUFFER_APPEND_NUM (ps, priv->mki_received);
- if (priv->mki_received)
- {
- BUFFER_APPEND_NUM (ps, priv->selected_profile);
- BUFFER_APPEND_PFX4 (ps, priv->mki, priv->mki_size);
- }
- return 0;
+ srtp_ext_st *priv = epriv.ptr;
+ unsigned int i;
+ int ret;
+
+ BUFFER_APPEND_NUM(ps, priv->profiles_size);
+ for (i = 0; i < priv->profiles_size; i++) {
+ BUFFER_APPEND_NUM(ps, priv->profiles[i]);
+ }
+
+ BUFFER_APPEND_NUM(ps, priv->mki_received);
+ if (priv->mki_received) {
+ BUFFER_APPEND_NUM(ps, priv->selected_profile);
+ BUFFER_APPEND_PFX4(ps, priv->mki, priv->mki_size);
+ }
+ return 0;
}
static int
-_gnutls_srtp_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * _priv)
+_gnutls_srtp_unpack(gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
- srtp_ext_st *priv;
- unsigned int i;
- int ret;
- extension_priv_data_t epriv;
-
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- BUFFER_POP_NUM (ps, priv->profiles_size);
- for (i = 0; i < priv->profiles_size; i++)
- {
- BUFFER_POP_NUM (ps, priv->profiles[i]);
- }
- BUFFER_POP_NUM (ps, priv->selected_profile);
-
- BUFFER_POP_NUM (ps, priv->mki_received);
- if (priv->mki_received)
- {
- BUFFER_POP_NUM (ps, priv->mki_size);
- BUFFER_POP (ps, priv->mki, priv->mki_size);
- }
-
- epriv.ptr = priv;
- *_priv = epriv;
-
- return 0;
-
-error:
- gnutls_free (priv);
- return ret;
+ srtp_ext_st *priv;
+ unsigned int i;
+ int ret;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_NUM(ps, priv->profiles_size);
+ for (i = 0; i < priv->profiles_size; i++) {
+ BUFFER_POP_NUM(ps, priv->profiles[i]);
+ }
+ BUFFER_POP_NUM(ps, priv->selected_profile);
+
+ BUFFER_POP_NUM(ps, priv->mki_received);
+ if (priv->mki_received) {
+ BUFFER_POP_NUM(ps, priv->mki_size);
+ BUFFER_POP(ps, priv->mki, priv->mki_size);
+ }
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+ error:
+ gnutls_free(priv);
+ return ret;
}
diff --git a/lib/ext/srtp.h b/lib/ext/srtp.h
index 579b3840d9..46ecfd7f02 100644
--- a/lib/ext/srtp.h
+++ b/lib/ext/srtp.h
@@ -26,14 +26,13 @@
#define MAX_SRTP_PROFILES 4
-typedef struct
-{
- gnutls_srtp_profile_t profiles[MAX_SRTP_PROFILES];
- unsigned profiles_size;
- gnutls_srtp_profile_t selected_profile;
- uint8_t mki[256];
- unsigned mki_size;
- unsigned int mki_received;
+typedef struct {
+ gnutls_srtp_profile_t profiles[MAX_SRTP_PROFILES];
+ unsigned profiles_size;
+ gnutls_srtp_profile_t selected_profile;
+ uint8_t mki[256];
+ unsigned mki_size;
+ unsigned int mki_received;
} srtp_ext_st;
extern extension_entry_st ext_mod_srtp;
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index ac512c2f90..d7009aab5b 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -34,14 +34,13 @@
#include <auth/cert.h>
#include <gnutls_handshake.h>
-typedef struct
-{
- gnutls_datum_t *responder_id;
- size_t responder_id_size;
- gnutls_datum_t request_extensions;
- gnutls_datum_t response;
+typedef struct {
+ gnutls_datum_t *responder_id;
+ size_t responder_id_size;
+ gnutls_datum_t request_extensions;
+ gnutls_datum_t response;
- unsigned int expect_cstatus;
+ unsigned int expect_cstatus;
} status_request_ext_st;
/*
@@ -66,108 +65,113 @@ typedef struct
*/
static int
-client_send (gnutls_session_t session,
- gnutls_buffer_st* extdata,
- status_request_ext_st *priv)
+client_send(gnutls_session_t session,
+ gnutls_buffer_st * extdata, status_request_ext_st * priv)
{
- int ret_len = 1 + 2;
- int ret;
- size_t i;
-
- ret = _gnutls_buffer_append_prefix (extdata, 8, 1);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret = _gnutls_buffer_append_prefix (extdata, 16, priv->responder_id_size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- for (i = 0; i < priv->responder_id_size; i++)
- {
- if (priv->responder_id[i].size <= 0)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- ret = _gnutls_buffer_append_data_prefix (extdata, 16,
- priv->responder_id[i].data,
- priv->responder_id[i].size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret_len += 2 + priv->responder_id[i].size;
- }
-
- ret = _gnutls_buffer_append_data_prefix (extdata, 16,
- priv->request_extensions.data,
- priv->request_extensions.size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- ret_len += 2 + priv->request_extensions.size;
-
- return ret_len;
+ int ret_len = 1 + 2;
+ int ret;
+ size_t i;
+
+ ret = _gnutls_buffer_append_prefix(extdata, 8, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16,
+ priv->responder_id_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < priv->responder_id_size; i++) {
+ if (priv->responder_id[i].size <= 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = _gnutls_buffer_append_data_prefix(extdata, 16,
+ priv->
+ responder_id[i].
+ data,
+ priv->
+ responder_id[i].
+ size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret_len += 2 + priv->responder_id[i].size;
+ }
+
+ ret = _gnutls_buffer_append_data_prefix(extdata, 16,
+ priv->request_extensions.
+ data,
+ priv->request_extensions.
+ size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret_len += 2 + priv->request_extensions.size;
+
+ return ret_len;
}
static int
-server_recv (gnutls_session_t session,
- status_request_ext_st *priv,
- const uint8_t * data,
- size_t size)
+server_recv(gnutls_session_t session,
+ status_request_ext_st * priv,
+ const uint8_t * data, size_t size)
{
- size_t i;
- ssize_t data_size = size;
+ size_t i;
+ ssize_t data_size = size;
+
+ /* minimum message is type (1) + responder_id_list (2) +
+ request_extension (2) = 5 */
+ if (data_size < 5)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- /* minimum message is type (1) + responder_id_list (2) +
- request_extension (2) = 5 */
- if (data_size < 5)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ /* We ignore non-ocsp CertificateStatusType. The spec is unclear
+ what should be done. */
+ if (data[0] != 0x01) {
+ gnutls_assert();
+ _gnutls_handshake_log("EXT[%p]: unknown status_type %d\n",
+ session, data[0]);
+ return 0;
+ }
+ DECR_LEN(data_size, 1);
+ data++;
- /* We ignore non-ocsp CertificateStatusType. The spec is unclear
- what should be done. */
- if (data[0] != 0x01)
- {
- gnutls_assert ();
- _gnutls_handshake_log ("EXT[%p]: unknown status_type %d\n",
- session, data[0]);
- return 0;
- }
- DECR_LEN(data_size, 1);
- data++;
+ priv->responder_id_size = _gnutls_read_uint16(data);
- priv->responder_id_size = _gnutls_read_uint16 (data);
-
- DECR_LEN(data_size, 2);
- data += 2;
+ DECR_LEN(data_size, 2);
+ data += 2;
- if (data_size <= (ssize_t)(priv->responder_id_size * 2))
- return gnutls_assert_val (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ if (data_size <= (ssize_t) (priv->responder_id_size * 2))
+ return
+ gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- priv->responder_id = gnutls_malloc (priv->responder_id_size
- * sizeof (*priv->responder_id));
- if (priv->responder_id == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ priv->responder_id = gnutls_malloc(priv->responder_id_size
+ * sizeof(*priv->responder_id));
+ if (priv->responder_id == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- for (i = 0; i < priv->responder_id_size; i++)
- {
- size_t l;
+ for (i = 0; i < priv->responder_id_size; i++) {
+ size_t l;
- DECR_LEN(data_size, 2);
+ DECR_LEN(data_size, 2);
- l = _gnutls_read_uint16 (data);
- data += 2;
+ l = _gnutls_read_uint16(data);
+ data += 2;
- DECR_LEN(data_size, l);
+ DECR_LEN(data_size, l);
- priv->responder_id[i].data = gnutls_malloc (l);
- if (priv->responder_id[i].data == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ priv->responder_id[i].data = gnutls_malloc(l);
+ if (priv->responder_id[i].data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- memcpy (priv->responder_id[i].data, data, l);
- priv->responder_id[i].size = l;
+ memcpy(priv->responder_id[i].data, data, l);
+ priv->responder_id[i].size = l;
- data += l;
- }
+ data += l;
+ }
- return 0;
+ return 0;
}
/*
@@ -181,99 +185,94 @@ server_recv (gnutls_session_t session,
*/
static int
-server_send (gnutls_session_t session,
- gnutls_buffer_st* extdata,
- status_request_ext_st *priv)
+server_send(gnutls_session_t session,
+ gnutls_buffer_st * extdata, status_request_ext_st * priv)
{
- int ret;
- gnutls_certificate_credentials_t cred;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) /* no certificate authentication */
- return gnutls_assert_val (0);
-
- if (cred->ocsp_func == NULL)
- return gnutls_assert_val (GNUTLS_E_SUCCESS);
-
- ret = cred->ocsp_func (session, cred->ocsp_func_ptr, &priv->response);
- if (ret == GNUTLS_E_NO_CERTIFICATE_STATUS)
- return 0;
- else if (ret < 0)
- return gnutls_assert_val (ret);
-
- return GNUTLS_E_INT_RET_0;
+ int ret;
+ gnutls_certificate_credentials_t cred;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) /* no certificate authentication */
+ return gnutls_assert_val(0);
+
+ if (cred->ocsp_func == NULL)
+ return gnutls_assert_val(GNUTLS_E_SUCCESS);
+
+ ret =
+ cred->ocsp_func(session, cred->ocsp_func_ptr, &priv->response);
+ if (ret == GNUTLS_E_NO_CERTIFICATE_STATUS)
+ return 0;
+ else if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return GNUTLS_E_INT_RET_0;
}
static int
-client_recv (gnutls_session_t session,
- status_request_ext_st *priv,
- const uint8_t * data,
- size_t size)
+client_recv(gnutls_session_t session,
+ status_request_ext_st * priv,
+ const uint8_t * data, size_t size)
{
- if (size != 0)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- else
- {
- priv->expect_cstatus = 1;
- return 0;
- }
+ if (size != 0)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ else {
+ priv->expect_cstatus = 1;
+ return 0;
+ }
}
static int
-_gnutls_status_request_send_params (gnutls_session_t session,
- gnutls_buffer_st* extdata)
+_gnutls_status_request_send_params(gnutls_session_t session,
+ gnutls_buffer_st * extdata)
{
- extension_priv_data_t epriv;
- status_request_ext_st *priv;
- int ret;
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- &epriv);
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (ret < 0 || epriv.ptr == NULL) /* it is ok not to have it */
- return 0;
- priv = epriv.ptr;
-
- return client_send (session, extdata, priv);
- }
- else
- {
- epriv.ptr = priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- epriv);
-
- return server_send (session, extdata, priv);
- }
+ extension_priv_data_t epriv;
+ status_request_ext_st *priv;
+ int ret;
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ &epriv);
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (ret < 0 || epriv.ptr == NULL) /* it is ok not to have it */
+ return 0;
+ priv = epriv.ptr;
+
+ return client_send(session, extdata, priv);
+ } else {
+ epriv.ptr = priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ epriv);
+
+ return server_send(session, extdata, priv);
+ }
}
static int
-_gnutls_status_request_recv_params (gnutls_session_t session,
- const uint8_t * data,
- size_t size)
+_gnutls_status_request_recv_params(gnutls_session_t session,
+ const uint8_t * data, size_t size)
{
- extension_priv_data_t epriv;
- status_request_ext_st *priv;
- int ret;
+ extension_priv_data_t epriv;
+ status_request_ext_st *priv;
+ int ret;
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- &epriv);
- if (ret < 0 || epriv.ptr == NULL) /* it is ok not to have it */
- return 0;
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ &epriv);
+ if (ret < 0 || epriv.ptr == NULL) /* it is ok not to have it */
+ return 0;
- priv = epriv.ptr;
+ priv = epriv.ptr;
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- return client_recv (session, priv, data, size);
- return server_recv (session, priv, data, size);
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ return client_recv(session, priv, data, size);
+ return server_recv(session, priv, data, size);
}
/**
@@ -295,34 +294,33 @@ _gnutls_status_request_recv_params (gnutls_session_t session,
* Since: 3.1.3
**/
int
-gnutls_ocsp_status_request_enable_client (gnutls_session_t session,
- gnutls_datum_t *responder_id,
- size_t responder_id_size,
- gnutls_datum_t *extensions)
+gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
+ gnutls_datum_t * responder_id,
+ size_t responder_id_size,
+ gnutls_datum_t * extensions)
{
- status_request_ext_st *priv;
- extension_priv_data_t epriv;
+ status_request_ext_st *priv;
+ extension_priv_data_t epriv;
- if (session->security_parameters.entity == GNUTLS_SERVER)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- epriv.ptr = priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ epriv.ptr = priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- priv->responder_id = responder_id;
- priv->responder_id_size = responder_id_size;
- if (extensions)
- {
- priv->request_extensions.data = extensions->data;
- priv->request_extensions.size = extensions->size;
- }
+ priv->responder_id = responder_id;
+ priv->responder_id_size = responder_id_size;
+ if (extensions) {
+ priv->request_extensions.data = extensions->data;
+ priv->request_extensions.size = extensions->size;
+ }
- _gnutls_ext_set_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- epriv);
+ _gnutls_ext_set_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ epriv);
- return 0;
+ return 0;
}
/**
@@ -341,31 +339,33 @@ gnutls_ocsp_status_request_enable_client (gnutls_session_t session,
* Since: 3.1.3
**/
int
-gnutls_ocsp_status_request_get (gnutls_session_t session,
- gnutls_datum_t *response)
+gnutls_ocsp_status_request_get(gnutls_session_t session,
+ gnutls_datum_t * response)
{
- status_request_ext_st *priv;
- extension_priv_data_t epriv;
- int ret;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- ret = _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- &epriv);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- priv = epriv.ptr;
-
- if (priv == NULL || priv->response.data == NULL)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- response->data = priv->response.data;
- response->size = priv->response.size;
-
- return 0;
+ status_request_ext_st *priv;
+ extension_priv_data_t epriv;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ &epriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ priv = epriv.ptr;
+
+ if (priv == NULL || priv->response.data == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ response->data = priv->response.data;
+ response->size = priv->response.size;
+
+ return 0;
}
/**
@@ -396,26 +396,26 @@ gnutls_ocsp_status_request_get (gnutls_session_t session,
* Since: 3.1.3
**/
void
-gnutls_certificate_set_ocsp_status_request_function (
- gnutls_certificate_credentials_t sc,
- gnutls_status_request_ocsp_func ocsp_func,
- void *ptr)
+gnutls_certificate_set_ocsp_status_request_function
+(gnutls_certificate_credentials_t sc,
+gnutls_status_request_ocsp_func ocsp_func, void *ptr)
{
-
- sc->ocsp_func = ocsp_func;
- sc->ocsp_func_ptr = ptr;
+
+ sc->ocsp_func = ocsp_func;
+ sc->ocsp_func_ptr = ptr;
}
-static int file_ocsp_func(gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response)
+static int file_ocsp_func(gnutls_session_t session, void *ptr,
+ gnutls_datum_t * ocsp_response)
{
-int ret;
-gnutls_certificate_credentials_t sc = ptr;
-
- ret = gnutls_load_file(sc->ocsp_response_file, ocsp_response);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_STATUS);
-
- return 0;
+ int ret;
+ gnutls_certificate_credentials_t sc = ptr;
+
+ ret = gnutls_load_file(sc->ocsp_response_file, ocsp_response);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_STATUS);
+
+ return 0;
}
/**
@@ -437,191 +437,194 @@ gnutls_certificate_credentials_t sc = ptr;
* Since: 3.1.3
**/
int
-gnutls_certificate_set_ocsp_status_request_file (
- gnutls_certificate_credentials_t sc,
- const char* response_file,
- unsigned int flags)
+gnutls_certificate_set_ocsp_status_request_file
+(gnutls_certificate_credentials_t sc, const char *response_file,
+ unsigned int flags)
{
- sc->ocsp_func = file_ocsp_func;
- sc->ocsp_func_ptr = sc;
- sc->ocsp_response_file = gnutls_strdup(response_file);
- if (sc->ocsp_response_file == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- return 0;
+ sc->ocsp_func = file_ocsp_func;
+ sc->ocsp_func_ptr = sc;
+ sc->ocsp_response_file = gnutls_strdup(response_file);
+ if (sc->ocsp_response_file == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ return 0;
}
-static void
-_gnutls_status_request_deinit_data (extension_priv_data_t epriv)
+static void _gnutls_status_request_deinit_data(extension_priv_data_t epriv)
{
- status_request_ext_st *priv = epriv.ptr;
- size_t i;
+ status_request_ext_st *priv = epriv.ptr;
+ size_t i;
- if (priv == NULL)
- return;
+ if (priv == NULL)
+ return;
- for (i = 0; i < priv->responder_id_size; i++)
- gnutls_free (priv->responder_id[i].data);
+ for (i = 0; i < priv->responder_id_size; i++)
+ gnutls_free(priv->responder_id[i].data);
- gnutls_free (priv->responder_id);
- gnutls_free (priv->request_extensions.data);
- gnutls_free (priv->response.data);
- gnutls_free (priv);
+ gnutls_free(priv->responder_id);
+ gnutls_free(priv->request_extensions.data);
+ gnutls_free(priv->response.data);
+ gnutls_free(priv);
}
static int
-_gnutls_status_request_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+_gnutls_status_request_pack(extension_priv_data_t epriv,
+ gnutls_buffer_st * ps)
{
- status_request_ext_st *priv = epriv.ptr;
- int ret;
+ status_request_ext_st *priv = epriv.ptr;
+ int ret;
- BUFFER_APPEND_PFX4 (ps, priv->response.data,
- priv->response.size);
+ BUFFER_APPEND_PFX4(ps, priv->response.data, priv->response.size);
- return 0;
+ return 0;
}
static int
-_gnutls_status_request_unpack (gnutls_buffer_st * ps,
- extension_priv_data_t * epriv)
+_gnutls_status_request_unpack(gnutls_buffer_st * ps,
+ extension_priv_data_t * epriv)
{
- status_request_ext_st *priv;
- int ret;
+ status_request_ext_st *priv;
+ int ret;
- priv = gnutls_calloc (1, sizeof (*priv));
- if (priv == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ priv = gnutls_calloc(1, sizeof(*priv));
+ if (priv == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- BUFFER_POP_DATUM (ps, &priv->response);
+ BUFFER_POP_DATUM(ps, &priv->response);
- epriv->ptr = priv;
+ epriv->ptr = priv;
- return 0;
+ return 0;
-error:
- gnutls_free (priv);
- return ret;
+ error:
+ gnutls_free(priv);
+ return ret;
}
extension_entry_st ext_mod_status_request = {
- .name = "STATUS REQUEST",
- .type = GNUTLS_EXTENSION_STATUS_REQUEST,
- .parse_type = GNUTLS_EXT_TLS,
- .recv_func = _gnutls_status_request_recv_params,
- .send_func = _gnutls_status_request_send_params,
- .pack_func = _gnutls_status_request_pack,
- .unpack_func = _gnutls_status_request_unpack,
- .deinit_func = _gnutls_status_request_deinit_data
+ .name = "STATUS REQUEST",
+ .type = GNUTLS_EXTENSION_STATUS_REQUEST,
+ .parse_type = GNUTLS_EXT_TLS,
+ .recv_func = _gnutls_status_request_recv_params,
+ .send_func = _gnutls_status_request_send_params,
+ .pack_func = _gnutls_status_request_pack,
+ .unpack_func = _gnutls_status_request_unpack,
+ .deinit_func = _gnutls_status_request_deinit_data
};
/* Functions to be called from handshake */
int
-_gnutls_send_server_certificate_status (gnutls_session_t session, int again)
+_gnutls_send_server_certificate_status(gnutls_session_t session, int again)
{
- mbuffer_st *bufel = NULL;
- uint8_t * data;
- int data_size = 0;
- int ret;
- status_request_ext_st *priv = NULL;
- extension_priv_data_t epriv;
- if (again == 0)
- {
- ret =
- _gnutls_ext_get_session_data (session,
- GNUTLS_EXTENSION_STATUS_REQUEST,
- &epriv);
- if (ret < 0)
- return 0;
- priv = epriv.ptr;
-
- if (!priv->response.size)
- return 0;
-
- data_size = priv->response.size + 4;
- bufel = _gnutls_handshake_alloc (session, data_size, data_size);
- if (!bufel)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- data = _mbuffer_get_udata_ptr (bufel);
-
- data[0] = 0x01;
- _gnutls_write_uint24(priv->response.size, &data[1]);
- memcpy(&data[4], priv->response.data, priv->response.size);
-
- _gnutls_free_datum(&priv->response);
- }
- return _gnutls_send_handshake (session, data_size ? bufel : NULL,
- GNUTLS_HANDSHAKE_CERTIFICATE_STATUS);
+ mbuffer_st *bufel = NULL;
+ uint8_t *data;
+ int data_size = 0;
+ int ret;
+ status_request_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ if (again == 0) {
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ &epriv);
+ if (ret < 0)
+ return 0;
+ priv = epriv.ptr;
+
+ if (!priv->response.size)
+ return 0;
+
+ data_size = priv->response.size + 4;
+ bufel =
+ _gnutls_handshake_alloc(session, data_size, data_size);
+ if (!bufel)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ data = _mbuffer_get_udata_ptr(bufel);
+
+ data[0] = 0x01;
+ _gnutls_write_uint24(priv->response.size, &data[1]);
+ memcpy(&data[4], priv->response.data, priv->response.size);
+
+ _gnutls_free_datum(&priv->response);
+ }
+ return _gnutls_send_handshake(session, data_size ? bufel : NULL,
+ GNUTLS_HANDSHAKE_CERTIFICATE_STATUS);
}
-int
-_gnutls_recv_server_certificate_status (gnutls_session_t session)
+int _gnutls_recv_server_certificate_status(gnutls_session_t session)
{
- uint8_t *data;
- int data_size;
- size_t r_size;
- gnutls_buffer_st buf;
- int ret;
- status_request_ext_st *priv = NULL;
- extension_priv_data_t epriv;
-
- ret =
- _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_STATUS_REQUEST,
- &epriv);
- if (ret < 0)
- return 0;
-
- priv = epriv.ptr;
-
- if (!priv->expect_cstatus)
- return 0;
-
- priv->expect_cstatus = 0;
-
- ret = _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CERTIFICATE_STATUS,
- 0, &buf);
- if (ret < 0)
- return gnutls_assert_val_fatal(ret);
-
- data = buf.data;
- data_size = buf.length;
-
- /* minimum message is type (1) + response (3) + data */
- if (data_size == 0)
- return 0;
- else if (data_size < 4)
- return gnutls_assert_val (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (data[0] != 0x01)
- {
- gnutls_assert ();
- _gnutls_handshake_log ("EXT[%p]: unknown status_type %d\n",
- session, data[0]);
- return 0;
- }
- DECR_LENGTH_COM (data_size, 1, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
- data++;
-
- DECR_LENGTH_COM (data_size, 3, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
- r_size = _gnutls_read_uint24(data);
- data += 3;
-
- DECR_LENGTH_COM (data_size, r_size, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error);
-
- ret = _gnutls_set_datum(&priv->response, data, r_size);
- if (ret < 0)
- goto error;
-
- ret = 0;
-
-error:
- _gnutls_buffer_clear (&buf);
-
- return ret;
+ uint8_t *data;
+ int data_size;
+ size_t r_size;
+ gnutls_buffer_st buf;
+ int ret;
+ status_request_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data(session,
+ GNUTLS_EXTENSION_STATUS_REQUEST,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+ priv = epriv.ptr;
+
+ if (!priv->expect_cstatus)
+ return 0;
+
+ priv->expect_cstatus = 0;
+
+ ret = _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CERTIFICATE_STATUS,
+ 0, &buf);
+ if (ret < 0)
+ return gnutls_assert_val_fatal(ret);
+
+ data = buf.data;
+ data_size = buf.length;
+
+ /* minimum message is type (1) + response (3) + data */
+ if (data_size == 0)
+ return 0;
+ else if (data_size < 4)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (data[0] != 0x01) {
+ gnutls_assert();
+ _gnutls_handshake_log("EXT[%p]: unknown status_type %d\n",
+ session, data[0]);
+ return 0;
+ }
+ DECR_LENGTH_COM(data_size, 1, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+ data++;
+
+ DECR_LENGTH_COM(data_size, 3, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+ r_size = _gnutls_read_uint24(data);
+ data += 3;
+
+ DECR_LENGTH_COM(data_size, r_size, ret =
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto error);
+
+ ret = _gnutls_set_datum(&priv->response, data, r_size);
+ if (ret < 0)
+ goto error;
+
+ ret = 0;
+
+ error:
+ _gnutls_buffer_clear(&buf);
+
+ return ret;
}
diff --git a/lib/ext/status_request.h b/lib/ext/status_request.h
index e91b95aa31..cd1aaeea46 100644
--- a/lib/ext/status_request.h
+++ b/lib/ext/status_request.h
@@ -28,8 +28,8 @@
extern extension_entry_st ext_mod_status_request;
int
-_gnutls_send_server_certificate_status (gnutls_session_t session, int again);
-int
-_gnutls_recv_server_certificate_status (gnutls_session_t session);
+_gnutls_send_server_certificate_status(gnutls_session_t session,
+ int again);
+int _gnutls_recv_server_certificate_status(gnutls_session_t session);
#endif
diff --git a/lib/extras/randomart.c b/lib/extras/randomart.c
index 7b661a9a25..3b7bf8adc9 100644
--- a/lib/extras/randomart.c
+++ b/lib/extras/randomart.c
@@ -61,107 +61,106 @@
#define FLDBASE 8
#define FLDSIZE_Y (FLDBASE + 1)
#define FLDSIZE_X (FLDBASE * 2 + 1)
-char *
-_gnutls_key_fingerprint_randomart (uint8_t * dgst_raw, u_int dgst_raw_len,
- const char *key_type, unsigned int key_size,
- const char* prefix)
+char *_gnutls_key_fingerprint_randomart(uint8_t * dgst_raw,
+ u_int dgst_raw_len,
+ const char *key_type,
+ unsigned int key_size,
+ const char *prefix)
{
- /*
- * Chars to be used after each other every time the worm
- * intersects with itself. Matter of taste.
- */
- const char augmentation_string[] = " .o+=*BOX@%&#/^SE";
- char *retval, *p;
- uint8_t field[FLDSIZE_X][FLDSIZE_Y];
- unsigned int i, b;
- int x, y;
- const size_t len = sizeof(augmentation_string) - 2;
- unsigned int prefix_len = 0;
-
- if (prefix)
- prefix_len = strlen(prefix);
-
- retval = gnutls_calloc (1, (FLDSIZE_X + 3 + prefix_len) * (FLDSIZE_Y + 2));
- if (retval == NULL)
- {
- gnutls_assert();
- return NULL;
- }
-
- /* initialize field */
- memset (field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof (char));
- x = FLDSIZE_X / 2;
- y = FLDSIZE_Y / 2;
-
- /* process raw key */
- for (i = 0; i < dgst_raw_len; i++)
- {
- int input;
- /* each byte conveys four 2-bit move commands */
- input = dgst_raw[i];
- for (b = 0; b < 4; b++)
- {
- /* evaluate 2 bit, rest is shifted later */
- x += (input & 0x1) ? 1 : -1;
- y += (input & 0x2) ? 1 : -1;
-
- /* assure we are still in bounds */
- x = MAX (x, 0);
- y = MAX (y, 0);
- x = MIN (x, FLDSIZE_X - 1);
- y = MIN (y, FLDSIZE_Y - 1);
-
- /* augment the field */
- if (field[x][y] < len - 2)
- field[x][y]++;
- input = input >> 2;
- }
- }
-
- /* mark starting point and end point */
- field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
- field[x][y] = len;
-
- /* fill in retval */
- if (prefix_len)
- snprintf (retval, FLDSIZE_X + prefix_len, "%s+--[%4s %4u]", prefix, key_type, key_size);
- else
- snprintf (retval, FLDSIZE_X, "+--[%4s %4u]", key_type, key_size);
- p = strchr (retval, '\0');
-
- /* output upper border */
- for (i = p - retval - 1; i < FLDSIZE_X + prefix_len; i++)
- *p++ = '-';
- *p++ = '+';
- *p++ = '\n';
-
- if (prefix_len)
- {
- memcpy(p, prefix, prefix_len);
- p += prefix_len;
- }
-
- /* output content */
- for (y = 0; y < FLDSIZE_Y; y++)
- {
- *p++ = '|';
- for (x = 0; x < FLDSIZE_X; x++)
- *p++ = augmentation_string[MIN (field[x][y], len)];
- *p++ = '|';
- *p++ = '\n';
-
- if (prefix_len)
- {
- memcpy(p, prefix, prefix_len);
- p += prefix_len;
- }
- }
-
- /* output lower border */
- *p++ = '+';
- for (i = 0; i < FLDSIZE_X; i++)
- *p++ = '-';
- *p++ = '+';
-
- return retval;
+ /*
+ * Chars to be used after each other every time the worm
+ * intersects with itself. Matter of taste.
+ */
+ const char augmentation_string[] = " .o+=*BOX@%&#/^SE";
+ char *retval, *p;
+ uint8_t field[FLDSIZE_X][FLDSIZE_Y];
+ unsigned int i, b;
+ int x, y;
+ const size_t len = sizeof(augmentation_string) - 2;
+ unsigned int prefix_len = 0;
+
+ if (prefix)
+ prefix_len = strlen(prefix);
+
+ retval =
+ gnutls_calloc(1,
+ (FLDSIZE_X + 3 + prefix_len) * (FLDSIZE_Y + 2));
+ if (retval == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ /* initialize field */
+ memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
+ x = FLDSIZE_X / 2;
+ y = FLDSIZE_Y / 2;
+
+ /* process raw key */
+ for (i = 0; i < dgst_raw_len; i++) {
+ int input;
+ /* each byte conveys four 2-bit move commands */
+ input = dgst_raw[i];
+ for (b = 0; b < 4; b++) {
+ /* evaluate 2 bit, rest is shifted later */
+ x += (input & 0x1) ? 1 : -1;
+ y += (input & 0x2) ? 1 : -1;
+
+ /* assure we are still in bounds */
+ x = MAX(x, 0);
+ y = MAX(y, 0);
+ x = MIN(x, FLDSIZE_X - 1);
+ y = MIN(y, FLDSIZE_Y - 1);
+
+ /* augment the field */
+ if (field[x][y] < len - 2)
+ field[x][y]++;
+ input = input >> 2;
+ }
+ }
+
+ /* mark starting point and end point */
+ field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
+ field[x][y] = len;
+
+ /* fill in retval */
+ if (prefix_len)
+ snprintf(retval, FLDSIZE_X + prefix_len, "%s+--[%4s %4u]",
+ prefix, key_type, key_size);
+ else
+ snprintf(retval, FLDSIZE_X, "+--[%4s %4u]", key_type,
+ key_size);
+ p = strchr(retval, '\0');
+
+ /* output upper border */
+ for (i = p - retval - 1; i < FLDSIZE_X + prefix_len; i++)
+ *p++ = '-';
+ *p++ = '+';
+ *p++ = '\n';
+
+ if (prefix_len) {
+ memcpy(p, prefix, prefix_len);
+ p += prefix_len;
+ }
+
+ /* output content */
+ for (y = 0; y < FLDSIZE_Y; y++) {
+ *p++ = '|';
+ for (x = 0; x < FLDSIZE_X; x++)
+ *p++ = augmentation_string[MIN(field[x][y], len)];
+ *p++ = '|';
+ *p++ = '\n';
+
+ if (prefix_len) {
+ memcpy(p, prefix, prefix_len);
+ p += prefix_len;
+ }
+ }
+
+ /* output lower border */
+ *p++ = '+';
+ for (i = 0; i < FLDSIZE_X; i++)
+ *p++ = '-';
+ *p++ = '+';
+
+ return retval;
}
diff --git a/lib/extras/randomart.h b/lib/extras/randomart.h
index 07c44c121f..4c5769334b 100644
--- a/lib/extras/randomart.h
+++ b/lib/extras/randomart.h
@@ -1,4 +1,5 @@
-char *
-_gnutls_key_fingerprint_randomart (uint8_t * dgst_raw, u_int dgst_raw_len,
- const char *key_type, unsigned int key_size,
- const char* prefix);
+char *_gnutls_key_fingerprint_randomart(uint8_t * dgst_raw,
+ u_int dgst_raw_len,
+ const char *key_type,
+ unsigned int key_size,
+ const char *prefix);
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index c7932eb472..66270dc18a 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -30,51 +30,61 @@
#define _(String) dgettext (PACKAGE, String)
#define N_(String) gettext_noop (String)
-typedef struct
-{
- gnutls_alert_description_t alert;
- const char *name;
- const char *desc;
+typedef struct {
+ gnutls_alert_description_t alert;
+ const char *name;
+ const char *desc;
} gnutls_alert_entry;
#define ALERT_ENTRY(x,y) \
{x, #x, y}
static const gnutls_alert_entry sup_alerts[] = {
- ALERT_ENTRY(GNUTLS_A_CLOSE_NOTIFY, N_("Close notify")),
- ALERT_ENTRY(GNUTLS_A_UNEXPECTED_MESSAGE, N_("Unexpected message")),
- ALERT_ENTRY(GNUTLS_A_BAD_RECORD_MAC, N_("Bad record MAC")),
- ALERT_ENTRY(GNUTLS_A_DECRYPTION_FAILED, N_("Decryption failed")),
- ALERT_ENTRY(GNUTLS_A_RECORD_OVERFLOW, N_("Record overflow")),
- ALERT_ENTRY(GNUTLS_A_DECOMPRESSION_FAILURE, N_("Decompression failed")),
- ALERT_ENTRY(GNUTLS_A_HANDSHAKE_FAILURE, N_("Handshake failed")),
- ALERT_ENTRY(GNUTLS_A_BAD_CERTIFICATE, N_("Certificate is bad")),
- ALERT_ENTRY(GNUTLS_A_UNSUPPORTED_CERTIFICATE, N_("Certificate is not supported")),
- ALERT_ENTRY(GNUTLS_A_CERTIFICATE_REVOKED, N_("Certificate was revoked")),
- ALERT_ENTRY(GNUTLS_A_CERTIFICATE_EXPIRED, N_("Certificate is expired")),
- ALERT_ENTRY(GNUTLS_A_CERTIFICATE_UNKNOWN, N_("Unknown certificate")),
- ALERT_ENTRY(GNUTLS_A_ILLEGAL_PARAMETER, N_("Illegal parameter")),
- ALERT_ENTRY(GNUTLS_A_UNKNOWN_CA, N_("CA is unknown")),
- ALERT_ENTRY(GNUTLS_A_ACCESS_DENIED, N_("Access was denied")),
- ALERT_ENTRY(GNUTLS_A_DECODE_ERROR, N_("Decode error")),
- ALERT_ENTRY(GNUTLS_A_DECRYPT_ERROR, N_("Decrypt error")),
- ALERT_ENTRY(GNUTLS_A_EXPORT_RESTRICTION, N_("Export restriction")),
- ALERT_ENTRY(GNUTLS_A_PROTOCOL_VERSION, N_("Error in protocol version")),
- ALERT_ENTRY(GNUTLS_A_INSUFFICIENT_SECURITY, N_("Insufficient security")),
- ALERT_ENTRY(GNUTLS_A_USER_CANCELED, N_("User canceled")),
- ALERT_ENTRY(GNUTLS_A_SSL3_NO_CERTIFICATE, N_("No certificate (SSL 3.0)")),
- ALERT_ENTRY(GNUTLS_A_INTERNAL_ERROR, N_("Internal error")),
- ALERT_ENTRY(GNUTLS_A_NO_RENEGOTIATION, N_("No renegotiation is allowed")),
- ALERT_ENTRY(GNUTLS_A_CERTIFICATE_UNOBTAINABLE,
- N_("Could not retrieve the specified certificate")),
- ALERT_ENTRY(GNUTLS_A_UNSUPPORTED_EXTENSION, N_("An unsupported extension was sent")),
- ALERT_ENTRY(GNUTLS_A_UNRECOGNIZED_NAME,
- N_("The server name sent was not recognized")),
- ALERT_ENTRY(GNUTLS_A_UNKNOWN_PSK_IDENTITY,
- N_("The SRP/PSK username is missing or not known")),
- ALERT_ENTRY(GNUTLS_A_NO_APPLICATION_PROTOCOL,
- N_("No supported application protocol could be negotiated")),
- {0, NULL, NULL}
+ ALERT_ENTRY(GNUTLS_A_CLOSE_NOTIFY, N_("Close notify")),
+ ALERT_ENTRY(GNUTLS_A_UNEXPECTED_MESSAGE, N_("Unexpected message")),
+ ALERT_ENTRY(GNUTLS_A_BAD_RECORD_MAC, N_("Bad record MAC")),
+ ALERT_ENTRY(GNUTLS_A_DECRYPTION_FAILED, N_("Decryption failed")),
+ ALERT_ENTRY(GNUTLS_A_RECORD_OVERFLOW, N_("Record overflow")),
+ ALERT_ENTRY(GNUTLS_A_DECOMPRESSION_FAILURE,
+ N_("Decompression failed")),
+ ALERT_ENTRY(GNUTLS_A_HANDSHAKE_FAILURE, N_("Handshake failed")),
+ ALERT_ENTRY(GNUTLS_A_BAD_CERTIFICATE, N_("Certificate is bad")),
+ ALERT_ENTRY(GNUTLS_A_UNSUPPORTED_CERTIFICATE,
+ N_("Certificate is not supported")),
+ ALERT_ENTRY(GNUTLS_A_CERTIFICATE_REVOKED,
+ N_("Certificate was revoked")),
+ ALERT_ENTRY(GNUTLS_A_CERTIFICATE_EXPIRED,
+ N_("Certificate is expired")),
+ ALERT_ENTRY(GNUTLS_A_CERTIFICATE_UNKNOWN,
+ N_("Unknown certificate")),
+ ALERT_ENTRY(GNUTLS_A_ILLEGAL_PARAMETER, N_("Illegal parameter")),
+ ALERT_ENTRY(GNUTLS_A_UNKNOWN_CA, N_("CA is unknown")),
+ ALERT_ENTRY(GNUTLS_A_ACCESS_DENIED, N_("Access was denied")),
+ ALERT_ENTRY(GNUTLS_A_DECODE_ERROR, N_("Decode error")),
+ ALERT_ENTRY(GNUTLS_A_DECRYPT_ERROR, N_("Decrypt error")),
+ ALERT_ENTRY(GNUTLS_A_EXPORT_RESTRICTION, N_("Export restriction")),
+ ALERT_ENTRY(GNUTLS_A_PROTOCOL_VERSION,
+ N_("Error in protocol version")),
+ ALERT_ENTRY(GNUTLS_A_INSUFFICIENT_SECURITY,
+ N_("Insufficient security")),
+ ALERT_ENTRY(GNUTLS_A_USER_CANCELED, N_("User canceled")),
+ ALERT_ENTRY(GNUTLS_A_SSL3_NO_CERTIFICATE,
+ N_("No certificate (SSL 3.0)")),
+ ALERT_ENTRY(GNUTLS_A_INTERNAL_ERROR, N_("Internal error")),
+ ALERT_ENTRY(GNUTLS_A_NO_RENEGOTIATION,
+ N_("No renegotiation is allowed")),
+ ALERT_ENTRY(GNUTLS_A_CERTIFICATE_UNOBTAINABLE,
+ N_("Could not retrieve the specified certificate")),
+ ALERT_ENTRY(GNUTLS_A_UNSUPPORTED_EXTENSION,
+ N_("An unsupported extension was sent")),
+ ALERT_ENTRY(GNUTLS_A_UNRECOGNIZED_NAME,
+ N_("The server name sent was not recognized")),
+ ALERT_ENTRY(GNUTLS_A_UNKNOWN_PSK_IDENTITY,
+ N_("The SRP/PSK username is missing or not known")),
+ ALERT_ENTRY(GNUTLS_A_NO_APPLICATION_PROTOCOL,
+ N_
+ ("No supported application protocol could be negotiated")),
+ {0, NULL, NULL}
};
/**
@@ -86,16 +96,15 @@ static const gnutls_alert_entry sup_alerts[] = {
*
* Returns: string corresponding to #gnutls_alert_description_t value.
**/
-const char *
-gnutls_alert_get_name (gnutls_alert_description_t alert)
+const char *gnutls_alert_get_name(gnutls_alert_description_t alert)
{
- const gnutls_alert_entry *p;
+ const gnutls_alert_entry *p;
- for (p = sup_alerts; p->desc != NULL; p++)
- if (p->alert == alert)
- return _(p->desc);
+ for (p = sup_alerts; p->desc != NULL; p++)
+ if (p->alert == alert)
+ return _(p->desc);
- return NULL;
+ return NULL;
}
/**
@@ -108,16 +117,15 @@ gnutls_alert_get_name (gnutls_alert_description_t alert)
*
* Since: 3.0
**/
-const char *
-gnutls_alert_get_strname (gnutls_alert_description_t alert)
+const char *gnutls_alert_get_strname(gnutls_alert_description_t alert)
{
- const gnutls_alert_entry *p;
+ const gnutls_alert_entry *p;
- for (p = sup_alerts; p->name != NULL; p++)
- if (p->alert == alert)
- return p->name;
+ for (p = sup_alerts; p->name != NULL; p++)
+ if (p->alert == alert)
+ return p->name;
- return NULL;
+ return NULL;
}
/**
@@ -139,28 +147,29 @@ gnutls_alert_get_strname (gnutls_alert_description_t alert)
* an error code is returned.
**/
int
-gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level,
- gnutls_alert_description_t desc)
+gnutls_alert_send(gnutls_session_t session, gnutls_alert_level_t level,
+ gnutls_alert_description_t desc)
{
- uint8_t data[2];
- int ret;
- const char *name;
+ uint8_t data[2];
+ int ret;
+ const char *name;
- data[0] = (uint8_t) level;
- data[1] = (uint8_t) desc;
+ data[0] = (uint8_t) level;
+ data[1] = (uint8_t) desc;
- name = gnutls_alert_get_name ((int) data[1]);
- if (name == NULL)
- name = "(unknown)";
- _gnutls_record_log ("REC: Sending Alert[%d|%d] - %s\n", data[0],
- data[1], name);
+ name = gnutls_alert_get_name((int) data[1]);
+ if (name == NULL)
+ name = "(unknown)";
+ _gnutls_record_log("REC: Sending Alert[%d|%d] - %s\n", data[0],
+ data[1], name);
- if ((ret =
- _gnutls_send_int (session, GNUTLS_ALERT, -1, EPOCH_WRITE_CURRENT, data,
- 2, MBUFFER_FLUSH)) >= 0)
- return 0;
- else
- return ret;
+ if ((ret =
+ _gnutls_send_int(session, GNUTLS_ALERT, -1,
+ EPOCH_WRITE_CURRENT, data, 2,
+ MBUFFER_FLUSH)) >= 0)
+ return 0;
+ else
+ return ret;
}
/**
@@ -179,122 +188,120 @@ gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level,
*
* Returns: the alert code to use for a particular error code.
**/
-int
-gnutls_error_to_alert (int err, int *level)
+int gnutls_error_to_alert(int err, int *level)
{
- int ret, _level = -1;
+ int ret, _level = -1;
- switch (err)
- { /* send appropriate alert */
- case GNUTLS_E_DECRYPTION_FAILED:
- /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
- * it is not defined in SSL3. Note that we must
- * not distinguish Decryption failures from mac
- * check failures, due to the possibility of some
- * attacks.
- */
- ret = GNUTLS_A_BAD_RECORD_MAC;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_DECOMPRESSION_FAILED:
- ret = GNUTLS_A_DECOMPRESSION_FAILURE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
- case GNUTLS_E_ILLEGAL_SRP_USERNAME:
- ret = GNUTLS_A_ILLEGAL_PARAMETER;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNKNOWN_SRP_USERNAME:
- ret = GNUTLS_A_UNKNOWN_PSK_IDENTITY;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
- case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
- case GNUTLS_E_ASN1_DER_ERROR:
- case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
- case GNUTLS_E_ASN1_GENERIC_ERROR:
- case GNUTLS_E_ASN1_VALUE_NOT_VALID:
- case GNUTLS_E_ASN1_TAG_ERROR:
- case GNUTLS_E_ASN1_TAG_IMPLICIT:
- case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
- case GNUTLS_E_ASN1_SYNTAX_ERROR:
- case GNUTLS_E_ASN1_DER_OVERFLOW:
- case GNUTLS_E_CERTIFICATE_ERROR:
- ret = GNUTLS_A_BAD_CERTIFICATE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
- case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
- case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
- case GNUTLS_E_NO_CIPHER_SUITES:
- case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
- case GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM:
- case GNUTLS_E_SAFE_RENEGOTIATION_FAILED:
- case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
- ret = GNUTLS_A_HANDSHAKE_FAILURE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
- ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_USER_ERROR:
- ret = GNUTLS_A_USER_CANCELED;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNEXPECTED_PACKET:
- case GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET:
- case GNUTLS_E_PREMATURE_TERMINATION:
- ret = GNUTLS_A_UNEXPECTED_MESSAGE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_REHANDSHAKE:
- case GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED:
- ret = GNUTLS_A_NO_RENEGOTIATION;
- _level = GNUTLS_AL_WARNING;
- break;
- case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
- ret = GNUTLS_A_PROTOCOL_VERSION;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
- ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
- ret = GNUTLS_A_RECORD_OVERFLOW;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_INTERNAL_ERROR:
- case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
- case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
- ret = GNUTLS_A_INTERNAL_ERROR;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_OPENPGP_GETKEY_FAILED:
- ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
- case GNUTLS_E_NO_CERTIFICATE_FOUND:
- ret = GNUTLS_A_INSUFFICIENT_SECURITY;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_NO_APPLICATION_PROTOCOL:
- ret = GNUTLS_A_NO_APPLICATION_PROTOCOL;
- _level = GNUTLS_AL_FATAL;
- break;
- default:
- ret = GNUTLS_A_INTERNAL_ERROR;
- _level = GNUTLS_AL_FATAL;
- break;
- }
+ switch (err) { /* send appropriate alert */
+ case GNUTLS_E_DECRYPTION_FAILED:
+ /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
+ * it is not defined in SSL3. Note that we must
+ * not distinguish Decryption failures from mac
+ * check failures, due to the possibility of some
+ * attacks.
+ */
+ ret = GNUTLS_A_BAD_RECORD_MAC;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_DECOMPRESSION_FAILED:
+ ret = GNUTLS_A_DECOMPRESSION_FAILURE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
+ case GNUTLS_E_ILLEGAL_SRP_USERNAME:
+ ret = GNUTLS_A_ILLEGAL_PARAMETER;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNKNOWN_SRP_USERNAME:
+ ret = GNUTLS_A_UNKNOWN_PSK_IDENTITY;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
+ case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
+ case GNUTLS_E_ASN1_DER_ERROR:
+ case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
+ case GNUTLS_E_ASN1_GENERIC_ERROR:
+ case GNUTLS_E_ASN1_VALUE_NOT_VALID:
+ case GNUTLS_E_ASN1_TAG_ERROR:
+ case GNUTLS_E_ASN1_TAG_IMPLICIT:
+ case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
+ case GNUTLS_E_ASN1_SYNTAX_ERROR:
+ case GNUTLS_E_ASN1_DER_OVERFLOW:
+ case GNUTLS_E_CERTIFICATE_ERROR:
+ ret = GNUTLS_A_BAD_CERTIFICATE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
+ case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
+ case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
+ case GNUTLS_E_NO_CIPHER_SUITES:
+ case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
+ case GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM:
+ case GNUTLS_E_SAFE_RENEGOTIATION_FAILED:
+ case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
+ ret = GNUTLS_A_HANDSHAKE_FAILURE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
+ ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_USER_ERROR:
+ ret = GNUTLS_A_USER_CANCELED;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNEXPECTED_PACKET:
+ case GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET:
+ case GNUTLS_E_PREMATURE_TERMINATION:
+ ret = GNUTLS_A_UNEXPECTED_MESSAGE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_REHANDSHAKE:
+ case GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED:
+ ret = GNUTLS_A_NO_RENEGOTIATION;
+ _level = GNUTLS_AL_WARNING;
+ break;
+ case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
+ ret = GNUTLS_A_PROTOCOL_VERSION;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
+ ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+ ret = GNUTLS_A_RECORD_OVERFLOW;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_INTERNAL_ERROR:
+ case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
+ case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
+ ret = GNUTLS_A_INTERNAL_ERROR;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_OPENPGP_GETKEY_FAILED:
+ ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
+ case GNUTLS_E_NO_CERTIFICATE_FOUND:
+ ret = GNUTLS_A_INSUFFICIENT_SECURITY;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_NO_APPLICATION_PROTOCOL:
+ ret = GNUTLS_A_NO_APPLICATION_PROTOCOL;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ default:
+ ret = GNUTLS_A_INTERNAL_ERROR;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ }
- if (level != NULL)
- *level = _level;
+ if (level != NULL)
+ *level = _level;
- return ret;
+ return ret;
}
/**
@@ -315,19 +322,17 @@ gnutls_error_to_alert (int err, int *level)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
* an error code is returned.
*/
-int
-gnutls_alert_send_appropriate (gnutls_session_t session, int err)
+int gnutls_alert_send_appropriate(gnutls_session_t session, int err)
{
- int alert;
- int level;
+ int alert;
+ int level;
- alert = gnutls_error_to_alert (err, &level);
- if (alert < 0)
- {
- return alert;
- }
+ alert = gnutls_error_to_alert(err, &level);
+ if (alert < 0) {
+ return alert;
+ }
- return gnutls_alert_send (session, level, alert);
+ return gnutls_alert_send(session, level, alert);
}
/**
@@ -343,8 +348,7 @@ gnutls_alert_send_appropriate (gnutls_session_t session, int err)
* Returns: the last alert received, a
* #gnutls_alert_description_t value.
**/
-gnutls_alert_description_t
-gnutls_alert_get (gnutls_session_t session)
+gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session)
{
- return session->internals.last_alert;
+ return session->internals.last_alert;
}
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index dc02c3032d..ad45b68515 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -39,10 +39,10 @@
* helper function is provided in order to free (deallocate) it.
**/
void
-gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc)
+gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t sc)
{
- gnutls_free (sc);
+ gnutls_free(sc);
}
/**
@@ -55,13 +55,13 @@ gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
- sc)
+gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t *
+ sc)
{
- *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st));
+ *sc = gnutls_calloc(1, sizeof(anon_server_credentials_st));
- return 0;
+ return 0;
}
@@ -73,12 +73,13 @@ gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
* helper function is provided in order to free (deallocate) it.
**/
void
-gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc)
+gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc)
{
}
static struct gnutls_anon_client_credentials_st anon_dummy_struct;
-static const gnutls_anon_client_credentials_t anon_dummy = &anon_dummy_struct;
+static const gnutls_anon_client_credentials_t anon_dummy =
+ &anon_dummy_struct;
/**
* gnutls_anon_allocate_client_credentials:
@@ -90,15 +91,15 @@ static const gnutls_anon_client_credentials_t anon_dummy = &anon_dummy_struct;
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t *
- sc)
+gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t *
+ sc)
{
- /* anon_dummy is only there for *sc not to be null.
- * it is not used at all;
- */
- *sc = anon_dummy;
+ /* anon_dummy is only there for *sc not to be null.
+ * it is not used at all;
+ */
+ *sc = anon_dummy;
- return 0;
+ return 0;
}
/**
@@ -111,10 +112,10 @@ gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t *
* Anonymous Diffie-Hellman cipher suites.
**/
void
-gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
- gnutls_dh_params_t dh_params)
+gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res,
+ gnutls_dh_params_t dh_params)
{
- res->dh_params = dh_params;
+ res->dh_params = dh_params;
}
/**
@@ -127,10 +128,10 @@ gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
* callback should return %GNUTLS_E_SUCCESS (0) on success.
**/
void
-gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t res,
- gnutls_params_function * func)
+gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t
+ res, gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
#endif
diff --git a/lib/gnutls_asn1_tab.c b/lib/gnutls_asn1_tab.c
index 5ba1cc932b..8021f1f181 100644
--- a/lib/gnutls_asn1_tab.c
+++ b/lib/gnutls_asn1_tab.c
@@ -1,70 +1,70 @@
#if HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <libtasn1.h>
const asn1_static_node gnutls_asn1_tab[] = {
- { "GNUTLS", 536872976, NULL },
- { NULL, 1073741836, NULL },
- { "RSAPublicKey", 1610612741, NULL },
- { "modulus", 1073741827, NULL },
- { "publicExponent", 3, NULL },
- { "RSAPrivateKey", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "modulus", 1073741827, NULL },
- { "publicExponent", 1073741827, NULL },
- { "privateExponent", 1073741827, NULL },
- { "prime1", 1073741827, NULL },
- { "prime2", 1073741827, NULL },
- { "exponent1", 1073741827, NULL },
- { "exponent2", 1073741827, NULL },
- { "coefficient", 1073741827, NULL },
- { "otherPrimeInfos", 16386, "OtherPrimeInfos"},
- { "OtherPrimeInfos", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "OtherPrimeInfo"},
- { "OtherPrimeInfo", 1610612741, NULL },
- { "prime", 1073741827, NULL },
- { "exponent", 1073741827, NULL },
- { "coefficient", 3, NULL },
- { "AlgorithmIdentifier", 1610612741, NULL },
- { "algorithm", 1073741836, NULL },
- { "parameters", 541081613, NULL },
- { "algorithm", 1, NULL },
- { "DigestInfo", 1610612741, NULL },
- { "digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"},
- { "digest", 2, "Digest"},
- { "DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
- { "Digest", 1073741831, NULL },
- { "DSAPublicKey", 1073741827, NULL },
- { "DSAParameters", 1610612741, NULL },
- { "p", 1073741827, NULL },
- { "q", 1073741827, NULL },
- { "g", 3, NULL },
- { "DSASignatureValue", 1610612741, NULL },
- { "r", 1073741827, NULL },
- { "s", 3, NULL },
- { "DSAPrivateKey", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "p", 1073741827, NULL },
- { "q", 1073741827, NULL },
- { "g", 1073741827, NULL },
- { "Y", 1073741827, NULL },
- { "priv", 3, NULL },
- { "DHParameter", 1610612741, NULL },
- { "prime", 1073741827, NULL },
- { "base", 1073741827, NULL },
- { "privateValueLength", 16387, NULL },
- { "ECPoint", 1073741831, NULL },
- { "ECParameters", 1610612754, NULL },
- { "namedCurve", 12, NULL },
- { "ECPrivateKey", 536870917, NULL },
- { "Version", 1073741827, NULL },
- { "privateKey", 1073741831, NULL },
- { "parameters", 1610637314, "ECParameters"},
- { NULL, 2056, "0"},
- { "publicKey", 536895494, NULL },
- { NULL, 2056, "1"},
- { NULL, 0, NULL }
+ {"GNUTLS", 536872976, NULL},
+ {NULL, 1073741836, NULL},
+ {"RSAPublicKey", 1610612741, NULL},
+ {"modulus", 1073741827, NULL},
+ {"publicExponent", 3, NULL},
+ {"RSAPrivateKey", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"modulus", 1073741827, NULL},
+ {"publicExponent", 1073741827, NULL},
+ {"privateExponent", 1073741827, NULL},
+ {"prime1", 1073741827, NULL},
+ {"prime2", 1073741827, NULL},
+ {"exponent1", 1073741827, NULL},
+ {"exponent2", 1073741827, NULL},
+ {"coefficient", 1073741827, NULL},
+ {"otherPrimeInfos", 16386, "OtherPrimeInfos"},
+ {"OtherPrimeInfos", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "OtherPrimeInfo"},
+ {"OtherPrimeInfo", 1610612741, NULL},
+ {"prime", 1073741827, NULL},
+ {"exponent", 1073741827, NULL},
+ {"coefficient", 3, NULL},
+ {"AlgorithmIdentifier", 1610612741, NULL},
+ {"algorithm", 1073741836, NULL},
+ {"parameters", 541081613, NULL},
+ {"algorithm", 1, NULL},
+ {"DigestInfo", 1610612741, NULL},
+ {"digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"},
+ {"digest", 2, "Digest"},
+ {"DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
+ {"Digest", 1073741831, NULL},
+ {"DSAPublicKey", 1073741827, NULL},
+ {"DSAParameters", 1610612741, NULL},
+ {"p", 1073741827, NULL},
+ {"q", 1073741827, NULL},
+ {"g", 3, NULL},
+ {"DSASignatureValue", 1610612741, NULL},
+ {"r", 1073741827, NULL},
+ {"s", 3, NULL},
+ {"DSAPrivateKey", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"p", 1073741827, NULL},
+ {"q", 1073741827, NULL},
+ {"g", 1073741827, NULL},
+ {"Y", 1073741827, NULL},
+ {"priv", 3, NULL},
+ {"DHParameter", 1610612741, NULL},
+ {"prime", 1073741827, NULL},
+ {"base", 1073741827, NULL},
+ {"privateValueLength", 16387, NULL},
+ {"ECPoint", 1073741831, NULL},
+ {"ECParameters", 1610612754, NULL},
+ {"namedCurve", 12, NULL},
+ {"ECPrivateKey", 536870917, NULL},
+ {"Version", 1073741827, NULL},
+ {"privateKey", 1073741831, NULL},
+ {"parameters", 1610637314, "ECParameters"},
+ {NULL, 2056, "0"},
+ {"publicKey", 536895494, NULL},
+ {NULL, 2056, "1"},
+ {NULL, 0, NULL}
};
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 24df4579fb..106739d41d 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -41,21 +41,18 @@
*
* Clears all the credentials previously set in this session.
**/
-void
-gnutls_credentials_clear (gnutls_session_t session)
+void gnutls_credentials_clear(gnutls_session_t session)
{
- if (session->key.cred)
- { /* beginning of the list */
- auth_cred_st *ccred, *ncred;
- ccred = session->key.cred;
- while (ccred != NULL)
- {
- ncred = ccred->next;
- gnutls_free (ccred);
- ccred = ncred;
- }
- session->key.cred = NULL;
- }
+ if (session->key.cred) { /* beginning of the list */
+ auth_cred_st *ccred, *ncred;
+ ccred = session->key.cred;
+ while (ccred != NULL) {
+ ncred = ccred->next;
+ gnutls_free(ccred);
+ ccred = ncred;
+ }
+ session->key.cred = NULL;
+ }
}
/*
@@ -93,62 +90,54 @@ gnutls_credentials_clear (gnutls_session_t session)
* otherwise a negative error code is returned.
**/
int
-gnutls_credentials_set (gnutls_session_t session,
- gnutls_credentials_type_t type, void *cred)
+gnutls_credentials_set(gnutls_session_t session,
+ gnutls_credentials_type_t type, void *cred)
{
- auth_cred_st *ccred = NULL, *pcred = NULL;
- int exists = 0;
-
- if (session->key.cred == NULL)
- { /* beginning of the list */
-
- session->key.cred = gnutls_malloc (sizeof (auth_cred_st));
- if (session->key.cred == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- /* copy credentials locally */
- session->key.cred->credentials = cred;
-
- session->key.cred->next = NULL;
- session->key.cred->algorithm = type;
- }
- else
- {
- ccred = session->key.cred;
- while (ccred != NULL)
- {
- if (ccred->algorithm == type)
- {
- exists = 1;
- break;
- }
- pcred = ccred;
- ccred = ccred->next;
- }
- /* After this, pcred is not null.
- */
-
- if (exists == 0)
- { /* new entry */
- pcred->next = gnutls_malloc (sizeof (auth_cred_st));
- if (pcred->next == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- ccred = pcred->next;
-
- /* copy credentials locally */
- ccred->credentials = cred;
-
- ccred->next = NULL;
- ccred->algorithm = type;
- }
- else
- { /* modify existing entry */
- ccred->credentials = cred;
- }
- }
-
- return 0;
+ auth_cred_st *ccred = NULL, *pcred = NULL;
+ int exists = 0;
+
+ if (session->key.cred == NULL) { /* beginning of the list */
+
+ session->key.cred = gnutls_malloc(sizeof(auth_cred_st));
+ if (session->key.cred == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ /* copy credentials locally */
+ session->key.cred->credentials = cred;
+
+ session->key.cred->next = NULL;
+ session->key.cred->algorithm = type;
+ } else {
+ ccred = session->key.cred;
+ while (ccred != NULL) {
+ if (ccred->algorithm == type) {
+ exists = 1;
+ break;
+ }
+ pcred = ccred;
+ ccred = ccred->next;
+ }
+ /* After this, pcred is not null.
+ */
+
+ if (exists == 0) { /* new entry */
+ pcred->next = gnutls_malloc(sizeof(auth_cred_st));
+ if (pcred->next == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ccred = pcred->next;
+
+ /* copy credentials locally */
+ ccred->credentials = cred;
+
+ ccred->next = NULL;
+ ccred->algorithm = type;
+ } else { /* modify existing entry */
+ ccred->credentials = cred;
+ }
+ }
+
+ return 0;
}
/**
@@ -166,19 +155,18 @@ gnutls_credentials_set (gnutls_session_t session,
* Returns: The type of credentials for the current authentication
* schema, a #gnutls_credentials_type_t type.
**/
-gnutls_credentials_type_t
-gnutls_auth_get_type (gnutls_session_t session)
+gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session)
{
/* This is not the credentials we must set, but the authentication data
* we get by the peer, so it should be reversed.
*/
- int server = session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1;
+ int server =
+ session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1;
- return
- _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite),
- server);
+ return
+ _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite), server);
}
/**
@@ -193,12 +181,12 @@ gnutls_auth_get_type (gnutls_session_t session)
* schema, a #gnutls_credentials_type_t type.
**/
gnutls_credentials_type_t
-gnutls_auth_server_get_type (gnutls_session_t session)
+gnutls_auth_server_get_type(gnutls_session_t session)
{
- return
- _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite), 1);
+ return
+ _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite), 1);
}
/**
@@ -213,12 +201,12 @@ gnutls_auth_server_get_type (gnutls_session_t session)
* schema, a #gnutls_credentials_type_t type.
**/
gnutls_credentials_type_t
-gnutls_auth_client_get_type (gnutls_session_t session)
+gnutls_auth_client_get_type(gnutls_session_t session)
{
- return
- _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite), 0);
+ return
+ _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite), 0);
}
@@ -226,43 +214,42 @@ gnutls_auth_client_get_type (gnutls_session_t session)
* This returns a pointer to the linked list. Don't
* free that!!!
*/
-const void *
-_gnutls_get_kx_cred (gnutls_session_t session,
- gnutls_kx_algorithm_t algo, int *err)
+const void *_gnutls_get_kx_cred(gnutls_session_t session,
+ gnutls_kx_algorithm_t algo, int *err)
{
- int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
+ int server =
+ session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
- return _gnutls_get_cred (session,
- _gnutls_map_kx_get_cred (algo, server), err);
+ return _gnutls_get_cred(session,
+ _gnutls_map_kx_get_cred(algo, server),
+ err);
}
-const void *
-_gnutls_get_cred (gnutls_session_t session, gnutls_credentials_type_t type, int *err)
+const void *_gnutls_get_cred(gnutls_session_t session,
+ gnutls_credentials_type_t type, int *err)
{
- const void *retval = NULL;
- int _err = -1;
- auth_cred_st *ccred;
- gnutls_key_st * key = &session->key;
-
- ccred = key->cred;
- while (ccred != NULL)
- {
- if (ccred->algorithm == type)
- {
- break;
- }
- ccred = ccred->next;
- }
- if (ccred == NULL)
- goto out;
-
- _err = 0;
- retval = ccred->credentials;
-
-out:
- if (err != NULL)
- *err = _err;
- return retval;
+ const void *retval = NULL;
+ int _err = -1;
+ auth_cred_st *ccred;
+ gnutls_key_st *key = &session->key;
+
+ ccred = key->cred;
+ while (ccred != NULL) {
+ if (ccred->algorithm == type) {
+ break;
+ }
+ ccred = ccred->next;
+ }
+ if (ccred == NULL)
+ goto out;
+
+ _err = 0;
+ retval = ccred->credentials;
+
+ out:
+ if (err != NULL)
+ *err = _err;
+ return retval;
}
/*-
@@ -278,10 +265,9 @@ out:
* In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
* In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
-*/
-void *
-_gnutls_get_auth_info (gnutls_session_t session)
+void *_gnutls_get_auth_info(gnutls_session_t session)
{
- return session->key.auth_info;
+ return session->key.auth_info;
}
/*-
@@ -292,75 +278,76 @@ _gnutls_get_auth_info (gnutls_session_t session)
* null. It must be called since some structures contain malloced
* elements.
-*/
-void
-_gnutls_free_auth_info (gnutls_session_t session)
+void _gnutls_free_auth_info(gnutls_session_t session)
{
- dh_info_st *dh_info;
-
- if (session == NULL)
- {
- gnutls_assert ();
- return;
- }
-
- switch (session->key.auth_info_type)
- {
- case GNUTLS_CRD_SRP:
- break;
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info = _gnutls_get_auth_info (session);
-
- if (info == NULL)
- break;
-
- dh_info = &info->dh;
- _gnutls_free_dh_info (dh_info);
- }
- break;
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info = _gnutls_get_auth_info (session);
-
- if (info == NULL)
- break;
-
- dh_info = &info->dh;
- _gnutls_free_dh_info (dh_info);
- }
- break;
- case GNUTLS_CRD_CERTIFICATE:
- {
- unsigned int i;
- cert_auth_info_t info = _gnutls_get_auth_info (session);
-
- if (info == NULL)
- break;
-
- dh_info = &info->dh;
- for (i = 0; i < info->ncerts; i++)
- {
- _gnutls_free_datum (&info->raw_certificate_list[i]);
- }
-
- gnutls_free (info->raw_certificate_list);
- info->raw_certificate_list = NULL;
- info->ncerts = 0;
-
- _gnutls_free_dh_info (dh_info);
- }
-
-
- break;
- default:
- return;
-
- }
-
- gnutls_free (session->key.auth_info);
- session->key.auth_info = NULL;
- session->key.auth_info_size = 0;
- session->key.auth_info_type = 0;
+ dh_info_st *dh_info;
+
+ if (session == NULL) {
+ gnutls_assert();
+ return;
+ }
+
+ switch (session->key.auth_info_type) {
+ case GNUTLS_CRD_SRP:
+ break;
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info =
+ _gnutls_get_auth_info(session);
+
+ if (info == NULL)
+ break;
+
+ dh_info = &info->dh;
+ _gnutls_free_dh_info(dh_info);
+ }
+ break;
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info =
+ _gnutls_get_auth_info(session);
+
+ if (info == NULL)
+ break;
+
+ dh_info = &info->dh;
+ _gnutls_free_dh_info(dh_info);
+ }
+ break;
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ unsigned int i;
+ cert_auth_info_t info =
+ _gnutls_get_auth_info(session);
+
+ if (info == NULL)
+ break;
+
+ dh_info = &info->dh;
+ for (i = 0; i < info->ncerts; i++) {
+ _gnutls_free_datum(&info->
+ raw_certificate_list
+ [i]);
+ }
+
+ gnutls_free(info->raw_certificate_list);
+ info->raw_certificate_list = NULL;
+ info->ncerts = 0;
+
+ _gnutls_free_dh_info(dh_info);
+ }
+
+
+ break;
+ default:
+ return;
+
+ }
+
+ gnutls_free(session->key.auth_info);
+ session->key.auth_info = NULL;
+ session->key.auth_info_size = 0;
+ session->key.auth_info_type = 0;
}
@@ -370,61 +357,53 @@ _gnutls_free_auth_info (gnutls_session_t session)
* info structure to a different type.
*/
int
-_gnutls_auth_info_set (gnutls_session_t session,
- gnutls_credentials_type_t type, int size,
- int allow_change)
+_gnutls_auth_info_set(gnutls_session_t session,
+ gnutls_credentials_type_t type, int size,
+ int allow_change)
{
- if (session->key.auth_info == NULL)
- {
- session->key.auth_info = gnutls_calloc (1, size);
- if (session->key.auth_info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- session->key.auth_info_type = type;
- session->key.auth_info_size = size;
- }
- else
- {
- if (allow_change == 0)
- {
- /* If the credentials for the current authentication scheme,
- * are not the one we want to set, then it's an error.
- * This may happen if a rehandshake is performed an the
- * ciphersuite which is negotiated has different authentication
- * schema.
- */
- if (gnutls_auth_get_type (session) != session->key.auth_info_type)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- }
- else
- {
- /* The new behaviour: Here we reallocate the auth info structure
- * in order to be able to negotiate different authentication
- * types. Ie. perform an auth_anon and then authenticate again using a
- * certificate (in order to prevent revealing the certificate's contents,
- * to passive eavesdropers.
- */
- if (gnutls_auth_get_type (session) != session->key.auth_info_type)
- {
-
- _gnutls_free_auth_info (session);
-
- session->key.auth_info = calloc (1, size);
- if (session->key.auth_info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- session->key.auth_info_type = type;
- session->key.auth_info_size = size;
- }
- }
- }
- return 0;
+ if (session->key.auth_info == NULL) {
+ session->key.auth_info = gnutls_calloc(1, size);
+ if (session->key.auth_info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ session->key.auth_info_type = type;
+ session->key.auth_info_size = size;
+ } else {
+ if (allow_change == 0) {
+ /* If the credentials for the current authentication scheme,
+ * are not the one we want to set, then it's an error.
+ * This may happen if a rehandshake is performed an the
+ * ciphersuite which is negotiated has different authentication
+ * schema.
+ */
+ if (gnutls_auth_get_type(session) !=
+ session->key.auth_info_type) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ } else {
+ /* The new behaviour: Here we reallocate the auth info structure
+ * in order to be able to negotiate different authentication
+ * types. Ie. perform an auth_anon and then authenticate again using a
+ * certificate (in order to prevent revealing the certificate's contents,
+ * to passive eavesdropers.
+ */
+ if (gnutls_auth_get_type(session) !=
+ session->key.auth_info_type) {
+
+ _gnutls_free_auth_info(session);
+
+ session->key.auth_info = calloc(1, size);
+ if (session->key.auth_info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ session->key.auth_info_type = type;
+ session->key.auth_info_size = size;
+ }
+ }
+ }
+ return 0;
}
diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h
index 09fa2672b8..31c1b5efc4 100644
--- a/lib/gnutls_auth.h
+++ b/lib/gnutls_auth.h
@@ -25,35 +25,41 @@
#include <gnutls_str.h>
-typedef struct mod_auth_st_int
-{
- const char *name; /* null terminated */
- int (*gnutls_generate_server_certificate) (gnutls_session_t, gnutls_buffer_st*);
- int (*gnutls_generate_client_certificate) (gnutls_session_t, gnutls_buffer_st*);
- int (*gnutls_generate_server_kx) (gnutls_session_t, gnutls_buffer_st*);
- int (*gnutls_generate_client_kx) (gnutls_session_t, gnutls_buffer_st*); /* used in SRP */
- int (*gnutls_generate_client_crt_vrfy) (gnutls_session_t, gnutls_buffer_st *);
- int (*gnutls_generate_server_crt_request) (gnutls_session_t,
- gnutls_buffer_st *);
+typedef struct mod_auth_st_int {
+ const char *name; /* null terminated */
+ int (*gnutls_generate_server_certificate) (gnutls_session_t,
+ gnutls_buffer_st *);
+ int (*gnutls_generate_client_certificate) (gnutls_session_t,
+ gnutls_buffer_st *);
+ int (*gnutls_generate_server_kx) (gnutls_session_t,
+ gnutls_buffer_st *);
+ int (*gnutls_generate_client_kx) (gnutls_session_t, gnutls_buffer_st *); /* used in SRP */
+ int (*gnutls_generate_client_crt_vrfy) (gnutls_session_t,
+ gnutls_buffer_st *);
+ int (*gnutls_generate_server_crt_request) (gnutls_session_t,
+ gnutls_buffer_st *);
- int (*gnutls_process_server_certificate) (gnutls_session_t, uint8_t *,
- size_t);
- int (*gnutls_process_client_certificate) (gnutls_session_t, uint8_t *,
- size_t);
- int (*gnutls_process_server_kx) (gnutls_session_t, uint8_t *, size_t);
- int (*gnutls_process_client_kx) (gnutls_session_t, uint8_t *, size_t);
- int (*gnutls_process_client_crt_vrfy) (gnutls_session_t, uint8_t *, size_t);
- int (*gnutls_process_server_crt_request) (gnutls_session_t,
- uint8_t *, size_t);
+ int (*gnutls_process_server_certificate) (gnutls_session_t,
+ uint8_t *, size_t);
+ int (*gnutls_process_client_certificate) (gnutls_session_t,
+ uint8_t *, size_t);
+ int (*gnutls_process_server_kx) (gnutls_session_t, uint8_t *,
+ size_t);
+ int (*gnutls_process_client_kx) (gnutls_session_t, uint8_t *,
+ size_t);
+ int (*gnutls_process_client_crt_vrfy) (gnutls_session_t, uint8_t *,
+ size_t);
+ int (*gnutls_process_server_crt_request) (gnutls_session_t,
+ uint8_t *, size_t);
} mod_auth_st;
-const void *_gnutls_get_cred (gnutls_session_t session,
- gnutls_credentials_type_t kx, int *err);
-const void *_gnutls_get_kx_cred (gnutls_session_t session,
- gnutls_kx_algorithm_t algo, int *err);
-void *_gnutls_get_auth_info (gnutls_session_t session);
-int _gnutls_auth_info_set (gnutls_session_t session,
- gnutls_credentials_type_t type, int size,
- int allow_change);
+const void *_gnutls_get_cred(gnutls_session_t session,
+ gnutls_credentials_type_t kx, int *err);
+const void *_gnutls_get_kx_cred(gnutls_session_t session,
+ gnutls_kx_algorithm_t algo, int *err);
+void *_gnutls_get_auth_info(gnutls_session_t session);
+int _gnutls_auth_info_set(gnutls_session_t session,
+ gnutls_credentials_type_t type, int size,
+ int allow_change);
#endif
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index a327bbd981..50d0f52ca1 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -48,8 +48,8 @@
#include <gnutls_state.h>
#include <gnutls_dtls.h>
#include <system.h>
-#include <gnutls_constate.h> /* gnutls_epoch_get */
-#include <gnutls_handshake.h> /* remaining_time() */
+#include <gnutls_constate.h> /* gnutls_epoch_get */
+#include <gnutls_handshake.h> /* remaining_time() */
#include <errno.h>
#include <system.h>
#include "debug.h"
@@ -66,18 +66,19 @@
* HANDSHAKE DATA and HEARTBEAT.
*/
int
-_gnutls_record_buffer_put (gnutls_session_t session,
- content_type_t type, uint64* seq, mbuffer_st* bufel)
+_gnutls_record_buffer_put(gnutls_session_t session,
+ content_type_t type, uint64 * seq,
+ mbuffer_st * bufel)
{
- bufel->type = type;
- memcpy(&bufel->record_sequence, seq, sizeof(*seq));
+ bufel->type = type;
+ memcpy(&bufel->record_sequence, seq, sizeof(*seq));
- _mbuffer_enqueue(&session->internals.record_buffer, bufel);
- _gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n",
- (int) bufel->msg.size, (int) type);
+ _mbuffer_enqueue(&session->internals.record_buffer, bufel);
+ _gnutls_buffers_log("BUF[REC]: Inserted %d bytes of Data(%d)\n",
+ (int) bufel->msg.size, (int) type);
- return 0;
+ return 0;
}
/**
@@ -91,278 +92,269 @@ _gnutls_record_buffer_put (gnutls_session_t session,
*
* Returns: Returns the size of the data or zero.
**/
-size_t
-gnutls_record_check_pending (gnutls_session_t session)
+size_t gnutls_record_check_pending(gnutls_session_t session)
{
- return _gnutls_record_buffer_get_size (session);
+ return _gnutls_record_buffer_get_size(session);
}
int
-_gnutls_record_buffer_get (content_type_t type,
- gnutls_session_t session, uint8_t * data,
- size_t length, uint8_t seq[8])
+_gnutls_record_buffer_get(content_type_t type,
+ gnutls_session_t session, uint8_t * data,
+ size_t length, uint8_t seq[8])
{
-gnutls_datum_t msg;
-mbuffer_st* bufel;
-
- if (length == 0 || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- bufel = _mbuffer_head_get_first(&session->internals.record_buffer, &msg);
- if (bufel == NULL)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- if (type != bufel->type)
- {
- if (IS_DTLS(session))
- _gnutls_audit_log(session, "Discarded unexpected %s (%d) packet (expecting: %s (%d))\n",
- _gnutls_packet2str(bufel->type), (int)bufel->type,
- _gnutls_packet2str(type), (int)type);
- _mbuffer_head_remove_bytes(&session->internals.record_buffer, msg.size);
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
- }
-
- if (msg.size <= length)
- length = msg.size;
-
- if (seq)
- memcpy(seq, bufel->record_sequence.i, 8);
-
- memcpy(data, msg.data, length);
- _mbuffer_head_remove_bytes(&session->internals.record_buffer, length);
-
- return length;
+ gnutls_datum_t msg;
+ mbuffer_st *bufel;
+
+ if (length == 0 || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ bufel =
+ _mbuffer_head_get_first(&session->internals.record_buffer,
+ &msg);
+ if (bufel == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ if (type != bufel->type) {
+ if (IS_DTLS(session))
+ _gnutls_audit_log(session,
+ "Discarded unexpected %s (%d) packet (expecting: %s (%d))\n",
+ _gnutls_packet2str(bufel->type),
+ (int) bufel->type,
+ _gnutls_packet2str(type),
+ (int) type);
+ _mbuffer_head_remove_bytes(&session->internals.
+ record_buffer, msg.size);
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+ }
+
+ if (msg.size <= length)
+ length = msg.size;
+
+ if (seq)
+ memcpy(seq, bufel->record_sequence.i, 8);
+
+ memcpy(data, msg.data, length);
+ _mbuffer_head_remove_bytes(&session->internals.record_buffer,
+ length);
+
+ return length;
}
-inline static void
-reset_errno (gnutls_session_t session)
+inline static void reset_errno(gnutls_session_t session)
{
- session->internals.errnum = 0;
+ session->internals.errnum = 0;
}
-inline static int
-get_errno (gnutls_session_t session)
+inline static int get_errno(gnutls_session_t session)
{
-int ret;
-
- if (session->internals.errnum != 0)
- ret = session->internals.errnum;
- else
- ret = session->internals.errno_func (session->
- internals.transport_recv_ptr);
- return ret;
+ int ret;
+
+ if (session->internals.errnum != 0)
+ ret = session->internals.errnum;
+ else
+ ret =
+ session->internals.errno_func(session->internals.
+ transport_recv_ptr);
+ return ret;
}
-inline static
+inline static
int errno_to_gerr(int err)
{
- switch(err)
- {
- case EAGAIN:
- return GNUTLS_E_AGAIN;
- case EINTR:
- return GNUTLS_E_INTERRUPTED;
- case EMSGSIZE:
- return GNUTLS_E_LARGE_PACKET;
- default:
- gnutls_assert ();
- return GNUTLS_E_PUSH_ERROR;
- }
+ switch (err) {
+ case EAGAIN:
+ return GNUTLS_E_AGAIN;
+ case EINTR:
+ return GNUTLS_E_INTERRUPTED;
+ case EMSGSIZE:
+ return GNUTLS_E_LARGE_PACKET;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_PUSH_ERROR;
+ }
}
static ssize_t
-_gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
- gnutls_pull_func pull_func, unsigned int *ms)
+_gnutls_dgram_read(gnutls_session_t session, mbuffer_st ** bufel,
+ gnutls_pull_func pull_func, unsigned int *ms)
{
- ssize_t i, ret;
- uint8_t *ptr;
- struct timespec t1, t2;
- size_t max_size = get_max_decrypted_data(session);
- size_t recv_size = MAX_RECV_SIZE(session);
- gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
- unsigned int diff;
-
- if (recv_size > max_size)
- recv_size = max_size;
-
- session->internals.direction = 0;
-
- if (ms && *ms > 0)
- {
- ret = _gnutls_io_check_recv(session, *ms);
- if (ret < 0)
- return gnutls_assert_val(ret);
- gettime(&t1);
- }
-
- *bufel = _mbuffer_alloc (0, max_size);
- if (*bufel == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ptr = (*bufel)->msg.data;
-
- reset_errno (session);
- i = pull_func (fd, ptr, recv_size);
-
- if (i < 0)
- {
- int err = get_errno (session);
-
- _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n",
- (int) i, fd, errno, session->internals.errnum);
-
- ret = errno_to_gerr(err);
- goto cleanup;
- }
- else
- {
- _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd);
- if (i == 0)
- {
- /* If we get here, we likely have a stream socket.
- * FIXME: this probably breaks DCCP. */
- gnutls_assert ();
- ret = 0;
- goto cleanup;
- }
-
- _mbuffer_set_udata_size (*bufel, i);
- }
-
- if (ms && *ms > 0)
- {
- gettime(&t2);
- diff = timespec_sub_ms(&t2, &t1);
- if (diff < *ms)
- *ms -= diff;
- else
- {
- ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
- goto cleanup;
- }
- }
-
- _gnutls_read_log ("READ: read %d bytes from %p\n", (int) i, fd);
-
- return i;
-
-cleanup:
- _mbuffer_xfree(bufel);
- return ret;
+ ssize_t i, ret;
+ uint8_t *ptr;
+ struct timespec t1, t2;
+ size_t max_size = get_max_decrypted_data(session);
+ size_t recv_size = MAX_RECV_SIZE(session);
+ gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
+ unsigned int diff;
+
+ if (recv_size > max_size)
+ recv_size = max_size;
+
+ session->internals.direction = 0;
+
+ if (ms && *ms > 0) {
+ ret = _gnutls_io_check_recv(session, *ms);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ gettime(&t1);
+ }
+
+ *bufel = _mbuffer_alloc(0, max_size);
+ if (*bufel == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ptr = (*bufel)->msg.data;
+
+ reset_errno(session);
+ i = pull_func(fd, ptr, recv_size);
+
+ if (i < 0) {
+ int err = get_errno(session);
+
+ _gnutls_read_log
+ ("READ: %d returned from %p, errno=%d gerrno=%d\n",
+ (int) i, fd, errno, session->internals.errnum);
+
+ ret = errno_to_gerr(err);
+ goto cleanup;
+ } else {
+ _gnutls_read_log("READ: Got %d bytes from %p\n", (int) i,
+ fd);
+ if (i == 0) {
+ /* If we get here, we likely have a stream socket.
+ * FIXME: this probably breaks DCCP. */
+ gnutls_assert();
+ ret = 0;
+ goto cleanup;
+ }
+
+ _mbuffer_set_udata_size(*bufel, i);
+ }
+
+ if (ms && *ms > 0) {
+ gettime(&t2);
+ diff = timespec_sub_ms(&t2, &t1);
+ if (diff < *ms)
+ *ms -= diff;
+ else {
+ ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
+ goto cleanup;
+ }
+ }
+
+ _gnutls_read_log("READ: read %d bytes from %p\n", (int) i, fd);
+
+ return i;
+
+ cleanup:
+ _mbuffer_xfree(bufel);
+ return ret;
}
static ssize_t
-_gnutls_stream_read (gnutls_session_t session, mbuffer_st **bufel,
- size_t size, gnutls_pull_func pull_func, unsigned int *ms)
+_gnutls_stream_read(gnutls_session_t session, mbuffer_st ** bufel,
+ size_t size, gnutls_pull_func pull_func,
+ unsigned int *ms)
{
- size_t left;
- ssize_t i = 0;
- size_t max_size = get_max_decrypted_data(session);
- uint8_t *ptr;
- gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
- int ret;
- struct timespec t1, t2;
- unsigned int diff;
-
- session->internals.direction = 0;
-
- *bufel = _mbuffer_alloc (0, MAX(max_size, size));
- if (!*bufel)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- ptr = (*bufel)->msg.data;
-
- left = size;
- while (left > 0)
- {
- if (ms && *ms > 0)
- {
- ret = _gnutls_io_check_recv(session, *ms);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- gettime(&t1);
- }
-
- reset_errno (session);
-
- i = pull_func (fd, &ptr[size - left], left);
-
- if (i < 0)
- {
- int err = get_errno (session);
-
- _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n",
- (int) i, fd, errno, session->internals.errnum);
-
- if (err == EAGAIN || err == EINTR)
- {
- if (size - left > 0)
- {
-
- _gnutls_read_log ("READ: returning %d bytes from %p\n",
- (int) (size - left), fd);
-
- goto finish;
- }
-
- ret = errno_to_gerr(err);
- goto cleanup;
- }
- else
- {
- gnutls_assert ();
- ret = GNUTLS_E_PULL_ERROR;
- goto cleanup;
- }
- }
- else
- {
-
- _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd);
-
- if (i == 0)
- break; /* EOF */
- }
-
- left -= i;
- (*bufel)->msg.size += i;
-
- if (ms && *ms > 0)
- {
- gettime(&t2);
- diff = timespec_sub_ms(&t2, &t1);
- if (diff < *ms)
- *ms -= diff;
- else
- {
- ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
- goto cleanup;
- }
- }
- }
-
-finish:
-
- _gnutls_read_log ("READ: read %d bytes from %p\n",
- (int) (size - left), fd);
-
- if (size - left == 0)
- _mbuffer_xfree(bufel);
-
- return (size - left);
-
-cleanup:
- _mbuffer_xfree(bufel);
- return ret;
+ size_t left;
+ ssize_t i = 0;
+ size_t max_size = get_max_decrypted_data(session);
+ uint8_t *ptr;
+ gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
+ int ret;
+ struct timespec t1, t2;
+ unsigned int diff;
+
+ session->internals.direction = 0;
+
+ *bufel = _mbuffer_alloc(0, MAX(max_size, size));
+ if (!*bufel) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ ptr = (*bufel)->msg.data;
+
+ left = size;
+ while (left > 0) {
+ if (ms && *ms > 0) {
+ ret = _gnutls_io_check_recv(session, *ms);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ gettime(&t1);
+ }
+
+ reset_errno(session);
+
+ i = pull_func(fd, &ptr[size - left], left);
+
+ if (i < 0) {
+ int err = get_errno(session);
+
+ _gnutls_read_log
+ ("READ: %d returned from %p, errno=%d gerrno=%d\n",
+ (int) i, fd, errno,
+ session->internals.errnum);
+
+ if (err == EAGAIN || err == EINTR) {
+ if (size - left > 0) {
+
+ _gnutls_read_log
+ ("READ: returning %d bytes from %p\n",
+ (int) (size - left), fd);
+
+ goto finish;
+ }
+
+ ret = errno_to_gerr(err);
+ goto cleanup;
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_PULL_ERROR;
+ goto cleanup;
+ }
+ } else {
+
+ _gnutls_read_log("READ: Got %d bytes from %p\n",
+ (int) i, fd);
+
+ if (i == 0)
+ break; /* EOF */
+ }
+
+ left -= i;
+ (*bufel)->msg.size += i;
+
+ if (ms && *ms > 0) {
+ gettime(&t2);
+ diff = timespec_sub_ms(&t2, &t1);
+ if (diff < *ms)
+ *ms -= diff;
+ else {
+ ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
+ goto cleanup;
+ }
+ }
+ }
+
+ finish:
+
+ _gnutls_read_log("READ: read %d bytes from %p\n",
+ (int) (size - left), fd);
+
+ if (size - left == 0)
+ _mbuffer_xfree(bufel);
+
+ return (size - left);
+
+ cleanup:
+ _mbuffer_xfree(bufel);
+ return ret;
}
@@ -372,66 +364,68 @@ cleanup:
* Flags are only used if the default recv() function is being used.
*/
static ssize_t
-_gnutls_read (gnutls_session_t session, mbuffer_st **bufel,
- size_t size, gnutls_pull_func pull_func, unsigned int *ms)
+_gnutls_read(gnutls_session_t session, mbuffer_st ** bufel,
+ size_t size, gnutls_pull_func pull_func, unsigned int *ms)
{
- if (IS_DTLS (session))
- /* Size is not passed, since a whole datagram will be read. */
- return _gnutls_dgram_read (session, bufel, pull_func, ms);
- else
- return _gnutls_stream_read (session, bufel, size, pull_func, ms);
+ if (IS_DTLS(session))
+ /* Size is not passed, since a whole datagram will be read. */
+ return _gnutls_dgram_read(session, bufel, pull_func, ms);
+ else
+ return _gnutls_stream_read(session, bufel, size, pull_func,
+ ms);
}
static ssize_t
-_gnutls_writev_emu (gnutls_session_t session, gnutls_transport_ptr_t fd, const giovec_t * giovec,
- unsigned int giovec_cnt)
+_gnutls_writev_emu(gnutls_session_t session, gnutls_transport_ptr_t fd,
+ const giovec_t * giovec, unsigned int giovec_cnt)
{
- unsigned int j = 0;
- size_t total = 0;
- ssize_t ret = 0;
+ unsigned int j = 0;
+ size_t total = 0;
+ ssize_t ret = 0;
- for (j = 0; j < giovec_cnt; j++)
- {
- ret = session->internals.push_func (fd, giovec[j].iov_base, giovec[j].iov_len);
+ for (j = 0; j < giovec_cnt; j++) {
+ ret =
+ session->internals.push_func(fd, giovec[j].iov_base,
+ giovec[j].iov_len);
- if (ret == -1)
- break;
+ if (ret == -1)
+ break;
- total += ret;
+ total += ret;
- if ((size_t)ret != giovec[j].iov_len)
- break;
- }
+ if ((size_t) ret != giovec[j].iov_len)
+ break;
+ }
- if (total > 0)
- return total;
+ if (total > 0)
+ return total;
- return ret;
+ return ret;
}
static ssize_t
-_gnutls_writev (gnutls_session_t session, const giovec_t * giovec,
- int giovec_cnt)
+_gnutls_writev(gnutls_session_t session, const giovec_t * giovec,
+ int giovec_cnt)
{
- int i;
- gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
+ int i;
+ gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
- reset_errno (session);
+ reset_errno(session);
- if (session->internals.push_func != NULL)
- i = _gnutls_writev_emu (session, fd, giovec, giovec_cnt);
- else
- i = session->internals.vec_push_func (fd, giovec, giovec_cnt);
+ if (session->internals.push_func != NULL)
+ i = _gnutls_writev_emu(session, fd, giovec, giovec_cnt);
+ else
+ i = session->internals.vec_push_func(fd, giovec,
+ giovec_cnt);
- if (i == -1)
- {
- int err = get_errno (session);
- _gnutls_debug_log ("errno: %d\n", err);
+ if (i == -1) {
+ int err = get_errno(session);
+ _gnutls_debug_log("errno: %d\n", err);
- return errno_to_gerr(err);
- }
- return i;
+ return errno_to_gerr(err);
+ }
+ return i;
}
/*
@@ -450,91 +444,92 @@ _gnutls_writev (gnutls_session_t session, const giovec_t * giovec,
*
*/
ssize_t
-_gnutls_io_read_buffered (gnutls_session_t session, size_t total,
- content_type_t recv_type, unsigned int *ms)
+_gnutls_io_read_buffered(gnutls_session_t session, size_t total,
+ content_type_t recv_type, unsigned int *ms)
{
- ssize_t ret;
- size_t min;
- mbuffer_st *bufel = NULL;
- size_t recvdata, readsize;
-
- if (total > MAX_RECV_SIZE(session) || total == 0)
- {
- gnutls_assert (); /* internal error */
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* calculate the actual size, ie. get the minimum of the
- * buffered data and the requested data.
- */
- min = MIN (session->internals.record_recv_buffer.byte_length, total);
- if (min > 0)
- {
- /* if we have enough buffered data
- * then just return them.
- */
- if (min == total)
- {
- return min;
- }
- }
-
- /* min is over zero. recvdata is the data we must
- * receive in order to return the requested data.
- */
- recvdata = total - min;
- readsize = recvdata;
-
- /* Check if the previously read data plus the new data to
- * receive are longer than the maximum receive buffer size.
- */
- if ((session->internals.record_recv_buffer.byte_length + recvdata) >
- MAX_RECV_SIZE(session))
- {
- gnutls_assert (); /* internal error */
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* READ DATA
- */
- if (readsize > 0)
- {
- ret =
- _gnutls_read (session, &bufel, readsize,
- session->internals.pull_func, ms);
-
- /* return immediately if we got an interrupt or eagain
- * error.
- */
- if (ret < 0)
- {
- return gnutls_assert_val(ret);
- }
-
- if (ret == 0) /* EOF */
- return gnutls_assert_val(0);
-
- /* copy fresh data to our buffer.
- */
- _gnutls_read_log
- ("RB: Have %d bytes into buffer. Adding %d bytes.\n",
- (int) session->internals.record_recv_buffer.byte_length, (int) ret);
- _gnutls_read_log ("RB: Requested %d bytes\n", (int) total);
-
- _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel);
-
- if(IS_DTLS(session))
- ret = MIN(total, session->internals.record_recv_buffer.byte_length);
- else
- ret = session->internals.record_recv_buffer.byte_length;
-
- if ((ret > 0) && ((size_t) ret < total)) /* Short Read */
- return gnutls_assert_val(GNUTLS_E_AGAIN);
- else
- return ret;
- }
- else
- return gnutls_assert_val(0);
+ ssize_t ret;
+ size_t min;
+ mbuffer_st *bufel = NULL;
+ size_t recvdata, readsize;
+
+ if (total > MAX_RECV_SIZE(session) || total == 0) {
+ gnutls_assert(); /* internal error */
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* calculate the actual size, ie. get the minimum of the
+ * buffered data and the requested data.
+ */
+ min =
+ MIN(session->internals.record_recv_buffer.byte_length, total);
+ if (min > 0) {
+ /* if we have enough buffered data
+ * then just return them.
+ */
+ if (min == total) {
+ return min;
+ }
+ }
+
+ /* min is over zero. recvdata is the data we must
+ * receive in order to return the requested data.
+ */
+ recvdata = total - min;
+ readsize = recvdata;
+
+ /* Check if the previously read data plus the new data to
+ * receive are longer than the maximum receive buffer size.
+ */
+ if ((session->internals.record_recv_buffer.byte_length +
+ recvdata) > MAX_RECV_SIZE(session)) {
+ gnutls_assert(); /* internal error */
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* READ DATA
+ */
+ if (readsize > 0) {
+ ret =
+ _gnutls_read(session, &bufel, readsize,
+ session->internals.pull_func, ms);
+
+ /* return immediately if we got an interrupt or eagain
+ * error.
+ */
+ if (ret < 0) {
+ return gnutls_assert_val(ret);
+ }
+
+ if (ret == 0) /* EOF */
+ return gnutls_assert_val(0);
+
+ /* copy fresh data to our buffer.
+ */
+ _gnutls_read_log
+ ("RB: Have %d bytes into buffer. Adding %d bytes.\n",
+ (int) session->internals.record_recv_buffer.
+ byte_length, (int) ret);
+ _gnutls_read_log("RB: Requested %d bytes\n", (int) total);
+
+ _mbuffer_enqueue(&session->internals.record_recv_buffer,
+ bufel);
+
+ if (IS_DTLS(session))
+ ret =
+ MIN(total,
+ session->internals.record_recv_buffer.
+ byte_length);
+ else
+ ret =
+ session->internals.record_recv_buffer.
+ byte_length;
+
+ if ((ret > 0) && ((size_t) ret < total)) /* Short Read */
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
+ else
+ return ret;
+ } else
+ return gnutls_assert_val(0);
}
/* This function is like write. But it does not return -1 on error.
@@ -551,106 +546,98 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
*
*/
ssize_t
-_gnutls_io_write_buffered (gnutls_session_t session,
- mbuffer_st * bufel, unsigned int mflag)
+_gnutls_io_write_buffered(gnutls_session_t session,
+ mbuffer_st * bufel, unsigned int mflag)
{
- mbuffer_head_st *const send_buffer = &session->internals.record_send_buffer;
+ mbuffer_head_st *const send_buffer =
+ &session->internals.record_send_buffer;
- /* to know where the procedure was interrupted.
- */
- session->internals.direction = 1;
+ /* to know where the procedure was interrupted.
+ */
+ session->internals.direction = 1;
- _mbuffer_enqueue (send_buffer, bufel);
+ _mbuffer_enqueue(send_buffer, bufel);
- _gnutls_write_log
- ("WRITE: enqueued %d bytes for %p. Total %d bytes.\n",
- (int) bufel->msg.size, session->internals.transport_recv_ptr,
- (int) send_buffer->byte_length);
+ _gnutls_write_log
+ ("WRITE: enqueued %d bytes for %p. Total %d bytes.\n",
+ (int) bufel->msg.size, session->internals.transport_recv_ptr,
+ (int) send_buffer->byte_length);
- if (mflag == MBUFFER_FLUSH)
- return _gnutls_io_write_flush (session);
- else
- return bufel->msg.size;
+ if (mflag == MBUFFER_FLUSH)
+ return _gnutls_io_write_flush(session);
+ else
+ return bufel->msg.size;
}
-typedef ssize_t (*send_func) (gnutls_session_t, const giovec_t *, int);
+typedef ssize_t(*send_func) (gnutls_session_t, const giovec_t *, int);
/* This function writes the data that are left in the
* TLS write buffer (ie. because the previous write was
* interrupted.
*/
-ssize_t
-_gnutls_io_write_flush (gnutls_session_t session)
+ssize_t _gnutls_io_write_flush(gnutls_session_t session)
{
- gnutls_datum_t msg;
- mbuffer_head_st *send_buffer = &session->internals.record_send_buffer;
- int ret;
- ssize_t sent = 0, tosend = 0;
- giovec_t iovec[MAX_QUEUE];
- int i = 0;
- mbuffer_st *cur;
-
- _gnutls_write_log ("WRITE FLUSH: %d bytes in buffer.\n",
- (int) send_buffer->byte_length);
-
- for (cur = _mbuffer_head_get_first (send_buffer, &msg);
- cur != NULL; cur = _mbuffer_head_get_next (cur, &msg))
- {
- iovec[i].iov_base = msg.data;
- iovec[i++].iov_len = msg.size;
- tosend += msg.size;
-
- /* we buffer up to MAX_QUEUE messages */
- if (i >= MAX_QUEUE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- }
-
- if (tosend == 0)
- {
- gnutls_assert();
- return 0;
- }
-
- ret = _gnutls_writev (session, iovec, i);
- if (ret >= 0)
- {
- _mbuffer_head_remove_bytes (send_buffer, ret);
- _gnutls_write_log ("WRITE: wrote %d bytes, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
-
- sent += ret;
- }
- else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN)
- {
- _gnutls_write_log ("WRITE interrupted: %d bytes left.\n",
- (int) send_buffer->byte_length);
- return ret;
- }
- else if (ret == GNUTLS_E_LARGE_PACKET)
- {
- _mbuffer_head_remove_bytes (send_buffer, tosend);
- _gnutls_write_log ("WRITE cannot send large packet (%u bytes).\n",
- (unsigned int) tosend);
- return ret;
- }
- else
- {
- _gnutls_write_log ("WRITE error: code %d, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
-
- gnutls_assert ();
- return ret;
- }
-
- if (sent < tosend)
- {
- return gnutls_assert_val(GNUTLS_E_AGAIN);
- }
-
- return sent;
+ gnutls_datum_t msg;
+ mbuffer_head_st *send_buffer =
+ &session->internals.record_send_buffer;
+ int ret;
+ ssize_t sent = 0, tosend = 0;
+ giovec_t iovec[MAX_QUEUE];
+ int i = 0;
+ mbuffer_st *cur;
+
+ _gnutls_write_log("WRITE FLUSH: %d bytes in buffer.\n",
+ (int) send_buffer->byte_length);
+
+ for (cur = _mbuffer_head_get_first(send_buffer, &msg);
+ cur != NULL; cur = _mbuffer_head_get_next(cur, &msg)) {
+ iovec[i].iov_base = msg.data;
+ iovec[i++].iov_len = msg.size;
+ tosend += msg.size;
+
+ /* we buffer up to MAX_QUEUE messages */
+ if (i >= MAX_QUEUE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+
+ if (tosend == 0) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret = _gnutls_writev(session, iovec, i);
+ if (ret >= 0) {
+ _mbuffer_head_remove_bytes(send_buffer, ret);
+ _gnutls_write_log
+ ("WRITE: wrote %d bytes, %d bytes left.\n", ret,
+ (int) send_buffer->byte_length);
+
+ sent += ret;
+ } else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
+ _gnutls_write_log("WRITE interrupted: %d bytes left.\n",
+ (int) send_buffer->byte_length);
+ return ret;
+ } else if (ret == GNUTLS_E_LARGE_PACKET) {
+ _mbuffer_head_remove_bytes(send_buffer, tosend);
+ _gnutls_write_log
+ ("WRITE cannot send large packet (%u bytes).\n",
+ (unsigned int) tosend);
+ return ret;
+ } else {
+ _gnutls_write_log("WRITE error: code %d, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
+
+ gnutls_assert();
+ return ret;
+ }
+
+ if (sent < tosend) {
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
+ }
+
+ return sent;
}
/* Checks whether there are received data within
@@ -659,30 +646,31 @@ _gnutls_io_write_flush (gnutls_session_t session)
* Returns 0 if data were received, GNUTLS_E_TIMEDOUT
* on timeout and a negative error code on error.
*/
-int
-_gnutls_io_check_recv (gnutls_session_t session, unsigned int ms)
+int _gnutls_io_check_recv(gnutls_session_t session, unsigned int ms)
{
- gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
- int ret = 0, err;
-
- if (unlikely(session->internals.pull_timeout_func == system_recv_timeout &&
- session->internals.pull_func != system_read))
- return gnutls_assert_val(GNUTLS_E_PULL_ERROR);
-
- reset_errno (session);
-
- ret = session->internals.pull_timeout_func(fd, ms);
- if (ret == -1)
- {
- err = get_errno (session);
- _gnutls_read_log ("READ_TIMEOUT: %d returned from %p, errno=%d (timeout: %u)\n",
- (int) ret, fd, err, ms);
- return errno_to_gerr(err);
- }
-
- if (ret > 0)
- return 0;
- else return GNUTLS_E_TIMEDOUT;
+ gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
+ int ret = 0, err;
+
+ if (unlikely
+ (session->internals.pull_timeout_func == system_recv_timeout
+ && session->internals.pull_func != system_read))
+ return gnutls_assert_val(GNUTLS_E_PULL_ERROR);
+
+ reset_errno(session);
+
+ ret = session->internals.pull_timeout_func(fd, ms);
+ if (ret == -1) {
+ err = get_errno(session);
+ _gnutls_read_log
+ ("READ_TIMEOUT: %d returned from %p, errno=%d (timeout: %u)\n",
+ (int) ret, fd, err, ms);
+ return errno_to_gerr(err);
+ }
+
+ if (ret > 0)
+ return 0;
+ else
+ return GNUTLS_E_TIMEDOUT;
}
/* HANDSHAKE buffers part
@@ -693,56 +681,53 @@ _gnutls_io_check_recv (gnutls_session_t session, unsigned int ms)
* interrupted.
*
*/
-ssize_t
-_gnutls_handshake_io_write_flush (gnutls_session_t session)
+ssize_t _gnutls_handshake_io_write_flush(gnutls_session_t session)
{
- mbuffer_head_st *const send_buffer =
- &session->internals.handshake_send_buffer;
- gnutls_datum_t msg;
- int ret;
- uint16_t epoch;
- ssize_t total = 0;
- mbuffer_st *cur;
-
- _gnutls_write_log ("HWRITE FLUSH: %d bytes in buffer.\n",
- (int) send_buffer->byte_length);
-
- if (IS_DTLS(session))
- return _dtls_transmit(session);
-
- for (cur = _mbuffer_head_get_first (send_buffer, &msg);
- cur != NULL; cur = _mbuffer_head_get_first (send_buffer, &msg))
- {
- epoch = cur->epoch;
-
- ret = _gnutls_send_int (session, cur->type,
- cur->htype,
- epoch,
- msg.data, msg.size, 0);
-
- if (ret >= 0)
- {
- total += ret;
-
- ret = _mbuffer_head_remove_bytes (send_buffer, ret);
- if (ret == 1)
- _gnutls_epoch_refcount_dec(session, epoch);
-
- _gnutls_write_log ("HWRITE: wrote %d bytes, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
-
- }
- else
- {
- _gnutls_write_log ("HWRITE error: code %d, %d bytes left.\n",
- ret, (int) send_buffer->byte_length);
-
- gnutls_assert ();
- return ret;
- }
- }
-
- return _gnutls_io_write_flush (session);
+ mbuffer_head_st *const send_buffer =
+ &session->internals.handshake_send_buffer;
+ gnutls_datum_t msg;
+ int ret;
+ uint16_t epoch;
+ ssize_t total = 0;
+ mbuffer_st *cur;
+
+ _gnutls_write_log("HWRITE FLUSH: %d bytes in buffer.\n",
+ (int) send_buffer->byte_length);
+
+ if (IS_DTLS(session))
+ return _dtls_transmit(session);
+
+ for (cur = _mbuffer_head_get_first(send_buffer, &msg);
+ cur != NULL; cur = _mbuffer_head_get_first(send_buffer, &msg))
+ {
+ epoch = cur->epoch;
+
+ ret = _gnutls_send_int(session, cur->type,
+ cur->htype,
+ epoch, msg.data, msg.size, 0);
+
+ if (ret >= 0) {
+ total += ret;
+
+ ret = _mbuffer_head_remove_bytes(send_buffer, ret);
+ if (ret == 1)
+ _gnutls_epoch_refcount_dec(session, epoch);
+
+ _gnutls_write_log
+ ("HWRITE: wrote %d bytes, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
+
+ } else {
+ _gnutls_write_log
+ ("HWRITE error: code %d, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
+
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ return _gnutls_io_write_flush(session);
}
@@ -751,275 +736,327 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session)
*
*/
int
-_gnutls_handshake_io_cache_int (gnutls_session_t session,
- gnutls_handshake_description_t htype,
- mbuffer_st * bufel)
+_gnutls_handshake_io_cache_int(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ mbuffer_st * bufel)
{
- mbuffer_head_st * send_buffer;
-
- if (IS_DTLS(session))
- {
- bufel->handshake_sequence = session->internals.dtls.hsk_write_seq-1;
- }
-
- send_buffer =
- &session->internals.handshake_send_buffer;
-
- bufel->epoch = (uint16_t)_gnutls_epoch_refcount_inc(session, EPOCH_WRITE_CURRENT);
- bufel->htype = htype;
- if (bufel->htype == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC)
- bufel->type = GNUTLS_CHANGE_CIPHER_SPEC;
- else
- bufel->type = GNUTLS_HANDSHAKE;
-
- _mbuffer_enqueue (send_buffer, bufel);
-
- _gnutls_write_log
- ("HWRITE: enqueued [%s] %d. Total %d bytes.\n",
- _gnutls_handshake2str (bufel->htype), (int) bufel->msg.size, (int) send_buffer->byte_length);
-
- return 0;
+ mbuffer_head_st *send_buffer;
+
+ if (IS_DTLS(session)) {
+ bufel->handshake_sequence =
+ session->internals.dtls.hsk_write_seq - 1;
+ }
+
+ send_buffer = &session->internals.handshake_send_buffer;
+
+ bufel->epoch =
+ (uint16_t) _gnutls_epoch_refcount_inc(session,
+ EPOCH_WRITE_CURRENT);
+ bufel->htype = htype;
+ if (bufel->htype == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC)
+ bufel->type = GNUTLS_CHANGE_CIPHER_SPEC;
+ else
+ bufel->type = GNUTLS_HANDSHAKE;
+
+ _mbuffer_enqueue(send_buffer, bufel);
+
+ _gnutls_write_log
+ ("HWRITE: enqueued [%s] %d. Total %d bytes.\n",
+ _gnutls_handshake2str(bufel->htype), (int) bufel->msg.size,
+ (int) send_buffer->byte_length);
+
+ return 0;
}
-static int handshake_compare(const void* _e1, const void* _e2)
+static int handshake_compare(const void *_e1, const void *_e2)
{
-const handshake_buffer_st* e1 = _e1;
-const handshake_buffer_st* e2 = _e2;
+ const handshake_buffer_st *e1 = _e1;
+ const handshake_buffer_st *e2 = _e2;
- if (e1->sequence <= e2->sequence)
- return 1;
- else
- return -1;
+ if (e1->sequence <= e2->sequence)
+ return 1;
+ else
+ return -1;
}
#define SSL2_HEADERS 1
static int
-parse_handshake_header (gnutls_session_t session, mbuffer_st* bufel,
- handshake_buffer_st* hsk)
+parse_handshake_header(gnutls_session_t session, mbuffer_st * bufel,
+ handshake_buffer_st * hsk)
{
- uint8_t *dataptr = NULL; /* for realloc */
- size_t handshake_header_size = HANDSHAKE_HEADER_SIZE(session), data_size;
-
- /* Note: SSL2_HEADERS == 1 */
- if (_mbuffer_get_udata_size(bufel) < handshake_header_size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- dataptr = _mbuffer_get_udata_ptr(bufel);
-
- /* if reading a client hello of SSLv2 */
- if (unlikely(!IS_DTLS(session) && bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2))
- {
- handshake_header_size = SSL2_HEADERS; /* we've already read one byte */
-
- hsk->length = _mbuffer_get_udata_size(bufel) - handshake_header_size; /* we've read the first byte */
-
- if (dataptr[0] != GNUTLS_HANDSHAKE_CLIENT_HELLO)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
-
- hsk->htype = GNUTLS_HANDSHAKE_CLIENT_HELLO_V2;
-
- hsk->sequence = 0;
- hsk->start_offset = 0;
- hsk->end_offset = hsk->length;
- }
- else /* TLS or DTLS handshake headers */
- {
-
- hsk->htype = dataptr[0];
-
- /* we do not use DECR_LEN because we know
- * that the packet has enough data.
- */
- hsk->length = _gnutls_read_uint24 (&dataptr[1]);
- handshake_header_size = HANDSHAKE_HEADER_SIZE(session);
-
- if (IS_DTLS(session))
- {
- hsk->sequence = _gnutls_read_uint16 (&dataptr[4]);
- hsk->start_offset = _gnutls_read_uint24 (&dataptr[6]);
- hsk->end_offset = hsk->start_offset + _gnutls_read_uint24 (&dataptr[9]);
- }
- else
- {
- hsk->sequence = 0;
- hsk->start_offset = 0;
- hsk->end_offset = MIN((_mbuffer_get_udata_size(bufel) - handshake_header_size), hsk->length);
- }
- }
- data_size = _mbuffer_get_udata_size(bufel) - handshake_header_size;
-
- /* make the length offset */
- if (hsk->end_offset > 0) hsk->end_offset--;
-
- _gnutls_handshake_log ("HSK[%p]: %s (%u) was received. Length %d[%d], frag offset %d, frag length: %d, sequence: %d\n",
- session, _gnutls_handshake2str (hsk->htype), (unsigned)hsk->htype,
- (int) hsk->length, (int)data_size, hsk->start_offset, hsk->end_offset-hsk->start_offset+1, (int)hsk->sequence);
-
- hsk->header_size = handshake_header_size;
- memcpy(hsk->header, _mbuffer_get_udata_ptr(bufel), handshake_header_size);
-
- if (hsk->length > 0 &&
- (hsk->end_offset-hsk->start_offset >= data_size))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (hsk->length > 0 && (hsk->start_offset >= hsk->end_offset ||
- hsk->end_offset-hsk->start_offset >= data_size ||
- hsk->end_offset >= hsk->length))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- else if (hsk->length == 0 && hsk->end_offset != 0 && hsk->start_offset != 0)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- return handshake_header_size;
+ uint8_t *dataptr = NULL; /* for realloc */
+ size_t handshake_header_size =
+ HANDSHAKE_HEADER_SIZE(session), data_size;
+
+ /* Note: SSL2_HEADERS == 1 */
+ if (_mbuffer_get_udata_size(bufel) < handshake_header_size)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ dataptr = _mbuffer_get_udata_ptr(bufel);
+
+ /* if reading a client hello of SSLv2 */
+ if (unlikely
+ (!IS_DTLS(session)
+ && bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)) {
+ handshake_header_size = SSL2_HEADERS; /* we've already read one byte */
+
+ hsk->length = _mbuffer_get_udata_size(bufel) - handshake_header_size; /* we've read the first byte */
+
+ if (dataptr[0] != GNUTLS_HANDSHAKE_CLIENT_HELLO)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+
+ hsk->htype = GNUTLS_HANDSHAKE_CLIENT_HELLO_V2;
+
+ hsk->sequence = 0;
+ hsk->start_offset = 0;
+ hsk->end_offset = hsk->length;
+ } else { /* TLS or DTLS handshake headers */
+
+
+ hsk->htype = dataptr[0];
+
+ /* we do not use DECR_LEN because we know
+ * that the packet has enough data.
+ */
+ hsk->length = _gnutls_read_uint24(&dataptr[1]);
+ handshake_header_size = HANDSHAKE_HEADER_SIZE(session);
+
+ if (IS_DTLS(session)) {
+ hsk->sequence = _gnutls_read_uint16(&dataptr[4]);
+ hsk->start_offset =
+ _gnutls_read_uint24(&dataptr[6]);
+ hsk->end_offset =
+ hsk->start_offset +
+ _gnutls_read_uint24(&dataptr[9]);
+ } else {
+ hsk->sequence = 0;
+ hsk->start_offset = 0;
+ hsk->end_offset =
+ MIN((_mbuffer_get_udata_size(bufel) -
+ handshake_header_size), hsk->length);
+ }
+ }
+ data_size = _mbuffer_get_udata_size(bufel) - handshake_header_size;
+
+ /* make the length offset */
+ if (hsk->end_offset > 0)
+ hsk->end_offset--;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: %s (%u) was received. Length %d[%d], frag offset %d, frag length: %d, sequence: %d\n",
+ session, _gnutls_handshake2str(hsk->htype),
+ (unsigned) hsk->htype, (int) hsk->length, (int) data_size,
+ hsk->start_offset, hsk->end_offset - hsk->start_offset + 1,
+ (int) hsk->sequence);
+
+ hsk->header_size = handshake_header_size;
+ memcpy(hsk->header, _mbuffer_get_udata_ptr(bufel),
+ handshake_header_size);
+
+ if (hsk->length > 0 &&
+ (hsk->end_offset - hsk->start_offset >= data_size))
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (hsk->length > 0 && (hsk->start_offset >= hsk->end_offset ||
+ hsk->end_offset - hsk->start_offset >=
+ data_size
+ || hsk->end_offset >= hsk->length))
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ else if (hsk->length == 0 && hsk->end_offset != 0
+ && hsk->start_offset != 0)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ return handshake_header_size;
}
-static void _gnutls_handshake_buffer_move(handshake_buffer_st* dst, handshake_buffer_st* src)
+static void _gnutls_handshake_buffer_move(handshake_buffer_st * dst,
+ handshake_buffer_st * src)
{
- memcpy(dst, src, sizeof(*dst));
- memset(src, 0, sizeof(*src));
- src->htype = -1;
+ memcpy(dst, src, sizeof(*dst));
+ memset(src, 0, sizeof(*src));
+ src->htype = -1;
}
/* will merge the given handshake_buffer_st to the handshake_recv_buffer
* list. The given hsk packet will be released in any case (success or failure).
* Only used in DTLS.
*/
-static int merge_handshake_packet(gnutls_session_t session, handshake_buffer_st* hsk)
+static int merge_handshake_packet(gnutls_session_t session,
+ handshake_buffer_st * hsk)
{
-int exists = 0, i, pos = 0;
-int ret;
-
- for (i=0;i<session->internals.handshake_recv_buffer_size;i++)
- {
- if (session->internals.handshake_recv_buffer[i].htype == hsk->htype)
- {
- exists = 1;
- pos = i;
- break;
- }
- }
-
- if (exists == 0)
- pos = session->internals.handshake_recv_buffer_size;
-
- if (pos > MAX_HANDSHAKE_MSGS)
- return gnutls_assert_val(GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS);
-
- if (exists == 0)
- {
- if (hsk->length > 0 && hsk->end_offset > 0 && hsk->end_offset-hsk->start_offset+1 != hsk->length)
- {
- ret = _gnutls_buffer_resize(&hsk->data, hsk->length);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- hsk->data.length = hsk->length;
-
- memmove(&hsk->data.data[hsk->start_offset], hsk->data.data, hsk->end_offset-hsk->start_offset+1);
- }
-
- session->internals.handshake_recv_buffer_size++;
-
- /* rewrite headers to make them look as each packet came as a single fragment */
- _gnutls_write_uint24(hsk->length, &hsk->header[1]);
- _gnutls_write_uint24(0, &hsk->header[6]);
- _gnutls_write_uint24(hsk->length, &hsk->header[9]);
-
- _gnutls_handshake_buffer_move(&session->internals.handshake_recv_buffer[pos], hsk);
-
- }
- else
- {
- if (hsk->start_offset < session->internals.handshake_recv_buffer[pos].start_offset &&
- hsk->end_offset >= session->internals.handshake_recv_buffer[pos].start_offset)
- {
- memcpy(&session->internals.handshake_recv_buffer[pos].data.data[hsk->start_offset],
- hsk->data.data, hsk->data.length);
- session->internals.handshake_recv_buffer[pos].start_offset = hsk->start_offset;
- session->internals.handshake_recv_buffer[pos].end_offset =
- MIN(hsk->end_offset, session->internals.handshake_recv_buffer[pos].end_offset);
- }
- else if (hsk->end_offset > session->internals.handshake_recv_buffer[pos].end_offset &&
- hsk->start_offset <= session->internals.handshake_recv_buffer[pos].end_offset+1)
- {
- memcpy(&session->internals.handshake_recv_buffer[pos].data.data[hsk->start_offset],
- hsk->data.data, hsk->data.length);
-
- session->internals.handshake_recv_buffer[pos].end_offset = hsk->end_offset;
- session->internals.handshake_recv_buffer[pos].start_offset =
- MIN(hsk->start_offset, session->internals.handshake_recv_buffer[pos].start_offset);
- }
- _gnutls_handshake_buffer_clear(hsk);
- }
-
- return 0;
+ int exists = 0, i, pos = 0;
+ int ret;
+
+ for (i = 0; i < session->internals.handshake_recv_buffer_size; i++) {
+ if (session->internals.handshake_recv_buffer[i].htype ==
+ hsk->htype) {
+ exists = 1;
+ pos = i;
+ break;
+ }
+ }
+
+ if (exists == 0)
+ pos = session->internals.handshake_recv_buffer_size;
+
+ if (pos > MAX_HANDSHAKE_MSGS)
+ return
+ gnutls_assert_val(GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS);
+
+ if (exists == 0) {
+ if (hsk->length > 0 && hsk->end_offset > 0
+ && hsk->end_offset - hsk->start_offset + 1 !=
+ hsk->length) {
+ ret =
+ _gnutls_buffer_resize(&hsk->data, hsk->length);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ hsk->data.length = hsk->length;
+
+ memmove(&hsk->data.data[hsk->start_offset],
+ hsk->data.data,
+ hsk->end_offset - hsk->start_offset + 1);
+ }
+
+ session->internals.handshake_recv_buffer_size++;
+
+ /* rewrite headers to make them look as each packet came as a single fragment */
+ _gnutls_write_uint24(hsk->length, &hsk->header[1]);
+ _gnutls_write_uint24(0, &hsk->header[6]);
+ _gnutls_write_uint24(hsk->length, &hsk->header[9]);
+
+ _gnutls_handshake_buffer_move(&session->internals.
+ handshake_recv_buffer[pos],
+ hsk);
+
+ } else {
+ if (hsk->start_offset <
+ session->internals.handshake_recv_buffer[pos].
+ start_offset
+ && hsk->end_offset >=
+ session->internals.handshake_recv_buffer[pos].
+ start_offset) {
+ memcpy(&session->internals.
+ handshake_recv_buffer[pos].data.data[hsk->
+ start_offset],
+ hsk->data.data, hsk->data.length);
+ session->internals.handshake_recv_buffer[pos].
+ start_offset = hsk->start_offset;
+ session->internals.handshake_recv_buffer[pos].
+ end_offset =
+ MIN(hsk->end_offset,
+ session->internals.
+ handshake_recv_buffer[pos].end_offset);
+ } else if (hsk->end_offset >
+ session->internals.handshake_recv_buffer[pos].
+ end_offset
+ && hsk->start_offset <=
+ session->internals.handshake_recv_buffer[pos].
+ end_offset + 1) {
+ memcpy(&session->internals.
+ handshake_recv_buffer[pos].data.data[hsk->
+ start_offset],
+ hsk->data.data, hsk->data.length);
+
+ session->internals.handshake_recv_buffer[pos].
+ end_offset = hsk->end_offset;
+ session->internals.handshake_recv_buffer[pos].
+ start_offset =
+ MIN(hsk->start_offset,
+ session->internals.
+ handshake_recv_buffer[pos].start_offset);
+ }
+ _gnutls_handshake_buffer_clear(hsk);
+ }
+
+ return 0;
}
/* returns non-zero on match and zero on mismatch
*/
-inline static int cmp_hsk_types(gnutls_handshake_description_t expected, gnutls_handshake_description_t recvd)
+inline static int cmp_hsk_types(gnutls_handshake_description_t expected,
+ gnutls_handshake_description_t recvd)
{
- if ((expected != GNUTLS_HANDSHAKE_CLIENT_HELLO || recvd != GNUTLS_HANDSHAKE_CLIENT_HELLO_V2) &&
- (expected != recvd))
- return 0;
-
- return 1;
+ if ((expected != GNUTLS_HANDSHAKE_CLIENT_HELLO
+ || recvd != GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
+ && (expected != recvd))
+ return 0;
+
+ return 1;
}
#define LAST_ELEMENT (session->internals.handshake_recv_buffer_size-1)
/* returns the last stored handshake packet.
*/
-static int get_last_packet(gnutls_session_t session, gnutls_handshake_description_t htype,
- handshake_buffer_st * hsk, unsigned int optional)
+static int get_last_packet(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ handshake_buffer_st * hsk,
+ unsigned int optional)
{
-handshake_buffer_st* recv_buf = session->internals.handshake_recv_buffer;
-
- if (IS_DTLS(session))
- {
- if (session->internals.handshake_recv_buffer_size == 0 ||
- (session->internals.dtls.hsk_read_seq != recv_buf[LAST_ELEMENT].sequence))
- goto timeout;
-
- if (htype != recv_buf[LAST_ELEMENT].htype)
- {
- if (optional == 0)
- _gnutls_audit_log(session, "Received unexpected handshake message '%s' (%d). Expected '%s' (%d)\n",
- _gnutls_handshake2str(recv_buf[0].htype), (int)recv_buf[0].htype, _gnutls_handshake2str(htype), (int)htype);
-
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
- }
-
- else if ((recv_buf[LAST_ELEMENT].start_offset == 0 &&
- recv_buf[LAST_ELEMENT].end_offset == recv_buf[LAST_ELEMENT].length -1) ||
- recv_buf[LAST_ELEMENT].length == 0)
- {
- session->internals.dtls.hsk_read_seq++;
- _gnutls_handshake_buffer_move(hsk, &recv_buf[LAST_ELEMENT]);
- session->internals.handshake_recv_buffer_size--;
- return 0;
- }
- else
- goto timeout;
- }
- else /* TLS */
- {
- if (session->internals.handshake_recv_buffer_size > 0 && recv_buf[0].length == recv_buf[0].data.length)
- {
- if (cmp_hsk_types(htype, recv_buf[0].htype) == 0)
- {
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
- }
-
- _gnutls_handshake_buffer_move(hsk, &recv_buf[0]);
- session->internals.handshake_recv_buffer_size--;
- return 0;
- }
- else
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- }
-
-timeout:
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
+ handshake_buffer_st *recv_buf =
+ session->internals.handshake_recv_buffer;
+
+ if (IS_DTLS(session)) {
+ if (session->internals.handshake_recv_buffer_size == 0 ||
+ (session->internals.dtls.hsk_read_seq !=
+ recv_buf[LAST_ELEMENT].sequence))
+ goto timeout;
+
+ if (htype != recv_buf[LAST_ELEMENT].htype) {
+ if (optional == 0)
+ _gnutls_audit_log(session,
+ "Received unexpected handshake message '%s' (%d). Expected '%s' (%d)\n",
+ _gnutls_handshake2str
+ (recv_buf[0].htype),
+ (int) recv_buf[0].htype,
+ _gnutls_handshake2str
+ (htype), (int) htype);
+
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
+ }
+
+ else if ((recv_buf[LAST_ELEMENT].start_offset == 0 &&
+ recv_buf[LAST_ELEMENT].end_offset ==
+ recv_buf[LAST_ELEMENT].length - 1)
+ || recv_buf[LAST_ELEMENT].length == 0) {
+ session->internals.dtls.hsk_read_seq++;
+ _gnutls_handshake_buffer_move(hsk,
+ &recv_buf
+ [LAST_ELEMENT]);
+ session->internals.handshake_recv_buffer_size--;
+ return 0;
+ } else
+ goto timeout;
+ } else { /* TLS */
+
+ if (session->internals.handshake_recv_buffer_size > 0
+ && recv_buf[0].length == recv_buf[0].data.length) {
+ if (cmp_hsk_types(htype, recv_buf[0].htype) == 0) {
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
+ }
+
+ _gnutls_handshake_buffer_move(hsk, &recv_buf[0]);
+ session->internals.handshake_recv_buffer_size--;
+ return 0;
+ } else
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ }
+
+ timeout:
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
}
/* This is a receive function for the gnutls handshake
@@ -1027,208 +1064,250 @@ timeout:
*
* htype is the next handshake packet expected.
*/
-int
-_gnutls_parse_record_buffered_msgs (gnutls_session_t session)
+int _gnutls_parse_record_buffered_msgs(gnutls_session_t session)
{
- gnutls_datum_t msg;
- mbuffer_st* bufel = NULL, *prev = NULL;
- int ret;
- size_t data_size;
- handshake_buffer_st* recv_buf = session->internals.handshake_recv_buffer;
-
- bufel = _mbuffer_head_get_first(&session->internals.record_buffer, &msg);
- if (bufel == NULL)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
- if (!IS_DTLS(session))
- {
- ssize_t remain, append, header_size;
-
- do
- {
- if (bufel->type != GNUTLS_HANDSHAKE)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
-
- /* if we have a half received message the complete it.
- */
- remain = recv_buf[0].length -
- recv_buf[0].data.length;
-
- /* this is the rest of a previous message */
- if (session->internals.handshake_recv_buffer_size > 0 && recv_buf[0].length > 0 && remain > 0)
- {
- if ((ssize_t)msg.size <= remain)
- append = msg.size;
- else
- append = remain;
-
- ret = _gnutls_buffer_append_data(&recv_buf[0].data, msg.data, append);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _mbuffer_head_remove_bytes(&session->internals.record_buffer, append);
- }
- else /* received new message */
- {
- ret = parse_handshake_header(session, bufel, &recv_buf[0]);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- header_size = ret;
- session->internals.handshake_recv_buffer_size = 1;
-
- _mbuffer_set_uhead_size(bufel, header_size);
-
- data_size = MIN(recv_buf[0].length, _mbuffer_get_udata_size(bufel));
- ret = _gnutls_buffer_append_data(&recv_buf[0].data, _mbuffer_get_udata_ptr(bufel), data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- _mbuffer_set_uhead_size(bufel, 0);
- _mbuffer_head_remove_bytes(&session->internals.record_buffer, data_size+header_size);
- }
-
- /* if packet is complete then return it
- */
- if (recv_buf[0].length ==
- recv_buf[0].data.length)
- {
- return 0;
- }
- bufel = _mbuffer_head_get_first(&session->internals.record_buffer, &msg);
- }
- while(bufel != NULL);
-
- /* if we are here it means that the received packets were not
- * enough to complete the handshake packet.
- */
- return gnutls_assert_val(GNUTLS_E_AGAIN);
- }
- else /* DTLS */
- {
- handshake_buffer_st tmp;
-
- do
- {
- /* we now
- * 0. parse headers
- * 1. insert to handshake_recv_buffer
- * 2. sort handshake_recv_buffer on sequence numbers
- * 3. return first packet if completed or GNUTLS_E_AGAIN.
- */
- do
- {
- if (bufel->type != GNUTLS_HANDSHAKE)
- {
- gnutls_assert();
- goto next; /* ignore packet */
- }
-
- _gnutls_handshake_buffer_init(&tmp);
-
- ret = parse_handshake_header(session, bufel, &tmp);
- if (ret < 0)
- {
- gnutls_assert();
- _gnutls_audit_log(session, "Invalid handshake packet headers. Discarding.\n");
- break;
- }
-
- _mbuffer_consume(&session->internals.record_buffer, bufel, ret);
-
- data_size = MIN(tmp.length, tmp.end_offset-tmp.start_offset+1);
-
- ret = _gnutls_buffer_append_data(&tmp.data, _mbuffer_get_udata_ptr(bufel), data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _mbuffer_consume(&session->internals.record_buffer, bufel, data_size);
-
- ret = merge_handshake_packet(session, &tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- }
- while(_mbuffer_get_udata_size(bufel) > 0);
-
- prev = bufel;
- bufel = _mbuffer_dequeue(&session->internals.record_buffer, bufel);
-
- _mbuffer_xfree(&prev);
- continue;
-
-next:
- bufel = _mbuffer_head_get_next(bufel, NULL);
- }
- while(bufel != NULL);
-
- /* sort in descending order */
- if (session->internals.handshake_recv_buffer_size > 1)
- qsort(recv_buf, session->internals.handshake_recv_buffer_size,
- sizeof(recv_buf[0]), handshake_compare);
-
- while(session->internals.handshake_recv_buffer_size > 0 &&
- recv_buf[LAST_ELEMENT].sequence < session->internals.dtls.hsk_read_seq)
- {
- _gnutls_audit_log(session, "Discarded replayed handshake packet with sequence %d\n", recv_buf[LAST_ELEMENT].sequence);
- _gnutls_handshake_buffer_clear(&recv_buf[LAST_ELEMENT]);
- session->internals.handshake_recv_buffer_size--;
- }
-
- return 0;
- }
+ gnutls_datum_t msg;
+ mbuffer_st *bufel = NULL, *prev = NULL;
+ int ret;
+ size_t data_size;
+ handshake_buffer_st *recv_buf =
+ session->internals.handshake_recv_buffer;
+
+ bufel =
+ _mbuffer_head_get_first(&session->internals.record_buffer,
+ &msg);
+ if (bufel == NULL)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ if (!IS_DTLS(session)) {
+ ssize_t remain, append, header_size;
+
+ do {
+ if (bufel->type != GNUTLS_HANDSHAKE)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+
+ /* if we have a half received message the complete it.
+ */
+ remain = recv_buf[0].length -
+ recv_buf[0].data.length;
+
+ /* this is the rest of a previous message */
+ if (session->internals.handshake_recv_buffer_size >
+ 0 && recv_buf[0].length > 0 && remain > 0) {
+ if ((ssize_t) msg.size <= remain)
+ append = msg.size;
+ else
+ append = remain;
+
+ ret =
+ _gnutls_buffer_append_data(&recv_buf
+ [0].data,
+ msg.data,
+ append);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _mbuffer_head_remove_bytes(&session->
+ internals.
+ record_buffer,
+ append);
+ } else { /* received new message */
+
+ ret =
+ parse_handshake_header(session, bufel,
+ &recv_buf[0]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ header_size = ret;
+ session->internals.
+ handshake_recv_buffer_size = 1;
+
+ _mbuffer_set_uhead_size(bufel,
+ header_size);
+
+ data_size =
+ MIN(recv_buf[0].length,
+ _mbuffer_get_udata_size(bufel));
+ ret =
+ _gnutls_buffer_append_data(&recv_buf
+ [0].data,
+ _mbuffer_get_udata_ptr
+ (bufel),
+ data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ _mbuffer_set_uhead_size(bufel, 0);
+ _mbuffer_head_remove_bytes(&session->
+ internals.
+ record_buffer,
+ data_size +
+ header_size);
+ }
+
+ /* if packet is complete then return it
+ */
+ if (recv_buf[0].length == recv_buf[0].data.length) {
+ return 0;
+ }
+ bufel =
+ _mbuffer_head_get_first(&session->internals.
+ record_buffer, &msg);
+ }
+ while (bufel != NULL);
+
+ /* if we are here it means that the received packets were not
+ * enough to complete the handshake packet.
+ */
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
+ } else { /* DTLS */
+
+ handshake_buffer_st tmp;
+
+ do {
+ /* we now
+ * 0. parse headers
+ * 1. insert to handshake_recv_buffer
+ * 2. sort handshake_recv_buffer on sequence numbers
+ * 3. return first packet if completed or GNUTLS_E_AGAIN.
+ */
+ do {
+ if (bufel->type != GNUTLS_HANDSHAKE) {
+ gnutls_assert();
+ goto next; /* ignore packet */
+ }
+
+ _gnutls_handshake_buffer_init(&tmp);
+
+ ret =
+ parse_handshake_header(session, bufel,
+ &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "Invalid handshake packet headers. Discarding.\n");
+ break;
+ }
+
+ _mbuffer_consume(&session->internals.
+ record_buffer, bufel,
+ ret);
+
+ data_size =
+ MIN(tmp.length,
+ tmp.end_offset - tmp.start_offset +
+ 1);
+
+ ret =
+ _gnutls_buffer_append_data(&tmp.data,
+ _mbuffer_get_udata_ptr
+ (bufel),
+ data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _mbuffer_consume(&session->internals.
+ record_buffer, bufel,
+ data_size);
+
+ ret =
+ merge_handshake_packet(session, &tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ }
+ while (_mbuffer_get_udata_size(bufel) > 0);
+
+ prev = bufel;
+ bufel =
+ _mbuffer_dequeue(&session->internals.
+ record_buffer, bufel);
+
+ _mbuffer_xfree(&prev);
+ continue;
+
+ next:
+ bufel = _mbuffer_head_get_next(bufel, NULL);
+ }
+ while (bufel != NULL);
+
+ /* sort in descending order */
+ if (session->internals.handshake_recv_buffer_size > 1)
+ qsort(recv_buf,
+ session->internals.
+ handshake_recv_buffer_size,
+ sizeof(recv_buf[0]), handshake_compare);
+
+ while (session->internals.handshake_recv_buffer_size > 0 &&
+ recv_buf[LAST_ELEMENT].sequence <
+ session->internals.dtls.hsk_read_seq) {
+ _gnutls_audit_log(session,
+ "Discarded replayed handshake packet with sequence %d\n",
+ recv_buf[LAST_ELEMENT].sequence);
+ _gnutls_handshake_buffer_clear(&recv_buf
+ [LAST_ELEMENT]);
+ session->internals.handshake_recv_buffer_size--;
+ }
+
+ return 0;
+ }
}
/* This is a receive function for the gnutls handshake
* protocol. Makes sure that we have received all data.
*/
ssize_t
-_gnutls_handshake_io_recv_int (gnutls_session_t session,
- gnutls_handshake_description_t htype,
- handshake_buffer_st * hsk, unsigned int optional)
+_gnutls_handshake_io_recv_int(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ handshake_buffer_st * hsk,
+ unsigned int optional)
{
- int ret;
- unsigned int tleft = 0;
-
- ret = get_last_packet(session, htype, hsk, optional);
- if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- return gnutls_assert_val(ret);
- }
-
- /* try using the already existing records before
- * trying to receive.
- */
- ret = _gnutls_parse_record_buffered_msgs(session);
-
- if (ret == 0) ret = get_last_packet(session, htype, hsk, optional);
-
- if (IS_DTLS(session))
- {
- if (ret >= 0)
- return ret;
- }
- else
- {
- if ((ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && ret < 0) || ret >= 0)
- return gnutls_assert_val(ret);
- }
-
- if (htype != (unsigned)-1)
- {
- ret = handshake_remaining_time(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- tleft = ret;
- }
-
- /* if we don't have a complete message waiting for us, try
- * receiving more */
- ret = _gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE, htype, tleft);
- if (ret < 0)
- return gnutls_assert_val_fatal(ret);
-
- ret = _gnutls_parse_record_buffered_msgs(session);
- if (ret == 0) ret = get_last_packet(session, htype, hsk, optional);
-
- return ret;
+ int ret;
+ unsigned int tleft = 0;
+
+ ret = get_last_packet(session, htype, hsk, optional);
+ if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED
+ && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ return gnutls_assert_val(ret);
+ }
+
+ /* try using the already existing records before
+ * trying to receive.
+ */
+ ret = _gnutls_parse_record_buffered_msgs(session);
+
+ if (ret == 0)
+ ret = get_last_packet(session, htype, hsk, optional);
+
+ if (IS_DTLS(session)) {
+ if (ret >= 0)
+ return ret;
+ } else {
+ if ((ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && ret < 0) || ret >= 0)
+ return gnutls_assert_val(ret);
+ }
+
+ if (htype != (unsigned) -1) {
+ ret = handshake_remaining_time(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ tleft = ret;
+ }
+
+ /* if we don't have a complete message waiting for us, try
+ * receiving more */
+ ret =
+ _gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE, htype,
+ tleft);
+ if (ret < 0)
+ return gnutls_assert_val_fatal(ret);
+
+ ret = _gnutls_parse_record_buffered_msgs(session);
+ if (ret == 0)
+ ret = get_last_packet(session, htype, hsk, optional);
+
+ return ret;
}
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index cb247a1cd8..887403f51c 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -25,13 +25,13 @@
#define MBUFFER_FLUSH 1
int
-_gnutls_record_buffer_put (gnutls_session_t session,
- content_type_t type, uint64* seq, mbuffer_st* bufel);
+_gnutls_record_buffer_put(gnutls_session_t session,
+ content_type_t type, uint64 * seq,
+ mbuffer_st * bufel);
-inline static int
-_gnutls_record_buffer_get_size (gnutls_session_t session)
+inline static int _gnutls_record_buffer_get_size(gnutls_session_t session)
{
- return session->internals.record_buffer.byte_length;
+ return session->internals.record_buffer.byte_length;
}
/*-
@@ -44,72 +44,76 @@ _gnutls_record_buffer_get_size (gnutls_session_t session)
*
* Returns: Returns the size of the data or zero.
-*/
-inline static size_t
-record_check_unprocessed (gnutls_session_t session)
+inline static size_t record_check_unprocessed(gnutls_session_t session)
{
- return session->internals.record_recv_buffer.byte_length;
+ return session->internals.record_recv_buffer.byte_length;
}
-int _gnutls_record_buffer_get (content_type_t type,
- gnutls_session_t session, uint8_t * data,
- size_t length, uint8_t seq[8]);
-ssize_t _gnutls_io_read_buffered (gnutls_session_t, size_t n, content_type_t, unsigned int *ms);
-int _gnutls_io_clear_peeked_data (gnutls_session_t session);
+int _gnutls_record_buffer_get(content_type_t type,
+ gnutls_session_t session, uint8_t * data,
+ size_t length, uint8_t seq[8]);
+ssize_t _gnutls_io_read_buffered(gnutls_session_t, size_t n,
+ content_type_t, unsigned int *ms);
+int _gnutls_io_clear_peeked_data(gnutls_session_t session);
-ssize_t _gnutls_io_write_buffered (gnutls_session_t session,
- mbuffer_st * bufel, unsigned int mflag);
+ssize_t _gnutls_io_write_buffered(gnutls_session_t session,
+ mbuffer_st * bufel, unsigned int mflag);
-int _gnutls_handshake_io_cache_int (gnutls_session_t,
- gnutls_handshake_description_t,
- mbuffer_st * bufel);
+int _gnutls_handshake_io_cache_int(gnutls_session_t,
+ gnutls_handshake_description_t,
+ mbuffer_st * bufel);
ssize_t
-_gnutls_handshake_io_recv_int (gnutls_session_t session,
- gnutls_handshake_description_t htype,
- handshake_buffer_st * hsk, unsigned int optional);
+_gnutls_handshake_io_recv_int(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ handshake_buffer_st * hsk,
+ unsigned int optional);
-ssize_t _gnutls_io_write_flush (gnutls_session_t session);
-int
-_gnutls_io_check_recv (gnutls_session_t session, unsigned int ms);
-ssize_t _gnutls_handshake_io_write_flush (gnutls_session_t session);
+ssize_t _gnutls_io_write_flush(gnutls_session_t session);
+int _gnutls_io_check_recv(gnutls_session_t session, unsigned int ms);
+ssize_t _gnutls_handshake_io_write_flush(gnutls_session_t session);
-inline static void _gnutls_handshake_buffer_clear(handshake_buffer_st* hsk)
+inline static void _gnutls_handshake_buffer_clear(handshake_buffer_st *
+ hsk)
{
- _gnutls_buffer_clear(&hsk->data);
- hsk->htype = -1;
+ _gnutls_buffer_clear(&hsk->data);
+ hsk->htype = -1;
}
-inline static void _gnutls_handshake_buffer_init(handshake_buffer_st* hsk)
+inline static void _gnutls_handshake_buffer_init(handshake_buffer_st * hsk)
{
- memset(hsk, 0, sizeof(*hsk));
- _gnutls_buffer_init(&hsk->data);
- hsk->htype = -1;
+ memset(hsk, 0, sizeof(*hsk));
+ _gnutls_buffer_init(&hsk->data);
+ hsk->htype = -1;
}
-inline static void _gnutls_handshake_recv_buffer_clear(gnutls_session_t session)
+inline static void _gnutls_handshake_recv_buffer_clear(gnutls_session_t
+ session)
{
-int i;
- for (i=0;i<session->internals.handshake_recv_buffer_size;i++)
- _gnutls_handshake_buffer_clear(&session->internals.handshake_recv_buffer[i]);
- session->internals.handshake_recv_buffer_size = 0;
+ int i;
+ for (i = 0; i < session->internals.handshake_recv_buffer_size; i++)
+ _gnutls_handshake_buffer_clear(&session->internals.
+ handshake_recv_buffer[i]);
+ session->internals.handshake_recv_buffer_size = 0;
}
-inline static void _gnutls_handshake_recv_buffer_init(gnutls_session_t session)
+inline static void _gnutls_handshake_recv_buffer_init(gnutls_session_t
+ session)
{
-int i;
- for (i=0;i<MAX_HANDSHAKE_MSGS;i++)
- {
- _gnutls_handshake_buffer_init(&session->internals.handshake_recv_buffer[i]);
- }
- session->internals.handshake_recv_buffer_size = 0;
+ int i;
+ for (i = 0; i < MAX_HANDSHAKE_MSGS; i++) {
+ _gnutls_handshake_buffer_init(&session->internals.
+ handshake_recv_buffer[i]);
+ }
+ session->internals.handshake_recv_buffer_size = 0;
}
-int
-_gnutls_parse_record_buffered_msgs (gnutls_session_t session);
+int _gnutls_parse_record_buffered_msgs(gnutls_session_t session);
ssize_t
-_gnutls_recv_in_buffers (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype, unsigned int ms);
+_gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int ms);
#define _gnutls_handshake_io_buffer_clear( session) \
_mbuffer_head_clear( &session->internals.handshake_send_buffer); \
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 285d5dffbc..07514edffc 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -53,33 +53,29 @@
* TLS negotiation that uses the credentials is in progress.
*
**/
-void
-gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc)
+void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc)
{
- unsigned i, j;
-
- for (i = 0; i < sc->ncerts; i++)
- {
- for (j = 0; j < sc->certs[i].cert_list_length; j++)
- {
- gnutls_pcert_deinit (&sc->certs[i].cert_list[j]);
- }
- gnutls_free (sc->certs[i].cert_list);
- _gnutls_str_array_clear (&sc->certs[i].names);
- }
-
- gnutls_free (sc->certs);
- sc->certs = NULL;
-
- for (i = 0; i < sc->ncerts; i++)
- {
- gnutls_privkey_deinit (sc->pkey[i]);
- }
-
- gnutls_free (sc->pkey);
- sc->pkey = NULL;
-
- sc->ncerts = 0;
+ unsigned i, j;
+
+ for (i = 0; i < sc->ncerts; i++) {
+ for (j = 0; j < sc->certs[i].cert_list_length; j++) {
+ gnutls_pcert_deinit(&sc->certs[i].cert_list[j]);
+ }
+ gnutls_free(sc->certs[i].cert_list);
+ _gnutls_str_array_clear(&sc->certs[i].names);
+ }
+
+ gnutls_free(sc->certs);
+ sc->certs = NULL;
+
+ for (i = 0; i < sc->ncerts; i++) {
+ gnutls_privkey_deinit(sc->pkey[i]);
+ }
+
+ gnutls_free(sc->pkey);
+ sc->pkey = NULL;
+
+ sc->ncerts = 0;
}
/**
@@ -91,11 +87,10 @@ gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc)
* gnutls_certificate_verify_peers2() may call this to save some
* memory.
**/
-void
-gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc)
+void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc)
{
- /* FIXME: do nothing for now */
- return;
+ /* FIXME: do nothing for now */
+ return;
}
/**
@@ -113,10 +108,13 @@ gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc)
* Since: 3.0
**/
int
-gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc,
- gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags)
+gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc,
+ gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t * issuer,
+ unsigned int flags)
{
- return gnutls_x509_trust_list_get_issuer(sc->tlist, cert, issuer, flags);
+ return gnutls_x509_trust_list_get_issuer(sc->tlist, cert, issuer,
+ flags);
}
/**
@@ -138,21 +136,24 @@ gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc,
* Since: 3.2.5
**/
int
-gnutls_certificate_get_crt_raw (gnutls_certificate_credentials_t sc,
- unsigned idx1,
- unsigned idx2,
- gnutls_datum_t * cert)
+gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc,
+ unsigned idx1,
+ unsigned idx2, gnutls_datum_t * cert)
{
- if (idx1 >= sc->ncerts)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ if (idx1 >= sc->ncerts)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- if (idx2 >= sc->certs[idx1].cert_list_length)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ if (idx2 >= sc->certs[idx1].cert_list_length)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- cert->data = sc->certs[idx1].cert_list[idx2].cert.data;
- cert->size = sc->certs[idx1].cert_list[idx2].cert.size;
+ cert->data = sc->certs[idx1].cert_list[idx2].cert.data;
+ cert->size = sc->certs[idx1].cert_list[idx2].cert.size;
- return 0;
+ return 0;
}
/**
@@ -169,10 +170,9 @@ gnutls_certificate_get_crt_raw (gnutls_certificate_credentials_t sc,
* CA names are used by servers to advertise the CAs they support to
* clients.
**/
-void
-gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc)
+void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc)
{
- _gnutls_free_datum (&sc->x509_rdn_sequence);
+ _gnutls_free_datum(&sc->x509_rdn_sequence);
}
@@ -188,18 +188,18 @@ gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc)
* function).
**/
void
-gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc)
+gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc)
{
- gnutls_x509_trust_list_deinit(sc->tlist, 1);
- gnutls_certificate_free_keys (sc);
- gnutls_certificate_free_ca_names (sc);
- gnutls_free(sc->ocsp_response_file);
- memset(sc->pin_tmp, 0, sizeof(sc->pin_tmp));
+ gnutls_x509_trust_list_deinit(sc->tlist, 1);
+ gnutls_certificate_free_keys(sc);
+ gnutls_certificate_free_ca_names(sc);
+ gnutls_free(sc->ocsp_response_file);
+ memset(sc->pin_tmp, 0, sizeof(sc->pin_tmp));
#ifdef ENABLE_OPENPGP
- gnutls_openpgp_keyring_deinit (sc->keyring);
+ gnutls_openpgp_keyring_deinit(sc->keyring);
#endif
- gnutls_free (sc);
+ gnutls_free(sc);
}
@@ -213,27 +213,26 @@ gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t *
- res)
+gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t *
+ res)
{
-int ret;
+ int ret;
- *res = gnutls_calloc (1, sizeof (certificate_credentials_st));
+ *res = gnutls_calloc(1, sizeof(certificate_credentials_st));
- if (*res == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*res == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- ret = gnutls_x509_trust_list_init( &(*res)->tlist, 0);
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_free(*res);
- return GNUTLS_E_MEMORY_ERROR;
- }
- (*res)->verify_bits = DEFAULT_MAX_VERIFY_BITS;
- (*res)->verify_depth = DEFAULT_MAX_VERIFY_DEPTH;
+ ret = gnutls_x509_trust_list_init(&(*res)->tlist, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(*res);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ (*res)->verify_bits = DEFAULT_MAX_VERIFY_BITS;
+ (*res)->verify_depth = DEFAULT_MAX_VERIFY_DEPTH;
- return 0;
+ return 0;
}
@@ -244,51 +243,48 @@ int ret;
* extensions in order to disable unneded algorithms.
*/
int
-_gnutls_selected_cert_supported_kx (gnutls_session_t session,
- gnutls_kx_algorithm_t * alg,
- int *alg_size)
+_gnutls_selected_cert_supported_kx(gnutls_session_t session,
+ gnutls_kx_algorithm_t * alg,
+ int *alg_size)
{
- gnutls_kx_algorithm_t kx;
- gnutls_pk_algorithm_t pk, cert_pk;
- gnutls_pcert_st *cert;
- int i;
-
- if (session->internals.selected_cert_list_length == 0)
- {
- *alg_size = 0;
- return 0;
- }
-
- cert = &session->internals.selected_cert_list[0];
- cert_pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
- i = 0;
-
- for (kx = 0; kx < MAX_ALGOS; kx++)
- {
- pk = _gnutls_map_pk_get_pk (kx);
- if (pk == cert_pk)
- {
- /* then check key usage */
- if (_gnutls_check_key_usage (cert, kx) == 0)
- {
- alg[i] = kx;
- i++;
-
- if (i > *alg_size)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
- }
- }
-
- if (i == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- *alg_size = i;
-
- return 0;
+ gnutls_kx_algorithm_t kx;
+ gnutls_pk_algorithm_t pk, cert_pk;
+ gnutls_pcert_st *cert;
+ int i;
+
+ if (session->internals.selected_cert_list_length == 0) {
+ *alg_size = 0;
+ return 0;
+ }
+
+ cert = &session->internals.selected_cert_list[0];
+ cert_pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
+ i = 0;
+
+ for (kx = 0; kx < MAX_ALGOS; kx++) {
+ pk = _gnutls_map_pk_get_pk(kx);
+ if (pk == cert_pk) {
+ /* then check key usage */
+ if (_gnutls_check_key_usage(cert, kx) == 0) {
+ alg[i] = kx;
+ i++;
+
+ if (i > *alg_size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+ }
+ }
+ }
+
+ if (i == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *alg_size = i;
+
+ return 0;
}
@@ -304,10 +300,10 @@ _gnutls_selected_cert_supported_kx (gnutls_session_t session,
* function then the client will not be asked to send a certificate.
**/
void
-gnutls_certificate_server_set_request (gnutls_session_t session,
- gnutls_certificate_request_t req)
+gnutls_certificate_server_set_request(gnutls_session_t session,
+ gnutls_certificate_request_t req)
{
- session->internals.send_cert_req = req;
+ session->internals.send_cert_req = req;
}
/**
@@ -345,10 +341,9 @@ gnutls_certificate_server_set_request (gnutls_session_t session,
* indicates error and the handshake will be terminated.
**/
void gnutls_certificate_client_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_client_retrieve_function * func)
-{
- cred->client_get_cert_callback = func;
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_client_retrieve_function * func) {
+ cred->client_get_cert_callback = func;
}
/**
@@ -374,10 +369,9 @@ void gnutls_certificate_client_set_retrieve_function
* will be terminated.
**/
void gnutls_certificate_server_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_server_retrieve_function * func)
-{
- cred->server_get_cert_callback = func;
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_server_retrieve_function * func) {
+ cred->server_get_cert_callback = func;
}
/**
@@ -418,10 +412,9 @@ void gnutls_certificate_server_set_retrieve_function
* Since: 3.0
**/
void gnutls_certificate_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_retrieve_function * func)
-{
- cred->get_cert_callback = func;
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_retrieve_function * func) {
+ cred->get_cert_callback = func;
}
/**
@@ -465,10 +458,9 @@ void gnutls_certificate_set_retrieve_function
* Since: 3.0
**/
void gnutls_certificate_set_retrieve_function2
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_retrieve_function2 * func)
-{
- cred->get_cert_callback2 = func;
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_retrieve_function2 * func) {
+ cred->get_cert_callback2 = func;
}
/**
@@ -495,11 +487,10 @@ void gnutls_certificate_set_retrieve_function2
* Since: 2.10.0
**/
void
- gnutls_certificate_set_verify_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_verify_function * func)
-{
- cred->verify_callback = func;
+ gnutls_certificate_set_verify_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_verify_function * func) {
+ cred->verify_callback = func;
}
/*-
@@ -513,27 +504,26 @@ void
*
-*/
static time_t
-_gnutls_x509_get_raw_crt_activation_time (const gnutls_datum_t * cert)
+_gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t * cert)
{
- gnutls_x509_crt_t xcert;
- time_t result;
+ gnutls_x509_crt_t xcert;
+ time_t result;
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return (time_t) - 1;
+ result = gnutls_x509_crt_init(&xcert);
+ if (result < 0)
+ return (time_t) - 1;
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return (time_t) - 1;
- }
+ result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit(xcert);
+ return (time_t) - 1;
+ }
- result = gnutls_x509_crt_get_activation_time (xcert);
+ result = gnutls_x509_crt_get_activation_time(xcert);
- gnutls_x509_crt_deinit (xcert);
+ gnutls_x509_crt_deinit(xcert);
- return result;
+ return result;
}
/*-
@@ -547,27 +537,26 @@ _gnutls_x509_get_raw_crt_activation_time (const gnutls_datum_t * cert)
*
-*/
static time_t
-_gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert)
+_gnutls_x509_get_raw_crt_expiration_time(const gnutls_datum_t * cert)
{
- gnutls_x509_crt_t xcert;
- time_t result;
+ gnutls_x509_crt_t xcert;
+ time_t result;
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return (time_t) - 1;
+ result = gnutls_x509_crt_init(&xcert);
+ if (result < 0)
+ return (time_t) - 1;
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return (time_t) - 1;
- }
+ result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit(xcert);
+ return (time_t) - 1;
+ }
- result = gnutls_x509_crt_get_expiration_time (xcert);
+ result = gnutls_x509_crt_get_expiration_time(xcert);
- gnutls_x509_crt_deinit (xcert);
+ gnutls_x509_crt_deinit(xcert);
- return result;
+ return result;
}
#ifdef ENABLE_OPENPGP
@@ -579,58 +568,55 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert)
* Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
-*/
static int
-_gnutls_openpgp_crt_verify_peers (gnutls_session_t session,
- const char* hostname,
- unsigned int *status)
+_gnutls_openpgp_crt_verify_peers(gnutls_session_t session,
+ const char *hostname,
+ unsigned int *status)
{
- cert_auth_info_t info;
- gnutls_certificate_credentials_t cred;
- int peer_certificate_list_size, ret;
-
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- /* generate a list of gnutls_certs based on the auth info
- * raw certs.
- */
- peer_certificate_list_size = info->ncerts;
-
- if (peer_certificate_list_size != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* Verify certificate
- */
- ret =
- _gnutls_openpgp_verify_key (cred, hostname, &info->raw_certificate_list[0],
- peer_certificate_list_size, status);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ int peer_certificate_list_size, ret;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* generate a list of gnutls_certs based on the auth info
+ * raw certs.
+ */
+ peer_certificate_list_size = info->ncerts;
+
+ if (peer_certificate_list_size != 1) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* Verify certificate
+ */
+ ret =
+ _gnutls_openpgp_verify_key(cred, hostname,
+ &info->raw_certificate_list[0],
+ peer_certificate_list_size, status);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
#endif
@@ -659,33 +645,33 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session,
* Returns: a negative error code on error and %GNUTLS_E_SUCCESS (0) on success.
**/
int
-gnutls_certificate_verify_peers2 (gnutls_session_t session,
- unsigned int *status)
+gnutls_certificate_verify_peers2(gnutls_session_t session,
+ unsigned int *status)
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- return _gnutls_x509_cert_verify_peers (session, NULL, status);
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_cert_verify_peers(session, NULL,
+ status);
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return _gnutls_openpgp_crt_verify_peers (session, NULL, status);
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_openpgp_crt_verify_peers(session, NULL,
+ status);
#endif
- default:
- return GNUTLS_E_INVALID_REQUEST;
- }
+ default:
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -716,34 +702,34 @@ gnutls_certificate_verify_peers2 (gnutls_session_t session,
* Since: 3.1.4
**/
int
-gnutls_certificate_verify_peers3 (gnutls_session_t session,
- const char* hostname,
- unsigned int *status)
+gnutls_certificate_verify_peers3(gnutls_session_t session,
+ const char *hostname,
+ unsigned int *status)
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- return _gnutls_x509_cert_verify_peers (session, hostname, status);
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_cert_verify_peers(session, hostname,
+ status);
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return _gnutls_openpgp_crt_verify_peers (session, hostname, status);
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_openpgp_crt_verify_peers(session, hostname,
+ status);
#endif
- default:
- return GNUTLS_E_INVALID_REQUEST;
- }
+ default:
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -756,40 +742,37 @@ gnutls_certificate_verify_peers3 (gnutls_session_t session,
*
* Deprecated: gnutls_certificate_verify_peers2() now verifies expiration times.
**/
-time_t
-gnutls_certificate_expiration_time_peers (gnutls_session_t session)
+time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session)
{
- cert_auth_info_t info;
-
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- return (time_t) - 1;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
-
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- return
- _gnutls_x509_get_raw_crt_expiration_time (&info->raw_certificate_list
- [0]);
+ cert_auth_info_t info;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return (time_t) - 1;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return
+ _gnutls_x509_get_raw_crt_expiration_time(&info->
+ raw_certificate_list
+ [0]);
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return
- _gnutls_openpgp_get_raw_key_expiration_time
- (&info->raw_certificate_list[0]);
+ case GNUTLS_CRT_OPENPGP:
+ return
+ _gnutls_openpgp_get_raw_key_expiration_time
+ (&info->raw_certificate_list[0]);
#endif
- default:
- return (time_t) - 1;
- }
+ default:
+ return (time_t) - 1;
+ }
}
/**
@@ -803,40 +786,38 @@ gnutls_certificate_expiration_time_peers (gnutls_session_t session)
*
* Deprecated: gnutls_certificate_verify_peers2() now verifies activation times.
**/
-time_t
-gnutls_certificate_activation_time_peers (gnutls_session_t session)
+time_t gnutls_certificate_activation_time_peers(gnutls_session_t session)
{
- cert_auth_info_t info;
-
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- return (time_t) - 1;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
-
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- return
- _gnutls_x509_get_raw_crt_activation_time (&info->raw_certificate_list
- [0]);
+ cert_auth_info_t info;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return (time_t) - 1;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return
+ _gnutls_x509_get_raw_crt_activation_time(&info->
+ raw_certificate_list
+ [0]);
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return
- _gnutls_openpgp_get_raw_key_creation_time (&info->raw_certificate_list
- [0]);
+ case GNUTLS_CRT_OPENPGP:
+ return
+ _gnutls_openpgp_get_raw_key_creation_time(&info->
+ raw_certificate_list
+ [0]);
#endif
- default:
- return (time_t) - 1;
- }
+ default:
+ return (time_t) - 1;
+ }
}
/**
@@ -861,11 +842,11 @@ gnutls_certificate_activation_time_peers (gnutls_session_t session)
* Deprecated: Use the PKCS 11 or #gnutls_privkey_t interfacess like gnutls_privkey_import_ext() instead.
**/
void
-gnutls_sign_callback_set (gnutls_session_t session,
- gnutls_sign_func sign_func, void *userdata)
+gnutls_sign_callback_set(gnutls_session_t session,
+ gnutls_sign_func sign_func, void *userdata)
{
- session->internals.sign_func = sign_func;
- session->internals.sign_func_userdata = userdata;
+ session->internals.sign_func = sign_func;
+ session->internals.sign_func_userdata = userdata;
}
/**
@@ -881,29 +862,31 @@ gnutls_sign_callback_set (gnutls_session_t session,
* Deprecated: Use the PKCS 11 interfaces instead.
**/
gnutls_sign_func
-gnutls_sign_callback_get (gnutls_session_t session, void **userdata)
+gnutls_sign_callback_get(gnutls_session_t session, void **userdata)
{
- if (userdata)
- *userdata = session->internals.sign_func_userdata;
- return session->internals.sign_func;
+ if (userdata)
+ *userdata = session->internals.sign_func_userdata;
+ return session->internals.sign_func;
}
/* returns error if the certificate has different algorithm than
* the given key parameters.
*/
-int
-_gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
+int _gnutls_check_key_cert_match(gnutls_certificate_credentials_t res)
{
- int pk = gnutls_pubkey_get_pk_algorithm(res->certs[res->ncerts-1].cert_list[0].pubkey, NULL);
- int pk2 = gnutls_privkey_get_pk_algorithm (res->pkey[res->ncerts - 1], NULL);
-
- if (pk2 != pk)
- {
- gnutls_assert ();
- return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
- }
-
- return 0;
+ int pk =
+ gnutls_pubkey_get_pk_algorithm(res->certs[res->ncerts - 1].
+ cert_list[0].pubkey, NULL);
+ int pk2 =
+ gnutls_privkey_get_pk_algorithm(res->pkey[res->ncerts - 1],
+ NULL);
+
+ if (pk2 != pk) {
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
+ }
+
+ return 0;
}
/**
@@ -924,71 +907,104 @@ _gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
* Since: 3.1.4
**/
int
-gnutls_certificate_verification_status_print (unsigned int status,
- gnutls_certificate_type_t type,
- gnutls_datum_t * out, unsigned int flags)
+gnutls_certificate_verification_status_print(unsigned int status,
+ gnutls_certificate_type_t
+ type, gnutls_datum_t * out,
+ unsigned int flags)
{
- gnutls_buffer_st str;
- int ret;
-
- _gnutls_buffer_init (&str);
-
- if (status == 0)
- _gnutls_buffer_append_str (&str, _("The certificate is trusted. "));
- else
- _gnutls_buffer_append_str (&str, _("The certificate is NOT trusted. "));
-
- if (type == GNUTLS_CRT_X509)
- {
- if (status & GNUTLS_CERT_REVOKED)
- _gnutls_buffer_append_str (&str, _("The certificate chain is revoked. "));
-
- if (status & GNUTLS_CERT_MISMATCH)
- _gnutls_buffer_append_str (&str, _("The certificate doesn't match the local copy (TOFU). "));
-
- if (status & GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED)
- _gnutls_buffer_append_str (&str, _("The revocation data are old and have been superseded. "));
-
- if (status & GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE)
- _gnutls_buffer_append_str (&str, _("The revocation data are issued with a future date. "));
-
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- _gnutls_buffer_append_str (&str, _("The certificate issuer is unknown. "));
-
- if (status & GNUTLS_CERT_SIGNER_NOT_CA)
- _gnutls_buffer_append_str (&str, _("The certificate issuer is not a CA. "));
- }
- else if (type == GNUTLS_CRT_OPENPGP)
- {
- _gnutls_buffer_append_str (&str, _("The certificate is not trusted. "));
-
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- _gnutls_buffer_append_str (&str, _("Could not find a signer of the certificate. "));
-
- if (status & GNUTLS_CERT_REVOKED)
- _gnutls_buffer_append_str (&str, _("The certificate is revoked. "));
- }
-
- if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
- _gnutls_buffer_append_str (&str, _("The certificate chain uses insecure algorithm. "));
-
- if (status & GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE)
- _gnutls_buffer_append_str (&str, _("The certificate chain violates the signer's constraints. "));
-
- if (status & GNUTLS_CERT_NOT_ACTIVATED)
- _gnutls_buffer_append_str (&str, _("The certificate chain uses not yet valid certificate. "));
-
- if (status & GNUTLS_CERT_EXPIRED)
- _gnutls_buffer_append_str (&str, _("The certificate chain uses expired certificate. "));
-
- if (status & GNUTLS_CERT_SIGNATURE_FAILURE)
- _gnutls_buffer_append_str (&str, _("The signature in the certificate is invalid. "));
-
- if (status & GNUTLS_CERT_UNEXPECTED_OWNER)
- _gnutls_buffer_append_str (&str, _("The name in the certificate does not match the expected. "));
-
- ret = _gnutls_buffer_to_datum( &str, out);
- if (out->size > 0) out->size--;
-
- return ret;
+ gnutls_buffer_st str;
+ int ret;
+
+ _gnutls_buffer_init(&str);
+
+ if (status == 0)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate is trusted. "));
+ else
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate is NOT trusted. "));
+
+ if (type == GNUTLS_CRT_X509) {
+ if (status & GNUTLS_CERT_REVOKED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate chain is revoked. "));
+
+ if (status & GNUTLS_CERT_MISMATCH)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate doesn't match the local copy (TOFU). "));
+
+ if (status & GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The revocation data are old and have been superseded. "));
+
+ if (status & GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The revocation data are issued with a future date. "));
+
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate issuer is unknown. "));
+
+ if (status & GNUTLS_CERT_SIGNER_NOT_CA)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate issuer is not a CA. "));
+ } else if (type == GNUTLS_CRT_OPENPGP) {
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate is not trusted. "));
+
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("Could not find a signer of the certificate. "));
+
+ if (status & GNUTLS_CERT_REVOKED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate is revoked. "));
+ }
+
+ if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate chain uses insecure algorithm. "));
+
+ if (status & GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate chain violates the signer's constraints. "));
+
+ if (status & GNUTLS_CERT_NOT_ACTIVATED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate chain uses not yet valid certificate. "));
+
+ if (status & GNUTLS_CERT_EXPIRED)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The certificate chain uses expired certificate. "));
+
+ if (status & GNUTLS_CERT_SIGNATURE_FAILURE)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The signature in the certificate is invalid. "));
+
+ if (status & GNUTLS_CERT_UNEXPECTED_OWNER)
+ _gnutls_buffer_append_str(&str,
+ _
+ ("The name in the certificate does not match the expected. "));
+
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
+
+ return ret;
}
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 1586f7e33f..760e6607f3 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -42,48 +42,48 @@
#include <gnutls_state.h>
#include <random.h>
-static int compressed_to_ciphertext (gnutls_session_t session,
- uint8_t * cipher_data, int cipher_size,
- gnutls_datum_t *compressed,
- size_t min_pad,
- content_type_t _type,
- record_parameters_st * params);
-static int ciphertext_to_compressed (gnutls_session_t session,
- gnutls_datum_t *ciphertext,
- gnutls_datum_t * compressed,
- uint8_t type,
- record_parameters_st * params, uint64* sequence);
-
-static int ciphertext_to_compressed_new (gnutls_session_t session,
- gnutls_datum_t *ciphertext,
- gnutls_datum_t * compressed,
- uint8_t type,
- record_parameters_st * params, uint64* sequence);
+static int compressed_to_ciphertext(gnutls_session_t session,
+ uint8_t * cipher_data, int cipher_size,
+ gnutls_datum_t * compressed,
+ size_t min_pad,
+ content_type_t _type,
+ record_parameters_st * params);
+static int ciphertext_to_compressed(gnutls_session_t session,
+ gnutls_datum_t * ciphertext,
+ gnutls_datum_t * compressed,
+ uint8_t type,
+ record_parameters_st * params,
+ uint64 * sequence);
+
+static int ciphertext_to_compressed_new(gnutls_session_t session,
+ gnutls_datum_t * ciphertext,
+ gnutls_datum_t * compressed,
+ uint8_t type,
+ record_parameters_st * params,
+ uint64 * sequence);
static int
-compressed_to_ciphertext_new (gnutls_session_t session,
- uint8_t * cipher_data, int cipher_size,
- gnutls_datum_t *compressed,
- size_t min_pad,
- content_type_t type,
- record_parameters_st * params);
-
-inline static int
-is_write_comp_null (record_parameters_st * record_params)
+compressed_to_ciphertext_new(gnutls_session_t session,
+ uint8_t * cipher_data, int cipher_size,
+ gnutls_datum_t * compressed,
+ size_t min_pad,
+ content_type_t type,
+ record_parameters_st * params);
+
+inline static int is_write_comp_null(record_parameters_st * record_params)
{
- if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
- return 0;
+ if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
+ return 0;
- return 1;
+ return 1;
}
-inline static int
-is_read_comp_null (record_parameters_st * record_params)
+inline static int is_read_comp_null(record_parameters_st * record_params)
{
- if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
- return 0;
+ if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
+ return 0;
- return 1;
+ return 1;
}
@@ -92,69 +92,78 @@ is_read_comp_null (record_parameters_st * record_params)
*
*/
int
-_gnutls_encrypt (gnutls_session_t session,
- const uint8_t * data, size_t data_size,
- size_t min_pad,
- mbuffer_st* bufel,
- content_type_t type,
- record_parameters_st * params)
+_gnutls_encrypt(gnutls_session_t session,
+ const uint8_t * data, size_t data_size,
+ size_t min_pad,
+ mbuffer_st * bufel,
+ content_type_t type, record_parameters_st * params)
{
- gnutls_datum_t comp;
- int free_comp = 0;
- int ret;
-
- if (data_size == 0 || is_write_comp_null (params) == 0)
- {
- comp.data = (uint8_t*)data;
- comp.size = data_size;
- }
- else
- {
- /* Here comp is allocated and must be
- * freed.
- */
- free_comp = 1;
-
- comp.size = _mbuffer_get_udata_size(bufel);
- comp.data = gnutls_malloc(comp.size);
- if (comp.data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = _gnutls_compress(&params->write.compression_state, data, data_size,
- comp.data, comp.size, session->internals.priorities.stateless_compression);
- if (ret < 0)
- {
- gnutls_free(comp.data);
- return gnutls_assert_val(ret);
- }
-
- comp.size = ret;
- }
-
- if (params->write.new_record_padding != 0)
- ret = compressed_to_ciphertext_new (session, _mbuffer_get_udata_ptr(bufel),
- _mbuffer_get_udata_size(bufel),
- &comp, min_pad, type, params);
- else
- ret = compressed_to_ciphertext (session, _mbuffer_get_udata_ptr(bufel),
- _mbuffer_get_udata_size(bufel),
- &comp, min_pad, type, params);
-
- if (free_comp)
- gnutls_free(comp.data);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if(IS_DTLS(session))
- _gnutls_write_uint16 (ret, ((uint8_t*)_mbuffer_get_uhead_ptr(bufel))+11);
- else
- _gnutls_write_uint16 (ret, ((uint8_t*)_mbuffer_get_uhead_ptr(bufel))+3);
-
- _mbuffer_set_udata_size(bufel, ret);
- _mbuffer_set_uhead_size(bufel, 0);
-
- return _mbuffer_get_udata_size(bufel);
+ gnutls_datum_t comp;
+ int free_comp = 0;
+ int ret;
+
+ if (data_size == 0 || is_write_comp_null(params) == 0) {
+ comp.data = (uint8_t *) data;
+ comp.size = data_size;
+ } else {
+ /* Here comp is allocated and must be
+ * freed.
+ */
+ free_comp = 1;
+
+ comp.size = _mbuffer_get_udata_size(bufel);
+ comp.data = gnutls_malloc(comp.size);
+ if (comp.data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret =
+ _gnutls_compress(&params->write.compression_state,
+ data, data_size, comp.data, comp.size,
+ session->internals.priorities.
+ stateless_compression);
+ if (ret < 0) {
+ gnutls_free(comp.data);
+ return gnutls_assert_val(ret);
+ }
+
+ comp.size = ret;
+ }
+
+ if (params->write.new_record_padding != 0)
+ ret =
+ compressed_to_ciphertext_new(session,
+ _mbuffer_get_udata_ptr
+ (bufel),
+ _mbuffer_get_udata_size
+ (bufel), &comp, min_pad,
+ type, params);
+ else
+ ret =
+ compressed_to_ciphertext(session,
+ _mbuffer_get_udata_ptr(bufel),
+ _mbuffer_get_udata_size
+ (bufel), &comp, min_pad, type,
+ params);
+
+ if (free_comp)
+ gnutls_free(comp.data);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (IS_DTLS(session))
+ _gnutls_write_uint16(ret,
+ ((uint8_t *)
+ _mbuffer_get_uhead_ptr(bufel)) + 11);
+ else
+ _gnutls_write_uint16(ret,
+ ((uint8_t *)
+ _mbuffer_get_uhead_ptr(bufel)) + 3);
+
+ _mbuffer_set_udata_size(bufel, ret);
+ _mbuffer_set_uhead_size(bufel, 0);
+
+ return _mbuffer_get_udata_size(bufel);
}
/* Decrypts the given data.
@@ -163,108 +172,112 @@ _gnutls_encrypt (gnutls_session_t session,
* The output is preallocated with the maximum allowed data size.
*/
int
-_gnutls_decrypt (gnutls_session_t session,
- gnutls_datum_t *ciphertext,
- gnutls_datum_t *output,
- content_type_t type,
- record_parameters_st * params, uint64 *sequence)
+_gnutls_decrypt(gnutls_session_t session,
+ gnutls_datum_t * ciphertext,
+ gnutls_datum_t * output,
+ content_type_t type,
+ record_parameters_st * params, uint64 * sequence)
{
- int ret;
-
- if (ciphertext->size == 0)
- return 0;
-
- if (is_read_comp_null (params) == 0)
- {
- if (params->read.new_record_padding != 0)
- ret =
- ciphertext_to_compressed_new (session, ciphertext, output,
- type, params, sequence);
- else
- ret =
- ciphertext_to_compressed (session, ciphertext, output,
- type, params, sequence);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return ret;
- }
- else
- {
- gnutls_datum_t tmp;
-
- tmp.size = output->size;
- tmp.data = gnutls_malloc(tmp.size);
- if (tmp.data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- if (params->read.new_record_padding != 0)
- ret =
- ciphertext_to_compressed_new (session, ciphertext, &tmp,
- type, params, sequence);
- else
- ret =
- ciphertext_to_compressed (session, ciphertext, &tmp,
- type, params, sequence);
- if (ret < 0)
- goto leave;
-
- tmp.size = ret;
-
- if (ret != 0)
- {
- ret = _gnutls_decompress( &params->read.compression_state,
- tmp.data, tmp.size,
- output->data, output->size);
- if (ret < 0)
- goto leave;
- }
-
-leave:
- gnutls_free(tmp.data);
- return ret;
- }
+ int ret;
+
+ if (ciphertext->size == 0)
+ return 0;
+
+ if (is_read_comp_null(params) == 0) {
+ if (params->read.new_record_padding != 0)
+ ret =
+ ciphertext_to_compressed_new(session,
+ ciphertext,
+ output, type,
+ params, sequence);
+ else
+ ret =
+ ciphertext_to_compressed(session, ciphertext,
+ output, type, params,
+ sequence);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return ret;
+ } else {
+ gnutls_datum_t tmp;
+
+ tmp.size = output->size;
+ tmp.data = gnutls_malloc(tmp.size);
+ if (tmp.data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ if (params->read.new_record_padding != 0)
+ ret =
+ ciphertext_to_compressed_new(session,
+ ciphertext, &tmp,
+ type, params,
+ sequence);
+ else
+ ret =
+ ciphertext_to_compressed(session, ciphertext,
+ &tmp, type, params,
+ sequence);
+ if (ret < 0)
+ goto leave;
+
+ tmp.size = ret;
+
+ if (ret != 0) {
+ ret =
+ _gnutls_decompress(&params->read.
+ compression_state, tmp.data,
+ tmp.size, output->data,
+ output->size);
+ if (ret < 0)
+ goto leave;
+ }
+
+ leave:
+ gnutls_free(tmp.data);
+ return ret;
+ }
}
inline static int
-calc_enc_length_block (gnutls_session_t session,
- const version_entry_st* ver,
- int data_size,
- int hash_size, uint8_t * pad,
- unsigned auth_cipher, uint16_t blocksize)
+calc_enc_length_block(gnutls_session_t session,
+ const version_entry_st * ver,
+ int data_size,
+ int hash_size, uint8_t * pad,
+ unsigned auth_cipher, uint16_t blocksize)
{
- /* pad is the LH pad the user wants us to add. Besides
- * this LH pad, we only add minimal padding
- */
- unsigned int pre_length = data_size + hash_size + *pad;
- unsigned int length, new_pad;
+ /* pad is the LH pad the user wants us to add. Besides
+ * this LH pad, we only add minimal padding
+ */
+ unsigned int pre_length = data_size + hash_size + *pad;
+ unsigned int length, new_pad;
+
+ new_pad = (uint8_t) (blocksize - (pre_length % blocksize)) + *pad;
- new_pad = (uint8_t) (blocksize - (pre_length % blocksize)) + *pad;
-
- if (new_pad > 255)
- new_pad -= blocksize;
- *pad = new_pad;
+ if (new_pad > 255)
+ new_pad -= blocksize;
+ *pad = new_pad;
- length = data_size + hash_size + *pad;
+ length = data_size + hash_size + *pad;
- if (_gnutls_version_has_explicit_iv(ver))
- length += blocksize; /* for the IV */
+ if (_gnutls_version_has_explicit_iv(ver))
+ length += blocksize; /* for the IV */
- return length;
+ return length;
}
inline static int
-calc_enc_length_stream (gnutls_session_t session, int data_size,
- int hash_size, unsigned auth_cipher)
+calc_enc_length_stream(gnutls_session_t session, int data_size,
+ int hash_size, unsigned auth_cipher)
{
- unsigned int length;
+ unsigned int length;
- length = data_size + hash_size;
- if (auth_cipher)
- length += AEAD_EXPLICIT_DATA_SIZE;
+ length = data_size + hash_size;
+ if (auth_cipher)
+ length += AEAD_EXPLICIT_DATA_SIZE;
- return length;
+ return length;
}
#define MAX_PREAMBLE_SIZE 16
@@ -273,28 +286,27 @@ calc_enc_length_stream (gnutls_session_t session, int data_size,
* and are not to be sent). Returns their size.
*/
static inline int
-make_preamble (uint8_t * uint64_data, uint8_t type, unsigned int length,
- const version_entry_st* ver, uint8_t * preamble)
+make_preamble(uint8_t * uint64_data, uint8_t type, unsigned int length,
+ const version_entry_st * ver, uint8_t * preamble)
{
- uint8_t *p = preamble;
- uint16_t c_length;
-
- c_length = _gnutls_conv_uint16 (length);
-
- memcpy (p, uint64_data, 8);
- p += 8;
- *p = type;
- p++;
- if (ver->id != GNUTLS_SSL3)
- { /* TLS protocols */
- *p = ver->major;
- p++;
- *p = ver->minor;
- p++;
- }
- memcpy (p, &c_length, 2);
- p += 2;
- return p - preamble;
+ uint8_t *p = preamble;
+ uint16_t c_length;
+
+ c_length = _gnutls_conv_uint16(length);
+
+ memcpy(p, uint64_data, 8);
+ p += 8;
+ *p = type;
+ p++;
+ if (ver->id != GNUTLS_SSL3) { /* TLS protocols */
+ *p = ver->major;
+ p++;
+ *p = ver->minor;
+ p++;
+ }
+ memcpy(p, &c_length, 2);
+ p += 2;
+ return p - preamble;
}
/* This is the actual encryption
@@ -303,686 +315,805 @@ make_preamble (uint8_t * uint64_data, uint8_t type, unsigned int length,
* return the actual encrypted data length.
*/
static int
-compressed_to_ciphertext (gnutls_session_t session,
- uint8_t * cipher_data, int cipher_size,
- gnutls_datum_t *compressed,
- size_t min_pad,
- content_type_t type,
- record_parameters_st * params)
+compressed_to_ciphertext(gnutls_session_t session,
+ uint8_t * cipher_data, int cipher_size,
+ gnutls_datum_t * compressed,
+ size_t min_pad,
+ content_type_t type,
+ record_parameters_st * params)
{
- uint8_t pad;
- int length, ret;
- uint8_t preamble[MAX_PREAMBLE_SIZE];
- int preamble_size;
- int tag_size = _gnutls_auth_cipher_tag_len (&params->write.cipher_state);
- int blocksize = _gnutls_cipher_get_block_size (params->cipher);
- unsigned block_algo =
- _gnutls_cipher_is_block (params->cipher);
- uint8_t *data_ptr;
- const version_entry_st* ver = get_version (session);
- int explicit_iv = _gnutls_version_has_explicit_iv (ver);
- int auth_cipher = _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
- uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
- unsigned iv_size;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
-
- _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
- session, _gnutls_cipher_get_name(params->cipher), _gnutls_mac_get_name(params->mac),
- (unsigned int)params->epoch);
-
- preamble_size =
- make_preamble (UINT64DATA
- (params->write.sequence_number),
- type, compressed->size, ver, preamble);
-
- /* Calculate the encrypted length (padding etc.)
- */
- if (block_algo == CIPHER_BLOCK)
- {
- /* Call _gnutls_rnd() once. Get data used for the IV
- */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, nonce, blocksize);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- pad = min_pad;
-
- length =
- calc_enc_length_block (session, ver, compressed->size, tag_size, &pad,
- auth_cipher, blocksize);
- }
- else
- {
- pad = 0;
- length =
- calc_enc_length_stream (session, compressed->size, tag_size,
- auth_cipher);
- }
-
- if (length < 0)
- return gnutls_assert_val(length);
-
- /* copy the encrypted data to cipher_data.
- */
- if (cipher_size < length)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- data_ptr = cipher_data;
-
- if (explicit_iv) /* TLS 1.1 or later */
- {
- if (block_algo == CIPHER_BLOCK)
- {
- /* copy the random IV.
- */
- memcpy(data_ptr, nonce, blocksize);
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, data_ptr, blocksize);
-
- data_ptr += blocksize;
- cipher_data += blocksize;
- }
- else if (auth_cipher)
- {
- /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
- */
- if (params->write.IV.data == NULL || params->write.IV.size != AEAD_IMPLICIT_DATA_SIZE)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* Instead of generating a new nonce on every packet, we use the
- * write.sequence_number (It is a MAY on RFC 5288).
- */
- memcpy(nonce, params->write.IV.data, params->write.IV.size);
- memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE], UINT64DATA(params->write.sequence_number), 8);
-
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, nonce, AEAD_IMPLICIT_DATA_SIZE+AEAD_EXPLICIT_DATA_SIZE);
-
- /* copy the explicit part */
- memcpy(data_ptr, &nonce[AEAD_IMPLICIT_DATA_SIZE], AEAD_EXPLICIT_DATA_SIZE);
-
- data_ptr += AEAD_EXPLICIT_DATA_SIZE;
- cipher_data += AEAD_EXPLICIT_DATA_SIZE;
- }
- else if (iv_size > 0)
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
- }
- else
- {
- /* AEAD ciphers have an explicit IV. Shouldn't be used otherwise.
- */
- if (auth_cipher)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- else if (block_algo == CIPHER_STREAM && iv_size > 0)
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
- }
-
- _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
-
- /* add the authenticate data */
- ret = _gnutls_auth_cipher_add_auth(&params->write.cipher_state, preamble, preamble_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Actual encryption.
- */
- ret =
- _gnutls_auth_cipher_encrypt2_tag (&params->write.cipher_state,
- compressed->data, compressed->size, cipher_data, cipher_size,
- pad);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return length;
+ uint8_t pad;
+ int length, ret;
+ uint8_t preamble[MAX_PREAMBLE_SIZE];
+ int preamble_size;
+ int tag_size =
+ _gnutls_auth_cipher_tag_len(&params->write.cipher_state);
+ int blocksize = _gnutls_cipher_get_block_size(params->cipher);
+ unsigned block_algo = _gnutls_cipher_is_block(params->cipher);
+ uint8_t *data_ptr;
+ const version_entry_st *ver = get_version(session);
+ int explicit_iv = _gnutls_version_has_explicit_iv(ver);
+ int auth_cipher =
+ _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
+ uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
+ unsigned iv_size;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
+
+ _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
+ session, _gnutls_cipher_get_name(params->cipher),
+ _gnutls_mac_get_name(params->mac),
+ (unsigned int) params->epoch);
+
+ preamble_size =
+ make_preamble(UINT64DATA
+ (params->write.sequence_number),
+ type, compressed->size, ver, preamble);
+
+ /* Calculate the encrypted length (padding etc.)
+ */
+ if (block_algo == CIPHER_BLOCK) {
+ /* Call _gnutls_rnd() once. Get data used for the IV
+ */
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, nonce, blocksize);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ pad = min_pad;
+
+ length =
+ calc_enc_length_block(session, ver, compressed->size,
+ tag_size, &pad, auth_cipher,
+ blocksize);
+ } else {
+ pad = 0;
+ length =
+ calc_enc_length_stream(session, compressed->size,
+ tag_size, auth_cipher);
+ }
+
+ if (length < 0)
+ return gnutls_assert_val(length);
+
+ /* copy the encrypted data to cipher_data.
+ */
+ if (cipher_size < length)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ data_ptr = cipher_data;
+
+ if (explicit_iv) { /* TLS 1.1 or later */
+ if (block_algo == CIPHER_BLOCK) {
+ /* copy the random IV.
+ */
+ memcpy(data_ptr, nonce, blocksize);
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state, data_ptr,
+ blocksize);
+
+ data_ptr += blocksize;
+ cipher_data += blocksize;
+ } else if (auth_cipher) {
+ /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
+ */
+ if (params->write.IV.data == NULL
+ || params->write.IV.size !=
+ AEAD_IMPLICIT_DATA_SIZE)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ /* Instead of generating a new nonce on every packet, we use the
+ * write.sequence_number (It is a MAY on RFC 5288).
+ */
+ memcpy(nonce, params->write.IV.data,
+ params->write.IV.size);
+ memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE],
+ UINT64DATA(params->write.sequence_number),
+ 8);
+
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state, nonce,
+ AEAD_IMPLICIT_DATA_SIZE +
+ AEAD_EXPLICIT_DATA_SIZE);
+
+ /* copy the explicit part */
+ memcpy(data_ptr, &nonce[AEAD_IMPLICIT_DATA_SIZE],
+ AEAD_EXPLICIT_DATA_SIZE);
+
+ data_ptr += AEAD_EXPLICIT_DATA_SIZE;
+ cipher_data += AEAD_EXPLICIT_DATA_SIZE;
+ } else if (iv_size > 0)
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state,
+ UINT64DATA(params->write.
+ sequence_number),
+ 8);
+ } else {
+ /* AEAD ciphers have an explicit IV. Shouldn't be used otherwise.
+ */
+ if (auth_cipher)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ else if (block_algo == CIPHER_STREAM && iv_size > 0)
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state,
+ UINT64DATA(params->write.
+ sequence_number),
+ 8);
+ }
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state,
+ UINT64DATA(params->write.
+ sequence_number), 8);
+
+ /* add the authenticate data */
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->write.cipher_state,
+ preamble, preamble_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Actual encryption.
+ */
+ ret =
+ _gnutls_auth_cipher_encrypt2_tag(&params->write.cipher_state,
+ compressed->data,
+ compressed->size, cipher_data,
+ cipher_size, pad);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return length;
}
static int
-compressed_to_ciphertext_new (gnutls_session_t session,
- uint8_t * cipher_data, int cipher_size,
- gnutls_datum_t *compressed,
- size_t min_pad,
- content_type_t type,
- record_parameters_st * params)
+compressed_to_ciphertext_new(gnutls_session_t session,
+ uint8_t * cipher_data, int cipher_size,
+ gnutls_datum_t * compressed,
+ size_t min_pad,
+ content_type_t type,
+ record_parameters_st * params)
{
- uint16_t pad = min_pad;
- int length, length_to_encrypt, ret;
- uint8_t preamble[MAX_PREAMBLE_SIZE];
- int preamble_size;
- int tag_size = _gnutls_auth_cipher_tag_len (&params->write.cipher_state);
- int blocksize = _gnutls_cipher_get_block_size (params->cipher);
- unsigned block_algo =
- _gnutls_cipher_is_block (params->cipher);
- uint8_t *data_ptr;
- const version_entry_st* ver = get_version (session);
- int explicit_iv = _gnutls_version_has_explicit_iv (ver);
- int auth_cipher = _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
- uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
- unsigned iv_size, final_cipher_size;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
-
- _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
- session, _gnutls_cipher_get_name(params->cipher), _gnutls_mac_get_name(params->mac),
- (unsigned int)params->epoch);
-
- /* Call _gnutls_rnd() once. Get data used for the IV
- */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, nonce, blocksize);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* cipher_data points to the start of data to be encrypted */
- data_ptr = cipher_data;
-
- length_to_encrypt = length = 0;
-
- if (explicit_iv)
- {
- if (block_algo == CIPHER_BLOCK)
- {
- /* copy the random IV.
- */
- DECR_LEN(cipher_size, blocksize);
-
- memcpy(data_ptr, nonce, blocksize);
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, data_ptr, blocksize);
-
- data_ptr += blocksize;
- cipher_data += blocksize;
- length += blocksize;
- }
- else if (auth_cipher)
- {
- /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
- */
- if (params->write.IV.data == NULL || params->write.IV.size != AEAD_IMPLICIT_DATA_SIZE)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* Instead of generating a new nonce on every packet, we use the
- * write.sequence_number (It is a MAY on RFC 5288).
- */
- memcpy(nonce, params->write.IV.data, params->write.IV.size);
- memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE], UINT64DATA(params->write.sequence_number), 8);
-
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, nonce, AEAD_IMPLICIT_DATA_SIZE+AEAD_EXPLICIT_DATA_SIZE);
-
- /* copy the explicit part */
- DECR_LEN(cipher_size, AEAD_EXPLICIT_DATA_SIZE);
- memcpy(data_ptr, &nonce[AEAD_IMPLICIT_DATA_SIZE], AEAD_EXPLICIT_DATA_SIZE);
-
- data_ptr += AEAD_EXPLICIT_DATA_SIZE;
- cipher_data += AEAD_EXPLICIT_DATA_SIZE;
- length += AEAD_EXPLICIT_DATA_SIZE;
- }
- else if (iv_size > 0)
- _gnutls_auth_cipher_setiv(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
- }
- else
- {
- /* AEAD ciphers have an explicit IV. Shouldn't be used otherwise.
- */
- if (auth_cipher) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
-
- DECR_LEN(cipher_size, 2);
-
- if (block_algo == CIPHER_BLOCK) /* make pad a multiple of blocksize */
- {
- unsigned t = (2 + pad + compressed->size + tag_size) % blocksize;
- if (t > 0)
- {
- pad += blocksize - t;
- }
- }
-
- _gnutls_write_uint16 (pad, data_ptr);
- data_ptr += 2;
- length_to_encrypt += 2;
- length += 2;
- final_cipher_size = cipher_size;
-
- if (pad > 0)
- {
- unsigned t;
-
- t = cipher_size - compressed->size;
- if (pad > t)
- {
- if (block_algo == CIPHER_BLOCK)
- {
- if (pad <= blocksize)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- pad -= blocksize*((pad-t)/blocksize);
- }
- else
- pad = t;
- }
-
- DECR_LEN(cipher_size, pad);
-
- memset(data_ptr, 0, pad);
- data_ptr += pad;
- length_to_encrypt += pad;
- length += pad;
- }
-
- DECR_LEN(cipher_size, compressed->size);
-
- memcpy (data_ptr, compressed->data, compressed->size);
- data_ptr += compressed->size;
- length_to_encrypt += compressed->size;
- length += compressed->size;
-
- if (tag_size > 0)
- {
- DECR_LEN(cipher_size, tag_size);
-
- data_ptr += tag_size;
-
- /* In AEAD ciphers we don't encrypt the tag
- */
- length += tag_size;
- }
-
- preamble_size =
- make_preamble (UINT64DATA
- (params->write.sequence_number),
- type, compressed->size+2+pad, ver, preamble);
-
- _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
- /* add the authenticated data */
- ret = _gnutls_auth_cipher_add_auth(&params->write.cipher_state, preamble, preamble_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Actual encryption (inplace).
- */
- ret =
- _gnutls_auth_cipher_encrypt2_tag (&params->write.cipher_state,
- cipher_data, length_to_encrypt,
- cipher_data, final_cipher_size, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return length;
+ uint16_t pad = min_pad;
+ int length, length_to_encrypt, ret;
+ uint8_t preamble[MAX_PREAMBLE_SIZE];
+ int preamble_size;
+ int tag_size =
+ _gnutls_auth_cipher_tag_len(&params->write.cipher_state);
+ int blocksize = _gnutls_cipher_get_block_size(params->cipher);
+ unsigned block_algo = _gnutls_cipher_is_block(params->cipher);
+ uint8_t *data_ptr;
+ const version_entry_st *ver = get_version(session);
+ int explicit_iv = _gnutls_version_has_explicit_iv(ver);
+ int auth_cipher =
+ _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
+ uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
+ unsigned iv_size, final_cipher_size;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
+
+ _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
+ session, _gnutls_cipher_get_name(params->cipher),
+ _gnutls_mac_get_name(params->mac),
+ (unsigned int) params->epoch);
+
+ /* Call _gnutls_rnd() once. Get data used for the IV
+ */
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, nonce, blocksize);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* cipher_data points to the start of data to be encrypted */
+ data_ptr = cipher_data;
+
+ length_to_encrypt = length = 0;
+
+ if (explicit_iv) {
+ if (block_algo == CIPHER_BLOCK) {
+ /* copy the random IV.
+ */
+ DECR_LEN(cipher_size, blocksize);
+
+ memcpy(data_ptr, nonce, blocksize);
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state, data_ptr,
+ blocksize);
+
+ data_ptr += blocksize;
+ cipher_data += blocksize;
+ length += blocksize;
+ } else if (auth_cipher) {
+ /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
+ */
+ if (params->write.IV.data == NULL
+ || params->write.IV.size !=
+ AEAD_IMPLICIT_DATA_SIZE)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ /* Instead of generating a new nonce on every packet, we use the
+ * write.sequence_number (It is a MAY on RFC 5288).
+ */
+ memcpy(nonce, params->write.IV.data,
+ params->write.IV.size);
+ memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE],
+ UINT64DATA(params->write.sequence_number),
+ 8);
+
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state, nonce,
+ AEAD_IMPLICIT_DATA_SIZE +
+ AEAD_EXPLICIT_DATA_SIZE);
+
+ /* copy the explicit part */
+ DECR_LEN(cipher_size, AEAD_EXPLICIT_DATA_SIZE);
+ memcpy(data_ptr, &nonce[AEAD_IMPLICIT_DATA_SIZE],
+ AEAD_EXPLICIT_DATA_SIZE);
+
+ data_ptr += AEAD_EXPLICIT_DATA_SIZE;
+ cipher_data += AEAD_EXPLICIT_DATA_SIZE;
+ length += AEAD_EXPLICIT_DATA_SIZE;
+ } else if (iv_size > 0)
+ _gnutls_auth_cipher_setiv(&params->write.
+ cipher_state,
+ UINT64DATA(params->write.
+ sequence_number),
+ 8);
+ } else {
+ /* AEAD ciphers have an explicit IV. Shouldn't be used otherwise.
+ */
+ if (auth_cipher)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ DECR_LEN(cipher_size, 2);
+
+ if (block_algo == CIPHER_BLOCK) { /* make pad a multiple of blocksize */
+ unsigned t =
+ (2 + pad + compressed->size + tag_size) % blocksize;
+ if (t > 0) {
+ pad += blocksize - t;
+ }
+ }
+
+ _gnutls_write_uint16(pad, data_ptr);
+ data_ptr += 2;
+ length_to_encrypt += 2;
+ length += 2;
+ final_cipher_size = cipher_size;
+
+ if (pad > 0) {
+ unsigned t;
+
+ t = cipher_size - compressed->size;
+ if (pad > t) {
+ if (block_algo == CIPHER_BLOCK) {
+ if (pad <= blocksize)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+
+ pad -= blocksize * ((pad - t) / blocksize);
+ } else
+ pad = t;
+ }
+
+ DECR_LEN(cipher_size, pad);
+
+ memset(data_ptr, 0, pad);
+ data_ptr += pad;
+ length_to_encrypt += pad;
+ length += pad;
+ }
+
+ DECR_LEN(cipher_size, compressed->size);
+
+ memcpy(data_ptr, compressed->data, compressed->size);
+ data_ptr += compressed->size;
+ length_to_encrypt += compressed->size;
+ length += compressed->size;
+
+ if (tag_size > 0) {
+ DECR_LEN(cipher_size, tag_size);
+
+ data_ptr += tag_size;
+
+ /* In AEAD ciphers we don't encrypt the tag
+ */
+ length += tag_size;
+ }
+
+ preamble_size =
+ make_preamble(UINT64DATA
+ (params->write.sequence_number),
+ type, compressed->size + 2 + pad, ver, preamble);
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state,
+ UINT64DATA(params->write.
+ sequence_number), 8);
+ /* add the authenticated data */
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->write.cipher_state,
+ preamble, preamble_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Actual encryption (inplace).
+ */
+ ret =
+ _gnutls_auth_cipher_encrypt2_tag(&params->write.cipher_state,
+ cipher_data,
+ length_to_encrypt,
+ cipher_data,
+ final_cipher_size, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return length;
}
-static void dummy_wait(record_parameters_st * params, gnutls_datum_t* plaintext,
- unsigned pad_failed, unsigned int pad, unsigned total)
+static void dummy_wait(record_parameters_st * params,
+ gnutls_datum_t * plaintext, unsigned pad_failed,
+ unsigned int pad, unsigned total)
{
- /* this hack is only needed on CBC ciphers */
- if (_gnutls_cipher_is_block (params->cipher) == CIPHER_BLOCK)
- {
- unsigned len;
-
- /* force an additional hash compression function evaluation to prevent timing
- * attacks that distinguish between wrong-mac + correct pad, from wrong-mac + incorrect pad.
- */
- if (pad_failed == 0 && pad > 0)
- {
- len = _gnutls_mac_block_size(params->mac);
- if (len > 0)
- {
- /* This is really specific to the current hash functions.
- * It should be removed once a protocol fix is in place.
- */
- if ((pad+total) % len > len-9 && total % len <= len-9)
- {
- if (len < plaintext->size)
- _gnutls_auth_cipher_add_auth (&params->read.cipher_state, plaintext->data, len);
- else
- _gnutls_auth_cipher_add_auth (&params->read.cipher_state, plaintext->data, plaintext->size);
- }
- }
- }
- }
+ /* this hack is only needed on CBC ciphers */
+ if (_gnutls_cipher_is_block(params->cipher) == CIPHER_BLOCK) {
+ unsigned len;
+
+ /* force an additional hash compression function evaluation to prevent timing
+ * attacks that distinguish between wrong-mac + correct pad, from wrong-mac + incorrect pad.
+ */
+ if (pad_failed == 0 && pad > 0) {
+ len = _gnutls_mac_block_size(params->mac);
+ if (len > 0) {
+ /* This is really specific to the current hash functions.
+ * It should be removed once a protocol fix is in place.
+ */
+ if ((pad + total) % len > len - 9
+ && total % len <= len - 9) {
+ if (len < plaintext->size)
+ _gnutls_auth_cipher_add_auth
+ (&params->read.
+ cipher_state,
+ plaintext->data, len);
+ else
+ _gnutls_auth_cipher_add_auth
+ (&params->read.
+ cipher_state,
+ plaintext->data,
+ plaintext->size);
+ }
+ }
+ }
+ }
}
/* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size.
* Returns the actual compressed packet size.
*/
static int
-ciphertext_to_compressed (gnutls_session_t session,
- gnutls_datum_t *ciphertext,
- gnutls_datum_t * compressed,
- uint8_t type, record_parameters_st * params,
- uint64* sequence)
+ciphertext_to_compressed(gnutls_session_t session,
+ gnutls_datum_t * ciphertext,
+ gnutls_datum_t * compressed,
+ uint8_t type, record_parameters_st * params,
+ uint64 * sequence)
{
- uint8_t tag[MAX_HASH_SIZE];
- const uint8_t* tag_ptr;
- unsigned int pad = 0, i;
- int length, length_to_decrypt;
- uint16_t blocksize;
- int ret;
- unsigned int tmp_pad_failed = 0;
- unsigned int pad_failed = 0;
- uint8_t preamble[MAX_PREAMBLE_SIZE];
- unsigned int preamble_size;
- const version_entry_st* ver = get_version (session);
- unsigned int tag_size = _gnutls_auth_cipher_tag_len (&params->read.cipher_state);
- unsigned int explicit_iv = _gnutls_version_has_explicit_iv (ver);
- unsigned iv_size;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
- blocksize = _gnutls_cipher_get_block_size (params->cipher);
-
- /* actual decryption (inplace)
- */
- switch (_gnutls_cipher_is_block (params->cipher))
- {
- case CIPHER_STREAM:
- /* The way AEAD ciphers are defined in RFC5246, it allows
- * only stream ciphers.
- */
- if (explicit_iv && _gnutls_auth_cipher_is_aead(&params->read.cipher_state))
- {
- uint8_t nonce[blocksize];
- /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
- */
- if (unlikely(params->read.IV.data == NULL || params->read.IV.size != 4))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (unlikely(ciphertext->size < tag_size+AEAD_EXPLICIT_DATA_SIZE))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- memcpy(nonce, params->read.IV.data, AEAD_IMPLICIT_DATA_SIZE);
- memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE], ciphertext->data, AEAD_EXPLICIT_DATA_SIZE);
-
- _gnutls_auth_cipher_setiv(&params->read.cipher_state, nonce, AEAD_EXPLICIT_DATA_SIZE+AEAD_IMPLICIT_DATA_SIZE);
-
- ciphertext->data += AEAD_EXPLICIT_DATA_SIZE;
- ciphertext->size -= AEAD_EXPLICIT_DATA_SIZE;
-
- length = length_to_decrypt = ciphertext->size - tag_size;
- tag_ptr = ciphertext->data + length_to_decrypt;
- }
- else if (iv_size > 0)
- { /* a stream cipher with explicit IV */
- _gnutls_auth_cipher_setiv(&params->read.cipher_state, UINT64DATA(*sequence), 8);
- length_to_decrypt = ciphertext->size;
- length = ciphertext->size - tag_size;
- tag_ptr = compressed->data + length;
- }
- else
- {
- if (unlikely(ciphertext->size < tag_size))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- length_to_decrypt = ciphertext->size;
- length = ciphertext->size - tag_size;
- tag_ptr = compressed->data + length;
- }
-
-
- /* Pass the type, version, length and compressed through
- * MAC.
- */
- preamble_size =
- make_preamble (UINT64DATA(*sequence), type,
- length, ver, preamble);
-
- _gnutls_auth_cipher_set_mac_nonce(&params->read.cipher_state, UINT64DATA(*sequence), 8);
- ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- if (unlikely((unsigned)length_to_decrypt > compressed->size))
- {
- _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
- (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
- }
-
- ret =
- _gnutls_auth_cipher_decrypt2 (&params->read.cipher_state,
- ciphertext->data, length_to_decrypt,
- compressed->data, compressed->size);
-
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- break;
- case CIPHER_BLOCK:
- if (unlikely(ciphertext->size < blocksize || (ciphertext->size % blocksize != 0)))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- /* ignore the IV in TLS 1.1+
- */
- if (explicit_iv)
- {
- _gnutls_auth_cipher_setiv(&params->read.cipher_state,
- ciphertext->data, blocksize);
-
- ciphertext->size -= blocksize;
- ciphertext->data += blocksize;
- }
-
- if (unlikely(ciphertext->size < tag_size+1))
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
-
- /* we don't use the auth_cipher interface here, since
- * TLS with block ciphers is impossible to be used under such
- * an API. (the length of plaintext is required to calculate
- * auth_data, but it is not available before decryption).
- */
- if (unlikely(ciphertext->size > compressed->size))
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
-
- ret =
- _gnutls_cipher_decrypt2 (&params->read.cipher_state.cipher,
- ciphertext->data, ciphertext->size,
- compressed->data, compressed->size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- pad = compressed->data[ciphertext->size - 1]; /* pad */
-
- /* Check the pading bytes (TLS 1.x).
- * Note that we access all 256 bytes of ciphertext for padding check
- * because there is a timing channel in that memory access (in certain CPUs).
- */
- if (ver->id != GNUTLS_SSL3)
- for (i = 2; i <= MIN(256, ciphertext->size); i++)
- {
- tmp_pad_failed |= (compressed->data[ciphertext->size - i] != pad);
- pad_failed |= ((i<= (1+pad)) & (tmp_pad_failed));
- }
-
- if (unlikely(pad_failed != 0 || (1+pad > ((int) ciphertext->size - tag_size))))
- {
- /* We do not fail here. We check below for the
- * the pad_failed. If zero means success.
- */
- pad_failed = 1;
- pad = 0;
- }
-
- length = ciphertext->size - tag_size - pad - 1;
- tag_ptr = &compressed->data[length];
-
- /* Pass the type, version, length and compressed through
- * MAC.
- */
- preamble_size =
- make_preamble (UINT64DATA(*sequence), type,
- length, ver, preamble);
-
- _gnutls_auth_cipher_set_mac_nonce(&params->read.cipher_state, UINT64DATA(*sequence), 8);
- ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, compressed->data, length);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- break;
- default:
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
-
- ret = _gnutls_auth_cipher_tag(&params->read.cipher_state, tag, tag_size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- /* Here there could be a timing leakage in CBC ciphersuites that
- * could be exploited if the cost of a successful memcmp is high.
- * A constant time memcmp would help there, but it is not easy to maintain
- * against compiler optimizations. Currently we rely on the fact that
- * a memcmp comparison is negligible over the crypto operations.
- */
- if (unlikely(memcmp (tag, tag_ptr, tag_size) != 0 || pad_failed != 0))
- {
- /* HMAC was not the same. */
- dummy_wait(params, compressed, pad_failed, pad, length+preamble_size);
-
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
- }
-
- return length;
+ uint8_t tag[MAX_HASH_SIZE];
+ const uint8_t *tag_ptr;
+ unsigned int pad = 0, i;
+ int length, length_to_decrypt;
+ uint16_t blocksize;
+ int ret;
+ unsigned int tmp_pad_failed = 0;
+ unsigned int pad_failed = 0;
+ uint8_t preamble[MAX_PREAMBLE_SIZE];
+ unsigned int preamble_size;
+ const version_entry_st *ver = get_version(session);
+ unsigned int tag_size =
+ _gnutls_auth_cipher_tag_len(&params->read.cipher_state);
+ unsigned int explicit_iv = _gnutls_version_has_explicit_iv(ver);
+ unsigned iv_size;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
+ blocksize = _gnutls_cipher_get_block_size(params->cipher);
+
+ /* actual decryption (inplace)
+ */
+ switch (_gnutls_cipher_is_block(params->cipher)) {
+ case CIPHER_STREAM:
+ /* The way AEAD ciphers are defined in RFC5246, it allows
+ * only stream ciphers.
+ */
+ if (explicit_iv
+ && _gnutls_auth_cipher_is_aead(&params->read.
+ cipher_state)) {
+ uint8_t nonce[blocksize];
+ /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
+ */
+ if (unlikely
+ (params->read.IV.data == NULL
+ || params->read.IV.size != 4))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ if (unlikely
+ (ciphertext->size <
+ tag_size + AEAD_EXPLICIT_DATA_SIZE))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ memcpy(nonce, params->read.IV.data,
+ AEAD_IMPLICIT_DATA_SIZE);
+ memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE],
+ ciphertext->data, AEAD_EXPLICIT_DATA_SIZE);
+
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state, nonce,
+ AEAD_EXPLICIT_DATA_SIZE +
+ AEAD_IMPLICIT_DATA_SIZE);
+
+ ciphertext->data += AEAD_EXPLICIT_DATA_SIZE;
+ ciphertext->size -= AEAD_EXPLICIT_DATA_SIZE;
+
+ length = length_to_decrypt =
+ ciphertext->size - tag_size;
+ tag_ptr = ciphertext->data + length_to_decrypt;
+ } else if (iv_size > 0) { /* a stream cipher with explicit IV */
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state,
+ UINT64DATA(*sequence),
+ 8);
+ length_to_decrypt = ciphertext->size;
+ length = ciphertext->size - tag_size;
+ tag_ptr = compressed->data + length;
+ } else {
+ if (unlikely(ciphertext->size < tag_size))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ length_to_decrypt = ciphertext->size;
+ length = ciphertext->size - tag_size;
+ tag_ptr = compressed->data + length;
+ }
+
+
+ /* Pass the type, version, length and compressed through
+ * MAC.
+ */
+ preamble_size =
+ make_preamble(UINT64DATA(*sequence), type,
+ length, ver, preamble);
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->read.
+ cipher_state,
+ UINT64DATA(*sequence),
+ 8);
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->read.
+ cipher_state, preamble,
+ preamble_size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ if (unlikely
+ ((unsigned) length_to_decrypt > compressed->size)) {
+ _gnutls_audit_log(session,
+ "Received %u bytes, while expecting less than %u\n",
+ (unsigned int) length_to_decrypt,
+ (unsigned int) compressed->size);
+ return
+ gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ }
+
+ ret =
+ _gnutls_auth_cipher_decrypt2(&params->read.
+ cipher_state,
+ ciphertext->data,
+ length_to_decrypt,
+ compressed->data,
+ compressed->size);
+
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ break;
+ case CIPHER_BLOCK:
+ if (unlikely
+ (ciphertext->size < blocksize
+ || (ciphertext->size % blocksize != 0)))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ /* ignore the IV in TLS 1.1+
+ */
+ if (explicit_iv) {
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state,
+ ciphertext->data,
+ blocksize);
+
+ ciphertext->size -= blocksize;
+ ciphertext->data += blocksize;
+ }
+
+ if (unlikely(ciphertext->size < tag_size + 1))
+ return
+ gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
+ /* we don't use the auth_cipher interface here, since
+ * TLS with block ciphers is impossible to be used under such
+ * an API. (the length of plaintext is required to calculate
+ * auth_data, but it is not available before decryption).
+ */
+ if (unlikely(ciphertext->size > compressed->size))
+ return
+ gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
+ ret =
+ _gnutls_cipher_decrypt2(&params->read.cipher_state.
+ cipher, ciphertext->data,
+ ciphertext->size,
+ compressed->data,
+ compressed->size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ pad = compressed->data[ciphertext->size - 1]; /* pad */
+
+ /* Check the pading bytes (TLS 1.x).
+ * Note that we access all 256 bytes of ciphertext for padding check
+ * because there is a timing channel in that memory access (in certain CPUs).
+ */
+ if (ver->id != GNUTLS_SSL3)
+ for (i = 2; i <= MIN(256, ciphertext->size); i++) {
+ tmp_pad_failed |=
+ (compressed->
+ data[ciphertext->size - i] != pad);
+ pad_failed |=
+ ((i <= (1 + pad)) & (tmp_pad_failed));
+ }
+
+ if (unlikely
+ (pad_failed != 0
+ || (1 + pad > ((int) ciphertext->size - tag_size)))) {
+ /* We do not fail here. We check below for the
+ * the pad_failed. If zero means success.
+ */
+ pad_failed = 1;
+ pad = 0;
+ }
+
+ length = ciphertext->size - tag_size - pad - 1;
+ tag_ptr = &compressed->data[length];
+
+ /* Pass the type, version, length and compressed through
+ * MAC.
+ */
+ preamble_size =
+ make_preamble(UINT64DATA(*sequence), type,
+ length, ver, preamble);
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->read.
+ cipher_state,
+ UINT64DATA(*sequence),
+ 8);
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->read.
+ cipher_state, preamble,
+ preamble_size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->read.
+ cipher_state,
+ compressed->data, length);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ break;
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ ret =
+ _gnutls_auth_cipher_tag(&params->read.cipher_state, tag,
+ tag_size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ /* Here there could be a timing leakage in CBC ciphersuites that
+ * could be exploited if the cost of a successful memcmp is high.
+ * A constant time memcmp would help there, but it is not easy to maintain
+ * against compiler optimizations. Currently we rely on the fact that
+ * a memcmp comparison is negligible over the crypto operations.
+ */
+ if (unlikely
+ (memcmp(tag, tag_ptr, tag_size) != 0 || pad_failed != 0)) {
+ /* HMAC was not the same. */
+ dummy_wait(params, compressed, pad_failed, pad,
+ length + preamble_size);
+
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+ }
+
+ return length;
}
static int
-ciphertext_to_compressed_new (gnutls_session_t restrict session,
- gnutls_datum_t *restrict ciphertext,
- gnutls_datum_t *restrict compressed,
- uint8_t type, record_parameters_st *restrict params,
- uint64* restrict sequence)
+ciphertext_to_compressed_new(gnutls_session_t restrict session,
+ gnutls_datum_t * restrict ciphertext,
+ gnutls_datum_t * restrict compressed,
+ uint8_t type,
+ record_parameters_st * restrict params,
+ uint64 * restrict sequence)
{
- uint8_t tag[MAX_HASH_SIZE];
- const uint8_t *tag_ptr;
- unsigned int pad;
- int length, length_to_decrypt;
- uint16_t blocksize;
- int ret;
- uint8_t preamble[MAX_PREAMBLE_SIZE];
- unsigned int preamble_size;
- const version_entry_st* ver = get_version (session);
- unsigned int tag_size = _gnutls_auth_cipher_tag_len (&params->read.cipher_state);
- unsigned int explicit_iv = _gnutls_version_has_explicit_iv (ver);
- unsigned iv_size;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
- blocksize = _gnutls_cipher_get_block_size (params->cipher);
-
- /* actual decryption (inplace)
- */
- switch (_gnutls_cipher_is_block (params->cipher))
- {
- case CIPHER_STREAM:
- /* The way AEAD ciphers are defined in RFC5246, it allows
- * only stream ciphers.
- */
- if (explicit_iv && _gnutls_auth_cipher_is_aead(&params->read.cipher_state))
- {
- uint8_t nonce[blocksize];
- /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
- */
- if (params->read.IV.data == NULL || params->read.IV.size != 4)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (ciphertext->size < tag_size+AEAD_EXPLICIT_DATA_SIZE + 2)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- memcpy(nonce, params->read.IV.data, AEAD_IMPLICIT_DATA_SIZE);
- memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE], ciphertext->data, AEAD_EXPLICIT_DATA_SIZE);
-
- _gnutls_auth_cipher_setiv(&params->read.cipher_state, nonce, AEAD_EXPLICIT_DATA_SIZE+AEAD_IMPLICIT_DATA_SIZE);
-
- ciphertext->data += AEAD_EXPLICIT_DATA_SIZE;
- ciphertext->size -= AEAD_EXPLICIT_DATA_SIZE;
-
- length_to_decrypt = ciphertext->size - tag_size;
- }
- else if (iv_size > 0)
- { /* a stream cipher with explicit IV */
- _gnutls_auth_cipher_setiv(&params->read.cipher_state, UINT64DATA(*sequence), 8);
- length_to_decrypt = ciphertext->size;
- }
- else
- {
- if (ciphertext->size < tag_size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- length_to_decrypt = ciphertext->size;
- }
- break;
- case CIPHER_BLOCK:
- if (ciphertext->size < blocksize || (ciphertext->size % blocksize != 0))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- if (explicit_iv)
- {
- _gnutls_auth_cipher_setiv(&params->read.cipher_state,
- ciphertext->data, blocksize);
-
- ciphertext->size -= blocksize;
- ciphertext->data += blocksize;
- }
-
- if (ciphertext->size < tag_size + 2)
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
-
- length_to_decrypt = ciphertext->size;
- if (length_to_decrypt < blocksize)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- break;
-
- default:
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
-
- length = ciphertext->size - tag_size;
-
- preamble_size =
- make_preamble (UINT64DATA(*sequence), type,
- length, ver, preamble);
-
- _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state, UINT64DATA(*sequence), 8);
- ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret =
- _gnutls_auth_cipher_decrypt2 (&params->read.cipher_state,
- ciphertext->data, length_to_decrypt,
- ciphertext->data, ciphertext->size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- pad = _gnutls_read_uint16(ciphertext->data);
-
- tag_ptr = &ciphertext->data[length];
- ret = _gnutls_auth_cipher_tag(&params->read.cipher_state, tag, tag_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Check MAC.
- */
- if (memcmp (tag, tag_ptr, tag_size) != 0)
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
-
- DECR_LEN(length, 2+pad);
-
- /* copy the decrypted stuff to compress_data.
- */
- if (compressed->size < (unsigned)length)
- return gnutls_assert_val(GNUTLS_E_DECOMPRESSION_FAILED);
-
- memcpy (compressed->data, &ciphertext->data[2+pad], length);
-
- return length;
+ uint8_t tag[MAX_HASH_SIZE];
+ const uint8_t *tag_ptr;
+ unsigned int pad;
+ int length, length_to_decrypt;
+ uint16_t blocksize;
+ int ret;
+ uint8_t preamble[MAX_PREAMBLE_SIZE];
+ unsigned int preamble_size;
+ const version_entry_st *ver = get_version(session);
+ unsigned int tag_size =
+ _gnutls_auth_cipher_tag_len(&params->read.cipher_state);
+ unsigned int explicit_iv = _gnutls_version_has_explicit_iv(ver);
+ unsigned iv_size;
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
+ blocksize = _gnutls_cipher_get_block_size(params->cipher);
+
+ /* actual decryption (inplace)
+ */
+ switch (_gnutls_cipher_is_block(params->cipher)) {
+ case CIPHER_STREAM:
+ /* The way AEAD ciphers are defined in RFC5246, it allows
+ * only stream ciphers.
+ */
+ if (explicit_iv
+ && _gnutls_auth_cipher_is_aead(&params->read.
+ cipher_state)) {
+ uint8_t nonce[blocksize];
+ /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
+ */
+ if (params->read.IV.data == NULL
+ || params->read.IV.size != 4)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ if (ciphertext->size <
+ tag_size + AEAD_EXPLICIT_DATA_SIZE + 2)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ memcpy(nonce, params->read.IV.data,
+ AEAD_IMPLICIT_DATA_SIZE);
+ memcpy(&nonce[AEAD_IMPLICIT_DATA_SIZE],
+ ciphertext->data, AEAD_EXPLICIT_DATA_SIZE);
+
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state, nonce,
+ AEAD_EXPLICIT_DATA_SIZE +
+ AEAD_IMPLICIT_DATA_SIZE);
+
+ ciphertext->data += AEAD_EXPLICIT_DATA_SIZE;
+ ciphertext->size -= AEAD_EXPLICIT_DATA_SIZE;
+
+ length_to_decrypt = ciphertext->size - tag_size;
+ } else if (iv_size > 0) { /* a stream cipher with explicit IV */
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state,
+ UINT64DATA(*sequence),
+ 8);
+ length_to_decrypt = ciphertext->size;
+ } else {
+ if (ciphertext->size < tag_size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ length_to_decrypt = ciphertext->size;
+ }
+ break;
+ case CIPHER_BLOCK:
+ if (ciphertext->size < blocksize
+ || (ciphertext->size % blocksize != 0))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ if (explicit_iv) {
+ _gnutls_auth_cipher_setiv(&params->read.
+ cipher_state,
+ ciphertext->data,
+ blocksize);
+
+ ciphertext->size -= blocksize;
+ ciphertext->data += blocksize;
+ }
+
+ if (ciphertext->size < tag_size + 2)
+ return
+ gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
+ length_to_decrypt = ciphertext->size;
+ if (length_to_decrypt < blocksize)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ break;
+
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ length = ciphertext->size - tag_size;
+
+ preamble_size =
+ make_preamble(UINT64DATA(*sequence), type,
+ length, ver, preamble);
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state,
+ UINT64DATA(*sequence), 8);
+ ret =
+ _gnutls_auth_cipher_add_auth(&params->read.cipher_state,
+ preamble, preamble_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_auth_cipher_decrypt2(&params->read.cipher_state,
+ ciphertext->data,
+ length_to_decrypt,
+ ciphertext->data,
+ ciphertext->size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ pad = _gnutls_read_uint16(ciphertext->data);
+
+ tag_ptr = &ciphertext->data[length];
+ ret =
+ _gnutls_auth_cipher_tag(&params->read.cipher_state, tag,
+ tag_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Check MAC.
+ */
+ if (memcmp(tag, tag_ptr, tag_size) != 0)
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
+ DECR_LEN(length, 2 + pad);
+
+ /* copy the decrypted stuff to compress_data.
+ */
+ if (compressed->size < (unsigned) length)
+ return gnutls_assert_val(GNUTLS_E_DECOMPRESSION_FAILED);
+
+ memcpy(compressed->data, &ciphertext->data[2 + pad], length);
+
+ return length;
}
diff --git a/lib/gnutls_cipher.h b/lib/gnutls_cipher.h
index cc4a1a08f1..121dff6794 100644
--- a/lib/gnutls_cipher.h
+++ b/lib/gnutls_cipher.h
@@ -20,14 +20,13 @@
*
*/
-int _gnutls_encrypt (gnutls_session_t session,
- const uint8_t * data,
- size_t data_size, size_t min_pad,
- mbuffer_st* bufel,
- content_type_t type,
- record_parameters_st * params);
+int _gnutls_encrypt(gnutls_session_t session,
+ const uint8_t * data,
+ size_t data_size, size_t min_pad,
+ mbuffer_st * bufel,
+ content_type_t type, record_parameters_st * params);
-int _gnutls_decrypt (gnutls_session_t session,
- gnutls_datum_t *ciphertext, gnutls_datum_t *output,
- content_type_t type, record_parameters_st * params,
- uint64* sequence);
+int _gnutls_decrypt(gnutls_session_t session,
+ gnutls_datum_t * ciphertext, gnutls_datum_t * output,
+ content_type_t type, record_parameters_st * params,
+ uint64 * sequence);
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 10caf76d28..d6483ab2d8 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -40,320 +40,330 @@
*/
int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher)
{
- const gnutls_crypto_cipher_st *cc;
- int ret;
-
- cc = _gnutls_get_crypto_cipher (cipher);
- if (cc != NULL) return 1;
-
- ret = _gnutls_cipher_ops.exists(cipher);
- return ret;
+ const gnutls_crypto_cipher_st *cc;
+ int ret;
+
+ cc = _gnutls_get_crypto_cipher(cipher);
+ if (cc != NULL)
+ return 1;
+
+ ret = _gnutls_cipher_ops.exists(cipher);
+ return ret;
}
int
-_gnutls_cipher_init (cipher_hd_st * handle, const cipher_entry_st* e,
- const gnutls_datum_t * key, const gnutls_datum_t * iv, int enc)
+_gnutls_cipher_init(cipher_hd_st * handle, const cipher_entry_st * e,
+ const gnutls_datum_t * key, const gnutls_datum_t * iv,
+ int enc)
{
- int ret = GNUTLS_E_INTERNAL_ERROR;
- const gnutls_crypto_cipher_st *cc = NULL;
-
- if (unlikely(e == NULL || e->id == GNUTLS_CIPHER_NULL))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- handle->e = e;
-
- /* check if a cipher has been registered
- */
- cc = _gnutls_get_crypto_cipher (e->id);
- if (cc != NULL)
- {
- handle->encrypt = cc->encrypt;
- handle->decrypt = cc->decrypt;
- handle->deinit = cc->deinit;
- handle->auth = cc->auth;
- handle->tag = cc->tag;
- handle->setiv = cc->setiv;
-
- SR (cc->init (e->id, &handle->handle, enc), cc_cleanup);
- SR (cc->setkey( handle->handle, key->data, key->size), cc_cleanup);
- if (iv)
- {
- SR (cc->setiv( handle->handle, iv->data, iv->size), cc_cleanup);
- }
-
- return 0;
- }
-
- handle->encrypt = _gnutls_cipher_ops.encrypt;
- handle->decrypt = _gnutls_cipher_ops.decrypt;
- handle->deinit = _gnutls_cipher_ops.deinit;
- handle->auth = _gnutls_cipher_ops.auth;
- handle->tag = _gnutls_cipher_ops.tag;
- handle->setiv = _gnutls_cipher_ops.setiv;
-
- /* otherwise use generic cipher interface
- */
- ret = _gnutls_cipher_ops.init (e->id, &handle->handle, enc);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_cipher_ops.setkey(handle->handle, key->data, key->size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cc_cleanup;
- }
-
- if (iv)
- {
- ret = _gnutls_cipher_ops.setiv(handle->handle, iv->data, iv->size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cc_cleanup;
- }
- }
-
- return 0;
-
-cc_cleanup:
-
- if (handle->handle)
- handle->deinit (handle->handle);
-
- return ret;
+ int ret = GNUTLS_E_INTERNAL_ERROR;
+ const gnutls_crypto_cipher_st *cc = NULL;
+
+ if (unlikely(e == NULL || e->id == GNUTLS_CIPHER_NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ handle->e = e;
+
+ /* check if a cipher has been registered
+ */
+ cc = _gnutls_get_crypto_cipher(e->id);
+ if (cc != NULL) {
+ handle->encrypt = cc->encrypt;
+ handle->decrypt = cc->decrypt;
+ handle->deinit = cc->deinit;
+ handle->auth = cc->auth;
+ handle->tag = cc->tag;
+ handle->setiv = cc->setiv;
+
+ SR(cc->init(e->id, &handle->handle, enc), cc_cleanup);
+ SR(cc->setkey(handle->handle, key->data, key->size),
+ cc_cleanup);
+ if (iv) {
+ SR(cc->setiv(handle->handle, iv->data, iv->size),
+ cc_cleanup);
+ }
+
+ return 0;
+ }
+
+ handle->encrypt = _gnutls_cipher_ops.encrypt;
+ handle->decrypt = _gnutls_cipher_ops.decrypt;
+ handle->deinit = _gnutls_cipher_ops.deinit;
+ handle->auth = _gnutls_cipher_ops.auth;
+ handle->tag = _gnutls_cipher_ops.tag;
+ handle->setiv = _gnutls_cipher_ops.setiv;
+
+ /* otherwise use generic cipher interface
+ */
+ ret = _gnutls_cipher_ops.init(e->id, &handle->handle, enc);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_cipher_ops.setkey(handle->handle, key->data,
+ key->size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cc_cleanup;
+ }
+
+ if (iv) {
+ ret =
+ _gnutls_cipher_ops.setiv(handle->handle, iv->data,
+ iv->size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cc_cleanup;
+ }
+ }
+
+ return 0;
+
+ cc_cleanup:
+
+ if (handle->handle)
+ handle->deinit(handle->handle);
+
+ return ret;
}
/* Auth_cipher API
*/
-int _gnutls_auth_cipher_init (auth_cipher_hd_st * handle,
- const cipher_entry_st* e,
- const gnutls_datum_t * cipher_key,
- const gnutls_datum_t * iv,
- const mac_entry_st* me,
- const gnutls_datum_t * mac_key,
- int ssl_hmac, int enc)
+int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
+ const cipher_entry_st * e,
+ const gnutls_datum_t * cipher_key,
+ const gnutls_datum_t * iv,
+ const mac_entry_st * me,
+ const gnutls_datum_t * mac_key,
+ int ssl_hmac, int enc)
{
-int ret;
-
- if (unlikely(e == NULL))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- memset(handle, 0, sizeof(*handle));
-
- if (e->id != GNUTLS_CIPHER_NULL)
- {
- handle->non_null = 1;
- ret = _gnutls_cipher_init(&handle->cipher, e, cipher_key, iv, enc);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- handle->non_null = 0;
-
- if (me->id != GNUTLS_MAC_AEAD)
- {
- handle->is_mac = 1;
- handle->ssl_hmac = ssl_hmac;
-
- if (ssl_hmac)
- ret = _gnutls_mac_init_ssl3(&handle->mac.dig, me, mac_key->data, mac_key->size);
- else
- ret = _gnutls_mac_init(&handle->mac.mac, me, mac_key->data, mac_key->size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- handle->tag_size = _gnutls_mac_get_algo_len(me);
- }
- else if (_gnutls_cipher_algo_is_aead(e))
- {
- handle->tag_size = _gnutls_cipher_get_tag_size(e);
- }
- else
- {
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- return 0;
-cleanup:
- if (handle->non_null != 0)
- _gnutls_cipher_deinit(&handle->cipher);
- return ret;
+ int ret;
+
+ if (unlikely(e == NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ memset(handle, 0, sizeof(*handle));
+
+ if (e->id != GNUTLS_CIPHER_NULL) {
+ handle->non_null = 1;
+ ret =
+ _gnutls_cipher_init(&handle->cipher, e, cipher_key, iv,
+ enc);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else
+ handle->non_null = 0;
+
+ if (me->id != GNUTLS_MAC_AEAD) {
+ handle->is_mac = 1;
+ handle->ssl_hmac = ssl_hmac;
+
+ if (ssl_hmac)
+ ret =
+ _gnutls_mac_init_ssl3(&handle->mac.dig, me,
+ mac_key->data,
+ mac_key->size);
+ else
+ ret =
+ _gnutls_mac_init(&handle->mac.mac, me,
+ mac_key->data, mac_key->size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ handle->tag_size = _gnutls_mac_get_algo_len(me);
+ } else if (_gnutls_cipher_algo_is_aead(e)) {
+ handle->tag_size = _gnutls_cipher_get_tag_size(e);
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ return 0;
+ cleanup:
+ if (handle->non_null != 0)
+ _gnutls_cipher_deinit(&handle->cipher);
+ return ret;
}
-int _gnutls_auth_cipher_add_auth (auth_cipher_hd_st * handle, const void *text,
- int textlen)
+int _gnutls_auth_cipher_add_auth(auth_cipher_hd_st * handle,
+ const void *text, int textlen)
{
- if (handle->is_mac)
- {
- if (handle->ssl_hmac)
- return _gnutls_hash(&handle->mac.dig, text, textlen);
- else
- return _gnutls_mac(&handle->mac.mac, text, textlen);
- }
- else if (_gnutls_cipher_is_aead(&handle->cipher))
- return _gnutls_cipher_auth(&handle->cipher, text, textlen);
- else
- return 0;
+ if (handle->is_mac) {
+ if (handle->ssl_hmac)
+ return _gnutls_hash(&handle->mac.dig, text,
+ textlen);
+ else
+ return _gnutls_mac(&handle->mac.mac, text,
+ textlen);
+ } else if (_gnutls_cipher_is_aead(&handle->cipher))
+ return _gnutls_cipher_auth(&handle->cipher, text, textlen);
+ else
+ return 0;
}
/* The caller must make sure that textlen+pad_size+tag_size is divided by the block size of the cipher */
-int _gnutls_auth_cipher_encrypt2_tag (auth_cipher_hd_st * handle, const uint8_t *text,
- int textlen, void *_ciphertext, int ciphertextlen,
- int pad_size)
+int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle,
+ const uint8_t * text, int textlen,
+ void *_ciphertext, int ciphertextlen,
+ int pad_size)
{
-int ret;
-uint8_t * ciphertext = _ciphertext;
-unsigned blocksize = _gnutls_cipher_get_block_size(handle->cipher.e);
-unsigned l;
-
- if (handle->is_mac)
- {
- if (handle->ssl_hmac)
- ret = _gnutls_hash(&handle->mac.dig, text, textlen);
- else
- ret = _gnutls_mac(&handle->mac.mac, text, textlen);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- if (unlikely(textlen+pad_size+handle->tag_size) > ciphertextlen)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (handle->non_null != 0)
- {
- l = (textlen/blocksize)*blocksize;
- ret = _gnutls_cipher_encrypt2(&handle->cipher, text, l, ciphertext, ciphertextlen);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- textlen -= l;
- text += l;
- ciphertext += l;
- ciphertextlen -= l;
-
- if (ciphertext != text && textlen > 0)
- memcpy(ciphertext, text, textlen);
-
- ret = _gnutls_auth_cipher_tag(handle, ciphertext+textlen, handle->tag_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- textlen += handle->tag_size;
-
- /* TLS 1.0 style padding */
- if (pad_size > 0)
- {
- memset (ciphertext+textlen, pad_size - 1, pad_size);
- textlen += pad_size;
- }
-
- ret = _gnutls_cipher_encrypt2(&handle->cipher, ciphertext, textlen, ciphertext, ciphertextlen);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else /* null cipher */
- {
- if (text != ciphertext)
- memcpy(ciphertext, text, textlen);
-
- ret = _gnutls_auth_cipher_tag(handle, ciphertext+textlen, handle->tag_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
- else if (_gnutls_cipher_is_aead(&handle->cipher))
- {
- ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
-
- ret = _gnutls_auth_cipher_tag(handle, ciphertext+textlen, handle->tag_size);
- if (unlikely(ret < 0))
- return gnutls_assert_val(ret);
- }
- else if (handle->non_null == 0 && text != ciphertext)
- memcpy(ciphertext, text, textlen);
-
- return 0;
+ int ret;
+ uint8_t *ciphertext = _ciphertext;
+ unsigned blocksize =
+ _gnutls_cipher_get_block_size(handle->cipher.e);
+ unsigned l;
+
+ if (handle->is_mac) {
+ if (handle->ssl_hmac)
+ ret =
+ _gnutls_hash(&handle->mac.dig, text, textlen);
+ else
+ ret = _gnutls_mac(&handle->mac.mac, text, textlen);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ if (unlikely(textlen + pad_size + handle->tag_size) >
+ ciphertextlen)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (handle->non_null != 0) {
+ l = (textlen / blocksize) * blocksize;
+ ret =
+ _gnutls_cipher_encrypt2(&handle->cipher, text,
+ l, ciphertext,
+ ciphertextlen);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ textlen -= l;
+ text += l;
+ ciphertext += l;
+ ciphertextlen -= l;
+
+ if (ciphertext != text && textlen > 0)
+ memcpy(ciphertext, text, textlen);
+
+ ret =
+ _gnutls_auth_cipher_tag(handle,
+ ciphertext + textlen,
+ handle->tag_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ textlen += handle->tag_size;
+
+ /* TLS 1.0 style padding */
+ if (pad_size > 0) {
+ memset(ciphertext + textlen, pad_size - 1,
+ pad_size);
+ textlen += pad_size;
+ }
+
+ ret =
+ _gnutls_cipher_encrypt2(&handle->cipher,
+ ciphertext, textlen,
+ ciphertext,
+ ciphertextlen);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else { /* null cipher */
+
+ if (text != ciphertext)
+ memcpy(ciphertext, text, textlen);
+
+ ret =
+ _gnutls_auth_cipher_tag(handle,
+ ciphertext + textlen,
+ handle->tag_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ } else if (_gnutls_cipher_is_aead(&handle->cipher)) {
+ ret =
+ _gnutls_cipher_encrypt2(&handle->cipher, text, textlen,
+ ciphertext, ciphertextlen);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_auth_cipher_tag(handle, ciphertext + textlen,
+ handle->tag_size);
+ if (unlikely(ret < 0))
+ return gnutls_assert_val(ret);
+ } else if (handle->non_null == 0 && text != ciphertext)
+ memcpy(ciphertext, text, textlen);
+
+ return 0;
}
-int _gnutls_auth_cipher_decrypt2 (auth_cipher_hd_st * handle,
- const void *ciphertext, int ciphertextlen,
- void *text, int textlen)
+int _gnutls_auth_cipher_decrypt2(auth_cipher_hd_st * handle,
+ const void *ciphertext, int ciphertextlen,
+ void *text, int textlen)
{
-int ret;
-
- if (unlikely(ciphertextlen > textlen))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (handle->non_null != 0)
- {
- ret = _gnutls_cipher_decrypt2(&handle->cipher, ciphertext, ciphertextlen,
- text, textlen);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else if (handle->non_null == 0 && text != ciphertext)
- memcpy(text, ciphertext, ciphertextlen);
-
- if (handle->is_mac)
- {
- /* The MAC is not to be hashed */
- ciphertextlen -= handle->tag_size;
-
- if (handle->ssl_hmac)
- return _gnutls_hash(&handle->mac.dig, text, ciphertextlen);
- else
- return _gnutls_mac(&handle->mac.mac, text, ciphertextlen);
- }
-
- return 0;
+ int ret;
+
+ if (unlikely(ciphertextlen > textlen))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (handle->non_null != 0) {
+ ret =
+ _gnutls_cipher_decrypt2(&handle->cipher, ciphertext,
+ ciphertextlen, text, textlen);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else if (handle->non_null == 0 && text != ciphertext)
+ memcpy(text, ciphertext, ciphertextlen);
+
+ if (handle->is_mac) {
+ /* The MAC is not to be hashed */
+ ciphertextlen -= handle->tag_size;
+
+ if (handle->ssl_hmac)
+ return _gnutls_hash(&handle->mac.dig, text,
+ ciphertextlen);
+ else
+ return _gnutls_mac(&handle->mac.mac, text,
+ ciphertextlen);
+ }
+
+ return 0;
}
-int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void* tag, int tag_size)
+int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void *tag,
+ int tag_size)
{
-int ret;
-
- if (handle->is_mac)
- {
- if (handle->ssl_hmac)
- {
- ret = _gnutls_mac_output_ssl3 (&handle->mac.dig, tag);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- {
- _gnutls_mac_output (&handle->mac.mac, tag);
- }
- }
- else if (_gnutls_cipher_is_aead(&handle->cipher))
- {
- _gnutls_cipher_tag(&handle->cipher, tag, tag_size);
- }
- else
- memset(tag, 0, tag_size);
-
- return 0;
+ int ret;
+
+ if (handle->is_mac) {
+ if (handle->ssl_hmac) {
+ ret =
+ _gnutls_mac_output_ssl3(&handle->mac.dig, tag);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else {
+ _gnutls_mac_output(&handle->mac.mac, tag);
+ }
+ } else if (_gnutls_cipher_is_aead(&handle->cipher)) {
+ _gnutls_cipher_tag(&handle->cipher, tag, tag_size);
+ } else
+ memset(tag, 0, tag_size);
+
+ return 0;
}
-void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle)
+void _gnutls_auth_cipher_deinit(auth_cipher_hd_st * handle)
{
- if (handle->is_mac)
- {
- if (handle->ssl_hmac) /* failure here doesn't matter */
- _gnutls_mac_deinit_ssl3 (&handle->mac.dig, NULL);
- else
- _gnutls_mac_deinit(&handle->mac.mac, NULL);
- }
- if (handle->non_null!=0)
- _gnutls_cipher_deinit(&handle->cipher);
+ if (handle->is_mac) {
+ if (handle->ssl_hmac) /* failure here doesn't matter */
+ _gnutls_mac_deinit_ssl3(&handle->mac.dig, NULL);
+ else
+ _gnutls_mac_deinit(&handle->mac.mac, NULL);
+ }
+ if (handle->non_null != 0)
+ _gnutls_cipher_deinit(&handle->cipher);
}
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index 7d41b17fe7..4939af8bcf 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -29,10 +29,10 @@
extern int crypto_cipher_prio;
extern gnutls_crypto_cipher_st _gnutls_cipher_ops;
-typedef int (*cipher_encrypt_func) (void *hd, const void *plaintext, size_t,
- void *ciphertext, size_t);
-typedef int (*cipher_decrypt_func) (void *hd, const void *ciphertext, size_t,
- void *plaintext, size_t);
+typedef int (*cipher_encrypt_func) (void *hd, const void *plaintext,
+ size_t, void *ciphertext, size_t);
+typedef int (*cipher_decrypt_func) (void *hd, const void *ciphertext,
+ size_t, void *plaintext, size_t);
typedef void (*cipher_deinit_func) (void *hd);
typedef int (*cipher_auth_func) (void *hd, const void *data, size_t);
@@ -40,62 +40,59 @@ typedef int (*cipher_setiv_func) (void *hd, const void *iv, size_t);
typedef void (*cipher_tag_func) (void *hd, void *tag, size_t);
-typedef struct
-{
- void *handle;
- const cipher_entry_st* e;
- cipher_encrypt_func encrypt;
- cipher_decrypt_func decrypt;
- cipher_auth_func auth;
- cipher_tag_func tag;
- cipher_setiv_func setiv;
- cipher_deinit_func deinit;
+typedef struct {
+ void *handle;
+ const cipher_entry_st *e;
+ cipher_encrypt_func encrypt;
+ cipher_decrypt_func decrypt;
+ cipher_auth_func auth;
+ cipher_tag_func tag;
+ cipher_setiv_func setiv;
+ cipher_deinit_func deinit;
} cipher_hd_st;
-int _gnutls_cipher_init (cipher_hd_st *, const cipher_entry_st* e,
- const gnutls_datum_t * key,
- const gnutls_datum_t * iv, int enc);
+int _gnutls_cipher_init(cipher_hd_st *, const cipher_entry_st * e,
+ const gnutls_datum_t * key,
+ const gnutls_datum_t * iv, int enc);
-inline static void _gnutls_cipher_setiv (const cipher_hd_st * handle,
- const void *iv, size_t ivlen)
+inline static void _gnutls_cipher_setiv(const cipher_hd_st * handle,
+ const void *iv, size_t ivlen)
{
- handle->setiv(handle->handle, iv, ivlen);
+ handle->setiv(handle->handle, iv, ivlen);
}
inline static int
-_gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text,
- size_t textlen, void *ciphertext, size_t ciphertextlen)
+_gnutls_cipher_encrypt2(const cipher_hd_st * handle, const void *text,
+ size_t textlen, void *ciphertext,
+ size_t ciphertextlen)
{
- if (likely(handle != NULL && handle->handle != NULL))
- {
- return handle->encrypt (handle->handle, text, textlen, ciphertext,
- ciphertextlen);
- }
+ if (likely(handle != NULL && handle->handle != NULL)) {
+ return handle->encrypt(handle->handle, text, textlen,
+ ciphertext, ciphertextlen);
+ }
- return 0;
+ return 0;
}
inline static int
-_gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext,
- size_t ciphertextlen, void *text, size_t textlen)
+_gnutls_cipher_decrypt2(const cipher_hd_st * handle,
+ const void *ciphertext, size_t ciphertextlen,
+ void *text, size_t textlen)
{
- if (likely(handle != NULL && handle->handle != NULL))
- {
- return handle->decrypt (handle->handle, ciphertext, ciphertextlen,
- text, textlen);
- }
+ if (likely(handle != NULL && handle->handle != NULL)) {
+ return handle->decrypt(handle->handle, ciphertext,
+ ciphertextlen, text, textlen);
+ }
- return 0;
+ return 0;
}
-inline static void
-_gnutls_cipher_deinit (cipher_hd_st * handle)
+inline static void _gnutls_cipher_deinit(cipher_hd_st * handle)
{
- if (likely(handle != NULL && handle->handle != NULL))
- {
- handle->deinit (handle->handle);
- handle->handle = NULL;
- }
+ if (likely(handle != NULL && handle->handle != NULL)) {
+ handle->deinit(handle->handle);
+ handle->handle = NULL;
+ }
}
int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher);
@@ -103,24 +100,23 @@ int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher);
#define _gnutls_cipher_is_aead(h) _gnutls_cipher_algo_is_aead((h)->e)
/* returns the tag in AUTHENC ciphers */
-inline static void _gnutls_cipher_tag( const cipher_hd_st * handle, void* tag, size_t tag_size)
+inline static void _gnutls_cipher_tag(const cipher_hd_st * handle,
+ void *tag, size_t tag_size)
{
- if (likely(handle != NULL && handle->handle != NULL))
- {
- handle->tag (handle->handle, tag, tag_size);
- }
+ if (likely(handle != NULL && handle->handle != NULL)) {
+ handle->tag(handle->handle, tag, tag_size);
+ }
}
/* Add auth data for AUTHENC ciphers
*/
-inline static int _gnutls_cipher_auth (const cipher_hd_st * handle, const void *text,
- size_t textlen)
+inline static int _gnutls_cipher_auth(const cipher_hd_st * handle,
+ const void *text, size_t textlen)
{
- if (likely(handle != NULL && handle->handle != NULL))
- {
- return handle->auth (handle->handle, text, textlen);
- }
- return GNUTLS_E_INTERNAL_ERROR;
+ if (likely(handle != NULL && handle->handle != NULL)) {
+ return handle->auth(handle->handle, text, textlen);
+ }
+ return GNUTLS_E_INTERNAL_ERROR;
}
#define _gnutls_cipher_encrypt(x,y,z) _gnutls_cipher_encrypt2(x,y,z,y,z)
@@ -129,61 +125,66 @@ inline static int _gnutls_cipher_auth (const cipher_hd_st * handle, const void *
/* auth_cipher API. Allows combining a cipher with a MAC.
*/
-typedef struct
-{
- cipher_hd_st cipher;
- union {
- digest_hd_st dig;
- mac_hd_st mac;
- } mac;
- unsigned int is_mac:1;
- unsigned int ssl_hmac:1;
- unsigned int non_null:1;
- size_t tag_size;
+typedef struct {
+ cipher_hd_st cipher;
+ union {
+ digest_hd_st dig;
+ mac_hd_st mac;
+ } mac;
+ unsigned int is_mac:1;
+ unsigned int ssl_hmac:1;
+ unsigned int non_null:1;
+ size_t tag_size;
} auth_cipher_hd_st;
-int _gnutls_auth_cipher_init (auth_cipher_hd_st * handle,
- const cipher_entry_st* e,
- const gnutls_datum_t * cipher_key,
- const gnutls_datum_t * iv,
- const mac_entry_st *me,
- const gnutls_datum_t * mac_key, int ssl_hmac, int enc);
-
-int _gnutls_auth_cipher_add_auth (auth_cipher_hd_st * handle, const void *text,
- int textlen);
-
-int _gnutls_auth_cipher_encrypt2_tag (auth_cipher_hd_st * handle, const uint8_t *text,
- int textlen, void *ciphertext, int ciphertextlen,
- int pad_size);
-int _gnutls_auth_cipher_decrypt2 (auth_cipher_hd_st * handle,
- const void *ciphertext, int ciphertextlen,
- void *text, int textlen);
-int _gnutls_auth_cipher_tag( auth_cipher_hd_st * handle, void* tag, int tag_size);
-
-inline static void _gnutls_auth_cipher_setiv (const auth_cipher_hd_st * handle,
- const void *iv, size_t ivlen)
+int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
+ const cipher_entry_st * e,
+ const gnutls_datum_t * cipher_key,
+ const gnutls_datum_t * iv,
+ const mac_entry_st * me,
+ const gnutls_datum_t * mac_key, int ssl_hmac,
+ int enc);
+
+int _gnutls_auth_cipher_add_auth(auth_cipher_hd_st * handle,
+ const void *text, int textlen);
+
+int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle,
+ const uint8_t * text, int textlen,
+ void *ciphertext, int ciphertextlen,
+ int pad_size);
+int _gnutls_auth_cipher_decrypt2(auth_cipher_hd_st * handle,
+ const void *ciphertext, int ciphertextlen,
+ void *text, int textlen);
+int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void *tag,
+ int tag_size);
+
+inline static void _gnutls_auth_cipher_setiv(const auth_cipher_hd_st *
+ handle, const void *iv,
+ size_t ivlen)
{
- _gnutls_cipher_setiv(&handle->cipher, iv, ivlen);
+ _gnutls_cipher_setiv(&handle->cipher, iv, ivlen);
}
inline static
-int _gnutls_auth_cipher_set_mac_nonce (auth_cipher_hd_st * handle,
- const void *nonce, int nonce_len)
+int _gnutls_auth_cipher_set_mac_nonce(auth_cipher_hd_st * handle,
+ const void *nonce, int nonce_len)
{
- if (handle->is_mac && !handle->ssl_hmac)
- return _gnutls_mac_set_nonce(&handle->mac.mac, nonce, nonce_len);
- else
- return 0;
+ if (handle->is_mac && !handle->ssl_hmac)
+ return _gnutls_mac_set_nonce(&handle->mac.mac, nonce,
+ nonce_len);
+ else
+ return 0;
}
-inline static size_t _gnutls_auth_cipher_tag_len( auth_cipher_hd_st * handle)
+inline static size_t _gnutls_auth_cipher_tag_len(auth_cipher_hd_st *
+ handle)
{
- return handle->tag_size;
+ return handle->tag_size;
}
#define _gnutls_auth_cipher_is_aead(h) _gnutls_cipher_is_aead(&(h)->cipher)
-void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle);
+void _gnutls_auth_cipher_deinit(auth_cipher_hd_st * handle);
-#endif /* GNUTLS_CIPHER_INT */
+#endif /* GNUTLS_CIPHER_INT */
diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c
index 727de98db8..ca76688c4d 100644
--- a/lib/gnutls_compress.c
+++ b/lib/gnutls_compress.c
@@ -40,20 +40,20 @@
const int _gnutls_comp_algorithms_size = MAX_COMP_METHODS;
gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] = {
- GNUTLS_COMPRESSION_ENTRY (GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
+ GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
#ifdef HAVE_LIBZ
- /* draft-ietf-tls-compression-02 */
- GNUTLS_COMPRESSION_ENTRY (GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3),
+ /* draft-ietf-tls-compression-02 */
+ GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3),
#endif
- {0, 0, 0, 0, 0, 0}
+ {0, 0, 0, 0, 0, 0}
};
static const gnutls_compression_method_t supported_compressions[] = {
#ifdef HAVE_LIBZ
- GNUTLS_COMP_DEFLATE,
+ GNUTLS_COMP_DEFLATE,
#endif
- GNUTLS_COMP_NULL,
- 0
+ GNUTLS_COMP_NULL,
+ 0
};
#define GNUTLS_COMPRESSION_LOOP(b) \
@@ -75,15 +75,16 @@ static const gnutls_compression_method_t supported_compressions[] = {
* Returns: a pointer to a string that contains the name of the
* specified compression algorithm, or %NULL.
**/
-const char *
-gnutls_compression_get_name (gnutls_compression_method_t algorithm)
+const char *gnutls_compression_get_name(gnutls_compression_method_t
+ algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_COMP_") - 1);
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret =
+ p->name + sizeof("GNUTLS_COMP_") - 1);
- return ret;
+ return ret;
}
/**
@@ -95,17 +96,16 @@ gnutls_compression_get_name (gnutls_compression_method_t algorithm)
* Returns: an id of the specified in a string compression method, or
* %GNUTLS_COMP_UNKNOWN on error.
**/
-gnutls_compression_method_t
-gnutls_compression_get_id (const char *name)
+gnutls_compression_method_t gnutls_compression_get_id(const char *name)
{
- gnutls_compression_method_t ret = GNUTLS_COMP_UNKNOWN;
+ gnutls_compression_method_t ret = GNUTLS_COMP_UNKNOWN;
- GNUTLS_COMPRESSION_LOOP (if
- (strcasecmp
- (p->name + sizeof ("GNUTLS_COMP_") - 1,
- name) == 0) ret = p->id);
+ GNUTLS_COMPRESSION_LOOP(if
+ (strcasecmp
+ (p->name + sizeof("GNUTLS_COMP_") - 1,
+ name) == 0) ret = p->id);
- return ret;
+ return ret;
}
/**
@@ -116,51 +116,46 @@ gnutls_compression_get_id (const char *name)
* Returns: a zero-terminated list of #gnutls_compression_method_t
* integers indicating the available compression methods.
**/
-const gnutls_compression_method_t *
-gnutls_compression_list (void)
+const gnutls_compression_method_t *gnutls_compression_list(void)
{
- return supported_compressions;
+ return supported_compressions;
}
/* return the tls number of the specified algorithm */
-int
-_gnutls_compression_get_num (gnutls_compression_method_t algorithm)
+int _gnutls_compression_get_num(gnutls_compression_method_t algorithm)
{
- int ret = -1;
+ int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->num);
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->num);
- return ret;
+ return ret;
}
#ifdef HAVE_LIBZ
-static int
-get_wbits (gnutls_compression_method_t algorithm)
+static int get_wbits(gnutls_compression_method_t algorithm)
{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->window_bits);
- return ret;
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->window_bits);
+ return ret;
}
-static int
-get_mem_level (gnutls_compression_method_t algorithm)
+static int get_mem_level(gnutls_compression_method_t algorithm)
{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->mem_level);
- return ret;
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->mem_level);
+ return ret;
}
-static int
-get_comp_level (gnutls_compression_method_t algorithm)
+static int get_comp_level(gnutls_compression_method_t algorithm)
{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->comp_level);
- return ret;
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->comp_level);
+ return ret;
}
#endif
@@ -168,27 +163,25 @@ get_comp_level (gnutls_compression_method_t algorithm)
/* returns the gnutls internal ID of the TLS compression
* method num
*/
-gnutls_compression_method_t
-_gnutls_compression_get_id (int num)
+gnutls_compression_method_t _gnutls_compression_get_id(int num)
{
- gnutls_compression_method_t ret = -1;
+ gnutls_compression_method_t ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP_NUM (ret = p->id);
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP_NUM(ret = p->id);
- return ret;
+ return ret;
}
-int
-_gnutls_compression_is_ok (gnutls_compression_method_t algorithm)
+int _gnutls_compression_is_ok(gnutls_compression_method_t algorithm)
{
- ssize_t ret = -1;
- GNUTLS_COMPRESSION_ALG_LOOP (ret = p->id);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
+ ssize_t ret = -1;
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->id);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
@@ -201,244 +194,240 @@ _gnutls_compression_is_ok (gnutls_compression_method_t algorithm)
*/
#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms
int
-_gnutls_supported_compression_methods (gnutls_session_t session,
- uint8_t * comp, size_t comp_size)
+_gnutls_supported_compression_methods(gnutls_session_t session,
+ uint8_t * comp, size_t comp_size)
{
- unsigned int i, j;
-
- if (comp_size < SUPPORTED_COMPRESSION_METHODS)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++)
- {
- int tmp =
- _gnutls_compression_get_num (session->internals.
- priorities.compression.priority[i]);
-
- /* remove private compression algorithms, if requested.
- */
- if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO &&
- session->internals.enable_private == 0))
- {
- gnutls_assert ();
- continue;
- }
-
- comp[j] = (uint8_t) tmp;
- j++;
- }
-
- if (j == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
- }
- return j;
+ unsigned int i, j;
+
+ if (comp_size < SUPPORTED_COMPRESSION_METHODS)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) {
+ int tmp =
+ _gnutls_compression_get_num(session->
+ internals.priorities.
+ compression.priority[i]);
+
+ /* remove private compression algorithms, if requested.
+ */
+ if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO &&
+ session->internals.enable_private == 0))
+ {
+ gnutls_assert();
+ continue;
+ }
+
+ comp[j] = (uint8_t) tmp;
+ j++;
+ }
+
+ if (j == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
+ }
+ return j;
}
/* The flag d is the direction (compress, decompress). Non zero is
* decompress.
*/
-int _gnutls_comp_init (comp_hd_st* handle, gnutls_compression_method_t method, int d)
+int _gnutls_comp_init(comp_hd_st * handle,
+ gnutls_compression_method_t method, int d)
{
- handle->algo = method;
- handle->handle = NULL;
+ handle->algo = method;
+ handle->handle = NULL;
- switch (method)
- {
- case GNUTLS_COMP_DEFLATE:
+ switch (method) {
+ case GNUTLS_COMP_DEFLATE:
#ifdef HAVE_LIBZ
- {
- int window_bits, mem_level;
- int comp_level;
- z_stream *zhandle;
- int err;
-
- window_bits = get_wbits (method);
- mem_level = get_mem_level (method);
- comp_level = get_comp_level (method);
-
- handle->handle = gnutls_malloc (sizeof (z_stream));
- if (handle->handle == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- zhandle = handle->handle;
-
- zhandle->zalloc = (alloc_func) 0;
- zhandle->zfree = (free_func) 0;
- zhandle->opaque = (voidpf) 0;
-
- if (d)
- err = inflateInit2 (zhandle, window_bits);
- else
- {
- err = deflateInit2 (zhandle,
- comp_level, Z_DEFLATED,
- window_bits, mem_level, Z_DEFAULT_STRATEGY);
- }
- if (err != Z_OK)
- {
- gnutls_assert ();
- gnutls_free (handle->handle);
- return GNUTLS_E_COMPRESSION_FAILED;
- }
- }
- break;
+ {
+ int window_bits, mem_level;
+ int comp_level;
+ z_stream *zhandle;
+ int err;
+
+ window_bits = get_wbits(method);
+ mem_level = get_mem_level(method);
+ comp_level = get_comp_level(method);
+
+ handle->handle = gnutls_malloc(sizeof(z_stream));
+ if (handle->handle == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+
+ zhandle = handle->handle;
+
+ zhandle->zalloc = (alloc_func) 0;
+ zhandle->zfree = (free_func) 0;
+ zhandle->opaque = (voidpf) 0;
+
+ if (d)
+ err = inflateInit2(zhandle, window_bits);
+ else {
+ err = deflateInit2(zhandle,
+ comp_level, Z_DEFLATED,
+ window_bits, mem_level,
+ Z_DEFAULT_STRATEGY);
+ }
+ if (err != Z_OK) {
+ gnutls_assert();
+ gnutls_free(handle->handle);
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+ }
+ break;
#endif
- case GNUTLS_COMP_NULL:
- case GNUTLS_COMP_UNKNOWN:
- break;
- default:
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
-
- return 0;
+ case GNUTLS_COMP_NULL:
+ case GNUTLS_COMP_UNKNOWN:
+ break;
+ default:
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ return 0;
}
/* The flag d is the direction (compress, decompress). Non zero is
* decompress.
*/
-void
-_gnutls_comp_deinit (comp_hd_st* handle, int d)
+void _gnutls_comp_deinit(comp_hd_st * handle, int d)
{
- if (handle != NULL)
- {
- switch (handle->algo)
- {
+ if (handle != NULL) {
+ switch (handle->algo) {
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- {
- if (d)
- inflateEnd (handle->handle);
- else
- deflateEnd (handle->handle);
- break;
- }
+ case GNUTLS_COMP_DEFLATE:
+ {
+ if (d)
+ inflateEnd(handle->handle);
+ else
+ deflateEnd(handle->handle);
+ break;
+ }
#endif
- default:
- break;
- }
- gnutls_free (handle->handle);
- handle->handle = NULL;
- }
+ default:
+ break;
+ }
+ gnutls_free(handle->handle);
+ handle->handle = NULL;
+ }
}
/* These functions are memory consuming
*/
int
-_gnutls_compress (comp_hd_st *handle, const uint8_t * plain,
- size_t plain_size, uint8_t * compressed,
- size_t max_comp_size, unsigned int stateless)
+_gnutls_compress(comp_hd_st * handle, const uint8_t * plain,
+ size_t plain_size, uint8_t * compressed,
+ size_t max_comp_size, unsigned int stateless)
{
- int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
-
- /* NULL compression is not handled here
- */
- if (handle == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- switch (handle->algo)
- {
+ int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
+
+ /* NULL compression is not handled here
+ */
+ if (handle == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ switch (handle->algo) {
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- {
- z_stream *zhandle;
- int err;
- int type;
-
- if (stateless)
- {
- type = Z_FULL_FLUSH;
- }
- else
- type = Z_SYNC_FLUSH;
-
- zhandle = handle->handle;
-
- zhandle->next_in = (Bytef *) plain;
- zhandle->avail_in = plain_size;
- zhandle->next_out = (Bytef *) compressed;
- zhandle->avail_out = max_comp_size;
-
- err = deflate (zhandle, type);
- if (err != Z_OK || zhandle->avail_in != 0)
- return gnutls_assert_val(GNUTLS_E_COMPRESSION_FAILED);
-
-
- compressed_size = max_comp_size - zhandle->avail_out;
- break;
- }
+ case GNUTLS_COMP_DEFLATE:
+ {
+ z_stream *zhandle;
+ int err;
+ int type;
+
+ if (stateless) {
+ type = Z_FULL_FLUSH;
+ } else
+ type = Z_SYNC_FLUSH;
+
+ zhandle = handle->handle;
+
+ zhandle->next_in = (Bytef *) plain;
+ zhandle->avail_in = plain_size;
+ zhandle->next_out = (Bytef *) compressed;
+ zhandle->avail_out = max_comp_size;
+
+ err = deflate(zhandle, type);
+ if (err != Z_OK || zhandle->avail_in != 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_COMPRESSION_FAILED);
+
+
+ compressed_size =
+ max_comp_size - zhandle->avail_out;
+ break;
+ }
#endif
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ } /* switch */
#ifdef COMPRESSION_DEBUG
- _gnutls_debug_log ("Compression ratio: %f\n",
- (float) ((float) compressed_size / (float) plain_size));
+ _gnutls_debug_log("Compression ratio: %f\n",
+ (float) ((float) compressed_size /
+ (float) plain_size));
#endif
- return compressed_size;
+ return compressed_size;
}
int
-_gnutls_decompress (comp_hd_st *handle, uint8_t * compressed,
- size_t compressed_size, uint8_t * plain,
- size_t max_plain_size)
+_gnutls_decompress(comp_hd_st * handle, uint8_t * compressed,
+ size_t compressed_size, uint8_t * plain,
+ size_t max_plain_size)
{
- int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
+ int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
- if (compressed_size > max_plain_size + EXTRA_COMP_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
+ if (compressed_size > max_plain_size + EXTRA_COMP_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
- /* NULL compression is not handled here
- */
+ /* NULL compression is not handled here
+ */
- if (handle == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (handle == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- switch (handle->algo)
- {
+ switch (handle->algo) {
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- {
- z_stream *zhandle;
- int err;
+ case GNUTLS_COMP_DEFLATE:
+ {
+ z_stream *zhandle;
+ int err;
- zhandle = handle->handle;
+ zhandle = handle->handle;
- zhandle->next_in = (Bytef *) compressed;
- zhandle->avail_in = compressed_size;
+ zhandle->next_in = (Bytef *) compressed;
+ zhandle->avail_in = compressed_size;
- zhandle->next_out = (Bytef *) plain;
- zhandle->avail_out = max_plain_size;
- err = inflate (zhandle, Z_SYNC_FLUSH);
+ zhandle->next_out = (Bytef *) plain;
+ zhandle->avail_out = max_plain_size;
+ err = inflate(zhandle, Z_SYNC_FLUSH);
- if (err != Z_OK)
- return gnutls_assert_val(GNUTLS_E_DECOMPRESSION_FAILED);
+ if (err != Z_OK)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_DECOMPRESSION_FAILED);
- plain_size = max_plain_size - zhandle->avail_out;
- break;
- }
+ plain_size = max_plain_size - zhandle->avail_out;
+ break;
+ }
#endif
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ } /* switch */
- return plain_size;
+ return plain_size;
}
diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h
index 95305f4b00..691044113e 100644
--- a/lib/gnutls_compress.h
+++ b/lib/gnutls_compress.h
@@ -23,11 +23,11 @@
#define GNUTLS_COMPRESS_H
/* Algorithm handling. */
-int _gnutls_supported_compression_methods (gnutls_session_t session,
- uint8_t * comp, size_t max_comp);
-int _gnutls_compression_is_ok (gnutls_compression_method_t algorithm);
-int _gnutls_compression_get_num (gnutls_compression_method_t algorithm);
-gnutls_compression_method_t _gnutls_compression_get_id (int num);
+int _gnutls_supported_compression_methods(gnutls_session_t session,
+ uint8_t * comp, size_t max_comp);
+int _gnutls_compression_is_ok(gnutls_compression_method_t algorithm);
+int _gnutls_compression_get_num(gnutls_compression_method_t algorithm);
+gnutls_compression_method_t _gnutls_compression_get_id(int num);
#ifdef HAVE_LIBZ
#include <zlib.h>
@@ -35,32 +35,31 @@ gnutls_compression_method_t _gnutls_compression_get_id (int num);
#define GNUTLS_COMP_FAILED NULL
-typedef struct comp_hd_st
-{
- void *handle;
- gnutls_compression_method_t algo;
+typedef struct comp_hd_st {
+ void *handle;
+ gnutls_compression_method_t algo;
} comp_hd_st;
-int _gnutls_comp_init (comp_hd_st*, gnutls_compression_method_t, int d);
-void _gnutls_comp_deinit (comp_hd_st* handle, int d);
+int _gnutls_comp_init(comp_hd_st *, gnutls_compression_method_t, int d);
+void _gnutls_comp_deinit(comp_hd_st * handle, int d);
-int _gnutls_decompress (comp_hd_st* handle, uint8_t * compressed,
- size_t compressed_size, uint8_t * plain,
- size_t max_plain_size);
-int _gnutls_compress (comp_hd_st*, const uint8_t * plain, size_t plain_size,
- uint8_t * compressed, size_t max_comp_size, unsigned int stateless);
+int _gnutls_decompress(comp_hd_st * handle, uint8_t * compressed,
+ size_t compressed_size, uint8_t * plain,
+ size_t max_plain_size);
+int _gnutls_compress(comp_hd_st *, const uint8_t * plain,
+ size_t plain_size, uint8_t * compressed,
+ size_t max_comp_size, unsigned int stateless);
-struct gnutls_compression_entry
-{
- const char *name;
- gnutls_compression_method_t id;
- /* the number reserved in TLS for the specific compression method */
- int num;
+struct gnutls_compression_entry {
+ const char *name;
+ gnutls_compression_method_t id;
+ /* the number reserved in TLS for the specific compression method */
+ int num;
- /* used in zlib compressor */
- int window_bits;
- int mem_level;
- int comp_level;
+ /* used in zlib compressor */
+ int window_bits;
+ int mem_level;
+ int comp_level;
};
typedef struct gnutls_compression_entry gnutls_compression_entry;
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index a7c2d636a9..0ea7dae0ae 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -36,19 +36,19 @@
#include <gnutls_buffers.h>
static int
-_gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo);
+_gnutls_set_kx(gnutls_session_t session, gnutls_kx_algorithm_t algo);
static const char keyexp[] = "key expansion";
-static const int keyexp_length = sizeof (keyexp) - 1;
+static const int keyexp_length = sizeof(keyexp) - 1;
static const char ivblock[] = "IV block";
-static const int ivblock_length = sizeof (ivblock) - 1;
+static const int ivblock_length = sizeof(ivblock) - 1;
static const char cliwrite[] = "client write key";
-static const int cliwrite_length = sizeof (cliwrite) - 1;
+static const int cliwrite_length = sizeof(cliwrite) - 1;
static const char servwrite[] = "server write key";
-static const int servwrite_length = sizeof (servwrite) - 1;
+static const int servwrite_length = sizeof(servwrite) - 1;
/* This function is to be called after handshake, when master_secret,
* client_random and server_random have been initialized.
@@ -56,312 +56,321 @@ static const int servwrite_length = sizeof (servwrite) - 1;
* (session->cipher_specs)
*/
static int
-_gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
- int hash_size, int IV_size, int key_size)
+_gnutls_set_keys(gnutls_session_t session, record_parameters_st * params,
+ int hash_size, int IV_size, int key_size)
{
- /* FIXME: This function is too long
- */
- uint8_t rnd[2 * GNUTLS_RANDOM_SIZE];
- uint8_t rrnd[2 * GNUTLS_RANDOM_SIZE];
- int pos, ret;
- int block_size;
- char buf[65];
- /* avoid using malloc */
- uint8_t key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
- 2 * MAX_CIPHER_BLOCK_SIZE];
- record_state_st *client_write, *server_write;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- client_write = &params->write;
- server_write = &params->read;
- }
- else
- {
- client_write = &params->read;
- server_write = &params->write;
- }
-
- block_size = 2 * hash_size + 2 * key_size;
- block_size += 2 * IV_size;
-
- memcpy (rnd, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- memcpy (&rnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
-
- memcpy (rrnd, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- memcpy (&rrnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
-
- if (get_num_version(session) == GNUTLS_SSL3)
- { /* SSL 3 */
- ret =
- _gnutls_ssl3_generate_random
- (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
- 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
- }
- else
- { /* TLS 1.0 */
- ret =
- _gnutls_PRF (session, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
- rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
- }
-
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
- _gnutls_bin2hex (key_block, block_size, buf,
- sizeof (buf), NULL));
-
- pos = 0;
- if (hash_size > 0)
- {
-
- if (_gnutls_set_datum
- (&client_write->mac_secret, &key_block[pos], hash_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- pos += hash_size;
-
- if (_gnutls_set_datum
- (&server_write->mac_secret, &key_block[pos], hash_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- pos += hash_size;
- }
-
- if (key_size > 0)
- {
- uint8_t *client_write_key, *server_write_key;
- int client_write_key_size, server_write_key_size;
-
- client_write_key = &key_block[pos];
- client_write_key_size = key_size;
-
- pos += key_size;
-
- server_write_key = &key_block[pos];
- server_write_key_size = key_size;
-
- pos += key_size;
-
- if (_gnutls_set_datum
- (&client_write->key, client_write_key, client_write_key_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
- client_write_key_size,
- _gnutls_bin2hex (client_write_key,
- client_write_key_size, buf,
- sizeof (buf), NULL));
-
- if (_gnutls_set_datum
- (&server_write->key, server_write_key, server_write_key_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
- server_write_key_size,
- _gnutls_bin2hex (server_write_key,
- server_write_key_size, buf,
- sizeof (buf), NULL));
-
- }
-
- /* IV generation in export and non export ciphers.
- */
- if (IV_size > 0)
- {
- if (_gnutls_set_datum
- (&client_write->IV, &key_block[pos], IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- pos += IV_size;
-
- if (_gnutls_set_datum
- (&server_write->IV, &key_block[pos], IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- }
-
- return 0;
+ /* FIXME: This function is too long
+ */
+ uint8_t rnd[2 * GNUTLS_RANDOM_SIZE];
+ uint8_t rrnd[2 * GNUTLS_RANDOM_SIZE];
+ int pos, ret;
+ int block_size;
+ char buf[65];
+ /* avoid using malloc */
+ uint8_t key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
+ 2 * MAX_CIPHER_BLOCK_SIZE];
+ record_state_st *client_write, *server_write;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ client_write = &params->write;
+ server_write = &params->read;
+ } else {
+ client_write = &params->read;
+ server_write = &params->write;
+ }
+
+ block_size = 2 * hash_size + 2 * key_size;
+ block_size += 2 * IV_size;
+
+ memcpy(rnd, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(&rnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+
+ memcpy(rrnd, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(&rrnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ if (get_num_version(session) == GNUTLS_SSL3) { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_generate_random
+ (session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, rnd, 2 * GNUTLS_RANDOM_SIZE,
+ block_size, key_block);
+ } else { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF(session,
+ session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
+ rnd, 2 * GNUTLS_RANDOM_SIZE, block_size,
+ key_block);
+ }
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_hard_log("INT: KEY BLOCK[%d]: %s\n", block_size,
+ _gnutls_bin2hex(key_block, block_size, buf,
+ sizeof(buf), NULL));
+
+ pos = 0;
+ if (hash_size > 0) {
+
+ if (_gnutls_set_datum
+ (&client_write->mac_secret, &key_block[pos],
+ hash_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ pos += hash_size;
+
+ if (_gnutls_set_datum
+ (&server_write->mac_secret, &key_block[pos],
+ hash_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ pos += hash_size;
+ }
+
+ if (key_size > 0) {
+ uint8_t *client_write_key, *server_write_key;
+ int client_write_key_size, server_write_key_size;
+
+ client_write_key = &key_block[pos];
+ client_write_key_size = key_size;
+
+ pos += key_size;
+
+ server_write_key = &key_block[pos];
+ server_write_key_size = key_size;
+
+ pos += key_size;
+
+ if (_gnutls_set_datum
+ (&client_write->key, client_write_key,
+ client_write_key_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_hard_log("INT: CLIENT WRITE KEY [%d]: %s\n",
+ client_write_key_size,
+ _gnutls_bin2hex(client_write_key,
+ client_write_key_size,
+ buf, sizeof(buf), NULL));
+
+ if (_gnutls_set_datum
+ (&server_write->key, server_write_key,
+ server_write_key_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_hard_log("INT: SERVER WRITE KEY [%d]: %s\n",
+ server_write_key_size,
+ _gnutls_bin2hex(server_write_key,
+ server_write_key_size,
+ buf, sizeof(buf), NULL));
+
+ }
+
+ /* IV generation in export and non export ciphers.
+ */
+ if (IV_size > 0) {
+ if (_gnutls_set_datum
+ (&client_write->IV, &key_block[pos], IV_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ pos += IV_size;
+
+ if (_gnutls_set_datum
+ (&server_write->IV, &key_block[pos], IV_size) < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ }
+
+ return 0;
}
static int
-_gnutls_init_record_state (record_parameters_st * params, const version_entry_st* ver,
- int read, record_state_st * state)
+_gnutls_init_record_state(record_parameters_st * params,
+ const version_entry_st * ver, int read,
+ record_state_st * state)
{
- int ret;
- gnutls_datum_t * iv = NULL;
-
- if (!_gnutls_version_has_explicit_iv(ver))
- {
- if (_gnutls_cipher_is_block (params->cipher) != CIPHER_STREAM)
- iv = &state->IV;
- }
-
- ret = _gnutls_auth_cipher_init (&state->cipher_state,
- params->cipher, &state->key, iv,
- params->mac, &state->mac_secret, (ver->id==GNUTLS_SSL3)?1:0, 1-read/*1==encrypt*/);
- if (ret < 0 && params->cipher->id != GNUTLS_CIPHER_NULL)
- return gnutls_assert_val (ret);
-
- ret =
- _gnutls_comp_init (&state->compression_state, params->compression_algorithm, read/*1==decompress*/);
-
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- return 0;
+ int ret;
+ gnutls_datum_t *iv = NULL;
+
+ if (!_gnutls_version_has_explicit_iv(ver)) {
+ if (_gnutls_cipher_is_block(params->cipher) !=
+ CIPHER_STREAM)
+ iv = &state->IV;
+ }
+
+ ret = _gnutls_auth_cipher_init(&state->cipher_state,
+ params->cipher, &state->key, iv,
+ params->mac, &state->mac_secret,
+ (ver->id == GNUTLS_SSL3) ? 1 : 0,
+ 1 - read /*1==encrypt */ );
+ if (ret < 0 && params->cipher->id != GNUTLS_CIPHER_NULL)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_comp_init(&state->compression_state,
+ params->compression_algorithm,
+ read /*1==decompress */ );
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
int
-_gnutls_epoch_set_cipher_suite (gnutls_session_t session,
- int epoch_rel, const uint8_t suite[2])
+_gnutls_epoch_set_cipher_suite(gnutls_session_t session,
+ int epoch_rel, const uint8_t suite[2])
{
- const cipher_entry_st * cipher_algo;
- const mac_entry_st* mac_algo;
- record_parameters_st *params;
- int ret;
+ const cipher_entry_st *cipher_algo;
+ const mac_entry_st *mac_algo;
+ record_parameters_st *params;
+ int ret;
- ret = _gnutls_epoch_get (session, epoch_rel, &params);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ ret = _gnutls_epoch_get(session, epoch_rel, &params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- if (params->initialized
- || params->cipher != NULL
- || params->mac != NULL)
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+ if (params->initialized
+ || params->cipher != NULL || params->mac != NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- cipher_algo = _gnutls_cipher_suite_get_cipher_algo (suite);
- mac_algo = _gnutls_cipher_suite_get_mac_algo (suite);
+ cipher_algo = _gnutls_cipher_suite_get_cipher_algo(suite);
+ mac_algo = _gnutls_cipher_suite_get_mac_algo(suite);
- if (_gnutls_cipher_is_ok (cipher_algo) == 0
- || _gnutls_mac_is_ok (mac_algo) == 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_cipher_is_ok(cipher_algo) == 0
+ || _gnutls_mac_is_ok(mac_algo) == 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- if (_gnutls_cipher_priority (session, cipher_algo->id) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_cipher_priority(session, cipher_algo->id) < 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- if (_gnutls_mac_priority (session, mac_algo->id) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_mac_priority(session, mac_algo->id) < 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- params->cipher = cipher_algo;
- params->mac = mac_algo;
+ params->cipher = cipher_algo;
+ params->mac = mac_algo;
- return 0;
+ return 0;
}
int
-_gnutls_epoch_set_compression (gnutls_session_t session,
- int epoch_rel,
- gnutls_compression_method_t comp_algo)
+_gnutls_epoch_set_compression(gnutls_session_t session,
+ int epoch_rel,
+ gnutls_compression_method_t comp_algo)
{
- record_parameters_st *params;
- int ret;
+ record_parameters_st *params;
+ int ret;
- ret = _gnutls_epoch_get (session, epoch_rel, &params);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ ret = _gnutls_epoch_get(session, epoch_rel, &params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- if (params->initialized
- || params->compression_algorithm != GNUTLS_COMP_UNKNOWN)
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+ if (params->initialized
+ || params->compression_algorithm != GNUTLS_COMP_UNKNOWN)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- if (_gnutls_compression_is_ok (comp_algo) != 0)
- return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
+ if (_gnutls_compression_is_ok(comp_algo) != 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
- params->compression_algorithm = comp_algo;
+ params->compression_algorithm = comp_algo;
- return 0;
+ return 0;
}
void
-_gnutls_epoch_set_null_algos (gnutls_session_t session,
- record_parameters_st * params)
+_gnutls_epoch_set_null_algos(gnutls_session_t session,
+ record_parameters_st * params)
{
- /* This is only called on startup. We are extra paranoid about this
- because it may cause unencrypted application data to go out on
- the wire. */
- if (params->initialized || params->epoch != 0)
- {
- gnutls_assert ();
- return;
- }
-
- params->cipher = cipher_to_entry(GNUTLS_CIPHER_NULL);
- params->mac = mac_to_entry(GNUTLS_MAC_NULL);
- params->compression_algorithm = GNUTLS_COMP_NULL;
- params->initialized = 1;
+ /* This is only called on startup. We are extra paranoid about this
+ because it may cause unencrypted application data to go out on
+ the wire. */
+ if (params->initialized || params->epoch != 0) {
+ gnutls_assert();
+ return;
+ }
+
+ params->cipher = cipher_to_entry(GNUTLS_CIPHER_NULL);
+ params->mac = mac_to_entry(GNUTLS_MAC_NULL);
+ params->compression_algorithm = GNUTLS_COMP_NULL;
+ params->initialized = 1;
}
-int
-_gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
+int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch)
{
- int hash_size;
- int IV_size;
- int key_size;
- gnutls_compression_method_t comp_algo;
- record_parameters_st *params;
- int ret;
- const version_entry_st* ver = get_version (session);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ int hash_size;
+ int IV_size;
+ int key_size;
+ gnutls_compression_method_t comp_algo;
+ record_parameters_st *params;
+ int ret;
+ const version_entry_st *ver = get_version(session);
- ret = _gnutls_epoch_get (session, epoch, &params);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- if (params->initialized)
- return 0;
+ ret = _gnutls_epoch_get(session, epoch, &params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- _gnutls_record_log
- ("REC[%p]: Initializing epoch #%u\n", session, params->epoch);
+ if (params->initialized)
+ return 0;
- comp_algo = params->compression_algorithm;
+ _gnutls_record_log
+ ("REC[%p]: Initializing epoch #%u\n", session, params->epoch);
- if (_gnutls_cipher_is_ok (params->cipher) == 0
- || _gnutls_mac_is_ok (params->mac) == 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ comp_algo = params->compression_algorithm;
- if (_gnutls_cipher_priority (session, params->cipher->id) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_cipher_is_ok(params->cipher) == 0
+ || _gnutls_mac_is_ok(params->mac) == 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- if (_gnutls_mac_priority (session, params->mac->id) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_cipher_priority(session, params->cipher->id) < 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- if (_gnutls_compression_is_ok (comp_algo) != 0)
- return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
+ if (_gnutls_mac_priority(session, params->mac->id) < 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- IV_size = _gnutls_cipher_get_implicit_iv_size (params->cipher);
- key_size = _gnutls_cipher_get_key_size (params->cipher);
- hash_size = _gnutls_mac_get_key_size (params->mac);
+ if (_gnutls_compression_is_ok(comp_algo) != 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
- ret = _gnutls_set_keys
- (session, params, hash_size, IV_size, key_size);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ IV_size = _gnutls_cipher_get_implicit_iv_size(params->cipher);
+ key_size = _gnutls_cipher_get_key_size(params->cipher);
+ hash_size = _gnutls_mac_get_key_size(params->mac);
- ret = _gnutls_init_record_state (params, ver, 1, &params->read);
- if (ret < 0)
- return gnutls_assert_val (ret);
- params->read.new_record_padding = session->security_parameters.new_record_padding;
+ ret = _gnutls_set_keys
+ (session, params, hash_size, IV_size, key_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_init_record_state (params, ver, 0, &params->write);
- if (ret < 0)
- return gnutls_assert_val (ret);
- params->write.new_record_padding = session->security_parameters.new_record_padding;
+ ret = _gnutls_init_record_state(params, ver, 1, &params->read);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ params->read.new_record_padding =
+ session->security_parameters.new_record_padding;
- params->record_sw_size = 0;
+ ret = _gnutls_init_record_state(params, ver, 0, &params->write);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ params->write.new_record_padding =
+ session->security_parameters.new_record_padding;
- _gnutls_record_log ("REC[%p]: Epoch #%u ready\n", session, params->epoch);
+ params->record_sw_size = 0;
- params->initialized = 1;
- return 0;
+ _gnutls_record_log("REC[%p]: Epoch #%u ready\n", session,
+ params->epoch);
+
+ params->initialized = 1;
+ return 0;
}
@@ -379,15 +388,14 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
dst->max_record_recv_size = src->max_record_recv_size; \
dst->max_record_send_size = src->max_record_send_size
-static void
-_gnutls_set_resumed_parameters (gnutls_session_t session)
+static void _gnutls_set_resumed_parameters(gnutls_session_t session)
{
- security_parameters_st *src =
- &session->internals.resumed_security_parameters;
- security_parameters_st *dst = &session->security_parameters;
+ security_parameters_st *src =
+ &session->internals.resumed_security_parameters;
+ security_parameters_st *dst = &session->security_parameters;
- CPY_COMMON;
- dst->pversion = src->pversion;
+ CPY_COMMON;
+ dst->pversion = src->pversion;
}
/* Sets the current connection session to conform with the
@@ -396,68 +404,64 @@ _gnutls_set_resumed_parameters (gnutls_session_t session)
* secrets and random numbers to have been negotiated)
* This is to be called after sending the Change Cipher Spec packet.
*/
-int
-_gnutls_connection_state_init (gnutls_session_t session)
+int _gnutls_connection_state_init(gnutls_session_t session)
{
- int ret;
+ int ret;
/* Setup the master secret
*/
- if ((ret = _gnutls_generate_master (session, 0)) < 0)
- return gnutls_assert_val (ret);
+ if ((ret = _gnutls_generate_master(session, 0)) < 0)
+ return gnutls_assert_val(ret);
- return 0;
+ return 0;
}
int _gnutls_epoch_get_compression(gnutls_session_t session, int epoch)
{
-record_parameters_st *params;
-int ret;
+ record_parameters_st *params;
+ int ret;
- ret = _gnutls_epoch_get (session, epoch, &params);
- if (ret < 0)
- return GNUTLS_COMP_UNKNOWN;
+ ret = _gnutls_epoch_get(session, epoch, &params);
+ if (ret < 0)
+ return GNUTLS_COMP_UNKNOWN;
- return params->compression_algorithm;
+ return params->compression_algorithm;
}
/* Initializes the read connection session
* (read encrypted data)
*/
-int
-_gnutls_read_connection_state_init (gnutls_session_t session)
+int _gnutls_read_connection_state_init(gnutls_session_t session)
{
- const uint16_t epoch_next = session->security_parameters.epoch_next;
- int ret;
-
- /* Update internals from CipherSuite selected.
- * If we are resuming just copy the connection session
- */
- if (session->internals.resumed == RESUME_FALSE)
- {
- ret = _gnutls_set_kx (session,
- _gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite));
- if (ret < 0)
- return ret;
- }
- else if (session->security_parameters.entity == GNUTLS_CLIENT)
- _gnutls_set_resumed_parameters (session);
-
- ret = _gnutls_epoch_set_keys (session, epoch_next);
- if (ret < 0)
- return ret;
-
- _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n",
- session,
- _gnutls_cipher_suite_get_name
- (session->
- security_parameters.cipher_suite));
-
- session->security_parameters.epoch_read = epoch_next;
-
- return 0;
+ const uint16_t epoch_next =
+ session->security_parameters.epoch_next;
+ int ret;
+
+ /* Update internals from CipherSuite selected.
+ * If we are resuming just copy the connection session
+ */
+ if (session->internals.resumed == RESUME_FALSE) {
+ ret = _gnutls_set_kx(session,
+ _gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite));
+ if (ret < 0)
+ return ret;
+ } else if (session->security_parameters.entity == GNUTLS_CLIENT)
+ _gnutls_set_resumed_parameters(session);
+
+ ret = _gnutls_epoch_set_keys(session, epoch_next);
+ if (ret < 0)
+ return ret;
+
+ _gnutls_handshake_log("HSK[%p]: Cipher Suite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name
+ (session->security_parameters.cipher_suite));
+
+ session->security_parameters.epoch_read = epoch_next;
+
+ return 0;
}
@@ -465,247 +469,256 @@ _gnutls_read_connection_state_init (gnutls_session_t session)
/* Initializes the write connection session
* (write encrypted data)
*/
-int
-_gnutls_write_connection_state_init (gnutls_session_t session)
+int _gnutls_write_connection_state_init(gnutls_session_t session)
{
- const uint16_t epoch_next = session->security_parameters.epoch_next;
- int ret;
+ const uint16_t epoch_next =
+ session->security_parameters.epoch_next;
+ int ret;
/* Update internals from CipherSuite selected.
* If we are resuming just copy the connection session
*/
- if (session->internals.resumed == RESUME_FALSE)
- {
- ret = _gnutls_set_kx (session,
- _gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite));
- if (ret < 0)
- return ret;
- }
- else if (session->security_parameters.entity == GNUTLS_SERVER)
- _gnutls_set_resumed_parameters (session);
-
- ret = _gnutls_epoch_set_keys (session, epoch_next);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session,
- _gnutls_cipher_suite_get_name
- (session->
- security_parameters.cipher_suite));
-
- _gnutls_handshake_log
- ("HSK[%p]: Initializing internal [write] cipher sessions\n", session);
-
- session->security_parameters.epoch_write = epoch_next;
-
- return 0;
+ if (session->internals.resumed == RESUME_FALSE) {
+ ret = _gnutls_set_kx(session,
+ _gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite));
+ if (ret < 0)
+ return ret;
+ } else if (session->security_parameters.entity == GNUTLS_SERVER)
+ _gnutls_set_resumed_parameters(session);
+
+ ret = _gnutls_epoch_set_keys(session, epoch_next);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_handshake_log("HSK[%p]: Cipher Suite: %s\n", session,
+ _gnutls_cipher_suite_get_name
+ (session->security_parameters.cipher_suite));
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Initializing internal [write] cipher sessions\n",
+ session);
+
+ session->security_parameters.epoch_write = epoch_next;
+
+ return 0;
}
/* Sets the specified kx algorithm into pending session
*/
static int
-_gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo)
+_gnutls_set_kx(gnutls_session_t session, gnutls_kx_algorithm_t algo)
{
- if (_gnutls_kx_is_ok (algo) == 0)
- {
- session->security_parameters.kx_algorithm = algo;
- }
- else
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+ if (_gnutls_kx_is_ok(algo) == 0) {
+ session->security_parameters.kx_algorithm = algo;
+ } else
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- if (_gnutls_kx_priority (session, algo) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+ if (_gnutls_kx_priority(session, algo) < 0)
+ return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- return 0;
+ return 0;
}
static inline int
-epoch_resolve (gnutls_session_t session,
- unsigned int epoch_rel, uint16_t * epoch_out)
+epoch_resolve(gnutls_session_t session,
+ unsigned int epoch_rel, uint16_t * epoch_out)
{
- switch (epoch_rel)
- {
- case EPOCH_READ_CURRENT:
- *epoch_out = session->security_parameters.epoch_read;
- return 0;
-
- case EPOCH_WRITE_CURRENT:
- *epoch_out = session->security_parameters.epoch_write;
- return 0;
-
- case EPOCH_NEXT:
- *epoch_out = session->security_parameters.epoch_next;
- return 0;
-
- default:
- if (epoch_rel > 0xffffu)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- *epoch_out = epoch_rel;
- return 0;
- }
+ switch (epoch_rel) {
+ case EPOCH_READ_CURRENT:
+ *epoch_out = session->security_parameters.epoch_read;
+ return 0;
+
+ case EPOCH_WRITE_CURRENT:
+ *epoch_out = session->security_parameters.epoch_write;
+ return 0;
+
+ case EPOCH_NEXT:
+ *epoch_out = session->security_parameters.epoch_next;
+ return 0;
+
+ default:
+ if (epoch_rel > 0xffffu)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ *epoch_out = epoch_rel;
+ return 0;
+ }
}
-static inline record_parameters_st **
-epoch_get_slot (gnutls_session_t session, uint16_t epoch)
+static inline record_parameters_st **epoch_get_slot(gnutls_session_t
+ session,
+ uint16_t epoch)
{
- uint16_t epoch_index = epoch - session->security_parameters.epoch_min;
-
- if (epoch_index >= MAX_EPOCH_INDEX)
- {
- _gnutls_handshake_log("Epoch %d out of range (idx: %d, max: %d)\n", (int)epoch, (int)epoch_index, MAX_EPOCH_INDEX);
- gnutls_assert ();
- return NULL;
- }
- /* The slot may still be empty (NULL) */
- return &session->record_parameters[epoch_index];
+ uint16_t epoch_index =
+ epoch - session->security_parameters.epoch_min;
+
+ if (epoch_index >= MAX_EPOCH_INDEX) {
+ _gnutls_handshake_log
+ ("Epoch %d out of range (idx: %d, max: %d)\n",
+ (int) epoch, (int) epoch_index, MAX_EPOCH_INDEX);
+ gnutls_assert();
+ return NULL;
+ }
+ /* The slot may still be empty (NULL) */
+ return &session->record_parameters[epoch_index];
}
int
-_gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
- record_parameters_st ** params_out)
+_gnutls_epoch_get(gnutls_session_t session, unsigned int epoch_rel,
+ record_parameters_st ** params_out)
{
- uint16_t epoch;
- record_parameters_st **params;
- int ret;
+ uint16_t epoch;
+ record_parameters_st **params;
+ int ret;
- ret = epoch_resolve (session, epoch_rel, &epoch);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ ret = epoch_resolve(session, epoch_rel, &epoch);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- params = epoch_get_slot (session, epoch);
- if (params == NULL || *params == NULL)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+ params = epoch_get_slot(session, epoch);
+ if (params == NULL || *params == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- *params_out = *params;
+ *params_out = *params;
- return 0;
+ return 0;
}
int
-_gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
- record_parameters_st ** out)
+_gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch,
+ record_parameters_st ** out)
{
- record_parameters_st **slot;
+ record_parameters_st **slot;
- _gnutls_record_log ("REC[%p]: Allocating epoch #%u\n", session, epoch);
+ _gnutls_record_log("REC[%p]: Allocating epoch #%u\n", session,
+ epoch);
- slot = epoch_get_slot (session, epoch);
+ slot = epoch_get_slot(session, epoch);
- /* If slot out of range or not empty. */
- if (slot == NULL)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+ /* If slot out of range or not empty. */
+ if (slot == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- if (*slot != NULL)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+ if (*slot != NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- *slot = gnutls_calloc (1, sizeof (record_parameters_st));
- if (*slot == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ *slot = gnutls_calloc(1, sizeof(record_parameters_st));
+ if (*slot == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- (*slot)->epoch = epoch;
- (*slot)->cipher = NULL;
- (*slot)->mac = NULL;
- (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN;
+ (*slot)->epoch = epoch;
+ (*slot)->cipher = NULL;
+ (*slot)->mac = NULL;
+ (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN;
- if (IS_DTLS (session))
- _gnutls_write_uint16 (epoch, UINT64DATA((*slot)->write.sequence_number));
+ if (IS_DTLS(session))
+ _gnutls_write_uint16(epoch,
+ UINT64DATA((*slot)->write.
+ sequence_number));
- if (out != NULL)
- *out = *slot;
+ if (out != NULL)
+ *out = *slot;
- return 0;
+ return 0;
}
static inline int
epoch_is_active(gnutls_session_t session, record_parameters_st * params)
{
- const security_parameters_st *sp = &session->security_parameters;
-
- if (params->epoch == sp->epoch_read)
- return 1;
-
- if (params->epoch == sp->epoch_write)
- return 1;
-
- if (params->epoch == sp->epoch_next)
- return 1;
-
- return 0;
+ const security_parameters_st *sp = &session->security_parameters;
+
+ if (params->epoch == sp->epoch_read)
+ return 1;
+
+ if (params->epoch == sp->epoch_write)
+ return 1;
+
+ if (params->epoch == sp->epoch_next)
+ return 1;
+
+ return 0;
}
static inline int
-epoch_alive (gnutls_session_t session, record_parameters_st * params)
+epoch_alive(gnutls_session_t session, record_parameters_st * params)
{
- if (params->usage_cnt > 0)
- return 1;
+ if (params->usage_cnt > 0)
+ return 1;
- return epoch_is_active(session, params);
+ return epoch_is_active(session, params);
}
-void
-_gnutls_epoch_gc (gnutls_session_t session)
+void _gnutls_epoch_gc(gnutls_session_t session)
{
- int i, j;
- unsigned int min_index = 0;
-
- _gnutls_record_log ("REC[%p]: Start of epoch cleanup\n", session);
-
- /* Free all dead cipher state */
- for (i = 0; i < MAX_EPOCH_INDEX; i++)
- {
- if (session->record_parameters[i] != NULL)
- {
- if (!epoch_is_active(session, session->record_parameters[i]) && session->record_parameters[i]->usage_cnt)
- _gnutls_record_log ("REC[%p]: Note inactive epoch %d has %d users\n", session, session->record_parameters[i]->epoch, session->record_parameters[i]->usage_cnt);
- if (!epoch_alive (session, session->record_parameters[i]))
- {
- _gnutls_epoch_free (session, session->record_parameters[i]);
- session->record_parameters[i] = NULL;
- }
- }
- }
-
- /* Look for contiguous NULLs at the start of the array */
- for (i = 0; i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL;
- i++);
- min_index = i;
-
- /* Pick up the slack in the epoch window. */
- for (i = 0, j = min_index; j < MAX_EPOCH_INDEX; i++, j++)
- session->record_parameters[i] = session->record_parameters[j];
-
- /* Set the new epoch_min */
- if (session->record_parameters[0] != NULL)
- session->security_parameters.epoch_min =
- session->record_parameters[0]->epoch;
-
- _gnutls_record_log ("REC[%p]: End of epoch cleanup\n", session);
+ int i, j;
+ unsigned int min_index = 0;
+
+ _gnutls_record_log("REC[%p]: Start of epoch cleanup\n", session);
+
+ /* Free all dead cipher state */
+ for (i = 0; i < MAX_EPOCH_INDEX; i++) {
+ if (session->record_parameters[i] != NULL) {
+ if (!epoch_is_active
+ (session, session->record_parameters[i])
+ && session->record_parameters[i]->usage_cnt)
+ _gnutls_record_log
+ ("REC[%p]: Note inactive epoch %d has %d users\n",
+ session,
+ session->record_parameters[i]->epoch,
+ session->record_parameters[i]->
+ usage_cnt);
+ if (!epoch_alive
+ (session, session->record_parameters[i])) {
+ _gnutls_epoch_free(session,
+ session->
+ record_parameters[i]);
+ session->record_parameters[i] = NULL;
+ }
+ }
+ }
+
+ /* Look for contiguous NULLs at the start of the array */
+ for (i = 0;
+ i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL;
+ i++);
+ min_index = i;
+
+ /* Pick up the slack in the epoch window. */
+ for (i = 0, j = min_index; j < MAX_EPOCH_INDEX; i++, j++)
+ session->record_parameters[i] =
+ session->record_parameters[j];
+
+ /* Set the new epoch_min */
+ if (session->record_parameters[0] != NULL)
+ session->security_parameters.epoch_min =
+ session->record_parameters[0]->epoch;
+
+ _gnutls_record_log("REC[%p]: End of epoch cleanup\n", session);
}
-static inline void
-free_record_state (record_state_st * state, int d)
+static inline void free_record_state(record_state_st * state, int d)
{
- _gnutls_free_datum (&state->mac_secret);
- _gnutls_free_datum (&state->IV);
- _gnutls_free_datum (&state->key);
+ _gnutls_free_datum(&state->mac_secret);
+ _gnutls_free_datum(&state->IV);
+ _gnutls_free_datum(&state->key);
- _gnutls_auth_cipher_deinit (&state->cipher_state);
+ _gnutls_auth_cipher_deinit(&state->cipher_state);
- if (state->compression_state.handle != NULL)
- _gnutls_comp_deinit (&state->compression_state, d);
+ if (state->compression_state.handle != NULL)
+ _gnutls_comp_deinit(&state->compression_state, d);
}
void
-_gnutls_epoch_free (gnutls_session_t session, record_parameters_st * params)
+_gnutls_epoch_free(gnutls_session_t session, record_parameters_st * params)
{
- _gnutls_record_log ("REC[%p]: Epoch #%u freed\n", session, params->epoch);
+ _gnutls_record_log("REC[%p]: Epoch #%u freed\n", session,
+ params->epoch);
- free_record_state (&params->read, 1);
- free_record_state (&params->write, 0);
+ free_record_state(&params->read, 1);
+ free_record_state(&params->write, 0);
- gnutls_free (params);
+ gnutls_free(params);
}
diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h
index cc83334fcf..bfec4534bb 100644
--- a/lib/gnutls_constate.h
+++ b/lib/gnutls_constate.h
@@ -23,67 +23,70 @@
#ifndef GNUTLS_CONSTATE_H
#define GNUTLS_CONSTATE_H
-int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, int epoch_rel,
- const uint8_t suite[2]);
-int _gnutls_epoch_set_compression (gnutls_session_t session, int epoch_rel,
- gnutls_compression_method_t comp_algo);
-int _gnutls_epoch_get_compression (gnutls_session_t session, int epoch_rel);
-void _gnutls_epoch_set_null_algos (gnutls_session_t session,
- record_parameters_st * params);
-int _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch);
-int _gnutls_connection_state_init (gnutls_session_t session);
-int _gnutls_read_connection_state_init (gnutls_session_t session);
-int _gnutls_write_connection_state_init (gnutls_session_t session);
-
-int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
- record_parameters_st ** params_out);
-int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
- record_parameters_st ** out);
-void _gnutls_epoch_gc (gnutls_session_t session);
-void _gnutls_epoch_free (gnutls_session_t session,
- record_parameters_st * state);
-
-static inline int _gnutls_epoch_is_valid(gnutls_session_t session, int epoch)
+int _gnutls_epoch_set_cipher_suite(gnutls_session_t session, int epoch_rel,
+ const uint8_t suite[2]);
+int _gnutls_epoch_set_compression(gnutls_session_t session, int epoch_rel,
+ gnutls_compression_method_t comp_algo);
+int _gnutls_epoch_get_compression(gnutls_session_t session, int epoch_rel);
+void _gnutls_epoch_set_null_algos(gnutls_session_t session,
+ record_parameters_st * params);
+int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch);
+int _gnutls_connection_state_init(gnutls_session_t session);
+int _gnutls_read_connection_state_init(gnutls_session_t session);
+int _gnutls_write_connection_state_init(gnutls_session_t session);
+
+int _gnutls_epoch_get(gnutls_session_t session, unsigned int epoch_rel,
+ record_parameters_st ** params_out);
+int _gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch,
+ record_parameters_st ** out);
+void _gnutls_epoch_gc(gnutls_session_t session);
+void _gnutls_epoch_free(gnutls_session_t session,
+ record_parameters_st * state);
+
+static inline int _gnutls_epoch_is_valid(gnutls_session_t session,
+ int epoch)
{
- record_parameters_st * params;
- int ret;
+ record_parameters_st *params;
+ int ret;
- ret = _gnutls_epoch_get( session, epoch, &params);
- if (ret < 0)
- return 0;
+ ret = _gnutls_epoch_get(session, epoch, &params);
+ if (ret < 0)
+ return 0;
- return 1;
+ return 1;
}
-static inline int _gnutls_epoch_refcount_inc(gnutls_session_t session, int epoch)
+static inline int _gnutls_epoch_refcount_inc(gnutls_session_t session,
+ int epoch)
{
- record_parameters_st * params;
- int ret;
+ record_parameters_st *params;
+ int ret;
+
+ ret = _gnutls_epoch_get(session, epoch, &params);
+ if (ret < 0)
+ return ret;
- ret = _gnutls_epoch_get( session, epoch, &params);
- if (ret < 0)
- return ret;
+ params->usage_cnt++;
- params->usage_cnt++;
-
- return params->epoch;
+ return params->epoch;
}
-static inline int _gnutls_epoch_refcount_dec(gnutls_session_t session, uint16_t epoch)
+static inline int _gnutls_epoch_refcount_dec(gnutls_session_t session,
+ uint16_t epoch)
{
- record_parameters_st * params;
- int ret;
-
- ret = _gnutls_epoch_get( session, epoch, &params);
- if (ret < 0)
- return ret;
-
- params->usage_cnt--;
- if (params->usage_cnt < 0)
- return GNUTLS_E_INTERNAL_ERROR;
-
- return 0;
+ record_parameters_st *params;
+ int ret;
+
+ ret = _gnutls_epoch_get(session, epoch, &params);
+ if (ret < 0)
+ return ret;
+
+ params->usage_cnt--;
+ if (params->usage_cnt < 0)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ return 0;
}
#endif
diff --git a/lib/gnutls_datum.c b/lib/gnutls_datum.c
index 89b280a854..670279a246 100644
--- a/lib/gnutls_datum.c
+++ b/lib/gnutls_datum.c
@@ -31,47 +31,44 @@
#include <gnutls_errors.h>
int
-_gnutls_set_datum (gnutls_datum_t * dat, const void *data,
- size_t data_size)
+_gnutls_set_datum(gnutls_datum_t * dat, const void *data, size_t data_size)
{
- if (data_size == 0 || data == NULL)
- {
- dat->data = NULL;
- dat->size = 0;
- return 0;
- }
+ if (data_size == 0 || data == NULL) {
+ dat->data = NULL;
+ dat->size = 0;
+ return 0;
+ }
- dat->data = gnutls_malloc (data_size);
- if (dat->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ dat->data = gnutls_malloc(data_size);
+ if (dat->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- dat->size = data_size;
- memcpy (dat->data, data, data_size);
+ dat->size = data_size;
+ memcpy(dat->data, data, data_size);
- return 0;
+ return 0;
}
int
-_gnutls_datum_append (gnutls_datum_t * dst, const void *data,
- size_t data_size)
+_gnutls_datum_append(gnutls_datum_t * dst, const void *data,
+ size_t data_size)
{
- dst->data = gnutls_realloc_fast (dst->data, data_size + dst->size);
- if (dst->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ dst->data = gnutls_realloc_fast(dst->data, data_size + dst->size);
+ if (dst->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- memcpy (&dst->data[dst->size], data, data_size);
- dst->size += data_size;
+ memcpy(&dst->data[dst->size], data, data_size);
+ dst->size += data_size;
- return 0;
+ return 0;
}
-void
-_gnutls_free_datum (gnutls_datum_t * dat)
+void _gnutls_free_datum(gnutls_datum_t * dat)
{
- if (dat->data != NULL)
- gnutls_free (dat->data);
+ if (dat->data != NULL)
+ gnutls_free(dat->data);
- dat->data = NULL;
- dat->size = 0;
+ dat->data = NULL;
+ dat->size = 0;
}
diff --git a/lib/gnutls_datum.h b/lib/gnutls_datum.h
index e612c667a6..9397408047 100644
--- a/lib/gnutls_datum.h
+++ b/lib/gnutls_datum.h
@@ -23,12 +23,12 @@
#ifndef GNUTLS_DATUM_H
#define GNUTLS_DATUM_H
-int _gnutls_set_datum (gnutls_datum_t * dat, const void *data,
- size_t data_size);
+int _gnutls_set_datum(gnutls_datum_t * dat, const void *data,
+ size_t data_size);
-int _gnutls_datum_append (gnutls_datum_t * dat, const void *data,
- size_t data_size);
+int _gnutls_datum_append(gnutls_datum_t * dat, const void *data,
+ size_t data_size);
-void _gnutls_free_datum (gnutls_datum_t * dat);
+void _gnutls_free_datum(gnutls_datum_t * dat);
#endif
diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c
index 382e53b4ec..2d9b744a72 100644
--- a/lib/gnutls_db.c
+++ b/lib/gnutls_db.c
@@ -47,10 +47,10 @@
* gnutls_db_set_ptr() has been called.
**/
void
-gnutls_db_set_retrieve_function (gnutls_session_t session,
- gnutls_db_retr_func retr_func)
+gnutls_db_set_retrieve_function(gnutls_session_t session,
+ gnutls_db_retr_func retr_func)
{
- session->internals.db_retrieve_func = retr_func;
+ session->internals.db_retrieve_func = retr_func;
}
/**
@@ -65,10 +65,10 @@ gnutls_db_set_retrieve_function (gnutls_session_t session,
* gnutls_db_set_ptr() has been called.
**/
void
-gnutls_db_set_remove_function (gnutls_session_t session,
- gnutls_db_remove_func rem_func)
+gnutls_db_set_remove_function(gnutls_session_t session,
+ gnutls_db_remove_func rem_func)
{
- session->internals.db_remove_func = rem_func;
+ session->internals.db_remove_func = rem_func;
}
/**
@@ -83,10 +83,10 @@ gnutls_db_set_remove_function (gnutls_session_t session,
* gnutls_db_set_ptr() has been called.
**/
void
-gnutls_db_set_store_function (gnutls_session_t session,
- gnutls_db_store_func store_func)
+gnutls_db_set_store_function(gnutls_session_t session,
+ gnutls_db_store_func store_func)
{
- session->internals.db_store_func = store_func;
+ session->internals.db_store_func = store_func;
}
/**
@@ -97,10 +97,9 @@ gnutls_db_set_store_function (gnutls_session_t session,
* Sets the pointer that will be provided to db store, retrieve and
* delete functions, as the first argument.
**/
-void
-gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
+void gnutls_db_set_ptr(gnutls_session_t session, void *ptr)
{
- session->internals.db_ptr = ptr;
+ session->internals.db_ptr = ptr;
}
/**
@@ -112,10 +111,9 @@ gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
* Returns: the pointer that will be sent to db store, retrieve and
* delete functions, as the first argument.
**/
-void *
-gnutls_db_get_ptr (gnutls_session_t session)
+void *gnutls_db_get_ptr(gnutls_session_t session)
{
- return session->internals.db_ptr;
+ return session->internals.db_ptr;
}
/**
@@ -126,10 +124,9 @@ gnutls_db_get_ptr (gnutls_session_t session)
* Set the expiration time for resumed sessions. The default is 3600
* (one hour) at the time of this writing.
**/
-void
-gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds)
+void gnutls_db_set_cache_expiration(gnutls_session_t session, int seconds)
{
- session->internals.expire_time = seconds;
+ session->internals.expire_time = seconds;
}
/**
@@ -143,9 +140,10 @@ gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds)
* expired or 0 otherwise.
**/
int
-gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry)
+gnutls_db_check_entry(gnutls_session_t session,
+ gnutls_datum_t session_entry)
{
- return 0;
+ return 0;
}
/**
@@ -158,152 +156,144 @@ gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry)
*
* Returns: The time this entry was created, or zero on error.
**/
-time_t
-gnutls_db_check_entry_time (gnutls_datum_t *entry)
+time_t gnutls_db_check_entry_time(gnutls_datum_t * entry)
{
-uint32_t t;
-uint32_t magic;
-
- if (entry->size < 8)
- return gnutls_assert_val(0);
-
- memcpy(&magic, entry->data, 4);
-
- if (magic != PACKED_SESSION_MAGIC)
- return gnutls_assert_val(0);
-
- memcpy(&t, &entry->data[4], 4);
-
- return t;
+ uint32_t t;
+ uint32_t magic;
+
+ if (entry->size < 8)
+ return gnutls_assert_val(0);
+
+ memcpy(&magic, entry->data, 4);
+
+ if (magic != PACKED_SESSION_MAGIC)
+ return gnutls_assert_val(0);
+
+ memcpy(&t, &entry->data[4], 4);
+
+ return t;
}
/* Checks if both db_store and db_retrieve functions have
* been set up.
*/
-static int
-db_func_is_ok (gnutls_session_t session)
+static int db_func_is_ok(gnutls_session_t session)
{
- if (session->internals.db_store_func != NULL &&
- session->internals.db_retrieve_func != NULL)
- return 0;
- else
- return GNUTLS_E_DB_ERROR;
+ if (session->internals.db_store_func != NULL &&
+ session->internals.db_retrieve_func != NULL)
+ return 0;
+ else
+ return GNUTLS_E_DB_ERROR;
}
/* Stores session data to the db backend.
*/
static int
-store_session (gnutls_session_t session,
- gnutls_datum_t session_id,
- gnutls_datum_t session_data)
+store_session(gnutls_session_t session,
+ gnutls_datum_t session_id, gnutls_datum_t session_data)
{
- int ret = 0;
+ int ret = 0;
- if (db_func_is_ok (session) != 0)
- {
- return GNUTLS_E_DB_ERROR;
- }
+ if (db_func_is_ok(session) != 0) {
+ return GNUTLS_E_DB_ERROR;
+ }
- if (session_data.data == NULL || session_data.size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
+ if (session_data.data == NULL || session_data.size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
- /* if we can't read why bother writing? */
- ret = session->internals.db_store_func (session->internals.db_ptr,
- session_id, session_data);
+ /* if we can't read why bother writing? */
+ ret = session->internals.db_store_func(session->internals.db_ptr,
+ session_id, session_data);
- return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
+ return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
}
-int
-_gnutls_server_register_current_session (gnutls_session_t session)
+int _gnutls_server_register_current_session(gnutls_session_t session)
{
- gnutls_datum_t key;
- gnutls_datum_t content;
- int ret = 0;
-
- key.data = session->security_parameters.session_id;
- key.size = session->security_parameters.session_id_size;
-
- if (session->internals.resumable == RESUME_FALSE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- if (session->security_parameters.session_id == NULL
- || session->security_parameters.session_id_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- ret = _gnutls_session_pack (session, &content);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = store_session (session, key, content);
- _gnutls_free_datum (&content);
-
- return ret;
+ gnutls_datum_t key;
+ gnutls_datum_t content;
+ int ret = 0;
+
+ key.data = session->security_parameters.session_id;
+ key.size = session->security_parameters.session_id_size;
+
+ if (session->internals.resumable == RESUME_FALSE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ if (session->security_parameters.session_id == NULL
+ || session->security_parameters.session_id_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ ret = _gnutls_session_pack(session, &content);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = store_session(session, key, content);
+ _gnutls_free_datum(&content);
+
+ return ret;
}
int
-_gnutls_server_restore_session (gnutls_session_t session,
- uint8_t * session_id, int session_id_size)
+_gnutls_server_restore_session(gnutls_session_t session,
+ uint8_t * session_id, int session_id_size)
{
- gnutls_datum_t data;
- gnutls_datum_t key;
- int ret;
-
- if (session_id == NULL || session_id_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (session->internals.premaster_set != 0)
- { /* hack for CISCO's DTLS-0.9 */
- if (session_id_size == session->internals.resumed_security_parameters.session_id_size &&
- memcmp(session_id, session->internals.resumed_security_parameters.session_id, session_id_size) == 0)
- return 0;
- }
-
- key.data = session_id;
- key.size = session_id_size;
-
- if (db_func_is_ok (session) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- data = session->internals.db_retrieve_func (session->internals.db_ptr,
- key);
-
- if (data.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- /* expiration check is performed inside */
- ret = gnutls_session_set_data (session, data.data, data.size);
- gnutls_free (data.data);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
-
- return 0;
+ gnutls_datum_t data;
+ gnutls_datum_t key;
+ int ret;
+
+ if (session_id == NULL || session_id_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (session->internals.premaster_set != 0) { /* hack for CISCO's DTLS-0.9 */
+ if (session_id_size ==
+ session->internals.resumed_security_parameters.
+ session_id_size
+ && memcmp(session_id,
+ session->internals.
+ resumed_security_parameters.session_id,
+ session_id_size) == 0)
+ return 0;
+ }
+
+ key.data = session_id;
+ key.size = session_id_size;
+
+ if (db_func_is_ok(session) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ data =
+ session->internals.db_retrieve_func(session->internals.db_ptr,
+ key);
+
+ if (data.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ /* expiration check is performed inside */
+ ret = gnutls_session_set_data(session, data.data, data.size);
+ gnutls_free(data.data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+
+ return 0;
}
/**
@@ -318,30 +308,27 @@ _gnutls_server_restore_session (gnutls_session_t session,
* Normally gnutls_deinit() will remove abnormally terminated
* sessions.
**/
-void
-gnutls_db_remove_session (gnutls_session_t session)
+void gnutls_db_remove_session(gnutls_session_t session)
{
- gnutls_datum_t session_id;
- int ret = 0;
-
- session_id.data = session->security_parameters.session_id;
- session_id.size = session->security_parameters.session_id_size;
-
- if (session->internals.db_remove_func == NULL)
- {
- gnutls_assert ();
- return /* GNUTLS_E_DB_ERROR */;
- }
-
- if (session_id.data == NULL || session_id.size == 0)
- {
- gnutls_assert ();
- return /* GNUTLS_E_INVALID_SESSION */;
- }
-
- /* if we can't read why bother writing? */
- ret = session->internals.db_remove_func (session->internals.db_ptr,
- session_id);
- if (ret != 0)
- gnutls_assert ();
+ gnutls_datum_t session_id;
+ int ret = 0;
+
+ session_id.data = session->security_parameters.session_id;
+ session_id.size = session->security_parameters.session_id_size;
+
+ if (session->internals.db_remove_func == NULL) {
+ gnutls_assert();
+ return /* GNUTLS_E_DB_ERROR */ ;
+ }
+
+ if (session_id.data == NULL || session_id.size == 0) {
+ gnutls_assert();
+ return /* GNUTLS_E_INVALID_SESSION */ ;
+ }
+
+ /* if we can't read why bother writing? */
+ ret = session->internals.db_remove_func(session->internals.db_ptr,
+ session_id);
+ if (ret != 0)
+ gnutls_assert();
}
diff --git a/lib/gnutls_db.h b/lib/gnutls_db.h
index 4dc8c77858..20a8cbf886 100644
--- a/lib/gnutls_db.h
+++ b/lib/gnutls_db.h
@@ -20,9 +20,9 @@
*
*/
-int _gnutls_server_register_current_session (gnutls_session_t session);
-int _gnutls_server_restore_session (gnutls_session_t session,
- uint8_t * session_id,
- int session_id_size);
+int _gnutls_server_register_current_session(gnutls_session_t session);
+int _gnutls_server_restore_session(gnutls_session_t session,
+ uint8_t * session_id,
+ int session_id_size);
#define PACKED_SESSION_MAGIC 0xfadebadd
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index 7b9b79f1a6..5bbb0a6ced 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -46,115 +46,110 @@
/* returns the public value (X), and the secret (ret_x).
*/
int
-gnutls_calc_dh_secret (bigint_t* ret_y, bigint_t * ret_x, bigint_t g, bigint_t prime,
- unsigned int q_bits)
+gnutls_calc_dh_secret(bigint_t * ret_y, bigint_t * ret_x, bigint_t g,
+ bigint_t prime, unsigned int q_bits)
{
- bigint_t e=NULL, x = NULL;
- unsigned int x_size;
- int ret;
-
- if (q_bits == 0)
- {
- x_size = _gnutls_mpi_get_nbits (prime);
- if (x_size > 0) x_size--;
- }
- else
- x_size = q_bits;
-
- if (x_size > MAX_BITS || x_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- x = _gnutls_mpi_new(x_size);
- if (x == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto fail;
- }
-
- e = _gnutls_mpi_alloc_like (prime);
- if (e == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto fail;
- }
-
- do
- {
- if (_gnutls_mpi_randomize (x, x_size, GNUTLS_RND_RANDOM) == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto fail;
- }
-
- _gnutls_mpi_powm (e, g, x, prime);
- }
- while(_gnutls_mpi_cmp_ui(e, 1) == 0);
-
- *ret_x = x;
- *ret_y = e;
-
- return 0;
-
-fail:
- if (x) _gnutls_mpi_release (&x);
- if (e) _gnutls_mpi_release (&e);
- return ret;
+ bigint_t e = NULL, x = NULL;
+ unsigned int x_size;
+ int ret;
+
+ if (q_bits == 0) {
+ x_size = _gnutls_mpi_get_nbits(prime);
+ if (x_size > 0)
+ x_size--;
+ } else
+ x_size = q_bits;
+
+ if (x_size > MAX_BITS || x_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ x = _gnutls_mpi_new(x_size);
+ if (x == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
+ }
+
+ e = _gnutls_mpi_alloc_like(prime);
+ if (e == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
+ }
+
+ do {
+ if (_gnutls_mpi_randomize(x, x_size, GNUTLS_RND_RANDOM) ==
+ NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto fail;
+ }
+
+ _gnutls_mpi_powm(e, g, x, prime);
+ }
+ while (_gnutls_mpi_cmp_ui(e, 1) == 0);
+
+ *ret_x = x;
+ *ret_y = e;
+
+ return 0;
+
+ fail:
+ if (x)
+ _gnutls_mpi_release(&x);
+ if (e)
+ _gnutls_mpi_release(&e);
+ return ret;
}
/* returns f^x mod prime
*/
int
-gnutls_calc_dh_key (bigint_t *key, bigint_t f, bigint_t x, bigint_t prime)
+gnutls_calc_dh_key(bigint_t * key, bigint_t f, bigint_t x, bigint_t prime)
{
- bigint_t k, ff;
- unsigned int bits;
- int ret;
-
- ff = _gnutls_mpi_mod(f, prime);
- _gnutls_mpi_add_ui(ff, ff, 1);
-
- /* check if f==0,1,p-1.
- * or (ff=f+1) equivalently ff==1,2,p */
- if ((_gnutls_mpi_cmp_ui(ff, 2) == 0) || (_gnutls_mpi_cmp_ui(ff, 1) == 0) ||
- (_gnutls_mpi_cmp(ff,prime) == 0))
- {
- gnutls_assert();
- ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- goto cleanup;
- }
-
- bits = _gnutls_mpi_get_nbits (prime);
- if (bits == 0 || bits > MAX_BITS)
- {
- gnutls_assert ();
- ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- goto cleanup;
- }
-
- k = _gnutls_mpi_alloc_like (prime);
- if (k == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- _gnutls_mpi_powm (k, f, x, prime);
-
- *key = k;
-
- ret = 0;
-cleanup:
- _gnutls_mpi_release (&ff);
-
- return ret;
+ bigint_t k, ff;
+ unsigned int bits;
+ int ret;
+
+ ff = _gnutls_mpi_mod(f, prime);
+ _gnutls_mpi_add_ui(ff, ff, 1);
+
+ /* check if f==0,1,p-1.
+ * or (ff=f+1) equivalently ff==1,2,p */
+ if ((_gnutls_mpi_cmp_ui(ff, 2) == 0)
+ || (_gnutls_mpi_cmp_ui(ff, 1) == 0)
+ || (_gnutls_mpi_cmp(ff, prime) == 0)) {
+ gnutls_assert();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto cleanup;
+ }
+
+ bits = _gnutls_mpi_get_nbits(prime);
+ if (bits == 0 || bits > MAX_BITS) {
+ gnutls_assert();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto cleanup;
+ }
+
+ k = _gnutls_mpi_alloc_like(prime);
+ if (k == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ _gnutls_mpi_powm(k, f, x, prime);
+
+ *key = k;
+
+ ret = 0;
+ cleanup:
+ _gnutls_mpi_release(&ff);
+
+ return ret;
}
/*-
@@ -166,31 +161,28 @@ cleanup:
* This function will return the dh parameters pointer.
-*/
gnutls_dh_params_t
-_gnutls_get_dh_params (gnutls_dh_params_t dh_params,
- gnutls_params_function * func,
- gnutls_session_t session)
+_gnutls_get_dh_params(gnutls_dh_params_t dh_params,
+ gnutls_params_function * func,
+ gnutls_session_t session)
{
- gnutls_params_st params;
- int ret;
-
- /* if cached return the cached */
- if (session->internals.params.dh_params)
- return session->internals.params.dh_params;
-
- if (dh_params)
- {
- session->internals.params.dh_params = dh_params;
- }
- else if (func)
- {
- ret = func (session, GNUTLS_PARAMS_DH, &params);
- if (ret == 0 && params.type == GNUTLS_PARAMS_DH)
- {
- session->internals.params.dh_params = params.params.dh;
- session->internals.params.free_dh_params = params.deinit;
- }
- }
-
- return session->internals.params.dh_params;
+ gnutls_params_st params;
+ int ret;
+
+ /* if cached return the cached */
+ if (session->internals.params.dh_params)
+ return session->internals.params.dh_params;
+
+ if (dh_params) {
+ session->internals.params.dh_params = dh_params;
+ } else if (func) {
+ ret = func(session, GNUTLS_PARAMS_DH, &params);
+ if (ret == 0 && params.type == GNUTLS_PARAMS_DH) {
+ session->internals.params.dh_params =
+ params.params.dh;
+ session->internals.params.free_dh_params =
+ params.deinit;
+ }
+ }
+
+ return session->internals.params.dh_params;
}
-
diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h
index f4b5952fd0..fec2ec8282 100644
--- a/lib/gnutls_dh.h
+++ b/lib/gnutls_dh.h
@@ -23,14 +23,15 @@
#ifndef GNUTLS_DH_H
#define GNUTLS_DH_H
-const bigint_t *_gnutls_dh_params_to_mpi (gnutls_dh_params_t);
-int gnutls_calc_dh_secret (bigint_t* ret_y, bigint_t * ret_x, bigint_t g, bigint_t,
- unsigned int q_bits);
-int gnutls_calc_dh_key (bigint_t* key, bigint_t f, bigint_t x, bigint_t prime);
+const bigint_t *_gnutls_dh_params_to_mpi(gnutls_dh_params_t);
+int gnutls_calc_dh_secret(bigint_t * ret_y, bigint_t * ret_x, bigint_t g,
+ bigint_t, unsigned int q_bits);
+int gnutls_calc_dh_key(bigint_t * key, bigint_t f, bigint_t x,
+ bigint_t prime);
gnutls_dh_params_t
-_gnutls_get_dh_params (gnutls_dh_params_t dh_params,
- gnutls_params_function * func,
- gnutls_session_t session);
+_gnutls_get_dh_params(gnutls_dh_params_t dh_params,
+ gnutls_params_function * func,
+ gnutls_session_t session);
#endif
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index 328f6ebf62..cb18785f51 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -23,7 +23,7 @@
#include <gnutls_int.h>
#include <gnutls_errors.h>
#include <gnutls_datum.h>
-#include <x509_b64.h> /* for PKCS3 PEM decoding */
+#include <x509_b64.h> /* for PKCS3 PEM decoding */
#include <gnutls_global.h>
#include <gnutls_dh.h>
#include <gnutls_pk.h>
@@ -35,16 +35,14 @@
/* returns the prime and the generator of DH params.
*/
-const bigint_t *
-_gnutls_dh_params_to_mpi (gnutls_dh_params_t dh_primes)
+const bigint_t *_gnutls_dh_params_to_mpi(gnutls_dh_params_t dh_primes)
{
- if (dh_primes == NULL || dh_primes->params[1] == NULL ||
- dh_primes->params[0] == NULL)
- {
- return NULL;
- }
+ if (dh_primes == NULL || dh_primes->params[1] == NULL ||
+ dh_primes->params[0] == NULL) {
+ return NULL;
+ }
- return dh_primes->params;
+ return dh_primes->params;
}
@@ -62,34 +60,32 @@ _gnutls_dh_params_to_mpi (gnutls_dh_params_t dh_primes)
* otherwise a negative error code is returned.
**/
int
-gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
- const gnutls_datum_t * prime,
- const gnutls_datum_t * generator)
+gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params,
+ const gnutls_datum_t * prime,
+ const gnutls_datum_t * generator)
{
- bigint_t tmp_prime, tmp_g;
- size_t siz;
-
- siz = prime->size;
- if (_gnutls_mpi_scan_nz (&tmp_prime, prime->data, siz))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = generator->size;
- if (_gnutls_mpi_scan_nz (&tmp_g, generator->data, siz))
- {
- _gnutls_mpi_release (&tmp_prime);
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- /* store the generated values
- */
- dh_params->params[0] = tmp_prime;
- dh_params->params[1] = tmp_g;
-
- return 0;
+ bigint_t tmp_prime, tmp_g;
+ size_t siz;
+
+ siz = prime->size;
+ if (_gnutls_mpi_scan_nz(&tmp_prime, prime->data, siz)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = generator->size;
+ if (_gnutls_mpi_scan_nz(&tmp_g, generator->data, siz)) {
+ _gnutls_mpi_release(&tmp_prime);
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ /* store the generated values
+ */
+ dh_params->params[0] = tmp_prime;
+ dh_params->params[1] = tmp_g;
+
+ return 0;
}
@@ -102,18 +98,16 @@ gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
-int
-gnutls_dh_params_init (gnutls_dh_params_t * dh_params)
+int gnutls_dh_params_init(gnutls_dh_params_t * dh_params)
{
- (*dh_params) = gnutls_calloc (1, sizeof (dh_params_st));
- if (*dh_params == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ (*dh_params) = gnutls_calloc(1, sizeof(dh_params_st));
+ if (*dh_params == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
@@ -123,16 +117,15 @@ gnutls_dh_params_init (gnutls_dh_params_t * dh_params)
*
* This function will deinitialize the DH parameters structure.
**/
-void
-gnutls_dh_params_deinit (gnutls_dh_params_t dh_params)
+void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params)
{
- if (dh_params == NULL)
- return;
+ if (dh_params == NULL)
+ return;
- _gnutls_mpi_release (&dh_params->params[0]);
- _gnutls_mpi_release (&dh_params->params[1]);
+ _gnutls_mpi_release(&dh_params->params[0]);
+ _gnutls_mpi_release(&dh_params->params[1]);
- gnutls_free (dh_params);
+ gnutls_free(dh_params);
}
@@ -147,20 +140,19 @@ gnutls_dh_params_deinit (gnutls_dh_params_t dh_params)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
-int
-gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src)
+int gnutls_dh_params_cpy(gnutls_dh_params_t dst, gnutls_dh_params_t src)
{
- if (src == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (src == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- dst->params[0] = _gnutls_mpi_copy (src->params[0]);
- dst->params[1] = _gnutls_mpi_copy (src->params[1]);
- dst->q_bits = src->q_bits;
+ dst->params[0] = _gnutls_mpi_copy(src->params[0]);
+ dst->params[1] = _gnutls_mpi_copy(src->params[1]);
+ dst->q_bits = src->q_bits;
- if (dst->params[0] == NULL || dst->params[1] == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (dst->params[0] == NULL || dst->params[1] == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
@@ -184,23 +176,22 @@ gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src)
* otherwise a negative error code is returned.
**/
int
-gnutls_dh_params_generate2 (gnutls_dh_params_t params, unsigned int bits)
+gnutls_dh_params_generate2(gnutls_dh_params_t params, unsigned int bits)
{
- int ret;
- gnutls_group_st group;
-
- ret = _gnutls_mpi_generate_group (&group, bits);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- params->params[0] = group.p;
- params->params[1] = group.g;
- params->q_bits = group.q_bits;
-
- return 0;
+ int ret;
+ gnutls_group_st group;
+
+ ret = _gnutls_mpi_generate_group(&group, bits);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ params->params[0] = group.p;
+ params->params[1] = group.g;
+ params->q_bits = group.q_bits;
+
+ return 0;
}
/**
@@ -219,116 +210,103 @@ gnutls_dh_params_generate2 (gnutls_dh_params_t params, unsigned int bits)
* otherwise a negative error code is returned.
**/
int
-gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
- const gnutls_datum_t * pkcs3_params,
- gnutls_x509_crt_fmt_t format)
+gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
+ const gnutls_datum_t * pkcs3_params,
+ gnutls_x509_crt_fmt_t format)
{
- ASN1_TYPE c2;
- int result, need_free = 0;
- unsigned int q_bits;
- gnutls_datum_t _params;
-
- if (format == GNUTLS_X509_FMT_PEM)
- {
-
- result = _gnutls_fbase64_decode ("DH PARAMETERS",
- pkcs3_params->data,
- pkcs3_params->size, &_params);
-
- if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert ();
- return result;
- }
-
- need_free = 1;
- }
- else
- {
- _params.data = pkcs3_params->data;
- _params.size = pkcs3_params->size;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DHParameter", &c2))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- if (need_free != 0)
- {
- gnutls_free (_params.data);
- _params.data = NULL;
- }
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, _params.data, _params.size, NULL);
-
- if (need_free != 0)
- {
- gnutls_free (_params.data);
- _params.data = NULL;
- }
-
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
-
- _gnutls_debug_log ("DHParams: Decoding error %d\n", result);
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- /* Read q length */
- result = _gnutls_x509_read_uint (c2, "privateValueLength", &q_bits);
- if (result < 0)
- {
- gnutls_assert ();
- params->q_bits = 0;
- }
- else
- params->q_bits = q_bits;
-
- /* Read PRIME
- */
- result = _gnutls_x509_read_int (c2, "prime", &params->params[0]);
- if (result < 0)
- {
- asn1_delete_structure (&c2);
- gnutls_assert ();
- return result;
- }
-
- if (_gnutls_mpi_cmp_ui(params->params[0], 0) == 0)
- {
- asn1_delete_structure (&c2);
- return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- }
-
- /* read the generator
- */
- result = _gnutls_x509_read_int (c2, "base", &params->params[1]);
- if (result < 0)
- {
- asn1_delete_structure (&c2);
- _gnutls_mpi_release (&params->params[0]);
- gnutls_assert ();
- return result;
- }
-
- if (_gnutls_mpi_cmp_ui(params->params[1], 0) == 0)
- {
- asn1_delete_structure (&c2);
- _gnutls_mpi_release (&params->params[0]);
- return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
+ ASN1_TYPE c2;
+ int result, need_free = 0;
+ unsigned int q_bits;
+ gnutls_datum_t _params;
+
+ if (format == GNUTLS_X509_FMT_PEM) {
+
+ result = _gnutls_fbase64_decode("DH PARAMETERS",
+ pkcs3_params->data,
+ pkcs3_params->size,
+ &_params);
+
+ if (result <= 0) {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert();
+ return result;
+ }
+
+ need_free = 1;
+ } else {
+ _params.data = pkcs3_params->data;
+ _params.size = pkcs3_params->size;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ if (need_free != 0) {
+ gnutls_free(_params.data);
+ _params.data = NULL;
+ }
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, _params.data, _params.size, NULL);
+
+ if (need_free != 0) {
+ gnutls_free(_params.data);
+ _params.data = NULL;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+
+ _gnutls_debug_log("DHParams: Decoding error %d\n", result);
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Read q length */
+ result = _gnutls_x509_read_uint(c2, "privateValueLength", &q_bits);
+ if (result < 0) {
+ gnutls_assert();
+ params->q_bits = 0;
+ } else
+ params->q_bits = q_bits;
+
+ /* Read PRIME
+ */
+ result = _gnutls_x509_read_int(c2, "prime", &params->params[0]);
+ if (result < 0) {
+ asn1_delete_structure(&c2);
+ gnutls_assert();
+ return result;
+ }
+
+ if (_gnutls_mpi_cmp_ui(params->params[0], 0) == 0) {
+ asn1_delete_structure(&c2);
+ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+ }
+
+ /* read the generator
+ */
+ result = _gnutls_x509_read_int(c2, "base", &params->params[1]);
+ if (result < 0) {
+ asn1_delete_structure(&c2);
+ _gnutls_mpi_release(&params->params[0]);
+ gnutls_assert();
+ return result;
+ }
+
+ if (_gnutls_mpi_cmp_ui(params->params[1], 0) == 0) {
+ asn1_delete_structure(&c2);
+ _gnutls_mpi_release(&params->params[0]);
+ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
}
/**
@@ -350,36 +328,34 @@ gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
* otherwise a negative error code is returned.
**/
int
-gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
- gnutls_x509_crt_fmt_t format,
- unsigned char *params_data,
- size_t * params_data_size)
+gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size)
{
-gnutls_datum_t out;
-int ret;
-
- ret = gnutls_dh_params_export2_pkcs3( params, format, &out);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (*params_data_size < (unsigned) out.size+1)
- {
- gnutls_assert ();
- gnutls_free (out.data);
- *params_data_size = out.size + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *params_data_size = out.size;
- if (params_data)
- {
- memcpy( params_data, out.data, out.size);
- params_data[out.size] = 0;
- }
-
- gnutls_free(out.data);
-
- return 0;
+ gnutls_datum_t out;
+ int ret;
+
+ ret = gnutls_dh_params_export2_pkcs3(params, format, &out);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (*params_data_size < (unsigned) out.size + 1) {
+ gnutls_assert();
+ gnutls_free(out.data);
+ *params_data_size = out.size + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *params_data_size = out.size;
+ if (params_data) {
+ memcpy(params_data, out.data, out.size);
+ params_data[out.size] = 0;
+ }
+
+ gnutls_free(out.data);
+
+ return 0;
}
/**
@@ -401,116 +377,112 @@ int ret;
* Since: 3.1.3
**/
int
-gnutls_dh_params_export2_pkcs3 (gnutls_dh_params_t params,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out)
+gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out)
{
- ASN1_TYPE c2;
- int result;
- size_t g_size, p_size;
- uint8_t *p_data, *g_data;
- uint8_t *all_data;
-
- _gnutls_mpi_print_lz (params->params[1], NULL, &g_size);
- _gnutls_mpi_print_lz (params->params[0], NULL, &p_size);
-
- all_data = gnutls_malloc (g_size + p_size);
- if (all_data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- p_data = &all_data[0];
- _gnutls_mpi_print_lz (params->params[0], p_data, &p_size);
-
- g_data = &all_data[p_size];
- _gnutls_mpi_print_lz (params->params[1], g_data, &g_size);
-
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DHParameter", &c2))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (all_data);
- return _gnutls_asn2err (result);
- }
-
- /* Write PRIME
- */
- if ((result = asn1_write_value (c2, "prime",
- p_data, p_size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (all_data);
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- if (params->q_bits > 0)
- result = _gnutls_x509_write_uint32 (c2, "privateValueLength", params->q_bits);
- else
- result = asn1_write_value (c2, "privateValueLength", NULL, 0);
-
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (all_data);
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- /* Write the GENERATOR
- */
- if ((result = asn1_write_value (c2, "base",
- g_data, g_size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (all_data);
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- gnutls_free (all_data);
-
-
- if (format == GNUTLS_X509_FMT_DER)
- {
- result = _gnutls_x509_der_encode(c2, "", out, 0);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- return gnutls_assert_val (result);
-
- }
- else
- { /* PEM */
- gnutls_datum_t t;
-
- result = _gnutls_x509_der_encode(c2, "", &t, 0);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- return gnutls_assert_val (result);
-
- result = _gnutls_fbase64_encode("DH PARAMETERS", t.data, t.size, out);
-
- gnutls_free (t.data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- return 0;
+ ASN1_TYPE c2;
+ int result;
+ size_t g_size, p_size;
+ uint8_t *p_data, *g_data;
+ uint8_t *all_data;
+
+ _gnutls_mpi_print_lz(params->params[1], NULL, &g_size);
+ _gnutls_mpi_print_lz(params->params[0], NULL, &p_size);
+
+ all_data = gnutls_malloc(g_size + p_size);
+ if (all_data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p_data = &all_data[0];
+ _gnutls_mpi_print_lz(params->params[0], p_data, &p_size);
+
+ g_data = &all_data[p_size];
+ _gnutls_mpi_print_lz(params->params[1], g_data, &g_size);
+
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value(c2, "prime",
+ p_data, p_size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ if (params->q_bits > 0)
+ result =
+ _gnutls_x509_write_uint32(c2, "privateValueLength",
+ params->q_bits);
+ else
+ result =
+ asn1_write_value(c2, "privateValueLength", NULL, 0);
+
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Write the GENERATOR
+ */
+ if ((result = asn1_write_value(c2, "base",
+ g_data, g_size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ gnutls_free(all_data);
+
+
+ if (format == GNUTLS_X509_FMT_DER) {
+ result = _gnutls_x509_der_encode(c2, "", out, 0);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ } else { /* PEM */
+ gnutls_datum_t t;
+
+ result = _gnutls_x509_der_encode(c2, "", &t, 0);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ result =
+ _gnutls_fbase64_encode("DH PARAMETERS", t.data, t.size,
+ out);
+
+ gnutls_free(t.data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ return 0;
}
/**
@@ -529,36 +501,33 @@ gnutls_dh_params_export2_pkcs3 (gnutls_dh_params_t params,
* otherwise a negative error code is returned.
**/
int
-gnutls_dh_params_export_raw (gnutls_dh_params_t params,
- gnutls_datum_t * prime,
- gnutls_datum_t * generator, unsigned int *bits)
+gnutls_dh_params_export_raw(gnutls_dh_params_t params,
+ gnutls_datum_t * prime,
+ gnutls_datum_t * generator, unsigned int *bits)
{
- int ret;
-
- if (params->params[1] == NULL || params->params[0] == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_mpi_dprint (params->params[1], generator);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint (params->params[0], prime);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (generator);
- return ret;
- }
-
- if (bits)
- *bits = params->q_bits;
-
- return 0;
+ int ret;
+
+ if (params->params[1] == NULL || params->params[0] == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_mpi_dprint(params->params[1], generator);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint(params->params[0], prime);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(generator);
+ return ret;
+ }
+
+ if (bits)
+ *bits = params->q_bits;
+
+ return 0;
}
diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c
index 64bf54a5d6..a8da2f07df 100644
--- a/lib/gnutls_dtls.c
+++ b/lib/gnutls_dtls.c
@@ -37,18 +37,18 @@
#include <gnutls/dtls.h>
#include <algorithms.h>
-void
-_dtls_async_timer_delete (gnutls_session_t session)
+void _dtls_async_timer_delete(gnutls_session_t session)
{
- if (session->internals.dtls.async_term != 0)
- {
- _gnutls_dtls_log ("DTLS[%p]: Deinitializing previous handshake state.\n", session);
- session->internals.dtls.async_term = 0; /* turn off "timer" */
-
- _dtls_reset_hsk_state(session);
- _gnutls_handshake_io_buffer_clear (session);
- _gnutls_epoch_gc(session);
- }
+ if (session->internals.dtls.async_term != 0) {
+ _gnutls_dtls_log
+ ("DTLS[%p]: Deinitializing previous handshake state.\n",
+ session);
+ session->internals.dtls.async_term = 0; /* turn off "timer" */
+
+ _dtls_reset_hsk_state(session);
+ _gnutls_handshake_io_buffer_clear(session);
+ _gnutls_epoch_gc(session);
+ }
}
/* This function fragments and transmits a previously buffered
@@ -56,97 +56,99 @@ _dtls_async_timer_delete (gnutls_session_t session)
* be reused (should be set to NULL initially).
*/
static inline int
-transmit_message (gnutls_session_t session,
- mbuffer_st *bufel, uint8_t **buf)
+transmit_message(gnutls_session_t session,
+ mbuffer_st * bufel, uint8_t ** buf)
{
- uint8_t *data, *mtu_data;
- int ret = 0;
- unsigned int offset, frag_len, data_size;
- const unsigned int mtu = gnutls_dtls_get_data_mtu(session) - DTLS_HANDSHAKE_HEADER_SIZE;
-
- if (bufel->type == GNUTLS_CHANGE_CIPHER_SPEC)
- {
- _gnutls_dtls_log ("DTLS[%p]: Sending Packet[%u] fragment %s(%d)\n",
- session, bufel->handshake_sequence,
- _gnutls_handshake2str (bufel->htype),
- bufel->htype);
-
- return _gnutls_send_int (session, bufel->type, -1,
- bufel->epoch,
- _mbuffer_get_uhead_ptr(bufel),
- _mbuffer_get_uhead_size(bufel), 0);
- }
-
- if (*buf == NULL) *buf = gnutls_malloc(mtu + DTLS_HANDSHAKE_HEADER_SIZE);
- if (*buf == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- mtu_data = *buf;
-
- data = _mbuffer_get_udata_ptr( bufel);
- data_size = _mbuffer_get_udata_size(bufel);
-
- /* Write fixed headers
- */
-
- /* Handshake type */
- mtu_data[0] = (uint8_t) bufel->htype;
-
- /* Total length */
- _gnutls_write_uint24 (data_size, &mtu_data[1]);
-
- /* Handshake sequence */
- _gnutls_write_uint16 (bufel->handshake_sequence, &mtu_data[4]);
-
- /* Chop up and send handshake message into mtu-size pieces. */
- for (offset=0; offset <= data_size; offset += mtu)
- {
- /* Calculate fragment length */
- if(offset + mtu > data_size)
- frag_len = data_size - offset;
- else
- frag_len = mtu;
-
- /* Fragment offset */
- _gnutls_write_uint24 (offset, &mtu_data[6]);
-
- /* Fragment length */
- _gnutls_write_uint24 (frag_len, &mtu_data[9]);
-
- memcpy (&mtu_data[DTLS_HANDSHAKE_HEADER_SIZE], data+offset, frag_len);
-
- _gnutls_dtls_log ("DTLS[%p]: Sending Packet[%u] fragment %s(%d) with "
- "length: %u, offset: %u, fragment length: %u\n",
- session, bufel->handshake_sequence,
- _gnutls_handshake2str (bufel->htype),
- bufel->htype, data_size, offset, frag_len);
-
- ret = _gnutls_send_int (session, bufel->type, bufel->htype,
- bufel->epoch, mtu_data, DTLS_HANDSHAKE_HEADER_SIZE + frag_len, 0);
- if (ret < 0)
- {
- gnutls_assert();
- break;
- }
- }
-
- return ret;
+ uint8_t *data, *mtu_data;
+ int ret = 0;
+ unsigned int offset, frag_len, data_size;
+ const unsigned int mtu =
+ gnutls_dtls_get_data_mtu(session) - DTLS_HANDSHAKE_HEADER_SIZE;
+
+ if (bufel->type == GNUTLS_CHANGE_CIPHER_SPEC) {
+ _gnutls_dtls_log
+ ("DTLS[%p]: Sending Packet[%u] fragment %s(%d)\n",
+ session, bufel->handshake_sequence,
+ _gnutls_handshake2str(bufel->htype), bufel->htype);
+
+ return _gnutls_send_int(session, bufel->type, -1,
+ bufel->epoch,
+ _mbuffer_get_uhead_ptr(bufel),
+ _mbuffer_get_uhead_size(bufel), 0);
+ }
+
+ if (*buf == NULL)
+ *buf = gnutls_malloc(mtu + DTLS_HANDSHAKE_HEADER_SIZE);
+ if (*buf == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ mtu_data = *buf;
+
+ data = _mbuffer_get_udata_ptr(bufel);
+ data_size = _mbuffer_get_udata_size(bufel);
+
+ /* Write fixed headers
+ */
+
+ /* Handshake type */
+ mtu_data[0] = (uint8_t) bufel->htype;
+
+ /* Total length */
+ _gnutls_write_uint24(data_size, &mtu_data[1]);
+
+ /* Handshake sequence */
+ _gnutls_write_uint16(bufel->handshake_sequence, &mtu_data[4]);
+
+ /* Chop up and send handshake message into mtu-size pieces. */
+ for (offset = 0; offset <= data_size; offset += mtu) {
+ /* Calculate fragment length */
+ if (offset + mtu > data_size)
+ frag_len = data_size - offset;
+ else
+ frag_len = mtu;
+
+ /* Fragment offset */
+ _gnutls_write_uint24(offset, &mtu_data[6]);
+
+ /* Fragment length */
+ _gnutls_write_uint24(frag_len, &mtu_data[9]);
+
+ memcpy(&mtu_data[DTLS_HANDSHAKE_HEADER_SIZE],
+ data + offset, frag_len);
+
+ _gnutls_dtls_log
+ ("DTLS[%p]: Sending Packet[%u] fragment %s(%d) with "
+ "length: %u, offset: %u, fragment length: %u\n",
+ session, bufel->handshake_sequence,
+ _gnutls_handshake2str(bufel->htype), bufel->htype,
+ data_size, offset, frag_len);
+
+ ret = _gnutls_send_int(session, bufel->type, bufel->htype,
+ bufel->epoch, mtu_data,
+ DTLS_HANDSHAKE_HEADER_SIZE +
+ frag_len, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ break;
+ }
+ }
+
+ return ret;
}
-static int drop_usage_count(gnutls_session_t session, mbuffer_head_st *const send_buffer)
+static int drop_usage_count(gnutls_session_t session,
+ mbuffer_head_st * const send_buffer)
{
- int ret;
- mbuffer_st *cur;
-
- for (cur = send_buffer->head;
- cur != NULL; cur = cur->next)
- {
- ret = _gnutls_epoch_refcount_dec(session, cur->epoch);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
+ int ret;
+ mbuffer_st *cur;
+
+ for (cur = send_buffer->head; cur != NULL; cur = cur->next) {
+ ret = _gnutls_epoch_refcount_dec(session, cur->epoch);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
- return 0;
+ return 0;
}
@@ -159,28 +161,33 @@ static int drop_usage_count(gnutls_session_t session, mbuffer_head_st *const sen
*/
static int is_next_hpacket_expected(gnutls_session_t session)
{
-int ret;
-
- /* htype is arbitrary */
- ret = _gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE, GNUTLS_HANDSHAKE_FINISHED, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_parse_record_buffered_msgs(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (session->internals.handshake_recv_buffer_size > 0)
- return 0;
- else
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
+ int ret;
+
+ /* htype is arbitrary */
+ ret =
+ _gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE,
+ GNUTLS_HANDSHAKE_FINISHED, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_parse_record_buffered_msgs(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (session->internals.handshake_recv_buffer_size > 0)
+ return 0;
+ else
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
}
void _dtls_reset_hsk_state(gnutls_session_t session)
{
- session->internals.dtls.flight_init = 0;
- drop_usage_count(session, &session->internals.handshake_send_buffer);
- _mbuffer_head_clear(&session->internals.handshake_send_buffer);
+ session->internals.dtls.flight_init = 0;
+ drop_usage_count(session,
+ &session->internals.handshake_send_buffer);
+ _mbuffer_head_clear(&session->internals.handshake_send_buffer);
}
@@ -200,204 +207,205 @@ void _dtls_reset_hsk_state(gnutls_session_t session)
* This function is called from the handshake layer and calls the
* record layer.
*/
-int
-_dtls_transmit (gnutls_session_t session)
+int _dtls_transmit(gnutls_session_t session)
{
-int ret;
-uint8_t* buf = NULL;
-unsigned int timeout;
-
- /* PREPARING -> SENDING state transition */
- mbuffer_head_st *const send_buffer =
- &session->internals.handshake_send_buffer;
- mbuffer_st *cur;
- gnutls_handshake_description_t last_type = 0;
- unsigned int diff;
- struct timespec now;
-
- gettime(&now);
-
- /* If we have already sent a flight and we are operating in a
- * non blocking way, check if it is time to retransmit or just
- * return.
- */
- if (session->internals.dtls.flight_init != 0 && session->internals.dtls.blocking == 0)
- {
- /* just in case previous run was interrupted */
- ret = _gnutls_io_write_flush (session);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if (session->internals.dtls.last_flight == 0 || !_dtls_is_async(session))
- {
- /* check for ACK */
- ret = _gnutls_io_check_recv(session, 0);
- if (ret == GNUTLS_E_TIMEDOUT)
- {
- /* if no retransmission is required yet just return
- */
- if (timespec_sub_ms(&now, &session->internals.dtls.last_retransmit) < TIMER_WINDOW)
- {
- gnutls_assert();
- goto nb_timeout;
- }
- }
- else /* received something */
- {
- if (ret == 0)
- {
- ret = is_next_hpacket_expected(session);
- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
- goto nb_timeout;
- if (ret < 0 && ret != GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
- {
- gnutls_assert();
- goto cleanup;
- }
- if (ret == 0) goto end_flight;
- /* if ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET retransmit */
- }
- else
- goto nb_timeout;
- }
- }
- }
-
- do
- {
- timeout = TIMER_WINDOW;
-
- diff = timespec_sub_ms(&now, &session->internals.dtls.handshake_start_time);
- if (diff >= session->internals.dtls.total_timeout_ms)
- {
- _gnutls_dtls_log("Session timeout: %u ms\n", diff);
- ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
- goto end_flight;
- }
-
- diff = timespec_sub_ms(&now, &session->internals.dtls.last_retransmit);
- if (session->internals.dtls.flight_init == 0 || diff >= TIMER_WINDOW)
- {
- _gnutls_dtls_log ("DTLS[%p]: %sStart of flight transmission.\n", session, (session->internals.dtls.flight_init == 0)?"":"re-");
- for (cur = send_buffer->head;
- cur != NULL; cur = cur->next)
- {
- ret = transmit_message (session, cur, &buf);
- if (ret < 0)
- {
- gnutls_assert();
- goto end_flight;
- }
-
- last_type = cur->htype;
- }
- gettime(&session->internals.dtls.last_retransmit);
-
- if (session->internals.dtls.flight_init == 0)
- {
- session->internals.dtls.flight_init = 1;
- RESET_TIMER;
- timeout = TIMER_WINDOW;
-
- if (last_type == GNUTLS_HANDSHAKE_FINISHED)
- {
- /* On the last flight we cannot ensure retransmission
- * from here. _dtls_wait_and_retransmit() is being called
- * by handshake.
- */
- session->internals.dtls.last_flight = 1;
- }
- else
- session->internals.dtls.last_flight = 0;
- }
- else
- {
- UPDATE_TIMER;
- }
- }
-
- ret = _gnutls_io_write_flush (session);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- /* last message in handshake -> no ack */
- if (session->internals.dtls.last_flight != 0)
- {
- /* we don't wait here. We just return 0 and
- * if a retransmission occurs because peer didn't receive it
- * we rely on the record or handshake
- * layer calling this function again.
- */
- ret = 0;
- goto cleanup;
- }
- else /* all other messages -> implicit ack (receive of next flight) */
- {
- if (session->internals.dtls.blocking != 0)
- ret = _gnutls_io_check_recv(session, timeout);
- else
- {
- ret = _gnutls_io_check_recv(session, 0);
- if (ret == GNUTLS_E_TIMEDOUT)
- {
- goto nb_timeout;
- }
- }
-
- if (ret == 0)
- {
- ret = is_next_hpacket_expected(session);
- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
- goto nb_timeout;
-
- if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
- {
- ret = GNUTLS_E_TIMEDOUT;
- goto keep_up;
- }
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- goto end_flight;
- }
- }
-
-keep_up:
- gettime(&now);
- } while(ret == GNUTLS_E_TIMEDOUT);
-
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto end_flight;
- }
-
- ret = 0;
-
-end_flight:
- _gnutls_dtls_log ("DTLS[%p]: End of flight transmission.\n", session);
- _dtls_reset_hsk_state(session);
-
-cleanup:
- if (buf != NULL)
- gnutls_free(buf);
-
- /* SENDING -> WAITING state transition */
- return ret;
-
-nb_timeout:
- if (buf != NULL)
- gnutls_free(buf);
-
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret);
+ int ret;
+ uint8_t *buf = NULL;
+ unsigned int timeout;
+
+ /* PREPARING -> SENDING state transition */
+ mbuffer_head_st *const send_buffer =
+ &session->internals.handshake_send_buffer;
+ mbuffer_st *cur;
+ gnutls_handshake_description_t last_type = 0;
+ unsigned int diff;
+ struct timespec now;
+
+ gettime(&now);
+
+ /* If we have already sent a flight and we are operating in a
+ * non blocking way, check if it is time to retransmit or just
+ * return.
+ */
+ if (session->internals.dtls.flight_init != 0
+ && session->internals.dtls.blocking == 0) {
+ /* just in case previous run was interrupted */
+ ret = _gnutls_io_write_flush(session);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (session->internals.dtls.last_flight == 0
+ || !_dtls_is_async(session)) {
+ /* check for ACK */
+ ret = _gnutls_io_check_recv(session, 0);
+ if (ret == GNUTLS_E_TIMEDOUT) {
+ /* if no retransmission is required yet just return
+ */
+ if (timespec_sub_ms
+ (&now,
+ &session->internals.dtls.
+ last_retransmit) < TIMER_WINDOW) {
+ gnutls_assert();
+ goto nb_timeout;
+ }
+ } else { /* received something */
+
+ if (ret == 0) {
+ ret =
+ is_next_hpacket_expected
+ (session);
+ if (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED)
+ goto nb_timeout;
+ if (ret < 0
+ && ret !=
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+ if (ret == 0)
+ goto end_flight;
+ /* if ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET retransmit */
+ } else
+ goto nb_timeout;
+ }
+ }
+ }
+
+ do {
+ timeout = TIMER_WINDOW;
+
+ diff =
+ timespec_sub_ms(&now,
+ &session->internals.dtls.
+ handshake_start_time);
+ if (diff >= session->internals.dtls.total_timeout_ms) {
+ _gnutls_dtls_log("Session timeout: %u ms\n", diff);
+ ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT);
+ goto end_flight;
+ }
+
+ diff =
+ timespec_sub_ms(&now,
+ &session->internals.dtls.
+ last_retransmit);
+ if (session->internals.dtls.flight_init == 0
+ || diff >= TIMER_WINDOW) {
+ _gnutls_dtls_log
+ ("DTLS[%p]: %sStart of flight transmission.\n",
+ session,
+ (session->internals.dtls.flight_init ==
+ 0) ? "" : "re-");
+ for (cur = send_buffer->head; cur != NULL;
+ cur = cur->next) {
+ ret = transmit_message(session, cur, &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ goto end_flight;
+ }
+
+ last_type = cur->htype;
+ }
+ gettime(&session->internals.dtls.last_retransmit);
+
+ if (session->internals.dtls.flight_init == 0) {
+ session->internals.dtls.flight_init = 1;
+ RESET_TIMER;
+ timeout = TIMER_WINDOW;
+
+ if (last_type == GNUTLS_HANDSHAKE_FINISHED) {
+ /* On the last flight we cannot ensure retransmission
+ * from here. _dtls_wait_and_retransmit() is being called
+ * by handshake.
+ */
+ session->internals.dtls.
+ last_flight = 1;
+ } else
+ session->internals.dtls.
+ last_flight = 0;
+ } else {
+ UPDATE_TIMER;
+ }
+ }
+
+ ret = _gnutls_io_write_flush(session);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ /* last message in handshake -> no ack */
+ if (session->internals.dtls.last_flight != 0) {
+ /* we don't wait here. We just return 0 and
+ * if a retransmission occurs because peer didn't receive it
+ * we rely on the record or handshake
+ * layer calling this function again.
+ */
+ ret = 0;
+ goto cleanup;
+ } else { /* all other messages -> implicit ack (receive of next flight) */
+
+ if (session->internals.dtls.blocking != 0)
+ ret =
+ _gnutls_io_check_recv(session,
+ timeout);
+ else {
+ ret = _gnutls_io_check_recv(session, 0);
+ if (ret == GNUTLS_E_TIMEDOUT) {
+ goto nb_timeout;
+ }
+ }
+
+ if (ret == 0) {
+ ret = is_next_hpacket_expected(session);
+ if (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED)
+ goto nb_timeout;
+
+ if (ret ==
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET) {
+ ret = GNUTLS_E_TIMEDOUT;
+ goto keep_up;
+ }
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ goto end_flight;
+ }
+ }
+
+ keep_up:
+ gettime(&now);
+ } while (ret == GNUTLS_E_TIMEDOUT);
+
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto end_flight;
+ }
+
+ ret = 0;
+
+ end_flight:
+ _gnutls_dtls_log("DTLS[%p]: End of flight transmission.\n",
+ session);
+ _dtls_reset_hsk_state(session);
+
+ cleanup:
+ if (buf != NULL)
+ gnutls_free(buf);
+
+ /* SENDING -> WAITING state transition */
+ return ret;
+
+ nb_timeout:
+ if (buf != NULL)
+ gnutls_free(buf);
+
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret);
}
/* Waits for the last flight or retransmits
@@ -405,48 +413,45 @@ nb_timeout:
*/
int _dtls_wait_and_retransmit(gnutls_session_t session)
{
-int ret;
-
- if (session->internals.dtls.blocking != 0)
- ret = _gnutls_io_check_recv(session, TIMER_WINDOW);
- else
- ret = _gnutls_io_check_recv(session, 0);
-
- if (ret == GNUTLS_E_TIMEDOUT)
- {
- ret = _dtls_retransmit(session);
- if (ret == 0)
- {
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
- }
- else
- return gnutls_assert_val(ret);
- }
+ int ret;
- RESET_TIMER;
- return 0;
+ if (session->internals.dtls.blocking != 0)
+ ret = _gnutls_io_check_recv(session, TIMER_WINDOW);
+ else
+ ret = _gnutls_io_check_recv(session, 0);
+
+ if (ret == GNUTLS_E_TIMEDOUT) {
+ ret = _dtls_retransmit(session);
+ if (ret == 0) {
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
+ } else
+ return gnutls_assert_val(ret);
+ }
+
+ RESET_TIMER;
+ return 0;
}
#define window_table rp->record_sw
#define window_size rp->record_sw_size
#define window_head_idx rp->record_sw_head_idx
-static void slide_window(struct record_parameters_st * rp, unsigned int places)
+static void slide_window(struct record_parameters_st *rp,
+ unsigned int places)
{
-unsigned int old_head = window_head_idx;
-
- if (places < window_size)
- {
- window_head_idx += places;
- window_head_idx %= DTLS_RECORD_WINDOW_SIZE;
-
- window_table[window_head_idx] = window_table[old_head] + places;
- }
- else
- {
- unsigned int last_idx = (window_head_idx + window_size - 1) % window_size;
- window_table[window_head_idx] = window_table[last_idx];
- }
+ unsigned int old_head = window_head_idx;
+
+ if (places < window_size) {
+ window_head_idx += places;
+ window_head_idx %= DTLS_RECORD_WINDOW_SIZE;
+
+ window_table[window_head_idx] =
+ window_table[old_head] + places;
+ } else {
+ unsigned int last_idx =
+ (window_head_idx + window_size - 1) % window_size;
+ window_table[window_head_idx] = window_table[last_idx];
+ }
}
/* Checks if a sequence number is not replayed. If replayed
@@ -454,83 +459,71 @@ unsigned int old_head = window_head_idx;
*/
int _dtls_record_check(struct record_parameters_st *rp, uint64 * _seq)
{
-uint64_t seq = 0, diff;
-unsigned int i, offset = 0;
-unsigned int last_idx;
-
- for (i=2;i<8;i++)
- {
- seq <<= 8;
- seq |= _seq->i[i] & 0xff;
- }
-
- /* only two values allowed in window_size */
- if (window_size == 0)
- {
- window_size = 1;
- window_head_idx = 0;
- last_idx = window_size - 1;
- window_table[last_idx] = window_table[window_head_idx] = seq;
- return 0;
- }
-
- last_idx = (window_head_idx + window_size - 1) % window_size;
-
- if (seq <= window_table[window_head_idx])
- {
- return -1;
- }
-
- if (seq <= window_table[last_idx])
- {
- /* is between first and last */
- diff = window_table[last_idx] - seq;
-
- if (diff >= window_size)
- {
- return -1;
- }
-
- if (diff > last_idx)
- {
- diff = diff - last_idx;
- offset = window_size - 1 - diff;
- }
- else
- offset = last_idx - diff;
-
- if (window_table[offset] == seq)
- {
- return -1;
- }
- else
- window_table[offset] = seq;
- }
- else /* seq > last */
- {
- diff = seq - window_table[last_idx];
-
- if (window_size + diff <= DTLS_RECORD_WINDOW_SIZE)
- {
- window_size += diff;
- }
- else
- {
- if (window_size < DTLS_RECORD_WINDOW_SIZE)
- {
- offset = DTLS_RECORD_WINDOW_SIZE-window_size;
- window_size = DTLS_RECORD_WINDOW_SIZE;
- diff -= offset;
- }
-
- /* diff > 0 */
- slide_window(rp, diff);
- }
-
- offset = (window_head_idx + window_size - 1) % window_size;
- window_table[offset] = seq;
- }
- return 0;
+ uint64_t seq = 0, diff;
+ unsigned int i, offset = 0;
+ unsigned int last_idx;
+
+ for (i = 2; i < 8; i++) {
+ seq <<= 8;
+ seq |= _seq->i[i] & 0xff;
+ }
+
+ /* only two values allowed in window_size */
+ if (window_size == 0) {
+ window_size = 1;
+ window_head_idx = 0;
+ last_idx = window_size - 1;
+ window_table[last_idx] = window_table[window_head_idx] =
+ seq;
+ return 0;
+ }
+
+ last_idx = (window_head_idx + window_size - 1) % window_size;
+
+ if (seq <= window_table[window_head_idx]) {
+ return -1;
+ }
+
+ if (seq <= window_table[last_idx]) {
+ /* is between first and last */
+ diff = window_table[last_idx] - seq;
+
+ if (diff >= window_size) {
+ return -1;
+ }
+
+ if (diff > last_idx) {
+ diff = diff - last_idx;
+ offset = window_size - 1 - diff;
+ } else
+ offset = last_idx - diff;
+
+ if (window_table[offset] == seq) {
+ return -1;
+ } else
+ window_table[offset] = seq;
+ } else { /* seq > last */
+
+ diff = seq - window_table[last_idx];
+
+ if (window_size + diff <= DTLS_RECORD_WINDOW_SIZE) {
+ window_size += diff;
+ } else {
+ if (window_size < DTLS_RECORD_WINDOW_SIZE) {
+ offset =
+ DTLS_RECORD_WINDOW_SIZE - window_size;
+ window_size = DTLS_RECORD_WINDOW_SIZE;
+ diff -= offset;
+ }
+
+ /* diff > 0 */
+ slide_window(rp, diff);
+ }
+
+ offset = (window_head_idx + window_size - 1) % window_size;
+ window_table[offset] = seq;
+ }
+ return 0;
}
@@ -556,11 +549,12 @@ unsigned int last_idx;
*
* Since: 3.0
**/
-void gnutls_dtls_set_timeouts (gnutls_session_t session, unsigned int retrans_timeout,
- unsigned int total_timeout)
+void gnutls_dtls_set_timeouts(gnutls_session_t session,
+ unsigned int retrans_timeout,
+ unsigned int total_timeout)
{
- session->internals.dtls.retrans_timeout_ms = retrans_timeout;
- session->internals.dtls.total_timeout_ms = total_timeout;
+ session->internals.dtls.retrans_timeout_ms = retrans_timeout;
+ session->internals.dtls.total_timeout_ms = total_timeout;
}
/**
@@ -576,51 +570,48 @@ void gnutls_dtls_set_timeouts (gnutls_session_t session, unsigned int retrans_ti
*
* Since: 3.0
**/
-void gnutls_dtls_set_mtu (gnutls_session_t session, unsigned int mtu)
+void gnutls_dtls_set_mtu(gnutls_session_t session, unsigned int mtu)
{
- session->internals.dtls.mtu = MIN(mtu, DEFAULT_MAX_RECORD_SIZE);
+ session->internals.dtls.mtu = MIN(mtu, DEFAULT_MAX_RECORD_SIZE);
}
-static int record_overhead(const cipher_entry_st* cipher, const mac_entry_st* mac,
- gnutls_compression_method_t comp,
- unsigned new_padding)
+static int record_overhead(const cipher_entry_st * cipher,
+ const mac_entry_st * mac,
+ gnutls_compression_method_t comp,
+ unsigned new_padding)
{
-int total = 0;
-int t, ret;
-
- if (_gnutls_cipher_is_block (cipher) == CIPHER_BLOCK)
- {
- t = _gnutls_cipher_get_implicit_iv_size(cipher);
- total += t;
-
- /* padding */
- t = _gnutls_cipher_get_block_size(cipher);
- if (new_padding == 0)
- total += t;
- }
+ int total = 0;
+ int t, ret;
- if (mac->id == GNUTLS_MAC_AEAD)
- {
- total += AEAD_EXPLICIT_DATA_SIZE;
- total += _gnutls_cipher_get_tag_size(cipher);
- }
- else
- {
- ret = _gnutls_mac_get_algo_len(mac);
- if (unlikely(ret < 0))
- return 0;
+ if (_gnutls_cipher_is_block(cipher) == CIPHER_BLOCK) {
+ t = _gnutls_cipher_get_implicit_iv_size(cipher);
+ total += t;
- total+=ret;
- }
+ /* padding */
+ t = _gnutls_cipher_get_block_size(cipher);
+ if (new_padding == 0)
+ total += t;
+ }
- if (new_padding != 0)
- total += 2;
+ if (mac->id == GNUTLS_MAC_AEAD) {
+ total += AEAD_EXPLICIT_DATA_SIZE;
+ total += _gnutls_cipher_get_tag_size(cipher);
+ } else {
+ ret = _gnutls_mac_get_algo_len(mac);
+ if (unlikely(ret < 0))
+ return 0;
- if (comp != GNUTLS_COMP_NULL)
- total += EXTRA_COMP_SIZE;
+ total += ret;
+ }
- return total;
-}
+ if (new_padding != 0)
+ total += 2;
+
+ if (comp != GNUTLS_COMP_NULL)
+ total += EXTRA_COMP_SIZE;
+
+ return total;
+}
/**
* gnutls_est_record_overhead_size:
@@ -640,14 +631,16 @@ int t, ret;
*
* Since: 3.2.2
**/
-size_t gnutls_est_record_overhead_size (gnutls_protocol_t version, gnutls_cipher_algorithm_t cipher,
- gnutls_mac_algorithm_t mac, gnutls_compression_method_t comp,
- unsigned int flags)
+size_t gnutls_est_record_overhead_size(gnutls_protocol_t version,
+ gnutls_cipher_algorithm_t cipher,
+ gnutls_mac_algorithm_t mac,
+ gnutls_compression_method_t comp,
+ unsigned int flags)
{
-const cipher_entry_st *c;
-const mac_entry_st *m;
-const version_entry_st* v;
-size_t total = 0;
+ const cipher_entry_st *c;
+ const mac_entry_st *m;
+ const version_entry_st *v;
+ size_t total = 0;
c = cipher_to_entry(cipher);
if (c == NULL)
@@ -656,18 +649,18 @@ size_t total = 0;
m = mac_to_entry(mac);
if (m == NULL)
return 0;
-
+
v = version_to_entry(version);
if (v == NULL)
return 0;
-
+
if (v->transport == GNUTLS_STREAM)
total = TLS_RECORD_HEADER_SIZE;
else
total = DTLS_RECORD_HEADER_SIZE;
-
+
total += record_overhead(c, m, comp, 0);
-
+
return total;
}
@@ -682,19 +675,21 @@ size_t total = 0;
*/
static int record_overhead_rt(gnutls_session_t session)
{
-record_parameters_st *params;
-int ret;
+ record_parameters_st *params;
+ int ret;
- if (session->internals.initial_negotiation_completed == 0)
- return GNUTLS_E_INVALID_REQUEST;
+ if (session->internals.initial_negotiation_completed == 0)
+ return GNUTLS_E_INVALID_REQUEST;
- ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &params);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT, &params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- /* requires padding */
- return record_overhead(params->cipher, params->mac, params->compression_algorithm,
- session->security_parameters.new_record_padding);
+ /* requires padding */
+ return record_overhead(params->cipher, params->mac,
+ params->compression_algorithm,
+ session->security_parameters.
+ new_record_padding);
}
/**
@@ -706,16 +701,16 @@ int ret;
*
* Since: 3.2.2
**/
-size_t gnutls_record_overhead_size (gnutls_session_t session)
+size_t gnutls_record_overhead_size(gnutls_session_t session)
{
-const version_entry_st* v = get_version(session);
-size_t total;
+ const version_entry_st *v = get_version(session);
+ size_t total;
if (v->transport == GNUTLS_STREAM)
total = TLS_RECORD_HEADER_SIZE;
else
total = DTLS_RECORD_HEADER_SIZE;
-
+
total += record_overhead_rt(session);
return total;
@@ -735,18 +730,18 @@ size_t total;
*
* Since: 3.0
**/
-unsigned int gnutls_dtls_get_data_mtu (gnutls_session_t session)
+unsigned int gnutls_dtls_get_data_mtu(gnutls_session_t session)
{
-int mtu = session->internals.dtls.mtu;
-int overhead;
-
- mtu -= RECORD_HEADER_SIZE(session);
+ int mtu = session->internals.dtls.mtu;
+ int overhead;
+
+ mtu -= RECORD_HEADER_SIZE(session);
- overhead = record_overhead_rt(session);
- if (overhead < 0)
- return mtu;
+ overhead = record_overhead_rt(session);
+ if (overhead < 0)
+ return mtu;
- return mtu - overhead;
+ return mtu - overhead;
}
/**
@@ -769,22 +764,22 @@ int overhead;
*
* Since: 3.1
**/
-int gnutls_dtls_set_data_mtu (gnutls_session_t session, unsigned int mtu)
+int gnutls_dtls_set_data_mtu(gnutls_session_t session, unsigned int mtu)
{
- int overhead = record_overhead_rt(session);
+ int overhead = record_overhead_rt(session);
- /* You can't call this until the session is actually running */
- if (overhead < 0)
- return GNUTLS_E_INVALID_SESSION;
+ /* You can't call this until the session is actually running */
+ if (overhead < 0)
+ return GNUTLS_E_INVALID_SESSION;
- /* Add the overhead inside the encrypted part */
- mtu += overhead;
+ /* Add the overhead inside the encrypted part */
+ mtu += overhead;
- /* Add the *unencrypted header size */
- mtu += RECORD_HEADER_SIZE(session);
+ /* Add the *unencrypted header size */
+ mtu += RECORD_HEADER_SIZE(session);
- gnutls_dtls_set_mtu(session, mtu);
- return GNUTLS_E_SUCCESS;
+ gnutls_dtls_set_mtu(session, mtu);
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -800,9 +795,9 @@ int gnutls_dtls_set_data_mtu (gnutls_session_t session, unsigned int mtu)
*
* Since: 3.0
**/
-unsigned int gnutls_dtls_get_mtu (gnutls_session_t session)
+unsigned int gnutls_dtls_get_mtu(gnutls_session_t session)
{
- return session->internals.dtls.mtu;
+ return session->internals.dtls.mtu;
}
/**
@@ -819,18 +814,20 @@ unsigned int gnutls_dtls_get_mtu (gnutls_session_t session)
*
* Since: 3.0
**/
-unsigned int gnutls_dtls_get_timeout (gnutls_session_t session)
+unsigned int gnutls_dtls_get_timeout(gnutls_session_t session)
{
-struct timespec now;
-unsigned int diff;
-
- gettime(&now);
-
- diff = timespec_sub_ms(&now, &session->internals.dtls.last_retransmit);
- if (diff >= TIMER_WINDOW)
- return 0;
- else
- return TIMER_WINDOW - diff;
+ struct timespec now;
+ unsigned int diff;
+
+ gettime(&now);
+
+ diff =
+ timespec_sub_ms(&now,
+ &session->internals.dtls.last_retransmit);
+ if (diff >= TIMER_WINDOW)
+ return 0;
+ else
+ return TIMER_WINDOW - diff;
}
#define COOKIE_SIZE 16
@@ -869,16 +866,18 @@ unsigned int diff;
*
* Since: 3.0
**/
-int gnutls_dtls_cookie_send(gnutls_datum_t* key, void* client_data, size_t client_data_size,
- gnutls_dtls_prestate_st* prestate,
- gnutls_transport_ptr_t ptr, gnutls_push_func push_func)
+int gnutls_dtls_cookie_send(gnutls_datum_t * key, void *client_data,
+ size_t client_data_size,
+ gnutls_dtls_prestate_st * prestate,
+ gnutls_transport_ptr_t ptr,
+ gnutls_push_func push_func)
{
-uint8_t hvr[20+DTLS_HANDSHAKE_HEADER_SIZE+COOKIE_SIZE];
-int hvr_size = 0, ret;
-uint8_t digest[C_HASH_SIZE];
+ uint8_t hvr[20 + DTLS_HANDSHAKE_HEADER_SIZE + COOKIE_SIZE];
+ int hvr_size = 0, ret;
+ uint8_t digest[C_HASH_SIZE];
- if (key == NULL || key->data == NULL || key->size == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (key == NULL || key->data == NULL || key->size == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
/* send
* struct {
@@ -903,54 +902,57 @@ uint8_t digest[C_HASH_SIZE];
* ProtocolVersion server_version;
* uint8_t cookie<0..32>;
* } HelloVerifyRequest;
- */
-
- hvr[hvr_size++] = GNUTLS_HANDSHAKE;
- /* version */
- hvr[hvr_size++] = 254;
- hvr[hvr_size++] = 255;
-
- /* epoch + seq */
- memset(&hvr[hvr_size], 0, 8);
- hvr_size += 7;
- hvr[hvr_size++] = prestate->record_seq;
-
- /* length */
- _gnutls_write_uint16(DTLS_HANDSHAKE_HEADER_SIZE+COOKIE_SIZE+3, &hvr[hvr_size]);
- hvr_size += 2;
-
- /* now handshake headers */
- hvr[hvr_size++] = GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST;
- _gnutls_write_uint24(COOKIE_SIZE+3, &hvr[hvr_size]);
- hvr_size += 3;
-
- /* handshake seq */
- hvr[hvr_size++] = 0;
- hvr[hvr_size++] = prestate->hsk_write_seq;
-
- _gnutls_write_uint24(0, &hvr[hvr_size]);
- hvr_size += 3;
-
- _gnutls_write_uint24(COOKIE_SIZE+3, &hvr[hvr_size]);
- hvr_size += 3;
-
- /* version */
- hvr[hvr_size++] = 254;
- hvr[hvr_size++] = 255;
- hvr[hvr_size++] = COOKIE_SIZE;
-
- ret = _gnutls_mac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- memcpy(&hvr[hvr_size], digest, COOKIE_MAC_SIZE);
- hvr_size+= COOKIE_MAC_SIZE;
-
- ret = push_func(ptr, hvr, hvr_size);
- if (ret < 0)
- ret = GNUTLS_E_PUSH_ERROR;
-
- return ret;
+ */
+
+ hvr[hvr_size++] = GNUTLS_HANDSHAKE;
+ /* version */
+ hvr[hvr_size++] = 254;
+ hvr[hvr_size++] = 255;
+
+ /* epoch + seq */
+ memset(&hvr[hvr_size], 0, 8);
+ hvr_size += 7;
+ hvr[hvr_size++] = prestate->record_seq;
+
+ /* length */
+ _gnutls_write_uint16(DTLS_HANDSHAKE_HEADER_SIZE + COOKIE_SIZE + 3,
+ &hvr[hvr_size]);
+ hvr_size += 2;
+
+ /* now handshake headers */
+ hvr[hvr_size++] = GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST;
+ _gnutls_write_uint24(COOKIE_SIZE + 3, &hvr[hvr_size]);
+ hvr_size += 3;
+
+ /* handshake seq */
+ hvr[hvr_size++] = 0;
+ hvr[hvr_size++] = prestate->hsk_write_seq;
+
+ _gnutls_write_uint24(0, &hvr[hvr_size]);
+ hvr_size += 3;
+
+ _gnutls_write_uint24(COOKIE_SIZE + 3, &hvr[hvr_size]);
+ hvr_size += 3;
+
+ /* version */
+ hvr[hvr_size++] = 254;
+ hvr[hvr_size++] = 255;
+ hvr[hvr_size++] = COOKIE_SIZE;
+
+ ret =
+ _gnutls_mac_fast(C_HASH, key->data, key->size, client_data,
+ client_data_size, digest);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ memcpy(&hvr[hvr_size], digest, COOKIE_MAC_SIZE);
+ hvr_size += COOKIE_MAC_SIZE;
+
+ ret = push_func(ptr, hvr, hvr_size);
+ if (ret < 0)
+ ret = GNUTLS_E_PUSH_ERROR;
+
+ return ret;
}
/**
@@ -973,61 +975,69 @@ uint8_t digest[C_HASH_SIZE];
*
* Since: 3.0
**/
-int gnutls_dtls_cookie_verify(gnutls_datum_t* key,
- void* client_data, size_t client_data_size,
- void* _msg, size_t msg_size, gnutls_dtls_prestate_st* prestate)
+int gnutls_dtls_cookie_verify(gnutls_datum_t * key,
+ void *client_data, size_t client_data_size,
+ void *_msg, size_t msg_size,
+ gnutls_dtls_prestate_st * prestate)
{
-gnutls_datum_t cookie;
-int ret;
-unsigned int pos, sid_size;
-uint8_t * msg = _msg;
-uint8_t digest[C_HASH_SIZE];
-
- if (key == NULL || key->data == NULL || key->size == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* format:
- * version - 2 bytes
- * random - 32 bytes
- * session_id - 1 byte length + content
- * cookie - 1 byte length + content
- */
-
- pos = 34+DTLS_RECORD_HEADER_SIZE+DTLS_HANDSHAKE_HEADER_SIZE;
-
- if (msg_size < pos+1)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- sid_size = msg[pos++];
-
- if (sid_size > 32 || msg_size < pos+sid_size+1)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- pos += sid_size;
- cookie.size = msg[pos++];
-
- if (msg_size < pos+cookie.size+1)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- cookie.data = &msg[pos];
- if (cookie.size != COOKIE_SIZE)
- {
- if (cookie.size > 0) _gnutls_audit_log(NULL, "Received cookie with illegal size %d. Expected %d\n", (int)cookie.size, COOKIE_SIZE);
- return gnutls_assert_val(GNUTLS_E_BAD_COOKIE);
- }
-
- ret = _gnutls_mac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (memcmp(digest, cookie.data, COOKIE_MAC_SIZE) != 0)
- return gnutls_assert_val(GNUTLS_E_BAD_COOKIE);
-
- prestate->record_seq = msg[10]; /* client's record seq */
- prestate->hsk_read_seq = msg[DTLS_RECORD_HEADER_SIZE+5]; /* client's hsk seq */
- prestate->hsk_write_seq = 0;/* we always send zero for this msg */
-
- return 0;
+ gnutls_datum_t cookie;
+ int ret;
+ unsigned int pos, sid_size;
+ uint8_t *msg = _msg;
+ uint8_t digest[C_HASH_SIZE];
+
+ if (key == NULL || key->data == NULL || key->size == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* format:
+ * version - 2 bytes
+ * random - 32 bytes
+ * session_id - 1 byte length + content
+ * cookie - 1 byte length + content
+ */
+
+ pos = 34 + DTLS_RECORD_HEADER_SIZE + DTLS_HANDSHAKE_HEADER_SIZE;
+
+ if (msg_size < pos + 1)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ sid_size = msg[pos++];
+
+ if (sid_size > 32 || msg_size < pos + sid_size + 1)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ pos += sid_size;
+ cookie.size = msg[pos++];
+
+ if (msg_size < pos + cookie.size + 1)
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ cookie.data = &msg[pos];
+ if (cookie.size != COOKIE_SIZE) {
+ if (cookie.size > 0)
+ _gnutls_audit_log(NULL,
+ "Received cookie with illegal size %d. Expected %d\n",
+ (int) cookie.size, COOKIE_SIZE);
+ return gnutls_assert_val(GNUTLS_E_BAD_COOKIE);
+ }
+
+ ret =
+ _gnutls_mac_fast(C_HASH, key->data, key->size, client_data,
+ client_data_size, digest);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (memcmp(digest, cookie.data, COOKIE_MAC_SIZE) != 0)
+ return gnutls_assert_val(GNUTLS_E_BAD_COOKIE);
+
+ prestate->record_seq = msg[10]; /* client's record seq */
+ prestate->hsk_read_seq = msg[DTLS_RECORD_HEADER_SIZE + 5]; /* client's hsk seq */
+ prestate->hsk_write_seq = 0; /* we always send zero for this msg */
+
+ return 0;
}
/**
@@ -1044,25 +1054,27 @@ uint8_t digest[C_HASH_SIZE];
*
* Since: 3.0
**/
-void gnutls_dtls_prestate_set(gnutls_session_t session, gnutls_dtls_prestate_st* prestate)
+void gnutls_dtls_prestate_set(gnutls_session_t session,
+ gnutls_dtls_prestate_st * prestate)
{
- record_parameters_st *params;
- int ret;
+ record_parameters_st *params;
+ int ret;
- if (prestate == NULL)
- return;
+ if (prestate == NULL)
+ return;
- /* we do not care about read_params, since we accept anything
- * the peer sends.
- */
- ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &params);
- if (ret < 0)
- return;
+ /* we do not care about read_params, since we accept anything
+ * the peer sends.
+ */
+ ret = _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT, &params);
+ if (ret < 0)
+ return;
- params->write.sequence_number.i[7] = prestate->record_seq;
+ params->write.sequence_number.i[7] = prestate->record_seq;
- session->internals.dtls.hsk_read_seq = prestate->hsk_read_seq;
- session->internals.dtls.hsk_write_seq = prestate->hsk_write_seq + 1;
+ session->internals.dtls.hsk_read_seq = prestate->hsk_read_seq;
+ session->internals.dtls.hsk_write_seq =
+ prestate->hsk_write_seq + 1;
}
/**
@@ -1076,7 +1088,7 @@ void gnutls_dtls_prestate_set(gnutls_session_t session, gnutls_dtls_prestate_st*
*
* Since: 3.0
**/
-unsigned int gnutls_record_get_discarded (gnutls_session_t session)
+unsigned int gnutls_record_get_discarded(gnutls_session_t session)
{
- return session->internals.dtls.packets_dropped;
+ return session->internals.dtls.packets_dropped;
}
diff --git a/lib/gnutls_dtls.h b/lib/gnutls_dtls.h
index 443c982d38..1f4ca848bb 100644
--- a/lib/gnutls_dtls.h
+++ b/lib/gnutls_dtls.h
@@ -21,7 +21,7 @@
*/
#ifndef DTLS_H
-# define DTLS_H
+#define DTLS_H
#include <config.h>
#include <gnutls_int.h>
@@ -66,27 +66,29 @@ int _dtls_wait_and_retransmit(gnutls_session_t session);
*/
inline static int _dtls_is_async(gnutls_session_t session)
{
- if ((session->security_parameters.entity == GNUTLS_SERVER && session->internals.resumed == RESUME_FALSE) ||
- (session->security_parameters.entity == GNUTLS_CLIENT && session->internals.resumed == RESUME_TRUE))
- return 1;
- else
- return 0;
+ if ((session->security_parameters.entity == GNUTLS_SERVER
+ && session->internals.resumed == RESUME_FALSE)
+ || (session->security_parameters.entity == GNUTLS_CLIENT
+ && session->internals.resumed == RESUME_TRUE))
+ return 1;
+ else
+ return 0;
}
inline static void _dtls_async_timer_init(gnutls_session_t session)
{
- if (_dtls_is_async(session))
- {
- _gnutls_dtls_log ("DTLS[%p]: Initializing timer for handshake state.\n", session);
- session->internals.dtls.async_term = gnutls_time(0) + MAX_DTLS_TIMEOUT/1000;
- }
- else
- {
- _dtls_reset_hsk_state(session);
- _gnutls_handshake_io_buffer_clear (session);
- _gnutls_epoch_gc(session);
- session->internals.dtls.async_term = 0;
- }
+ if (_dtls_is_async(session)) {
+ _gnutls_dtls_log
+ ("DTLS[%p]: Initializing timer for handshake state.\n",
+ session);
+ session->internals.dtls.async_term =
+ gnutls_time(0) + MAX_DTLS_TIMEOUT / 1000;
+ } else {
+ _dtls_reset_hsk_state(session);
+ _gnutls_handshake_io_buffer_clear(session);
+ _gnutls_epoch_gc(session);
+ session->internals.dtls.async_term = 0;
+ }
}
void _dtls_async_timer_delete(gnutls_session_t session);
@@ -95,28 +97,26 @@ void _dtls_async_timer_delete(gnutls_session_t session);
*/
inline static void _dtls_async_timer_check(gnutls_session_t session)
{
- if (!IS_DTLS(session))
- return;
-
- if (session->internals.dtls.async_term != 0)
- {
- time_t now = time(0);
-
- /* check if we need to expire the queued handshake data */
- if (now > session->internals.dtls.async_term)
- {
- _dtls_async_timer_delete(session);
- }
- }
+ if (!IS_DTLS(session))
+ return;
+
+ if (session->internals.dtls.async_term != 0) {
+ time_t now = time(0);
+
+ /* check if we need to expire the queued handshake data */
+ if (now > session->internals.dtls.async_term) {
+ _dtls_async_timer_delete(session);
+ }
+ }
}
/* Returns non-zero if the async timer is active */
inline static int _dtls_async_timer_active(gnutls_session_t session)
{
- if (!IS_DTLS(session))
- return 0;
+ if (!IS_DTLS(session))
+ return 0;
- return session->internals.dtls.async_term;
+ return session->internals.dtls.async_term;
}
/* This function is to be called from record layer once
@@ -126,7 +126,7 @@ inline static int _dtls_async_timer_active(gnutls_session_t session)
*/
inline static int _dtls_retransmit(gnutls_session_t session)
{
- return _dtls_transmit(session);
+ return _dtls_transmit(session);
}
#endif
diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c
index da02aecc05..774b5b6d10 100644
--- a/lib/gnutls_ecc.c
+++ b/lib/gnutls_ecc.c
@@ -30,76 +30,79 @@
#include <gnutls_errors.h>
int
-_gnutls_ecc_ansi_x963_export (gnutls_ecc_curve_t curve, bigint_t x, bigint_t y,
- gnutls_datum_t * out)
+_gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
+ bigint_t y, gnutls_datum_t * out)
{
- int numlen = gnutls_ecc_curve_get_size (curve);
- int byte_size, ret;
- size_t size;
-
- if (numlen == 0)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- out->size = 1 + 2 * numlen;
-
- out->data = gnutls_malloc (out->size);
- if (out->data == NULL)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- memset (out->data, 0, out->size);
-
- /* store byte 0x04 */
- out->data[0] = 0x04;
-
- /* pad and store x */
- byte_size = (_gnutls_mpi_get_nbits (x) + 7) / 8;
- size = out->size - (1 + (numlen - byte_size));
- ret = _gnutls_mpi_print (x, &out->data[1 + (numlen - byte_size)], &size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- byte_size = (_gnutls_mpi_get_nbits (y) + 7) / 8;
- size = out->size - (1 + (numlen + numlen - byte_size));
- ret =
- _gnutls_mpi_print (y, &out->data[1 + numlen + numlen - byte_size], &size);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- /* pad and store y */
- return 0;
+ int numlen = gnutls_ecc_curve_get_size(curve);
+ int byte_size, ret;
+ size_t size;
+
+ if (numlen == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ out->size = 1 + 2 * numlen;
+
+ out->data = gnutls_malloc(out->size);
+ if (out->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memset(out->data, 0, out->size);
+
+ /* store byte 0x04 */
+ out->data[0] = 0x04;
+
+ /* pad and store x */
+ byte_size = (_gnutls_mpi_get_nbits(x) + 7) / 8;
+ size = out->size - (1 + (numlen - byte_size));
+ ret =
+ _gnutls_mpi_print(x, &out->data[1 + (numlen - byte_size)],
+ &size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ byte_size = (_gnutls_mpi_get_nbits(y) + 7) / 8;
+ size = out->size - (1 + (numlen + numlen - byte_size));
+ ret =
+ _gnutls_mpi_print(y,
+ &out->data[1 + numlen + numlen - byte_size],
+ &size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* pad and store y */
+ return 0;
}
int
-_gnutls_ecc_ansi_x963_import (const uint8_t * in,
- unsigned long inlen, bigint_t * x, bigint_t * y)
+_gnutls_ecc_ansi_x963_import(const uint8_t * in,
+ unsigned long inlen, bigint_t * x,
+ bigint_t * y)
{
- int ret;
-
- /* must be odd */
- if ((inlen & 1) == 0)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* check for 4 */
- if (in[0] != 4)
- {
- return gnutls_assert_val (GNUTLS_E_PARSING_ERROR);
- }
-
- /* read data */
- ret = _gnutls_mpi_scan (x, in + 1, (inlen - 1) >> 1);
- if (ret < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
-
- ret = _gnutls_mpi_scan (y, in + 1 + ((inlen - 1) >> 1), (inlen - 1) >> 1);
- if (ret < 0)
- {
- _gnutls_mpi_release (x);
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
- }
-
- return 0;
+ int ret;
+
+ /* must be odd */
+ if ((inlen & 1) == 0) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* check for 4 */
+ if (in[0] != 4) {
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+
+ /* read data */
+ ret = _gnutls_mpi_scan(x, in + 1, (inlen - 1) >> 1);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret =
+ _gnutls_mpi_scan(y, in + 1 + ((inlen - 1) >> 1),
+ (inlen - 1) >> 1);
+ if (ret < 0) {
+ _gnutls_mpi_release(x);
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ }
+
+ return 0;
}
-
diff --git a/lib/gnutls_ecc.h b/lib/gnutls_ecc.h
index 10104c743a..a0bd94c19d 100644
--- a/lib/gnutls_ecc.h
+++ b/lib/gnutls_ecc.h
@@ -21,8 +21,10 @@
*/
#ifndef GNUTLS_ECC_H
-# define GNUTLS_ECC_H
+#define GNUTLS_ECC_H
-int _gnutls_ecc_ansi_x963_import(const uint8_t *in, unsigned long inlen, bigint_t* x, bigint_t* y);
-int _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x, bigint_t y, gnutls_datum_t * out);
+int _gnutls_ecc_ansi_x963_import(const uint8_t * in, unsigned long inlen,
+ bigint_t * x, bigint_t * y);
+int _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
+ bigint_t y, gnutls_datum_t * out);
#endif
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 8bb6118af1..3c932859fa 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -36,329 +36,367 @@
#define ERROR_ENTRY(desc, name, fatal) \
{ desc, #name, name, fatal}
-struct gnutls_error_entry
-{
- const char *desc;
- const char *_name;
- int number;
- int fatal; /* whether this error is fatal and the session for handshake
- * should be terminated.
- */
+struct gnutls_error_entry {
+ const char *desc;
+ const char *_name;
+ int number;
+ int fatal; /* whether this error is fatal and the session for handshake
+ * should be terminated.
+ */
};
typedef struct gnutls_error_entry gnutls_error_entry;
static const gnutls_error_entry error_algorithms[] = {
- /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
- ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
- ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
- GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
- ERROR_ENTRY (N_("No or insufficient priorities were set."),
- GNUTLS_E_NO_PRIORITIES_WERE_SET, 1),
- ERROR_ENTRY (N_("The cipher type is unsupported."),
- GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
- ERROR_ENTRY (N_("The certificate and the given key do not match."),
- GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
- ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
- GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
- ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
- GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
-
- ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
- GNUTLS_E_UNWANTED_ALGORITHM, 1),
- ERROR_ENTRY (N_("A record packet with illegal version was received."),
- GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
- ERROR_ENTRY (N_
- ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
- GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
- ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
- GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
- ERROR_ENTRY (N_("The TLS connection was non-properly terminated."),
- GNUTLS_E_PREMATURE_TERMINATION, 1),
- ERROR_ENTRY (N_
- ("The specified session has been invalidated for some reason."),
- GNUTLS_E_INVALID_SESSION, 1),
-
- ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1),
- ERROR_ENTRY (N_("An illegal TLS extension was received."),
- GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
- ERROR_ENTRY (N_("A TLS fatal alert has been received."),
- GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
- ERROR_ENTRY (N_("An unexpected TLS packet was received."),
- GNUTLS_E_UNEXPECTED_PACKET, 1),
- ERROR_ENTRY (N_("A TLS warning alert has been received."),
- GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
- ERROR_ENTRY (N_
- ("An error was encountered at the TLS Finished packet calculation."),
- GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
- ERROR_ENTRY (N_("No certificate was found."),
- GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
- ERROR_ENTRY (N_("The given DSA key is incompatible with the selected TLS protocol."),
- GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL, 1),
- ERROR_ENTRY (N_("A heartbeat pong message was received."),
- GNUTLS_E_HEARTBEAT_PONG_RECEIVED, 0),
- ERROR_ENTRY (N_("A heartbeat ping message was received."),
- GNUTLS_E_HEARTBEAT_PING_RECEIVED, 0),
- ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
- GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1),
-
- ERROR_ENTRY (N_("No temporary RSA parameters were found."),
- GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
- ERROR_ENTRY (N_("No temporary DH parameters were found."),
- GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
- ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
- GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
- ERROR_ENTRY (N_("The scanning of a large integer has failed."),
- GNUTLS_E_MPI_SCAN_FAILED, 1),
- ERROR_ENTRY (N_("Could not export a large integer."),
- GNUTLS_E_MPI_PRINT_FAILED, 1),
- ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1),
- ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1),
- ERROR_ENTRY (N_("Public key decryption has failed."),
- GNUTLS_E_PK_DECRYPTION_FAILED, 1),
- ERROR_ENTRY (N_("Public key encryption has failed."),
- GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
- ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED,
- 1),
- ERROR_ENTRY (N_("Public key signature verification has failed."),
- GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
- ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
- GNUTLS_E_DECOMPRESSION_FAILED, 1),
- ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
- GNUTLS_E_COMPRESSION_FAILED, 1),
-
- ERROR_ENTRY (N_("Internal error in memory allocation."),
- GNUTLS_E_MEMORY_ERROR, 1),
- ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
- GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
- ERROR_ENTRY (N_("Insufficient credentials for that request."),
- GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
- ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1),
- ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD,
- 1),
- ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1),
- ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
- ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR,
- 1),
- ERROR_ENTRY (N_("Base64 unexpected header error."),
- GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
- 1),
- ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR,
- 1),
- ERROR_ENTRY (N_("Parsing error in password file."),
- GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
- ERROR_ENTRY (N_("The requested data were not available."),
- GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 1),
- ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1),
- ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1),
- ERROR_ENTRY (N_
- ("The upper limit of record packet sequence numbers has been reached. Wow!"),
- GNUTLS_E_RECORD_LIMIT_REACHED, 1),
- ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR,
- 1),
- ERROR_ENTRY (N_("Could not authenticate peer."), GNUTLS_E_AUTH_ERROR,
- 1),
- ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
- GNUTLS_E_X509_UNKNOWN_SAN, 1),
-
- ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
- GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
- ERROR_ENTRY (N_("Unsupported extension in X.509 certificate."),
- GNUTLS_E_X509_UNSUPPORTED_EXTENSION, 1),
- ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
- GNUTLS_E_KEY_USAGE_VIOLATION, 1),
- ERROR_ENTRY (N_("Resource temporarily unavailable, try again."),
- GNUTLS_E_AGAIN, 0),
- ERROR_ENTRY (N_("The transmitted packet is too large (EMSGSIZE)."),
- GNUTLS_E_LARGE_PACKET, 0),
- ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0),
- ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
- GNUTLS_E_REHANDSHAKE, 0),
- ERROR_ENTRY (N_
- ("TLS Application data were received, while expecting handshake data."),
- GNUTLS_E_GOT_APPLICATION_DATA, 1),
- ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1),
- ERROR_ENTRY (N_("The certificate type is not supported."),
- GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
- ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
- GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
- ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1),
- ERROR_ENTRY (N_("The cookie was bad."), GNUTLS_E_BAD_COOKIE, 1),
- ERROR_ENTRY (N_("An illegal parameter has been received."),
- GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
- ERROR_ENTRY (N_("An illegal parameter was found."),
- GNUTLS_E_ILLEGAL_PARAMETER, 1),
- ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1),
-
- ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
- GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
- ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
- GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
- ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
- GNUTLS_E_ASN1_DER_ERROR, 1),
- ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
- GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
- ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
- GNUTLS_E_ASN1_GENERIC_ERROR, 1),
- ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
- GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
- ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1),
- ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
- GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
- ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
- GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
- ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR,
- 1),
- ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
- GNUTLS_E_ASN1_DER_OVERFLOW, 1),
-
- ERROR_ENTRY (N_("Too many empty record packets have been received."),
- GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
- ERROR_ENTRY (N_("Too many handshake packets have been received."),
- GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS, 1),
- ERROR_ENTRY (N_("The crypto library version is too old."),
- GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
-
- ERROR_ENTRY (N_("The tasn1 library version is too old."),
- GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
- ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
- GNUTLS_E_OPENPGP_UID_REVOKED, 1),
- ERROR_ENTRY (N_("The OpenPGP key has not a preferred key set."),
- GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR, 1),
- ERROR_ENTRY (N_("Error loading the keyring."),
- GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
- ERROR_ENTRY (N_("The initialization of crypto backend has failed."),
- GNUTLS_E_CRYPTO_INIT_FAILED, 1),
- ERROR_ENTRY (N_("No supported compression algorithms have been found."),
- GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
- ERROR_ENTRY (N_("No supported cipher suites have been found."),
- GNUTLS_E_NO_CIPHER_SUITES, 1),
- ERROR_ENTRY (N_("Could not get OpenPGP key."),
- GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
- ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
- GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
- ERROR_ENTRY (N_("Safe renegotiation failed."),
- GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
- ERROR_ENTRY (N_("Unsafe renegotiation denied."),
- GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1),
-
- ERROR_ENTRY (N_("The SRP username supplied is illegal."),
- GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
- ERROR_ENTRY (N_("The SRP username supplied is unknown."),
- GNUTLS_E_UNKNOWN_SRP_USERNAME, 1),
-
- ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
- GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
- ERROR_ENTRY (N_("The signature algorithm is not supported."),
- GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1),
- ERROR_ENTRY (N_("The certificate has unsupported attributes."),
- GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
- ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
- 1),
- ERROR_ENTRY (N_("The hash algorithm is unknown."),
- GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
- ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
- GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
- ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
- GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
- ERROR_ENTRY (N_("The given password contains invalid characters."),
- GNUTLS_E_INVALID_PASSWORD, 1),
- ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
- GNUTLS_E_MAC_VERIFY_FAILED, 1),
- ERROR_ENTRY (N_("Some constraint limits were reached."),
- GNUTLS_E_CONSTRAINT_ERROR, 1),
- ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED,
- 1),
-
- ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
- GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
- ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
- GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
- ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
- GNUTLS_E_IA_VERIFY_FAILED, 1),
-
- ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
- GNUTLS_E_UNKNOWN_ALGORITHM, 1),
-
- ERROR_ENTRY (N_("The handshake data size is too large."),
- GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
-
- ERROR_ENTRY (N_("Error opening /dev/crypto"),
- GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1),
-
- ERROR_ENTRY (N_("Error interfacing with /dev/crypto"),
- GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1),
- ERROR_ENTRY (N_("Peer has terminated the connection"),
- GNUTLS_E_SESSION_EOF, 1),
- ERROR_ENTRY (N_("Channel binding data not available"),
- GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE, 1),
-
- ERROR_ENTRY (N_("TPM error."),
- GNUTLS_E_TPM_ERROR, 1),
- ERROR_ENTRY (N_("TPM is not initialized."),
- GNUTLS_E_TPM_UNINITIALIZED, 1),
- ERROR_ENTRY (N_("TPM key was not found in persistent storage."),
- GNUTLS_E_TPM_KEY_NOT_FOUND, 1),
- ERROR_ENTRY (N_("Cannot initialize a session with the TPM."),
- GNUTLS_E_TPM_SESSION_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error."),
- GNUTLS_E_PKCS11_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 initialization error."),
- GNUTLS_E_PKCS11_LOAD_ERROR, 1),
- ERROR_ENTRY (N_("Error in parsing."),
- GNUTLS_E_PARSING_ERROR, 1),
- ERROR_ENTRY (N_("Error in provided PIN."),
- GNUTLS_E_PKCS11_PIN_ERROR, 1),
- ERROR_ENTRY (N_("Error in provided SRK password for TPM."),
- GNUTLS_E_TPM_SRK_PASSWORD_ERROR, 1),
- ERROR_ENTRY (N_("Error in provided password for key to be loaded in TPM."),
- GNUTLS_E_TPM_KEY_PASSWORD_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in slot"),
- GNUTLS_E_PKCS11_SLOT_ERROR, 1),
- ERROR_ENTRY (N_("Thread locking error"),
- GNUTLS_E_LOCKING_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in attribute"),
- GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in device"),
- GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in data"),
- GNUTLS_E_PKCS11_DATA_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 unsupported feature"),
- GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in key"),
- GNUTLS_E_PKCS11_KEY_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 PIN expired"),
- GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
- ERROR_ENTRY (N_("PKCS #11 PIN locked"),
- GNUTLS_E_PKCS11_PIN_LOCKED, 1),
- ERROR_ENTRY (N_("PKCS #11 error in session"),
- GNUTLS_E_PKCS11_SESSION_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in signature"),
- GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 error in token"),
- GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
- ERROR_ENTRY (N_("PKCS #11 user error"),
- GNUTLS_E_PKCS11_USER_ERROR, 1),
- ERROR_ENTRY (N_("The operation timed out"),
- GNUTLS_E_TIMEDOUT, 1),
- ERROR_ENTRY (N_("The operation was cancelled due to user error"),
- GNUTLS_E_USER_ERROR, 1),
- ERROR_ENTRY (N_("No supported ECC curves were found"),
- GNUTLS_E_ECC_NO_SUPPORTED_CURVES, 1),
- ERROR_ENTRY (N_("The curve is unsupported"),
- GNUTLS_E_ECC_UNSUPPORTED_CURVE, 1),
- ERROR_ENTRY (N_("The requested PKCS #11 object is not available"),
- GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE, 1),
- ERROR_ENTRY (N_("The provided X.509 certificate list is not sorted (in subject to issuer order)"),
- GNUTLS_E_CERTIFICATE_LIST_UNSORTED, 1),
- ERROR_ENTRY (N_("The OCSP response is invalid"),
- GNUTLS_E_OCSP_RESPONSE_ERROR, 1),
- ERROR_ENTRY (N_("There is no certificate status (OCSP)."),
- GNUTLS_E_NO_CERTIFICATE_STATUS, 1),
- ERROR_ENTRY (N_("Error in the system's randomness device."),
- GNUTLS_E_RANDOM_DEVICE_ERROR, 1),
- ERROR_ENTRY (N_("No common application protocol could be negotiated."),
- GNUTLS_E_NO_APPLICATION_PROTOCOL, 1),
- {NULL, NULL, 0, 0}
+ /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
+ ERROR_ENTRY(N_("Success."), GNUTLS_E_SUCCESS, 0),
+ ERROR_ENTRY(N_("Could not negotiate a supported cipher suite."),
+ GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
+ ERROR_ENTRY(N_("No or insufficient priorities were set."),
+ GNUTLS_E_NO_PRIORITIES_WERE_SET, 1),
+ ERROR_ENTRY(N_("The cipher type is unsupported."),
+ GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
+ ERROR_ENTRY(N_("The certificate and the given key do not match."),
+ GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
+ ERROR_ENTRY(N_
+ ("Could not negotiate a supported compression method."),
+ GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
+ ERROR_ENTRY(N_("An unknown public key algorithm was encountered."),
+ GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
+
+ ERROR_ENTRY(N_("An algorithm that is not enabled was negotiated."),
+ GNUTLS_E_UNWANTED_ALGORITHM, 1),
+ ERROR_ENTRY(N_
+ ("A record packet with illegal version was received."),
+ GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
+ ERROR_ENTRY(N_
+ ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
+ GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
+ ERROR_ENTRY(N_
+ ("A TLS packet with unexpected length was received."),
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
+ ERROR_ENTRY(N_("The TLS connection was non-properly terminated."),
+ GNUTLS_E_PREMATURE_TERMINATION, 1),
+ ERROR_ENTRY(N_
+ ("The specified session has been invalidated for some reason."),
+ GNUTLS_E_INVALID_SESSION, 1),
+
+ ERROR_ENTRY(N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR,
+ 1),
+ ERROR_ENTRY(N_("An illegal TLS extension was received."),
+ GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
+ ERROR_ENTRY(N_("A TLS fatal alert has been received."),
+ GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
+ ERROR_ENTRY(N_("An unexpected TLS packet was received."),
+ GNUTLS_E_UNEXPECTED_PACKET, 1),
+ ERROR_ENTRY(N_("A TLS warning alert has been received."),
+ GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
+ ERROR_ENTRY(N_
+ ("An error was encountered at the TLS Finished packet calculation."),
+ GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
+ ERROR_ENTRY(N_("No certificate was found."),
+ GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
+ ERROR_ENTRY(N_
+ ("The given DSA key is incompatible with the selected TLS protocol."),
+ GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL, 1),
+ ERROR_ENTRY(N_("A heartbeat pong message was received."),
+ GNUTLS_E_HEARTBEAT_PONG_RECEIVED, 0),
+ ERROR_ENTRY(N_("A heartbeat ping message was received."),
+ GNUTLS_E_HEARTBEAT_PING_RECEIVED, 0),
+ ERROR_ENTRY(N_
+ ("There is already a crypto algorithm with lower priority."),
+ GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1),
+
+ ERROR_ENTRY(N_("No temporary RSA parameters were found."),
+ GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
+ ERROR_ENTRY(N_("No temporary DH parameters were found."),
+ GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
+ ERROR_ENTRY(N_("An unexpected TLS handshake packet was received."),
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
+ ERROR_ENTRY(N_("The scanning of a large integer has failed."),
+ GNUTLS_E_MPI_SCAN_FAILED, 1),
+ ERROR_ENTRY(N_("Could not export a large integer."),
+ GNUTLS_E_MPI_PRINT_FAILED, 1),
+ ERROR_ENTRY(N_("Decryption has failed."),
+ GNUTLS_E_DECRYPTION_FAILED, 1),
+ ERROR_ENTRY(N_("Encryption has failed."),
+ GNUTLS_E_ENCRYPTION_FAILED, 1),
+ ERROR_ENTRY(N_("Public key decryption has failed."),
+ GNUTLS_E_PK_DECRYPTION_FAILED, 1),
+ ERROR_ENTRY(N_("Public key encryption has failed."),
+ GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
+ ERROR_ENTRY(N_("Public key signing has failed."),
+ GNUTLS_E_PK_SIGN_FAILED,
+ 1),
+ ERROR_ENTRY(N_("Public key signature verification has failed."),
+ GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
+ ERROR_ENTRY(N_
+ ("Decompression of the TLS record packet has failed."),
+ GNUTLS_E_DECOMPRESSION_FAILED, 1),
+ ERROR_ENTRY(N_("Compression of the TLS record packet has failed."),
+ GNUTLS_E_COMPRESSION_FAILED, 1),
+
+ ERROR_ENTRY(N_("Internal error in memory allocation."),
+ GNUTLS_E_MEMORY_ERROR, 1),
+ ERROR_ENTRY(N_
+ ("An unimplemented or disabled feature has been requested."),
+ GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
+ ERROR_ENTRY(N_("Insufficient credentials for that request."),
+ GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
+ ERROR_ENTRY(N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Wrong padding in PKCS1 packet."),
+ GNUTLS_E_PKCS1_WRONG_PAD,
+ 1),
+ ERROR_ENTRY(N_("The requested session has expired."),
+ GNUTLS_E_EXPIRED, 1),
+ ERROR_ENTRY(N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
+ ERROR_ENTRY(N_("Base64 decoding error."),
+ GNUTLS_E_BASE64_DECODING_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Base64 unexpected header error."),
+ GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Base64 encoding error."),
+ GNUTLS_E_BASE64_ENCODING_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Parsing error in password file."),
+ GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
+ ERROR_ENTRY(N_("The requested data were not available."),
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 1),
+ ERROR_ENTRY(N_("Error in the pull function."), GNUTLS_E_PULL_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Error in the push function."), GNUTLS_E_PUSH_ERROR,
+ 1),
+ ERROR_ENTRY(N_
+ ("The upper limit of record packet sequence numbers has been reached. Wow!"),
+ GNUTLS_E_RECORD_LIMIT_REACHED, 1),
+ ERROR_ENTRY(N_("Error in the certificate."),
+ GNUTLS_E_CERTIFICATE_ERROR,
+ 1),
+ ERROR_ENTRY(N_("Could not authenticate peer."),
+ GNUTLS_E_AUTH_ERROR,
+ 1),
+ ERROR_ENTRY(N_
+ ("Unknown Subject Alternative name in X.509 certificate."),
+ GNUTLS_E_X509_UNKNOWN_SAN, 1),
+
+ ERROR_ENTRY(N_
+ ("Unsupported critical extension in X.509 certificate."),
+ GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
+ ERROR_ENTRY(N_("Unsupported extension in X.509 certificate."),
+ GNUTLS_E_X509_UNSUPPORTED_EXTENSION, 1),
+ ERROR_ENTRY(N_
+ ("Key usage violation in certificate has been detected."),
+ GNUTLS_E_KEY_USAGE_VIOLATION, 1),
+ ERROR_ENTRY(N_("Resource temporarily unavailable, try again."),
+ GNUTLS_E_AGAIN, 0),
+ ERROR_ENTRY(N_("The transmitted packet is too large (EMSGSIZE)."),
+ GNUTLS_E_LARGE_PACKET, 0),
+ ERROR_ENTRY(N_("Function was interrupted."), GNUTLS_E_INTERRUPTED,
+ 0),
+ ERROR_ENTRY(N_("Rehandshake was requested by the peer."),
+ GNUTLS_E_REHANDSHAKE, 0),
+ ERROR_ENTRY(N_
+ ("TLS Application data were received, while expecting handshake data."),
+ GNUTLS_E_GOT_APPLICATION_DATA, 1),
+ ERROR_ENTRY(N_("Error in Database backend."), GNUTLS_E_DB_ERROR,
+ 1),
+ ERROR_ENTRY(N_("The certificate type is not supported."),
+ GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
+ ERROR_ENTRY(N_
+ ("The given memory buffer is too short to hold parameters."),
+ GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
+ ERROR_ENTRY(N_("The request is invalid."),
+ GNUTLS_E_INVALID_REQUEST, 1),
+ ERROR_ENTRY(N_("The cookie was bad."), GNUTLS_E_BAD_COOKIE, 1),
+ ERROR_ENTRY(N_("An illegal parameter has been received."),
+ GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
+ ERROR_ENTRY(N_("An illegal parameter was found."),
+ GNUTLS_E_ILLEGAL_PARAMETER, 1),
+ ERROR_ENTRY(N_("Error while reading file."), GNUTLS_E_FILE_ERROR,
+ 1),
+
+ ERROR_ENTRY(N_("ASN1 parser: Element was not found."),
+ GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Identifier was not found"),
+ GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Error in DER parsing."),
+ GNUTLS_E_ASN1_DER_ERROR, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Value was not found."),
+ GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Generic parsing error."),
+ GNUTLS_E_ASN1_GENERIC_ERROR, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Value is not valid."),
+ GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Error in TAG."),
+ GNUTLS_E_ASN1_TAG_ERROR, 1),
+ ERROR_ENTRY(N_("ASN1 parser: error in implicit tag"),
+ GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Error in type 'ANY'."),
+ GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
+ ERROR_ENTRY(N_("ASN1 parser: Syntax error."),
+ GNUTLS_E_ASN1_SYNTAX_ERROR,
+ 1),
+ ERROR_ENTRY(N_("ASN1 parser: Overflow in DER parsing."),
+ GNUTLS_E_ASN1_DER_OVERFLOW, 1),
+
+ ERROR_ENTRY(N_
+ ("Too many empty record packets have been received."),
+ GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
+ ERROR_ENTRY(N_("Too many handshake packets have been received."),
+ GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS, 1),
+ ERROR_ENTRY(N_("The crypto library version is too old."),
+ GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
+
+ ERROR_ENTRY(N_("The tasn1 library version is too old."),
+ GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
+ ERROR_ENTRY(N_("The OpenPGP User ID is revoked."),
+ GNUTLS_E_OPENPGP_UID_REVOKED, 1),
+ ERROR_ENTRY(N_("The OpenPGP key has not a preferred key set."),
+ GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR, 1),
+ ERROR_ENTRY(N_("Error loading the keyring."),
+ GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
+ ERROR_ENTRY(N_("The initialization of crypto backend has failed."),
+ GNUTLS_E_CRYPTO_INIT_FAILED, 1),
+ ERROR_ENTRY(N_
+ ("No supported compression algorithms have been found."),
+ GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
+ ERROR_ENTRY(N_("No supported cipher suites have been found."),
+ GNUTLS_E_NO_CIPHER_SUITES, 1),
+ ERROR_ENTRY(N_("Could not get OpenPGP key."),
+ GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
+ ERROR_ENTRY(N_("Could not find OpenPGP subkey."),
+ GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
+ ERROR_ENTRY(N_("Safe renegotiation failed."),
+ GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
+ ERROR_ENTRY(N_("Unsafe renegotiation denied."),
+ GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1),
+
+ ERROR_ENTRY(N_("The SRP username supplied is illegal."),
+ GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
+ ERROR_ENTRY(N_("The SRP username supplied is unknown."),
+ GNUTLS_E_UNKNOWN_SRP_USERNAME, 1),
+
+ ERROR_ENTRY(N_("The OpenPGP fingerprint is not supported."),
+ GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
+ ERROR_ENTRY(N_("The signature algorithm is not supported."),
+ GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1),
+ ERROR_ENTRY(N_("The certificate has unsupported attributes."),
+ GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
+ ERROR_ENTRY(N_("The OID is not supported."),
+ GNUTLS_E_X509_UNSUPPORTED_OID,
+ 1),
+ ERROR_ENTRY(N_("The hash algorithm is unknown."),
+ GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
+ ERROR_ENTRY(N_("The PKCS structure's content type is unknown."),
+ GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
+ ERROR_ENTRY(N_("The PKCS structure's bag type is unknown."),
+ GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
+ ERROR_ENTRY(N_("The given password contains invalid characters."),
+ GNUTLS_E_INVALID_PASSWORD, 1),
+ ERROR_ENTRY(N_
+ ("The Message Authentication Code verification failed."),
+ GNUTLS_E_MAC_VERIFY_FAILED, 1),
+ ERROR_ENTRY(N_("Some constraint limits were reached."),
+ GNUTLS_E_CONSTRAINT_ERROR, 1),
+ ERROR_ENTRY(N_("Failed to acquire random data."),
+ GNUTLS_E_RANDOM_FAILED,
+ 1),
+
+ ERROR_ENTRY(N_
+ ("Received a TLS/IA Intermediate Phase Finished message"),
+ GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
+ ERROR_ENTRY(N_("Received a TLS/IA Final Phase Finished message"),
+ GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
+ ERROR_ENTRY(N_("Verifying TLS/IA phase checksum failed"),
+ GNUTLS_E_IA_VERIFY_FAILED, 1),
+
+ ERROR_ENTRY(N_("The specified algorithm or protocol is unknown."),
+ GNUTLS_E_UNKNOWN_ALGORITHM, 1),
+
+ ERROR_ENTRY(N_("The handshake data size is too large."),
+ GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
+
+ ERROR_ENTRY(N_("Error opening /dev/crypto"),
+ GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1),
+
+ ERROR_ENTRY(N_("Error interfacing with /dev/crypto"),
+ GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1),
+ ERROR_ENTRY(N_("Peer has terminated the connection"),
+ GNUTLS_E_SESSION_EOF, 1),
+ ERROR_ENTRY(N_("Channel binding data not available"),
+ GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE, 1),
+
+ ERROR_ENTRY(N_("TPM error."),
+ GNUTLS_E_TPM_ERROR, 1),
+ ERROR_ENTRY(N_("TPM is not initialized."),
+ GNUTLS_E_TPM_UNINITIALIZED, 1),
+ ERROR_ENTRY(N_("TPM key was not found in persistent storage."),
+ GNUTLS_E_TPM_KEY_NOT_FOUND, 1),
+ ERROR_ENTRY(N_("Cannot initialize a session with the TPM."),
+ GNUTLS_E_TPM_SESSION_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error."),
+ GNUTLS_E_PKCS11_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 initialization error."),
+ GNUTLS_E_PKCS11_LOAD_ERROR, 1),
+ ERROR_ENTRY(N_("Error in parsing."),
+ GNUTLS_E_PARSING_ERROR, 1),
+ ERROR_ENTRY(N_("Error in provided PIN."),
+ GNUTLS_E_PKCS11_PIN_ERROR, 1),
+ ERROR_ENTRY(N_("Error in provided SRK password for TPM."),
+ GNUTLS_E_TPM_SRK_PASSWORD_ERROR, 1),
+ ERROR_ENTRY(N_
+ ("Error in provided password for key to be loaded in TPM."),
+ GNUTLS_E_TPM_KEY_PASSWORD_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in slot"),
+ GNUTLS_E_PKCS11_SLOT_ERROR, 1),
+ ERROR_ENTRY(N_("Thread locking error"),
+ GNUTLS_E_LOCKING_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in attribute"),
+ GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in device"),
+ GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in data"),
+ GNUTLS_E_PKCS11_DATA_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 unsupported feature"),
+ GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in key"),
+ GNUTLS_E_PKCS11_KEY_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 PIN expired"),
+ GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
+ ERROR_ENTRY(N_("PKCS #11 PIN locked"),
+ GNUTLS_E_PKCS11_PIN_LOCKED, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in session"),
+ GNUTLS_E_PKCS11_SESSION_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in signature"),
+ GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 error in token"),
+ GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
+ ERROR_ENTRY(N_("PKCS #11 user error"),
+ GNUTLS_E_PKCS11_USER_ERROR, 1),
+ ERROR_ENTRY(N_("The operation timed out"),
+ GNUTLS_E_TIMEDOUT, 1),
+ ERROR_ENTRY(N_("The operation was cancelled due to user error"),
+ GNUTLS_E_USER_ERROR, 1),
+ ERROR_ENTRY(N_("No supported ECC curves were found"),
+ GNUTLS_E_ECC_NO_SUPPORTED_CURVES, 1),
+ ERROR_ENTRY(N_("The curve is unsupported"),
+ GNUTLS_E_ECC_UNSUPPORTED_CURVE, 1),
+ ERROR_ENTRY(N_("The requested PKCS #11 object is not available"),
+ GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE, 1),
+ ERROR_ENTRY(N_
+ ("The provided X.509 certificate list is not sorted (in subject to issuer order)"),
+ GNUTLS_E_CERTIFICATE_LIST_UNSORTED, 1),
+ ERROR_ENTRY(N_("The OCSP response is invalid"),
+ GNUTLS_E_OCSP_RESPONSE_ERROR, 1),
+ ERROR_ENTRY(N_("There is no certificate status (OCSP)."),
+ GNUTLS_E_NO_CERTIFICATE_STATUS, 1),
+ ERROR_ENTRY(N_("Error in the system's randomness device."),
+ GNUTLS_E_RANDOM_DEVICE_ERROR, 1),
+ ERROR_ENTRY(N_
+ ("No common application protocol could be negotiated."),
+ GNUTLS_E_NO_APPLICATION_PROTOCOL, 1),
+ {NULL, NULL, 0, 0}
};
/**
@@ -380,27 +418,24 @@ static const gnutls_error_entry error_algorithms[] = {
* Returns: zero on non fatal errors or positive @error values. Non-zero
* on fatal error codes.
**/
-int
-gnutls_error_is_fatal (int error)
+int gnutls_error_is_fatal(int error)
{
- int ret = 1;
- const gnutls_error_entry *p;
-
- /* Input sanitzation. Positive values are not errors at all, and
- definitely not fatal. */
- if (error > 0)
- return 0;
-
- for (p = error_algorithms; p->desc != NULL; p++)
- {
- if (p->number == error)
- {
- ret = p->fatal;
- break;
- }
- }
-
- return ret;
+ int ret = 1;
+ const gnutls_error_entry *p;
+
+ /* Input sanitzation. Positive values are not errors at all, and
+ definitely not fatal. */
+ if (error > 0)
+ return 0;
+
+ for (p = error_algorithms; p->desc != NULL; p++) {
+ if (p->number == error) {
+ ret = p->fatal;
+ break;
+ }
+ }
+
+ return ret;
}
/**
@@ -410,10 +445,9 @@ gnutls_error_is_fatal (int error)
* This function is like perror(). The only difference is that it
* accepts an error number returned by a gnutls function.
**/
-void
-gnutls_perror (int error)
+void gnutls_perror(int error)
{
- fprintf (stderr, "GnuTLS error: %s\n", gnutls_strerror (error));
+ fprintf(stderr, "GnuTLS error: %s\n", gnutls_strerror(error));
}
@@ -429,26 +463,23 @@ gnutls_perror (int error)
*
* Returns: A string explaining the GnuTLS error message.
**/
-const char *
-gnutls_strerror (int error)
+const char *gnutls_strerror(int error)
{
- const char *ret = NULL;
- const gnutls_error_entry *p;
-
- for (p = error_algorithms; p->desc != NULL; p++)
- {
- if (p->number == error)
- {
- ret = p->desc;
- break;
- }
- }
-
- /* avoid prefix */
- if (ret == NULL)
- return _("(unknown error code)");
-
- return _(ret);
+ const char *ret = NULL;
+ const gnutls_error_entry *p;
+
+ for (p = error_algorithms; p->desc != NULL; p++) {
+ if (p->number == error) {
+ ret = p->desc;
+ break;
+ }
+ }
+
+ /* avoid prefix */
+ if (ret == NULL)
+ return _("(unknown error code)");
+
+ return _(ret);
}
/**
@@ -464,173 +495,162 @@ gnutls_strerror (int error)
*
* Since: 2.6.0
**/
-const char *
-gnutls_strerror_name (int error)
+const char *gnutls_strerror_name(int error)
{
- const char *ret = NULL;
- const gnutls_error_entry *p;
-
- for (p = error_algorithms; p->desc != NULL; p++)
- {
- if (p->number == error)
- {
- ret = p->_name;
- break;
- }
- }
-
- return ret;
+ const char *ret = NULL;
+ const gnutls_error_entry *p;
+
+ for (p = error_algorithms; p->desc != NULL; p++) {
+ if (p->number == error) {
+ ret = p->_name;
+ break;
+ }
+ }
+
+ return ret;
}
-int
-_gnutls_asn2err (int asn_err)
+int _gnutls_asn2err(int asn_err)
{
- switch (asn_err)
- {
- case ASN1_FILE_NOT_FOUND:
- return GNUTLS_E_FILE_ERROR;
- case ASN1_ELEMENT_NOT_FOUND:
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- case ASN1_IDENTIFIER_NOT_FOUND:
- return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
- case ASN1_DER_ERROR:
- return GNUTLS_E_ASN1_DER_ERROR;
- case ASN1_VALUE_NOT_FOUND:
- return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
- case ASN1_GENERIC_ERROR:
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- case ASN1_VALUE_NOT_VALID:
- return GNUTLS_E_ASN1_VALUE_NOT_VALID;
- case ASN1_TAG_ERROR:
- return GNUTLS_E_ASN1_TAG_ERROR;
- case ASN1_TAG_IMPLICIT:
- return GNUTLS_E_ASN1_TAG_IMPLICIT;
- case ASN1_ERROR_TYPE_ANY:
- return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
- case ASN1_SYNTAX_ERROR:
- return GNUTLS_E_ASN1_SYNTAX_ERROR;
- case ASN1_MEM_ERROR:
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- case ASN1_MEM_ALLOC_ERROR:
- return GNUTLS_E_MEMORY_ERROR;
- case ASN1_DER_OVERFLOW:
- return GNUTLS_E_ASN1_DER_OVERFLOW;
- default:
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
+ switch (asn_err) {
+ case ASN1_FILE_NOT_FOUND:
+ return GNUTLS_E_FILE_ERROR;
+ case ASN1_ELEMENT_NOT_FOUND:
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ case ASN1_IDENTIFIER_NOT_FOUND:
+ return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
+ case ASN1_DER_ERROR:
+ return GNUTLS_E_ASN1_DER_ERROR;
+ case ASN1_VALUE_NOT_FOUND:
+ return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
+ case ASN1_GENERIC_ERROR:
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ case ASN1_VALUE_NOT_VALID:
+ return GNUTLS_E_ASN1_VALUE_NOT_VALID;
+ case ASN1_TAG_ERROR:
+ return GNUTLS_E_ASN1_TAG_ERROR;
+ case ASN1_TAG_IMPLICIT:
+ return GNUTLS_E_ASN1_TAG_IMPLICIT;
+ case ASN1_ERROR_TYPE_ANY:
+ return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
+ case ASN1_SYNTAX_ERROR:
+ return GNUTLS_E_ASN1_SYNTAX_ERROR;
+ case ASN1_MEM_ERROR:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ case ASN1_MEM_ALLOC_ERROR:
+ return GNUTLS_E_MEMORY_ERROR;
+ case ASN1_DER_OVERFLOW:
+ return GNUTLS_E_ASN1_DER_OVERFLOW;
+ default:
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
}
-void
-_gnutls_mpi_log (const char *prefix, bigint_t a)
+void _gnutls_mpi_log(const char *prefix, bigint_t a)
{
- size_t binlen = 0;
- void *binbuf;
- size_t hexlen;
- char *hexbuf;
- int res;
-
- if (_gnutls_log_level < 2) return;
-
- res = _gnutls_mpi_print (a, NULL, &binlen);
- if (res < 0 && res != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- _gnutls_hard_log ("MPI: %s can't print value (%d/%d)\n", prefix, res,
- (int) binlen);
- return;
- }
-
- if (binlen > 1024 * 1024)
- {
- gnutls_assert ();
- _gnutls_hard_log ("MPI: %s too large mpi (%d)\n", prefix, (int) binlen);
- return;
- }
-
- binbuf = gnutls_malloc (binlen);
- if (!binbuf)
- {
- gnutls_assert ();
- _gnutls_hard_log ("MPI: %s out of memory (%d)\n", prefix, (int) binlen);
- return;
- }
-
- res = _gnutls_mpi_print (a, binbuf, &binlen);
- if (res != 0)
- {
- gnutls_assert ();
- _gnutls_hard_log ("MPI: %s can't print value (%d/%d)\n", prefix, res,
- (int) binlen);
- gnutls_free (binbuf);
- return;
- }
-
- hexlen = 2 * binlen + 1;
- hexbuf = gnutls_malloc (hexlen);
-
- if (!hexbuf)
- {
- gnutls_assert ();
- _gnutls_hard_log ("MPI: %s out of memory (hex %d)\n", prefix, (int) hexlen);
- gnutls_free (binbuf);
- return;
- }
-
- _gnutls_bin2hex (binbuf, binlen, hexbuf, hexlen, NULL);
-
- _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix,
- hexbuf);
-
- gnutls_free (hexbuf);
- gnutls_free (binbuf);
+ size_t binlen = 0;
+ void *binbuf;
+ size_t hexlen;
+ char *hexbuf;
+ int res;
+
+ if (_gnutls_log_level < 2)
+ return;
+
+ res = _gnutls_mpi_print(a, NULL, &binlen);
+ if (res < 0 && res != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ _gnutls_hard_log("MPI: %s can't print value (%d/%d)\n",
+ prefix, res, (int) binlen);
+ return;
+ }
+
+ if (binlen > 1024 * 1024) {
+ gnutls_assert();
+ _gnutls_hard_log("MPI: %s too large mpi (%d)\n", prefix,
+ (int) binlen);
+ return;
+ }
+
+ binbuf = gnutls_malloc(binlen);
+ if (!binbuf) {
+ gnutls_assert();
+ _gnutls_hard_log("MPI: %s out of memory (%d)\n", prefix,
+ (int) binlen);
+ return;
+ }
+
+ res = _gnutls_mpi_print(a, binbuf, &binlen);
+ if (res != 0) {
+ gnutls_assert();
+ _gnutls_hard_log("MPI: %s can't print value (%d/%d)\n",
+ prefix, res, (int) binlen);
+ gnutls_free(binbuf);
+ return;
+ }
+
+ hexlen = 2 * binlen + 1;
+ hexbuf = gnutls_malloc(hexlen);
+
+ if (!hexbuf) {
+ gnutls_assert();
+ _gnutls_hard_log("MPI: %s out of memory (hex %d)\n",
+ prefix, (int) hexlen);
+ gnutls_free(binbuf);
+ return;
+ }
+
+ _gnutls_bin2hex(binbuf, binlen, hexbuf, hexlen, NULL);
+
+ _gnutls_hard_log("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix,
+ hexbuf);
+
+ gnutls_free(hexbuf);
+ gnutls_free(binbuf);
}
/* this function will output a message using the
* caller provided function
*/
-void
-_gnutls_log (int level, const char *fmt, ...)
+void _gnutls_log(int level, const char *fmt, ...)
{
- va_list args;
- char *str;
- int ret;
-
- if (_gnutls_log_func == NULL)
- return;
-
- va_start (args, fmt);
- ret = vasprintf (&str, fmt, args);
- va_end (args);
-
- if (ret >= 0)
- {
- _gnutls_log_func (level, str);
- free (str);
- }
+ va_list args;
+ char *str;
+ int ret;
+
+ if (_gnutls_log_func == NULL)
+ return;
+
+ va_start(args, fmt);
+ ret = vasprintf(&str, fmt, args);
+ va_end(args);
+
+ if (ret >= 0) {
+ _gnutls_log_func(level, str);
+ free(str);
+ }
}
-void
-_gnutls_audit_log (gnutls_session_t session, const char *fmt, ...)
+void _gnutls_audit_log(gnutls_session_t session, const char *fmt, ...)
{
- va_list args;
- char *str;
- int ret;
-
- if (_gnutls_audit_log_func == NULL && _gnutls_log_func == NULL)
- return;
-
- va_start (args, fmt);
- ret = vasprintf (&str, fmt, args);
- va_end (args);
-
- if (ret >= 0)
- {
- if (_gnutls_audit_log_func)
- _gnutls_audit_log_func (session, str);
- else
- _gnutls_log_func(1, str);
- free (str);
- }
+ va_list args;
+ char *str;
+ int ret;
+
+ if (_gnutls_audit_log_func == NULL && _gnutls_log_func == NULL)
+ return;
+
+ va_start(args, fmt);
+ ret = vasprintf(&str, fmt, args);
+ va_end(args);
+
+ if (ret >= 0) {
+ if (_gnutls_audit_log_func)
+ _gnutls_audit_log_func(session, str);
+ else
+ _gnutls_log_func(1, str);
+ free(str);
+ }
}
#ifndef DEBUG
@@ -639,11 +659,10 @@ _gnutls_audit_log (gnutls_session_t session, const char *fmt, ...)
/* Without C99 macros these functions have to
* be called. This may affect performance.
*/
-void
-_gnutls_null_log (void *x, ...)
+void _gnutls_null_log(void *x, ...)
{
- return;
+ return;
}
-#endif /* C99_MACROS */
-#endif /* DEBUG */
+#endif /* C99_MACROS */
+#endif /* DEBUG */
diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h
index 1f446a06a3..12df2588b9 100644
--- a/lib/gnutls_errors.h
+++ b/lib/gnutls_errors.h
@@ -34,28 +34,26 @@
#else
#define gnutls_assert()
#endif
-#else /* __FILE__ not defined */
+#else /* __FILE__ not defined */
#define gnutls_assert()
#endif
-int _gnutls_asn2err (int asn_err);
-void
-_gnutls_log (int, const char *fmt, ...)
+int _gnutls_asn2err(int asn_err);
+void _gnutls_log(int, const char *fmt, ...)
#ifdef __GNUC__
- __attribute__ ((format (printf, 2, 3)));
+ __attribute__ ((format(printf, 2, 3)));
#else
- ;
+;
#endif
-void
-_gnutls_audit_log (gnutls_session_t, const char *fmt, ...)
+void _gnutls_audit_log(gnutls_session_t, const char *fmt, ...)
#ifdef __GNUC__
- __attribute__ ((format (printf, 2, 3)));
+ __attribute__ ((format(printf, 2, 3)));
#else
- ;
+;
#endif
-void _gnutls_mpi_log (const char *prefix, bigint_t a);
+void _gnutls_mpi_log(const char *prefix, bigint_t a);
#ifdef C99_MACROS
#define LEVEL(l, ...) do { if (unlikely(_gnutls_log_level >= l)) \
@@ -84,9 +82,9 @@ void _gnutls_mpi_log (const char *prefix, bigint_t a);
#define _gnutls_read_log _gnutls_null_log
#define _gnutls_write_log _gnutls_null_log
-void _gnutls_null_log (void *, ...);
+void _gnutls_null_log(void *, ...);
-#endif /* C99_MACROS */
+#endif /* C99_MACROS */
/* GCC won't inline this by itself and results in a "fatal warning"
otherwise. Making this a macro has been tried, but it interacts
@@ -94,15 +92,15 @@ void _gnutls_null_log (void *, ...);
side. */
static inline
#ifdef __GNUC__
- __attribute__ ((always_inline))
+ __attribute__ ((always_inline))
#endif
-int gnutls_assert_val_int (int val, const char *file, int line)
+int gnutls_assert_val_int(int val, const char *file, int line)
{
- _gnutls_debug_log ("ASSERT: %s:%d\n", file, line);
- return val;
+ _gnutls_debug_log("ASSERT: %s:%d\n", file, line);
+ return val;
}
#define gnutls_assert_val(x) gnutls_assert_val_int(x, __FILE__, __LINE__)
#define gnutls_assert_val_fatal(x) (((x)!=GNUTLS_E_AGAIN && (x)!=GNUTLS_E_INTERRUPTED)?gnutls_assert_val_int(x, __FILE__, __LINE__):(x))
-#endif /* GNUTLS_ERRORS_H */
+#endif /* GNUTLS_ERRORS_H */
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index e045e98f7a..3633a5c84d 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -45,173 +45,169 @@
#include <gnutls_num.h>
-static void _gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
- uint16_t type);
+static void _gnutls_ext_unset_resumed_session_data(gnutls_session_t
+ session, uint16_t type);
static size_t extfunc_size = 0;
static extension_entry_st *extfunc = NULL;
-static gnutls_ext_parse_type_t
-_gnutls_ext_parse_type (uint16_t type)
+static gnutls_ext_parse_type_t _gnutls_ext_parse_type(uint16_t type)
{
- size_t i;
+ size_t i;
- for (i = 0; i < extfunc_size; i++)
- {
- if (extfunc[i].type == type)
- return extfunc[i].parse_type;
- }
+ for (i = 0; i < extfunc_size; i++) {
+ if (extfunc[i].type == type)
+ return extfunc[i].parse_type;
+ }
- return GNUTLS_EXT_NONE;
+ return GNUTLS_EXT_NONE;
}
static gnutls_ext_recv_func
-_gnutls_ext_func_recv (uint16_t type, gnutls_ext_parse_type_t parse_type)
+_gnutls_ext_func_recv(uint16_t type, gnutls_ext_parse_type_t parse_type)
{
- size_t i;
+ size_t i;
- for (i = 0; i < extfunc_size; i++)
- if (extfunc[i].type == type)
- if (parse_type == GNUTLS_EXT_ANY || extfunc[i].parse_type == parse_type)
- return extfunc[i].recv_func;
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ if (parse_type == GNUTLS_EXT_ANY
+ || extfunc[i].parse_type == parse_type)
+ return extfunc[i].recv_func;
- return NULL;
+ return NULL;
}
-static gnutls_ext_deinit_data_func
-_gnutls_ext_func_deinit (uint16_t type)
+static gnutls_ext_deinit_data_func _gnutls_ext_func_deinit(uint16_t type)
{
- size_t i;
+ size_t i;
- for (i = 0; i < extfunc_size; i++)
- if (extfunc[i].type == type)
- return extfunc[i].deinit_func;
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ return extfunc[i].deinit_func;
- return NULL;
+ return NULL;
}
-static gnutls_ext_unpack_func
-_gnutls_ext_func_unpack (uint16_t type)
+static gnutls_ext_unpack_func _gnutls_ext_func_unpack(uint16_t type)
{
- size_t i;
+ size_t i;
- for (i = 0; i < extfunc_size; i++)
- if (extfunc[i].type == type)
- return extfunc[i].unpack_func;
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ return extfunc[i].unpack_func;
- return NULL;
+ return NULL;
}
-static const char *
-_gnutls_extension_get_name (uint16_t type)
+static const char *_gnutls_extension_get_name(uint16_t type)
{
- size_t i;
+ size_t i;
- for (i = 0; i < extfunc_size; i++)
- if (extfunc[i].type == type)
- return extfunc[i].name;
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ return extfunc[i].name;
- return NULL;
+ return NULL;
}
/* Checks if the extension we just received is one of the
* requested ones. Otherwise it's a fatal error.
*/
static int
-_gnutls_extension_list_check (gnutls_session_t session, uint16_t type)
+_gnutls_extension_list_check(gnutls_session_t session, uint16_t type)
{
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- int i;
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ int i;
- for (i = 0; i < session->internals.extensions_sent_size; i++)
- {
- if (type == session->internals.extensions_sent[i])
- return 0; /* ok found */
- }
+ for (i = 0; i < session->internals.extensions_sent_size;
+ i++) {
+ if (type == session->internals.extensions_sent[i])
+ return 0; /* ok found */
+ }
- return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
- }
+ return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
+ }
- return 0;
+ return 0;
}
int
-_gnutls_parse_extensions (gnutls_session_t session,
- gnutls_ext_parse_type_t parse_type,
- const uint8_t * data, int data_size)
+_gnutls_parse_extensions(gnutls_session_t session,
+ gnutls_ext_parse_type_t parse_type,
+ const uint8_t * data, int data_size)
{
- int next, ret;
- int pos = 0;
- uint16_t type;
- const uint8_t *sdata;
- gnutls_ext_recv_func ext_recv;
- uint16_t size;
+ int next, ret;
+ int pos = 0;
+ uint16_t type;
+ const uint8_t *sdata;
+ gnutls_ext_recv_func ext_recv;
+ uint16_t size;
#ifdef DEBUG
- int i;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- for (i = 0; i < session->internals.extensions_sent_size; i++)
- {
- _gnutls_handshake_log ("EXT[%d]: expecting extension '%s'\n",
- session,
- _gnutls_extension_get_name
- (session->internals.extensions_sent[i]));
- }
+ int i;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ for (i = 0; i < session->internals.extensions_sent_size;
+ i++) {
+ _gnutls_handshake_log
+ ("EXT[%d]: expecting extension '%s'\n",
+ session,
+ _gnutls_extension_get_name(session->internals.
+ extensions_sent
+ [i]));
+ }
#endif
- DECR_LENGTH_RET (data_size, 2, 0);
- next = _gnutls_read_uint16 (data);
- pos += 2;
+ DECR_LENGTH_RET(data_size, 2, 0);
+ next = _gnutls_read_uint16(data);
+ pos += 2;
- DECR_LENGTH_RET (data_size, next, 0);
+ DECR_LENGTH_RET(data_size, next, 0);
- do
- {
- DECR_LENGTH_RET (next, 2, 0);
- type = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
+ do {
+ DECR_LENGTH_RET(next, 2, 0);
+ type = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
- if ((ret = _gnutls_extension_list_check (session, type)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if ((ret =
+ _gnutls_extension_list_check(session, type)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- DECR_LENGTH_RET (next, 2, 0);
- size = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
+ DECR_LENGTH_RET(next, 2, 0);
+ size = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
- DECR_LENGTH_RET (next, size, 0);
- sdata = &data[pos];
- pos += size;
+ DECR_LENGTH_RET(next, size, 0);
+ sdata = &data[pos];
+ pos += size;
- ext_recv = _gnutls_ext_func_recv (type, parse_type);
- if (ext_recv == NULL)
- {
- _gnutls_handshake_log ("EXT[%p]: Found extension '%s/%d'\n", session,
- _gnutls_extension_get_name (type), type);
+ ext_recv = _gnutls_ext_func_recv(type, parse_type);
+ if (ext_recv == NULL) {
+ _gnutls_handshake_log
+ ("EXT[%p]: Found extension '%s/%d'\n", session,
+ _gnutls_extension_get_name(type), type);
- continue;
- }
+ continue;
+ }
- _gnutls_handshake_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n",
- session, _gnutls_extension_get_name (type), type,
- size);
+ _gnutls_handshake_log
+ ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n",
+ session, _gnutls_extension_get_name(type), type,
+ size);
- if ((ret = ext_recv (session, sdata, size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if ((ret = ext_recv(session, sdata, size)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- }
- while (next > 2);
+ }
+ while (next > 2);
- return 0;
+ return 0;
}
@@ -219,444 +215,427 @@ _gnutls_parse_extensions (gnutls_session_t session,
* This list is used to check whether the (later) received
* extensions are the ones we requested.
*/
-void
-_gnutls_extension_list_add (gnutls_session_t session, uint16_t type)
+void _gnutls_extension_list_add(gnutls_session_t session, uint16_t type)
{
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (session->internals.extensions_sent_size < MAX_EXT_TYPES)
- {
- session->internals.extensions_sent[session->internals.
- extensions_sent_size] = type;
- session->internals.extensions_sent_size++;
- }
- else
- {
- _gnutls_handshake_log ("extensions: Increase MAX_EXT_TYPES\n");
- }
- }
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (session->internals.extensions_sent_size <
+ MAX_EXT_TYPES) {
+ session->internals.extensions_sent[session->
+ internals.extensions_sent_size]
+ = type;
+ session->internals.extensions_sent_size++;
+ } else {
+ _gnutls_handshake_log
+ ("extensions: Increase MAX_EXT_TYPES\n");
+ }
+ }
}
int
-_gnutls_gen_extensions (gnutls_session_t session, gnutls_buffer_st * extdata,
- gnutls_ext_parse_type_t parse_type)
+_gnutls_gen_extensions(gnutls_session_t session,
+ gnutls_buffer_st * extdata,
+ gnutls_ext_parse_type_t parse_type)
{
- int size;
- int pos, size_pos, ret;
- size_t i, init_size = extdata->length;
-
- pos = extdata->length; /* we will store length later on */
- _gnutls_buffer_append_prefix( extdata, 16, 0);
-
- for (i = 0; i < extfunc_size; i++)
- {
- extension_entry_st *p = &extfunc[i];
-
- if (p->send_func == NULL)
- continue;
-
- if (parse_type != GNUTLS_EXT_ANY && p->parse_type != parse_type)
- continue;
-
- ret = _gnutls_buffer_append_prefix( extdata, 16, p->type);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- size_pos = extdata->length;
- ret = _gnutls_buffer_append_prefix (extdata, 16, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- size = p->send_func (session, extdata);
- /* returning GNUTLS_E_INT_RET_0 means to send an empty
- * extension of this type.
- */
- if (size > 0 || size == GNUTLS_E_INT_RET_0)
- {
- if (size == GNUTLS_E_INT_RET_0)
- size = 0;
-
- /* write the real size */
- _gnutls_write_uint16(size, &extdata->data[size_pos]);
-
- /* add this extension to the extension list
- */
- _gnutls_extension_list_add (session, p->type);
-
- _gnutls_handshake_log ("EXT[%p]: Sending extension %s (%d bytes)\n",
- session, p->name, size);
- }
- else if (size < 0)
- {
- gnutls_assert ();
- return size;
- }
- else if (size == 0)
- extdata->length -= 4; /* reset type and size */
- }
-
- /* remove any initial data, and the size of the header */
- size = extdata->length - init_size - 2;
-
- if ( size > 0)
- _gnutls_write_uint16(size, &extdata->data[pos]);
- else if (size == 0) extdata->length -= 2; /* the length bytes */
-
- return size;
+ int size;
+ int pos, size_pos, ret;
+ size_t i, init_size = extdata->length;
+
+ pos = extdata->length; /* we will store length later on */
+ _gnutls_buffer_append_prefix(extdata, 16, 0);
+
+ for (i = 0; i < extfunc_size; i++) {
+ extension_entry_st *p = &extfunc[i];
+
+ if (p->send_func == NULL)
+ continue;
+
+ if (parse_type != GNUTLS_EXT_ANY
+ && p->parse_type != parse_type)
+ continue;
+
+ ret = _gnutls_buffer_append_prefix(extdata, 16, p->type);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ size_pos = extdata->length;
+ ret = _gnutls_buffer_append_prefix(extdata, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ size = p->send_func(session, extdata);
+ /* returning GNUTLS_E_INT_RET_0 means to send an empty
+ * extension of this type.
+ */
+ if (size > 0 || size == GNUTLS_E_INT_RET_0) {
+ if (size == GNUTLS_E_INT_RET_0)
+ size = 0;
+
+ /* write the real size */
+ _gnutls_write_uint16(size,
+ &extdata->data[size_pos]);
+
+ /* add this extension to the extension list
+ */
+ _gnutls_extension_list_add(session, p->type);
+
+ _gnutls_handshake_log
+ ("EXT[%p]: Sending extension %s (%d bytes)\n",
+ session, p->name, size);
+ } else if (size < 0) {
+ gnutls_assert();
+ return size;
+ } else if (size == 0)
+ extdata->length -= 4; /* reset type and size */
+ }
+
+ /* remove any initial data, and the size of the header */
+ size = extdata->length - init_size - 2;
+
+ if (size > 0)
+ _gnutls_write_uint16(size, &extdata->data[pos]);
+ else if (size == 0)
+ extdata->length -= 2; /* the length bytes */
+
+ return size;
}
-int
-_gnutls_ext_init (void)
+int _gnutls_ext_init(void)
{
- int ret;
+ int ret;
- ret = _gnutls_ext_register (&ext_mod_max_record_size);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_max_record_size);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_status_request);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_status_request);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_cert_type);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_cert_type);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_server_name);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_server_name);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_sr);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_sr);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#ifdef ENABLE_SRP
- ret = _gnutls_ext_register (&ext_mod_srp);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_srp);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#endif
#ifdef ENABLE_HEARTBEAT
- ret = _gnutls_ext_register (&ext_mod_heartbeat);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_heartbeat);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#endif
- ret = _gnutls_ext_register (&ext_mod_new_record_padding);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_new_record_padding);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_session_ticket);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_session_ticket);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_supported_ecc);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_supported_ecc);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_supported_ecc_pf);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_supported_ecc_pf);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
- ret = _gnutls_ext_register (&ext_mod_sig);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_sig);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#ifdef ENABLE_DTLS_SRTP
- ret = _gnutls_ext_register (&ext_mod_srtp);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_srtp);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#endif
#ifdef ENABLE_ALPN
- ret = _gnutls_ext_register (&ext_mod_alpn);
- if (ret != GNUTLS_E_SUCCESS)
- return ret;
+ ret = _gnutls_ext_register(&ext_mod_alpn);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
#endif
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
-void
-_gnutls_ext_deinit (void)
+void _gnutls_ext_deinit(void)
{
- gnutls_free (extfunc);
- extfunc = NULL;
- extfunc_size = 0;
+ gnutls_free(extfunc);
+ extfunc = NULL;
+ extfunc_size = 0;
}
-int
-_gnutls_ext_register (extension_entry_st * mod)
+int _gnutls_ext_register(extension_entry_st * mod)
{
- extension_entry_st *p;
+ extension_entry_st *p;
- p = gnutls_realloc_fast (extfunc, sizeof (*extfunc) * (extfunc_size + 1));
- if (!p)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ p = gnutls_realloc_fast(extfunc,
+ sizeof(*extfunc) * (extfunc_size + 1));
+ if (!p) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- extfunc = p;
+ extfunc = p;
- memcpy (&extfunc[extfunc_size], mod, sizeof (*mod));
+ memcpy(&extfunc[extfunc_size], mod, sizeof(*mod));
- extfunc_size++;
+ extfunc_size++;
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
-int
-_gnutls_ext_before_epoch_change (gnutls_session_t session)
+int _gnutls_ext_before_epoch_change(gnutls_session_t session)
{
- unsigned int i;
- int ret;
-
- for (i = 0; i < extfunc_size; i++)
- {
- if (extfunc[i].epoch_func != NULL)
- {
- ret = extfunc[i].epoch_func (session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
-
- return 0;
+ unsigned int i;
+ int ret;
+
+ for (i = 0; i < extfunc_size; i++) {
+ if (extfunc[i].epoch_func != NULL) {
+ ret = extfunc[i].epoch_func(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ }
+
+ return 0;
}
-int
-_gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed)
+int _gnutls_ext_pack(gnutls_session_t session, gnutls_buffer_st * packed)
{
- unsigned int i;
- int ret;
- extension_priv_data_t data;
- int cur_size;
- int size_offset;
- int total_exts_pos;
- int exts = 0;
-
- total_exts_pos = packed->length;
- BUFFER_APPEND_NUM (packed, 0);
-
- for (i = 0; i < extfunc_size; i++)
- {
- ret = _gnutls_ext_get_session_data (session, extfunc[i].type, &data);
- if (ret >= 0 && extfunc[i].pack_func != NULL)
- {
- BUFFER_APPEND_NUM (packed, extfunc[i].type);
-
- size_offset = packed->length;
- BUFFER_APPEND_NUM (packed, 0);
-
- cur_size = packed->length;
-
- ret = extfunc[i].pack_func (data, packed);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- exts++;
- /* write the actual size */
- _gnutls_write_uint32 (packed->length - cur_size,
- packed->data + size_offset);
- }
- }
-
- _gnutls_write_uint32 (exts, packed->data + total_exts_pos);
-
- return 0;
+ unsigned int i;
+ int ret;
+ extension_priv_data_t data;
+ int cur_size;
+ int size_offset;
+ int total_exts_pos;
+ int exts = 0;
+
+ total_exts_pos = packed->length;
+ BUFFER_APPEND_NUM(packed, 0);
+
+ for (i = 0; i < extfunc_size; i++) {
+ ret =
+ _gnutls_ext_get_session_data(session, extfunc[i].type,
+ &data);
+ if (ret >= 0 && extfunc[i].pack_func != NULL) {
+ BUFFER_APPEND_NUM(packed, extfunc[i].type);
+
+ size_offset = packed->length;
+ BUFFER_APPEND_NUM(packed, 0);
+
+ cur_size = packed->length;
+
+ ret = extfunc[i].pack_func(data, packed);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ exts++;
+ /* write the actual size */
+ _gnutls_write_uint32(packed->length - cur_size,
+ packed->data + size_offset);
+ }
+ }
+
+ _gnutls_write_uint32(exts, packed->data + total_exts_pos);
+
+ return 0;
}
-void
-_gnutls_ext_restore_resumed_session (gnutls_session_t session)
+void _gnutls_ext_restore_resumed_session(gnutls_session_t session)
{
- int i;
-
-
- /* clear everything except MANDATORY extensions */
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.extension_int_data[i].set != 0 &&
- _gnutls_ext_parse_type (session->internals.
- extension_int_data[i].type) !=
- GNUTLS_EXT_MANDATORY)
- {
- _gnutls_ext_unset_session_data (session,
- session->
- internals.extension_int_data[i].
- type);
- }
- }
-
- /* copy resumed to main */
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.resumed_extension_int_data[i].set != 0 &&
- _gnutls_ext_parse_type (session->
- internals.resumed_extension_int_data[i].
- type) != GNUTLS_EXT_MANDATORY)
- {
- _gnutls_ext_set_session_data (session,
- session->
- internals.resumed_extension_int_data
- [i].type,
- session->
- internals.resumed_extension_int_data
- [i].priv);
- session->internals.resumed_extension_int_data[i].set = 0;
- }
- }
+ int i;
+
+
+ /* clear everything except MANDATORY extensions */
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.extension_int_data[i].set != 0 &&
+ _gnutls_ext_parse_type(session->
+ internals.extension_int_data[i].
+ type) != GNUTLS_EXT_MANDATORY) {
+ _gnutls_ext_unset_session_data(session,
+ session->internals.
+ extension_int_data
+ [i].type);
+ }
+ }
+
+ /* copy resumed to main */
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.resumed_extension_int_data[i].set !=
+ 0
+ && _gnutls_ext_parse_type(session->internals.
+ resumed_extension_int_data
+ [i].type) !=
+ GNUTLS_EXT_MANDATORY) {
+ _gnutls_ext_set_session_data(session,
+ session->internals.
+ resumed_extension_int_data
+ [i].type,
+ session->internals.
+ resumed_extension_int_data
+ [i].priv);
+ session->internals.resumed_extension_int_data[i].
+ set = 0;
+ }
+ }
}
static void
-_gnutls_ext_set_resumed_session_data (gnutls_session_t session, uint16_t type,
- extension_priv_data_t data)
+_gnutls_ext_set_resumed_session_data(gnutls_session_t session,
+ uint16_t type,
+ extension_priv_data_t data)
{
- int i;
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.resumed_extension_int_data[i].type == type
- || session->internals.resumed_extension_int_data[i].set == 0)
- {
-
- if (session->internals.resumed_extension_int_data[i].set != 0)
- _gnutls_ext_unset_resumed_session_data (session, type);
-
- session->internals.resumed_extension_int_data[i].type = type;
- session->internals.resumed_extension_int_data[i].priv = data;
- session->internals.resumed_extension_int_data[i].set = 1;
- return;
- }
- }
+ int i;
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.resumed_extension_int_data[i].
+ type == type
+ || session->internals.resumed_extension_int_data[i].
+ set == 0) {
+
+ if (session->internals.
+ resumed_extension_int_data[i].set != 0)
+ _gnutls_ext_unset_resumed_session_data
+ (session, type);
+
+ session->internals.resumed_extension_int_data[i].
+ type = type;
+ session->internals.resumed_extension_int_data[i].
+ priv = data;
+ session->internals.resumed_extension_int_data[i].
+ set = 1;
+ return;
+ }
+ }
}
-int
-_gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed)
+int _gnutls_ext_unpack(gnutls_session_t session, gnutls_buffer_st * packed)
{
- int i, ret;
- extension_priv_data_t data;
- gnutls_ext_unpack_func unpack;
- int max_exts = 0;
- uint16_t type;
- int size_for_type, cur_pos;
-
-
- BUFFER_POP_NUM (packed, max_exts);
- for (i = 0; i < max_exts; i++)
- {
- BUFFER_POP_NUM (packed, type);
- BUFFER_POP_NUM (packed, size_for_type);
-
- cur_pos = packed->length;
-
- unpack = _gnutls_ext_func_unpack (type);
- if (unpack == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
-
- ret = unpack (packed, &data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* verify that unpack read the correct bytes */
- cur_pos = cur_pos - packed->length;
- if (cur_pos /* read length */ != size_for_type)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
-
- _gnutls_ext_set_resumed_session_data (session, type, data);
- }
-
- return 0;
-
-error:
- return ret;
+ int i, ret;
+ extension_priv_data_t data;
+ gnutls_ext_unpack_func unpack;
+ int max_exts = 0;
+ uint16_t type;
+ int size_for_type, cur_pos;
+
+
+ BUFFER_POP_NUM(packed, max_exts);
+ for (i = 0; i < max_exts; i++) {
+ BUFFER_POP_NUM(packed, type);
+ BUFFER_POP_NUM(packed, size_for_type);
+
+ cur_pos = packed->length;
+
+ unpack = _gnutls_ext_func_unpack(type);
+ if (unpack == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ ret = unpack(packed, &data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* verify that unpack read the correct bytes */
+ cur_pos = cur_pos - packed->length;
+ if (cur_pos /* read length */ != size_for_type) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ _gnutls_ext_set_resumed_session_data(session, type, data);
+ }
+
+ return 0;
+
+ error:
+ return ret;
}
void
-_gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type)
+_gnutls_ext_unset_session_data(gnutls_session_t session, uint16_t type)
{
- gnutls_ext_deinit_data_func deinit;
- extension_priv_data_t data;
- int ret, i;
-
- deinit = _gnutls_ext_func_deinit (type);
- ret = _gnutls_ext_get_session_data (session, type, &data);
-
- if (ret >= 0 && deinit != NULL)
- {
- deinit (data);
- }
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.extension_int_data[i].type == type)
- {
- session->internals.extension_int_data[i].set = 0;
- return;
- }
- }
+ gnutls_ext_deinit_data_func deinit;
+ extension_priv_data_t data;
+ int ret, i;
+
+ deinit = _gnutls_ext_func_deinit(type);
+ ret = _gnutls_ext_get_session_data(session, type, &data);
+
+ if (ret >= 0 && deinit != NULL) {
+ deinit(data);
+ }
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.extension_int_data[i].type == type) {
+ session->internals.extension_int_data[i].set = 0;
+ return;
+ }
+ }
}
static void
-_gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
- uint16_t type)
+_gnutls_ext_unset_resumed_session_data(gnutls_session_t session,
+ uint16_t type)
{
- gnutls_ext_deinit_data_func deinit;
- extension_priv_data_t data;
- int ret, i;
-
- deinit = _gnutls_ext_func_deinit (type);
- ret = _gnutls_ext_get_resumed_session_data (session, type, &data);
-
- if (ret >= 0 && deinit != NULL)
- {
- deinit (data);
- }
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.resumed_extension_int_data[i].type == type)
- {
- session->internals.resumed_extension_int_data[i].set = 0;
- return;
- }
- }
+ gnutls_ext_deinit_data_func deinit;
+ extension_priv_data_t data;
+ int ret, i;
+
+ deinit = _gnutls_ext_func_deinit(type);
+ ret = _gnutls_ext_get_resumed_session_data(session, type, &data);
+
+ if (ret >= 0 && deinit != NULL) {
+ deinit(data);
+ }
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.resumed_extension_int_data[i].
+ type == type) {
+ session->internals.resumed_extension_int_data[i].
+ set = 0;
+ return;
+ }
+ }
}
/* Deinitializes all data that are associated with TLS extensions.
*/
-void
-_gnutls_ext_free_session_data (gnutls_session_t session)
+void _gnutls_ext_free_session_data(gnutls_session_t session)
{
- unsigned int i;
+ unsigned int i;
- for (i = 0; i < extfunc_size; i++)
- {
- _gnutls_ext_unset_session_data (session, extfunc[i].type);
- }
+ for (i = 0; i < extfunc_size; i++) {
+ _gnutls_ext_unset_session_data(session, extfunc[i].type);
+ }
- for (i = 0; i < extfunc_size; i++)
- {
- _gnutls_ext_unset_resumed_session_data (session, extfunc[i].type);
- }
+ for (i = 0; i < extfunc_size; i++) {
+ _gnutls_ext_unset_resumed_session_data(session,
+ extfunc[i].type);
+ }
}
@@ -665,65 +644,68 @@ _gnutls_ext_free_session_data (gnutls_session_t session)
* private pointer, to allow API additions by individual extensions.
*/
void
-_gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
- extension_priv_data_t data)
+_gnutls_ext_set_session_data(gnutls_session_t session, uint16_t type,
+ extension_priv_data_t data)
{
- unsigned int i;
- gnutls_ext_deinit_data_func deinit;
-
- deinit = _gnutls_ext_func_deinit (type);
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.extension_int_data[i].type == type
- || session->internals.extension_int_data[i].set == 0)
- {
- if (session->internals.extension_int_data[i].set != 0)
- {
- if (deinit)
- deinit (session->internals.extension_int_data[i].priv);
- }
- session->internals.extension_int_data[i].type = type;
- session->internals.extension_int_data[i].priv = data;
- session->internals.extension_int_data[i].set = 1;
- return;
- }
- }
+ unsigned int i;
+ gnutls_ext_deinit_data_func deinit;
+
+ deinit = _gnutls_ext_func_deinit(type);
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.extension_int_data[i].type == type
+ || session->internals.extension_int_data[i].set == 0) {
+ if (session->internals.extension_int_data[i].set !=
+ 0) {
+ if (deinit)
+ deinit(session->internals.
+ extension_int_data[i].priv);
+ }
+ session->internals.extension_int_data[i].type =
+ type;
+ session->internals.extension_int_data[i].priv =
+ data;
+ session->internals.extension_int_data[i].set = 1;
+ return;
+ }
+ }
}
int
-_gnutls_ext_get_session_data (gnutls_session_t session,
- uint16_t type, extension_priv_data_t * data)
+_gnutls_ext_get_session_data(gnutls_session_t session,
+ uint16_t type, extension_priv_data_t * data)
{
- int i;
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.extension_int_data[i].set != 0 &&
- session->internals.extension_int_data[i].type == type)
- {
- *data = session->internals.extension_int_data[i].priv;
- return 0;
- }
- }
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ int i;
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.extension_int_data[i].set != 0 &&
+ session->internals.extension_int_data[i].type == type)
+ {
+ *data =
+ session->internals.extension_int_data[i].priv;
+ return 0;
+ }
+ }
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
int
-_gnutls_ext_get_resumed_session_data (gnutls_session_t session,
- uint16_t type,
- extension_priv_data_t * data)
+_gnutls_ext_get_resumed_session_data(gnutls_session_t session,
+ uint16_t type,
+ extension_priv_data_t * data)
{
- int i;
-
- for (i = 0; i < MAX_EXT_TYPES; i++)
- {
- if (session->internals.resumed_extension_int_data[i].set != 0 &&
- session->internals.resumed_extension_int_data[i].type == type)
- {
- *data = session->internals.resumed_extension_int_data[i].priv;
- return 0;
- }
- }
- return GNUTLS_E_INVALID_REQUEST;
+ int i;
+
+ for (i = 0; i < MAX_EXT_TYPES; i++) {
+ if (session->internals.resumed_extension_int_data[i].set !=
+ 0
+ && session->internals.resumed_extension_int_data[i].
+ type == type) {
+ *data =
+ session->internals.
+ resumed_extension_int_data[i].priv;
+ return 0;
+ }
+ }
+ return GNUTLS_E_INVALID_REQUEST;
}
diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h
index c6ab1e6608..11c0faf1b4 100644
--- a/lib/gnutls_extensions.h
+++ b/lib/gnutls_extensions.h
@@ -26,74 +26,77 @@
#include <gnutls_str.h>
typedef int (*gnutls_ext_recv_func) (gnutls_session_t session,
- const unsigned char *data, size_t len);
+ const unsigned char *data,
+ size_t len);
typedef int (*gnutls_ext_send_func) (gnutls_session_t session,
- gnutls_buffer_st *extdata);
+ gnutls_buffer_st * extdata);
-int _gnutls_parse_extensions (gnutls_session_t session,
- gnutls_ext_parse_type_t parse_type,
- const uint8_t * data, int data_size);
-int _gnutls_gen_extensions (gnutls_session_t session, gnutls_buffer_st * extdata,
- gnutls_ext_parse_type_t);
-int _gnutls_ext_init (void);
-void _gnutls_ext_deinit (void);
+int _gnutls_parse_extensions(gnutls_session_t session,
+ gnutls_ext_parse_type_t parse_type,
+ const uint8_t * data, int data_size);
+int _gnutls_gen_extensions(gnutls_session_t session,
+ gnutls_buffer_st * extdata,
+ gnutls_ext_parse_type_t);
+int _gnutls_ext_init(void);
+void _gnutls_ext_deinit(void);
-void _gnutls_extension_list_add (gnutls_session_t session, uint16_t type);
+void _gnutls_extension_list_add(gnutls_session_t session, uint16_t type);
typedef void (*gnutls_ext_deinit_data_func) (extension_priv_data_t data);
typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data,
- gnutls_buffer_st * packed_data);
+ gnutls_buffer_st * packed_data);
typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st * packed_data,
- extension_priv_data_t * data);
+ extension_priv_data_t * data);
typedef int (*gnutls_ext_epoch_func) (gnutls_session_t session);
-void _gnutls_ext_free_session_data (gnutls_session_t session);
+void _gnutls_ext_free_session_data(gnutls_session_t session);
/* functions to be used by extensions internally
*/
-void _gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type);
-void _gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
- extension_priv_data_t);
-int _gnutls_ext_get_session_data (gnutls_session_t session,
- uint16_t type, extension_priv_data_t *);
-int _gnutls_ext_get_resumed_session_data (gnutls_session_t session,
- uint16_t type,
- extension_priv_data_t * data);
-
-void _gnutls_ext_restore_resumed_session (gnutls_session_t session);
-int _gnutls_ext_before_epoch_change (gnutls_session_t session);
+void _gnutls_ext_unset_session_data(gnutls_session_t session,
+ uint16_t type);
+void _gnutls_ext_set_session_data(gnutls_session_t session, uint16_t type,
+ extension_priv_data_t);
+int _gnutls_ext_get_session_data(gnutls_session_t session, uint16_t type,
+ extension_priv_data_t *);
+int _gnutls_ext_get_resumed_session_data(gnutls_session_t session,
+ uint16_t type,
+ extension_priv_data_t * data);
+
+void _gnutls_ext_restore_resumed_session(gnutls_session_t session);
+int _gnutls_ext_before_epoch_change(gnutls_session_t session);
/* for session packing */
-int _gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed);
-int _gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed);
-
-typedef struct
-{
- const char *name;
- uint16_t type;
- gnutls_ext_parse_type_t parse_type;
-
- /* this function must return 0 when Not Applicable
- * size of extension data if ok
- * < 0 on other error.
- */
- gnutls_ext_recv_func recv_func;
-
- /* this function must return 0 when Not Applicable
- * size of extension data if ok
- * GNUTLS_E_INT_RET_0 if extension data size is zero
- * < 0 on other error.
- */
- gnutls_ext_send_func send_func;
-
- gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize
- * internal data
- */
- gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */
- gnutls_ext_unpack_func unpack_func; /* unpacks internal data */
- gnutls_ext_epoch_func epoch_func; /* called after the handshake is finished */
+int _gnutls_ext_pack(gnutls_session_t session, gnutls_buffer_st * packed);
+int _gnutls_ext_unpack(gnutls_session_t session,
+ gnutls_buffer_st * packed);
+
+typedef struct {
+ const char *name;
+ uint16_t type;
+ gnutls_ext_parse_type_t parse_type;
+
+ /* this function must return 0 when Not Applicable
+ * size of extension data if ok
+ * < 0 on other error.
+ */
+ gnutls_ext_recv_func recv_func;
+
+ /* this function must return 0 when Not Applicable
+ * size of extension data if ok
+ * GNUTLS_E_INT_RET_0 if extension data size is zero
+ * < 0 on other error.
+ */
+ gnutls_ext_send_func send_func;
+
+ gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize
+ * internal data
+ */
+ gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */
+ gnutls_ext_unpack_func unpack_func; /* unpacks internal data */
+ gnutls_ext_epoch_func epoch_func; /* called after the handshake is finished */
} extension_entry_st;
-int _gnutls_ext_register (extension_entry_st *);
+int _gnutls_ext_register(extension_entry_st *);
#endif
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index af291e17d7..d686ce8c35 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -27,7 +27,7 @@
#include <random.h>
#include <gnutls/pkcs11.h>
-#include <gnutls_extensions.h> /* for _gnutls_ext_init */
+#include <gnutls_extensions.h> /* for _gnutls_ext_init */
#include <locks.h>
#include <system.h>
#include <accelerated/cryptodev.h>
@@ -49,7 +49,7 @@ ASN1_TYPE _gnutls_gnutls_asn;
gnutls_log_func _gnutls_log_func = NULL;
gnutls_audit_log_func _gnutls_audit_log_func = NULL;
-int _gnutls_log_level = 0; /* default log level */
+int _gnutls_log_level = 0; /* default log level */
/**
* gnutls_global_set_log_function:
@@ -63,10 +63,9 @@ int _gnutls_log_level = 0; /* default log level */
* @gnutls_log_func is of the form,
* void (*gnutls_log_func)( int level, const char*);
**/
-void
-gnutls_global_set_log_function (gnutls_log_func log_func)
+void gnutls_global_set_log_function(gnutls_log_func log_func)
{
- _gnutls_log_func = log_func;
+ _gnutls_log_func = log_func;
}
/**
@@ -84,10 +83,9 @@ gnutls_global_set_log_function (gnutls_log_func log_func)
*
* Since: 3.0
**/
-void
-gnutls_global_set_audit_log_function (gnutls_audit_log_func log_func)
+void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func)
{
- _gnutls_audit_log_func = log_func;
+ _gnutls_audit_log_func = log_func;
}
/**
@@ -100,10 +98,9 @@ gnutls_global_set_audit_log_function (gnutls_audit_log_func log_func)
*
* Since: 2.12.0
**/
-void
-gnutls_global_set_time_function (gnutls_time_func time_func)
+void gnutls_global_set_time_function(gnutls_time_func time_func)
{
- gnutls_time = time_func;
+ gnutls_time = time_func;
}
/**
@@ -117,10 +114,9 @@ gnutls_global_set_time_function (gnutls_time_func time_func)
*
* Use a log level over 10 to enable all debugging options.
**/
-void
-gnutls_global_set_log_level (int level)
+void gnutls_global_set_log_level(int level)
{
- _gnutls_log_level = level;
+ _gnutls_log_level = level;
}
/**
@@ -141,29 +137,26 @@ gnutls_global_set_log_level (int level)
* This function is not thread safe.
**/
void
-gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
- gnutls_alloc_function secure_alloc_func,
- gnutls_is_secure_function is_secure_func,
- gnutls_realloc_function realloc_func,
- gnutls_free_function free_func)
+gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func,
+ gnutls_alloc_function secure_alloc_func,
+ gnutls_is_secure_function is_secure_func,
+ gnutls_realloc_function realloc_func,
+ gnutls_free_function free_func)
{
- gnutls_secure_malloc = secure_alloc_func;
- gnutls_malloc = alloc_func;
- gnutls_realloc = realloc_func;
- gnutls_free = free_func;
-
- /* if using the libc's default malloc
- * use libc's calloc as well.
- */
- if (gnutls_malloc == malloc)
- {
- gnutls_calloc = calloc;
- }
- else
- { /* use the included ones */
- gnutls_calloc = _gnutls_calloc;
- }
- gnutls_strdup = _gnutls_strdup;
+ gnutls_secure_malloc = secure_alloc_func;
+ gnutls_malloc = alloc_func;
+ gnutls_realloc = realloc_func;
+ gnutls_free = free_func;
+
+ /* if using the libc's default malloc
+ * use libc's calloc as well.
+ */
+ if (gnutls_malloc == malloc) {
+ gnutls_calloc = calloc;
+ } else { /* use the included ones */
+ gnutls_calloc = _gnutls_calloc;
+ }
+ gnutls_strdup = _gnutls_strdup;
}
@@ -196,94 +189,85 @@ static int _gnutls_init = 0;
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
-int
-gnutls_global_init (void)
+int gnutls_global_init(void)
{
- int result = 0;
- int res;
-
- if (_gnutls_init++)
- goto out;
-
- if (gl_sockets_startup (SOCKETS_1_1))
- return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
-
- bindtextdomain (PACKAGE, LOCALEDIR);
-
- res = gnutls_crypto_init ();
- if (res != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CRYPTO_INIT_FAILED;
- }
-
- _gnutls_register_accel_crypto();
-
- /* initialize ASN.1 parser
- * This should not deal with files in the final
- * version.
- */
- if (asn1_check_version (GNUTLS_MIN_LIBTASN1_VERSION) == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Checking for libtasn1 failed: %s < %s\n",
- asn1_check_version (NULL),
- GNUTLS_MIN_LIBTASN1_VERSION);
- return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
- }
-
- res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
- if (res != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (res);
- goto out;
- }
-
- res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
- if (res != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (res);
- goto out;
- }
-
- /* Initialize the random generator */
- result = _gnutls_rnd_init ();
- if (result < 0)
- {
- gnutls_assert ();
- goto out;
- }
-
- /* Initialize the default TLS extensions */
- result = _gnutls_ext_init ();
- if (result < 0)
- {
- gnutls_assert ();
- goto out;
- }
-
- result = gnutls_mutex_init(&_gnutls_file_mutex);
- if (result < 0)
- {
- gnutls_assert();
- goto out;
- }
-
- result = gnutls_system_global_init ();
- if (result < 0)
- {
- gnutls_assert ();
- goto out;
- }
-
+ int result = 0;
+ int res;
+
+ if (_gnutls_init++)
+ goto out;
+
+ if (gl_sockets_startup(SOCKETS_1_1))
+ return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+
+ bindtextdomain(PACKAGE, LOCALEDIR);
+
+ res = gnutls_crypto_init();
+ if (res != 0) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTO_INIT_FAILED;
+ }
+
+ _gnutls_register_accel_crypto();
+
+ /* initialize ASN.1 parser
+ * This should not deal with files in the final
+ * version.
+ */
+ if (asn1_check_version(GNUTLS_MIN_LIBTASN1_VERSION) == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Checking for libtasn1 failed: %s < %s\n",
+ asn1_check_version(NULL),
+ GNUTLS_MIN_LIBTASN1_VERSION);
+ return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
+ }
+
+ res = asn1_array2tree(pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
+ if (res != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(res);
+ goto out;
+ }
+
+ res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
+ if (res != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(res);
+ goto out;
+ }
+
+ /* Initialize the random generator */
+ result = _gnutls_rnd_init();
+ if (result < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ /* Initialize the default TLS extensions */
+ result = _gnutls_ext_init();
+ if (result < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ result = gnutls_mutex_init(&_gnutls_file_mutex);
+ if (result < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ result = gnutls_system_global_init();
+ if (result < 0) {
+ gnutls_assert();
+ goto out;
+ }
#ifdef ENABLE_PKCS11
- gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
+ gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL);
#endif
- _gnutls_cryptodev_init ();
+ _gnutls_cryptodev_init();
-out:
- return result;
+ out:
+ return result;
}
/**
@@ -295,26 +279,24 @@ out:
* Note! This function is not thread safe. See the discussion for
* gnutls_global_init() for more information.
**/
-void
-gnutls_global_deinit (void)
+void gnutls_global_deinit(void)
{
- if (_gnutls_init == 1)
- {
- gl_sockets_cleanup ();
- gnutls_crypto_deinit();
- _gnutls_rnd_deinit ();
- _gnutls_ext_deinit ();
- asn1_delete_structure (&_gnutls_gnutls_asn);
- asn1_delete_structure (&_gnutls_pkix1_asn);
- _gnutls_crypto_deregister ();
- _gnutls_cryptodev_deinit ();
- gnutls_system_global_deinit ();
+ if (_gnutls_init == 1) {
+ gl_sockets_cleanup();
+ gnutls_crypto_deinit();
+ _gnutls_rnd_deinit();
+ _gnutls_ext_deinit();
+ asn1_delete_structure(&_gnutls_gnutls_asn);
+ asn1_delete_structure(&_gnutls_pkix1_asn);
+ _gnutls_crypto_deregister();
+ _gnutls_cryptodev_deinit();
+ gnutls_system_global_deinit();
#ifdef ENABLE_PKCS11
- gnutls_pkcs11_deinit ();
+ gnutls_pkcs11_deinit();
#endif
- gnutls_mutex_deinit(&_gnutls_file_mutex);
- }
- _gnutls_init--;
+ gnutls_mutex_deinit(&_gnutls_file_mutex);
+ }
+ _gnutls_init--;
}
/* These functions should be elsewere. Kept here for
@@ -336,11 +318,10 @@ gnutls_global_deinit (void)
* condition is not met. If %NULL is passed to this function no
* check is done and only the version string is returned.
**/
-const char *
-gnutls_check_version (const char *req_version)
+const char *gnutls_check_version(const char *req_version)
{
- if (!req_version || strverscmp (req_version, VERSION) <= 0)
- return VERSION;
+ if (!req_version || strverscmp(req_version, VERSION) <= 0)
+ return VERSION;
- return NULL;
+ return NULL;
}
diff --git a/lib/gnutls_global.h b/lib/gnutls_global.h
index a5f6b36b39..31e759ef81 100644
--- a/lib/gnutls_global.h
+++ b/lib/gnutls_global.h
@@ -26,7 +26,7 @@
#include <libtasn1.h>
#include <gnutls/gnutls.h>
-int gnutls_is_secure_memory (const void *mem);
+int gnutls_is_secure_memory(const void *mem);
extern ASN1_TYPE _gnutls_pkix1_asn;
extern ASN1_TYPE _gnutls_gnutls_asn;
@@ -41,7 +41,7 @@ extern ASN1_TYPE _gnutls_gnutls_asn;
extern gnutls_log_func _gnutls_log_func;
extern gnutls_audit_log_func _gnutls_audit_log_func;
extern int _gnutls_log_level;
-extern int gnutls_crypto_init (void);
-extern void gnutls_crypto_deinit (void);
+extern int gnutls_crypto_init(void);
+extern void gnutls_crypto_deinit(void);
#endif
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 7e5cc8b0d4..9b924c9b1c 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -49,8 +49,8 @@
#include <ext/session_ticket.h>
#include <ext/status_request.h>
#include <ext/safe_renegotiation.h>
-#include <auth/anon.h> /* for gnutls_anon_server_credentials_t */
-#include <auth/psk.h> /* for gnutls_psk_server_credentials_t */
+#include <auth/anon.h> /* for gnutls_anon_server_credentials_t */
+#include <auth/psk.h> /* for gnutls_psk_server_credentials_t */
#include <random.h>
#include <gnutls_dtls.h>
@@ -63,202 +63,206 @@
#define TRUE 1
#define FALSE 0
-static int _gnutls_server_select_comp_method (gnutls_session_t session,
- uint8_t * data, int datalen);
+static int _gnutls_server_select_comp_method(gnutls_session_t session,
+ uint8_t * data, int datalen);
static int
-_gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
- uint8_t * cipher_suites,
- int cipher_suites_size,
- gnutls_pk_algorithm_t *pk_algos,
- size_t pk_algos_size);
-static int _gnutls_handshake_client (gnutls_session_t session);
-static int _gnutls_handshake_server (gnutls_session_t session);
+_gnutls_remove_unwanted_ciphersuites(gnutls_session_t session,
+ uint8_t * cipher_suites,
+ int cipher_suites_size,
+ gnutls_pk_algorithm_t * pk_algos,
+ size_t pk_algos_size);
+static int _gnutls_handshake_client(gnutls_session_t session);
+static int _gnutls_handshake_server(gnutls_session_t session);
static int
-_gnutls_recv_handshake_final (gnutls_session_t session, int init);
+_gnutls_recv_handshake_final(gnutls_session_t session, int init);
static int
-_gnutls_send_handshake_final (gnutls_session_t session, int init);
+_gnutls_send_handshake_final(gnutls_session_t session, int init);
/* Empties but does not free the buffer
*/
static inline void
-_gnutls_handshake_hash_buffer_empty (gnutls_session_t session)
+_gnutls_handshake_hash_buffer_empty(gnutls_session_t session)
{
- _gnutls_buffers_log ("BUF[HSK]: Emptied buffer\n");
+ _gnutls_buffers_log("BUF[HSK]: Emptied buffer\n");
- session->internals.handshake_hash_buffer_prev_len = 0;
- session->internals.handshake_hash_buffer.length = 0;
- return;
+ session->internals.handshake_hash_buffer_prev_len = 0;
+ session->internals.handshake_hash_buffer.length = 0;
+ return;
}
static int
-_gnutls_handshake_hash_add_recvd (gnutls_session_t session,
- gnutls_handshake_description_t recv_type,
- uint8_t * header, uint16_t header_size,
- uint8_t * dataptr, uint32_t datalen);
+_gnutls_handshake_hash_add_recvd(gnutls_session_t session,
+ gnutls_handshake_description_t recv_type,
+ uint8_t * header, uint16_t header_size,
+ uint8_t * dataptr, uint32_t datalen);
static int
-_gnutls_handshake_hash_add_sent (gnutls_session_t session,
- gnutls_handshake_description_t type,
- uint8_t * dataptr, uint32_t datalen);
+_gnutls_handshake_hash_add_sent(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ uint8_t * dataptr, uint32_t datalen);
static int
-_gnutls_recv_hello_verify_request (gnutls_session_t session,
- uint8_t * data, int datalen);
+_gnutls_recv_hello_verify_request(gnutls_session_t session,
+ uint8_t * data, int datalen);
/* Clears the handshake hash buffers and handles.
*/
-void
-_gnutls_handshake_hash_buffers_clear (gnutls_session_t session)
+void _gnutls_handshake_hash_buffers_clear(gnutls_session_t session)
{
- session->internals.handshake_hash_buffer_prev_len = 0;
- _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
+ session->internals.handshake_hash_buffer_prev_len = 0;
+ _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
}
/* this will copy the required values for resuming to
* internals, and to security_parameters.
* this will keep as less data to security_parameters.
*/
-static int
-resume_copy_required_values (gnutls_session_t session)
+static int resume_copy_required_values(gnutls_session_t session)
{
-int ret;
-
- /* get the new random values */
- memcpy (session->internals.resumed_security_parameters.server_random,
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
- memcpy (session->internals.resumed_security_parameters.client_random,
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
-
- /* keep the ciphersuite and compression
- * That is because the client must see these in our
- * hello message.
- */
- memcpy (session->security_parameters.cipher_suite,
- session->internals.resumed_security_parameters.cipher_suite, 2);
- session->security_parameters.compression_method = session->internals.resumed_security_parameters.compression_method;
-
- ret = _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- session->
- internals.resumed_security_parameters.cipher_suite);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_epoch_set_compression (session, EPOCH_NEXT,
- session->
- internals.resumed_security_parameters.compression_method);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* or write_compression_algorithm
- * they are the same
- */
-
- session->security_parameters.entity =
- session->internals.resumed_security_parameters.entity;
-
- if (session->internals.resumed_security_parameters.pversion == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- _gnutls_set_current_version (session,
- session->internals.resumed_security_parameters.
- pversion->id);
-
- session->security_parameters.cert_type =
- session->internals.resumed_security_parameters.cert_type;
-
- memcpy (session->security_parameters.session_id,
- session->internals.resumed_security_parameters.session_id,
- sizeof (session->security_parameters.session_id));
- session->security_parameters.session_id_size =
- session->internals.resumed_security_parameters.session_id_size;
-
- return 0;
+ int ret;
+
+ /* get the new random values */
+ memcpy(session->internals.resumed_security_parameters.
+ server_random, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(session->internals.resumed_security_parameters.
+ client_random, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+
+ /* keep the ciphersuite and compression
+ * That is because the client must see these in our
+ * hello message.
+ */
+ memcpy(session->security_parameters.cipher_suite,
+ session->internals.resumed_security_parameters.cipher_suite,
+ 2);
+ session->security_parameters.compression_method =
+ session->internals.resumed_security_parameters.
+ compression_method;
+
+ ret = _gnutls_epoch_set_cipher_suite(session, EPOCH_NEXT,
+ session->internals.
+ resumed_security_parameters.
+ cipher_suite);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_epoch_set_compression(session, EPOCH_NEXT,
+ session->internals.
+ resumed_security_parameters.
+ compression_method);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* or write_compression_algorithm
+ * they are the same
+ */
+
+ session->security_parameters.entity =
+ session->internals.resumed_security_parameters.entity;
+
+ if (session->internals.resumed_security_parameters.pversion ==
+ NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ _gnutls_set_current_version(session,
+ session->internals.
+ resumed_security_parameters.pversion->
+ id);
+
+ session->security_parameters.cert_type =
+ session->internals.resumed_security_parameters.cert_type;
+
+ memcpy(session->security_parameters.session_id,
+ session->internals.resumed_security_parameters.session_id,
+ sizeof(session->security_parameters.session_id));
+ session->security_parameters.session_id_size =
+ session->internals.resumed_security_parameters.session_id_size;
+
+ return 0;
}
/* this function will produce GNUTLS_RANDOM_SIZE==32 bytes of random data
* and put it to dst.
*/
-static int
-_gnutls_tls_create_random (uint8_t * dst)
+static int _gnutls_tls_create_random(uint8_t * dst)
{
- uint32_t tim;
- int ret;
-
- /* Use weak random numbers for the most of the
- * buffer except for the first 4 that are the
- * system's time.
- */
-
- tim = gnutls_time (NULL);
- /* generate server random value */
- _gnutls_write_uint32 (tim, dst);
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, &dst[4], GNUTLS_RANDOM_SIZE - 4);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ uint32_t tim;
+ int ret;
+
+ /* Use weak random numbers for the most of the
+ * buffer except for the first 4 that are the
+ * system's time.
+ */
+
+ tim = gnutls_time(NULL);
+ /* generate server random value */
+ _gnutls_write_uint32(tim, dst);
+
+ ret =
+ _gnutls_rnd(GNUTLS_RND_NONCE, &dst[4], GNUTLS_RANDOM_SIZE - 4);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-int
-_gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd)
+int _gnutls_set_client_random(gnutls_session_t session, uint8_t * rnd)
{
-int ret;
-
- if (rnd != NULL)
- memcpy (session->security_parameters.client_random, rnd,
- GNUTLS_RANDOM_SIZE);
- else
- {
- /* no random given, we generate. */
- if (session->internals.sc_random_set != 0)
- {
- memcpy (session->security_parameters.client_random,
- session->internals.resumed_security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- }
- else
- {
- ret = _gnutls_tls_create_random (session->security_parameters.client_random);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
- return 0;
+ int ret;
+
+ if (rnd != NULL)
+ memcpy(session->security_parameters.client_random, rnd,
+ GNUTLS_RANDOM_SIZE);
+ else {
+ /* no random given, we generate. */
+ if (session->internals.sc_random_set != 0) {
+ memcpy(session->security_parameters.client_random,
+ session->internals.
+ resumed_security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ } else {
+ ret =
+ _gnutls_tls_create_random(session->
+ security_parameters.
+ client_random);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ }
+ return 0;
}
-int
-_gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd)
+int _gnutls_set_server_random(gnutls_session_t session, uint8_t * rnd)
{
-int ret;
-
- if (rnd != NULL)
- memcpy (session->security_parameters.server_random, rnd,
- GNUTLS_RANDOM_SIZE);
- else
- {
- /* no random given, we generate. */
- if (session->internals.sc_random_set != 0)
- {
- memcpy (session->security_parameters.server_random,
- session->internals.resumed_security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- }
- else
- {
- ret = _gnutls_tls_create_random (session->security_parameters.server_random);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
- return 0;
+ int ret;
+
+ if (rnd != NULL)
+ memcpy(session->security_parameters.server_random, rnd,
+ GNUTLS_RANDOM_SIZE);
+ else {
+ /* no random given, we generate. */
+ if (session->internals.sc_random_set != 0) {
+ memcpy(session->security_parameters.server_random,
+ session->internals.
+ resumed_security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ } else {
+ ret =
+ _gnutls_tls_create_random(session->
+ security_parameters.
+ server_random);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ }
+ return 0;
}
/* Calculate The SSL3 Finished message
@@ -267,62 +271,62 @@ int ret;
#define SSL3_SERVER_MSG "SRVR"
#define SSL_MSG_LEN 4
static int
-_gnutls_ssl3_finished (gnutls_session_t session, int type, uint8_t * ret, int sending)
+_gnutls_ssl3_finished(gnutls_session_t session, int type, uint8_t * ret,
+ int sending)
{
- digest_hd_st td_md5;
- digest_hd_st td_sha;
- const char *mesg;
- int rc, len;
-
- if (sending)
- len = session->internals.handshake_hash_buffer.length;
- else
- len = session->internals.handshake_hash_buffer_prev_len;
-
- rc = _gnutls_hash_init (&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
- if (rc < 0)
- return gnutls_assert_val(rc);
-
- rc = _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
- if (rc < 0)
- {
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(rc);
- }
-
- _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, len);
- _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, len);
-
- if (type == GNUTLS_SERVER)
- mesg = SSL3_SERVER_MSG;
- else
- mesg = SSL3_CLIENT_MSG;
-
- _gnutls_hash (&td_md5, mesg, SSL_MSG_LEN);
- _gnutls_hash (&td_sha, mesg, SSL_MSG_LEN);
-
- rc = _gnutls_mac_deinit_ssl3_handshake (&td_md5, ret,
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (rc < 0)
- {
- _gnutls_hash_deinit (&td_md5, NULL);
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(rc);
- }
-
- rc = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &ret[16],
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (rc < 0)
- {
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(rc);
- }
-
- return 0;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ const char *mesg;
+ int rc, len;
+
+ if (sending)
+ len = session->internals.handshake_hash_buffer.length;
+ else
+ len = session->internals.handshake_hash_buffer_prev_len;
+
+ rc = _gnutls_hash_init(&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
+ if (rc < 0)
+ return gnutls_assert_val(rc);
+
+ rc = _gnutls_hash_init(&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
+ if (rc < 0) {
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return gnutls_assert_val(rc);
+ }
+
+ _gnutls_hash(&td_sha,
+ session->internals.handshake_hash_buffer.data, len);
+ _gnutls_hash(&td_md5,
+ session->internals.handshake_hash_buffer.data, len);
+
+ if (type == GNUTLS_SERVER)
+ mesg = SSL3_SERVER_MSG;
+ else
+ mesg = SSL3_CLIENT_MSG;
+
+ _gnutls_hash(&td_md5, mesg, SSL_MSG_LEN);
+ _gnutls_hash(&td_sha, mesg, SSL_MSG_LEN);
+
+ rc = _gnutls_mac_deinit_ssl3_handshake(&td_md5, ret,
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (rc < 0) {
+ _gnutls_hash_deinit(&td_md5, NULL);
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return gnutls_assert_val(rc);
+ }
+
+ rc = _gnutls_mac_deinit_ssl3_handshake(&td_sha, &ret[16],
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (rc < 0) {
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return gnutls_assert_val(rc);
+ }
+
+ return 0;
}
/* Hash the handshake messages as required by TLS 1.0
@@ -331,114 +335,117 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, uint8_t * ret, int se
#define CLIENT_MSG "client finished"
#define TLS_MSG_LEN 15
static int
-_gnutls_finished (gnutls_session_t session, int type, void *ret, int sending)
+_gnutls_finished(gnutls_session_t session, int type, void *ret,
+ int sending)
{
- const int siz = TLS_MSG_LEN;
- uint8_t concat[MAX_HASH_SIZE + 16 /*MD5 */ ];
- size_t hash_len;
- const char *mesg;
- int rc, len;
-
- if (sending)
- len = session->internals.handshake_hash_buffer.length;
- else
- len = session->internals.handshake_hash_buffer_prev_len;
-
- if (!_gnutls_version_has_selectable_prf (get_version(session)))
- {
- rc = _gnutls_hash_fast( GNUTLS_DIG_SHA1, session->internals.handshake_hash_buffer.data, len, &concat[16]);
- if (rc < 0)
- return gnutls_assert_val(rc);
-
- rc = _gnutls_hash_fast( GNUTLS_DIG_MD5, session->internals.handshake_hash_buffer.data, len, concat);
- if (rc < 0)
- return gnutls_assert_val(rc);
-
- hash_len = 20 + 16;
- }
- else
- {
- int algorithm = _gnutls_cipher_suite_get_prf(session->security_parameters.cipher_suite);
-
- rc = _gnutls_hash_fast( algorithm, session->internals.handshake_hash_buffer.data, len, concat);
- if (rc < 0)
- return gnutls_assert_val(rc);
-
- hash_len = _gnutls_hash_get_algo_len (mac_to_entry(algorithm));
- }
-
- if (type == GNUTLS_SERVER)
- {
- mesg = SERVER_MSG;
- }
- else
- {
- mesg = CLIENT_MSG;
- }
-
- return _gnutls_PRF (session, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, mesg, siz, concat, hash_len, 12, ret);
+ const int siz = TLS_MSG_LEN;
+ uint8_t concat[MAX_HASH_SIZE + 16 /*MD5 */ ];
+ size_t hash_len;
+ const char *mesg;
+ int rc, len;
+
+ if (sending)
+ len = session->internals.handshake_hash_buffer.length;
+ else
+ len = session->internals.handshake_hash_buffer_prev_len;
+
+ if (!_gnutls_version_has_selectable_prf(get_version(session))) {
+ rc = _gnutls_hash_fast(GNUTLS_DIG_SHA1,
+ session->internals.
+ handshake_hash_buffer.data, len,
+ &concat[16]);
+ if (rc < 0)
+ return gnutls_assert_val(rc);
+
+ rc = _gnutls_hash_fast(GNUTLS_DIG_MD5,
+ session->internals.
+ handshake_hash_buffer.data, len,
+ concat);
+ if (rc < 0)
+ return gnutls_assert_val(rc);
+
+ hash_len = 20 + 16;
+ } else {
+ int algorithm =
+ _gnutls_cipher_suite_get_prf(session->
+ security_parameters.
+ cipher_suite);
+
+ rc = _gnutls_hash_fast(algorithm,
+ session->internals.
+ handshake_hash_buffer.data, len,
+ concat);
+ if (rc < 0)
+ return gnutls_assert_val(rc);
+
+ hash_len =
+ _gnutls_hash_get_algo_len(mac_to_entry(algorithm));
+ }
+
+ if (type == GNUTLS_SERVER) {
+ mesg = SERVER_MSG;
+ } else {
+ mesg = CLIENT_MSG;
+ }
+
+ return _gnutls_PRF(session,
+ session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, mesg, siz, concat, hash_len,
+ 12, ret);
}
/* returns the 0 on success or a negative error code.
*/
int
-_gnutls_negotiate_version (gnutls_session_t session,
- gnutls_protocol_t adv_version)
+_gnutls_negotiate_version(gnutls_session_t session,
+ gnutls_protocol_t adv_version)
{
- int ret;
-
- /* if we do not support that version */
- if (_gnutls_version_is_supported (session, adv_version) == 0)
- {
- /* If he requested something we do not support
- * then we send him the highest we support.
- */
- ret = _gnutls_version_max (session);
- if (ret == GNUTLS_VERSION_UNKNOWN)
- {
- /* this check is not really needed.
- */
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
- }
- }
- else
- {
- ret = adv_version;
- }
-
- _gnutls_set_current_version (session, ret);
-
- return ret;
+ int ret;
+
+ /* if we do not support that version */
+ if (_gnutls_version_is_supported(session, adv_version) == 0) {
+ /* If he requested something we do not support
+ * then we send him the highest we support.
+ */
+ ret = _gnutls_version_max(session);
+ if (ret == GNUTLS_VERSION_UNKNOWN) {
+ /* this check is not really needed.
+ */
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+ } else {
+ ret = adv_version;
+ }
+
+ _gnutls_set_current_version(session, ret);
+
+ return ret;
}
int
-_gnutls_user_hello_func (gnutls_session_t session,
- gnutls_protocol_t adv_version)
+_gnutls_user_hello_func(gnutls_session_t session,
+ gnutls_protocol_t adv_version)
{
- int ret;
-
- if (session->internals.user_hello_func != NULL)
- {
- ret = session->internals.user_hello_func (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- /* Here we need to renegotiate the version since the callee might
- * have disabled some TLS versions.
- */
- ret = _gnutls_negotiate_version (session, adv_version);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- return 0;
+ int ret;
+
+ if (session->internals.user_hello_func != NULL) {
+ ret = session->internals.user_hello_func(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ /* Here we need to renegotiate the version since the callee might
+ * have disabled some TLS versions.
+ */
+ ret = _gnutls_negotiate_version(session, adv_version);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ return 0;
}
/* Read a client hello packet.
@@ -447,617 +454,613 @@ _gnutls_user_hello_func (gnutls_session_t session,
* since SSL version 2.0 is not supported).
*/
static int
-_gnutls_read_client_hello (gnutls_session_t session, uint8_t * data,
- int datalen)
+_gnutls_read_client_hello(gnutls_session_t session, uint8_t * data,
+ int datalen)
{
- uint8_t session_id_len;
- int pos = 0, ret;
- uint16_t suite_size, comp_size;
- gnutls_protocol_t adv_version;
- int neg_version;
- int len = datalen;
- uint8_t *suite_ptr, *comp_ptr, *session_id;
-
- DECR_LEN (len, 2);
-
- _gnutls_handshake_log ("HSK[%p]: Client's version: %d.%d\n", session,
- data[pos], data[pos + 1]);
-
- adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
- set_adv_version (session, data[pos], data[pos + 1]);
- pos += 2;
-
- neg_version = _gnutls_negotiate_version (session, adv_version);
- if (neg_version < 0)
- {
- gnutls_assert ();
- return neg_version;
- }
-
- /* Read client random value.
- */
- DECR_LEN (len, GNUTLS_RANDOM_SIZE);
- ret = _gnutls_set_client_random (session, &data[pos]);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- pos += GNUTLS_RANDOM_SIZE;
-
- ret = _gnutls_set_server_random (session, NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- session->security_parameters.timestamp = gnutls_time (NULL);
-
- DECR_LEN (len, 1);
- session_id_len = data[pos++];
-
- /* RESUME SESSION
- */
- if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- DECR_LEN (len, session_id_len);
- session_id = &data[pos];
- pos += session_id_len;
-
- if (IS_DTLS(session))
- {
- int cookie_size;
-
- DECR_LEN (len, 1);
- cookie_size = data[pos++];
- DECR_LEN (len, cookie_size);
- pos+=cookie_size;
- }
-
- ret = _gnutls_server_restore_session (session, session_id, session_id_len);
-
- if (session_id_len > 0) session->internals.resumption_requested = 1;
-
- if (ret == 0)
- { /* resumed using default TLS resumption! */
- /* Parse only the safe renegotiation extension
- * We don't want to parse any other extensions since
- * we don't want new extension values to overwrite the
- * resumed ones.
- */
-
- /* move forward to extensions */
- DECR_LEN (len, 2);
- suite_size = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
-
- DECR_LEN (len, suite_size);
- pos += suite_size;
-
- DECR_LEN (len, 1);
- comp_size = data[pos++]; /* z is the number of compression methods */
- DECR_LEN (len, comp_size);
- pos += comp_size;
-
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
- &data[pos], len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = resume_copy_required_values (session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- session->internals.resumed = RESUME_TRUE;
-
- return _gnutls_user_hello_func (session, adv_version);
- }
- else
- {
- _gnutls_generate_session_id (session->security_parameters.session_id,
- &session->
- security_parameters.session_id_size);
-
- session->internals.resumed = RESUME_FALSE;
- }
-
- /* Remember ciphersuites for later
- */
- DECR_LEN (len, 2);
- suite_size = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
-
- DECR_LEN (len, suite_size);
- suite_ptr = &data[pos];
- pos += suite_size;
-
- /* Point to the compression methods
- */
- DECR_LEN (len, 1);
- comp_size = data[pos++]; /* z is the number of compression methods */
-
- DECR_LEN (len, comp_size);
- comp_ptr = &data[pos];
- pos += comp_size;
-
- /* Parse the extensions (if any)
- *
- * Unconditionally try to parse extensions; safe renegotiation uses them in
- * sslv3 and higher, even though sslv3 doesn't officially support them.
- */
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_APPLICATION,
- &data[pos], len);
- /* len is the rest of the parsed length */
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_user_hello_func (session, adv_version);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
- &data[pos], len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_TLS, &data[pos], len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* resumed by session_ticket extension */
- if (session->internals.resumed != RESUME_FALSE)
- {
- /* to indicate the client that the current session is resumed */
- memcpy (session->internals.resumed_security_parameters.session_id,
- session_id, session_id_len);
- session->internals.resumed_security_parameters.session_id_size =
- session_id_len;
-
- session->internals.resumed_security_parameters.max_record_recv_size =
- session->security_parameters.max_record_recv_size;
- session->internals.resumed_security_parameters.max_record_send_size =
- session->security_parameters.max_record_send_size;
-
- ret = resume_copy_required_values (session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_user_hello_func (session, adv_version);
- }
-
- /* select an appropriate cipher suite
- */
- ret = _gnutls_server_select_suite (session, suite_ptr, suite_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* select appropriate compression method */
- ret = _gnutls_server_select_comp_method (session, comp_ptr, comp_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ uint8_t session_id_len;
+ int pos = 0, ret;
+ uint16_t suite_size, comp_size;
+ gnutls_protocol_t adv_version;
+ int neg_version;
+ int len = datalen;
+ uint8_t *suite_ptr, *comp_ptr, *session_id;
+
+ DECR_LEN(len, 2);
+
+ _gnutls_handshake_log("HSK[%p]: Client's version: %d.%d\n",
+ session, data[pos], data[pos + 1]);
+
+ adv_version = _gnutls_version_get(data[pos], data[pos + 1]);
+ set_adv_version(session, data[pos], data[pos + 1]);
+ pos += 2;
+
+ neg_version = _gnutls_negotiate_version(session, adv_version);
+ if (neg_version < 0) {
+ gnutls_assert();
+ return neg_version;
+ }
+
+ /* Read client random value.
+ */
+ DECR_LEN(len, GNUTLS_RANDOM_SIZE);
+ ret = _gnutls_set_client_random(session, &data[pos]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ pos += GNUTLS_RANDOM_SIZE;
+
+ ret = _gnutls_set_server_random(session, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->security_parameters.timestamp = gnutls_time(NULL);
+
+ DECR_LEN(len, 1);
+ session_id_len = data[pos++];
+
+ /* RESUME SESSION
+ */
+ if (session_id_len > TLS_MAX_SESSION_ID_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ DECR_LEN(len, session_id_len);
+ session_id = &data[pos];
+ pos += session_id_len;
+
+ if (IS_DTLS(session)) {
+ int cookie_size;
+
+ DECR_LEN(len, 1);
+ cookie_size = data[pos++];
+ DECR_LEN(len, cookie_size);
+ pos += cookie_size;
+ }
+
+ ret =
+ _gnutls_server_restore_session(session, session_id,
+ session_id_len);
+
+ if (session_id_len > 0)
+ session->internals.resumption_requested = 1;
+
+ if (ret == 0) { /* resumed using default TLS resumption! */
+ /* Parse only the safe renegotiation extension
+ * We don't want to parse any other extensions since
+ * we don't want new extension values to overwrite the
+ * resumed ones.
+ */
+
+ /* move forward to extensions */
+ DECR_LEN(len, 2);
+ suite_size = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ DECR_LEN(len, suite_size);
+ pos += suite_size;
+
+ DECR_LEN(len, 1);
+ comp_size = data[pos++]; /* z is the number of compression methods */
+ DECR_LEN(len, comp_size);
+ pos += comp_size;
+
+ ret =
+ _gnutls_parse_extensions(session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = resume_copy_required_values(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->internals.resumed = RESUME_TRUE;
+
+ return _gnutls_user_hello_func(session, adv_version);
+ } else {
+ _gnutls_generate_session_id(session->security_parameters.
+ session_id,
+ &session->security_parameters.
+ session_id_size);
+
+ session->internals.resumed = RESUME_FALSE;
+ }
+
+ /* Remember ciphersuites for later
+ */
+ DECR_LEN(len, 2);
+ suite_size = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ DECR_LEN(len, suite_size);
+ suite_ptr = &data[pos];
+ pos += suite_size;
+
+ /* Point to the compression methods
+ */
+ DECR_LEN(len, 1);
+ comp_size = data[pos++]; /* z is the number of compression methods */
+
+ DECR_LEN(len, comp_size);
+ comp_ptr = &data[pos];
+ pos += comp_size;
+
+ /* Parse the extensions (if any)
+ *
+ * Unconditionally try to parse extensions; safe renegotiation uses them in
+ * sslv3 and higher, even though sslv3 doesn't officially support them.
+ */
+ ret = _gnutls_parse_extensions(session, GNUTLS_EXT_APPLICATION,
+ &data[pos], len);
+ /* len is the rest of the parsed length */
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_user_hello_func(session, adv_version);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_parse_extensions(session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_parse_extensions(session, GNUTLS_EXT_TLS, &data[pos],
+ len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* resumed by session_ticket extension */
+ if (session->internals.resumed != RESUME_FALSE) {
+ /* to indicate the client that the current session is resumed */
+ memcpy(session->internals.resumed_security_parameters.
+ session_id, session_id, session_id_len);
+ session->internals.resumed_security_parameters.
+ session_id_size = session_id_len;
+
+ session->internals.resumed_security_parameters.
+ max_record_recv_size =
+ session->security_parameters.max_record_recv_size;
+ session->internals.resumed_security_parameters.
+ max_record_send_size =
+ session->security_parameters.max_record_send_size;
+
+ ret = resume_copy_required_values(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return _gnutls_user_hello_func(session, adv_version);
+ }
+
+ /* select an appropriate cipher suite
+ */
+ ret = _gnutls_server_select_suite(session, suite_ptr, suite_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* select appropriate compression method */
+ ret =
+ _gnutls_server_select_comp_method(session, comp_ptr,
+ comp_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/* This is to be called after sending CHANGE CIPHER SPEC packet
* and initializing encryption. This is the first encrypted message
* we send.
*/
-static int
-_gnutls_send_finished (gnutls_session_t session, int again)
+static int _gnutls_send_finished(gnutls_session_t session, int again)
{
- mbuffer_st *bufel;
- uint8_t *data;
- int ret;
- size_t vdata_size = 0;
- const version_entry_st* vers;
-
- if (again == 0)
- {
- bufel = _gnutls_handshake_alloc (session, MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- data = _mbuffer_get_udata_ptr (bufel);
-
- vers = get_version(session);
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (vers->id == GNUTLS_SSL3)
- {
- ret =
- _gnutls_ssl3_finished (session,
- session->security_parameters.entity, data, 1);
- _mbuffer_set_udata_size (bufel, 36);
- }
- else
- { /* TLS 1.0+ */
- ret = _gnutls_finished (session,
- session->security_parameters.entity, data, 1);
- _mbuffer_set_udata_size (bufel, 12);
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- vdata_size = _mbuffer_get_udata_size (bufel);
-
- ret = _gnutls_ext_sr_finished (session, data, vdata_size, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if ((session->internals.resumed == RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_CLIENT)
- || (session->internals.resumed != RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_SERVER))
- {
- /* if we are a client not resuming - or we are a server resuming */
- _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (send)\n",
- session);
- memcpy (session->internals.cb_tls_unique, data, vdata_size);
- session->internals.cb_tls_unique_len = vdata_size;
- }
-
- ret =
- _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED);
- }
- else
- {
- ret = _gnutls_send_handshake (session, NULL, GNUTLS_HANDSHAKE_FINISHED);
- }
-
- return ret;
+ mbuffer_st *bufel;
+ uint8_t *data;
+ int ret;
+ size_t vdata_size = 0;
+ const version_entry_st *vers;
+
+ if (again == 0) {
+ bufel =
+ _gnutls_handshake_alloc(session, MAX_VERIFY_DATA_SIZE,
+ MAX_VERIFY_DATA_SIZE);
+ if (bufel == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ data = _mbuffer_get_udata_ptr(bufel);
+
+ vers = get_version(session);
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (vers->id == GNUTLS_SSL3) {
+ ret =
+ _gnutls_ssl3_finished(session,
+ session->
+ security_parameters.
+ entity, data, 1);
+ _mbuffer_set_udata_size(bufel, 36);
+ } else { /* TLS 1.0+ */
+ ret = _gnutls_finished(session,
+ session->
+ security_parameters.entity,
+ data, 1);
+ _mbuffer_set_udata_size(bufel, 12);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ vdata_size = _mbuffer_get_udata_size(bufel);
+
+ ret =
+ _gnutls_ext_sr_finished(session, data, vdata_size, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if ((session->internals.resumed == RESUME_FALSE
+ && session->security_parameters.entity ==
+ GNUTLS_CLIENT)
+ || (session->internals.resumed != RESUME_FALSE
+ && session->security_parameters.entity ==
+ GNUTLS_SERVER)) {
+ /* if we are a client not resuming - or we are a server resuming */
+ _gnutls_handshake_log
+ ("HSK[%p]: recording tls-unique CB (send)\n",
+ session);
+ memcpy(session->internals.cb_tls_unique, data,
+ vdata_size);
+ session->internals.cb_tls_unique_len = vdata_size;
+ }
+
+ ret =
+ _gnutls_send_handshake(session, bufel,
+ GNUTLS_HANDSHAKE_FINISHED);
+ } else {
+ ret =
+ _gnutls_send_handshake(session, NULL,
+ GNUTLS_HANDSHAKE_FINISHED);
+ }
+
+ return ret;
}
/* This is to be called after sending our finished message. If everything
* went fine we have negotiated a secure connection
*/
-static int
-_gnutls_recv_finished (gnutls_session_t session)
+static int _gnutls_recv_finished(gnutls_session_t session)
{
- uint8_t data[MAX_VERIFY_DATA_SIZE], *vrfy;
- gnutls_buffer_st buf;
- int data_size;
- int ret;
- int vrfy_size;
- const version_entry_st* vers = get_version (session);
-
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- ret =
- _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_FINISHED,
- 0, &buf);
- if (ret < 0)
- {
- ERR ("recv finished int", ret);
- gnutls_assert ();
- return ret;
- }
-
- vrfy = buf.data;
- vrfy_size = buf.length;
-
- if (vers->id == GNUTLS_SSL3)
- data_size = 36;
- else
- data_size = 12;
-
- if (vrfy_size != data_size)
- {
- gnutls_assert ();
- ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
- goto cleanup;
- }
-
- if (vers->id == GNUTLS_SSL3)
- {
- ret =
- _gnutls_ssl3_finished (session,
- (session->security_parameters.entity + 1) % 2,
- data, 0);
- }
- else
- { /* TLS 1.0 */
- ret =
- _gnutls_finished (session,
- (session->security_parameters.entity +
- 1) % 2, data, 0);
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (memcmp (vrfy, data, data_size) != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
- goto cleanup;
- }
-
- ret = _gnutls_ext_sr_finished (session, data, data_size, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((session->internals.resumed != RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_CLIENT)
- || (session->internals.resumed == RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_SERVER))
- {
- /* if we are a client resuming - or we are a server not resuming */
- _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (recv)\n",
- session);
- memcpy (session->internals.cb_tls_unique, data, data_size);
- session->internals.cb_tls_unique_len = data_size;
- }
-
-
- session->internals.initial_negotiation_completed = 1;
-
-cleanup:
- _gnutls_buffer_clear(&buf);
-
- return ret;
+ uint8_t data[MAX_VERIFY_DATA_SIZE], *vrfy;
+ gnutls_buffer_st buf;
+ int data_size;
+ int ret;
+ int vrfy_size;
+ const version_entry_st *vers = get_version(session);
+
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ ret =
+ _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_FINISHED,
+ 0, &buf);
+ if (ret < 0) {
+ ERR("recv finished int", ret);
+ gnutls_assert();
+ return ret;
+ }
+
+ vrfy = buf.data;
+ vrfy_size = buf.length;
+
+ if (vers->id == GNUTLS_SSL3)
+ data_size = 36;
+ else
+ data_size = 12;
+
+ if (vrfy_size != data_size) {
+ gnutls_assert();
+ ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
+ goto cleanup;
+ }
+
+ if (vers->id == GNUTLS_SSL3) {
+ ret =
+ _gnutls_ssl3_finished(session,
+ (session->security_parameters.
+ entity + 1) % 2, data, 0);
+ } else { /* TLS 1.0 */
+ ret =
+ _gnutls_finished(session,
+ (session->security_parameters.entity +
+ 1) % 2, data, 0);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (memcmp(vrfy, data, data_size) != 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
+ goto cleanup;
+ }
+
+ ret = _gnutls_ext_sr_finished(session, data, data_size, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((session->internals.resumed != RESUME_FALSE
+ && session->security_parameters.entity == GNUTLS_CLIENT)
+ || (session->internals.resumed == RESUME_FALSE
+ && session->security_parameters.entity == GNUTLS_SERVER)) {
+ /* if we are a client resuming - or we are a server not resuming */
+ _gnutls_handshake_log
+ ("HSK[%p]: recording tls-unique CB (recv)\n", session);
+ memcpy(session->internals.cb_tls_unique, data, data_size);
+ session->internals.cb_tls_unique_len = data_size;
+ }
+
+
+ session->internals.initial_negotiation_completed = 1;
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
+
+ return ret;
}
/* returns PK_RSA if the given cipher suite list only supports,
* RSA algorithms, PK_DSA if DSS, and PK_ANY for both or PK_NONE for none.
*/
static int
-server_find_pk_algos_in_ciphersuites (const uint8_t *
- data, unsigned int datalen,
- gnutls_pk_algorithm_t * algos,
- size_t* algos_size)
+server_find_pk_algos_in_ciphersuites(const uint8_t *
+ data, unsigned int datalen,
+ gnutls_pk_algorithm_t * algos,
+ size_t * algos_size)
{
- unsigned int j, x;
- gnutls_kx_algorithm_t kx;
- gnutls_pk_algorithm_t pk;
- unsigned found;
- unsigned int max = *algos_size;
-
- if (datalen % 2 != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- *algos_size = 0;
- for (j = 0; j < datalen; j += 2)
- {
- kx = _gnutls_cipher_suite_get_kx_algo (&data[j]);
- if (_gnutls_map_kx_get_cred (kx, 1) == GNUTLS_CRD_CERTIFICATE)
- {
- pk = _gnutls_map_pk_get_pk (kx);
- found = 0;
- for (x=0;x<*algos_size;x++)
- {
- if (algos[x] == pk)
- {
- found = 1;
- break;
- }
- }
-
- if (found == 0)
- {
- algos[(*algos_size)++] = _gnutls_map_pk_get_pk (kx);
- if ((*algos_size) >= max)
- return 0;
- }
- }
- }
-
- return 0;
+ unsigned int j, x;
+ gnutls_kx_algorithm_t kx;
+ gnutls_pk_algorithm_t pk;
+ unsigned found;
+ unsigned int max = *algos_size;
+
+ if (datalen % 2 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ *algos_size = 0;
+ for (j = 0; j < datalen; j += 2) {
+ kx = _gnutls_cipher_suite_get_kx_algo(&data[j]);
+ if (_gnutls_map_kx_get_cred(kx, 1) ==
+ GNUTLS_CRD_CERTIFICATE) {
+ pk = _gnutls_map_pk_get_pk(kx);
+ found = 0;
+ for (x = 0; x < *algos_size; x++) {
+ if (algos[x] == pk) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (found == 0) {
+ algos[(*algos_size)++] =
+ _gnutls_map_pk_get_pk(kx);
+ if ((*algos_size) >= max)
+ return 0;
+ }
+ }
+ }
+
+ return 0;
}
/* This selects the best supported ciphersuite from the given ones. Then
* it adds the suite to the session and performs some checks.
*/
int
-_gnutls_server_select_suite (gnutls_session_t session, uint8_t * data,
- unsigned int datalen)
+_gnutls_server_select_suite(gnutls_session_t session, uint8_t * data,
+ unsigned int datalen)
{
- int ret;
- unsigned int i, j, cipher_suites_size;
- size_t pk_algos_size;
- uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE];
- int retval, err;
- gnutls_pk_algorithm_t pk_algos[MAX_ALGOS]; /* will hold the pk algorithms
- * supported by the peer.
- */
-
- /* First, check for safe renegotiation SCSV.
- */
- if (session->internals.priorities.sr != SR_DISABLED)
- {
- unsigned int offset;
-
- for (offset = 0; offset < datalen; offset += 2)
- {
- /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
- if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR &&
- data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Received safe renegotiation CS\n", session);
- retval = _gnutls_ext_sr_recv_cs (session);
- if (retval < 0)
- {
- gnutls_assert ();
- return retval;
- }
- break;
- }
- }
- }
-
- pk_algos_size = MAX_ALGOS;
- ret = server_find_pk_algos_in_ciphersuites (data, datalen, pk_algos, &pk_algos_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_supported_ciphersuites (session, cipher_suites, sizeof(cipher_suites));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- cipher_suites_size = ret;
-
- /* Here we remove any ciphersuite that does not conform
- * the certificate requested, or to the
- * authentication requested (e.g. SRP).
- */
- ret = _gnutls_remove_unwanted_ciphersuites (session, cipher_suites, cipher_suites_size, pk_algos, pk_algos_size);
- if (ret <= 0)
- {
- gnutls_assert ();
- if (ret < 0)
- return ret;
- else
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
- }
-
- cipher_suites_size = ret;
-
- /* Data length should be zero mod 2 since
- * every ciphersuite is 2 bytes. (this check is needed
- * see below).
- */
- if (datalen % 2 != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- memset (session->security_parameters.cipher_suite, 0, 2);
-
- retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
-
- _gnutls_handshake_log ("HSK[%p]: Requested cipher suites[size: %d]: \n", session, (int)datalen);
-
- if (session->internals.priorities.server_precedence == 0)
- {
- for (j = 0; j < datalen; j += 2)
- {
- _gnutls_handshake_log ("\t0x%.2x, 0x%.2x %s\n", data[j], data[j+1], _gnutls_cipher_suite_get_name (&data[j]));
- for (i = 0; i < cipher_suites_size; i+=2)
- {
- if (memcmp (&cipher_suites[i], &data[j], 2) == 0)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Selected cipher suite: %s\n", session,
- _gnutls_cipher_suite_get_name (&data[j]));
- memcpy (session->security_parameters.cipher_suite,
- &cipher_suites[i], 2);
- _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- session->
- security_parameters.cipher_suite);
-
-
- retval = 0;
- goto finish;
- }
- }
- }
- }
- else /* server selects */
- {
- for (i = 0; i < cipher_suites_size; i+=2)
- {
- for (j = 0; j < datalen; j += 2)
- {
- if (memcmp (&cipher_suites[i], &data[j], 2) == 0)
- {
- _gnutls_handshake_log
- ("HSK[%p]: Selected cipher suite: %s\n", session,
- _gnutls_cipher_suite_get_name (&data[j]));
- memcpy (session->security_parameters.cipher_suite,
- &cipher_suites[i], 2);
- _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- session->
- security_parameters.cipher_suite);
-
-
- retval = 0;
- goto finish;
- }
- }
- }
- }
-finish:
-
- if (retval != 0)
- {
- gnutls_assert ();
- return retval;
- }
-
- /* check if the credentials (username, public key etc.) are ok
- */
- if (_gnutls_get_kx_cred
- (session,
- _gnutls_cipher_suite_get_kx_algo (session->
- security_parameters.cipher_suite),
- &err) == NULL && err != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
-
- /* set the mod_auth_st to the appropriate struct
- * according to the KX algorithm. This is needed since all the
- * handshake functions are read from there;
- */
- session->internals.auth_struct =
- _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite));
- if (session->internals.auth_struct == NULL)
- {
-
- _gnutls_handshake_log
- ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
- session);
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- return 0;
+ int ret;
+ unsigned int i, j, cipher_suites_size;
+ size_t pk_algos_size;
+ uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE];
+ int retval, err;
+ gnutls_pk_algorithm_t pk_algos[MAX_ALGOS]; /* will hold the pk algorithms
+ * supported by the peer.
+ */
+
+ /* First, check for safe renegotiation SCSV.
+ */
+ if (session->internals.priorities.sr != SR_DISABLED) {
+ unsigned int offset;
+
+ for (offset = 0; offset < datalen; offset += 2) {
+ /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
+ if (data[offset] ==
+ GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR
+ && data[offset + 1] ==
+ GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Received safe renegotiation CS\n",
+ session);
+ retval = _gnutls_ext_sr_recv_cs(session);
+ if (retval < 0) {
+ gnutls_assert();
+ return retval;
+ }
+ break;
+ }
+ }
+ }
+
+ pk_algos_size = MAX_ALGOS;
+ ret =
+ server_find_pk_algos_in_ciphersuites(data, datalen, pk_algos,
+ &pk_algos_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_supported_ciphersuites(session, cipher_suites,
+ sizeof(cipher_suites));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ cipher_suites_size = ret;
+
+ /* Here we remove any ciphersuite that does not conform
+ * the certificate requested, or to the
+ * authentication requested (e.g. SRP).
+ */
+ ret =
+ _gnutls_remove_unwanted_ciphersuites(session, cipher_suites,
+ cipher_suites_size,
+ pk_algos, pk_algos_size);
+ if (ret <= 0) {
+ gnutls_assert();
+ if (ret < 0)
+ return ret;
+ else
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+
+ cipher_suites_size = ret;
+
+ /* Data length should be zero mod 2 since
+ * every ciphersuite is 2 bytes. (this check is needed
+ * see below).
+ */
+ if (datalen % 2 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ memset(session->security_parameters.cipher_suite, 0, 2);
+
+ retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Requested cipher suites[size: %d]: \n", session,
+ (int) datalen);
+
+ if (session->internals.priorities.server_precedence == 0) {
+ for (j = 0; j < datalen; j += 2) {
+ _gnutls_handshake_log("\t0x%.2x, 0x%.2x %s\n",
+ data[j], data[j + 1],
+ _gnutls_cipher_suite_get_name
+ (&data[j]));
+ for (i = 0; i < cipher_suites_size; i += 2) {
+ if (memcmp(&cipher_suites[i], &data[j], 2)
+ == 0) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected cipher suite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name
+ (&data[j]));
+ memcpy(session->
+ security_parameters.
+ cipher_suite,
+ &cipher_suites[i], 2);
+ _gnutls_epoch_set_cipher_suite
+ (session, EPOCH_NEXT,
+ session->security_parameters.
+ cipher_suite);
+
+
+ retval = 0;
+ goto finish;
+ }
+ }
+ }
+ } else { /* server selects */
+
+ for (i = 0; i < cipher_suites_size; i += 2) {
+ for (j = 0; j < datalen; j += 2) {
+ if (memcmp(&cipher_suites[i], &data[j], 2)
+ == 0) {
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected cipher suite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name
+ (&data[j]));
+ memcpy(session->
+ security_parameters.
+ cipher_suite,
+ &cipher_suites[i], 2);
+ _gnutls_epoch_set_cipher_suite
+ (session, EPOCH_NEXT,
+ session->security_parameters.
+ cipher_suite);
+
+
+ retval = 0;
+ goto finish;
+ }
+ }
+ }
+ }
+ finish:
+
+ if (retval != 0) {
+ gnutls_assert();
+ return retval;
+ }
+
+ /* check if the credentials (username, public key etc.) are ok
+ */
+ if (_gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo(session->security_parameters.
+ cipher_suite), &err) == NULL
+ && err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite));
+ if (session->internals.auth_struct == NULL) {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return 0;
}
@@ -1065,69 +1068,72 @@ finish:
/* This selects the best supported compression method from the ones provided
*/
static int
-_gnutls_server_select_comp_method (gnutls_session_t session,
- uint8_t * data, int datalen)
+_gnutls_server_select_comp_method(gnutls_session_t session,
+ uint8_t * data, int datalen)
{
- int x, i, j;
- uint8_t comps[MAX_ALGOS];
-
- x = _gnutls_supported_compression_methods (session, comps, MAX_ALGOS);
- if (x < 0)
- {
- gnutls_assert ();
- return x;
- }
-
- if (session->internals.priorities.server_precedence == 0)
- {
- for (j = 0; j < datalen; j++)
- {
- for (i = 0; i < x; i++)
- {
- if (comps[i] == data[j])
- {
- gnutls_compression_method_t method =
- _gnutls_compression_get_id (comps[i]);
-
- _gnutls_epoch_set_compression (session, EPOCH_NEXT, method);
- session->security_parameters.compression_method = method;
-
- _gnutls_handshake_log
- ("HSK[%p]: Selected Compression Method: %s\n", session,
- gnutls_compression_get_name (method));
- return 0;
- }
- }
- }
- }
- else
- {
- for (i = 0; i < x; i++)
- {
- for (j = 0; j < datalen; j++)
- {
- if (comps[i] == data[j])
- {
- gnutls_compression_method_t method =
- _gnutls_compression_get_id (comps[i]);
-
- _gnutls_epoch_set_compression (session, EPOCH_NEXT, method);
- session->security_parameters.compression_method = method;
-
- _gnutls_handshake_log
- ("HSK[%p]: Selected Compression Method: %s\n", session,
- gnutls_compression_get_name (method));
- return 0;
- }
- }
- }
- }
-
- /* we were not able to find a compatible compression
- * algorithm
- */
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ int x, i, j;
+ uint8_t comps[MAX_ALGOS];
+
+ x = _gnutls_supported_compression_methods(session, comps,
+ MAX_ALGOS);
+ if (x < 0) {
+ gnutls_assert();
+ return x;
+ }
+
+ if (session->internals.priorities.server_precedence == 0) {
+ for (j = 0; j < datalen; j++) {
+ for (i = 0; i < x; i++) {
+ if (comps[i] == data[j]) {
+ gnutls_compression_method_t method
+ =
+ _gnutls_compression_get_id
+ (comps[i]);
+
+ _gnutls_epoch_set_compression
+ (session, EPOCH_NEXT, method);
+ session->security_parameters.
+ compression_method = method;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected Compression Method: %s\n",
+ session,
+ gnutls_compression_get_name
+ (method));
+ return 0;
+ }
+ }
+ }
+ } else {
+ for (i = 0; i < x; i++) {
+ for (j = 0; j < datalen; j++) {
+ if (comps[i] == data[j]) {
+ gnutls_compression_method_t method
+ =
+ _gnutls_compression_get_id
+ (comps[i]);
+
+ _gnutls_epoch_set_compression
+ (session, EPOCH_NEXT, method);
+ session->security_parameters.
+ compression_method = method;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected Compression Method: %s\n",
+ session,
+ gnutls_compression_get_name
+ (method));
+ return 0;
+ }
+ }
+ }
+ }
+
+ /* we were not able to find a compatible compression
+ * algorithm
+ */
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
}
@@ -1137,37 +1143,38 @@ _gnutls_server_select_comp_method (gnutls_session_t session,
* (until it returns ok), with NULL parameters.
*/
static int
-_gnutls_send_empty_handshake (gnutls_session_t session,
- gnutls_handshake_description_t type, int again)
+_gnutls_send_empty_handshake(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ int again)
{
- mbuffer_st *bufel;
-
- if (again == 0)
- {
- bufel = _gnutls_handshake_alloc (session, 0, 0);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- bufel = NULL;
-
- return _gnutls_send_handshake (session, bufel, type);
+ mbuffer_st *bufel;
+
+ if (again == 0) {
+ bufel = _gnutls_handshake_alloc(session, 0, 0);
+ if (bufel == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ } else
+ bufel = NULL;
+
+ return _gnutls_send_handshake(session, bufel, type);
}
inline
-static int call_hook_func(gnutls_session_t session, gnutls_handshake_description_t type,
- int post, unsigned incoming)
+ static int call_hook_func(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ int post, unsigned incoming)
{
- if (session->internals.h_hook != NULL)
- {
- if ((session->internals.h_type == type || session->internals.h_type == GNUTLS_HANDSHAKE_ANY) &&
- (session->internals.h_post == post || session->internals.h_post == GNUTLS_HOOK_BOTH))
- return session->internals.h_hook(session, type, post, incoming);
- }
- return 0;
+ if (session->internals.h_hook != NULL) {
+ if ((session->internals.h_type == type
+ || session->internals.h_type == GNUTLS_HANDSHAKE_ANY)
+ && (session->internals.h_post == post
+ || session->internals.h_post == GNUTLS_HOOK_BOTH))
+ return session->internals.h_hook(session, type,
+ post, incoming);
+ }
+ return 0;
}
/* This function sends a handshake message of type 'type' containing the
@@ -1176,116 +1183,111 @@ static int call_hook_func(gnutls_session_t session, gnutls_handshake_description
* (until it returns ok), with NULL parameters.
*/
int
-_gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
- gnutls_handshake_description_t type)
+_gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel,
+ gnutls_handshake_description_t type)
{
- int ret, ret2;
- uint8_t *data;
- uint32_t datasize, i_datasize;
- int pos = 0;
-
- if (bufel == NULL)
- {
- /* we are resuming a previously interrupted
- * send.
- */
- ret = _gnutls_handshake_io_write_flush (session);
- return ret;
-
- }
-
- /* first run */
- data = _mbuffer_get_uhead_ptr (bufel);
- i_datasize = _mbuffer_get_udata_size(bufel);
- datasize = i_datasize + _mbuffer_get_uhead_size (bufel);
-
- data[pos++] = (uint8_t) type;
- _gnutls_write_uint24 (_mbuffer_get_udata_size (bufel), &data[pos]);
- pos += 3;
-
- /* Add DTLS handshake fragment headers. The message will be
- * fragmented later by the fragmentation sub-layer. All fields must
- * be set properly for HMAC. The HMAC requires we pretend that the
- * message was sent in a single fragment. */
- if (IS_DTLS(session))
- {
- _gnutls_write_uint16 (session->internals.dtls.hsk_write_seq++, &data[pos]);
- pos += 2;
-
- /* Fragment offset */
- _gnutls_write_uint24 (0, &data[pos]);
- pos += 3;
-
- /* Fragment length */
- _gnutls_write_uint24 (i_datasize, &data[pos]);
- /* pos += 3; */
- }
-
- _gnutls_handshake_log ("HSK[%p]: %s was queued [%ld bytes]\n",
- session, _gnutls_handshake2str (type),
- (long) datasize);
-
- /* Here we keep the handshake messages in order to hash them...
- */
- if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
- if ((ret =
- _gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0)
- {
- gnutls_assert ();
- _mbuffer_xfree(&bufel);
- return ret;
- }
-
- ret = call_hook_func(session, type, GNUTLS_HOOK_PRE, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- _mbuffer_xfree(&bufel);
- return ret;
- }
-
- session->internals.last_handshake_out = type;
-
- ret = _gnutls_handshake_io_cache_int (session, type, bufel);
- if (ret < 0)
- {
- _mbuffer_xfree(&bufel);
- gnutls_assert();
- return ret;
- }
-
- switch (type)
- {
- case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone
- * or ClientKeyExchange always.
- */
- case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
- case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */
- case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */
- case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */
- case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */
-
- /* now for client Certificate, ClientKeyExchange and
- * CertificateVerify are always followed by ChangeCipherSpec
- */
- case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
- case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
- ret = 0;
- break;
- default:
- /* send cached messages */
- ret = _gnutls_handshake_io_write_flush (session);
- break;
- }
-
- ret2 = call_hook_func(session, type, GNUTLS_HOOK_POST, 0);
- if (ret2 < 0)
- {
- gnutls_assert ();
- return ret2;
- }
-
- return ret;
+ int ret, ret2;
+ uint8_t *data;
+ uint32_t datasize, i_datasize;
+ int pos = 0;
+
+ if (bufel == NULL) {
+ /* we are resuming a previously interrupted
+ * send.
+ */
+ ret = _gnutls_handshake_io_write_flush(session);
+ return ret;
+
+ }
+
+ /* first run */
+ data = _mbuffer_get_uhead_ptr(bufel);
+ i_datasize = _mbuffer_get_udata_size(bufel);
+ datasize = i_datasize + _mbuffer_get_uhead_size(bufel);
+
+ data[pos++] = (uint8_t) type;
+ _gnutls_write_uint24(_mbuffer_get_udata_size(bufel), &data[pos]);
+ pos += 3;
+
+ /* Add DTLS handshake fragment headers. The message will be
+ * fragmented later by the fragmentation sub-layer. All fields must
+ * be set properly for HMAC. The HMAC requires we pretend that the
+ * message was sent in a single fragment. */
+ if (IS_DTLS(session)) {
+ _gnutls_write_uint16(session->internals.dtls.
+ hsk_write_seq++, &data[pos]);
+ pos += 2;
+
+ /* Fragment offset */
+ _gnutls_write_uint24(0, &data[pos]);
+ pos += 3;
+
+ /* Fragment length */
+ _gnutls_write_uint24(i_datasize, &data[pos]);
+ /* pos += 3; */
+ }
+
+ _gnutls_handshake_log("HSK[%p]: %s was queued [%ld bytes]\n",
+ session, _gnutls_handshake2str(type),
+ (long) datasize);
+
+ /* Here we keep the handshake messages in order to hash them...
+ */
+ if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
+ if ((ret =
+ _gnutls_handshake_hash_add_sent(session, type, data,
+ datasize)) < 0) {
+ gnutls_assert();
+ _mbuffer_xfree(&bufel);
+ return ret;
+ }
+
+ ret = call_hook_func(session, type, GNUTLS_HOOK_PRE, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ _mbuffer_xfree(&bufel);
+ return ret;
+ }
+
+ session->internals.last_handshake_out = type;
+
+ ret = _gnutls_handshake_io_cache_int(session, type, bufel);
+ if (ret < 0) {
+ _mbuffer_xfree(&bufel);
+ gnutls_assert();
+ return ret;
+ }
+
+ switch (type) {
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone
+ * or ClientKeyExchange always.
+ */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */
+ case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */
+
+ /* now for client Certificate, ClientKeyExchange and
+ * CertificateVerify are always followed by ChangeCipherSpec
+ */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ ret = 0;
+ break;
+ default:
+ /* send cached messages */
+ ret = _gnutls_handshake_io_write_flush(session);
+ break;
+ }
+
+ ret2 = call_hook_func(session, type, GNUTLS_HOOK_POST, 0);
+ if (ret2 < 0) {
+ gnutls_assert();
+ return ret2;
+ }
+
+ return ret;
}
#define CHECK_SIZE(ll) \
@@ -1299,88 +1301,90 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
* for the finished messages calculations.
*/
static int
-_gnutls_handshake_hash_add_recvd (gnutls_session_t session,
- gnutls_handshake_description_t recv_type,
- uint8_t * header, uint16_t header_size,
- uint8_t * dataptr, uint32_t datalen)
+_gnutls_handshake_hash_add_recvd(gnutls_session_t session,
+ gnutls_handshake_description_t recv_type,
+ uint8_t * header, uint16_t header_size,
+ uint8_t * dataptr, uint32_t datalen)
{
- int ret;
- const version_entry_st* vers = get_version (session);
-
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if ((vers->id != GNUTLS_DTLS0_9 &&
- recv_type == GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST) ||
- recv_type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
- return 0;
-
- CHECK_SIZE(header_size + datalen);
-
- session->internals.handshake_hash_buffer_prev_len = session->internals.handshake_hash_buffer.length;
-
- if (vers->id != GNUTLS_DTLS0_9)
- {
- ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer,
- header, header_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- if (datalen > 0)
- {
- ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer,
- dataptr, datalen);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- return 0;
+ int ret;
+ const version_entry_st *vers = get_version(session);
+
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if ((vers->id != GNUTLS_DTLS0_9 &&
+ recv_type == GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST) ||
+ recv_type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
+ return 0;
+
+ CHECK_SIZE(header_size + datalen);
+
+ session->internals.handshake_hash_buffer_prev_len =
+ session->internals.handshake_hash_buffer.length;
+
+ if (vers->id != GNUTLS_DTLS0_9) {
+ ret =
+ _gnutls_buffer_append_data(&session->internals.
+ handshake_hash_buffer,
+ header, header_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ if (datalen > 0) {
+ ret =
+ _gnutls_buffer_append_data(&session->internals.
+ handshake_hash_buffer,
+ dataptr, datalen);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return 0;
}
/* This function will store the handshake message we sent.
*/
static int
-_gnutls_handshake_hash_add_sent (gnutls_session_t session,
- gnutls_handshake_description_t type,
- uint8_t * dataptr, uint32_t datalen)
+_gnutls_handshake_hash_add_sent(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ uint8_t * dataptr, uint32_t datalen)
{
- int ret;
- const version_entry_st* vers = get_version (session);
-
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* We don't check for GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST because it
- * is not sent via that channel.
- */
- if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
- {
- CHECK_SIZE(datalen);
-
- if (vers->id == GNUTLS_DTLS0_9)
- {
- /* Old DTLS doesn't include the header in the MAC */
- if (datalen < 12)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- dataptr += 12;
- datalen -= 12;
-
- if (datalen == 0)
- return 0;
- }
-
- ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer,
- dataptr, datalen);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
- }
-
- return 0;
+ int ret;
+ const version_entry_st *vers = get_version(session);
+
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* We don't check for GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST because it
+ * is not sent via that channel.
+ */
+ if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) {
+ CHECK_SIZE(datalen);
+
+ if (vers->id == GNUTLS_DTLS0_9) {
+ /* Old DTLS doesn't include the header in the MAC */
+ if (datalen < 12) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ dataptr += 12;
+ datalen -= 12;
+
+ if (datalen == 0)
+ return 0;
+ }
+
+ ret =
+ _gnutls_buffer_append_data(&session->internals.
+ handshake_hash_buffer,
+ dataptr, datalen);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
+ }
+
+ return 0;
}
/* This function will receive handshake messages of the given types,
@@ -1389,250 +1393,245 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session,
* passed to _gnutls_recv_hello().
*/
int
-_gnutls_recv_handshake (gnutls_session_t session,
- gnutls_handshake_description_t type,
- unsigned int optional, gnutls_buffer_st* buf)
+_gnutls_recv_handshake(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ unsigned int optional, gnutls_buffer_st * buf)
{
- int ret, ret2;
- handshake_buffer_st hsk;
-
- ret =
- _gnutls_handshake_io_recv_int (session, type, &hsk, optional);
- if (ret < 0)
- {
- if (optional != 0 && ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
- {
- if (buf) _gnutls_buffer_init(buf);
- return 0;
- }
-
- return gnutls_assert_val_fatal(ret);
- }
-
- session->internals.last_handshake_in = hsk.htype;
-
- ret = call_hook_func(session, hsk.htype, GNUTLS_HOOK_PRE, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_handshake_hash_add_recvd (session, hsk.htype,
- hsk.header, hsk.header_size,
- hsk.data.data, hsk.data.length);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- switch (hsk.htype)
- {
- case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
- case GNUTLS_HANDSHAKE_CLIENT_HELLO:
- case GNUTLS_HANDSHAKE_SERVER_HELLO:
- if (hsk.htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
- ret = _gnutls_read_client_hello_v2 (session, hsk.data.data, hsk.data.length);
- else
- ret = _gnutls_recv_hello (session, hsk.data.data, hsk.data.length);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- break;
- case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
- ret = _gnutls_recv_hello_verify_request (session, hsk.data.data, hsk.data.length);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- else
- {
- /* Signal our caller we have received a verification cookie
- and ClientHello needs to be sent again. */
- ret = 1;
- }
-
- break;
- case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
- if (hsk.data.length == 0)
- ret = 0;
- else
- {
- gnutls_assert();
- ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- goto cleanup;
- }
- break;
- case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
- case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
- case GNUTLS_HANDSHAKE_FINISHED:
- case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
- case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
- case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
- case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
- case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
- case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
- ret = hsk.data.length;
- break;
- default:
- gnutls_assert ();
- /* we shouldn't actually arrive here in any case .
- * unexpected messages should be catched after _gnutls_handshake_io_recv_int()
- */
- ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
- goto cleanup;
- }
-
- ret2 = call_hook_func(session, hsk.htype, GNUTLS_HOOK_POST, 1);
- if (ret2 < 0)
- {
- ret = ret2;
- gnutls_assert ();
- goto cleanup;
- }
-
- if (buf)
- {
- *buf = hsk.data;
- return ret;
- }
-
-cleanup:
- _gnutls_handshake_buffer_clear (&hsk);
- return ret;
+ int ret, ret2;
+ handshake_buffer_st hsk;
+
+ ret = _gnutls_handshake_io_recv_int(session, type, &hsk, optional);
+ if (ret < 0) {
+ if (optional != 0
+ && ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET) {
+ if (buf)
+ _gnutls_buffer_init(buf);
+ return 0;
+ }
+
+ return gnutls_assert_val_fatal(ret);
+ }
+
+ session->internals.last_handshake_in = hsk.htype;
+
+ ret = call_hook_func(session, hsk.htype, GNUTLS_HOOK_PRE, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_handshake_hash_add_recvd(session, hsk.htype,
+ hsk.header, hsk.header_size,
+ hsk.data.data,
+ hsk.data.length);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ switch (hsk.htype) {
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO:
+ case GNUTLS_HANDSHAKE_SERVER_HELLO:
+ if (hsk.htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
+ ret =
+ _gnutls_read_client_hello_v2(session,
+ hsk.data.data,
+ hsk.data.length);
+ else
+ ret =
+ _gnutls_recv_hello(session, hsk.data.data,
+ hsk.data.length);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ break;
+ case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST:
+ ret =
+ _gnutls_recv_hello_verify_request(session,
+ hsk.data.data,
+ hsk.data.length);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ } else {
+ /* Signal our caller we have received a verification cookie
+ and ClientHello needs to be sent again. */
+ ret = 1;
+ }
+
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
+ if (hsk.data.length == 0)
+ ret = 0;
+ else {
+ gnutls_assert();
+ ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto cleanup;
+ }
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
+ case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS:
+ case GNUTLS_HANDSHAKE_FINISHED:
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
+ ret = hsk.data.length;
+ break;
+ default:
+ gnutls_assert();
+ /* we shouldn't actually arrive here in any case .
+ * unexpected messages should be catched after _gnutls_handshake_io_recv_int()
+ */
+ ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ goto cleanup;
+ }
+
+ ret2 = call_hook_func(session, hsk.htype, GNUTLS_HOOK_POST, 1);
+ if (ret2 < 0) {
+ ret = ret2;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (buf) {
+ *buf = hsk.data;
+ return ret;
+ }
+
+ cleanup:
+ _gnutls_handshake_buffer_clear(&hsk);
+ return ret;
}
/* This function checks if the given cipher suite is supported, and sets it
* to the session;
*/
static int
-_gnutls_client_set_ciphersuite (gnutls_session_t session, uint8_t suite[2])
+_gnutls_client_set_ciphersuite(gnutls_session_t session, uint8_t suite[2])
{
- uint8_t z;
- uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE];
- int cipher_suite_size;
- int i, err;
-
- z = 1;
- cipher_suite_size = _gnutls_supported_ciphersuites (session, cipher_suites, sizeof(cipher_suites));
- if (cipher_suite_size < 0)
- {
- gnutls_assert ();
- return cipher_suite_size;
- }
-
- for (i = 0; i < cipher_suite_size; i+=2)
- {
- if (memcmp (&cipher_suites[i], suite, 2) == 0)
- {
- z = 0;
- break;
- }
- }
-
- if (z != 0)
- {
- gnutls_assert ();
- _gnutls_handshake_log("HSK[%p]: unsupported cipher suite %.2X.%.2X\n", session,
- (unsigned int)suite[0], (unsigned int)suite[1]);
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
- }
-
- memcpy (session->security_parameters.cipher_suite, suite, 2);
- _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- session->
- security_parameters.cipher_suite);
-
- _gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session,
- _gnutls_cipher_suite_get_name
- (session->
- security_parameters.cipher_suite));
-
-
- /* check if the credentials (username, public key etc.) are ok.
- * Actually checks if they exist.
- */
- if (!session->internals.premaster_set &&
- _gnutls_get_kx_cred
- (session,
- _gnutls_cipher_suite_get_kx_algo
- (session->security_parameters.cipher_suite), &err) == NULL
- && err != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
-
- /* set the mod_auth_st to the appropriate struct
- * according to the KX algorithm. This is needed since all the
- * handshake functions are read from there;
- */
- session->internals.auth_struct =
- _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite));
-
- if (session->internals.auth_struct == NULL)
- {
-
- _gnutls_handshake_log
- ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
- session);
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
-
- return 0;
+ uint8_t z;
+ uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE];
+ int cipher_suite_size;
+ int i, err;
+
+ z = 1;
+ cipher_suite_size =
+ _gnutls_supported_ciphersuites(session, cipher_suites,
+ sizeof(cipher_suites));
+ if (cipher_suite_size < 0) {
+ gnutls_assert();
+ return cipher_suite_size;
+ }
+
+ for (i = 0; i < cipher_suite_size; i += 2) {
+ if (memcmp(&cipher_suites[i], suite, 2) == 0) {
+ z = 0;
+ break;
+ }
+ }
+
+ if (z != 0) {
+ gnutls_assert();
+ _gnutls_handshake_log
+ ("HSK[%p]: unsupported cipher suite %.2X.%.2X\n",
+ session, (unsigned int) suite[0],
+ (unsigned int) suite[1]);
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+
+ memcpy(session->security_parameters.cipher_suite, suite, 2);
+ _gnutls_epoch_set_cipher_suite(session, EPOCH_NEXT,
+ session->security_parameters.
+ cipher_suite);
+
+ _gnutls_handshake_log("HSK[%p]: Selected cipher suite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name
+ (session->security_parameters.cipher_suite));
+
+
+ /* check if the credentials (username, public key etc.) are ok.
+ * Actually checks if they exist.
+ */
+ if (!session->internals.premaster_set &&
+ _gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.cipher_suite), &err) == NULL
+ && err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite));
+
+ if (session->internals.auth_struct == NULL) {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+
+ return 0;
}
/* This function sets the given comp method to the session.
*/
static int
-_gnutls_client_set_comp_method (gnutls_session_t session, uint8_t comp_method)
+_gnutls_client_set_comp_method(gnutls_session_t session,
+ uint8_t comp_method)
{
- int comp_methods_num;
- uint8_t compression_methods[MAX_ALGOS];
- int id = _gnutls_compression_get_id(comp_method);
- int i;
-
- _gnutls_handshake_log ("HSK[%p]: Selected compression method: %s (%d)\n", session,
- gnutls_compression_get_name(id), (int)comp_method);
-
- comp_methods_num = _gnutls_supported_compression_methods (session,
- compression_methods, MAX_ALGOS);
- if (comp_methods_num < 0)
- {
- gnutls_assert ();
- return comp_methods_num;
- }
-
- for (i = 0; i < comp_methods_num; i++)
- {
- if (compression_methods[i] == comp_method)
- {
- comp_methods_num = 0;
- break;
- }
- }
-
- if (comp_methods_num != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
-
- session->security_parameters.compression_method = id;
- _gnutls_epoch_set_compression (session, EPOCH_NEXT, id);
-
- return 0;
+ int comp_methods_num;
+ uint8_t compression_methods[MAX_ALGOS];
+ int id = _gnutls_compression_get_id(comp_method);
+ int i;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected compression method: %s (%d)\n", session,
+ gnutls_compression_get_name(id), (int) comp_method);
+
+ comp_methods_num = _gnutls_supported_compression_methods(session,
+ compression_methods,
+ MAX_ALGOS);
+ if (comp_methods_num < 0) {
+ gnutls_assert();
+ return comp_methods_num;
+ }
+
+ for (i = 0; i < comp_methods_num; i++) {
+ if (compression_methods[i] == comp_method) {
+ comp_methods_num = 0;
+ break;
+ }
+ }
+
+ if (comp_methods_num != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ session->security_parameters.compression_method = id;
+ _gnutls_epoch_set_compression(session, EPOCH_NEXT, id);
+
+ return 0;
}
/* This function returns 0 if we are resuming a session or -1 otherwise.
@@ -1640,54 +1639,57 @@ _gnutls_client_set_comp_method (gnutls_session_t session, uint8_t comp_method)
* hello.
*/
static int
-_gnutls_client_check_if_resuming (gnutls_session_t session,
- uint8_t * session_id, int session_id_len)
+_gnutls_client_check_if_resuming(gnutls_session_t session,
+ uint8_t * session_id, int session_id_len)
{
- char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
-
- _gnutls_handshake_log ("HSK[%p]: SessionID length: %d\n", session,
- session_id_len);
- _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,
- _gnutls_bin2hex (session_id, session_id_len, buf,
- sizeof (buf), NULL));
-
- if ((session->internals.resumption_requested != 0 ||
- session->internals.premaster_set != 0) &&
- session_id_len > 0 &&
- session->internals.resumed_security_parameters.session_id_size ==
- session_id_len
- && memcmp (session_id,
- session->internals.resumed_security_parameters.session_id,
- session_id_len) == 0)
- {
- /* resume session */
- memcpy (session->internals.resumed_security_parameters.server_random,
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
- memcpy (session->internals.resumed_security_parameters.client_random,
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
-
- _gnutls_epoch_set_cipher_suite
- (session, EPOCH_NEXT,
- session->internals.
- resumed_security_parameters.cipher_suite);
- _gnutls_epoch_set_compression (session, EPOCH_NEXT,
- session->
- internals.resumed_security_parameters.compression_method);
-
- session->internals.resumed = RESUME_TRUE; /* we are resuming */
-
- return 0;
- }
- else
- {
- /* keep the new session id */
- session->internals.resumed = RESUME_FALSE; /* we are not resuming */
- session->security_parameters.session_id_size = session_id_len;
- memcpy (session->security_parameters.session_id,
- session_id, session_id_len);
-
- return -1;
- }
+ char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
+
+ _gnutls_handshake_log("HSK[%p]: SessionID length: %d\n", session,
+ session_id_len);
+ _gnutls_handshake_log("HSK[%p]: SessionID: %s\n", session,
+ _gnutls_bin2hex(session_id, session_id_len,
+ buf, sizeof(buf), NULL));
+
+ if ((session->internals.resumption_requested != 0 ||
+ session->internals.premaster_set != 0) &&
+ session_id_len > 0 &&
+ session->internals.resumed_security_parameters.
+ session_id_size == session_id_len
+ && memcmp(session_id,
+ session->internals.resumed_security_parameters.
+ session_id, session_id_len) == 0) {
+ /* resume session */
+ memcpy(session->internals.resumed_security_parameters.
+ server_random,
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(session->internals.resumed_security_parameters.
+ client_random,
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+
+ _gnutls_epoch_set_cipher_suite
+ (session, EPOCH_NEXT,
+ session->internals.resumed_security_parameters.
+ cipher_suite);
+ _gnutls_epoch_set_compression(session, EPOCH_NEXT,
+ session->internals.
+ resumed_security_parameters.
+ compression_method);
+
+ session->internals.resumed = RESUME_TRUE; /* we are resuming */
+
+ return 0;
+ } else {
+ /* keep the new session id */
+ session->internals.resumed = RESUME_FALSE; /* we are not resuming */
+ session->security_parameters.session_id_size =
+ session_id_len;
+ memcpy(session->security_parameters.session_id, session_id,
+ session_id_len);
+
+ return -1;
+ }
}
@@ -1696,113 +1698,106 @@ _gnutls_client_check_if_resuming (gnutls_session_t session,
* session.
*/
static int
-_gnutls_read_server_hello (gnutls_session_t session,
- uint8_t * data, int datalen)
+_gnutls_read_server_hello(gnutls_session_t session,
+ uint8_t * data, int datalen)
{
- uint8_t session_id_len = 0;
- int pos = 0;
- int ret = 0;
- gnutls_protocol_t version;
- int len = datalen;
-
- if (datalen < 38)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- _gnutls_handshake_log ("HSK[%p]: Server's version: %d.%d\n",
- session, data[pos], data[pos + 1]);
-
- DECR_LEN (len, 2);
- version = _gnutls_version_get (data[pos], data[pos + 1]);
- if (_gnutls_version_is_supported (session, version) == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- else
- {
- _gnutls_set_current_version (session, version);
- }
-
- pos += 2;
-
- DECR_LEN (len, GNUTLS_RANDOM_SIZE);
- ret = _gnutls_set_server_random (session, &data[pos]);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- pos += GNUTLS_RANDOM_SIZE;
-
-
- /* Read session ID
- */
- DECR_LEN (len, 1);
- session_id_len = data[pos++];
-
- if (len < session_id_len)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- DECR_LEN (len, session_id_len);
-
- /* check if we are resuming and set the appropriate
- * values;
- */
- if (_gnutls_client_check_if_resuming
- (session, &data[pos], session_id_len) == 0)
- {
- pos += session_id_len + 2 + 1;
- DECR_LEN (len, 2 + 1);
-
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
- &data[pos], len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- return 0;
- }
-
- pos += session_id_len;
-
- /* Check if the given cipher suite is supported and copy
- * it to the session.
- */
-
- DECR_LEN (len, 2);
- ret = _gnutls_client_set_ciphersuite (session, &data[pos]);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- pos += 2;
-
- /* move to compression
- */
- DECR_LEN (len, 1);
-
- ret = _gnutls_client_set_comp_method (session, data[pos++]);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
-
- /* Parse extensions.
- */
- ret = _gnutls_parse_extensions (session, GNUTLS_EXT_ANY, &data[pos], len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ uint8_t session_id_len = 0;
+ int pos = 0;
+ int ret = 0;
+ gnutls_protocol_t version;
+ int len = datalen;
+
+ if (datalen < 38) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ _gnutls_handshake_log("HSK[%p]: Server's version: %d.%d\n",
+ session, data[pos], data[pos + 1]);
+
+ DECR_LEN(len, 2);
+ version = _gnutls_version_get(data[pos], data[pos + 1]);
+ if (_gnutls_version_is_supported(session, version) == 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ } else {
+ _gnutls_set_current_version(session, version);
+ }
+
+ pos += 2;
+
+ DECR_LEN(len, GNUTLS_RANDOM_SIZE);
+ ret = _gnutls_set_server_random(session, &data[pos]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ pos += GNUTLS_RANDOM_SIZE;
+
+
+ /* Read session ID
+ */
+ DECR_LEN(len, 1);
+ session_id_len = data[pos++];
+
+ if (len < session_id_len) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ DECR_LEN(len, session_id_len);
+
+ /* check if we are resuming and set the appropriate
+ * values;
+ */
+ if (_gnutls_client_check_if_resuming
+ (session, &data[pos], session_id_len) == 0) {
+ pos += session_id_len + 2 + 1;
+ DECR_LEN(len, 2 + 1);
+
+ ret =
+ _gnutls_parse_extensions(session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ return 0;
+ }
+
+ pos += session_id_len;
+
+ /* Check if the given cipher suite is supported and copy
+ * it to the session.
+ */
+
+ DECR_LEN(len, 2);
+ ret = _gnutls_client_set_ciphersuite(session, &data[pos]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ pos += 2;
+
+ /* move to compression
+ */
+ DECR_LEN(len, 1);
+
+ ret = _gnutls_client_set_comp_method(session, data[pos++]);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ /* Parse extensions.
+ */
+ ret =
+ _gnutls_parse_extensions(session, GNUTLS_EXT_ANY, &data[pos],
+ len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
@@ -1811,52 +1806,56 @@ _gnutls_read_server_hello (gnutls_session_t session,
* true, add the special safe renegotiation CS.
*/
static int
-_gnutls_copy_ciphersuites (gnutls_session_t session,
- gnutls_buffer_st * cdata,
- int add_scsv)
+_gnutls_copy_ciphersuites(gnutls_session_t session,
+ gnutls_buffer_st * cdata, int add_scsv)
{
- int ret;
- uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE+2];
- int cipher_suites_size;
- size_t init_length = cdata->length;
-
- ret = _gnutls_supported_ciphersuites (session, cipher_suites, sizeof(cipher_suites)-2);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Here we remove any ciphersuite that does not conform
- * the certificate requested, or to the
- * authentication requested (eg SRP).
- */
- ret =
- _gnutls_remove_unwanted_ciphersuites (session, cipher_suites, ret, NULL, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* If no cipher suites were enabled.
- */
- if (ret == 0)
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- cipher_suites_size = ret;
- if (add_scsv)
- {
- cipher_suites[cipher_suites_size] = 0x00;
- cipher_suites[cipher_suites_size+1] = 0xff;
- cipher_suites_size += 2;
-
- ret = _gnutls_ext_sr_send_cs (session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- ret = _gnutls_buffer_append_data_prefix(cdata, 16, cipher_suites, cipher_suites_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = cdata->length - init_length;
-
- return ret;
+ int ret;
+ uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE + 2];
+ int cipher_suites_size;
+ size_t init_length = cdata->length;
+
+ ret =
+ _gnutls_supported_ciphersuites(session, cipher_suites,
+ sizeof(cipher_suites) - 2);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Here we remove any ciphersuite that does not conform
+ * the certificate requested, or to the
+ * authentication requested (eg SRP).
+ */
+ ret =
+ _gnutls_remove_unwanted_ciphersuites(session, cipher_suites,
+ ret, NULL, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* If no cipher suites were enabled.
+ */
+ if (ret == 0)
+ return
+ gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ cipher_suites_size = ret;
+ if (add_scsv) {
+ cipher_suites[cipher_suites_size] = 0x00;
+ cipher_suites[cipher_suites_size + 1] = 0xff;
+ cipher_suites_size += 2;
+
+ ret = _gnutls_ext_sr_send_cs(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ ret =
+ _gnutls_buffer_append_data_prefix(cdata, 16, cipher_suites,
+ cipher_suites_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = cdata->length - init_length;
+
+ return ret;
}
@@ -1864,31 +1863,36 @@ _gnutls_copy_ciphersuites (gnutls_session_t session,
* Needed in hello messages. Returns the new data length.
*/
static int
-_gnutls_copy_comp_methods (gnutls_session_t session,
- gnutls_buffer_st * cdata)
+_gnutls_copy_comp_methods(gnutls_session_t session,
+ gnutls_buffer_st * cdata)
{
- int ret;
- uint8_t compression_methods[MAX_ALGOS], comp_num;
- size_t init_length = cdata->length;
+ int ret;
+ uint8_t compression_methods[MAX_ALGOS], comp_num;
+ size_t init_length = cdata->length;
- ret = _gnutls_supported_compression_methods (session, compression_methods, MAX_ALGOS);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_supported_compression_methods(session,
+ compression_methods,
+ MAX_ALGOS);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- comp_num = ret;
+ comp_num = ret;
- /* put the number of compression methods */
- ret = _gnutls_buffer_append_prefix(cdata, 8, comp_num);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ /* put the number of compression methods */
+ ret = _gnutls_buffer_append_prefix(cdata, 8, comp_num);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_data(cdata, compression_methods, comp_num);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_buffer_append_data(cdata, compression_methods,
+ comp_num);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = cdata->length - init_length;
+ ret = cdata->length - init_length;
- return ret;
+ return ret;
}
/* This should be sufficient by now. It should hold all the extensions
@@ -1898,314 +1902,323 @@ _gnutls_copy_comp_methods (gnutls_session_t session,
/* This function sends the client hello handshake message.
*/
-static int
-_gnutls_send_client_hello (gnutls_session_t session, int again)
+static int _gnutls_send_client_hello(gnutls_session_t session, int again)
{
- mbuffer_st *bufel = NULL;
- uint8_t *data = NULL;
- int pos = 0, type;
- int datalen = 0, ret = 0;
- const version_entry_st* hver;
- gnutls_buffer_st extdata;
- int rehandshake = 0;
- uint8_t session_id_len =
- session->internals.resumed_security_parameters.session_id_size;
- uint8_t cookie_len;
-
- _gnutls_buffer_init(&extdata);
-
- /* note that rehandshake is different than resuming
- */
- if (session->security_parameters.session_id_size)
- rehandshake = 1;
-
- if (again == 0)
- {
- if(IS_DTLS(session))
- {
- cookie_len = session->internals.dtls.cookie_len + 1;
- }
- else
- {
- cookie_len = 0;
- }
-
- datalen = 2 + (session_id_len + 1) + GNUTLS_RANDOM_SIZE + cookie_len;
- /* 2 for version, (4 for unix time + 28 for random bytes==GNUTLS_RANDOM_SIZE)
- */
-
- bufel = _gnutls_handshake_alloc (session, datalen, datalen+MAX_EXT_DATA_LENGTH);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- data = _mbuffer_get_udata_ptr (bufel);
-
- /* if we are resuming a session then we set the
- * version number to the previously established.
- */
- if (session->internals.resumption_requested == 0 &&
- session->internals.premaster_set == 0)
- {
- if (rehandshake) /* already negotiated version thus version_max == negotiated version */
- hver = get_version(session);
- else /* new handshake. just get the max */
- hver = version_to_entry(_gnutls_version_max (session));
- }
- else
- {
- /* we are resuming a session */
- hver = session->internals.resumed_security_parameters.pversion;
- }
-
- if (hver == NULL)
- {
- gnutls_assert ();
- gnutls_free (bufel);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- data[pos++] = hver->major;
- data[pos++] = hver->minor;
-
- /* Set the version we advertized as maximum
- * (RSA uses it).
- */
- set_adv_version (session, hver->major, hver->minor);
- _gnutls_set_current_version (session, hver->id);
-
- if (session->internals.priorities.ssl3_record_version != 0)
- {
- /* Advertize the SSL 3.0 record packet version in
- * record packets during the handshake.
- * That is to avoid confusing implementations
- * that do not support TLS 1.2 and don't know
- * how 3,3 version of record packets look like.
- */
- if (!IS_DTLS(session))
- _gnutls_record_set_default_version (session, 3, 0);
- else if (hver->id == GNUTLS_DTLS0_9)
- _gnutls_record_set_default_version (session, 1, 0);
- else
- _gnutls_record_set_default_version (session, 254, 255);
- }
-
- /* In order to know when this session was initiated.
- */
- session->security_parameters.timestamp = gnutls_time (NULL);
-
- /* Generate random data
- */
- if (!IS_DTLS (session)
- || session->internals.dtls.hsk_hello_verify_requests == 0)
- {
- ret = _gnutls_set_client_random (session, NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- memcpy (&data[pos], session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
- }
- else
- memcpy (&data[pos], session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
-
- pos += GNUTLS_RANDOM_SIZE;
-
- /* Copy the Session ID
- */
- data[pos++] = session_id_len;
-
- if (session_id_len > 0)
- {
- memcpy (&data[pos],
- session->internals.resumed_security_parameters.session_id,
- session_id_len);
- pos += session_id_len;
- }
-
- /* Copy the DTLS cookie
- */
- if (IS_DTLS(session))
- {
- data[pos++] = session->internals.dtls.cookie_len;
- memcpy(&data[pos], &session->internals.dtls.cookie, session->internals.dtls.cookie_len);
- /* pos += session->internals.dtls.cookie_len; */
- }
-
- /* Copy the ciphersuites.
- *
- * If using SSLv3 Send TLS_RENEGO_PROTECTION_REQUEST SCSV for MITM
- * prevention on initial negotiation (but not renegotiation; that's
- * handled with the RI extension below).
- */
- if (!session->internals.initial_negotiation_completed &&
- session->security_parameters.entity == GNUTLS_CLIENT &&
- (hver->id == GNUTLS_SSL3 ||
- session->internals.priorities.no_extensions != 0))
- {
- ret =
- _gnutls_copy_ciphersuites (session, &extdata, TRUE);
- _gnutls_extension_list_add (session,
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION);
- }
- else
- ret = _gnutls_copy_ciphersuites (session, &extdata, FALSE);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* Copy the compression methods.
- */
- ret = _gnutls_copy_comp_methods (session, &extdata);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* Generate and copy TLS extensions.
- */
- if (session->internals.priorities.no_extensions == 0)
- {
- if (_gnutls_version_has_extensions (hver))
- type = GNUTLS_EXT_ANY;
- else
- {
- if (session->internals.initial_negotiation_completed != 0)
- type = GNUTLS_EXT_MANDATORY;
- else
- type = GNUTLS_EXT_NONE;
- }
-
- ret = _gnutls_gen_extensions (session, &extdata, type);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- }
-
- ret = _mbuffer_append_data (bufel, extdata.data, extdata.length);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- _gnutls_buffer_clear(&extdata);
-
- return
- _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_CLIENT_HELLO);
-
-cleanup:
- _mbuffer_xfree(&bufel);
- _gnutls_buffer_clear(&extdata);
- return ret;
+ mbuffer_st *bufel = NULL;
+ uint8_t *data = NULL;
+ int pos = 0, type;
+ int datalen = 0, ret = 0;
+ const version_entry_st *hver;
+ gnutls_buffer_st extdata;
+ int rehandshake = 0;
+ uint8_t session_id_len =
+ session->internals.resumed_security_parameters.session_id_size;
+ uint8_t cookie_len;
+
+ _gnutls_buffer_init(&extdata);
+
+ /* note that rehandshake is different than resuming
+ */
+ if (session->security_parameters.session_id_size)
+ rehandshake = 1;
+
+ if (again == 0) {
+ if (IS_DTLS(session)) {
+ cookie_len =
+ session->internals.dtls.cookie_len + 1;
+ } else {
+ cookie_len = 0;
+ }
+
+ datalen =
+ 2 + (session_id_len + 1) + GNUTLS_RANDOM_SIZE +
+ cookie_len;
+ /* 2 for version, (4 for unix time + 28 for random bytes==GNUTLS_RANDOM_SIZE)
+ */
+
+ bufel =
+ _gnutls_handshake_alloc(session, datalen,
+ datalen + MAX_EXT_DATA_LENGTH);
+ if (bufel == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ data = _mbuffer_get_udata_ptr(bufel);
+
+ /* if we are resuming a session then we set the
+ * version number to the previously established.
+ */
+ if (session->internals.resumption_requested == 0 &&
+ session->internals.premaster_set == 0) {
+ if (rehandshake) /* already negotiated version thus version_max == negotiated version */
+ hver = get_version(session);
+ else /* new handshake. just get the max */
+ hver =
+ version_to_entry(_gnutls_version_max
+ (session));
+ } else {
+ /* we are resuming a session */
+ hver =
+ session->internals.resumed_security_parameters.
+ pversion;
+ }
+
+ if (hver == NULL) {
+ gnutls_assert();
+ gnutls_free(bufel);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ data[pos++] = hver->major;
+ data[pos++] = hver->minor;
+
+ /* Set the version we advertized as maximum
+ * (RSA uses it).
+ */
+ set_adv_version(session, hver->major, hver->minor);
+ _gnutls_set_current_version(session, hver->id);
+
+ if (session->internals.priorities.ssl3_record_version != 0) {
+ /* Advertize the SSL 3.0 record packet version in
+ * record packets during the handshake.
+ * That is to avoid confusing implementations
+ * that do not support TLS 1.2 and don't know
+ * how 3,3 version of record packets look like.
+ */
+ if (!IS_DTLS(session))
+ _gnutls_record_set_default_version(session,
+ 3, 0);
+ else if (hver->id == GNUTLS_DTLS0_9)
+ _gnutls_record_set_default_version(session,
+ 1, 0);
+ else
+ _gnutls_record_set_default_version(session,
+ 254,
+ 255);
+ }
+
+ /* In order to know when this session was initiated.
+ */
+ session->security_parameters.timestamp = gnutls_time(NULL);
+
+ /* Generate random data
+ */
+ if (!IS_DTLS(session)
+ || session->internals.dtls.hsk_hello_verify_requests ==
+ 0) {
+ ret = _gnutls_set_client_random(session, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ memcpy(&data[pos],
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ } else
+ memcpy(&data[pos],
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+
+ pos += GNUTLS_RANDOM_SIZE;
+
+ /* Copy the Session ID
+ */
+ data[pos++] = session_id_len;
+
+ if (session_id_len > 0) {
+ memcpy(&data[pos],
+ session->internals.
+ resumed_security_parameters.session_id,
+ session_id_len);
+ pos += session_id_len;
+ }
+
+ /* Copy the DTLS cookie
+ */
+ if (IS_DTLS(session)) {
+ data[pos++] = session->internals.dtls.cookie_len;
+ memcpy(&data[pos], &session->internals.dtls.cookie,
+ session->internals.dtls.cookie_len);
+ /* pos += session->internals.dtls.cookie_len; */
+ }
+
+ /* Copy the ciphersuites.
+ *
+ * If using SSLv3 Send TLS_RENEGO_PROTECTION_REQUEST SCSV for MITM
+ * prevention on initial negotiation (but not renegotiation; that's
+ * handled with the RI extension below).
+ */
+ if (!session->internals.initial_negotiation_completed &&
+ session->security_parameters.entity == GNUTLS_CLIENT &&
+ (hver->id == GNUTLS_SSL3 ||
+ session->internals.priorities.no_extensions != 0)) {
+ ret =
+ _gnutls_copy_ciphersuites(session, &extdata,
+ TRUE);
+ _gnutls_extension_list_add(session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION);
+ } else
+ ret =
+ _gnutls_copy_ciphersuites(session, &extdata,
+ FALSE);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Copy the compression methods.
+ */
+ ret = _gnutls_copy_comp_methods(session, &extdata);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Generate and copy TLS extensions.
+ */
+ if (session->internals.priorities.no_extensions == 0) {
+ if (_gnutls_version_has_extensions(hver))
+ type = GNUTLS_EXT_ANY;
+ else {
+ if (session->internals.
+ initial_negotiation_completed != 0)
+ type = GNUTLS_EXT_MANDATORY;
+ else
+ type = GNUTLS_EXT_NONE;
+ }
+
+ ret =
+ _gnutls_gen_extensions(session, &extdata,
+ type);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ }
+
+ ret =
+ _mbuffer_append_data(bufel, extdata.data,
+ extdata.length);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ _gnutls_buffer_clear(&extdata);
+
+ return
+ _gnutls_send_handshake(session, bufel,
+ GNUTLS_HANDSHAKE_CLIENT_HELLO);
+
+ cleanup:
+ _mbuffer_xfree(&bufel);
+ _gnutls_buffer_clear(&extdata);
+ return ret;
}
-static int
-_gnutls_send_server_hello (gnutls_session_t session, int again)
+static int _gnutls_send_server_hello(gnutls_session_t session, int again)
{
- mbuffer_st *bufel = NULL;
- uint8_t *data = NULL;
- gnutls_buffer_st extdata;
- int pos = 0;
- int datalen, ret = 0;
- uint8_t comp;
- uint8_t session_id_len = session->security_parameters.session_id_size;
- char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
- const version_entry_st* vers;
-
- _gnutls_buffer_init(&extdata);
-
- if (again == 0)
- {
- datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3;
- ret =
- _gnutls_gen_extensions (session, &extdata,
- (session->internals.resumed==RESUME_TRUE)?
- GNUTLS_EXT_MANDATORY:GNUTLS_EXT_ANY);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- bufel = _gnutls_handshake_alloc (session, datalen + extdata.length, datalen + extdata.length);
- if (bufel == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto fail;
- }
- data = _mbuffer_get_udata_ptr (bufel);
-
- vers = get_version(session);
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- data[pos++] = vers->major;
- data[pos++] = vers->minor;
-
- memcpy (&data[pos],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
- pos += GNUTLS_RANDOM_SIZE;
-
- data[pos++] = session_id_len;
- if (session_id_len > 0)
- {
- memcpy (&data[pos], session->security_parameters.session_id,
- session_id_len);
- }
- pos += session_id_len;
-
- _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,
- _gnutls_bin2hex (session->security_parameters.
- session_id, session_id_len, buf,
- sizeof (buf), NULL));
-
- memcpy (&data[pos],
- session->security_parameters.cipher_suite, 2);
- pos += 2;
-
- comp = _gnutls_compression_get_num ( session->security_parameters.compression_method);
- data[pos++] = comp;
-
- if (extdata.length > 0)
- {
- memcpy (&data[pos], extdata.data, extdata.length);
- }
- }
-
- ret =
- _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_SERVER_HELLO);
-
-fail:
- _gnutls_buffer_clear(&extdata);
- return ret;
+ mbuffer_st *bufel = NULL;
+ uint8_t *data = NULL;
+ gnutls_buffer_st extdata;
+ int pos = 0;
+ int datalen, ret = 0;
+ uint8_t comp;
+ uint8_t session_id_len =
+ session->security_parameters.session_id_size;
+ char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
+ const version_entry_st *vers;
+
+ _gnutls_buffer_init(&extdata);
+
+ if (again == 0) {
+ datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3;
+ ret =
+ _gnutls_gen_extensions(session, &extdata,
+ (session->internals.resumed ==
+ RESUME_TRUE) ?
+ GNUTLS_EXT_MANDATORY :
+ GNUTLS_EXT_ANY);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ bufel =
+ _gnutls_handshake_alloc(session,
+ datalen + extdata.length,
+ datalen + extdata.length);
+ if (bufel == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
+ }
+ data = _mbuffer_get_udata_ptr(bufel);
+
+ vers = get_version(session);
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ data[pos++] = vers->major;
+ data[pos++] = vers->minor;
+
+ memcpy(&data[pos],
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ pos += GNUTLS_RANDOM_SIZE;
+
+ data[pos++] = session_id_len;
+ if (session_id_len > 0) {
+ memcpy(&data[pos],
+ session->security_parameters.session_id,
+ session_id_len);
+ }
+ pos += session_id_len;
+
+ _gnutls_handshake_log("HSK[%p]: SessionID: %s\n", session,
+ _gnutls_bin2hex(session->
+ security_parameters.session_id,
+ session_id_len, buf,
+ sizeof(buf), NULL));
+
+ memcpy(&data[pos],
+ session->security_parameters.cipher_suite, 2);
+ pos += 2;
+
+ comp =
+ _gnutls_compression_get_num(session->
+ security_parameters.
+ compression_method);
+ data[pos++] = comp;
+
+ if (extdata.length > 0) {
+ memcpy(&data[pos], extdata.data, extdata.length);
+ }
+ }
+
+ ret =
+ _gnutls_send_handshake(session, bufel,
+ GNUTLS_HANDSHAKE_SERVER_HELLO);
+
+ fail:
+ _gnutls_buffer_clear(&extdata);
+ return ret;
}
-int
-_gnutls_send_hello (gnutls_session_t session, int again)
+int _gnutls_send_hello(gnutls_session_t session, int again)
{
- int ret;
+ int ret;
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- ret = _gnutls_send_client_hello (session, again);
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ ret = _gnutls_send_client_hello(session, again);
- }
- else
- { /* SERVER */
- ret = _gnutls_send_server_hello (session, again);
- }
+ } else { /* SERVER */
+ ret = _gnutls_send_server_hello(session, again);
+ }
- return ret;
+ return ret;
}
/* RECEIVE A HELLO MESSAGE. This should be called from gnutls_recv_handshake_int only if a
@@ -2213,94 +2226,84 @@ _gnutls_send_hello (gnutls_session_t session, int again)
* and internals.compression_method.
*/
int
-_gnutls_recv_hello (gnutls_session_t session, uint8_t * data, int datalen)
+_gnutls_recv_hello(gnutls_session_t session, uint8_t * data, int datalen)
{
- int ret;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- ret = _gnutls_read_server_hello (session, data, datalen);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- else
- { /* Server side reading a client hello */
-
- ret = _gnutls_read_client_hello (session, data, datalen);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- ret = _gnutls_ext_sr_verify (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ ret = _gnutls_read_server_hello(session, data, datalen);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ } else { /* Server side reading a client hello */
+
+ ret = _gnutls_read_client_hello(session, data, datalen);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ ret = _gnutls_ext_sr_verify(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
static int
-_gnutls_recv_hello_verify_request (gnutls_session_t session,
- uint8_t * data, int datalen)
+_gnutls_recv_hello_verify_request(gnutls_session_t session,
+ uint8_t * data, int datalen)
{
- ssize_t len = datalen;
- size_t pos = 0;
- uint8_t cookie_len;
- unsigned int nb_verifs;
-
- if (!IS_DTLS (session)
- || session->security_parameters.entity == GNUTLS_SERVER)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- nb_verifs = ++session->internals.dtls.hsk_hello_verify_requests;
- if (nb_verifs >= MAX_HANDSHAKE_HELLO_VERIFY_REQUESTS)
- {
- /* The server is either buggy, malicious or changing cookie
- secrets _way_ too fast. */
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
-
- /* TODO: determine if we need to do anything with the server version field */
- DECR_LEN (len, 2);
- pos += 2;
-
- DECR_LEN (len, 1);
- cookie_len = data[pos];
- pos++;
-
- if (cookie_len > DTLS_MAX_COOKIE_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- DECR_LEN (len, cookie_len);
-
- session->internals.dtls.cookie_len = cookie_len;
- memcpy (session->internals.dtls.cookie, &data[pos], cookie_len);
-
- if (len != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- /* reset handshake hash buffers */
- _gnutls_handshake_hash_buffer_empty (session);
-
- return 0;
+ ssize_t len = datalen;
+ size_t pos = 0;
+ uint8_t cookie_len;
+ unsigned int nb_verifs;
+
+ if (!IS_DTLS(session)
+ || session->security_parameters.entity == GNUTLS_SERVER) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ nb_verifs = ++session->internals.dtls.hsk_hello_verify_requests;
+ if (nb_verifs >= MAX_HANDSHAKE_HELLO_VERIFY_REQUESTS) {
+ /* The server is either buggy, malicious or changing cookie
+ secrets _way_ too fast. */
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+
+ /* TODO: determine if we need to do anything with the server version field */
+ DECR_LEN(len, 2);
+ pos += 2;
+
+ DECR_LEN(len, 1);
+ cookie_len = data[pos];
+ pos++;
+
+ if (cookie_len > DTLS_MAX_COOKIE_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ DECR_LEN(len, cookie_len);
+
+ session->internals.dtls.cookie_len = cookie_len;
+ memcpy(session->internals.dtls.cookie, &data[pos], cookie_len);
+
+ if (len != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ /* reset handshake hash buffers */
+ _gnutls_handshake_hash_buffer_empty(session);
+
+ return 0;
}
/* The packets in gnutls_handshake (it's more broad than original TLS handshake)
@@ -2368,113 +2371,110 @@ _gnutls_recv_hello_verify_request (gnutls_session_t session,
*
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
-int
-gnutls_rehandshake (gnutls_session_t session)
+int gnutls_rehandshake(gnutls_session_t session)
{
- int ret;
+ int ret;
- /* only server sends that handshake packet */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- return GNUTLS_E_INVALID_REQUEST;
+ /* only server sends that handshake packet */
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ return GNUTLS_E_INVALID_REQUEST;
- _dtls_async_timer_delete(session);
+ _dtls_async_timer_delete(session);
- ret =
- _gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST,
- AGAIN (STATE50));
- STATE = STATE50;
+ ret =
+ _gnutls_send_empty_handshake(session,
+ GNUTLS_HANDSHAKE_HELLO_REQUEST,
+ AGAIN(STATE50));
+ STATE = STATE50;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- STATE = STATE0;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ STATE = STATE0;
- return 0;
+ return 0;
}
inline static int
-_gnutls_abort_handshake (gnutls_session_t session, int ret)
+_gnutls_abort_handshake(gnutls_session_t session, int ret)
{
- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
- (gnutls_alert_get (session) == GNUTLS_A_NO_RENEGOTIATION))
- || ret == GNUTLS_E_GOT_APPLICATION_DATA)
- return 0;
+ if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
+ (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
+ || ret == GNUTLS_E_GOT_APPLICATION_DATA)
+ return 0;
- /* this doesn't matter */
- return GNUTLS_E_INTERNAL_ERROR;
+ /* this doesn't matter */
+ return GNUTLS_E_INTERNAL_ERROR;
}
-static int
-_gnutls_send_supplemental (gnutls_session_t session, int again)
+static int _gnutls_send_supplemental(gnutls_session_t session, int again)
{
- mbuffer_st *bufel;
- int ret = 0;
-
- _gnutls_debug_log ("EXT[%p]: Sending supplemental data\n", session);
-
- if (again)
- ret =
- _gnutls_send_handshake (session, NULL, GNUTLS_HANDSHAKE_SUPPLEMENTAL);
- else
- {
- gnutls_buffer_st buf;
- _gnutls_buffer_init (&buf);
-
- ret = _gnutls_gen_supplemental (session, &buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- bufel = _gnutls_handshake_alloc(session, buf.length, buf.length);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _mbuffer_set_udata (bufel, buf.data, buf.length);
- _gnutls_buffer_clear (&buf);
-
- ret = _gnutls_send_handshake (session, bufel,
- GNUTLS_HANDSHAKE_SUPPLEMENTAL);
- }
-
- return ret;
+ mbuffer_st *bufel;
+ int ret = 0;
+
+ _gnutls_debug_log("EXT[%p]: Sending supplemental data\n", session);
+
+ if (again)
+ ret =
+ _gnutls_send_handshake(session, NULL,
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL);
+ else {
+ gnutls_buffer_st buf;
+ _gnutls_buffer_init(&buf);
+
+ ret = _gnutls_gen_supplemental(session, &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ bufel =
+ _gnutls_handshake_alloc(session, buf.length,
+ buf.length);
+ if (bufel == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _mbuffer_set_udata(bufel, buf.data, buf.length);
+ _gnutls_buffer_clear(&buf);
+
+ ret = _gnutls_send_handshake(session, bufel,
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL);
+ }
+
+ return ret;
}
-static int
-_gnutls_recv_supplemental (gnutls_session_t session)
+static int _gnutls_recv_supplemental(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret;
-
- _gnutls_debug_log ("EXT[%p]: Expecting supplemental data\n", session);
-
- ret = _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_SUPPLEMENTAL,
- 1, &buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_parse_supplemental (session, buf.data, buf.length);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
-cleanup:
- _gnutls_buffer_clear(&buf);
-
- return ret;
+ gnutls_buffer_st buf;
+ int ret;
+
+ _gnutls_debug_log("EXT[%p]: Expecting supplemental data\n",
+ session);
+
+ ret =
+ _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_SUPPLEMENTAL,
+ 1, &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_parse_supplemental(session, buf.data, buf.length);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
+
+ return ret;
}
/**
@@ -2505,73 +2505,66 @@ cleanup:
*
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
-int
-gnutls_handshake (gnutls_session_t session)
+int gnutls_handshake(gnutls_session_t session)
{
- int ret;
- record_parameters_st *params;
-
- /* sanity check. Verify that there are priorities setup.
- */
- if (session->internals.priorities.protocol.algorithms == 0)
- return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
-
- if (session->internals.handshake_timeout_ms &&
- session->internals.handshake_endtime == 0)
- session->internals.handshake_endtime = gnutls_time(0) +
- session->internals.handshake_timeout_ms / 1000;
-
- ret = _gnutls_epoch_get (session, session->security_parameters.epoch_next,
- &params);
- if (ret < 0)
- {
- /* We assume the epoch is not allocated if _gnutls_epoch_get fails. */
- ret =
- _gnutls_epoch_alloc (session, session->security_parameters.epoch_next,
- NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- do
- {
- ret = _gnutls_handshake_client (session);
- } while (ret == 1);
- }
- else
- {
- ret = _gnutls_handshake_server (session);
- }
- if (ret < 0)
- {
- /* In the case of a rehandshake abort
- * we should reset the handshake's internal state.
- */
- if (_gnutls_abort_handshake (session, ret) == 0)
- STATE = STATE0;
-
- return ret;
- }
-
- /* clear handshake buffer */
- _gnutls_handshake_hash_buffers_clear (session);
-
- if (IS_DTLS(session)==0)
- {
- _gnutls_handshake_io_buffer_clear (session);
- }
- else
- {
- _dtls_async_timer_init(session);
- }
-
- _gnutls_handshake_internal_state_clear (session);
-
- session->security_parameters.epoch_next++;
-
- return 0;
+ int ret;
+ record_parameters_st *params;
+
+ /* sanity check. Verify that there are priorities setup.
+ */
+ if (session->internals.priorities.protocol.algorithms == 0)
+ return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
+
+ if (session->internals.handshake_timeout_ms &&
+ session->internals.handshake_endtime == 0)
+ session->internals.handshake_endtime = gnutls_time(0) +
+ session->internals.handshake_timeout_ms / 1000;
+
+ ret =
+ _gnutls_epoch_get(session,
+ session->security_parameters.epoch_next,
+ &params);
+ if (ret < 0) {
+ /* We assume the epoch is not allocated if _gnutls_epoch_get fails. */
+ ret =
+ _gnutls_epoch_alloc(session,
+ session->security_parameters.
+ epoch_next, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ do {
+ ret = _gnutls_handshake_client(session);
+ } while (ret == 1);
+ } else {
+ ret = _gnutls_handshake_server(session);
+ }
+ if (ret < 0) {
+ /* In the case of a rehandshake abort
+ * we should reset the handshake's internal state.
+ */
+ if (_gnutls_abort_handshake(session, ret) == 0)
+ STATE = STATE0;
+
+ return ret;
+ }
+
+ /* clear handshake buffer */
+ _gnutls_handshake_hash_buffers_clear(session);
+
+ if (IS_DTLS(session) == 0) {
+ _gnutls_handshake_io_buffer_clear(session);
+ } else {
+ _dtls_async_timer_init(session);
+ }
+
+ _gnutls_handshake_internal_state_clear(session);
+
+ session->security_parameters.epoch_next++;
+
+ return 0;
}
/**
@@ -2589,11 +2582,11 @@ gnutls_handshake (gnutls_session_t session)
*
**/
void
-gnutls_handshake_set_timeout (gnutls_session_t session, unsigned int ms)
+gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)
{
- if (ms == GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT)
- ms = 40*1000;
- session->internals.handshake_timeout_ms = ms;
+ if (ms == GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT)
+ ms = 40 * 1000;
+ session->internals.handshake_timeout_ms = ms;
}
@@ -2616,218 +2609,220 @@ gnutls_handshake_set_timeout (gnutls_session_t session, unsigned int ms)
*/
static int run_verify_callback(gnutls_session_t session, unsigned int side)
{
- gnutls_certificate_credentials_t cred;
- int ret, type;
-
- cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
- GNUTLS_CRD_CERTIFICATE,
- NULL);
-
- if (side == GNUTLS_CLIENT)
- type = gnutls_auth_server_get_type(session);
- else
- type = gnutls_auth_client_get_type(session);
-
- if (type != GNUTLS_CRD_CERTIFICATE)
- return 0;
-
- if (cred != NULL && cred->verify_callback != NULL &&
- (session->security_parameters.entity == GNUTLS_CLIENT ||
- session->internals.send_cert_req != GNUTLS_CERT_IGNORE))
- {
- ret = cred->verify_callback (session);
- if (ret < -1)
- return ret;
- else if (ret != 0)
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- return 0;
+ gnutls_certificate_credentials_t cred;
+ int ret, type;
+
+ cred =
+ (gnutls_certificate_credentials_t) _gnutls_get_cred(session,
+ GNUTLS_CRD_CERTIFICATE,
+ NULL);
+
+ if (side == GNUTLS_CLIENT)
+ type = gnutls_auth_server_get_type(session);
+ else
+ type = gnutls_auth_client_get_type(session);
+
+ if (type != GNUTLS_CRD_CERTIFICATE)
+ return 0;
+
+ if (cred != NULL && cred->verify_callback != NULL &&
+ (session->security_parameters.entity == GNUTLS_CLIENT ||
+ session->internals.send_cert_req != GNUTLS_CERT_IGNORE)) {
+ ret = cred->verify_callback(session);
+ if (ret < -1)
+ return ret;
+ else if (ret != 0)
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ return 0;
}
/*
* _gnutls_handshake_client
* This function performs the client side of the handshake of the TLS/SSL protocol.
*/
-static int
-_gnutls_handshake_client (gnutls_session_t session)
+static int _gnutls_handshake_client(gnutls_session_t session)
{
- int ret = 0;
+ int ret = 0;
#ifdef HANDSHAKE_DEBUG
- char buf[64];
-
- if (session->internals.resumed_security_parameters.session_id_size > 0)
- _gnutls_handshake_log ("HSK[%p]: Ask to resume: %s\n", session,
- _gnutls_bin2hex (session->
- internals.resumed_security_parameters.session_id,
- session->
- internals.resumed_security_parameters.session_id_size,
- buf, sizeof (buf), NULL));
+ char buf[64];
+
+ if (session->internals.resumed_security_parameters.
+ session_id_size > 0)
+ _gnutls_handshake_log("HSK[%p]: Ask to resume: %s\n",
+ session,
+ _gnutls_bin2hex(session->internals.
+ resumed_security_parameters.
+ session_id,
+ session->internals.
+ resumed_security_parameters.
+ session_id_size, buf,
+ sizeof(buf), NULL));
#endif
- switch (STATE)
- {
- case STATE0:
- case STATE1:
- ret = _gnutls_send_hello (session, AGAIN (STATE1));
- STATE = STATE1;
- IMED_RET ("send hello", ret, 1);
-
- case STATE2:
- if (IS_DTLS (session))
- {
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST,
- 1, NULL);
- STATE = STATE2;
- IMED_RET ("recv hello verify", ret, 1);
-
- if (ret == 1)
- {
- STATE = STATE0;
- return 1;
- }
- }
- case STATE3:
- /* receive the server hello */
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_SERVER_HELLO,
- 0, NULL);
- STATE = STATE3;
- IMED_RET ("recv hello", ret, 1);
-
- case STATE4:
- if (session->security_parameters.do_recv_supplemental)
- {
- ret = _gnutls_recv_supplemental (session);
- STATE = STATE4;
- IMED_RET ("recv supplemental", ret, 1);
- }
-
- case STATE5:
- /* RECV CERTIFICATE */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_certificate (session);
- STATE = STATE5;
- IMED_RET ("recv server certificate", ret, 1);
-
- case STATE6:
- /* RECV CERTIFICATE STATUS */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_certificate_status (session);
- STATE = STATE6;
- IMED_RET ("recv server certificate", ret, 1);
-
- case STATE7:
- ret = run_verify_callback(session, GNUTLS_CLIENT);
- STATE = STATE7;
- if (ret < 0)
- return gnutls_assert_val(ret);
- case STATE8:
- /* receive the server key exchange */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_kx_message (session);
- STATE = STATE8;
- IMED_RET ("recv server kx message", ret, 1);
-
- case STATE9:
- /* receive the server certificate request - if any
- */
-
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_crt_request (session);
- STATE = STATE9;
- IMED_RET ("recv server certificate request message", ret, 1);
-
- case STATE10:
- /* receive the server hello done */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
- 0, NULL);
- STATE = STATE10;
- IMED_RET ("recv server hello done", ret, 1);
-
- case STATE11:
- if (session->security_parameters.do_send_supplemental)
- {
- ret = _gnutls_send_supplemental (session, AGAIN (STATE11));
- STATE = STATE11;
- IMED_RET ("send supplemental", ret, 0);
- }
-
- case STATE12:
- /* send our certificate - if any and if requested
- */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_send_client_certificate (session, AGAIN (STATE12));
- STATE = STATE12;
- IMED_RET ("send client certificate", ret, 0);
-
- case STATE13:
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_send_client_kx_message (session, AGAIN (STATE13));
- STATE = STATE13;
- IMED_RET ("send client kx", ret, 0);
-
- case STATE14:
- /* send client certificate verify */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_send_client_certificate_verify (session, AGAIN (STATE14));
- STATE = STATE14;
- IMED_RET ("send client certificate verify", ret, 1);
-
- case STATE15:
- STATE = STATE15;
- if (session->internals.resumed == RESUME_FALSE)
- {
- ret = _gnutls_send_handshake_final (session, TRUE);
- IMED_RET ("send handshake final 2", ret, 1);
- }
- else
- {
- ret = _gnutls_recv_new_session_ticket (session);
- IMED_RET ("recv handshake new session ticket", ret, 1);
- }
-
- case STATE16:
- STATE = STATE16;
- if (session->internals.resumed == RESUME_FALSE)
- {
- ret = _gnutls_recv_new_session_ticket (session);
- IMED_RET ("recv handshake new session ticket", ret, 1);
- }
- else
- {
- ret = _gnutls_recv_handshake_final (session, TRUE);
- IMED_RET ("recv handshake final", ret, 1);
- }
-
- case STATE17:
- STATE = STATE17;
- if (session->internals.resumed == RESUME_FALSE)
- {
- ret = _gnutls_recv_handshake_final (session, FALSE);
- IMED_RET ("recv handshake final 2", ret, 1);
- }
- else
- {
- ret = _gnutls_send_handshake_final (session, FALSE);
- IMED_RET ("send handshake final", ret, 1);
- }
-
- STATE = STATE0;
- default:
- break;
- }
-
- return 0;
+ switch (STATE) {
+ case STATE0:
+ case STATE1:
+ ret = _gnutls_send_hello(session, AGAIN(STATE1));
+ STATE = STATE1;
+ IMED_RET("send hello", ret, 1);
+
+ case STATE2:
+ if (IS_DTLS(session)) {
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST,
+ 1, NULL);
+ STATE = STATE2;
+ IMED_RET("recv hello verify", ret, 1);
+
+ if (ret == 1) {
+ STATE = STATE0;
+ return 1;
+ }
+ }
+ case STATE3:
+ /* receive the server hello */
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_SERVER_HELLO,
+ 0, NULL);
+ STATE = STATE3;
+ IMED_RET("recv hello", ret, 1);
+
+ case STATE4:
+ if (session->security_parameters.do_recv_supplemental) {
+ ret = _gnutls_recv_supplemental(session);
+ STATE = STATE4;
+ IMED_RET("recv supplemental", ret, 1);
+ }
+
+ case STATE5:
+ /* RECV CERTIFICATE */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_certificate(session);
+ STATE = STATE5;
+ IMED_RET("recv server certificate", ret, 1);
+
+ case STATE6:
+ /* RECV CERTIFICATE STATUS */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_recv_server_certificate_status
+ (session);
+ STATE = STATE6;
+ IMED_RET("recv server certificate", ret, 1);
+
+ case STATE7:
+ ret = run_verify_callback(session, GNUTLS_CLIENT);
+ STATE = STATE7;
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ case STATE8:
+ /* receive the server key exchange */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_kx_message(session);
+ STATE = STATE8;
+ IMED_RET("recv server kx message", ret, 1);
+
+ case STATE9:
+ /* receive the server certificate request - if any
+ */
+
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_crt_request(session);
+ STATE = STATE9;
+ IMED_RET("recv server certificate request message", ret,
+ 1);
+
+ case STATE10:
+ /* receive the server hello done */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+ 0, NULL);
+ STATE = STATE10;
+ IMED_RET("recv server hello done", ret, 1);
+
+ case STATE11:
+ if (session->security_parameters.do_send_supplemental) {
+ ret =
+ _gnutls_send_supplemental(session,
+ AGAIN(STATE11));
+ STATE = STATE11;
+ IMED_RET("send supplemental", ret, 0);
+ }
+
+ case STATE12:
+ /* send our certificate - if any and if requested
+ */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_client_certificate(session,
+ AGAIN
+ (STATE12));
+ STATE = STATE12;
+ IMED_RET("send client certificate", ret, 0);
+
+ case STATE13:
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_client_kx_message(session,
+ AGAIN(STATE13));
+ STATE = STATE13;
+ IMED_RET("send client kx", ret, 0);
+
+ case STATE14:
+ /* send client certificate verify */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_client_certificate_verify(session,
+ AGAIN
+ (STATE14));
+ STATE = STATE14;
+ IMED_RET("send client certificate verify", ret, 1);
+
+ case STATE15:
+ STATE = STATE15;
+ if (session->internals.resumed == RESUME_FALSE) {
+ ret = _gnutls_send_handshake_final(session, TRUE);
+ IMED_RET("send handshake final 2", ret, 1);
+ } else {
+ ret = _gnutls_recv_new_session_ticket(session);
+ IMED_RET("recv handshake new session ticket", ret,
+ 1);
+ }
+
+ case STATE16:
+ STATE = STATE16;
+ if (session->internals.resumed == RESUME_FALSE) {
+ ret = _gnutls_recv_new_session_ticket(session);
+ IMED_RET("recv handshake new session ticket", ret,
+ 1);
+ } else {
+ ret = _gnutls_recv_handshake_final(session, TRUE);
+ IMED_RET("recv handshake final", ret, 1);
+ }
+
+ case STATE17:
+ STATE = STATE17;
+ if (session->internals.resumed == RESUME_FALSE) {
+ ret = _gnutls_recv_handshake_final(session, FALSE);
+ IMED_RET("recv handshake final 2", ret, 1);
+ } else {
+ ret = _gnutls_send_handshake_final(session, FALSE);
+ IMED_RET("send handshake final", ret, 1);
+ }
+
+ STATE = STATE0;
+ default:
+ break;
+ }
+
+ return 0;
}
@@ -2835,517 +2830,499 @@ _gnutls_handshake_client (gnutls_session_t session)
/* This function is to be called if the handshake was successfully
* completed. This sends a Change Cipher Spec packet to the peer.
*/
-static ssize_t
-send_change_cipher_spec (gnutls_session_t session, int again)
+static ssize_t send_change_cipher_spec(gnutls_session_t session, int again)
{
- uint8_t* data;
- mbuffer_st * bufel;
- int ret;
- const version_entry_st* vers;
-
- if (again == 0)
- {
- bufel = _gnutls_handshake_alloc (session, 1, 1);
- if (bufel == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- vers = get_version (session);
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (vers->id == GNUTLS_DTLS0_9)
- _mbuffer_set_uhead_size(bufel, 3);
- else
- _mbuffer_set_uhead_size(bufel, 1);
- _mbuffer_set_udata_size(bufel, 0);
-
- data = _mbuffer_get_uhead_ptr (bufel);
-
- data[0] = 1;
- if (vers->id == GNUTLS_DTLS0_9)
- {
- _gnutls_write_uint16 (session->internals.dtls.hsk_write_seq, &data[1]);
- session->internals.dtls.hsk_write_seq++;
- }
-
- ret = _gnutls_handshake_io_cache_int (session, GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC, bufel);
- if (ret < 0)
- {
- _mbuffer_xfree(&bufel);
- return gnutls_assert_val(ret);
- }
-
- _gnutls_handshake_log ("REC[%p]: Sent ChangeCipherSpec\n", session);
- }
-
- return 0;
+ uint8_t *data;
+ mbuffer_st *bufel;
+ int ret;
+ const version_entry_st *vers;
+
+ if (again == 0) {
+ bufel = _gnutls_handshake_alloc(session, 1, 1);
+ if (bufel == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ vers = get_version(session);
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (vers->id == GNUTLS_DTLS0_9)
+ _mbuffer_set_uhead_size(bufel, 3);
+ else
+ _mbuffer_set_uhead_size(bufel, 1);
+ _mbuffer_set_udata_size(bufel, 0);
+
+ data = _mbuffer_get_uhead_ptr(bufel);
+
+ data[0] = 1;
+ if (vers->id == GNUTLS_DTLS0_9) {
+ _gnutls_write_uint16(session->internals.dtls.
+ hsk_write_seq, &data[1]);
+ session->internals.dtls.hsk_write_seq++;
+ }
+
+ ret =
+ _gnutls_handshake_io_cache_int(session,
+ GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC,
+ bufel);
+ if (ret < 0) {
+ _mbuffer_xfree(&bufel);
+ return gnutls_assert_val(ret);
+ }
+
+ _gnutls_handshake_log("REC[%p]: Sent ChangeCipherSpec\n",
+ session);
+ }
+
+ return 0;
}
/* This function sends the final handshake packets and initializes connection
*/
-static int
-_gnutls_send_handshake_final (gnutls_session_t session, int init)
+static int _gnutls_send_handshake_final(gnutls_session_t session, int init)
{
- int ret = 0;
-
- /* Send the CHANGE CIPHER SPEC PACKET */
-
- switch (FINAL_STATE)
- {
- case STATE0:
- case STATE1:
- ret = send_change_cipher_spec (session, FAGAIN (STATE1));
- FINAL_STATE = STATE0;
-
- if (ret < 0)
- {
- ERR ("send ChangeCipherSpec", ret);
- gnutls_assert ();
- return ret;
- }
- /* Initialize the connection session (start encryption) - in case of client
- */
- if (init == TRUE)
- {
- ret = _gnutls_ext_before_epoch_change(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_connection_state_init (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- ret = _gnutls_write_connection_state_init (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- case STATE2:
- /* send the finished message */
- ret = _gnutls_send_finished (session, FAGAIN (STATE2));
- FINAL_STATE = STATE2;
- if (ret < 0)
- {
- ERR ("send Finished", ret);
- gnutls_assert ();
- return ret;
- }
-
- FINAL_STATE = STATE0;
- default:
- break;
- }
-
- return 0;
+ int ret = 0;
+
+ /* Send the CHANGE CIPHER SPEC PACKET */
+
+ switch (FINAL_STATE) {
+ case STATE0:
+ case STATE1:
+ ret = send_change_cipher_spec(session, FAGAIN(STATE1));
+ FINAL_STATE = STATE0;
+
+ if (ret < 0) {
+ ERR("send ChangeCipherSpec", ret);
+ gnutls_assert();
+ return ret;
+ }
+ /* Initialize the connection session (start encryption) - in case of client
+ */
+ if (init == TRUE) {
+ ret = _gnutls_ext_before_epoch_change(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ ret = _gnutls_write_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ case STATE2:
+ /* send the finished message */
+ ret = _gnutls_send_finished(session, FAGAIN(STATE2));
+ FINAL_STATE = STATE2;
+ if (ret < 0) {
+ ERR("send Finished", ret);
+ gnutls_assert();
+ return ret;
+ }
+
+ FINAL_STATE = STATE0;
+ default:
+ break;
+ }
+
+ return 0;
}
/* This function receives the final handshake packets
* And executes the appropriate function to initialize the
* read session.
*/
-static int
-_gnutls_recv_handshake_final (gnutls_session_t session, int init)
+static int _gnutls_recv_handshake_final(gnutls_session_t session, int init)
{
- int ret = 0;
- uint8_t ch;
- unsigned int ccs_len = 1;
- unsigned int tleft;
- const version_entry_st* vers;
-
- ret = handshake_remaining_time(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- tleft = ret;
-
- switch (FINAL_STATE)
- {
- case STATE0:
- case STATE30:
- FINAL_STATE = STATE30;
-
- /* This is the last flight and peer cannot be sure
- * we have received it unless we notify him. So we
- * wait for a message and retransmit if needed. */
- if (IS_DTLS(session) && !_dtls_is_async(session) &&
- (gnutls_record_check_pending (session) +
- record_check_unprocessed (session)) == 0)
- {
- ret = _dtls_wait_and_retransmit(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- vers = get_version (session);
- if (unlikely(vers == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (vers->id == GNUTLS_DTLS0_9)
- ccs_len = 3;
-
- ret = _gnutls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, ccs_len, NULL,
- tleft);
- if (ret <= 0)
- {
- ERR ("recv ChangeCipherSpec", ret);
- gnutls_assert ();
- return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- if (vers->id == GNUTLS_DTLS0_9)
- session->internals.dtls.hsk_read_seq++;
-
- /* Initialize the connection session (start encryption) - in case of server */
- if (init == TRUE)
- {
- ret = _gnutls_ext_before_epoch_change(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_connection_state_init (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- ret = _gnutls_read_connection_state_init (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- case STATE31:
- FINAL_STATE = STATE31;
-
- if (IS_DTLS(session) && !_dtls_is_async(session) &&
- (gnutls_record_check_pending( session) +
- record_check_unprocessed (session)) == 0)
- {
- ret = _dtls_wait_and_retransmit(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- ret = _gnutls_recv_finished (session);
- if (ret < 0)
- {
- ERR ("recv finished", ret);
- gnutls_assert ();
- return ret;
- }
- FINAL_STATE = STATE0;
- default:
- break;
- }
-
-
- return 0;
+ int ret = 0;
+ uint8_t ch;
+ unsigned int ccs_len = 1;
+ unsigned int tleft;
+ const version_entry_st *vers;
+
+ ret = handshake_remaining_time(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ tleft = ret;
+
+ switch (FINAL_STATE) {
+ case STATE0:
+ case STATE30:
+ FINAL_STATE = STATE30;
+
+ /* This is the last flight and peer cannot be sure
+ * we have received it unless we notify him. So we
+ * wait for a message and retransmit if needed. */
+ if (IS_DTLS(session) && !_dtls_is_async(session) &&
+ (gnutls_record_check_pending(session) +
+ record_check_unprocessed(session)) == 0) {
+ ret = _dtls_wait_and_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ vers = get_version(session);
+ if (unlikely(vers == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (vers->id == GNUTLS_DTLS0_9)
+ ccs_len = 3;
+
+ ret =
+ _gnutls_recv_int(session, GNUTLS_CHANGE_CIPHER_SPEC,
+ -1, &ch, ccs_len, NULL, tleft);
+ if (ret <= 0) {
+ ERR("recv ChangeCipherSpec", ret);
+ gnutls_assert();
+ return (ret <
+ 0) ? ret :
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ if (vers->id == GNUTLS_DTLS0_9)
+ session->internals.dtls.hsk_read_seq++;
+
+ /* Initialize the connection session (start encryption) - in case of server */
+ if (init == TRUE) {
+ ret = _gnutls_ext_before_epoch_change(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ ret = _gnutls_read_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ case STATE31:
+ FINAL_STATE = STATE31;
+
+ if (IS_DTLS(session) && !_dtls_is_async(session) &&
+ (gnutls_record_check_pending(session) +
+ record_check_unprocessed(session)) == 0) {
+ ret = _dtls_wait_and_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ ret = _gnutls_recv_finished(session);
+ if (ret < 0) {
+ ERR("recv finished", ret);
+ gnutls_assert();
+ return ret;
+ }
+ FINAL_STATE = STATE0;
+ default:
+ break;
+ }
+
+
+ return 0;
}
/*
* _gnutls_handshake_server
* This function does the server stuff of the handshake protocol.
*/
-static int
-_gnutls_handshake_server (gnutls_session_t session)
+static int _gnutls_handshake_server(gnutls_session_t session)
{
- int ret = 0;
-
- switch (STATE)
- {
- case STATE0:
- case STATE1:
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CLIENT_HELLO,
- 0, NULL);
- STATE = STATE1;
- IMED_RET ("recv hello", ret, 1);
-
- case STATE2:
- ret = _gnutls_send_hello (session, AGAIN (STATE2));
- STATE = STATE2;
- IMED_RET ("send hello", ret, 1);
-
- case STATE70:
- if (session->security_parameters.do_send_supplemental)
- {
- ret = _gnutls_send_supplemental (session, AGAIN (STATE70));
- STATE = STATE70;
- IMED_RET ("send supplemental data", ret, 0);
- }
-
- /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
- case STATE3:
- /* NOTE: these should not be send if we are resuming */
-
- if (session->internals.resumed == RESUME_FALSE)
- ret = _gnutls_send_server_certificate (session, AGAIN (STATE3));
- STATE = STATE3;
- IMED_RET ("send server certificate", ret, 0);
-
- case STATE4:
- if (session->internals.resumed == RESUME_FALSE)
- ret = _gnutls_send_server_certificate_status (session, AGAIN (STATE4));
- STATE = STATE4;
- IMED_RET ("send server certificate status", ret, 0);
-
- case STATE5:
- /* send server key exchange (A) */
- if (session->internals.resumed == RESUME_FALSE)
- ret = _gnutls_send_server_kx_message (session, AGAIN (STATE5));
- STATE = STATE5;
- IMED_RET ("send server kx", ret, 0);
-
- case STATE6:
- /* Send certificate request - if requested to */
- if (session->internals.resumed == RESUME_FALSE)
- ret =
- _gnutls_send_server_crt_request (session, AGAIN (STATE6));
- STATE = STATE6;
- IMED_RET ("send server cert request", ret, 0);
-
- case STATE7:
- /* send the server hello done */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_send_empty_handshake (session,
- GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
- AGAIN (STATE7));
- STATE = STATE7;
- IMED_RET ("send server hello done", ret, 1);
-
- case STATE71:
- if (session->security_parameters.do_recv_supplemental)
- {
- ret = _gnutls_recv_supplemental (session);
- STATE = STATE71;
- IMED_RET ("recv client supplemental", ret, 1);
- }
-
- /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
- case STATE8:
- /* receive the client certificate message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_certificate (session);
- STATE = STATE8;
- IMED_RET ("recv client certificate", ret, 1);
-
- case STATE9:
- ret = run_verify_callback(session, GNUTLS_SERVER);
- STATE = STATE9;
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- case STATE10:
- /* receive the client key exchange message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_kx_message (session);
- STATE = STATE10;
- IMED_RET ("recv client kx", ret, 1);
-
- case STATE11:
- /* receive the client certificate verify message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_certificate_verify_message (session);
- STATE = STATE11;
- IMED_RET ("recv client certificate verify", ret, 1);
-
- case STATE12:
- STATE = STATE12;
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- {
- ret = _gnutls_recv_handshake_final (session, TRUE);
- IMED_RET ("recv handshake final", ret, 1);
- }
- else
- {
- ret = _gnutls_send_handshake_final (session, TRUE);
- IMED_RET ("send handshake final 2", ret, 1);
- }
-
- case STATE13:
- ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE13));
- STATE = STATE13;
- IMED_RET ("send handshake new session ticket", ret, 0);
-
- case STATE14:
- STATE = STATE14;
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- {
- ret = _gnutls_send_handshake_final (session, FALSE);
- IMED_RET ("send handshake final", ret, 1);
-
- if (session->security_parameters.entity == GNUTLS_SERVER && session->internals.ticket_sent == 0)
- {
- /* if no ticket, save session data */
- _gnutls_server_register_current_session (session);
- }
- }
- else
- {
- ret = _gnutls_recv_handshake_final (session, FALSE);
- IMED_RET ("recv handshake final 2", ret, 1);
- }
-
- STATE = STATE0;
- default:
- break;
- }
-
-
- return 0;
+ int ret = 0;
+
+ switch (STATE) {
+ case STATE0:
+ case STATE1:
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CLIENT_HELLO,
+ 0, NULL);
+ STATE = STATE1;
+ IMED_RET("recv hello", ret, 1);
+
+ case STATE2:
+ ret = _gnutls_send_hello(session, AGAIN(STATE2));
+ STATE = STATE2;
+ IMED_RET("send hello", ret, 1);
+
+ case STATE70:
+ if (session->security_parameters.do_send_supplemental) {
+ ret =
+ _gnutls_send_supplemental(session,
+ AGAIN(STATE70));
+ STATE = STATE70;
+ IMED_RET("send supplemental data", ret, 0);
+ }
+
+ /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
+ case STATE3:
+ /* NOTE: these should not be send if we are resuming */
+
+ if (session->internals.resumed == RESUME_FALSE)
+ ret =
+ _gnutls_send_server_certificate(session,
+ AGAIN(STATE3));
+ STATE = STATE3;
+ IMED_RET("send server certificate", ret, 0);
+
+ case STATE4:
+ if (session->internals.resumed == RESUME_FALSE)
+ ret =
+ _gnutls_send_server_certificate_status(session,
+ AGAIN
+ (STATE4));
+ STATE = STATE4;
+ IMED_RET("send server certificate status", ret, 0);
+
+ case STATE5:
+ /* send server key exchange (A) */
+ if (session->internals.resumed == RESUME_FALSE)
+ ret =
+ _gnutls_send_server_kx_message(session,
+ AGAIN(STATE5));
+ STATE = STATE5;
+ IMED_RET("send server kx", ret, 0);
+
+ case STATE6:
+ /* Send certificate request - if requested to */
+ if (session->internals.resumed == RESUME_FALSE)
+ ret =
+ _gnutls_send_server_crt_request(session,
+ AGAIN(STATE6));
+ STATE = STATE6;
+ IMED_RET("send server cert request", ret, 0);
+
+ case STATE7:
+ /* send the server hello done */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_empty_handshake(session,
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+ AGAIN(STATE7));
+ STATE = STATE7;
+ IMED_RET("send server hello done", ret, 1);
+
+ case STATE71:
+ if (session->security_parameters.do_recv_supplemental) {
+ ret = _gnutls_recv_supplemental(session);
+ STATE = STATE71;
+ IMED_RET("recv client supplemental", ret, 1);
+ }
+
+ /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
+ case STATE8:
+ /* receive the client certificate message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_certificate(session);
+ STATE = STATE8;
+ IMED_RET("recv client certificate", ret, 1);
+
+ case STATE9:
+ ret = run_verify_callback(session, GNUTLS_SERVER);
+ STATE = STATE9;
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ case STATE10:
+ /* receive the client key exchange message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_kx_message(session);
+ STATE = STATE10;
+ IMED_RET("recv client kx", ret, 1);
+
+ case STATE11:
+ /* receive the client certificate verify message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_recv_client_certificate_verify_message
+ (session);
+ STATE = STATE11;
+ IMED_RET("recv client certificate verify", ret, 1);
+
+ case STATE12:
+ STATE = STATE12;
+ if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */
+ ret = _gnutls_recv_handshake_final(session, TRUE);
+ IMED_RET("recv handshake final", ret, 1);
+ } else {
+ ret = _gnutls_send_handshake_final(session, TRUE);
+ IMED_RET("send handshake final 2", ret, 1);
+ }
+
+ case STATE13:
+ ret =
+ _gnutls_send_new_session_ticket(session,
+ AGAIN(STATE13));
+ STATE = STATE13;
+ IMED_RET("send handshake new session ticket", ret, 0);
+
+ case STATE14:
+ STATE = STATE14;
+ if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */
+ ret = _gnutls_send_handshake_final(session, FALSE);
+ IMED_RET("send handshake final", ret, 1);
+
+ if (session->security_parameters.entity ==
+ GNUTLS_SERVER
+ && session->internals.ticket_sent == 0) {
+ /* if no ticket, save session data */
+ _gnutls_server_register_current_session
+ (session);
+ }
+ } else {
+ ret = _gnutls_recv_handshake_final(session, FALSE);
+ IMED_RET("recv handshake final 2", ret, 1);
+ }
+
+ STATE = STATE0;
+ default:
+ break;
+ }
+
+
+ return 0;
}
-int
-_gnutls_generate_session_id (uint8_t * session_id, uint8_t * len)
+int _gnutls_generate_session_id(uint8_t * session_id, uint8_t * len)
{
- int ret;
+ int ret;
- *len = TLS_MAX_SESSION_ID_SIZE;
+ *len = TLS_MAX_SESSION_ID_SIZE;
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, session_id, TLS_MAX_SESSION_ID_SIZE);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret =
+ _gnutls_rnd(GNUTLS_RND_NONCE, session_id,
+ TLS_MAX_SESSION_ID_SIZE);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
int
-_gnutls_recv_hello_request (gnutls_session_t session, void *data,
- uint32_t data_size)
+_gnutls_recv_hello_request(gnutls_session_t session, void *data,
+ uint32_t data_size)
{
- uint8_t type;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
- if (data_size < 1)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- type = ((uint8_t *) data)[0];
- if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
- {
- if (IS_DTLS(session))
- session->internals.dtls.hsk_read_seq++;
- return GNUTLS_E_REHANDSHAKE;
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
+ uint8_t type;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+ if (data_size < 1) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ type = ((uint8_t *) data)[0];
+ if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST) {
+ if (IS_DTLS(session))
+ session->internals.dtls.hsk_read_seq++;
+ return GNUTLS_E_REHANDSHAKE;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
}
/* Returns 1 if the given KX has not the corresponding parameters
* (DH or RSA) set up. Otherwise returns 0.
*/
inline static int
-check_server_params (gnutls_session_t session,
- gnutls_kx_algorithm_t kx,
- gnutls_kx_algorithm_t * alg, int alg_size)
+check_server_params(gnutls_session_t session,
+ gnutls_kx_algorithm_t kx,
+ gnutls_kx_algorithm_t * alg, int alg_size)
{
- int cred_type;
- gnutls_dh_params_t dh_params = NULL;
- int j;
-
- cred_type = _gnutls_map_kx_get_cred (kx, 1);
-
- /* Read the Diffie-Hellman parameters, if any.
- */
- if (cred_type == GNUTLS_CRD_CERTIFICATE)
- {
- int delete;
- gnutls_certificate_credentials_t x509_cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
- cred_type, NULL);
-
- if (x509_cred != NULL)
- {
- dh_params =
- _gnutls_get_dh_params (x509_cred->dh_params,
- x509_cred->params_func, session);
- }
-
- /* Check also if the certificate supports the
- * KX method.
- */
- delete = 1;
- for (j = 0; j < alg_size; j++)
- {
- if (alg[j] == kx)
- {
- delete = 0;
- break;
- }
- }
-
- if (delete == 1)
- return 1;
+ int cred_type;
+ gnutls_dh_params_t dh_params = NULL;
+ int j;
+
+ cred_type = _gnutls_map_kx_get_cred(kx, 1);
+
+ /* Read the Diffie-Hellman parameters, if any.
+ */
+ if (cred_type == GNUTLS_CRD_CERTIFICATE) {
+ int delete;
+ gnutls_certificate_credentials_t x509_cred =
+ (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session,
+ cred_type, NULL);
+
+ if (x509_cred != NULL) {
+ dh_params =
+ _gnutls_get_dh_params(x509_cred->dh_params,
+ x509_cred->params_func,
+ session);
+ }
+
+ /* Check also if the certificate supports the
+ * KX method.
+ */
+ delete = 1;
+ for (j = 0; j < alg_size; j++) {
+ if (alg[j] == kx) {
+ delete = 0;
+ break;
+ }
+ }
+
+ if (delete == 1)
+ return 1;
#ifdef ENABLE_ANON
- }
- else if (cred_type == GNUTLS_CRD_ANON)
- {
- gnutls_anon_server_credentials_t anon_cred =
- (gnutls_anon_server_credentials_t) _gnutls_get_cred (session,
- cred_type, NULL);
-
- if (anon_cred != NULL)
- {
- dh_params =
- _gnutls_get_dh_params (anon_cred->dh_params,
- anon_cred->params_func, session);
- }
+ } else if (cred_type == GNUTLS_CRD_ANON) {
+ gnutls_anon_server_credentials_t anon_cred =
+ (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred(session,
+ cred_type, NULL);
+
+ if (anon_cred != NULL) {
+ dh_params =
+ _gnutls_get_dh_params(anon_cred->dh_params,
+ anon_cred->params_func,
+ session);
+ }
#endif
#ifdef ENABLE_PSK
- }
- else if (cred_type == GNUTLS_CRD_PSK)
- {
- gnutls_psk_server_credentials_t psk_cred =
- (gnutls_psk_server_credentials_t) _gnutls_get_cred (session,
- cred_type, NULL);
-
- if (psk_cred != NULL)
- {
- dh_params =
- _gnutls_get_dh_params (psk_cred->dh_params, psk_cred->params_func,
- session);
- }
+ } else if (cred_type == GNUTLS_CRD_PSK) {
+ gnutls_psk_server_credentials_t psk_cred =
+ (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session,
+ cred_type, NULL);
+
+ if (psk_cred != NULL) {
+ dh_params =
+ _gnutls_get_dh_params(psk_cred->dh_params,
+ psk_cred->params_func,
+ session);
+ }
#endif
- }
- else
- return 0; /* no need for params */
-
- /* If the key exchange method needs DH params,
- * but they are not set then remove it.
- */
- if (_gnutls_kx_needs_dh_params (kx) != 0)
- {
- /* needs DH params. */
- if (_gnutls_dh_params_to_mpi (dh_params) == NULL)
- {
- gnutls_assert ();
- return 1;
- }
- }
-
- return 0;
+ } else
+ return 0; /* no need for params */
+
+ /* If the key exchange method needs DH params,
+ * but they are not set then remove it.
+ */
+ if (_gnutls_kx_needs_dh_params(kx) != 0) {
+ /* needs DH params. */
+ if (_gnutls_dh_params_to_mpi(dh_params) == NULL) {
+ gnutls_assert();
+ return 1;
+ }
+ }
+
+ return 0;
}
/* This function will remove algorithms that are not supported by
@@ -3356,131 +3333,131 @@ check_server_params (gnutls_session_t session,
* by checking certificates etc.
*/
static int
-_gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
- uint8_t * cipher_suites,
- int cipher_suites_size,
- gnutls_pk_algorithm_t *pk_algos,
- size_t pk_algos_size)
+_gnutls_remove_unwanted_ciphersuites(gnutls_session_t session,
+ uint8_t * cipher_suites,
+ int cipher_suites_size,
+ gnutls_pk_algorithm_t * pk_algos,
+ size_t pk_algos_size)
{
- int ret = 0;
- int i, new_suites_size;
- gnutls_certificate_credentials_t cert_cred;
- gnutls_kx_algorithm_t kx;
- int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
- gnutls_kx_algorithm_t alg[MAX_ALGOS];
- int alg_size = MAX_ALGOS;
-
- /* if we should use a specific certificate,
- * we should remove all algorithms that are not supported
- * by that certificate and are on the same authentication
- * method (CERTIFICATE).
- */
- cert_cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
- GNUTLS_CRD_CERTIFICATE,
- NULL);
-
- /* If there are certificate credentials, find an appropriate certificate
- * or disable them;
- */
- if (session->security_parameters.entity == GNUTLS_SERVER
- && cert_cred != NULL && pk_algos_size > 0)
- {
- ret = _gnutls_server_select_cert (session, pk_algos, pk_algos_size);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Could not find an appropriate certificate: %s\n",
- gnutls_strerror (ret));
- }
- }
-
- /* get all the key exchange algorithms that are
- * supported by the X509 certificate parameters.
- */
- if ((ret =
- _gnutls_selected_cert_supported_kx (session, alg, &alg_size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- new_suites_size = 0;
-
- /* now removes ciphersuites based on the KX algorithm
- */
- for (i = 0; i < cipher_suites_size; i+=2)
- {
- int delete = 0;
-
- /* finds the key exchange algorithm in
- * the ciphersuite
- */
- kx = _gnutls_cipher_suite_get_kx_algo (&cipher_suites[i]);
-
- /* if it is defined but had no credentials
- */
- if (!session->internals.premaster_set &&
- _gnutls_get_kx_cred (session, kx, NULL) == NULL)
- {
- delete = 1;
- }
- else
- {
- delete = 0;
-
- if (server)
- delete = check_server_params (session, kx, alg, alg_size);
- }
-
- /* If we have not agreed to a common curve with the peer don't bother
- * negotiating ECDH.
- */
- if (server != 0 && _gnutls_kx_is_ecc(kx))
- {
- if (_gnutls_session_ecc_curve_get(session) == GNUTLS_ECC_CURVE_INVALID)
- {
- delete = 1;
- }
- }
-
- /* These two SRP kx's are marked to require a CRD_CERTIFICATE,
- (see cred_mappings in gnutls_algorithms.c), but it also
- requires a SRP credential. Don't use SRP kx unless we have a
- SRP credential too. */
- if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS)
- {
- if (!_gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL))
- {
- delete = 1;
- }
- }
-
- if (delete == 0)
- {
-
- _gnutls_handshake_log ("HSK[%p]: Keeping ciphersuite: %s (%.2X.%.2X)\n",
- session,
- _gnutls_cipher_suite_get_name (&cipher_suites[i]),
- cipher_suites[i], cipher_suites[i+1]);
-
- if (i != new_suites_size)
- memmove( &cipher_suites[new_suites_size], &cipher_suites[i], 2);
- new_suites_size+=2;
- }
- else
- {
- _gnutls_handshake_log ("HSK[%p]: Removing ciphersuite: %s\n",
- session,
- _gnutls_cipher_suite_get_name (&cipher_suites[i]));
-
- }
- }
-
- ret = new_suites_size;
-
- return ret;
+ int ret = 0;
+ int i, new_suites_size;
+ gnutls_certificate_credentials_t cert_cred;
+ gnutls_kx_algorithm_t kx;
+ int server =
+ session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
+ gnutls_kx_algorithm_t alg[MAX_ALGOS];
+ int alg_size = MAX_ALGOS;
+
+ /* if we should use a specific certificate,
+ * we should remove all algorithms that are not supported
+ * by that certificate and are on the same authentication
+ * method (CERTIFICATE).
+ */
+ cert_cred =
+ (gnutls_certificate_credentials_t) _gnutls_get_cred(session,
+ GNUTLS_CRD_CERTIFICATE,
+ NULL);
+
+ /* If there are certificate credentials, find an appropriate certificate
+ * or disable them;
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER
+ && cert_cred != NULL && pk_algos_size > 0) {
+ ret =
+ _gnutls_server_select_cert(session, pk_algos,
+ pk_algos_size);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Could not find an appropriate certificate: %s\n",
+ gnutls_strerror(ret));
+ }
+ }
+
+ /* get all the key exchange algorithms that are
+ * supported by the X509 certificate parameters.
+ */
+ if ((ret =
+ _gnutls_selected_cert_supported_kx(session, alg,
+ &alg_size)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ new_suites_size = 0;
+
+ /* now removes ciphersuites based on the KX algorithm
+ */
+ for (i = 0; i < cipher_suites_size; i += 2) {
+ int delete = 0;
+
+ /* finds the key exchange algorithm in
+ * the ciphersuite
+ */
+ kx = _gnutls_cipher_suite_get_kx_algo(&cipher_suites[i]);
+
+ /* if it is defined but had no credentials
+ */
+ if (!session->internals.premaster_set &&
+ _gnutls_get_kx_cred(session, kx, NULL) == NULL) {
+ delete = 1;
+ } else {
+ delete = 0;
+
+ if (server)
+ delete =
+ check_server_params(session, kx, alg,
+ alg_size);
+ }
+
+ /* If we have not agreed to a common curve with the peer don't bother
+ * negotiating ECDH.
+ */
+ if (server != 0 && _gnutls_kx_is_ecc(kx)) {
+ if (_gnutls_session_ecc_curve_get(session) ==
+ GNUTLS_ECC_CURVE_INVALID) {
+ delete = 1;
+ }
+ }
+
+ /* These two SRP kx's are marked to require a CRD_CERTIFICATE,
+ (see cred_mappings in gnutls_algorithms.c), but it also
+ requires a SRP credential. Don't use SRP kx unless we have a
+ SRP credential too. */
+ if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) {
+ if (!_gnutls_get_cred
+ (session, GNUTLS_CRD_SRP, NULL)) {
+ delete = 1;
+ }
+ }
+
+ if (delete == 0) {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Keeping ciphersuite: %s (%.2X.%.2X)\n",
+ session,
+ _gnutls_cipher_suite_get_name(&cipher_suites
+ [i]),
+ cipher_suites[i], cipher_suites[i + 1]);
+
+ if (i != new_suites_size)
+ memmove(&cipher_suites[new_suites_size],
+ &cipher_suites[i], 2);
+ new_suites_size += 2;
+ } else {
+ _gnutls_handshake_log
+ ("HSK[%p]: Removing ciphersuite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name(&cipher_suites
+ [i]));
+
+ }
+ }
+
+ ret = new_suites_size;
+
+ return ret;
}
@@ -3499,9 +3476,10 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
* limit Denial of Service attacks.
**/
void
-gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max)
+gnutls_handshake_set_max_packet_length(gnutls_session_t session,
+ size_t max)
{
- session->internals.max_handshake_data_buffer_size = max;
+ session->internals.max_handshake_data_buffer_size = max;
}
/**
@@ -3519,9 +3497,9 @@ gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max)
* %gnutls_handshake_description_t.
**/
gnutls_handshake_description_t
-gnutls_handshake_get_last_in (gnutls_session_t session)
+gnutls_handshake_get_last_in(gnutls_session_t session)
{
- return session->internals.last_handshake_in;
+ return session->internals.last_handshake_in;
}
/**
@@ -3539,7 +3517,7 @@ gnutls_handshake_get_last_in (gnutls_session_t session)
* %gnutls_handshake_description_t.
**/
gnutls_handshake_description_t
-gnutls_handshake_get_last_out (gnutls_session_t session)
+gnutls_handshake_get_last_out(gnutls_session_t session)
{
- return session->internals.last_handshake_out;
+ return session->internals.last_handshake_out;
}
diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h
index 77d163d5a0..d3555d48f5 100644
--- a/lib/gnutls_handshake.h
+++ b/lib/gnutls_handshake.h
@@ -25,29 +25,30 @@
#include <gnutls_errors.h>
-int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
- gnutls_handshake_description_t type);
-int _gnutls_recv_hello_request (gnutls_session_t session, void *data,
- uint32_t data_size);
-int _gnutls_send_hello (gnutls_session_t session, int again);
-int _gnutls_recv_hello (gnutls_session_t session, uint8_t * data, int datalen);
-int _gnutls_recv_handshake (gnutls_session_t session,
- gnutls_handshake_description_t type,
- unsigned int optional, gnutls_buffer_st* buf);
-int _gnutls_generate_session_id (uint8_t * session_id, uint8_t * len);
-int _gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd);
-int _gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd);
+int _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel,
+ gnutls_handshake_description_t type);
+int _gnutls_recv_hello_request(gnutls_session_t session, void *data,
+ uint32_t data_size);
+int _gnutls_send_hello(gnutls_session_t session, int again);
+int _gnutls_recv_hello(gnutls_session_t session, uint8_t * data,
+ int datalen);
+int _gnutls_recv_handshake(gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ unsigned int optional, gnutls_buffer_st * buf);
+int _gnutls_generate_session_id(uint8_t * session_id, uint8_t * len);
+int _gnutls_set_server_random(gnutls_session_t session, uint8_t * rnd);
+int _gnutls_set_client_random(gnutls_session_t session, uint8_t * rnd);
-int _gnutls_find_pk_algos_in_ciphersuites (uint8_t * data, int datalen);
-int _gnutls_server_select_suite (gnutls_session_t session, uint8_t * data,
- unsigned int datalen);
+int _gnutls_find_pk_algos_in_ciphersuites(uint8_t * data, int datalen);
+int _gnutls_server_select_suite(gnutls_session_t session, uint8_t * data,
+ unsigned int datalen);
-int _gnutls_negotiate_version (gnutls_session_t session,
- gnutls_protocol_t adv_version);
-int _gnutls_user_hello_func (gnutls_session_t session,
- gnutls_protocol_t adv_version);
+int _gnutls_negotiate_version(gnutls_session_t session,
+ gnutls_protocol_t adv_version);
+int _gnutls_user_hello_func(gnutls_session_t session,
+ gnutls_protocol_t adv_version);
-void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session);
+void _gnutls_handshake_hash_buffers_clear(gnutls_session_t session);
#define STATE session->internals.handshake_state
#define FINAL_STATE session->internals.handshake_final_state
@@ -60,15 +61,15 @@ void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session);
inline static int handshake_remaining_time(gnutls_session_t session)
{
- if (session->internals.handshake_endtime)
- {
- time_t now = gnutls_time(0);
- if (now < session->internals.handshake_endtime)
- return (session->internals.handshake_endtime - now) * 1000;
- else
- return gnutls_assert_val(GNUTLS_E_TIMEDOUT);
- }
- return 0;
+ if (session->internals.handshake_endtime) {
+ time_t now = gnutls_time(0);
+ if (now < session->internals.handshake_endtime)
+ return (session->internals.handshake_endtime -
+ now) * 1000;
+ else
+ return gnutls_assert_val(GNUTLS_E_TIMEDOUT);
+ }
+ return 0;
}
#endif
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index c83b614496..7f16a54d3e 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -29,124 +29,117 @@
#include <gnutls_errors.h>
#include <algorithms.h>
-int
-_gnutls_hash_init (digest_hd_st * dig, const mac_entry_st* e)
+int _gnutls_hash_init(digest_hd_st * dig, const mac_entry_st * e)
{
- int result;
- const gnutls_crypto_digest_st *cc = NULL;
-
- dig->e = e;
-
- /* check if a digest has been registered
- */
- cc = _gnutls_get_crypto_digest (e->id);
- if (cc != NULL && cc->init)
- {
- if (cc->init (e->id, &dig->handle) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
-
- dig->hash = cc->hash;
- dig->output = cc->output;
- dig->deinit = cc->deinit;
-
- return 0;
- }
-
- result = _gnutls_digest_ops.init (e->id, &dig->handle);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- dig->hash = _gnutls_digest_ops.hash;
- dig->output = _gnutls_digest_ops.output;
- dig->deinit = _gnutls_digest_ops.deinit;
-
- return 0;
+ int result;
+ const gnutls_crypto_digest_st *cc = NULL;
+
+ dig->e = e;
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_digest(e->id);
+ if (cc != NULL && cc->init) {
+ if (cc->init(e->id, &dig->handle) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ dig->hash = cc->hash;
+ dig->output = cc->output;
+ dig->deinit = cc->deinit;
+
+ return 0;
+ }
+
+ result = _gnutls_digest_ops.init(e->id, &dig->handle);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ dig->hash = _gnutls_digest_ops.hash;
+ dig->output = _gnutls_digest_ops.output;
+ dig->deinit = _gnutls_digest_ops.deinit;
+
+ return 0;
}
-void
-_gnutls_hash_deinit (digest_hd_st * handle, void *digest)
+void _gnutls_hash_deinit(digest_hd_st * handle, void *digest)
{
- if (handle->handle == NULL)
- {
- return;
- }
+ if (handle->handle == NULL) {
+ return;
+ }
- if (digest != NULL)
- _gnutls_hash_output (handle, digest);
+ if (digest != NULL)
+ _gnutls_hash_output(handle, digest);
- handle->deinit (handle->handle);
- handle->handle = NULL;
+ handle->deinit(handle->handle);
+ handle->handle = NULL;
}
int
-_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest)
+_gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest)
{
- int ret;
- const gnutls_crypto_digest_st *cc = NULL;
-
- /* check if a digest has been registered
- */
- cc = _gnutls_get_crypto_digest (algorithm);
- if (cc != NULL)
- {
- if (cc->fast (algorithm, text, textlen, digest) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
-
- return 0;
- }
-
- ret = _gnutls_digest_ops.fast (algorithm, text, textlen, digest);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret;
+ const gnutls_crypto_digest_st *cc = NULL;
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_digest(algorithm);
+ if (cc != NULL) {
+ if (cc->fast(algorithm, text, textlen, digest) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ return 0;
+ }
+
+ ret = _gnutls_digest_ops.fast(algorithm, text, textlen, digest);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/* HMAC interface */
int
-_gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
- int keylen, const void *text, size_t textlen, void *digest)
+_gnutls_mac_fast(gnutls_mac_algorithm_t algorithm, const void *key,
+ int keylen, const void *text, size_t textlen,
+ void *digest)
{
- int ret;
- const gnutls_crypto_mac_st *cc = NULL;
-
- /* check if a digest has been registered
- */
- cc = _gnutls_get_crypto_mac (algorithm);
- if (cc != NULL)
- {
- if (cc->fast (algorithm, NULL, 0, key, keylen, text, textlen, digest) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
-
- return 0;
- }
-
- ret = _gnutls_mac_ops.fast (algorithm, NULL, 0, key, keylen, text, textlen, digest);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret;
+ const gnutls_crypto_mac_st *cc = NULL;
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_mac(algorithm);
+ if (cc != NULL) {
+ if (cc->
+ fast(algorithm, NULL, 0, key, keylen, text, textlen,
+ digest) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ return 0;
+ }
+
+ ret =
+ _gnutls_mac_ops.fast(algorithm, NULL, 0, key, keylen, text,
+ textlen, digest);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
@@ -155,382 +148,356 @@ _gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
*/
int _gnutls_mac_exists(gnutls_mac_algorithm_t algo)
{
- const gnutls_crypto_mac_st *cc = NULL;
+ const gnutls_crypto_mac_st *cc = NULL;
- cc = _gnutls_get_crypto_mac (algo);
- if (cc != NULL) return 1;
+ cc = _gnutls_get_crypto_mac(algo);
+ if (cc != NULL)
+ return 1;
- return _gnutls_mac_ops.exists (algo);
+ return _gnutls_mac_ops.exists(algo);
}
int
-_gnutls_mac_init (mac_hd_st * mac, const mac_entry_st* e,
- const void *key, int keylen)
+_gnutls_mac_init(mac_hd_st * mac, const mac_entry_st * e,
+ const void *key, int keylen)
{
- int result;
- const gnutls_crypto_mac_st *cc = NULL;
-
- mac->e = e;
- mac->mac_len = _gnutls_mac_get_algo_len (e);
-
- /* check if a digest has been registered
- */
- cc = _gnutls_get_crypto_mac (e->id);
- if (cc != NULL && cc->init != NULL)
- {
- if (cc->init (e->id, &mac->handle) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
-
- if (cc->setkey (mac->handle, key, keylen) < 0)
- {
- gnutls_assert ();
- cc->deinit (mac->handle);
- return GNUTLS_E_HASH_FAILED;
- }
-
- mac->hash = cc->hash;
- mac->setnonce = cc->setnonce;
- mac->output = cc->output;
- mac->deinit = cc->deinit;
-
- return 0;
- }
-
- result = _gnutls_mac_ops.init (e->id, &mac->handle);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- mac->hash = _gnutls_mac_ops.hash;
- mac->setnonce = _gnutls_mac_ops.setnonce;
- mac->output = _gnutls_mac_ops.output;
- mac->deinit = _gnutls_mac_ops.deinit;
-
- if (_gnutls_mac_ops.setkey (mac->handle, key, keylen) < 0)
- {
- gnutls_assert();
- mac->deinit(mac->handle);
- return GNUTLS_E_HASH_FAILED;
- }
-
- return 0;
+ int result;
+ const gnutls_crypto_mac_st *cc = NULL;
+
+ mac->e = e;
+ mac->mac_len = _gnutls_mac_get_algo_len(e);
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_mac(e->id);
+ if (cc != NULL && cc->init != NULL) {
+ if (cc->init(e->id, &mac->handle) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ if (cc->setkey(mac->handle, key, keylen) < 0) {
+ gnutls_assert();
+ cc->deinit(mac->handle);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ mac->hash = cc->hash;
+ mac->setnonce = cc->setnonce;
+ mac->output = cc->output;
+ mac->deinit = cc->deinit;
+
+ return 0;
+ }
+
+ result = _gnutls_mac_ops.init(e->id, &mac->handle);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ mac->hash = _gnutls_mac_ops.hash;
+ mac->setnonce = _gnutls_mac_ops.setnonce;
+ mac->output = _gnutls_mac_ops.output;
+ mac->deinit = _gnutls_mac_ops.deinit;
+
+ if (_gnutls_mac_ops.setkey(mac->handle, key, keylen) < 0) {
+ gnutls_assert();
+ mac->deinit(mac->handle);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ return 0;
}
-void
-_gnutls_mac_deinit (mac_hd_st * handle, void *digest)
+void _gnutls_mac_deinit(mac_hd_st * handle, void *digest)
{
- if (handle->handle == NULL)
- {
- return;
- }
+ if (handle->handle == NULL) {
+ return;
+ }
- if (digest)
- _gnutls_mac_output (handle, digest);
+ if (digest)
+ _gnutls_mac_output(handle, digest);
- handle->deinit (handle->handle);
- handle->handle = NULL;
+ handle->deinit(handle->handle);
+ handle->handle = NULL;
}
-inline static int
-get_padsize (gnutls_digest_algorithm_t algorithm)
+inline static int get_padsize(gnutls_digest_algorithm_t algorithm)
{
- switch (algorithm)
- {
- case GNUTLS_DIG_MD5:
- return 48;
- case GNUTLS_DIG_SHA1:
- return 40;
- default:
- return 0;
- }
+ switch (algorithm) {
+ case GNUTLS_DIG_MD5:
+ return 48;
+ case GNUTLS_DIG_SHA1:
+ return 40;
+ default:
+ return 0;
+ }
}
/* Special functions for SSL3 MAC
*/
int
-_gnutls_mac_init_ssl3 (digest_hd_st * ret, const mac_entry_st* e,
- void *key, int keylen)
+_gnutls_mac_init_ssl3(digest_hd_st * ret, const mac_entry_st * e,
+ void *key, int keylen)
{
- uint8_t ipad[48];
- int padsize, result;
+ uint8_t ipad[48];
+ int padsize, result;
- padsize = get_padsize ((gnutls_digest_algorithm_t)e->id);
- if (padsize == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
+ padsize = get_padsize((gnutls_digest_algorithm_t) e->id);
+ if (padsize == 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
- memset (ipad, 0x36, padsize);
+ memset(ipad, 0x36, padsize);
- result = _gnutls_hash_init (ret, e);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ result = _gnutls_hash_init(ret, e);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- ret->key = key;
- ret->keysize = keylen;
+ ret->key = key;
+ ret->keysize = keylen;
- if (keylen > 0)
- _gnutls_hash (ret, key, keylen);
- _gnutls_hash (ret, ipad, padsize);
+ if (keylen > 0)
+ _gnutls_hash(ret, key, keylen);
+ _gnutls_hash(ret, ipad, padsize);
- return 0;
+ return 0;
}
-int
-_gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest)
+int _gnutls_mac_output_ssl3(digest_hd_st * handle, void *digest)
{
- uint8_t ret[MAX_HASH_SIZE];
- digest_hd_st td;
- uint8_t opad[48];
- int padsize;
- int block, rc;
-
- padsize = get_padsize (handle->e->id);
- if (padsize == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- memset (opad, 0x5C, padsize);
-
- rc = _gnutls_hash_init (&td, handle->e);
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- if (handle->keysize > 0)
- _gnutls_hash (&td, handle->key, handle->keysize);
-
- _gnutls_hash (&td, opad, padsize);
- block = _gnutls_mac_get_algo_len (handle->e);
- _gnutls_hash_output (handle, ret); /* get the previous hash */
- _gnutls_hash (&td, ret, block);
-
- _gnutls_hash_deinit (&td, digest);
-
- /* reset handle */
- memset (opad, 0x36, padsize);
-
- if (handle->keysize > 0)
- _gnutls_hash (handle, handle->key, handle->keysize);
- _gnutls_hash (handle, opad, padsize);
-
- return 0;
+ uint8_t ret[MAX_HASH_SIZE];
+ digest_hd_st td;
+ uint8_t opad[48];
+ int padsize;
+ int block, rc;
+
+ padsize = get_padsize(handle->e->id);
+ if (padsize == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ memset(opad, 0x5C, padsize);
+
+ rc = _gnutls_hash_init(&td, handle->e);
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ if (handle->keysize > 0)
+ _gnutls_hash(&td, handle->key, handle->keysize);
+
+ _gnutls_hash(&td, opad, padsize);
+ block = _gnutls_mac_get_algo_len(handle->e);
+ _gnutls_hash_output(handle, ret); /* get the previous hash */
+ _gnutls_hash(&td, ret, block);
+
+ _gnutls_hash_deinit(&td, digest);
+
+ /* reset handle */
+ memset(opad, 0x36, padsize);
+
+ if (handle->keysize > 0)
+ _gnutls_hash(handle, handle->key, handle->keysize);
+ _gnutls_hash(handle, opad, padsize);
+
+ return 0;
}
-int
-_gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest)
+int _gnutls_mac_deinit_ssl3(digest_hd_st * handle, void *digest)
{
-int ret = 0;
+ int ret = 0;
- if (digest != NULL) ret = _gnutls_mac_output_ssl3(handle, digest);
- _gnutls_hash_deinit(handle, NULL);
-
- return ret;
+ if (digest != NULL)
+ ret = _gnutls_mac_output_ssl3(handle, digest);
+ _gnutls_hash_deinit(handle, NULL);
+
+ return ret;
}
int
-_gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
- void *digest, uint8_t * key,
- uint32_t key_size)
+_gnutls_mac_deinit_ssl3_handshake(digest_hd_st * handle,
+ void *digest, uint8_t * key,
+ uint32_t key_size)
{
- uint8_t ret[MAX_HASH_SIZE];
- digest_hd_st td;
- uint8_t opad[48];
- uint8_t ipad[48];
- int padsize;
- int block, rc;
-
- padsize = get_padsize (handle->e->id);
- if (padsize == 0)
- {
- gnutls_assert ();
- rc = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- memset (opad, 0x5C, padsize);
- memset (ipad, 0x36, padsize);
-
- rc = _gnutls_hash_init (&td, handle->e);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (key_size > 0)
- _gnutls_hash (&td, key, key_size);
-
- _gnutls_hash (&td, opad, padsize);
- block = _gnutls_mac_get_algo_len (handle->e);
-
- if (key_size > 0)
- _gnutls_hash (handle, key, key_size);
- _gnutls_hash (handle, ipad, padsize);
- _gnutls_hash_deinit (handle, ret); /* get the previous hash */
-
- _gnutls_hash (&td, ret, block);
-
- _gnutls_hash_deinit (&td, digest);
-
- return 0;
-
-cleanup:
- _gnutls_hash_deinit(handle, NULL);
- return rc;
+ uint8_t ret[MAX_HASH_SIZE];
+ digest_hd_st td;
+ uint8_t opad[48];
+ uint8_t ipad[48];
+ int padsize;
+ int block, rc;
+
+ padsize = get_padsize(handle->e->id);
+ if (padsize == 0) {
+ gnutls_assert();
+ rc = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ memset(opad, 0x5C, padsize);
+ memset(ipad, 0x36, padsize);
+
+ rc = _gnutls_hash_init(&td, handle->e);
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (key_size > 0)
+ _gnutls_hash(&td, key, key_size);
+
+ _gnutls_hash(&td, opad, padsize);
+ block = _gnutls_mac_get_algo_len(handle->e);
+
+ if (key_size > 0)
+ _gnutls_hash(handle, key, key_size);
+ _gnutls_hash(handle, ipad, padsize);
+ _gnutls_hash_deinit(handle, ret); /* get the previous hash */
+
+ _gnutls_hash(&td, ret, block);
+
+ _gnutls_hash_deinit(&td, digest);
+
+ return 0;
+
+ cleanup:
+ _gnutls_hash_deinit(handle, NULL);
+ return rc;
}
static int
-ssl3_sha (int i, uint8_t * secret, int secret_len,
- uint8_t * rnd, int rnd_len, void *digest)
+ssl3_sha(int i, uint8_t * secret, int secret_len,
+ uint8_t * rnd, int rnd_len, void *digest)
{
- int j, ret;
- uint8_t text1[26];
+ int j, ret;
+ uint8_t text1[26];
- digest_hd_st td;
+ digest_hd_st td;
- for (j = 0; j < i + 1; j++)
- {
- text1[j] = 65 + i; /* A==65 */
- }
+ for (j = 0; j < i + 1; j++) {
+ text1[j] = 65 + i; /* A==65 */
+ }
- ret = _gnutls_hash_init (&td, mac_to_entry(GNUTLS_MAC_SHA1));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_hash_init(&td, mac_to_entry(GNUTLS_MAC_SHA1));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- _gnutls_hash (&td, text1, i + 1);
- _gnutls_hash (&td, secret, secret_len);
- _gnutls_hash (&td, rnd, rnd_len);
+ _gnutls_hash(&td, text1, i + 1);
+ _gnutls_hash(&td, secret, secret_len);
+ _gnutls_hash(&td, rnd, rnd_len);
- _gnutls_hash_deinit (&td, digest);
- return 0;
+ _gnutls_hash_deinit(&td, digest);
+ return 0;
}
#define SHA1_DIGEST_OUTPUT 20
#define MD5_DIGEST_OUTPUT 16
static int
-ssl3_md5 (int i, uint8_t * secret, int secret_len,
- uint8_t * rnd, int rnd_len, void *digest)
+ssl3_md5(int i, uint8_t * secret, int secret_len,
+ uint8_t * rnd, int rnd_len, void *digest)
{
- uint8_t tmp[MAX_HASH_SIZE];
- digest_hd_st td;
- int ret;
-
- ret = _gnutls_hash_init (&td, mac_to_entry(GNUTLS_MAC_MD5));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&td, secret, secret_len);
-
- ret = ssl3_sha (i, secret, secret_len, rnd, rnd_len, tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&td, digest);
- return ret;
- }
-
- _gnutls_hash (&td, tmp, SHA1_DIGEST_OUTPUT);
-
- _gnutls_hash_deinit (&td, digest);
- return 0;
+ uint8_t tmp[MAX_HASH_SIZE];
+ digest_hd_st td;
+ int ret;
+
+ ret = _gnutls_hash_init(&td, mac_to_entry(GNUTLS_MAC_MD5));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&td, secret, secret_len);
+
+ ret = ssl3_sha(i, secret, secret_len, rnd, rnd_len, tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_hash_deinit(&td, digest);
+ return ret;
+ }
+
+ _gnutls_hash(&td, tmp, SHA1_DIGEST_OUTPUT);
+
+ _gnutls_hash_deinit(&td, digest);
+ return 0;
}
int
-_gnutls_ssl3_hash_md5 (const void *first, int first_len,
- const void *second, int second_len,
- int ret_len, uint8_t * ret)
+_gnutls_ssl3_hash_md5(const void *first, int first_len,
+ const void *second, int second_len,
+ int ret_len, uint8_t * ret)
{
- uint8_t digest[MAX_HASH_SIZE];
- digest_hd_st td;
- int block = MD5_DIGEST_OUTPUT;
- int rc;
+ uint8_t digest[MAX_HASH_SIZE];
+ digest_hd_st td;
+ int block = MD5_DIGEST_OUTPUT;
+ int rc;
- rc = _gnutls_hash_init (&td, mac_to_entry(GNUTLS_MAC_MD5));
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
+ rc = _gnutls_hash_init(&td, mac_to_entry(GNUTLS_MAC_MD5));
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
- _gnutls_hash (&td, first, first_len);
- _gnutls_hash (&td, second, second_len);
+ _gnutls_hash(&td, first, first_len);
+ _gnutls_hash(&td, second, second_len);
- _gnutls_hash_deinit (&td, digest);
+ _gnutls_hash_deinit(&td, digest);
- if (ret_len > block)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (ret_len > block) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- memcpy (ret, digest, ret_len);
+ memcpy(ret, digest, ret_len);
- return 0;
+ return 0;
}
int
-_gnutls_ssl3_generate_random (void *secret, int secret_len,
- void *rnd, int rnd_len,
- int ret_bytes, uint8_t * ret)
+_gnutls_ssl3_generate_random(void *secret, int secret_len,
+ void *rnd, int rnd_len,
+ int ret_bytes, uint8_t * ret)
{
- int i = 0, copy, output_bytes;
- uint8_t digest[MAX_HASH_SIZE];
- int block = MD5_DIGEST_OUTPUT;
- int result, times;
-
- output_bytes = 0;
- do
- {
- output_bytes += block;
- }
- while (output_bytes < ret_bytes);
-
- times = output_bytes / block;
-
- for (i = 0; i < times; i++)
- {
-
- result = ssl3_md5 (i, secret, secret_len, rnd, rnd_len, digest);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if ((1 + i) * block < ret_bytes)
- {
- copy = block;
- }
- else
- {
- copy = ret_bytes - (i) * block;
- }
-
- memcpy (&ret[i * block], digest, copy);
- }
-
- return 0;
+ int i = 0, copy, output_bytes;
+ uint8_t digest[MAX_HASH_SIZE];
+ int block = MD5_DIGEST_OUTPUT;
+ int result, times;
+
+ output_bytes = 0;
+ do {
+ output_bytes += block;
+ }
+ while (output_bytes < ret_bytes);
+
+ times = output_bytes / block;
+
+ for (i = 0; i < times; i++) {
+
+ result =
+ ssl3_md5(i, secret, secret_len, rnd, rnd_len, digest);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if ((1 + i) * block < ret_bytes) {
+ copy = block;
+ } else {
+ copy = ret_bytes - (i) * block;
+ }
+
+ memcpy(&ret[i * block], digest, copy);
+ }
+
+ return 0;
}
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index a08ea248da..0377900a92 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -38,85 +38,79 @@ extern gnutls_crypto_digest_st _gnutls_digest_ops;
typedef int (*hash_func) (void *handle, const void *text, size_t size);
typedef int (*nonce_func) (void *handle, const void *text, size_t size);
-typedef int (*output_func) (void *src_ctx, void *digest, size_t digestsize);
+typedef int (*output_func) (void *src_ctx, void *digest,
+ size_t digestsize);
typedef void (*deinit_func) (void *handle);
-typedef struct
-{
- const mac_entry_st * e;
- hash_func hash;
- output_func output;
- deinit_func deinit;
+typedef struct {
+ const mac_entry_st *e;
+ hash_func hash;
+ output_func output;
+ deinit_func deinit;
- const void *key; /* esoteric use by SSL3 MAC functions */
- int keysize;
+ const void *key; /* esoteric use by SSL3 MAC functions */
+ int keysize;
- void *handle;
+ void *handle;
} digest_hd_st;
-typedef struct
-{
- const mac_entry_st * e;
- int mac_len;
+typedef struct {
+ const mac_entry_st *e;
+ int mac_len;
- hash_func hash;
- nonce_func setnonce;
- output_func output;
- deinit_func deinit;
+ hash_func hash;
+ nonce_func setnonce;
+ output_func output;
+ deinit_func deinit;
- void *handle;
+ void *handle;
} mac_hd_st;
/* basic functions */
int _gnutls_mac_exists(gnutls_mac_algorithm_t algorithm);
-int _gnutls_mac_init (mac_hd_st *, const mac_entry_st* e,
- const void *key, int keylen);
+int _gnutls_mac_init(mac_hd_st *, const mac_entry_st * e,
+ const void *key, int keylen);
-int _gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
- int keylen, const void *text, size_t textlen,
- void *digest);
+int _gnutls_mac_fast(gnutls_mac_algorithm_t algorithm, const void *key,
+ int keylen, const void *text, size_t textlen,
+ void *digest);
inline static int
-_gnutls_mac (mac_hd_st * handle, const void *text, size_t textlen)
+_gnutls_mac(mac_hd_st * handle, const void *text, size_t textlen)
{
- if (textlen > 0)
- {
- return handle->hash (handle->handle, text, textlen);
- }
- return 0;
+ if (textlen > 0) {
+ return handle->hash(handle->handle, text, textlen);
+ }
+ return 0;
}
-inline static void
-_gnutls_mac_output (mac_hd_st * handle, void *digest)
+inline static void _gnutls_mac_output(mac_hd_st * handle, void *digest)
{
- if (digest != NULL)
- {
- handle->output (handle->handle, digest, handle->mac_len);
- }
+ if (digest != NULL) {
+ handle->output(handle->handle, digest, handle->mac_len);
+ }
}
inline static int
-_gnutls_mac_set_nonce (mac_hd_st * handle, const void *nonce, size_t n_size)
+_gnutls_mac_set_nonce(mac_hd_st * handle, const void *nonce, size_t n_size)
{
- if (handle->setnonce)
- return handle->setnonce (handle->handle, nonce, n_size);
- return 0;
+ if (handle->setnonce)
+ return handle->setnonce(handle->handle, nonce, n_size);
+ return 0;
}
-void
-_gnutls_mac_deinit (mac_hd_st * handle, void *digest);
+void _gnutls_mac_deinit(mac_hd_st * handle, void *digest);
/* Hash interface */
-int _gnutls_hash_init (digest_hd_st *, const mac_entry_st* e);
+int _gnutls_hash_init(digest_hd_st *, const mac_entry_st * e);
inline static int
-_gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen)
+_gnutls_hash(digest_hd_st * handle, const void *text, size_t textlen)
{
- if (textlen > 0)
- {
- handle->hash (handle->handle, text, textlen);
- }
- return 0;
+ if (textlen > 0) {
+ handle->hash(handle->handle, text, textlen);
+ }
+ return 0;
}
/* when the current output is needed without calling deinit
@@ -124,36 +118,35 @@ _gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen)
#define _gnutls_hash_output(h, d) \
(h)->output((h)->handle, d, _gnutls_hash_get_algo_len((h)->e))
-void
-_gnutls_hash_deinit (digest_hd_st * handle, void *digest);
+void _gnutls_hash_deinit(digest_hd_st * handle, void *digest);
int
-_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest);
+_gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest);
/* help functions */
-int _gnutls_mac_init_ssl3 (digest_hd_st *, const mac_entry_st* e,
- void *key, int keylen);
-int _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest);
-int _gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest);
+int _gnutls_mac_init_ssl3(digest_hd_st *, const mac_entry_st * e,
+ void *key, int keylen);
+int _gnutls_mac_deinit_ssl3(digest_hd_st * handle, void *digest);
+int _gnutls_mac_output_ssl3(digest_hd_st * handle, void *digest);
-int _gnutls_ssl3_generate_random (void *secret, int secret_len,
- void *rnd, int random_len, int bytes,
- uint8_t * ret);
-int _gnutls_ssl3_hash_md5 (const void *first, int first_len,
- const void *second, int second_len,
- int ret_len, uint8_t * ret);
+int _gnutls_ssl3_generate_random(void *secret, int secret_len,
+ void *rnd, int random_len, int bytes,
+ uint8_t * ret);
+int _gnutls_ssl3_hash_md5(const void *first, int first_len,
+ const void *second, int second_len,
+ int ret_len, uint8_t * ret);
-int _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, void *digest,
- uint8_t * key, uint32_t key_size);
+int _gnutls_mac_deinit_ssl3_handshake(digest_hd_st * handle, void *digest,
+ uint8_t * key, uint32_t key_size);
inline static int IS_SHA(gnutls_digest_algorithm_t algo)
{
- if (algo == GNUTLS_DIG_SHA1 || algo == GNUTLS_DIG_SHA224 ||
- algo == GNUTLS_DIG_SHA256 || algo == GNUTLS_DIG_SHA384 ||
- algo == GNUTLS_DIG_SHA512)
- return 1;
- return 0;
+ if (algo == GNUTLS_DIG_SHA1 || algo == GNUTLS_DIG_SHA224 ||
+ algo == GNUTLS_DIG_SHA256 || algo == GNUTLS_DIG_SHA384 ||
+ algo == GNUTLS_DIG_SHA512)
+ return 1;
+ return 0;
}
-#endif /* GNUTLS_HASH_INT_H */
+#endif /* GNUTLS_HASH_INT_H */
diff --git a/lib/gnutls_helper.c b/lib/gnutls_helper.c
index 6a370ee865..d647fe3327 100644
--- a/lib/gnutls_helper.c
+++ b/lib/gnutls_helper.c
@@ -23,15 +23,14 @@
#include <gnutls_int.h>
#include <gnutls_helper.h>
-int
-_gnutls_file_exists (const char *file)
+int _gnutls_file_exists(const char *file)
{
- FILE *fd;
+ FILE *fd;
- fd = fopen (file, "r");
- if (fd == NULL)
- return -1;
+ fd = fopen(file, "r");
+ if (fd == NULL)
+ return -1;
- fclose (fd);
- return 0;
+ fclose(fd);
+ return 0;
}
diff --git a/lib/gnutls_helper.h b/lib/gnutls_helper.h
index c73a62c4b5..3529d6a494 100644
--- a/lib/gnutls_helper.h
+++ b/lib/gnutls_helper.h
@@ -20,4 +20,4 @@
*
*/
-int _gnutls_file_exists (const char *file);
+int _gnutls_file_exists(const char *file);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 2bda56f0fc..a095be190e 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -44,41 +44,40 @@ typedef int ssize_t;
#include <unistd.h>
#include <sys/stat.h>
#if HAVE_SYS_SOCKET_H
-# include <sys/socket.h>
+#include <sys/socket.h>
#elif HAVE_WS2TCPIP_H
-# include <ws2tcpip.h>
+#include <ws2tcpip.h>
#endif
#include <time.h>
-#include <u64.h> /* gnulib for uint64_t */
+#include <u64.h> /* gnulib for uint64_t */
#ifdef HAVE_LIBNETTLE
-# include <nettle/memxor.h>
+#include <nettle/memxor.h>
#else
-# include <gl/memxor.h>
-# define memxor gl_memxor
+#include <gl/memxor.h>
+#define memxor gl_memxor
#endif
#ifdef __GNUC__
-# ifndef _GNUTLS_GCC_VERSION
-# define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
-# endif
-# if _GNUTLS_GCC_VERSION >= 30100
-# define likely(x) __builtin_expect((x), 1)
-# define unlikely(x) __builtin_expect((x), 0)
-# endif
+#ifndef _GNUTLS_GCC_VERSION
+#define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+#endif
+#if _GNUTLS_GCC_VERSION >= 30100
+#define likely(x) __builtin_expect((x), 1)
+#define unlikely(x) __builtin_expect((x), 0)
+#endif
#endif
#ifndef likely
-# define likely
-# define unlikely
+#define likely
+#define unlikely
#endif
/* some systems had problems with long long int, thus,
* it is not used.
*/
-typedef struct
-{
- unsigned char i[8];
+typedef struct {
+ unsigned char i[8];
} uint64;
#include <gnutls/gnutls.h>
@@ -148,29 +147,26 @@ typedef struct
* application level extensions before the "client_hello" callback
* is called.
*/
- typedef enum
- {
- GNUTLS_EXT_ANY = 0,
- GNUTLS_EXT_APPLICATION = 1,
- GNUTLS_EXT_TLS = 2,
- GNUTLS_EXT_MANDATORY = 3,
- GNUTLS_EXT_NONE = 4
- } gnutls_ext_parse_type_t;
+typedef enum {
+ GNUTLS_EXT_ANY = 0,
+ GNUTLS_EXT_APPLICATION = 1,
+ GNUTLS_EXT_TLS = 2,
+ GNUTLS_EXT_MANDATORY = 3,
+ GNUTLS_EXT_NONE = 4
+} gnutls_ext_parse_type_t;
/* expire time for resuming sessions */
#define DEFAULT_EXPIRE_TIME 3600
-typedef enum transport_t
-{
- GNUTLS_STREAM,
- GNUTLS_DGRAM
+typedef enum transport_t {
+ GNUTLS_STREAM,
+ GNUTLS_DGRAM
} transport_t;
-typedef enum record_flush_t
-{
- RECORD_FLUSH = 0,
- RECORD_CORKED,
+typedef enum record_flush_t {
+ RECORD_FLUSH = 0,
+ RECORD_CORKED,
} record_flush_t;
/* the maximum size of encrypted packets */
@@ -222,34 +218,30 @@ typedef enum record_flush_t
#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
-typedef struct
-{
- uint8_t pint[3];
+typedef struct {
+ uint8_t pint[3];
} uint24;
#include <gnutls_mpi.h>
-typedef enum handshake_state_t
-{ STATE0 = 0, STATE1, STATE2,
- STATE3, STATE4, STATE5, STATE6, STATE7, STATE8,
- STATE9, STATE10, STATE11, STATE12, STATE13, STATE14,
- STATE15, STATE16, STATE17,
- STATE20 = 20, STATE21, STATE22,
- STATE30 = 30, STATE31, STATE40 = 40, STATE41, STATE50 = 50,
- STATE60 = 60, STATE61, STATE62, STATE70, STATE71
+typedef enum handshake_state_t { STATE0 = 0, STATE1, STATE2,
+ STATE3, STATE4, STATE5, STATE6, STATE7, STATE8,
+ STATE9, STATE10, STATE11, STATE12, STATE13, STATE14,
+ STATE15, STATE16, STATE17,
+ STATE20 = 20, STATE21, STATE22,
+ STATE30 = 30, STATE31, STATE40 = 40, STATE41, STATE50 = 50,
+ STATE60 = 60, STATE61, STATE62, STATE70, STATE71
} handshake_state_t;
-typedef enum heartbeat_state_t
-{
- SHB_SEND1 = 0,
- SHB_SEND2,
- SHB_RECV,
+typedef enum heartbeat_state_t {
+ SHB_SEND1 = 0,
+ SHB_SEND2,
+ SHB_RECV,
} heartbeat_state_t;
-typedef enum recv_state_t
-{
- RECV_STATE_0 = 0,
- RECV_STATE_DTLS_RETRANSMIT,
+typedef enum recv_state_t {
+ RECV_STATE_0 = 0,
+ RECV_STATE_DTLS_RETRANSMIT,
} recv_state_t;
#include <gnutls_str.h>
@@ -259,36 +251,33 @@ typedef enum recv_state_t
*/
#define MAX_ALGOS GNUTLS_MAX_ALGORITHM_NUM
-typedef enum extensions_t
-{
- GNUTLS_EXTENSION_SERVER_NAME = 0,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
- GNUTLS_EXTENSION_STATUS_REQUEST = 5,
- GNUTLS_EXTENSION_CERT_TYPE = 9,
- GNUTLS_EXTENSION_SUPPORTED_ECC = 10,
- GNUTLS_EXTENSION_SUPPORTED_ECC_PF = 11,
- GNUTLS_EXTENSION_SRP = 12,
- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
- GNUTLS_EXTENSION_SRTP = 14,
- GNUTLS_EXTENSION_HEARTBEAT = 15,
- GNUTLS_EXTENSION_ALPN = 16,
- GNUTLS_EXTENSION_SESSION_TICKET = 35,
- GNUTLS_EXTENSION_NEW_RECORD_PADDING = 48015, /* aka: 0xbeaf */
- GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
+typedef enum extensions_t {
+ GNUTLS_EXTENSION_SERVER_NAME = 0,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
+ GNUTLS_EXTENSION_STATUS_REQUEST = 5,
+ GNUTLS_EXTENSION_CERT_TYPE = 9,
+ GNUTLS_EXTENSION_SUPPORTED_ECC = 10,
+ GNUTLS_EXTENSION_SUPPORTED_ECC_PF = 11,
+ GNUTLS_EXTENSION_SRP = 12,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
+ GNUTLS_EXTENSION_SRTP = 14,
+ GNUTLS_EXTENSION_HEARTBEAT = 15,
+ GNUTLS_EXTENSION_ALPN = 16,
+ GNUTLS_EXTENSION_SESSION_TICKET = 35,
+ GNUTLS_EXTENSION_NEW_RECORD_PADDING = 48015, /* aka: 0xbeaf */
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
} extensions_t;
-typedef enum
-{ CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
+typedef enum { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
#define RESUME_TRUE 1
#define RESUME_FALSE 0
/* Record Protocol */
-typedef enum content_type_t
-{
- GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
- GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
- GNUTLS_HEARTBEAT
+typedef enum content_type_t {
+ GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
+ GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
+ GNUTLS_HEARTBEAT
} content_type_t;
@@ -301,146 +290,140 @@ typedef enum content_type_t
* messages that can arrive in a single flight
*/
#define MAX_HANDSHAKE_MSGS 6
-typedef struct
-{
- /* Handshake layer type and sequence of message */
- gnutls_handshake_description_t htype;
- uint32_t length;
+typedef struct {
+ /* Handshake layer type and sequence of message */
+ gnutls_handshake_description_t htype;
+ uint32_t length;
- /* valid in DTLS */
- uint16_t sequence;
+ /* valid in DTLS */
+ uint16_t sequence;
- /* indicate whether that message is complete.
- * complete means start_offset == 0 and end_offset == length
- */
- uint32_t start_offset;
- uint32_t end_offset;
-
- uint8_t header[MAX_HANDSHAKE_HEADER_SIZE];
- int header_size;
+ /* indicate whether that message is complete.
+ * complete means start_offset == 0 and end_offset == length
+ */
+ uint32_t start_offset;
+ uint32_t end_offset;
- gnutls_buffer_st data;
+ uint8_t header[MAX_HANDSHAKE_HEADER_SIZE];
+ int header_size;
+
+ gnutls_buffer_st data;
} handshake_buffer_st;
-typedef struct mbuffer_st
-{
- /* when used in mbuffer_head_st */
- struct mbuffer_st *next;
- struct mbuffer_st *prev;
+typedef struct mbuffer_st {
+ /* when used in mbuffer_head_st */
+ struct mbuffer_st *next;
+ struct mbuffer_st *prev;
- /* msg->size - mark = number of bytes left to process in this
- message. Mark should only be non-zero when this buffer is the
- head of the queue. */
- size_t mark;
+ /* msg->size - mark = number of bytes left to process in this
+ message. Mark should only be non-zero when this buffer is the
+ head of the queue. */
+ size_t mark;
- /* the data */
- gnutls_datum_t msg;
- size_t maximum_size;
+ /* the data */
+ gnutls_datum_t msg;
+ size_t maximum_size;
- /* used during fill in, to separate header from data
- * body. */
- unsigned int uhead_mark;
+ /* used during fill in, to separate header from data
+ * body. */
+ unsigned int uhead_mark;
- /* Filled in by record layer on recv:
- * type, record_sequence
- */
+ /* Filled in by record layer on recv:
+ * type, record_sequence
+ */
- /* record layer content type */
- content_type_t type;
+ /* record layer content type */
+ content_type_t type;
- /* record layer sequence */
- uint64 record_sequence;
+ /* record layer sequence */
+ uint64 record_sequence;
- /* Filled in by handshake layer on send:
- * type, epoch, htype, handshake_sequence
- */
+ /* Filled in by handshake layer on send:
+ * type, epoch, htype, handshake_sequence
+ */
- /* Record layer epoch of message */
- uint16_t epoch;
+ /* Record layer epoch of message */
+ uint16_t epoch;
- /* Handshake layer type and sequence of message */
- gnutls_handshake_description_t htype;
- uint16_t handshake_sequence;
+ /* Handshake layer type and sequence of message */
+ gnutls_handshake_description_t htype;
+ uint16_t handshake_sequence;
} mbuffer_st;
-typedef struct mbuffer_head_st
-{
- mbuffer_st *head;
- mbuffer_st *tail;
+typedef struct mbuffer_head_st {
+ mbuffer_st *head;
+ mbuffer_st *tail;
- unsigned int length;
- size_t byte_length;
+ unsigned int length;
+ size_t byte_length;
} mbuffer_head_st;
/* Store & Retrieve functions defines:
*/
-typedef struct auth_cred_st
-{
- gnutls_credentials_type_t algorithm;
+typedef struct auth_cred_st {
+ gnutls_credentials_type_t algorithm;
- /* the type of credentials depends on algorithm
- */
- void *credentials;
- struct auth_cred_st *next;
+ /* the type of credentials depends on algorithm
+ */
+ void *credentials;
+ struct auth_cred_st *next;
} auth_cred_st;
-struct gnutls_key_st
-{
- /* For ECDH KX */
- gnutls_pk_params_st ecdh_params;
- bigint_t ecdh_x;
- bigint_t ecdh_y;
-
- /* For DH KX */
- gnutls_datum_t key;
- bigint_t KEY;
- bigint_t client_Y;
- bigint_t client_g;
- bigint_t client_p;
- bigint_t dh_secret;
- /* for SRP */
- bigint_t A;
- bigint_t B;
- bigint_t u;
- bigint_t b;
- bigint_t a;
- bigint_t x;
- /* RSA: e, m
- */
- bigint_t rsa[2];
-
- /* this is used to hold the peers authentication data
- */
- /* auth_info_t structures SHOULD NOT contain malloced
- * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
- * Remember that this should be calloced!
- */
- void *auth_info;
- gnutls_credentials_type_t auth_info_type;
- int auth_info_size; /* needed in order to store to db for restoring
- */
- uint8_t crypt_algo;
-
- auth_cred_st *cred; /* used to specify keys/certificates etc */
-
- int crt_requested;
- /* some ciphersuites use this
- * to provide client authentication.
- * 1 if client auth was requested
- * by the peer, 0 otherwise
- *** In case of a server this
- * holds 1 if we should wait
- * for a client certificate verify
- */
+struct gnutls_key_st {
+ /* For ECDH KX */
+ gnutls_pk_params_st ecdh_params;
+ bigint_t ecdh_x;
+ bigint_t ecdh_y;
+
+ /* For DH KX */
+ gnutls_datum_t key;
+ bigint_t KEY;
+ bigint_t client_Y;
+ bigint_t client_g;
+ bigint_t client_p;
+ bigint_t dh_secret;
+ /* for SRP */
+ bigint_t A;
+ bigint_t B;
+ bigint_t u;
+ bigint_t b;
+ bigint_t a;
+ bigint_t x;
+ /* RSA: e, m
+ */
+ bigint_t rsa[2];
+
+ /* this is used to hold the peers authentication data
+ */
+ /* auth_info_t structures SHOULD NOT contain malloced
+ * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
+ * Remember that this should be calloced!
+ */
+ void *auth_info;
+ gnutls_credentials_type_t auth_info_type;
+ int auth_info_size; /* needed in order to store to db for restoring
+ */
+ uint8_t crypt_algo;
+
+ auth_cred_st *cred; /* used to specify keys/certificates etc */
+
+ int crt_requested;
+ /* some ciphersuites use this
+ * to provide client authentication.
+ * 1 if client auth was requested
+ * by the peer, 0 otherwise
+ *** In case of a server this
+ * holds 1 if we should wait
+ * for a client certificate verify
+ */
};
typedef struct gnutls_key_st gnutls_key_st;
-struct pin_info_st
-{
- gnutls_pin_callback_t cb;
- void* data;
+struct pin_info_st {
+ gnutls_pin_callback_t cb;
+ void *data;
};
struct record_state_st;
@@ -450,43 +433,40 @@ struct record_parameters_st;
typedef struct record_parameters_st record_parameters_st;
/* cipher and mac parameters */
-typedef struct cipher_entry_st
-{
- const char *name;
- gnutls_cipher_algorithm_t id;
- uint16_t blocksize;
- uint16_t keysize;
- unsigned block:1;
- uint16_t iv; /* the size of implicit IV - TLS related */
- uint16_t cipher_iv; /* the size of IV needed by the cipher */
- unsigned aead:1; /* Whether it is authenc cipher */
+typedef struct cipher_entry_st {
+ const char *name;
+ gnutls_cipher_algorithm_t id;
+ uint16_t blocksize;
+ uint16_t keysize;
+ unsigned block:1;
+ uint16_t iv; /* the size of implicit IV - TLS related */
+ uint16_t cipher_iv; /* the size of IV needed by the cipher */
+ unsigned aead:1; /* Whether it is authenc cipher */
} cipher_entry_st;
-typedef struct mac_entry_st
-{
- const char *name;
- const char *oid; /* OID of the hash - if it is a hash */
- gnutls_mac_algorithm_t id;
- unsigned output_size;
- unsigned key_size;
- unsigned nonce_size;
- unsigned placeholder; /* if set, then not a real MAC */
- unsigned secure; /* if set the this algorithm is secure as hash */
- unsigned block_size; /* internal block size for HMAC */
+typedef struct mac_entry_st {
+ const char *name;
+ const char *oid; /* OID of the hash - if it is a hash */
+ gnutls_mac_algorithm_t id;
+ unsigned output_size;
+ unsigned key_size;
+ unsigned nonce_size;
+ unsigned placeholder; /* if set, then not a real MAC */
+ unsigned secure; /* if set the this algorithm is secure as hash */
+ unsigned block_size; /* internal block size for HMAC */
} mac_entry_st;
-typedef struct
-{
- const char *name;
- gnutls_protocol_t id; /* gnutls internal version number */
- uint8_t major; /* defined by the protocol */
- uint8_t minor; /* defined by the protocol */
- transport_t transport; /* Type of transport, stream or datagram */
- unsigned int supported:1; /* 0 not supported, > 0 is supported */
- unsigned int explicit_iv:1;
- unsigned int extensions:1; /* whether it supports extensions */
- unsigned int selectable_sighash:1; /* whether signatures can be selected */
- unsigned int selectable_prf:1; /* whether the PRF is ciphersuite-defined */
+typedef struct {
+ const char *name;
+ gnutls_protocol_t id; /* gnutls internal version number */
+ uint8_t major; /* defined by the protocol */
+ uint8_t minor; /* defined by the protocol */
+ transport_t transport; /* Type of transport, stream or datagram */
+ unsigned int supported:1; /* 0 not supported, > 0 is supported */
+ unsigned int explicit_iv:1;
+ unsigned int extensions:1; /* whether it supports extensions */
+ unsigned int selectable_sighash:1; /* whether signatures can be selected */
+ unsigned int selectable_prf:1; /* whether the PRF is ciphersuite-defined */
} version_entry_st;
@@ -496,10 +476,9 @@ typedef struct
#include <gnutls_cipher_int.h>
#include <gnutls_compress.h>
-typedef struct
-{
- uint8_t hash_algorithm;
- uint8_t sign_algorithm; /* pk algorithm actually */
+typedef struct {
+ uint8_t hash_algorithm;
+ uint8_t sign_algorithm; /* pk algorithm actually */
} sign_algorithm_st;
/* This structure holds parameters got from TLS extension
@@ -510,7 +489,7 @@ typedef struct
#define MAX_SIGNATURE_ALGORITHMS 16
#define MAX_SIGN_ALGO_SIZE (2 + MAX_SIGNATURE_ALGORITHMS * 2)
-#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
+#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
/* auth_info_t structures now MAY contain malloced
* elements.
@@ -530,70 +509,68 @@ typedef struct
* handshake has finished. The only value you may depend on while
* the handshake is in progress is the cipher suite value.
*/
-typedef struct
-{
- unsigned int entity; /* GNUTLS_SERVER or GNUTLS_CLIENT */
- gnutls_kx_algorithm_t kx_algorithm;
-
- /* The epoch used to read and write */
- uint16_t epoch_read;
- uint16_t epoch_write;
-
- /* The epoch that the next handshake will initialize. */
- uint16_t epoch_next;
-
- /* The epoch at index 0 of record_parameters. */
- uint16_t epoch_min;
-
- /* this is the ciphersuite we are going to use
- * moved here from internals in order to be restored
- * on resume;
- */
- uint8_t cipher_suite[2];
- gnutls_compression_method_t compression_method;
- uint8_t master_secret[GNUTLS_MASTER_SIZE];
- uint8_t client_random[GNUTLS_RANDOM_SIZE];
- uint8_t server_random[GNUTLS_RANDOM_SIZE];
- uint8_t session_id[TLS_MAX_SESSION_ID_SIZE];
- uint8_t session_id_size;
- time_t timestamp;
-
- /* if non-zero the new record padding is used */
- uint8_t new_record_padding;
-
- /* The send size is the one requested by the programmer.
- * The recv size is the one negotiated with the peer.
- */
- uint16_t max_record_send_size;
- uint16_t max_record_recv_size;
- /* holds the negotiated certificate type */
- gnutls_certificate_type_t cert_type;
- gnutls_ecc_curve_t ecc_curve; /* holds the first supported ECC curve requested by client */
-
- /* Holds the signature algorithm used in this session - If any */
- gnutls_sign_algorithm_t server_sign_algo;
- gnutls_sign_algorithm_t client_sign_algo;
-
- /* FIXME: The following are not saved in the session storage
- * for session resumption.
- */
-
- /* Used by extensions that enable supplemental data: Which ones
- * do that? Do they belong in security parameters?
- */
- int do_recv_supplemental, do_send_supplemental;
- const version_entry_st* pversion;
+typedef struct {
+ unsigned int entity; /* GNUTLS_SERVER or GNUTLS_CLIENT */
+ gnutls_kx_algorithm_t kx_algorithm;
+
+ /* The epoch used to read and write */
+ uint16_t epoch_read;
+ uint16_t epoch_write;
+
+ /* The epoch that the next handshake will initialize. */
+ uint16_t epoch_next;
+
+ /* The epoch at index 0 of record_parameters. */
+ uint16_t epoch_min;
+
+ /* this is the ciphersuite we are going to use
+ * moved here from internals in order to be restored
+ * on resume;
+ */
+ uint8_t cipher_suite[2];
+ gnutls_compression_method_t compression_method;
+ uint8_t master_secret[GNUTLS_MASTER_SIZE];
+ uint8_t client_random[GNUTLS_RANDOM_SIZE];
+ uint8_t server_random[GNUTLS_RANDOM_SIZE];
+ uint8_t session_id[TLS_MAX_SESSION_ID_SIZE];
+ uint8_t session_id_size;
+ time_t timestamp;
+
+ /* if non-zero the new record padding is used */
+ uint8_t new_record_padding;
+
+ /* The send size is the one requested by the programmer.
+ * The recv size is the one negotiated with the peer.
+ */
+ uint16_t max_record_send_size;
+ uint16_t max_record_recv_size;
+ /* holds the negotiated certificate type */
+ gnutls_certificate_type_t cert_type;
+ gnutls_ecc_curve_t ecc_curve; /* holds the first supported ECC curve requested by client */
+
+ /* Holds the signature algorithm used in this session - If any */
+ gnutls_sign_algorithm_t server_sign_algo;
+ gnutls_sign_algorithm_t client_sign_algo;
+
+ /* FIXME: The following are not saved in the session storage
+ * for session resumption.
+ */
+
+ /* Used by extensions that enable supplemental data: Which ones
+ * do that? Do they belong in security parameters?
+ */
+ int do_recv_supplemental, do_send_supplemental;
+ const version_entry_st *pversion;
} security_parameters_st;
-struct record_state_st
-{
- gnutls_datum_t mac_secret;
- gnutls_datum_t IV;
- gnutls_datum_t key;
- auth_cipher_hd_st cipher_state;
- comp_hd_st compression_state;
- uint64 sequence_number;
- uint8_t new_record_padding;
+struct record_state_st {
+ gnutls_datum_t mac_secret;
+ gnutls_datum_t IV;
+ gnutls_datum_t key;
+ auth_cipher_hd_st cipher_state;
+ comp_hd_st compression_state;
+ uint64 sequence_number;
+ uint8_t new_record_padding;
};
@@ -605,77 +582,73 @@ struct record_state_st
#define EPOCH_WRITE_CURRENT 70001
#define EPOCH_NEXT 70002
-struct record_parameters_st
-{
- uint16_t epoch;
- int initialized;
+struct record_parameters_st {
+ uint16_t epoch;
+ int initialized;
- gnutls_compression_method_t compression_algorithm;
+ gnutls_compression_method_t compression_algorithm;
- const cipher_entry_st* cipher;
- const mac_entry_st* mac;
+ const cipher_entry_st *cipher;
+ const mac_entry_st *mac;
- /* for DTLS */
- uint64_t record_sw[DTLS_RECORD_WINDOW_SIZE];
- unsigned int record_sw_head_idx;
- unsigned int record_sw_size;
+ /* for DTLS */
+ uint64_t record_sw[DTLS_RECORD_WINDOW_SIZE];
+ unsigned int record_sw_head_idx;
+ unsigned int record_sw_size;
- record_state_st read;
- record_state_st write;
-
- /* Whether this state is in use, i.e., if there is
- a pending handshake message waiting to be encrypted
- under this epoch's parameters.
- */
- int usage_cnt;
+ record_state_st read;
+ record_state_st write;
+
+ /* Whether this state is in use, i.e., if there is
+ a pending handshake message waiting to be encrypted
+ under this epoch's parameters.
+ */
+ int usage_cnt;
};
-typedef struct
-{
- unsigned int priority[MAX_ALGOS];
- unsigned int algorithms;
+typedef struct {
+ unsigned int priority[MAX_ALGOS];
+ unsigned int algorithms;
} priority_st;
-typedef enum
-{
- SR_DISABLED,
- SR_UNSAFE,
- SR_PARTIAL,
- SR_SAFE
+typedef enum {
+ SR_DISABLED,
+ SR_UNSAFE,
+ SR_PARTIAL,
+ SR_SAFE
} safe_renegotiation_t;
/* For the external api */
-struct gnutls_priority_st
-{
- priority_st cipher;
- priority_st mac;
- priority_st kx;
- priority_st compression;
- priority_st protocol;
- priority_st cert_type;
- priority_st sign_algo;
- priority_st supported_ecc;
-
- /* to disable record padding */
- unsigned int no_extensions:1;
- unsigned int allow_large_records:1;
- unsigned int new_record_padding:1;
- unsigned int max_empty_records;
- safe_renegotiation_t sr;
- unsigned int ssl3_record_version:1;
- unsigned int server_precedence:1;
- unsigned int allow_weak_keys:1;
- unsigned int allow_wrong_pms:1;
- /* Whether stateless compression will be used */
- unsigned int stateless_compression:1;
- unsigned int additional_verify_flags;
-
- /* The session's expected security level.
- * Will be used to determine the minimum DH bits,
- * (or the acceptable certificate security level).
- */
- gnutls_sec_param_t level;
- unsigned int dh_prime_bits; /* old (deprecated) variable */
+struct gnutls_priority_st {
+ priority_st cipher;
+ priority_st mac;
+ priority_st kx;
+ priority_st compression;
+ priority_st protocol;
+ priority_st cert_type;
+ priority_st sign_algo;
+ priority_st supported_ecc;
+
+ /* to disable record padding */
+ unsigned int no_extensions:1;
+ unsigned int allow_large_records:1;
+ unsigned int new_record_padding:1;
+ unsigned int max_empty_records;
+ safe_renegotiation_t sr;
+ unsigned int ssl3_record_version:1;
+ unsigned int server_precedence:1;
+ unsigned int allow_weak_keys:1;
+ unsigned int allow_wrong_pms:1;
+ /* Whether stateless compression will be used */
+ unsigned int stateless_compression:1;
+ unsigned int additional_verify_flags;
+
+ /* The session's expected security level.
+ * Will be used to determine the minimum DH bits,
+ * (or the acceptable certificate security level).
+ */
+ gnutls_sec_param_t level;
+ unsigned int dh_prime_bits; /* old (deprecated) variable */
};
/* Allow around 50KB of length-hiding padding
@@ -690,338 +663,330 @@ struct gnutls_priority_st
/* DH and RSA parameters types.
*/
-typedef struct gnutls_dh_params_int
-{
- /* [0] is the prime, [1] is the generator.
- */
- bigint_t params[2];
- int q_bits; /* length of q in bits. If zero then length is unknown.
- */
+typedef struct gnutls_dh_params_int {
+ /* [0] is the prime, [1] is the generator.
+ */
+ bigint_t params[2];
+ int q_bits; /* length of q in bits. If zero then length is unknown.
+ */
} dh_params_st;
-typedef struct
-{
- gnutls_dh_params_t dh_params;
- int free_dh_params;
+typedef struct {
+ gnutls_dh_params_t dh_params;
+ int free_dh_params;
} internal_params_st;
/* DTLS session state
*/
-typedef struct
-{
- /* HelloVerifyRequest DOS prevention cookie */
- uint8_t cookie[DTLS_MAX_COOKIE_SIZE];
- uint8_t cookie_len;
-
- /* For DTLS handshake fragmentation and reassembly. */
- uint16_t hsk_write_seq;
- /* the sequence number of the expected packet */
- unsigned int hsk_read_seq;
- uint16_t mtu;
-
- /* a flight transmission is in process */
- unsigned int flight_init:1;
- /* whether this is the last flight in the protocol */
- unsigned int last_flight:1;
-
- /* the retransmission timeout in milliseconds */
- unsigned int retrans_timeout_ms;
- /* the connection timeout in milliseconds */
- unsigned int total_timeout_ms;
-
- unsigned int hsk_hello_verify_requests;
-
- /* non blocking stuff variables */
- unsigned int blocking:1;
- /* starting time of current handshake */
- struct timespec handshake_start_time;
-
- /* The actual retrans_timeout for the next message (e.g. doubled or so)
- */
- unsigned int actual_retrans_timeout_ms;
-
- /* timers to handle async handshake after gnutls_handshake()
- * has terminated. Required to handle retransmissions.
- */
- time_t async_term;
-
- /* last retransmission triggered by record layer */
- struct timespec last_retransmit;
- unsigned int packets_dropped;
+typedef struct {
+ /* HelloVerifyRequest DOS prevention cookie */
+ uint8_t cookie[DTLS_MAX_COOKIE_SIZE];
+ uint8_t cookie_len;
+
+ /* For DTLS handshake fragmentation and reassembly. */
+ uint16_t hsk_write_seq;
+ /* the sequence number of the expected packet */
+ unsigned int hsk_read_seq;
+ uint16_t mtu;
+
+ /* a flight transmission is in process */
+ unsigned int flight_init:1;
+ /* whether this is the last flight in the protocol */
+ unsigned int last_flight:1;
+
+ /* the retransmission timeout in milliseconds */
+ unsigned int retrans_timeout_ms;
+ /* the connection timeout in milliseconds */
+ unsigned int total_timeout_ms;
+
+ unsigned int hsk_hello_verify_requests;
+
+ /* non blocking stuff variables */
+ unsigned int blocking:1;
+ /* starting time of current handshake */
+ struct timespec handshake_start_time;
+
+ /* The actual retrans_timeout for the next message (e.g. doubled or so)
+ */
+ unsigned int actual_retrans_timeout_ms;
+
+ /* timers to handle async handshake after gnutls_handshake()
+ * has terminated. Required to handle retransmissions.
+ */
+ time_t async_term;
+
+ /* last retransmission triggered by record layer */
+ struct timespec last_retransmit;
+ unsigned int packets_dropped;
} dtls_st;
-typedef union
-{
- void *ptr;
- uint32_t num;
+typedef union {
+ void *ptr;
+ uint32_t num;
} extension_priv_data_t;
-typedef struct
-{
- /* holds all the parsed data received by the record layer */
- mbuffer_head_st record_buffer;
-
- int handshake_hash_buffer_prev_len; /* keeps the length of handshake_hash_buffer, excluding
- * the last received message */
- gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
- * message */
- unsigned int resumable:1; /* TRUE or FALSE - if we can resume that session */
- unsigned int ticket_sent:1; /* whether a session ticket was sent */
- handshake_state_t handshake_final_state;
- handshake_state_t handshake_state; /* holds
- * a number which indicates where
- * the handshake procedure has been
- * interrupted. If it is 0 then
- * no interruption has happened.
- */
-
- int invalid_connection:1; /* true or FALSE - if this session is valid */
-
- int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
- */
- int may_not_write:1;
- int read_eof:1; /* non-zero if we have received a closure alert. */
-
- int last_alert; /* last alert received */
-
- /* The last handshake messages sent or received.
- */
- int last_handshake_in;
- int last_handshake_out;
-
- /* priorities */
- struct gnutls_priority_st priorities;
-
- /* resumed session */
- unsigned int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */
- unsigned int resumption_requested:1; /* non-zero if resumption was requested by client */
- security_parameters_st resumed_security_parameters;
-
- /* These buffers are used in the handshake
- * protocol only. freed using _gnutls_handshake_io_buffer_clear();
- */
- mbuffer_head_st handshake_send_buffer;
- handshake_buffer_st handshake_recv_buffer[MAX_HANDSHAKE_MSGS];
- int handshake_recv_buffer_size;
-
- /* this buffer holds a record packet -mostly used for
- * non blocking IO.
- */
- mbuffer_head_st record_recv_buffer; /* buffer holding the unparsed record that is currently
- * being received */
- mbuffer_head_st record_send_buffer; /* holds cached data
- * for the gnutls_io_write_buffered()
- * function.
- */
- size_t record_send_buffer_user_size; /* holds the
- * size of the user specified data to
- * send.
- */
-
- record_flush_t record_flush_mode; /* GNUTLS_FLUSH or GNUTLS_CORKED */
- gnutls_buffer_st record_presend_buffer;/* holds cached data
- * for the gnutls_record_send()
- * function.
- */
-
- unsigned expire_time; /* after expire_time seconds this session will expire */
- struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
-
- /* this is the highest version available
- * to the peer. (advertized version).
- * This is obtained by the Handshake Client Hello
- * message. (some implementations read the Record version)
- */
- uint8_t adv_version_major;
- uint8_t adv_version_minor;
-
- /* if this is non zero a certificate request message
- * will be sent to the client. - only if the ciphersuite
- * supports it. In server side it contains GNUTLS_CERT_REQUIRE
- * or similar.
- */
- unsigned send_cert_req;
-
- size_t max_handshake_data_buffer_size;
-
- /* PUSH & PULL functions.
- */
- gnutls_pull_timeout_func pull_timeout_func;
- gnutls_pull_func pull_func;
- gnutls_push_func push_func;
- gnutls_vec_push_func vec_push_func;
- gnutls_errno_func errno_func;
- /* Holds the first argument of PUSH and PULL
- * functions;
- */
- gnutls_transport_ptr_t transport_recv_ptr;
- gnutls_transport_ptr_t transport_send_ptr;
-
- /* STORE & RETRIEVE functions. Only used if other
- * backend than gdbm is used.
- */
- gnutls_db_store_func db_store_func;
- gnutls_db_retr_func db_retrieve_func;
- gnutls_db_remove_func db_remove_func;
- void *db_ptr;
-
- /* post client hello callback (server side only)
- */
- gnutls_handshake_post_client_hello_func user_hello_func;
- /* handshake hook function */
- gnutls_handshake_hook_func h_hook;
- unsigned int h_type; /* the hooked type */
- int16_t h_post; /* whether post-generation/receive */
-
- /* holds the selected certificate and key.
- * use _gnutls_selected_certs_deinit() and _gnutls_selected_certs_set()
- * to change them.
- */
- gnutls_pcert_st *selected_cert_list;
- int16_t selected_cert_list_length;
- struct gnutls_privkey_st *selected_key;
- unsigned selected_need_free:1;
-
- /* holds the extensions we sent to the peer
- * (in case of a client)
- */
- uint16_t extensions_sent[MAX_EXT_TYPES];
- uint16_t extensions_sent_size;
-
- /* is 0 if we are to send the whole PGP key, or non zero
- * if the fingerprint is to be sent.
- */
- unsigned pgp_fingerprint:1;
-
- /* This holds the default version that our first
- * record packet will have. */
- uint8_t default_record_version[2];
-
- void *user_ptr;
-
- unsigned enable_private:1; /* non zero to
- * enable cipher suites
- * which have 0xFF status.
- */
-
- /* Holds 0 if the last called function was interrupted while
- * receiving, and non zero otherwise.
- */
- unsigned direction:1;
-
- /* This callback will be used (if set) to receive an
- * openpgp key. (if the peer sends a fingerprint)
- */
- gnutls_openpgp_recv_key_func openpgp_recv_key_func;
-
- /* If non zero the server will not advertise the CA's he
- * trusts (do not send an RDN sequence).
- */
- unsigned ignore_rdn_sequence:1;
-
- /* This is used to set an arbitary version in the RSA
- * PMS secret. Can be used by clients to test whether the
- * server checks that version. (** only used in gnutls-cli-debug)
- */
- uint8_t rsa_pms_version[2];
-
- /* Here we cache the DH or RSA parameters got from the
- * credentials structure, or from a callback. That is to
- * minimize external calls.
- */
- internal_params_st params;
-
- /* To avoid using global variables, and especially on Windows where
- * the application may use a different errno variable than GnuTLS,
- * it is possible to use gnutls_transport_set_errno to set a
- * session-specific errno variable in the user-replaceable push/pull
- * functions. This value is used by the send/recv functions. (The
- * strange name of this variable is because 'errno' is typically
- * #define'd.)
- */
- int errnum;
-
- /* Function used to perform public-key signing operation during
- handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also
- gnutls_sign_callback_set(). */
- gnutls_sign_func sign_func;
- void *sign_func_userdata;
-
- /* minimum bits to allow for SRP
- * use gnutls_srp_set_prime_bits() to adjust it.
- */
- uint16_t srp_prime_bits;
-
- /* A handshake process has been completed */
- unsigned int initial_negotiation_completed:1;
-
- struct
- {
- uint16_t type;
- extension_priv_data_t priv;
- unsigned set:1;
- } extension_int_data[MAX_EXT_TYPES];
-
- struct
- {
- uint16_t type;
- extension_priv_data_t priv;
- unsigned set:1;
- } resumed_extension_int_data[MAX_EXT_TYPES];
- /* The type of transport protocol; stream or datagram */
- transport_t transport;
-
- /* DTLS session state */
- dtls_st dtls;
-
- /* if set it means that the master key was set using
- * gnutls_session_set_master() rather than being negotiated. */
- unsigned int premaster_set:1;
-
- unsigned int cb_tls_unique_len;
- unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
-
- time_t handshake_endtime; /* end time in seconds */
- unsigned int handshake_timeout_ms; /* timeout in milliseconds */
- unsigned int record_timeout_ms; /* timeout in milliseconds */
-
- gnutls_buffer_st hb_local_data;
- gnutls_buffer_st hb_remote_data;
- struct timespec hb_ping_start; /* timestamp: when first HeartBeat ping was sent*/
- struct timespec hb_ping_sent; /* timestamp: when last HeartBeat ping was sent*/
- unsigned int hb_actual_retrans_timeout_ms; /* current timeout, in milliseconds*/
- unsigned int hb_retrans_timeout_ms; /* the default timeout, in milliseconds*/
- unsigned int hb_total_timeout_ms; /* the total timeout, in milliseconds*/
-
- unsigned int ocsp_check_ok:1; /* will be zero if the OCSP response TLS extension
- * check failed (OCSP was old/unrelated or so). */
-
- heartbeat_state_t hb_state; /* for ping */
-
- recv_state_t recv_state; /* state of the receive function */
-
- unsigned int sc_random_set:1;
- unsigned int no_replay_protection:1; /* DTLS replay protection */
-
- /* If you add anything here, check _gnutls_handshake_internal_state_clear().
- */
+typedef struct {
+ /* holds all the parsed data received by the record layer */
+ mbuffer_head_st record_buffer;
+
+ int handshake_hash_buffer_prev_len; /* keeps the length of handshake_hash_buffer, excluding
+ * the last received message */
+ gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
+ * message */
+ unsigned int resumable:1; /* TRUE or FALSE - if we can resume that session */
+ unsigned int ticket_sent:1; /* whether a session ticket was sent */
+ handshake_state_t handshake_final_state;
+ handshake_state_t handshake_state; /* holds
+ * a number which indicates where
+ * the handshake procedure has been
+ * interrupted. If it is 0 then
+ * no interruption has happened.
+ */
+
+ int invalid_connection:1; /* true or FALSE - if this session is valid */
+
+ int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
+ */
+ int may_not_write:1;
+ int read_eof:1; /* non-zero if we have received a closure alert. */
+
+ int last_alert; /* last alert received */
+
+ /* The last handshake messages sent or received.
+ */
+ int last_handshake_in;
+ int last_handshake_out;
+
+ /* priorities */
+ struct gnutls_priority_st priorities;
+
+ /* resumed session */
+ unsigned int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */
+ unsigned int resumption_requested:1; /* non-zero if resumption was requested by client */
+ security_parameters_st resumed_security_parameters;
+
+ /* These buffers are used in the handshake
+ * protocol only. freed using _gnutls_handshake_io_buffer_clear();
+ */
+ mbuffer_head_st handshake_send_buffer;
+ handshake_buffer_st handshake_recv_buffer[MAX_HANDSHAKE_MSGS];
+ int handshake_recv_buffer_size;
+
+ /* this buffer holds a record packet -mostly used for
+ * non blocking IO.
+ */
+ mbuffer_head_st record_recv_buffer; /* buffer holding the unparsed record that is currently
+ * being received */
+ mbuffer_head_st record_send_buffer; /* holds cached data
+ * for the gnutls_io_write_buffered()
+ * function.
+ */
+ size_t record_send_buffer_user_size; /* holds the
+ * size of the user specified data to
+ * send.
+ */
+
+ record_flush_t record_flush_mode; /* GNUTLS_FLUSH or GNUTLS_CORKED */
+ gnutls_buffer_st record_presend_buffer; /* holds cached data
+ * for the gnutls_record_send()
+ * function.
+ */
+
+ unsigned expire_time; /* after expire_time seconds this session will expire */
+ struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
+
+ /* this is the highest version available
+ * to the peer. (advertized version).
+ * This is obtained by the Handshake Client Hello
+ * message. (some implementations read the Record version)
+ */
+ uint8_t adv_version_major;
+ uint8_t adv_version_minor;
+
+ /* if this is non zero a certificate request message
+ * will be sent to the client. - only if the ciphersuite
+ * supports it. In server side it contains GNUTLS_CERT_REQUIRE
+ * or similar.
+ */
+ unsigned send_cert_req;
+
+ size_t max_handshake_data_buffer_size;
+
+ /* PUSH & PULL functions.
+ */
+ gnutls_pull_timeout_func pull_timeout_func;
+ gnutls_pull_func pull_func;
+ gnutls_push_func push_func;
+ gnutls_vec_push_func vec_push_func;
+ gnutls_errno_func errno_func;
+ /* Holds the first argument of PUSH and PULL
+ * functions;
+ */
+ gnutls_transport_ptr_t transport_recv_ptr;
+ gnutls_transport_ptr_t transport_send_ptr;
+
+ /* STORE & RETRIEVE functions. Only used if other
+ * backend than gdbm is used.
+ */
+ gnutls_db_store_func db_store_func;
+ gnutls_db_retr_func db_retrieve_func;
+ gnutls_db_remove_func db_remove_func;
+ void *db_ptr;
+
+ /* post client hello callback (server side only)
+ */
+ gnutls_handshake_post_client_hello_func user_hello_func;
+ /* handshake hook function */
+ gnutls_handshake_hook_func h_hook;
+ unsigned int h_type; /* the hooked type */
+ int16_t h_post; /* whether post-generation/receive */
+
+ /* holds the selected certificate and key.
+ * use _gnutls_selected_certs_deinit() and _gnutls_selected_certs_set()
+ * to change them.
+ */
+ gnutls_pcert_st *selected_cert_list;
+ int16_t selected_cert_list_length;
+ struct gnutls_privkey_st *selected_key;
+ unsigned selected_need_free:1;
+
+ /* holds the extensions we sent to the peer
+ * (in case of a client)
+ */
+ uint16_t extensions_sent[MAX_EXT_TYPES];
+ uint16_t extensions_sent_size;
+
+ /* is 0 if we are to send the whole PGP key, or non zero
+ * if the fingerprint is to be sent.
+ */
+ unsigned pgp_fingerprint:1;
+
+ /* This holds the default version that our first
+ * record packet will have. */
+ uint8_t default_record_version[2];
+
+ void *user_ptr;
+
+ unsigned enable_private:1; /* non zero to
+ * enable cipher suites
+ * which have 0xFF status.
+ */
+
+ /* Holds 0 if the last called function was interrupted while
+ * receiving, and non zero otherwise.
+ */
+ unsigned direction:1;
+
+ /* This callback will be used (if set) to receive an
+ * openpgp key. (if the peer sends a fingerprint)
+ */
+ gnutls_openpgp_recv_key_func openpgp_recv_key_func;
+
+ /* If non zero the server will not advertise the CA's he
+ * trusts (do not send an RDN sequence).
+ */
+ unsigned ignore_rdn_sequence:1;
+
+ /* This is used to set an arbitary version in the RSA
+ * PMS secret. Can be used by clients to test whether the
+ * server checks that version. (** only used in gnutls-cli-debug)
+ */
+ uint8_t rsa_pms_version[2];
+
+ /* Here we cache the DH or RSA parameters got from the
+ * credentials structure, or from a callback. That is to
+ * minimize external calls.
+ */
+ internal_params_st params;
+
+ /* To avoid using global variables, and especially on Windows where
+ * the application may use a different errno variable than GnuTLS,
+ * it is possible to use gnutls_transport_set_errno to set a
+ * session-specific errno variable in the user-replaceable push/pull
+ * functions. This value is used by the send/recv functions. (The
+ * strange name of this variable is because 'errno' is typically
+ * #define'd.)
+ */
+ int errnum;
+
+ /* Function used to perform public-key signing operation during
+ handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also
+ gnutls_sign_callback_set(). */
+ gnutls_sign_func sign_func;
+ void *sign_func_userdata;
+
+ /* minimum bits to allow for SRP
+ * use gnutls_srp_set_prime_bits() to adjust it.
+ */
+ uint16_t srp_prime_bits;
+
+ /* A handshake process has been completed */
+ unsigned int initial_negotiation_completed:1;
+
+ struct {
+ uint16_t type;
+ extension_priv_data_t priv;
+ unsigned set:1;
+ } extension_int_data[MAX_EXT_TYPES];
+
+ struct {
+ uint16_t type;
+ extension_priv_data_t priv;
+ unsigned set:1;
+ } resumed_extension_int_data[MAX_EXT_TYPES];
+ /* The type of transport protocol; stream or datagram */
+ transport_t transport;
+
+ /* DTLS session state */
+ dtls_st dtls;
+
+ /* if set it means that the master key was set using
+ * gnutls_session_set_master() rather than being negotiated. */
+ unsigned int premaster_set:1;
+
+ unsigned int cb_tls_unique_len;
+ unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
+
+ time_t handshake_endtime; /* end time in seconds */
+ unsigned int handshake_timeout_ms; /* timeout in milliseconds */
+ unsigned int record_timeout_ms; /* timeout in milliseconds */
+
+ gnutls_buffer_st hb_local_data;
+ gnutls_buffer_st hb_remote_data;
+ struct timespec hb_ping_start; /* timestamp: when first HeartBeat ping was sent */
+ struct timespec hb_ping_sent; /* timestamp: when last HeartBeat ping was sent */
+ unsigned int hb_actual_retrans_timeout_ms; /* current timeout, in milliseconds */
+ unsigned int hb_retrans_timeout_ms; /* the default timeout, in milliseconds */
+ unsigned int hb_total_timeout_ms; /* the total timeout, in milliseconds */
+
+ unsigned int ocsp_check_ok:1; /* will be zero if the OCSP response TLS extension
+ * check failed (OCSP was old/unrelated or so). */
+
+ heartbeat_state_t hb_state; /* for ping */
+
+ recv_state_t recv_state; /* state of the receive function */
+
+ unsigned int sc_random_set:1;
+ unsigned int no_replay_protection:1; /* DTLS replay protection */
+
+ /* If you add anything here, check _gnutls_handshake_internal_state_clear().
+ */
} internals_st;
/* Maximum number of epochs we keep around. */
#define MAX_EPOCH_INDEX 16
-struct gnutls_session_int
-{
- security_parameters_st security_parameters;
- record_parameters_st *record_parameters[MAX_EPOCH_INDEX];
- internals_st internals;
- gnutls_key_st key;
+struct gnutls_session_int {
+ security_parameters_st security_parameters;
+ record_parameters_st *record_parameters[MAX_EPOCH_INDEX];
+ internals_st internals;
+ gnutls_key_st key;
};
/* functions
*/
-void _gnutls_free_auth_info (gnutls_session_t session);
+void _gnutls_free_auth_info(gnutls_session_t session);
/* These two macros return the advertised TLS version of
* the peer.
@@ -1036,21 +1001,19 @@ void _gnutls_free_auth_info (gnutls_session_t session);
session->internals.adv_version_major = major; \
session->internals.adv_version_minor = minor
-int _gnutls_is_secure_mem_null (const void *);
+int _gnutls_is_secure_mem_null(const void *);
-inline static const version_entry_st*
-get_version (gnutls_session_t session)
+inline static const version_entry_st *get_version(gnutls_session_t session)
{
- return session->security_parameters.pversion;
+ return session->security_parameters.pversion;
}
-inline static unsigned
-get_num_version (gnutls_session_t session)
+inline static unsigned get_num_version(gnutls_session_t session)
{
- if (likely(session->security_parameters.pversion != NULL))
- return session->security_parameters.pversion->id;
- else
- return GNUTLS_VERSION_UNKNOWN;
+ if (likely(session->security_parameters.pversion != NULL))
+ return session->security_parameters.pversion->id;
+ else
+ return GNUTLS_VERSION_UNKNOWN;
}
#define _gnutls_set_current_version(s, v) { \
@@ -1060,28 +1023,31 @@ get_num_version (gnutls_session_t session)
#define timespec_sub_ms _gnutls_timespec_sub_ms
unsigned int
/* returns a-b in ms */
-timespec_sub_ms (struct timespec *a, struct timespec *b);
+ timespec_sub_ms(struct timespec *a, struct timespec *b);
#include <algorithms.h>
-inline static size_t max_user_send_size(gnutls_session_t session, record_parameters_st *record_params)
+inline static size_t max_user_send_size(gnutls_session_t session,
+ record_parameters_st *
+ record_params)
{
-size_t max;
+ size_t max;
- if (IS_DTLS(session))
- max = gnutls_dtls_get_data_mtu(session);
- else
- {
- max = session->security_parameters.max_record_send_size;
- /* DTLS data MTU accounts for those */
+ if (IS_DTLS(session))
+ max = gnutls_dtls_get_data_mtu(session);
+ else {
+ max = session->security_parameters.max_record_send_size;
+ /* DTLS data MTU accounts for those */
- if (record_params->write.new_record_padding != 0)
- max -= 2;
+ if (record_params->write.new_record_padding != 0)
+ max -= 2;
- if (_gnutls_cipher_is_block (record_params->cipher))
- max -= _gnutls_cipher_get_block_size(record_params->cipher);
- }
+ if (_gnutls_cipher_is_block(record_params->cipher))
+ max -=
+ _gnutls_cipher_get_block_size(record_params->
+ cipher);
+ }
- return max;
+ return max;
}
-#endif /* GNUTLS_INT_H */
+#endif /* GNUTLS_INT_H */
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index a50ed3ec9c..778783bf5c 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -40,30 +40,28 @@
internal API is changed to use mbuffers. For now we don't avoid the
extra alloc + memcpy. */
static inline int
-send_handshake (gnutls_session_t session, uint8_t * data, size_t size,
- gnutls_handshake_description_t type)
+send_handshake(gnutls_session_t session, uint8_t * data, size_t size,
+ gnutls_handshake_description_t type)
{
- mbuffer_st *bufel;
+ mbuffer_st *bufel;
- if (data == NULL && size == 0)
- return _gnutls_send_handshake (session, NULL, type);
+ if (data == NULL && size == 0)
+ return _gnutls_send_handshake(session, NULL, type);
- if (data == NULL && size > 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (data == NULL && size > 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- bufel = _gnutls_handshake_alloc(session, size, size);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ bufel = _gnutls_handshake_alloc(session, size, size);
+ if (bufel == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- _mbuffer_set_udata (bufel, data, size);
+ _mbuffer_set_udata(bufel, data, size);
- return _gnutls_send_handshake (session, bufel, type);
+ return _gnutls_send_handshake(session, bufel, type);
}
@@ -72,90 +70,97 @@ send_handshake (gnutls_session_t session, uint8_t * data, size_t size,
#define MASTER_SECRET "master secret"
#define MASTER_SECRET_SIZE (sizeof(MASTER_SECRET)-1)
-static int generate_normal_master (gnutls_session_t session, gnutls_datum_t*, int);
+static int generate_normal_master(gnutls_session_t session,
+ gnutls_datum_t *, int);
-int
-_gnutls_generate_master (gnutls_session_t session, int keep_premaster)
+int _gnutls_generate_master(gnutls_session_t session, int keep_premaster)
{
- if (session->internals.resumed == RESUME_FALSE)
- return generate_normal_master (session, &session->key.key, keep_premaster);
- else if (session->internals.premaster_set)
- {
- gnutls_datum_t premaster;
- premaster.size = sizeof(session->internals.resumed_security_parameters.master_secret);
- premaster.data = session->internals.resumed_security_parameters.master_secret;
- return generate_normal_master(session, &premaster, 1);
- }
- return 0;
+ if (session->internals.resumed == RESUME_FALSE)
+ return generate_normal_master(session, &session->key.key,
+ keep_premaster);
+ else if (session->internals.premaster_set) {
+ gnutls_datum_t premaster;
+ premaster.size =
+ sizeof(session->internals.resumed_security_parameters.
+ master_secret);
+ premaster.data =
+ session->internals.resumed_security_parameters.
+ master_secret;
+ return generate_normal_master(session, &premaster, 1);
+ }
+ return 0;
}
/* here we generate the TLS Master secret.
*/
static int
-generate_normal_master (gnutls_session_t session, gnutls_datum_t *premaster,
- int keep_premaster)
+generate_normal_master(gnutls_session_t session,
+ gnutls_datum_t * premaster, int keep_premaster)
{
- int ret = 0;
- char buf[512];
-
- _gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", premaster->size,
- _gnutls_bin2hex (premaster->data, premaster->size, buf,
- sizeof (buf), NULL));
- _gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32,
- _gnutls_bin2hex (session->
- security_parameters.client_random, 32,
- buf, sizeof (buf), NULL));
- _gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32,
- _gnutls_bin2hex (session->
- security_parameters.server_random, 32,
- buf, sizeof (buf), NULL));
-
- if (get_num_version (session) == GNUTLS_SSL3)
- {
- uint8_t rnd[2 * GNUTLS_RANDOM_SIZE + 1];
-
- memcpy (rnd, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- memcpy (&rnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
-
- ret =
- _gnutls_ssl3_generate_random (premaster->data, premaster->size,
- rnd, 2 * GNUTLS_RANDOM_SIZE,
- GNUTLS_MASTER_SIZE,
- session->
- security_parameters.master_secret);
-
- }
- else
- {
- uint8_t rnd[2 * GNUTLS_RANDOM_SIZE + 1];
-
- memcpy (rnd, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- memcpy (&rnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
-
- ret =
- _gnutls_PRF (session, premaster->data, premaster->size,
- MASTER_SECRET, MASTER_SECRET_SIZE,
- rnd, 2 * GNUTLS_RANDOM_SIZE, GNUTLS_MASTER_SIZE,
- session->security_parameters.master_secret);
- }
-
- if (!keep_premaster)
- _gnutls_free_datum (premaster);
-
- if (ret < 0)
- return ret;
-
- _gnutls_hard_log ("INT: MASTER SECRET: %s\n",
- _gnutls_bin2hex (session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, buf, sizeof (buf),
- NULL));
-
- return ret;
+ int ret = 0;
+ char buf[512];
+
+ _gnutls_hard_log("INT: PREMASTER SECRET[%d]: %s\n",
+ premaster->size, _gnutls_bin2hex(premaster->data,
+ premaster->size,
+ buf, sizeof(buf),
+ NULL));
+ _gnutls_hard_log("INT: CLIENT RANDOM[%d]: %s\n", 32,
+ _gnutls_bin2hex(session->security_parameters.
+ client_random, 32, buf,
+ sizeof(buf), NULL));
+ _gnutls_hard_log("INT: SERVER RANDOM[%d]: %s\n", 32,
+ _gnutls_bin2hex(session->security_parameters.
+ server_random, 32, buf,
+ sizeof(buf), NULL));
+
+ if (get_num_version(session) == GNUTLS_SSL3) {
+ uint8_t rnd[2 * GNUTLS_RANDOM_SIZE + 1];
+
+ memcpy(rnd, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(&rnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ ret =
+ _gnutls_ssl3_generate_random(premaster->data,
+ premaster->size, rnd,
+ 2 * GNUTLS_RANDOM_SIZE,
+ GNUTLS_MASTER_SIZE,
+ session->security_parameters.
+ master_secret);
+
+ } else {
+ uint8_t rnd[2 * GNUTLS_RANDOM_SIZE + 1];
+
+ memcpy(rnd, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(&rnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ ret =
+ _gnutls_PRF(session, premaster->data, premaster->size,
+ MASTER_SECRET, MASTER_SECRET_SIZE,
+ rnd, 2 * GNUTLS_RANDOM_SIZE,
+ GNUTLS_MASTER_SIZE,
+ session->security_parameters.
+ master_secret);
+ }
+
+ if (!keep_premaster)
+ _gnutls_free_datum(premaster);
+
+ if (ret < 0)
+ return ret;
+
+ _gnutls_hard_log("INT: MASTER SECRET: %s\n",
+ _gnutls_bin2hex(session->security_parameters.
+ master_secret, GNUTLS_MASTER_SIZE,
+ buf, sizeof(buf), NULL));
+
+ return ret;
}
@@ -163,129 +168,117 @@ generate_normal_master (gnutls_session_t session, gnutls_datum_t *premaster,
* server. It does nothing if this type of message is not required
* by the selected ciphersuite.
*/
-int
-_gnutls_send_server_kx_message (gnutls_session_t session, int again)
+int _gnutls_send_server_kx_message(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
- if (session->internals.auth_struct->gnutls_generate_server_kx == NULL)
- return 0;
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- ret =
- session->internals.auth_struct->gnutls_generate_server_kx (session,
- &data);
-
- if (ret == GNUTLS_E_INT_RET_0)
- {
- gnutls_assert ();
- ret = 0;
- goto cleanup;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+ if (session->internals.auth_struct->gnutls_generate_server_kx ==
+ NULL)
+ return 0;
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_server_kx(session, &data);
+
+ if (ret == GNUTLS_E_INT_RET_0) {
+ gnutls_assert();
+ ret = 0;
+ goto cleanup;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
/* This function sends a certificate request message to the
* client.
*/
-int
-_gnutls_send_server_crt_request (gnutls_session_t session, int again)
+int _gnutls_send_server_crt_request(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
- if (session->internals.
- auth_struct->gnutls_generate_server_crt_request == NULL)
- return 0;
-
- if (session->internals.send_cert_req <= 0)
- return 0;
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- ret =
- session->internals.
- auth_struct->gnutls_generate_server_crt_request (session,
- &data);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+ if (session->internals.auth_struct->
+ gnutls_generate_server_crt_request == NULL)
+ return 0;
+
+ if (session->internals.send_cert_req <= 0)
+ return 0;
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_server_crt_request(session, &data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
/* This is the function for the client to send the key
* exchange message
*/
-int
-_gnutls_send_client_kx_message (gnutls_session_t session, int again)
+int _gnutls_send_client_kx_message(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
- if (session->internals.auth_struct->gnutls_generate_client_kx == NULL)
- return 0;
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- ret =
- session->internals.auth_struct->gnutls_generate_client_kx (session,
- &data);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+ if (session->internals.auth_struct->gnutls_generate_client_kx ==
+ NULL)
+ return 0;
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_client_kx(session, &data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
@@ -293,393 +286,363 @@ cleanup:
* verify message
*/
int
-_gnutls_send_client_certificate_verify (gnutls_session_t session, int again)
+_gnutls_send_client_certificate_verify(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
- /* This is a packet that is only sent by the client
- */
- if (session->security_parameters.entity == GNUTLS_SERVER)
- return 0;
-
- /* if certificate verify is not needed just exit
- */
- if (session->key.crt_requested == 0)
- return 0;
-
-
- if (session->internals.auth_struct->gnutls_generate_client_crt_vrfy ==
- NULL)
- {
- gnutls_assert ();
- return 0; /* this algorithm does not support cli_crt_vrfy
- */
- }
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- ret =
- session->internals.
- auth_struct->gnutls_generate_client_crt_vrfy (session, &data);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if (ret == 0)
- goto cleanup;
-
- }
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
-
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+ /* This is a packet that is only sent by the client
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return 0;
+
+ /* if certificate verify is not needed just exit
+ */
+ if (session->key.crt_requested == 0)
+ return 0;
+
+
+ if (session->internals.auth_struct->
+ gnutls_generate_client_crt_vrfy == NULL) {
+ gnutls_assert();
+ return 0; /* this algorithm does not support cli_crt_vrfy
+ */
+ }
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_client_crt_vrfy(session, &data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (ret == 0)
+ goto cleanup;
+
+ }
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
+
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
/* This is called when we want send our certificate
*/
-int
-_gnutls_send_client_certificate (gnutls_session_t session, int again)
+int _gnutls_send_client_certificate(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
-
- if (session->key.crt_requested == 0)
- return 0;
-
- if (session->internals.auth_struct->gnutls_generate_client_certificate ==
- NULL)
- return 0;
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- if (get_num_version (session) != GNUTLS_SSL3 ||
- session->internals.selected_cert_list_length > 0)
- {
- /* TLS 1.0 or SSL 3.0 with a valid certificate
- */
- ret =
- session->internals.
- auth_struct->gnutls_generate_client_certificate (session, &data);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- }
-
- /* In the SSL 3.0 protocol we need to send a
- * no certificate alert instead of an
- * empty certificate.
- */
- if (get_num_version (session) == GNUTLS_SSL3 &&
- session->internals.selected_cert_list_length == 0)
- {
- ret =
- gnutls_alert_send (session, GNUTLS_AL_WARNING,
- GNUTLS_A_SSL3_NO_CERTIFICATE);
-
- }
- else
- { /* TLS 1.0 or SSL 3.0 with a valid certificate
- */
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+
+ if (session->key.crt_requested == 0)
+ return 0;
+
+ if (session->internals.auth_struct->
+ gnutls_generate_client_certificate == NULL)
+ return 0;
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ if (get_num_version(session) != GNUTLS_SSL3 ||
+ session->internals.selected_cert_list_length > 0) {
+ /* TLS 1.0 or SSL 3.0 with a valid certificate
+ */
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_client_certificate(session,
+ &data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ }
+
+ /* In the SSL 3.0 protocol we need to send a
+ * no certificate alert instead of an
+ * empty certificate.
+ */
+ if (get_num_version(session) == GNUTLS_SSL3 &&
+ session->internals.selected_cert_list_length == 0) {
+ ret =
+ gnutls_alert_send(session, GNUTLS_AL_WARNING,
+ GNUTLS_A_SSL3_NO_CERTIFICATE);
+
+ } else { /* TLS 1.0 or SSL 3.0 with a valid certificate
+ */
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
/* This is called when we want send our certificate
*/
-int
-_gnutls_send_server_certificate (gnutls_session_t session, int again)
+int _gnutls_send_server_certificate(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
- int ret = 0;
-
-
- if (session->internals.auth_struct->gnutls_generate_server_certificate ==
- NULL)
- return 0;
-
- _gnutls_buffer_init( &data);
-
- if (again == 0)
- {
- ret =
- session->internals.
- auth_struct->gnutls_generate_server_certificate (session, &data);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- ret = send_handshake (session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
-cleanup:
- _gnutls_buffer_clear (&data);
- return ret;
+ gnutls_buffer_st data;
+ int ret = 0;
+
+
+ if (session->internals.auth_struct->
+ gnutls_generate_server_certificate == NULL)
+ return 0;
+
+ _gnutls_buffer_init(&data);
+
+ if (again == 0) {
+ ret =
+ session->internals.auth_struct->
+ gnutls_generate_server_certificate(session, &data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ ret = send_handshake(session, data.data, data.length,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ cleanup:
+ _gnutls_buffer_clear(&data);
+ return ret;
}
-int
-_gnutls_recv_server_kx_message (gnutls_session_t session)
+int _gnutls_recv_server_kx_message(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
- unsigned int optflag = 0;
-
- if (session->internals.auth_struct->gnutls_process_server_kx != NULL)
- {
- /* Server key exchange packet is optional for PSK. */
- if (_gnutls_session_is_psk (session))
- optflag = 1;
-
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
- optflag, &buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- session->internals.auth_struct->gnutls_process_server_kx (session,
- buf.data,
- buf.length);
- _gnutls_buffer_clear(&buf);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- }
- return ret;
+ gnutls_buffer_st buf;
+ int ret = 0;
+ unsigned int optflag = 0;
+
+ if (session->internals.auth_struct->gnutls_process_server_kx !=
+ NULL) {
+ /* Server key exchange packet is optional for PSK. */
+ if (_gnutls_session_is_psk(session))
+ optflag = 1;
+
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
+ optflag, &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_server_kx(session, buf.data,
+ buf.length);
+ _gnutls_buffer_clear(&buf);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ }
+ return ret;
}
-int
-_gnutls_recv_server_crt_request (gnutls_session_t session)
+int _gnutls_recv_server_crt_request(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
-
- if (session->internals.
- auth_struct->gnutls_process_server_crt_request != NULL)
- {
-
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
- 1, &buf);
- if (ret < 0)
- return ret;
-
- if (ret == 0 && buf.length == 0)
- {
- _gnutls_buffer_clear(&buf);
- return 0; /* ignored */
- }
-
- ret =
- session->internals.
- auth_struct->gnutls_process_server_crt_request (session, buf.data,
- buf.length);
- _gnutls_buffer_clear (&buf);
- if (ret < 0)
- return ret;
-
- }
- return ret;
+ gnutls_buffer_st buf;
+ int ret = 0;
+
+ if (session->internals.auth_struct->
+ gnutls_process_server_crt_request != NULL) {
+
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
+ 1, &buf);
+ if (ret < 0)
+ return ret;
+
+ if (ret == 0 && buf.length == 0) {
+ _gnutls_buffer_clear(&buf);
+ return 0; /* ignored */
+ }
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_server_crt_request(session, buf.data,
+ buf.length);
+ _gnutls_buffer_clear(&buf);
+ if (ret < 0)
+ return ret;
+
+ }
+ return ret;
}
-int
-_gnutls_recv_client_kx_message (gnutls_session_t session)
+int _gnutls_recv_client_kx_message(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
+ gnutls_buffer_st buf;
+ int ret = 0;
- /* Do key exchange only if the algorithm permits it */
- if (session->internals.auth_struct->gnutls_process_client_kx != NULL)
- {
+ /* Do key exchange only if the algorithm permits it */
+ if (session->internals.auth_struct->gnutls_process_client_kx !=
+ NULL) {
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
- 0, &buf);
- if (ret < 0)
- return ret;
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
+ 0, &buf);
+ if (ret < 0)
+ return ret;
- ret =
- session->internals.auth_struct->gnutls_process_client_kx (session,
- buf.data,
- buf.length);
- _gnutls_buffer_clear (&buf);
- if (ret < 0)
- return ret;
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_client_kx(session, buf.data,
+ buf.length);
+ _gnutls_buffer_clear(&buf);
+ if (ret < 0)
+ return ret;
- }
+ }
- return ret;
+ return ret;
}
-int
-_gnutls_recv_client_certificate (gnutls_session_t session)
+int _gnutls_recv_client_certificate(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
- int optional;
-
- if (session->internals.auth_struct->gnutls_process_client_certificate ==
- NULL)
- return 0;
-
- /* if we have not requested a certificate then just return
- */
- if (session->internals.send_cert_req == 0)
- {
- return 0;
- }
-
- if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
- optional = 0;
- else
- optional = 1;
-
- ret =
- _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
- optional, &buf);
-
- if (ret < 0)
- {
- /* Handle the case of old SSL3 clients who send
- * a warning alert instead of an empty certificate to indicate
- * no certificate.
- */
- if (optional != 0 &&
- ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
- get_num_version (session) == GNUTLS_SSL3 &&
- gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE)
- {
-
- /* SSL3 does not send an empty certificate,
- * but this alert. So we just ignore it.
- */
- gnutls_assert ();
- return 0;
- }
-
- /* certificate was required
- */
- if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
- || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- && optional == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- return ret;
- }
-
- if (ret == 0 && buf.length == 0 && optional != 0)
- {
- /* Client has not sent the certificate message.
- * well I'm not sure we should accept this
- * behaviour.
- */
- gnutls_assert ();
- ret = 0;
- goto cleanup;
- }
- ret =
- session->internals.
- auth_struct->gnutls_process_client_certificate (session, buf.data,
- buf.length);
-
- if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* ok we should expect a certificate verify message now
- */
- if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional != 0)
- ret = 0;
- else
- session->key.crt_requested = 1;
-
-cleanup:
- _gnutls_buffer_clear(&buf);
- return ret;
+ gnutls_buffer_st buf;
+ int ret = 0;
+ int optional;
+
+ if (session->internals.auth_struct->
+ gnutls_process_client_certificate == NULL)
+ return 0;
+
+ /* if we have not requested a certificate then just return
+ */
+ if (session->internals.send_cert_req == 0) {
+ return 0;
+ }
+
+ if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
+ optional = 0;
+ else
+ optional = 1;
+
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
+ optional, &buf);
+
+ if (ret < 0) {
+ /* Handle the case of old SSL3 clients who send
+ * a warning alert instead of an empty certificate to indicate
+ * no certificate.
+ */
+ if (optional != 0 &&
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
+ get_num_version(session) == GNUTLS_SSL3 &&
+ gnutls_alert_get(session) ==
+ GNUTLS_A_SSL3_NO_CERTIFICATE) {
+
+ /* SSL3 does not send an empty certificate,
+ * but this alert. So we just ignore it.
+ */
+ gnutls_assert();
+ return 0;
+ }
+
+ /* certificate was required
+ */
+ if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
+ || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ && optional == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ return ret;
+ }
+
+ if (ret == 0 && buf.length == 0 && optional != 0) {
+ /* Client has not sent the certificate message.
+ * well I'm not sure we should accept this
+ * behaviour.
+ */
+ gnutls_assert();
+ ret = 0;
+ goto cleanup;
+ }
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_client_certificate(session, buf.data,
+ buf.length);
+
+ if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* ok we should expect a certificate verify message now
+ */
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional != 0)
+ ret = 0;
+ else
+ session->key.crt_requested = 1;
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
+ return ret;
}
-int
-_gnutls_recv_server_certificate (gnutls_session_t session)
+int _gnutls_recv_server_certificate(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
-
- if (session->internals.auth_struct->gnutls_process_server_certificate !=
- NULL)
- {
-
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
- 0, &buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- session->internals.
- auth_struct->gnutls_process_server_certificate (session, buf.data,
- buf.length);
- _gnutls_buffer_clear(&buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- return ret;
+ gnutls_buffer_st buf;
+ int ret = 0;
+
+ if (session->internals.auth_struct->
+ gnutls_process_server_certificate != NULL) {
+
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
+ 0, &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_server_certificate(session, buf.data,
+ buf.length);
+ _gnutls_buffer_clear(&buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ return ret;
}
@@ -687,43 +650,41 @@ _gnutls_recv_server_certificate (gnutls_session_t session)
* arrive if the peer did not send us a certificate.
*/
int
-_gnutls_recv_client_certificate_verify_message (gnutls_session_t session)
+_gnutls_recv_client_certificate_verify_message(gnutls_session_t session)
{
- gnutls_buffer_st buf;
- int ret = 0;
-
-
- if (session->internals.auth_struct->gnutls_process_client_crt_vrfy == NULL)
- return 0;
-
- if (session->internals.send_cert_req == 0 ||
- session->key.crt_requested == 0)
- {
- return 0;
- }
-
- ret =
- _gnutls_recv_handshake (session,
- GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
- 1, &buf);
- if (ret < 0)
- return ret;
-
- if (ret == 0 && buf.length == 0
- && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
- {
- /* certificate was required */
- gnutls_assert ();
- ret = GNUTLS_E_NO_CERTIFICATE_FOUND;
- goto cleanup;
- }
-
- ret =
- session->internals.
- auth_struct->gnutls_process_client_crt_vrfy (session, buf.data,
- buf.length);
-
-cleanup:
- _gnutls_buffer_clear(&buf);
- return ret;
+ gnutls_buffer_st buf;
+ int ret = 0;
+
+
+ if (session->internals.auth_struct->
+ gnutls_process_client_crt_vrfy == NULL)
+ return 0;
+
+ if (session->internals.send_cert_req == 0 ||
+ session->key.crt_requested == 0) {
+ return 0;
+ }
+
+ ret =
+ _gnutls_recv_handshake(session,
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
+ 1, &buf);
+ if (ret < 0)
+ return ret;
+
+ if (ret == 0 && buf.length == 0
+ && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) {
+ /* certificate was required */
+ gnutls_assert();
+ ret = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ goto cleanup;
+ }
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_client_crt_vrfy(session, buf.data, buf.length);
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
+ return ret;
}
diff --git a/lib/gnutls_kx.h b/lib/gnutls_kx.h
index a070af28da..00bd22f1af 100644
--- a/lib/gnutls_kx.h
+++ b/lib/gnutls_kx.h
@@ -20,18 +20,18 @@
*
*/
-int _gnutls_send_server_kx_message (gnutls_session_t session, int again);
-int _gnutls_send_client_kx_message (gnutls_session_t session, int again);
-int _gnutls_recv_server_kx_message (gnutls_session_t session);
-int _gnutls_recv_client_kx_message (gnutls_session_t session);
-int _gnutls_send_client_certificate_verify (gnutls_session_t session,
- int again);
-int _gnutls_send_server_certificate (gnutls_session_t session, int again);
-int _gnutls_generate_master (gnutls_session_t session, int keep_premaster);
-int _gnutls_recv_client_certificate (gnutls_session_t session);
-int _gnutls_recv_server_certificate (gnutls_session_t session);
-int _gnutls_send_client_certificate (gnutls_session_t session, int again);
-int _gnutls_recv_server_crt_request (gnutls_session_t session);
-int _gnutls_send_server_crt_request (gnutls_session_t session,
- int again);
-int _gnutls_recv_client_certificate_verify_message (gnutls_session_t session);
+int _gnutls_send_server_kx_message(gnutls_session_t session, int again);
+int _gnutls_send_client_kx_message(gnutls_session_t session, int again);
+int _gnutls_recv_server_kx_message(gnutls_session_t session);
+int _gnutls_recv_client_kx_message(gnutls_session_t session);
+int _gnutls_send_client_certificate_verify(gnutls_session_t session,
+ int again);
+int _gnutls_send_server_certificate(gnutls_session_t session, int again);
+int _gnutls_generate_master(gnutls_session_t session, int keep_premaster);
+int _gnutls_recv_client_certificate(gnutls_session_t session);
+int _gnutls_recv_server_certificate(gnutls_session_t session);
+int _gnutls_send_client_certificate(gnutls_session_t session, int again);
+int _gnutls_recv_server_crt_request(gnutls_session_t session);
+int _gnutls_send_server_crt_request(gnutls_session_t session, int again);
+int _gnutls_recv_client_certificate_verify_message(gnutls_session_t
+ session);
diff --git a/lib/gnutls_mbuffers.c b/lib/gnutls_mbuffers.c
index dfd13bd644..9dd486882c 100644
--- a/lib/gnutls_mbuffers.c
+++ b/lib/gnutls_mbuffers.c
@@ -51,14 +51,13 @@
*
* Cost: O(1)
*/
-void
-_mbuffer_head_init (mbuffer_head_st * buf)
+void _mbuffer_head_init(mbuffer_head_st * buf)
{
- buf->head = NULL;
- buf->tail = NULL;
+ buf->head = NULL;
+ buf->tail = NULL;
- buf->length = 0;
- buf->byte_length = 0;
+ buf->length = 0;
+ buf->byte_length = 0;
}
/* Deallocate all buffer segments and reset the buffer head.
@@ -66,38 +65,35 @@ _mbuffer_head_init (mbuffer_head_st * buf)
* Cost: O(n)
* n: Number of segments currently in the buffer.
*/
-void
-_mbuffer_head_clear (mbuffer_head_st * buf)
+void _mbuffer_head_clear(mbuffer_head_st * buf)
{
- mbuffer_st *bufel, *next;
+ mbuffer_st *bufel, *next;
- for (bufel = buf->head; bufel != NULL; bufel = next)
- {
- next = bufel->next;
- gnutls_free (bufel);
- }
+ for (bufel = buf->head; bufel != NULL; bufel = next) {
+ next = bufel->next;
+ gnutls_free(bufel);
+ }
- _mbuffer_head_init (buf);
+ _mbuffer_head_init(buf);
}
/* Append a segment to the end of this buffer.
*
* Cost: O(1)
*/
-void
-_mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel)
+void _mbuffer_enqueue(mbuffer_head_st * buf, mbuffer_st * bufel)
{
- bufel->next = NULL;
- bufel->prev = buf->tail;
+ bufel->next = NULL;
+ bufel->prev = buf->tail;
- buf->length++;
- buf->byte_length += bufel->msg.size - bufel->mark;
+ buf->length++;
+ buf->byte_length += bufel->msg.size - bufel->mark;
- if (buf->tail != NULL)
- buf->tail->next = bufel;
- else
- buf->head = bufel;
- buf->tail = bufel;
+ if (buf->tail != NULL)
+ buf->tail->next = bufel;
+ else
+ buf->head = bufel;
+ buf->tail = bufel;
}
/* Remove a segment from the buffer.
@@ -106,29 +102,28 @@ _mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel)
*
* Returns the buffer following it.
*/
-mbuffer_st *
-_mbuffer_dequeue (mbuffer_head_st * buf, mbuffer_st * bufel)
+mbuffer_st *_mbuffer_dequeue(mbuffer_head_st * buf, mbuffer_st * bufel)
{
-mbuffer_st* ret = bufel->next;
-
- if (buf->tail == bufel) /* if last */
- buf->tail = bufel->prev;
-
- if (buf->head == bufel) /* if first */
- buf->head = bufel->next;
-
- if (bufel->prev)
- bufel->prev->next = bufel->next;
-
- if (bufel->next)
- bufel->next->prev = NULL;
-
- buf->length--;
- buf->byte_length -= bufel->msg.size - bufel->mark;
-
- bufel->next = bufel->prev = NULL;
-
- return ret;
+ mbuffer_st *ret = bufel->next;
+
+ if (buf->tail == bufel) /* if last */
+ buf->tail = bufel->prev;
+
+ if (buf->head == bufel) /* if first */
+ buf->head = bufel->next;
+
+ if (bufel->prev)
+ bufel->prev->next = bufel->next;
+
+ if (bufel->next)
+ bufel->next->prev = NULL;
+
+ buf->length--;
+ buf->byte_length -= bufel->msg.size - bufel->mark;
+
+ bufel->next = bufel->prev = NULL;
+
+ return ret;
}
/* Get a reference to the first segment of the buffer and
@@ -138,17 +133,16 @@ mbuffer_st* ret = bufel->next;
*
* Cost: O(1)
*/
-mbuffer_st *
-_mbuffer_head_pop_first (mbuffer_head_st * buf)
+mbuffer_st *_mbuffer_head_pop_first(mbuffer_head_st * buf)
{
- mbuffer_st *bufel = buf->head;
+ mbuffer_st *bufel = buf->head;
- if (buf->head == NULL)
- return NULL;
+ if (buf->head == NULL)
+ return NULL;
- _mbuffer_dequeue(buf, bufel);
-
- return bufel;
+ _mbuffer_dequeue(buf, bufel);
+
+ return bufel;
}
/* Get a reference to the first segment of the buffer and its data.
@@ -157,25 +151,21 @@ _mbuffer_head_pop_first (mbuffer_head_st * buf)
*
* Cost: O(1)
*/
-mbuffer_st *
-_mbuffer_head_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg)
+mbuffer_st *_mbuffer_head_get_first(mbuffer_head_st * buf,
+ gnutls_datum_t * msg)
{
- mbuffer_st *bufel = buf->head;
-
- if (msg)
- {
- if (bufel)
- {
- msg->data = bufel->msg.data + bufel->mark;
- msg->size = bufel->msg.size - bufel->mark;
- }
- else
- {
- msg->data = NULL;
- msg->size = 0;
- }
- }
- return bufel;
+ mbuffer_st *bufel = buf->head;
+
+ if (msg) {
+ if (bufel) {
+ msg->data = bufel->msg.data + bufel->mark;
+ msg->size = bufel->msg.size - bufel->mark;
+ } else {
+ msg->data = NULL;
+ msg->size = 0;
+ }
+ }
+ return bufel;
}
/* Get a reference to the next segment of the buffer and its data.
@@ -184,25 +174,20 @@ _mbuffer_head_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg)
*
* Cost: O(1)
*/
-mbuffer_st *
-_mbuffer_head_get_next (mbuffer_st * cur, gnutls_datum_t * msg)
+mbuffer_st *_mbuffer_head_get_next(mbuffer_st * cur, gnutls_datum_t * msg)
{
- mbuffer_st *bufel = cur->next;
-
- if (msg)
- {
- if (bufel)
- {
- msg->data = bufel->msg.data + bufel->mark;
- msg->size = bufel->msg.size - bufel->mark;
- }
- else
- {
- msg->data = NULL;
- msg->size = 0;
- }
- }
- return bufel;
+ mbuffer_st *bufel = cur->next;
+
+ if (msg) {
+ if (bufel) {
+ msg->data = bufel->msg.data + bufel->mark;
+ msg->size = bufel->msg.size - bufel->mark;
+ } else {
+ msg->data = NULL;
+ msg->size = 0;
+ }
+ }
+ return bufel;
}
/* Remove the first segment from the buffer.
@@ -212,16 +197,15 @@ _mbuffer_head_get_next (mbuffer_st * cur, gnutls_datum_t * msg)
*
* Cost: O(1)
*/
-static inline void
-remove_front (mbuffer_head_st * buf)
+static inline void remove_front(mbuffer_head_st * buf)
{
- mbuffer_st *bufel = buf->head;
+ mbuffer_st *bufel = buf->head;
- if (!bufel)
- return;
+ if (!bufel)
+ return;
- _mbuffer_dequeue(buf, bufel);
- gnutls_free (bufel);
+ _mbuffer_dequeue(buf, bufel);
+ gnutls_free(bufel);
}
/* Remove a specified number of bytes from the start of the buffer.
@@ -234,37 +218,31 @@ remove_front (mbuffer_head_st * buf)
* Cost: O(n)
* n: Number of segments needed to remove the specified amount of data.
*/
-int
-_mbuffer_head_remove_bytes (mbuffer_head_st * buf, size_t bytes)
+int _mbuffer_head_remove_bytes(mbuffer_head_st * buf, size_t bytes)
{
- size_t left = bytes;
- mbuffer_st *bufel, *next;
- int ret = 0;
-
- if (bytes > buf->byte_length)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- for (bufel = buf->head; bufel != NULL && left > 0; bufel = next)
- {
- next = bufel->next;
-
- if (left >= (bufel->msg.size - bufel->mark))
- {
- left -= (bufel->msg.size - bufel->mark);
- remove_front (buf);
- ret = 1;
- }
- else
- {
- bufel->mark += left;
- buf->byte_length -= left;
- left = 0;
- }
- }
- return ret;
+ size_t left = bytes;
+ mbuffer_st *bufel, *next;
+ int ret = 0;
+
+ if (bytes > buf->byte_length) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (bufel = buf->head; bufel != NULL && left > 0; bufel = next) {
+ next = bufel->next;
+
+ if (left >= (bufel->msg.size - bufel->mark)) {
+ left -= (bufel->msg.size - bufel->mark);
+ remove_front(buf);
+ ret = 1;
+ } else {
+ bufel->mark += left;
+ buf->byte_length -= left;
+ left = 0;
+ }
+ }
+ return ret;
}
/* Allocate a buffer segment. The segment is not initially "owned" by
@@ -279,27 +257,25 @@ _mbuffer_head_remove_bytes (mbuffer_head_st * buf, size_t bytes)
*
* Cost: O(1)
*/
-mbuffer_st *
-_mbuffer_alloc (size_t payload_size, size_t maximum_size)
+mbuffer_st *_mbuffer_alloc(size_t payload_size, size_t maximum_size)
{
- mbuffer_st *st;
-
- st = gnutls_malloc (maximum_size + sizeof (mbuffer_st));
- if (st == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- /* set the structure to zero */
- memset(st, 0, sizeof(*st));
-
- /* payload points after the mbuffer_st structure */
- st->msg.data = (uint8_t *) st + sizeof (mbuffer_st);
- st->msg.size = payload_size;
- st->maximum_size = maximum_size;
-
- return st;
+ mbuffer_st *st;
+
+ st = gnutls_malloc(maximum_size + sizeof(mbuffer_st));
+ if (st == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ /* set the structure to zero */
+ memset(st, 0, sizeof(*st));
+
+ /* payload points after the mbuffer_st structure */
+ st->msg.data = (uint8_t *) st + sizeof(mbuffer_st);
+ st->msg.size = payload_size;
+ st->maximum_size = maximum_size;
+
+ return st;
}
/* Copy data into a segment. The segment must not be part of a buffer
@@ -313,20 +289,19 @@ _mbuffer_alloc (size_t payload_size, size_t maximum_size)
* n: number of bytes to copy
*/
int
-_mbuffer_append_data (mbuffer_st * bufel, void *newdata, size_t newdata_size)
+_mbuffer_append_data(mbuffer_st * bufel, void *newdata,
+ size_t newdata_size)
{
- if (bufel->msg.size + newdata_size <= bufel->maximum_size)
- {
- memcpy (&bufel->msg.data[bufel->msg.size], newdata, newdata_size);
- bufel->msg.size += newdata_size;
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ if (bufel->msg.size + newdata_size <= bufel->maximum_size) {
+ memcpy(&bufel->msg.data[bufel->msg.size], newdata,
+ newdata_size);
+ bufel->msg.size += newdata_size;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
/* Takes a buffer in multiple chunks and puts all the data in a single
@@ -337,33 +312,30 @@ _mbuffer_append_data (mbuffer_st * bufel, void *newdata, size_t newdata_size)
* Cost: O(n)
* n: number of segments initially in the buffer
*/
-int
-_mbuffer_linearize (mbuffer_head_st * buf)
+int _mbuffer_linearize(mbuffer_head_st * buf)
{
- mbuffer_st *bufel, *cur;
- gnutls_datum_t msg;
- size_t pos = 0;
-
- if (buf->length <= 1)
- /* Nothing to do */
- return 0;
-
- bufel = _mbuffer_alloc (buf->byte_length, buf->byte_length);
- if (!bufel)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (cur = _mbuffer_head_get_first (buf, &msg);
- msg.data != NULL; cur = _mbuffer_head_get_next (cur, &msg))
- {
- memcpy (&bufel->msg.data[pos], msg.data, msg.size);
- pos += msg.size;
- }
-
- _mbuffer_head_clear (buf);
- _mbuffer_enqueue (buf, bufel);
-
- return 0;
+ mbuffer_st *bufel, *cur;
+ gnutls_datum_t msg;
+ size_t pos = 0;
+
+ if (buf->length <= 1)
+ /* Nothing to do */
+ return 0;
+
+ bufel = _mbuffer_alloc(buf->byte_length, buf->byte_length);
+ if (!bufel) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (cur = _mbuffer_head_get_first(buf, &msg);
+ msg.data != NULL; cur = _mbuffer_head_get_next(cur, &msg)) {
+ memcpy(&bufel->msg.data[pos], msg.data, msg.size);
+ pos += msg.size;
+ }
+
+ _mbuffer_head_clear(buf);
+ _mbuffer_enqueue(buf, bufel);
+
+ return 0;
}
diff --git a/lib/gnutls_mbuffers.h b/lib/gnutls_mbuffers.h
index b7cdca245d..fdb7aec4ed 100644
--- a/lib/gnutls_mbuffers.h
+++ b/lib/gnutls_mbuffers.h
@@ -26,100 +26,97 @@
#include <gnutls_int.h>
#include <gnutls_errors.h>
-void _mbuffer_head_init (mbuffer_head_st * buf);
-void _mbuffer_head_clear (mbuffer_head_st * buf);
-void _mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel);
-mbuffer_st* _mbuffer_dequeue (mbuffer_head_st * buf, mbuffer_st * bufel);
-int _mbuffer_head_remove_bytes (mbuffer_head_st * buf, size_t bytes);
-mbuffer_st *_mbuffer_alloc (size_t payload_size, size_t maximum_size);
+void _mbuffer_head_init(mbuffer_head_st * buf);
+void _mbuffer_head_clear(mbuffer_head_st * buf);
+void _mbuffer_enqueue(mbuffer_head_st * buf, mbuffer_st * bufel);
+mbuffer_st *_mbuffer_dequeue(mbuffer_head_st * buf, mbuffer_st * bufel);
+int _mbuffer_head_remove_bytes(mbuffer_head_st * buf, size_t bytes);
+mbuffer_st *_mbuffer_alloc(size_t payload_size, size_t maximum_size);
-mbuffer_st *_mbuffer_head_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg);
-mbuffer_st *_mbuffer_head_get_next (mbuffer_st * cur, gnutls_datum_t * msg);
+mbuffer_st *_mbuffer_head_get_first(mbuffer_head_st * buf,
+ gnutls_datum_t * msg);
+mbuffer_st *_mbuffer_head_get_next(mbuffer_st * cur, gnutls_datum_t * msg);
-mbuffer_st *
-_mbuffer_head_pop_first (mbuffer_head_st * buf);
+mbuffer_st *_mbuffer_head_pop_first(mbuffer_head_st * buf);
/* This is dangerous since it will replace bufel with a new
* one.
*/
-int _mbuffer_append_data (mbuffer_st * bufel, void *newdata,
- size_t newdata_size);
-int _mbuffer_linearize (mbuffer_head_st * buf);
+int _mbuffer_append_data(mbuffer_st * bufel, void *newdata,
+ size_t newdata_size);
+int _mbuffer_linearize(mbuffer_head_st * buf);
/* For "user" use. One can have buffer data and header.
*/
inline static void
-_mbuffer_set_udata (mbuffer_st * bufel, void *data, size_t data_size)
+_mbuffer_set_udata(mbuffer_st * bufel, void *data, size_t data_size)
{
- memcpy (bufel->msg.data + bufel->mark + bufel->uhead_mark, data, data_size);
- bufel->msg.size = data_size + bufel->uhead_mark + bufel->mark;
+ memcpy(bufel->msg.data + bufel->mark + bufel->uhead_mark, data,
+ data_size);
+ bufel->msg.size = data_size + bufel->uhead_mark + bufel->mark;
}
-inline static void *
-_mbuffer_get_uhead_ptr (mbuffer_st * bufel)
+inline static void *_mbuffer_get_uhead_ptr(mbuffer_st * bufel)
{
- return bufel->msg.data + bufel->mark;
+ return bufel->msg.data + bufel->mark;
}
-inline static void *
-_mbuffer_get_udata_ptr (mbuffer_st * bufel)
+inline static void *_mbuffer_get_udata_ptr(mbuffer_st * bufel)
{
- return bufel->msg.data + bufel->uhead_mark + bufel->mark;
+ return bufel->msg.data + bufel->uhead_mark + bufel->mark;
}
-inline static void
-_mbuffer_set_udata_size (mbuffer_st * bufel, size_t size)
+inline static void _mbuffer_set_udata_size(mbuffer_st * bufel, size_t size)
{
- bufel->msg.size = size + bufel->uhead_mark + bufel->mark;
+ bufel->msg.size = size + bufel->uhead_mark + bufel->mark;
}
-inline static size_t
-_mbuffer_get_udata_size (mbuffer_st * bufel)
+inline static size_t _mbuffer_get_udata_size(mbuffer_st * bufel)
{
- return bufel->msg.size - bufel->uhead_mark - bufel->mark;
+ return bufel->msg.size - bufel->uhead_mark - bufel->mark;
}
/* discards size bytes from the begging of the buffer */
inline static void
-_mbuffer_consume (mbuffer_head_st* buf, mbuffer_st * bufel, size_t size)
+_mbuffer_consume(mbuffer_head_st * buf, mbuffer_st * bufel, size_t size)
{
- bufel->uhead_mark = 0;
- if (bufel->mark+size < bufel->msg.size)
- bufel->mark += size;
- else
- bufel->mark = bufel->msg.size;
+ bufel->uhead_mark = 0;
+ if (bufel->mark + size < bufel->msg.size)
+ bufel->mark += size;
+ else
+ bufel->mark = bufel->msg.size;
- buf->byte_length -= size;
+ buf->byte_length -= size;
}
-inline static size_t
-_mbuffer_get_uhead_size (mbuffer_st * bufel)
+inline static size_t _mbuffer_get_uhead_size(mbuffer_st * bufel)
{
- return bufel->uhead_mark;
+ return bufel->uhead_mark;
}
-inline static void
-_mbuffer_set_uhead_size (mbuffer_st * bufel, size_t size)
+inline static void _mbuffer_set_uhead_size(mbuffer_st * bufel, size_t size)
{
- bufel->uhead_mark = size;
+ bufel->uhead_mark = size;
}
-inline static mbuffer_st *
-_gnutls_handshake_alloc (gnutls_session_t session, size_t size, size_t maximum)
+inline static mbuffer_st *_gnutls_handshake_alloc(gnutls_session_t session,
+ size_t size,
+ size_t maximum)
{
- mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE(session) + size,
- HANDSHAKE_HEADER_SIZE(session) + maximum);
+ mbuffer_st *ret =
+ _mbuffer_alloc(HANDSHAKE_HEADER_SIZE(session) + size,
+ HANDSHAKE_HEADER_SIZE(session) + maximum);
- if (!ret)
- return NULL;
+ if (!ret)
+ return NULL;
- _mbuffer_set_uhead_size (ret, HANDSHAKE_HEADER_SIZE(session));
+ _mbuffer_set_uhead_size(ret, HANDSHAKE_HEADER_SIZE(session));
- return ret;
+ return ret;
}
/* Free a segment, if the pointer is not NULL
@@ -128,13 +125,12 @@ _gnutls_handshake_alloc (gnutls_session_t session, size_t size, size_t maximum)
* pointer case). It also makes sure the pointer has a known value
* after freeing.
*/
-inline static void
-_mbuffer_xfree (mbuffer_st ** bufel)
+inline static void _mbuffer_xfree(mbuffer_st ** bufel)
{
- if (*bufel)
- gnutls_free (*bufel);
+ if (*bufel)
+ gnutls_free(*bufel);
- *bufel = NULL;
+ *bufel = NULL;
}
#endif
diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c
index 76d183a5c2..2effd1498f 100644
--- a/lib/gnutls_mem.c
+++ b/lib/gnutls_mem.c
@@ -33,58 +33,53 @@ gnutls_realloc_function gnutls_realloc = realloc;
void *(*gnutls_calloc) (size_t, size_t) = calloc;
char *(*gnutls_strdup) (const char *) = _gnutls_strdup;
-void *
-_gnutls_calloc (size_t nmemb, size_t size)
+void *_gnutls_calloc(size_t nmemb, size_t size)
{
- void *ret;
- size_t n = xtimes (nmemb, size);
- ret = (size_in_bounds_p (n) ? gnutls_malloc (n) : NULL);
- if (ret != NULL)
- memset (ret, 0, size);
- return ret;
+ void *ret;
+ size_t n = xtimes(nmemb, size);
+ ret = (size_in_bounds_p(n) ? gnutls_malloc(n) : NULL);
+ if (ret != NULL)
+ memset(ret, 0, size);
+ return ret;
}
-svoid *
-gnutls_secure_calloc (size_t nmemb, size_t size)
+svoid *gnutls_secure_calloc(size_t nmemb, size_t size)
{
- svoid *ret;
- size_t n = xtimes (nmemb, size);
- ret = (size_in_bounds_p (n) ? gnutls_secure_malloc (n) : NULL);
- if (ret != NULL)
- memset (ret, 0, size);
- return ret;
+ svoid *ret;
+ size_t n = xtimes(nmemb, size);
+ ret = (size_in_bounds_p(n) ? gnutls_secure_malloc(n) : NULL);
+ if (ret != NULL)
+ memset(ret, 0, size);
+ return ret;
}
/* This realloc will free ptr in case realloc
* fails.
*/
-void *
-gnutls_realloc_fast (void *ptr, size_t size)
+void *gnutls_realloc_fast(void *ptr, size_t size)
{
- void *ret;
+ void *ret;
- if (size == 0)
- return ptr;
+ if (size == 0)
+ return ptr;
- ret = gnutls_realloc (ptr, size);
- if (ret == NULL)
- {
- gnutls_free (ptr);
- }
+ ret = gnutls_realloc(ptr, size);
+ if (ret == NULL) {
+ gnutls_free(ptr);
+ }
- return ret;
+ return ret;
}
-char *
-_gnutls_strdup (const char *str)
+char *_gnutls_strdup(const char *str)
{
- size_t siz = strlen (str) + 1;
- char *ret;
+ size_t siz = strlen(str) + 1;
+ char *ret;
- ret = gnutls_malloc (siz);
- if (ret != NULL)
- memcpy (ret, str, siz);
- return ret;
+ ret = gnutls_malloc(siz);
+ if (ret != NULL)
+ memcpy(ret, str, siz);
+ return ret;
}
@@ -103,8 +98,7 @@ _gnutls_strdup (const char *str)
* The allocation function used is the one set by
* gnutls_global_set_mem_functions().
**/
-void *
-gnutls_malloc (size_t s)
+void *gnutls_malloc(size_t s)
{
}
@@ -118,8 +112,7 @@ gnutls_malloc (size_t s)
* gnutls_global_set_mem_functions().
*
**/
-void
-gnutls_free (void *ptr)
+void gnutls_free(void *ptr)
{
}
diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h
index a443c5a103..41fb88d9d0 100644
--- a/lib/gnutls_mem.h
+++ b/lib/gnutls_mem.h
@@ -23,18 +23,18 @@
#ifndef GNUTLS_MEM_H
#define GNUTLS_MEM_H
-typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
+typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
extern int (*_gnutls_is_secure_memory) (const void *);
/* this realloc function will return ptr if size==0, and
* will free the ptr if the new allocation failed.
*/
-void *gnutls_realloc_fast (void *ptr, size_t size);
+void *gnutls_realloc_fast(void *ptr, size_t size);
-svoid *gnutls_secure_calloc (size_t nmemb, size_t size);
+svoid *gnutls_secure_calloc(size_t nmemb, size_t size);
-void *_gnutls_calloc (size_t nmemb, size_t size);
-char *_gnutls_strdup (const char *);
+void *_gnutls_calloc(size_t nmemb, size_t size);
+char *_gnutls_strdup(const char *);
-#endif /* GNUTLS_MEM_H */
+#endif /* GNUTLS_MEM_H */
diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c
index e0e05cb5d8..823d536b2d 100644
--- a/lib/gnutls_mpi.c
+++ b/lib/gnutls_mpi.c
@@ -38,199 +38,181 @@
#define clearbit(v,n) ((unsigned char)(v) & ~( (unsigned char)(1) << (unsigned)(n)))
bigint_t
-_gnutls_mpi_randomize (bigint_t r, unsigned int bits,
- gnutls_rnd_level_t level)
+_gnutls_mpi_randomize(bigint_t r, unsigned int bits,
+ gnutls_rnd_level_t level)
{
- size_t size = 1 + (bits / 8);
- int ret;
- int rem, i;
- bigint_t tmp;
- uint8_t tmpbuf[512];
- uint8_t *buf;
- int buf_release = 0;
-
- if (size < sizeof (tmpbuf))
- {
- buf = tmpbuf;
- }
- else
- {
- buf = gnutls_malloc (size);
- if (buf == NULL)
- {
- gnutls_assert ();
- goto cleanup;
- }
- buf_release = 1;
- }
-
-
- ret = _gnutls_rnd (level, buf, size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* mask the bits that weren't requested */
- rem = bits % 8;
-
- if (rem == 0)
- {
- buf[0] = 0;
- }
- else
- {
- for (i = 8; i >= rem; i--)
- buf[0] = clearbit (buf[0], i);
- }
-
- ret = _gnutls_mpi_scan (&tmp, buf, size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (buf_release != 0)
- {
- gnutls_free (buf);
- buf = NULL;
- }
-
- if (r != NULL)
- {
- _gnutls_mpi_set (r, tmp);
- _gnutls_mpi_release (&tmp);
- return r;
- }
-
- return tmp;
-
-cleanup:
- if (buf_release != 0)
- gnutls_free (buf);
- return NULL;
+ size_t size = 1 + (bits / 8);
+ int ret;
+ int rem, i;
+ bigint_t tmp;
+ uint8_t tmpbuf[512];
+ uint8_t *buf;
+ int buf_release = 0;
+
+ if (size < sizeof(tmpbuf)) {
+ buf = tmpbuf;
+ } else {
+ buf = gnutls_malloc(size);
+ if (buf == NULL) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ buf_release = 1;
+ }
+
+
+ ret = _gnutls_rnd(level, buf, size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* mask the bits that weren't requested */
+ rem = bits % 8;
+
+ if (rem == 0) {
+ buf[0] = 0;
+ } else {
+ for (i = 8; i >= rem; i--)
+ buf[0] = clearbit(buf[0], i);
+ }
+
+ ret = _gnutls_mpi_scan(&tmp, buf, size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (buf_release != 0) {
+ gnutls_free(buf);
+ buf = NULL;
+ }
+
+ if (r != NULL) {
+ _gnutls_mpi_set(r, tmp);
+ _gnutls_mpi_release(&tmp);
+ return r;
+ }
+
+ return tmp;
+
+ cleanup:
+ if (buf_release != 0)
+ gnutls_free(buf);
+ return NULL;
}
-void
-_gnutls_mpi_release (bigint_t * x)
+void _gnutls_mpi_release(bigint_t * x)
{
- if (*x == NULL)
- return;
+ if (*x == NULL)
+ return;
- _gnutls_mpi_ops.bigint_release (*x);
- *x = NULL;
+ _gnutls_mpi_ops.bigint_release(*x);
+ *x = NULL;
}
/* returns %GNUTLS_E_SUCCESS (0) on success
*/
-int
-_gnutls_mpi_scan (bigint_t * ret_mpi, const void *buffer, size_t nbytes)
+int _gnutls_mpi_scan(bigint_t * ret_mpi, const void *buffer, size_t nbytes)
{
- *ret_mpi =
- _gnutls_mpi_ops.bigint_scan (buffer, nbytes, GNUTLS_MPI_FORMAT_USG);
- if (*ret_mpi == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- return 0;
+ *ret_mpi =
+ _gnutls_mpi_ops.bigint_scan(buffer, nbytes,
+ GNUTLS_MPI_FORMAT_USG);
+ if (*ret_mpi == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ return 0;
}
/* returns %GNUTLS_E_SUCCESS (0) on success. Fails if the number is zero.
*/
int
-_gnutls_mpi_scan_nz (bigint_t * ret_mpi, const void *buffer, size_t nbytes)
+_gnutls_mpi_scan_nz(bigint_t * ret_mpi, const void *buffer, size_t nbytes)
{
- int ret;
+ int ret;
- ret = _gnutls_mpi_scan (ret_mpi, buffer, nbytes);
- if (ret < 0)
- return ret;
+ ret = _gnutls_mpi_scan(ret_mpi, buffer, nbytes);
+ if (ret < 0)
+ return ret;
- /* MPIs with 0 bits are illegal
- */
- if (_gnutls_mpi_cmp_ui (*ret_mpi, 0) == 0)
- {
- _gnutls_mpi_release (ret_mpi);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ /* MPIs with 0 bits are illegal
+ */
+ if (_gnutls_mpi_cmp_ui(*ret_mpi, 0) == 0) {
+ _gnutls_mpi_release(ret_mpi);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- return 0;
+ return 0;
}
int
-_gnutls_mpi_scan_pgp (bigint_t * ret_mpi, const void *buffer, size_t nbytes)
+_gnutls_mpi_scan_pgp(bigint_t * ret_mpi, const void *buffer, size_t nbytes)
{
- *ret_mpi =
- _gnutls_mpi_ops.bigint_scan (buffer, nbytes, GNUTLS_MPI_FORMAT_PGP);
- if (*ret_mpi == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- return 0;
+ *ret_mpi =
+ _gnutls_mpi_ops.bigint_scan(buffer, nbytes,
+ GNUTLS_MPI_FORMAT_PGP);
+ if (*ret_mpi == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ return 0;
}
/* Always has the first bit zero */
-int
-_gnutls_mpi_dprint_lz (const bigint_t a, gnutls_datum_t * dest)
+int _gnutls_mpi_dprint_lz(const bigint_t a, gnutls_datum_t * dest)
{
- int ret;
- uint8_t *buf = NULL;
- size_t bytes = 0;
-
- if (dest == NULL || a == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- _gnutls_mpi_print_lz (a, NULL, &bytes);
-
- if (bytes != 0)
- buf = gnutls_malloc (bytes);
- if (buf == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = _gnutls_mpi_print_lz (a, buf, &bytes);
- if (ret < 0)
- {
- gnutls_free (buf);
- return ret;
- }
-
- dest->data = buf;
- dest->size = bytes;
- return 0;
+ int ret;
+ uint8_t *buf = NULL;
+ size_t bytes = 0;
+
+ if (dest == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ _gnutls_mpi_print_lz(a, NULL, &bytes);
+
+ if (bytes != 0)
+ buf = gnutls_malloc(bytes);
+ if (buf == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = _gnutls_mpi_print_lz(a, buf, &bytes);
+ if (ret < 0) {
+ gnutls_free(buf);
+ return ret;
+ }
+
+ dest->data = buf;
+ dest->size = bytes;
+ return 0;
}
-int
-_gnutls_mpi_dprint (const bigint_t a, gnutls_datum_t * dest)
+int _gnutls_mpi_dprint(const bigint_t a, gnutls_datum_t * dest)
{
- int ret;
- uint8_t *buf = NULL;
- size_t bytes = 0;
-
- if (dest == NULL || a == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- _gnutls_mpi_print (a, NULL, &bytes);
- if (bytes != 0)
- buf = gnutls_malloc (bytes);
- if (buf == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = _gnutls_mpi_print (a, buf, &bytes);
- if (ret < 0)
- {
- gnutls_free (buf);
- return ret;
- }
-
- dest->data = buf;
- dest->size = bytes;
- return 0;
+ int ret;
+ uint8_t *buf = NULL;
+ size_t bytes = 0;
+
+ if (dest == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ _gnutls_mpi_print(a, NULL, &bytes);
+ if (bytes != 0)
+ buf = gnutls_malloc(bytes);
+ if (buf == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = _gnutls_mpi_print(a, buf, &bytes);
+ if (ret < 0) {
+ gnutls_free(buf);
+ return ret;
+ }
+
+ dest->data = buf;
+ dest->size = bytes;
+ return 0;
}
/* This function will copy the mpi data into a datum,
@@ -238,43 +220,40 @@ _gnutls_mpi_dprint (const bigint_t a, gnutls_datum_t * dest)
* the output value is left padded with zeros.
*/
int
-_gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest, size_t size)
+_gnutls_mpi_dprint_size(const bigint_t a, gnutls_datum_t * dest,
+ size_t size)
{
- int ret;
- uint8_t *buf = NULL;
- size_t bytes = 0;
- unsigned int i;
-
- if (dest == NULL || a == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- _gnutls_mpi_print (a, NULL, &bytes);
- if (bytes != 0)
- buf = gnutls_malloc (MAX (size, bytes));
- if (buf == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- if (bytes <= size)
- {
- size_t diff = size - bytes;
- for (i = 0; i < diff; i++)
- buf[i] = 0;
- ret = _gnutls_mpi_print (a, &buf[diff], &bytes);
- }
- else
- {
- ret = _gnutls_mpi_print (a, buf, &bytes);
- }
-
- if (ret < 0)
- {
- gnutls_free (buf);
- return ret;
- }
-
- dest->data = buf;
- dest->size = MAX (size, bytes);
- return 0;
+ int ret;
+ uint8_t *buf = NULL;
+ size_t bytes = 0;
+ unsigned int i;
+
+ if (dest == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ _gnutls_mpi_print(a, NULL, &bytes);
+ if (bytes != 0)
+ buf = gnutls_malloc(MAX(size, bytes));
+ if (buf == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ if (bytes <= size) {
+ size_t diff = size - bytes;
+ for (i = 0; i < diff; i++)
+ buf[i] = 0;
+ ret = _gnutls_mpi_print(a, &buf[diff], &bytes);
+ } else {
+ ret = _gnutls_mpi_print(a, buf, &bytes);
+ }
+
+ if (ret < 0) {
+ gnutls_free(buf);
+ return ret;
+ }
+
+ dest->data = buf;
+ dest->size = MAX(size, bytes);
+ return 0;
}
/* this function reads an integer
@@ -282,97 +261,90 @@ _gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest, size_t size)
* steps.
*/
int
-_gnutls_x509_read_int (ASN1_TYPE node, const char *value, bigint_t * ret_mpi)
+_gnutls_x509_read_int(ASN1_TYPE node, const char *value,
+ bigint_t * ret_mpi)
{
- int result;
- uint8_t *tmpstr = NULL;
- int tmpstr_size;
-
- tmpstr_size = 0;
- result = asn1_read_value (node, value, NULL, &tmpstr_size);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- tmpstr = gnutls_malloc (tmpstr_size);
- if (tmpstr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_read_value (node, value, tmpstr, &tmpstr_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmpstr);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_mpi_scan (ret_mpi, tmpstr, tmpstr_size);
- gnutls_free (tmpstr);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ uint8_t *tmpstr = NULL;
+ int tmpstr_size;
+
+ tmpstr_size = 0;
+ result = asn1_read_value(node, value, NULL, &tmpstr_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ tmpstr = gnutls_malloc(tmpstr_size);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value(node, value, tmpstr, &tmpstr_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmpstr);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_mpi_scan(ret_mpi, tmpstr, tmpstr_size);
+ gnutls_free(tmpstr);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* Writes the specified integer into the specified node.
*/
int
-_gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
- int lz)
+_gnutls_x509_write_int(ASN1_TYPE node, const char *value, bigint_t mpi,
+ int lz)
{
- uint8_t *tmpstr;
- size_t s_len;
- int result;
-
- s_len = 0;
- if (lz)
- result = _gnutls_mpi_print_lz (mpi, NULL, &s_len);
- else
- result = _gnutls_mpi_print (mpi, NULL, &s_len);
-
- if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- return result;
- }
-
- tmpstr = gnutls_malloc (s_len);
- if (tmpstr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (lz)
- result = _gnutls_mpi_print_lz (mpi, tmpstr, &s_len);
- else
- result = _gnutls_mpi_print (mpi, tmpstr, &s_len);
-
- if (result != 0)
- {
- gnutls_assert ();
- gnutls_free (tmpstr);
- return GNUTLS_E_MPI_PRINT_FAILED;
- }
-
- result = asn1_write_value (node, value, tmpstr, s_len);
-
- gnutls_free (tmpstr);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ uint8_t *tmpstr;
+ size_t s_len;
+ int result;
+
+ s_len = 0;
+ if (lz)
+ result = _gnutls_mpi_print_lz(mpi, NULL, &s_len);
+ else
+ result = _gnutls_mpi_print(mpi, NULL, &s_len);
+
+ if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ return result;
+ }
+
+ tmpstr = gnutls_malloc(s_len);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (lz)
+ result = _gnutls_mpi_print_lz(mpi, tmpstr, &s_len);
+ else
+ result = _gnutls_mpi_print(mpi, tmpstr, &s_len);
+
+ if (result != 0) {
+ gnutls_assert();
+ gnutls_free(tmpstr);
+ return GNUTLS_E_MPI_PRINT_FAILED;
+ }
+
+ result = asn1_write_value(node, value, tmpstr, s_len);
+
+ gnutls_free(tmpstr);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h
index c905356db6..3134243252 100644
--- a/lib/gnutls_mpi.h
+++ b/lib/gnutls_mpi.h
@@ -30,8 +30,8 @@
extern int crypto_bigint_prio;
extern gnutls_crypto_bigint_st _gnutls_mpi_ops;
-bigint_t _gnutls_mpi_randomize (bigint_t, unsigned int bits,
- gnutls_rnd_level_t level);
+bigint_t _gnutls_mpi_randomize(bigint_t, unsigned int bits,
+ gnutls_rnd_level_t level);
#define _gnutls_mpi_new _gnutls_mpi_ops.bigint_new
#define _gnutls_mpi_clear _gnutls_mpi_ops.bigint_clear
@@ -59,18 +59,19 @@ bigint_t _gnutls_mpi_randomize (bigint_t, unsigned int bits,
#define _gnutls_mpi_print_pgp(x,y,z) _gnutls_mpi_ops.bigint_print(x,y,z,GNUTLS_MPI_FORMAT_PGP)
#define _gnutls_mpi_copy( a) _gnutls_mpi_set( NULL, a)
-void _gnutls_mpi_release (bigint_t * x);
+void _gnutls_mpi_release(bigint_t * x);
-int _gnutls_mpi_scan (bigint_t * ret_mpi, const void *buffer, size_t nbytes);
-int _gnutls_mpi_scan_nz (bigint_t * ret_mpi, const void *buffer,
- size_t nbytes);
-int _gnutls_mpi_scan_pgp (bigint_t * ret_mpi, const void *buffer,
- size_t nbytes);
+int _gnutls_mpi_scan(bigint_t * ret_mpi, const void *buffer,
+ size_t nbytes);
+int _gnutls_mpi_scan_nz(bigint_t * ret_mpi, const void *buffer,
+ size_t nbytes);
+int _gnutls_mpi_scan_pgp(bigint_t * ret_mpi, const void *buffer,
+ size_t nbytes);
-int _gnutls_mpi_dprint_lz (const bigint_t a, gnutls_datum_t * dest);
-int _gnutls_mpi_dprint (const bigint_t a, gnutls_datum_t * dest);
-int _gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest,
- size_t size);
+int _gnutls_mpi_dprint_lz(const bigint_t a, gnutls_datum_t * dest);
+int _gnutls_mpi_dprint(const bigint_t a, gnutls_datum_t * dest);
+int _gnutls_mpi_dprint_size(const bigint_t a, gnutls_datum_t * dest,
+ size_t size);
#define _gnutls_mpi_generate_group( gg, bits) _gnutls_mpi_ops.bigint_generate_group( gg, bits)
diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c
index 74a38d24f2..e9a7487917 100644
--- a/lib/gnutls_num.c
+++ b/lib/gnutls_num.c
@@ -32,56 +32,48 @@
* Returns 0 on success, or -1 if the uint64 max limit
* has been reached.
*/
-int
-_gnutls_uint64pp (uint64 * x)
+int _gnutls_uint64pp(uint64 * x)
{
- register int i, y = 0;
+ register int i, y = 0;
- for (i = 7; i >= 0; i--)
- {
- y = 0;
- if (x->i[i] == 0xff)
- {
- x->i[i] = 0;
- y = 1;
- }
- else
- x->i[i]++;
+ for (i = 7; i >= 0; i--) {
+ y = 0;
+ if (x->i[i] == 0xff) {
+ x->i[i] = 0;
+ y = 1;
+ } else
+ x->i[i]++;
- if (y == 0)
- break;
- }
- if (y != 0)
- return -1; /* over 64 bits! WOW */
+ if (y == 0)
+ break;
+ }
+ if (y != 0)
+ return -1; /* over 64 bits! WOW */
- return 0;
+ return 0;
}
/* This function will add one to uint48 x.
* Returns 0 on success, or -1 if the uint48 max limit
* has been reached.
*/
-int
-_gnutls_uint48pp (uint64 * x)
+int _gnutls_uint48pp(uint64 * x)
{
- register int i, y = 0;
+ register int i, y = 0;
- for (i = 7; i >= 3; i--)
- {
- y = 0;
- if (x->i[i] == 0xff)
- {
- x->i[i] = 0;
- y = 1;
- }
- else
- x->i[i]++;
+ for (i = 7; i >= 3; i--) {
+ y = 0;
+ if (x->i[i] == 0xff) {
+ x->i[i] = 0;
+ y = 1;
+ } else
+ x->i[i]++;
- if (y == 0)
- break;
- }
- if (y != 0)
- return -1; /* over 48 bits */
+ if (y == 0)
+ break;
+ }
+ if (y != 0)
+ return -1; /* over 48 bits */
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_num.h b/lib/gnutls_num.h
index 9e4530c4c7..13d33ba9d7 100644
--- a/lib/gnutls_num.h
+++ b/lib/gnutls_num.h
@@ -28,150 +28,138 @@
#include <minmax.h>
#include <byteswap.h>
-int _gnutls_uint64pp (uint64 *);
-int _gnutls_uint48pp (uint64 *);
+int _gnutls_uint64pp(uint64 *);
+int _gnutls_uint48pp(uint64 *);
-# define UINT64DATA(x) ((x).i)
+#define UINT64DATA(x) ((x).i)
-inline static uint32_t
-_gnutls_uint24touint32 (uint24 num)
+inline static uint32_t _gnutls_uint24touint32(uint24 num)
{
- uint32_t ret = 0;
+ uint32_t ret = 0;
- ((uint8_t *) & ret)[1] = num.pint[0];
- ((uint8_t *) & ret)[2] = num.pint[1];
- ((uint8_t *) & ret)[3] = num.pint[2];
- return ret;
+ ((uint8_t *) & ret)[1] = num.pint[0];
+ ((uint8_t *) & ret)[2] = num.pint[1];
+ ((uint8_t *) & ret)[3] = num.pint[2];
+ return ret;
}
-inline static uint24
-_gnutls_uint32touint24 (uint32_t num)
+inline static uint24 _gnutls_uint32touint24(uint32_t num)
{
- uint24 ret;
+ uint24 ret;
- ret.pint[0] = ((uint8_t *) & num)[1];
- ret.pint[1] = ((uint8_t *) & num)[2];
- ret.pint[2] = ((uint8_t *) & num)[3];
- return ret;
+ ret.pint[0] = ((uint8_t *) & num)[1];
+ ret.pint[1] = ((uint8_t *) & num)[2];
+ ret.pint[2] = ((uint8_t *) & num)[3];
+ return ret;
}
/* data should be at least 3 bytes */
-inline static uint32_t
-_gnutls_read_uint24 (const uint8_t * data)
+inline static uint32_t _gnutls_read_uint24(const uint8_t * data)
{
- uint32_t res;
- uint24 num;
+ uint32_t res;
+ uint24 num;
- num.pint[0] = data[0];
- num.pint[1] = data[1];
- num.pint[2] = data[2];
+ num.pint[0] = data[0];
+ num.pint[1] = data[1];
+ num.pint[2] = data[2];
- res = _gnutls_uint24touint32 (num);
+ res = _gnutls_uint24touint32(num);
#ifndef WORDS_BIGENDIAN
- res = bswap_32 (res);
+ res = bswap_32(res);
#endif
- return res;
+ return res;
}
-inline static void
-_gnutls_write_uint64 (uint64_t num, uint8_t * data)
+inline static void _gnutls_write_uint64(uint64_t num, uint8_t * data)
{
#ifndef WORDS_BIGENDIAN
- num = bswap_64 (num);
+ num = bswap_64(num);
#endif
- memcpy(data, &num, 8);
+ memcpy(data, &num, 8);
}
-inline static void
-_gnutls_write_uint24 (uint32_t num, uint8_t * data)
+inline static void _gnutls_write_uint24(uint32_t num, uint8_t * data)
{
- uint24 tmp;
+ uint24 tmp;
#ifndef WORDS_BIGENDIAN
- num = bswap_32 (num);
+ num = bswap_32(num);
#endif
- tmp = _gnutls_uint32touint24 (num);
+ tmp = _gnutls_uint32touint24(num);
- data[0] = tmp.pint[0];
- data[1] = tmp.pint[1];
- data[2] = tmp.pint[2];
+ data[0] = tmp.pint[0];
+ data[1] = tmp.pint[1];
+ data[2] = tmp.pint[2];
}
-inline static uint32_t
-_gnutls_read_uint32 (const uint8_t * data)
+inline static uint32_t _gnutls_read_uint32(const uint8_t * data)
{
- uint32_t res;
+ uint32_t res;
- memcpy (&res, data, sizeof (uint32_t));
+ memcpy(&res, data, sizeof(uint32_t));
#ifndef WORDS_BIGENDIAN
- res = bswap_32 (res);
+ res = bswap_32(res);
#endif
- return res;
+ return res;
}
-inline static void
-_gnutls_write_uint32 (uint32_t num, uint8_t * data)
+inline static void _gnutls_write_uint32(uint32_t num, uint8_t * data)
{
#ifndef WORDS_BIGENDIAN
- num = bswap_32 (num);
+ num = bswap_32(num);
#endif
- memcpy (data, &num, sizeof (uint32_t));
+ memcpy(data, &num, sizeof(uint32_t));
}
-inline static uint16_t
-_gnutls_read_uint16 (const uint8_t * data)
+inline static uint16_t _gnutls_read_uint16(const uint8_t * data)
{
- uint16_t res;
- memcpy (&res, data, sizeof (uint16_t));
+ uint16_t res;
+ memcpy(&res, data, sizeof(uint16_t));
#ifndef WORDS_BIGENDIAN
- res = bswap_16 (res);
+ res = bswap_16(res);
#endif
- return res;
+ return res;
}
-inline static void
-_gnutls_write_uint16 (uint16_t num, uint8_t * data)
+inline static void _gnutls_write_uint16(uint16_t num, uint8_t * data)
{
#ifndef WORDS_BIGENDIAN
- num = bswap_16 (num);
+ num = bswap_16(num);
#endif
- memcpy (data, &num, sizeof (uint16_t));
+ memcpy(data, &num, sizeof(uint16_t));
}
-inline static uint32_t
-_gnutls_conv_uint32 (uint32_t data)
+inline static uint32_t _gnutls_conv_uint32(uint32_t data)
{
#ifndef WORDS_BIGENDIAN
- return bswap_32 (data);
+ return bswap_32(data);
#else
- return data;
+ return data;
#endif
}
-inline static uint16_t
-_gnutls_conv_uint16 (uint16_t data)
+inline static uint16_t _gnutls_conv_uint16(uint16_t data)
{
#ifndef WORDS_BIGENDIAN
- return bswap_16 (data);
+ return bswap_16(data);
#else
- return data;
+ return data;
#endif
}
-inline static uint32_t
-_gnutls_uint64touint32 (const uint64 * num)
+inline static uint32_t _gnutls_uint64touint32(const uint64 * num)
{
- uint32_t ret;
+ uint32_t ret;
- memcpy (&ret, &num->i[4], 4);
+ memcpy(&ret, &num->i[4], 4);
#ifndef WORDS_BIGENDIAN
- ret = bswap_32 (ret);
+ ret = bswap_32(ret);
#endif
- return ret;
+ return ret;
}
-#endif /* GNUTLS_NUM_H */
+#endif /* GNUTLS_NUM_H */
diff --git a/lib/gnutls_pcert.c b/lib/gnutls_pcert.c
index 433a7c6785..56c2d6fe2e 100644
--- a/lib/gnutls_pcert.c
+++ b/lib/gnutls_pcert.c
@@ -44,45 +44,44 @@
*
* Since: 3.0
**/
-int gnutls_pcert_import_x509 (gnutls_pcert_st* pcert,
- gnutls_x509_crt_t crt, unsigned int flags)
+int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
+ gnutls_x509_crt_t crt, unsigned int flags)
{
-int ret;
-
- memset(pcert, 0, sizeof(*pcert));
-
- pcert->type = GNUTLS_CRT_X509;
- pcert->cert.data = NULL;
-
- ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &pcert->cert);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = gnutls_pubkey_init(&pcert->pubkey);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_x509(pcert->pubkey, crt, 0);
- if (ret < 0)
- {
- gnutls_pubkey_deinit(pcert->pubkey);
- pcert->pubkey = NULL;
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum(&pcert->cert);
-
- return ret;
+ int ret;
+
+ memset(pcert, 0, sizeof(*pcert));
+
+ pcert->type = GNUTLS_CRT_X509;
+ pcert->cert.data = NULL;
+
+ ret =
+ gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER,
+ &pcert->cert);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_init(&pcert->pubkey);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_x509(pcert->pubkey, crt, 0);
+ if (ret < 0) {
+ gnutls_pubkey_deinit(pcert->pubkey);
+ pcert->pubkey = NULL;
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&pcert->cert);
+
+ return ret;
}
/**
@@ -105,50 +104,50 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_pcert_list_import_x509_raw (gnutls_pcert_st * pcerts,
- unsigned int *pcert_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts,
+ unsigned int *pcert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
{
-int ret;
-unsigned int i = 0, j;
-gnutls_x509_crt_t *crt;
-
- crt = gnutls_malloc((*pcert_max) * sizeof(gnutls_x509_crt_t));
-
- if (crt == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = gnutls_x509_crt_list_import( crt, pcert_max, data, format, flags);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- for (i=0;i<*pcert_max;i++)
- {
- ret = gnutls_pcert_import_x509(&pcerts[i], crt[i], flags);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup_pcert;
- }
- }
-
- ret = 0;
- goto cleanup;
-
-cleanup_pcert:
- for (j=0;j<i;j++)
- gnutls_pcert_deinit(&pcerts[j]);
-
-cleanup:
- for (i=0;i<*pcert_max;i++)
- gnutls_x509_crt_deinit(crt[i]);
-
- gnutls_free(crt);
- return ret;
+ int ret;
+ unsigned int i = 0, j;
+ gnutls_x509_crt_t *crt;
+
+ crt = gnutls_malloc((*pcert_max) * sizeof(gnutls_x509_crt_t));
+
+ if (crt == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret =
+ gnutls_x509_crt_list_import(crt, pcert_max, data, format,
+ flags);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ for (i = 0; i < *pcert_max; i++) {
+ ret = gnutls_pcert_import_x509(&pcerts[i], crt[i], flags);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup_pcert;
+ }
+ }
+
+ ret = 0;
+ goto cleanup;
+
+ cleanup_pcert:
+ for (j = 0; j < i; j++)
+ gnutls_pcert_deinit(&pcerts[j]);
+
+ cleanup:
+ for (i = 0; i < *pcert_max; i++)
+ gnutls_x509_crt_deinit(crt[i]);
+
+ gnutls_free(crt);
+ return ret;
}
@@ -168,39 +167,38 @@ cleanup:
*
* Since: 3.0
**/
-int gnutls_pcert_import_x509_raw (gnutls_pcert_st *pcert,
- const gnutls_datum_t* cert,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert,
+ const gnutls_datum_t * cert,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
{
-int ret;
-gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_x509_crt_t crt;
- memset(pcert, 0, sizeof(*pcert));
+ memset(pcert, 0, sizeof(*pcert));
- ret = gnutls_x509_crt_init(&crt);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = gnutls_x509_crt_import(crt, cert, format);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
+ ret = gnutls_x509_crt_import(crt, cert, format);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
- ret = gnutls_pcert_import_x509(pcert, crt, flags);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
+ ret = gnutls_pcert_import_x509(pcert, crt, flags);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
- ret = 0;
+ ret = 0;
-cleanup:
- gnutls_x509_crt_deinit(crt);
+ cleanup:
+ gnutls_x509_crt_deinit(crt);
- return ret;
+ return ret;
}
#ifdef ENABLE_OPENPGP
@@ -220,62 +218,62 @@ cleanup:
*
* Since: 3.0
**/
-int gnutls_pcert_import_openpgp (gnutls_pcert_st* pcert,
- gnutls_openpgp_crt_t crt, unsigned int flags)
+int gnutls_pcert_import_openpgp(gnutls_pcert_st * pcert,
+ gnutls_openpgp_crt_t crt,
+ unsigned int flags)
{
-int ret;
-size_t sz;
-
- memset(pcert, 0, sizeof(*pcert));
-
- pcert->type = GNUTLS_CRT_OPENPGP;
- pcert->cert.data = NULL;
-
- sz = 0;
- ret = gnutls_openpgp_crt_export(crt, GNUTLS_OPENPGP_FMT_RAW, NULL, &sz);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- pcert->cert.data = gnutls_malloc(sz);
- if (pcert->cert.data == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- ret = gnutls_openpgp_crt_export(crt, GNUTLS_X509_FMT_DER, pcert->cert.data, &sz);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
- pcert->cert.size = sz;
-
- ret = gnutls_pubkey_init(&pcert->pubkey);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_openpgp(pcert->pubkey, crt, 0);
- if (ret < 0)
- {
- gnutls_pubkey_deinit(pcert->pubkey);
- pcert->pubkey = NULL;
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum(&pcert->cert);
-
- return ret;
+ int ret;
+ size_t sz;
+
+ memset(pcert, 0, sizeof(*pcert));
+
+ pcert->type = GNUTLS_CRT_OPENPGP;
+ pcert->cert.data = NULL;
+
+ sz = 0;
+ ret =
+ gnutls_openpgp_crt_export(crt, GNUTLS_OPENPGP_FMT_RAW, NULL,
+ &sz);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ pcert->cert.data = gnutls_malloc(sz);
+ if (pcert->cert.data == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_openpgp_crt_export(crt, GNUTLS_X509_FMT_DER,
+ pcert->cert.data, &sz);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+ pcert->cert.size = sz;
+
+ ret = gnutls_pubkey_init(&pcert->pubkey);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_openpgp(pcert->pubkey, crt, 0);
+ if (ret < 0) {
+ gnutls_pubkey_deinit(pcert->pubkey);
+ pcert->pubkey = NULL;
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&pcert->cert);
+
+ return ret;
}
/**
@@ -295,49 +293,46 @@ cleanup:
*
* Since: 3.0
**/
-int gnutls_pcert_import_openpgp_raw (gnutls_pcert_st *pcert,
- const gnutls_datum_t* cert,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flags)
+int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert,
+ const gnutls_datum_t * cert,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flags)
{
-int ret;
-gnutls_openpgp_crt_t crt;
-
- memset(pcert, 0, sizeof(*pcert));
-
- pcert->cert.data = NULL;
-
- ret = gnutls_openpgp_crt_init(&crt);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_openpgp_crt_import(crt, cert, format);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = gnutls_openpgp_crt_set_preferred_key_id(crt, keyid);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- ret = gnutls_pcert_import_openpgp(pcert, crt, flags);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
- ret = 0;
-
-cleanup:
- gnutls_openpgp_crt_deinit(crt);
-
- return ret;
+ int ret;
+ gnutls_openpgp_crt_t crt;
+
+ memset(pcert, 0, sizeof(*pcert));
+
+ pcert->cert.data = NULL;
+
+ ret = gnutls_openpgp_crt_init(&crt);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_openpgp_crt_import(crt, cert, format);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = gnutls_openpgp_crt_set_preferred_key_id(crt, keyid);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ ret = gnutls_pcert_import_openpgp(pcert, crt, flags);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+ ret = 0;
+
+ cleanup:
+ gnutls_openpgp_crt_deinit(crt);
+
+ return ret;
}
#endif
@@ -350,36 +345,41 @@ cleanup:
*
* Since: 3.0
**/
-void
-gnutls_pcert_deinit (gnutls_pcert_st *pcert)
+void gnutls_pcert_deinit(gnutls_pcert_st * pcert)
{
- gnutls_pubkey_deinit(pcert->pubkey);
- pcert->pubkey = NULL;
- _gnutls_free_datum(&pcert->cert);
+ gnutls_pubkey_deinit(pcert->pubkey);
+ pcert->pubkey = NULL;
+ _gnutls_free_datum(&pcert->cert);
}
/* Converts the first certificate for the cert_auth_info structure
* to a pcert.
*/
int
-_gnutls_get_auth_info_pcert (gnutls_pcert_st* pcert,
- gnutls_certificate_type_t type,
- cert_auth_info_t info)
+_gnutls_get_auth_info_pcert(gnutls_pcert_st * pcert,
+ gnutls_certificate_type_t type,
+ cert_auth_info_t info)
{
- switch (type)
- {
- case GNUTLS_CRT_X509:
- return gnutls_pcert_import_x509_raw(pcert, &info->raw_certificate_list[0],
- GNUTLS_X509_FMT_DER, GNUTLS_PCERT_NO_CERT);
+ switch (type) {
+ case GNUTLS_CRT_X509:
+ return gnutls_pcert_import_x509_raw(pcert,
+ &info->
+ raw_certificate_list
+ [0],
+ GNUTLS_X509_FMT_DER,
+ GNUTLS_PCERT_NO_CERT);
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- return gnutls_pcert_import_openpgp_raw(pcert,
- &info->raw_certificate_list[0],
- GNUTLS_OPENPGP_FMT_RAW,
- info->subkey_id, GNUTLS_PCERT_NO_CERT);
+ case GNUTLS_CRT_OPENPGP:
+ return gnutls_pcert_import_openpgp_raw(pcert,
+ &info->
+ raw_certificate_list
+ [0],
+ GNUTLS_OPENPGP_FMT_RAW,
+ info->subkey_id,
+ GNUTLS_PCERT_NO_CERT);
#endif
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 8675c40cca..07fa28f186 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -39,207 +39,191 @@
/* encodes the Dss-Sig-Value structure
*/
int
-_gnutls_encode_ber_rs_raw (gnutls_datum_t * sig_value,
- const gnutls_datum_t *r,
- const gnutls_datum_t *s)
+_gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value,
+ const gnutls_datum_t * r,
+ const gnutls_datum_t * s)
{
- ASN1_TYPE sig;
- int result;
-
- if ((result =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value( sig, "r", r->data, r->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return _gnutls_asn2err(result);
- }
-
- result = asn1_write_value( sig, "s", s->data, s->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_x509_der_encode (sig, "", sig_value, 0);
- asn1_delete_structure (&sig);
-
- if (result < 0)
- return gnutls_assert_val(result);
-
- return 0;
+ ASN1_TYPE sig;
+ int result;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(sig, "r", r->data, r->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(sig, "s", s->data, s->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(sig, "", sig_value, 0);
+ asn1_delete_structure(&sig);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ return 0;
}
int
-_gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s)
+_gnutls_encode_ber_rs(gnutls_datum_t * sig_value, bigint_t r, bigint_t s)
{
- ASN1_TYPE sig;
- int result;
-
- if ((result =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_int (sig, "r", r, 1);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return result;
- }
-
- result = _gnutls_x509_write_int (sig, "s", s, 1);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return result;
- }
-
- result = _gnutls_x509_der_encode (sig, "", sig_value, 0);
- asn1_delete_structure (&sig);
-
- if (result < 0)
- return gnutls_assert_val(result);
-
- return 0;
+ ASN1_TYPE sig;
+ int result;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_int(sig, "r", r, 1);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return result;
+ }
+
+ result = _gnutls_x509_write_int(sig, "s", s, 1);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(sig, "", sig_value, 0);
+ asn1_delete_structure(&sig);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ return 0;
}
/* decodes the Dss-Sig-Value structure
*/
int
-_gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r,
- bigint_t * s)
+_gnutls_decode_ber_rs(const gnutls_datum_t * sig_value, bigint_t * r,
+ bigint_t * s)
{
- ASN1_TYPE sig;
- int result;
-
- if ((result =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&sig, sig_value->data, sig_value->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_read_int (sig, "r", r);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&sig);
- return result;
- }
-
- result = _gnutls_x509_read_int (sig, "s", s);
- if (result < 0)
- {
- gnutls_assert ();
- _gnutls_mpi_release (s);
- asn1_delete_structure (&sig);
- return result;
- }
-
- asn1_delete_structure (&sig);
-
- return 0;
+ ASN1_TYPE sig;
+ int result;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&sig, sig_value->data, sig_value->size,
+ NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_read_int(sig, "r", r);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return result;
+ }
+
+ result = _gnutls_x509_read_int(sig, "s", s);
+ if (result < 0) {
+ gnutls_assert();
+ _gnutls_mpi_release(s);
+ asn1_delete_structure(&sig);
+ return result;
+ }
+
+ asn1_delete_structure(&sig);
+
+ return 0;
}
/* some generic pk functions */
-int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, const gnutls_pk_params_st * src)
+int _gnutls_pk_params_copy(gnutls_pk_params_st * dst,
+ const gnutls_pk_params_st * src)
{
- unsigned int i, j;
- dst->params_nr = 0;
-
- if (src == NULL || src->params_nr == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- for (i = 0; i < src->params_nr; i++)
- {
- dst->params[i] = _gnutls_mpi_set (NULL, src->params[i]);
- if (dst->params[i] == NULL)
- {
- for (j = 0; j < i; j++)
- _gnutls_mpi_release (&dst->params[j]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- dst->params_nr++;
- }
-
- return 0;
+ unsigned int i, j;
+ dst->params_nr = 0;
+
+ if (src == NULL || src->params_nr == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (i = 0; i < src->params_nr; i++) {
+ dst->params[i] = _gnutls_mpi_set(NULL, src->params[i]);
+ if (dst->params[i] == NULL) {
+ for (j = 0; j < i; j++)
+ _gnutls_mpi_release(&dst->params[j]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ dst->params_nr++;
+ }
+
+ return 0;
}
-void
-gnutls_pk_params_init (gnutls_pk_params_st * p)
+void gnutls_pk_params_init(gnutls_pk_params_st * p)
{
- memset (p, 0, sizeof (gnutls_pk_params_st));
+ memset(p, 0, sizeof(gnutls_pk_params_st));
}
-void
-gnutls_pk_params_release (gnutls_pk_params_st * p)
+void gnutls_pk_params_release(gnutls_pk_params_st * p)
{
- unsigned int i;
- for (i = 0; i < p->params_nr; i++)
- {
- _gnutls_mpi_release (&p->params[i]);
- }
- p->params_nr = 0;
+ unsigned int i;
+ for (i = 0; i < p->params_nr; i++) {
+ _gnutls_mpi_release(&p->params[i]);
+ }
+ p->params_nr = 0;
}
-void
-gnutls_pk_params_clear (gnutls_pk_params_st * p)
+void gnutls_pk_params_clear(gnutls_pk_params_st * p)
{
- unsigned int i;
- for (i = 0; i < p->params_nr; i++)
- {
- if (p->params[i] != NULL) _gnutls_mpi_clear (p->params[i]);
- }
+ unsigned int i;
+ for (i = 0; i < p->params_nr; i++) {
+ if (p->params[i] != NULL)
+ _gnutls_mpi_clear(p->params[i]);
+ }
}
int
-_gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk,
- gnutls_pk_params_st* params,
- gnutls_digest_algorithm_t * dig,
- unsigned int *mand)
+_gnutls_pk_get_hash_algorithm(gnutls_pk_algorithm_t pk,
+ gnutls_pk_params_st * params,
+ gnutls_digest_algorithm_t * dig,
+ unsigned int *mand)
{
- if (mand)
- {
- if (pk == GNUTLS_PK_DSA)
- *mand = 1;
- else
- *mand = 0;
- }
+ if (mand) {
+ if (pk == GNUTLS_PK_DSA)
+ *mand = 1;
+ else
+ *mand = 0;
+ }
- return _gnutls_x509_verify_algorithm (dig,
- NULL, pk, params);
+ return _gnutls_x509_verify_algorithm(dig, NULL, pk, params);
}
@@ -247,87 +231,84 @@ _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk,
* structure. The digest info is allocated and stored into the info structure.
*/
int
-encode_ber_digest_info (const mac_entry_st* e,
- const gnutls_datum_t * digest,
- gnutls_datum_t * output)
+encode_ber_digest_info(const mac_entry_st * e,
+ const gnutls_datum_t * digest,
+ gnutls_datum_t * output)
{
- ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
- int result;
- const char *algo;
- uint8_t *tmp_output;
- int tmp_output_size;
-
- algo = _gnutls_x509_mac_to_oid (e);
- if (algo == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Hash algorithm: %d has no OID\n", e->id);
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DigestInfo",
- &dinfo)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (dinfo, "digestAlgorithm.algorithm", algo, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- /* Write an ASN.1 NULL in the parameters field. This matches RFC
- 3279 and RFC 4055, although is arguable incorrect from a historic
- perspective (see those documents for more information).
- Regardless of what is correct, this appears to be what most
- implementations do. */
- result = asn1_write_value (dinfo, "digestAlgorithm.parameters",
- ASN1_NULL, ASN1_NULL_SIZE);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (dinfo, "digest", digest->data, digest->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- tmp_output_size = 0;
- asn1_der_coding (dinfo, "", NULL, &tmp_output_size, NULL);
-
- tmp_output = gnutls_malloc (tmp_output_size);
- if (tmp_output == NULL)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_der_coding (dinfo, "", tmp_output, &tmp_output_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- asn1_delete_structure (&dinfo);
-
- output->size = tmp_output_size;
- output->data = tmp_output;
-
- return 0;
+ ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
+ int result;
+ const char *algo;
+ uint8_t *tmp_output;
+ int tmp_output_size;
+
+ algo = _gnutls_x509_mac_to_oid(e);
+ if (algo == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("Hash algorithm: %d has no OID\n",
+ e->id);
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DigestInfo",
+ &dinfo)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_write_value(dinfo, "digestAlgorithm.algorithm", algo, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Write an ASN.1 NULL in the parameters field. This matches RFC
+ 3279 and RFC 4055, although is arguable incorrect from a historic
+ perspective (see those documents for more information).
+ Regardless of what is correct, this appears to be what most
+ implementations do. */
+ result = asn1_write_value(dinfo, "digestAlgorithm.parameters",
+ ASN1_NULL, ASN1_NULL_SIZE);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_write_value(dinfo, "digest", digest->data, digest->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ tmp_output_size = 0;
+ asn1_der_coding(dinfo, "", NULL, &tmp_output_size, NULL);
+
+ tmp_output = gnutls_malloc(tmp_output_size);
+ if (tmp_output == NULL) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ asn1_der_coding(dinfo, "", tmp_output, &tmp_output_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ asn1_delete_structure(&dinfo);
+
+ output->size = tmp_output_size;
+ output->data = tmp_output;
+
+ return 0;
}
/* Reads the digest information.
@@ -335,79 +316,75 @@ encode_ber_digest_info (const mac_entry_st* e,
* anyway.
*/
int
-decode_ber_digest_info (const gnutls_datum_t * info,
- gnutls_digest_algorithm_t * hash,
- uint8_t * digest, unsigned int *digest_size)
+decode_ber_digest_info(const gnutls_datum_t * info,
+ gnutls_digest_algorithm_t * hash,
+ uint8_t * digest, unsigned int *digest_size)
{
- ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
- int result;
- char str[1024];
- int len;
-
- if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DigestInfo",
- &dinfo)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&dinfo, info->data, info->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- len = sizeof (str) - 1;
- result = asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- *hash = _gnutls_x509_oid_to_digest (str);
-
- if (*hash == GNUTLS_DIG_UNKNOWN)
- {
-
- _gnutls_debug_log ("verify.c: HASH OID: %s\n", str);
-
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return GNUTLS_E_UNKNOWN_ALGORITHM;
- }
-
- len = sizeof (str) - 1;
- result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
- /* To avoid permitting garbage in the parameters field, either the
- parameters field is not present, or it contains 0x05 0x00. */
- if (!(result == ASN1_ELEMENT_NOT_FOUND ||
- (result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
- memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0)))
- {
- gnutls_assert ();
- asn1_delete_structure (&dinfo);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- len = *digest_size;
- result = asn1_read_value (dinfo, "digest", digest, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- *digest_size = len;
- asn1_delete_structure (&dinfo);
- return _gnutls_asn2err (result);
- }
-
- *digest_size = len;
- asn1_delete_structure (&dinfo);
-
- return 0;
+ ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
+ int result;
+ char str[1024];
+ int len;
+
+ if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DigestInfo",
+ &dinfo)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&dinfo, info->data, info->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ len = sizeof(str) - 1;
+ result =
+ asn1_read_value(dinfo, "digestAlgorithm.algorithm", str, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ *hash = _gnutls_x509_oid_to_digest(str);
+
+ if (*hash == GNUTLS_DIG_UNKNOWN) {
+
+ _gnutls_debug_log("verify.c: HASH OID: %s\n", str);
+
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return GNUTLS_E_UNKNOWN_ALGORITHM;
+ }
+
+ len = sizeof(str) - 1;
+ result =
+ asn1_read_value(dinfo, "digestAlgorithm.parameters", str,
+ &len);
+ /* To avoid permitting garbage in the parameters field, either the
+ parameters field is not present, or it contains 0x05 0x00. */
+ if (!(result == ASN1_ELEMENT_NOT_FOUND ||
+ (result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
+ memcmp(str, ASN1_NULL, ASN1_NULL_SIZE) == 0))) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ len = *digest_size;
+ result = asn1_read_value(dinfo, "digest", digest, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ *digest_size = len;
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ *digest_size = len;
+ asn1_delete_structure(&dinfo);
+
+ return 0;
}
-
diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h
index 7eab664a23..22ff54a08d 100644
--- a/lib/gnutls_pk.h
+++ b/lib/gnutls_pk.h
@@ -36,41 +36,44 @@ extern gnutls_crypto_pk_st _gnutls_pk_ops;
#define _gnutls_pk_hash_algorithm( pk, sig, params, hash) _gnutls_pk_ops.hash_algorithm(pk, sig, params, hash)
inline static int
-_gnutls_pk_fixup (gnutls_pk_algorithm_t algo, gnutls_direction_t direction,
- gnutls_pk_params_st * params)
+_gnutls_pk_fixup(gnutls_pk_algorithm_t algo, gnutls_direction_t direction,
+ gnutls_pk_params_st * params)
{
- if (_gnutls_pk_ops.pk_fixup_private_params)
- return _gnutls_pk_ops.pk_fixup_private_params (algo, direction, params);
- return 0;
+ if (_gnutls_pk_ops.pk_fixup_private_params)
+ return _gnutls_pk_ops.pk_fixup_private_params(algo,
+ direction,
+ params);
+ return 0;
}
-int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, const gnutls_pk_params_st * src);
+int _gnutls_pk_params_copy(gnutls_pk_params_st * dst,
+ const gnutls_pk_params_st * src);
/* The internal PK interface */
int
-_gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s);
+_gnutls_encode_ber_rs(gnutls_datum_t * sig_value, bigint_t r, bigint_t s);
int
-_gnutls_encode_ber_rs_raw (gnutls_datum_t * sig_value,
- const gnutls_datum_t *r,
- const gnutls_datum_t *s);
+_gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value,
+ const gnutls_datum_t * r,
+ const gnutls_datum_t * s);
int
-_gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r,
- bigint_t * s);
+_gnutls_decode_ber_rs(const gnutls_datum_t * sig_value, bigint_t * r,
+ bigint_t * s);
int
-encode_ber_digest_info (const mac_entry_st* e,
- const gnutls_datum_t * digest,
- gnutls_datum_t * output);
+encode_ber_digest_info(const mac_entry_st * e,
+ const gnutls_datum_t * digest,
+ gnutls_datum_t * output);
int
-decode_ber_digest_info (const gnutls_datum_t * info,
- gnutls_digest_algorithm_t * hash,
- uint8_t * digest, unsigned int *digest_size);
+decode_ber_digest_info(const gnutls_datum_t * info,
+ gnutls_digest_algorithm_t * hash,
+ uint8_t * digest, unsigned int *digest_size);
-int _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk,
- gnutls_pk_params_st*,
- gnutls_digest_algorithm_t * dig,
- unsigned int *mand);
+int _gnutls_pk_get_hash_algorithm(gnutls_pk_algorithm_t pk,
+ gnutls_pk_params_st *,
+ gnutls_digest_algorithm_t * dig,
+ unsigned int *mand);
-#endif /* GNUTLS_PK_H */
+#endif /* GNUTLS_PK_H */
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 8b9effff3d..7745a96918 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -29,9 +29,9 @@
#include <gnutls_num.h>
static void
-break_comma_list (char *etag,
- char **broken_etag, int *elements, int max_elements,
- char sep);
+break_comma_list(char *etag,
+ char **broken_etag, int *elements, int max_elements,
+ char sep);
/**
* gnutls_cipher_set_priority:
@@ -46,82 +46,71 @@ break_comma_list (char *etag,
*
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
-int
-gnutls_cipher_set_priority (gnutls_session_t session, const int *list)
+int gnutls_cipher_set_priority(gnutls_session_t session, const int *list)
{
- int num = 0, i;
+ int num = 0, i;
- while (list[num] != 0)
- num++;
- if (num > MAX_ALGOS)
- num = MAX_ALGOS;
- session->internals.priorities.cipher.algorithms = num;
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ session->internals.priorities.cipher.algorithms = num;
- for (i = 0; i < num; i++)
- {
- session->internals.priorities.cipher.priority[i] = list[i];
- }
+ for (i = 0; i < num; i++) {
+ session->internals.priorities.cipher.priority[i] = list[i];
+ }
- return 0;
+ return 0;
}
typedef void (bulk_rmadd_func) (priority_st * priority_list, const int *);
-inline static void
-_set_priority (priority_st * st, const int *list)
+inline static void _set_priority(priority_st * st, const int *list)
{
- int num = 0, i;
+ int num = 0, i;
- while (list[num] != 0)
- num++;
- if (num > MAX_ALGOS)
- num = MAX_ALGOS;
- st->algorithms = num;
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ st->algorithms = num;
- for (i = 0; i < num; i++)
- {
- st->priority[i] = list[i];
- }
+ for (i = 0; i < num; i++) {
+ st->priority[i] = list[i];
+ }
- return;
+ return;
}
-inline static void
-_add_priority (priority_st * st, const int *list)
+inline static void _add_priority(priority_st * st, const int *list)
{
- int num, i, j, init;
-
- init = i = st->algorithms;
-
- for (num=0;list[num]!=0;++num)
- {
- if (i+1 > MAX_ALGOS)
- {
- return;
- }
-
- for (j=0;j<init;j++)
- {
- if (st->priority[j] == (unsigned)list[num])
- {
- break;
- }
- }
-
- if (j == init)
- {
- st->priority[i++] = list[num];
- st->algorithms++;
- }
- }
-
- return;
+ int num, i, j, init;
+
+ init = i = st->algorithms;
+
+ for (num = 0; list[num] != 0; ++num) {
+ if (i + 1 > MAX_ALGOS) {
+ return;
+ }
+
+ for (j = 0; j < init; j++) {
+ if (st->priority[j] == (unsigned) list[num]) {
+ break;
+ }
+ }
+
+ if (j == init) {
+ st->priority[i++] = list[num];
+ st->algorithms++;
+ }
+ }
+
+ return;
}
-static void
-_clear_priorities (priority_st * st, const int *list)
+static void _clear_priorities(priority_st * st, const int *list)
{
- memset(st, 0, sizeof(*st));
+ memset(st, 0, sizeof(*st));
}
/**
@@ -138,11 +127,10 @@ _clear_priorities (priority_st * st, const int *list)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_kx_set_priority (gnutls_session_t session, const int *list)
+int gnutls_kx_set_priority(gnutls_session_t session, const int *list)
{
- _set_priority (&session->internals.priorities.kx, list);
- return 0;
+ _set_priority(&session->internals.priorities.kx, list);
+ return 0;
}
/**
@@ -159,11 +147,10 @@ gnutls_kx_set_priority (gnutls_session_t session, const int *list)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_mac_set_priority (gnutls_session_t session, const int *list)
+int gnutls_mac_set_priority(gnutls_session_t session, const int *list)
{
- _set_priority (&session->internals.priorities.mac, list);
- return 0;
+ _set_priority(&session->internals.priorities.mac, list);
+ return 0;
}
/**
@@ -185,10 +172,10 @@ gnutls_mac_set_priority (gnutls_session_t session, const int *list)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_compression_set_priority (gnutls_session_t session, const int *list)
+gnutls_compression_set_priority(gnutls_session_t session, const int *list)
{
- _set_priority (&session->internals.priorities.compression, list);
- return 0;
+ _set_priority(&session->internals.priorities.compression, list);
+ return 0;
}
/**
@@ -202,18 +189,17 @@ gnutls_compression_set_priority (gnutls_session_t session, const int *list)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_protocol_set_priority (gnutls_session_t session, const int *list)
+int gnutls_protocol_set_priority(gnutls_session_t session, const int *list)
{
- _set_priority (&session->internals.priorities.protocol, list);
+ _set_priority(&session->internals.priorities.protocol, list);
- /* set the current version to the first in the chain.
- * This will be overridden later.
- */
- if (list)
- _gnutls_set_current_version (session, list[0]);
+ /* set the current version to the first in the chain.
+ * This will be overridden later.
+ */
+ if (list)
+ _gnutls_set_current_version(session, list[0]);
- return 0;
+ return 0;
}
/**
@@ -231,331 +217,332 @@ gnutls_protocol_set_priority (gnutls_session_t session, const int *list)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_certificate_type_set_priority (gnutls_session_t session,
- const int *list)
+gnutls_certificate_type_set_priority(gnutls_session_t session,
+ const int *list)
{
#ifdef ENABLE_OPENPGP
- _set_priority (&session->internals.priorities.cert_type, list);
- return 0;
+ _set_priority(&session->internals.priorities.cert_type, list);
+ return 0;
#else
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
#endif
}
static const int supported_ecc_normal[] = {
- GNUTLS_ECC_CURVE_SECP192R1,
- GNUTLS_ECC_CURVE_SECP224R1,
- GNUTLS_ECC_CURVE_SECP256R1,
- GNUTLS_ECC_CURVE_SECP384R1,
- GNUTLS_ECC_CURVE_SECP521R1,
- 0
+ GNUTLS_ECC_CURVE_SECP192R1,
+ GNUTLS_ECC_CURVE_SECP224R1,
+ GNUTLS_ECC_CURVE_SECP256R1,
+ GNUTLS_ECC_CURVE_SECP384R1,
+ GNUTLS_ECC_CURVE_SECP521R1,
+ 0
};
static const int supported_ecc_secure128[] = {
- GNUTLS_ECC_CURVE_SECP256R1,
- GNUTLS_ECC_CURVE_SECP384R1,
- GNUTLS_ECC_CURVE_SECP521R1,
- 0
+ GNUTLS_ECC_CURVE_SECP256R1,
+ GNUTLS_ECC_CURVE_SECP384R1,
+ GNUTLS_ECC_CURVE_SECP521R1,
+ 0
};
static const int supported_ecc_suiteb128[] = {
- GNUTLS_ECC_CURVE_SECP256R1,
- GNUTLS_ECC_CURVE_SECP384R1,
- 0
+ GNUTLS_ECC_CURVE_SECP256R1,
+ GNUTLS_ECC_CURVE_SECP384R1,
+ 0
};
static const int supported_ecc_suiteb192[] = {
- GNUTLS_ECC_CURVE_SECP384R1,
- 0
+ GNUTLS_ECC_CURVE_SECP384R1,
+ 0
};
static const int supported_ecc_secure192[] = {
- GNUTLS_ECC_CURVE_SECP384R1,
- GNUTLS_ECC_CURVE_SECP521R1,
- 0
+ GNUTLS_ECC_CURVE_SECP384R1,
+ GNUTLS_ECC_CURVE_SECP521R1,
+ 0
};
static const int protocol_priority[] = {
- GNUTLS_TLS1_2,
- GNUTLS_TLS1_1,
- GNUTLS_TLS1_0,
- GNUTLS_SSL3,
- GNUTLS_DTLS1_2,
- GNUTLS_DTLS1_0,
- 0
+ GNUTLS_TLS1_2,
+ GNUTLS_TLS1_1,
+ GNUTLS_TLS1_0,
+ GNUTLS_SSL3,
+ GNUTLS_DTLS1_2,
+ GNUTLS_DTLS1_0,
+ 0
};
static const int dtls_protocol_priority[] = {
- GNUTLS_DTLS1_2,
- GNUTLS_DTLS1_0,
- 0
+ GNUTLS_DTLS1_2,
+ GNUTLS_DTLS1_0,
+ 0
};
static const int protocol_priority_suiteb[] = {
- GNUTLS_TLS1_2,
- 0
+ GNUTLS_TLS1_2,
+ 0
};
static const int kx_priority_performance[] = {
- GNUTLS_KX_RSA,
+ GNUTLS_KX_RSA,
#ifdef ENABLE_ECDHE
- GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_KX_ECDHE_RSA,
#endif
#ifdef ENABLE_DHE
- GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
#endif
- 0
+ 0
};
static const int kx_priority_pfs[] = {
#ifdef ENABLE_ECDHE
- GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_KX_ECDHE_RSA,
#endif
#ifdef ENABLE_DHE
- GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
#endif
- 0
+ 0
};
static const int kx_priority_suiteb[] = {
- GNUTLS_KX_ECDHE_ECDSA,
- 0
+ GNUTLS_KX_ECDHE_ECDSA,
+ 0
};
static const int kx_priority_secure[] = {
- /* The ciphersuites that offer forward secrecy take
- * precedence
- */
+ /* The ciphersuites that offer forward secrecy take
+ * precedence
+ */
#ifdef ENABLE_ECDHE
- GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_KX_ECDHE_RSA,
#endif
- GNUTLS_KX_RSA,
- /* KX-RSA is now ahead of DHE-RSA and DHE-DSS due to the compatibility
- * issues the DHE ciphersuites have. That is, one cannot enforce a specific
- * security level without dropping the connection.
- */
+ GNUTLS_KX_RSA,
+ /* KX-RSA is now ahead of DHE-RSA and DHE-DSS due to the compatibility
+ * issues the DHE ciphersuites have. That is, one cannot enforce a specific
+ * security level without dropping the connection.
+ */
#ifdef ENABLE_DHE
- GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
#endif
- /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
- */
- 0
+ /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
+ */
+ 0
};
/* If GCM and AES acceleration is available then prefer
* them over anything else.
*/
static const int cipher_priority_performance[] = {
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_CIPHER_AES_128_GCM,
- GNUTLS_CIPHER_AES_256_GCM,
- GNUTLS_CIPHER_CAMELLIA_128_GCM,
- GNUTLS_CIPHER_CAMELLIA_256_GCM,
- GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_CIPHER_3DES_CBC,
- 0
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_CIPHER_AES_128_GCM,
+ GNUTLS_CIPHER_AES_256_GCM,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM,
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_CIPHER_3DES_CBC,
+ 0
};
static const int cipher_priority_normal[] = {
- GNUTLS_CIPHER_AES_128_GCM,
- GNUTLS_CIPHER_AES_256_GCM,
- GNUTLS_CIPHER_CAMELLIA_128_GCM,
- GNUTLS_CIPHER_CAMELLIA_256_GCM,
- GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_ARCFOUR_128,
- 0
+ GNUTLS_CIPHER_AES_128_GCM,
+ GNUTLS_CIPHER_AES_256_GCM,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM,
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ 0
};
static const int cipher_priority_suiteb128[] = {
- GNUTLS_CIPHER_AES_128_GCM,
- GNUTLS_CIPHER_AES_256_GCM,
- 0
+ GNUTLS_CIPHER_AES_128_GCM,
+ GNUTLS_CIPHER_AES_256_GCM,
+ 0
};
static const int cipher_priority_suiteb192[] = {
- GNUTLS_CIPHER_AES_256_GCM,
- 0
+ GNUTLS_CIPHER_AES_256_GCM,
+ 0
};
static const int cipher_priority_secure128[] = {
- GNUTLS_CIPHER_AES_128_GCM,
- GNUTLS_CIPHER_CAMELLIA_128_GCM,
- GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_CIPHER_AES_256_GCM,
- GNUTLS_CIPHER_CAMELLIA_256_GCM,
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- 0
+ GNUTLS_CIPHER_AES_128_GCM,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM,
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_CIPHER_AES_256_GCM,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM,
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ 0
};
static const int cipher_priority_secure192[] = {
- GNUTLS_CIPHER_AES_256_GCM,
- GNUTLS_CIPHER_CAMELLIA_256_GCM,
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- 0
+ GNUTLS_CIPHER_AES_256_GCM,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM,
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ 0
};
static const int comp_priority[] = {
- /* compression should be explicitly requested to be enabled */
- GNUTLS_COMP_NULL,
- 0
+ /* compression should be explicitly requested to be enabled */
+ GNUTLS_COMP_NULL,
+ 0
};
static const int sign_priority_default[] = {
- GNUTLS_SIGN_RSA_SHA256,
- GNUTLS_SIGN_DSA_SHA256,
- GNUTLS_SIGN_ECDSA_SHA256,
+ GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_SIGN_DSA_SHA256,
+ GNUTLS_SIGN_ECDSA_SHA256,
- GNUTLS_SIGN_RSA_SHA384,
- GNUTLS_SIGN_ECDSA_SHA384,
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_ECDSA_SHA384,
- GNUTLS_SIGN_RSA_SHA512,
- GNUTLS_SIGN_ECDSA_SHA512,
+ GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_SIGN_ECDSA_SHA512,
- GNUTLS_SIGN_RSA_SHA224,
- GNUTLS_SIGN_DSA_SHA224,
- GNUTLS_SIGN_ECDSA_SHA224,
+ GNUTLS_SIGN_RSA_SHA224,
+ GNUTLS_SIGN_DSA_SHA224,
+ GNUTLS_SIGN_ECDSA_SHA224,
- GNUTLS_SIGN_RSA_SHA1,
- GNUTLS_SIGN_DSA_SHA1,
- GNUTLS_SIGN_ECDSA_SHA1,
- 0
+ GNUTLS_SIGN_RSA_SHA1,
+ GNUTLS_SIGN_DSA_SHA1,
+ GNUTLS_SIGN_ECDSA_SHA1,
+ 0
};
static const int sign_priority_suiteb128[] = {
- GNUTLS_SIGN_ECDSA_SHA256,
- GNUTLS_SIGN_ECDSA_SHA384,
- 0
+ GNUTLS_SIGN_ECDSA_SHA256,
+ GNUTLS_SIGN_ECDSA_SHA384,
+ 0
};
static const int sign_priority_suiteb192[] = {
- GNUTLS_SIGN_ECDSA_SHA384,
- 0
+ GNUTLS_SIGN_ECDSA_SHA384,
+ 0
};
static const int sign_priority_secure128[] = {
- GNUTLS_SIGN_RSA_SHA256,
- GNUTLS_SIGN_DSA_SHA256,
- GNUTLS_SIGN_ECDSA_SHA256,
- GNUTLS_SIGN_RSA_SHA384,
- GNUTLS_SIGN_ECDSA_SHA384,
- GNUTLS_SIGN_RSA_SHA512,
- GNUTLS_SIGN_ECDSA_SHA512,
- 0
+ GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_SIGN_DSA_SHA256,
+ GNUTLS_SIGN_ECDSA_SHA256,
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_ECDSA_SHA384,
+ GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_SIGN_ECDSA_SHA512,
+ 0
};
static const int sign_priority_secure192[] = {
- GNUTLS_SIGN_RSA_SHA384,
- GNUTLS_SIGN_ECDSA_SHA384,
- GNUTLS_SIGN_RSA_SHA512,
- GNUTLS_SIGN_ECDSA_SHA512,
- 0
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_ECDSA_SHA384,
+ GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_SIGN_ECDSA_SHA512,
+ 0
};
static const int mac_priority_normal[] = {
- GNUTLS_MAC_SHA1,
- GNUTLS_MAC_SHA256,
- GNUTLS_MAC_SHA384,
- GNUTLS_MAC_AEAD,
- GNUTLS_MAC_MD5,
- 0
+ GNUTLS_MAC_SHA1,
+ GNUTLS_MAC_SHA256,
+ GNUTLS_MAC_SHA384,
+ GNUTLS_MAC_AEAD,
+ GNUTLS_MAC_MD5,
+ 0
};
static const int mac_priority_suiteb128[] = {
- GNUTLS_MAC_AEAD,
- 0
+ GNUTLS_MAC_AEAD,
+ 0
};
static const int mac_priority_suiteb192[] = {
- GNUTLS_MAC_AEAD,
- 0
+ GNUTLS_MAC_AEAD,
+ 0
};
static const int mac_priority_secure128[] = {
- GNUTLS_MAC_SHA1,
- GNUTLS_MAC_SHA256,
- GNUTLS_MAC_SHA384,
- GNUTLS_MAC_AEAD,
- 0
+ GNUTLS_MAC_SHA1,
+ GNUTLS_MAC_SHA256,
+ GNUTLS_MAC_SHA384,
+ GNUTLS_MAC_AEAD,
+ 0
};
static const int mac_priority_secure192[] = {
- GNUTLS_MAC_SHA256,
- GNUTLS_MAC_SHA384,
- GNUTLS_MAC_AEAD,
- 0
+ GNUTLS_MAC_SHA256,
+ GNUTLS_MAC_SHA384,
+ GNUTLS_MAC_AEAD,
+ 0
};
static const int cert_type_priority_default[] = {
- GNUTLS_CRT_X509,
- 0
+ GNUTLS_CRT_X509,
+ 0
};
static const int cert_type_priority_all[] = {
- GNUTLS_CRT_X509,
- GNUTLS_CRT_OPENPGP,
- 0
+ GNUTLS_CRT_X509,
+ GNUTLS_CRT_OPENPGP,
+ 0
};
typedef void (rmadd_func) (priority_st * priority_list, unsigned int alg);
-static void
-prio_remove (priority_st * priority_list, unsigned int algo)
+static void prio_remove(priority_st * priority_list, unsigned int algo)
{
- unsigned int i;
-
- for (i=0;i<priority_list->algorithms;i++)
- {
- if (priority_list->priority[i] == algo)
- {
- priority_list->algorithms--;
- if ((priority_list->algorithms-i) > 0)
- memmove(&priority_list->priority[i], &priority_list->priority[i+1], (priority_list->algorithms-i)*sizeof(priority_list->priority[0]));
- priority_list->priority[priority_list->algorithms] = 0;
- break;
- }
- }
-
- return;
+ unsigned int i;
+
+ for (i = 0; i < priority_list->algorithms; i++) {
+ if (priority_list->priority[i] == algo) {
+ priority_list->algorithms--;
+ if ((priority_list->algorithms - i) > 0)
+ memmove(&priority_list->priority[i],
+ &priority_list->priority[i + 1],
+ (priority_list->algorithms -
+ i) *
+ sizeof(priority_list->
+ priority[0]));
+ priority_list->priority[priority_list->
+ algorithms] = 0;
+ break;
+ }
+ }
+
+ return;
}
-static void
-prio_add (priority_st * priority_list, unsigned int algo)
+static void prio_add(priority_st * priority_list, unsigned int algo)
{
- unsigned int i, l = priority_list->algorithms;
+ unsigned int i, l = priority_list->algorithms;
- if (l >= MAX_ALGOS)
- return; /* can't add it anyway */
+ if (l >= MAX_ALGOS)
+ return; /* can't add it anyway */
- for (i = 0; i < l; ++i)
- {
- if (algo == priority_list->priority[i])
- return; /* if it exists */
- }
+ for (i = 0; i < l; ++i) {
+ if (algo == priority_list->priority[i])
+ return; /* if it exists */
+ }
- priority_list->priority[l] = algo;
- priority_list->algorithms++;
+ priority_list->priority[l] = algo;
+ priority_list->algorithms++;
- return;
+ return;
}
@@ -570,33 +557,32 @@ prio_add (priority_st * priority_list, unsigned int algo)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority)
+gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
{
- if (priority == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CIPHER_SUITES;
- }
-
- memcpy (&session->internals.priorities, priority,
- sizeof (struct gnutls_priority_st));
-
- /* set the current version to the first in the chain.
- * This will be overridden later.
- */
- if (session->internals.priorities.protocol.algorithms > 0)
- _gnutls_set_current_version (session,
- session->internals.priorities.protocol.
- priority[0]);
-
- if (session->internals.priorities.protocol.algorithms == 0 ||
- session->internals.priorities.cipher.algorithms == 0 ||
- session->internals.priorities.mac.algorithms == 0 ||
- session->internals.priorities.kx.algorithms == 0 ||
- session->internals.priorities.compression.algorithms == 0)
- return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
-
- return 0;
+ if (priority == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CIPHER_SUITES;
+ }
+
+ memcpy(&session->internals.priorities, priority,
+ sizeof(struct gnutls_priority_st));
+
+ /* set the current version to the first in the chain.
+ * This will be overridden later.
+ */
+ if (session->internals.priorities.protocol.algorithms > 0)
+ _gnutls_set_current_version(session,
+ session->internals.priorities.
+ protocol.priority[0]);
+
+ if (session->internals.priorities.protocol.algorithms == 0 ||
+ session->internals.priorities.cipher.algorithms == 0 ||
+ session->internals.priorities.mac.algorithms == 0 ||
+ session->internals.priorities.kx.algorithms == 0 ||
+ session->internals.priorities.compression.algorithms == 0)
+ return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
+
+ return 0;
}
@@ -614,129 +600,108 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority)
#define LEVEL_EXPORT "EXPORT"
static
-int check_level(const char* level, gnutls_priority_t priority_cache, int add)
+int check_level(const char *level, gnutls_priority_t priority_cache,
+ int add)
{
-bulk_rmadd_func *func;
-
- if (add) func = _add_priority;
- else func = _set_priority;
-
- if (strcasecmp (level, LEVEL_PERFORMANCE) == 0)
- {
- func (&priority_cache->cipher,
- cipher_priority_performance);
- func (&priority_cache->kx, kx_priority_performance);
- func (&priority_cache->mac, mac_priority_normal);
- func (&priority_cache->sign_algo,
- sign_priority_default);
- func (&priority_cache->supported_ecc, supported_ecc_normal);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_NORMAL) == 0)
- {
- func (&priority_cache->cipher, cipher_priority_normal);
- func (&priority_cache->kx, kx_priority_secure);
- func (&priority_cache->mac, mac_priority_normal);
- func (&priority_cache->sign_algo,
- sign_priority_default);
- func (&priority_cache->supported_ecc, supported_ecc_normal);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_PFS) == 0)
- {
- func (&priority_cache->cipher, cipher_priority_normal);
- func (&priority_cache->kx, kx_priority_pfs);
- func (&priority_cache->mac, mac_priority_normal);
- func (&priority_cache->sign_algo,
- sign_priority_default);
- func (&priority_cache->supported_ecc, supported_ecc_normal);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_SECURE256) == 0
- || strcasecmp (level, LEVEL_SECURE192) == 0)
- {
- func (&priority_cache->cipher,
- cipher_priority_secure192);
- func (&priority_cache->kx, kx_priority_secure);
- func (&priority_cache->mac, mac_priority_secure192);
- func (&priority_cache->sign_algo,
- sign_priority_secure192);
- func (&priority_cache->supported_ecc, supported_ecc_secure192);
-
- /* be conservative for now. Set the bits to correspond to 96-bit level */
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_LEGACY;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_SECURE128) == 0
- || strcasecmp (level, "SECURE") == 0)
- {
- func (&priority_cache->cipher,
- cipher_priority_secure128);
- func (&priority_cache->kx, kx_priority_secure);
- func (&priority_cache->mac, mac_priority_secure128);
- func (&priority_cache->sign_algo,
- sign_priority_secure128);
- func (&priority_cache->supported_ecc, supported_ecc_secure128);
-
- /* be conservative for now. Set the bits to correspond to an 72-bit level */
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_WEAK;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_SUITEB128) == 0)
- {
- func (&priority_cache->protocol, protocol_priority_suiteb);
- func (&priority_cache->cipher,
- cipher_priority_suiteb128);
- func (&priority_cache->kx, kx_priority_suiteb);
- func (&priority_cache->mac, mac_priority_suiteb128);
- func (&priority_cache->sign_algo,
- sign_priority_suiteb128);
- func (&priority_cache->supported_ecc, supported_ecc_suiteb128);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_HIGH;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_SUITEB192) == 0)
- {
- func (&priority_cache->protocol, protocol_priority_suiteb);
- func (&priority_cache->cipher,
- cipher_priority_suiteb192);
- func (&priority_cache->kx, kx_priority_suiteb);
- func (&priority_cache->mac, mac_priority_suiteb192);
- func (&priority_cache->sign_algo,
- sign_priority_suiteb192);
- func (&priority_cache->supported_ecc, supported_ecc_suiteb192);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_ULTRA;
- return 1;
- }
- else if (strcasecmp (level, LEVEL_EXPORT) == 0)
- {
- func (&priority_cache->cipher, cipher_priority_performance);
- func (&priority_cache->kx, kx_priority_performance);
- func (&priority_cache->mac, mac_priority_secure128);
- func (&priority_cache->sign_algo,
- sign_priority_default);
- func (&priority_cache->supported_ecc, supported_ecc_normal);
-
- if (priority_cache->level == 0)
- priority_cache->level = GNUTLS_SEC_PARAM_EXPORT;
- return 1;
- }
- return 0;
+ bulk_rmadd_func *func;
+
+ if (add)
+ func = _add_priority;
+ else
+ func = _set_priority;
+
+ if (strcasecmp(level, LEVEL_PERFORMANCE) == 0) {
+ func(&priority_cache->cipher, cipher_priority_performance);
+ func(&priority_cache->kx, kx_priority_performance);
+ func(&priority_cache->mac, mac_priority_normal);
+ func(&priority_cache->sign_algo, sign_priority_default);
+ func(&priority_cache->supported_ecc, supported_ecc_normal);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_NORMAL) == 0) {
+ func(&priority_cache->cipher, cipher_priority_normal);
+ func(&priority_cache->kx, kx_priority_secure);
+ func(&priority_cache->mac, mac_priority_normal);
+ func(&priority_cache->sign_algo, sign_priority_default);
+ func(&priority_cache->supported_ecc, supported_ecc_normal);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_PFS) == 0) {
+ func(&priority_cache->cipher, cipher_priority_normal);
+ func(&priority_cache->kx, kx_priority_pfs);
+ func(&priority_cache->mac, mac_priority_normal);
+ func(&priority_cache->sign_algo, sign_priority_default);
+ func(&priority_cache->supported_ecc, supported_ecc_normal);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_SECURE256) == 0
+ || strcasecmp(level, LEVEL_SECURE192) == 0) {
+ func(&priority_cache->cipher, cipher_priority_secure192);
+ func(&priority_cache->kx, kx_priority_secure);
+ func(&priority_cache->mac, mac_priority_secure192);
+ func(&priority_cache->sign_algo, sign_priority_secure192);
+ func(&priority_cache->supported_ecc,
+ supported_ecc_secure192);
+
+ /* be conservative for now. Set the bits to correspond to 96-bit level */
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_LEGACY;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_SECURE128) == 0
+ || strcasecmp(level, "SECURE") == 0) {
+ func(&priority_cache->cipher, cipher_priority_secure128);
+ func(&priority_cache->kx, kx_priority_secure);
+ func(&priority_cache->mac, mac_priority_secure128);
+ func(&priority_cache->sign_algo, sign_priority_secure128);
+ func(&priority_cache->supported_ecc,
+ supported_ecc_secure128);
+
+ /* be conservative for now. Set the bits to correspond to an 72-bit level */
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_WEAK;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_SUITEB128) == 0) {
+ func(&priority_cache->protocol, protocol_priority_suiteb);
+ func(&priority_cache->cipher, cipher_priority_suiteb128);
+ func(&priority_cache->kx, kx_priority_suiteb);
+ func(&priority_cache->mac, mac_priority_suiteb128);
+ func(&priority_cache->sign_algo, sign_priority_suiteb128);
+ func(&priority_cache->supported_ecc,
+ supported_ecc_suiteb128);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_HIGH;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_SUITEB192) == 0) {
+ func(&priority_cache->protocol, protocol_priority_suiteb);
+ func(&priority_cache->cipher, cipher_priority_suiteb192);
+ func(&priority_cache->kx, kx_priority_suiteb);
+ func(&priority_cache->mac, mac_priority_suiteb192);
+ func(&priority_cache->sign_algo, sign_priority_suiteb192);
+ func(&priority_cache->supported_ecc,
+ supported_ecc_suiteb192);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_ULTRA;
+ return 1;
+ } else if (strcasecmp(level, LEVEL_EXPORT) == 0) {
+ func(&priority_cache->cipher, cipher_priority_performance);
+ func(&priority_cache->kx, kx_priority_performance);
+ func(&priority_cache->mac, mac_priority_secure128);
+ func(&priority_cache->sign_algo, sign_priority_default);
+ func(&priority_cache->supported_ecc, supported_ecc_normal);
+
+ if (priority_cache->level == 0)
+ priority_cache->level = GNUTLS_SEC_PARAM_EXPORT;
+ return 1;
+ }
+ return 0;
}
/**
@@ -814,294 +779,302 @@ bulk_rmadd_func *func;
* %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_priority_init (gnutls_priority_t * priority_cache,
- const char *priorities, const char **err_pos)
+gnutls_priority_init(gnutls_priority_t * priority_cache,
+ const char *priorities, const char **err_pos)
{
- char *broken_list[MAX_ELEMENTS];
- int broken_list_size = 0, i = 0, j;
- char *darg = NULL;
- int algo;
- rmadd_func *fn;
- bulk_rmadd_func *bulk_fn;
-
- *priority_cache = gnutls_calloc (1, sizeof (struct gnutls_priority_st));
- if (*priority_cache == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (err_pos)
- *err_pos = priorities;
-
- /* for now unsafe renegotiation is default on everyone. To be removed
- * when we make it the default.
- */
- (*priority_cache)->sr = SR_PARTIAL;
- (*priority_cache)->ssl3_record_version = 1;
-
-
- (*priority_cache)->max_empty_records = DEFAULT_MAX_EMPTY_RECORDS;
-
- if (priorities == NULL)
- priorities = LEVEL_NORMAL;
-
- darg = gnutls_strdup (priorities);
- if (darg == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- break_comma_list (darg, broken_list, &broken_list_size, MAX_ELEMENTS, ':');
- /* This is our default set of protocol version, certificate types and
- * compression methods.
- */
- if (strcasecmp (broken_list[0], LEVEL_NONE) != 0)
- {
- _set_priority (&(*priority_cache)->protocol, protocol_priority);
- _set_priority (&(*priority_cache)->compression, comp_priority);
- _set_priority (&(*priority_cache)->cert_type, cert_type_priority_default);
- _set_priority (&(*priority_cache)->sign_algo, sign_priority_default);
- _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
- i = 0;
- }
- else
- {
- i = 1;
- }
-
- for (; i < broken_list_size; i++)
- {
- if (check_level(broken_list[i], *priority_cache, 0) != 0)
- {
- continue;
- }
- else if (broken_list[i][0] == '!' || broken_list[i][0] == '+'
- || broken_list[i][0] == '-')
- {
- if (broken_list[i][0] == '+')
- {
- fn = prio_add;
- bulk_fn = _add_priority;
- }
- else
- {
- fn = prio_remove;
- bulk_fn = _clear_priorities;
- }
-
- if (broken_list[i][0] == '+' && check_level(&broken_list[i][1], *priority_cache, 1) != 0)
- {
- continue;
- }
- else if ((algo =
- gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN)
- fn (&(*priority_cache)->mac, algo);
- else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) !=
- GNUTLS_CIPHER_UNKNOWN)
- fn (&(*priority_cache)->cipher, algo);
- else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) !=
- GNUTLS_KX_UNKNOWN)
- fn (&(*priority_cache)->kx, algo);
- else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0)
- {
- bulk_fn (&(*priority_cache)->protocol,
- protocol_priority);
- }
- else if (strncasecmp (&broken_list[i][1], "VERS-DTLS-ALL", 13) == 0)
- {
- bulk_fn (&(*priority_cache)->protocol,
- dtls_protocol_priority);
- }
- else
- {
- if ((algo =
- gnutls_protocol_get_id (&broken_list[i][6])) !=
- GNUTLS_VERSION_UNKNOWN)
- fn (&(*priority_cache)->protocol, algo);
- else
- goto error;
-
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0)
- {
- bulk_fn (&(*priority_cache)->compression,
- comp_priority);
- }
- else
- {
- if ((algo =
- gnutls_compression_get_id (&broken_list[i][6])) !=
- GNUTLS_COMP_UNKNOWN)
- fn (&(*priority_cache)->compression, algo);
- else
- goto error;
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "CURVE-", 6) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "CURVE-ALL", 9) == 0)
- {
- bulk_fn (&(*priority_cache)->supported_ecc,
- supported_ecc_normal);
- }
- else
- {
- if ((algo =
- _gnutls_ecc_curve_get_id (&broken_list[i][7])) !=
- GNUTLS_ECC_CURVE_INVALID)
- fn (&(*priority_cache)->supported_ecc, algo);
- else
- goto error;
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0)
- {
- bulk_fn (&(*priority_cache)->cert_type,
- cert_type_priority_all);
- }
- else
- {
- if ((algo =
- gnutls_certificate_type_get_id (&broken_list[i][7])) !=
- GNUTLS_CRT_UNKNOWN)
- fn (&(*priority_cache)->cert_type, algo);
- else
- goto error;
- }
- } /* now check if the element is something like -ALGO */
- else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0)
- {
- if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0)
- {
- bulk_fn (&(*priority_cache)->sign_algo,
- sign_priority_default);
- }
- else
- {
- if ((algo =
- gnutls_sign_get_id (&broken_list[i][6])) !=
- GNUTLS_SIGN_UNKNOWN)
- fn (&(*priority_cache)->sign_algo, algo);
- else
- goto error;
- }
- }
- else if (strncasecmp (&broken_list[i][1], "MAC-ALL", 7) == 0)
- {
- bulk_fn (&(*priority_cache)->mac,
- mac_priority_normal);
- }
- else if (strncasecmp (&broken_list[i][1], "CIPHER-ALL", 10) == 0)
- {
- bulk_fn (&(*priority_cache)->cipher,
- cipher_priority_normal);
- }
- else if (strncasecmp (&broken_list[i][1], "KX-ALL", 6) == 0)
- {
- bulk_fn (&(*priority_cache)->kx,
- kx_priority_secure);
- }
- else
- goto error;
- }
- else if (broken_list[i][0] == '%')
- {
- if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
- {
- ENABLE_COMPAT((*priority_cache));
- }
- else if (strcasecmp (&broken_list[i][1], "NO_EXTENSIONS") == 0)
- {
- (*priority_cache)->no_extensions = 1;
- }
- else if (strcasecmp (&broken_list[i][1], "STATELESS_COMPRESSION") == 0)
- {
- (*priority_cache)->stateless_compression = 1;
- }
- else if (strcasecmp (&broken_list[i][1],
- "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
- {
- prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5);
- (*priority_cache)->additional_verify_flags |=
- GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
- }
- else if (strcasecmp (&broken_list[i][1],
- "VERIFY_DISABLE_CRL_CHECKS") == 0)
- {
- (*priority_cache)->additional_verify_flags |=
- GNUTLS_VERIFY_DISABLE_CRL_CHECKS;
- }
- else if (strcasecmp (&broken_list[i][1],
- "SSL3_RECORD_VERSION") == 0)
- (*priority_cache)->ssl3_record_version = 1;
- else if (strcasecmp (&broken_list[i][1],
- "LATEST_RECORD_VERSION") == 0)
- (*priority_cache)->ssl3_record_version = 0;
- else if (strcasecmp (&broken_list[i][1],
- "VERIFY_ALLOW_X509_V1_CA_CRT") == 0)
- (*priority_cache)->additional_verify_flags |=
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
- else if (strcasecmp (&broken_list[i][1],
- "UNSAFE_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_UNSAFE;
- }
- else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_SAFE;
- }
- else if (strcasecmp (&broken_list[i][1],
- "PARTIAL_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_PARTIAL;
- }
- else if (strcasecmp (&broken_list[i][1],
- "DISABLE_SAFE_RENEGOTIATION") == 0)
- {
- (*priority_cache)->sr = SR_DISABLED;
- }
- else if (strcasecmp (&broken_list[i][1],
- "SERVER_PRECEDENCE") == 0)
- {
- (*priority_cache)->server_precedence = 1;
- }
- else if (strcasecmp (&broken_list[i][1],
- "NEW_PADDING") == 0)
- {
- (*priority_cache)->new_record_padding = 1;
- }
- else
- goto error;
- }
- else
- goto error;
- }
-
- gnutls_free (darg);
- return 0;
-
-error:
- if (err_pos != NULL && i < broken_list_size)
- {
- *err_pos = priorities;
- for (j = 0; j < i; j++)
- {
- (*err_pos) += strlen (broken_list[j]) + 1;
- }
- }
- gnutls_free (darg);
- gnutls_free (*priority_cache);
-
- return GNUTLS_E_INVALID_REQUEST;
+ char *broken_list[MAX_ELEMENTS];
+ int broken_list_size = 0, i = 0, j;
+ char *darg = NULL;
+ int algo;
+ rmadd_func *fn;
+ bulk_rmadd_func *bulk_fn;
+
+ *priority_cache =
+ gnutls_calloc(1, sizeof(struct gnutls_priority_st));
+ if (*priority_cache == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (err_pos)
+ *err_pos = priorities;
+
+ /* for now unsafe renegotiation is default on everyone. To be removed
+ * when we make it the default.
+ */
+ (*priority_cache)->sr = SR_PARTIAL;
+ (*priority_cache)->ssl3_record_version = 1;
+
+
+ (*priority_cache)->max_empty_records = DEFAULT_MAX_EMPTY_RECORDS;
+
+ if (priorities == NULL)
+ priorities = LEVEL_NORMAL;
+
+ darg = gnutls_strdup(priorities);
+ if (darg == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ break_comma_list(darg, broken_list, &broken_list_size,
+ MAX_ELEMENTS, ':');
+ /* This is our default set of protocol version, certificate types and
+ * compression methods.
+ */
+ if (strcasecmp(broken_list[0], LEVEL_NONE) != 0) {
+ _set_priority(&(*priority_cache)->protocol,
+ protocol_priority);
+ _set_priority(&(*priority_cache)->compression,
+ comp_priority);
+ _set_priority(&(*priority_cache)->cert_type,
+ cert_type_priority_default);
+ _set_priority(&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ _set_priority(&(*priority_cache)->supported_ecc,
+ supported_ecc_normal);
+ i = 0;
+ } else {
+ i = 1;
+ }
+
+ for (; i < broken_list_size; i++) {
+ if (check_level(broken_list[i], *priority_cache, 0) != 0) {
+ continue;
+ } else if (broken_list[i][0] == '!'
+ || broken_list[i][0] == '+'
+ || broken_list[i][0] == '-') {
+ if (broken_list[i][0] == '+') {
+ fn = prio_add;
+ bulk_fn = _add_priority;
+ } else {
+ fn = prio_remove;
+ bulk_fn = _clear_priorities;
+ }
+
+ if (broken_list[i][0] == '+'
+ && check_level(&broken_list[i][1],
+ *priority_cache, 1) != 0) {
+ continue;
+ } else if ((algo =
+ gnutls_mac_get_id(&broken_list[i][1]))
+ != GNUTLS_MAC_UNKNOWN)
+ fn(&(*priority_cache)->mac, algo);
+ else if ((algo =
+ gnutls_cipher_get_id(&broken_list[i][1]))
+ != GNUTLS_CIPHER_UNKNOWN)
+ fn(&(*priority_cache)->cipher, algo);
+ else if ((algo =
+ gnutls_kx_get_id(&broken_list[i][1])) !=
+ GNUTLS_KX_UNKNOWN)
+ fn(&(*priority_cache)->kx, algo);
+ else if (strncasecmp
+ (&broken_list[i][1], "VERS-", 5) == 0) {
+ if (strncasecmp
+ (&broken_list[i][1], "VERS-TLS-ALL",
+ 12) == 0) {
+ bulk_fn(&(*priority_cache)->
+ protocol,
+ protocol_priority);
+ } else
+ if (strncasecmp
+ (&broken_list[i][1],
+ "VERS-DTLS-ALL", 13) == 0) {
+ bulk_fn(&(*priority_cache)->
+ protocol,
+ dtls_protocol_priority);
+ } else {
+ if ((algo =
+ gnutls_protocol_get_id
+ (&broken_list[i][6])) !=
+ GNUTLS_VERSION_UNKNOWN)
+ fn(&(*priority_cache)->
+ protocol, algo);
+ else
+ goto error;
+
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp
+ (&broken_list[i][1], "COMP-", 5) == 0) {
+ if (strncasecmp
+ (&broken_list[i][1], "COMP-ALL",
+ 8) == 0) {
+ bulk_fn(&(*priority_cache)->
+ compression,
+ comp_priority);
+ } else {
+ if ((algo =
+ gnutls_compression_get_id
+ (&broken_list[i][6])) !=
+ GNUTLS_COMP_UNKNOWN)
+ fn(&(*priority_cache)->
+ compression, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp
+ (&broken_list[i][1], "CURVE-", 6) == 0) {
+ if (strncasecmp
+ (&broken_list[i][1], "CURVE-ALL",
+ 9) == 0) {
+ bulk_fn(&(*priority_cache)->
+ supported_ecc,
+ supported_ecc_normal);
+ } else {
+ if ((algo =
+ _gnutls_ecc_curve_get_id
+ (&broken_list[i][7])) !=
+ GNUTLS_ECC_CURVE_INVALID)
+ fn(&(*priority_cache)->
+ supported_ecc, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp
+ (&broken_list[i][1], "CTYPE-", 6) == 0) {
+ if (strncasecmp
+ (&broken_list[i][1], "CTYPE-ALL",
+ 9) == 0) {
+ bulk_fn(&(*priority_cache)->
+ cert_type,
+ cert_type_priority_all);
+ } else {
+ if ((algo =
+ gnutls_certificate_type_get_id
+ (&broken_list[i][7])) !=
+ GNUTLS_CRT_UNKNOWN)
+ fn(&(*priority_cache)->
+ cert_type, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp
+ (&broken_list[i][1], "SIGN-", 5) == 0) {
+ if (strncasecmp
+ (&broken_list[i][1], "SIGN-ALL",
+ 8) == 0) {
+ bulk_fn(&(*priority_cache)->
+ sign_algo,
+ sign_priority_default);
+ } else {
+ if ((algo =
+ gnutls_sign_get_id
+ (&broken_list[i][6])) !=
+ GNUTLS_SIGN_UNKNOWN)
+ fn(&(*priority_cache)->
+ sign_algo, algo);
+ else
+ goto error;
+ }
+ } else
+ if (strncasecmp
+ (&broken_list[i][1], "MAC-ALL", 7) == 0) {
+ bulk_fn(&(*priority_cache)->mac,
+ mac_priority_normal);
+ } else
+ if (strncasecmp
+ (&broken_list[i][1], "CIPHER-ALL",
+ 10) == 0) {
+ bulk_fn(&(*priority_cache)->cipher,
+ cipher_priority_normal);
+ } else
+ if (strncasecmp
+ (&broken_list[i][1], "KX-ALL", 6) == 0) {
+ bulk_fn(&(*priority_cache)->kx,
+ kx_priority_secure);
+ } else
+ goto error;
+ } else if (broken_list[i][0] == '%') {
+ if (strcasecmp(&broken_list[i][1], "COMPAT") == 0) {
+ ENABLE_COMPAT((*priority_cache));
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "NO_EXTENSIONS") == 0) {
+ (*priority_cache)->no_extensions = 1;
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "STATELESS_COMPRESSION") == 0) {
+ (*priority_cache)->stateless_compression =
+ 1;
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) {
+ prio_add(&(*priority_cache)->sign_algo,
+ GNUTLS_SIGN_RSA_MD5);
+ (*priority_cache)->
+ additional_verify_flags |=
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "VERIFY_DISABLE_CRL_CHECKS") == 0) {
+ (*priority_cache)->
+ additional_verify_flags |=
+ GNUTLS_VERIFY_DISABLE_CRL_CHECKS;
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "SSL3_RECORD_VERSION") == 0)
+ (*priority_cache)->ssl3_record_version = 1;
+ else if (strcasecmp(&broken_list[i][1],
+ "LATEST_RECORD_VERSION") == 0)
+ (*priority_cache)->ssl3_record_version = 0;
+ else if (strcasecmp(&broken_list[i][1],
+ "VERIFY_ALLOW_X509_V1_CA_CRT")
+ == 0)
+ (*priority_cache)->
+ additional_verify_flags |=
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
+ else if (strcasecmp
+ (&broken_list[i][1],
+ "UNSAFE_RENEGOTIATION") == 0) {
+ (*priority_cache)->sr = SR_UNSAFE;
+ } else
+ if (strcasecmp
+ (&broken_list[i][1],
+ "SAFE_RENEGOTIATION") == 0) {
+ (*priority_cache)->sr = SR_SAFE;
+ } else if (strcasecmp(&broken_list[i][1],
+ "PARTIAL_RENEGOTIATION") ==
+ 0) {
+ (*priority_cache)->sr = SR_PARTIAL;
+ } else if (strcasecmp(&broken_list[i][1],
+ "DISABLE_SAFE_RENEGOTIATION")
+ == 0) {
+ (*priority_cache)->sr = SR_DISABLED;
+ } else if (strcasecmp(&broken_list[i][1],
+ "SERVER_PRECEDENCE") == 0) {
+ (*priority_cache)->server_precedence = 1;
+ } else if (strcasecmp(&broken_list[i][1],
+ "NEW_PADDING") == 0) {
+ (*priority_cache)->new_record_padding = 1;
+ } else
+ goto error;
+ } else
+ goto error;
+ }
+
+ gnutls_free(darg);
+ return 0;
+
+ error:
+ if (err_pos != NULL && i < broken_list_size) {
+ *err_pos = priorities;
+ for (j = 0; j < i; j++) {
+ (*err_pos) += strlen(broken_list[j]) + 1;
+ }
+ }
+ gnutls_free(darg);
+ gnutls_free(*priority_cache);
+
+ return GNUTLS_E_INVALID_REQUEST;
}
@@ -1111,10 +1084,9 @@ error:
*
* Deinitializes the priority cache.
**/
-void
-gnutls_priority_deinit (gnutls_priority_t priority_cache)
+void gnutls_priority_deinit(gnutls_priority_t priority_cache)
{
- gnutls_free (priority_cache);
+ gnutls_free(priority_cache);
}
@@ -1133,63 +1105,59 @@ gnutls_priority_deinit (gnutls_priority_t priority_cache)
* %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_priority_set_direct (gnutls_session_t session,
- const char *priorities, const char **err_pos)
+gnutls_priority_set_direct(gnutls_session_t session,
+ const char *priorities, const char **err_pos)
{
- gnutls_priority_t prio;
- int ret;
-
- ret = gnutls_priority_init (&prio, priorities, err_pos);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_priority_set (session, prio);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- gnutls_priority_deinit (prio);
-
- return 0;
+ gnutls_priority_t prio;
+ int ret;
+
+ ret = gnutls_priority_init(&prio, priorities, err_pos);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_priority_set(session, prio);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ gnutls_priority_deinit(prio);
+
+ return 0;
}
/* Breaks a list of "xxx", "yyy", to a character array, of
* MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified.
*/
static void
-break_comma_list (char *etag,
- char **broken_etag, int *elements, int max_elements,
- char sep)
+break_comma_list(char *etag,
+ char **broken_etag, int *elements, int max_elements,
+ char sep)
{
- char *p = etag;
- if (sep == 0)
- sep = ',';
-
- *elements = 0;
-
- do
- {
- broken_etag[*elements] = p;
-
- (*elements)++;
-
- p = strchr (p, sep);
- if (p)
- {
- *p = 0;
- p++; /* move to next entry and skip white
- * space.
- */
- while (*p == ' ')
- p++;
- }
- }
- while (p != NULL && *elements < max_elements);
+ char *p = etag;
+ if (sep == 0)
+ sep = ',';
+
+ *elements = 0;
+
+ do {
+ broken_etag[*elements] = p;
+
+ (*elements)++;
+
+ p = strchr(p, sep);
+ if (p) {
+ *p = 0;
+ p++; /* move to next entry and skip white
+ * space.
+ */
+ while (*p == ' ')
+ p++;
+ }
+ }
+ while (p != NULL && *elements < max_elements);
}
/**
@@ -1211,10 +1179,9 @@ break_comma_list (char *etag,
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_set_default_priority (gnutls_session_t session)
+int gnutls_set_default_priority(gnutls_session_t session)
{
- return gnutls_priority_set_direct (session, "NORMAL", NULL);
+ return gnutls_priority_set_direct(session, "NORMAL", NULL);
}
/**
@@ -1236,10 +1203,9 @@ gnutls_set_default_priority (gnutls_session_t session)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_set_default_export_priority (gnutls_session_t session)
+int gnutls_set_default_export_priority(gnutls_session_t session)
{
- return gnutls_priority_set_direct (session, "EXPORT", NULL);
+ return gnutls_priority_set_direct(session, "EXPORT", NULL);
}
/**
@@ -1254,13 +1220,14 @@ gnutls_set_default_export_priority (gnutls_session_t session)
* Since: 3.0
**/
int
-gnutls_priority_ecc_curve_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_ecc_curve_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->supported_ecc.algorithms == 0)
- return 0;
-
- *list = pcache->supported_ecc.priority;
- return pcache->supported_ecc.algorithms;
+ if (pcache->supported_ecc.algorithms == 0)
+ return 0;
+
+ *list = pcache->supported_ecc.priority;
+ return pcache->supported_ecc.algorithms;
}
/**
@@ -1275,13 +1242,14 @@ gnutls_priority_ecc_curve_list (gnutls_priority_t pcache, const unsigned int** l
* Since: 3.2.3
**/
int
-gnutls_priority_kx_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_kx_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->kx.algorithms == 0)
- return 0;
-
- *list = pcache->kx.priority;
- return pcache->kx.algorithms;
+ if (pcache->kx.algorithms == 0)
+ return 0;
+
+ *list = pcache->kx.priority;
+ return pcache->kx.algorithms;
}
/**
@@ -1296,13 +1264,14 @@ gnutls_priority_kx_list (gnutls_priority_t pcache, const unsigned int** list)
* Since: 3.2.3
**/
int
-gnutls_priority_cipher_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_cipher_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->cipher.algorithms == 0)
- return 0;
-
- *list = pcache->cipher.priority;
- return pcache->cipher.algorithms;
+ if (pcache->cipher.algorithms == 0)
+ return 0;
+
+ *list = pcache->cipher.priority;
+ return pcache->cipher.algorithms;
}
/**
@@ -1317,13 +1286,14 @@ gnutls_priority_cipher_list (gnutls_priority_t pcache, const unsigned int** list
* Since: 3.2.3
**/
int
-gnutls_priority_mac_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_mac_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->mac.algorithms == 0)
- return 0;
-
- *list = pcache->mac.priority;
- return pcache->mac.algorithms;
+ if (pcache->mac.algorithms == 0)
+ return 0;
+
+ *list = pcache->mac.priority;
+ return pcache->mac.algorithms;
}
/**
@@ -1338,13 +1308,14 @@ gnutls_priority_mac_list (gnutls_priority_t pcache, const unsigned int** list)
* Since: 3.0
**/
int
-gnutls_priority_compression_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_compression_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->compression.algorithms == 0)
- return 0;
-
- *list = pcache->compression.priority;
- return pcache->compression.algorithms;
+ if (pcache->compression.algorithms == 0)
+ return 0;
+
+ *list = pcache->compression.priority;
+ return pcache->compression.algorithms;
}
/**
@@ -1359,13 +1330,14 @@ gnutls_priority_compression_list (gnutls_priority_t pcache, const unsigned int**
* Since: 3.0
**/
int
-gnutls_priority_protocol_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_protocol_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->protocol.algorithms == 0)
- return 0;
-
- *list = pcache->protocol.priority;
- return pcache->protocol.algorithms;
+ if (pcache->protocol.algorithms == 0)
+ return 0;
+
+ *list = pcache->protocol.priority;
+ return pcache->protocol.algorithms;
}
/**
@@ -1380,13 +1352,14 @@ gnutls_priority_protocol_list (gnutls_priority_t pcache, const unsigned int** li
* Since: 3.0
**/
int
-gnutls_priority_sign_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_sign_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->sign_algo.algorithms == 0)
- return 0;
-
- *list = pcache->sign_algo.priority;
- return pcache->sign_algo.algorithms;
+ if (pcache->sign_algo.algorithms == 0)
+ return 0;
+
+ *list = pcache->sign_algo.priority;
+ return pcache->sign_algo.algorithms;
}
/**
@@ -1401,11 +1374,12 @@ gnutls_priority_sign_list (gnutls_priority_t pcache, const unsigned int** list)
* Since: 3.0
**/
int
-gnutls_priority_certificate_type_list (gnutls_priority_t pcache, const unsigned int** list)
+gnutls_priority_certificate_type_list(gnutls_priority_t pcache,
+ const unsigned int **list)
{
- if (pcache->cert_type.algorithms == 0)
- return 0;
-
- *list = pcache->cert_type.priority;
- return pcache->cert_type.algorithms;
+ if (pcache->cert_type.algorithms == 0)
+ return 0;
+
+ *list = pcache->cert_type.priority;
+ return pcache->cert_type.algorithms;
}
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 1436b16e89..febd8f028e 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -47,10 +47,9 @@
*
* Since: 2.12.0
**/
-gnutls_privkey_type_t
-gnutls_privkey_get_type (gnutls_privkey_t key)
+gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key)
{
- return key->type;
+ return key->type;
}
/**
@@ -68,157 +67,161 @@ gnutls_privkey_get_type (gnutls_privkey_t key)
* Since: 2.12.0
**/
int
-gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int *bits)
+gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, unsigned int *bits)
{
- switch (key->type)
- {
+ switch (key->type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_get_pk_algorithm (key->key.openpgp, bits);
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_get_pk_algorithm(key->key.
+ openpgp,
+ bits);
#endif
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_get_pk_algorithm (key->key.pkcs11, bits);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_get_pk_algorithm(key->key.
+ pkcs11,
+ bits);
#endif
- case GNUTLS_PRIVKEY_X509:
- if (bits)
- *bits = _gnutls_mpi_get_nbits (key->key.x509->params.params[0]);
- return gnutls_x509_privkey_get_pk_algorithm (key->key.x509);
- case GNUTLS_PRIVKEY_EXT:
- if (bits)
- *bits = 0;
- return key->pk_algorithm;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ case GNUTLS_PRIVKEY_X509:
+ if (bits)
+ *bits =
+ _gnutls_mpi_get_nbits(key->key.x509->params.
+ params[0]);
+ return gnutls_x509_privkey_get_pk_algorithm(key->key.x509);
+ case GNUTLS_PRIVKEY_EXT:
+ if (bits)
+ *bits = 0;
+ return key->pk_algorithm;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
static int
-privkey_to_pubkey (gnutls_pk_algorithm_t pk,
- const gnutls_pk_params_st* priv,
- gnutls_pk_params_st* pub)
+privkey_to_pubkey(gnutls_pk_algorithm_t pk,
+ const gnutls_pk_params_st * priv,
+ gnutls_pk_params_st * pub)
{
- int ret;
-
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- pub->params[0] = _gnutls_mpi_copy (priv->params[0]);
- pub->params[1] = _gnutls_mpi_copy (priv->params[1]);
-
- pub->params_nr = RSA_PUBLIC_PARAMS;
-
- if (pub->params[0] == NULL || pub->params[1] == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- break;
- case GNUTLS_PK_DSA:
- pub->params[0] = _gnutls_mpi_copy (priv->params[0]);
- pub->params[1] = _gnutls_mpi_copy (priv->params[1]);
- pub->params[2] = _gnutls_mpi_copy (priv->params[2]);
- pub->params[3] = _gnutls_mpi_copy (priv->params[3]);
-
- pub->params_nr = DSA_PUBLIC_PARAMS;
-
- if (pub->params[0] == NULL || pub->params[1] == NULL ||
- pub->params[2] == NULL || pub->params[3] == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- break;
- case GNUTLS_PK_EC:
- pub->params[ECC_X] = _gnutls_mpi_copy (priv->params[ECC_X]);
- pub->params[ECC_Y] = _gnutls_mpi_copy (priv->params[ECC_Y]);
-
- pub->params_nr = ECC_PUBLIC_PARAMS;
- pub->flags = priv->flags;
-
- if (pub->params[ECC_X] == NULL || pub->params[ECC_Y] == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
-cleanup:
- gnutls_pk_params_release(pub);
- return ret;
+ int ret;
+
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ pub->params[0] = _gnutls_mpi_copy(priv->params[0]);
+ pub->params[1] = _gnutls_mpi_copy(priv->params[1]);
+
+ pub->params_nr = RSA_PUBLIC_PARAMS;
+
+ if (pub->params[0] == NULL || pub->params[1] == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ break;
+ case GNUTLS_PK_DSA:
+ pub->params[0] = _gnutls_mpi_copy(priv->params[0]);
+ pub->params[1] = _gnutls_mpi_copy(priv->params[1]);
+ pub->params[2] = _gnutls_mpi_copy(priv->params[2]);
+ pub->params[3] = _gnutls_mpi_copy(priv->params[3]);
+
+ pub->params_nr = DSA_PUBLIC_PARAMS;
+
+ if (pub->params[0] == NULL || pub->params[1] == NULL ||
+ pub->params[2] == NULL || pub->params[3] == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ break;
+ case GNUTLS_PK_EC:
+ pub->params[ECC_X] = _gnutls_mpi_copy(priv->params[ECC_X]);
+ pub->params[ECC_Y] = _gnutls_mpi_copy(priv->params[ECC_Y]);
+
+ pub->params_nr = ECC_PUBLIC_PARAMS;
+ pub->flags = priv->flags;
+
+ if (pub->params[ECC_X] == NULL
+ || pub->params[ECC_Y] == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+ cleanup:
+ gnutls_pk_params_release(pub);
+ return ret;
}
/* Returns the public key of the private key (if possible)
*/
int
-_gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
- gnutls_pk_params_st * params)
+_gnutls_privkey_get_public_mpis(gnutls_privkey_t key,
+ gnutls_pk_params_st * params)
{
- int ret;
- gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm (key, NULL);
+ int ret;
+ gnutls_pk_algorithm_t pk =
+ gnutls_privkey_get_pk_algorithm(key, NULL);
- switch (key->type)
- {
+ switch (key->type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- {
- gnutls_pk_params_st tmp_params;
- uint32_t kid[2];
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- ret =
- gnutls_openpgp_privkey_get_preferred_key_id (key->key.openpgp,
- keyid);
- if (ret == 0)
- {
- KEYID_IMPORT (kid, keyid);
- ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, kid,
- &tmp_params);
- }
- else
- ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, NULL,
- &tmp_params);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = privkey_to_pubkey (pk,
- &tmp_params,
- params);
-
- gnutls_pk_params_release(&tmp_params);
- }
-
- break;
+ case GNUTLS_PRIVKEY_OPENPGP:
+ {
+ gnutls_pk_params_st tmp_params;
+ uint32_t kid[2];
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ ret =
+ gnutls_openpgp_privkey_get_preferred_key_id
+ (key->key.openpgp, keyid);
+ if (ret == 0) {
+ KEYID_IMPORT(kid, keyid);
+ ret =
+ _gnutls_openpgp_privkey_get_mpis(key->
+ key.
+ openpgp,
+ kid,
+ &tmp_params);
+ } else
+ ret =
+ _gnutls_openpgp_privkey_get_mpis(key->
+ key.
+ openpgp,
+ NULL,
+ &tmp_params);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = privkey_to_pubkey(pk, &tmp_params, params);
+
+ gnutls_pk_params_release(&tmp_params);
+ }
+
+ break;
#endif
- case GNUTLS_PRIVKEY_X509:
- ret = privkey_to_pubkey (pk,
- &key->key.x509->params,
- params);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return ret;
+ case GNUTLS_PRIVKEY_X509:
+ ret = privkey_to_pubkey(pk,
+ &key->key.x509->params, params);
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return ret;
}
/**
@@ -232,17 +235,15 @@ _gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
*
* Since: 2.12.0
**/
-int
-gnutls_privkey_init (gnutls_privkey_t * key)
+int gnutls_privkey_init(gnutls_privkey_t * key)
{
- *key = gnutls_calloc (1, sizeof (struct gnutls_privkey_st));
- if (*key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ *key = gnutls_calloc(1, sizeof(struct gnutls_privkey_st));
+ if (*key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -253,45 +254,47 @@ gnutls_privkey_init (gnutls_privkey_t * key)
*
* Since: 2.12.0
**/
-void
-gnutls_privkey_deinit (gnutls_privkey_t key)
+void gnutls_privkey_deinit(gnutls_privkey_t key)
{
- if (key == NULL) return;
+ if (key == NULL)
+ return;
- if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE || key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
- switch (key->type)
- {
+ if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ || key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
+ switch (key->type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- gnutls_openpgp_privkey_deinit (key->key.openpgp);
- break;
+ case GNUTLS_PRIVKEY_OPENPGP:
+ gnutls_openpgp_privkey_deinit(key->key.openpgp);
+ break;
#endif
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11:
- gnutls_pkcs11_privkey_deinit (key->key.pkcs11);
- break;
+ case GNUTLS_PRIVKEY_PKCS11:
+ gnutls_pkcs11_privkey_deinit(key->key.pkcs11);
+ break;
#endif
- case GNUTLS_PRIVKEY_X509:
- gnutls_x509_privkey_deinit (key->key.x509);
- break;
- case GNUTLS_PRIVKEY_EXT:
- if (key->key.ext.deinit_func != NULL)
- key->key.ext.deinit_func(key, key->key.ext.userdata);
- break;
- default:
- break;
- }
- gnutls_free (key);
+ case GNUTLS_PRIVKEY_X509:
+ gnutls_x509_privkey_deinit(key->key.x509);
+ break;
+ case GNUTLS_PRIVKEY_EXT:
+ if (key->key.ext.deinit_func != NULL)
+ key->key.ext.deinit_func(key,
+ key->key.ext.
+ userdata);
+ break;
+ default:
+ break;
+ }
+ gnutls_free(key);
}
/* will fail if the private key contains an actual key.
*/
static int check_if_clean(gnutls_privkey_t key)
{
- if (key->type != 0)
- return GNUTLS_E_INVALID_REQUEST;
+ if (key->type != 0)
+ return GNUTLS_E_INVALID_REQUEST;
- return 0;
+ return 0;
}
#ifdef ENABLE_PKCS11
@@ -317,30 +320,32 @@ static int check_if_clean(gnutls_privkey_t key)
* Since: 2.12.0
**/
int
-gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
- gnutls_pkcs11_privkey_t key, unsigned int flags)
+gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key,
+ unsigned int flags)
{
-int ret;
+ int ret;
- ret = check_if_clean(pkey);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
+ ret = check_if_clean(pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- pkey->key.pkcs11 = key;
- pkey->type = GNUTLS_PRIVKEY_PKCS11;
- pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL);
- pkey->flags = flags;
+ pkey->key.pkcs11 = key;
+ pkey->type = GNUTLS_PRIVKEY_PKCS11;
+ pkey->pk_algorithm =
+ gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL);
+ pkey->flags = flags;
- if (pkey->pin.data)
- gnutls_pkcs11_privkey_set_pin_function(key, pkey->pin.cb, pkey->pin.data);
+ if (pkey->pin.data)
+ gnutls_pkcs11_privkey_set_pin_function(key, pkey->pin.cb,
+ pkey->pin.data);
- return 0;
+ return 0;
}
/**
@@ -356,45 +361,44 @@ int ret;
*
* Since: 3.1.0
**/
-int
-gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url)
+int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url)
{
- gnutls_pkcs11_privkey_t pkey;
- int ret;
-
- ret = gnutls_pkcs11_privkey_init (&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (key->pin.cb)
- gnutls_pkcs11_privkey_set_pin_function(pkey, key->pin.cb, key->pin.data);
-
- ret = gnutls_pkcs11_privkey_import_url (pkey, url, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_privkey_import_pkcs11 (key, pkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- gnutls_pkcs11_privkey_deinit (pkey);
-
- return ret;
+ gnutls_pkcs11_privkey_t pkey;
+ int ret;
+
+ ret = gnutls_pkcs11_privkey_init(&pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (key->pin.cb)
+ gnutls_pkcs11_privkey_set_pin_function(pkey, key->pin.cb,
+ key->pin.data);
+
+ ret = gnutls_pkcs11_privkey_import_url(pkey, url, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_import_pkcs11(key, pkey,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_pkcs11_privkey_deinit(pkey);
+
+ return ret;
}
-#endif /* ENABLE_PKCS11 */
+#endif /* ENABLE_PKCS11 */
/**
* gnutls_privkey_import_ext:
@@ -417,15 +421,15 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_privkey_import_ext (gnutls_privkey_t pkey,
- gnutls_pk_algorithm_t pk,
- void* userdata,
- gnutls_privkey_sign_func sign_func,
- gnutls_privkey_decrypt_func decrypt_func,
- unsigned int flags)
+gnutls_privkey_import_ext(gnutls_privkey_t pkey,
+ gnutls_pk_algorithm_t pk,
+ void *userdata,
+ gnutls_privkey_sign_func sign_func,
+ gnutls_privkey_decrypt_func decrypt_func,
+ unsigned int flags)
{
- return gnutls_privkey_import_ext2( pkey, pk, userdata, sign_func, decrypt_func,
- NULL, flags);
+ return gnutls_privkey_import_ext2(pkey, pk, userdata, sign_func,
+ decrypt_func, NULL, flags);
}
/**
@@ -454,39 +458,38 @@ gnutls_privkey_import_ext (gnutls_privkey_t pkey,
* Since: 3.1
**/
int
-gnutls_privkey_import_ext2 (gnutls_privkey_t pkey,
- gnutls_pk_algorithm_t pk,
- void* userdata,
- gnutls_privkey_sign_func sign_func,
- gnutls_privkey_decrypt_func decrypt_func,
- gnutls_privkey_deinit_func deinit_func,
- unsigned int flags)
+gnutls_privkey_import_ext2(gnutls_privkey_t pkey,
+ gnutls_pk_algorithm_t pk,
+ void *userdata,
+ gnutls_privkey_sign_func sign_func,
+ gnutls_privkey_decrypt_func decrypt_func,
+ gnutls_privkey_deinit_func deinit_func,
+ unsigned int flags)
{
-int ret;
-
- ret = check_if_clean(pkey);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- if (sign_func == NULL && decrypt_func == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- pkey->key.ext.sign_func = sign_func;
- pkey->key.ext.decrypt_func = decrypt_func;
- pkey->key.ext.deinit_func = deinit_func;
- pkey->key.ext.userdata = userdata;
- pkey->type = GNUTLS_PRIVKEY_EXT;
- pkey->pk_algorithm = pk;
- pkey->flags = flags;
-
- /* Ensure gnutls_privkey_deinit() calls the deinit_func */
- if (deinit_func)
- pkey->flags |= GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE;
-
- return 0;
+ int ret;
+
+ ret = check_if_clean(pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (sign_func == NULL && decrypt_func == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ pkey->key.ext.sign_func = sign_func;
+ pkey->key.ext.decrypt_func = decrypt_func;
+ pkey->key.ext.deinit_func = deinit_func;
+ pkey->key.ext.userdata = userdata;
+ pkey->type = GNUTLS_PRIVKEY_EXT;
+ pkey->pk_algorithm = pk;
+ pkey->flags = flags;
+
+ /* Ensure gnutls_privkey_deinit() calls the deinit_func */
+ if (deinit_func)
+ pkey->flags |= GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE;
+
+ return 0;
}
/**
@@ -510,39 +513,35 @@ int ret;
* Since: 2.12.0
**/
int
-gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
- gnutls_x509_privkey_t key, unsigned int flags)
+gnutls_privkey_import_x509(gnutls_privkey_t pkey,
+ gnutls_x509_privkey_t key, unsigned int flags)
{
-int ret;
-
- ret = check_if_clean(pkey);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
- {
- ret = gnutls_x509_privkey_init(&pkey->key.x509);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_privkey_cpy(pkey->key.x509, key);
- if (ret < 0)
- {
- gnutls_x509_privkey_deinit(pkey->key.x509);
- return gnutls_assert_val(ret);
- }
- }
- else
- pkey->key.x509 = key;
-
- pkey->type = GNUTLS_PRIVKEY_X509;
- pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm (key);
- pkey->flags = flags;
-
- return 0;
+ int ret;
+
+ ret = check_if_clean(pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY) {
+ ret = gnutls_x509_privkey_init(&pkey->key.x509);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_x509_privkey_cpy(pkey->key.x509, key);
+ if (ret < 0) {
+ gnutls_x509_privkey_deinit(pkey->key.x509);
+ return gnutls_assert_val(ret);
+ }
+ } else
+ pkey->key.x509 = key;
+
+ pkey->type = GNUTLS_PRIVKEY_X509;
+ pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm(key);
+ pkey->flags = flags;
+
+ return 0;
}
#ifdef ENABLE_OPENPGP
@@ -568,56 +567,53 @@ int ret;
* Since: 2.12.0
**/
int
-gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
- gnutls_openpgp_privkey_t key,
- unsigned int flags)
+gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags)
{
-int ret, idx;
-uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- ret = check_if_clean(pkey);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
- {
- ret = gnutls_openpgp_privkey_init(&pkey->key.openpgp);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_openpgp_privkey_cpy(pkey->key.openpgp, key);
- if (ret < 0)
- {
- gnutls_openpgp_privkey_deinit(pkey->key.openpgp);
- return gnutls_assert_val(ret);
- }
- }
- else
- pkey->key.openpgp = key;
-
- pkey->type = GNUTLS_PRIVKEY_OPENPGP;
-
- ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
- if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
- {
- pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
- }
- else
- {
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
-
- pkey->pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
- }
-
- pkey->flags = flags;
-
- return 0;
+ int ret, idx;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ ret = check_if_clean(pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY) {
+ ret = gnutls_openpgp_privkey_init(&pkey->key.openpgp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_openpgp_privkey_cpy(pkey->key.openpgp, key);
+ if (ret < 0) {
+ gnutls_openpgp_privkey_deinit(pkey->key.openpgp);
+ return gnutls_assert_val(ret);
+ }
+ } else
+ pkey->key.openpgp = key;
+
+ pkey->type = GNUTLS_PRIVKEY_OPENPGP;
+
+ ret = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid);
+ if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR) {
+ pkey->pk_algorithm =
+ gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
+ } else {
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
+
+ pkey->pk_algorithm =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm(key,
+ idx,
+ NULL);
+ }
+
+ pkey->flags = flags;
+
+ return 0;
}
/**
@@ -636,49 +632,51 @@ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
*
* Since: 3.1.0
**/
-int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const gnutls_openpgp_keyid_t keyid,
- const char* password)
+int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const gnutls_openpgp_keyid_t keyid,
+ const char *password)
{
- gnutls_openpgp_privkey_t xpriv;
- int ret;
-
- ret = gnutls_openpgp_privkey_init(&xpriv);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_openpgp_privkey_import(xpriv, data, format, password, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if(keyid)
- {
- ret = gnutls_openpgp_privkey_set_preferred_key_id(xpriv, keyid);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = gnutls_privkey_import_openpgp(pkey, xpriv, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_openpgp_privkey_deinit(xpriv);
-
- return ret;
+ gnutls_openpgp_privkey_t xpriv;
+ int ret;
+
+ ret = gnutls_openpgp_privkey_init(&xpriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_openpgp_privkey_import(xpriv, data, format, password,
+ 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (keyid) {
+ ret =
+ gnutls_openpgp_privkey_set_preferred_key_id(xpriv,
+ keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ gnutls_privkey_import_openpgp(pkey, xpriv,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_openpgp_privkey_deinit(xpriv);
+
+ return ret;
}
#endif
@@ -704,47 +702,46 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_privkey_sign_data (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+gnutls_privkey_sign_data(gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
- int ret;
- gnutls_datum_t digest;
- const mac_entry_st* me = mac_to_entry(hash);
-
- if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = pk_hash_data (signer->pk_algorithm, me, NULL, data, &digest);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = pk_prepare_hash (signer->pk_algorithm, me, &digest);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_privkey_sign_raw_data (signer, flags, &digest, signature);
- _gnutls_free_datum (&digest);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum (&digest);
- return ret;
+ int ret;
+ gnutls_datum_t digest;
+ const mac_entry_st *me = mac_to_entry(hash);
+
+ if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = pk_hash_data(signer->pk_algorithm, me, NULL, data, &digest);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = pk_prepare_hash(signer->pk_algorithm, me, &digest);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_sign_raw_data(signer, flags, &digest,
+ signature);
+ _gnutls_free_datum(&digest);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&digest);
+ return ret;
}
/**
@@ -772,46 +769,48 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_privkey_sign_hash (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature)
+gnutls_privkey_sign_hash(gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
{
- int ret;
- gnutls_datum_t digest;
-
- if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)
- return gnutls_privkey_sign_raw_data (signer, flags, hash_data, signature);
-
- digest.data = gnutls_malloc (hash_data->size);
- if (digest.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- digest.size = hash_data->size;
- memcpy (digest.data, hash_data->data, digest.size);
-
- ret = pk_prepare_hash (signer->pk_algorithm, mac_to_entry(hash_algo), &digest);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_privkey_sign_raw_data (signer, flags, &digest, signature);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&digest);
- return ret;
+ int ret;
+ gnutls_datum_t digest;
+
+ if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)
+ return gnutls_privkey_sign_raw_data(signer, flags,
+ hash_data, signature);
+
+ digest.data = gnutls_malloc(hash_data->size);
+ if (digest.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ digest.size = hash_data->size;
+ memcpy(digest.data, hash_data->data, digest.size);
+
+ ret =
+ pk_prepare_hash(signer->pk_algorithm, mac_to_entry(hash_algo),
+ &digest);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_sign_raw_data(signer, flags, &digest,
+ signature);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&digest);
+ return ret;
}
/**
@@ -836,34 +835,35 @@ cleanup:
* Since: 3.1.10
**/
int
-gnutls_privkey_sign_raw_data (gnutls_privkey_t key,
- unsigned flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+gnutls_privkey_sign_raw_data(gnutls_privkey_t key,
+ unsigned flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
- switch (key->type)
- {
+ switch (key->type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_sign_hash (key->key.openpgp,
- data, signature);
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_sign_hash(key->key.openpgp,
+ data, signature);
#endif
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11:
- return _gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
- data, signature);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return _gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11,
+ data, signature);
#endif
- case GNUTLS_PRIVKEY_X509:
- return _gnutls_pk_sign (key->key.x509->pk_algorithm,
- signature, data, &key->key.x509->params);
- case GNUTLS_PRIVKEY_EXT:
- if (key->key.ext.sign_func == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return key->key.ext.sign_func(key, key->key.ext.userdata, data, signature);
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ case GNUTLS_PRIVKEY_X509:
+ return _gnutls_pk_sign(key->key.x509->pk_algorithm,
+ signature, data,
+ &key->key.x509->params);
+ case GNUTLS_PRIVKEY_EXT:
+ if (key->key.ext.sign_func == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return key->key.ext.sign_func(key, key->key.ext.userdata,
+ data, signature);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -882,36 +882,41 @@ gnutls_privkey_sign_raw_data (gnutls_privkey_t key,
* Since: 2.12.0
**/
int
-gnutls_privkey_decrypt_data (gnutls_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+gnutls_privkey_decrypt_data(gnutls_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
- switch (key->type)
- {
+ switch (key->type) {
#ifdef ENABLE_OPENPGP
- case GNUTLS_PRIVKEY_OPENPGP:
- return _gnutls_openpgp_privkey_decrypt_data (key->key.openpgp, flags,
- ciphertext, plaintext);
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return _gnutls_openpgp_privkey_decrypt_data(key->key.
+ openpgp, flags,
+ ciphertext,
+ plaintext);
#endif
- case GNUTLS_PRIVKEY_X509:
- return _gnutls_pk_decrypt (key->pk_algorithm, plaintext, ciphertext,
- &key->key.x509->params);
+ case GNUTLS_PRIVKEY_X509:
+ return _gnutls_pk_decrypt(key->pk_algorithm, plaintext,
+ ciphertext,
+ &key->key.x509->params);
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11:
- return _gnutls_pkcs11_privkey_decrypt_data (key->key.pkcs11,
- flags,
- ciphertext, plaintext);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return _gnutls_pkcs11_privkey_decrypt_data(key->key.pkcs11,
+ flags,
+ ciphertext,
+ plaintext);
#endif
- case GNUTLS_PRIVKEY_EXT:
- if (key->key.ext.decrypt_func == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- return key->key.ext.decrypt_func(key, key->key.ext.userdata, ciphertext, plaintext);
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ case GNUTLS_PRIVKEY_EXT:
+ if (key->key.ext.decrypt_func == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ return key->key.ext.decrypt_func(key,
+ key->key.ext.userdata,
+ ciphertext, plaintext);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -933,38 +938,41 @@ gnutls_privkey_decrypt_data (gnutls_privkey_t key,
*
* Since: 3.1.0
**/
-int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char* password, unsigned int flags)
+int gnutls_privkey_import_x509_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags)
{
- gnutls_x509_privkey_t xpriv;
- int ret;
-
- ret = gnutls_x509_privkey_init(&xpriv);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_privkey_import2(xpriv, data, format, password, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_privkey_import_x509(pkey, xpriv, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- gnutls_x509_privkey_deinit(xpriv);
-
- return ret;
+ gnutls_x509_privkey_t xpriv;
+ int ret;
+
+ ret = gnutls_x509_privkey_init(&xpriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_x509_privkey_import2(xpriv, data, format, password,
+ flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_import_x509(pkey, xpriv,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_x509_privkey_deinit(xpriv);
+
+ return ret;
}
/**
@@ -983,23 +991,25 @@ cleanup:
* Since: 3.1.0
**/
int
-gnutls_privkey_import_url (gnutls_privkey_t key, const char *url, unsigned int flags)
+gnutls_privkey_import_url(gnutls_privkey_t key, const char *url,
+ unsigned int flags)
{
- if (strncmp(url, "pkcs11:", 7) == 0)
+ if (strncmp(url, "pkcs11:", 7) == 0)
#ifdef ENABLE_PKCS11
- return gnutls_privkey_import_pkcs11_url(key, url);
+ return gnutls_privkey_import_pkcs11_url(key, url);
#else
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
#endif
- if (strncmp(url, "tpmkey:", 7) == 0)
+ if (strncmp(url, "tpmkey:", 7) == 0)
#ifdef HAVE_TROUSERS
- return gnutls_privkey_import_tpm_url(key, url, NULL, NULL, 0);
+ return gnutls_privkey_import_tpm_url(key, url, NULL, NULL,
+ 0);
#else
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
#endif
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
/**
@@ -1018,11 +1028,12 @@ gnutls_privkey_import_url (gnutls_privkey_t key, const char *url, unsigned int f
* Since: 3.1.0
*
**/
-void gnutls_privkey_set_pin_function (gnutls_privkey_t key,
- gnutls_pin_callback_t fn, void *userdata)
+void gnutls_privkey_set_pin_function(gnutls_privkey_t key,
+ gnutls_pin_callback_t fn,
+ void *userdata)
{
- key->pin.cb = fn;
- key->pin.data = userdata;
+ key->pin.cb = fn;
+ key->pin.data = userdata;
}
/**
@@ -1040,16 +1051,14 @@ void gnutls_privkey_set_pin_function (gnutls_privkey_t key,
* Since: 3.1.10
*
**/
-int
-gnutls_privkey_status (gnutls_privkey_t key)
+int gnutls_privkey_status(gnutls_privkey_t key)
{
- switch (key->type)
- {
+ switch (key->type) {
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_status (key->key.pkcs11);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_status(key->key.pkcs11);
#endif
- default:
- return 1;
- }
+ default:
+ return 1;
+ }
}
diff --git a/lib/gnutls_psk.c b/lib/gnutls_psk.c
index 496e94fac5..5765e86050 100644
--- a/lib/gnutls_psk.c
+++ b/lib/gnutls_psk.c
@@ -42,12 +42,11 @@
* This structure is complex enough to manipulate directly thus this
* helper function is provided in order to free (deallocate) it.
**/
-void
-gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc)
+void gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t sc)
{
- _gnutls_free_datum (&sc->username);
- _gnutls_free_datum (&sc->key);
- gnutls_free (sc);
+ _gnutls_free_datum(&sc->username);
+ _gnutls_free_datum(&sc->key);
+ gnutls_free(sc);
}
/**
@@ -61,14 +60,15 @@ gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc)
* an error code is returned.
**/
int
-gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc)
+gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t *
+ sc)
{
- *sc = gnutls_calloc (1, sizeof (psk_client_credentials_st));
+ *sc = gnutls_calloc(1, sizeof(psk_client_credentials_st));
- if (*sc == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
/**
@@ -90,60 +90,55 @@ gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc)
* an error code is returned.
**/
int
-gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
- const char *username,
- const gnutls_datum_t * key,
- gnutls_psk_key_flags flags)
+gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res,
+ const char *username,
+ const gnutls_datum_t * key,
+ gnutls_psk_key_flags flags)
{
- int ret;
-
- if (username == NULL || key == NULL || key->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_set_datum (&res->username, username, strlen (username));
- if (ret < 0)
- return ret;
-
- if (flags == GNUTLS_PSK_KEY_RAW)
- {
- if (_gnutls_set_datum (&res->key, key->data, key->size) < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
- }
- else
- { /* HEX key */
- size_t size;
- size = res->key.size = key->size / 2;
- res->key.data = gnutls_malloc (size);
- if (res->key.data == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- ret = gnutls_hex_decode (key, (char *) res->key.data, &size);
- res->key.size = (unsigned int) size;
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- }
-
- return 0;
-
-error:
- _gnutls_free_datum (&res->username);
-
- return ret;
+ int ret;
+
+ if (username == NULL || key == NULL || key->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_set_datum(&res->username, username, strlen(username));
+ if (ret < 0)
+ return ret;
+
+ if (flags == GNUTLS_PSK_KEY_RAW) {
+ if (_gnutls_set_datum(&res->key, key->data, key->size) < 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+ } else { /* HEX key */
+ size_t size;
+ size = res->key.size = key->size / 2;
+ res->key.data = gnutls_malloc(size);
+ if (res->key.data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ ret =
+ gnutls_hex_decode(key, (char *) res->key.data, &size);
+ res->key.size = (unsigned int) size;
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ }
+
+ return 0;
+
+ error:
+ _gnutls_free_datum(&res->username);
+
+ return ret;
}
/**
@@ -153,11 +148,10 @@ error:
* This structure is complex enough to manipulate directly thus this
* helper function is provided in order to free (deallocate) it.
**/
-void
-gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc)
+void gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc)
{
- gnutls_free (sc->password_file);
- gnutls_free (sc);
+ gnutls_free(sc->password_file);
+ gnutls_free(sc);
}
/**
@@ -171,14 +165,15 @@ gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc)
* an error code is returned.
**/
int
-gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t * sc)
+gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t *
+ sc)
{
- *sc = gnutls_calloc (1, sizeof (psk_server_cred_st));
+ *sc = gnutls_calloc(1, sizeof(psk_server_cred_st));
- if (*sc == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
@@ -195,31 +190,28 @@ gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t * sc)
* an error code is returned.
**/
int
-gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
- res, const char *password_file)
+gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t
+ res, const char *password_file)
{
- if (password_file == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the files can be opened */
- if (_gnutls_file_exists (password_file) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- res->password_file = gnutls_strdup (password_file);
- if (res->password_file == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ if (password_file == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the files can be opened */
+ if (_gnutls_file_exists(password_file) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ res->password_file = gnutls_strdup(password_file);
+ if (res->password_file == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -238,17 +230,16 @@ gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
* Since: 2.4.0
**/
int
-gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t res,
- const char *hint)
+gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t res,
+ const char *hint)
{
- res->hint = gnutls_strdup (hint);
- if (res->hint == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ res->hint = gnutls_strdup(hint);
+ if (res->hint == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -272,12 +263,12 @@ gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t res,
* an error.
**/
void
-gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t
- cred,
- gnutls_psk_server_credentials_function
- * func)
+gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t
+ cred,
+ gnutls_psk_server_credentials_function
+ * func)
{
- cred->pwd_callback = func;
+ cred->pwd_callback = func;
}
/**
@@ -301,12 +292,12 @@ gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t
* -1 indicates an error.
**/
void
-gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t
- cred,
- gnutls_psk_client_credentials_function
- * func)
+gnutls_psk_set_client_credentials_function(gnutls_psk_client_credentials_t
+ cred,
+ gnutls_psk_client_credentials_function
+ * func)
{
- cred->get_function = func;
+ cred->get_function = func;
}
@@ -319,21 +310,20 @@ gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t
*
* Returns: the username of the peer, or %NULL in case of an error.
**/
-const char *
-gnutls_psk_server_get_username (gnutls_session_t session)
+const char *gnutls_psk_server_get_username(gnutls_session_t session)
{
- psk_auth_info_t info;
+ psk_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_PSK, NULL);
+ CHECK_AUTH(GNUTLS_CRD_PSK, NULL);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return NULL;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return NULL;
- if (info->username[0] != 0)
- return info->username;
+ if (info->username[0] != 0)
+ return info->username;
- return NULL;
+ return NULL;
}
/**
@@ -348,21 +338,20 @@ gnutls_psk_server_get_username (gnutls_session_t session)
*
* Since: 2.4.0
**/
-const char *
-gnutls_psk_client_get_hint (gnutls_session_t session)
+const char *gnutls_psk_client_get_hint(gnutls_session_t session)
{
- psk_auth_info_t info;
+ psk_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_PSK, NULL);
+ CHECK_AUTH(GNUTLS_CRD_PSK, NULL);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return NULL;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return NULL;
- if (info->hint[0] != 0)
- return info->hint;
+ if (info->hint[0] != 0)
+ return info->hint;
- return NULL;
+ return NULL;
}
/**
@@ -375,10 +364,10 @@ gnutls_psk_client_get_hint (gnutls_session_t session)
* Diffie-Hellman exchange with PSK cipher suites.
**/
void
-gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
- gnutls_dh_params_t dh_params)
+gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res,
+ gnutls_dh_params_t dh_params)
{
- res->dh_params = dh_params;
+ res->dh_params = dh_params;
}
/**
@@ -391,10 +380,10 @@ gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
* should return %GNUTLS_E_SUCCESS (0) on success.
**/
void
-gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t res,
- gnutls_params_function * func)
+gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t res,
+ gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
-#endif /* ENABLE_PSK */
+#endif /* ENABLE_PSK */
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index f27caa6477..f2a871ca19 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -42,19 +42,18 @@
#define OPENPGP_KEY_SUBKEY 1
-int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st* params)
+int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params)
{
- switch(pk)
- {
- case GNUTLS_PK_RSA:
- return _gnutls_mpi_get_nbits(params->params[0]);
- case GNUTLS_PK_DSA:
- return _gnutls_mpi_get_nbits(params->params[3]);
- case GNUTLS_PK_EC:
- return gnutls_ecc_curve_get_size(params->flags)*8;
- default:
- return 0;
- }
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ return _gnutls_mpi_get_nbits(params->params[0]);
+ case GNUTLS_PK_DSA:
+ return _gnutls_mpi_get_nbits(params->params[3]);
+ case GNUTLS_PK_EC:
+ return gnutls_ecc_curve_get_size(params->flags) * 8;
+ default:
+ return 0;
+ }
}
/**
@@ -71,13 +70,12 @@ int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st* params)
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits)
+int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, unsigned int *bits)
{
- if (bits)
- *bits = key->bits;
+ if (bits)
+ *bits = key->bits;
- return key->pk_algorithm;
+ return key->pk_algorithm;
}
/**
@@ -92,13 +90,12 @@ gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits)
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage)
+int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage)
{
- if (usage)
- *usage = key->key_usage;
+ if (usage)
+ *usage = key->key_usage;
- return 0;
+ return 0;
}
/**
@@ -112,17 +109,15 @@ gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage)
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_init (gnutls_pubkey_t * key)
+int gnutls_pubkey_init(gnutls_pubkey_t * key)
{
- *key = gnutls_calloc (1, sizeof (struct gnutls_pubkey_st));
- if (*key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ *key = gnutls_calloc(1, sizeof(struct gnutls_pubkey_st));
+ if (*key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -133,13 +128,12 @@ gnutls_pubkey_init (gnutls_pubkey_t * key)
*
* Since: 2.12.0
**/
-void
-gnutls_pubkey_deinit (gnutls_pubkey_t key)
+void gnutls_pubkey_deinit(gnutls_pubkey_t key)
{
- if (!key)
- return;
- gnutls_pk_params_release (&key->params);
- gnutls_free (key);
+ if (!key)
+ return;
+ gnutls_pk_params_release(&key->params);
+ gnutls_free(key);
}
/**
@@ -157,25 +151,25 @@ gnutls_pubkey_deinit (gnutls_pubkey_t key)
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
- unsigned int flags)
+gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt,
+ unsigned int flags)
{
- int ret;
+ int ret;
- key->pk_algorithm = gnutls_x509_crt_get_pk_algorithm (crt, &key->bits);
+ key->pk_algorithm =
+ gnutls_x509_crt_get_pk_algorithm(crt, &key->bits);
- ret = gnutls_x509_crt_get_key_usage (crt, &key->key_usage, NULL);
- if (ret < 0)
- key->key_usage = 0;
+ ret = gnutls_x509_crt_get_key_usage(crt, &key->key_usage, NULL);
+ if (ret < 0)
+ key->key_usage = 0;
- ret = _gnutls_x509_crt_get_mpis (crt, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_crt_get_mpis(crt, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -193,25 +187,25 @@ gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
* Since: 3.1.5
**/
int
-gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq,
- unsigned int flags)
+gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, gnutls_x509_crq_t crq,
+ unsigned int flags)
{
- int ret;
+ int ret;
- key->pk_algorithm = gnutls_x509_crq_get_pk_algorithm (crq, &key->bits);
+ key->pk_algorithm =
+ gnutls_x509_crq_get_pk_algorithm(crq, &key->bits);
- ret = gnutls_x509_crq_get_key_usage (crq, &key->key_usage, NULL);
- if (ret < 0)
- key->key_usage = 0;
+ ret = gnutls_x509_crq_get_key_usage(crq, &key->key_usage, NULL);
+ if (ret < 0)
+ key->key_usage = 0;
- ret = _gnutls_x509_crq_get_mpis (crq, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_crq_get_mpis(crq, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -230,14 +224,15 @@ gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq,
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
- unsigned int usage, unsigned int flags)
+gnutls_pubkey_import_privkey(gnutls_pubkey_t key, gnutls_privkey_t pkey,
+ unsigned int usage, unsigned int flags)
{
- key->pk_algorithm = gnutls_privkey_get_pk_algorithm (pkey, &key->bits);
+ key->pk_algorithm =
+ gnutls_privkey_get_pk_algorithm(pkey, &key->bits);
- key->key_usage = usage;
+ key->key_usage = usage;
- return _gnutls_privkey_get_public_mpis (pkey, &key->params);
+ return _gnutls_privkey_get_public_mpis(pkey, &key->params);
}
/**
@@ -259,23 +254,21 @@ gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
* Since: 2.12.0
**/
int
-gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand)
+gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
- int ret;
+ int ret;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_pk_get_hash_algorithm (key->pk_algorithm,
- &key->params,
- hash, mand);
+ ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm,
+ &key->params, hash, mand);
- return ret;
+ return ret;
}
#ifdef ENABLE_PKCS11
@@ -295,83 +288,78 @@ gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
- gnutls_pkcs11_obj_t obj, unsigned int flags)
+gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
+ gnutls_pkcs11_obj_t obj, unsigned int flags)
{
- int ret, type;
-
- type = gnutls_pkcs11_obj_get_type (obj);
- if (type != GNUTLS_PKCS11_OBJ_PUBKEY && type != GNUTLS_PKCS11_OBJ_X509_CRT)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (type == GNUTLS_PKCS11_OBJ_X509_CRT)
- {
- gnutls_x509_crt_t xcrt;
-
- ret = gnutls_x509_crt_init (&xcrt);
- if (ret < 0)
- {
- gnutls_assert()
- return ret;
- }
-
- ret = gnutls_x509_crt_import_pkcs11 (xcrt, obj);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup_crt;
- }
-
- ret = gnutls_pubkey_import_x509 (key, xcrt, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup_crt;
- }
-
- gnutls_x509_crt_get_key_usage(xcrt, &key->key_usage, NULL);
-
- ret = 0;
-cleanup_crt:
- gnutls_x509_crt_deinit(xcrt);
- return ret;
- }
-
- key->key_usage = obj->key_usage;
-
- switch (obj->pk_algorithm)
- {
- case GNUTLS_PK_RSA:
- ret = gnutls_pubkey_import_rsa_raw (key, &obj->pubkey[0],
- &obj->pubkey[1]);
- break;
- case GNUTLS_PK_DSA:
- ret = gnutls_pubkey_import_dsa_raw (key, &obj->pubkey[0],
- &obj->pubkey[1],
- &obj->pubkey[2], &obj->pubkey[3]);
- break;
- case GNUTLS_PK_EC:
- ret = gnutls_pubkey_import_ecc_x962 (key, &obj->pubkey[0],
- &obj->pubkey[1]);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret, type;
+
+ type = gnutls_pkcs11_obj_get_type(obj);
+ if (type != GNUTLS_PKCS11_OBJ_PUBKEY
+ && type != GNUTLS_PKCS11_OBJ_X509_CRT) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (type == GNUTLS_PKCS11_OBJ_X509_CRT) {
+ gnutls_x509_crt_t xcrt;
+
+ ret = gnutls_x509_crt_init(&xcrt);
+ if (ret < 0) {
+ gnutls_assert()
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_import_pkcs11(xcrt, obj);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup_crt;
+ }
+
+ ret = gnutls_pubkey_import_x509(key, xcrt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup_crt;
+ }
+
+ gnutls_x509_crt_get_key_usage(xcrt, &key->key_usage, NULL);
+
+ ret = 0;
+ cleanup_crt:
+ gnutls_x509_crt_deinit(xcrt);
+ return ret;
+ }
+
+ key->key_usage = obj->key_usage;
+
+ switch (obj->pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ ret = gnutls_pubkey_import_rsa_raw(key, &obj->pubkey[0],
+ &obj->pubkey[1]);
+ break;
+ case GNUTLS_PK_DSA:
+ ret = gnutls_pubkey_import_dsa_raw(key, &obj->pubkey[0],
+ &obj->pubkey[1],
+ &obj->pubkey[2],
+ &obj->pubkey[3]);
+ break;
+ case GNUTLS_PK_EC:
+ ret = gnutls_pubkey_import_ecc_x962(key, &obj->pubkey[0],
+ &obj->pubkey[1]);
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-#endif /* ENABLE_PKCS11 */
+#endif /* ENABLE_PKCS11 */
#ifdef ENABLE_OPENPGP
@@ -392,69 +380,75 @@ cleanup_crt:
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
- gnutls_openpgp_crt_t crt,
- unsigned int flags)
+gnutls_pubkey_import_openpgp(gnutls_pubkey_t key,
+ gnutls_openpgp_crt_t crt, unsigned int flags)
{
- int ret, idx;
- uint32_t kid32[2];
- uint32_t *k;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- size_t len;
-
- len = sizeof(key->openpgp_key_fpr);
- ret = gnutls_openpgp_crt_get_fingerprint(crt, key->openpgp_key_fpr, &len);
- if (ret < 0)
- return gnutls_assert_val(ret);
- key->openpgp_key_fpr_set = 1;
-
- ret = gnutls_openpgp_crt_get_preferred_key_id (crt, keyid);
- if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
- {
- key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (crt, &key->bits);
- key->openpgp_key_id_set = OPENPGP_KEY_PRIMARY;
-
- ret = gnutls_openpgp_crt_get_key_id(crt, key->openpgp_key_id);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_openpgp_crt_get_key_usage (crt, &key->key_usage);
- if (ret < 0)
- key->key_usage = 0;
-
- k = NULL;
- }
- else
- {
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- key->openpgp_key_id_set = OPENPGP_KEY_SUBKEY;
-
- KEYID_IMPORT (kid32, keyid);
- k = kid32;
-
- idx = gnutls_openpgp_crt_get_subkey_idx (crt, keyid);
-
- ret = gnutls_openpgp_crt_get_subkey_id(crt, idx, key->openpgp_key_id);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_openpgp_crt_get_subkey_usage (crt, idx, &key->key_usage);
- if (ret < 0)
- key->key_usage = 0;
-
- key->pk_algorithm = gnutls_openpgp_crt_get_subkey_pk_algorithm (crt, idx, NULL);
- }
-
- ret =
- _gnutls_openpgp_crt_get_mpis (crt, k, &key->params);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
+ int ret, idx;
+ uint32_t kid32[2];
+ uint32_t *k;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ size_t len;
+
+ len = sizeof(key->openpgp_key_fpr);
+ ret =
+ gnutls_openpgp_crt_get_fingerprint(crt, key->openpgp_key_fpr,
+ &len);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ key->openpgp_key_fpr_set = 1;
+
+ ret = gnutls_openpgp_crt_get_preferred_key_id(crt, keyid);
+ if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR) {
+ key->pk_algorithm =
+ gnutls_openpgp_crt_get_pk_algorithm(crt, &key->bits);
+ key->openpgp_key_id_set = OPENPGP_KEY_PRIMARY;
+
+ ret =
+ gnutls_openpgp_crt_get_key_id(crt,
+ key->openpgp_key_id);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_openpgp_crt_get_key_usage(crt, &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ k = NULL;
+ } else {
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ key->openpgp_key_id_set = OPENPGP_KEY_SUBKEY;
+
+ KEYID_IMPORT(kid32, keyid);
+ k = kid32;
+
+ idx = gnutls_openpgp_crt_get_subkey_idx(crt, keyid);
+
+ ret =
+ gnutls_openpgp_crt_get_subkey_id(crt, idx,
+ key->openpgp_key_id);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_openpgp_crt_get_subkey_usage(crt, idx,
+ &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ key->pk_algorithm =
+ gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, idx,
+ NULL);
+ }
+
+ ret = _gnutls_openpgp_crt_get_mpis(crt, k, &key->params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
/**
@@ -483,54 +477,54 @@ gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
* Since: 3.0
**/
int
-gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size,
- unsigned int *subkey)
+gnutls_pubkey_get_openpgp_key_id(gnutls_pubkey_t key, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size,
+ unsigned int *subkey)
{
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (flags & GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT)
- {
- if (*output_data_size < sizeof(key->openpgp_key_fpr))
- {
- *output_data_size = sizeof(key->openpgp_key_fpr);
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- }
-
- if (key->openpgp_key_fpr_set == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (output_data)
- memcpy(output_data, key->openpgp_key_fpr, sizeof(key->openpgp_key_fpr));
- *output_data_size = sizeof(key->openpgp_key_fpr);
-
- return 0;
- }
-
- if (*output_data_size < sizeof(key->openpgp_key_id))
- {
- *output_data_size = sizeof(key->openpgp_key_id);
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- }
-
- if (key->openpgp_key_id_set == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (key->openpgp_key_id_set == OPENPGP_KEY_SUBKEY)
- if (subkey) *subkey = 1;
-
- if (output_data)
- {
- memcpy(output_data, key->openpgp_key_id, sizeof(key->openpgp_key_id));
- }
- *output_data_size = sizeof(key->openpgp_key_id);
-
- return 0;
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (flags & GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT) {
+ if (*output_data_size < sizeof(key->openpgp_key_fpr)) {
+ *output_data_size = sizeof(key->openpgp_key_fpr);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_SHORT_MEMORY_BUFFER);
+ }
+
+ if (key->openpgp_key_fpr_set == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (output_data)
+ memcpy(output_data, key->openpgp_key_fpr,
+ sizeof(key->openpgp_key_fpr));
+ *output_data_size = sizeof(key->openpgp_key_fpr);
+
+ return 0;
+ }
+
+ if (*output_data_size < sizeof(key->openpgp_key_id)) {
+ *output_data_size = sizeof(key->openpgp_key_id);
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ }
+
+ if (key->openpgp_key_id_set == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (key->openpgp_key_id_set == OPENPGP_KEY_SUBKEY)
+ if (subkey)
+ *subkey = 1;
+
+ if (output_data) {
+ memcpy(output_data, key->openpgp_key_id,
+ sizeof(key->openpgp_key_id));
+ }
+ *output_data_size = sizeof(key->openpgp_key_id);
+
+ return 0;
}
/**
@@ -549,49 +543,46 @@ gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key, unsigned int flags,
*
* Since: 3.1.3
**/
-int gnutls_pubkey_import_openpgp_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const gnutls_openpgp_keyid_t keyid,
- unsigned int flags)
+int gnutls_pubkey_import_openpgp_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const gnutls_openpgp_keyid_t keyid,
+ unsigned int flags)
{
- gnutls_openpgp_crt_t xpriv;
- int ret;
-
- ret = gnutls_openpgp_crt_init(&xpriv);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_openpgp_crt_import(xpriv, data, format);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if(keyid)
- {
- ret = gnutls_openpgp_crt_set_preferred_key_id(xpriv, keyid);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = gnutls_pubkey_import_openpgp(pkey, xpriv, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_openpgp_crt_deinit(xpriv);
-
- return ret;
+ gnutls_openpgp_crt_t xpriv;
+ int ret;
+
+ ret = gnutls_openpgp_crt_init(&xpriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_openpgp_crt_import(xpriv, data, format);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (keyid) {
+ ret =
+ gnutls_openpgp_crt_set_preferred_key_id(xpriv, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = gnutls_pubkey_import_openpgp(pkey, xpriv, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_openpgp_crt_deinit(xpriv);
+
+ return ret;
}
#endif
@@ -621,52 +612,49 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_pubkey_export (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_pubkey_export(gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result =
- _gnutls_x509_encode_and_copy_PKI_params (spk, "",
- key->pk_algorithm,
- &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_export_int_named (spk, "",
- format, PK_PEM_HEADER,
- output_data, output_data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
-
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_encode_and_copy_PKI_params(spk, "",
+ key->pk_algorithm,
+ &key->params);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_export_int_named(spk, "",
+ format, PK_PEM_HEADER,
+ output_data,
+ output_data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+
+ return result;
}
/**
@@ -690,51 +678,47 @@ cleanup:
* Since: 3.1.3
**/
int
-gnutls_pubkey_export2 (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out)
+gnutls_pubkey_export2(gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result =
- _gnutls_x509_encode_and_copy_PKI_params (spk, "",
- key->pk_algorithm,
- &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_export_int_named2 (spk, "",
- format, PK_PEM_HEADER, out);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
-
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_encode_and_copy_PKI_params(spk, "",
+ key->pk_algorithm,
+ &key->params);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_export_int_named2(spk, "",
+ format, PK_PEM_HEADER,
+ out);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+
+ return result;
}
/**
@@ -760,28 +744,26 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int ret = 0;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- _gnutls_get_key_id (key->pk_algorithm, &key->params,
- output_data, output_data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ int ret = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_get_key_id(key->pk_algorithm, &key->params,
+ output_data, output_data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -799,39 +781,35 @@ gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
* Since: 2.12.0
**/
int
-gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e)
+gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key->pk_algorithm != GNUTLS_PK_RSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_mpi_dprint_lz (key->params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint_lz (key->params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_mpi_dprint_lz(key->params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint_lz(key->params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -851,65 +829,59 @@ gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
* Since: 2.12.0
**/
int
-gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key->pk_algorithm != GNUTLS_PK_DSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint_lz (key->params.params[0], p);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint_lz (key->params.params[1], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- return ret;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint_lz (key->params.params[2], g);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- return ret;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint_lz (key->params.params[3], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_DSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[0], p);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[1], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ return ret;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[2], g);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[3], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -928,43 +900,40 @@ gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
* Since: 3.0
**/
int
-gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t *curve,
- gnutls_datum_t * x, gnutls_datum_t * y)
+gnutls_pubkey_get_pk_ecc_raw(gnutls_pubkey_t key,
+ gnutls_ecc_curve_t * curve,
+ gnutls_datum_t * x, gnutls_datum_t * y)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key->pk_algorithm != GNUTLS_PK_EC)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- *curve = key->params.flags;
-
- /* X */
- ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_X], x);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Y */
- ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_Y], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (x);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_EC) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *curve = key->params.flags;
+
+ /* X */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_X], x);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_Y], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(x);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -981,26 +950,26 @@ gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t *curve,
*
* Since: 3.0
**/
-int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key, gnutls_datum_t* parameters,
- gnutls_datum_t * ecpoint)
+int gnutls_pubkey_get_pk_ecc_x962(gnutls_pubkey_t key,
+ gnutls_datum_t * parameters,
+ gnutls_datum_t * ecpoint)
{
- int ret;
-
- if (key == NULL || key->pk_algorithm != GNUTLS_PK_EC)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = _gnutls_x509_write_ecc_pubkey(&key->params, ecpoint);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_x509_write_ecc_params(&key->params, parameters);
- if (ret < 0)
- {
- _gnutls_free_datum(ecpoint);
- return gnutls_assert_val(ret);
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL || key->pk_algorithm != GNUTLS_PK_EC)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = _gnutls_x509_write_ecc_pubkey(&key->params, ecpoint);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_x509_write_ecc_params(&key->params, parameters);
+ if (ret < 0) {
+ _gnutls_free_datum(ecpoint);
+ return gnutls_assert_val(ret);
+ }
+
+ return 0;
}
/**
@@ -1021,78 +990,73 @@ int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key, gnutls_datum_t* paramete
* Since: 2.12.0
**/
int
-gnutls_pubkey_import (gnutls_pubkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+gnutls_pubkey_import(gnutls_pubkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
- ASN1_TYPE spk;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- /* Try the first header */
- result =
- _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- need_free = 1;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_decoding (&spk, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = _gnutls_get_asn_mpis (spk, "", &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* this has already been called by get_asn_mpis() thus it cannot
- * fail.
- */
- key->pk_algorithm = _gnutls_x509_get_pk_algorithm (spk, "", NULL);
- key->bits = pubkey_to_bits(key->pk_algorithm, &key->params);
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
-
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+ ASN1_TYPE spk;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode(PK_PEM_HEADER, data->data,
+ data->size, &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ need_free = 1;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding(&spk, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = _gnutls_get_asn_mpis(spk, "", &key->params);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* this has already been called by get_asn_mpis() thus it cannot
+ * fail.
+ */
+ key->pk_algorithm = _gnutls_x509_get_pk_algorithm(spk, "", NULL);
+ key->bits = pubkey_to_bits(key->pk_algorithm, &key->params);
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
/**
@@ -1108,32 +1072,29 @@ cleanup:
*
* Since: 2.12.0
**/
-int
-gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key)
+int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key)
{
- int result;
+ int result;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- key->pk_algorithm,
- &key->params);
+ result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ key->pk_algorithm,
+ &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- if (key->key_usage)
- gnutls_x509_crt_set_key_usage (crt, key->key_usage);
+ if (key->key_usage)
+ gnutls_x509_crt_set_key_usage(crt, key->key_usage);
- return 0;
+ return 0;
}
/**
@@ -1149,32 +1110,29 @@ gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key)
*
* Since: 2.12.0
**/
-int
-gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key)
+int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key)
{
- int result;
+ int result;
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_encode_and_copy_PKI_params
- (crq->crq,
- "certificationRequestInfo.subjectPKInfo",
- key->pk_algorithm, &key->params);
+ result = _gnutls_x509_encode_and_copy_PKI_params
+ (crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ key->pk_algorithm, &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- if (key->key_usage)
- gnutls_x509_crq_set_key_usage (crq, key->key_usage);
+ if (key->key_usage)
+ gnutls_x509_crq_set_key_usage(crq, key->key_usage);
- return 0;
+ return 0;
}
/**
@@ -1191,12 +1149,11 @@ gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key)
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage)
+int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage)
{
- key->key_usage = usage;
+ key->key_usage = usage;
- return 0;
+ return 0;
}
#ifdef ENABLE_PKCS11
@@ -1216,45 +1173,43 @@ gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage)
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
- unsigned int flags)
+gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
+ unsigned int flags)
{
- gnutls_pkcs11_obj_t pcrt;
- int ret;
-
- ret = gnutls_pkcs11_obj_init (&pcrt);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (key->pin.cb)
- gnutls_pkcs11_obj_set_pin_function(pcrt, key->pin.cb, key->pin.data);
-
- ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_pkcs11 (key, pcrt, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-cleanup:
-
- gnutls_pkcs11_obj_deinit (pcrt);
-
- return ret;
+ gnutls_pkcs11_obj_t pcrt;
+ int ret;
+
+ ret = gnutls_pkcs11_obj_init(&pcrt);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (key->pin.cb)
+ gnutls_pkcs11_obj_set_pin_function(pcrt, key->pin.cb,
+ key->pin.data);
+
+ ret = gnutls_pkcs11_obj_import_url(pcrt, url, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_pkcs11(key, pcrt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+
+ gnutls_pkcs11_obj_deinit(pcrt);
+
+ return ret;
}
-#endif /* ENABLE_PKCS11 */
+#endif /* ENABLE_PKCS11 */
/**
* gnutls_pubkey_import_url:
@@ -1271,24 +1226,24 @@ cleanup:
* Since: 3.1.0
**/
int
-gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url,
- unsigned int flags)
+gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url,
+ unsigned int flags)
{
- if (strncmp(url, "pkcs11:", 7) == 0)
+ if (strncmp(url, "pkcs11:", 7) == 0)
#ifdef ENABLE_PKCS11
- return gnutls_pubkey_import_pkcs11_url(key, url, flags);
+ return gnutls_pubkey_import_pkcs11_url(key, url, flags);
#else
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
#endif
- if (strncmp(url, "tpmkey:", 7) == 0)
+ if (strncmp(url, "tpmkey:", 7) == 0)
#ifdef HAVE_TROUSERS
- return gnutls_pubkey_import_tpm_url(key, url, NULL, 0);
+ return gnutls_pubkey_import_tpm_url(key, url, NULL, 0);
#else
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
#endif
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
/**
@@ -1306,40 +1261,37 @@ gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url,
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e)
+gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e)
{
- size_t siz = 0;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- gnutls_pk_params_init(&key->params);
-
- siz = m->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[0], m->data, siz))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = e->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[1], e->data, siz))
- {
- gnutls_assert ();
- _gnutls_mpi_release (&key->params.params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- key->params.params_nr = RSA_PUBLIC_PARAMS;
- key->pk_algorithm = GNUTLS_PK_RSA;
- key->bits = pubkey_to_bits(GNUTLS_PK_RSA, &key->params);
-
- return 0;
+ size_t siz = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ gnutls_pk_params_init(&key->params);
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[0], m->data, siz)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[1], e->data, siz)) {
+ gnutls_assert();
+ _gnutls_mpi_release(&key->params.params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ key->params.params_nr = RSA_PUBLIC_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_RSA;
+ key->bits = pubkey_to_bits(GNUTLS_PK_RSA, &key->params);
+
+ return 0;
}
/**
@@ -1358,43 +1310,42 @@ gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
* Since: 3.0
**/
int
-gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key,
- gnutls_ecc_curve_t curve,
- const gnutls_datum_t * x,
- const gnutls_datum_t * y)
+gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key,
+ gnutls_ecc_curve_t curve,
+ const gnutls_datum_t * x,
+ const gnutls_datum_t * y)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- key->params.flags = curve;
-
- if (_gnutls_mpi_scan_nz (&key->params.params[ECC_X], x->data, x->size))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- if (_gnutls_mpi_scan_nz (&key->params.params[ECC_Y], y->data, y->size))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
- key->pk_algorithm = GNUTLS_PK_EC;
-
- return 0;
-
-cleanup:
- gnutls_pk_params_release(&key->params);
- return ret;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ key->params.flags = curve;
+
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[ECC_X], x->data, x->size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[ECC_Y], y->data, y->size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+ key->pk_algorithm = GNUTLS_PK_EC;
+
+ return 0;
+
+ cleanup:
+ gnutls_pk_params_release(&key->params);
+ return ret;
}
/**
@@ -1412,43 +1363,42 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_pubkey_import_ecc_x962 (gnutls_pubkey_t key,
- const gnutls_datum_t * parameters,
- const gnutls_datum_t * ecpoint)
+gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
+ const gnutls_datum_t * parameters,
+ const gnutls_datum_t * ecpoint)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- key->params.params_nr = 0;
-
- ret = _gnutls_x509_read_ecc_params(parameters->data, parameters->size,
- &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_ecc_ansi_x963_import(ecpoint->data, ecpoint->size,
- &key->params.params[ECC_X], &key->params.params[ECC_Y]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- key->params.params_nr+=2;
- key->pk_algorithm = GNUTLS_PK_EC;
-
- return 0;
-
-cleanup:
- gnutls_pk_params_release(&key->params);
- return ret;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ key->params.params_nr = 0;
+
+ ret =
+ _gnutls_x509_read_ecc_params(parameters->data,
+ parameters->size, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_ecc_ansi_x963_import(ecpoint->data, ecpoint->size,
+ &key->params.params[ECC_X],
+ &key->params.params[ECC_Y]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ key->params.params_nr += 2;
+ key->pk_algorithm = GNUTLS_PK_EC;
+
+ return 0;
+
+ cleanup:
+ gnutls_pk_params_release(&key->params);
+ return ret;
}
/**
@@ -1469,61 +1419,56 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y)
+gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y)
{
- size_t siz = 0;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- gnutls_pk_params_init(&key->params);
-
- siz = p->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[0], p->data, siz))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = q->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[1], q->data, siz))
- {
- gnutls_assert ();
- _gnutls_mpi_release (&key->params.params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = g->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[2], g->data, siz))
- {
- gnutls_assert ();
- _gnutls_mpi_release (&key->params.params[1]);
- _gnutls_mpi_release (&key->params.params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = y->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[3], y->data, siz))
- {
- gnutls_assert ();
- _gnutls_mpi_release (&key->params.params[2]);
- _gnutls_mpi_release (&key->params.params[1]);
- _gnutls_mpi_release (&key->params.params[0]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- key->params.params_nr = DSA_PUBLIC_PARAMS;
- key->pk_algorithm = GNUTLS_PK_DSA;
- key->bits = pubkey_to_bits(GNUTLS_PK_DSA, &key->params);
-
- return 0;
+ size_t siz = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ gnutls_pk_params_init(&key->params);
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[0], p->data, siz)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[1], q->data, siz)) {
+ gnutls_assert();
+ _gnutls_mpi_release(&key->params.params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = g->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[2], g->data, siz)) {
+ gnutls_assert();
+ _gnutls_mpi_release(&key->params.params[1]);
+ _gnutls_mpi_release(&key->params.params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = y->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[3], y->data, siz)) {
+ gnutls_assert();
+ _gnutls_mpi_release(&key->params.params[2]);
+ _gnutls_mpi_release(&key->params.params[1]);
+ _gnutls_mpi_release(&key->params.params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ key->params.params_nr = DSA_PUBLIC_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ key->bits = pubkey_to_bits(GNUTLS_PK_DSA, &key->params);
+
+ return 0;
}
@@ -1546,34 +1491,32 @@ gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
* Since: 2.12.0
**/
int
-gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey, unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_data(gnutls_pubkey_t pubkey, unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
{
- int ret;
- gnutls_digest_algorithm_t hash;
-
- if (pubkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = gnutls_pubkey_get_verify_algorithm (pubkey, signature, &hash);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = pubkey_verify_data( pubkey->pk_algorithm, mac_to_entry(hash),
- data, signature, &pubkey->params);
- if (ret < 0)
- {
- gnutls_assert();
- }
-
- return ret;
+ int ret;
+ gnutls_digest_algorithm_t hash;
+
+ if (pubkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = gnutls_pubkey_get_verify_algorithm(pubkey, signature, &hash);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = pubkey_verify_data(pubkey->pk_algorithm, mac_to_entry(hash),
+ data, signature, &pubkey->params);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
/**
@@ -1593,33 +1536,31 @@ gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey, unsigned int flags,
* Since: 3.0
**/
int
-gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
- gnutls_sign_algorithm_t algo,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey,
+ gnutls_sign_algorithm_t algo,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
{
- int ret;
- const mac_entry_st* me;
-
- if (pubkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo));
- ret = pubkey_verify_data( pubkey->pk_algorithm, me,
- data, signature, &pubkey->params);
- if (ret < 0)
- {
- gnutls_assert();
- }
-
- return ret;
+ int ret;
+ const mac_entry_st *me;
+
+ if (pubkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo));
+ ret = pubkey_verify_data(pubkey->pk_algorithm, me,
+ data, signature, &pubkey->params);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
@@ -1642,19 +1583,22 @@ gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
* Since: 2.12.0
**/
int
-gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_hash(gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
{
-gnutls_digest_algorithm_t algo;
-int ret;
-
- ret = gnutls_pubkey_get_verify_algorithm (key, signature, &algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return gnutls_pubkey_verify_hash2(key, gnutls_pk_to_sign(key->pk_algorithm, algo),
- flags, hash, signature);
+ gnutls_digest_algorithm_t algo;
+ int ret;
+
+ ret = gnutls_pubkey_get_verify_algorithm(key, signature, &algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return gnutls_pubkey_verify_hash2(key,
+ gnutls_pk_to_sign(key->
+ pk_algorithm,
+ algo), flags,
+ hash, signature);
}
/**
@@ -1674,30 +1618,28 @@ int ret;
* Since: 3.0
**/
int
-gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key,
- gnutls_sign_algorithm_t algo,
- unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_hash2(gnutls_pubkey_t key,
+ gnutls_sign_algorithm_t algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
{
- const mac_entry_st* me;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
- {
- return _gnutls_pk_verify (GNUTLS_PK_RSA, hash, signature, &key->params);
- }
- else
- {
- me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo));
- return pubkey_verify_hashed_data (key->pk_algorithm, me,
- hash, signature, &key->params);
- }
+ const mac_entry_st *me;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA) {
+ return _gnutls_pk_verify(GNUTLS_PK_RSA, hash, signature,
+ &key->params);
+ } else {
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo));
+ return pubkey_verify_hashed_data(key->pk_algorithm, me,
+ hash, signature,
+ &key->params);
+ }
}
/**
@@ -1716,18 +1658,17 @@ gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key,
* Since: 3.0
**/
int
-gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * plaintext,
- gnutls_datum_t * ciphertext)
+gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t * plaintext,
+ gnutls_datum_t * ciphertext)
{
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_pk_encrypt (key->pk_algorithm, ciphertext,
- plaintext, &key->params);
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_pk_encrypt(key->pk_algorithm, ciphertext,
+ plaintext, &key->params);
}
/**
@@ -1745,19 +1686,18 @@ gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags,
* Since: 2.12.0
**/
int
-gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
+gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
{
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_verify_algorithm (hash, signature,
- key->pk_algorithm,
- &key->params);
+ return _gnutls_x509_verify_algorithm(hash, signature,
+ key->pk_algorithm,
+ &key->params);
}
@@ -1766,68 +1706,75 @@ gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
* it may be null.
*/
int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session,
- gnutls_pubkey_t pubkey,
- const version_entry_st* ver,
- gnutls_sign_algorithm_t sign)
+ gnutls_pubkey_t pubkey,
+ const version_entry_st * ver,
+ gnutls_sign_algorithm_t sign)
{
-unsigned int hash_size;
-unsigned int sig_hash_size;
-const mac_entry_st* me;
-
- if (pubkey->pk_algorithm == GNUTLS_PK_DSA)
- {
- me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size);
-
- /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */
- if (!_gnutls_version_has_selectable_sighash (ver))
- {
- if (me->id != GNUTLS_MAC_SHA1)
- return gnutls_assert_val(GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
- }
- else if (sign != GNUTLS_SIGN_UNKNOWN)
- {
- me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign));
- sig_hash_size = _gnutls_hash_get_algo_len(me);
- if (sig_hash_size < hash_size)
- _gnutls_audit_log(session, "The hash size used in signature (%u) is less than the expected (%u)\n", sig_hash_size, hash_size);
- }
-
- }
- else if (pubkey->pk_algorithm == GNUTLS_PK_EC)
- {
- if (_gnutls_version_has_selectable_sighash (ver) && sign != GNUTLS_SIGN_UNKNOWN)
- {
- me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size);
-
- me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign));
- sig_hash_size = _gnutls_hash_get_algo_len(me);
-
- if (sig_hash_size < hash_size)
- _gnutls_audit_log(session, "The hash size used in signature (%u) is less than the expected (%u)\n", sig_hash_size, hash_size);
- }
-
- }
-
- return 0;
+ unsigned int hash_size;
+ unsigned int sig_hash_size;
+ const mac_entry_st *me;
+
+ if (pubkey->pk_algorithm == GNUTLS_PK_DSA) {
+ me = _gnutls_dsa_q_to_hash(pubkey->pk_algorithm,
+ &pubkey->params, &hash_size);
+
+ /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */
+ if (!_gnutls_version_has_selectable_sighash(ver)) {
+ if (me->id != GNUTLS_MAC_SHA1)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
+ } else if (sign != GNUTLS_SIGN_UNKNOWN) {
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm
+ (sign));
+ sig_hash_size = _gnutls_hash_get_algo_len(me);
+ if (sig_hash_size < hash_size)
+ _gnutls_audit_log(session,
+ "The hash size used in signature (%u) is less than the expected (%u)\n",
+ sig_hash_size,
+ hash_size);
+ }
+
+ } else if (pubkey->pk_algorithm == GNUTLS_PK_EC) {
+ if (_gnutls_version_has_selectable_sighash(ver)
+ && sign != GNUTLS_SIGN_UNKNOWN) {
+ me = _gnutls_dsa_q_to_hash(pubkey->pk_algorithm,
+ &pubkey->params,
+ &hash_size);
+
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm
+ (sign));
+ sig_hash_size = _gnutls_hash_get_algo_len(me);
+
+ if (sig_hash_size < hash_size)
+ _gnutls_audit_log(session,
+ "The hash size used in signature (%u) is less than the expected (%u)\n",
+ sig_hash_size,
+ hash_size);
+ }
+
+ }
+
+ return 0;
}
/* Returns zero if the public key has more than 512 bits */
int _gnutls_pubkey_is_over_rsa_512(gnutls_pubkey_t pubkey)
{
- if (pubkey->pk_algorithm == GNUTLS_PK_RSA && _gnutls_mpi_get_nbits (pubkey->params.params[0]) > 512)
- return 0;
- else
- return GNUTLS_E_INVALID_REQUEST; /* doesn't matter */
+ if (pubkey->pk_algorithm == GNUTLS_PK_RSA
+ && _gnutls_mpi_get_nbits(pubkey->params.params[0]) > 512)
+ return 0;
+ else
+ return GNUTLS_E_INVALID_REQUEST; /* doesn't matter */
}
/* Returns the public key.
*/
int
-_gnutls_pubkey_get_mpis (gnutls_pubkey_t key,
- gnutls_pk_params_st * params)
+_gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st * params)
{
- return _gnutls_pk_params_copy(params, &key->params);
+ return _gnutls_pk_params_copy(params, &key->params);
}
/* if hash==MD5 then we do RSA-MD5
@@ -1836,252 +1783,242 @@ _gnutls_pubkey_get_mpis (gnutls_pubkey_t key,
* params[1] is public key
*/
static int
-_pkcs1_rsa_verify_sig (const mac_entry_st* me,
- const gnutls_datum_t * text,
- const gnutls_datum_t * prehash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * params)
+_pkcs1_rsa_verify_sig(const mac_entry_st * me,
+ const gnutls_datum_t * text,
+ const gnutls_datum_t * prehash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * params)
{
- int ret;
- uint8_t md[MAX_HASH_SIZE], *cmp;
- unsigned int digest_size;
- gnutls_datum_t d, di;
- digest_hd_st hd;
-
- digest_size = _gnutls_hash_get_algo_len (me);
- if (prehash)
- {
- if (prehash->data == NULL || prehash->size != digest_size)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- cmp = prehash->data;
- }
- else
- {
- if (!text)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_hash_init (&hd, me);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&hd, text->data, text->size);
- _gnutls_hash_deinit (&hd, md);
-
- cmp = md;
- }
-
- d.data = cmp;
- d.size = digest_size;
-
- /* decrypted is a BER encoded data of type DigestInfo
- */
- ret = encode_ber_digest_info (me, &d, &di);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_pk_verify (GNUTLS_PK_RSA, &di, signature, params);
- _gnutls_free_datum (&di);
-
- return ret;
+ int ret;
+ uint8_t md[MAX_HASH_SIZE], *cmp;
+ unsigned int digest_size;
+ gnutls_datum_t d, di;
+ digest_hd_st hd;
+
+ digest_size = _gnutls_hash_get_algo_len(me);
+ if (prehash) {
+ if (prehash->data == NULL || prehash->size != digest_size)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ cmp = prehash->data;
+ } else {
+ if (!text) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_hash_init(&hd, me);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&hd, text->data, text->size);
+ _gnutls_hash_deinit(&hd, md);
+
+ cmp = md;
+ }
+
+ d.data = cmp;
+ d.size = digest_size;
+
+ /* decrypted is a BER encoded data of type DigestInfo
+ */
+ ret = encode_ber_digest_info(me, &d, &di);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_pk_verify(GNUTLS_PK_RSA, &di, signature, params);
+ _gnutls_free_datum(&di);
+
+ return ret;
}
/* Hashes input data and verifies a signature.
*/
static int
-dsa_verify_hashed_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st* algo,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st* params)
+dsa_verify_hashed_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * algo,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * params)
{
- gnutls_datum_t digest;
- unsigned int hash_len;
-
- if (algo == NULL)
- algo = _gnutls_dsa_q_to_hash(pk, params, &hash_len);
- else
- hash_len = _gnutls_hash_get_algo_len(algo);
-
- /* SHA1 or better allowed */
- if (!hash->data || hash->size < hash_len)
- {
- gnutls_assert();
- _gnutls_debug_log("Hash size (%d) does not correspond to hash %s(%d) or better.\n",
- (int)hash->size, _gnutls_mac_get_name(algo), hash_len);
-
- if (hash->size != 20) /* SHA1 is allowed */
- return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
- }
-
- digest.data = hash->data;
- digest.size = hash->size;
-
- return _gnutls_pk_verify (pk, &digest, signature, params);
+ gnutls_datum_t digest;
+ unsigned int hash_len;
+
+ if (algo == NULL)
+ algo = _gnutls_dsa_q_to_hash(pk, params, &hash_len);
+ else
+ hash_len = _gnutls_hash_get_algo_len(algo);
+
+ /* SHA1 or better allowed */
+ if (!hash->data || hash->size < hash_len) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Hash size (%d) does not correspond to hash %s(%d) or better.\n",
+ (int) hash->size, _gnutls_mac_get_name(algo),
+ hash_len);
+
+ if (hash->size != 20) /* SHA1 is allowed */
+ return
+ gnutls_assert_val
+ (GNUTLS_E_PK_SIG_VERIFY_FAILED);
+ }
+
+ digest.data = hash->data;
+ digest.size = hash->size;
+
+ return _gnutls_pk_verify(pk, &digest, signature, params);
}
static int
-dsa_verify_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st* algo,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st* params)
+dsa_verify_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * algo,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * params)
{
- int ret;
- uint8_t _digest[MAX_HASH_SIZE];
- gnutls_datum_t digest;
- digest_hd_st hd;
+ int ret;
+ uint8_t _digest[MAX_HASH_SIZE];
+ gnutls_datum_t digest;
+ digest_hd_st hd;
- if (algo == NULL)
- algo = _gnutls_dsa_q_to_hash (pk, params, NULL);
+ if (algo == NULL)
+ algo = _gnutls_dsa_q_to_hash(pk, params, NULL);
- ret = _gnutls_hash_init (&hd, algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_hash_init(&hd, algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- _gnutls_hash (&hd, data->data, data->size);
- _gnutls_hash_deinit (&hd, _digest);
+ _gnutls_hash(&hd, data->data, data->size);
+ _gnutls_hash_deinit(&hd, _digest);
- digest.data = _digest;
- digest.size = _gnutls_hash_get_algo_len(algo);
+ digest.data = _digest;
+ digest.size = _gnutls_hash_get_algo_len(algo);
- return _gnutls_pk_verify (pk, &digest, signature, params);
+ return _gnutls_pk_verify(pk, &digest, signature, params);
}
/* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if
* not verified, or 1 otherwise.
*/
int
-pubkey_verify_hashed_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st* hash_algo,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * issuer_params)
+pubkey_verify_hashed_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * hash_algo,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * issuer_params)
{
- switch (pk)
- {
- case GNUTLS_PK_RSA:
-
- if (_pkcs1_rsa_verify_sig
- (hash_algo, NULL, hash, signature, issuer_params) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- return 1;
- break;
-
- case GNUTLS_PK_EC:
- case GNUTLS_PK_DSA:
- if (dsa_verify_hashed_data(pk, hash_algo, hash, signature, issuer_params) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- return 1;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
-
- }
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+
+ if (_pkcs1_rsa_verify_sig
+ (hash_algo, NULL, hash, signature, issuer_params) != 0)
+ {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 1;
+ break;
+
+ case GNUTLS_PK_EC:
+ case GNUTLS_PK_DSA:
+ if (dsa_verify_hashed_data
+ (pk, hash_algo, hash, signature, issuer_params) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 1;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ }
}
/* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if
* not verified, or 1 otherwise.
*/
int
-pubkey_verify_data (gnutls_pk_algorithm_t pk,
- const mac_entry_st* me,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * issuer_params)
+pubkey_verify_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * me,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ gnutls_pk_params_st * issuer_params)
{
- switch (pk)
- {
- case GNUTLS_PK_RSA:
-
- if (_pkcs1_rsa_verify_sig
- (me, data, NULL, signature, issuer_params) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- return 1;
- break;
-
- case GNUTLS_PK_EC:
- case GNUTLS_PK_DSA:
- if (dsa_verify_data(pk, me, data, signature, issuer_params) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- return 1;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
-
- }
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+
+ if (_pkcs1_rsa_verify_sig
+ (me, data, NULL, signature, issuer_params) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 1;
+ break;
+
+ case GNUTLS_PK_EC:
+ case GNUTLS_PK_DSA:
+ if (dsa_verify_data(pk, me, data, signature, issuer_params)
+ != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 1;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ }
}
-const mac_entry_st*
-_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* params,
- unsigned int* hash_len)
+const mac_entry_st *_gnutls_dsa_q_to_hash(gnutls_pk_algorithm_t algo,
+ const gnutls_pk_params_st *
+ params, unsigned int *hash_len)
{
- int bits = 0;
- int ret;
-
- if (algo == GNUTLS_PK_DSA)
- bits = _gnutls_mpi_get_nbits (params->params[1]);
- else if (algo == GNUTLS_PK_EC)
- bits = gnutls_ecc_curve_get_size(params->flags)*8;
-
- if (bits <= 160)
- {
- if (hash_len) *hash_len = 20;
- ret = GNUTLS_DIG_SHA1;
- }
- else if (bits <= 192)
- {
- if (hash_len) *hash_len = 24;
- ret = GNUTLS_DIG_SHA256;
- }
- else if (bits <= 224)
- {
- if (hash_len) *hash_len = 28;
- ret = GNUTLS_DIG_SHA256;
- }
- else if (bits <= 256)
- {
- if (hash_len) *hash_len = 32;
- ret = GNUTLS_DIG_SHA256;
- }
- else if (bits <= 384)
- {
- if (hash_len) *hash_len = 48;
- ret = GNUTLS_DIG_SHA384;
- }
- else
- {
- if (hash_len) *hash_len = 64;
- ret = GNUTLS_DIG_SHA512;
- }
-
- return mac_to_entry(ret);
+ int bits = 0;
+ int ret;
+
+ if (algo == GNUTLS_PK_DSA)
+ bits = _gnutls_mpi_get_nbits(params->params[1]);
+ else if (algo == GNUTLS_PK_EC)
+ bits = gnutls_ecc_curve_get_size(params->flags) * 8;
+
+ if (bits <= 160) {
+ if (hash_len)
+ *hash_len = 20;
+ ret = GNUTLS_DIG_SHA1;
+ } else if (bits <= 192) {
+ if (hash_len)
+ *hash_len = 24;
+ ret = GNUTLS_DIG_SHA256;
+ } else if (bits <= 224) {
+ if (hash_len)
+ *hash_len = 28;
+ ret = GNUTLS_DIG_SHA256;
+ } else if (bits <= 256) {
+ if (hash_len)
+ *hash_len = 32;
+ ret = GNUTLS_DIG_SHA256;
+ } else if (bits <= 384) {
+ if (hash_len)
+ *hash_len = 48;
+ ret = GNUTLS_DIG_SHA384;
+ } else {
+ if (hash_len)
+ *hash_len = 64;
+ ret = GNUTLS_DIG_SHA512;
+ }
+
+ return mac_to_entry(ret);
}
/**
@@ -2100,11 +2037,12 @@ _gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* pa
* Since: 3.1.0
*
**/
-void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key,
- gnutls_pin_callback_t fn, void *userdata)
+void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key,
+ gnutls_pin_callback_t fn,
+ void *userdata)
{
- key->pin.cb = fn;
- key->pin.data = userdata;
+ key->pin.cb = fn;
+ key->pin.data = userdata;
}
/**
@@ -2122,37 +2060,34 @@ void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key,
*
* Since: 3.1.3
**/
-int gnutls_pubkey_import_x509_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- unsigned int flags)
+int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
{
- gnutls_x509_crt_t xpriv;
- int ret;
-
- ret = gnutls_x509_crt_init(&xpriv);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_crt_import(xpriv, data, format);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_x509(pkey, xpriv, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- gnutls_x509_crt_deinit(xpriv);
-
- return ret;
-}
+ gnutls_x509_crt_t xpriv;
+ int ret;
+ ret = gnutls_x509_crt_init(&xpriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_x509_crt_import(xpriv, data, format);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_x509(pkey, xpriv, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_x509_crt_deinit(xpriv);
+
+ return ret;
+}
diff --git a/lib/gnutls_range.c b/lib/gnutls_range.c
index a087ff9a32..853e54a7e0 100644
--- a/lib/gnutls_range.c
+++ b/lib/gnutls_range.c
@@ -27,12 +27,12 @@
#include "gnutls_record.h"
static void
-_gnutls_set_range (gnutls_range_st * dst, const size_t low,
- const size_t high)
+_gnutls_set_range(gnutls_range_st * dst, const size_t low,
+ const size_t high)
{
- dst->low = low;
- dst->high = high;
- return;
+ dst->low = low;
+ dst->high = high;
+ return;
}
/*
@@ -40,59 +40,54 @@ _gnutls_set_range (gnutls_range_st * dst, const size_t low,
* put at least data_length bytes of user data.
*/
static ssize_t
-_gnutls_range_max_lh_pad (gnutls_session_t session, ssize_t data_length,
- ssize_t max_frag)
+_gnutls_range_max_lh_pad(gnutls_session_t session, ssize_t data_length,
+ ssize_t max_frag)
{
- int ret;
- ssize_t max_pad;
- unsigned int fixed_pad;
- record_parameters_st *record_params;
- ssize_t this_pad;
- ssize_t block_size;
- ssize_t tag_size, overflow;
-
- ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &record_params);
- if (ret < 0)
- {
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
- }
-
- if (session->security_parameters.new_record_padding != 0)
- {
- max_pad = max_user_send_size (session, record_params);
- fixed_pad = 2;
- }
- else
- {
- max_pad = MAX_PAD_SIZE;
- fixed_pad = 1;
- }
-
- this_pad = MIN (max_pad, max_frag - data_length);
-
- block_size =
- _gnutls_cipher_get_block_size (record_params->cipher);
- tag_size =
- _gnutls_auth_cipher_tag_len (&record_params->write.cipher_state);
- switch (_gnutls_cipher_is_block (record_params->cipher))
- {
- case CIPHER_STREAM:
- return this_pad;
-
- case CIPHER_BLOCK:
- overflow =
- (data_length + this_pad + tag_size + fixed_pad) % block_size;
- if (overflow > this_pad)
- {
- return this_pad;
- }
- else
- {
- return this_pad - overflow;
- }
- default:
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
- }
+ int ret;
+ ssize_t max_pad;
+ unsigned int fixed_pad;
+ record_parameters_st *record_params;
+ ssize_t this_pad;
+ ssize_t block_size;
+ ssize_t tag_size, overflow;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
+ &record_params);
+ if (ret < 0) {
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ if (session->security_parameters.new_record_padding != 0) {
+ max_pad = max_user_send_size(session, record_params);
+ fixed_pad = 2;
+ } else {
+ max_pad = MAX_PAD_SIZE;
+ fixed_pad = 1;
+ }
+
+ this_pad = MIN(max_pad, max_frag - data_length);
+
+ block_size = _gnutls_cipher_get_block_size(record_params->cipher);
+ tag_size =
+ _gnutls_auth_cipher_tag_len(&record_params->write.
+ cipher_state);
+ switch (_gnutls_cipher_is_block(record_params->cipher)) {
+ case CIPHER_STREAM:
+ return this_pad;
+
+ case CIPHER_BLOCK:
+ overflow =
+ (data_length + this_pad + tag_size +
+ fixed_pad) % block_size;
+ if (overflow > this_pad) {
+ return this_pad;
+ } else {
+ return this_pad - overflow;
+ }
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
}
/**
@@ -110,32 +105,31 @@ _gnutls_range_max_lh_pad (gnutls_session_t session, ssize_t data_length,
* Returns: true (1) if the current session supports length-hiding
* padding, false (0) if the current session does not.
**/
-int
-gnutls_record_can_use_length_hiding (gnutls_session_t session)
+int gnutls_record_can_use_length_hiding(gnutls_session_t session)
{
- int ret;
- record_parameters_st *record_params;
-
- if (session->security_parameters.new_record_padding != 0)
- return 1;
-
- if (get_num_version(session) == GNUTLS_SSL3)
- return 0;
-
- ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &record_params);
- if (ret < 0)
- {
- return 0;
- }
-
- switch (_gnutls_cipher_is_block (record_params->cipher))
- {
- case CIPHER_BLOCK:
- return 1;
- case CIPHER_STREAM:
- default:
- return 0;
- }
+ int ret;
+ record_parameters_st *record_params;
+
+ if (session->security_parameters.new_record_padding != 0)
+ return 1;
+
+ if (get_num_version(session) == GNUTLS_SSL3)
+ return 0;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
+ &record_params);
+ if (ret < 0) {
+ return 0;
+ }
+
+ switch (_gnutls_cipher_is_block(record_params->cipher)) {
+ case CIPHER_BLOCK:
+ return 1;
+ case CIPHER_STREAM:
+ default:
+ return 0;
+ }
}
/**
@@ -157,62 +151,61 @@ gnutls_record_can_use_length_hiding (gnutls_session_t session)
* and @remainder are modified to store the resulting values.
*/
int
-gnutls_range_split (gnutls_session_t session,
- const gnutls_range_st *orig,
- gnutls_range_st * next,
- gnutls_range_st * remainder)
+gnutls_range_split(gnutls_session_t session,
+ const gnutls_range_st * orig,
+ gnutls_range_st * next, gnutls_range_st * remainder)
{
- int ret;
- ssize_t max_frag;
- ssize_t orig_low = (ssize_t) orig->low;
- ssize_t orig_high = (ssize_t) orig->high;
- record_parameters_st *record_params;
-
- ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- max_frag = max_user_send_size (session, record_params);
-
- if (orig_high == orig_low)
- {
- int length = MIN (orig_high, max_frag);
- int rem = orig_high - length;
- _gnutls_set_range (next, length, length);
- _gnutls_set_range (remainder, rem, rem);
-
- return 0;
- }
- else
- {
- if (orig_low >= max_frag)
- {
- _gnutls_set_range (next, max_frag, max_frag);
- _gnutls_set_range (remainder, orig_low - max_frag,
- orig_high - max_frag);
- }
- else
- {
- ret = _gnutls_range_max_lh_pad (session, orig_low, max_frag);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ssize_t this_pad = MIN (ret, orig_high - orig_low);
-
- _gnutls_set_range (next, orig_low, orig_low + this_pad);
- _gnutls_set_range (remainder, 0,
- orig_high - (orig_low + this_pad));
- }
-
- return 0;
- }
+ int ret;
+ ssize_t max_frag;
+ ssize_t orig_low = (ssize_t) orig->low;
+ ssize_t orig_high = (ssize_t) orig->high;
+ record_parameters_st *record_params;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
+ &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ max_frag = max_user_send_size(session, record_params);
+
+ if (orig_high == orig_low) {
+ int length = MIN(orig_high, max_frag);
+ int rem = orig_high - length;
+ _gnutls_set_range(next, length, length);
+ _gnutls_set_range(remainder, rem, rem);
+
+ return 0;
+ } else {
+ if (orig_low >= max_frag) {
+ _gnutls_set_range(next, max_frag, max_frag);
+ _gnutls_set_range(remainder, orig_low - max_frag,
+ orig_high - max_frag);
+ } else {
+ ret =
+ _gnutls_range_max_lh_pad(session, orig_low,
+ max_frag);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ssize_t this_pad = MIN(ret, orig_high - orig_low);
+
+ _gnutls_set_range(next, orig_low,
+ orig_low + this_pad);
+ _gnutls_set_range(remainder, 0,
+ orig_high - (orig_low +
+ this_pad));
+ }
+
+ return 0;
+ }
}
static size_t
-_gnutls_range_fragment (size_t data_size, gnutls_range_st cur,
- gnutls_range_st next)
+_gnutls_range_fragment(size_t data_size, gnutls_range_st cur,
+ gnutls_range_st next)
{
- return MIN (cur.high, data_size - next.low);
+ return MIN(cur.high, data_size - next.low);
}
/**
@@ -237,85 +230,85 @@ _gnutls_range_fragment (size_t data_size, gnutls_range_st cur,
* or a negative error code.
**/
ssize_t
-gnutls_record_send_range (gnutls_session_t session, const void *data,
- size_t data_size, const gnutls_range_st * range)
+gnutls_record_send_range(gnutls_session_t session, const void *data,
+ size_t data_size, const gnutls_range_st * range)
{
- size_t sent = 0;
- size_t next_fragment_length;
- ssize_t ret;
- gnutls_range_st cur_range, next_range;
-
- /* sanity check on range and data size */
- if (range->low > range->high ||
- data_size < range->low ||
- data_size > range->high)
- {
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
- }
-
- ret = gnutls_record_can_use_length_hiding (session);
- if (ret == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (ret == 0 && range->low != range->high)
- /* Cannot use LH, but a range was given */
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
-
- _gnutls_set_range (&cur_range, range->low, range->high);
-
- _gnutls_record_log
- ("RANGE: Preparing message with size %d, range (%d,%d)\n",
- (int) data_size, (int) range->low, (int) range->high);
-
- while (cur_range.high != 0)
- {
- ret =
- gnutls_range_split (session, &cur_range, &cur_range,
- &next_range);
- if (ret < 0)
- {
- return ret; /* already gnutls_assert_val'd */
- }
-
- next_fragment_length =
- _gnutls_range_fragment (data_size, cur_range, next_range);
-
- _gnutls_record_log
- ("RANGE: Next fragment size: %d (%d,%d); remaining range: (%d,%d)\n",
- (int) next_fragment_length, (int) cur_range.low,
- (int) cur_range.high, (int) next_range.low,
- (int) next_range.high);
-
- ret = _gnutls_send_tlen_int (session, GNUTLS_APPLICATION_DATA, -1,
- EPOCH_WRITE_CURRENT,
- &(((char *) data)[sent]),
- next_fragment_length,
- cur_range.high-next_fragment_length,
- MBUFFER_FLUSH);
-
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
- {
- ret = _gnutls_send_tlen_int (session, GNUTLS_APPLICATION_DATA, -1,
- EPOCH_WRITE_CURRENT,
- NULL, 0, 0,
- MBUFFER_FLUSH);
- }
-
- if (ret < 0)
- {
- return gnutls_assert_val(ret);
- }
- if (ret != (ssize_t) next_fragment_length)
- {
- _gnutls_record_log
- ("RANGE: ERROR: ret = %d; next_fragment_length = %d\n",
- (int) ret, (int) next_fragment_length);
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
- }
- sent += next_fragment_length;
- data_size -= next_fragment_length;
- _gnutls_set_range (&cur_range, next_range.low, next_range.high);
- }
-
- return sent;
+ size_t sent = 0;
+ size_t next_fragment_length;
+ ssize_t ret;
+ gnutls_range_st cur_range, next_range;
+
+ /* sanity check on range and data size */
+ if (range->low > range->high ||
+ data_size < range->low || data_size > range->high) {
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ ret = gnutls_record_can_use_length_hiding(session);
+ if (ret == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (ret == 0 && range->low != range->high)
+ /* Cannot use LH, but a range was given */
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ _gnutls_set_range(&cur_range, range->low, range->high);
+
+ _gnutls_record_log
+ ("RANGE: Preparing message with size %d, range (%d,%d)\n",
+ (int) data_size, (int) range->low, (int) range->high);
+
+ while (cur_range.high != 0) {
+ ret =
+ gnutls_range_split(session, &cur_range, &cur_range,
+ &next_range);
+ if (ret < 0) {
+ return ret; /* already gnutls_assert_val'd */
+ }
+
+ next_fragment_length =
+ _gnutls_range_fragment(data_size, cur_range,
+ next_range);
+
+ _gnutls_record_log
+ ("RANGE: Next fragment size: %d (%d,%d); remaining range: (%d,%d)\n",
+ (int) next_fragment_length, (int) cur_range.low,
+ (int) cur_range.high, (int) next_range.low,
+ (int) next_range.high);
+
+ ret =
+ _gnutls_send_tlen_int(session, GNUTLS_APPLICATION_DATA,
+ -1, EPOCH_WRITE_CURRENT,
+ &(((char *) data)[sent]),
+ next_fragment_length,
+ cur_range.high -
+ next_fragment_length,
+ MBUFFER_FLUSH);
+
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED) {
+ ret =
+ _gnutls_send_tlen_int(session,
+ GNUTLS_APPLICATION_DATA,
+ -1, EPOCH_WRITE_CURRENT,
+ NULL, 0, 0,
+ MBUFFER_FLUSH);
+ }
+
+ if (ret < 0) {
+ return gnutls_assert_val(ret);
+ }
+ if (ret != (ssize_t) next_fragment_length) {
+ _gnutls_record_log
+ ("RANGE: ERROR: ret = %d; next_fragment_length = %d\n",
+ (int) ret, (int) next_fragment_length);
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+ sent += next_fragment_length;
+ data_size -= next_fragment_length;
+ _gnutls_set_range(&cur_range, next_range.low,
+ next_range.high);
+ }
+
+ return sent;
}
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index a9875309fd..b597637884 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -54,15 +54,15 @@
#include <random.h>
struct tls_record_st {
- uint16_t header_size;
- uint8_t version[2];
- uint64 sequence; /* DTLS */
- uint16_t length;
- uint16_t packet_size; /* header_size + length */
- content_type_t type;
- uint16_t epoch; /* valid in DTLS only */
- unsigned v2:1; /* whether an SSLv2 client hello */
- /* the data */
+ uint16_t header_size;
+ uint8_t version[2];
+ uint64 sequence; /* DTLS */
+ uint16_t length;
+ uint16_t packet_size; /* header_size + length */
+ content_type_t type;
+ uint16_t epoch; /* valid in DTLS only */
+ unsigned v2:1; /* whether an SSLv2 client hello */
+ /* the data */
};
/**
@@ -78,10 +78,9 @@ struct tls_record_st {
* by default unless requested using gnutls_range_send_message().
*
**/
-void
-gnutls_record_disable_padding (gnutls_session_t session)
+void gnutls_record_disable_padding(gnutls_session_t session)
{
- return;
+ return;
}
/**
@@ -98,9 +97,10 @@ gnutls_record_disable_padding (gnutls_session_t session)
* of empty fragments in a row, you can use this function to set the desired value.
**/
void
-gnutls_record_set_max_empty_records (gnutls_session_t session, const unsigned int i)
+gnutls_record_set_max_empty_records(gnutls_session_t session,
+ const unsigned int i)
{
- session->internals.priorities.max_empty_records = i;
+ session->internals.priorities.max_empty_records = i;
}
/**
@@ -114,11 +114,11 @@ gnutls_record_set_max_empty_records (gnutls_session_t session, const unsigned in
*
**/
void
-gnutls_transport_set_ptr (gnutls_session_t session,
- gnutls_transport_ptr_t ptr)
+gnutls_transport_set_ptr(gnutls_session_t session,
+ gnutls_transport_ptr_t ptr)
{
- session->internals.transport_recv_ptr = ptr;
- session->internals.transport_send_ptr = ptr;
+ session->internals.transport_recv_ptr = ptr;
+ session->internals.transport_send_ptr = ptr;
}
/**
@@ -133,12 +133,12 @@ gnutls_transport_set_ptr (gnutls_session_t session,
* pointers for receiving and sending.
**/
void
-gnutls_transport_set_ptr2 (gnutls_session_t session,
- gnutls_transport_ptr_t recv_ptr,
- gnutls_transport_ptr_t send_ptr)
+gnutls_transport_set_ptr2(gnutls_session_t session,
+ gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr)
{
- session->internals.transport_send_ptr = send_ptr;
- session->internals.transport_recv_ptr = recv_ptr;
+ session->internals.transport_send_ptr = send_ptr;
+ session->internals.transport_recv_ptr = recv_ptr;
}
/**
@@ -155,12 +155,13 @@ gnutls_transport_set_ptr2 (gnutls_session_t session,
* Since: 3.1.9
**/
void
-gnutls_transport_set_int2 (gnutls_session_t session,
- int recv_int,
- int send_int)
+gnutls_transport_set_int2(gnutls_session_t session,
+ int recv_int, int send_int)
{
- session->internals.transport_send_ptr = (gnutls_transport_ptr_t)(long)send_int;
- session->internals.transport_recv_ptr = (gnutls_transport_ptr_t)(long)recv_int;
+ session->internals.transport_send_ptr =
+ (gnutls_transport_ptr_t) (long) send_int;
+ session->internals.transport_recv_ptr =
+ (gnutls_transport_ptr_t) (long) recv_int;
}
#if 0
@@ -176,11 +177,12 @@ gnutls_transport_set_int2 (gnutls_session_t session,
* Since: 3.1.9
*
**/
-void
-gnutls_transport_set_int (gnutls_session_t session, int i)
+void gnutls_transport_set_int(gnutls_session_t session, int i)
{
- session->internals.transport_recv_ptr = (gnutls_transport_ptr_t)(long)i;
- session->internals.transport_send_ptr = (gnutls_transport_ptr_t)(long)i;
+ session->internals.transport_recv_ptr =
+ (gnutls_transport_ptr_t) (long) i;
+ session->internals.transport_send_ptr =
+ (gnutls_transport_ptr_t) (long) i;
}
#endif
@@ -194,10 +196,9 @@ gnutls_transport_set_int (gnutls_session_t session, int i)
*
* Returns: The first argument of the transport function.
**/
-gnutls_transport_ptr_t
-gnutls_transport_get_ptr (gnutls_session_t session)
+gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session)
{
- return session->internals.transport_recv_ptr;
+ return session->internals.transport_recv_ptr;
}
/**
@@ -211,13 +212,13 @@ gnutls_transport_get_ptr (gnutls_session_t session)
* gnutls_transport_set_ptr2().
**/
void
-gnutls_transport_get_ptr2 (gnutls_session_t session,
- gnutls_transport_ptr_t * recv_ptr,
- gnutls_transport_ptr_t * send_ptr)
+gnutls_transport_get_ptr2(gnutls_session_t session,
+ gnutls_transport_ptr_t * recv_ptr,
+ gnutls_transport_ptr_t * send_ptr)
{
- *recv_ptr = session->internals.transport_recv_ptr;
- *send_ptr = session->internals.transport_send_ptr;
+ *recv_ptr = session->internals.transport_recv_ptr;
+ *send_ptr = session->internals.transport_send_ptr;
}
/**
@@ -233,13 +234,12 @@ gnutls_transport_get_ptr2 (gnutls_session_t session,
* Since: 3.1.9
**/
void
-gnutls_transport_get_int2 (gnutls_session_t session,
- int * recv_int,
- int * send_int)
+gnutls_transport_get_int2(gnutls_session_t session,
+ int *recv_int, int *send_int)
{
- *recv_int = (long)session->internals.transport_recv_ptr;
- *send_int = (long)session->internals.transport_send_ptr;
+ *recv_int = (long) session->internals.transport_recv_ptr;
+ *send_int = (long) session->internals.transport_send_ptr;
}
/**
@@ -254,10 +254,9 @@ gnutls_transport_get_int2 (gnutls_session_t session,
*
* Since: 3.1.9
**/
-int
-gnutls_transport_get_int (gnutls_session_t session)
+int gnutls_transport_get_int(gnutls_session_t session)
{
- return (long)session->internals.transport_recv_ptr;
+ return (long) session->internals.transport_recv_ptr;
}
/**
@@ -292,129 +291,118 @@ gnutls_transport_get_int (gnutls_session_t session)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code, see
* function documentation for entire semantics.
**/
-int
-gnutls_bye (gnutls_session_t session, gnutls_close_request_t how)
+int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
{
- int ret = 0;
-
- switch (STATE)
- {
- case STATE0:
- case STATE60:
- ret = _gnutls_io_write_flush (session);
- STATE = STATE60;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- case STATE61:
- ret =
- gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY);
- STATE = STATE61;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- case STATE62:
- STATE = STATE62;
- if (how == GNUTLS_SHUT_RDWR)
- {
- do
- {
- ret = _gnutls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0, NULL,
- session->internals.record_timeout_ms);
- }
- while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
-
- if (ret >= 0)
- session->internals.may_not_read = 1;
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- STATE = STATE62;
-
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- STATE = STATE0;
-
- session->internals.may_not_write = 1;
- return 0;
+ int ret = 0;
+
+ switch (STATE) {
+ case STATE0:
+ case STATE60:
+ ret = _gnutls_io_write_flush(session);
+ STATE = STATE60;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ case STATE61:
+ ret =
+ gnutls_alert_send(session, GNUTLS_AL_WARNING,
+ GNUTLS_A_CLOSE_NOTIFY);
+ STATE = STATE61;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ case STATE62:
+ STATE = STATE62;
+ if (how == GNUTLS_SHUT_RDWR) {
+ do {
+ ret =
+ _gnutls_recv_int(session, GNUTLS_ALERT,
+ -1, NULL, 0, NULL,
+ session->internals.
+ record_timeout_ms);
+ }
+ while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
+
+ if (ret >= 0)
+ session->internals.may_not_read = 1;
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ STATE = STATE62;
+
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ STATE = STATE0;
+
+ session->internals.may_not_write = 1;
+ return 0;
}
-inline static void
-session_invalidate (gnutls_session_t session)
+inline static void session_invalidate(gnutls_session_t session)
{
- session->internals.invalid_connection = 1;
+ session->internals.invalid_connection = 1;
}
-inline static void
-session_unresumable (gnutls_session_t session)
+inline static void session_unresumable(gnutls_session_t session)
{
- session->internals.resumable = RESUME_FALSE;
+ session->internals.resumable = RESUME_FALSE;
}
/* returns 0 if session is valid
*/
-inline static int
-session_is_valid (gnutls_session_t session)
+inline static int session_is_valid(gnutls_session_t session)
{
- if (session->internals.invalid_connection != 0)
- return GNUTLS_E_INVALID_SESSION;
+ if (session->internals.invalid_connection != 0)
+ return GNUTLS_E_INVALID_SESSION;
- return 0;
+ return 0;
}
/* Copies the record version into the headers. The
* version must have 2 bytes at least.
*/
inline static void
-copy_record_version (gnutls_session_t session,
- gnutls_handshake_description_t htype, uint8_t version[2])
+copy_record_version(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ uint8_t version[2])
{
- const version_entry_st* lver;
-
- if (session->internals.initial_negotiation_completed || htype != GNUTLS_HANDSHAKE_CLIENT_HELLO
- || session->internals.default_record_version[0] == 0)
- {
- lver = get_version (session);
-
- version[0] = lver->major;
- version[1] = lver->minor;
- }
- else
- {
- version[0] = session->internals.default_record_version[0];
- version[1] = session->internals.default_record_version[1];
- }
+ const version_entry_st *lver;
+
+ if (session->internals.initial_negotiation_completed
+ || htype != GNUTLS_HANDSHAKE_CLIENT_HELLO
+ || session->internals.default_record_version[0] == 0) {
+ lver = get_version(session);
+
+ version[0] = lver->major;
+ version[1] = lver->minor;
+ } else {
+ version[0] = session->internals.default_record_version[0];
+ version[1] = session->internals.default_record_version[1];
+ }
}
/* Increments the sequence value
*/
inline static int
-sequence_increment (gnutls_session_t session,
- uint64 * value)
+sequence_increment(gnutls_session_t session, uint64 * value)
{
- if (IS_DTLS(session))
- {
- return _gnutls_uint48pp(value);
- }
- else
- {
- return _gnutls_uint64pp(value);
- }
+ if (IS_DTLS(session)) {
+ return _gnutls_uint48pp(value);
+ } else {
+ return _gnutls_uint64pp(value);
+ }
}
/* This function behaves exactly like write(). The only difference is
@@ -440,179 +428,177 @@ sequence_increment (gnutls_session_t session,
*
*/
ssize_t
-_gnutls_send_tlen_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- unsigned int epoch_rel, const void *_data,
- size_t data_size, size_t min_pad, unsigned int mflags)
+_gnutls_send_tlen_int(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *_data,
+ size_t data_size, size_t min_pad,
+ unsigned int mflags)
{
- mbuffer_st *bufel;
- ssize_t cipher_size;
- int retval, ret;
- int send_data_size;
- uint8_t *headers;
- int header_size;
- const uint8_t *data = _data;
- record_parameters_st *record_params;
- size_t max_send_size;
- record_state_st *record_state;
-
- ret = _gnutls_epoch_get (session, epoch_rel, &record_params);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Safeguard against processing data with an incomplete cipher state. */
- if (!record_params->initialized)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- record_state = &record_params->write;
-
- /* Do not allow null pointer if the send buffer is empty.
- * If the previous send was interrupted then a null pointer is
- * ok, and means to resume.
- */
- if (session->internals.record_send_buffer.byte_length == 0 &&
- (data_size == 0 && _data == NULL))
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (type != GNUTLS_ALERT) /* alert messages are sent anyway */
- if (session_is_valid (session) || session->internals.may_not_write != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- max_send_size = max_user_send_size(session, record_params);
-
- if (data_size > max_send_size)
- {
- if (IS_DTLS(session))
- return gnutls_assert_val(GNUTLS_E_LARGE_PACKET);
-
- send_data_size = max_send_size;
- }
- else
- send_data_size = data_size;
-
- /* Only encrypt if we don't have data to send
- * from the previous run. - probably interrupted.
- */
- if (mflags != 0 && session->internals.record_send_buffer.byte_length > 0)
- {
- ret = _gnutls_io_write_flush (session);
- if (ret > 0)
- cipher_size = ret;
- else
- cipher_size = 0;
-
- retval = session->internals.record_send_buffer_user_size;
- }
- else
- {
- if (unlikely((send_data_size == 0 && min_pad == 0)))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* now proceed to packet encryption
- */
- cipher_size = MAX_RECORD_SEND_SIZE(session);
- bufel = _mbuffer_alloc (0, cipher_size+CIPHER_SLACK_SIZE);
- if (bufel == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- headers = _mbuffer_get_uhead_ptr(bufel);
- headers[0] = type;
- /* Use the default record version, if it is
- * set. */
- copy_record_version (session, htype, &headers[1]);
- header_size = RECORD_HEADER_SIZE(session);
- /* Adjust header length and add sequence for DTLS */
- if (IS_DTLS(session))
- memcpy(&headers[3], &record_state->sequence_number.i, 8);
-
- _gnutls_record_log
- ("REC[%p]: Preparing Packet %s(%d) with length: %d and min pad: %d\n", session,
- _gnutls_packet2str (type), type, (int) data_size, (int) min_pad);
-
- _mbuffer_set_udata_size(bufel, cipher_size);
- _mbuffer_set_uhead_size(bufel, header_size);
-
- ret =
- _gnutls_encrypt (session,
- data, send_data_size, min_pad,
- bufel, type, record_params);
- if (ret <= 0)
- {
- gnutls_assert ();
- if (ret == 0)
- ret = GNUTLS_E_ENCRYPTION_FAILED;
- gnutls_free (bufel);
- return ret; /* error */
- }
-
- cipher_size = _mbuffer_get_udata_size(bufel);
- retval = send_data_size;
- session->internals.record_send_buffer_user_size = send_data_size;
-
- /* increase sequence number
- */
- if (sequence_increment (session, &record_state->sequence_number) != 0)
- {
- session_invalidate (session);
- gnutls_free (bufel);
- return gnutls_assert_val(GNUTLS_E_RECORD_LIMIT_REACHED);
- }
-
- ret = _gnutls_io_write_buffered (session, bufel, mflags);
- }
-
- if (ret != cipher_size)
- {
- /* If we have sent any data then just return
- * the error value. Do not invalidate the session.
- */
- if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- return gnutls_assert_val(ret);
-
- if (ret > 0)
- ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- session_unresumable (session);
- session->internals.may_not_write = 1;
- return gnutls_assert_val(ret);
- }
-
- session->internals.record_send_buffer_user_size = 0;
-
- _gnutls_record_log ("REC[%p]: Sent Packet[%d] %s(%d) in epoch %d and length: %d\n",
- session,
- (unsigned int)
- _gnutls_uint64touint32
- (&record_state->sequence_number),
- _gnutls_packet2str (type), type,
- (int) record_params->epoch,
- (int) cipher_size);
-
- return retval;
+ mbuffer_st *bufel;
+ ssize_t cipher_size;
+ int retval, ret;
+ int send_data_size;
+ uint8_t *headers;
+ int header_size;
+ const uint8_t *data = _data;
+ record_parameters_st *record_params;
+ size_t max_send_size;
+ record_state_st *record_state;
+
+ ret = _gnutls_epoch_get(session, epoch_rel, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Safeguard against processing data with an incomplete cipher state. */
+ if (!record_params->initialized)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ record_state = &record_params->write;
+
+ /* Do not allow null pointer if the send buffer is empty.
+ * If the previous send was interrupted then a null pointer is
+ * ok, and means to resume.
+ */
+ if (session->internals.record_send_buffer.byte_length == 0 &&
+ (data_size == 0 && _data == NULL)) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (type != GNUTLS_ALERT) /* alert messages are sent anyway */
+ if (session_is_valid(session)
+ || session->internals.may_not_write != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ max_send_size = max_user_send_size(session, record_params);
+
+ if (data_size > max_send_size) {
+ if (IS_DTLS(session))
+ return gnutls_assert_val(GNUTLS_E_LARGE_PACKET);
+
+ send_data_size = max_send_size;
+ } else
+ send_data_size = data_size;
+
+ /* Only encrypt if we don't have data to send
+ * from the previous run. - probably interrupted.
+ */
+ if (mflags != 0
+ && session->internals.record_send_buffer.byte_length > 0) {
+ ret = _gnutls_io_write_flush(session);
+ if (ret > 0)
+ cipher_size = ret;
+ else
+ cipher_size = 0;
+
+ retval = session->internals.record_send_buffer_user_size;
+ } else {
+ if (unlikely((send_data_size == 0 && min_pad == 0)))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* now proceed to packet encryption
+ */
+ cipher_size = MAX_RECORD_SEND_SIZE(session);
+ bufel = _mbuffer_alloc(0, cipher_size + CIPHER_SLACK_SIZE);
+ if (bufel == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ headers = _mbuffer_get_uhead_ptr(bufel);
+ headers[0] = type;
+ /* Use the default record version, if it is
+ * set. */
+ copy_record_version(session, htype, &headers[1]);
+ header_size = RECORD_HEADER_SIZE(session);
+ /* Adjust header length and add sequence for DTLS */
+ if (IS_DTLS(session))
+ memcpy(&headers[3],
+ &record_state->sequence_number.i, 8);
+
+ _gnutls_record_log
+ ("REC[%p]: Preparing Packet %s(%d) with length: %d and min pad: %d\n",
+ session, _gnutls_packet2str(type), type,
+ (int) data_size, (int) min_pad);
+
+ _mbuffer_set_udata_size(bufel, cipher_size);
+ _mbuffer_set_uhead_size(bufel, header_size);
+
+ ret =
+ _gnutls_encrypt(session,
+ data, send_data_size, min_pad,
+ bufel, type, record_params);
+ if (ret <= 0) {
+ gnutls_assert();
+ if (ret == 0)
+ ret = GNUTLS_E_ENCRYPTION_FAILED;
+ gnutls_free(bufel);
+ return ret; /* error */
+ }
+
+ cipher_size = _mbuffer_get_udata_size(bufel);
+ retval = send_data_size;
+ session->internals.record_send_buffer_user_size =
+ send_data_size;
+
+ /* increase sequence number
+ */
+ if (sequence_increment
+ (session, &record_state->sequence_number) != 0) {
+ session_invalidate(session);
+ gnutls_free(bufel);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECORD_LIMIT_REACHED);
+ }
+
+ ret = _gnutls_io_write_buffered(session, bufel, mflags);
+ }
+
+ if (ret != cipher_size) {
+ /* If we have sent any data then just return
+ * the error value. Do not invalidate the session.
+ */
+ if (ret < 0 && gnutls_error_is_fatal(ret) == 0)
+ return gnutls_assert_val(ret);
+
+ if (ret > 0)
+ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ session_unresumable(session);
+ session->internals.may_not_write = 1;
+ return gnutls_assert_val(ret);
+ }
+
+ session->internals.record_send_buffer_user_size = 0;
+
+ _gnutls_record_log
+ ("REC[%p]: Sent Packet[%d] %s(%d) in epoch %d and length: %d\n",
+ session, (unsigned int)
+ _gnutls_uint64touint32(&record_state->sequence_number),
+ _gnutls_packet2str(type), type, (int) record_params->epoch,
+ (int) cipher_size);
+
+ return retval;
}
inline static int
-check_recv_type (gnutls_session_t session, content_type_t recv_type)
+check_recv_type(gnutls_session_t session, content_type_t recv_type)
{
- switch (recv_type)
- {
- case GNUTLS_CHANGE_CIPHER_SPEC:
- case GNUTLS_ALERT:
- case GNUTLS_HANDSHAKE:
- case GNUTLS_HEARTBEAT:
- case GNUTLS_APPLICATION_DATA:
- return 0;
- default:
- gnutls_assert ();
- _gnutls_audit_log(session, "Received record packet of unknown type %u\n", (unsigned int)recv_type);
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
+ switch (recv_type) {
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ case GNUTLS_ALERT:
+ case GNUTLS_HANDSHAKE:
+ case GNUTLS_HEARTBEAT:
+ case GNUTLS_APPLICATION_DATA:
+ return 0;
+ default:
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "Received record packet of unknown type %u\n",
+ (unsigned int) recv_type);
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
}
@@ -621,33 +607,30 @@ check_recv_type (gnutls_session_t session, content_type_t recv_type)
* then it copies the data.
*/
static int
-check_buffers (gnutls_session_t session, content_type_t type,
- uint8_t * data, int data_size, void* seq)
+check_buffers(gnutls_session_t session, content_type_t type,
+ uint8_t * data, int data_size, void *seq)
{
- if ((type == GNUTLS_APPLICATION_DATA ||
- type == GNUTLS_HANDSHAKE ||
- type == GNUTLS_CHANGE_CIPHER_SPEC)
- && _gnutls_record_buffer_get_size (session) > 0)
- {
- int ret;
- ret = _gnutls_record_buffer_get (type, session, data, data_size, seq);
- if (ret < 0)
- {
- if (IS_DTLS(session))
- {
- if (ret == GNUTLS_E_UNEXPECTED_PACKET)
- {
- ret = GNUTLS_E_AGAIN;
- }
- }
- gnutls_assert ();
- return ret;
- }
-
- return ret;
- }
-
- return 0;
+ if ((type == GNUTLS_APPLICATION_DATA ||
+ type == GNUTLS_HANDSHAKE || type == GNUTLS_CHANGE_CIPHER_SPEC)
+ && _gnutls_record_buffer_get_size(session) > 0) {
+ int ret;
+ ret =
+ _gnutls_record_buffer_get(type, session, data,
+ data_size, seq);
+ if (ret < 0) {
+ if (IS_DTLS(session)) {
+ if (ret == GNUTLS_E_UNEXPECTED_PACKET) {
+ ret = GNUTLS_E_AGAIN;
+ }
+ }
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
+ }
+
+ return 0;
}
@@ -656,79 +639,74 @@ check_buffers (gnutls_session_t session, content_type_t type,
* negotiated in the handshake.
*/
inline static int
-record_check_version (gnutls_session_t session,
- gnutls_handshake_description_t htype, uint8_t version[2])
+record_check_version(gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ uint8_t version[2])
{
-const version_entry_st* vers = get_version (session);
-int diff = 0;
-
- if (vers->major != version[0] || vers->minor != version[1])
- diff = 1;
-
- if (!IS_DTLS(session))
- {
- if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO ||
- htype == GNUTLS_HANDSHAKE_SERVER_HELLO)
- {
- if (version[0] != 3)
- {
- gnutls_assert ();
- _gnutls_record_log
- ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n", session,
- htype, version[0], version[1]);
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- }
- else if (diff != 0)
- {
- /* Reject record packets that have a different version than the
- * one negotiated. Note that this version is not protected by any
- * mac. I don't really think that this check serves any purpose.
- */
- gnutls_assert ();
- _gnutls_record_log ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
- session, htype, version[0], version[1]);
-
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- }
- else /* DTLS */
- {
- /* In DTLS the only information we have here is whether we
- * expect a handshake message or not.
- */
- if (htype == (gnutls_handshake_description_t)-1)
- {
- if (diff)
- {
- /* Reject record packets that have a different version than the
- * one negotiated. Note that this version is not protected by any
- * mac. I don't really think that this check serves any purpose.
- */
- gnutls_assert ();
- _gnutls_record_log ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
- session, htype, version[0], version[1]);
-
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- }
- else if (vers->id > GNUTLS_DTLS1_0 && version[0] > 254)
- {
- gnutls_assert ();
- _gnutls_record_log("REC[%p]: INVALID DTLS VERSION PACKET: (%d) %d.%d\n", session,
- htype, version[0], version[1]);
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- else if (vers->id == GNUTLS_DTLS0_9 && version[0] > 1)
- {
- gnutls_assert ();
- _gnutls_record_log("REC[%p]: INVALID DTLS VERSION PACKET: (%d) %d.%d\n", session,
- htype, version[0], version[1]);
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- }
-
- return 0;
+ const version_entry_st *vers = get_version(session);
+ int diff = 0;
+
+ if (vers->major != version[0] || vers->minor != version[1])
+ diff = 1;
+
+ if (!IS_DTLS(session)) {
+ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO ||
+ htype == GNUTLS_HANDSHAKE_SERVER_HELLO) {
+ if (version[0] != 3) {
+ gnutls_assert();
+ _gnutls_record_log
+ ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0],
+ version[1]);
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ } else if (diff != 0) {
+ /* Reject record packets that have a different version than the
+ * one negotiated. Note that this version is not protected by any
+ * mac. I don't really think that this check serves any purpose.
+ */
+ gnutls_assert();
+ _gnutls_record_log
+ ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0], version[1]);
+
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ } else { /* DTLS */
+
+ /* In DTLS the only information we have here is whether we
+ * expect a handshake message or not.
+ */
+ if (htype == (gnutls_handshake_description_t) - 1) {
+ if (diff) {
+ /* Reject record packets that have a different version than the
+ * one negotiated. Note that this version is not protected by any
+ * mac. I don't really think that this check serves any purpose.
+ */
+ gnutls_assert();
+ _gnutls_record_log
+ ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0],
+ version[1]);
+
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ } else if (vers->id > GNUTLS_DTLS1_0 && version[0] > 254) {
+ gnutls_assert();
+ _gnutls_record_log
+ ("REC[%p]: INVALID DTLS VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0], version[1]);
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ } else if (vers->id == GNUTLS_DTLS0_9 && version[0] > 1) {
+ gnutls_assert();
+ _gnutls_record_log
+ ("REC[%p]: INVALID DTLS VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0], version[1]);
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ }
+
+ return 0;
}
/* This function will check if the received record type is
@@ -737,209 +715,230 @@ int diff = 0;
* this function, even if it fails.
*/
static int
-record_add_to_buffers (gnutls_session_t session,
- struct tls_record_st *recv, content_type_t type,
- gnutls_handshake_description_t htype,
- uint64* seq,
- mbuffer_st* bufel)
+record_add_to_buffers(gnutls_session_t session,
+ struct tls_record_st *recv, content_type_t type,
+ gnutls_handshake_description_t htype,
+ uint64 * seq, mbuffer_st * bufel)
{
- int ret;
-
- if ((recv->type == type)
- && (type == GNUTLS_APPLICATION_DATA ||
- type == GNUTLS_CHANGE_CIPHER_SPEC ||
- type == GNUTLS_HANDSHAKE))
- {
- _gnutls_record_buffer_put (session, type, seq, bufel);
-
- /* if we received application data as expected then we
- * deactivate the async timer */
- _dtls_async_timer_delete(session);
- }
- else
- {
- /* if the expected type is different than the received
- */
- switch (recv->type)
- {
- case GNUTLS_ALERT:
- if (bufel->msg.size < 2)
- {
- ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- goto unexpected_packet;
- }
-
- _gnutls_record_log
- ("REC[%p]: Alert[%d|%d] - %s - was received\n", session,
- bufel->msg.data[0], bufel->msg.data[1], gnutls_alert_get_name ((int) bufel->msg.data[1]));
-
- session->internals.last_alert = bufel->msg.data[1];
-
- /* if close notify is received and
- * the alert is not fatal
- */
- if (bufel->msg.data[1] == GNUTLS_A_CLOSE_NOTIFY && bufel->msg.data[0] != GNUTLS_AL_FATAL)
- {
- /* If we have been expecting for an alert do
- */
- session->internals.read_eof = 1;
- ret = GNUTLS_E_SESSION_EOF;
- goto cleanup;
- }
- else
- {
- /* if the alert is FATAL or WARNING
- * return the apropriate message
- */
-
- gnutls_assert ();
- ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
- if (bufel->msg.data[0] == GNUTLS_AL_FATAL)
- {
- session_unresumable (session);
- session_invalidate (session);
- ret = gnutls_assert_val(GNUTLS_E_FATAL_ALERT_RECEIVED);
- }
- goto cleanup;
- }
- break;
-
- case GNUTLS_CHANGE_CIPHER_SPEC:
- if (!(IS_DTLS(session)))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
-
- _gnutls_record_buffer_put (session, recv->type, seq, bufel);
-
- break;
+ int ret;
+
+ if ((recv->type == type)
+ && (type == GNUTLS_APPLICATION_DATA ||
+ type == GNUTLS_CHANGE_CIPHER_SPEC ||
+ type == GNUTLS_HANDSHAKE)) {
+ _gnutls_record_buffer_put(session, type, seq, bufel);
+
+ /* if we received application data as expected then we
+ * deactivate the async timer */
+ _dtls_async_timer_delete(session);
+ } else {
+ /* if the expected type is different than the received
+ */
+ switch (recv->type) {
+ case GNUTLS_ALERT:
+ if (bufel->msg.size < 2) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ goto unexpected_packet;
+ }
+
+ _gnutls_record_log
+ ("REC[%p]: Alert[%d|%d] - %s - was received\n",
+ session, bufel->msg.data[0],
+ bufel->msg.data[1],
+ gnutls_alert_get_name((int) bufel->msg.
+ data[1]));
+
+ session->internals.last_alert = bufel->msg.data[1];
+
+ /* if close notify is received and
+ * the alert is not fatal
+ */
+ if (bufel->msg.data[1] == GNUTLS_A_CLOSE_NOTIFY
+ && bufel->msg.data[0] != GNUTLS_AL_FATAL) {
+ /* If we have been expecting for an alert do
+ */
+ session->internals.read_eof = 1;
+ ret = GNUTLS_E_SESSION_EOF;
+ goto cleanup;
+ } else {
+ /* if the alert is FATAL or WARNING
+ * return the apropriate message
+ */
+
+ gnutls_assert();
+ ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
+ if (bufel->msg.data[0] == GNUTLS_AL_FATAL) {
+ session_unresumable(session);
+ session_invalidate(session);
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_FATAL_ALERT_RECEIVED);
+ }
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ if (!(IS_DTLS(session)))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+
+ _gnutls_record_buffer_put(session, recv->type, seq,
+ bufel);
+
+ break;
#ifdef ENABLE_HEARTBEAT
- case GNUTLS_HEARTBEAT:
- ret = _gnutls_heartbeat_handle (session, bufel);
- goto cleanup;
+ case GNUTLS_HEARTBEAT:
+ ret = _gnutls_heartbeat_handle(session, bufel);
+ goto cleanup;
#endif
- case GNUTLS_APPLICATION_DATA:
- if (session->internals.initial_negotiation_completed == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
- goto unexpected_packet;
- }
-
-
- /* the got_application data is only returned
- * if expecting client hello (for rehandshake
- * reasons). Otherwise it is an unexpected packet
- */
- if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
- && type == GNUTLS_HANDSHAKE))
- {
- /* even if data is unexpected put it into the buffer */
- if ((ret =
- _gnutls_record_buffer_put (session, recv->type, seq,
- bufel)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return gnutls_assert_val(GNUTLS_E_GOT_APPLICATION_DATA);
- }
- else
- {
- ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
- goto unexpected_packet;
- }
-
- break;
-
- case GNUTLS_HANDSHAKE:
- /* In DTLS we might receive a handshake replay from the peer to indicate
- * the our last TLS handshake messages were not received.
- */
- if (IS_DTLS(session))
- {
- if (type == GNUTLS_CHANGE_CIPHER_SPEC)
- {
- ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
- goto unexpected_packet;
- }
-
- if (_dtls_is_async(session) && _dtls_async_timer_active(session))
- {
- if (session->security_parameters.entity == GNUTLS_SERVER &&
- bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
- {
- /* client requested rehandshake. Delete the timer */
- _dtls_async_timer_delete(session);
- }
- else
- {
- session->internals.recv_state = RECV_STATE_DTLS_RETRANSMIT;
- ret = _dtls_retransmit(session);
- if (ret == 0)
- {
- session->internals.recv_state = RECV_STATE_0;
- ret = gnutls_assert_val(GNUTLS_E_AGAIN);
- goto unexpected_packet;
- }
- goto cleanup;
- }
- }
- }
-
- /* This is legal if HELLO_REQUEST is received - and we are a client.
- * If we are a server, a client may initiate a renegotiation at any time.
- */
- if (session->security_parameters.entity == GNUTLS_SERVER &&
- bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
- {
- gnutls_assert ();
- ret =
- _gnutls_record_buffer_put (session, recv->type, seq, bufel);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- return GNUTLS_E_REHANDSHAKE;
- }
-
- /* If we are already in a handshake then a Hello
- * Request is illegal. But here we don't really care
- * since this message will never make it up here.
- */
-
- /* So we accept it, if it is a Hello. If not, this will
- * fail and trigger flight retransmissions after some time. */
- ret = _gnutls_recv_hello_request (session, bufel->msg.data, bufel->msg.size);
- goto unexpected_packet;
-
- break;
- default:
-
- _gnutls_record_log
- ("REC[%p]: Received unexpected packet %d (%s) expecting %d (%s)\n",
- session, recv->type, _gnutls_packet2str(recv->type), type, _gnutls_packet2str(type));
-
- gnutls_assert ();
- ret = GNUTLS_E_UNEXPECTED_PACKET;
- goto unexpected_packet;
- }
- }
-
- return 0;
-
-unexpected_packet:
- if (IS_DTLS(session) && ret != GNUTLS_E_REHANDSHAKE)
- {
- _mbuffer_xfree(&bufel);
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret);
- }
-
-cleanup:
- _mbuffer_xfree(&bufel);
- return ret;
+ case GNUTLS_APPLICATION_DATA:
+ if (session->internals.
+ initial_negotiation_completed == 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+ goto unexpected_packet;
+ }
+
+
+ /* the got_application data is only returned
+ * if expecting client hello (for rehandshake
+ * reasons). Otherwise it is an unexpected packet
+ */
+ if (type == GNUTLS_ALERT
+ || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
+ && type == GNUTLS_HANDSHAKE)) {
+ /* even if data is unexpected put it into the buffer */
+ if ((ret =
+ _gnutls_record_buffer_put(session,
+ recv->type,
+ seq,
+ bufel)) <
+ 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return
+ gnutls_assert_val
+ (GNUTLS_E_GOT_APPLICATION_DATA);
+ } else {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+ goto unexpected_packet;
+ }
+
+ break;
+
+ case GNUTLS_HANDSHAKE:
+ /* In DTLS we might receive a handshake replay from the peer to indicate
+ * the our last TLS handshake messages were not received.
+ */
+ if (IS_DTLS(session)) {
+ if (type == GNUTLS_CHANGE_CIPHER_SPEC) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET);
+ goto unexpected_packet;
+ }
+
+ if (_dtls_is_async(session)
+ && _dtls_async_timer_active(session)) {
+ if (session->security_parameters.
+ entity == GNUTLS_SERVER
+ && bufel->htype ==
+ GNUTLS_HANDSHAKE_CLIENT_HELLO)
+ {
+ /* client requested rehandshake. Delete the timer */
+ _dtls_async_timer_delete
+ (session);
+ } else {
+ session->internals.
+ recv_state =
+ RECV_STATE_DTLS_RETRANSMIT;
+ ret =
+ _dtls_retransmit
+ (session);
+ if (ret == 0) {
+ session->internals.
+ recv_state =
+ RECV_STATE_0;
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_AGAIN);
+ goto unexpected_packet;
+ }
+ goto cleanup;
+ }
+ }
+ }
+
+ /* This is legal if HELLO_REQUEST is received - and we are a client.
+ * If we are a server, a client may initiate a renegotiation at any time.
+ */
+ if (session->security_parameters.entity ==
+ GNUTLS_SERVER
+ && bufel->htype ==
+ GNUTLS_HANDSHAKE_CLIENT_HELLO) {
+ gnutls_assert();
+ ret =
+ _gnutls_record_buffer_put(session,
+ recv->type,
+ seq, bufel);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ return GNUTLS_E_REHANDSHAKE;
+ }
+
+ /* If we are already in a handshake then a Hello
+ * Request is illegal. But here we don't really care
+ * since this message will never make it up here.
+ */
+
+ /* So we accept it, if it is a Hello. If not, this will
+ * fail and trigger flight retransmissions after some time. */
+ ret =
+ _gnutls_recv_hello_request(session,
+ bufel->msg.data,
+ bufel->msg.size);
+ goto unexpected_packet;
+
+ break;
+ default:
+
+ _gnutls_record_log
+ ("REC[%p]: Received unexpected packet %d (%s) expecting %d (%s)\n",
+ session, recv->type,
+ _gnutls_packet2str(recv->type), type,
+ _gnutls_packet2str(type));
+
+ gnutls_assert();
+ ret = GNUTLS_E_UNEXPECTED_PACKET;
+ goto unexpected_packet;
+ }
+ }
+
+ return 0;
+
+ unexpected_packet:
+ if (IS_DTLS(session) && ret != GNUTLS_E_REHANDSHAKE) {
+ _mbuffer_xfree(&bufel);
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret);
+ }
+
+ cleanup:
+ _mbuffer_xfree(&bufel);
+ return ret;
}
@@ -948,158 +947,165 @@ cleanup:
* content type.
*/
static void
-record_read_headers (gnutls_session_t session,
- uint8_t headers[MAX_RECORD_HEADER_SIZE],
- content_type_t type,
- gnutls_handshake_description_t htype,
- struct tls_record_st* record)
+record_read_headers(gnutls_session_t session,
+ uint8_t headers[MAX_RECORD_HEADER_SIZE],
+ content_type_t type,
+ gnutls_handshake_description_t htype,
+ struct tls_record_st *record)
{
- /* Read the first two bytes to determine if this is a
- * version 2 message
- */
-
- if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE
- && headers[0] > 127 && !(IS_DTLS(session)))
- {
-
- /* if msb set and expecting handshake message
- * it should be SSL 2 hello
- */
- record->version[0] = 3; /* assume SSL 3.0 */
- record->version[1] = 0;
-
- record->length = (((headers[0] & 0x7f) << 8)) | headers[1];
-
- /* SSL 2.0 headers */
- record->header_size = record->packet_size = 2;
- record->type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello
- */
-
- /* in order to assist the handshake protocol.
- * V2 compatibility is a mess.
- */
- record->v2 = 1;
- record->epoch = 0;
- memset(&record->sequence, 0, sizeof(record->sequence));
-
- _gnutls_record_log ("REC[%p]: SSL 2.0 %s packet received. Length: %d\n",
- session,
- _gnutls_packet2str (record->type),
- record->length);
-
- }
- else
- {
- /* dtls version 1.0 and TLS version 1.x */
- record->v2 = 0;
-
- record->type = headers[0];
- record->version[0] = headers[1];
- record->version[1] = headers[2];
-
- if(IS_DTLS(session))
- {
- memcpy(record->sequence.i, &headers[3], 8);
- record->length = _gnutls_read_uint16 (&headers[11]);
- record->epoch = _gnutls_read_uint16(record->sequence.i);
- }
- else
- {
- memset(&record->sequence, 0, sizeof(record->sequence));
- record->length = _gnutls_read_uint16 (&headers[3]);
- record->epoch = 0;
- }
-
- _gnutls_record_log ("REC[%p]: SSL %d.%d %s packet received. Epoch %d, length: %d\n",
- session, (int)record->version[0], (int)record->version[1],
- _gnutls_packet2str (record->type),
- (int)record->epoch, record->length);
-
- }
-
- record->packet_size += record->length;
+ /* Read the first two bytes to determine if this is a
+ * version 2 message
+ */
+
+ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
+ && type == GNUTLS_HANDSHAKE && headers[0] > 127
+ && !(IS_DTLS(session))) {
+
+ /* if msb set and expecting handshake message
+ * it should be SSL 2 hello
+ */
+ record->version[0] = 3; /* assume SSL 3.0 */
+ record->version[1] = 0;
+
+ record->length = (((headers[0] & 0x7f) << 8)) | headers[1];
+
+ /* SSL 2.0 headers */
+ record->header_size = record->packet_size = 2;
+ record->type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello
+ */
+
+ /* in order to assist the handshake protocol.
+ * V2 compatibility is a mess.
+ */
+ record->v2 = 1;
+ record->epoch = 0;
+ memset(&record->sequence, 0, sizeof(record->sequence));
+
+ _gnutls_record_log
+ ("REC[%p]: SSL 2.0 %s packet received. Length: %d\n",
+ session, _gnutls_packet2str(record->type),
+ record->length);
+
+ } else {
+ /* dtls version 1.0 and TLS version 1.x */
+ record->v2 = 0;
+
+ record->type = headers[0];
+ record->version[0] = headers[1];
+ record->version[1] = headers[2];
+
+ if (IS_DTLS(session)) {
+ memcpy(record->sequence.i, &headers[3], 8);
+ record->length = _gnutls_read_uint16(&headers[11]);
+ record->epoch =
+ _gnutls_read_uint16(record->sequence.i);
+ } else {
+ memset(&record->sequence, 0,
+ sizeof(record->sequence));
+ record->length = _gnutls_read_uint16(&headers[3]);
+ record->epoch = 0;
+ }
+
+ _gnutls_record_log
+ ("REC[%p]: SSL %d.%d %s packet received. Epoch %d, length: %d\n",
+ session, (int) record->version[0],
+ (int) record->version[1],
+ _gnutls_packet2str(record->type), (int) record->epoch,
+ record->length);
+
+ }
+
+ record->packet_size += record->length;
}
-static int recv_headers( gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- struct tls_record_st* record,
- unsigned int *ms)
+static int recv_headers(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ struct tls_record_st *record, unsigned int *ms)
{
-int ret;
-gnutls_datum_t raw; /* raw headers */
- /* Read the headers.
- */
- record->header_size = record->packet_size = RECORD_HEADER_SIZE(session);
-
- ret =
- _gnutls_io_read_buffered (session, record->header_size, -1, ms);
- if (ret != record->header_size)
- {
- if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- return ret;
-
- if (ret > 0)
- ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- else if (ret == 0)
- ret = GNUTLS_E_PREMATURE_TERMINATION;
-
- return gnutls_assert_val(ret);
- }
-
- ret = _mbuffer_linearize (&session->internals.record_recv_buffer);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _mbuffer_head_get_first (&session->internals.record_recv_buffer, &raw);
- if (raw.size < RECORD_HEADER_SIZE(session))
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
-
- record_read_headers (session, raw.data, type, htype, record);
-
- /* Check if the DTLS epoch is valid */
- if (IS_DTLS(session))
- {
- if (_gnutls_epoch_is_valid(session, record->epoch) == 0)
- {
- _gnutls_audit_log(session, "Discarded message[%u] with invalid epoch %u.\n",
- (unsigned int)_gnutls_uint64touint32 (&record->sequence),
- (unsigned int)record->sequence.i[0]*256+(unsigned int)record->sequence.i[1]);
- gnutls_assert();
- /* doesn't matter, just a fatal error */
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- }
-
- /* Here we check if the Type of the received packet is
- * ok.
- */
- if ((ret = check_recv_type (session, record->type)) < 0)
- return gnutls_assert_val(ret);
-
- /* Here we check if the advertized version is the one we
- * negotiated in the handshake.
- */
- if ((ret = record_check_version (session, htype, record->version)) < 0)
- return gnutls_assert_val(ret);
-
- if (record->length > MAX_RECV_SIZE(session))
- {
- _gnutls_audit_log
- (session, "Received packet with illegal length: %u\n", (unsigned int)record->length);
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- }
-
- _gnutls_record_log
- ("REC[%p]: Expected Packet %s(%d)\n", session,
- _gnutls_packet2str (type), type);
- _gnutls_record_log ("REC[%p]: Received Packet %s(%d) with length: %d\n",
- session,
- _gnutls_packet2str (record->type), record->type, record->length);
-
-
- return 0;
+ int ret;
+ gnutls_datum_t raw; /* raw headers */
+ /* Read the headers.
+ */
+ record->header_size = record->packet_size =
+ RECORD_HEADER_SIZE(session);
+
+ ret =
+ _gnutls_io_read_buffered(session, record->header_size, -1, ms);
+ if (ret != record->header_size) {
+ if (ret < 0 && gnutls_error_is_fatal(ret) == 0)
+ return ret;
+
+ if (ret > 0)
+ ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ else if (ret == 0)
+ ret = GNUTLS_E_PREMATURE_TERMINATION;
+
+ return gnutls_assert_val(ret);
+ }
+
+ ret = _mbuffer_linearize(&session->internals.record_recv_buffer);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _mbuffer_head_get_first(&session->internals.record_recv_buffer,
+ &raw);
+ if (raw.size < RECORD_HEADER_SIZE(session))
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+
+ record_read_headers(session, raw.data, type, htype, record);
+
+ /* Check if the DTLS epoch is valid */
+ if (IS_DTLS(session)) {
+ if (_gnutls_epoch_is_valid(session, record->epoch) == 0) {
+ _gnutls_audit_log(session,
+ "Discarded message[%u] with invalid epoch %u.\n",
+ (unsigned int)
+ _gnutls_uint64touint32(&record->
+ sequence),
+ (unsigned int) record->sequence.
+ i[0] * 256 +
+ (unsigned int) record->sequence.
+ i[1]);
+ gnutls_assert();
+ /* doesn't matter, just a fatal error */
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ }
+
+ /* Here we check if the Type of the received packet is
+ * ok.
+ */
+ if ((ret = check_recv_type(session, record->type)) < 0)
+ return gnutls_assert_val(ret);
+
+ /* Here we check if the advertized version is the one we
+ * negotiated in the handshake.
+ */
+ if ((ret =
+ record_check_version(session, htype, record->version)) < 0)
+ return gnutls_assert_val(ret);
+
+ if (record->length > MAX_RECV_SIZE(session)) {
+ _gnutls_audit_log
+ (session, "Received packet with illegal length: %u\n",
+ (unsigned int) record->length);
+ return
+ gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ }
+
+ _gnutls_record_log
+ ("REC[%p]: Expected Packet %s(%d)\n", session,
+ _gnutls_packet2str(type), type);
+ _gnutls_record_log
+ ("REC[%p]: Received Packet %s(%d) with length: %d\n", session,
+ _gnutls_packet2str(record->type), record->type,
+ record->length);
+
+
+ return 0;
}
/* @ms: is the number of milliseconds to wait for data. Use zero for indefinite.
@@ -1111,149 +1117,162 @@ gnutls_datum_t raw; /* raw headers */
* will be enforced.
*/
ssize_t
-_gnutls_recv_in_buffers (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype, unsigned int ms)
+_gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int ms)
{
- uint64 *packet_sequence;
- gnutls_datum_t ciphertext;
- mbuffer_st* bufel = NULL, *decrypted = NULL;
- gnutls_datum_t t;
- int ret;
- unsigned int empty_fragments = 0;
- record_parameters_st *record_params;
- record_state_st *record_state;
- struct tls_record_st record;
-
-begin:
-
- if (empty_fragments > session->internals.priorities.max_empty_records)
- {
- gnutls_assert ();
- return GNUTLS_E_TOO_MANY_EMPTY_PACKETS;
- }
-
- if (session->internals.read_eof != 0)
- {
- /* if we have already read an EOF
- */
- return 0;
- }
- else if (session_is_valid (session) != 0
- || session->internals.may_not_read != 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_SESSION);
-
- /* get the record state parameters */
- ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- /* Safeguard against processing data with an incomplete cipher state. */
- if (!record_params->initialized)
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
-
- record_state = &record_params->read;
-
- /* receive headers */
- ret = recv_headers(session, type, htype, &record, &ms);
- if (ret < 0)
- {
- ret = gnutls_assert_val_fatal(ret);
- goto recv_error;
- }
-
- if (IS_DTLS(session))
- packet_sequence = &record.sequence;
- else
- packet_sequence = &record_state->sequence_number;
-
- /* Read the packet data and insert it to record_recv_buffer.
- */
- ret =
- _gnutls_io_read_buffered (session, record.packet_size,
- record.type, &ms);
- if (ret != record.packet_size)
- {
- gnutls_assert();
- goto recv_error;
- }
-
- /* ok now we are sure that we have read all the data - so
- * move on !
- */
- ret = _mbuffer_linearize (&session->internals.record_recv_buffer);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- bufel = _mbuffer_head_get_first (&session->internals.record_recv_buffer, NULL);
- if (bufel == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- /* We allocate the maximum possible to allow few compressed bytes to expand to a
- * full record.
- */
- decrypted = _mbuffer_alloc(record.length, record.length);
- if (decrypted == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ciphertext.data = (uint8_t*)_mbuffer_get_udata_ptr(bufel) + record.header_size;
- ciphertext.size = record.length;
-
- /* decrypt the data we got.
- */
- t.data = _mbuffer_get_udata_ptr(decrypted);
- t.size = _mbuffer_get_udata_size(decrypted);
- ret =
- _gnutls_decrypt (session, &ciphertext, &t,
- record.type, record_params, packet_sequence);
- if (ret >= 0) _mbuffer_set_udata_size(decrypted, ret);
-
- _mbuffer_head_remove_bytes (&session->internals.record_recv_buffer,
- record.header_size + record.length);
- if (ret < 0)
- {
- gnutls_assert();
- _gnutls_audit_log(session, "Discarded message[%u] due to invalid decryption\n",
- (unsigned int)_gnutls_uint64touint32 (packet_sequence));
- goto sanity_check_error;
- }
-
- /* check for duplicates. We check after the message
- * is processed and authenticated to avoid someone
- * messing with our windows.
- */
- if (IS_DTLS(session) && session->internals.no_replay_protection == 0)
- {
- ret = _dtls_record_check(record_params, packet_sequence);
- if (ret < 0)
- {
- _gnutls_record_log("REC[%p]: Discarded duplicate message[%u.%u]: %s\n", session,
- (unsigned int)record.sequence.i[0]*256 +(unsigned int)record.sequence.i[1],
- (unsigned int) _gnutls_uint64touint32 (packet_sequence), _gnutls_packet2str (record.type));
- goto sanity_check_error;
- }
- _gnutls_record_log
- ("REC[%p]: Decrypted Packet[%u.%u] %s(%d) with length: %d\n", session,
- (unsigned int)record.sequence.i[0]*256 +(unsigned int)record.sequence.i[1],
- (unsigned int) _gnutls_uint64touint32 (packet_sequence),
- _gnutls_packet2str (record.type), record.type, (int)_mbuffer_get_udata_size(decrypted));
- }
- else
- {
- _gnutls_record_log
- ("REC[%p]: Decrypted Packet[%u] %s(%d) with length: %d\n", session,
- (unsigned int) _gnutls_uint64touint32 (packet_sequence),
- _gnutls_packet2str (record.type), record.type, (int)_mbuffer_get_udata_size(decrypted));
- }
-
- /* increase sequence number
- */
- if (!IS_DTLS(session) && sequence_increment (session, &record_state->sequence_number) != 0)
- {
- session_invalidate (session);
- gnutls_assert ();
- ret = GNUTLS_E_RECORD_LIMIT_REACHED;
- goto sanity_check_error;
- }
+ uint64 *packet_sequence;
+ gnutls_datum_t ciphertext;
+ mbuffer_st *bufel = NULL, *decrypted = NULL;
+ gnutls_datum_t t;
+ int ret;
+ unsigned int empty_fragments = 0;
+ record_parameters_st *record_params;
+ record_state_st *record_state;
+ struct tls_record_st record;
+
+ begin:
+
+ if (empty_fragments >
+ session->internals.priorities.max_empty_records) {
+ gnutls_assert();
+ return GNUTLS_E_TOO_MANY_EMPTY_PACKETS;
+ }
+
+ if (session->internals.read_eof != 0) {
+ /* if we have already read an EOF
+ */
+ return 0;
+ } else if (session_is_valid(session) != 0
+ || session->internals.may_not_read != 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_SESSION);
+
+ /* get the record state parameters */
+ ret =
+ _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Safeguard against processing data with an incomplete cipher state. */
+ if (!record_params->initialized)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ record_state = &record_params->read;
+
+ /* receive headers */
+ ret = recv_headers(session, type, htype, &record, &ms);
+ if (ret < 0) {
+ ret = gnutls_assert_val_fatal(ret);
+ goto recv_error;
+ }
+
+ if (IS_DTLS(session))
+ packet_sequence = &record.sequence;
+ else
+ packet_sequence = &record_state->sequence_number;
+
+ /* Read the packet data and insert it to record_recv_buffer.
+ */
+ ret =
+ _gnutls_io_read_buffered(session, record.packet_size,
+ record.type, &ms);
+ if (ret != record.packet_size) {
+ gnutls_assert();
+ goto recv_error;
+ }
+
+ /* ok now we are sure that we have read all the data - so
+ * move on !
+ */
+ ret = _mbuffer_linearize(&session->internals.record_recv_buffer);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ bufel =
+ _mbuffer_head_get_first(&session->internals.record_recv_buffer,
+ NULL);
+ if (bufel == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ /* We allocate the maximum possible to allow few compressed bytes to expand to a
+ * full record.
+ */
+ decrypted = _mbuffer_alloc(record.length, record.length);
+ if (decrypted == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ciphertext.data =
+ (uint8_t *) _mbuffer_get_udata_ptr(bufel) + record.header_size;
+ ciphertext.size = record.length;
+
+ /* decrypt the data we got.
+ */
+ t.data = _mbuffer_get_udata_ptr(decrypted);
+ t.size = _mbuffer_get_udata_size(decrypted);
+ ret =
+ _gnutls_decrypt(session, &ciphertext, &t,
+ record.type, record_params, packet_sequence);
+ if (ret >= 0)
+ _mbuffer_set_udata_size(decrypted, ret);
+
+ _mbuffer_head_remove_bytes(&session->internals.record_recv_buffer,
+ record.header_size + record.length);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "Discarded message[%u] due to invalid decryption\n",
+ (unsigned int)
+ _gnutls_uint64touint32(packet_sequence));
+ goto sanity_check_error;
+ }
+
+ /* check for duplicates. We check after the message
+ * is processed and authenticated to avoid someone
+ * messing with our windows.
+ */
+ if (IS_DTLS(session)
+ && session->internals.no_replay_protection == 0) {
+ ret = _dtls_record_check(record_params, packet_sequence);
+ if (ret < 0) {
+ _gnutls_record_log
+ ("REC[%p]: Discarded duplicate message[%u.%u]: %s\n",
+ session,
+ (unsigned int) record.sequence.i[0] * 256 +
+ (unsigned int) record.sequence.i[1],
+ (unsigned int)
+ _gnutls_uint64touint32(packet_sequence),
+ _gnutls_packet2str(record.type));
+ goto sanity_check_error;
+ }
+ _gnutls_record_log
+ ("REC[%p]: Decrypted Packet[%u.%u] %s(%d) with length: %d\n",
+ session,
+ (unsigned int) record.sequence.i[0] * 256 +
+ (unsigned int) record.sequence.i[1],
+ (unsigned int)
+ _gnutls_uint64touint32(packet_sequence),
+ _gnutls_packet2str(record.type), record.type,
+ (int) _mbuffer_get_udata_size(decrypted));
+ } else {
+ _gnutls_record_log
+ ("REC[%p]: Decrypted Packet[%u] %s(%d) with length: %d\n",
+ session,
+ (unsigned int)
+ _gnutls_uint64touint32(packet_sequence),
+ _gnutls_packet2str(record.type), record.type,
+ (int) _mbuffer_get_udata_size(decrypted));
+ }
+
+ /* increase sequence number
+ */
+ if (!IS_DTLS(session)
+ && sequence_increment(session,
+ &record_state->sequence_number) != 0) {
+ session_invalidate(session);
+ gnutls_assert();
+ ret = GNUTLS_E_RECORD_LIMIT_REACHED;
+ goto sanity_check_error;
+ }
/* (originally for) TLS 1.0 CBC protection.
* Actually this code is called if we just received
@@ -1262,78 +1281,77 @@ begin:
* In that case we go to the beginning and start reading
* the next packet.
*/
- if (_mbuffer_get_udata_size(decrypted) == 0)
- {
- _mbuffer_xfree(&decrypted);
- empty_fragments++;
- goto begin;
- }
-
- if (record.v2)
- decrypted->htype = GNUTLS_HANDSHAKE_CLIENT_HELLO_V2;
- else
- {
- uint8_t * p = _mbuffer_get_udata_ptr(decrypted);
- decrypted->htype = p[0];
- }
-
- ret =
- record_add_to_buffers (session, &record, type, htype,
- packet_sequence, decrypted);
-
- /* bufel is now either deinitialized or buffered somewhere else */
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return ret;
-
-discard:
- session->internals.dtls.packets_dropped++;
-
- /* discard the whole received fragment. */
- bufel = _mbuffer_head_pop_first(&session->internals.record_recv_buffer);
- _mbuffer_xfree(&bufel);
- return gnutls_assert_val(GNUTLS_E_AGAIN);
-
-sanity_check_error:
- if (IS_DTLS(session))
- {
- session->internals.dtls.packets_dropped++;
- ret = gnutls_assert_val(GNUTLS_E_AGAIN);
- goto cleanup;
- }
-
- session_unresumable (session);
- session_invalidate (session);
-
-cleanup:
- _mbuffer_xfree(&decrypted);
- return ret;
-
-recv_error:
- if (ret < 0 && (gnutls_error_is_fatal (ret) == 0 || ret == GNUTLS_E_TIMEDOUT))
- return ret;
-
- if (type == GNUTLS_ALERT) /* we were expecting close notify */
- {
- session_invalidate (session);
- gnutls_assert ();
- return 0;
- }
-
- if (IS_DTLS(session))
- {
- goto discard;
- }
-
- session_invalidate (session);
- session_unresumable (session);
-
- if (ret == 0)
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- else
- return ret;
+ if (_mbuffer_get_udata_size(decrypted) == 0) {
+ _mbuffer_xfree(&decrypted);
+ empty_fragments++;
+ goto begin;
+ }
+
+ if (record.v2)
+ decrypted->htype = GNUTLS_HANDSHAKE_CLIENT_HELLO_V2;
+ else {
+ uint8_t *p = _mbuffer_get_udata_ptr(decrypted);
+ decrypted->htype = p[0];
+ }
+
+ ret =
+ record_add_to_buffers(session, &record, type, htype,
+ packet_sequence, decrypted);
+
+ /* bufel is now either deinitialized or buffered somewhere else */
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return ret;
+
+ discard:
+ session->internals.dtls.packets_dropped++;
+
+ /* discard the whole received fragment. */
+ bufel =
+ _mbuffer_head_pop_first(&session->internals.
+ record_recv_buffer);
+ _mbuffer_xfree(&bufel);
+ return gnutls_assert_val(GNUTLS_E_AGAIN);
+
+ sanity_check_error:
+ if (IS_DTLS(session)) {
+ session->internals.dtls.packets_dropped++;
+ ret = gnutls_assert_val(GNUTLS_E_AGAIN);
+ goto cleanup;
+ }
+
+ session_unresumable(session);
+ session_invalidate(session);
+
+ cleanup:
+ _mbuffer_xfree(&decrypted);
+ return ret;
+
+ recv_error:
+ if (ret < 0
+ && (gnutls_error_is_fatal(ret) == 0
+ || ret == GNUTLS_E_TIMEDOUT))
+ return ret;
+
+ if (type == GNUTLS_ALERT) { /* we were expecting close notify */
+ session_invalidate(session);
+ gnutls_assert();
+ return 0;
+ }
+
+ if (IS_DTLS(session)) {
+ goto discard;
+ }
+
+ session_invalidate(session);
+ session_unresumable(session);
+
+ if (ret == 0)
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ else
+ return ret;
}
/* This function behaves exactly like read(). The only difference is
@@ -1344,55 +1362,52 @@ recv_error:
* The gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos.
*/
ssize_t
-_gnutls_recv_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- uint8_t * data, size_t data_size, void* seq,
- unsigned int ms)
+_gnutls_recv_int(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ uint8_t * data, size_t data_size, void *seq,
+ unsigned int ms)
{
- int ret;
-
- if ((type != GNUTLS_ALERT && type != GNUTLS_HEARTBEAT) && (data_size == 0 || data == NULL))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (session->internals.read_eof != 0)
- {
- /* if we have already read an EOF
- */
- return 0;
- }
- else if (session_is_valid (session) != 0
- || session->internals.may_not_read != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- switch(session->internals.recv_state)
- {
- case RECV_STATE_DTLS_RETRANSMIT:
- ret = _dtls_retransmit(session);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- session->internals.recv_state = RECV_STATE_0;
- case RECV_STATE_0:
-
- _dtls_async_timer_check(session);
- /* If we have enough data in the cache do not bother receiving
- * a new packet. (in order to flush the cache)
- */
- ret = check_buffers (session, type, data, data_size, seq);
- if (ret != 0)
- return ret;
-
- ret = _gnutls_recv_in_buffers(session, type, htype, ms);
- if (ret < 0 && ret != GNUTLS_E_SESSION_EOF)
- return gnutls_assert_val(ret);
-
- return check_buffers (session, type, data, data_size, seq);
- default:
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
+ int ret;
+
+ if ((type != GNUTLS_ALERT && type != GNUTLS_HEARTBEAT)
+ && (data_size == 0 || data == NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (session->internals.read_eof != 0) {
+ /* if we have already read an EOF
+ */
+ return 0;
+ } else if (session_is_valid(session) != 0
+ || session->internals.may_not_read != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ switch (session->internals.recv_state) {
+ case RECV_STATE_DTLS_RETRANSMIT:
+ ret = _dtls_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->internals.recv_state = RECV_STATE_0;
+ case RECV_STATE_0:
+
+ _dtls_async_timer_check(session);
+ /* If we have enough data in the cache do not bother receiving
+ * a new packet. (in order to flush the cache)
+ */
+ ret = check_buffers(session, type, data, data_size, seq);
+ if (ret != 0)
+ return ret;
+
+ ret = _gnutls_recv_in_buffers(session, type, htype, ms);
+ if (ret < 0 && ret != GNUTLS_E_SESSION_EOF)
+ return gnutls_assert_val(ret);
+
+ return check_buffers(session, type, data, data_size, seq);
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
}
/**
@@ -1427,25 +1442,26 @@ _gnutls_recv_int (gnutls_session_t session, content_type_t type,
* on the negotiated maximum record size.
**/
ssize_t
-gnutls_record_send (gnutls_session_t session, const void *data,
- size_t data_size)
+gnutls_record_send(gnutls_session_t session, const void *data,
+ size_t data_size)
{
- if (session->internals.record_flush_mode == RECORD_FLUSH)
- {
- return _gnutls_send_int (session, GNUTLS_APPLICATION_DATA, -1,
- EPOCH_WRITE_CURRENT, data, data_size,
- MBUFFER_FLUSH);
- }
- else /* GNUTLS_CORKED */
- {
- int ret;
-
- ret = _gnutls_buffer_append_data(&session->internals.record_presend_buffer, data, data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return data_size;
- }
+ if (session->internals.record_flush_mode == RECORD_FLUSH) {
+ return _gnutls_send_int(session, GNUTLS_APPLICATION_DATA,
+ -1, EPOCH_WRITE_CURRENT, data,
+ data_size, MBUFFER_FLUSH);
+ } else { /* GNUTLS_CORKED */
+
+ int ret;
+
+ ret =
+ _gnutls_buffer_append_data(&session->internals.
+ record_presend_buffer, data,
+ data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return data_size;
+ }
}
/**
@@ -1458,10 +1474,9 @@ gnutls_record_send (gnutls_session_t session, const void *data,
*
* Since: 3.1.9
**/
-void
-gnutls_record_cork (gnutls_session_t session)
+void gnutls_record_cork(gnutls_session_t session)
{
- session->internals.record_flush_mode = RECORD_CORKED;
+ session->internals.record_flush_mode = RECORD_CORKED;
}
/**
@@ -1480,46 +1495,51 @@ gnutls_record_cork (gnutls_session_t session)
*
* Since: 3.1.9
**/
-int
-gnutls_record_uncork (gnutls_session_t session, unsigned int flags)
+int gnutls_record_uncork(gnutls_session_t session, unsigned int flags)
{
-int ret;
-ssize_t total = 0;
-
- if (session->internals.record_flush_mode == RECORD_FLUSH)
- return 0; /* nothing to be done */
-
- session->internals.record_flush_mode = RECORD_FLUSH;
-
- while(session->internals.record_presend_buffer.length > 0)
- {
- if (flags == GNUTLS_RECORD_WAIT)
- {
- do
- {
- ret = gnutls_record_send(session, session->internals.record_presend_buffer.data,
- session->internals.record_presend_buffer.length);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- }
- else
- {
- ret = gnutls_record_send(session, session->internals.record_presend_buffer.data,
- session->internals.record_presend_buffer.length);
- }
- if (ret < 0)
- goto fail;
-
- session->internals.record_presend_buffer.data += ret;
- session->internals.record_presend_buffer.length -= ret;
- total += ret;
- }
-
- return total;
-
-fail:
- session->internals.record_flush_mode = RECORD_CORKED;
- return ret;
+ int ret;
+ ssize_t total = 0;
+
+ if (session->internals.record_flush_mode == RECORD_FLUSH)
+ return 0; /* nothing to be done */
+
+ session->internals.record_flush_mode = RECORD_FLUSH;
+
+ while (session->internals.record_presend_buffer.length > 0) {
+ if (flags == GNUTLS_RECORD_WAIT) {
+ do {
+ ret =
+ gnutls_record_send(session,
+ session->internals.
+ record_presend_buffer.
+ data,
+ session->internals.
+ record_presend_buffer.
+ length);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ } else {
+ ret =
+ gnutls_record_send(session,
+ session->internals.
+ record_presend_buffer.data,
+ session->internals.
+ record_presend_buffer.
+ length);
+ }
+ if (ret < 0)
+ goto fail;
+
+ session->internals.record_presend_buffer.data += ret;
+ session->internals.record_presend_buffer.length -= ret;
+ total += ret;
+ }
+
+ return total;
+
+ fail:
+ session->internals.record_flush_mode = RECORD_CORKED;
+ return ret;
}
/**
@@ -1550,10 +1570,11 @@ fail:
* The number of bytes received might be less than the requested @data_size.
**/
ssize_t
-gnutls_record_recv (gnutls_session_t session, void *data, size_t data_size)
+gnutls_record_recv(gnutls_session_t session, void *data, size_t data_size)
{
- return _gnutls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data, data_size,
- NULL, session->internals.record_timeout_ms);
+ return _gnutls_recv_int(session, GNUTLS_APPLICATION_DATA, -1, data,
+ data_size, NULL,
+ session->internals.record_timeout_ms);
}
/**
@@ -1577,11 +1598,12 @@ gnutls_record_recv (gnutls_session_t session, void *data, size_t data_size)
* Since: 3.0
**/
ssize_t
-gnutls_record_recv_seq (gnutls_session_t session, void *data, size_t data_size,
- unsigned char *seq)
+gnutls_record_recv_seq(gnutls_session_t session, void *data,
+ size_t data_size, unsigned char *seq)
{
- return _gnutls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data,
- data_size, seq, session->internals.record_timeout_ms);
+ return _gnutls_recv_int(session, GNUTLS_APPLICATION_DATA, -1, data,
+ data_size, seq,
+ session->internals.record_timeout_ms);
}
/**
@@ -1600,8 +1622,7 @@ gnutls_record_recv_seq (gnutls_session_t session, void *data, size_t data_size,
* Since: 3.1.7
*
**/
-void
-gnutls_record_set_timeout (gnutls_session_t session, unsigned int ms)
+void gnutls_record_set_timeout(gnutls_session_t session, unsigned int ms)
{
- session->internals.record_timeout_ms = ms;
+ session->internals.record_timeout_ms = ms;
}
diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h
index 5c85dedf53..1a515610b4 100644
--- a/lib/gnutls_record.h
+++ b/lib/gnutls_record.h
@@ -26,38 +26,38 @@
#include <gnutls/gnutls.h>
#include <gnutls_buffers.h>
-ssize_t _gnutls_send_tlen_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- unsigned int epoch_rel, const void *data,
- size_t sizeofdata,
- size_t min_pad,
- unsigned int mflags);
+ssize_t _gnutls_send_tlen_int(gnutls_session_t session,
+ content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *data,
+ size_t sizeofdata, size_t min_pad,
+ unsigned int mflags);
inline static ssize_t
-_gnutls_send_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t htype,
- unsigned int epoch_rel, const void *_data,
- size_t data_size, unsigned int mflags)
+_gnutls_send_int(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *_data,
+ size_t data_size, unsigned int mflags)
{
- return _gnutls_send_tlen_int(session,type,htype,epoch_rel,_data,data_size,0,mflags);
+ return _gnutls_send_tlen_int(session, type, htype, epoch_rel,
+ _data, data_size, 0, mflags);
}
-ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type,
- gnutls_handshake_description_t, uint8_t * data,
- size_t sizeofdata, void* seq, unsigned int ms);
+ssize_t _gnutls_recv_int(gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t, uint8_t * data,
+ size_t sizeofdata, void *seq, unsigned int ms);
-inline
-static int get_max_decrypted_data(gnutls_session_t session)
+inline static int get_max_decrypted_data(gnutls_session_t session)
{
-int ret;
+ int ret;
- ret = MAX_RECORD_RECV_SIZE(session) + MAX_RECORD_OVERHEAD(session);
+ ret = MAX_RECORD_RECV_SIZE(session) + MAX_RECORD_OVERHEAD(session);
- if (session->internals.priorities.allow_large_records != 0 &&
- gnutls_compression_get(session)==GNUTLS_COMP_NULL)
- ret += EXTRA_COMP_SIZE;
+ if (session->internals.priorities.allow_large_records != 0 &&
+ gnutls_compression_get(session) == GNUTLS_COMP_NULL)
+ ret += EXTRA_COMP_SIZE;
- return ret;
+ return ret;
}
#endif
diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c
index 396bc73d5f..29ee450511 100644
--- a/lib/gnutls_rsa_export.c
+++ b/lib/gnutls_rsa_export.c
@@ -52,15 +52,16 @@
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u)
+gnutls_rsa_params_import_raw(gnutls_rsa_params_t rsa_params,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u)
{
- return gnutls_x509_privkey_import_rsa_raw (rsa_params, m, e, d, p, q, u);
+ return gnutls_x509_privkey_import_rsa_raw(rsa_params, m, e, d, p,
+ q, u);
}
/**
@@ -71,19 +72,17 @@ gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
*
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
-int
-gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params)
+int gnutls_rsa_params_init(gnutls_rsa_params_t * rsa_params)
{
- int ret;
+ int ret;
- ret = gnutls_x509_privkey_init (rsa_params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_x509_privkey_init(rsa_params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -92,10 +91,9 @@ gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params)
*
* This function will deinitialize the RSA parameters structure.
**/
-void
-gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params)
+void gnutls_rsa_params_deinit(gnutls_rsa_params_t rsa_params)
{
- gnutls_x509_privkey_deinit (rsa_params);
+ gnutls_x509_privkey_deinit(rsa_params);
}
/**
@@ -108,10 +106,9 @@ gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
-int
-gnutls_rsa_params_cpy (gnutls_rsa_params_t dst, gnutls_rsa_params_t src)
+int gnutls_rsa_params_cpy(gnutls_rsa_params_t dst, gnutls_rsa_params_t src)
{
- return gnutls_x509_privkey_cpy (dst, src);
+ return gnutls_x509_privkey_cpy(dst, src);
}
/**
@@ -131,9 +128,10 @@ gnutls_rsa_params_cpy (gnutls_rsa_params_t dst, gnutls_rsa_params_t src)
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_rsa_params_generate2 (gnutls_rsa_params_t params, unsigned int bits)
+gnutls_rsa_params_generate2(gnutls_rsa_params_t params, unsigned int bits)
{
- return gnutls_x509_privkey_generate (params, GNUTLS_PK_RSA, bits, 0);
+ return gnutls_x509_privkey_generate(params, GNUTLS_PK_RSA, bits,
+ 0);
}
/**
@@ -151,11 +149,11 @@ gnutls_rsa_params_generate2 (gnutls_rsa_params_t params, unsigned int bits)
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
- const gnutls_datum_t * pkcs1_params,
- gnutls_x509_crt_fmt_t format)
+gnutls_rsa_params_import_pkcs1(gnutls_rsa_params_t params,
+ const gnutls_datum_t * pkcs1_params,
+ gnutls_x509_crt_fmt_t format)
{
- return gnutls_x509_privkey_import (params, pkcs1_params, format);
+ return gnutls_x509_privkey_import(params, pkcs1_params, format);
}
/**
@@ -175,13 +173,13 @@ gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
- gnutls_x509_crt_fmt_t format,
- unsigned char *params_data,
- size_t * params_data_size)
+gnutls_rsa_params_export_pkcs1(gnutls_rsa_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size)
{
- return gnutls_x509_privkey_export (params, format,
- params_data, params_data_size);
+ return gnutls_x509_privkey_export(params, format,
+ params_data, params_data_size);
}
/**
@@ -202,25 +200,24 @@ gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
* Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
**/
int
-gnutls_rsa_params_export_raw (gnutls_rsa_params_t rsa,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- unsigned int *bits)
+gnutls_rsa_params_export_raw(gnutls_rsa_params_t rsa,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ unsigned int *bits)
{
- int ret;
+ int ret;
- ret = gnutls_x509_privkey_export_rsa_raw (rsa, m, e, d, p, q, u);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_x509_privkey_export_rsa_raw(rsa, m, e, d, p, q, u);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (bits)
- *bits = _gnutls_mpi_get_nbits (rsa->params.params[3]);
+ if (bits)
+ *bits = _gnutls_mpi_get_nbits(rsa->params.params[3]);
- return 0;
+ return 0;
}
-#endif /* ENABLE_RSA_EXPORT */
+#endif /* ENABLE_RSA_EXPORT */
diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c
index f7d8113473..5a7fdf8a93 100644
--- a/lib/gnutls_session.c
+++ b/lib/gnutls_session.c
@@ -40,41 +40,39 @@
* an error code is returned.
**/
int
-gnutls_session_get_data (gnutls_session_t session,
- void *session_data, size_t * session_data_size)
+gnutls_session_get_data(gnutls_session_t session,
+ void *session_data, size_t * session_data_size)
{
- gnutls_datum_t psession;
- int ret;
+ gnutls_datum_t psession;
+ int ret;
- if (session->internals.resumable == RESUME_FALSE)
- return GNUTLS_E_INVALID_SESSION;
+ if (session->internals.resumable == RESUME_FALSE)
+ return GNUTLS_E_INVALID_SESSION;
- psession.data = session_data;
+ psession.data = session_data;
- ret = _gnutls_session_pack (session, &psession);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_session_pack(session, &psession);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (psession.size > *session_data_size)
- {
- *session_data_size = psession.size;
- ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto error;
- }
- *session_data_size = psession.size;
+ if (psession.size > *session_data_size) {
+ *session_data_size = psession.size;
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto error;
+ }
+ *session_data_size = psession.size;
- if (session_data != NULL)
- memcpy (session_data, psession.data, psession.size);
+ if (session_data != NULL)
+ memcpy(session_data, psession.data, psession.size);
- ret = 0;
+ ret = 0;
-error:
- _gnutls_free_datum (&psession);
- return ret;
+ error:
+ _gnutls_free_datum(&psession);
+ return ret;
}
/**
@@ -92,27 +90,25 @@ error:
* an error code is returned.
**/
int
-gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data)
+gnutls_session_get_data2(gnutls_session_t session, gnutls_datum_t * data)
{
- int ret;
+ int ret;
- if (data == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (data == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (session->internals.resumable == RESUME_FALSE)
- return GNUTLS_E_INVALID_SESSION;
+ if (session->internals.resumable == RESUME_FALSE)
+ return GNUTLS_E_INVALID_SESSION;
- ret = _gnutls_session_pack (session, data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_session_pack(session, data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -135,28 +131,27 @@ gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data)
* an error code is returned.
**/
int
-gnutls_session_get_id (gnutls_session_t session,
- void *session_id, size_t * session_id_size)
+gnutls_session_get_id(gnutls_session_t session,
+ void *session_id, size_t * session_id_size)
{
- size_t given_session_id_size = *session_id_size;
+ size_t given_session_id_size = *session_id_size;
- *session_id_size = session->security_parameters.session_id_size;
+ *session_id_size = session->security_parameters.session_id_size;
- /* just return the session size */
- if (session_id == NULL)
- {
- return 0;
- }
+ /* just return the session size */
+ if (session_id == NULL) {
+ return 0;
+ }
- if (given_session_id_size < session->security_parameters.session_id_size)
- {
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (given_session_id_size <
+ session->security_parameters.session_id_size) {
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- memcpy (session_id, &session->security_parameters.session_id,
- *session_id_size);
+ memcpy(session_id, &session->security_parameters.session_id,
+ *session_id_size);
- return 0;
+ return 0;
}
/**
@@ -173,13 +168,13 @@ gnutls_session_get_id (gnutls_session_t session,
* Since: 3.1.4
**/
int
-gnutls_session_get_id2 (gnutls_session_t session,
- gnutls_datum_t *session_id)
+gnutls_session_get_id2(gnutls_session_t session,
+ gnutls_datum_t * session_id)
{
- session_id->size = session->security_parameters.session_id_size;
- session_id->data = session->security_parameters.session_id;
+ session_id->size = session->security_parameters.session_id_size;
+ session_id->data = session->security_parameters.session_id;
- return 0;
+ return 0;
}
/**
@@ -201,30 +196,28 @@ gnutls_session_get_id2 (gnutls_session_t session,
* an error code is returned.
**/
int
-gnutls_session_set_data (gnutls_session_t session,
- const void *session_data, size_t session_data_size)
+gnutls_session_set_data(gnutls_session_t session,
+ const void *session_data, size_t session_data_size)
{
- int ret;
- gnutls_datum_t psession;
-
- psession.data = (uint8_t *) session_data;
- psession.size = session_data_size;
-
- if (session_data == NULL || session_data_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- ret = _gnutls_session_unpack (session, &psession);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- session->internals.resumption_requested = 1;
-
- return 0;
+ int ret;
+ gnutls_datum_t psession;
+
+ psession.data = (uint8_t *) session_data;
+ psession.size = session_data_size;
+
+ if (session_data == NULL || session_data_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ ret = _gnutls_session_unpack(session, &psession);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ session->internals.resumption_requested = 1;
+
+ return 0;
}
/**
@@ -238,8 +231,7 @@ gnutls_session_set_data (gnutls_session_t session,
* applications.
*
**/
-void
-gnutls_session_force_valid (gnutls_session_t session)
+void gnutls_session_force_valid(gnutls_session_t session)
{
- session->internals.invalid_connection = 0;
+ session->internals.invalid_connection = 0;
}
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index b230f5e8fe..0fb11eeb2e 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -44,30 +44,30 @@
#include <gnutls_state.h>
#include <gnutls_db.h>
-static int pack_certificate_auth_info (gnutls_session_t,
- gnutls_buffer_st * packed_session);
-static int unpack_certificate_auth_info (gnutls_session_t,
- gnutls_buffer_st * packed_session);
+static int pack_certificate_auth_info(gnutls_session_t,
+ gnutls_buffer_st * packed_session);
+static int unpack_certificate_auth_info(gnutls_session_t,
+ gnutls_buffer_st * packed_session);
-static int unpack_srp_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
-static int pack_srp_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+static int unpack_srp_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_srp_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
-static int unpack_psk_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
-static int pack_psk_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+static int unpack_psk_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_psk_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
-static int unpack_anon_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
-static int pack_anon_auth_info (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+static int unpack_anon_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_anon_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
-static int unpack_security_parameters (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
-static int pack_security_parameters (gnutls_session_t session,
- gnutls_buffer_st * packed_session);
+static int unpack_security_parameters(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_security_parameters(gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
/* Since auth_info structures contain malloced data, this function
@@ -79,211 +79,194 @@ static int pack_security_parameters (gnutls_session_t session,
* The data will be in a platform independent format.
*/
int
-_gnutls_session_pack (gnutls_session_t session,
- gnutls_datum_t * packed_session)
+_gnutls_session_pack(gnutls_session_t session,
+ gnutls_datum_t * packed_session)
{
- int ret;
- gnutls_buffer_st sb;
- uint8_t id;
+ int ret;
+ gnutls_buffer_st sb;
+ uint8_t id;
- if (packed_session == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (packed_session == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- _gnutls_buffer_init (&sb);
+ _gnutls_buffer_init(&sb);
- id = gnutls_auth_get_type (session);
+ id = gnutls_auth_get_type(session);
- BUFFER_APPEND_NUM(&sb, PACKED_SESSION_MAGIC);
- BUFFER_APPEND_NUM(&sb, session->security_parameters.timestamp);
- BUFFER_APPEND (&sb, &id, 1);
+ BUFFER_APPEND_NUM(&sb, PACKED_SESSION_MAGIC);
+ BUFFER_APPEND_NUM(&sb, session->security_parameters.timestamp);
+ BUFFER_APPEND(&sb, &id, 1);
- switch (id)
- {
+ switch (id) {
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:
- ret = pack_srp_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- break;
+ case GNUTLS_CRD_SRP:
+ ret = pack_srp_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+ break;
#endif
#ifdef ENABLE_PSK
- case GNUTLS_CRD_PSK:
- ret = pack_psk_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- break;
+ case GNUTLS_CRD_PSK:
+ ret = pack_psk_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+ break;
#endif
#ifdef ENABLE_ANON
- case GNUTLS_CRD_ANON:
- ret = pack_anon_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- break;
+ case GNUTLS_CRD_ANON:
+ ret = pack_anon_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+ break;
#endif
- case GNUTLS_CRD_CERTIFICATE:
- ret = pack_certificate_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- break;
- default:
- return GNUTLS_E_INTERNAL_ERROR;
-
- }
-
- /* Auth_info structures copied. Now copy security_parameters_st.
- * packed_session must have allocated space for the security parameters.
- */
- ret = pack_security_parameters (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- ret = _gnutls_ext_pack (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- return _gnutls_buffer_to_datum (&sb, packed_session);
-
-fail:
- _gnutls_buffer_clear (&sb);
- return ret;
+ case GNUTLS_CRD_CERTIFICATE:
+ ret = pack_certificate_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+ break;
+ default:
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ }
+
+ /* Auth_info structures copied. Now copy security_parameters_st.
+ * packed_session must have allocated space for the security parameters.
+ */
+ ret = pack_security_parameters(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ ret = _gnutls_ext_pack(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ return _gnutls_buffer_to_datum(&sb, packed_session);
+
+ fail:
+ _gnutls_buffer_clear(&sb);
+ return ret;
}
/* Load session data from a buffer.
*/
int
-_gnutls_session_unpack (gnutls_session_t session,
- const gnutls_datum_t * packed_session)
+_gnutls_session_unpack(gnutls_session_t session,
+ const gnutls_datum_t * packed_session)
{
- int ret;
- gnutls_buffer_st sb;
- uint32_t magic;
- uint8_t id;
-
- _gnutls_buffer_init (&sb);
-
- if (packed_session == NULL || packed_session->size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret =
- _gnutls_buffer_append_data (&sb, packed_session->data,
- packed_session->size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (_gnutls_get_auth_info (session) != NULL)
- {
- _gnutls_free_auth_info (session);
- }
-
- BUFFER_POP_NUM (&sb, magic);
- if (magic != PACKED_SESSION_MAGIC)
- {
- ret = gnutls_assert_val(GNUTLS_E_DB_ERROR);
- goto error;
- }
-
- BUFFER_POP_NUM (&sb, session->internals.resumed_security_parameters.timestamp);
- BUFFER_POP (&sb, &id, 1);
-
- switch (id)
- {
+ int ret;
+ gnutls_buffer_st sb;
+ uint32_t magic;
+ uint8_t id;
+
+ _gnutls_buffer_init(&sb);
+
+ if (packed_session == NULL || packed_session->size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ _gnutls_buffer_append_data(&sb, packed_session->data,
+ packed_session->size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (_gnutls_get_auth_info(session) != NULL) {
+ _gnutls_free_auth_info(session);
+ }
+
+ BUFFER_POP_NUM(&sb, magic);
+ if (magic != PACKED_SESSION_MAGIC) {
+ ret = gnutls_assert_val(GNUTLS_E_DB_ERROR);
+ goto error;
+ }
+
+ BUFFER_POP_NUM(&sb,
+ session->internals.resumed_security_parameters.
+ timestamp);
+ BUFFER_POP(&sb, &id, 1);
+
+ switch (id) {
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:
- ret = unpack_srp_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- break;
+ case GNUTLS_CRD_SRP:
+ ret = unpack_srp_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ break;
#endif
#ifdef ENABLE_PSK
- case GNUTLS_CRD_PSK:
- ret = unpack_psk_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- break;
+ case GNUTLS_CRD_PSK:
+ ret = unpack_psk_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ break;
#endif
#ifdef ENABLE_ANON
- case GNUTLS_CRD_ANON:
- ret = unpack_anon_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- break;
+ case GNUTLS_CRD_ANON:
+ ret = unpack_anon_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ break;
#endif
- case GNUTLS_CRD_CERTIFICATE:
- ret = unpack_certificate_auth_info (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- break;
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto error;
-
- }
-
- /* Auth_info structures copied. Now copy security_parameters_st.
- * packed_session must have allocated space for the security parameters.
- */
- ret = unpack_security_parameters (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_ext_unpack (session, &sb);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = 0;
-
-error:
- _gnutls_buffer_clear (&sb);
-
- return ret;
+ case GNUTLS_CRD_CERTIFICATE:
+ ret = unpack_certificate_auth_info(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ break;
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto error;
+
+ }
+
+ /* Auth_info structures copied. Now copy security_parameters_st.
+ * packed_session must have allocated space for the security parameters.
+ */
+ ret = unpack_security_parameters(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = _gnutls_ext_unpack(session, &sb);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ _gnutls_buffer_clear(&sb);
+
+ return ret;
}
@@ -311,112 +294,112 @@ error:
* and so on...
*/
static int
-pack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+pack_certificate_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- unsigned int i;
- int cur_size, ret;
- cert_auth_info_t info = _gnutls_get_auth_info (session);
- int size_offset;
+ unsigned int i;
+ int cur_size, ret;
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+ int size_offset;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM(ps, 0);
+ cur_size = ps->length;
+
+ if (info) {
+
+ BUFFER_APPEND_NUM(ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX4(ps, info->dh.prime.data,
+ info->dh.prime.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.generator.data,
+ info->dh.generator.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.public_key.data,
+ info->dh.public_key.size);
+
+ BUFFER_APPEND_NUM(ps, info->ncerts);
+
+ for (i = 0; i < info->ncerts; i++)
+ BUFFER_APPEND_PFX4(ps,
+ info->raw_certificate_list[i].
+ data,
+ info->raw_certificate_list[i].
+ size);
+ }
+
+ /* write the real size */
+ _gnutls_write_uint32(ps->length - cur_size,
+ ps->data + size_offset);
+
+ return 0;
+}
- size_offset = ps->length;
- BUFFER_APPEND_NUM (ps, 0);
- cur_size = ps->length;
- if (info)
- {
+/* Upack certificate info.
+ */
+static int
+unpack_certificate_auth_info(gnutls_session_t session,
+ gnutls_buffer_st * ps)
+{
+ int ret;
+ unsigned int i = 0, j = 0;
+ size_t pack_size;
+ cert_auth_info_t info = NULL;
- BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
- BUFFER_APPEND_PFX4 (ps, info->dh.prime.data, info->dh.prime.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.generator.data,
- info->dh.generator.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.public_key.data,
- info->dh.public_key.size);
+ BUFFER_POP_NUM(ps, pack_size);
- BUFFER_APPEND_NUM (ps, info->ncerts);
+ if (pack_size == 0)
+ return 0; /* nothing to be done */
- for (i = 0; i < info->ncerts; i++)
- BUFFER_APPEND_PFX4 (ps, info->raw_certificate_list[i].data,
- info->raw_certificate_list[i].size);
- }
+ /* client and server have the same auth_info here
+ */
+ ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* write the real size */
- _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- return 0;
-}
+ BUFFER_POP_NUM(ps, info->dh.secret_bits);
+ BUFFER_POP_DATUM(ps, &info->dh.prime);
+ BUFFER_POP_DATUM(ps, &info->dh.generator);
+ BUFFER_POP_DATUM(ps, &info->dh.public_key);
-/* Upack certificate info.
- */
-static int
-unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
-{
- int ret;
- unsigned int i = 0, j = 0;
- size_t pack_size;
- cert_auth_info_t info = NULL;
-
- BUFFER_POP_NUM (ps, pack_size);
-
- if (pack_size == 0)
- return 0; /* nothing to be done */
-
- /* client and server have the same auth_info here
- */
- ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- BUFFER_POP_NUM (ps, info->dh.secret_bits);
-
- BUFFER_POP_DATUM (ps, &info->dh.prime);
- BUFFER_POP_DATUM (ps, &info->dh.generator);
- BUFFER_POP_DATUM (ps, &info->dh.public_key);
-
- BUFFER_POP_NUM (ps, info->ncerts);
-
- if (info->ncerts > 0)
- {
- info->raw_certificate_list =
- gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
- if (info->raw_certificate_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
- }
-
- for (i = 0; i < info->ncerts; i++)
- {
- BUFFER_POP_DATUM (ps, &info->raw_certificate_list[i]);
- }
-
- return 0;
-
-error:
- if (info)
- {
- _gnutls_free_datum (&info->dh.prime);
- _gnutls_free_datum (&info->dh.generator);
- _gnutls_free_datum (&info->dh.public_key);
-
- for (j = 0; j < i; j++)
- _gnutls_free_datum (&info->raw_certificate_list[j]);
-
- gnutls_free (info->raw_certificate_list);
- }
-
- return ret;
+ BUFFER_POP_NUM(ps, info->ncerts);
+
+ if (info->ncerts > 0) {
+ info->raw_certificate_list =
+ gnutls_calloc(info->ncerts, sizeof(gnutls_datum_t));
+ if (info->raw_certificate_list == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+ }
+
+ for (i = 0; i < info->ncerts; i++) {
+ BUFFER_POP_DATUM(ps, &info->raw_certificate_list[i]);
+ }
+
+ return 0;
+
+ error:
+ if (info) {
+ _gnutls_free_datum(&info->dh.prime);
+ _gnutls_free_datum(&info->dh.generator);
+ _gnutls_free_datum(&info->dh.public_key);
+
+ for (j = 0; j < i; j++)
+ _gnutls_free_datum(&info->raw_certificate_list[j]);
+
+ gnutls_free(info->raw_certificate_list);
+ }
+
+ return ret;
}
@@ -430,70 +413,67 @@ error:
* x bytes the SRP username
*/
static int
-pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+pack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- srp_server_auth_info_t info = _gnutls_get_auth_info (session);
- int len, ret;
- int size_offset;
- size_t cur_size;
- const char* username = NULL;
-
- if (info && info->username)
- {
- username = info->username;
- len = strlen (info->username) + 1; /* include the terminating null */
- }
- else
- len = 0;
-
- size_offset = ps->length;
- BUFFER_APPEND_NUM (ps, 0);
- cur_size = ps->length;
-
- BUFFER_APPEND_PFX4 (ps, username, len);
-
- /* write the real size */
- _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
-
- return 0;
+ srp_server_auth_info_t info = _gnutls_get_auth_info(session);
+ int len, ret;
+ int size_offset;
+ size_t cur_size;
+ const char *username = NULL;
+
+ if (info && info->username) {
+ username = info->username;
+ len = strlen(info->username) + 1; /* include the terminating null */
+ } else
+ len = 0;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM(ps, 0);
+ cur_size = ps->length;
+
+ BUFFER_APPEND_PFX4(ps, username, len);
+
+ /* write the real size */
+ _gnutls_write_uint32(ps->length - cur_size,
+ ps->data + size_offset);
+
+ return 0;
}
static int
-unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+unpack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- size_t username_size;
- int ret;
- srp_server_auth_info_t info;
-
- BUFFER_POP_NUM (ps, username_size);
- if (username_size > sizeof (info->username))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
- sizeof (srp_server_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- BUFFER_POP (ps, info->username, username_size);
- if (username_size == 0)
- info->username[0] = 0;
-
- ret = 0;
-
-error:
- return ret;
+ size_t username_size;
+ int ret;
+ srp_server_auth_info_t info;
+
+ BUFFER_POP_NUM(ps, username_size);
+ if (username_size > sizeof(info->username)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_SRP,
+ sizeof(srp_server_auth_info_st), 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ BUFFER_POP(ps, info->username, username_size);
+ if (username_size == 0)
+ info->username[0] = 0;
+
+ ret = 0;
+
+ error:
+ return ret;
}
#endif
@@ -514,79 +494,78 @@ error:
* x bytes the public key
*/
static int
-pack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+pack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- int cur_size, ret;
- anon_auth_info_t info = _gnutls_get_auth_info (session);
- int size_offset;
-
- size_offset = ps->length;
- BUFFER_APPEND_NUM (ps, 0);
- cur_size = ps->length;
-
- if (info)
- {
- BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
- BUFFER_APPEND_PFX4 (ps, info->dh.prime.data, info->dh.prime.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.generator.data,
- info->dh.generator.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.public_key.data,
- info->dh.public_key.size);
- }
-
- /* write the real size */
- _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
-
- return 0;
+ int cur_size, ret;
+ anon_auth_info_t info = _gnutls_get_auth_info(session);
+ int size_offset;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM(ps, 0);
+ cur_size = ps->length;
+
+ if (info) {
+ BUFFER_APPEND_NUM(ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX4(ps, info->dh.prime.data,
+ info->dh.prime.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.generator.data,
+ info->dh.generator.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.public_key.data,
+ info->dh.public_key.size);
+ }
+
+ /* write the real size */
+ _gnutls_write_uint32(ps->length - cur_size,
+ ps->data + size_offset);
+
+ return 0;
}
static int
-unpack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+unpack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- int ret;
- size_t pack_size;
- anon_auth_info_t info = NULL;
-
- BUFFER_POP_NUM (ps, pack_size);
-
- if (pack_size == 0)
- return 0; /* nothing to be done */
-
- /* client and server have the same auth_info here
- */
- ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- BUFFER_POP_NUM (ps, info->dh.secret_bits);
-
- BUFFER_POP_DATUM (ps, &info->dh.prime);
- BUFFER_POP_DATUM (ps, &info->dh.generator);
- BUFFER_POP_DATUM (ps, &info->dh.public_key);
-
- return 0;
-
-error:
- if (info)
- {
- _gnutls_free_datum (&info->dh.prime);
- _gnutls_free_datum (&info->dh.generator);
- _gnutls_free_datum (&info->dh.public_key);
- }
-
- return ret;
+ int ret;
+ size_t pack_size;
+ anon_auth_info_t info = NULL;
+
+ BUFFER_POP_NUM(ps, pack_size);
+
+ if (pack_size == 0)
+ return 0; /* nothing to be done */
+
+ /* client and server have the same auth_info here
+ */
+ ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_auth_info_st), 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ BUFFER_POP_NUM(ps, info->dh.secret_bits);
+
+ BUFFER_POP_DATUM(ps, &info->dh.prime);
+ BUFFER_POP_DATUM(ps, &info->dh.generator);
+ BUFFER_POP_DATUM(ps, &info->dh.public_key);
+
+ return 0;
+
+ error:
+ if (info) {
+ _gnutls_free_datum(&info->dh.prime);
+ _gnutls_free_datum(&info->dh.generator);
+ _gnutls_free_datum(&info->dh.public_key);
+ }
+
+ return ret;
}
-#endif /* ANON */
+#endif /* ANON */
#ifdef ENABLE_PSK
/* Packs the PSK session authentication data.
@@ -607,97 +586,97 @@ error:
* x bytes the public key
*/
static int
-pack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+pack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- psk_auth_info_t info;
- int username_len;
- int hint_len, ret;
- int size_offset;
- size_t cur_size;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (info->username)
- username_len = strlen (info->username) + 1; /* include the terminating null */
- else
- username_len = 0;
-
- if (info->hint)
- hint_len = strlen (info->hint) + 1; /* include the terminating null */
- else
- hint_len = 0;
-
- size_offset = ps->length;
- BUFFER_APPEND_NUM (ps, 0);
- cur_size = ps->length;
-
- BUFFER_APPEND_PFX4 (ps, info->username, username_len);
- BUFFER_APPEND_PFX4 (ps, info->hint, hint_len);
-
- BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
- BUFFER_APPEND_PFX4 (ps, info->dh.prime.data, info->dh.prime.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.generator.data, info->dh.generator.size);
- BUFFER_APPEND_PFX4 (ps, info->dh.public_key.data, info->dh.public_key.size);
-
- /* write the real size */
- _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
-
- return 0;
+ psk_auth_info_t info;
+ int username_len;
+ int hint_len, ret;
+ int size_offset;
+ size_t cur_size;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (info->username)
+ username_len = strlen(info->username) + 1; /* include the terminating null */
+ else
+ username_len = 0;
+
+ if (info->hint)
+ hint_len = strlen(info->hint) + 1; /* include the terminating null */
+ else
+ hint_len = 0;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM(ps, 0);
+ cur_size = ps->length;
+
+ BUFFER_APPEND_PFX4(ps, info->username, username_len);
+ BUFFER_APPEND_PFX4(ps, info->hint, hint_len);
+
+ BUFFER_APPEND_NUM(ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX4(ps, info->dh.prime.data, info->dh.prime.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.generator.data,
+ info->dh.generator.size);
+ BUFFER_APPEND_PFX4(ps, info->dh.public_key.data,
+ info->dh.public_key.size);
+
+ /* write the real size */
+ _gnutls_write_uint32(ps->length - cur_size,
+ ps->data + size_offset);
+
+ return 0;
}
static int
-unpack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps)
{
- size_t username_size, hint_size;
- int ret;
- psk_auth_info_t info;
-
- ret =
- _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- BUFFER_POP_NUM (ps, username_size);
- if (username_size > sizeof (info->username))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- BUFFER_POP (ps, info->username, username_size);
-
- BUFFER_POP_NUM (ps, hint_size);
- if (hint_size > sizeof (info->hint))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- BUFFER_POP (ps, info->hint, hint_size);
-
- BUFFER_POP_NUM (ps, info->dh.secret_bits);
-
- BUFFER_POP_DATUM (ps, &info->dh.prime);
- BUFFER_POP_DATUM (ps, &info->dh.generator);
- BUFFER_POP_DATUM (ps, &info->dh.public_key);
-
- ret = 0;
-
-error:
- _gnutls_free_datum (&info->dh.prime);
- _gnutls_free_datum (&info->dh.generator);
- _gnutls_free_datum (&info->dh.public_key);
-
- return ret;
+ size_t username_size, hint_size;
+ int ret;
+ psk_auth_info_t info;
+
+ ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
+ sizeof(psk_auth_info_st), 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ BUFFER_POP_NUM(ps, username_size);
+ if (username_size > sizeof(info->username)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ BUFFER_POP(ps, info->username, username_size);
+
+ BUFFER_POP_NUM(ps, hint_size);
+ if (hint_size > sizeof(info->hint)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ BUFFER_POP(ps, info->hint, hint_size);
+
+ BUFFER_POP_NUM(ps, info->dh.secret_bits);
+
+ BUFFER_POP_DATUM(ps, &info->dh.prime);
+ BUFFER_POP_DATUM(ps, &info->dh.generator);
+ BUFFER_POP_DATUM(ps, &info->dh.public_key);
+
+ ret = 0;
+
+ error:
+ _gnutls_free_datum(&info->dh.prime);
+ _gnutls_free_datum(&info->dh.generator);
+ _gnutls_free_datum(&info->dh.public_key);
+
+ return ret;
}
#endif
@@ -737,150 +716,179 @@ error:
*
*/
static int
-pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
+pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps)
{
- int ret;
- int size_offset;
- size_t cur_size;
- record_parameters_st *params;
-
- if (session->security_parameters.epoch_read
- != session->security_parameters.epoch_write)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* move after the auth info stuff.
- */
- size_offset = ps->length;
- BUFFER_APPEND_NUM (ps, 0);
- cur_size = ps->length;
-
-
- BUFFER_APPEND_NUM (ps, session->security_parameters.entity);
- BUFFER_APPEND_NUM (ps, session->security_parameters.kx_algorithm);
- BUFFER_APPEND (ps,
- session->security_parameters.cipher_suite, 2);
- BUFFER_APPEND_NUM (ps, session->security_parameters.compression_method);
- BUFFER_APPEND_NUM (ps, session->security_parameters.cert_type);
- BUFFER_APPEND_NUM (ps, session->security_parameters.pversion->id);
-
- BUFFER_APPEND (ps, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- BUFFER_APPEND (ps, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- BUFFER_APPEND (ps, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
-
- BUFFER_APPEND (ps, &session->security_parameters.session_id_size, 1);
- BUFFER_APPEND (ps, session->security_parameters.session_id,
- session->security_parameters.session_id_size);
-
- BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_send_size);
- BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_recv_size);
- BUFFER_APPEND (ps, &session->security_parameters.new_record_padding, 1);
- BUFFER_APPEND_NUM (ps, session->security_parameters.ecc_curve);
-
- BUFFER_APPEND_NUM (ps, session->security_parameters.server_sign_algo);
- BUFFER_APPEND_NUM (ps, session->security_parameters.client_sign_algo);
-
- _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
-
- return 0;
+ int ret;
+ int size_offset;
+ size_t cur_size;
+ record_parameters_st *params;
+
+ if (session->security_parameters.epoch_read
+ != session->security_parameters.epoch_write) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* move after the auth info stuff.
+ */
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM(ps, 0);
+ cur_size = ps->length;
+
+
+ BUFFER_APPEND_NUM(ps, session->security_parameters.entity);
+ BUFFER_APPEND_NUM(ps, session->security_parameters.kx_algorithm);
+ BUFFER_APPEND(ps, session->security_parameters.cipher_suite, 2);
+ BUFFER_APPEND_NUM(ps,
+ session->security_parameters.compression_method);
+ BUFFER_APPEND_NUM(ps, session->security_parameters.cert_type);
+ BUFFER_APPEND_NUM(ps, session->security_parameters.pversion->id);
+
+ BUFFER_APPEND(ps, session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+ BUFFER_APPEND(ps, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ BUFFER_APPEND(ps, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ BUFFER_APPEND(ps, &session->security_parameters.session_id_size,
+ 1);
+ BUFFER_APPEND(ps, session->security_parameters.session_id,
+ session->security_parameters.session_id_size);
+
+ BUFFER_APPEND_NUM(ps,
+ session->security_parameters.
+ max_record_send_size);
+ BUFFER_APPEND_NUM(ps,
+ session->security_parameters.
+ max_record_recv_size);
+ BUFFER_APPEND(ps, &session->security_parameters.new_record_padding,
+ 1);
+ BUFFER_APPEND_NUM(ps, session->security_parameters.ecc_curve);
+
+ BUFFER_APPEND_NUM(ps,
+ session->security_parameters.server_sign_algo);
+ BUFFER_APPEND_NUM(ps,
+ session->security_parameters.client_sign_algo);
+
+ _gnutls_write_uint32(ps->length - cur_size,
+ ps->data + size_offset);
+
+ return 0;
}
static int
-unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
+unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps)
{
- size_t pack_size;
- int ret;
- unsigned version;
- time_t timestamp;
-
- BUFFER_POP_NUM (ps, pack_size);
-
- if (pack_size == 0)
- return GNUTLS_E_INVALID_REQUEST;
-
- timestamp = session->internals.resumed_security_parameters.timestamp;
- memset (&session->internals.resumed_security_parameters, 0,
- sizeof (session->internals.resumed_security_parameters));
- session->internals.resumed_security_parameters.timestamp = timestamp;
-
- timestamp = gnutls_time (0);
-
- BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.entity);
- BUFFER_POP_NUM (ps,
- session->internals.resumed_security_parameters.kx_algorithm);
- BUFFER_POP (ps,
- session->internals.
- resumed_security_parameters.cipher_suite, 2);
- BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.compression_method);
- BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.cert_type);
- BUFFER_POP_NUM (ps, version);
- session->internals.resumed_security_parameters.pversion = version_to_entry(version);
- if (session->internals.resumed_security_parameters.pversion == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- BUFFER_POP (ps,
- session->internals.resumed_security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
-
- BUFFER_POP (ps,
- session->internals.resumed_security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- BUFFER_POP (ps,
- session->internals.resumed_security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- BUFFER_POP (ps, &session->internals.
- resumed_security_parameters.session_id_size, 1);
-
- BUFFER_POP (ps, session->internals.resumed_security_parameters.session_id,
- session->internals.resumed_security_parameters.session_id_size);
-
- BUFFER_POP_NUM (ps,
- session->internals.
- resumed_security_parameters.max_record_send_size);
- BUFFER_POP_NUM (ps,
- session->internals.
- resumed_security_parameters.max_record_recv_size);
-
- BUFFER_POP (ps, &session->internals.resumed_security_parameters.new_record_padding, 1);
-
- BUFFER_POP_NUM (ps,
- session->internals.resumed_security_parameters.ecc_curve);
- BUFFER_POP_NUM (ps,
- session->internals.resumed_security_parameters.server_sign_algo);
- BUFFER_POP_NUM (ps,
- session->internals.resumed_security_parameters.client_sign_algo);
-
- if (session->internals.resumed_security_parameters.max_record_recv_size == 0 ||
- session->internals.resumed_security_parameters.max_record_send_size == 0)
- {
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
-
- if (timestamp - session->internals.resumed_security_parameters.timestamp >
- session->internals.expire_time
- || session->internals.resumed_security_parameters.timestamp > timestamp)
- {
- gnutls_assert ();
- return GNUTLS_E_EXPIRED;
- }
-
- ret = 0;
-
-error:
- return ret;
+ size_t pack_size;
+ int ret;
+ unsigned version;
+ time_t timestamp;
+
+ BUFFER_POP_NUM(ps, pack_size);
+
+ if (pack_size == 0)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ timestamp =
+ session->internals.resumed_security_parameters.timestamp;
+ memset(&session->internals.resumed_security_parameters, 0,
+ sizeof(session->internals.resumed_security_parameters));
+ session->internals.resumed_security_parameters.timestamp =
+ timestamp;
+
+ timestamp = gnutls_time(0);
+
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ entity);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ kx_algorithm);
+ BUFFER_POP(ps,
+ session->internals.resumed_security_parameters.
+ cipher_suite, 2);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ compression_method);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ cert_type);
+ BUFFER_POP_NUM(ps, version);
+ session->internals.resumed_security_parameters.pversion =
+ version_to_entry(version);
+ if (session->internals.resumed_security_parameters.pversion ==
+ NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ BUFFER_POP(ps,
+ session->internals.resumed_security_parameters.
+ master_secret, GNUTLS_MASTER_SIZE);
+
+ BUFFER_POP(ps,
+ session->internals.resumed_security_parameters.
+ client_random, GNUTLS_RANDOM_SIZE);
+ BUFFER_POP(ps,
+ session->internals.resumed_security_parameters.
+ server_random, GNUTLS_RANDOM_SIZE);
+ BUFFER_POP(ps,
+ &session->internals.resumed_security_parameters.
+ session_id_size, 1);
+
+ BUFFER_POP(ps,
+ session->internals.resumed_security_parameters.
+ session_id,
+ session->internals.resumed_security_parameters.
+ session_id_size);
+
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ max_record_send_size);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ max_record_recv_size);
+
+ BUFFER_POP(ps,
+ &session->internals.resumed_security_parameters.
+ new_record_padding, 1);
+
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ ecc_curve);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ server_sign_algo);
+ BUFFER_POP_NUM(ps,
+ session->internals.resumed_security_parameters.
+ client_sign_algo);
+
+ if (session->internals.resumed_security_parameters.
+ max_record_recv_size == 0
+ || session->internals.resumed_security_parameters.
+ max_record_send_size == 0) {
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+
+ if (timestamp -
+ session->internals.resumed_security_parameters.timestamp >
+ session->internals.expire_time
+ || session->internals.resumed_security_parameters.timestamp >
+ timestamp) {
+ gnutls_assert();
+ return GNUTLS_E_EXPIRED;
+ }
+
+ ret = 0;
+
+ error:
+ return ret;
}
/**
@@ -904,53 +912,68 @@ error:
* an error code is returned.
**/
int
-gnutls_session_set_premaster (gnutls_session_t session, unsigned int entity,
- gnutls_protocol_t version,
- gnutls_kx_algorithm_t kx,
- gnutls_cipher_algorithm_t cipher,
- gnutls_mac_algorithm_t mac,
- gnutls_compression_method_t comp,
- const gnutls_datum_t* master,
- const gnutls_datum_t * session_id)
+gnutls_session_set_premaster(gnutls_session_t session, unsigned int entity,
+ gnutls_protocol_t version,
+ gnutls_kx_algorithm_t kx,
+ gnutls_cipher_algorithm_t cipher,
+ gnutls_mac_algorithm_t mac,
+ gnutls_compression_method_t comp,
+ const gnutls_datum_t * master,
+ const gnutls_datum_t * session_id)
{
- int ret;
+ int ret;
+
+ memset(&session->internals.resumed_security_parameters, 0,
+ sizeof(session->internals.resumed_security_parameters));
+
+ session->internals.resumed_security_parameters.entity = entity;
+ session->internals.resumed_security_parameters.kx_algorithm = kx;
+
+ ret =
+ _gnutls_cipher_suite_get_id(kx, cipher, mac,
+ session->internals.
+ resumed_security_parameters.
+ cipher_suite);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- memset (&session->internals.resumed_security_parameters, 0,
- sizeof (session->internals.resumed_security_parameters));
-
- session->internals.resumed_security_parameters.entity = entity;
- session->internals.resumed_security_parameters.kx_algorithm = kx;
-
- ret = _gnutls_cipher_suite_get_id(kx, cipher, mac, session->internals.resumed_security_parameters.cipher_suite);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ session->internals.resumed_security_parameters.compression_method =
+ comp;
+ session->internals.resumed_security_parameters.cert_type =
+ DEFAULT_CERT_TYPE;
+ session->internals.resumed_security_parameters.pversion =
+ version_to_entry(version);
- session->internals.resumed_security_parameters.compression_method = comp;
- session->internals.resumed_security_parameters.cert_type = DEFAULT_CERT_TYPE;
- session->internals.resumed_security_parameters.pversion = version_to_entry(version);
-
- if (session->internals.resumed_security_parameters.pversion == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (session->internals.resumed_security_parameters.pversion ==
+ NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- if (master->size != GNUTLS_MASTER_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (master->size != GNUTLS_MASTER_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- memcpy(session->internals.resumed_security_parameters.master_secret, master->data, master->size);
+ memcpy(session->internals.resumed_security_parameters.
+ master_secret, master->data, master->size);
- if (session_id->size > GNUTLS_MAX_SESSION_ID)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (session_id->size > GNUTLS_MAX_SESSION_ID)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- session->internals.resumed_security_parameters.session_id_size = session_id->size;
- memcpy(session->internals.resumed_security_parameters.session_id, session_id->data, session_id->size);
+ session->internals.resumed_security_parameters.session_id_size =
+ session_id->size;
+ memcpy(session->internals.resumed_security_parameters.session_id,
+ session_id->data, session_id->size);
- session->internals.resumed_security_parameters.max_record_send_size =
- session->internals.resumed_security_parameters.max_record_recv_size = DEFAULT_MAX_RECORD_SIZE;
+ session->internals.resumed_security_parameters.
+ max_record_send_size =
+ session->internals.resumed_security_parameters.
+ max_record_recv_size = DEFAULT_MAX_RECORD_SIZE;
- session->internals.resumed_security_parameters.timestamp = gnutls_time(0);
+ session->internals.resumed_security_parameters.timestamp =
+ gnutls_time(0);
- session->internals.resumed_security_parameters.ecc_curve = GNUTLS_ECC_CURVE_INVALID;
+ session->internals.resumed_security_parameters.ecc_curve =
+ GNUTLS_ECC_CURVE_INVALID;
- session->internals.premaster_set = 1;
+ session->internals.premaster_set = 1;
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_session_pack.h b/lib/gnutls_session_pack.h
index 4404446a16..efb6cda01b 100644
--- a/lib/gnutls_session_pack.h
+++ b/lib/gnutls_session_pack.h
@@ -20,7 +20,7 @@
*
*/
-int _gnutls_session_pack (gnutls_session_t session,
- gnutls_datum_t * packed_session);
-int _gnutls_session_unpack (gnutls_session_t session,
- const gnutls_datum_t * packed_session);
+int _gnutls_session_pack(gnutls_session_t session,
+ gnutls_datum_t * packed_session);
+int _gnutls_session_unpack(gnutls_session_t session,
+ const gnutls_datum_t * packed_session);
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index d9afa677aa..b794e9e960 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -40,10 +40,10 @@
#include <abstract_int.h>
static int
-sign_tls_hash (gnutls_session_t session, const mac_entry_st* hash_algo,
- gnutls_pcert_st* cert, gnutls_privkey_t pkey,
- const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature);
+sign_tls_hash(gnutls_session_t session, const mac_entry_st * hash_algo,
+ gnutls_pcert_st * cert, gnutls_privkey_t pkey,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature);
/* While this is currently equal to the length of RSA/SHA512
@@ -57,107 +57,108 @@ sign_tls_hash (gnutls_session_t session, const mac_entry_st* hash_algo,
* Used in DHE_* ciphersuites.
*/
int
-_gnutls_handshake_sign_data (gnutls_session_t session, gnutls_pcert_st* cert,
- gnutls_privkey_t pkey, gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t * sign_algo)
+_gnutls_handshake_sign_data(gnutls_session_t session,
+ gnutls_pcert_st * cert, gnutls_privkey_t pkey,
+ gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t * sign_algo)
{
- gnutls_datum_t dconcat;
- int ret;
- digest_hd_st td_sha;
- uint8_t concat[MAX_SIG_SIZE];
- const version_entry_st* ver = get_version (session);
- const mac_entry_st* hash_algo;
-
- *sign_algo =
- _gnutls_session_get_sign_algo (session, cert);
- if (*sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- gnutls_sign_algorithm_set_server(session, *sign_algo);
-
- hash_algo = mac_to_entry(gnutls_sign_get_hash_algorithm (*sign_algo));
-
- _gnutls_handshake_log ("HSK[%p]: signing handshake data: using %s\n",
- session, gnutls_sign_algorithm_get_name (*sign_algo));
-
- ret = _gnutls_hash_init (&td_sha, hash_algo);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&td_sha, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_sha, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_sha, params->data, params->size);
-
- switch (gnutls_privkey_get_pk_algorithm(pkey, NULL))
- {
- case GNUTLS_PK_RSA:
- if (!_gnutls_version_has_selectable_sighash (ver))
- {
- digest_hd_st td_md5;
-
- ret = _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_MAC_MD5));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&td_md5, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_md5, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_md5, params->data, params->size);
-
- _gnutls_hash_deinit (&td_md5, concat);
- _gnutls_hash_deinit (&td_sha, &concat[16]);
-
- dconcat.data = concat;
- dconcat.size = 36;
- }
- else
- { /* TLS 1.2 way */
-
- _gnutls_hash_deinit (&td_sha, concat);
-
- dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
- }
- break;
- case GNUTLS_PK_DSA:
- case GNUTLS_PK_EC:
- _gnutls_hash_deinit (&td_sha, concat);
-
- if (!IS_SHA(hash_algo->id))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
- break;
-
- default:
- gnutls_assert ();
- _gnutls_hash_deinit (&td_sha, NULL);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret = sign_tls_hash (session, hash_algo, cert, pkey, &dconcat, signature);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ gnutls_datum_t dconcat;
+ int ret;
+ digest_hd_st td_sha;
+ uint8_t concat[MAX_SIG_SIZE];
+ const version_entry_st *ver = get_version(session);
+ const mac_entry_st *hash_algo;
+
+ *sign_algo = _gnutls_session_get_sign_algo(session, cert);
+ if (*sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ gnutls_sign_algorithm_set_server(session, *sign_algo);
+
+ hash_algo =
+ mac_to_entry(gnutls_sign_get_hash_algorithm(*sign_algo));
+
+ _gnutls_handshake_log
+ ("HSK[%p]: signing handshake data: using %s\n", session,
+ gnutls_sign_algorithm_get_name(*sign_algo));
+
+ ret = _gnutls_hash_init(&td_sha, hash_algo);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&td_sha, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_sha, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_sha, params->data, params->size);
+
+ switch (gnutls_privkey_get_pk_algorithm(pkey, NULL)) {
+ case GNUTLS_PK_RSA:
+ if (!_gnutls_version_has_selectable_sighash(ver)) {
+ digest_hd_st td_md5;
+
+ ret =
+ _gnutls_hash_init(&td_md5,
+ mac_to_entry
+ (GNUTLS_MAC_MD5));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&td_md5,
+ session->security_parameters.
+ client_random, GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_md5,
+ session->security_parameters.
+ server_random, GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_md5, params->data, params->size);
+
+ _gnutls_hash_deinit(&td_md5, concat);
+ _gnutls_hash_deinit(&td_sha, &concat[16]);
+
+ dconcat.data = concat;
+ dconcat.size = 36;
+ } else { /* TLS 1.2 way */
+
+ _gnutls_hash_deinit(&td_sha, concat);
+
+ dconcat.data = concat;
+ dconcat.size =
+ _gnutls_hash_get_algo_len(hash_algo);
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_EC:
+ _gnutls_hash_deinit(&td_sha, concat);
+
+ if (!IS_SHA(hash_algo->id)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len(hash_algo);
+ break;
+
+ default:
+ gnutls_assert();
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ sign_tls_hash(session, hash_algo, cert, pkey, &dconcat,
+ signature);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
@@ -166,138 +167,148 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_pcert_st* cert,
* it supports signing.
*/
static int
-sign_tls_hash (gnutls_session_t session, const mac_entry_st* hash_algo,
- gnutls_pcert_st* cert, gnutls_privkey_t pkey,
- const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature)
+sign_tls_hash(gnutls_session_t session, const mac_entry_st * hash_algo,
+ gnutls_pcert_st * cert, gnutls_privkey_t pkey,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature)
{
- const version_entry_st* ver = get_version (session);
- unsigned int key_usage = 0;
-
- /* If our certificate supports signing
- */
- if (cert != NULL)
- {
- gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
-
- if (key_usage != 0)
- if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
- {
- gnutls_assert ();
- _gnutls_audit_log(session, "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
- }
-
- /* External signing. Deprecated. To be removed. */
- if (!pkey)
- {
- int ret;
-
- if (!session->internals.sign_func)
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- if (!_gnutls_version_has_selectable_sighash (ver))
- return (*session->internals.sign_func)
- (session, session->internals.sign_func_userdata,
- cert->type, &cert->cert, hash_concat, signature);
- else
- {
- gnutls_datum_t digest;
-
- ret = _gnutls_set_datum(&digest, hash_concat->data, hash_concat->size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = pk_prepare_hash (gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL), hash_algo, &digest);
- if (ret < 0)
- {
- gnutls_assert ();
- goto es_cleanup;
- }
-
- ret = (*session->internals.sign_func)
- (session, session->internals.sign_func_userdata,
- cert->type, &cert->cert, &digest, signature);
-es_cleanup:
- gnutls_free(digest.data);
-
- return ret;
- }
- }
- }
-
- if (!_gnutls_version_has_selectable_sighash (ver))
- return gnutls_privkey_sign_raw_data (pkey, 0, hash_concat, signature);
- else
- return gnutls_privkey_sign_hash (pkey, hash_algo->id, 0, hash_concat, signature);
+ const version_entry_st *ver = get_version(session);
+ unsigned int key_usage = 0;
+
+ /* If our certificate supports signing
+ */
+ if (cert != NULL) {
+ gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
+
+ if (key_usage != 0)
+ if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) {
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
+ }
+
+ /* External signing. Deprecated. To be removed. */
+ if (!pkey) {
+ int ret;
+
+ if (!session->internals.sign_func)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ if (!_gnutls_version_has_selectable_sighash(ver))
+ return (*session->internals.sign_func)
+ (session,
+ session->internals.sign_func_userdata,
+ cert->type, &cert->cert, hash_concat,
+ signature);
+ else {
+ gnutls_datum_t digest;
+
+ ret =
+ _gnutls_set_datum(&digest,
+ hash_concat->data,
+ hash_concat->size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ pk_prepare_hash
+ (gnutls_pubkey_get_pk_algorithm
+ (cert->pubkey, NULL), hash_algo,
+ &digest);
+ if (ret < 0) {
+ gnutls_assert();
+ goto es_cleanup;
+ }
+
+ ret = (*session->internals.sign_func)
+ (session,
+ session->internals.sign_func_userdata,
+ cert->type, &cert->cert, &digest,
+ signature);
+ es_cleanup:
+ gnutls_free(digest.data);
+
+ return ret;
+ }
+ }
+ }
+
+ if (!_gnutls_version_has_selectable_sighash(ver))
+ return gnutls_privkey_sign_raw_data(pkey, 0, hash_concat,
+ signature);
+ else
+ return gnutls_privkey_sign_hash(pkey, hash_algo->id, 0,
+ hash_concat, signature);
}
static int
-verify_tls_hash (gnutls_session_t session,
- const version_entry_st* ver, gnutls_pcert_st* cert,
- const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature, size_t sha1pos,
- gnutls_sign_algorithm_t sign_algo,
- gnutls_pk_algorithm_t pk_algo)
+verify_tls_hash(gnutls_session_t session,
+ const version_entry_st * ver, gnutls_pcert_st * cert,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature, size_t sha1pos,
+ gnutls_sign_algorithm_t sign_algo,
+ gnutls_pk_algorithm_t pk_algo)
{
- int ret;
- gnutls_datum_t vdata;
- unsigned int key_usage = 0, flags;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
-
- /* If the certificate supports signing continue.
- */
- if (key_usage != 0)
- if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
- {
- gnutls_assert ();
- _gnutls_audit_log(session, "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
- }
-
- if (pk_algo == GNUTLS_PK_UNKNOWN)
- pk_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
- switch (pk_algo)
- {
- case GNUTLS_PK_RSA:
-
- vdata.data = hash_concat->data;
- vdata.size = hash_concat->size;
-
- /* verify signature */
- if (!_gnutls_version_has_selectable_sighash (ver))
- flags = GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA;
- else
- flags = 0;
- break;
- case GNUTLS_PK_DSA:
- case GNUTLS_PK_EC:
- vdata.data = &hash_concat->data[sha1pos];
- vdata.size = hash_concat->size - sha1pos;
-
- flags = 0;
-
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- gnutls_sign_algorithm_set_server(session, sign_algo);
-
- ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags,
- &vdata, signature);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
-
- return 0;
+ int ret;
+ gnutls_datum_t vdata;
+ unsigned int key_usage = 0, flags;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
+
+ /* If the certificate supports signing continue.
+ */
+ if (key_usage != 0)
+ if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) {
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
+ }
+
+ if (pk_algo == GNUTLS_PK_UNKNOWN)
+ pk_algo =
+ gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
+ switch (pk_algo) {
+ case GNUTLS_PK_RSA:
+
+ vdata.data = hash_concat->data;
+ vdata.size = hash_concat->size;
+
+ /* verify signature */
+ if (!_gnutls_version_has_selectable_sighash(ver))
+ flags = GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA;
+ else
+ flags = 0;
+ break;
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_EC:
+ vdata.data = &hash_concat->data[sha1pos];
+ vdata.size = hash_concat->size - sha1pos;
+
+ flags = 0;
+
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ gnutls_sign_algorithm_set_server(session, sign_algo);
+
+ ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags,
+ &vdata, signature);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+
+ return 0;
}
@@ -305,95 +316,95 @@ verify_tls_hash (gnutls_session_t session,
* Used in DHE_* ciphersuites.
*/
int
-_gnutls_handshake_verify_data (gnutls_session_t session, gnutls_pcert_st* cert,
- const gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+_gnutls_handshake_verify_data(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ const gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
- gnutls_datum_t dconcat;
- int ret;
- digest_hd_st td_md5;
- digest_hd_st td_sha;
- uint8_t concat[MAX_SIG_SIZE];
- const version_entry_st* ver = get_version (session);
- gnutls_digest_algorithm_t hash_algo;
- const mac_entry_st * me;
-
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- _gnutls_handshake_log ("HSK[%p]: verify handshake data: using %s\n",
- session, gnutls_sign_algorithm_get_name (sign_algo));
-
- ret = _gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver, sign_algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_session_sign_algo_enabled (session, sign_algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- hash_algo = gnutls_sign_get_hash_algorithm (sign_algo);
- me = mac_to_entry(hash_algo);
- }
- else
- {
- me = mac_to_entry(GNUTLS_DIG_MD5);
- ret = _gnutls_hash_init (&td_md5, me);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash (&td_md5, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_md5, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_md5, params->data, params->size);
-
- me = mac_to_entry(GNUTLS_DIG_SHA1);
- }
-
- ret = _gnutls_hash_init (&td_sha, me);
- if (ret < 0)
- {
- gnutls_assert ();
- if (!_gnutls_version_has_selectable_sighash (ver))
- _gnutls_hash_deinit (&td_md5, NULL);
- return ret;
- }
-
- _gnutls_hash (&td_sha, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_sha, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
- _gnutls_hash (&td_sha, params->data, params->size);
-
- if (!_gnutls_version_has_selectable_sighash (ver))
- {
- _gnutls_hash_deinit (&td_md5, concat);
- _gnutls_hash_deinit (&td_sha, &concat[16]);
- dconcat.data = concat;
- dconcat.size = 36;
- }
- else
- {
- _gnutls_hash_deinit (&td_sha, concat);
-
- dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (me);
- }
-
- ret = verify_tls_hash (session, ver, cert, &dconcat, signature,
- dconcat.size - _gnutls_hash_get_algo_len (me),
- sign_algo, gnutls_sign_get_pk_algorithm (sign_algo));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ gnutls_datum_t dconcat;
+ int ret;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ uint8_t concat[MAX_SIG_SIZE];
+ const version_entry_st *ver = get_version(session);
+ gnutls_digest_algorithm_t hash_algo;
+ const mac_entry_st *me;
+
+ if (_gnutls_version_has_selectable_sighash(ver)) {
+ _gnutls_handshake_log
+ ("HSK[%p]: verify handshake data: using %s\n", session,
+ gnutls_sign_algorithm_get_name(sign_algo));
+
+ ret =
+ _gnutls_pubkey_compatible_with_sig(session,
+ cert->pubkey, ver,
+ sign_algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_session_sign_algo_enabled(session, sign_algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ hash_algo = gnutls_sign_get_hash_algorithm(sign_algo);
+ me = mac_to_entry(hash_algo);
+ } else {
+ me = mac_to_entry(GNUTLS_DIG_MD5);
+ ret = _gnutls_hash_init(&td_md5, me);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&td_md5,
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_md5,
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_md5, params->data, params->size);
+
+ me = mac_to_entry(GNUTLS_DIG_SHA1);
+ }
+
+ ret = _gnutls_hash_init(&td_sha, me);
+ if (ret < 0) {
+ gnutls_assert();
+ if (!_gnutls_version_has_selectable_sighash(ver))
+ _gnutls_hash_deinit(&td_md5, NULL);
+ return ret;
+ }
+
+ _gnutls_hash(&td_sha, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_sha, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash(&td_sha, params->data, params->size);
+
+ if (!_gnutls_version_has_selectable_sighash(ver)) {
+ _gnutls_hash_deinit(&td_md5, concat);
+ _gnutls_hash_deinit(&td_sha, &concat[16]);
+ dconcat.data = concat;
+ dconcat.size = 36;
+ } else {
+ _gnutls_hash_deinit(&td_sha, concat);
+
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len(me);
+ }
+
+ ret = verify_tls_hash(session, ver, cert, &dconcat, signature,
+ dconcat.size - _gnutls_hash_get_algo_len(me),
+ sign_algo,
+ gnutls_sign_get_pk_algorithm(sign_algo));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
@@ -403,44 +414,48 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_pcert_st* cert,
/* this is _gnutls_handshake_verify_crt_vrfy for TLS 1.2
*/
static int
-_gnutls_handshake_verify_crt_vrfy12 (gnutls_session_t session,
- gnutls_pcert_st* cert,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+_gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
- int ret;
- uint8_t concat[MAX_HASH_SIZE];
- gnutls_datum_t dconcat;
- const version_entry_st* ver = get_version (session);
- gnutls_pk_algorithm_t pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
- const mac_entry_st *me;
-
- ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- gnutls_sign_algorithm_set_client(session, sign_algo);
-
- me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign_algo));
-
- ret = _gnutls_hash_fast(me->id, session->internals.handshake_hash_buffer.data,
- session->internals.handshake_hash_buffer_prev_len,
- concat);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (me);
-
- ret =
- verify_tls_hash (session, ver, cert, &dconcat, signature, 0, sign_algo, pk);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ int ret;
+ uint8_t concat[MAX_HASH_SIZE];
+ gnutls_datum_t dconcat;
+ const version_entry_st *ver = get_version(session);
+ gnutls_pk_algorithm_t pk =
+ gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
+ const mac_entry_st *me;
+
+ ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ gnutls_sign_algorithm_set_client(session, sign_algo);
+
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign_algo));
+
+ ret =
+ _gnutls_hash_fast(me->id,
+ session->internals.handshake_hash_buffer.
+ data,
+ session->internals.
+ handshake_hash_buffer_prev_len, concat);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len(me);
+
+ ret =
+ verify_tls_hash(session, ver, cert, &dconcat, signature, 0,
+ sign_algo, pk);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
@@ -448,145 +463,143 @@ _gnutls_handshake_verify_crt_vrfy12 (gnutls_session_t session,
* verify message).
*/
int
-_gnutls_handshake_verify_crt_vrfy (gnutls_session_t session,
- gnutls_pcert_st *cert,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+_gnutls_handshake_verify_crt_vrfy(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
- int ret;
- uint8_t concat[MAX_SIG_SIZE];
- digest_hd_st td_md5;
- digest_hd_st td_sha;
- gnutls_datum_t dconcat;
- const version_entry_st* ver = get_version (session);
-
- _gnutls_handshake_log ("HSK[%p]: verify cert vrfy: using %s\n",
- session, gnutls_sign_algorithm_get_name (sign_algo));
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (_gnutls_version_has_selectable_sighash(ver))
- return _gnutls_handshake_verify_crt_vrfy12 (session, cert, signature,
- sign_algo);
-
- ret =
- _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_hash_init (&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&td_md5, NULL);
- return GNUTLS_E_HASH_FAILED;
- }
-
- _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len);
- _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len);
-
- if (ver->id == GNUTLS_SSL3)
- {
- ret = _gnutls_generate_master (session, 1);
- if (ret < 0)
- {
- _gnutls_hash_deinit (&td_md5, NULL);
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(ret);
- }
-
- ret = _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (ret < 0)
- {
- _gnutls_hash_deinit (&td_sha, NULL);
- return gnutls_assert_val(ret);
- }
-
- ret = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (ret < 0)
- {
- return gnutls_assert_val(ret);
- }
- }
- else
- {
- _gnutls_hash_deinit (&td_md5, concat);
- _gnutls_hash_deinit (&td_sha, &concat[16]);
- }
-
- dconcat.data = concat;
- dconcat.size = 20 + 16; /* md5+ sha */
-
- ret =
- verify_tls_hash (session, ver, cert, &dconcat, signature, 16,
- GNUTLS_SIGN_UNKNOWN,
- gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ int ret;
+ uint8_t concat[MAX_SIG_SIZE];
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ gnutls_datum_t dconcat;
+ const version_entry_st *ver = get_version(session);
+
+ _gnutls_handshake_log("HSK[%p]: verify cert vrfy: using %s\n",
+ session,
+ gnutls_sign_algorithm_get_name(sign_algo));
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (_gnutls_version_has_selectable_sighash(ver))
+ return _gnutls_handshake_verify_crt_vrfy12(session, cert,
+ signature,
+ sign_algo);
+
+ ret = _gnutls_hash_init(&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_hash_init(&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_hash_deinit(&td_md5, NULL);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ _gnutls_hash(&td_sha,
+ session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer_prev_len);
+ _gnutls_hash(&td_md5,
+ session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer_prev_len);
+
+ if (ver->id == GNUTLS_SSL3) {
+ ret = _gnutls_generate_master(session, 1);
+ if (ret < 0) {
+ _gnutls_hash_deinit(&td_md5, NULL);
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return gnutls_assert_val(ret);
+ }
+
+ ret = _gnutls_mac_deinit_ssl3_handshake(&td_md5, concat,
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (ret < 0) {
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return gnutls_assert_val(ret);
+ }
+
+ ret =
+ _gnutls_mac_deinit_ssl3_handshake(&td_sha, &concat[16],
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (ret < 0) {
+ return gnutls_assert_val(ret);
+ }
+ } else {
+ _gnutls_hash_deinit(&td_md5, concat);
+ _gnutls_hash_deinit(&td_sha, &concat[16]);
+ }
+
+ dconcat.data = concat;
+ dconcat.size = 20 + 16; /* md5+ sha */
+
+ ret =
+ verify_tls_hash(session, ver, cert, &dconcat, signature, 16,
+ GNUTLS_SIGN_UNKNOWN,
+ gnutls_pubkey_get_pk_algorithm(cert->pubkey,
+ NULL));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
/* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2
*/
static int
-_gnutls_handshake_sign_crt_vrfy12 (gnutls_session_t session,
- gnutls_pcert_st* cert, gnutls_privkey_t pkey,
- gnutls_datum_t * signature)
+_gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * signature)
{
- gnutls_datum_t dconcat;
- int ret;
- uint8_t concat[MAX_SIG_SIZE];
- gnutls_sign_algorithm_t sign_algo;
- const mac_entry_st* me;
-
- sign_algo =
- _gnutls_session_get_sign_algo (session, cert);
- if (sign_algo == GNUTLS_SIGN_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- gnutls_sign_algorithm_set_client(session, sign_algo);
-
- me = mac_to_entry(gnutls_sign_get_hash_algorithm (sign_algo));
-
- _gnutls_debug_log ("sign handshake cert vrfy: picked %s with %s\n",
- gnutls_sign_algorithm_get_name (sign_algo),
- _gnutls_mac_get_name (me));
-
- ret = _gnutls_hash_fast (me->id, session->internals.handshake_hash_buffer.data,
- session->internals.handshake_hash_buffer.length,
- concat);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (me);
-
- ret = sign_tls_hash (session, me, cert, pkey, &dconcat, signature);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return sign_algo;
+ gnutls_datum_t dconcat;
+ int ret;
+ uint8_t concat[MAX_SIG_SIZE];
+ gnutls_sign_algorithm_t sign_algo;
+ const mac_entry_st *me;
+
+ sign_algo = _gnutls_session_get_sign_algo(session, cert);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ gnutls_sign_algorithm_set_client(session, sign_algo);
+
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign_algo));
+
+ _gnutls_debug_log("sign handshake cert vrfy: picked %s with %s\n",
+ gnutls_sign_algorithm_get_name(sign_algo),
+ _gnutls_mac_get_name(me));
+
+ ret =
+ _gnutls_hash_fast(me->id,
+ session->internals.handshake_hash_buffer.
+ data,
+ session->internals.handshake_hash_buffer.
+ length, concat);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len(me);
+
+ ret = sign_tls_hash(session, me, cert, pkey, &dconcat, signature);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return sign_algo;
}
@@ -599,131 +612,136 @@ _gnutls_handshake_sign_crt_vrfy12 (gnutls_session_t session,
* For TLS1.2 returns the signature algorithm used on success, or a negative error code;
*/
int
-_gnutls_handshake_sign_crt_vrfy (gnutls_session_t session,
- gnutls_pcert_st* cert, gnutls_privkey_t pkey,
- gnutls_datum_t * signature)
+_gnutls_handshake_sign_crt_vrfy(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * signature)
{
- gnutls_datum_t dconcat;
- int ret;
- uint8_t concat[MAX_SIG_SIZE];
- digest_hd_st td_md5;
- digest_hd_st td_sha;
- const version_entry_st* ver = get_version (session);
- gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm(pkey, NULL);
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (_gnutls_version_has_selectable_sighash(ver))
- return _gnutls_handshake_sign_crt_vrfy12 (session, cert, pkey,
- signature);
-
- ret =
- _gnutls_hash_init (&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length);
-
- if (ver->id == GNUTLS_SSL3)
- {
- ret = _gnutls_generate_master (session, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_hash_deinit (&td_sha, NULL);
- return ret;
- }
-
- ret = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- _gnutls_hash_deinit (&td_sha, &concat[16]);
-
- /* ensure 1024 bit DSA keys are used */
- ret = _gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver, GNUTLS_SIGN_UNKNOWN);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- ret =
- _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length);
-
- if (ver->id == GNUTLS_SSL3)
- {
- ret = _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
- session->
- security_parameters.master_secret,
- GNUTLS_MASTER_SIZE);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- _gnutls_hash_deinit (&td_md5, concat);
-
- dconcat.data = concat;
- dconcat.size = 36;
- break;
- case GNUTLS_PK_DSA:
- case GNUTLS_PK_EC:
-
- dconcat.data = &concat[16];
- dconcat.size = 20;
- break;
-
- default:
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
- ret = sign_tls_hash (session, NULL, cert, pkey, &dconcat, signature);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ gnutls_datum_t dconcat;
+ int ret;
+ uint8_t concat[MAX_SIG_SIZE];
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ const version_entry_st *ver = get_version(session);
+ gnutls_pk_algorithm_t pk =
+ gnutls_privkey_get_pk_algorithm(pkey, NULL);
+
+ if (unlikely(ver == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (_gnutls_version_has_selectable_sighash(ver))
+ return _gnutls_handshake_sign_crt_vrfy12(session, cert,
+ pkey, signature);
+
+ ret = _gnutls_hash_init(&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_hash(&td_sha,
+ session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer.length);
+
+ if (ver->id == GNUTLS_SSL3) {
+ ret = _gnutls_generate_master(session, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_hash_deinit(&td_sha, NULL);
+ return ret;
+ }
+
+ ret =
+ _gnutls_mac_deinit_ssl3_handshake(&td_sha, &concat[16],
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else
+ _gnutls_hash_deinit(&td_sha, &concat[16]);
+
+ /* ensure 1024 bit DSA keys are used */
+ ret =
+ _gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver,
+ GNUTLS_SIGN_UNKNOWN);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ ret =
+ _gnutls_hash_init(&td_md5,
+ mac_to_entry(GNUTLS_DIG_MD5));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_hash(&td_md5,
+ session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer.
+ length);
+
+ if (ver->id == GNUTLS_SSL3) {
+ ret =
+ _gnutls_mac_deinit_ssl3_handshake(&td_md5,
+ concat,
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else
+ _gnutls_hash_deinit(&td_md5, concat);
+
+ dconcat.data = concat;
+ dconcat.size = 36;
+ break;
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_EC:
+
+ dconcat.data = &concat[16];
+ dconcat.size = 20;
+ break;
+
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+ ret =
+ sign_tls_hash(session, NULL, cert, pkey, &dconcat, signature);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
int
-pk_hash_data (gnutls_pk_algorithm_t pk, const mac_entry_st* hash,
- gnutls_pk_params_st* params,
- const gnutls_datum_t * data, gnutls_datum_t * digest)
+pk_hash_data(gnutls_pk_algorithm_t pk, const mac_entry_st * hash,
+ gnutls_pk_params_st * params,
+ const gnutls_datum_t * data, gnutls_datum_t * digest)
{
- int ret;
-
- digest->size = _gnutls_hash_get_algo_len (hash);
- digest->data = gnutls_malloc (digest->size);
- if (digest->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_hash_fast (hash->id, data->data, data->size, digest->data);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- gnutls_free (digest->data);
- return ret;
+ int ret;
+
+ digest->size = _gnutls_hash_get_algo_len(hash);
+ digest->data = gnutls_malloc(digest->size);
+ if (digest->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ _gnutls_hash_fast(hash->id, data->data, data->size,
+ digest->data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_free(digest->data);
+ return ret;
}
@@ -733,35 +751,34 @@ cleanup:
* and will be freed if replacement is required.
*/
int
-pk_prepare_hash (gnutls_pk_algorithm_t pk,
- const mac_entry_st* hash, gnutls_datum_t * digest)
+pk_prepare_hash(gnutls_pk_algorithm_t pk,
+ const mac_entry_st * hash, gnutls_datum_t * digest)
{
- int ret;
- gnutls_datum_t old_digest = { digest->data, digest->size };
-
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- if (unlikely(hash == NULL))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- /* Encode the digest as a DigestInfo
- */
- if ((ret = encode_ber_digest_info (hash, &old_digest, digest)) != 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_free_datum (&old_digest);
- break;
- case GNUTLS_PK_DSA:
- case GNUTLS_PK_EC:
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- return 0;
+ int ret;
+ gnutls_datum_t old_digest = { digest->data, digest->size };
+
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ if (unlikely(hash == NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ /* Encode the digest as a DigestInfo
+ */
+ if ((ret =
+ encode_ber_digest_info(hash, &old_digest,
+ digest)) != 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_free_datum(&old_digest);
+ break;
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_EC:
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ return 0;
}
-
diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h
index d2a2f67927..a877acc49d 100644
--- a/lib/gnutls_sig.h
+++ b/lib/gnutls_sig.h
@@ -25,33 +25,33 @@
#include <gnutls/abstract.h>
-int _gnutls_handshake_sign_crt_vrfy (gnutls_session_t session,
- gnutls_pcert_st* cert,
- gnutls_privkey_t pkey,
- gnutls_datum_t * signature);
-
-int _gnutls_handshake_sign_data (gnutls_session_t session,
- gnutls_pcert_st* cert,
- gnutls_privkey_t pkey,
- gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t * algo);
-
-int _gnutls_handshake_verify_crt_vrfy (gnutls_session_t session,
- gnutls_pcert_st* cert,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t);
-
-int _gnutls_handshake_verify_data (gnutls_session_t session,
- gnutls_pcert_st* cert,
- const gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t algo);
-
-int pk_prepare_hash (gnutls_pk_algorithm_t pk, const mac_entry_st* hash,
- gnutls_datum_t * output);
-int pk_hash_data (gnutls_pk_algorithm_t pk, const mac_entry_st* hash,
- gnutls_pk_params_st * params, const gnutls_datum_t * data,
- gnutls_datum_t * digest);
+int _gnutls_handshake_sign_crt_vrfy(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * signature);
+
+int _gnutls_handshake_sign_data(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t * algo);
+
+int _gnutls_handshake_verify_crt_vrfy(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t);
+
+int _gnutls_handshake_verify_data(gnutls_session_t session,
+ gnutls_pcert_st * cert,
+ const gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t algo);
+
+int pk_prepare_hash(gnutls_pk_algorithm_t pk, const mac_entry_st * hash,
+ gnutls_datum_t * output);
+int pk_hash_data(gnutls_pk_algorithm_t pk, const mac_entry_st * hash,
+ gnutls_pk_params_st * params, const gnutls_datum_t * data,
+ gnutls_datum_t * digest);
#endif
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index 8707b87c43..be0143ff1a 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -41,50 +41,45 @@
*/
static int
-_gnutls_srp_gx (uint8_t * text, size_t textsize, uint8_t ** result,
- bigint_t g, bigint_t prime)
+_gnutls_srp_gx(uint8_t * text, size_t textsize, uint8_t ** result,
+ bigint_t g, bigint_t prime)
{
- bigint_t x, e;
- size_t result_size;
- int ret;
-
- if (_gnutls_mpi_scan_nz (&x, text, textsize))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- e = _gnutls_mpi_alloc_like (prime);
- if (e == NULL)
- {
- gnutls_assert ();
- _gnutls_mpi_release (&x);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* e = g^x mod prime (n) */
- _gnutls_mpi_powm (e, g, x, prime);
- _gnutls_mpi_release (&x);
-
- ret = _gnutls_mpi_print (e, NULL, &result_size);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- *result = gnutls_malloc (result_size);
- if ((*result) == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- _gnutls_mpi_print (e, *result, &result_size);
- ret = result_size;
- }
- else
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_PRINT_FAILED;
- }
-
- _gnutls_mpi_release (&e);
-
- return ret;
+ bigint_t x, e;
+ size_t result_size;
+ int ret;
+
+ if (_gnutls_mpi_scan_nz(&x, text, textsize)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ e = _gnutls_mpi_alloc_like(prime);
+ if (e == NULL) {
+ gnutls_assert();
+ _gnutls_mpi_release(&x);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* e = g^x mod prime (n) */
+ _gnutls_mpi_powm(e, g, x, prime);
+ _gnutls_mpi_release(&x);
+
+ ret = _gnutls_mpi_print(e, NULL, &result_size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ *result = gnutls_malloc(result_size);
+ if ((*result) == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ _gnutls_mpi_print(e, *result, &result_size);
+ ret = result_size;
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_PRINT_FAILED;
+ }
+
+ _gnutls_mpi_release(&e);
+
+ return ret;
}
@@ -95,242 +90,230 @@ _gnutls_srp_gx (uint8_t * text, size_t textsize, uint8_t ** result,
* Return: B and if ret_b is not NULL b.
*/
bigint_t
-_gnutls_calc_srp_B (bigint_t * ret_b, bigint_t g, bigint_t n, bigint_t v)
+_gnutls_calc_srp_B(bigint_t * ret_b, bigint_t g, bigint_t n, bigint_t v)
{
- bigint_t tmpB = NULL, tmpV = NULL;
- bigint_t b = NULL, B = NULL, k = NULL;
- int bits;
-
-
- /* calculate: B = (k*v + g^b) % N
- */
- bits = _gnutls_mpi_get_nbits (n);
-
- tmpV = _gnutls_mpi_alloc_like (n);
-
- if (tmpV == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- b = _gnutls_mpi_randomize (NULL, bits, GNUTLS_RND_RANDOM);
-
- tmpB = _gnutls_mpi_new (bits);
- if (tmpB == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- B = _gnutls_mpi_new (bits);
- if (B == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- k = _gnutls_calc_srp_u (n, g, n);
- if (k == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- _gnutls_mpi_mulm (tmpV, k, v, n);
- _gnutls_mpi_powm (tmpB, g, b, n);
-
- _gnutls_mpi_addm (B, tmpV, tmpB, n);
-
- _gnutls_mpi_release (&k);
- _gnutls_mpi_release (&tmpB);
- _gnutls_mpi_release (&tmpV);
-
- if (ret_b)
- *ret_b = b;
- else
- _gnutls_mpi_release (&b);
-
- return B;
-
-error:
- _gnutls_mpi_release (&b);
- _gnutls_mpi_release (&B);
- _gnutls_mpi_release (&k);
- _gnutls_mpi_release (&tmpB);
- _gnutls_mpi_release (&tmpV);
- return NULL;
+ bigint_t tmpB = NULL, tmpV = NULL;
+ bigint_t b = NULL, B = NULL, k = NULL;
+ int bits;
+
+
+ /* calculate: B = (k*v + g^b) % N
+ */
+ bits = _gnutls_mpi_get_nbits(n);
+
+ tmpV = _gnutls_mpi_alloc_like(n);
+
+ if (tmpV == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ b = _gnutls_mpi_randomize(NULL, bits, GNUTLS_RND_RANDOM);
+
+ tmpB = _gnutls_mpi_new(bits);
+ if (tmpB == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ B = _gnutls_mpi_new(bits);
+ if (B == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ k = _gnutls_calc_srp_u(n, g, n);
+ if (k == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ _gnutls_mpi_mulm(tmpV, k, v, n);
+ _gnutls_mpi_powm(tmpB, g, b, n);
+
+ _gnutls_mpi_addm(B, tmpV, tmpB, n);
+
+ _gnutls_mpi_release(&k);
+ _gnutls_mpi_release(&tmpB);
+ _gnutls_mpi_release(&tmpV);
+
+ if (ret_b)
+ *ret_b = b;
+ else
+ _gnutls_mpi_release(&b);
+
+ return B;
+
+ error:
+ _gnutls_mpi_release(&b);
+ _gnutls_mpi_release(&B);
+ _gnutls_mpi_release(&k);
+ _gnutls_mpi_release(&tmpB);
+ _gnutls_mpi_release(&tmpV);
+ return NULL;
}
/* This calculates the SHA1(A | B)
* A and B will be left-padded with zeros to fill n_size.
*/
-bigint_t
-_gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n)
+bigint_t _gnutls_calc_srp_u(bigint_t A, bigint_t B, bigint_t n)
{
- size_t b_size, a_size;
- uint8_t *holder, hd[MAX_HASH_SIZE];
- size_t holder_size, hash_size, n_size;
- int ret;
- bigint_t res;
-
- /* get the size of n in bytes */
- _gnutls_mpi_print (n, NULL, &n_size);
-
- _gnutls_mpi_print (A, NULL, &a_size);
- _gnutls_mpi_print (B, NULL, &b_size);
-
- if (a_size > n_size || b_size > n_size)
- {
- gnutls_assert ();
- return NULL; /* internal error */
- }
-
- holder_size = n_size + n_size;
-
- holder = gnutls_calloc (1, holder_size);
- if (holder == NULL)
- return NULL;
-
- _gnutls_mpi_print (A, &holder[n_size - a_size], &a_size);
- _gnutls_mpi_print (B, &holder[n_size + n_size - b_size], &b_size);
-
- ret = _gnutls_hash_fast (GNUTLS_MAC_SHA1, holder, holder_size, hd);
- if (ret < 0)
- {
- gnutls_free (holder);
- gnutls_assert ();
- return NULL;
- }
-
- /* convert the bytes of hd to integer
- */
- hash_size = 20; /* SHA */
- ret = _gnutls_mpi_scan_nz (&res, hd, hash_size);
- gnutls_free (holder);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- return res;
+ size_t b_size, a_size;
+ uint8_t *holder, hd[MAX_HASH_SIZE];
+ size_t holder_size, hash_size, n_size;
+ int ret;
+ bigint_t res;
+
+ /* get the size of n in bytes */
+ _gnutls_mpi_print(n, NULL, &n_size);
+
+ _gnutls_mpi_print(A, NULL, &a_size);
+ _gnutls_mpi_print(B, NULL, &b_size);
+
+ if (a_size > n_size || b_size > n_size) {
+ gnutls_assert();
+ return NULL; /* internal error */
+ }
+
+ holder_size = n_size + n_size;
+
+ holder = gnutls_calloc(1, holder_size);
+ if (holder == NULL)
+ return NULL;
+
+ _gnutls_mpi_print(A, &holder[n_size - a_size], &a_size);
+ _gnutls_mpi_print(B, &holder[n_size + n_size - b_size], &b_size);
+
+ ret = _gnutls_hash_fast(GNUTLS_MAC_SHA1, holder, holder_size, hd);
+ if (ret < 0) {
+ gnutls_free(holder);
+ gnutls_assert();
+ return NULL;
+ }
+
+ /* convert the bytes of hd to integer
+ */
+ hash_size = 20; /* SHA */
+ ret = _gnutls_mpi_scan_nz(&res, hd, hash_size);
+ gnutls_free(holder);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ return res;
}
/* S = (A * v^u) ^ b % N
* this is our shared key (server premaster secret)
*/
bigint_t
-_gnutls_calc_srp_S1 (bigint_t A, bigint_t b, bigint_t u, bigint_t v,
- bigint_t n)
+_gnutls_calc_srp_S1(bigint_t A, bigint_t b, bigint_t u, bigint_t v,
+ bigint_t n)
{
- bigint_t tmp1 = NULL, tmp2 = NULL;
- bigint_t S = NULL;
+ bigint_t tmp1 = NULL, tmp2 = NULL;
+ bigint_t S = NULL;
- S = _gnutls_mpi_alloc_like (n);
- if (S == NULL)
- return NULL;
+ S = _gnutls_mpi_alloc_like(n);
+ if (S == NULL)
+ return NULL;
- tmp1 = _gnutls_mpi_alloc_like (n);
- tmp2 = _gnutls_mpi_alloc_like (n);
+ tmp1 = _gnutls_mpi_alloc_like(n);
+ tmp2 = _gnutls_mpi_alloc_like(n);
- if (tmp1 == NULL || tmp2 == NULL)
- goto freeall;
+ if (tmp1 == NULL || tmp2 == NULL)
+ goto freeall;
- _gnutls_mpi_powm (tmp1, v, u, n);
- _gnutls_mpi_mulm (tmp2, A, tmp1, n);
- _gnutls_mpi_powm (S, tmp2, b, n);
+ _gnutls_mpi_powm(tmp1, v, u, n);
+ _gnutls_mpi_mulm(tmp2, A, tmp1, n);
+ _gnutls_mpi_powm(S, tmp2, b, n);
- _gnutls_mpi_release (&tmp1);
- _gnutls_mpi_release (&tmp2);
+ _gnutls_mpi_release(&tmp1);
+ _gnutls_mpi_release(&tmp2);
- return S;
+ return S;
-freeall:
- _gnutls_mpi_release (&tmp1);
- _gnutls_mpi_release (&tmp2);
- return NULL;
+ freeall:
+ _gnutls_mpi_release(&tmp1);
+ _gnutls_mpi_release(&tmp2);
+ return NULL;
}
/* A = g^a % N
* returns A and a (which is random)
*/
-bigint_t
-_gnutls_calc_srp_A (bigint_t * a, bigint_t g, bigint_t n)
+bigint_t _gnutls_calc_srp_A(bigint_t * a, bigint_t g, bigint_t n)
{
- bigint_t tmpa;
- bigint_t A;
- int bits;
-
- bits = _gnutls_mpi_get_nbits (n);
- tmpa = _gnutls_mpi_randomize (NULL, bits, GNUTLS_RND_RANDOM);
-
- A = _gnutls_mpi_new (bits);
- if (A == NULL)
- {
- gnutls_assert ();
- _gnutls_mpi_release (&tmpa);
- return NULL;
- }
- _gnutls_mpi_powm (A, g, tmpa, n);
-
- if (a != NULL)
- *a = tmpa;
- else
- _gnutls_mpi_release (&tmpa);
-
- return A;
+ bigint_t tmpa;
+ bigint_t A;
+ int bits;
+
+ bits = _gnutls_mpi_get_nbits(n);
+ tmpa = _gnutls_mpi_randomize(NULL, bits, GNUTLS_RND_RANDOM);
+
+ A = _gnutls_mpi_new(bits);
+ if (A == NULL) {
+ gnutls_assert();
+ _gnutls_mpi_release(&tmpa);
+ return NULL;
+ }
+ _gnutls_mpi_powm(A, g, tmpa, n);
+
+ if (a != NULL)
+ *a = tmpa;
+ else
+ _gnutls_mpi_release(&tmpa);
+
+ return A;
}
/* generate x = SHA(s | SHA(U | ":" | p))
* The output is exactly 20 bytes
*/
static int
-_gnutls_calc_srp_sha (const char *username, const char *password,
- uint8_t * salt, int salt_size, size_t * size,
- void *digest)
+_gnutls_calc_srp_sha(const char *username, const char *password,
+ uint8_t * salt, int salt_size, size_t * size,
+ void *digest)
{
- digest_hd_st td;
- uint8_t res[MAX_HASH_SIZE];
- int ret;
- const mac_entry_st* me = mac_to_entry(GNUTLS_MAC_SHA1);
+ digest_hd_st td;
+ uint8_t res[MAX_HASH_SIZE];
+ int ret;
+ const mac_entry_st *me = mac_to_entry(GNUTLS_MAC_SHA1);
- *size = 20;
+ *size = 20;
- ret = _gnutls_hash_init (&td, me);
- if (ret < 0)
- {
- return GNUTLS_E_MEMORY_ERROR;
- }
- _gnutls_hash (&td, username, strlen (username));
- _gnutls_hash (&td, ":", 1);
- _gnutls_hash (&td, password, strlen (password));
+ ret = _gnutls_hash_init(&td, me);
+ if (ret < 0) {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ _gnutls_hash(&td, username, strlen(username));
+ _gnutls_hash(&td, ":", 1);
+ _gnutls_hash(&td, password, strlen(password));
- _gnutls_hash_deinit (&td, res);
+ _gnutls_hash_deinit(&td, res);
- ret = _gnutls_hash_init (&td, me);
- if (ret < 0)
- {
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ret = _gnutls_hash_init(&td, me);
+ if (ret < 0) {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- _gnutls_hash (&td, salt, salt_size);
- _gnutls_hash (&td, res, 20); /* 20 bytes is the output of sha1 */
+ _gnutls_hash(&td, salt, salt_size);
+ _gnutls_hash(&td, res, 20); /* 20 bytes is the output of sha1 */
- _gnutls_hash_deinit (&td, digest);
+ _gnutls_hash_deinit(&td, digest);
- return 0;
+ return 0;
}
int
-_gnutls_calc_srp_x (char *username, char *password, uint8_t * salt,
- size_t salt_size, size_t * size, void *digest)
+_gnutls_calc_srp_x(char *username, char *password, uint8_t * salt,
+ size_t salt_size, size_t * size, void *digest)
{
- return _gnutls_calc_srp_sha (username, password, salt,
- salt_size, size, digest);
+ return _gnutls_calc_srp_sha(username, password, salt,
+ salt_size, size, digest);
}
@@ -338,59 +321,57 @@ _gnutls_calc_srp_x (char *username, char *password, uint8_t * salt,
* this is our shared key (client premaster secret)
*/
bigint_t
-_gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a,
- bigint_t u, bigint_t n)
+_gnutls_calc_srp_S2(bigint_t B, bigint_t g, bigint_t x, bigint_t a,
+ bigint_t u, bigint_t n)
{
- bigint_t S = NULL, tmp1 = NULL, tmp2 = NULL;
- bigint_t tmp4 = NULL, tmp3 = NULL, k = NULL;
-
- S = _gnutls_mpi_alloc_like (n);
- if (S == NULL)
- return NULL;
-
- tmp1 = _gnutls_mpi_alloc_like (n);
- tmp2 = _gnutls_mpi_alloc_like (n);
- tmp3 = _gnutls_mpi_alloc_like (n);
- if (tmp1 == NULL || tmp2 == NULL || tmp3 == NULL)
- {
- goto freeall;
- }
-
- k = _gnutls_calc_srp_u (n, g, n);
- if (k == NULL)
- {
- gnutls_assert ();
- goto freeall;
- }
-
- _gnutls_mpi_powm (tmp1, g, x, n); /* g^x */
- _gnutls_mpi_mulm (tmp3, tmp1, k, n); /* k*g^x mod n */
- _gnutls_mpi_subm (tmp2, B, tmp3, n);
-
- tmp4 = _gnutls_mpi_alloc_like (n);
- if (tmp4 == NULL)
- goto freeall;
-
- _gnutls_mpi_mul (tmp1, u, x);
- _gnutls_mpi_add (tmp4, a, tmp1);
- _gnutls_mpi_powm (S, tmp2, tmp4, n);
-
- _gnutls_mpi_release (&tmp1);
- _gnutls_mpi_release (&tmp2);
- _gnutls_mpi_release (&tmp3);
- _gnutls_mpi_release (&tmp4);
- _gnutls_mpi_release (&k);
-
- return S;
-
-freeall:
- _gnutls_mpi_release (&k);
- _gnutls_mpi_release (&tmp1);
- _gnutls_mpi_release (&tmp2);
- _gnutls_mpi_release (&tmp3);
- _gnutls_mpi_release (&tmp4);
- _gnutls_mpi_release (&S);
- return NULL;
+ bigint_t S = NULL, tmp1 = NULL, tmp2 = NULL;
+ bigint_t tmp4 = NULL, tmp3 = NULL, k = NULL;
+
+ S = _gnutls_mpi_alloc_like(n);
+ if (S == NULL)
+ return NULL;
+
+ tmp1 = _gnutls_mpi_alloc_like(n);
+ tmp2 = _gnutls_mpi_alloc_like(n);
+ tmp3 = _gnutls_mpi_alloc_like(n);
+ if (tmp1 == NULL || tmp2 == NULL || tmp3 == NULL) {
+ goto freeall;
+ }
+
+ k = _gnutls_calc_srp_u(n, g, n);
+ if (k == NULL) {
+ gnutls_assert();
+ goto freeall;
+ }
+
+ _gnutls_mpi_powm(tmp1, g, x, n); /* g^x */
+ _gnutls_mpi_mulm(tmp3, tmp1, k, n); /* k*g^x mod n */
+ _gnutls_mpi_subm(tmp2, B, tmp3, n);
+
+ tmp4 = _gnutls_mpi_alloc_like(n);
+ if (tmp4 == NULL)
+ goto freeall;
+
+ _gnutls_mpi_mul(tmp1, u, x);
+ _gnutls_mpi_add(tmp4, a, tmp1);
+ _gnutls_mpi_powm(S, tmp2, tmp4, n);
+
+ _gnutls_mpi_release(&tmp1);
+ _gnutls_mpi_release(&tmp2);
+ _gnutls_mpi_release(&tmp3);
+ _gnutls_mpi_release(&tmp4);
+ _gnutls_mpi_release(&k);
+
+ return S;
+
+ freeall:
+ _gnutls_mpi_release(&k);
+ _gnutls_mpi_release(&tmp1);
+ _gnutls_mpi_release(&tmp2);
+ _gnutls_mpi_release(&tmp3);
+ _gnutls_mpi_release(&tmp4);
+ _gnutls_mpi_release(&S);
+ return NULL;
}
/**
@@ -400,12 +381,11 @@ freeall:
* This structure is complex enough to manipulate directly thus
* this helper function is provided in order to free (deallocate) it.
**/
-void
-gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc)
+void gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t sc)
{
- gnutls_free (sc->username);
- gnutls_free (sc->password);
- gnutls_free (sc);
+ gnutls_free(sc->username);
+ gnutls_free(sc->password);
+ gnutls_free(sc);
}
/**
@@ -419,14 +399,15 @@ gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc)
* error code.
**/
int
-gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc)
+gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t *
+ sc)
{
- *sc = gnutls_calloc (1, sizeof (srp_client_credentials_st));
+ *sc = gnutls_calloc(1, sizeof(srp_client_credentials_st));
- if (*sc == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
/**
@@ -445,28 +426,27 @@ gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc)
* error code.
**/
int
-gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
- const char *username, const char *password)
+gnutls_srp_set_client_credentials(gnutls_srp_client_credentials_t res,
+ const char *username,
+ const char *password)
{
- if (username == NULL || password == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (username == NULL || password == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- res->username = gnutls_strdup (username);
- if (res->username == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ res->username = gnutls_strdup(username);
+ if (res->username == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- res->password = gnutls_strdup (password);
- if (res->password == NULL)
- {
- gnutls_free (res->username);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ res->password = gnutls_strdup(password);
+ if (res->password == NULL) {
+ gnutls_free(res->username);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
/**
@@ -476,13 +456,12 @@ gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
* This structure is complex enough to manipulate directly thus
* this helper function is provided in order to free (deallocate) it.
**/
-void
-gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc)
+void gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc)
{
- gnutls_free (sc->password_file);
- gnutls_free (sc->password_conf_file);
+ gnutls_free(sc->password_file);
+ gnutls_free(sc->password_conf_file);
- gnutls_free (sc);
+ gnutls_free(sc);
}
/**
@@ -496,14 +475,15 @@ gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc)
* error code.
**/
int
-gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc)
+gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
+ sc)
{
- *sc = gnutls_calloc (1, sizeof (srp_server_cred_st));
+ *sc = gnutls_calloc(1, sizeof(srp_server_cred_st));
- if (*sc == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
/**
@@ -521,47 +501,42 @@ gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc)
* error code.
**/
int
-gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res,
- const char *password_file,
- const char *password_conf_file)
+gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t res,
+ const char *password_file,
+ const char *password_conf_file)
{
- if (password_file == NULL || password_conf_file == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the files can be opened */
- if (_gnutls_file_exists (password_file) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- if (_gnutls_file_exists (password_conf_file) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- res->password_file = gnutls_strdup (password_file);
- if (res->password_file == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- res->password_conf_file = gnutls_strdup (password_conf_file);
- if (res->password_conf_file == NULL)
- {
- gnutls_assert ();
- gnutls_free (res->password_file);
- res->password_file = NULL;
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ if (password_file == NULL || password_conf_file == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the files can be opened */
+ if (_gnutls_file_exists(password_file) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ if (_gnutls_file_exists(password_conf_file) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ res->password_file = gnutls_strdup(password_file);
+ if (res->password_file == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ res->password_conf_file = gnutls_strdup(password_conf_file);
+ if (res->password_conf_file == NULL) {
+ gnutls_assert();
+ gnutls_free(res->password_file);
+ res->password_file = NULL;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
@@ -595,12 +570,12 @@ gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res,
* -1 indicates an error.
**/
void
-gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t
- cred,
- gnutls_srp_server_credentials_function
- * func)
+gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t
+ cred,
+ gnutls_srp_server_credentials_function
+ * func)
{
- cred->pwd_callback = func;
+ cred->pwd_callback = func;
}
/**
@@ -629,12 +604,12 @@ gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t
* -1 indicates an error.
**/
void
-gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t
- cred,
- gnutls_srp_client_credentials_function
- * func)
+gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t
+ cred,
+ gnutls_srp_client_credentials_function
+ * func)
{
- cred->get_function = func;
+ cred->get_function = func;
}
@@ -648,17 +623,16 @@ gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t
*
* Returns: SRP username of the peer, or NULL in case of error.
**/
-const char *
-gnutls_srp_server_get_username (gnutls_session_t session)
+const char *gnutls_srp_server_get_username(gnutls_session_t session)
{
- srp_server_auth_info_t info;
+ srp_server_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_SRP, NULL);
+ CHECK_AUTH(GNUTLS_CRD_SRP, NULL);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return NULL;
- return info->username;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return NULL;
+ return info->username;
}
/**
@@ -681,47 +655,43 @@ gnutls_srp_server_get_username (gnutls_session_t session)
* error code.
**/
int
-gnutls_srp_verifier (const char *username, const char *password,
- const gnutls_datum_t * salt,
- const gnutls_datum_t * generator,
- const gnutls_datum_t * prime, gnutls_datum_t * res)
+gnutls_srp_verifier(const char *username, const char *password,
+ const gnutls_datum_t * salt,
+ const gnutls_datum_t * generator,
+ const gnutls_datum_t * prime, gnutls_datum_t * res)
{
- bigint_t _n, _g;
- int ret;
- size_t digest_size = 20, size;
- uint8_t digest[20];
-
- ret = _gnutls_calc_srp_sha (username, password, salt->data,
- salt->size, &digest_size, digest);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- size = prime->size;
- if (_gnutls_mpi_scan_nz (&_n, prime->data, size))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- size = generator->size;
- if (_gnutls_mpi_scan_nz (&_g, generator->data, size))
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- ret = _gnutls_srp_gx (digest, 20, &res->data, _g, _n);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- res->size = ret;
-
- return 0;
+ bigint_t _n, _g;
+ int ret;
+ size_t digest_size = 20, size;
+ uint8_t digest[20];
+
+ ret = _gnutls_calc_srp_sha(username, password, salt->data,
+ salt->size, &digest_size, digest);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ size = prime->size;
+ if (_gnutls_mpi_scan_nz(&_n, prime->data, size)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ size = generator->size;
+ if (_gnutls_mpi_scan_nz(&_g, generator->data, size)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ ret = _gnutls_srp_gx(digest, 20, &res->data, _g, _n);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ res->size = ret;
+
+ return 0;
}
/**
@@ -741,10 +711,9 @@ gnutls_srp_verifier (const char *username, const char *password,
*
* Since: 2.6.0
**/
-void
-gnutls_srp_set_prime_bits (gnutls_session_t session, unsigned int bits)
+void gnutls_srp_set_prime_bits(gnutls_session_t session, unsigned int bits)
{
- session->internals.srp_prime_bits = bits;
+ session->internals.srp_prime_bits = bits;
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_SRP */
diff --git a/lib/gnutls_srp.h b/lib/gnutls_srp.h
index eda858d9a8..b82cc577ef 100644
--- a/lib/gnutls_srp.h
+++ b/lib/gnutls_srp.h
@@ -22,17 +22,17 @@
#ifdef ENABLE_SRP
-bigint_t _gnutls_calc_srp_B (bigint_t * ret_b, bigint_t g, bigint_t n,
- bigint_t v);
-bigint_t _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t N);
-bigint_t _gnutls_calc_srp_S1 (bigint_t A, bigint_t b, bigint_t u, bigint_t v,
- bigint_t n);
-bigint_t _gnutls_calc_srp_A (bigint_t * a, bigint_t g, bigint_t n);
-bigint_t _gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a,
- bigint_t u, bigint_t n);
-int _gnutls_calc_srp_x (char *username, char *password, uint8_t * salt,
- size_t salt_size, size_t * size, void *digest);
-int _gnutls_srp_gn (uint8_t ** ret_g, uint8_t ** ret_n, int bits);
+bigint_t _gnutls_calc_srp_B(bigint_t * ret_b, bigint_t g, bigint_t n,
+ bigint_t v);
+bigint_t _gnutls_calc_srp_u(bigint_t A, bigint_t B, bigint_t N);
+bigint_t _gnutls_calc_srp_S1(bigint_t A, bigint_t b, bigint_t u,
+ bigint_t v, bigint_t n);
+bigint_t _gnutls_calc_srp_A(bigint_t * a, bigint_t g, bigint_t n);
+bigint_t _gnutls_calc_srp_S2(bigint_t B, bigint_t g, bigint_t x,
+ bigint_t a, bigint_t u, bigint_t n);
+int _gnutls_calc_srp_x(char *username, char *password, uint8_t * salt,
+ size_t salt_size, size_t * size, void *digest);
+int _gnutls_srp_gn(uint8_t ** ret_g, uint8_t ** ret_n, int bits);
/* g is defined to be 2 */
#define SRP_MAX_HASH_SIZE 24
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 4103a74230..a609fb97a5 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -50,24 +50,26 @@
/* These should really be static, but src/tests.c calls them. Make
them public functions? */
void
-_gnutls_rsa_pms_set_version (gnutls_session_t session,
- unsigned char major, unsigned char minor);
+_gnutls_rsa_pms_set_version(gnutls_session_t session,
+ unsigned char major, unsigned char minor);
void
-_gnutls_session_cert_type_set (gnutls_session_t session,
- gnutls_certificate_type_t ct)
+_gnutls_session_cert_type_set(gnutls_session_t session,
+ gnutls_certificate_type_t ct)
{
- _gnutls_handshake_log("HSK[%p]: Selected certificate type %s (%d)\n", session,
- gnutls_certificate_type_get_name(ct), ct);
- session->security_parameters.cert_type = ct;
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected certificate type %s (%d)\n", session,
+ gnutls_certificate_type_get_name(ct), ct);
+ session->security_parameters.cert_type = ct;
}
void
-_gnutls_session_ecc_curve_set (gnutls_session_t session,
- gnutls_ecc_curve_t c)
+_gnutls_session_ecc_curve_set(gnutls_session_t session,
+ gnutls_ecc_curve_t c)
{
- _gnutls_handshake_log("HSK[%p]: Selected ECC curve %s (%d)\n", session, gnutls_ecc_curve_get_name(c), c);
- session->security_parameters.ecc_curve = c;
+ _gnutls_handshake_log("HSK[%p]: Selected ECC curve %s (%d)\n",
+ session, gnutls_ecc_curve_get_name(c), c);
+ session->security_parameters.ecc_curve = c;
}
/**
@@ -79,17 +81,17 @@ _gnutls_session_ecc_curve_set (gnutls_session_t session,
* Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
* type.
**/
-gnutls_cipher_algorithm_t
-gnutls_cipher_get (gnutls_session_t session)
+gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session)
{
- record_parameters_st *record_params;
- int ret;
-
- ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_CIPHER_NULL);
-
- return record_params->cipher->id;
+ record_parameters_st *record_params;
+ int ret;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_CIPHER_NULL);
+
+ return record_params->cipher->id;
}
/**
@@ -103,9 +105,9 @@ gnutls_cipher_get (gnutls_session_t session)
* type.
**/
gnutls_certificate_type_t
-gnutls_certificate_type_get (gnutls_session_t session)
+gnutls_certificate_type_get(gnutls_session_t session)
{
- return session->security_parameters.cert_type;
+ return session->security_parameters.cert_type;
}
/**
@@ -117,10 +119,9 @@ gnutls_certificate_type_get (gnutls_session_t session)
* Returns: the key exchange algorithm used in the last handshake, a
* #gnutls_kx_algorithm_t value.
**/
-gnutls_kx_algorithm_t
-gnutls_kx_get (gnutls_session_t session)
+gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
{
- return session->security_parameters.kx_algorithm;
+ return session->security_parameters.kx_algorithm;
}
/**
@@ -132,17 +133,17 @@ gnutls_kx_get (gnutls_session_t session)
* Returns: the currently used mac algorithm, a
* #gnutls_mac_algorithm_t value.
**/
-gnutls_mac_algorithm_t
-gnutls_mac_get (gnutls_session_t session)
+gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session)
{
- record_parameters_st *record_params;
- int ret;
-
- ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_MAC_NULL);
-
- return record_params->mac->id;
+ record_parameters_st *record_params;
+ int ret;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_MAC_NULL);
+
+ return record_params->mac->id;
}
/**
@@ -155,16 +156,17 @@ gnutls_mac_get (gnutls_session_t session)
* #gnutls_compression_method_t value.
**/
gnutls_compression_method_t
-gnutls_compression_get (gnutls_session_t session)
+gnutls_compression_get(gnutls_session_t session)
{
- record_parameters_st *record_params;
- int ret;
-
- ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_COMP_NULL);
-
- return record_params->compression_algorithm;
+ record_parameters_st *record_params;
+ int ret;
+
+ ret =
+ _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_COMP_NULL);
+
+ return record_params->compression_algorithm;
}
/* Check if the given certificate type is supported.
@@ -172,109 +174,107 @@ gnutls_compression_get (gnutls_session_t session)
* and a matching certificate exists.
*/
int
-_gnutls_session_cert_type_supported (gnutls_session_t session,
- gnutls_certificate_type_t cert_type)
+_gnutls_session_cert_type_supported(gnutls_session_t session,
+ gnutls_certificate_type_t cert_type)
{
- unsigned i;
- unsigned cert_found = 0;
- gnutls_certificate_credentials_t cred;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
-
- if (cred == NULL)
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
-
- if (cred->server_get_cert_callback == NULL
- && cred->get_cert_callback == NULL)
- {
- for (i = 0; i < cred->ncerts; i++)
- {
- if (cred->certs[i].cert_list[0].type == cert_type)
- {
- cert_found = 1;
- break;
- }
- }
-
- if (cert_found == 0)
- /* no certificate is of that type.
- */
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
- }
-
- if (session->internals.priorities.cert_type.algorithms == 0
- && cert_type == DEFAULT_CERT_TYPE)
- return 0;
-
- for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++)
- {
- if (session->internals.priorities.cert_type.priority[i] == cert_type)
- {
- return 0; /* ok */
- }
- }
-
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ unsigned i;
+ unsigned cert_found = 0;
+ gnutls_certificate_credentials_t cred;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE,
+ NULL);
+
+ if (cred == NULL)
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+
+ if (cred->server_get_cert_callback == NULL
+ && cred->get_cert_callback == NULL) {
+ for (i = 0; i < cred->ncerts; i++) {
+ if (cred->certs[i].cert_list[0].type ==
+ cert_type) {
+ cert_found = 1;
+ break;
+ }
+ }
+
+ if (cert_found == 0)
+ /* no certificate is of that type.
+ */
+ return
+ GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+ }
+
+ if (session->internals.priorities.cert_type.algorithms == 0
+ && cert_type == DEFAULT_CERT_TYPE)
+ return 0;
+
+ for (i = 0; i < session->internals.priorities.cert_type.algorithms;
+ i++) {
+ if (session->internals.priorities.cert_type.priority[i] ==
+ cert_type) {
+ return 0; /* ok */
+ }
+ }
+
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
}
/* this function deinitializes all the internal parameters stored
* in a session struct.
*/
-inline static void
-deinit_internal_params (gnutls_session_t session)
+inline static void deinit_internal_params(gnutls_session_t session)
{
#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
- if (session->internals.params.free_dh_params)
- gnutls_dh_params_deinit (session->internals.params.dh_params);
+ if (session->internals.params.free_dh_params)
+ gnutls_dh_params_deinit(session->internals.params.
+ dh_params);
#endif
- _gnutls_handshake_hash_buffers_clear (session);
+ _gnutls_handshake_hash_buffers_clear(session);
- memset (&session->internals.params, 0, sizeof (session->internals.params));
+ memset(&session->internals.params, 0,
+ sizeof(session->internals.params));
}
/* This function will clear all the variables in internals
* structure within the session, which depend on the current handshake.
* This is used to allow further handshakes.
*/
-static void
-_gnutls_handshake_internal_state_init (gnutls_session_t session)
+static void _gnutls_handshake_internal_state_init(gnutls_session_t session)
{
- session->internals.extensions_sent_size = 0;
-
- /* by default no selected certificate */
- session->internals.adv_version_major = 0;
- session->internals.adv_version_minor = 0;
- session->internals.direction = 0;
-
- /* use out of band data for the last
- * handshake messages received.
- */
- session->internals.last_handshake_in = -1;
- session->internals.last_handshake_out = -1;
-
- session->internals.resumable = RESUME_TRUE;
-
- session->internals.dtls.hsk_read_seq = 0;
- session->internals.dtls.hsk_write_seq = 0;
- gettime(&session->internals.dtls.handshake_start_time);
+ session->internals.extensions_sent_size = 0;
+
+ /* by default no selected certificate */
+ session->internals.adv_version_major = 0;
+ session->internals.adv_version_minor = 0;
+ session->internals.direction = 0;
+
+ /* use out of band data for the last
+ * handshake messages received.
+ */
+ session->internals.last_handshake_in = -1;
+ session->internals.last_handshake_out = -1;
+
+ session->internals.resumable = RESUME_TRUE;
+
+ session->internals.dtls.hsk_read_seq = 0;
+ session->internals.dtls.hsk_write_seq = 0;
+ gettime(&session->internals.dtls.handshake_start_time);
}
-void
-_gnutls_handshake_internal_state_clear (gnutls_session_t session)
+void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
{
- _gnutls_handshake_internal_state_init (session);
+ _gnutls_handshake_internal_state_init(session);
+
+ deinit_internal_params(session);
- deinit_internal_params (session);
-
- _gnutls_epoch_gc(session);
+ _gnutls_epoch_gc(session);
- session->internals.handshake_endtime = 0;
+ session->internals.handshake_endtime = 0;
}
/**
@@ -303,121 +303,120 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t session)
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_init (gnutls_session_t * session, unsigned int flags)
+int gnutls_init(gnutls_session_t * session, unsigned int flags)
{
- int ret;
- record_parameters_st *epoch;
+ int ret;
+ record_parameters_st *epoch;
- *session = gnutls_calloc (1, sizeof (struct gnutls_session_int));
- if (*session == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ *session = gnutls_calloc(1, sizeof(struct gnutls_session_int));
+ if (*session == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- ret = _gnutls_epoch_alloc (*session, 0, &epoch);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ret = _gnutls_epoch_alloc(*session, 0, &epoch);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- /* Set all NULL algos on epoch 0 */
- _gnutls_epoch_set_null_algos (*session, epoch);
+ /* Set all NULL algos on epoch 0 */
+ _gnutls_epoch_set_null_algos(*session, epoch);
- (*session)->security_parameters.epoch_next = 1;
+ (*session)->security_parameters.epoch_next = 1;
- (*session)->security_parameters.entity = (flags&GNUTLS_SERVER?GNUTLS_SERVER:GNUTLS_CLIENT);
+ (*session)->security_parameters.entity =
+ (flags & GNUTLS_SERVER ? GNUTLS_SERVER : GNUTLS_CLIENT);
- /* the default certificate type for TLS */
- (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
+ /* the default certificate type for TLS */
+ (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
- /* Initialize buffers */
- _gnutls_buffer_init (&(*session)->internals.handshake_hash_buffer);
- _gnutls_buffer_init (&(*session)->internals.hb_remote_data);
- _gnutls_buffer_init (&(*session)->internals.hb_local_data);
- _gnutls_buffer_init (&(*session)->internals.record_presend_buffer);
+ /* Initialize buffers */
+ _gnutls_buffer_init(&(*session)->internals.handshake_hash_buffer);
+ _gnutls_buffer_init(&(*session)->internals.hb_remote_data);
+ _gnutls_buffer_init(&(*session)->internals.hb_local_data);
+ _gnutls_buffer_init(&(*session)->internals.record_presend_buffer);
- _mbuffer_head_init (&(*session)->internals.record_buffer);
- _mbuffer_head_init (&(*session)->internals.record_send_buffer);
- _mbuffer_head_init (&(*session)->internals.record_recv_buffer);
+ _mbuffer_head_init(&(*session)->internals.record_buffer);
+ _mbuffer_head_init(&(*session)->internals.record_send_buffer);
+ _mbuffer_head_init(&(*session)->internals.record_recv_buffer);
- _mbuffer_head_init (&(*session)->internals.handshake_send_buffer);
- _gnutls_handshake_recv_buffer_init(*session);
+ _mbuffer_head_init(&(*session)->internals.handshake_send_buffer);
+ _gnutls_handshake_recv_buffer_init(*session);
- (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */
+ (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */
- gnutls_handshake_set_max_packet_length ((*session),
- MAX_HANDSHAKE_PACKET_SIZE);
+ gnutls_handshake_set_max_packet_length((*session),
+ MAX_HANDSHAKE_PACKET_SIZE);
- /* set the socket pointers to -1;
- */
- (*session)->internals.transport_recv_ptr = (gnutls_transport_ptr_t) - 1;
- (*session)->internals.transport_send_ptr = (gnutls_transport_ptr_t) - 1;
+ /* set the socket pointers to -1;
+ */
+ (*session)->internals.transport_recv_ptr =
+ (gnutls_transport_ptr_t) - 1;
+ (*session)->internals.transport_send_ptr =
+ (gnutls_transport_ptr_t) - 1;
- /* set the default maximum record size for TLS
- */
- (*session)->security_parameters.max_record_recv_size =
- DEFAULT_MAX_RECORD_SIZE;
- (*session)->security_parameters.max_record_send_size =
- DEFAULT_MAX_RECORD_SIZE;
+ /* set the default maximum record size for TLS
+ */
+ (*session)->security_parameters.max_record_recv_size =
+ DEFAULT_MAX_RECORD_SIZE;
+ (*session)->security_parameters.max_record_send_size =
+ DEFAULT_MAX_RECORD_SIZE;
- /* everything else not initialized here is initialized
- * as NULL or 0. This is why calloc is used.
- */
+ /* everything else not initialized here is initialized
+ * as NULL or 0. This is why calloc is used.
+ */
- _gnutls_handshake_internal_state_init (*session);
+ _gnutls_handshake_internal_state_init(*session);
- /* emulate old gnutls behavior for old applications that do not use the priority_*
- * functions.
- */
- (*session)->internals.priorities.sr = SR_PARTIAL;
+ /* emulate old gnutls behavior for old applications that do not use the priority_*
+ * functions.
+ */
+ (*session)->internals.priorities.sr = SR_PARTIAL;
#ifdef HAVE_WRITEV
- gnutls_transport_set_vec_push_function (*session, system_writev);
+ gnutls_transport_set_vec_push_function(*session, system_writev);
#else
- gnutls_transport_set_push_function (*session, system_write);
+ gnutls_transport_set_push_function(*session, system_write);
#endif
- gnutls_transport_set_pull_function (*session, system_read);
- gnutls_transport_set_errno_function (*session, system_errno);
- gnutls_transport_set_pull_timeout_function (*session, system_recv_timeout);
-
- (*session)->internals.hb_retrans_timeout_ms = 1000;
- (*session)->internals.hb_total_timeout_ms = 60000;
-
- if (flags & GNUTLS_DATAGRAM)
- {
- (*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
- (*session)->internals.transport = GNUTLS_DGRAM;
-
- (*session)->internals.dtls.retrans_timeout_ms = 1000;
- (*session)->internals.dtls.total_timeout_ms = 60000;
- }
- else
- (*session)->internals.transport = GNUTLS_STREAM;
-
- if (flags & GNUTLS_NONBLOCK)
- (*session)->internals.dtls.blocking = 0;
- else
- (*session)->internals.dtls.blocking = 1;
-
- /* Enable useful extensions */
- if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS))
- {
- gnutls_session_ticket_enable_client(*session);
- gnutls_ocsp_status_request_enable_client(*session, NULL, 0, NULL);
- }
-
- if (flags & GNUTLS_NO_REPLAY_PROTECTION)
- (*session)->internals.no_replay_protection = 1;
-
- return 0;
+ gnutls_transport_set_pull_function(*session, system_read);
+ gnutls_transport_set_errno_function(*session, system_errno);
+ gnutls_transport_set_pull_timeout_function(*session,
+ system_recv_timeout);
+
+ (*session)->internals.hb_retrans_timeout_ms = 1000;
+ (*session)->internals.hb_total_timeout_ms = 60000;
+
+ if (flags & GNUTLS_DATAGRAM) {
+ (*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
+ (*session)->internals.transport = GNUTLS_DGRAM;
+
+ (*session)->internals.dtls.retrans_timeout_ms = 1000;
+ (*session)->internals.dtls.total_timeout_ms = 60000;
+ } else
+ (*session)->internals.transport = GNUTLS_STREAM;
+
+ if (flags & GNUTLS_NONBLOCK)
+ (*session)->internals.dtls.blocking = 0;
+ else
+ (*session)->internals.dtls.blocking = 1;
+
+ /* Enable useful extensions */
+ if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) {
+ gnutls_session_ticket_enable_client(*session);
+ gnutls_ocsp_status_request_enable_client(*session, NULL, 0,
+ NULL);
+ }
+
+ if (flags & GNUTLS_NO_REPLAY_PROTECTION)
+ (*session)->internals.no_replay_protection = 1;
+
+ return 0;
}
/* returns RESUME_FALSE or RESUME_TRUE.
*/
-int
-_gnutls_session_is_resumable (gnutls_session_t session)
+int _gnutls_session_is_resumable(gnutls_session_t session)
{
- return session->internals.resumable;
+ return session->internals.resumable;
}
@@ -429,240 +428,232 @@ _gnutls_session_is_resumable (gnutls_session_t session)
* This function will also remove session data from the session
* database if the session was terminated abnormally.
**/
-void
-gnutls_deinit (gnutls_session_t session)
+void gnutls_deinit(gnutls_session_t session)
{
- unsigned int i;
-
- if (session == NULL)
- return;
-
- _gnutls_rnd_refresh();
-
- /* remove auth info firstly */
- _gnutls_free_auth_info (session);
-
- _gnutls_handshake_internal_state_clear (session);
- _gnutls_handshake_io_buffer_clear (session);
- _gnutls_ext_free_session_data (session);
-
- for (i = 0; i < MAX_EPOCH_INDEX; i++)
- if (session->record_parameters[i] != NULL)
- {
- _gnutls_epoch_free (session, session->record_parameters[i]);
- session->record_parameters[i] = NULL;
- }
-
- _gnutls_buffer_clear (&session->internals.handshake_hash_buffer);
- _gnutls_buffer_clear (&session->internals.hb_remote_data);
- _gnutls_buffer_clear (&session->internals.hb_local_data);
- _gnutls_buffer_clear (&session->internals.record_presend_buffer);
-
- _mbuffer_head_clear (&session->internals.record_buffer);
- _mbuffer_head_clear (&session->internals.record_recv_buffer);
- _mbuffer_head_clear (&session->internals.record_send_buffer);
-
- gnutls_credentials_clear (session);
- _gnutls_selected_certs_deinit (session);
-
- gnutls_pk_params_release(&session->key.ecdh_params);
- _gnutls_mpi_release (&session->key.ecdh_x);
- _gnutls_mpi_release (&session->key.ecdh_y);
-
- _gnutls_mpi_release (&session->key.KEY);
- _gnutls_mpi_release (&session->key.client_Y);
- _gnutls_mpi_release (&session->key.client_p);
- _gnutls_mpi_release (&session->key.client_g);
-
- _gnutls_mpi_release (&session->key.u);
- _gnutls_mpi_release (&session->key.a);
- _gnutls_mpi_release (&session->key.x);
- _gnutls_mpi_release (&session->key.A);
- _gnutls_mpi_release (&session->key.B);
- _gnutls_mpi_release (&session->key.b);
-
- /* RSA */
- _gnutls_mpi_release (&session->key.rsa[0]);
- _gnutls_mpi_release (&session->key.rsa[1]);
-
- _gnutls_mpi_release (&session->key.dh_secret);
-
- gnutls_free (session);
+ unsigned int i;
+
+ if (session == NULL)
+ return;
+
+ _gnutls_rnd_refresh();
+
+ /* remove auth info firstly */
+ _gnutls_free_auth_info(session);
+
+ _gnutls_handshake_internal_state_clear(session);
+ _gnutls_handshake_io_buffer_clear(session);
+ _gnutls_ext_free_session_data(session);
+
+ for (i = 0; i < MAX_EPOCH_INDEX; i++)
+ if (session->record_parameters[i] != NULL) {
+ _gnutls_epoch_free(session,
+ session->record_parameters[i]);
+ session->record_parameters[i] = NULL;
+ }
+
+ _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
+ _gnutls_buffer_clear(&session->internals.hb_remote_data);
+ _gnutls_buffer_clear(&session->internals.hb_local_data);
+ _gnutls_buffer_clear(&session->internals.record_presend_buffer);
+
+ _mbuffer_head_clear(&session->internals.record_buffer);
+ _mbuffer_head_clear(&session->internals.record_recv_buffer);
+ _mbuffer_head_clear(&session->internals.record_send_buffer);
+
+ gnutls_credentials_clear(session);
+ _gnutls_selected_certs_deinit(session);
+
+ gnutls_pk_params_release(&session->key.ecdh_params);
+ _gnutls_mpi_release(&session->key.ecdh_x);
+ _gnutls_mpi_release(&session->key.ecdh_y);
+
+ _gnutls_mpi_release(&session->key.KEY);
+ _gnutls_mpi_release(&session->key.client_Y);
+ _gnutls_mpi_release(&session->key.client_p);
+ _gnutls_mpi_release(&session->key.client_g);
+
+ _gnutls_mpi_release(&session->key.u);
+ _gnutls_mpi_release(&session->key.a);
+ _gnutls_mpi_release(&session->key.x);
+ _gnutls_mpi_release(&session->key.A);
+ _gnutls_mpi_release(&session->key.B);
+ _gnutls_mpi_release(&session->key.b);
+
+ /* RSA */
+ _gnutls_mpi_release(&session->key.rsa[0]);
+ _gnutls_mpi_release(&session->key.rsa[1]);
+
+ _gnutls_mpi_release(&session->key.dh_secret);
+
+ gnutls_free(session);
}
/* Returns the minimum prime bits that are acceptable.
*/
-int
-_gnutls_dh_set_peer_public (gnutls_session_t session, bigint_t public)
+int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public)
{
- dh_info_st *dh;
- int ret;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (dh->public_key.data)
- _gnutls_free_datum (&dh->public_key);
-
- ret = _gnutls_mpi_dprint_lz (public, &dh->public_key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ dh_info_st *dh;
+ int ret;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (dh->public_key.data)
+ _gnutls_free_datum(&dh->public_key);
+
+ ret = _gnutls_mpi_dprint_lz(public, &dh->public_key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
-int
-_gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits)
+int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits)
{
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- info->dh.secret_bits = bits;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- info->dh.secret_bits = bits;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- info->dh.secret_bits = bits;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- }
-
- return 0;
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ info->dh.secret_bits = bits;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ info->dh.secret_bits = bits;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ info->dh.secret_bits = bits;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+
+ return 0;
}
/* Sets the prime and the generator in the auth info structure.
*/
int
-_gnutls_dh_set_group (gnutls_session_t session, bigint_t gen, bigint_t prime)
+_gnutls_dh_set_group(gnutls_session_t session, bigint_t gen,
+ bigint_t prime)
{
- dh_info_st *dh;
- int ret;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (dh->prime.data)
- _gnutls_free_datum (&dh->prime);
-
- if (dh->generator.data)
- _gnutls_free_datum (&dh->generator);
-
- /* prime
- */
- ret = _gnutls_mpi_dprint_lz (prime, &dh->prime);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* generator
- */
- ret = _gnutls_mpi_dprint_lz (gen, &dh->generator);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&dh->prime);
- return ret;
- }
-
- return 0;
+ dh_info_st *dh;
+ int ret;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (dh->prime.data)
+ _gnutls_free_datum(&dh->prime);
+
+ if (dh->generator.data)
+ _gnutls_free_datum(&dh->generator);
+
+ /* prime
+ */
+ ret = _gnutls_mpi_dprint_lz(prime, &dh->prime);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* generator
+ */
+ ret = _gnutls_mpi_dprint_lz(gen, &dh->generator);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&dh->prime);
+ return ret;
+ }
+
+ return 0;
}
#ifdef ENABLE_OPENPGP
@@ -677,10 +668,10 @@ _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen, bigint_t prime)
* that the server can obtain the client's key.
**/
void
-gnutls_openpgp_send_cert (gnutls_session_t session,
- gnutls_openpgp_crt_status_t status)
+gnutls_openpgp_send_cert(gnutls_session_t session,
+ gnutls_openpgp_crt_status_t status)
{
- session->internals.pgp_fingerprint = status;
+ session->internals.pgp_fingerprint = status;
}
#endif
@@ -699,17 +690,16 @@ gnutls_openpgp_send_cert (gnutls_session_t session,
* methods other than certificate with X.509 certificates.
**/
void
-gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
- int status)
+gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
+ int status)
{
- session->internals.ignore_rdn_sequence = status;
+ session->internals.ignore_rdn_sequence = status;
}
#ifdef ENABLE_OPENPGP
-int
-_gnutls_openpgp_send_fingerprint (gnutls_session_t session)
+int _gnutls_openpgp_send_fingerprint(gnutls_session_t session)
{
- return session->internals.pgp_fingerprint;
+ return session->internals.pgp_fingerprint;
}
#endif
@@ -724,11 +714,12 @@ _gnutls_openpgp_send_fingerprint (gnutls_session_t session)
* that know TLS internals and want to debug other implementations.
-*/
void
-_gnutls_record_set_default_version (gnutls_session_t session,
- unsigned char major, unsigned char minor)
+_gnutls_record_set_default_version(gnutls_session_t session,
+ unsigned char major,
+ unsigned char minor)
{
- session->internals.default_record_version[0] = major;
- session->internals.default_record_version[1] = minor;
+ session->internals.default_record_version[0] = major;
+ session->internals.default_record_version[1] = minor;
}
/**
@@ -747,23 +738,26 @@ _gnutls_record_set_default_version (gnutls_session_t session,
* gnutls servers and clients may cause interoperability problems.
**/
void
-gnutls_handshake_set_private_extensions (gnutls_session_t session, int allow)
+gnutls_handshake_set_private_extensions(gnutls_session_t session,
+ int allow)
{
- session->internals.enable_private = allow;
+ session->internals.enable_private = allow;
}
inline static int
-_gnutls_cal_PRF_A (const mac_entry_st* me,
- const void *secret, int secret_size,
- const void *seed, int seed_size, void *result)
+_gnutls_cal_PRF_A(const mac_entry_st * me,
+ const void *secret, int secret_size,
+ const void *seed, int seed_size, void *result)
{
- int ret;
+ int ret;
- ret = _gnutls_mac_fast (me->id, secret, secret_size, seed, seed_size, result);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_mac_fast(me->id, secret, secret_size, seed, seed_size,
+ result);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- return 0;
+ return 0;
}
#define MAX_SEED_SIZE 200
@@ -772,81 +766,71 @@ _gnutls_cal_PRF_A (const mac_entry_st* me,
* (used in the PRF function)
*/
static int
-P_hash (gnutls_mac_algorithm_t algorithm,
- const uint8_t * secret, int secret_size,
- const uint8_t * seed, int seed_size,
- int total_bytes, uint8_t * ret)
+P_hash(gnutls_mac_algorithm_t algorithm,
+ const uint8_t * secret, int secret_size,
+ const uint8_t * seed, int seed_size, int total_bytes, uint8_t * ret)
{
- mac_hd_st td2;
- int i, times, how, blocksize, A_size;
- uint8_t final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
- int output_bytes, result;
- const mac_entry_st* me = mac_to_entry(algorithm);
-
- if (seed_size > MAX_SEED_SIZE || total_bytes <= 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- blocksize = _gnutls_mac_get_algo_len (me);
-
- output_bytes = 0;
- do
- {
- output_bytes += blocksize;
- }
- while (output_bytes < total_bytes);
-
- /* calculate A(0) */
-
- memcpy (Atmp, seed, seed_size);
- A_size = seed_size;
-
- times = output_bytes / blocksize;
-
- for (i = 0; i < times; i++)
- {
- result = _gnutls_mac_init (&td2, me, secret, secret_size);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* here we calculate A(i+1) */
- if ((result =
- _gnutls_cal_PRF_A (me, secret, secret_size, Atmp,
- A_size, Atmp)) < 0)
- {
- gnutls_assert ();
- _gnutls_mac_deinit (&td2, final);
- return result;
- }
-
- A_size = blocksize;
-
- _gnutls_mac (&td2, Atmp, A_size);
- _gnutls_mac (&td2, seed, seed_size);
- _gnutls_mac_deinit (&td2, final);
-
- if ((1 + i) * blocksize < total_bytes)
- {
- how = blocksize;
- }
- else
- {
- how = total_bytes - (i) * blocksize;
- }
-
- if (how > 0)
- {
- memcpy (&ret[i * blocksize], final, how);
- }
- }
-
- return 0;
+ mac_hd_st td2;
+ int i, times, how, blocksize, A_size;
+ uint8_t final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
+ int output_bytes, result;
+ const mac_entry_st *me = mac_to_entry(algorithm);
+
+ if (seed_size > MAX_SEED_SIZE || total_bytes <= 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ blocksize = _gnutls_mac_get_algo_len(me);
+
+ output_bytes = 0;
+ do {
+ output_bytes += blocksize;
+ }
+ while (output_bytes < total_bytes);
+
+ /* calculate A(0) */
+
+ memcpy(Atmp, seed, seed_size);
+ A_size = seed_size;
+
+ times = output_bytes / blocksize;
+
+ for (i = 0; i < times; i++) {
+ result = _gnutls_mac_init(&td2, me, secret, secret_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* here we calculate A(i+1) */
+ if ((result =
+ _gnutls_cal_PRF_A(me, secret, secret_size, Atmp,
+ A_size, Atmp)) < 0) {
+ gnutls_assert();
+ _gnutls_mac_deinit(&td2, final);
+ return result;
+ }
+
+ A_size = blocksize;
+
+ _gnutls_mac(&td2, Atmp, A_size);
+ _gnutls_mac(&td2, seed, seed_size);
+ _gnutls_mac_deinit(&td2, final);
+
+ if ((1 + i) * blocksize < total_bytes) {
+ how = blocksize;
+ } else {
+ how = total_bytes - (i) * blocksize;
+ }
+
+ if (how > 0) {
+ memcpy(&ret[i * blocksize], final, how);
+ }
+ }
+
+ return 0;
}
#define MAX_PRF_BYTES 200
@@ -856,83 +840,75 @@ P_hash (gnutls_mac_algorithm_t algorithm,
* available.
*/
int
-_gnutls_PRF (gnutls_session_t session,
- const uint8_t * secret, unsigned int secret_size, const char *label,
- int label_size, const uint8_t * seed, int seed_size,
- int total_bytes, void *ret)
+_gnutls_PRF(gnutls_session_t session,
+ const uint8_t * secret, unsigned int secret_size,
+ const char *label, int label_size, const uint8_t * seed,
+ int seed_size, int total_bytes, void *ret)
{
- int l_s, s_seed_size;
- const uint8_t *s1, *s2;
- uint8_t s_seed[MAX_SEED_SIZE];
- uint8_t o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES];
- int result;
- const version_entry_st* ver = get_version (session);
-
- if (total_bytes > MAX_PRF_BYTES)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- /* label+seed = s_seed */
- s_seed_size = seed_size + label_size;
-
- if (s_seed_size > MAX_SEED_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- memcpy (s_seed, label, label_size);
- memcpy (&s_seed[label_size], seed, seed_size);
-
- if (_gnutls_version_has_selectable_prf (ver))
- {
- result =
- P_hash (_gnutls_cipher_suite_get_prf(session->security_parameters.cipher_suite),
- secret, secret_size,
- s_seed, s_seed_size, total_bytes, ret);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
- else
- {
- l_s = secret_size / 2;
-
- s1 = &secret[0];
- s2 = &secret[l_s];
-
- if (secret_size % 2 != 0)
- {
- l_s++;
- }
-
- result =
- P_hash (GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size,
- total_bytes, o1);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- P_hash (GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size,
- total_bytes, o2);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- memxor (o1, o2, total_bytes);
-
- memcpy (ret, o1, total_bytes);
- }
-
- return 0; /* ok */
+ int l_s, s_seed_size;
+ const uint8_t *s1, *s2;
+ uint8_t s_seed[MAX_SEED_SIZE];
+ uint8_t o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES];
+ int result;
+ const version_entry_st *ver = get_version(session);
+
+ if (total_bytes > MAX_PRF_BYTES) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ /* label+seed = s_seed */
+ s_seed_size = seed_size + label_size;
+
+ if (s_seed_size > MAX_SEED_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ memcpy(s_seed, label, label_size);
+ memcpy(&s_seed[label_size], seed, seed_size);
+
+ if (_gnutls_version_has_selectable_prf(ver)) {
+ result =
+ P_hash(_gnutls_cipher_suite_get_prf
+ (session->security_parameters.cipher_suite),
+ secret, secret_size, s_seed, s_seed_size,
+ total_bytes, ret);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ } else {
+ l_s = secret_size / 2;
+
+ s1 = &secret[0];
+ s2 = &secret[l_s];
+
+ if (secret_size % 2 != 0) {
+ l_s++;
+ }
+
+ result =
+ P_hash(GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size,
+ total_bytes, o1);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ P_hash(GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size,
+ total_bytes, o2);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ memxor(o1, o2, total_bytes);
+
+ memcpy(ret, o1, total_bytes);
+ }
+
+ return 0; /* ok */
}
@@ -966,20 +942,22 @@ _gnutls_PRF (gnutls_session_t session,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_prf_raw (gnutls_session_t session,
- size_t label_size,
- const char *label,
- size_t seed_size, const char *seed, size_t outsize, char *out)
+gnutls_prf_raw(gnutls_session_t session,
+ size_t label_size,
+ const char *label,
+ size_t seed_size, const char *seed, size_t outsize,
+ char *out)
{
- int ret;
+ int ret;
- ret = _gnutls_PRF (session,
- session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE,
- label,
- label_size, (uint8_t *) seed, seed_size, outsize, out);
+ ret = _gnutls_PRF(session,
+ session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE,
+ label,
+ label_size, (uint8_t *) seed, seed_size, outsize,
+ out);
- return ret;
+ return ret;
}
/**
@@ -1013,39 +991,42 @@ gnutls_prf_raw (gnutls_session_t session,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_prf (gnutls_session_t session,
- size_t label_size,
- const char *label,
- int server_random_first,
- size_t extra_size, const char *extra, size_t outsize, char *out)
+gnutls_prf(gnutls_session_t session,
+ size_t label_size,
+ const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra, size_t outsize, char *out)
{
- int ret;
- uint8_t *seed;
- size_t seedsize = 2 * GNUTLS_RANDOM_SIZE + extra_size;
-
- seed = gnutls_malloc (seedsize);
- if (!seed)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (seed, server_random_first ?
- session->security_parameters.server_random :
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
- memcpy (seed + GNUTLS_RANDOM_SIZE, server_random_first ?
- session->security_parameters.client_random :
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
-
- memcpy (seed + 2 * GNUTLS_RANDOM_SIZE, extra, extra_size);
-
- ret = _gnutls_PRF (session, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE,
- label, label_size, seed, seedsize, outsize, out);
-
- gnutls_free (seed);
-
- return ret;
+ int ret;
+ uint8_t *seed;
+ size_t seedsize = 2 * GNUTLS_RANDOM_SIZE + extra_size;
+
+ seed = gnutls_malloc(seedsize);
+ if (!seed) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(seed, server_random_first ?
+ session->security_parameters.server_random :
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(seed + GNUTLS_RANDOM_SIZE,
+ server_random_first ? session->security_parameters.
+ client_random : session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ memcpy(seed + 2 * GNUTLS_RANDOM_SIZE, extra, extra_size);
+
+ ret =
+ _gnutls_PRF(session,
+ session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, label, label_size, seed,
+ seedsize, outsize, out);
+
+ gnutls_free(seed);
+
+ return ret;
}
/**
@@ -1057,27 +1038,26 @@ gnutls_prf (gnutls_session_t session,
* Returns: non zero if this session is resumed, or a zero if this is
* a new session.
**/
-int
-gnutls_session_is_resumed (gnutls_session_t session)
+int gnutls_session_is_resumed(gnutls_session_t session)
{
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (session->security_parameters.session_id_size > 0 &&
- session->security_parameters.session_id_size ==
- session->internals.resumed_security_parameters.session_id_size
- && memcmp (session->security_parameters.session_id,
- session->internals.
- resumed_security_parameters.session_id,
- session->security_parameters.session_id_size) == 0)
- return 1;
- }
- else
- {
- if (session->internals.resumed != RESUME_FALSE)
- return 1;
- }
-
- return 0;
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (session->security_parameters.session_id_size > 0 &&
+ session->security_parameters.session_id_size ==
+ session->internals.resumed_security_parameters.
+ session_id_size
+ && memcmp(session->security_parameters.session_id,
+ session->
+ internals.resumed_security_parameters.
+ session_id,
+ session->security_parameters.
+ session_id_size) == 0)
+ return 1;
+ } else {
+ if (session->internals.resumed != RESUME_FALSE)
+ return 1;
+ }
+
+ return 0;
}
/**
@@ -1089,17 +1069,13 @@ gnutls_session_is_resumed (gnutls_session_t session)
*
* Returns: non zero if session resumption was asked, or a zero if not.
**/
-int
-gnutls_session_resumption_requested(gnutls_session_t session)
+int gnutls_session_resumption_requested(gnutls_session_t session)
{
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- return 0;
- }
- else
- {
- return session->internals.resumption_requested;
- }
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ return 0;
+ } else {
+ return session->internals.resumption_requested;
+ }
}
/*-
@@ -1109,19 +1085,17 @@ gnutls_session_resumption_requested(gnutls_session_t session)
* This function will return non zero if this session uses a PSK key
* exchange algorithm.
-*/
-int
-_gnutls_session_is_psk (gnutls_session_t session)
+int _gnutls_session_is_psk(gnutls_session_t session)
{
- gnutls_kx_algorithm_t kx;
+ gnutls_kx_algorithm_t kx;
- kx =
- _gnutls_cipher_suite_get_kx_algo (session->
- security_parameters.cipher_suite);
- if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK
- || kx == GNUTLS_KX_RSA_PSK)
- return 1;
+ kx = _gnutls_cipher_suite_get_kx_algo(session->security_parameters.
+ cipher_suite);
+ if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK
+ || kx == GNUTLS_KX_RSA_PSK)
+ return 1;
- return 0;
+ return 0;
}
/*-
@@ -1131,19 +1105,17 @@ _gnutls_session_is_psk (gnutls_session_t session)
* This function will return non zero if this session uses an elliptic
* curves key exchange exchange algorithm.
-*/
-int
-_gnutls_session_is_ecc (gnutls_session_t session)
+int _gnutls_session_is_ecc(gnutls_session_t session)
{
- gnutls_kx_algorithm_t kx;
+ gnutls_kx_algorithm_t kx;
- /* We get the key exchange algorithm through the ciphersuite because
- * the negotiated key exchange might not have been set yet.
- */
- kx =
- _gnutls_cipher_suite_get_kx_algo (session->
- security_parameters.cipher_suite);
+ /* We get the key exchange algorithm through the ciphersuite because
+ * the negotiated key exchange might not have been set yet.
+ */
+ kx = _gnutls_cipher_suite_get_kx_algo(session->security_parameters.
+ cipher_suite);
- return _gnutls_kx_is_ecc(kx);
+ return _gnutls_kx_is_ecc(kx);
}
/**
@@ -1156,10 +1128,9 @@ _gnutls_session_is_ecc (gnutls_session_t session)
* Returns: the user given pointer from the session structure, or
* %NULL if it was never set.
**/
-void *
-gnutls_session_get_ptr (gnutls_session_t session)
+void *gnutls_session_get_ptr(gnutls_session_t session)
{
- return session->internals.user_ptr;
+ return session->internals.user_ptr;
}
/**
@@ -1171,10 +1142,9 @@ gnutls_session_get_ptr (gnutls_session_t session)
* the session structure. This pointer can be accessed with
* gnutls_session_get_ptr().
**/
-void
-gnutls_session_set_ptr (gnutls_session_t session, void *ptr)
+void gnutls_session_set_ptr(gnutls_session_t session, void *ptr)
{
- session->internals.user_ptr = ptr;
+ session->internals.user_ptr = ptr;
}
@@ -1195,10 +1165,9 @@ gnutls_session_set_ptr (gnutls_session_t session, void *ptr)
*
* Returns: 0 if trying to read data, 1 if trying to write data.
**/
-int
-gnutls_record_get_direction (gnutls_session_t session)
+int gnutls_record_get_direction(gnutls_session_t session)
{
- return session->internals.direction;
+ return session->internals.direction;
}
/*-
@@ -1212,11 +1181,11 @@ gnutls_record_get_direction (gnutls_session_t session)
* test server's capabilities.
-*/
void
-_gnutls_rsa_pms_set_version (gnutls_session_t session,
- unsigned char major, unsigned char minor)
+_gnutls_rsa_pms_set_version(gnutls_session_t session,
+ unsigned char major, unsigned char minor)
{
- session->internals.rsa_pms_version[0] = major;
- session->internals.rsa_pms_version[1] = minor;
+ session->internals.rsa_pms_version[0] = major;
+ session->internals.rsa_pms_version[1] = minor;
}
/**
@@ -1241,11 +1210,11 @@ _gnutls_rsa_pms_set_version (gnutls_session_t session,
* there is a man-in-the-middle attack being performed.
**/
void
-gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
- gnutls_handshake_post_client_hello_func
- func)
+gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
+ gnutls_handshake_post_client_hello_func
+ func)
{
- session->internals.user_hello_func = func;
+ session->internals.user_hello_func = func;
}
@@ -1264,10 +1233,9 @@ gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
* Note that this function must be called after any call to gnutls_priority
* functions.
**/
-void
-gnutls_session_enable_compatibility_mode (gnutls_session_t session)
+void gnutls_session_enable_compatibility_mode(gnutls_session_t session)
{
- ENABLE_COMPAT(&session->internals.priorities);
+ ENABLE_COMPAT(&session->internals.priorities);
}
/**
@@ -1287,24 +1255,24 @@ gnutls_session_enable_compatibility_mode (gnutls_session_t session)
* Since: 2.12.0
**/
int
-gnutls_session_channel_binding (gnutls_session_t session,
- gnutls_channel_binding_t cbtype,
- gnutls_datum_t * cb)
+gnutls_session_channel_binding(gnutls_session_t session,
+ gnutls_channel_binding_t cbtype,
+ gnutls_datum_t * cb)
{
- if (cbtype != GNUTLS_CB_TLS_UNIQUE)
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ if (cbtype != GNUTLS_CB_TLS_UNIQUE)
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- if (!session->internals.initial_negotiation_completed)
- return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
+ if (!session->internals.initial_negotiation_completed)
+ return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
- cb->size = session->internals.cb_tls_unique_len;
- cb->data = gnutls_malloc (cb->size);
- if (cb->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ cb->size = session->internals.cb_tls_unique_len;
+ cb->data = gnutls_malloc(cb->size);
+ if (cb->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- memcpy (cb->data, session->internals.cb_tls_unique, cb->size);
+ memcpy(cb->data, session->internals.cb_tls_unique, cb->size);
- return 0;
+ return 0;
}
/**
@@ -1321,7 +1289,7 @@ gnutls_session_channel_binding (gnutls_session_t session,
**/
gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session)
{
- return _gnutls_session_ecc_curve_get(session);
+ return _gnutls_session_ecc_curve_get(session);
}
/**
@@ -1332,10 +1300,9 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session)
*
* Returns: The version of the currently used protocol.
**/
-gnutls_protocol_t
-gnutls_protocol_get_version (gnutls_session_t session)
+gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session)
{
- return get_num_version(session);
+ return get_num_version(session);
}
/**
@@ -1354,26 +1321,26 @@ gnutls_protocol_get_version (gnutls_session_t session)
* Since: 3.0
**/
void
-gnutls_session_get_random (gnutls_session_t session, gnutls_datum_t* client, gnutls_datum_t* server)
+gnutls_session_get_random(gnutls_session_t session,
+ gnutls_datum_t * client, gnutls_datum_t * server)
{
- if (client)
- {
- client->data = session->security_parameters.client_random;
- client->size = sizeof(session->security_parameters.client_random);
- }
-
- if (server)
- {
- server->data = session->security_parameters.server_random;
- server->size = sizeof(session->security_parameters.server_random);
- }
+ if (client) {
+ client->data = session->security_parameters.client_random;
+ client->size =
+ sizeof(session->security_parameters.client_random);
+ }
+
+ if (server) {
+ server->data = session->security_parameters.server_random;
+ server->size =
+ sizeof(session->security_parameters.server_random);
+ }
}
-unsigned int
-timespec_sub_ms (struct timespec *a, struct timespec *b)
+unsigned int timespec_sub_ms(struct timespec *a, struct timespec *b)
{
- return (a->tv_sec * 1000 + a->tv_nsec / (1000 * 1000) -
- (b->tv_sec * 1000 + b->tv_nsec / (1000 * 1000)));
+ return (a->tv_sec * 1000 + a->tv_nsec / (1000 * 1000) -
+ (b->tv_sec * 1000 + b->tv_nsec / (1000 * 1000)));
}
/**
@@ -1395,18 +1362,21 @@ timespec_sub_ms (struct timespec *a, struct timespec *b)
* Since 3.1.9
**/
int
-gnutls_handshake_set_random (gnutls_session_t session, const gnutls_datum_t* random)
+gnutls_handshake_set_random(gnutls_session_t session,
+ const gnutls_datum_t * random)
{
- if (random->size != GNUTLS_RANDOM_SIZE)
- return GNUTLS_E_INVALID_REQUEST;
-
- session->internals.sc_random_set = 1;
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- memcpy(session->internals.resumed_security_parameters.client_random, random->data, random->size);
- else
- memcpy(session->internals.resumed_security_parameters.server_random, random->data, random->size);
-
- return 0;
+ if (random->size != GNUTLS_RANDOM_SIZE)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ session->internals.sc_random_set = 1;
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ memcpy(session->internals.resumed_security_parameters.
+ client_random, random->data, random->size);
+ else
+ memcpy(session->internals.resumed_security_parameters.
+ server_random, random->data, random->size);
+
+ return 0;
}
/**
@@ -1437,13 +1407,12 @@ gnutls_handshake_set_random (gnutls_session_t session, const gnutls_datum_t* ran
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
void
-gnutls_handshake_set_hook_function (gnutls_session_t session,
- unsigned int htype,
- int post,
- gnutls_handshake_hook_func func)
+gnutls_handshake_set_hook_function(gnutls_session_t session,
+ unsigned int htype,
+ int post,
+ gnutls_handshake_hook_func func)
{
- session->internals.h_hook = func;
- session->internals.h_type = htype;
- session->internals.h_post = post;
+ session->internals.h_hook = func;
+ session->internals.h_type = htype;
+ session->internals.h_post = post;
}
-
diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h
index edacde3e2a..89d40e037e 100644
--- a/lib/gnutls_state.h
+++ b/lib/gnutls_state.h
@@ -25,23 +25,25 @@
#include <gnutls_int.h>
-void _gnutls_session_cert_type_set (gnutls_session_t session,
- gnutls_certificate_type_t);
+void _gnutls_session_cert_type_set(gnutls_session_t session,
+ gnutls_certificate_type_t);
-inline static gnutls_ecc_curve_t _gnutls_session_ecc_curve_get(gnutls_session_t session)
+inline static gnutls_ecc_curve_t
+_gnutls_session_ecc_curve_get(gnutls_session_t session)
{
- return session->security_parameters.ecc_curve;
+ return session->security_parameters.ecc_curve;
}
-int _gnutls_session_is_ecc (gnutls_session_t session);
+int _gnutls_session_is_ecc(gnutls_session_t session);
void
-_gnutls_session_ecc_curve_set (gnutls_session_t session,
- gnutls_ecc_curve_t c);
+_gnutls_session_ecc_curve_set(gnutls_session_t session,
+ gnutls_ecc_curve_t c);
void
-_gnutls_record_set_default_version (gnutls_session_t session,
- unsigned char major, unsigned char minor);
+_gnutls_record_set_default_version(gnutls_session_t session,
+ unsigned char major,
+ unsigned char minor);
#include <gnutls_auth.h>
@@ -52,36 +54,36 @@ _gnutls_record_set_default_version (gnutls_session_t session,
#endif
-int _gnutls_session_cert_type_supported (gnutls_session_t,
- gnutls_certificate_type_t);
-int _gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits);
+int _gnutls_session_cert_type_supported(gnutls_session_t,
+ gnutls_certificate_type_t);
+int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits);
-int _gnutls_dh_set_peer_public (gnutls_session_t session, bigint_t public);
-int _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen,
- bigint_t prime);
+int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public);
+int _gnutls_dh_set_group(gnutls_session_t session, bigint_t gen,
+ bigint_t prime);
-static inline int
-_gnutls_dh_get_min_prime_bits (gnutls_session_t session)
+static inline int _gnutls_dh_get_min_prime_bits(gnutls_session_t session)
{
- if (session->internals.priorities.dh_prime_bits != 0)
- return session->internals.priorities.dh_prime_bits;
- else
- return gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, session->internals.priorities.level);
+ if (session->internals.priorities.dh_prime_bits != 0)
+ return session->internals.priorities.dh_prime_bits;
+ else
+ return gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ session->internals.
+ priorities.level);
}
-void _gnutls_handshake_internal_state_clear (gnutls_session_t);
+void _gnutls_handshake_internal_state_clear(gnutls_session_t);
-int _gnutls_session_is_resumable (gnutls_session_t session);
+int _gnutls_session_is_resumable(gnutls_session_t session);
-int _gnutls_session_is_psk (gnutls_session_t session);
+int _gnutls_session_is_psk(gnutls_session_t session);
-int _gnutls_openpgp_send_fingerprint (gnutls_session_t session);
+int _gnutls_openpgp_send_fingerprint(gnutls_session_t session);
-int _gnutls_PRF (gnutls_session_t session,
- const uint8_t * secret, unsigned int secret_size,
- const char *label, int label_size,
- const uint8_t * seed, int seed_size,
- int total_bytes, void *ret);
+int _gnutls_PRF(gnutls_session_t session,
+ const uint8_t * secret, unsigned int secret_size,
+ const char *label, int label_size,
+ const uint8_t * seed, int seed_size,
+ int total_bytes, void *ret);
#define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
-
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index fb7451a0d2..5396c281d3 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -34,191 +34,172 @@
*
* They should be used only with null terminated strings.
*/
-void
-_gnutls_str_cat (char *dest, size_t dest_tot_size, const char *src)
+void _gnutls_str_cat(char *dest, size_t dest_tot_size, const char *src)
{
- size_t str_size = strlen (src);
- size_t dest_size = strlen (dest);
+ size_t str_size = strlen(src);
+ size_t dest_size = strlen(dest);
- if (dest_tot_size - dest_size > str_size)
- {
- strcat (dest, src);
- }
- else
- {
- if (dest_tot_size - dest_size > 0)
- {
- strncat (dest, src, (dest_tot_size - dest_size) - 1);
- dest[dest_tot_size - 1] = 0;
- }
- }
+ if (dest_tot_size - dest_size > str_size) {
+ strcat(dest, src);
+ } else {
+ if (dest_tot_size - dest_size > 0) {
+ strncat(dest, src,
+ (dest_tot_size - dest_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
+ }
}
-void
-_gnutls_str_cpy (char *dest, size_t dest_tot_size, const char *src)
+void _gnutls_str_cpy(char *dest, size_t dest_tot_size, const char *src)
{
- size_t str_size = strlen (src);
+ size_t str_size = strlen(src);
- if (dest_tot_size > str_size)
- {
- strcpy (dest, src);
- }
- else
- {
- if (dest_tot_size > 0)
- {
- strncpy (dest, src, (dest_tot_size) - 1);
- dest[dest_tot_size - 1] = 0;
- }
- }
+ if (dest_tot_size > str_size) {
+ strcpy(dest, src);
+ } else {
+ if (dest_tot_size > 0) {
+ strncpy(dest, src, (dest_tot_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
+ }
}
void
-_gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
- size_t src_size)
+_gnutls_mem_cpy(char *dest, size_t dest_tot_size, const char *src,
+ size_t src_size)
{
- if (dest_tot_size >= src_size)
- {
- memcpy (dest, src, src_size);
- }
- else
- {
- if (dest_tot_size > 0)
- {
- memcpy (dest, src, dest_tot_size);
- }
- }
+ if (dest_tot_size >= src_size) {
+ memcpy(dest, src, src_size);
+ } else {
+ if (dest_tot_size > 0) {
+ memcpy(dest, src, dest_tot_size);
+ }
+ }
}
-void
-_gnutls_buffer_init (gnutls_buffer_st * str)
+void _gnutls_buffer_init(gnutls_buffer_st * str)
{
- str->data = str->allocd = NULL;
- str->max_length = 0;
- str->length = 0;
+ str->data = str->allocd = NULL;
+ str->max_length = 0;
+ str->length = 0;
}
-void _gnutls_buffer_replace_data( gnutls_buffer_st * buf, gnutls_datum_t * data)
+void _gnutls_buffer_replace_data(gnutls_buffer_st * buf,
+ gnutls_datum_t * data)
{
- gnutls_free(buf->allocd);
- buf->allocd = buf->data = data->data;
- buf->max_length = buf->length = data->size;
+ gnutls_free(buf->allocd);
+ buf->allocd = buf->data = data->data;
+ buf->max_length = buf->length = data->size;
}
-void
-_gnutls_buffer_clear (gnutls_buffer_st * str)
+void _gnutls_buffer_clear(gnutls_buffer_st * str)
{
- if (str == NULL || str->allocd == NULL)
- return;
- gnutls_free (str->allocd);
+ if (str == NULL || str->allocd == NULL)
+ return;
+ gnutls_free(str->allocd);
- str->data = str->allocd = NULL;
- str->max_length = 0;
- str->length = 0;
+ str->data = str->allocd = NULL;
+ str->max_length = 0;
+ str->length = 0;
}
#define MIN_CHUNK 1024
int
-_gnutls_buffer_append_data (gnutls_buffer_st * dest, const void *data,
- size_t data_size)
-{
- size_t tot_len = data_size + dest->length;
-
- if (data_size == 0) return 0;
-
- if (dest->max_length >= tot_len)
- {
- size_t unused = MEMSUB (dest->data, dest->allocd);
-
- if (dest->max_length - unused <= tot_len)
- {
- if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
-
- dest->data = dest->allocd;
- }
- memmove (&dest->data[dest->length], data, data_size);
- dest->length = tot_len;
-
- return tot_len;
- }
- else
- {
- size_t unused = MEMSUB (dest->data, dest->allocd);
- size_t new_len =
- MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
-
- dest->allocd = gnutls_realloc_fast (dest->allocd, new_len);
- if (dest->allocd == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- dest->max_length = new_len;
- dest->data = dest->allocd + unused;
-
- if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
- dest->data = dest->allocd;
-
- memcpy (&dest->data[dest->length], data, data_size);
- dest->length = tot_len;
-
- return tot_len;
- }
-}
-
-int
-_gnutls_buffer_resize (gnutls_buffer_st * dest, size_t new_size)
-{
- if (dest->max_length >= new_size)
- {
- size_t unused = MEMSUB (dest->data, dest->allocd);
- if (dest->max_length - unused <= new_size)
- {
- if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
- dest->data = dest->allocd;
- }
-
- return 0;
- }
- else
- {
- size_t unused = MEMSUB (dest->data, dest->allocd);
- size_t alloc_len =
- MAX (new_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
-
- dest->allocd = gnutls_realloc_fast (dest->allocd, alloc_len);
- if (dest->allocd == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- dest->max_length = alloc_len;
- dest->data = dest->allocd + unused;
-
- if (dest->length && dest->data)
- memmove (dest->allocd, dest->data, dest->length);
- dest->data = dest->allocd;
-
- return 0;
- }
+_gnutls_buffer_append_data(gnutls_buffer_st * dest, const void *data,
+ size_t data_size)
+{
+ size_t tot_len = data_size + dest->length;
+
+ if (data_size == 0)
+ return 0;
+
+ if (dest->max_length >= tot_len) {
+ size_t unused = MEMSUB(dest->data, dest->allocd);
+
+ if (dest->max_length - unused <= tot_len) {
+ if (dest->length && dest->data)
+ memmove(dest->allocd, dest->data,
+ dest->length);
+
+ dest->data = dest->allocd;
+ }
+ memmove(&dest->data[dest->length], data, data_size);
+ dest->length = tot_len;
+
+ return tot_len;
+ } else {
+ size_t unused = MEMSUB(dest->data, dest->allocd);
+ size_t new_len =
+ MAX(data_size, MIN_CHUNK) + MAX(dest->max_length,
+ MIN_CHUNK);
+
+ dest->allocd = gnutls_realloc_fast(dest->allocd, new_len);
+ if (dest->allocd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ dest->max_length = new_len;
+ dest->data = dest->allocd + unused;
+
+ if (dest->length && dest->data)
+ memmove(dest->allocd, dest->data, dest->length);
+ dest->data = dest->allocd;
+
+ memcpy(&dest->data[dest->length], data, data_size);
+ dest->length = tot_len;
+
+ return tot_len;
+ }
+}
+
+int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
+{
+ if (dest->max_length >= new_size) {
+ size_t unused = MEMSUB(dest->data, dest->allocd);
+ if (dest->max_length - unused <= new_size) {
+ if (dest->length && dest->data)
+ memmove(dest->allocd, dest->data,
+ dest->length);
+ dest->data = dest->allocd;
+ }
+
+ return 0;
+ } else {
+ size_t unused = MEMSUB(dest->data, dest->allocd);
+ size_t alloc_len =
+ MAX(new_size, MIN_CHUNK) + MAX(dest->max_length,
+ MIN_CHUNK);
+
+ dest->allocd =
+ gnutls_realloc_fast(dest->allocd, alloc_len);
+ if (dest->allocd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ dest->max_length = alloc_len;
+ dest->data = dest->allocd + unused;
+
+ if (dest->length && dest->data)
+ memmove(dest->allocd, dest->data, dest->length);
+ dest->data = dest->allocd;
+
+ return 0;
+ }
}
/* Appends the provided string. The null termination byte is appended
* but not included in length.
*/
-int
-_gnutls_buffer_append_str (gnutls_buffer_st * dest, const char *src)
+int _gnutls_buffer_append_str(gnutls_buffer_st * dest, const char *src)
{
-int ret;
- ret = _gnutls_buffer_append_data (dest, src, strlen (src) + 1);
- if (ret >= 0) dest->length--;
-
- return ret;
+ int ret;
+ ret = _gnutls_buffer_append_data(dest, src, strlen(src) + 1);
+ if (ret >= 0)
+ dest->length--;
+
+ return ret;
}
/* returns data from a string in a constant buffer.
@@ -226,214 +207,204 @@ int ret;
* data are appended in the buffer.
*/
void
-_gnutls_buffer_pop_datum (gnutls_buffer_st * str, gnutls_datum_t * data,
- size_t req_size)
+_gnutls_buffer_pop_datum(gnutls_buffer_st * str, gnutls_datum_t * data,
+ size_t req_size)
{
- if (str->length == 0)
- {
- data->data = NULL;
- data->size = 0;
- return;
- }
+ if (str->length == 0) {
+ data->data = NULL;
+ data->size = 0;
+ return;
+ }
- if (req_size > str->length)
- req_size = str->length;
+ if (req_size > str->length)
+ req_size = str->length;
- data->data = str->data;
- data->size = req_size;
+ data->data = str->data;
+ data->size = req_size;
- str->data += req_size;
- str->length -= req_size;
+ str->data += req_size;
+ str->length -= req_size;
- /* if string becomes empty start from begining */
- if (str->length == 0)
- {
- str->data = str->allocd;
- }
+ /* if string becomes empty start from begining */
+ if (str->length == 0) {
+ str->data = str->allocd;
+ }
- return;
+ return;
}
/* converts the buffer to a datum if possible. After this call
* (failed or not) the buffer should be considered deinitialized.
*/
-int
-_gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data)
-{
-
- if (str->length == 0)
- {
- data->data = NULL;
- data->size = 0;
- _gnutls_buffer_clear (str);
- return 0;
- }
-
- if (str->allocd != str->data)
- {
- data->data = gnutls_malloc (str->length);
- if (data->data == NULL)
- {
- gnutls_assert ();
- _gnutls_buffer_clear (str);
- return GNUTLS_E_MEMORY_ERROR;
- }
- memcpy (data->data, str->data, str->length);
- data->size = str->length;
- _gnutls_buffer_clear (str);
- }
- else
- {
- data->data = str->data;
- data->size = str->length;
- _gnutls_buffer_init(str);
- }
-
- return 0;
+int _gnutls_buffer_to_datum(gnutls_buffer_st * str, gnutls_datum_t * data)
+{
+
+ if (str->length == 0) {
+ data->data = NULL;
+ data->size = 0;
+ _gnutls_buffer_clear(str);
+ return 0;
+ }
+
+ if (str->allocd != str->data) {
+ data->data = gnutls_malloc(str->length);
+ if (data->data == NULL) {
+ gnutls_assert();
+ _gnutls_buffer_clear(str);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memcpy(data->data, str->data, str->length);
+ data->size = str->length;
+ _gnutls_buffer_clear(str);
+ } else {
+ data->data = str->data;
+ data->size = str->length;
+ _gnutls_buffer_init(str);
+ }
+
+ return 0;
}
/* returns data from a string in a constant buffer.
*/
void
-_gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data,
- size_t * req_size)
+_gnutls_buffer_pop_data(gnutls_buffer_st * str, void *data,
+ size_t * req_size)
{
- gnutls_datum_t tdata;
+ gnutls_datum_t tdata;
- _gnutls_buffer_pop_datum (str, &tdata, *req_size);
- if (tdata.data == NULL)
- {
- *req_size = 0;
- return;
- }
+ _gnutls_buffer_pop_datum(str, &tdata, *req_size);
+ if (tdata.data == NULL) {
+ *req_size = 0;
+ return;
+ }
- *req_size = tdata.size;
- memcpy (data, tdata.data, tdata.size);
+ *req_size = tdata.size;
+ memcpy(data, tdata.data, tdata.size);
- return;
+ return;
}
int
-_gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, ...)
+_gnutls_buffer_append_printf(gnutls_buffer_st * dest, const char *fmt, ...)
{
- va_list args;
- int len;
- char *str;
+ va_list args;
+ int len;
+ char *str;
- va_start (args, fmt);
- len = vasprintf (&str, fmt, args);
- va_end (args);
+ va_start(args, fmt);
+ len = vasprintf(&str, fmt, args);
+ va_end(args);
- if (len < 0 || !str)
- return -1;
+ if (len < 0 || !str)
+ return -1;
- len = _gnutls_buffer_append_str (dest, str);
+ len = _gnutls_buffer_append_str(dest, str);
- free (str);
+ free(str);
- return len;
+ return len;
}
static int
-_gnutls_buffer_insert_data (gnutls_buffer_st * dest, int pos, const void *str,
- size_t str_size)
+_gnutls_buffer_insert_data(gnutls_buffer_st * dest, int pos,
+ const void *str, size_t str_size)
{
- size_t orig_length = dest->length;
- int ret;
+ size_t orig_length = dest->length;
+ int ret;
- ret = _gnutls_buffer_resize (dest, dest->length + str_size); /* resize to make space */
- if (ret < 0)
- return ret;
+ ret = _gnutls_buffer_resize(dest, dest->length + str_size); /* resize to make space */
+ if (ret < 0)
+ return ret;
- memmove (&dest->data[pos + str_size], &dest->data[pos], orig_length - pos);
+ memmove(&dest->data[pos + str_size], &dest->data[pos],
+ orig_length - pos);
- memcpy (&dest->data[pos], str, str_size);
- dest->length += str_size;
+ memcpy(&dest->data[pos], str, str_size);
+ dest->length += str_size;
- return 0;
+ return 0;
}
static void
-_gnutls_buffer_delete_data (gnutls_buffer_st * dest, int pos, size_t str_size)
+_gnutls_buffer_delete_data(gnutls_buffer_st * dest, int pos,
+ size_t str_size)
{
- memmove (&dest->data[pos], &dest->data[pos + str_size],
- dest->length - pos - str_size);
+ memmove(&dest->data[pos], &dest->data[pos + str_size],
+ dest->length - pos - str_size);
- dest->length -= str_size;
+ dest->length -= str_size;
- return;
+ return;
}
int
-_gnutls_buffer_escape (gnutls_buffer_st * dest, int all,
- const char *const invalid_chars)
+_gnutls_buffer_escape(gnutls_buffer_st * dest, int all,
+ const char *const invalid_chars)
{
- int rv = -1;
- char t[5];
- unsigned int pos = 0;
+ int rv = -1;
+ char t[5];
+ unsigned int pos = 0;
- while (pos < dest->length)
- {
+ while (pos < dest->length) {
- if (all != 0 || (dest->data[pos] == '\\' || strchr (invalid_chars, dest->data[pos])
- || !c_isgraph (dest->data[pos])))
- {
+ if (all != 0
+ || (dest->data[pos] == '\\'
+ || strchr(invalid_chars, dest->data[pos])
+ || !c_isgraph(dest->data[pos]))) {
- snprintf (t, sizeof (t), "%%%.2X", (unsigned int) dest->data[pos]);
+ snprintf(t, sizeof(t), "%%%.2X",
+ (unsigned int) dest->data[pos]);
- _gnutls_buffer_delete_data (dest, pos, 1);
+ _gnutls_buffer_delete_data(dest, pos, 1);
- if (_gnutls_buffer_insert_data (dest, pos, t, 3) < 0)
- {
- rv = -1;
- goto cleanup;
- }
- pos+=3;
- }
- else
- pos++;
- }
+ if (_gnutls_buffer_insert_data(dest, pos, t, 3) <
+ 0) {
+ rv = -1;
+ goto cleanup;
+ }
+ pos += 3;
+ } else
+ pos++;
+ }
- rv = 0;
+ rv = 0;
-cleanup:
+ cleanup:
- return rv;
+ return rv;
}
-int
-_gnutls_buffer_unescape (gnutls_buffer_st * dest)
+int _gnutls_buffer_unescape(gnutls_buffer_st * dest)
{
- int rv = -1;
- unsigned int pos = 0;
+ int rv = -1;
+ unsigned int pos = 0;
- while (pos < dest->length)
- {
- if (dest->data[pos] == '%')
- {
- char b[3];
- unsigned int u;
- unsigned char x;
+ while (pos < dest->length) {
+ if (dest->data[pos] == '%') {
+ char b[3];
+ unsigned int u;
+ unsigned char x;
- b[0] = dest->data[pos + 1];
- b[1] = dest->data[pos + 2];
- b[2] = 0;
+ b[0] = dest->data[pos + 1];
+ b[1] = dest->data[pos + 2];
+ b[2] = 0;
- sscanf (b, "%02x", &u);
+ sscanf(b, "%02x", &u);
- x = u;
+ x = u;
- _gnutls_buffer_delete_data (dest, pos, 3);
- _gnutls_buffer_insert_data (dest, pos, &x, 1);
- }
- pos++;
- }
+ _gnutls_buffer_delete_data(dest, pos, 3);
+ _gnutls_buffer_insert_data(dest, pos, &x, 1);
+ }
+ pos++;
+ }
- rv = 0;
+ rv = 0;
- return rv;
+ return rv;
}
@@ -442,39 +413,37 @@ _gnutls_buffer_unescape (gnutls_buffer_st * dest)
* If the buffer does not have enough space to hold the string, a
* truncated hex string is returned (always null terminated).
*/
-char *
-_gnutls_bin2hex (const void *_old, size_t oldlen,
- char *buffer, size_t buffer_size, const char *separator)
+char *_gnutls_bin2hex(const void *_old, size_t oldlen,
+ char *buffer, size_t buffer_size,
+ const char *separator)
{
- unsigned int i, j;
- const uint8_t *old = _old;
- int step = 2;
- const char empty[] = "";
+ unsigned int i, j;
+ const uint8_t *old = _old;
+ int step = 2;
+ const char empty[] = "";
- if (separator != NULL && separator[0] != 0)
- step = 3;
- else
- separator = empty;
+ if (separator != NULL && separator[0] != 0)
+ step = 3;
+ else
+ separator = empty;
- if (buffer_size < 3)
- {
- gnutls_assert();
- return NULL;
- }
+ if (buffer_size < 3) {
+ gnutls_assert();
+ return NULL;
+ }
- i = j = 0;
- sprintf (&buffer[j], "%.2x", old[i]);
- j += 2;
- i++;
+ i = j = 0;
+ sprintf(&buffer[j], "%.2x", old[i]);
+ j += 2;
+ i++;
- for (; i < oldlen && j + step < buffer_size; j += step)
- {
- sprintf (&buffer[j], "%s%.2x", separator, old[i]);
- i++;
- }
- buffer[j] = '\0';
+ for (; i < oldlen && j + step < buffer_size; j += step) {
+ sprintf(&buffer[j], "%s%.2x", separator, old[i]);
+ i++;
+ }
+ buffer[j] = '\0';
- return buffer;
+ return buffer;
}
/**
@@ -492,52 +461,49 @@ _gnutls_bin2hex (const void *_old, size_t oldlen,
* Since: 2.4.0
**/
int
-gnutls_hex2bin (const char *hex_data,
- size_t hex_size, void *bin_data, size_t * bin_size)
+gnutls_hex2bin(const char *hex_data,
+ size_t hex_size, void *bin_data, size_t * bin_size)
{
- return _gnutls_hex2bin (hex_data, hex_size, (void*)bin_data, bin_size);
+ return _gnutls_hex2bin(hex_data, hex_size, (void *) bin_data,
+ bin_size);
}
int
-_gnutls_hex2bin (const char * hex_data, size_t hex_size, uint8_t * bin_data,
- size_t * bin_size)
-{
- unsigned int i, j;
- uint8_t hex2_data[3];
- unsigned long val;
-
- hex2_data[2] = 0;
-
- for (i = j = 0; i < hex_size;)
- {
- if (!isxdigit (hex_data[i])) /* skip non-hex such as the ':' in 00:FF */
- {
- i++;
- continue;
- }
-
- if (j > *bin_size)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- hex2_data[0] = hex_data[i];
- hex2_data[1] = hex_data[i + 1];
- i += 2;
-
- val = strtoul ((char *) hex2_data, NULL, 16);
- if (val == ULONG_MAX)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
- bin_data[j] = val;
- j++;
- }
- *bin_size = j;
-
- return 0;
+_gnutls_hex2bin(const char *hex_data, size_t hex_size, uint8_t * bin_data,
+ size_t * bin_size)
+{
+ unsigned int i, j;
+ uint8_t hex2_data[3];
+ unsigned long val;
+
+ hex2_data[2] = 0;
+
+ for (i = j = 0; i < hex_size;) {
+ if (!isxdigit(hex_data[i])) { /* skip non-hex such as the ':' in 00:FF */
+ i++;
+ continue;
+ }
+
+ if (j > *bin_size) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ hex2_data[0] = hex_data[i];
+ hex2_data[1] = hex_data[i + 1];
+ i += 2;
+
+ val = strtoul((char *) hex2_data, NULL, 16);
+ if (val == ULONG_MAX) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+ bin_data[j] = val;
+ j++;
+ }
+ *bin_size = j;
+
+ return 0;
}
/**
@@ -555,18 +521,18 @@ _gnutls_hex2bin (const char * hex_data, size_t hex_size, uint8_t * bin_data,
* long enough, or 0 on success.
**/
int
-gnutls_hex_decode (const gnutls_datum_t * hex_data, void *result,
- size_t * result_size)
+gnutls_hex_decode(const gnutls_datum_t * hex_data, void *result,
+ size_t * result_size)
{
- int ret;
+ int ret;
- ret =
- _gnutls_hex2bin ((char*)hex_data->data, hex_data->size, (uint8_t *) result,
- result_size);
- if (ret < 0)
- return ret;
+ ret =
+ _gnutls_hex2bin((char *) hex_data->data, hex_data->size,
+ (uint8_t *) result, result_size);
+ if (ret < 0)
+ return ret;
- return 0;
+ return 0;
}
/**
@@ -584,21 +550,21 @@ gnutls_hex_decode (const gnutls_datum_t * hex_data, void *result,
* long enough, or 0 on success.
**/
int
-gnutls_hex_encode (const gnutls_datum_t * data, char *result,
- size_t * result_size)
+gnutls_hex_encode(const gnutls_datum_t * data, char *result,
+ size_t * result_size)
{
- size_t res = data->size + data->size + 1;
+ size_t res = data->size + data->size + 1;
- if (*result_size < res)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (*result_size < res) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- _gnutls_bin2hex (data->data, data->size, result, *result_size, NULL);
- *result_size = res;
+ _gnutls_bin2hex(data->data, data->size, result, *result_size,
+ NULL);
+ *result_size = res;
- return 0;
+ return 0;
}
@@ -611,254 +577,245 @@ gnutls_hex_encode (const gnutls_datum_t * data, char *result,
* @level: is used for recursion. Use 0 when you call this function.
*/
int
-_gnutls_hostname_compare (const char *certname,
- size_t certnamesize, const char *hostname, int level)
+_gnutls_hostname_compare(const char *certname,
+ size_t certnamesize, const char *hostname,
+ int level)
{
- if (level > 5)
- return 0;
+ if (level > 5)
+ return 0;
- /* find the first different character */
- for (; *certname && *hostname && c_toupper (*certname) == c_toupper (*hostname);
- certname++, hostname++, certnamesize--)
- ;
+ /* find the first different character */
+ for (;
+ *certname && *hostname
+ && c_toupper(*certname) == c_toupper(*hostname);
+ certname++, hostname++, certnamesize--);
- /* the strings are the same */
- if (certnamesize == 0 && *hostname == '\0')
- return 1;
+ /* the strings are the same */
+ if (certnamesize == 0 && *hostname == '\0')
+ return 1;
- if (*certname == '*')
- {
- /* a wildcard certificate */
+ if (*certname == '*') {
+ /* a wildcard certificate */
- certname++;
- certnamesize--;
+ certname++;
+ certnamesize--;
- while (1)
- {
- /* Use a recursive call to allow multiple wildcards */
- if (_gnutls_hostname_compare (certname, certnamesize, hostname, level+1))
- return 1;
+ while (1) {
+ /* Use a recursive call to allow multiple wildcards */
+ if (_gnutls_hostname_compare
+ (certname, certnamesize, hostname, level + 1))
+ return 1;
- /* wildcards are only allowed to match a single domain
- component or component fragment */
- if (*hostname == '\0' || *hostname == '.')
- break;
- hostname++;
- }
+ /* wildcards are only allowed to match a single domain
+ component or component fragment */
+ if (*hostname == '\0' || *hostname == '.')
+ break;
+ hostname++;
+ }
- return 0;
- }
+ return 0;
+ }
- return 0;
+ return 0;
}
int
-_gnutls_buffer_append_prefix (gnutls_buffer_st * buf, int pfx_size, size_t data_size)
-{
- uint8_t ss[4];
-
- if (pfx_size == 32)
- {
- _gnutls_write_uint32 (data_size, ss);
- pfx_size = 4;
- }
- else if (pfx_size == 24)
- {
- _gnutls_write_uint24 (data_size, ss);
- pfx_size = 3;
- }
- else if (pfx_size == 16)
- {
- _gnutls_write_uint16 (data_size, ss);
- pfx_size = 2;
- }
- else if (pfx_size == 8)
- {
- ss[0] = data_size;
- pfx_size = 1;
- }
- else
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- return _gnutls_buffer_append_data (buf, ss, pfx_size);
+_gnutls_buffer_append_prefix(gnutls_buffer_st * buf, int pfx_size,
+ size_t data_size)
+{
+ uint8_t ss[4];
+
+ if (pfx_size == 32) {
+ _gnutls_write_uint32(data_size, ss);
+ pfx_size = 4;
+ } else if (pfx_size == 24) {
+ _gnutls_write_uint24(data_size, ss);
+ pfx_size = 3;
+ } else if (pfx_size == 16) {
+ _gnutls_write_uint16(data_size, ss);
+ pfx_size = 2;
+ } else if (pfx_size == 8) {
+ ss[0] = data_size;
+ pfx_size = 1;
+ } else
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ return _gnutls_buffer_append_data(buf, ss, pfx_size);
}
/* Reads an uint32 number from the buffer. If check is non zero it will also check whether
* the number read, is less than the data in the buffer
*/
int
-_gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size,
- int check)
+_gnutls_buffer_pop_prefix(gnutls_buffer_st * buf, size_t * data_size,
+ int check)
{
- size_t size;
+ size_t size;
- if (buf->length < 4)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
+ if (buf->length < 4) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
- size = _gnutls_read_uint32 (buf->data);
- if (check && size > buf->length - 4)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
+ size = _gnutls_read_uint32(buf->data);
+ if (check && size > buf->length - 4) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
- buf->data += 4;
- buf->length -= 4;
+ buf->data += 4;
+ buf->length -= 4;
- *data_size = size;
+ *data_size = size;
- return 0;
+ return 0;
}
int
-_gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
- gnutls_datum_t * data)
-{
- size_t size;
- int ret;
-
- ret = _gnutls_buffer_pop_prefix (buf, &size, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (size > 0)
- {
- size_t osize = size;
- _gnutls_buffer_pop_datum (buf, data, size);
- if (osize != data->size)
- {
- gnutls_assert ();
- return GNUTLS_E_PARSING_ERROR;
- }
- }
- else
- {
- data->size = 0;
- data->data = NULL;
- }
-
- return 0;
+_gnutls_buffer_pop_datum_prefix(gnutls_buffer_st * buf,
+ gnutls_datum_t * data)
+{
+ size_t size;
+ int ret;
+
+ ret = _gnutls_buffer_pop_prefix(buf, &size, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (size > 0) {
+ size_t osize = size;
+ _gnutls_buffer_pop_datum(buf, data, size);
+ if (osize != data->size) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+ } else {
+ data->size = 0;
+ data->data = NULL;
+ }
+
+ return 0;
}
int
-_gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf,
- int pfx_size, const void *data, size_t data_size)
+_gnutls_buffer_append_data_prefix(gnutls_buffer_st * buf,
+ int pfx_size, const void *data,
+ size_t data_size)
{
-int ret = 0, ret1;
+ int ret = 0, ret1;
- ret1 = _gnutls_buffer_append_prefix (buf, pfx_size, data_size);
- if (ret1 < 0)
- return gnutls_assert_val(ret1);
+ ret1 = _gnutls_buffer_append_prefix(buf, pfx_size, data_size);
+ if (ret1 < 0)
+ return gnutls_assert_val(ret1);
- if (data_size > 0)
- {
- ret = _gnutls_buffer_append_data (buf, data, data_size);
+ if (data_size > 0) {
+ ret = _gnutls_buffer_append_data(buf, data, data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
- return ret + ret1;
+ return ret + ret1;
}
-int _gnutls_buffer_append_mpi (gnutls_buffer_st * buf, int pfx_size, bigint_t mpi, int lz)
+int _gnutls_buffer_append_mpi(gnutls_buffer_st * buf, int pfx_size,
+ bigint_t mpi, int lz)
{
-gnutls_datum_t dd;
-int ret;
+ gnutls_datum_t dd;
+ int ret;
- if (lz)
- ret = _gnutls_mpi_dprint_lz (mpi, &dd);
- else
- ret = _gnutls_mpi_dprint (mpi, &dd);
+ if (lz)
+ ret = _gnutls_mpi_dprint_lz(mpi, &dd);
+ else
+ ret = _gnutls_mpi_dprint(mpi, &dd);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_data_prefix(buf, pfx_size, dd.data, dd.size);
-
- _gnutls_free_datum(&dd);
-
- return ret;
+ ret =
+ _gnutls_buffer_append_data_prefix(buf, pfx_size, dd.data,
+ dd.size);
+
+ _gnutls_free_datum(&dd);
+
+ return ret;
}
int
-_gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data,
- size_t * data_size)
+_gnutls_buffer_pop_data_prefix(gnutls_buffer_st * buf, void *data,
+ size_t * data_size)
{
- size_t size;
- int ret;
+ size_t size;
+ int ret;
- ret = _gnutls_buffer_pop_prefix (buf, &size, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_buffer_pop_prefix(buf, &size, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (size > 0)
- _gnutls_buffer_pop_data (buf, data, data_size);
+ if (size > 0)
+ _gnutls_buffer_pop_data(buf, data, data_size);
- return 0;
+ return 0;
}
void
-_gnutls_buffer_hexprint (gnutls_buffer_st * str,
- const void *_data, size_t len)
+_gnutls_buffer_hexprint(gnutls_buffer_st * str,
+ const void *_data, size_t len)
{
- size_t j;
- const unsigned char* data = _data;
+ size_t j;
+ const unsigned char *data = _data;
- if (len == 0)
- _gnutls_buffer_append_str (str, "00");
- else
- {
- for (j = 0; j < len; j++)
- _gnutls_buffer_append_printf (str, "%.2x", (unsigned) data[j]);
- }
+ if (len == 0)
+ _gnutls_buffer_append_str(str, "00");
+ else {
+ for (j = 0; j < len; j++)
+ _gnutls_buffer_append_printf(str, "%.2x",
+ (unsigned) data[j]);
+ }
}
void
-_gnutls_buffer_hexdump (gnutls_buffer_st * str, const void *_data, size_t len,
- const char *spc)
-{
- size_t j;
- const unsigned char* data = _data;
-
- if (spc)
- _gnutls_buffer_append_str (str, spc);
- for (j = 0; j < len; j++)
- {
- if (((j + 1) % 16) == 0)
- {
- _gnutls_buffer_append_printf (str, "%.2x\n", (unsigned)data[j]);
- if (spc && j != (len - 1))
- _gnutls_buffer_append_str (str, spc);
- }
- else if (j == (len - 1))
- _gnutls_buffer_append_printf (str, "%.2x", (unsigned)data[j]);
- else
- _gnutls_buffer_append_printf (str, "%.2x:", (unsigned)data[j]);
- }
- if ((j % 16) != 0)
- _gnutls_buffer_append_str (str, "\n");
+_gnutls_buffer_hexdump(gnutls_buffer_st * str, const void *_data,
+ size_t len, const char *spc)
+{
+ size_t j;
+ const unsigned char *data = _data;
+
+ if (spc)
+ _gnutls_buffer_append_str(str, spc);
+ for (j = 0; j < len; j++) {
+ if (((j + 1) % 16) == 0) {
+ _gnutls_buffer_append_printf(str, "%.2x\n",
+ (unsigned) data[j]);
+ if (spc && j != (len - 1))
+ _gnutls_buffer_append_str(str, spc);
+ } else if (j == (len - 1))
+ _gnutls_buffer_append_printf(str, "%.2x",
+ (unsigned) data[j]);
+ else
+ _gnutls_buffer_append_printf(str, "%.2x:",
+ (unsigned) data[j]);
+ }
+ if ((j % 16) != 0)
+ _gnutls_buffer_append_str(str, "\n");
}
void
-_gnutls_buffer_asciiprint (gnutls_buffer_st * str,
- const char *data, size_t len)
-{
- size_t j;
-
- for (j = 0; j < len; j++)
- if (c_isprint (data[j]))
- _gnutls_buffer_append_printf (str, "%c", (unsigned char) data[j]);
- else
- _gnutls_buffer_append_printf (str, ".");
+_gnutls_buffer_asciiprint(gnutls_buffer_st * str,
+ const char *data, size_t len)
+{
+ size_t j;
+
+ for (j = 0; j < len; j++)
+ if (c_isprint(data[j]))
+ _gnutls_buffer_append_printf(str, "%c",
+ (unsigned char)
+ data[j]);
+ else
+ _gnutls_buffer_append_printf(str, ".");
}
diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h
index fde073291b..a99a6265c5 100644
--- a/lib/gnutls_str.h
+++ b/lib/gnutls_str.h
@@ -28,91 +28,93 @@
#include "gettext.h"
#define _(String) dgettext (PACKAGE, String)
-void _gnutls_str_cpy (char *dest, size_t dest_tot_size, const char *src);
-void _gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
- size_t src_size);
-void _gnutls_str_cat (char *dest, size_t dest_tot_size, const char *src);
-
-typedef struct
-{
- uint8_t *allocd; /* pointer to allocated data */
- uint8_t *data; /* API: pointer to data to copy from */
- size_t max_length;
- size_t length; /* API: current length */
+void _gnutls_str_cpy(char *dest, size_t dest_tot_size, const char *src);
+void _gnutls_mem_cpy(char *dest, size_t dest_tot_size, const char *src,
+ size_t src_size);
+void _gnutls_str_cat(char *dest, size_t dest_tot_size, const char *src);
+
+typedef struct {
+ uint8_t *allocd; /* pointer to allocated data */
+ uint8_t *data; /* API: pointer to data to copy from */
+ size_t max_length;
+ size_t length; /* API: current length */
} gnutls_buffer_st;
/* Initialize a buffer */
-void _gnutls_buffer_init (gnutls_buffer_st *);
+void _gnutls_buffer_init(gnutls_buffer_st *);
/* Free the data in a buffer */
-void _gnutls_buffer_clear (gnutls_buffer_st *);
+void _gnutls_buffer_clear(gnutls_buffer_st *);
/* Set the buffer data to be of zero length */
-inline static void _gnutls_buffer_reset (gnutls_buffer_st * buf)
+inline static void _gnutls_buffer_reset(gnutls_buffer_st * buf)
{
- buf->data = buf->allocd;
- buf->length = 0;
+ buf->data = buf->allocd;
+ buf->length = 0;
}
-int _gnutls_buffer_resize (gnutls_buffer_st *, size_t new_size);
+int _gnutls_buffer_resize(gnutls_buffer_st *, size_t new_size);
-int _gnutls_buffer_append_str (gnutls_buffer_st *, const char *str);
-int _gnutls_buffer_append_data (gnutls_buffer_st *, const void *data,
- size_t data_size);
+int _gnutls_buffer_append_str(gnutls_buffer_st *, const char *str);
+int _gnutls_buffer_append_data(gnutls_buffer_st *, const void *data,
+ size_t data_size);
#include <gnutls_num.h>
-void _gnutls_buffer_replace_data( gnutls_buffer_st * buf, gnutls_datum_t * data);
+void _gnutls_buffer_replace_data(gnutls_buffer_st * buf,
+ gnutls_datum_t * data);
-int _gnutls_buffer_append_prefix (gnutls_buffer_st * buf, int pfx_size, size_t data_size);
+int _gnutls_buffer_append_prefix(gnutls_buffer_st * buf, int pfx_size,
+ size_t data_size);
-int _gnutls_buffer_append_mpi (gnutls_buffer_st * buf, int pfx_size, bigint_t, int lz);
+int _gnutls_buffer_append_mpi(gnutls_buffer_st * buf, int pfx_size,
+ bigint_t, int lz);
-int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, int pfx_size,
- const void *data, size_t data_size);
-void _gnutls_buffer_pop_data (gnutls_buffer_st *, void *, size_t * size);
-void _gnutls_buffer_pop_datum (gnutls_buffer_st *, gnutls_datum_t *,
- size_t max_size);
+int _gnutls_buffer_append_data_prefix(gnutls_buffer_st * buf, int pfx_size,
+ const void *data, size_t data_size);
+void _gnutls_buffer_pop_data(gnutls_buffer_st *, void *, size_t * size);
+void _gnutls_buffer_pop_datum(gnutls_buffer_st *, gnutls_datum_t *,
+ size_t max_size);
-int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size,
- int check);
+int _gnutls_buffer_pop_prefix(gnutls_buffer_st * buf, size_t * data_size,
+ int check);
-int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data,
- size_t * data_size);
+int _gnutls_buffer_pop_data_prefix(gnutls_buffer_st * buf, void *data,
+ size_t * data_size);
-int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
- gnutls_datum_t * data);
-int _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data);
+int _gnutls_buffer_pop_datum_prefix(gnutls_buffer_st * buf,
+ gnutls_datum_t * data);
+int _gnutls_buffer_to_datum(gnutls_buffer_st * str, gnutls_datum_t * data);
-int _gnutls_buffer_escape (gnutls_buffer_st * dest, int all,
- const char *const invalid_chars);
-int _gnutls_buffer_unescape (gnutls_buffer_st * dest);
+int _gnutls_buffer_escape(gnutls_buffer_st * dest, int all,
+ const char *const invalid_chars);
+int _gnutls_buffer_unescape(gnutls_buffer_st * dest);
#ifndef __attribute__
/* This feature is available in gcc versions 2.5 and later. */
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-#define __attribute__(Spec) /* empty */
+#define __attribute__(Spec) /* empty */
#endif
#endif
-int _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt,
- ...)
- __attribute__ ((format (printf, 2, 3)));
+int _gnutls_buffer_append_printf(gnutls_buffer_st * dest, const char *fmt,
+ ...)
+ __attribute__ ((format(printf, 2, 3)));
-void _gnutls_buffer_hexprint (gnutls_buffer_st * str,
- const void *data, size_t len);
-void _gnutls_buffer_hexdump (gnutls_buffer_st * str, const void *data,
- size_t len, const char *spc);
-void _gnutls_buffer_asciiprint (gnutls_buffer_st * str,
- const char *data, size_t len);
+void _gnutls_buffer_hexprint(gnutls_buffer_st * str,
+ const void *data, size_t len);
+void _gnutls_buffer_hexdump(gnutls_buffer_st * str, const void *data,
+ size_t len, const char *spc);
+void _gnutls_buffer_asciiprint(gnutls_buffer_st * str,
+ const char *data, size_t len);
-char *_gnutls_bin2hex (const void *old, size_t oldlen, char *buffer,
- size_t buffer_size, const char *separator);
-int _gnutls_hex2bin (const char * hex_data, size_t hex_size, uint8_t * bin_data,
- size_t * bin_size);
+char *_gnutls_bin2hex(const void *old, size_t oldlen, char *buffer,
+ size_t buffer_size, const char *separator);
+int _gnutls_hex2bin(const char *hex_data, size_t hex_size,
+ uint8_t * bin_data, size_t * bin_size);
-int _gnutls_hostname_compare (const char *certname, size_t certnamesize,
- const char *hostname, int level);
+int _gnutls_hostname_compare(const char *certname, size_t certnamesize,
+ const char *hostname, int level);
#define MAX_CN 256
#define MAX_DN 1024
diff --git a/lib/gnutls_str_array.h b/lib/gnutls_str_array.h
index 9b6ddd6184..57aa828ac6 100644
--- a/lib/gnutls_str_array.h
+++ b/lib/gnutls_str_array.h
@@ -30,85 +30,86 @@
* are allowed to be added to the list and matched against it.
*/
-typedef struct gnutls_str_array_st
-{
- char* str;
- unsigned int len;
- struct gnutls_str_array_st* next;
+typedef struct gnutls_str_array_st {
+ char *str;
+ unsigned int len;
+ struct gnutls_str_array_st *next;
} *gnutls_str_array_t;
-inline static void _gnutls_str_array_init(gnutls_str_array_t* head)
+inline static void _gnutls_str_array_init(gnutls_str_array_t * head)
{
- *head = NULL;
+ *head = NULL;
}
-inline static void _gnutls_str_array_clear (gnutls_str_array_t *head)
+inline static void _gnutls_str_array_clear(gnutls_str_array_t * head)
{
- gnutls_str_array_t prev, array = *head;
-
- while(array != NULL)
- {
- prev = array;
- array = prev->next;
- gnutls_free(prev);
- }
- *head = NULL;
+ gnutls_str_array_t prev, array = *head;
+
+ while (array != NULL) {
+ prev = array;
+ array = prev->next;
+ gnutls_free(prev);
+ }
+ *head = NULL;
}
-inline static int _gnutls_str_array_match (gnutls_str_array_t head, const char* str)
+inline static int _gnutls_str_array_match(gnutls_str_array_t head,
+ const char *str)
{
- gnutls_str_array_t array = head;
-
- while(array != NULL)
- {
- if (strcmp(array->str, str) == 0) return 1;
- array = array->next;
- }
-
- return 0;
+ gnutls_str_array_t array = head;
+
+ while (array != NULL) {
+ if (strcmp(array->str, str) == 0)
+ return 1;
+ array = array->next;
+ }
+
+ return 0;
}
-inline static void append(gnutls_str_array_t array, const char* str, int len)
+inline static void append(gnutls_str_array_t array, const char *str,
+ int len)
{
- array->str = ((char*)array) + sizeof(struct gnutls_str_array_st);
- memcpy(array->str, str, len);
- array->str[len] = 0;
- array->len = len;
- array->next = NULL;
+ array->str = ((char *) array) + sizeof(struct gnutls_str_array_st);
+ memcpy(array->str, str, len);
+ array->str[len] = 0;
+ array->len = len;
+ array->next = NULL;
}
-inline static int _gnutls_str_array_append (gnutls_str_array_t* head, const char* str, int len)
+inline static int _gnutls_str_array_append(gnutls_str_array_t * head,
+ const char *str, int len)
{
- gnutls_str_array_t prev, array;
- if (*head == NULL)
- {
- *head = gnutls_malloc(len + 1 + sizeof(struct gnutls_str_array_st));
- if (*head == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- array = *head;
- append(array, str, len);
- }
- else
- {
- array = *head;
- prev = array;
- while(array != NULL)
- {
- prev = array;
- array = prev->next;
- }
- prev->next = gnutls_malloc(len + 1 + sizeof(struct gnutls_str_array_st));
-
- array = prev->next;
-
- if (array == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- append(array, str, len);
- }
-
- return 0;
+ gnutls_str_array_t prev, array;
+ if (*head == NULL) {
+ *head =
+ gnutls_malloc(len + 1 +
+ sizeof(struct gnutls_str_array_st));
+ if (*head == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ array = *head;
+ append(array, str, len);
+ } else {
+ array = *head;
+ prev = array;
+ while (array != NULL) {
+ prev = array;
+ array = prev->next;
+ }
+ prev->next =
+ gnutls_malloc(len + 1 +
+ sizeof(struct gnutls_str_array_st));
+
+ array = prev->next;
+
+ if (array == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ append(array, str, len);
+ }
+
+ return 0;
}
#endif
diff --git a/lib/gnutls_supplemental.c b/lib/gnutls_supplemental.c
index 1790a7d41c..56ca1e9f8c 100644
--- a/lib/gnutls_supplemental.c
+++ b/lib/gnutls_supplemental.c
@@ -49,20 +49,19 @@
#include "gnutls_num.h"
typedef int (*supp_recv_func) (gnutls_session_t session,
- const uint8_t * data, size_t data_size);
+ const uint8_t * data, size_t data_size);
typedef int (*supp_send_func) (gnutls_session_t session,
- gnutls_buffer_st * buf);
+ gnutls_buffer_st * buf);
-typedef struct
-{
- const char *name;
- gnutls_supplemental_data_format_type_t type;
- supp_recv_func supp_recv_func;
- supp_send_func supp_send_func;
+typedef struct {
+ const char *name;
+ gnutls_supplemental_data_format_type_t type;
+ supp_recv_func supp_recv_func;
+ supp_send_func supp_send_func;
} gnutls_supplemental_entry;
gnutls_supplemental_entry _gnutls_supplemental[] = {
- {0, 0, 0, 0}
+ {0, 0, 0, 0}
};
/**
@@ -75,141 +74,134 @@ gnutls_supplemental_entry _gnutls_supplemental[] = {
* Returns: a string that contains the name of the specified
* supplemental data format type, or %NULL for unknown types.
**/
-const char *
-gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t type)
+const char
+ *gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t
+ type)
{
- gnutls_supplemental_entry *p;
+ gnutls_supplemental_entry *p;
- for (p = _gnutls_supplemental; p->name != NULL; p++)
- if (p->type == type)
- return p->name;
+ for (p = _gnutls_supplemental; p->name != NULL; p++)
+ if (p->type == type)
+ return p->name;
- return NULL;
+ return NULL;
}
static supp_recv_func
-get_supp_func_recv (gnutls_supplemental_data_format_type_t type)
+get_supp_func_recv(gnutls_supplemental_data_format_type_t type)
{
- gnutls_supplemental_entry *p;
+ gnutls_supplemental_entry *p;
- for (p = _gnutls_supplemental; p->name != NULL; p++)
- if (p->type == type)
- return p->supp_recv_func;
+ for (p = _gnutls_supplemental; p->name != NULL; p++)
+ if (p->type == type)
+ return p->supp_recv_func;
- return NULL;
+ return NULL;
}
int
-_gnutls_gen_supplemental (gnutls_session_t session, gnutls_buffer_st * buf)
+_gnutls_gen_supplemental(gnutls_session_t session, gnutls_buffer_st * buf)
{
- gnutls_supplemental_entry *p;
- int ret;
-
- /* Make room for 3 byte length field. */
- ret = _gnutls_buffer_append_data (buf, "\0\0\0", 3);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- for (p = _gnutls_supplemental; p->name; p++)
- {
- supp_send_func supp_send = p->supp_send_func;
- size_t sizepos = buf->length;
-
- /* Make room for supplement type and length byte length field. */
- ret = _gnutls_buffer_append_data (buf, "\0\0\0\0", 4);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = supp_send (session, buf);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* If data were added, store type+length, otherwise reset. */
- if (buf->length > sizepos + 4)
- {
- buf->data[sizepos] = 0;
- buf->data[sizepos + 1] = p->type;
- buf->data[sizepos + 2] = ((buf->length - sizepos - 4) >> 8) & 0xFF;
- buf->data[sizepos + 3] = (buf->length - sizepos - 4) & 0xFF;
- }
- else
- buf->length -= 4;
- }
-
- buf->data[0] = ((buf->length - 3) >> 16) & 0xFF;
- buf->data[1] = ((buf->length - 3) >> 8) & 0xFF;
- buf->data[2] = (buf->length - 3) & 0xFF;
-
- _gnutls_debug_log ("EXT[%p]: Sending %d bytes of supplemental data\n",
- session, (int) buf->length);
-
- return buf->length;
+ gnutls_supplemental_entry *p;
+ int ret;
+
+ /* Make room for 3 byte length field. */
+ ret = _gnutls_buffer_append_data(buf, "\0\0\0", 3);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ for (p = _gnutls_supplemental; p->name; p++) {
+ supp_send_func supp_send = p->supp_send_func;
+ size_t sizepos = buf->length;
+
+ /* Make room for supplement type and length byte length field. */
+ ret = _gnutls_buffer_append_data(buf, "\0\0\0\0", 4);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = supp_send(session, buf);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* If data were added, store type+length, otherwise reset. */
+ if (buf->length > sizepos + 4) {
+ buf->data[sizepos] = 0;
+ buf->data[sizepos + 1] = p->type;
+ buf->data[sizepos + 2] =
+ ((buf->length - sizepos - 4) >> 8) & 0xFF;
+ buf->data[sizepos + 3] =
+ (buf->length - sizepos - 4) & 0xFF;
+ } else
+ buf->length -= 4;
+ }
+
+ buf->data[0] = ((buf->length - 3) >> 16) & 0xFF;
+ buf->data[1] = ((buf->length - 3) >> 8) & 0xFF;
+ buf->data[2] = (buf->length - 3) & 0xFF;
+
+ _gnutls_debug_log
+ ("EXT[%p]: Sending %d bytes of supplemental data\n", session,
+ (int) buf->length);
+
+ return buf->length;
}
int
-_gnutls_parse_supplemental (gnutls_session_t session,
- const uint8_t * data, int datalen)
+_gnutls_parse_supplemental(gnutls_session_t session,
+ const uint8_t * data, int datalen)
{
- const uint8_t *p = data;
- ssize_t dsize = datalen;
- size_t total_size;
-
- DECR_LEN (dsize, 3);
- total_size = _gnutls_read_uint24 (p);
- p += 3;
-
- if (dsize != (ssize_t) total_size)
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- do
- {
- uint16_t supp_data_type;
- uint16_t supp_data_length;
- supp_recv_func recv_func;
-
- DECR_LEN (dsize, 2);
- supp_data_type = _gnutls_read_uint16 (p);
- p += 2;
-
- DECR_LEN (dsize, 2);
- supp_data_length = _gnutls_read_uint16 (p);
- p += 2;
-
- _gnutls_debug_log ("EXT[%p]: Got supplemental type=%02x length=%d\n",
- session, supp_data_type, supp_data_length);
-
- recv_func = get_supp_func_recv (supp_data_type);
- if (recv_func)
- {
- int ret = recv_func (session, p, supp_data_length);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- DECR_LEN (dsize, supp_data_length);
- p += supp_data_length;
- }
- while (dsize > 0);
-
- return 0;
+ const uint8_t *p = data;
+ ssize_t dsize = datalen;
+ size_t total_size;
+
+ DECR_LEN(dsize, 3);
+ total_size = _gnutls_read_uint24(p);
+ p += 3;
+
+ if (dsize != (ssize_t) total_size) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ do {
+ uint16_t supp_data_type;
+ uint16_t supp_data_length;
+ supp_recv_func recv_func;
+
+ DECR_LEN(dsize, 2);
+ supp_data_type = _gnutls_read_uint16(p);
+ p += 2;
+
+ DECR_LEN(dsize, 2);
+ supp_data_length = _gnutls_read_uint16(p);
+ p += 2;
+
+ _gnutls_debug_log
+ ("EXT[%p]: Got supplemental type=%02x length=%d\n",
+ session, supp_data_type, supp_data_length);
+
+ recv_func = get_supp_func_recv(supp_data_type);
+ if (recv_func) {
+ int ret = recv_func(session, p, supp_data_length);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ DECR_LEN(dsize, supp_data_length);
+ p += supp_data_length;
+ }
+ while (dsize > 0);
+
+ return 0;
}
diff --git a/lib/gnutls_supplemental.h b/lib/gnutls_supplemental.h
index fe2d6b4dd3..03c3f3b5f7 100644
--- a/lib/gnutls_supplemental.h
+++ b/lib/gnutls_supplemental.h
@@ -22,7 +22,7 @@
#include <gnutls_int.h>
-int _gnutls_parse_supplemental (gnutls_session_t session,
- const uint8_t * data, int data_size);
-int _gnutls_gen_supplemental (gnutls_session_t session,
- gnutls_buffer_st * buf);
+int _gnutls_parse_supplemental(gnutls_session_t session,
+ const uint8_t * data, int data_size);
+int _gnutls_gen_supplemental(gnutls_session_t session,
+ gnutls_buffer_st * buf);
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 6132eeb9d1..69fd05a947 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -53,21 +53,23 @@
* an error code is returned.
*
**/
-int gnutls_random_art (gnutls_random_art_t type,
- const char* key_type, unsigned int key_size,
- void * fpr, size_t fpr_size,
- gnutls_datum_t* art)
+int gnutls_random_art(gnutls_random_art_t type,
+ const char *key_type, unsigned int key_size,
+ void *fpr, size_t fpr_size, gnutls_datum_t * art)
{
- if (type != GNUTLS_RANDOM_ART_OPENSSH)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- art->data = (void*)_gnutls_key_fingerprint_randomart(fpr, fpr_size, key_type, key_size, NULL);
- if (art->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- art->size = strlen((char*)art->data);
-
- return 0;
+ if (type != GNUTLS_RANDOM_ART_OPENSSH)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ art->data =
+ (void *) _gnutls_key_fingerprint_randomart(fpr, fpr_size,
+ key_type, key_size,
+ NULL);
+ if (art->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ art->size = strlen((char *) art->data);
+
+ return 0;
}
/* ANON & DHE */
@@ -99,11 +101,13 @@ int gnutls_random_art (gnutls_random_art_t type,
*
*
**/
-void
-gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits)
+void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits)
{
- if (bits <= 512 && bits != 0) _gnutls_audit_log(session, "Note that the security level of the Diffie-Hellman key exchange has been lowered to %u bits and this may allow decryption of the session data\n", bits);
- session->internals.priorities.dh_prime_bits = bits;
+ if (bits <= 512 && bits != 0)
+ _gnutls_audit_log(session,
+ "Note that the security level of the Diffie-Hellman key exchange has been lowered to %u bits and this may allow decryption of the session data\n",
+ bits);
+ session->internals.priorities.dh_prime_bits = bits;
}
@@ -123,56 +127,55 @@ gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits)
* an error code is returned.
**/
int
-gnutls_dh_get_group (gnutls_session_t session,
- gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime)
+gnutls_dh_get_group(gnutls_session_t session,
+ gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime)
{
- dh_info_st *dh;
- int ret;
- anon_auth_info_t anon_info;
- cert_auth_info_t cert_info;
- psk_auth_info_t psk_info;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- anon_info = _gnutls_get_auth_info (session);
- if (anon_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &anon_info->dh;
- break;
- case GNUTLS_CRD_PSK:
- psk_info = _gnutls_get_auth_info (session);
- if (psk_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &psk_info->dh;
- break;
- case GNUTLS_CRD_CERTIFICATE:
- cert_info = _gnutls_get_auth_info (session);
- if (cert_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &cert_info->dh;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (raw_prime);
- return ret;
- }
-
- return 0;
+ dh_info_st *dh;
+ int ret;
+ anon_auth_info_t anon_info;
+ cert_auth_info_t cert_info;
+ psk_auth_info_t psk_info;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ anon_info = _gnutls_get_auth_info(session);
+ if (anon_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &anon_info->dh;
+ break;
+ case GNUTLS_CRD_PSK:
+ psk_info = _gnutls_get_auth_info(session);
+ if (psk_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &psk_info->dh;
+ break;
+ case GNUTLS_CRD_CERTIFICATE:
+ cert_info = _gnutls_get_auth_info(session);
+ if (cert_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &cert_info->dh;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_set_datum(raw_prime, dh->prime.data, dh->prime.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_set_datum(raw_gen, dh->generator.data,
+ dh->generator.size);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(raw_prime);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -189,47 +192,46 @@ gnutls_dh_get_group (gnutls_session_t session,
* an error code is returned.
**/
int
-gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key)
+gnutls_dh_get_pubkey(gnutls_session_t session, gnutls_datum_t * raw_key)
{
- dh_info_st *dh;
- anon_auth_info_t anon_info;
- cert_auth_info_t cert_info;
- cert_auth_info_t psk_info;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_info = _gnutls_get_auth_info (session);
- if (anon_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &anon_info->dh;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_info = _gnutls_get_auth_info (session);
- if (psk_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &psk_info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
-
- cert_info = _gnutls_get_auth_info (session);
- if (cert_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &cert_info->dh;
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_set_datum (raw_key, dh->public_key.data,
- dh->public_key.size);
+ dh_info_st *dh;
+ anon_auth_info_t anon_info;
+ cert_auth_info_t cert_info;
+ cert_auth_info_t psk_info;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_info = _gnutls_get_auth_info(session);
+ if (anon_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &anon_info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_info = _gnutls_get_auth_info(session);
+ if (psk_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &psk_info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+
+ cert_info = _gnutls_get_auth_info(session);
+ if (cert_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &cert_info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_set_datum(raw_key, dh->public_key.data,
+ dh->public_key.size);
}
/**
@@ -243,63 +245,59 @@ gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
* an error code is returned.
**/
-int
-gnutls_dh_get_secret_bits (gnutls_session_t session)
+int gnutls_dh_get_secret_bits(gnutls_session_t session)
{
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- return info->dh.secret_bits;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- return info->dh.secret_bits;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- return info->dh.secret_bits;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return info->dh.secret_bits;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return info->dh.secret_bits;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ return info->dh.secret_bits;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
-static int
-mpi_buf2bits (gnutls_datum_t * mpi_buf)
+static int mpi_buf2bits(gnutls_datum_t * mpi_buf)
{
- bigint_t mpi;
- int rc;
+ bigint_t mpi;
+ int rc;
- rc = _gnutls_mpi_scan_nz (&mpi, mpi_buf->data, mpi_buf->size);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
+ rc = _gnutls_mpi_scan_nz(&mpi, mpi_buf->data, mpi_buf->size);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
- rc = _gnutls_mpi_get_nbits (mpi);
- _gnutls_mpi_release (&mpi);
+ rc = _gnutls_mpi_get_nbits(mpi);
+ _gnutls_mpi_release(&mpi);
- return rc;
+ return rc;
}
/**
@@ -316,50 +314,48 @@ mpi_buf2bits (gnutls_datum_t * mpi_buf)
* Diffie-Hellman key exchange was done, or a negative error code on
* failure.
**/
-int
-gnutls_dh_get_prime_bits (gnutls_session_t session)
+int gnutls_dh_get_prime_bits(gnutls_session_t session)
{
- dh_info_st *dh;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return mpi_buf2bits (&dh->prime);
+ dh_info_st *dh;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return mpi_buf2bits(&dh->prime);
}
@@ -373,52 +369,50 @@ gnutls_dh_get_prime_bits (gnutls_session_t session)
* Returns: The public key bit size used in the last Diffie-Hellman
* key exchange with the peer, or a negative error code in case of error.
**/
-int
-gnutls_dh_get_peers_public_bits (gnutls_session_t session)
+int gnutls_dh_get_peers_public_bits(gnutls_session_t session)
{
- dh_info_st *dh;
-
- switch (gnutls_auth_get_type (session))
- {
- case GNUTLS_CRD_ANON:
- {
- anon_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_PSK:
- {
- psk_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return mpi_buf2bits (&dh->public_key);
+ dh_info_st *dh;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return mpi_buf2bits(&dh->public_key);
}
/**
@@ -434,13 +428,13 @@ gnutls_dh_get_peers_public_bits (gnutls_session_t session)
*
**/
void
-gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
- gnutls_dh_params_t dh_params)
+gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res,
+ gnutls_dh_params_t dh_params)
{
- res->dh_params = dh_params;
+ res->dh_params = dh_params;
}
-#endif /* DH */
+#endif /* DH */
/* CERTIFICATE STUFF */
@@ -456,25 +450,23 @@ gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
* certificate, or %NULL in case of an error or if no certificate
* was used.
**/
-const gnutls_datum_t *
-gnutls_certificate_get_ours (gnutls_session_t session)
+const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t session)
{
- gnutls_certificate_credentials_t cred;
+ gnutls_certificate_credentials_t cred;
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, NULL);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL || cred->certs == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL || cred->certs == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
- if (session->internals.selected_cert_list == NULL)
- return NULL;
+ if (session->internals.selected_cert_list == NULL)
+ return NULL;
- return &session->internals.selected_cert_list[0].cert;
+ return &session->internals.selected_cert_list[0].cert;
}
/**
@@ -495,20 +487,20 @@ gnutls_certificate_get_ours (gnutls_session_t session)
* certificates, or %NULL in case of an error or if no certificate
* was used.
**/
-const gnutls_datum_t *
-gnutls_certificate_get_peers (gnutls_session_t
- session, unsigned int *list_size)
+const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t
+ session,
+ unsigned int *list_size)
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, NULL);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return NULL;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return NULL;
- *list_size = info->ncerts;
- return info->raw_certificate_list;
+ *list_size = info->ncerts;
+ return info->raw_certificate_list;
}
#ifdef ENABLE_OPENPGP
@@ -526,20 +518,20 @@ gnutls_certificate_get_peers (gnutls_session_t
* Since: 3.1.3
**/
int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
- gnutls_datum_t *id)
+ gnutls_datum_t * id)
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- id->data = info->subkey_id;
- id->size = GNUTLS_OPENPGP_KEYID_SIZE;
+ id->data = info->subkey_id;
+ id->size = GNUTLS_OPENPGP_KEYID_SIZE;
- return 0;
+ return 0;
}
#endif
@@ -553,10 +545,9 @@ int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
* authentication or 1 otherwise, or a negative error code in case of
* error.
**/
-int
-gnutls_certificate_client_get_request_status (gnutls_session_t session)
+int gnutls_certificate_client_get_request_status(gnutls_session_t session)
{
- return session->key.crt_requested;
+ return session->key.crt_requested;
}
/**
@@ -580,28 +571,29 @@ gnutls_certificate_client_get_request_status (gnutls_session_t session)
* an error code is returned.
**/
int
-gnutls_fingerprint (gnutls_digest_algorithm_t algo,
- const gnutls_datum_t * data, void *result,
- size_t * result_size)
+gnutls_fingerprint(gnutls_digest_algorithm_t algo,
+ const gnutls_datum_t * data, void *result,
+ size_t * result_size)
{
- int ret;
- int hash_len = _gnutls_hash_get_algo_len (mac_to_entry(algo));
-
- if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
- {
- *result_size = hash_len;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *result_size = hash_len;
-
- if (result)
- {
- ret = _gnutls_hash_fast( algo, data->data, data->size, result);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- return 0;
+ int ret;
+ int hash_len = _gnutls_hash_get_algo_len(mac_to_entry(algo));
+
+ if (hash_len < 0 || (unsigned) hash_len > *result_size
+ || result == NULL) {
+ *result_size = hash_len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *result_size = hash_len;
+
+ if (result) {
+ ret =
+ _gnutls_hash_fast(algo, data->data, data->size,
+ result);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return 0;
}
/**
@@ -614,10 +606,10 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
* authentication. The callback should return %GNUTLS_E_SUCCESS (0) on success.
**/
void
-gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res,
- gnutls_params_function * func)
+gnutls_certificate_set_params_function(gnutls_certificate_credentials_t
+ res, gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
/**
@@ -631,10 +623,10 @@ gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res,
*
**/
void
-gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
- res, unsigned int flags)
+gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t
+ res, unsigned int flags)
{
- res->verify_flags = flags;
+ res->verify_flags = flags;
}
/**
@@ -649,12 +641,12 @@ gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
* limits.
**/
void
-gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t res,
- unsigned int max_bits,
- unsigned int max_depth)
+gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t res,
+ unsigned int max_bits,
+ unsigned int max_depth)
{
- res->verify_depth = max_depth;
- res->verify_bits = max_bits;
+ res->verify_depth = max_depth;
+ res->verify_bits = max_bits;
}
#ifdef ENABLE_PSK
@@ -668,10 +660,10 @@ gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t res,
* callback should return %GNUTLS_E_SUCCESS (0) on success.
**/
void
-gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
- gnutls_params_function * func)
+gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res,
+ gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
#endif
@@ -686,10 +678,10 @@ gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
* The callback should return %GNUTLS_E_SUCCESS (0) on success.
**/
void
-gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
- gnutls_params_function * func)
+gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res,
+ gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
#endif
@@ -707,26 +699,25 @@ gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
*
* Since 3.1.0
**/
-int gnutls_load_file(const char* filename, gnutls_datum_t * data)
+int gnutls_load_file(const char *filename, gnutls_datum_t * data)
{
-size_t len;
-
- data->data = (void*)read_binary_file(filename, &len);
- if (data->data == NULL)
- return GNUTLS_E_FILE_ERROR;
-
- if (malloc != gnutls_malloc)
- {
- void* tmp = gnutls_malloc(len);
-
- memcpy(tmp, data->data, len);
- free(data->data);
- data->data = tmp;
- }
-
- data->size = len;
-
- return 0;
+ size_t len;
+
+ data->data = (void *) read_binary_file(filename, &len);
+ if (data->data == NULL)
+ return GNUTLS_E_FILE_ERROR;
+
+ if (malloc != gnutls_malloc) {
+ void *tmp = gnutls_malloc(len);
+
+ memcpy(tmp, data->data, len);
+ free(data->data);
+ data->data = tmp;
+ }
+
+ data->size = len;
+
+ return 0;
}
/**
@@ -744,9 +735,10 @@ size_t len;
* or sent and was invalid.
**/
int
-gnutls_ocsp_status_request_is_checked (gnutls_session_t session, unsigned int flags)
+gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
+ unsigned int flags)
{
- return session->internals.ocsp_check_ok;
+ return session->internals.ocsp_check_ok;
}
#ifdef ENABLE_RSA_EXPORT
@@ -765,11 +757,11 @@ gnutls_ocsp_status_request_is_checked (gnutls_session_t session, unsigned int fl
* an error code is returned.
**/
int
-gnutls_rsa_export_get_pubkey (gnutls_session_t session,
- gnutls_datum_t * exponent,
- gnutls_datum_t * modulus)
+gnutls_rsa_export_get_pubkey(gnutls_session_t session,
+ gnutls_datum_t * exponent,
+ gnutls_datum_t * modulus)
{
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
/**
@@ -781,10 +773,9 @@ gnutls_rsa_export_get_pubkey (gnutls_session_t session,
* Returns: The bits used in the last RSA-EXPORT key exchange with the
* peer, or a negative error code in case of error.
**/
-int
-gnutls_rsa_export_get_modulus_bits (gnutls_session_t session)
+int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session)
{
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
/**
@@ -797,10 +788,11 @@ gnutls_rsa_export_get_modulus_bits (gnutls_session_t session)
* RSA-EXPORT cipher suites.
**/
void
-gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
- res, gnutls_rsa_params_t rsa_params)
+gnutls_certificate_set_rsa_export_params(gnutls_certificate_credentials_t
+ res,
+ gnutls_rsa_params_t rsa_params)
{
- return;
+ return;
}
#endif
@@ -817,58 +809,62 @@ gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
*
* Since: 3.1.10
**/
-char *
-gnutls_session_get_desc (gnutls_session_t session)
+char *gnutls_session_get_desc(gnutls_session_t session)
{
- gnutls_kx_algorithm_t kx;
- unsigned type;
- char kx_name[32];
- char proto_name[32];
- const char* curve_name = NULL;
- unsigned dh_bits = 0;
- char* desc;
-
- kx = session->security_parameters.kx_algorithm;
-
- if (kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK ||
- kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA)
- {
- curve_name = gnutls_ecc_curve_get_name(gnutls_ecc_curve_get(session));
- }
- else if (kx == GNUTLS_KX_ANON_DH || kx == GNUTLS_KX_DHE_PSK ||
- kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
- {
- dh_bits = gnutls_dh_get_prime_bits (session);
- }
-
- if (curve_name != NULL)
- snprintf(kx_name, sizeof(kx_name), "%s-%s", gnutls_kx_get_name(kx), curve_name);
- else if (dh_bits != 0)
- snprintf(kx_name, sizeof(kx_name), "%s-%u", gnutls_kx_get_name(kx), dh_bits);
- else
- snprintf(kx_name, sizeof(kx_name), "%s", gnutls_kx_get_name(kx));
-
- type = gnutls_certificate_type_get (session);
- if (type == GNUTLS_CRT_X509)
- snprintf(proto_name, sizeof(proto_name), "%s-PKIX", gnutls_protocol_get_name(get_num_version(session)));
- else
- snprintf(proto_name, sizeof(proto_name), "%s-%s", gnutls_protocol_get_name(get_num_version(session)),
- gnutls_certificate_type_get_name(type));
-
- gnutls_protocol_get_name(get_num_version (session)),
-
- desc = gnutls_malloc(DESC_SIZE);
- if (desc == NULL)
- return NULL;
-
- snprintf(desc, DESC_SIZE,
- "(%s)-(%s)-(%s)-(%s)",
- proto_name,
- kx_name,
- gnutls_cipher_get_name (gnutls_cipher_get (session)),
- gnutls_mac_get_name (gnutls_mac_get (session)));
-
- return desc;
+ gnutls_kx_algorithm_t kx;
+ unsigned type;
+ char kx_name[32];
+ char proto_name[32];
+ const char *curve_name = NULL;
+ unsigned dh_bits = 0;
+ char *desc;
+
+ kx = session->security_parameters.kx_algorithm;
+
+ if (kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK ||
+ kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA) {
+ curve_name =
+ gnutls_ecc_curve_get_name(gnutls_ecc_curve_get
+ (session));
+ } else if (kx == GNUTLS_KX_ANON_DH || kx == GNUTLS_KX_DHE_PSK
+ || kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) {
+ dh_bits = gnutls_dh_get_prime_bits(session);
+ }
+
+ if (curve_name != NULL)
+ snprintf(kx_name, sizeof(kx_name), "%s-%s",
+ gnutls_kx_get_name(kx), curve_name);
+ else if (dh_bits != 0)
+ snprintf(kx_name, sizeof(kx_name), "%s-%u",
+ gnutls_kx_get_name(kx), dh_bits);
+ else
+ snprintf(kx_name, sizeof(kx_name), "%s",
+ gnutls_kx_get_name(kx));
+
+ type = gnutls_certificate_type_get(session);
+ if (type == GNUTLS_CRT_X509)
+ snprintf(proto_name, sizeof(proto_name), "%s-PKIX",
+ gnutls_protocol_get_name(get_num_version
+ (session)));
+ else
+ snprintf(proto_name, sizeof(proto_name), "%s-%s",
+ gnutls_protocol_get_name(get_num_version
+ (session)),
+ gnutls_certificate_type_get_name(type));
+
+ gnutls_protocol_get_name(get_num_version(session)),
+ desc = gnutls_malloc(DESC_SIZE);
+ if (desc == NULL)
+ return NULL;
+
+ snprintf(desc, DESC_SIZE,
+ "(%s)-(%s)-(%s)-(%s)",
+ proto_name,
+ kx_name,
+ gnutls_cipher_get_name(gnutls_cipher_get(session)),
+ gnutls_mac_get_name(gnutls_mac_get(session)));
+
+ return desc;
}
/**
@@ -886,19 +882,19 @@ gnutls_session_get_desc (gnutls_session_t session)
* an error code is returned.
**/
int
-gnutls_session_set_id (gnutls_session_t session,
- const gnutls_datum_t * sid)
+gnutls_session_set_id(gnutls_session_t session, const gnutls_datum_t * sid)
{
- if (session->security_parameters.entity == GNUTLS_SERVER ||
- sid->size > TLS_MAX_SESSION_ID_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (session->security_parameters.entity == GNUTLS_SERVER ||
+ sid->size > TLS_MAX_SESSION_ID_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- memset (&session->internals.resumed_security_parameters, 0,
- sizeof (session->internals.resumed_security_parameters));
+ memset(&session->internals.resumed_security_parameters, 0,
+ sizeof(session->internals.resumed_security_parameters));
- session->internals.resumed_security_parameters.session_id_size = sid->size;
- memcpy(session->internals.resumed_security_parameters.session_id,
- sid->data, sid->size);
+ session->internals.resumed_security_parameters.session_id_size =
+ sid->size;
+ memcpy(session->internals.resumed_security_parameters.session_id,
+ sid->data, sid->size);
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c
index 82855808e2..bed7d7d5a7 100644
--- a/lib/gnutls_v2_compat.c
+++ b/lib/gnutls_v2_compat.c
@@ -43,45 +43,41 @@
/* This selects the best supported ciphersuite from the ones provided */
static int
-_gnutls_handshake_select_v2_suite (gnutls_session_t session,
- uint8_t * data, unsigned int datalen)
+_gnutls_handshake_select_v2_suite(gnutls_session_t session,
+ uint8_t * data, unsigned int datalen)
{
- unsigned int i, j;
- int ret;
- uint8_t *_data;
- int _datalen;
-
- _gnutls_handshake_log ("HSK[%p]: Parsing a version 2.0 client hello.\n",
- session);
-
- _data = gnutls_malloc (datalen);
- if (_data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (datalen % 3 != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- i = _datalen = 0;
- for (j = 0; j < datalen; j += 3)
- {
- if (data[j] == 0)
- {
- memcpy (&_data[i], &data[j + 1], 2);
- i += 2;
- _datalen += 2;
- }
- }
-
- ret = _gnutls_server_select_suite (session, _data, _datalen);
- gnutls_free (_data);
-
- return ret;
+ unsigned int i, j;
+ int ret;
+ uint8_t *_data;
+ int _datalen;
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Parsing a version 2.0 client hello.\n", session);
+
+ _data = gnutls_malloc(datalen);
+ if (_data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (datalen % 3 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ i = _datalen = 0;
+ for (j = 0; j < datalen; j += 3) {
+ if (data[j] == 0) {
+ memcpy(&_data[i], &data[j + 1], 2);
+ i += 2;
+ _datalen += 2;
+ }
+ }
+
+ ret = _gnutls_server_select_suite(session, _data, _datalen);
+ gnutls_free(_data);
+
+ return ret;
}
@@ -90,166 +86,167 @@ _gnutls_handshake_select_v2_suite (gnutls_session_t session,
* However they set their version to 3.0 or 3.1.
*/
int
-_gnutls_read_client_hello_v2 (gnutls_session_t session, uint8_t * data,
- unsigned int datalen)
+_gnutls_read_client_hello_v2(gnutls_session_t session, uint8_t * data,
+ unsigned int datalen)
{
- uint16_t session_id_len = 0;
- int pos = 0;
- int ret = 0;
- uint16_t sizeOfSuites;
- gnutls_protocol_t adv_version;
- uint8_t rnd[GNUTLS_RANDOM_SIZE];
- int len = datalen;
- int err;
- uint16_t challenge;
- uint8_t session_id[TLS_MAX_SESSION_ID_SIZE];
-
- DECR_LEN (len, 2);
-
- _gnutls_handshake_log
- ("HSK[%p]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
- data[pos], data[pos + 1]);
-
- set_adv_version (session, data[pos], data[pos + 1]);
-
- adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
-
- ret = _gnutls_negotiate_version (session, adv_version);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- pos += 2;
-
- /* Read uint16_t cipher_spec_length */
- DECR_LEN (len, 2);
- sizeOfSuites = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
-
- /* read session id length */
- DECR_LEN (len, 2);
- session_id_len = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
-
- if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- /* read challenge length */
- DECR_LEN (len, 2);
- challenge = _gnutls_read_uint16 (&data[pos]);
- pos += 2;
-
- if (challenge < 16 || challenge > GNUTLS_RANDOM_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
-
- /* call the user hello callback
- */
- ret = _gnutls_user_hello_func (session, adv_version);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* find an appropriate cipher suite */
-
- DECR_LEN (len, sizeOfSuites);
- ret = _gnutls_handshake_select_v2_suite (session, &data[pos], sizeOfSuites);
-
- pos += sizeOfSuites;
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* check if the credentials (username, public key etc.) are ok
- */
- if (_gnutls_get_kx_cred
- (session,
- _gnutls_cipher_suite_get_kx_algo (session->
- security_parameters.cipher_suite),
- &err) == NULL && err != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* set the mod_auth_st to the appropriate struct
- * according to the KX algorithm. This is needed since all the
- * handshake functions are read from there;
- */
- session->internals.auth_struct =
- _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
- (session->
- security_parameters.cipher_suite));
- if (session->internals.auth_struct == NULL)
- {
-
- _gnutls_handshake_log
- ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
- session);
-
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* read random new values -skip session id for now */
- DECR_LEN (len, session_id_len); /* skip session id for now */
- memcpy (session_id, &data[pos], session_id_len);
- pos += session_id_len;
-
- DECR_LEN (len, challenge);
- memset (rnd, 0, GNUTLS_RANDOM_SIZE);
-
- memcpy (&rnd[GNUTLS_RANDOM_SIZE - challenge], &data[pos], challenge);
-
- ret = _gnutls_set_client_random (session, rnd);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* generate server random value */
- ret = _gnutls_set_server_random (session, NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- session->security_parameters.timestamp = gnutls_time (NULL);
-
-
- /* RESUME SESSION */
-
- DECR_LEN (len, session_id_len);
- ret = _gnutls_server_restore_session (session, session_id, session_id_len);
-
- if (ret == 0)
- { /* resumed! */
- /* get the new random values */
- memcpy (session->internals.resumed_security_parameters.server_random,
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
- memcpy (session->internals.resumed_security_parameters.client_random,
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
-
- session->internals.resumed = RESUME_TRUE;
- return 0;
- }
- else
- {
- _gnutls_generate_session_id (session->security_parameters.session_id,
- &session->
- security_parameters.session_id_size);
- session->internals.resumed = RESUME_FALSE;
- }
-
- _gnutls_epoch_set_compression (session, EPOCH_NEXT, GNUTLS_COMP_NULL);
- session->security_parameters.compression_method = GNUTLS_COMP_NULL;
-
- return 0;
+ uint16_t session_id_len = 0;
+ int pos = 0;
+ int ret = 0;
+ uint16_t sizeOfSuites;
+ gnutls_protocol_t adv_version;
+ uint8_t rnd[GNUTLS_RANDOM_SIZE];
+ int len = datalen;
+ int err;
+ uint16_t challenge;
+ uint8_t session_id[TLS_MAX_SESSION_ID_SIZE];
+
+ DECR_LEN(len, 2);
+
+ _gnutls_handshake_log
+ ("HSK[%p]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
+ data[pos], data[pos + 1]);
+
+ set_adv_version(session, data[pos], data[pos + 1]);
+
+ adv_version = _gnutls_version_get(data[pos], data[pos + 1]);
+
+ ret = _gnutls_negotiate_version(session, adv_version);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ pos += 2;
+
+ /* Read uint16_t cipher_spec_length */
+ DECR_LEN(len, 2);
+ sizeOfSuites = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ /* read session id length */
+ DECR_LEN(len, 2);
+ session_id_len = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ if (session_id_len > TLS_MAX_SESSION_ID_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ /* read challenge length */
+ DECR_LEN(len, 2);
+ challenge = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ if (challenge < 16 || challenge > GNUTLS_RANDOM_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+
+ /* call the user hello callback
+ */
+ ret = _gnutls_user_hello_func(session, adv_version);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* find an appropriate cipher suite */
+
+ DECR_LEN(len, sizeOfSuites);
+ ret =
+ _gnutls_handshake_select_v2_suite(session, &data[pos],
+ sizeOfSuites);
+
+ pos += sizeOfSuites;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* check if the credentials (username, public key etc.) are ok
+ */
+ if (_gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo(session->security_parameters.
+ cipher_suite), &err) == NULL
+ && err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
+ (session->security_parameters.
+ cipher_suite));
+ if (session->internals.auth_struct == NULL) {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* read random new values -skip session id for now */
+ DECR_LEN(len, session_id_len); /* skip session id for now */
+ memcpy(session_id, &data[pos], session_id_len);
+ pos += session_id_len;
+
+ DECR_LEN(len, challenge);
+ memset(rnd, 0, GNUTLS_RANDOM_SIZE);
+
+ memcpy(&rnd[GNUTLS_RANDOM_SIZE - challenge], &data[pos],
+ challenge);
+
+ ret = _gnutls_set_client_random(session, rnd);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* generate server random value */
+ ret = _gnutls_set_server_random(session, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->security_parameters.timestamp = gnutls_time(NULL);
+
+
+ /* RESUME SESSION */
+
+ DECR_LEN(len, session_id_len);
+ ret =
+ _gnutls_server_restore_session(session, session_id,
+ session_id_len);
+
+ if (ret == 0) { /* resumed! */
+ /* get the new random values */
+ memcpy(session->internals.resumed_security_parameters.
+ server_random,
+ session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(session->internals.resumed_security_parameters.
+ client_random,
+ session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+
+ session->internals.resumed = RESUME_TRUE;
+ return 0;
+ } else {
+ _gnutls_generate_session_id(session->security_parameters.
+ session_id,
+ &session->security_parameters.
+ session_id_size);
+ session->internals.resumed = RESUME_FALSE;
+ }
+
+ _gnutls_epoch_set_compression(session, EPOCH_NEXT,
+ GNUTLS_COMP_NULL);
+ session->security_parameters.compression_method = GNUTLS_COMP_NULL;
+
+ return 0;
}
diff --git a/lib/gnutls_v2_compat.h b/lib/gnutls_v2_compat.h
index ab8cdd997e..fffd17e5e7 100644
--- a/lib/gnutls_v2_compat.h
+++ b/lib/gnutls_v2_compat.h
@@ -20,5 +20,5 @@
*
*/
-int _gnutls_read_client_hello_v2 (gnutls_session_t session, uint8_t * data,
- unsigned int datalen);
+int _gnutls_read_client_hello_v2(gnutls_session_t session, uint8_t * data,
+ unsigned int datalen);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index e75b8723fc..b4039cd41b 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -45,7 +45,7 @@
#include <gnutls/x509.h>
#include "read-file.h"
#ifdef _WIN32
-# include <wincrypt.h>
+#include <wincrypt.h>
#endif
/*
@@ -56,34 +56,36 @@
* is unacceptable.
*/
inline static int
-check_bits (gnutls_session_t session, gnutls_x509_crt_t crt, unsigned int max_bits)
+check_bits(gnutls_session_t session, gnutls_x509_crt_t crt,
+ unsigned int max_bits)
{
- int ret, pk;
- unsigned int bits;
-
- ret = gnutls_x509_crt_get_pk_algorithm (crt, &bits);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- pk = ret;
-
- if (bits > max_bits && max_bits > 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CONSTRAINT_ERROR;
- }
-
- if (gnutls_pk_bits_to_sec_param(pk, bits) == GNUTLS_SEC_PARAM_INSECURE)
- {
- gnutls_assert();
- _gnutls_audit_log(session, "The security level of the certificate (%s: %u) is weak\n", gnutls_pk_get_name(pk), bits);
- if (session->internals.priorities.allow_weak_keys == 0)
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
- }
-
- return 0;
+ int ret, pk;
+ unsigned int bits;
+
+ ret = gnutls_x509_crt_get_pk_algorithm(crt, &bits);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ pk = ret;
+
+ if (bits > max_bits && max_bits > 0) {
+ gnutls_assert();
+ return GNUTLS_E_CONSTRAINT_ERROR;
+ }
+
+ if (gnutls_pk_bits_to_sec_param(pk, bits) ==
+ GNUTLS_SEC_PARAM_INSECURE) {
+ gnutls_assert();
+ _gnutls_audit_log(session,
+ "The security level of the certificate (%s: %u) is weak\n",
+ gnutls_pk_get_name(pk), bits);
+ if (session->internals.priorities.allow_weak_keys == 0)
+ return
+ gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR);
+ }
+
+ return 0;
}
/* three days */
@@ -95,108 +97,106 @@ check_bits (gnutls_session_t session, gnutls_x509_crt_t crt, unsigned int max_bi
* Zero on success, a negative error code otherwise.
*/
static int
-check_ocsp_response (gnutls_session_t session, gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer,
- gnutls_datum_t *data, unsigned int * ostatus)
+check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer,
+ gnutls_datum_t * data, unsigned int *ostatus)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- unsigned int status, cert_status;
- time_t rtime, vtime, ntime, now;
- int check_failed = 0;
-
- now = gnutls_time(0);
-
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_ocsp_resp_import (resp, data);
- if (ret < 0)
- {
- _gnutls_audit_log (session, "There was an error parsing the OCSP response: %s.\n", gnutls_strerror(ret));
- ret = gnutls_assert_val(0);
- check_failed = 1;
- goto cleanup;
- }
-
- ret = gnutls_ocsp_resp_check_crt(resp, 0, cert);
- if (ret < 0)
- {
- ret = gnutls_assert_val(0);
- _gnutls_audit_log (session, "Got OCSP response with an unrelated certificate.\n");
- check_failed = 1;
- goto cleanup;
- }
-
- ret = gnutls_ocsp_resp_verify_direct( resp, issuer, &status, 0);
- if (ret < 0)
- {
- ret = gnutls_assert_val(0);
- gnutls_assert();
- check_failed = 1;
- goto cleanup;
- }
-
- /* do not consider revocation data if response was not verified */
- if (status != 0)
- {
- ret = gnutls_assert_val(0);
- check_failed = 1;
- goto cleanup;
- }
-
- ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL,
- &cert_status, &vtime, &ntime, &rtime, NULL);
- if (ret < 0)
- {
- _gnutls_audit_log (session, "There was an error parsing the OCSP response: %s.\n", gnutls_strerror(ret));
- ret = gnutls_assert_val(0);
- check_failed = 1;
- goto cleanup;
- }
-
- if (cert_status == GNUTLS_OCSP_CERT_REVOKED)
- {
- _gnutls_audit_log(session, "The certificate was revoked via OCSP\n");
- check_failed = 1;
- *ostatus |= GNUTLS_CERT_REVOKED;
- ret = gnutls_assert_val(0);
- goto cleanup;
- }
-
- /* Report but do not fail on the following errors. That is
- * because including the OCSP response in the handshake shouldn't
- * cause more problems that not including it.
- */
- if (ntime == -1)
- {
- if (now - vtime > MAX_OCSP_VALIDITY_SECS)
- {
- _gnutls_audit_log(session, "The OCSP response is old\n");
- check_failed = 1;
- goto cleanup;
- }
- }
- else
- {
- /* there is a newer OCSP answer, don't trust this one */
- if (ntime < now)
- {
- _gnutls_audit_log(session, "There is a newer OCSP response but was not provided by the server\n");
- check_failed = 1;
- goto cleanup;
- }
- }
-
- ret = 0;
-cleanup:
- if (check_failed == 0)
- session->internals.ocsp_check_ok = 1;
-
- gnutls_ocsp_resp_deinit (resp);
-
- return ret;
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ unsigned int status, cert_status;
+ time_t rtime, vtime, ntime, now;
+ int check_failed = 0;
+
+ now = gnutls_time(0);
+
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_ocsp_resp_import(resp, data);
+ if (ret < 0) {
+ _gnutls_audit_log(session,
+ "There was an error parsing the OCSP response: %s.\n",
+ gnutls_strerror(ret));
+ ret = gnutls_assert_val(0);
+ check_failed = 1;
+ goto cleanup;
+ }
+
+ ret = gnutls_ocsp_resp_check_crt(resp, 0, cert);
+ if (ret < 0) {
+ ret = gnutls_assert_val(0);
+ _gnutls_audit_log(session,
+ "Got OCSP response with an unrelated certificate.\n");
+ check_failed = 1;
+ goto cleanup;
+ }
+
+ ret = gnutls_ocsp_resp_verify_direct(resp, issuer, &status, 0);
+ if (ret < 0) {
+ ret = gnutls_assert_val(0);
+ gnutls_assert();
+ check_failed = 1;
+ goto cleanup;
+ }
+
+ /* do not consider revocation data if response was not verified */
+ if (status != 0) {
+ ret = gnutls_assert_val(0);
+ check_failed = 1;
+ goto cleanup;
+ }
+
+ ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL,
+ &cert_status, &vtime, &ntime,
+ &rtime, NULL);
+ if (ret < 0) {
+ _gnutls_audit_log(session,
+ "There was an error parsing the OCSP response: %s.\n",
+ gnutls_strerror(ret));
+ ret = gnutls_assert_val(0);
+ check_failed = 1;
+ goto cleanup;
+ }
+
+ if (cert_status == GNUTLS_OCSP_CERT_REVOKED) {
+ _gnutls_audit_log(session,
+ "The certificate was revoked via OCSP\n");
+ check_failed = 1;
+ *ostatus |= GNUTLS_CERT_REVOKED;
+ ret = gnutls_assert_val(0);
+ goto cleanup;
+ }
+
+ /* Report but do not fail on the following errors. That is
+ * because including the OCSP response in the handshake shouldn't
+ * cause more problems that not including it.
+ */
+ if (ntime == -1) {
+ if (now - vtime > MAX_OCSP_VALIDITY_SECS) {
+ _gnutls_audit_log(session,
+ "The OCSP response is old\n");
+ check_failed = 1;
+ goto cleanup;
+ }
+ } else {
+ /* there is a newer OCSP answer, don't trust this one */
+ if (ntime < now) {
+ _gnutls_audit_log(session,
+ "There is a newer OCSP response but was not provided by the server\n");
+ check_failed = 1;
+ goto cleanup;
+ }
+ }
+
+ ret = 0;
+ cleanup:
+ if (check_failed == 0)
+ session->internals.ocsp_check_ok = 1;
+
+ gnutls_ocsp_resp_deinit(resp);
+
+ return ret;
}
#endif
@@ -217,390 +217,386 @@ cleanup:
* actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
-*/
int
-_gnutls_x509_cert_verify_peers (gnutls_session_t session,
- const char* hostname,
- unsigned int *status)
+_gnutls_x509_cert_verify_peers(gnutls_session_t session,
+ const char *hostname, unsigned int *status)
{
- cert_auth_info_t info;
- gnutls_certificate_credentials_t cred;
- gnutls_x509_crt_t *peer_certificate_list;
- gnutls_datum_t resp;
- int peer_certificate_list_size, i, x, ret;
- gnutls_x509_crt_t issuer;
- unsigned int ocsp_status = 0;
- unsigned int verify_flags;
-
- /* No OCSP check so far */
- session->internals.ocsp_check_ok = 0;
-
- CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- if (info->ncerts > cred->verify_depth && cred->verify_depth > 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CONSTRAINT_ERROR;
- }
-
- verify_flags = cred->verify_flags | session->internals.priorities.additional_verify_flags;
- /* generate a list of gnutls_certs based on the auth info
- * raw certs.
- */
- peer_certificate_list_size = info->ncerts;
- peer_certificate_list =
- gnutls_calloc (peer_certificate_list_size, sizeof (gnutls_x509_crt_t));
- if (peer_certificate_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (i = 0; i < peer_certificate_list_size; i++)
- {
- ret = gnutls_x509_crt_init (&peer_certificate_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
-
- ret =
- gnutls_x509_crt_import (peer_certificate_list[i],
- &info->raw_certificate_list[i],
- GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
-
- ret = check_bits (session, peer_certificate_list[i], cred->verify_bits);
- if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
-
- }
-
- /* Use the OCSP extension if any */
- if (verify_flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS)
- goto skip_ocsp;
-
- ret = gnutls_ocsp_status_request_get(session, &resp);
- if (ret < 0)
- goto skip_ocsp;
-
- if (peer_certificate_list_size > 1)
- issuer = peer_certificate_list[1];
- else
- {
- ret = gnutls_x509_trust_list_get_issuer(cred->tlist, peer_certificate_list[0],
- &issuer, 0);
- if (ret < 0)
- {
- goto skip_ocsp;
- }
- }
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ gnutls_x509_crt_t *peer_certificate_list;
+ gnutls_datum_t resp;
+ int peer_certificate_list_size, i, x, ret;
+ gnutls_x509_crt_t issuer;
+ unsigned int ocsp_status = 0;
+ unsigned int verify_flags;
+
+ /* No OCSP check so far */
+ session->internals.ocsp_check_ok = 0;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ if (info->ncerts > cred->verify_depth && cred->verify_depth > 0) {
+ gnutls_assert();
+ return GNUTLS_E_CONSTRAINT_ERROR;
+ }
+
+ verify_flags =
+ cred->verify_flags | session->internals.priorities.
+ additional_verify_flags;
+ /* generate a list of gnutls_certs based on the auth info
+ * raw certs.
+ */
+ peer_certificate_list_size = info->ncerts;
+ peer_certificate_list =
+ gnutls_calloc(peer_certificate_list_size,
+ sizeof(gnutls_x509_crt_t));
+ if (peer_certificate_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < peer_certificate_list_size; i++) {
+ ret = gnutls_x509_crt_init(&peer_certificate_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crt_import(peer_certificate_list[i],
+ &info->raw_certificate_list[i],
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ ret =
+ check_bits(session, peer_certificate_list[i],
+ cred->verify_bits);
+ if (ret < 0) {
+ gnutls_assert();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ }
+
+ /* Use the OCSP extension if any */
+ if (verify_flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS)
+ goto skip_ocsp;
+
+ ret = gnutls_ocsp_status_request_get(session, &resp);
+ if (ret < 0)
+ goto skip_ocsp;
+
+ if (peer_certificate_list_size > 1)
+ issuer = peer_certificate_list[1];
+ else {
+ ret =
+ gnutls_x509_trust_list_get_issuer(cred->tlist,
+ peer_certificate_list
+ [0], &issuer, 0);
+ if (ret < 0) {
+ goto skip_ocsp;
+ }
+ }
#ifdef ENABLE_OCSP
- ret = check_ocsp_response(session, peer_certificate_list[0], issuer, &resp, &ocsp_status);
- if (ret < 0)
- {
- CLEAR_CERTS;
- return gnutls_assert_val(ret);
- }
+ ret =
+ check_ocsp_response(session, peer_certificate_list[0], issuer,
+ &resp, &ocsp_status);
+ if (ret < 0) {
+ CLEAR_CERTS;
+ return gnutls_assert_val(ret);
+ }
#endif
-skip_ocsp:
- /* Verify certificate
- */
- ret = gnutls_x509_trust_list_verify_crt (cred->tlist, peer_certificate_list,
- peer_certificate_list_size,
- verify_flags, status, NULL);
-
- if (ret < 0)
- {
- gnutls_assert ();
- CLEAR_CERTS;
- return ret;
- }
-
- if (hostname)
- {
- ret = gnutls_x509_crt_check_hostname( peer_certificate_list[0], hostname);
- if (ret == 0)
- *status |= GNUTLS_CERT_UNEXPECTED_OWNER;
- }
-
- CLEAR_CERTS;
-
- *status |= ocsp_status;
-
- return 0;
+ skip_ocsp:
+ /* Verify certificate
+ */
+ ret =
+ gnutls_x509_trust_list_verify_crt(cred->tlist,
+ peer_certificate_list,
+ peer_certificate_list_size,
+ verify_flags, status, NULL);
+
+ if (ret < 0) {
+ gnutls_assert();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ if (hostname) {
+ ret =
+ gnutls_x509_crt_check_hostname(peer_certificate_list
+ [0], hostname);
+ if (ret == 0)
+ *status |= GNUTLS_CERT_UNEXPECTED_OWNER;
+ }
+
+ CLEAR_CERTS;
+
+ *status |= ocsp_status;
+
+ return 0;
}
/* Returns the name of the certificate of a null name
*/
-static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t *names)
+static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names)
{
-size_t max_size;
-int i, ret = 0, ret2;
-char name[MAX_CN];
-
- for (i = 0; !(ret < 0); i++)
- {
- max_size = sizeof(name);
-
- ret = gnutls_x509_crt_get_subject_alt_name(crt, i, name, &max_size, NULL);
- if (ret == GNUTLS_SAN_DNSNAME)
- {
- ret2 = _gnutls_str_array_append(names, name, max_size);
- if (ret2 < 0)
- {
- _gnutls_str_array_clear(names);
- return gnutls_assert_val(ret2);
- }
- }
- }
-
- max_size = sizeof(name);
- ret = gnutls_x509_crt_get_dn_by_oid (crt, OID_X520_COMMON_NAME, 0, 0, name, &max_size);
- if (ret >= 0)
- {
- ret = _gnutls_str_array_append(names, name, max_size);
- if (ret < 0)
- {
- _gnutls_str_array_clear(names);
- return gnutls_assert_val(ret);
- }
- }
-
- return 0;
+ size_t max_size;
+ int i, ret = 0, ret2;
+ char name[MAX_CN];
+
+ for (i = 0; !(ret < 0); i++) {
+ max_size = sizeof(name);
+
+ ret =
+ gnutls_x509_crt_get_subject_alt_name(crt, i, name,
+ &max_size, NULL);
+ if (ret == GNUTLS_SAN_DNSNAME) {
+ ret2 =
+ _gnutls_str_array_append(names, name,
+ max_size);
+ if (ret2 < 0) {
+ _gnutls_str_array_clear(names);
+ return gnutls_assert_val(ret2);
+ }
+ }
+ }
+
+ max_size = sizeof(name);
+ ret =
+ gnutls_x509_crt_get_dn_by_oid(crt, OID_X520_COMMON_NAME, 0, 0,
+ name, &max_size);
+ if (ret >= 0) {
+ ret = _gnutls_str_array_append(names, name, max_size);
+ if (ret < 0) {
+ _gnutls_str_array_clear(names);
+ return gnutls_assert_val(ret);
+ }
+ }
+
+ return 0;
}
-static int get_x509_name_raw(gnutls_datum_t *raw, gnutls_x509_crt_fmt_t type, gnutls_str_array_t *names)
+static int get_x509_name_raw(gnutls_datum_t * raw,
+ gnutls_x509_crt_fmt_t type,
+ gnutls_str_array_t * names)
{
-int ret;
-gnutls_x509_crt_t crt;
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_x509_crt_import (crt, raw, type);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (crt);
- return ret;
- }
-
- ret = get_x509_name(crt, names);
- gnutls_x509_crt_deinit (crt);
- return ret;
+ int ret;
+ gnutls_x509_crt_t crt;
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_import(crt, raw, type);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(crt);
+ return ret;
+ }
+
+ ret = get_x509_name(crt, names);
+ gnutls_x509_crt_deinit(crt);
+ return ret;
}
/* Reads a DER encoded certificate list from memory and stores it to a
* gnutls_cert structure. Returns the number of certificates parsed.
*/
static int
-parse_der_cert_mem (gnutls_certificate_credentials_t res,
- const void *input_cert, int input_cert_size)
+parse_der_cert_mem(gnutls_certificate_credentials_t res,
+ const void *input_cert, int input_cert_size)
{
- gnutls_datum_t tmp;
- gnutls_x509_crt_t crt;
- gnutls_pcert_st *ccert;
- int ret;
- gnutls_str_array_t names;
-
- _gnutls_str_array_init(&names);
-
- ccert = gnutls_malloc (sizeof (*ccert));
- if (ccert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- tmp.data = (uint8_t *) input_cert;
- tmp.size = input_cert_size;
-
- ret = gnutls_x509_crt_import (crt, &tmp, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (crt);
- goto cleanup;
- }
-
- ret = get_x509_name(crt, &names);
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_x509_crt_deinit (crt);
- goto cleanup;
- }
-
- ret = gnutls_pcert_import_x509 (ccert, crt, 0);
- gnutls_x509_crt_deinit (crt);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = certificate_credential_append_crt_list (res, names, ccert, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return ret;
-
-cleanup:
- _gnutls_str_array_clear(&names);
- gnutls_free (ccert);
- return ret;
+ gnutls_datum_t tmp;
+ gnutls_x509_crt_t crt;
+ gnutls_pcert_st *ccert;
+ int ret;
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
+
+ ccert = gnutls_malloc(sizeof(*ccert));
+ if (ccert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ tmp.data = (uint8_t *) input_cert;
+ tmp.size = input_cert_size;
+
+ ret = gnutls_x509_crt_import(crt, &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(crt);
+ goto cleanup;
+ }
+
+ ret = get_x509_name(crt, &names);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(crt);
+ goto cleanup;
+ }
+
+ ret = gnutls_pcert_import_x509(ccert, crt, 0);
+ gnutls_x509_crt_deinit(crt);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = certificate_credential_append_crt_list(res, names, ccert, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return ret;
+
+ cleanup:
+ _gnutls_str_array_clear(&names);
+ gnutls_free(ccert);
+ return ret;
}
/* Reads a base64 encoded certificate list from memory and stores it to
* a gnutls_cert structure. Returns the number of certificate parsed.
*/
static int
-parse_pem_cert_mem (gnutls_certificate_credentials_t res,
- const char *input_cert, int input_cert_size)
+parse_pem_cert_mem(gnutls_certificate_credentials_t res,
+ const char *input_cert, int input_cert_size)
{
- int size;
- const char *ptr;
- gnutls_datum_t tmp;
- int ret, count, i;
- gnutls_pcert_st *certs = NULL;
- gnutls_str_array_t names;
-
- _gnutls_str_array_init(&names);
-
- /* move to the certificate
- */
- ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr == NULL)
- ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
-
- if (ptr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
- size = input_cert_size - (ptr - input_cert);
-
- count = 0;
-
- do
- {
- certs = gnutls_realloc_fast (certs, (count + 1) * sizeof (gnutls_pcert_st));
-
- if (certs == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- tmp.data = (void*)ptr;
- tmp.size = size;
-
- if (count == 0)
- {
- ret = get_x509_name_raw(&tmp, GNUTLS_X509_FMT_PEM, &names);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = gnutls_pcert_import_x509_raw (&certs[count], &tmp, GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* now we move ptr after the pem header
- */
- ptr++;
- /* find the next certificate (if any)
- */
- size = input_cert_size - (ptr - input_cert);
-
- if (size > 0)
- {
- char *ptr3;
-
- ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr3 == NULL)
- ptr3 = memmem (ptr, size, PEM_CERT_SEP2,
- sizeof (PEM_CERT_SEP2) - 1);
-
- ptr = ptr3;
- }
- else
- ptr = NULL;
-
- count++;
-
- }
- while (ptr != NULL);
-
- ret = certificate_credential_append_crt_list (res, names, certs, count);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return count;
-
-cleanup:
- _gnutls_str_array_clear(&names);
- for (i=0;i<count;i++)
- gnutls_pcert_deinit(&certs[i]);
- gnutls_free(certs);
- return ret;
+ int size;
+ const char *ptr;
+ gnutls_datum_t tmp;
+ int ret, count, i;
+ gnutls_pcert_st *certs = NULL;
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
+
+ /* move to the certificate
+ */
+ ptr = memmem(input_cert, input_cert_size,
+ PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1);
+ if (ptr == NULL)
+ ptr = memmem(input_cert, input_cert_size,
+ PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1);
+
+ if (ptr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ size = input_cert_size - (ptr - input_cert);
+
+ count = 0;
+
+ do {
+ certs =
+ gnutls_realloc_fast(certs,
+ (count +
+ 1) * sizeof(gnutls_pcert_st));
+
+ if (certs == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ tmp.data = (void *) ptr;
+ tmp.size = size;
+
+ if (count == 0) {
+ ret =
+ get_x509_name_raw(&tmp, GNUTLS_X509_FMT_PEM,
+ &names);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ gnutls_pcert_import_x509_raw(&certs[count], &tmp,
+ GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+ size = input_cert_size - (ptr - input_cert);
+
+ if (size > 0) {
+ char *ptr3;
+
+ ptr3 =
+ memmem(ptr, size, PEM_CERT_SEP,
+ sizeof(PEM_CERT_SEP) - 1);
+ if (ptr3 == NULL)
+ ptr3 = memmem(ptr, size, PEM_CERT_SEP2,
+ sizeof(PEM_CERT_SEP2) - 1);
+
+ ptr = ptr3;
+ } else
+ ptr = NULL;
+
+ count++;
+
+ }
+ while (ptr != NULL);
+
+ ret =
+ certificate_credential_append_crt_list(res, names, certs,
+ count);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return count;
+
+ cleanup:
+ _gnutls_str_array_clear(&names);
+ for (i = 0; i < count; i++)
+ gnutls_pcert_deinit(&certs[i]);
+ gnutls_free(certs);
+ return ret;
}
@@ -608,37 +604,36 @@ cleanup:
/* Reads a DER or PEM certificate from memory
*/
static int
-read_cert_mem (gnutls_certificate_credentials_t res, const void *cert,
- int cert_size, gnutls_x509_crt_fmt_t type)
+read_cert_mem(gnutls_certificate_credentials_t res, const void *cert,
+ int cert_size, gnutls_x509_crt_fmt_t type)
{
- int ret;
+ int ret;
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_cert_mem (res, cert, cert_size);
- else
- ret = parse_pem_cert_mem (res, cert, cert_size);
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_cert_mem(res, cert, cert_size);
+ else
+ ret = parse_pem_cert_mem(res, cert, cert_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return ret;
+ return ret;
}
-static int tmp_pin_cb(void* userdata, int attempt, const char *token_url, const char *token_label,
- unsigned int flags, char *pin, size_t pin_max)
+static int tmp_pin_cb(void *userdata, int attempt, const char *token_url,
+ const char *token_label, unsigned int flags,
+ char *pin, size_t pin_max)
{
-const char* tmp_pin = userdata;
-
- if (attempt == 0)
- {
- snprintf(pin, pin_max, "%s", tmp_pin);
- return 0;
- }
-
- return -1;
+ const char *tmp_pin = userdata;
+
+ if (attempt == 0) {
+ snprintf(pin, pin_max, "%s", tmp_pin);
+ return 0;
+ }
+
+ return -1;
}
/* Reads a PEM encoded PKCS-1 RSA/DSA private key from memory. Type
@@ -646,174 +641,170 @@ const char* tmp_pin = userdata;
* that GnuTLS doesn't know the private key.
*/
static int
-read_key_mem (gnutls_certificate_credentials_t res,
- const void *key, int key_size, gnutls_x509_crt_fmt_t type,
- const char* pass, unsigned int flags)
+read_key_mem(gnutls_certificate_credentials_t res,
+ const void *key, int key_size, gnutls_x509_crt_fmt_t type,
+ const char *pass, unsigned int flags)
{
- int ret;
- gnutls_datum_t tmp;
- gnutls_privkey_t privkey;
-
- if (key)
- {
- tmp.data = (uint8_t *) key;
- tmp.size = key_size;
-
- ret = gnutls_privkey_init(&privkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (res->pin.cb)
- gnutls_privkey_set_pin_function(privkey, res->pin.cb, res->pin.data);
- else if (pass != NULL)
- {
- snprintf(res->pin_tmp, sizeof(res->pin_tmp), "%s", pass);
- gnutls_privkey_set_pin_function(privkey, tmp_pin_cb, res->pin_tmp);
- }
-
- ret = gnutls_privkey_import_x509_raw (privkey, &tmp, type, pass, flags);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = certificate_credentials_append_pkey (res, privkey);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_privkey_deinit (privkey);
- return ret;
- }
-
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
-
- return 0;
+ int ret;
+ gnutls_datum_t tmp;
+ gnutls_privkey_t privkey;
+
+ if (key) {
+ tmp.data = (uint8_t *) key;
+ tmp.size = key_size;
+
+ ret = gnutls_privkey_init(&privkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (res->pin.cb)
+ gnutls_privkey_set_pin_function(privkey,
+ res->pin.cb,
+ res->pin.data);
+ else if (pass != NULL) {
+ snprintf(res->pin_tmp, sizeof(res->pin_tmp), "%s",
+ pass);
+ gnutls_privkey_set_pin_function(privkey,
+ tmp_pin_cb,
+ res->pin_tmp);
+ }
+
+ ret =
+ gnutls_privkey_import_x509_raw(privkey, &tmp, type,
+ pass, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = certificate_credentials_append_pkey(res, privkey);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_privkey_deinit(privkey);
+ return ret;
+ }
+
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+
+ return 0;
}
/* Reads a private key from a token.
*/
static int
-read_key_url (gnutls_certificate_credentials_t res, const char *url)
+read_key_url(gnutls_certificate_credentials_t res, const char *url)
{
- int ret;
- gnutls_privkey_t pkey = NULL;
-
- /* allocate space for the pkey list
- */
- ret = gnutls_privkey_init (&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (res->pin.cb)
- gnutls_privkey_set_pin_function(pkey, res->pin.cb, res->pin.data);
-
- ret = gnutls_privkey_import_url (pkey, url, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = certificate_credentials_append_pkey (res, pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- if (pkey)
- gnutls_privkey_deinit (pkey);
-
- return ret;
+ int ret;
+ gnutls_privkey_t pkey = NULL;
+
+ /* allocate space for the pkey list
+ */
+ ret = gnutls_privkey_init(&pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (res->pin.cb)
+ gnutls_privkey_set_pin_function(pkey, res->pin.cb,
+ res->pin.data);
+
+ ret = gnutls_privkey_import_url(pkey, url, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = certificate_credentials_append_pkey(res, pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ if (pkey)
+ gnutls_privkey_deinit(pkey);
+
+ return ret;
}
#ifdef ENABLE_PKCS11
static int
-read_cas_url (gnutls_certificate_credentials_t res, const char *url)
+read_cas_url(gnutls_certificate_credentials_t res, const char *url)
{
- int ret;
- gnutls_x509_crt_t *xcrt_list = NULL;
- gnutls_pkcs11_obj_t *pcrt_list = NULL;
- unsigned int pcrt_list_size = 0;
-
- /* FIXME: should we use login? */
- ret =
- gnutls_pkcs11_obj_list_import_url (NULL, &pcrt_list_size, url,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (pcrt_list_size == 0)
- {
- gnutls_assert ();
- return 0;
- }
-
- pcrt_list = gnutls_malloc (sizeof (*pcrt_list) * pcrt_list_size);
- if (pcrt_list == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret =
- gnutls_pkcs11_obj_list_import_url (pcrt_list, &pcrt_list_size, url,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- xcrt_list = gnutls_malloc (sizeof (*xcrt_list) * pcrt_list_size);
- if (xcrt_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret =
- gnutls_x509_crt_list_import_pkcs11 (xcrt_list, pcrt_list_size, pcrt_list,
- 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_cas(res->tlist, xcrt_list, pcrt_list_size, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
-cleanup:
- gnutls_free (xcrt_list);
- gnutls_free (pcrt_list);
-
- return ret;
+ int ret;
+ gnutls_x509_crt_t *xcrt_list = NULL;
+ gnutls_pkcs11_obj_t *pcrt_list = NULL;
+ unsigned int pcrt_list_size = 0;
+
+ /* FIXME: should we use login? */
+ ret =
+ gnutls_pkcs11_obj_list_import_url(NULL, &pcrt_list_size, url,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA,
+ 0);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (pcrt_list_size == 0) {
+ gnutls_assert();
+ return 0;
+ }
+
+ pcrt_list = gnutls_malloc(sizeof(*pcrt_list) * pcrt_list_size);
+ if (pcrt_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url(pcrt_list, &pcrt_list_size,
+ url,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA,
+ 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ xcrt_list = gnutls_malloc(sizeof(*xcrt_list) * pcrt_list_size);
+ if (xcrt_list == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size,
+ pcrt_list, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_cas(res->tlist, xcrt_list,
+ pcrt_list_size, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ cleanup:
+ gnutls_free(xcrt_list);
+ gnutls_free(pcrt_list);
+
+ return ret;
}
@@ -821,108 +812,101 @@ cleanup:
/* Reads a certificate key from a token.
*/
static int
-read_cert_url (gnutls_certificate_credentials_t res, const char *url)
+read_cert_url(gnutls_certificate_credentials_t res, const char *url)
{
- int ret;
- gnutls_x509_crt_t crt;
- gnutls_pcert_st *ccert;
- gnutls_str_array_t names;
-
- _gnutls_str_array_init(&names);
-
- ccert = gnutls_malloc (sizeof (*ccert));
- if (ccert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (res->pin.cb)
- gnutls_x509_crt_set_pin_function(crt, res->pin.cb, res->pin.data);
-
- ret = gnutls_x509_crt_import_pkcs11_url (crt, url, 0);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- ret =
- gnutls_x509_crt_import_pkcs11_url (crt, url,
- GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
-
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (crt);
- goto cleanup;
- }
-
- ret = get_x509_name(crt, &names);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (crt);
- goto cleanup;
- }
-
- ret = gnutls_pcert_import_x509 (ccert, crt, 0);
- gnutls_x509_crt_deinit (crt);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = certificate_credential_append_crt_list (res, names, ccert, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- _gnutls_str_array_clear(&names);
- gnutls_free (ccert);
- return ret;
+ int ret;
+ gnutls_x509_crt_t crt;
+ gnutls_pcert_st *ccert;
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
+
+ ccert = gnutls_malloc(sizeof(*ccert));
+ if (ccert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (res->pin.cb)
+ gnutls_x509_crt_set_pin_function(crt, res->pin.cb,
+ res->pin.data);
+
+ ret = gnutls_x509_crt_import_pkcs11_url(crt, url, 0);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ ret =
+ gnutls_x509_crt_import_pkcs11_url(crt, url,
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(crt);
+ goto cleanup;
+ }
+
+ ret = get_x509_name(crt, &names);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(crt);
+ goto cleanup;
+ }
+
+ ret = gnutls_pcert_import_x509(ccert, crt, 0);
+ gnutls_x509_crt_deinit(crt);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = certificate_credential_append_crt_list(res, names, ccert, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_str_array_clear(&names);
+ gnutls_free(ccert);
+ return ret;
}
#else
-# define read_cert_url(x,y) gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)
-# define read_cas_url(x,y) gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)
+#define read_cert_url(x,y) gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)
+#define read_cas_url(x,y) gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)
#endif
/* Reads a certificate file
*/
static int
-read_cert_file (gnutls_certificate_credentials_t res,
- const char *certfile, gnutls_x509_crt_fmt_t type)
+read_cert_file(gnutls_certificate_credentials_t res,
+ const char *certfile, gnutls_x509_crt_fmt_t type)
{
- int ret;
- size_t size;
- char *data;
+ int ret;
+ size_t size;
+ char *data;
- if (strncmp (certfile, "pkcs11:", 7) == 0)
- {
- return read_cert_url (res, certfile);
- }
+ if (strncmp(certfile, "pkcs11:", 7) == 0) {
+ return read_cert_url(res, certfile);
+ }
- data = read_binary_file (certfile, &size);
+ data = read_binary_file(certfile, &size);
- if (data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
- ret = read_cert_mem (res, data, size, type);
- free (data);
+ ret = read_cert_mem(res, data, size, type);
+ free(data);
- return ret;
+ return ret;
}
@@ -932,34 +916,34 @@ read_cert_file (gnutls_certificate_credentials_t res,
* stores it).
*/
static int
-read_key_file (gnutls_certificate_credentials_t res,
- const char *keyfile, gnutls_x509_crt_fmt_t type, const char* pass,
- unsigned int flags)
+read_key_file(gnutls_certificate_credentials_t res,
+ const char *keyfile, gnutls_x509_crt_fmt_t type,
+ const char *pass, unsigned int flags)
{
- int ret;
- size_t size;
- char *data;
-
- if (_gnutls_url_is_known(keyfile))
- {
- if (gnutls_url_is_supported(keyfile))
- return read_key_url (res, keyfile);
- else
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- }
-
- data = read_binary_file (keyfile, &size);
-
- if (data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- ret = read_key_mem (res, data, size, type, pass, flags);
- free (data);
-
- return ret;
+ int ret;
+ size_t size;
+ char *data;
+
+ if (_gnutls_url_is_known(keyfile)) {
+ if (gnutls_url_is_supported(keyfile))
+ return read_key_url(res, keyfile);
+ else
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
+
+ data = read_binary_file(keyfile, &size);
+
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ ret = read_key_mem(res, data, size, type, pass, flags);
+ free(data);
+
+ return ret;
}
/**
@@ -987,12 +971,13 @@ read_key_file (gnutls_certificate_credentials_t res,
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
int
-gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_x509_crt_fmt_t type)
{
- return gnutls_certificate_set_x509_key_mem2(res, cert, key, type, NULL, 0);
+ return gnutls_certificate_set_x509_key_mem2(res, cert, key, type,
+ NULL, 0);
}
/**
@@ -1022,137 +1007,137 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res,
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
int
-gnutls_certificate_set_x509_key_mem2 (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_x509_crt_fmt_t type,
- const char* pass,
- unsigned int flags)
+gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_x509_crt_fmt_t type,
+ const char *pass, unsigned int flags)
{
- int ret;
+ int ret;
- /* this should be first
- */
- if ((ret = read_key_mem (res, key ? key->data : NULL,
- key ? key->size : 0, type, pass, flags)) < 0)
- return ret;
+ /* this should be first
+ */
+ if ((ret = read_key_mem(res, key ? key->data : NULL,
+ key ? key->size : 0, type, pass,
+ flags)) < 0)
+ return ret;
- if ((ret = read_cert_mem (res, cert->data, cert->size, type)) < 0)
- return ret;
+ if ((ret = read_cert_mem(res, cert->data, cert->size, type)) < 0)
+ return ret;
- res->ncerts++;
+ res->ncerts++;
- if (key && (ret = _gnutls_check_key_cert_match (res)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (key && (ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
static int check_if_sorted(gnutls_pcert_st * crt, int nr)
{
-gnutls_x509_crt_t x509;
-char prev_dn[MAX_DN];
-char dn[MAX_DN];
-size_t prev_dn_size, dn_size;
-int i, ret;
-
- /* check if the X.509 list is ordered */
- if (nr > 1 && crt[0].type == GNUTLS_CRT_X509)
- {
-
- for (i=0;i<nr;i++)
- {
- ret = gnutls_x509_crt_init(&x509);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_crt_import(x509, &crt[i].cert, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- if (i>0)
- {
- dn_size = sizeof(dn);
- ret = gnutls_x509_crt_get_dn(x509, dn, &dn_size);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- if (dn_size != prev_dn_size || memcmp(dn, prev_dn, dn_size) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_CERTIFICATE_LIST_UNSORTED);
- goto cleanup;
- }
- }
-
- prev_dn_size = sizeof(prev_dn);
- ret = gnutls_x509_crt_get_issuer_dn(x509, prev_dn, &prev_dn_size);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- gnutls_x509_crt_deinit(x509);
- }
- }
-
- return 0;
-
-cleanup:
- gnutls_x509_crt_deinit(x509);
- return ret;
+ gnutls_x509_crt_t x509;
+ char prev_dn[MAX_DN];
+ char dn[MAX_DN];
+ size_t prev_dn_size, dn_size;
+ int i, ret;
+
+ /* check if the X.509 list is ordered */
+ if (nr > 1 && crt[0].type == GNUTLS_CRT_X509) {
+
+ for (i = 0; i < nr; i++) {
+ ret = gnutls_x509_crt_init(&x509);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_x509_crt_import(x509, &crt[i].cert,
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ if (i > 0) {
+ dn_size = sizeof(dn);
+ ret =
+ gnutls_x509_crt_get_dn(x509, dn,
+ &dn_size);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ if (dn_size != prev_dn_size
+ || memcmp(dn, prev_dn, dn_size) != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_CERTIFICATE_LIST_UNSORTED);
+ goto cleanup;
+ }
+ }
+
+ prev_dn_size = sizeof(prev_dn);
+ ret =
+ gnutls_x509_crt_get_issuer_dn(x509, prev_dn,
+ &prev_dn_size);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ gnutls_x509_crt_deinit(x509);
+ }
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_x509_crt_deinit(x509);
+ return ret;
}
int
-certificate_credential_append_crt_list (gnutls_certificate_credentials_t res,
- gnutls_str_array_t names, gnutls_pcert_st * crt, int nr)
+certificate_credential_append_crt_list(gnutls_certificate_credentials_t
+ res, gnutls_str_array_t names,
+ gnutls_pcert_st * crt, int nr)
{
-int ret;
+ int ret;
- ret = check_if_sorted(crt, nr);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = check_if_sorted(crt, nr);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- res->certs = gnutls_realloc_fast (res->certs,
- (1 + res->ncerts) *
- sizeof (certs_st));
- if (res->certs == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ res->certs = gnutls_realloc_fast(res->certs,
+ (1 + res->ncerts) *
+ sizeof(certs_st));
+ if (res->certs == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- res->certs[res->ncerts].cert_list = crt;
- res->certs[res->ncerts].cert_list_length = nr;
- res->certs[res->ncerts].names = names;
+ res->certs[res->ncerts].cert_list = crt;
+ res->certs[res->ncerts].cert_list_length = nr;
+ res->certs[res->ncerts].names = names;
- return 0;
+ return 0;
}
int
-certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
- gnutls_privkey_t pkey)
+certificate_credentials_append_pkey(gnutls_certificate_credentials_t res,
+ gnutls_privkey_t pkey)
{
- res->pkey = gnutls_realloc_fast (res->pkey,
- (1 + res->ncerts) *
- sizeof (gnutls_privkey_t));
- if (res->pkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- res->pkey[res->ncerts] = pkey;
- return 0;
+ res->pkey = gnutls_realloc_fast(res->pkey,
+ (1 + res->ncerts) *
+ sizeof(gnutls_privkey_t));
+ if (res->pkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ res->pkey[res->ncerts] = pkey;
+ return 0;
}
@@ -1175,86 +1160,84 @@ certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
* Since: 2.4.0
**/
int
-gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
- gnutls_x509_crt_t * cert_list,
- int cert_list_size,
- gnutls_x509_privkey_t key)
+gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey_t key)
{
- int ret, i;
- gnutls_privkey_t pkey;
- gnutls_pcert_st *pcerts = NULL;
- gnutls_str_array_t names;
-
- _gnutls_str_array_init(&names);
-
- /* this should be first
- */
- ret = gnutls_privkey_init (&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (res->pin.cb)
- gnutls_privkey_set_pin_function(pkey, res->pin.cb, res->pin.data);
-
- ret = gnutls_privkey_import_x509 (pkey, key, GNUTLS_PRIVKEY_IMPORT_COPY);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = certificate_credentials_append_pkey (res, pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* load certificates */
- pcerts = gnutls_malloc (sizeof (gnutls_pcert_st) * cert_list_size);
- if (pcerts == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = get_x509_name(cert_list[0], &names);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- for (i = 0; i < cert_list_size; i++)
- {
- ret = gnutls_pcert_import_x509 (&pcerts[i], cert_list[i], 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- ret = certificate_credential_append_crt_list (res, names, pcerts, cert_list_size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- res->ncerts++;
-
- if ((ret = _gnutls_check_key_cert_match (res)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
-
-cleanup:
- _gnutls_str_array_clear(&names);
- return ret;
+ int ret, i;
+ gnutls_privkey_t pkey;
+ gnutls_pcert_st *pcerts = NULL;
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
+
+ /* this should be first
+ */
+ ret = gnutls_privkey_init(&pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (res->pin.cb)
+ gnutls_privkey_set_pin_function(pkey, res->pin.cb,
+ res->pin.data);
+
+ ret =
+ gnutls_privkey_import_x509(pkey, key,
+ GNUTLS_PRIVKEY_IMPORT_COPY);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = certificate_credentials_append_pkey(res, pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* load certificates */
+ pcerts = gnutls_malloc(sizeof(gnutls_pcert_st) * cert_list_size);
+ if (pcerts == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = get_x509_name(cert_list[0], &names);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ for (i = 0; i < cert_list_size; i++) {
+ ret =
+ gnutls_pcert_import_x509(&pcerts[i], cert_list[i], 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ certificate_credential_append_crt_list(res, names, pcerts,
+ cert_list_size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ res->ncerts++;
+
+ if ((ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_str_array_clear(&names);
+ return ret;
}
/**
@@ -1282,61 +1265,60 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_certificate_set_key (gnutls_certificate_credentials_t res,
- const char** names,
- int names_size,
- gnutls_pcert_st * pcert_list,
- int pcert_list_size,
- gnutls_privkey_t key)
+gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
+ const char **names,
+ int names_size,
+ gnutls_pcert_st * pcert_list,
+ int pcert_list_size, gnutls_privkey_t key)
{
- int ret, i;
- gnutls_str_array_t str_names;
-
- _gnutls_str_array_init(&str_names);
-
- if (names != NULL && names_size > 0)
- {
- for (i=0;i<names_size;i++)
- {
- ret = _gnutls_str_array_append(&str_names, names[i], strlen(names[i]));
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
- }
- }
-
- if (res->pin.cb)
- gnutls_privkey_set_pin_function(key, res->pin.cb, res->pin.data);
-
- ret = certificate_credentials_append_pkey (res, key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = certificate_credential_append_crt_list (res, str_names, pcert_list, pcert_list_size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- res->ncerts++;
-
- if ((ret = _gnutls_check_key_cert_match (res)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
-
-cleanup:
- _gnutls_str_array_clear(&str_names);
- return ret;
+ int ret, i;
+ gnutls_str_array_t str_names;
+
+ _gnutls_str_array_init(&str_names);
+
+ if (names != NULL && names_size > 0) {
+ for (i = 0; i < names_size; i++) {
+ ret =
+ _gnutls_str_array_append(&str_names, names[i],
+ strlen(names[i]));
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+ }
+ }
+
+ if (res->pin.cb)
+ gnutls_privkey_set_pin_function(key, res->pin.cb,
+ res->pin.data);
+
+ ret = certificate_credentials_append_pkey(res, key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ certificate_credential_append_crt_list(res, str_names,
+ pcert_list,
+ pcert_list_size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ res->ncerts++;
+
+ if ((ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_str_array_clear(&str_names);
+ return ret;
}
/**
@@ -1356,13 +1338,13 @@ cleanup:
* Since: 3.2.2
**/
void
-gnutls_certificate_set_trust_list (gnutls_certificate_credentials_t res,
- gnutls_x509_trust_list_t tlist,
- unsigned flags)
+gnutls_certificate_set_trust_list(gnutls_certificate_credentials_t res,
+ gnutls_x509_trust_list_t tlist,
+ unsigned flags)
{
- gnutls_x509_trust_list_deinit(res->tlist, 1);
+ gnutls_x509_trust_list_deinit(res->tlist, 1);
- res->tlist = tlist;
+ res->tlist = tlist;
}
@@ -1392,12 +1374,14 @@ gnutls_certificate_set_trust_list (gnutls_certificate_credentials_t res,
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
int
-gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t res,
- const char *certfile,
- const char *keyfile,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t res,
+ const char *certfile,
+ const char *keyfile,
+ gnutls_x509_crt_fmt_t type)
{
- return gnutls_certificate_set_x509_key_file2(res, certfile, keyfile, type, NULL, 0);
+ return gnutls_certificate_set_x509_key_file2(res, certfile,
+ keyfile, type, NULL,
+ 0);
}
/**
@@ -1428,235 +1412,229 @@ gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t res,
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
int
-gnutls_certificate_set_x509_key_file2 (gnutls_certificate_credentials_t res,
- const char *certfile,
- const char *keyfile,
- gnutls_x509_crt_fmt_t type,
- const char* pass,
- unsigned int flags)
+gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t res,
+ const char *certfile,
+ const char *keyfile,
+ gnutls_x509_crt_fmt_t type,
+ const char *pass, unsigned int flags)
{
- int ret;
+ int ret;
- /* this should be first
- */
- if ((ret = read_key_file (res, keyfile, type, pass, flags)) < 0)
- return ret;
+ /* this should be first
+ */
+ if ((ret = read_key_file(res, keyfile, type, pass, flags)) < 0)
+ return ret;
- if ((ret = read_cert_file (res, certfile, type)) < 0)
- return ret;
+ if ((ret = read_cert_file(res, certfile, type)) < 0)
+ return ret;
- res->ncerts++;
+ res->ncerts++;
- if ((ret = _gnutls_check_key_cert_match (res)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if ((ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
static int
-add_new_crt_to_rdn_seq (gnutls_certificate_credentials_t res, gnutls_x509_crt_t* crts,
- unsigned int crt_size)
+add_new_crt_to_rdn_seq(gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * crts, unsigned int crt_size)
{
- gnutls_datum_t tmp;
- int ret;
- size_t newsize;
- unsigned char *newdata, *p;
- unsigned i;
-
- /* Add DN of the last added CAs to the RDN sequence
- * This will be sent to clients when a certificate
- * request message is sent.
- */
-
- /* FIXME: in case of a client it is not needed
- * to do that. This would save time and memory.
- * However we don't have that information available
- * here.
- * Further, this function is now much more efficient,
- * so optimizing that is less important.
- */
-
- for (i = 0; i < crt_size; i++)
- {
- if ((ret = gnutls_x509_crt_get_raw_dn (crts[i], &tmp)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- newsize = res->x509_rdn_sequence.size + 2 + tmp.size;
- if (newsize < res->x509_rdn_sequence.size)
- {
- gnutls_assert ();
- _gnutls_free_datum (&tmp);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- newdata = gnutls_realloc_fast (res->x509_rdn_sequence.data, newsize);
- if (newdata == NULL)
- {
- gnutls_assert ();
- _gnutls_free_datum (&tmp);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- p = newdata + res->x509_rdn_sequence.size;
- _gnutls_write_uint16 (tmp.size, p);
- if (tmp.data != NULL)
- memcpy (p+2, tmp.data, tmp.size);
-
- _gnutls_free_datum (&tmp);
-
- res->x509_rdn_sequence.size = newsize;
- res->x509_rdn_sequence.data = newdata;
- }
-
- return 0;
+ gnutls_datum_t tmp;
+ int ret;
+ size_t newsize;
+ unsigned char *newdata, *p;
+ unsigned i;
+
+ /* Add DN of the last added CAs to the RDN sequence
+ * This will be sent to clients when a certificate
+ * request message is sent.
+ */
+
+ /* FIXME: in case of a client it is not needed
+ * to do that. This would save time and memory.
+ * However we don't have that information available
+ * here.
+ * Further, this function is now much more efficient,
+ * so optimizing that is less important.
+ */
+
+ for (i = 0; i < crt_size; i++) {
+ if ((ret = gnutls_x509_crt_get_raw_dn(crts[i], &tmp)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ newsize = res->x509_rdn_sequence.size + 2 + tmp.size;
+ if (newsize < res->x509_rdn_sequence.size) {
+ gnutls_assert();
+ _gnutls_free_datum(&tmp);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ newdata =
+ gnutls_realloc_fast(res->x509_rdn_sequence.data,
+ newsize);
+ if (newdata == NULL) {
+ gnutls_assert();
+ _gnutls_free_datum(&tmp);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p = newdata + res->x509_rdn_sequence.size;
+ _gnutls_write_uint16(tmp.size, p);
+ if (tmp.data != NULL)
+ memcpy(p + 2, tmp.data, tmp.size);
+
+ _gnutls_free_datum(&tmp);
+
+ res->x509_rdn_sequence.size = newsize;
+ res->x509_rdn_sequence.data = newdata;
+ }
+
+ return 0;
}
/* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this
* certificate (uses the KeyUsage field).
*/
int
-_gnutls_check_key_usage (const gnutls_pcert_st* cert, gnutls_kx_algorithm_t alg)
+_gnutls_check_key_usage(const gnutls_pcert_st * cert,
+ gnutls_kx_algorithm_t alg)
{
- unsigned int key_usage = 0;
- int encipher_type;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (_gnutls_map_kx_get_cred (alg, 1) == GNUTLS_CRD_CERTIFICATE ||
- _gnutls_map_kx_get_cred (alg, 0) == GNUTLS_CRD_CERTIFICATE)
- {
-
- gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
-
- encipher_type = _gnutls_kx_encipher_type (alg);
-
- if (key_usage != 0 && encipher_type != CIPHER_IGN)
- {
- /* If key_usage has been set in the certificate
- */
-
- if (encipher_type == CIPHER_ENCRYPT)
- {
- /* If the key exchange method requires an encipher
- * type algorithm, and key's usage does not permit
- * encipherment, then fail.
- */
- if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT))
- {
- gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- }
- }
-
- if (encipher_type == CIPHER_SIGN)
- {
- /* The same as above, but for sign only keys
- */
- if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
- {
- gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- }
- }
- }
- }
- return 0;
+ unsigned int key_usage = 0;
+ int encipher_type;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (_gnutls_map_kx_get_cred(alg, 1) == GNUTLS_CRD_CERTIFICATE ||
+ _gnutls_map_kx_get_cred(alg, 0) == GNUTLS_CRD_CERTIFICATE) {
+
+ gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
+
+ encipher_type = _gnutls_kx_encipher_type(alg);
+
+ if (key_usage != 0 && encipher_type != CIPHER_IGN) {
+ /* If key_usage has been set in the certificate
+ */
+
+ if (encipher_type == CIPHER_ENCRYPT) {
+ /* If the key exchange method requires an encipher
+ * type algorithm, and key's usage does not permit
+ * encipherment, then fail.
+ */
+ if (!
+ (key_usage &
+ GNUTLS_KEY_KEY_ENCIPHERMENT)) {
+ gnutls_assert();
+ return
+ GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+ }
+
+ if (encipher_type == CIPHER_SIGN) {
+ /* The same as above, but for sign only keys
+ */
+ if (!
+ (key_usage &
+ GNUTLS_KEY_DIGITAL_SIGNATURE)) {
+ gnutls_assert();
+ return
+ GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+ }
+ }
+ }
+ return 0;
}
static int
-parse_pem_ca_mem (gnutls_certificate_credentials_t res,
- const uint8_t * input_cert, int input_cert_size)
+parse_pem_ca_mem(gnutls_certificate_credentials_t res,
+ const uint8_t * input_cert, int input_cert_size)
{
- gnutls_x509_crt_t *x509_cert_list;
- unsigned int x509_ncerts;
- gnutls_datum_t tmp;
- int ret;
-
- tmp.data = (void*)input_cert;
- tmp.size = input_cert_size;
-
- ret = gnutls_x509_crt_list_import2( &x509_cert_list, &x509_ncerts, &tmp,
- GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- if ((ret = add_new_crt_to_rdn_seq (res, x509_cert_list, x509_ncerts)) < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_cas(res->tlist, x509_cert_list, x509_ncerts, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
-cleanup:
- gnutls_free(x509_cert_list);
- return ret;
+ gnutls_x509_crt_t *x509_cert_list;
+ unsigned int x509_ncerts;
+ gnutls_datum_t tmp;
+ int ret;
+
+ tmp.data = (void *) input_cert;
+ tmp.size = input_cert_size;
+
+ ret =
+ gnutls_x509_crt_list_import2(&x509_cert_list, &x509_ncerts,
+ &tmp, GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if ((ret =
+ add_new_crt_to_rdn_seq(res, x509_cert_list,
+ x509_ncerts)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_cas(res->tlist, x509_cert_list,
+ x509_ncerts, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ cleanup:
+ gnutls_free(x509_cert_list);
+ return ret;
}
/* Reads a DER encoded certificate list from memory and stores it to a
* gnutls_cert structure. Returns the number of certificates parsed.
*/
static int
-parse_der_ca_mem (gnutls_certificate_credentials_t res,
- const void *input_cert, int input_cert_size)
+parse_der_ca_mem(gnutls_certificate_credentials_t res,
+ const void *input_cert, int input_cert_size)
{
- gnutls_x509_crt_t crt;
- gnutls_datum_t tmp;
- int ret;
-
- tmp.data = (void*)input_cert;
- tmp.size = input_cert_size;
-
- ret = gnutls_x509_crt_init( &crt);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_x509_crt_import( crt, &tmp, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if ((ret = add_new_crt_to_rdn_seq (res, &crt, 1)) < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_cas(res->tlist, &crt, 1, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- return ret;
-
-cleanup:
- gnutls_x509_crt_deinit(crt);
- return ret;
+ gnutls_x509_crt_t crt;
+ gnutls_datum_t tmp;
+ int ret;
+
+ tmp.data = (void *) input_cert;
+ tmp.size = input_cert_size;
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_import(crt, &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((ret = add_new_crt_to_rdn_seq(res, &crt, 1)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_trust_list_add_cas(res->tlist, &crt, 1, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return ret;
+
+ cleanup:
+ gnutls_x509_crt_deinit(crt);
+ return ret;
}
/**
@@ -1679,23 +1657,21 @@ cleanup:
* on error.
**/
int
-gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * ca,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * ca,
+ gnutls_x509_crt_fmt_t type)
{
- int ret;
+ int ret;
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_ca_mem (res,
- ca->data, ca->size);
- else
- ret = parse_pem_ca_mem (res,
- ca->data, ca->size);
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_ca_mem(res, ca->data, ca->size);
+ else
+ ret = parse_pem_ca_mem(res, ca->data, ca->size);
- if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
- return 0;
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
+ return 0;
- return ret;
+ return ret;
}
/**
@@ -1720,50 +1696,48 @@ gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res,
* Since: 2.4.0
**/
int
-gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
- gnutls_x509_crt_t * ca_list,
- int ca_list_size)
+gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * ca_list,
+ int ca_list_size)
{
- int ret, i, j;
- gnutls_x509_crt_t new_list[ca_list_size];
-
- for (i = 0; i < ca_list_size; i++)
- {
- ret = gnutls_x509_crt_init (&new_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_x509_crt_cpy (new_list[i], ca_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- if ((ret = add_new_crt_to_rdn_seq (res, new_list, ca_list_size)) < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_cas(res->tlist, new_list, ca_list_size, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return ret;
-
-cleanup:
- for (j=0;j<i;i++)
- gnutls_x509_crt_deinit(new_list[j]);
-
- return ret;
+ int ret, i, j;
+ gnutls_x509_crt_t new_list[ca_list_size];
+
+ for (i = 0; i < ca_list_size; i++) {
+ ret = gnutls_x509_crt_init(&new_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_crt_cpy(new_list[i], ca_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ if ((ret =
+ add_new_crt_to_rdn_seq(res, new_list, ca_list_size)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_cas(res->tlist, new_list,
+ ca_list_size, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return ret;
+
+ cleanup:
+ for (j = 0; j < i; i++)
+ gnutls_x509_crt_deinit(new_list[j]);
+
+ return ret;
}
@@ -1791,39 +1765,36 @@ cleanup:
* error.
**/
int
-gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t cred,
- const char *cafile,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t
+ cred, const char *cafile,
+ gnutls_x509_crt_fmt_t type)
{
- int ret;
- gnutls_datum_t cas;
- size_t size;
+ int ret;
+ gnutls_datum_t cas;
+ size_t size;
- if (strncmp (cafile, "pkcs11:", 7) == 0)
- {
- return read_cas_url (cred, cafile);
- }
+ if (strncmp(cafile, "pkcs11:", 7) == 0) {
+ return read_cas_url(cred, cafile);
+ }
- cas.data = (void*)read_binary_file (cafile, &size);
- if (cas.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
+ cas.data = (void *) read_binary_file(cafile, &size);
+ if (cas.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
- cas.size = size;
+ cas.size = size;
- ret = gnutls_certificate_set_x509_trust_mem(cred, &cas, type);
+ ret = gnutls_certificate_set_x509_trust_mem(cred, &cas, type);
- free (cas.data);
+ free(cas.data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return ret;
+ return ret;
}
/**
@@ -1842,83 +1813,82 @@ gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t cred,
* Since: 3.0
**/
int
-gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred)
+gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t
+ cred)
{
- return gnutls_x509_trust_list_add_system_trust(cred->tlist, 0, 0);
+ return gnutls_x509_trust_list_add_system_trust(cred->tlist, 0, 0);
}
static int
-parse_pem_crl_mem (gnutls_x509_trust_list_t tlist,
- const char * input_crl, unsigned int input_crl_size)
+parse_pem_crl_mem(gnutls_x509_trust_list_t tlist,
+ const char *input_crl, unsigned int input_crl_size)
{
- gnutls_x509_crl_t *x509_crl_list;
- unsigned int x509_ncrls;
- gnutls_datum_t tmp;
- int ret;
-
- tmp.data = (void*)input_crl;
- tmp.size = input_crl_size;
-
- ret = gnutls_x509_crl_list_import2( &x509_crl_list, &x509_ncrls, &tmp,
- GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_x509_trust_list_add_crls(tlist, x509_crl_list, x509_ncrls, 0, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
-cleanup:
- gnutls_free(x509_crl_list);
- return ret;
+ gnutls_x509_crl_t *x509_crl_list;
+ unsigned int x509_ncrls;
+ gnutls_datum_t tmp;
+ int ret;
+
+ tmp.data = (void *) input_crl;
+ tmp.size = input_crl_size;
+
+ ret =
+ gnutls_x509_crl_list_import2(&x509_crl_list, &x509_ncrls, &tmp,
+ GNUTLS_X509_FMT_PEM, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_crls(tlist, x509_crl_list,
+ x509_ncrls, 0, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ cleanup:
+ gnutls_free(x509_crl_list);
+ return ret;
}
/* Reads a DER encoded certificate list from memory and stores it to a
* gnutls_cert structure. Returns the number of certificates parsed.
*/
static int
-parse_der_crl_mem (gnutls_x509_trust_list_t tlist,
- const void *input_crl, unsigned int input_crl_size)
+parse_der_crl_mem(gnutls_x509_trust_list_t tlist,
+ const void *input_crl, unsigned int input_crl_size)
{
- gnutls_x509_crl_t crl;
- gnutls_datum_t tmp;
- int ret;
-
- tmp.data = (void*)input_crl;
- tmp.size = input_crl_size;
-
- ret = gnutls_x509_crl_init( &crl);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_x509_crl_import( crl, &tmp, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_crls(tlist, &crl, 1, 0, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- return ret;
-
-cleanup:
- gnutls_x509_crl_deinit(crl);
- return ret;
+ gnutls_x509_crl_t crl;
+ gnutls_datum_t tmp;
+ int ret;
+
+ tmp.data = (void *) input_crl;
+ tmp.size = input_crl_size;
+
+ ret = gnutls_x509_crl_init(&crl);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_x509_crl_import(crl, &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_trust_list_add_crls(tlist, &crl, 1, 0, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return ret;
+
+ cleanup:
+ gnutls_x509_crl_deinit(crl);
+ return ret;
}
@@ -1926,22 +1896,21 @@ cleanup:
/* Reads a DER or PEM CRL from memory
*/
static int
-read_crl_mem (gnutls_certificate_credentials_t res, const void *crl,
- int crl_size, gnutls_x509_crt_fmt_t type)
+read_crl_mem(gnutls_certificate_credentials_t res, const void *crl,
+ int crl_size, gnutls_x509_crt_fmt_t type)
{
- int ret;
+ int ret;
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_crl_mem (res->tlist, crl, crl_size);
- else
- ret = parse_pem_crl_mem (res->tlist, crl, crl_size);
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_crl_mem(res->tlist, crl, crl_size);
+ else
+ ret = parse_pem_crl_mem(res->tlist, crl, crl_size);
- if (ret < 0)
- {
- gnutls_assert ();
- }
+ if (ret < 0) {
+ gnutls_assert();
+ }
- return ret;
+ return ret;
}
/**
@@ -1959,11 +1928,11 @@ read_crl_mem (gnutls_certificate_credentials_t res, const void *crl,
* Returns: number of CRLs processed, or a negative error code on error.
**/
int
-gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * CRL,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * CRL,
+ gnutls_x509_crt_fmt_t type)
{
- return read_crl_mem (res, CRL->data, CRL->size, type);
+ return read_crl_mem(res, CRL->data, CRL->size, type);
}
/**
@@ -1983,44 +1952,42 @@ gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res,
* Since: 2.4.0
**/
int
-gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
- gnutls_x509_crl_t * crl_list,
- int crl_list_size)
+gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res,
+ gnutls_x509_crl_t * crl_list,
+ int crl_list_size)
{
- int ret, i, j;
- gnutls_x509_crl_t new_crl[crl_list_size];
-
- for (i = 0; i < crl_list_size; i++)
- {
- ret = gnutls_x509_crl_init (&new_crl[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_x509_crl_cpy (new_crl[i], crl_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- ret = gnutls_x509_trust_list_add_crls(res->tlist, new_crl, crl_list_size, 0, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return ret;
-
-cleanup:
- for (j=0;j<i;j++)
- gnutls_x509_crl_deinit(new_crl[j]);
-
- return ret;
+ int ret, i, j;
+ gnutls_x509_crl_t new_crl[crl_list_size];
+
+ for (i = 0; i < crl_list_size; i++) {
+ ret = gnutls_x509_crl_init(&new_crl[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_crl_cpy(new_crl[i], crl_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_crls(res->tlist, new_crl,
+ crl_list_size, 0, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return ret;
+
+ cleanup:
+ for (j = 0; j < i; j++)
+ gnutls_x509_crl_deinit(new_crl[j]);
+
+ return ret;
}
/**
@@ -2038,34 +2005,32 @@ cleanup:
* Returns: number of CRLs processed or a negative error code on error.
**/
int
-gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res,
- const char *crlfile,
- gnutls_x509_crt_fmt_t type)
+gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials_t res,
+ const char *crlfile,
+ gnutls_x509_crt_fmt_t type)
{
- int ret;
- size_t size;
- char *data = (void*)read_binary_file (crlfile, &size);
-
- if (data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_crl_mem (res->tlist, data, size);
- else
- ret = parse_pem_crl_mem (res->tlist, data, size);
-
- free (data);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ int ret;
+ size_t size;
+ char *data = (void *) read_binary_file(crlfile, &size);
+
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_crl_mem(res->tlist, data, size);
+ else
+ ret = parse_pem_crl_mem(res->tlist, data, size);
+
+ free(data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
#include <gnutls/pkcs12.h>
@@ -2101,28 +2066,26 @@ gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res,
* Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
**/
int
- gnutls_certificate_set_x509_simple_pkcs12_file
- (gnutls_certificate_credentials_t res, const char *pkcs12file,
- gnutls_x509_crt_fmt_t type, const char *password)
-{
- gnutls_datum_t p12blob;
- size_t size;
- int ret;
-
- p12blob.data = (void*)read_binary_file (pkcs12file, &size);
- p12blob.size = (unsigned int) size;
- if (p12blob.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- ret =
- gnutls_certificate_set_x509_simple_pkcs12_mem (res, &p12blob, type,
- password);
- free (p12blob.data);
-
- return ret;
+ gnutls_certificate_set_x509_simple_pkcs12_file
+ (gnutls_certificate_credentials_t res, const char *pkcs12file,
+ gnutls_x509_crt_fmt_t type, const char *password) {
+ gnutls_datum_t p12blob;
+ size_t size;
+ int ret;
+
+ p12blob.data = (void *) read_binary_file(pkcs12file, &size);
+ p12blob.size = (unsigned int) size;
+ if (p12blob.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ ret =
+ gnutls_certificate_set_x509_simple_pkcs12_mem(res, &p12blob,
+ type, password);
+ free(p12blob.data);
+
+ return ret;
}
/**
@@ -2156,93 +2119,83 @@ int
* Since: 2.8.0
**/
int
- gnutls_certificate_set_x509_simple_pkcs12_mem
- (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
- gnutls_x509_crt_fmt_t type, const char *password)
-{
- gnutls_pkcs12_t p12;
- gnutls_x509_privkey_t key = NULL;
- gnutls_x509_crt_t *chain = NULL;
- gnutls_x509_crl_t crl = NULL;
- unsigned int chain_size = 0, i;
- int ret;
-
- ret = gnutls_pkcs12_init (&p12);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_pkcs12_import (p12, p12blob, type, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_pkcs12_deinit (p12);
- return ret;
- }
-
- if (password)
- {
- ret = gnutls_pkcs12_verify_mac (p12, password);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_pkcs12_deinit (p12);
- return ret;
- }
- }
-
- ret = gnutls_pkcs12_simple_parse (p12, password, &key, &chain, &chain_size,
- NULL, NULL, &crl, 0);
- gnutls_pkcs12_deinit (p12);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (key && chain)
- {
- ret = gnutls_certificate_set_x509_key (res, chain, chain_size, key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
- }
- else
- {
- gnutls_assert();
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto done;
- }
-
- if (crl)
- {
- ret = gnutls_certificate_set_x509_crl (res, &crl, 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
- }
-
- ret = 0;
-
-done:
- if (chain)
- {
- for (i=0;i<chain_size;i++)
- gnutls_x509_crt_deinit (chain[i]);
- gnutls_free(chain);
- }
- if (key)
- gnutls_x509_privkey_deinit (key);
- if (crl)
- gnutls_x509_crl_deinit (crl);
-
- return ret;
+ gnutls_certificate_set_x509_simple_pkcs12_mem
+ (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
+ gnutls_x509_crt_fmt_t type, const char *password) {
+ gnutls_pkcs12_t p12;
+ gnutls_x509_privkey_t key = NULL;
+ gnutls_x509_crt_t *chain = NULL;
+ gnutls_x509_crl_t crl = NULL;
+ unsigned int chain_size = 0, i;
+ int ret;
+
+ ret = gnutls_pkcs12_init(&p12);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_pkcs12_import(p12, p12blob, type, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_pkcs12_deinit(p12);
+ return ret;
+ }
+
+ if (password) {
+ ret = gnutls_pkcs12_verify_mac(p12, password);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_pkcs12_deinit(p12);
+ return ret;
+ }
+ }
+
+ ret =
+ gnutls_pkcs12_simple_parse(p12, password, &key, &chain,
+ &chain_size, NULL, NULL, &crl, 0);
+ gnutls_pkcs12_deinit(p12);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (key && chain) {
+ ret =
+ gnutls_certificate_set_x509_key(res, chain, chain_size,
+ key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto done;
+ }
+
+ if (crl) {
+ ret = gnutls_certificate_set_x509_crl(res, &crl, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ }
+
+ ret = 0;
+
+ done:
+ if (chain) {
+ for (i = 0; i < chain_size; i++)
+ gnutls_x509_crt_deinit(chain[i]);
+ gnutls_free(chain);
+ }
+ if (key)
+ gnutls_x509_privkey_deinit(key);
+ if (crl)
+ gnutls_x509_crl_deinit(crl);
+
+ return ret;
}
@@ -2254,11 +2207,10 @@ done:
* This function will delete all the CRLs associated
* with the given credentials.
**/
-void
-gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc)
+void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc)
{
- /* do nothing for now */
- return;
+ /* do nothing for now */
+ return;
}
/**
@@ -2276,11 +2228,12 @@ gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc)
*
* Since: 3.1.0
**/
-void gnutls_certificate_set_pin_function (gnutls_certificate_credentials_t cred,
- gnutls_pin_callback_t fn, void *userdata)
+void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t
+ cred, gnutls_pin_callback_t fn,
+ void *userdata)
{
- cred->pin.cb = fn;
- cred->pin.data = userdata;
+ cred->pin.cb = fn;
+ cred->pin.data = userdata;
}
/**
@@ -2295,28 +2248,25 @@ void gnutls_certificate_set_pin_function (gnutls_certificate_credentials_t cred,
*
* Since: 3.1.0
**/
-int
-gnutls_url_is_supported (const char* url)
+int gnutls_url_is_supported(const char *url)
{
#ifdef ENABLE_PKCS11
- if (strstr(url, "pkcs11:") != NULL)
- return 1;
+ if (strstr(url, "pkcs11:") != NULL)
+ return 1;
#endif
#ifdef HAVE_TROUSERS
- if (strstr(url, "tpmkey:") != NULL)
- return 1;
+ if (strstr(url, "tpmkey:") != NULL)
+ return 1;
#endif
- return 0;
+ return 0;
}
-int
-_gnutls_url_is_known (const char* url)
+int _gnutls_url_is_known(const char *url)
{
- if (strstr(url, "pkcs11:") != NULL)
- return 1;
- else if (strstr(url, "tpmkey:") != NULL)
- return 1;
- else
- return 0;
+ if (strstr(url, "pkcs11:") != NULL)
+ return 1;
+ else if (strstr(url, "tpmkey:") != NULL)
+ return 1;
+ else
+ return 0;
}
-
diff --git a/lib/gnutls_x509.h b/lib/gnutls_x509.h
index b7c33debfd..ce56385f49 100644
--- a/lib/gnutls_x509.h
+++ b/lib/gnutls_x509.h
@@ -23,20 +23,20 @@
#include <libtasn1.h>
#include <gnutls/abstract.h>
-int _gnutls_x509_cert_verify_peers (gnutls_session_t session,
- const char* hostname,
- unsigned int *status);
+int _gnutls_x509_cert_verify_peers(gnutls_session_t session,
+ const char *hostname,
+ unsigned int *status);
#define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE"
#define PEM_CERT_SEP "-----BEGIN CERTIFICATE"
#define PEM_CRL_SEP "-----BEGIN X509 CRL"
-int _gnutls_url_is_known (const char* url);
+int _gnutls_url_is_known(const char *url);
-int _gnutls_check_key_usage (const gnutls_pcert_st* cert,
- gnutls_kx_algorithm_t alg);
+int _gnutls_check_key_usage(const gnutls_pcert_st * cert,
+ gnutls_kx_algorithm_t alg);
-int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey_t * privkey,
- const gnutls_datum_t * raw_key,
- gnutls_x509_crt_fmt_t type);
+int _gnutls_x509_raw_privkey_to_gkey(gnutls_privkey_t * privkey,
+ const gnutls_datum_t * raw_key,
+ gnutls_x509_crt_fmt_t type);
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index d030f0cce5..33767bc249 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -30,8 +30,7 @@
#include <gnutls/tpm.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/* Public key operations */
@@ -47,177 +46,209 @@ extern "C"
*
* Enumeration of different certificate import flags.
*/
- typedef enum gnutls_pubkey_flags
- {
- GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA = 1,
- GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1<<2,
- GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1<<3,
- } gnutls_pubkey_flags_t;
-
-typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key,
- void *userdata,
- const gnutls_datum_t * raw_data,
- gnutls_datum_t * signature);
-typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key,
- void *userdata,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
-
-typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key,
- void *userdata);
-
-int gnutls_pubkey_init (gnutls_pubkey_t * key);
-void gnutls_pubkey_deinit (gnutls_pubkey_t key);
-
-void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key,
- gnutls_pin_callback_t fn, void *userdata);
-
-int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits);
-
-int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
- unsigned int flags);
-int gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq,
- unsigned int flags);
-int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
- gnutls_pkcs11_obj_t obj, unsigned int flags);
-int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
- gnutls_openpgp_crt_t crt,
- unsigned int flags);
-
-int gnutls_pubkey_import_openpgp_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const gnutls_openpgp_keyid_t keyid,
- unsigned int flags);
-int gnutls_pubkey_import_x509_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- unsigned int flags);
-
-int
-gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
- unsigned int usage, unsigned int flags);
-
-int
-gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey,
- const char* url,
- const char *srk_password,
- unsigned int flags);
-
-int
-gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url,
- unsigned int flags);
-
-int
-gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- unsigned int flags);
-
-int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand);
-
-int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e);
-int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y);
-int gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t *curve,
- gnutls_datum_t * x, gnutls_datum_t * y);
-int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key, gnutls_datum_t* parameters,
- gnutls_datum_t * ecpoint);
-
-int gnutls_pubkey_export (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
-
-int gnutls_pubkey_export2 (gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out);
-
-int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
-
-int
-gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size,
- unsigned int *subkey);
-
-int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage);
-int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage);
-
-int gnutls_pubkey_import (gnutls_pubkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
-
-
-int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y);
-int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e);
-
-int
-gnutls_pubkey_import_ecc_x962 (gnutls_pubkey_t key,
- const gnutls_datum_t * parameters,
- const gnutls_datum_t * ecpoint);
-
-int
-gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key,
- gnutls_ecc_curve_t curve,
- const gnutls_datum_t * x,
- const gnutls_datum_t * y);
-
-int
-gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * plaintext,
- gnutls_datum_t * ciphertext);
-
-int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key);
-
-int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key);
-
-int
-gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key,
- gnutls_sign_algorithm_t algo,
- unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature);
-
-int
-gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash);
-
-int
-gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
- gnutls_sign_algorithm_t algo,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature);
+ typedef enum gnutls_pubkey_flags {
+ GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA = 1,
+ GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1 << 2,
+ GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1 << 3,
+ } gnutls_pubkey_flags_t;
+
+ typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key,
+ void *userdata,
+ const gnutls_datum_t *
+ raw_data,
+ gnutls_datum_t *
+ signature);
+ typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key,
+ void *userdata,
+ const gnutls_datum_t *
+ ciphertext,
+ gnutls_datum_t *
+ plaintext);
+
+ typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key,
+ void *userdata);
+
+ int gnutls_pubkey_init(gnutls_pubkey_t * key);
+ void gnutls_pubkey_deinit(gnutls_pubkey_t key);
+
+ void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key,
+ gnutls_pin_callback_t fn,
+ void *userdata);
+
+ int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key,
+ unsigned int *bits);
+
+ int gnutls_pubkey_import_x509(gnutls_pubkey_t key,
+ gnutls_x509_crt_t crt,
+ unsigned int flags);
+ int gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key,
+ gnutls_x509_crq_t crq,
+ unsigned int flags);
+ int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
+ gnutls_pkcs11_obj_t obj,
+ unsigned int flags);
+ int gnutls_pubkey_import_openpgp(gnutls_pubkey_t key,
+ gnutls_openpgp_crt_t crt,
+ unsigned int flags);
+
+ int gnutls_pubkey_import_openpgp_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t
+ format,
+ const gnutls_openpgp_keyid_t
+ keyid, unsigned int flags);
+ int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
+
+ int
+ gnutls_pubkey_import_privkey(gnutls_pubkey_t key,
+ gnutls_privkey_t pkey,
+ unsigned int usage,
+ unsigned int flags);
+
+ int
+ gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey,
+ const char *url,
+ const char *srk_password,
+ unsigned int flags);
+
+ int
+ gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url,
+ unsigned int flags);
+
+ int
+ gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password,
+ unsigned int flags);
+
+ int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
+ gnutls_digest_algorithm_t
+ * hash,
+ unsigned int *mand);
+
+ int gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+ int gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+ int gnutls_pubkey_get_pk_ecc_raw(gnutls_pubkey_t key,
+ gnutls_ecc_curve_t * curve,
+ gnutls_datum_t * x,
+ gnutls_datum_t * y);
+ int gnutls_pubkey_get_pk_ecc_x962(gnutls_pubkey_t key,
+ gnutls_datum_t * parameters,
+ gnutls_datum_t * ecpoint);
+
+ int gnutls_pubkey_export(gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+
+ int gnutls_pubkey_export2(gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_pubkey_get_key_id(gnutls_pubkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+ int
+ gnutls_pubkey_get_openpgp_key_id(gnutls_pubkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size,
+ unsigned int *subkey);
+
+ int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key,
+ unsigned int *usage);
+ int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key,
+ unsigned int usage);
+
+ int gnutls_pubkey_import(gnutls_pubkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+
+
+ int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key,
+ const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */
+ );
+ int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y);
+ int gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e);
+
+ int
+ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
+ const gnutls_datum_t * parameters,
+ const gnutls_datum_t * ecpoint);
+
+ int
+ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key,
+ gnutls_ecc_curve_t curve,
+ const gnutls_datum_t * x,
+ const gnutls_datum_t * y);
+
+ int
+ gnutls_pubkey_encrypt_data(gnutls_pubkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * plaintext,
+ gnutls_datum_t * ciphertext);
+
+ int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt,
+ gnutls_pubkey_t key);
+
+ int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq,
+ gnutls_pubkey_t key);
+
+ int
+ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key,
+ gnutls_sign_algorithm_t algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature);
+
+ int
+ gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key,
+ const gnutls_datum_t *
+ signature,
+ gnutls_digest_algorithm_t *
+ hash);
+
+ int
+ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey,
+ gnutls_sign_algorithm_t algo,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature);
/* Private key operations */
-int gnutls_privkey_init (gnutls_privkey_t * key);
-void gnutls_privkey_deinit (gnutls_privkey_t key);
+ int gnutls_privkey_init(gnutls_privkey_t * key);
+ void gnutls_privkey_deinit(gnutls_privkey_t key);
-void gnutls_privkey_set_pin_function (gnutls_privkey_t key,
- gnutls_pin_callback_t fn, void *userdata);
+ void gnutls_privkey_set_pin_function(gnutls_privkey_t key,
+ gnutls_pin_callback_t fn,
+ void *userdata);
-int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key,
- unsigned int *bits);
-gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key);
-int gnutls_privkey_status (gnutls_privkey_t key);
+ int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key,
+ unsigned int *bits);
+ gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t
+ key);
+ int gnutls_privkey_status(gnutls_privkey_t key);
/**
* gnutls_privkey_flags:
@@ -230,102 +261,109 @@ int gnutls_privkey_status (gnutls_privkey_t key);
*
* Enumeration of different certificate import flags.
*/
- typedef enum gnutls_privkey_flags
- {
- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE = 1,
- GNUTLS_PRIVKEY_IMPORT_COPY = 1<<1,
- GNUTLS_PRIVKEY_DISABLE_CALLBACKS = 1<<2,
- GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA = 1<<4,
- } gnutls_privkey_flags_t;
-
-int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
- gnutls_pkcs11_privkey_t key,
- unsigned int flags);
-int gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
- gnutls_x509_privkey_t key,
- unsigned int flags);
-int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
- gnutls_openpgp_privkey_t key,
- unsigned int flags);
-
-int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const gnutls_openpgp_keyid_t keyid,
- const char* password);
-
-int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char* password, unsigned int flags);
-
-int
-gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- const char *key_password, unsigned int flags);
-
-int
-gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey,
- const char* url, const char *srk_password, const char *key_password,
- unsigned int flags);
-
-int gnutls_privkey_import_url (gnutls_privkey_t key, const char *url, unsigned int flags);
-
-int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url);
-
-int
-gnutls_privkey_import_ext (gnutls_privkey_t pkey,
- gnutls_pk_algorithm_t pk,
- void* userdata,
- gnutls_privkey_sign_func sign_func,
- gnutls_privkey_decrypt_func decrypt_func,
- unsigned int flags);
-
-int
-gnutls_privkey_import_ext2 (gnutls_privkey_t pkey,
- gnutls_pk_algorithm_t pk,
- void* userdata,
- gnutls_privkey_sign_func sign_func,
- gnutls_privkey_decrypt_func decrypt_func,
- gnutls_privkey_deinit_func deinit_func,
- unsigned int flags);
-
-int gnutls_privkey_sign_data (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature);
-
-int gnutls_privkey_sign_hash (gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature);
-
-
-int gnutls_privkey_decrypt_data (gnutls_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
-
-int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
-
-int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
-
-int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq,
- gnutls_privkey_t key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
+ typedef enum gnutls_privkey_flags {
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE = 1,
+ GNUTLS_PRIVKEY_IMPORT_COPY = 1 << 1,
+ GNUTLS_PRIVKEY_DISABLE_CALLBACKS = 1 << 2,
+ GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA = 1 << 4,
+ } gnutls_privkey_flags_t;
+
+ int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key,
+ unsigned int flags);
+ int gnutls_privkey_import_x509(gnutls_privkey_t pkey,
+ gnutls_x509_privkey_t key,
+ unsigned int flags);
+ int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags);
+
+ int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t
+ format,
+ const gnutls_openpgp_keyid_t
+ keyid, const char *password);
+
+ int gnutls_privkey_import_x509_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
+
+ int
+ gnutls_privkey_import_tpm_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password,
+ const char *key_password,
+ unsigned int flags);
+
+ int
+ gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey,
+ const char *url,
+ const char *srk_password,
+ const char *key_password,
+ unsigned int flags);
+
+ int gnutls_privkey_import_url(gnutls_privkey_t key,
+ const char *url, unsigned int flags);
+
+ int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key,
+ const char *url);
+
+ int
+ gnutls_privkey_import_ext(gnutls_privkey_t pkey,
+ gnutls_pk_algorithm_t pk,
+ void *userdata,
+ gnutls_privkey_sign_func sign_func,
+ gnutls_privkey_decrypt_func
+ decrypt_func, unsigned int flags);
+
+ int
+ gnutls_privkey_import_ext2(gnutls_privkey_t pkey,
+ gnutls_pk_algorithm_t pk,
+ void *userdata,
+ gnutls_privkey_sign_func sign_func,
+ gnutls_privkey_decrypt_func
+ decrypt_func,
+ gnutls_privkey_deinit_func deinit_func,
+ unsigned int flags);
+
+ int gnutls_privkey_sign_data(gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
+
+ int gnutls_privkey_sign_hash(gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature);
+
+
+ int gnutls_privkey_decrypt_data(gnutls_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
+
+ int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+ int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+ int gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq,
+ gnutls_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
/**
* gnutls_pcert_st:
@@ -335,88 +373,101 @@ int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq,
*
* A parsed certificate.
*/
-typedef struct gnutls_pcert_st
-{
- gnutls_pubkey_t pubkey;
- gnutls_datum_t cert;
- gnutls_certificate_type_t type;
-} gnutls_pcert_st;
+ typedef struct gnutls_pcert_st {
+ gnutls_pubkey_t pubkey;
+ gnutls_datum_t cert;
+ gnutls_certificate_type_t type;
+ } gnutls_pcert_st;
/* Do not initialize the "cert" element of
* the certificate */
#define GNUTLS_PCERT_NO_CERT 1
-int gnutls_pcert_import_x509 (gnutls_pcert_st* pcert,
- gnutls_x509_crt_t crt, unsigned int flags);
+ int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
+ gnutls_x509_crt_t crt,
+ unsigned int flags);
-int
-gnutls_pcert_list_import_x509_raw (gnutls_pcert_st * pcerts,
- unsigned int *pcert_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
+ int
+ gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts,
+ unsigned int *pcert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
-int gnutls_pcert_import_x509_raw (gnutls_pcert_st* pcert,
- const gnutls_datum_t* cert,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
+ int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert,
+ const gnutls_datum_t * cert,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
-int gnutls_pcert_import_openpgp_raw (gnutls_pcert_st* pcert,
- const gnutls_datum_t* cert,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_openpgp_keyid_t keyid, unsigned int flags);
+ int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert,
+ const gnutls_datum_t * cert,
+ gnutls_openpgp_crt_fmt_t
+ format,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flags);
-int gnutls_pcert_import_openpgp (gnutls_pcert_st* pcert,
- gnutls_openpgp_crt_t crt, unsigned int flags);
+ int gnutls_pcert_import_openpgp(gnutls_pcert_st * pcert,
+ gnutls_openpgp_crt_t crt,
+ unsigned int flags);
-void gnutls_pcert_deinit (gnutls_pcert_st* pcert);
+ void gnutls_pcert_deinit(gnutls_pcert_st * pcert);
/* For certificate credentials */
- /* This is the same as gnutls_certificate_retrieve_function()
- * but retrieves a gnutls_pcert_st which requires much less processing
- * within the library.
- */
- typedef int gnutls_certificate_retrieve_function2 (gnutls_session_t,
- const gnutls_datum_t *
- req_ca_rdn,
- int nreqs,
- const
- gnutls_pk_algorithm_t
- * pk_algos,
- int pk_algos_length,
- gnutls_pcert_st **,
- unsigned int *pcert_length,
- gnutls_privkey_t *privkey);
-
-
-void gnutls_certificate_set_retrieve_function2 (
- gnutls_certificate_credentials_t cred,
- gnutls_certificate_retrieve_function2 * func);
-
-int
-gnutls_certificate_set_key (gnutls_certificate_credentials_t res,
- const char** names,
- int names_size,
- gnutls_pcert_st * pcert_list,
- int pcert_list_size,
- gnutls_privkey_t key);
+ /* This is the same as gnutls_certificate_retrieve_function()
+ * but retrieves a gnutls_pcert_st which requires much less processing
+ * within the library.
+ */
+ typedef int gnutls_certificate_retrieve_function2(gnutls_session_t,
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs, const
+ gnutls_pk_algorithm_t
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_pcert_st
+ **,
+ unsigned int
+ *pcert_length,
+ gnutls_privkey_t
+ * privkey);
+
+
+ void gnutls_certificate_set_retrieve_function2
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_retrieve_function2 * func);
+
+ int
+ gnutls_certificate_set_key(gnutls_certificate_credentials_t res,
+ const char **names,
+ int names_size,
+ gnutls_pcert_st * pcert_list,
+ int pcert_list_size,
+ gnutls_privkey_t key);
#include <gnutls/compat.h>
-int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED;
-
-int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED;
-
-int
-gnutls_pubkey_print (gnutls_pubkey_t pubkey,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
+ int gnutls_pubkey_verify_data(gnutls_pubkey_t pubkey,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t *
+ signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ int gnutls_pubkey_verify_hash(gnutls_pubkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t *
+ signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ int
+ gnutls_pubkey_print(gnutls_pubkey_t pubkey,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
#ifdef __cplusplus
}
#endif
-
#endif
diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index 2e829fc9f3..4a330e5bfb 100644
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -26,8 +26,7 @@
#define _GNUTLS_COMPAT_H
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#ifdef __GNUC__
@@ -40,50 +39,84 @@ extern "C"
#endif
#endif
-#endif /* __GNUC__ */
+#endif /* __GNUC__ */
#ifndef _GNUTLS_GCC_ATTR_DEPRECATED
#define _GNUTLS_GCC_ATTR_DEPRECATED
#endif
/* gnutls_connection_end_t was made redundant in 2.99.0 */
-typedef unsigned int gnutls_connection_end_t _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef unsigned int gnutls_connection_end_t
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* Stuff deprected in 2.x */
-typedef gnutls_cipher_algorithm_t gnutls_cipher_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_kx_algorithm_t gnutls_kx_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_mac_algorithm_t gnutls_mac_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_digest_algorithm_t gnutls_digest_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_compression_method_t gnutls_compression_method _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_connection_end_t gnutls_connection_end _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_crt_fmt_t gnutls_x509_crt_fmt _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_pk_algorithm_t gnutls_pk_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_sign_algorithm_t gnutls_sign_algorithm _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_close_request_t gnutls_close_request _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_certificate_request_t gnutls_certificate_request _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_certificate_status_t gnutls_certificate_status _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_session_t gnutls_session _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_alert_level_t gnutls_alert_level _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_alert_description_t gnutls_alert_description _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_subject_alt_name_t gnutls_x509_subject_alt_name _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_openpgp_privkey_t gnutls_openpgp_privkey _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_openpgp_keyring_t gnutls_openpgp_keyring _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_crt_t gnutls_x509_crt _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_privkey_t gnutls_x509_privkey _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_crl_t gnutls_x509_crl _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_x509_crq_t gnutls_x509_crq _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_certificate_credentials_t gnutls_certificate_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_anon_server_credentials_t gnutls_anon_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_anon_client_credentials_t gnutls_anon_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_srp_client_credentials_t gnutls_srp_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_srp_server_credentials_t gnutls_srp_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_dh_params_t gnutls_dh_params _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_rsa_params_t gnutls_rsa_params _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_params_type_t gnutls_params_type _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_credentials_type_t gnutls_credentials_type _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_certificate_type_t gnutls_certificate_type _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_transport_ptr_t gnutls_transport_ptr _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_cipher_algorithm_t gnutls_cipher_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_kx_algorithm_t gnutls_kx_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_mac_algorithm_t gnutls_mac_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_digest_algorithm_t gnutls_digest_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_compression_method_t gnutls_compression_method
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_connection_end_t gnutls_connection_end
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_crt_fmt_t gnutls_x509_crt_fmt
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_pk_algorithm_t gnutls_pk_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_sign_algorithm_t gnutls_sign_algorithm
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_close_request_t gnutls_close_request
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_certificate_request_t gnutls_certificate_request
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_certificate_status_t gnutls_certificate_status
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_session_t gnutls_session
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_alert_level_t gnutls_alert_level
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_alert_description_t gnutls_alert_description
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_subject_alt_name_t gnutls_x509_subject_alt_name
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_openpgp_privkey_t gnutls_openpgp_privkey
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_openpgp_keyring_t gnutls_openpgp_keyring
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_crt_t gnutls_x509_crt
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_privkey_t gnutls_x509_privkey
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_crl_t gnutls_x509_crl
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_x509_crq_t gnutls_x509_crq
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_certificate_credentials_t
+ gnutls_certificate_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_anon_server_credentials_t
+ gnutls_anon_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_anon_client_credentials_t
+ gnutls_anon_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_srp_client_credentials_t
+ gnutls_srp_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_srp_server_credentials_t
+ gnutls_srp_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_dh_params_t gnutls_dh_params
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_rsa_params_t gnutls_rsa_params
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_params_type_t gnutls_params_type
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_credentials_type_t gnutls_credentials_type
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_certificate_type_t gnutls_certificate_type
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_transport_ptr_t gnutls_transport_ptr
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was
modified to use the PSK alert. */
@@ -94,8 +127,10 @@ typedef gnutls_transport_ptr_t gnutls_transport_ptr _GNUTLS_GCC_ATTR_DEPRECATED;
#define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
#define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
#define gnutls_openpgp_send_key gnutls_openpgp_send_cert
-typedef gnutls_openpgp_crt_status_t gnutls_openpgp_key_status_t _GNUTLS_GCC_ATTR_DEPRECATED;
-typedef gnutls_openpgp_crt_t gnutls_openpgp_key_t _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_openpgp_crt_status_t gnutls_openpgp_key_status_t
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef gnutls_openpgp_crt_t gnutls_openpgp_key_t
+ _GNUTLS_GCC_ATTR_DEPRECATED;
#define gnutls_openpgp_key_init gnutls_openpgp_crt_init
#define gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
#define gnutls_openpgp_key_import gnutls_openpgp_crt_import
@@ -130,211 +165,239 @@ typedef gnutls_openpgp_crt_t gnutls_openpgp_key_t _GNUTLS_GCC_ATTR_DEPRECATED;
/* The gnutls_retr_st was deprecated by gnutls_certificate_retrieve_function()
* and gnutls_retr2_st.
*/
-typedef struct gnutls_retr_st
-{
- gnutls_certificate_type_t type;
- union
- {
- gnutls_x509_crt_t *x509;
- gnutls_openpgp_crt_t pgp;
- } cert;
- unsigned int ncerts; /* one for pgp keys */
-
- union
- {
- gnutls_x509_privkey_t x509;
- gnutls_openpgp_privkey_t pgp;
- } key;
-
- unsigned int deinit_all; /* if non zero all keys will be deinited */
-} gnutls_retr_st;
-
-typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t,
- const
- gnutls_datum_t *
- req_ca_rdn,
- int nreqs,
- const
- gnutls_pk_algorithm_t
- * pk_algos,
- int
- pk_algos_length,
- gnutls_retr_st *);
-typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t,
- gnutls_retr_st *);
-
-void gnutls_certificate_client_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_client_retrieve_function *
- func) _GNUTLS_GCC_ATTR_DEPRECATED;
-void
- gnutls_certificate_server_set_retrieve_function
- (gnutls_certificate_credentials_t cred,
- gnutls_certificate_server_retrieve_function *
- func) _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* External signing callback. No longer supported because it
- * was deprecated by the PKCS #11 API or gnutls_privkey_import_ext. */
-typedef int (*gnutls_sign_func) (gnutls_session_t session,
- void *userdata,
- gnutls_certificate_type_t cert_type,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
-
-void
-gnutls_sign_callback_set (gnutls_session_t session,
- gnutls_sign_func sign_func, void *userdata)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-gnutls_sign_func
-gnutls_sign_callback_get (gnutls_session_t session, void **userdata)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ typedef struct gnutls_retr_st {
+ gnutls_certificate_type_t type;
+ union {
+ gnutls_x509_crt_t *x509;
+ gnutls_openpgp_crt_t pgp;
+ } cert;
+ unsigned int ncerts; /* one for pgp keys */
+
+ union {
+ gnutls_x509_privkey_t x509;
+ gnutls_openpgp_privkey_t pgp;
+ } key;
+
+ unsigned int deinit_all; /* if non zero all keys will be deinited */
+ } gnutls_retr_st;
+
+ typedef int
+ gnutls_certificate_client_retrieve_function(gnutls_session_t,
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs, const
+ gnutls_pk_algorithm_t
+ * pk_algos, int
+ pk_algos_length,
+ gnutls_retr_st *);
+ typedef int
+ gnutls_certificate_server_retrieve_function(gnutls_session_t,
+ gnutls_retr_st *);
+
+ void gnutls_certificate_client_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_client_retrieve_function *
+ func) _GNUTLS_GCC_ATTR_DEPRECATED;
+ void
+ gnutls_certificate_server_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_server_retrieve_function *
+ func) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* External signing callback. No longer supported because it
+ * was deprecated by the PKCS #11 API or gnutls_privkey_import_ext. */
+ typedef int (*gnutls_sign_func) (gnutls_session_t session,
+ void *userdata,
+ gnutls_certificate_type_t
+ cert_type,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
+
+ void
+ gnutls_sign_callback_set(gnutls_session_t session,
+ gnutls_sign_func sign_func,
+ void *userdata)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ gnutls_sign_func
+ gnutls_sign_callback_get(gnutls_session_t session,
+ void **userdata)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* This is a very dangerous and error-prone function.
* Use gnutls_privkey_sign_hash() instead.
*/
- int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* we support the gnutls_privkey_sign_data() instead.
*/
- int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t digest,
- unsigned int flags,
- const gnutls_datum_t * data,
- void *signature,
- size_t * signature_size)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* gnutls_pubkey_verify_data() */
- int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
-
- /* gnutls_pubkey_verify_hash() */
- int gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt,
- unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* gnutls_pubkey_get_verify_algorithm() */
- int gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* gnutls_pubkey_get_preferred_hash_algorithm() */
- int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
- gnutls_digest_algorithm_t
- * hash,
- unsigned int *mand)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* gnutls_x509_crq_privkey_sign() */
- int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
-
-
- /* gnutls_x509_crl_privkey_sign */
- int gnutls_x509_crl_sign (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* functions to set priority of cipher suites
- */
- int gnutls_cipher_set_priority (gnutls_session_t session, const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_mac_set_priority (gnutls_session_t session, const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_compression_set_priority (gnutls_session_t session,
- const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_kx_set_priority (gnutls_session_t session, const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_protocol_set_priority (gnutls_session_t session,
- const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_certificate_type_set_priority (gnutls_session_t session,
- const int *list)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ void *signature,
+ size_t * signature_size)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_pubkey_verify_data() */
+ int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+ /* gnutls_pubkey_verify_hash() */
+ int gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt,
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_pubkey_get_verify_algorithm() */
+ int gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t crt,
+ const gnutls_datum_t *
+ signature,
+ gnutls_digest_algorithm_t
+ * hash)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_pubkey_get_preferred_hash_algorithm() */
+ int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t
+ crt,
+ gnutls_digest_algorithm_t
+ * hash,
+ unsigned int
+ *mand)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_x509_crq_privkey_sign() */
+ int gnutls_x509_crq_sign(gnutls_x509_crq_t crq,
+ gnutls_x509_privkey_t key)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+
+ /* gnutls_x509_crl_privkey_sign */
+ int gnutls_x509_crl_sign(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* functions to set priority of cipher suites
+ */
+ int gnutls_cipher_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_mac_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_compression_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_kx_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_protocol_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_certificate_type_set_priority(gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
/* RSA params
*/
- int gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
- void gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_params_cpy (gnutls_rsa_params_t dst,
- gnutls_rsa_params_t src) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u);
- int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params,
- unsigned int bits) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_params_export_raw (gnutls_rsa_params_t rsa,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- unsigned int *bits) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
- gnutls_x509_crt_fmt_t format,
- unsigned char *params_data,
- size_t * params_data_size) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
- const gnutls_datum_t * pkcs1_params,
- gnutls_x509_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED;
-
- int gnutls_rsa_export_get_pubkey (gnutls_session_t session,
- gnutls_datum_t * exponent,
- gnutls_datum_t * modulus) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_rsa_export_get_modulus_bits (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
- int gnutls_set_default_export_priority (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
-
- void
- gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
- res,
- gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
-
- /* use gnutls_privkey_sign_hash() with the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag */
- int gnutls_privkey_sign_raw_data (gnutls_privkey_t key,
- unsigned flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_init(gnutls_rsa_params_t *
+ rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
+ void gnutls_rsa_params_deinit(gnutls_rsa_params_t rsa_params)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_cpy(gnutls_rsa_params_t dst,
+ gnutls_rsa_params_t src)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_import_raw(gnutls_rsa_params_t rsa_params,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u);
+ int gnutls_rsa_params_generate2(gnutls_rsa_params_t params,
+ unsigned int bits)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_export_raw(gnutls_rsa_params_t rsa,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u,
+ unsigned int *bits)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_export_pkcs1(gnutls_rsa_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t *
+ params_data_size)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_params_import_pkcs1(gnutls_rsa_params_t params,
+ const gnutls_datum_t *
+ pkcs1_params,
+ gnutls_x509_crt_fmt_t format)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ int gnutls_rsa_export_get_pubkey(gnutls_session_t session,
+ gnutls_datum_t * exponent,
+ gnutls_datum_t *
+ modulus)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_set_default_export_priority(gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ void
+ gnutls_certificate_set_rsa_export_params
+ (gnutls_certificate_credentials_t res,
+ gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* use gnutls_privkey_sign_hash() with the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag */
+ int gnutls_privkey_sign_raw_data(gnutls_privkey_t key,
+ unsigned flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t *
+ signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
#ifdef _ISOC99_SOURCE
/* we provide older functions for compatibility as inline functions that
* depend on gnutls_session_get_random. */
-
-static inline const void *gnutls_session_get_server_random (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
-static inline const void *gnutls_session_get_server_random (gnutls_session_t session)
-{
- gnutls_datum_t rnd;
- gnutls_session_get_random(session, NULL, &rnd);/*doc-skip*/
- return rnd.data;
-}
-static inline const void *gnutls_session_get_client_random (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED;
-static inline const void *gnutls_session_get_client_random (gnutls_session_t session)
-{
- gnutls_datum_t rnd;
- gnutls_session_get_random(session, &rnd, NULL);/*doc-skip*/
- return rnd.data;
-}
+ static inline const void
+ *gnutls_session_get_server_random(gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ static inline const void
+ *gnutls_session_get_server_random(gnutls_session_t session) {
+ gnutls_datum_t rnd;
+ gnutls_session_get_random(session, NULL, &rnd); /*doc-skip */
+ return rnd.data;
+ } static inline const void
+ *gnutls_session_get_client_random(gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ static inline const void
+ *gnutls_session_get_client_random(gnutls_session_t session) {
+ gnutls_datum_t rnd;
+ gnutls_session_get_random(session, &rnd, NULL); /*doc-skip */
+ return rnd.data;
+ }
#endif
@@ -342,4 +405,4 @@ static inline const void *gnutls_session_get_client_random (gnutls_session_t ses
}
#endif
-#endif /* _GNUTLS_COMPAT_H */
+#endif /* _GNUTLS_COMPAT_H */
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 44d77f9339..6ab571472d 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -24,61 +24,71 @@
#define GNUTLS_CRYPTO_H
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
- typedef struct api_cipher_hd_st *gnutls_cipher_hd_t;
-
- int gnutls_cipher_init (gnutls_cipher_hd_t * handle,
- gnutls_cipher_algorithm_t cipher,
- const gnutls_datum_t * key,
- const gnutls_datum_t * iv);
- int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle,
- void *text, size_t textlen);
- int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle,
- void *ciphertext, size_t ciphertextlen);
- int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle,
- const void *ciphertext, size_t ciphertextlen,
- void *text, size_t textlen);
- int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, const void *text,
- size_t textlen, void *ciphertext,
- size_t ciphertextlen);
-
- void gnutls_cipher_set_iv (gnutls_cipher_hd_t handle, void *iv, size_t ivlen);
-
- int gnutls_cipher_tag( gnutls_cipher_hd_t handle, void* tag, size_t tag_size);
- int gnutls_cipher_add_auth( gnutls_cipher_hd_t handle, const void* text, size_t text_size);
-
- void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
- int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
- int gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm);
- int gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm);
-
- typedef struct hash_hd_st *gnutls_hash_hd_t;
- typedef struct hmac_hd_st *gnutls_hmac_hd_t;
-
- size_t gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm);
- int gnutls_hmac_init (gnutls_hmac_hd_t * dig,
- gnutls_mac_algorithm_t algorithm, const void *key,
- size_t keylen);
- void gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_len);
- int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen);
- void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest);
- void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest);
- int gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm);
- int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
- size_t keylen, const void *text, size_t textlen,
- void *digest);
-
- int gnutls_hash_init (gnutls_hash_hd_t * dig,
- gnutls_digest_algorithm_t algorithm);
- int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen);
- void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest);
- void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest);
- int gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm);
- int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
- const void *text, size_t textlen, void *digest);
+ typedef struct api_cipher_hd_st *gnutls_cipher_hd_t;
+
+ int gnutls_cipher_init(gnutls_cipher_hd_t * handle,
+ gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key,
+ const gnutls_datum_t * iv);
+ int gnutls_cipher_encrypt(const gnutls_cipher_hd_t handle,
+ void *text, size_t textlen);
+ int gnutls_cipher_decrypt(const gnutls_cipher_hd_t handle,
+ void *ciphertext, size_t ciphertextlen);
+ int gnutls_cipher_decrypt2(gnutls_cipher_hd_t handle,
+ const void *ciphertext,
+ size_t ciphertextlen, void *text,
+ size_t textlen);
+ int gnutls_cipher_encrypt2(gnutls_cipher_hd_t handle,
+ const void *text, size_t textlen,
+ void *ciphertext, size_t ciphertextlen);
+
+ void gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv,
+ size_t ivlen);
+
+ int gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag,
+ size_t tag_size);
+ int gnutls_cipher_add_auth(gnutls_cipher_hd_t handle,
+ const void *text, size_t text_size);
+
+ void gnutls_cipher_deinit(gnutls_cipher_hd_t handle);
+ int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t
+ algorithm);
+ int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm);
+ int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t
+ algorithm);
+
+ typedef struct hash_hd_st *gnutls_hash_hd_t;
+ typedef struct hmac_hd_st *gnutls_hmac_hd_t;
+
+ size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm);
+ int gnutls_hmac_init(gnutls_hmac_hd_t * dig,
+ gnutls_mac_algorithm_t algorithm,
+ const void *key, size_t keylen);
+ void gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle,
+ const void *nonce, size_t nonce_len);
+ int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text,
+ size_t textlen);
+ void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest);
+ void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest);
+ int gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm);
+ int gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm,
+ const void *key, size_t keylen,
+ const void *text, size_t textlen,
+ void *digest);
+
+ int gnutls_hash_init(gnutls_hash_hd_t * dig,
+ gnutls_digest_algorithm_t algorithm);
+ int gnutls_hash(gnutls_hash_hd_t handle, const void *text,
+ size_t textlen);
+ void gnutls_hash_output(gnutls_hash_hd_t handle, void *digest);
+ void gnutls_hash_deinit(gnutls_hash_hd_t handle, void *digest);
+ int gnutls_hash_get_len(gnutls_digest_algorithm_t algorithm);
+ int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen,
+ void *digest);
/* register ciphers */
@@ -93,19 +103,17 @@ extern "C"
*
* Enumeration of random quality levels.
*/
- typedef enum gnutls_rnd_level
- {
- GNUTLS_RND_NONCE = 0,
- GNUTLS_RND_RANDOM = 1,
- GNUTLS_RND_KEY = 2
- } gnutls_rnd_level_t;
+ typedef enum gnutls_rnd_level {
+ GNUTLS_RND_NONCE = 0,
+ GNUTLS_RND_RANDOM = 1,
+ GNUTLS_RND_KEY = 2
+ } gnutls_rnd_level_t;
- int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len);
+ int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len);
- void gnutls_rnd_refresh (void);
+ void gnutls_rnd_refresh(void);
#ifdef __cplusplus
}
#endif
-
#endif
diff --git a/lib/includes/gnutls/dtls.h b/lib/includes/gnutls/dtls.h
index ec5782ab86..c773a664dd 100644
--- a/lib/includes/gnutls/dtls.h
+++ b/lib/includes/gnutls/dtls.h
@@ -30,23 +30,24 @@
#include <gnutls/gnutls.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#define GNUTLS_COOKIE_KEY_SIZE 16
-void gnutls_dtls_set_timeouts (gnutls_session_t session,
- unsigned int retrans_timeout,
- unsigned int total_timeout);
+ void gnutls_dtls_set_timeouts(gnutls_session_t session,
+ unsigned int retrans_timeout,
+ unsigned int total_timeout);
-unsigned int gnutls_dtls_get_mtu (gnutls_session_t session);
-unsigned int gnutls_dtls_get_data_mtu (gnutls_session_t session);
+ unsigned int gnutls_dtls_get_mtu(gnutls_session_t session);
+ unsigned int gnutls_dtls_get_data_mtu(gnutls_session_t session);
-void gnutls_dtls_set_mtu (gnutls_session_t session, unsigned int mtu);
-int gnutls_dtls_set_data_mtu (gnutls_session_t session, unsigned int mtu);
+ void gnutls_dtls_set_mtu(gnutls_session_t session,
+ unsigned int mtu);
+ int gnutls_dtls_set_data_mtu(gnutls_session_t session,
+ unsigned int mtu);
-unsigned int gnutls_dtls_get_timeout (gnutls_session_t session);
+ unsigned int gnutls_dtls_get_timeout(gnutls_session_t session);
/**
* gnutls_dtls_prestate_st:
@@ -59,31 +60,31 @@ unsigned int gnutls_dtls_get_timeout (gnutls_session_t session);
* gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
* gnutls_dtls_prestate_set().
*/
- typedef struct
- {
- unsigned int record_seq;
- unsigned int hsk_read_seq;
- unsigned int hsk_write_seq;
- } gnutls_dtls_prestate_st;
+ typedef struct {
+ unsigned int record_seq;
+ unsigned int hsk_read_seq;
+ unsigned int hsk_write_seq;
+ } gnutls_dtls_prestate_st;
- int gnutls_dtls_cookie_send (gnutls_datum_t* key,
- void* client_data, size_t client_data_size,
- gnutls_dtls_prestate_st* prestate,
- gnutls_transport_ptr_t ptr,
- gnutls_push_func push_func);
+ int gnutls_dtls_cookie_send(gnutls_datum_t * key,
+ void *client_data,
+ size_t client_data_size,
+ gnutls_dtls_prestate_st * prestate,
+ gnutls_transport_ptr_t ptr,
+ gnutls_push_func push_func);
- int gnutls_dtls_cookie_verify (gnutls_datum_t* key,
- void* client_data, size_t client_data_size,
- void* _msg, size_t msg_size,
- gnutls_dtls_prestate_st* prestate);
+ int gnutls_dtls_cookie_verify(gnutls_datum_t * key,
+ void *client_data,
+ size_t client_data_size, void *_msg,
+ size_t msg_size,
+ gnutls_dtls_prestate_st * prestate);
- void gnutls_dtls_prestate_set (gnutls_session_t session,
- gnutls_dtls_prestate_st* prestate);
+ void gnutls_dtls_prestate_set(gnutls_session_t session,
+ gnutls_dtls_prestate_st * prestate);
+
+ unsigned int gnutls_record_get_discarded(gnutls_session_t session);
- unsigned int gnutls_record_get_discarded (gnutls_session_t session);
-
#ifdef __cplusplus
}
#endif
-
-#endif /* GNUTLS_DTLS_H */
+#endif /* GNUTLS_DTLS_H */
diff --git a/lib/includes/gnutls/gnutlsxx.h b/lib/includes/gnutls/gnutlsxx.h
index 2603b7dac6..1ed83fbd44 100644
--- a/lib/includes/gnutls/gnutlsxx.h
+++ b/lib/includes/gnutls/gnutlsxx.h
@@ -27,400 +27,400 @@
#include <vector>
#include <gnutls/gnutls.h>
-namespace gnutls
-{
-
- class noncopyable
- {
- protected:
- noncopyable ()
- {
- }
- ~noncopyable ()
- {
- }
-
- private:
- // These are non-implemented.
- noncopyable (const noncopyable &);
- noncopyable & operator= (const noncopyable &);
- };
-
-
- class exception:public std::exception
- {
- public:
- exception (int x);
- const char *what () const throw ();
- int get_code ();
- protected:
- int retcode;
- };
-
-
- class dh_params:private noncopyable
- {
- public:
- dh_params ();
- ~dh_params ();
- void import_raw (const gnutls_datum_t & prime,
- const gnutls_datum_t & generator);
- void import_pkcs3 (const gnutls_datum_t & pkcs3_params,
- gnutls_x509_crt_fmt_t format);
- void generate (unsigned int bits);
-
- void export_pkcs3 (gnutls_x509_crt_fmt_t format,
- unsigned char *params_data, size_t * params_data_size);
- void export_raw (gnutls_datum_t & prime, gnutls_datum_t & generator);
-
- gnutls_dh_params_t get_params_t () const;
- dh_params & operator= (const dh_params & src);
- protected:
- gnutls_dh_params_t params;
- };
-
-
- class rsa_params:private noncopyable
- {
- public:
- rsa_params ();
- ~rsa_params ();
- void import_raw (const gnutls_datum_t & m,
- const gnutls_datum_t & e,
- const gnutls_datum_t & d,
- const gnutls_datum_t & p,
- const gnutls_datum_t & q, const gnutls_datum_t & u);
- void import_pkcs1 (const gnutls_datum_t & pkcs1_params,
- gnutls_x509_crt_fmt_t format);
- void generate (unsigned int bits);
-
- void export_pkcs1 (gnutls_x509_crt_fmt_t format,
- unsigned char *params_data, size_t * params_data_size);
- void export_raw (gnutls_datum_t & m, gnutls_datum_t & e,
- gnutls_datum_t & d, gnutls_datum_t & p,
- gnutls_datum_t & q, gnutls_datum_t & u);
- gnutls_rsa_params_t get_params_t () const;
- rsa_params & operator= (const rsa_params & src);
-
- protected:
- gnutls_rsa_params_t params;
- };
-
- class session:private noncopyable
- {
- protected:
- gnutls_session_t s;
- public:
- session (unsigned int);
- virtual ~ session ();
-
- int bye (gnutls_close_request_t how);
- int handshake ();
-
- gnutls_alert_description_t get_alert () const;
-
- int send_alert (gnutls_alert_level_t level,
- gnutls_alert_description_t desc);
- int send_appropriate_alert (int err);
-
- gnutls_cipher_algorithm_t get_cipher () const;
- gnutls_kx_algorithm_t get_kx () const;
- gnutls_mac_algorithm_t get_mac () const;
- gnutls_compression_method_t get_compression () const;
- gnutls_certificate_type_t get_certificate_type () const;
-
- // for the handshake
- void set_private_extensions (bool allow);
-
- gnutls_handshake_description_t get_handshake_last_out () const;
- gnutls_handshake_description_t get_handshake_last_in () const;
-
- ssize_t send (const void *data, size_t sizeofdata);
- ssize_t recv (void *data, size_t sizeofdata);
-
- bool get_record_direction () const;
-
- // maximum packet size
- size_t get_max_size () const;
- void set_max_size (size_t size);
-
- size_t check_pending () const;
-
- void prf (size_t label_size, const char *label,
- int server_random_first,
- size_t extra_size, const char *extra,
- size_t outsize, char *out);
-
- void prf_raw (size_t label_size, const char *label,
- size_t seed_size, const char *seed,
- size_t outsize, char *out);
-
- /* if you just want some defaults, use the following.
- */
- void set_priority (const char *prio, const char **err_pos);
- void set_priority (gnutls_priority_t p);
-
- gnutls_protocol_t get_protocol_version () const;
-
- // for resuming sessions
- void set_data (const void *session_data, size_t session_data_size);
- void get_data (void *session_data, size_t * session_data_size) const;
- void get_data (gnutls_session_t session, gnutls_datum_t & data) const;
- void get_id (void *session_id, size_t * session_id_size) const;
-
- bool is_resumed () const;
-
- void set_max_handshake_packet_length (size_t max);
-
- void clear_credentials ();
- void set_credentials (class credentials & cred);
-
- void set_transport_ptr (gnutls_transport_ptr_t ptr);
- void set_transport_ptr (gnutls_transport_ptr_t recv_ptr,
- gnutls_transport_ptr_t send_ptr);
- gnutls_transport_ptr_t get_transport_ptr () const;
- void get_transport_ptr (gnutls_transport_ptr_t & recv_ptr,
- gnutls_transport_ptr_t & send_ptr) const;
-
- void set_transport_lowat (size_t num);
- void set_transport_push_function (gnutls_push_func push_func);
- void set_transport_vec_push_function (gnutls_vec_push_func vec_push_func);
- void set_transport_pull_function (gnutls_pull_func pull_func);
-
- void set_user_ptr (void *ptr);
- void *get_user_ptr () const;
-
- void send_openpgp_cert (gnutls_openpgp_crt_status_t status);
-
- gnutls_credentials_type_t get_auth_type () const;
- gnutls_credentials_type_t get_server_auth_type () const;
- gnutls_credentials_type_t get_client_auth_type () const;
-
- // informational stuff
- void set_dh_prime_bits (unsigned int bits);
- unsigned int get_dh_secret_bits () const;
- unsigned int get_dh_peers_public_bits () const;
- unsigned int get_dh_prime_bits () const;
- void get_dh_group (gnutls_datum_t & gen, gnutls_datum_t & prime) const;
- void get_dh_pubkey (gnutls_datum_t & raw_key) const;
- void get_rsa_export_pubkey (gnutls_datum_t & exponent,
- gnutls_datum_t & modulus) const;
- unsigned int get_rsa_export_modulus_bits () const;
-
- void get_our_certificate (gnutls_datum_t & cert) const;
- bool get_peers_certificate (std::vector < gnutls_datum_t >
- &out_certs) const;
- bool get_peers_certificate (const gnutls_datum_t ** certs,
- unsigned int *certs_size) const;
-
- time_t get_peers_certificate_activation_time () const;
- time_t get_peers_certificate_expiration_time () const;
- void verify_peers_certificate (unsigned int &status) const;
-
- };
+namespace gnutls {
+
+ class noncopyable {
+ protected:
+ noncopyable() {
+ } ~noncopyable() {
+ } private:
+ // These are non-implemented.
+ noncopyable(const noncopyable &);
+ noncopyable & operator=(const noncopyable &);
+ };
+
+
+ class exception:public std::exception {
+ public:
+ exception(int x);
+ const char *what() const throw();
+ int get_code();
+ protected:
+ int retcode;
+ };
+
+
+ class dh_params:private noncopyable {
+ public:
+ dh_params();
+ ~dh_params();
+ void import_raw(const gnutls_datum_t & prime,
+ const gnutls_datum_t & generator);
+ void import_pkcs3(const gnutls_datum_t & pkcs3_params,
+ gnutls_x509_crt_fmt_t format);
+ void generate(unsigned int bits);
+
+ void export_pkcs3(gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size);
+ void export_raw(gnutls_datum_t & prime,
+ gnutls_datum_t & generator);
+
+ gnutls_dh_params_t get_params_t() const;
+ dh_params & operator=(const dh_params & src);
+ protected:
+ gnutls_dh_params_t params;
+ };
+
+
+ class rsa_params:private noncopyable {
+ public:
+ rsa_params();
+ ~rsa_params();
+ void import_raw(const gnutls_datum_t & m,
+ const gnutls_datum_t & e,
+ const gnutls_datum_t & d,
+ const gnutls_datum_t & p,
+ const gnutls_datum_t & q,
+ const gnutls_datum_t & u);
+ void import_pkcs1(const gnutls_datum_t & pkcs1_params,
+ gnutls_x509_crt_fmt_t format);
+ void generate(unsigned int bits);
+
+ void export_pkcs1(gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size);
+ void export_raw(gnutls_datum_t & m, gnutls_datum_t & e,
+ gnutls_datum_t & d, gnutls_datum_t & p,
+ gnutls_datum_t & q, gnutls_datum_t & u);
+ gnutls_rsa_params_t get_params_t() const;
+ rsa_params & operator=(const rsa_params & src);
+
+ protected:
+ gnutls_rsa_params_t params;
+ };
+
+ class session:private noncopyable {
+ protected:
+ gnutls_session_t s;
+ public:
+ session(unsigned int);
+ virtual ~ session();
+
+ int bye(gnutls_close_request_t how);
+ int handshake();
+
+ gnutls_alert_description_t get_alert() const;
+
+ int send_alert(gnutls_alert_level_t level,
+ gnutls_alert_description_t desc);
+ int send_appropriate_alert(int err);
+
+ gnutls_cipher_algorithm_t get_cipher() const;
+ gnutls_kx_algorithm_t get_kx() const;
+ gnutls_mac_algorithm_t get_mac() const;
+ gnutls_compression_method_t get_compression() const;
+ gnutls_certificate_type_t get_certificate_type() const;
+
+ // for the handshake
+ void set_private_extensions(bool allow);
+
+ gnutls_handshake_description_t get_handshake_last_out()
+ const;
+ gnutls_handshake_description_t get_handshake_last_in()
+ const;
+
+ ssize_t send(const void *data, size_t sizeofdata);
+ ssize_t recv(void *data, size_t sizeofdata);
+
+ bool get_record_direction() const;
+
+ // maximum packet size
+ size_t get_max_size() const;
+ void set_max_size(size_t size);
+
+ size_t check_pending() const;
+
+ void prf(size_t label_size, const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra,
+ size_t outsize, char *out);
+
+ void prf_raw(size_t label_size, const char *label,
+ size_t seed_size, const char *seed,
+ size_t outsize, char *out);
+
+ /* if you just want some defaults, use the following.
+ */
+ void set_priority(const char *prio, const char **err_pos);
+ void set_priority(gnutls_priority_t p);
+
+ gnutls_protocol_t get_protocol_version() const;
+
+ // for resuming sessions
+ void set_data(const void *session_data,
+ size_t session_data_size);
+ void get_data(void *session_data,
+ size_t * session_data_size) const;
+ void get_data(gnutls_session_t session,
+ gnutls_datum_t & data) const;
+ void get_id(void *session_id,
+ size_t * session_id_size) const;
+
+ bool is_resumed() const;
+
+ void set_max_handshake_packet_length(size_t max);
+
+ void clear_credentials();
+ void set_credentials(class credentials & cred);
+
+ void set_transport_ptr(gnutls_transport_ptr_t ptr);
+ void set_transport_ptr(gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr);
+ gnutls_transport_ptr_t get_transport_ptr() const;
+ void get_transport_ptr(gnutls_transport_ptr_t & recv_ptr,
+ gnutls_transport_ptr_t & send_ptr)
+ const;
+
+ void set_transport_lowat(size_t num);
+ void set_transport_push_function(gnutls_push_func
+ push_func);
+ void set_transport_vec_push_function(gnutls_vec_push_func
+ vec_push_func);
+ void set_transport_pull_function(gnutls_pull_func
+ pull_func);
+
+ void set_user_ptr(void *ptr);
+ void *get_user_ptr() const;
+
+ void send_openpgp_cert(gnutls_openpgp_crt_status_t status);
+
+ gnutls_credentials_type_t get_auth_type() const;
+ gnutls_credentials_type_t get_server_auth_type() const;
+ gnutls_credentials_type_t get_client_auth_type() const;
+
+ // informational stuff
+ void set_dh_prime_bits(unsigned int bits);
+ unsigned int get_dh_secret_bits() const;
+ unsigned int get_dh_peers_public_bits() const;
+ unsigned int get_dh_prime_bits() const;
+ void get_dh_group(gnutls_datum_t & gen,
+ gnutls_datum_t & prime) const;
+ void get_dh_pubkey(gnutls_datum_t & raw_key) const;
+ void get_rsa_export_pubkey(gnutls_datum_t & exponent,
+ gnutls_datum_t & modulus) const;
+ unsigned int get_rsa_export_modulus_bits() const;
+
+ void get_our_certificate(gnutls_datum_t & cert) const;
+ bool get_peers_certificate(std::vector < gnutls_datum_t >
+ &out_certs) const;
+ bool get_peers_certificate(const gnutls_datum_t ** certs,
+ unsigned int *certs_size) const;
+
+ time_t get_peers_certificate_activation_time() const;
+ time_t get_peers_certificate_expiration_time() const;
+ void verify_peers_certificate(unsigned int &status) const;
+
+ };
// interface for databases
- class DB:private noncopyable
- {
- public:
- virtual ~ DB () = 0;
- virtual bool store (const gnutls_datum_t & key,
- const gnutls_datum_t & data) = 0;
- virtual bool retrieve (const gnutls_datum_t & key,
- gnutls_datum_t & data) = 0;
- virtual bool remove (const gnutls_datum_t & key) = 0;
- };
-
- class server_session:public session
- {
- public:
- server_session ();
- ~server_session ();
- void db_remove () const;
-
- void set_db_cache_expiration (unsigned int seconds);
- void set_db (const DB & db);
-
- // returns true if session is expired
- bool db_check_entry (gnutls_datum_t & session_data) const;
-
- // server side only
- const char *get_srp_username () const;
- const char *get_psk_username () const;
-
- void get_server_name (void *data, size_t * data_length,
- unsigned int *type, unsigned int indx) const;
-
- int rehandshake ();
- void set_certificate_request (gnutls_certificate_request_t);
- };
-
- class client_session:public session
- {
- public:
- client_session ();
- ~client_session ();
-
- void set_server_name (gnutls_server_name_type_t type,
- const void *name, size_t name_length);
-
- bool get_request_status ();
- };
-
-
- class credentials:private noncopyable
- {
- public:
- virtual ~ credentials ()
- {
- }
- gnutls_credentials_type_t get_type () const;
- protected:
- friend class session;
- credentials (gnutls_credentials_type_t t);
- void *ptr () const;
- void set_ptr (void *ptr);
- gnutls_credentials_type_t type;
- private:
- void *cred;
- };
-
- class certificate_credentials:public credentials
- {
- public:
- ~certificate_credentials ();
- certificate_credentials ();
-
- void free_keys ();
- void free_cas ();
- void free_ca_names ();
- void free_crls ();
-
- void set_dh_params (const dh_params & params);
- void set_rsa_export_params (const rsa_params & params);
- void set_verify_flags (unsigned int flags);
- void set_verify_limits (unsigned int max_bits, unsigned int max_depth);
-
- void set_x509_trust_file (const char *cafile, gnutls_x509_crt_fmt_t type);
- void set_x509_trust (const gnutls_datum_t & CA,
- gnutls_x509_crt_fmt_t type);
- // FIXME: use classes instead of gnutls_x509_crt_t
- void set_x509_trust (gnutls_x509_crt_t * ca_list, int ca_list_size);
-
- void set_x509_crl_file (const char *crlfile, gnutls_x509_crt_fmt_t type);
- void set_x509_crl (const gnutls_datum_t & CRL,
- gnutls_x509_crt_fmt_t type);
- void set_x509_crl (gnutls_x509_crl_t * crl_list, int crl_list_size);
-
- void set_x509_key_file (const char *certfile, const char *KEYFILE,
- gnutls_x509_crt_fmt_t type);
- void set_x509_key (const gnutls_datum_t & CERT,
- const gnutls_datum_t & KEY,
- gnutls_x509_crt_fmt_t type);
- // FIXME: use classes
- void set_x509_key (gnutls_x509_crt_t * cert_list, int cert_list_size,
- gnutls_x509_privkey_t key);
-
-
- void set_simple_pkcs12_file (const char *pkcs12file,
- gnutls_x509_crt_fmt_t type,
- const char *password);
-
- void set_retrieve_function (gnutls_certificate_retrieve_function * func);
-
- protected:
- gnutls_certificate_credentials_t cred;
- };
-
- class certificate_server_credentials:public certificate_credentials
- {
- public:
- void set_params_function (gnutls_params_function * func);
- };
-
- class certificate_client_credentials:public certificate_credentials
- {
- public:
- };
-
-
-
-
- class anon_server_credentials:public credentials
- {
- public:
- anon_server_credentials ();
- ~anon_server_credentials ();
- void set_dh_params (const dh_params & params);
- void set_params_function (gnutls_params_function * func);
- protected:
- gnutls_anon_server_credentials_t cred;
- };
-
- class anon_client_credentials:public credentials
- {
- public:
- anon_client_credentials ();
- ~anon_client_credentials ();
- protected:
- gnutls_anon_client_credentials_t cred;
- };
-
-
- class srp_server_credentials:public credentials
- {
- public:
- srp_server_credentials ();
- ~srp_server_credentials ();
- void set_credentials_file (const char *password_file,
- const char *password_conf_file);
- void set_credentials_function (gnutls_srp_server_credentials_function *
- func);
- protected:
- gnutls_srp_server_credentials_t cred;
- };
-
- class srp_client_credentials:public credentials
- {
- public:
- srp_client_credentials ();
- ~srp_client_credentials ();
- void set_credentials (const char *username, const char *password);
- void set_credentials_function (gnutls_srp_client_credentials_function *
- func);
- protected:
- gnutls_srp_client_credentials_t cred;
- };
-
-
- class psk_server_credentials:public credentials
- {
- public:
- psk_server_credentials ();
- ~psk_server_credentials ();
- void set_credentials_file (const char *password_file);
- void set_credentials_function (gnutls_psk_server_credentials_function *
- func);
- void set_dh_params (const dh_params & params);
- void set_params_function (gnutls_params_function * func);
- protected:
- gnutls_psk_server_credentials_t cred;
- };
-
- class psk_client_credentials:public credentials
- {
- public:
- psk_client_credentials ();
- ~psk_client_credentials ();
- void set_credentials (const char *username, const gnutls_datum_t & key,
- gnutls_psk_key_flags flags);
- void set_credentials_function (gnutls_psk_client_credentials_function *
- func);
- protected:
- gnutls_psk_client_credentials_t cred;
- };
-
-
-} /* namespace */
-
-#endif /* GNUTLSXX_H */
+ class DB:private noncopyable {
+ public:
+ virtual ~ DB() = 0;
+ virtual bool store(const gnutls_datum_t & key,
+ const gnutls_datum_t & data) = 0;
+ virtual bool retrieve(const gnutls_datum_t & key,
+ gnutls_datum_t & data) = 0;
+ virtual bool remove(const gnutls_datum_t & key) = 0;
+ };
+
+ class server_session:public session {
+ public:
+ server_session();
+ ~server_session();
+ void db_remove() const;
+
+ void set_db_cache_expiration(unsigned int seconds);
+ void set_db(const DB & db);
+
+ // returns true if session is expired
+ bool db_check_entry(gnutls_datum_t & session_data) const;
+
+ // server side only
+ const char *get_srp_username() const;
+ const char *get_psk_username() const;
+
+ void get_server_name(void *data, size_t * data_length,
+ unsigned int *type,
+ unsigned int indx) const;
+
+ int rehandshake();
+ void set_certificate_request(gnutls_certificate_request_t);
+ };
+
+ class client_session:public session {
+ public:
+ client_session();
+ ~client_session();
+
+ void set_server_name(gnutls_server_name_type_t type,
+ const void *name, size_t name_length);
+
+ bool get_request_status();
+ };
+
+
+ class credentials:private noncopyable {
+ public:
+ virtual ~ credentials() {
+ } gnutls_credentials_type_t get_type() const;
+ protected:
+ friend class session;
+ credentials(gnutls_credentials_type_t t);
+ void *ptr() const;
+ void set_ptr(void *ptr);
+ gnutls_credentials_type_t type;
+ private:
+ void *cred;
+ };
+
+ class certificate_credentials:public credentials {
+ public:
+ ~certificate_credentials();
+ certificate_credentials();
+
+ void free_keys();
+ void free_cas();
+ void free_ca_names();
+ void free_crls();
+
+ void set_dh_params(const dh_params & params);
+ void set_rsa_export_params(const rsa_params & params);
+ void set_verify_flags(unsigned int flags);
+ void set_verify_limits(unsigned int max_bits,
+ unsigned int max_depth);
+
+ void set_x509_trust_file(const char *cafile,
+ gnutls_x509_crt_fmt_t type);
+ void set_x509_trust(const gnutls_datum_t & CA,
+ gnutls_x509_crt_fmt_t type);
+ // FIXME: use classes instead of gnutls_x509_crt_t
+ void set_x509_trust(gnutls_x509_crt_t * ca_list,
+ int ca_list_size);
+
+ void set_x509_crl_file(const char *crlfile,
+ gnutls_x509_crt_fmt_t type);
+ void set_x509_crl(const gnutls_datum_t & CRL,
+ gnutls_x509_crt_fmt_t type);
+ void set_x509_crl(gnutls_x509_crl_t * crl_list,
+ int crl_list_size);
+
+ void set_x509_key_file(const char *certfile,
+ const char *KEYFILE,
+ gnutls_x509_crt_fmt_t type);
+ void set_x509_key(const gnutls_datum_t & CERT,
+ const gnutls_datum_t & KEY,
+ gnutls_x509_crt_fmt_t type);
+ // FIXME: use classes
+ void set_x509_key(gnutls_x509_crt_t * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey_t key);
+
+
+ void set_simple_pkcs12_file(const char *pkcs12file,
+ gnutls_x509_crt_fmt_t type,
+ const char *password);
+
+ void set_retrieve_function
+ (gnutls_certificate_retrieve_function * func);
+
+ protected:
+ gnutls_certificate_credentials_t cred;
+ };
+
+ class certificate_server_credentials:public certificate_credentials {
+ public:
+ void set_params_function(gnutls_params_function * func);
+ };
+
+ class certificate_client_credentials:public certificate_credentials {
+ public:
+ };
+
+
+
+
+ class anon_server_credentials:public credentials {
+ public:
+ anon_server_credentials();
+ ~anon_server_credentials();
+ void set_dh_params(const dh_params & params);
+ void set_params_function(gnutls_params_function * func);
+ protected:
+ gnutls_anon_server_credentials_t cred;
+ };
+
+ class anon_client_credentials:public credentials {
+ public:
+ anon_client_credentials();
+ ~anon_client_credentials();
+ protected:
+ gnutls_anon_client_credentials_t cred;
+ };
+
+
+ class srp_server_credentials:public credentials {
+ public:
+ srp_server_credentials();
+ ~srp_server_credentials();
+ void set_credentials_file(const char *password_file,
+ const char *password_conf_file);
+ void set_credentials_function
+ (gnutls_srp_server_credentials_function * func);
+ protected:
+ gnutls_srp_server_credentials_t cred;
+ };
+
+ class srp_client_credentials:public credentials {
+ public:
+ srp_client_credentials();
+ ~srp_client_credentials();
+ void set_credentials(const char *username,
+ const char *password);
+ void set_credentials_function
+ (gnutls_srp_client_credentials_function * func);
+ protected:
+ gnutls_srp_client_credentials_t cred;
+ };
+
+
+ class psk_server_credentials:public credentials {
+ public:
+ psk_server_credentials();
+ ~psk_server_credentials();
+ void set_credentials_file(const char *password_file);
+ void set_credentials_function
+ (gnutls_psk_server_credentials_function * func);
+ void set_dh_params(const dh_params & params);
+ void set_params_function(gnutls_params_function * func);
+ protected:
+ gnutls_psk_server_credentials_t cred;
+ };
+
+ class psk_client_credentials:public credentials {
+ public:
+ psk_client_credentials();
+ ~psk_client_credentials();
+ void set_credentials(const char *username,
+ const gnutls_datum_t & key,
+ gnutls_psk_key_flags flags);
+ void set_credentials_function
+ (gnutls_psk_client_credentials_function * func);
+ protected:
+ gnutls_psk_client_credentials_t cred;
+ };
+
+
+} /* namespace */
+
+#endif /* GNUTLSXX_H */
diff --git a/lib/includes/gnutls/ocsp.h b/lib/includes/gnutls/ocsp.h
index 99046ad276..e7f412251a 100644
--- a/lib/includes/gnutls/ocsp.h
+++ b/lib/includes/gnutls/ocsp.h
@@ -30,8 +30,7 @@
#include <gnutls/x509.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#define GNUTLS_OCSP_NONCE "1.3.6.1.5.5.7.48.1.2"
@@ -43,11 +42,10 @@ extern "C"
*
* Enumeration of different OCSP printing variants.
*/
-typedef enum gnutls_ocsp_print_formats_t
- {
- GNUTLS_OCSP_PRINT_FULL = 0,
- GNUTLS_OCSP_PRINT_COMPACT = 1,
- } gnutls_ocsp_print_formats_t;
+ typedef enum gnutls_ocsp_print_formats_t {
+ GNUTLS_OCSP_PRINT_FULL = 0,
+ GNUTLS_OCSP_PRINT_COMPACT = 1,
+ } gnutls_ocsp_print_formats_t;
/**
* gnutls_ocsp_resp_status_t:
@@ -60,15 +58,14 @@ typedef enum gnutls_ocsp_print_formats_t
*
* Enumeration of different OCSP response status codes.
*/
-typedef enum gnutls_ocsp_resp_status_t
- {
- GNUTLS_OCSP_RESP_SUCCESSFUL = 0,
- GNUTLS_OCSP_RESP_MALFORMEDREQUEST = 1,
- GNUTLS_OCSP_RESP_INTERNALERROR = 2,
- GNUTLS_OCSP_RESP_TRYLATER = 3,
- GNUTLS_OCSP_RESP_SIGREQUIRED = 5,
- GNUTLS_OCSP_RESP_UNAUTHORIZED = 6
- } gnutls_ocsp_resp_status_t;
+ typedef enum gnutls_ocsp_resp_status_t {
+ GNUTLS_OCSP_RESP_SUCCESSFUL = 0,
+ GNUTLS_OCSP_RESP_MALFORMEDREQUEST = 1,
+ GNUTLS_OCSP_RESP_INTERNALERROR = 2,
+ GNUTLS_OCSP_RESP_TRYLATER = 3,
+ GNUTLS_OCSP_RESP_SIGREQUIRED = 5,
+ GNUTLS_OCSP_RESP_UNAUTHORIZED = 6
+ } gnutls_ocsp_resp_status_t;
/**
* gnutls_ocsp_cert_status_t:
@@ -79,12 +76,11 @@ typedef enum gnutls_ocsp_resp_status_t
*
* Enumeration of different OCSP response certificate status codes.
*/
-typedef enum gnutls_ocsp_cert_status_t
- {
- GNUTLS_OCSP_CERT_GOOD = 0,
- GNUTLS_OCSP_CERT_REVOKED = 1,
- GNUTLS_OCSP_CERT_UNKNOWN = 2
- } gnutls_ocsp_cert_status_t;
+ typedef enum gnutls_ocsp_cert_status_t {
+ GNUTLS_OCSP_CERT_GOOD = 0,
+ GNUTLS_OCSP_CERT_REVOKED = 1,
+ GNUTLS_OCSP_CERT_UNKNOWN = 2
+ } gnutls_ocsp_cert_status_t;
/**
* gnutls_x509_crl_reason_t:
@@ -103,19 +99,18 @@ typedef enum gnutls_ocsp_cert_status_t
* corresponds to the CRLReason ASN.1 enumeration type, and not the
* ReasonFlags ASN.1 bit string.
*/
-typedef enum gnutls_x509_crl_reason_t
- {
- GNUTLS_X509_CRLREASON_UNSPECIFIED = 0,
- GNUTLS_X509_CRLREASON_KEYCOMPROMISE = 1,
- GNUTLS_X509_CRLREASON_CACOMPROMISE = 2,
- GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED = 3,
- GNUTLS_X509_CRLREASON_SUPERSEDED = 4,
- GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION = 5,
- GNUTLS_X509_CRLREASON_CERTIFICATEHOLD = 6,
- GNUTLS_X509_CRLREASON_REMOVEFROMCRL = 8,
- GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN = 9,
- GNUTLS_X509_CRLREASON_AACOMPROMISE = 10
- } gnutls_x509_crl_reason_t;
+ typedef enum gnutls_x509_crl_reason_t {
+ GNUTLS_X509_CRLREASON_UNSPECIFIED = 0,
+ GNUTLS_X509_CRLREASON_KEYCOMPROMISE = 1,
+ GNUTLS_X509_CRLREASON_CACOMPROMISE = 2,
+ GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED = 3,
+ GNUTLS_X509_CRLREASON_SUPERSEDED = 4,
+ GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION = 5,
+ GNUTLS_X509_CRLREASON_CERTIFICATEHOLD = 6,
+ GNUTLS_X509_CRLREASON_REMOVEFROMCRL = 8,
+ GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN = 9,
+ GNUTLS_X509_CRLREASON_AACOMPROMISE = 10
+ } gnutls_x509_crl_reason_t;
/**
* gnutls_ocsp_verify_reason_t:
@@ -130,130 +125,134 @@ typedef enum gnutls_x509_crl_reason_t
* Enumeration of OCSP verify status codes, used by
* gnutls_ocsp_resp_verify() and gnutls_ocsp_resp_verify_direct().
*/
-typedef enum gnutls_ocsp_verify_reason_t
- {
- GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND = 1,
- GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR = 2,
- GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER = 4,
- GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM = 8,
- GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE = 16,
- GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED = 32,
- GNUTLS_OCSP_VERIFY_CERT_EXPIRED = 64
- } gnutls_ocsp_verify_reason_t;
+ typedef enum gnutls_ocsp_verify_reason_t {
+ GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND = 1,
+ GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR = 2,
+ GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER = 4,
+ GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM = 8,
+ GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE = 16,
+ GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED = 32,
+ GNUTLS_OCSP_VERIFY_CERT_EXPIRED = 64
+ } gnutls_ocsp_verify_reason_t;
- struct gnutls_ocsp_req_int;
- typedef struct gnutls_ocsp_req_int *gnutls_ocsp_req_t;
+ struct gnutls_ocsp_req_int;
+ typedef struct gnutls_ocsp_req_int *gnutls_ocsp_req_t;
- int gnutls_ocsp_req_init (gnutls_ocsp_req_t * req);
- void gnutls_ocsp_req_deinit (gnutls_ocsp_req_t req);
+ int gnutls_ocsp_req_init(gnutls_ocsp_req_t * req);
+ void gnutls_ocsp_req_deinit(gnutls_ocsp_req_t req);
- int gnutls_ocsp_req_import (gnutls_ocsp_req_t req,
- const gnutls_datum_t * data);
- int gnutls_ocsp_req_export (gnutls_ocsp_req_t req, gnutls_datum_t * data);
- int gnutls_ocsp_req_print (gnutls_ocsp_req_t req,
- gnutls_ocsp_print_formats_t format,
- gnutls_datum_t * out);
+ int gnutls_ocsp_req_import(gnutls_ocsp_req_t req,
+ const gnutls_datum_t * data);
+ int gnutls_ocsp_req_export(gnutls_ocsp_req_t req,
+ gnutls_datum_t * data);
+ int gnutls_ocsp_req_print(gnutls_ocsp_req_t req,
+ gnutls_ocsp_print_formats_t format,
+ gnutls_datum_t * out);
- int gnutls_ocsp_req_get_version (gnutls_ocsp_req_t req);
+ int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req);
- int gnutls_ocsp_req_get_cert_id (gnutls_ocsp_req_t req,
- unsigned indx,
- gnutls_digest_algorithm_t *digest,
- gnutls_datum_t *issuer_name_hash,
- gnutls_datum_t *issuer_key_hash,
- gnutls_datum_t *serial_number);
- int gnutls_ocsp_req_add_cert_id (gnutls_ocsp_req_t req,
- gnutls_digest_algorithm_t digest,
- const gnutls_datum_t *issuer_name_hash,
- const gnutls_datum_t *issuer_key_hash,
- const gnutls_datum_t *serial_number);
- int gnutls_ocsp_req_add_cert (gnutls_ocsp_req_t req,
- gnutls_digest_algorithm_t digest,
- gnutls_x509_crt_t issuer,
- gnutls_x509_crt_t cert);
+ int gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req,
+ unsigned indx,
+ gnutls_digest_algorithm_t * digest,
+ gnutls_datum_t * issuer_name_hash,
+ gnutls_datum_t * issuer_key_hash,
+ gnutls_datum_t * serial_number);
+ int gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req,
+ gnutls_digest_algorithm_t digest,
+ const gnutls_datum_t *
+ issuer_name_hash,
+ const gnutls_datum_t *
+ issuer_key_hash,
+ const gnutls_datum_t *
+ serial_number);
+ int gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req,
+ gnutls_digest_algorithm_t digest,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_crt_t cert);
- int gnutls_ocsp_req_get_extension (gnutls_ocsp_req_t req,
- unsigned indx,
- gnutls_datum_t *oid,
- unsigned int *critical,
- gnutls_datum_t *data);
- int gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t req,
- const char *oid,
- unsigned int critical,
- const gnutls_datum_t *data);
+ int gnutls_ocsp_req_get_extension(gnutls_ocsp_req_t req,
+ unsigned indx,
+ gnutls_datum_t * oid,
+ unsigned int *critical,
+ gnutls_datum_t * data);
+ int gnutls_ocsp_req_set_extension(gnutls_ocsp_req_t req,
+ const char *oid,
+ unsigned int critical,
+ const gnutls_datum_t * data);
- int gnutls_ocsp_req_get_nonce (gnutls_ocsp_req_t req,
- unsigned int *critical,
- gnutls_datum_t *nonce);
- int gnutls_ocsp_req_set_nonce (gnutls_ocsp_req_t req,
- unsigned int critical,
- const gnutls_datum_t *nonce);
- int gnutls_ocsp_req_randomize_nonce (gnutls_ocsp_req_t req);
+ int gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_t req,
+ unsigned int *critical,
+ gnutls_datum_t * nonce);
+ int gnutls_ocsp_req_set_nonce(gnutls_ocsp_req_t req,
+ unsigned int critical,
+ const gnutls_datum_t * nonce);
+ int gnutls_ocsp_req_randomize_nonce(gnutls_ocsp_req_t req);
- struct gnutls_ocsp_resp_int;
- typedef struct gnutls_ocsp_resp_int *gnutls_ocsp_resp_t;
+ struct gnutls_ocsp_resp_int;
+ typedef struct gnutls_ocsp_resp_int *gnutls_ocsp_resp_t;
- int gnutls_ocsp_resp_init (gnutls_ocsp_resp_t * resp);
- void gnutls_ocsp_resp_deinit (gnutls_ocsp_resp_t resp);
+ int gnutls_ocsp_resp_init(gnutls_ocsp_resp_t * resp);
+ void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp);
- int gnutls_ocsp_resp_import (gnutls_ocsp_resp_t resp,
- const gnutls_datum_t * data);
- int gnutls_ocsp_resp_export (gnutls_ocsp_resp_t resp,
- gnutls_datum_t * data);
- int gnutls_ocsp_resp_print (gnutls_ocsp_resp_t resp,
- gnutls_ocsp_print_formats_t format,
- gnutls_datum_t * out);
+ int gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp,
+ const gnutls_datum_t * data);
+ int gnutls_ocsp_resp_export(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * data);
+ int gnutls_ocsp_resp_print(gnutls_ocsp_resp_t resp,
+ gnutls_ocsp_print_formats_t format,
+ gnutls_datum_t * out);
- int gnutls_ocsp_resp_get_status (gnutls_ocsp_resp_t resp);
- int gnutls_ocsp_resp_get_response (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *response_type_oid,
- gnutls_datum_t *response);
+ int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp);
+ int gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t *
+ response_type_oid,
+ gnutls_datum_t * response);
- int gnutls_ocsp_resp_get_version (gnutls_ocsp_resp_t resp);
- int gnutls_ocsp_resp_get_responder (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *dn);
- time_t gnutls_ocsp_resp_get_produced (gnutls_ocsp_resp_t resp);
- int gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp,
- unsigned indx,
- gnutls_digest_algorithm_t *digest,
- gnutls_datum_t *issuer_name_hash,
- gnutls_datum_t *issuer_key_hash,
- gnutls_datum_t *serial_number,
- unsigned int *cert_status,
- time_t *this_update,
- time_t *next_update,
- time_t *revocation_time,
- unsigned int *revocation_reason);
- int gnutls_ocsp_resp_get_extension (gnutls_ocsp_resp_t resp,
- unsigned indx,
- gnutls_datum_t *oid,
- unsigned int *critical,
- gnutls_datum_t *data);
- int gnutls_ocsp_resp_get_nonce (gnutls_ocsp_resp_t resp,
- unsigned int *critical,
- gnutls_datum_t *nonce);
- int gnutls_ocsp_resp_get_signature_algorithm (gnutls_ocsp_resp_t resp);
- int gnutls_ocsp_resp_get_signature (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *sig);
- int gnutls_ocsp_resp_get_certs (gnutls_ocsp_resp_t resp,
- gnutls_x509_crt_t ** certs,
- size_t *ncerts);
+ int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp);
+ int gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * dn);
+ time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp);
+ int gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
+ unsigned indx,
+ gnutls_digest_algorithm_t * digest,
+ gnutls_datum_t * issuer_name_hash,
+ gnutls_datum_t * issuer_key_hash,
+ gnutls_datum_t * serial_number,
+ unsigned int *cert_status,
+ time_t * this_update,
+ time_t * next_update,
+ time_t * revocation_time,
+ unsigned int *revocation_reason);
+ int gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_t resp,
+ unsigned indx,
+ gnutls_datum_t * oid,
+ unsigned int *critical,
+ gnutls_datum_t * data);
+ int gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_t resp,
+ unsigned int *critical,
+ gnutls_datum_t * nonce);
+ int gnutls_ocsp_resp_get_signature_algorithm(gnutls_ocsp_resp_t
+ resp);
+ int gnutls_ocsp_resp_get_signature(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * sig);
+ int gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp,
+ gnutls_x509_crt_t ** certs,
+ size_t * ncerts);
- int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
- gnutls_x509_crt_t issuer,
- unsigned int *verify,
- unsigned int flags);
- int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
- gnutls_x509_trust_list_t trustlist,
- unsigned int *verify,
- unsigned int flags);
+ int gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp,
+ gnutls_x509_crt_t issuer,
+ unsigned int *verify,
+ unsigned int flags);
+ int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t resp,
+ gnutls_x509_trust_list_t trustlist,
+ unsigned int *verify,
+ unsigned int flags);
- int gnutls_ocsp_resp_check_crt (gnutls_ocsp_resp_t resp,
- unsigned int indx,
- gnutls_x509_crt_t crt);
+ int gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
+ unsigned int indx,
+ gnutls_x509_crt_t crt);
#ifdef __cplusplus
}
#endif
-
-#endif /* GNUTLS_OCSP_H */
+#endif /* GNUTLS_OCSP_H */
diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h
index e87e2d307f..abb0ed348b 100644
--- a/lib/includes/gnutls/openpgp.h
+++ b/lib/includes/gnutls/openpgp.h
@@ -31,8 +31,7 @@
#include <limits.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/* Openpgp certificate stuff
@@ -45,257 +44,270 @@ extern "C"
*
* Enumeration of different OpenPGP key formats.
*/
- typedef enum gnutls_openpgp_crt_fmt
- {
- GNUTLS_OPENPGP_FMT_RAW,
- GNUTLS_OPENPGP_FMT_BASE64
- } gnutls_openpgp_crt_fmt_t;
+ typedef enum gnutls_openpgp_crt_fmt {
+ GNUTLS_OPENPGP_FMT_RAW,
+ GNUTLS_OPENPGP_FMT_BASE64
+ } gnutls_openpgp_crt_fmt_t;
#define GNUTLS_OPENPGP_KEYID_SIZE 8
#define GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE 20
- typedef unsigned char gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE];
+ typedef unsigned char
+ gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE];
/* gnutls_openpgp_cert_t should be defined in gnutls.h
*/
- /* initializes the memory for gnutls_openpgp_crt_t struct */
- int gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key);
- /* frees all memory */
- void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key);
-
- int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format);
- int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size);
- int gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_datum_t * out);
-
- int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
+ /* initializes the memory for gnutls_openpgp_crt_t struct */
+ int gnutls_openpgp_crt_init(gnutls_openpgp_crt_t * key);
+ /* frees all memory */
+ void gnutls_openpgp_crt_deinit(gnutls_openpgp_crt_t key);
+
+ int gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format);
+ int gnutls_openpgp_crt_export(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_openpgp_crt_export2(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_openpgp_crt_print(gnutls_openpgp_crt_t cert,
+ gnutls_certificate_print_formats_t
+ format, gnutls_datum_t * out);
/* The key_usage flags are defined in gnutls.h. They are
* the GNUTLS_KEY_* definitions.
*/
#define GNUTLS_OPENPGP_MASTER_KEYID_IDX INT_MAX
- int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
- unsigned int *key_usage);
- int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *fpr,
- size_t * fprlen);
- int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
- unsigned int idx,
- void *fpr, size_t * fprlen);
-
- int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
- int idx, char *buf, size_t * sizeof_buf);
-
- gnutls_pk_algorithm_t
- gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int *bits);
-
- int gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key);
-
- time_t gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key);
- time_t gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key);
-
- int gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid);
-
- int gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
- const char *hostname);
-
- int gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key);
-
- int gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key);
- int gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t keyid);
- int gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
- unsigned int idx);
- gnutls_pk_algorithm_t
- gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *bits);
- time_t gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t
- key, unsigned int idx);
- time_t gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t
- key,
- unsigned int idx);
- int gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid);
- int gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *key_usage);
-
- int gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y);
- int gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e);
- int gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y);
- int gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * m,
- gnutls_datum_t * e);
-
- int gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid);
- int
- gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t
- keyid);
+ int gnutls_openpgp_crt_get_key_usage(gnutls_openpgp_crt_t key,
+ unsigned int *key_usage);
+ int gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t key,
+ void *fpr, size_t * fprlen);
+ int gnutls_openpgp_crt_get_subkey_fingerprint(gnutls_openpgp_crt_t
+ key,
+ unsigned int idx,
+ void *fpr,
+ size_t * fprlen);
+
+ int gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key,
+ int idx, char *buf,
+ size_t * sizeof_buf);
+
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t key,
+ unsigned int *bits);
+
+ int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key);
+
+ time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t
+ key);
+ time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t
+ key);
+
+ int gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyid_t keyid);
+
+ int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key,
+ const char *hostname);
+
+ int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t
+ key);
+
+ int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key);
+ int gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key,
+ const gnutls_openpgp_keyid_t
+ keyid);
+ int gnutls_openpgp_crt_get_subkey_revoked_status
+ (gnutls_openpgp_crt_t key, unsigned int idx);
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t
+ key,
+ unsigned int idx,
+ unsigned int *bits);
+ time_t
+ gnutls_openpgp_crt_get_subkey_creation_time
+ (gnutls_openpgp_crt_t key, unsigned int idx);
+ time_t
+ gnutls_openpgp_crt_get_subkey_expiration_time
+ (gnutls_openpgp_crt_t key, unsigned int idx);
+ int gnutls_openpgp_crt_get_subkey_id(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid);
+ int gnutls_openpgp_crt_get_subkey_usage(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ unsigned int *key_usage);
+
+ int gnutls_openpgp_crt_get_subkey_pk_dsa_raw(gnutls_openpgp_crt_t
+ crt, unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+ int gnutls_openpgp_crt_get_subkey_pk_rsa_raw(gnutls_openpgp_crt_t
+ crt, unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+ int gnutls_openpgp_crt_get_pk_dsa_raw(gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+ int gnutls_openpgp_crt_get_pk_rsa_raw(gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+
+ int gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t
+ key,
+ gnutls_openpgp_keyid_t
+ keyid);
+ int
+ gnutls_openpgp_crt_set_preferred_key_id(gnutls_openpgp_crt_t key,
+ const
+ gnutls_openpgp_keyid_t
+ keyid);
/* privkey stuff.
*/
- int gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key);
- void gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key);
- gnutls_pk_algorithm_t
- gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key,
- unsigned int *bits);
-
- gnutls_sec_param_t
- gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key);
- int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const char *password,
- unsigned int flags);
-
- int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
- void *fpr, size_t * fprlen);
- int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t
- key, unsigned int idx,
- void *fpr,
- size_t * fprlen);
- int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_keyid_t keyid);
- int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key);
- int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t
- keyid);
-
- int
- gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
- key, unsigned int idx);
-
- int gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t
- key);
-
- gnutls_pk_algorithm_t
- gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t
- key, unsigned int idx,
- unsigned int *bits);
-
- time_t
- gnutls_openpgp_privkey_get_subkey_expiration_time
- (gnutls_openpgp_privkey_t key, unsigned int idx);
-
- int gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid);
-
- time_t
- gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t
- key, unsigned int idx);
-
- int
- gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t
- pkey, unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x);
- int gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t
- pkey, unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u);
-
- int gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x);
- int gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u);
-
- int gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- void *output_data,
- size_t * output_data_size);
- int gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- gnutls_datum_t * out);
-
- int
- gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t
- keyid);
- int gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t
- key,
- gnutls_openpgp_keyid_t
- keyid);
-
- int gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flag);
+ int gnutls_openpgp_privkey_init(gnutls_openpgp_privkey_t * key);
+ void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey_t key);
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_privkey_get_pk_algorithm
+ (gnutls_openpgp_privkey_t key, unsigned int *bits);
+
+ gnutls_sec_param_t
+ gnutls_openpgp_privkey_sec_param(gnutls_openpgp_privkey_t key);
+ int gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
+
+ int gnutls_openpgp_privkey_get_fingerprint(gnutls_openpgp_privkey_t
+ key, void *fpr,
+ size_t * fprlen);
+ int gnutls_openpgp_privkey_get_subkey_fingerprint
+ (gnutls_openpgp_privkey_t key, unsigned int idx, void *fpr,
+ size_t * fprlen);
+ int gnutls_openpgp_privkey_get_key_id(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_keyid_t
+ keyid);
+ int gnutls_openpgp_privkey_get_subkey_count
+ (gnutls_openpgp_privkey_t key);
+ int gnutls_openpgp_privkey_get_subkey_idx(gnutls_openpgp_privkey_t
+ key,
+ const
+ gnutls_openpgp_keyid_t
+ keyid);
+
+ int
+ gnutls_openpgp_privkey_get_subkey_revoked_status
+ (gnutls_openpgp_privkey_t key, unsigned int idx);
+
+ int gnutls_openpgp_privkey_get_revoked_status
+ (gnutls_openpgp_privkey_t key);
+
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm
+ (gnutls_openpgp_privkey_t key, unsigned int idx,
+ unsigned int *bits);
+
+ time_t
+ gnutls_openpgp_privkey_get_subkey_expiration_time
+ (gnutls_openpgp_privkey_t key, unsigned int idx);
+
+ int gnutls_openpgp_privkey_get_subkey_id(gnutls_openpgp_privkey_t
+ key, unsigned int idx,
+ gnutls_openpgp_keyid_t
+ keyid);
+
+ time_t
+ gnutls_openpgp_privkey_get_subkey_creation_time
+ (gnutls_openpgp_privkey_t key, unsigned int idx);
+
+ int
+ gnutls_openpgp_privkey_export_subkey_dsa_raw
+ (gnutls_openpgp_privkey_t pkey, unsigned int idx,
+ gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g,
+ gnutls_datum_t * y, gnutls_datum_t * x);
+ int gnutls_openpgp_privkey_export_subkey_rsa_raw
+ (gnutls_openpgp_privkey_t pkey, unsigned int idx,
+ gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d,
+ gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u);
+
+ int gnutls_openpgp_privkey_export_dsa_raw(gnutls_openpgp_privkey_t
+ pkey, gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x);
+ int gnutls_openpgp_privkey_export_rsa_raw(gnutls_openpgp_privkey_t
+ pkey, gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u);
+
+ int gnutls_openpgp_privkey_export(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_openpgp_privkey_export2(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ gnutls_datum_t * out);
+
+ int
+ gnutls_openpgp_privkey_set_preferred_key_id
+ (gnutls_openpgp_privkey_t key,
+ const gnutls_openpgp_keyid_t keyid);
+ int gnutls_openpgp_privkey_get_preferred_key_id
+ (gnutls_openpgp_privkey_t key, gnutls_openpgp_keyid_t keyid);
+
+ int gnutls_openpgp_crt_get_auth_subkey(gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_keyid_t
+ keyid, unsigned int flag);
/* Keyring stuff.
*/
- int gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring);
- void gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring);
+ int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t *
+ keyring);
+ void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t
+ keyring);
- int gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format);
+ int gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t keyring,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format);
- int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
- const gnutls_openpgp_keyid_t keyid,
- unsigned int flags);
+ int gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring,
+ const gnutls_openpgp_keyid_t
+ keyid, unsigned int flags);
- int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyring_t keyring,
- unsigned int flags, unsigned int *verify
- /* the output of the verification */ );
+ int gnutls_openpgp_crt_verify_ring(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyring_t
+ keyring, unsigned int flags,
+ unsigned int *verify
+ /* the output of the verification */
+ );
- int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
- unsigned int flags,
- unsigned int *verify);
+ int gnutls_openpgp_crt_verify_self(gnutls_openpgp_crt_t key,
+ unsigned int flags,
+ unsigned int *verify);
- int gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring,
- unsigned int idx,
- gnutls_openpgp_crt_t * cert);
+ int gnutls_openpgp_keyring_get_crt(gnutls_openpgp_keyring_t ring,
+ unsigned int idx,
+ gnutls_openpgp_crt_t * cert);
- int gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring);
+ int gnutls_openpgp_keyring_get_crt_count(gnutls_openpgp_keyring_t
+ ring);
@@ -316,59 +328,56 @@ extern "C"
* Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
* otherwise an error code is returned.
*/
- typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t session,
- const unsigned char *keyfpr,
- unsigned int keyfpr_length,
- gnutls_datum_t * key);
+ typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t
+ session,
+ const unsigned char
+ *keyfpr,
+ unsigned int
+ keyfpr_length,
+ gnutls_datum_t * key);
- void
- gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
- gnutls_openpgp_recv_key_func func);
+ void
+ gnutls_openpgp_set_recv_key_function(gnutls_session_t session,
+ gnutls_openpgp_recv_key_func
+ func);
/* certificate authentication stuff.
*/
- int gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res,
- gnutls_openpgp_crt_t crt,
- gnutls_openpgp_privkey_t pkey);
-
- int
- gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t
- res, const char *certfile,
- const char *keyfile,
- gnutls_openpgp_crt_fmt_t format);
- int gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t
- res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_openpgp_crt_fmt_t
- format);
-
- int
- gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t
- res, const char *certfile,
- const char *keyfile,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t
- format);
- int
- gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t
- res, const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t format);
-
- int gnutls_certificate_set_openpgp_keyring_mem (
- gnutls_certificate_credentials_t c, const unsigned char *data,
- size_t dlen, gnutls_openpgp_crt_fmt_t format);
-
- int gnutls_certificate_set_openpgp_keyring_file (
- gnutls_certificate_credentials_t c, const char *file,
- gnutls_openpgp_crt_fmt_t format);
+ int gnutls_certificate_set_openpgp_key
+ (gnutls_certificate_credentials_t res,
+ gnutls_openpgp_crt_t crt, gnutls_openpgp_privkey_t pkey);
+
+ int
+ gnutls_certificate_set_openpgp_key_file
+ (gnutls_certificate_credentials_t res, const char *certfile,
+ const char *keyfile, gnutls_openpgp_crt_fmt_t format);
+ int gnutls_certificate_set_openpgp_key_mem
+ (gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert, const gnutls_datum_t * key,
+ gnutls_openpgp_crt_fmt_t format);
+
+ int
+ gnutls_certificate_set_openpgp_key_file2
+ (gnutls_certificate_credentials_t res, const char *certfile,
+ const char *keyfile, const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format);
+ int
+ gnutls_certificate_set_openpgp_key_mem2
+ (gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert, const gnutls_datum_t * key,
+ const char *subkey_id, gnutls_openpgp_crt_fmt_t format);
+
+ int gnutls_certificate_set_openpgp_keyring_mem
+ (gnutls_certificate_credentials_t c, const unsigned char *data,
+ size_t dlen, gnutls_openpgp_crt_fmt_t format);
+
+ int gnutls_certificate_set_openpgp_keyring_file
+ (gnutls_certificate_credentials_t c, const char *file,
+ gnutls_openpgp_crt_fmt_t format);
#ifdef __cplusplus
}
#endif
-
-#endif /* GNUTLS_OPENPGP_H */
+#endif /* GNUTLS_OPENPGP_H */
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index d3e641b7f1..13015c0bef 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -29,8 +29,7 @@
#include <gnutls/x509.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#define GNUTLS_PKCS11_MAX_PIN_LEN 32
@@ -53,46 +52,51 @@ extern "C"
*
* Since: 2.12.0
**/
-typedef int (*gnutls_pkcs11_token_callback_t) (void *const userdata,
- const char *const label,
- unsigned retry);
+ typedef int (*gnutls_pkcs11_token_callback_t) (void *const
+ userdata,
+ const char *const
+ label,
+ unsigned retry);
-struct gnutls_pkcs11_obj_st;
-typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
+ struct gnutls_pkcs11_obj_st;
+ typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
-#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
-#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
+#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
+#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
/* pkcs11.conf format:
* load = /lib/xxx-pkcs11.so
* load = /lib/yyy-pkcs11.so
*/
-int gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file);
-int gnutls_pkcs11_reinit (void);
-void gnutls_pkcs11_deinit (void);
-void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
- void *userdata);
-
-void gnutls_pkcs11_set_pin_function (gnutls_pin_callback_t fn,
- void *userdata);
-
-gnutls_pin_callback_t gnutls_pkcs11_get_pin_function (void **userdata);
-
-int gnutls_pkcs11_add_provider (const char *name, const char *params);
-int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj);
-void gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t obj,
- gnutls_pin_callback_t fn,
- void *userdata);
-
-#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
-#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a security officer in the token for the operation */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private (requires PIN to access) */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not private */
+ int gnutls_pkcs11_init(unsigned int flags,
+ const char *deprecated_config_file);
+ int gnutls_pkcs11_reinit(void);
+ void gnutls_pkcs11_deinit(void);
+ void gnutls_pkcs11_set_token_function
+ (gnutls_pkcs11_token_callback_t fn, void *userdata);
+
+ void gnutls_pkcs11_set_pin_function(gnutls_pin_callback_t fn,
+ void *userdata);
+
+ gnutls_pin_callback_t gnutls_pkcs11_get_pin_function(void
+ **userdata);
+
+ int gnutls_pkcs11_add_provider(const char *name,
+ const char *params);
+ int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj);
+ void gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj,
+ gnutls_pin_callback_t fn,
+ void *userdata);
+
+#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
+#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a security officer in the token for the operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private (requires PIN to access) */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not private */
/**
* gnutls_pkcs11_url_type_t:
@@ -102,41 +106,51 @@ void gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t obj,
*
* Enumeration of different URL extraction flags.
*/
-typedef enum
- {
- GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
- GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */
- GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */
- } gnutls_pkcs11_url_type_t;
-
-int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t obj,
- const char *url,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj,
- gnutls_pkcs11_url_type_t detailed,
- char **url);
-void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj);
-
-int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
- void *output_data, size_t * output_data_size);
-int gnutls_pkcs11_obj_export2 (gnutls_pkcs11_obj_t obj,
- gnutls_datum_t *out);
-
-int gnutls_pkcs11_copy_x509_crt (const char *token_url, gnutls_x509_crt_t crt,
- const char *label, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t key,
- const char *label, unsigned int key_usage /*GNUTLS_KEY_* */, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-
-int gnutls_pkcs11_copy_secret_key (const char *token_url,
- gnutls_datum_t * key, const char *label,
- unsigned int key_usage /* GNUTLS_KEY_* */ ,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ typedef enum {
+ GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
+ GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */
+ GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */
+ } gnutls_pkcs11_url_type_t;
+
+ int gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t obj,
+ const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t obj,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
+ void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t obj);
+
+ int gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_pkcs11_obj_export2(gnutls_pkcs11_obj_t obj,
+ gnutls_datum_t * out);
+
+ int gnutls_pkcs11_copy_x509_crt(const char *token_url,
+ gnutls_x509_crt_t crt,
+ const char *label,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+ int gnutls_pkcs11_copy_x509_privkey(const char *token_url,
+ gnutls_x509_privkey_t key,
+ const char *label,
+ unsigned int key_usage
+ /*GNUTLS_KEY_* */ ,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */
+ );
+ int gnutls_pkcs11_delete_url(const char *object_url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+
+ int gnutls_pkcs11_copy_secret_key(const char *token_url,
+ gnutls_datum_t * key,
+ const char *label,
+ unsigned int key_usage
+ /* GNUTLS_KEY_* */ ,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
/**
* gnutls_pkcs11_obj_info_t:
@@ -153,24 +167,23 @@ int gnutls_pkcs11_copy_secret_key (const char *token_url,
*
* Enumeration of several object information types.
*/
-typedef enum
- {
- GNUTLS_PKCS11_OBJ_ID_HEX = 1,
- GNUTLS_PKCS11_OBJ_LABEL,
- GNUTLS_PKCS11_OBJ_TOKEN_LABEL,
- GNUTLS_PKCS11_OBJ_TOKEN_SERIAL,
- GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER,
- GNUTLS_PKCS11_OBJ_TOKEN_MODEL,
- GNUTLS_PKCS11_OBJ_ID,
- /* the pkcs11 provider library info */
- GNUTLS_PKCS11_OBJ_LIBRARY_VERSION,
- GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION,
- GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER
- } gnutls_pkcs11_obj_info_t;
-
-int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size);
+ typedef enum {
+ GNUTLS_PKCS11_OBJ_ID_HEX = 1,
+ GNUTLS_PKCS11_OBJ_LABEL,
+ GNUTLS_PKCS11_OBJ_TOKEN_LABEL,
+ GNUTLS_PKCS11_OBJ_TOKEN_SERIAL,
+ GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER,
+ GNUTLS_PKCS11_OBJ_TOKEN_MODEL,
+ GNUTLS_PKCS11_OBJ_ID,
+ /* the pkcs11 provider library info */
+ GNUTLS_PKCS11_OBJ_LIBRARY_VERSION,
+ GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION,
+ GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER
+ } gnutls_pkcs11_obj_info_t;
+
+ int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size);
/**
* gnutls_pkcs11_obj_attr_t:
@@ -184,16 +197,15 @@ int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
*
* Enumeration of several attributes for object enumeration.
*/
-typedef enum
- {
- GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
- GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */
- GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
- GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
- GNUTLS_PKCS11_OBJ_ATTR_ALL, /* everything! */
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, /* CAs */
- } gnutls_pkcs11_obj_attr_t;
+ typedef enum {
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */
+ GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
+ GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
+ GNUTLS_PKCS11_OBJ_ATTR_ALL, /* everything! */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, /* CAs */
+ } gnutls_pkcs11_obj_attr_t;
/**
* gnutls_pkcs11_token_info_t:
@@ -204,13 +216,12 @@ typedef enum
*
* Enumeration of types for retrieving token information.
*/
-typedef enum
- {
- GNUTLS_PKCS11_TOKEN_LABEL,
- GNUTLS_PKCS11_TOKEN_SERIAL,
- GNUTLS_PKCS11_TOKEN_MANUFACTURER,
- GNUTLS_PKCS11_TOKEN_MODEL
- } gnutls_pkcs11_token_info_t;
+ typedef enum {
+ GNUTLS_PKCS11_TOKEN_LABEL,
+ GNUTLS_PKCS11_TOKEN_SERIAL,
+ GNUTLS_PKCS11_TOKEN_MANUFACTURER,
+ GNUTLS_PKCS11_TOKEN_MODEL
+ } gnutls_pkcs11_token_info_t;
/**
* gnutls_pkcs11_obj_type_t:
@@ -223,108 +234,120 @@ typedef enum
*
* Enumeration of object types.
*/
-typedef enum
- {
- GNUTLS_PKCS11_OBJ_UNKNOWN,
- GNUTLS_PKCS11_OBJ_X509_CRT,
- GNUTLS_PKCS11_OBJ_PUBKEY,
- GNUTLS_PKCS11_OBJ_PRIVKEY,
- GNUTLS_PKCS11_OBJ_SECRET_KEY,
- GNUTLS_PKCS11_OBJ_DATA
- } gnutls_pkcs11_obj_type_t;
-
-int
-gnutls_pkcs11_token_init (const char *token_url,
- const char *so_pin, const char *label);
-
-int
-gnutls_pkcs11_token_get_mechanism (const char *url, unsigned int idx,
- unsigned long *mechanism);
-
-int gnutls_pkcs11_token_set_pin (const char *token_url,
- const char *oldpin,
- const char *newpin,
- unsigned int flags /*gnutls_pin_flag_t */
- );
-
-int gnutls_pkcs11_token_get_url (unsigned int seq,
- gnutls_pkcs11_url_type_t detailed,
- char **url);
-int gnutls_pkcs11_token_get_info (const char *url,
- gnutls_pkcs11_token_info_t ttype,
- void *output, size_t * output_size);
+ typedef enum {
+ GNUTLS_PKCS11_OBJ_UNKNOWN,
+ GNUTLS_PKCS11_OBJ_X509_CRT,
+ GNUTLS_PKCS11_OBJ_PUBKEY,
+ GNUTLS_PKCS11_OBJ_PRIVKEY,
+ GNUTLS_PKCS11_OBJ_SECRET_KEY,
+ GNUTLS_PKCS11_OBJ_DATA
+ } gnutls_pkcs11_obj_type_t;
+
+ int
+ gnutls_pkcs11_token_init(const char *token_url,
+ const char *so_pin, const char *label);
+
+ int
+ gnutls_pkcs11_token_get_mechanism(const char *url,
+ unsigned int idx,
+ unsigned long *mechanism);
+
+ int gnutls_pkcs11_token_set_pin(const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pin_flag_t */
+ );
+
+ int gnutls_pkcs11_token_get_url(unsigned int seq,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
+ int gnutls_pkcs11_token_get_info(const char *url,
+ gnutls_pkcs11_token_info_t ttype,
+ void *output,
+ size_t * output_size);
#define GNUTLS_PKCS11_TOKEN_HW 1
-int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags);
-
-int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
- unsigned int *const n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-
-int
-gnutls_pkcs11_obj_list_import_url2 (gnutls_pkcs11_obj_t ** p_list,
- unsigned int *n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-
-int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
- gnutls_pkcs11_obj_t pkcs11_crt);
-int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *url,
- unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
-
-gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t obj);
-const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type);
-
-int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
- unsigned int cert_max,
- gnutls_pkcs11_obj_t * const objs,
- unsigned int flags /* must be zero */);
+ int gnutls_pkcs11_token_get_flags(const char *url,
+ unsigned int *flags);
+
+ int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
+ unsigned int *const n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t
+ attrs, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */
+ );
+
+ int
+ gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list,
+ unsigned int *n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */
+ );
+
+ int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt,
+ gnutls_pkcs11_obj_t pkcs11_crt);
+ int gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt,
+ const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */
+ );
+
+ gnutls_pkcs11_obj_type_t
+ gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t obj);
+ const char *gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t
+ type);
+
+ int gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * certs,
+ unsigned int cert_max,
+ gnutls_pkcs11_obj_t *
+ const objs,
+ unsigned int flags
+ /* must be zero */ );
/* private key functions...*/
-int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key);
-void gnutls_pkcs11_privkey_set_pin_function (gnutls_pkcs11_privkey_t key,
- gnutls_pin_callback_t fn,
- void *userdata);
-void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key);
-int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
- unsigned int *bits);
-int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size);
-
-int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
- const char *url, unsigned int flags);
-
-int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
- gnutls_pkcs11_url_type_t detailed,
- char **url);
-int gnutls_pkcs11_privkey_status (gnutls_pkcs11_privkey_t key);
-
-int gnutls_pkcs11_privkey_generate (const char* url,
- gnutls_pk_algorithm_t pk,
- unsigned int bits,
- const char* label, unsigned int flags);
-
-int
-gnutls_pkcs11_privkey_generate2 (const char* url, gnutls_pk_algorithm_t pk,
- unsigned int bits, const char* label,
- gnutls_x509_crt_fmt_t fmt,
- gnutls_datum_t * pubkey,
- unsigned int flags);
-
-int
-gnutls_pkcs11_token_get_random (const char* token_url,
- void* data,
- size_t len);
+ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key);
+ void gnutls_pkcs11_privkey_set_pin_function(gnutls_pkcs11_privkey_t
+ key,
+ gnutls_pin_callback_t
+ fn, void *userdata);
+ void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key);
+ int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t
+ key,
+ unsigned int *bits);
+ int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output,
+ size_t * output_size);
+
+ int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
+ const char *url,
+ unsigned int flags);
+
+ int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key,
+ gnutls_pkcs11_url_type_t
+ detailed, char **url);
+ int gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key);
+
+ int gnutls_pkcs11_privkey_generate(const char *url,
+ gnutls_pk_algorithm_t pk,
+ unsigned int bits,
+ const char *label,
+ unsigned int flags);
+
+ int
+ gnutls_pkcs11_privkey_generate2(const char *url,
+ gnutls_pk_algorithm_t pk,
+ unsigned int bits,
+ const char *label,
+ gnutls_x509_crt_fmt_t fmt,
+ gnutls_datum_t * pubkey,
+ unsigned int flags);
+
+ int
+ gnutls_pkcs11_token_get_random(const char *token_url,
+ void *data, size_t len);
#ifdef __cplusplus
}
#endif
-
#endif
diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h
index ef8f209679..ad1410d434 100644
--- a/lib/includes/gnutls/pkcs12.h
+++ b/lib/includes/gnutls/pkcs12.h
@@ -26,51 +26,57 @@
#include <gnutls/x509.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
- /* PKCS12 structures handling
- */
- struct gnutls_pkcs12_int;
- typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t;
-
- struct gnutls_pkcs12_bag_int;
- typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t;
-
- int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12);
- void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12);
- int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
- int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
- int gnutls_pkcs12_export2 (gnutls_pkcs12_t pkcs12,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t *out);
-
- int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
- int indx, gnutls_pkcs12_bag_t bag);
- int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag);
-
- int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass);
- int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass);
-
- int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass);
- int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
- unsigned int flags);
+ /* PKCS12 structures handling
+ */
+ struct gnutls_pkcs12_int;
+ typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t;
+
+ struct gnutls_pkcs12_bag_int;
+ typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t;
+
+ int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12);
+ void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12);
+ int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
+ int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12,
+ int indx, gnutls_pkcs12_bag_t bag);
+ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12,
+ gnutls_pkcs12_bag_t bag);
+
+ int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12,
+ const char *pass);
+ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12,
+ const char *pass);
+
+ int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag,
+ const char *pass);
+ int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag,
+ const char *pass,
+ unsigned int flags);
#define GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED 1
- int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
- const char *password,
- gnutls_x509_privkey_t * key,
- gnutls_x509_crt_t ** chain,
- unsigned int * chain_len,
- gnutls_x509_crt_t ** extra_certs,
- unsigned int * extra_certs_len,
- gnutls_x509_crl_t * crl,
- unsigned int flags);
+ int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
+ const char *password,
+ gnutls_x509_privkey_t * key,
+ gnutls_x509_crt_t ** chain,
+ unsigned int *chain_len,
+ gnutls_x509_crt_t ** extra_certs,
+ unsigned int *extra_certs_len,
+ gnutls_x509_crl_t * crl,
+ unsigned int flags);
/**
* gnutls_pkcs12_bag_type_t:
@@ -85,50 +91,49 @@ extern "C"
*
* Enumeration of different PKCS 12 bag types.
*/
- typedef enum gnutls_pkcs12_bag_type_t
- {
- GNUTLS_BAG_EMPTY = 0,
- GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1,
- GNUTLS_BAG_PKCS8_KEY = 2,
- GNUTLS_BAG_CERTIFICATE = 3,
- GNUTLS_BAG_CRL = 4,
- GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12,
- * gnutls extension. We use the PKCS-9
- * random nonce ID 1.2.840.113549.1.9.25.3
- * to store randomly generated keys.
- */
- GNUTLS_BAG_ENCRYPTED = 10,
- GNUTLS_BAG_UNKNOWN = 20
- } gnutls_pkcs12_bag_type_t;
-
- gnutls_pkcs12_bag_type_t
- gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx);
- int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * data);
- int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
- gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * data);
- int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag,
- gnutls_x509_crl_t crl);
- int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag,
- gnutls_x509_crt_t crt);
-
- int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag);
- void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag);
- int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag);
-
- int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * id);
- int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
- const gnutls_datum_t * id);
-
- int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- char **name);
- int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- const char *name);
+ typedef enum gnutls_pkcs12_bag_type_t {
+ GNUTLS_BAG_EMPTY = 0,
+ GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1,
+ GNUTLS_BAG_PKCS8_KEY = 2,
+ GNUTLS_BAG_CERTIFICATE = 3,
+ GNUTLS_BAG_CRL = 4,
+ GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12,
+ * gnutls extension. We use the PKCS-9
+ * random nonce ID 1.2.840.113549.1.9.25.3
+ * to store randomly generated keys.
+ */
+ GNUTLS_BAG_ENCRYPTED = 10,
+ GNUTLS_BAG_UNKNOWN = 20
+ } gnutls_pkcs12_bag_type_t;
+
+ gnutls_pkcs12_bag_type_t
+ gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t bag, int indx);
+ int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * data);
+ int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag,
+ gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * data);
+ int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag,
+ gnutls_x509_crl_t crl);
+ int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag,
+ gnutls_x509_crt_t crt);
+
+ int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag);
+ void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag);
+ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag);
+
+ int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * id);
+ int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx,
+ const gnutls_datum_t * id);
+
+ int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag,
+ int indx, char **name);
+ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag,
+ int indx,
+ const char *name);
#ifdef __cplusplus
}
#endif
-
-#endif /* GNUTLS_PKCS12_H */
+#endif /* GNUTLS_PKCS12_H */
diff --git a/lib/includes/gnutls/tpm.h b/lib/includes/gnutls/tpm.h
index 4d59d2e504..cf2c0dd566 100644
--- a/lib/includes/gnutls/tpm.h
+++ b/lib/includes/gnutls/tpm.h
@@ -27,12 +27,11 @@
#include <gnutls/x509.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
-struct tpm_key_list_st;
-typedef struct tpm_key_list_st *gnutls_tpm_key_list_t;
+ struct tpm_key_list_st;
+ typedef struct tpm_key_list_st *gnutls_tpm_key_list_t;
#define GNUTLS_TPM_KEY_SIGNING (1<<1)
#define GNUTLS_TPM_REGISTER_KEY (1<<2)
@@ -46,31 +45,33 @@ typedef struct tpm_key_list_st *gnutls_tpm_key_list_t;
*
* Enumeration of different certificate encoding formats.
*/
- typedef enum
- {
- GNUTLS_TPMKEY_FMT_RAW = 0,
- GNUTLS_TPMKEY_FMT_DER = GNUTLS_TPMKEY_FMT_RAW,
- GNUTLS_TPMKEY_FMT_CTK_PEM = 1
- } gnutls_tpmkey_fmt_t;
+ typedef enum {
+ GNUTLS_TPMKEY_FMT_RAW = 0,
+ GNUTLS_TPMKEY_FMT_DER = GNUTLS_TPMKEY_FMT_RAW,
+ GNUTLS_TPMKEY_FMT_CTK_PEM = 1
+ } gnutls_tpmkey_fmt_t;
-int
-gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits,
- const char* srk_password,
- const char* key_password,
- gnutls_tpmkey_fmt_t format,
- gnutls_x509_crt_fmt_t pub_format,
- gnutls_datum_t* privkey,
- gnutls_datum_t* pubkey,
- unsigned int flags);
+ int
+ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk,
+ unsigned int bits,
+ const char *srk_password,
+ const char *key_password,
+ gnutls_tpmkey_fmt_t format,
+ gnutls_x509_crt_fmt_t pub_format,
+ gnutls_datum_t * privkey,
+ gnutls_datum_t * pubkey,
+ unsigned int flags);
-void gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list);
-int gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char** url, unsigned int flags);
-int gnutls_tpm_get_registered (gnutls_tpm_key_list_t *list);
-int gnutls_tpm_privkey_delete (const char* url, const char* srk_password);
+ void gnutls_tpm_key_list_deinit(gnutls_tpm_key_list_t list);
+ int gnutls_tpm_key_list_get_url(gnutls_tpm_key_list_t list,
+ unsigned int idx, char **url,
+ unsigned int flags);
+ int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list);
+ int gnutls_tpm_privkey_delete(const char *url,
+ const char *srk_password);
#ifdef __cplusplus
}
#endif
-
#endif
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 3e2bf2b570..c06ff4735e 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -30,8 +30,7 @@
#include <gnutls/gnutls.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/* Some OIDs usually found in Distinguished names, or
@@ -100,94 +99,118 @@ extern "C"
*
* Enumeration of different certificate import flags.
*/
- typedef enum gnutls_certificate_import_flags
- {
- GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1,
- GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2
- } gnutls_certificate_import_flags;
-
- int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
- void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
- int gnutls_x509_crt_import (gnutls_x509_crt_t cert,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
- int gnutls_x509_crt_list_import2 (gnutls_x509_crt_t ** certs,
- unsigned int * size,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
- int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
- unsigned int *cert_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- unsigned int flags);
- int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
- int gnutls_x509_crt_export2 (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t* out);
- int gnutls_x509_crt_get_private_key_usage_period (gnutls_x509_crt_t cert, time_t* activation, time_t* expiration,
- unsigned int *critical);
-
- int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * buf_size);
- int gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn);
- int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size);
- int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- unsigned int raw_flag,
- void *buf, size_t * buf_size);
- int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * buf_size);
- int gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn);
- int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size);
- int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * buf_size);
- int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert,
- const char *hostname);
-
- int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);
- int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
- char *sig, size_t * sizeof_sig);
- int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);
- int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
-
- int gnutls_x509_crt_set_private_key_usage_period (gnutls_x509_crt_t crt,
- time_t activation,
- time_t expiration);
- int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size);
- int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
- void *id, size_t * id_size,
- unsigned int *critical);
- int gnutls_x509_crt_get_authority_key_gn_serial (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *alt,
- size_t * alt_size,
- unsigned int *alt_type,
- void* serial,
- size_t *serial_size,
- unsigned int *critical);
-
- int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,
- void *ret, size_t * ret_size,
- unsigned int *critical);
-
- int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * buf_size);
-
- int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * buf_size);
-
- void gnutls_x509_crt_set_pin_function (gnutls_x509_crt_t crt,
- gnutls_pin_callback_t fn, void *userdata);
+ typedef enum gnutls_certificate_import_flags {
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1,
+ GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2
+ } gnutls_certificate_import_flags;
+
+ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert);
+ void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert);
+ int gnutls_x509_crt_import(gnutls_x509_crt_t cert,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs,
+ unsigned int *size,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
+ int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs,
+ unsigned int *cert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
+ int gnutls_x509_crt_export(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_crt_export2(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+ int gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t
+ cert,
+ time_t *
+ activation,
+ time_t *
+ expiration,
+ unsigned int
+ *critical);
+
+ int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert,
+ char *buf, size_t * buf_size);
+ int gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert,
+ gnutls_datum_t * dn);
+ int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * oid_size);
+ int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ unsigned int raw_flag,
+ void *buf,
+ size_t * buf_size);
+ int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf,
+ size_t * buf_size);
+ int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert,
+ gnutls_datum_t * dn);
+ int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * oid_size);
+ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * buf_size);
+ int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert,
+ const char *hostname);
+
+ int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t
+ cert);
+ int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
+ char *sig, size_t * sizeof_sig);
+ int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert);
+ int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+ int gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t
+ crt,
+ time_t activation,
+ time_t
+ expiration);
+ int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert,
+ const void *id,
+ size_t id_size);
+ int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert,
+ void *id,
+ size_t * id_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t
+ cert,
+ unsigned int seq,
+ void *alt,
+ size_t * alt_size,
+ unsigned int
+ *alt_type,
+ void *serial,
+ size_t *
+ serial_size,
+ unsigned int
+ *critical);
+
+ int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert,
+ void *ret,
+ size_t * ret_size,
+ unsigned int *critical);
+
+ int gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t crt,
+ char *buf,
+ size_t * buf_size);
+
+ int gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t crt,
+ char *buf,
+ size_t * buf_size);
+
+ void gnutls_x509_crt_set_pin_function(gnutls_x509_crt_t crt,
+ gnutls_pin_callback_t fn,
+ void *userdata);
/**
* gnutls_info_access_what_t:
@@ -200,22 +223,24 @@ extern "C"
* Enumeration of types for the @what parameter of
* gnutls_x509_crt_get_authority_info_access().
*/
- typedef enum gnutls_info_access_what_t
- {
- GNUTLS_IA_ACCESSMETHOD_OID = 1,
- GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE = 2,
- /* use 100-108 for the generalName types, populate as needed */
- GNUTLS_IA_URI = 106,
- /* quick-access variants that match both OID and name type. */
- GNUTLS_IA_OCSP_URI = 10006,
- GNUTLS_IA_CAISSUERS_URI = 10106
- } gnutls_info_access_what_t;
-
- int gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,
- unsigned int seq,
- int what,
- gnutls_datum_t * data,
- unsigned int *critical);
+ typedef enum gnutls_info_access_what_t {
+ GNUTLS_IA_ACCESSMETHOD_OID = 1,
+ GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE = 2,
+ /* use 100-108 for the generalName types, populate as needed */
+ GNUTLS_IA_URI = 106,
+ /* quick-access variants that match both OID and name type. */
+ GNUTLS_IA_OCSP_URI = 10006,
+ GNUTLS_IA_CAISSUERS_URI = 10106
+ } gnutls_info_access_what_t;
+
+ int gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t
+ crt,
+ unsigned int seq,
+ int what,
+ gnutls_datum_t *
+ data,
+ unsigned int
+ *critical);
#define GNUTLS_CRL_REASON_SUPERSEEDED GNUTLS_CRL_REASON_SUPERSEDED,
/**
@@ -232,110 +257,125 @@ extern "C"
*
* Enumeration of types for the CRL revocation reasons.
*/
- typedef enum gnutls_x509_crl_reason_flags_t
- {
- GNUTLS_CRL_REASON_UNSPECIFIED=0,
- GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN=1,
- GNUTLS_CRL_REASON_CERTIFICATE_HOLD=2,
- GNUTLS_CRL_REASON_CESSATION_OF_OPERATION=4,
- GNUTLS_CRL_REASON_SUPERSEDED=8,
- GNUTLS_CRL_REASON_AFFILIATION_CHANGED=16,
- GNUTLS_CRL_REASON_CA_COMPROMISE=32,
- GNUTLS_CRL_REASON_KEY_COMPROMISE=64,
- GNUTLS_CRL_REASON_UNUSED=128,
- GNUTLS_CRL_REASON_AA_COMPROMISE=32768
- } gnutls_x509_crl_reason_flags_t;
-
- int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *reason_flags,
- unsigned int *critical);
- int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- unsigned int reason_flags);
- int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const void *data_string,
- unsigned int reason_flags);
- int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
- gnutls_x509_crt_t src);
-
- int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
-
- time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert);
- time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert);
- int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
- size_t * result_size);
-
- int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,
- unsigned int *bits);
- int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e);
- int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y);
-
- int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *san,
- size_t * san_size,
- unsigned int *critical);
- int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *san,
- size_t * san_size,
- unsigned int *san_type,
- unsigned int *critical);
-
- int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *oid,
- size_t * oid_size);
-
- int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *ian,
- size_t * ian_size,
- unsigned int *critical);
- int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *ian,
- size_t * ian_size,
- unsigned int *ian_type,
- unsigned int *critical);
-
- int gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret,
- size_t * ret_size);
-
- int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,
- unsigned int *critical);
- int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
- unsigned int *critical,
- unsigned int *ca, int *pathlen);
+ typedef enum gnutls_x509_crl_reason_flags_t {
+ GNUTLS_CRL_REASON_UNSPECIFIED = 0,
+ GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN = 1,
+ GNUTLS_CRL_REASON_CERTIFICATE_HOLD = 2,
+ GNUTLS_CRL_REASON_CESSATION_OF_OPERATION = 4,
+ GNUTLS_CRL_REASON_SUPERSEDED = 8,
+ GNUTLS_CRL_REASON_AFFILIATION_CHANGED = 16,
+ GNUTLS_CRL_REASON_CA_COMPROMISE = 32,
+ GNUTLS_CRL_REASON_KEY_COMPROMISE = 64,
+ GNUTLS_CRL_REASON_UNUSED = 128,
+ GNUTLS_CRL_REASON_AA_COMPROMISE = 32768
+ } gnutls_x509_crl_reason_flags_t;
+
+ int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ret,
+ size_t * ret_size,
+ unsigned int *reason_flags,
+ unsigned int *critical);
+ int gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int
+ reason_flags);
+ int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type,
+ const void *data_string,
+ unsigned int reason_flags);
+ int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst,
+ gnutls_x509_crt_t src);
+
+ int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert);
+ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert);
+ int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert,
+ void *result, size_t * result_size);
+
+ int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert,
+ unsigned int *bits);
+ int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+ int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+
+ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *san,
+ size_t * san_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *san,
+ size_t * san_size,
+ unsigned int *san_type,
+ unsigned int *critical);
+
+ int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t
+ cert,
+ unsigned int seq,
+ void *oid,
+ size_t *
+ oid_size);
+
+ int gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ian,
+ size_t * ian_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ian,
+ size_t * ian_size,
+ unsigned int *ian_type,
+ unsigned int *critical);
+
+ int gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t
+ cert,
+ unsigned int seq,
+ void *ret,
+ size_t *
+ ret_size);
+
+ int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ unsigned int *ca,
+ int *pathlen);
/* The key_usage flags are defined in gnutls.h. They are the
* GNUTLS_KEY_* definitions.
*/
- int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
- unsigned int *key_usage,
- unsigned int *critical);
- int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt,
- unsigned int usage);
- int gnutls_x509_crt_set_authority_info_access (gnutls_x509_crt_t crt,
- int what,
- gnutls_datum_t * data);
-
- int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *pathlen,
- char **policyLanguage,
- char **policy, size_t * sizeof_policy);
+ int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert,
+ unsigned int *key_usage,
+ unsigned int *critical);
+ int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt,
+ unsigned int usage);
+ int gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t
+ crt, int what,
+ gnutls_datum_t *
+ data);
+
+ int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ int *pathlen,
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy);
#define GNUTLS_MAX_QUALIFIERS 8
@@ -347,310 +387,349 @@ extern "C"
*
* Enumeration of types for the X.509 qualifiers, of the certificate policy extension.
*/
- typedef enum gnutls_x509_qualifier_t
- {
- GNUTLS_X509_QUALIFIER_UNKNOWN = 0, GNUTLS_X509_QUALIFIER_URI,
- GNUTLS_X509_QUALIFIER_NOTICE
- } gnutls_x509_qualifier_t;
-
- typedef struct gnutls_x509_policy_st
- {
- char* oid;
- unsigned int qualifiers;
- struct {
- gnutls_x509_qualifier_t type;
- char* data;
- unsigned int size;
- } qualifier[GNUTLS_MAX_QUALIFIERS];
- } gnutls_x509_policy_st;
-
- void gnutls_x509_policy_release(struct gnutls_x509_policy_st* policy);
- int gnutls_x509_crt_get_policy (gnutls_x509_crt_t crt, int indx,
- struct gnutls_x509_policy_st* policy,
- unsigned int * critical);
- int gnutls_x509_crt_set_policy (gnutls_x509_crt_t crt, struct gnutls_x509_policy_st* policy,
- unsigned int critical);
-
- int gnutls_x509_dn_oid_known (const char *oid);
+ typedef enum gnutls_x509_qualifier_t {
+ GNUTLS_X509_QUALIFIER_UNKNOWN =
+ 0, GNUTLS_X509_QUALIFIER_URI,
+ GNUTLS_X509_QUALIFIER_NOTICE
+ } gnutls_x509_qualifier_t;
+
+ typedef struct gnutls_x509_policy_st {
+ char *oid;
+ unsigned int qualifiers;
+ struct {
+ gnutls_x509_qualifier_t type;
+ char *data;
+ unsigned int size;
+ } qualifier[GNUTLS_MAX_QUALIFIERS];
+ } gnutls_x509_policy_st;
+
+ void gnutls_x509_policy_release(struct gnutls_x509_policy_st
+ *policy);
+ int gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, int indx,
+ struct gnutls_x509_policy_st
+ *policy, unsigned int *critical);
+ int gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt,
+ struct gnutls_x509_policy_st
+ *policy, unsigned int critical);
+
+ int gnutls_x509_dn_oid_known(const char *oid);
#define GNUTLS_X509_DN_OID_RETURN_OID 1
- const char* gnutls_x509_dn_oid_name (const char *oid, unsigned int flags);
-
- /* Read extensions by OID. */
- int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size);
- int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- void *buf, size_t * buf_size,
- unsigned int *critical);
-
- /* Read extensions by sequence number. */
- int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size,
- unsigned int *critical);
- int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
- void *data, size_t * sizeof_data);
-
- int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- const void *buf,
- size_t sizeof_buf,
- unsigned int critical);
+ const char *gnutls_x509_dn_oid_name(const char *oid,
+ unsigned int flags);
+
+ /* Read extensions by OID. */
+ int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * oid_size);
+ int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ void *buf,
+ size_t * buf_size,
+ unsigned int *critical);
+
+ /* Read extensions by sequence number. */
+ int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * oid_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert,
+ int indx, void *data,
+ size_t * sizeof_data);
+
+ int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt,
+ const char *oid,
+ const void *buf,
+ size_t sizeof_buf,
+ unsigned int critical);
/* X.509 Certificate writing.
*/
- int gnutls_x509_crt_set_dn (gnutls_x509_crt_t crt, const char *dn, const char** err);
-
- int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name);
- int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name);
- int gnutls_x509_crt_set_issuer_dn (gnutls_x509_crt_t crt, const char *dn, const char** err);
-
- int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt,
- unsigned int version);
- int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt,
- gnutls_x509_privkey_t key);
- int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca);
- int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
- unsigned int ca,
- int pathLenConstraint);
- int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type,
- const char *data_string);
- int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- unsigned int flags);
- int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key);
- int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
- int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert,
- time_t act_time);
- int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert,
- time_t exp_time);
- int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial,
- size_t serial_size);
-
- int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size);
-
- int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt,
- gnutls_x509_crt_t eecrt,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name);
- int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
- int pathLenConstraint,
- const char *policyLanguage,
- const char *policy, size_t sizeof_policy);
-
- int gnutls_x509_crt_print (gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
- int gnutls_x509_crl_print (gnutls_x509_crl_t crl,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
-
- /* Access to internal Certificate fields.
- */
- int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
- gnutls_datum_t * start);
- int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert,
- gnutls_datum_t * start);
+ int gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn,
+ const char **err);
+
+ int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
+ int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
+ int gnutls_x509_crt_set_issuer_dn(gnutls_x509_crt_t crt,
+ const char *dn,
+ const char **err);
+
+ int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt,
+ unsigned int version);
+ int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt,
+ gnutls_x509_privkey_t key);
+ int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt,
+ unsigned int ca);
+ int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt,
+ unsigned int ca,
+ int pathLenConstraint);
+ int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t
+ crt,
+ gnutls_x509_subject_alt_name_t
+ type,
+ const char
+ *data_string);
+ int gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int flags);
+ int gnutls_x509_crt_sign(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key);
+ int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+ int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert,
+ time_t act_time);
+ int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert,
+ time_t exp_time);
+ int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert,
+ const void *serial,
+ size_t serial_size);
+
+ int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert,
+ const void *id,
+ size_t id_size);
+
+ int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t eecrt,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
+ int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt,
+ int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy);
+
+ int gnutls_x509_crt_print(gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t
+ format, gnutls_datum_t * out);
+ int gnutls_x509_crl_print(gnutls_x509_crl_t crl,
+ gnutls_certificate_print_formats_t
+ format, gnutls_datum_t * out);
+
+ /* Access to internal Certificate fields.
+ */
+ int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert,
+ gnutls_datum_t * start);
+ int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert,
+ gnutls_datum_t * start);
/* RDN handling.
*/
- int gnutls_x509_rdn_get (const gnutls_datum_t * idn,
- char *buf, size_t * sizeof_buf);
- int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
- int indx, void *buf, size_t * sizeof_buf);
+ int gnutls_x509_rdn_get(const gnutls_datum_t * idn,
+ char *buf, size_t * sizeof_buf);
+ int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn,
+ int indx, void *buf,
+ size_t * sizeof_buf);
- int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf);
+ int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
- typedef void *gnutls_x509_dn_t;
+ typedef void *gnutls_x509_dn_t;
- typedef struct gnutls_x509_ava_st
- {
- gnutls_datum_t oid;
- gnutls_datum_t value;
- unsigned long value_tag;
- } gnutls_x509_ava_st;
+ typedef struct gnutls_x509_ava_st {
+ gnutls_datum_t oid;
+ gnutls_datum_t value;
+ unsigned long value_tag;
+ } gnutls_x509_ava_st;
- int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert,
- gnutls_x509_dn_t * dn);
- int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_dn_t * dn);
- int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn,
- int iava, gnutls_x509_ava_st * ava);
+ int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert,
+ gnutls_x509_dn_t * dn);
+ int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert,
+ gnutls_x509_dn_t * dn);
+ int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, int irdn,
+ int iava, gnutls_x509_ava_st * ava);
- int gnutls_x509_dn_init (gnutls_x509_dn_t * dn);
+ int gnutls_x509_dn_init(gnutls_x509_dn_t * dn);
- int gnutls_x509_dn_import (gnutls_x509_dn_t dn,
- const gnutls_datum_t * data);
+ int gnutls_x509_dn_import(gnutls_x509_dn_t dn,
+ const gnutls_datum_t * data);
- int gnutls_x509_dn_export (gnutls_x509_dn_t dn,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size);
- int gnutls_x509_dn_export2 (gnutls_x509_dn_t dn,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out);
+ int gnutls_x509_dn_export(gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_dn_export2(gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
- void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn);
+ void gnutls_x509_dn_deinit(gnutls_x509_dn_t dn);
/* CRL handling functions.
*/
- int gnutls_x509_crl_init (gnutls_x509_crl_t * crl);
- void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);
-
- int gnutls_x509_crl_import (gnutls_x509_crl_t crl,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
- int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
- int gnutls_x509_crl_export2 (gnutls_x509_crl_t crl,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t *out);
-
- int
- gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
- gnutls_datum_t * dn);
-
- int gnutls_x509_crl_get_issuer_dn (gnutls_x509_crl_t crl,
- char *buf, size_t * sizeof_buf);
- int gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t* dn);
- int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
- const char *oid, int indx,
- unsigned int raw_flag,
- void *buf, size_t * sizeof_buf);
- int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid);
-
- int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl);
- int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
- char *sig, size_t * sizeof_sig);
- int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl);
-
- time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl);
- time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl);
-
- int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);
- int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
- unsigned char *serial,
- size_t * serial_size, time_t * t);
+ int gnutls_x509_crl_init(gnutls_x509_crl_t * crl);
+ void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl);
+
+ int gnutls_x509_crl_import(gnutls_x509_crl_t crl,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_x509_crl_export(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_crl_export2(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int
+ gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn);
+
+ int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl_t crl,
+ char *buf, size_t * sizeof_buf);
+ int gnutls_x509_crl_get_issuer_dn2(gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn);
+ int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl,
+ const char *oid, int indx,
+ unsigned int raw_flag,
+ void *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid);
+
+ int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl);
+ int gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl,
+ char *sig, size_t * sizeof_sig);
+ int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl);
+
+ time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl);
+ time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl);
+
+ int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl);
+ int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int indx,
+ unsigned char *serial,
+ size_t * serial_size,
+ time_t * t);
#define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count
#define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial
- int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer);
+ int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer);
- int gnutls_x509_crl_list_import2 (gnutls_x509_crl_t ** crls,
- unsigned int * size,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags);
+ int gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** crls,
+ unsigned int *size,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
- int gnutls_x509_crl_list_import (gnutls_x509_crl_t * crls,
- unsigned int *crl_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- unsigned int flags);
+ int gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls,
+ unsigned int *crl_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
/* CRL writing.
*/
- int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl,
- unsigned int version);
- int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl,
- time_t act_time);
- int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl,
- time_t exp_time);
- int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
- const void *serial,
- size_t serial_size,
- time_t revocation_time);
- int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t crt, time_t revocation_time);
-
- int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *id,
- size_t * id_size,
- unsigned int *critical);
- int gnutls_x509_crl_get_authority_key_gn_serial (gnutls_x509_crl_t crl,
- unsigned int seq,
- void *alt,
- size_t * alt_size,
- unsigned int *alt_type,
- void* serial,
- size_t *serial_size,
- unsigned int *critical);
-
- int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
- size_t * ret_size, unsigned int *critical);
-
- int gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid);
-
- int gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical);
-
- int gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
- void *data, size_t * sizeof_data);
-
- int gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
- const void *id, size_t id_size);
-
- int gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
- const void *nr, size_t nr_size);
+ int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl,
+ unsigned int version);
+ int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl,
+ time_t act_time);
+ int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl,
+ time_t exp_time);
+ int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl,
+ const void *serial,
+ size_t serial_size,
+ time_t revocation_time);
+ int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t crt,
+ time_t revocation_time);
+
+ int gnutls_x509_crl_get_authority_key_id(gnutls_x509_crl_t crl,
+ void *id,
+ size_t * id_size,
+ unsigned int *critical);
+ int gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t
+ crl,
+ unsigned int seq,
+ void *alt,
+ size_t * alt_size,
+ unsigned int
+ *alt_type,
+ void *serial,
+ size_t *
+ serial_size,
+ unsigned int
+ *critical);
+
+ int gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret,
+ size_t * ret_size,
+ unsigned int *critical);
+
+ int gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl,
+ int indx, void *oid,
+ size_t * sizeof_oid);
+
+ int gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl,
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical);
+
+ int gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl,
+ int indx, void *data,
+ size_t * sizeof_data);
+
+ int gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl,
+ const void *id,
+ size_t id_size);
+
+ int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl,
+ const void *nr, size_t nr_size);
/* PKCS7 structures handling
*/
- struct gnutls_pkcs7_int;
- typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
-
- int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7);
- void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7);
- int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
- int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
- int gnutls_pkcs7_export2 (gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t *out);
-
- int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7);
- int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx,
- void *certificate, size_t * certificate_size);
-
- int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7,
- const gnutls_datum_t * crt);
- int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
- int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx);
-
- int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
- int indx, void *crl, size_t * crl_size);
- int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7);
-
- int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7,
- const gnutls_datum_t * crl);
- int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
- int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx);
+ struct gnutls_pkcs7_int;
+ typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
+
+ int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7);
+ void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7);
+ int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7);
+ int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, int indx,
+ void *certificate,
+ size_t * certificate_size);
+
+ int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7,
+ const gnutls_datum_t * crt);
+ int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_t crt);
+ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx);
+
+ int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
+ int indx, void *crl,
+ size_t * crl_size);
+ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7);
+
+ int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7,
+ const gnutls_datum_t * crl);
+ int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crl_t crl);
+ int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx);
/* X.509 Certificate verification functions.
*/
@@ -694,57 +773,58 @@ extern "C"
*
* Enumeration of different certificate verify flags.
*/
- typedef enum gnutls_certificate_verify_flags
- {
- GNUTLS_VERIFY_DISABLE_CA_SIGN = 1<<0,
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 1<<1,
- GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1<<2,
- GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1<<3,
- GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1<<4,
- GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1<<5,
- GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1<<6,
- GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1<<7,
- GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1<<8,
- GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1<<9,
- GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1<<10,
- GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1<<11,
- } gnutls_certificate_verify_flags;
-
- int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer);
-
- int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
- int cert_list_length,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length,
- const gnutls_x509_crl_t * CRL_list,
- int CRL_list_length,
- unsigned int flags, unsigned int *verify);
-
- int gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length, unsigned int flags,
- unsigned int *verify);
- int gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length, unsigned int flags,
- unsigned int *verify);
-
- int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
- const gnutls_x509_crl_t *
- crl_list, int crl_list_length);
-
- int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
- gnutls_digest_algorithm_t algo,
- void *buf, size_t * buf_size);
-
- int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
- int indx, void *oid,
- size_t * oid_size,
- unsigned int *critical);
- int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
- const void *oid,
- unsigned int critical);
+ typedef enum gnutls_certificate_verify_flags {
+ GNUTLS_VERIFY_DISABLE_CA_SIGN = 1 << 0,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 1 << 1,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1 << 2,
+ GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1 << 3,
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1 << 4,
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1 << 5,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1 << 6,
+ GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1 << 7,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1 << 8,
+ GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1 << 9,
+ GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11,
+ } gnutls_certificate_verify_flags;
+
+ int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer);
+
+ int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t *
+ cert_list, int cert_list_length,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length,
+ const gnutls_x509_crl_t * CRL_list,
+ int CRL_list_length,
+ unsigned int flags,
+ unsigned int *verify);
+
+ int gnutls_x509_crt_verify(gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify);
+ int gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify);
+
+ int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
+ const gnutls_x509_crl_t *
+ crl_list,
+ int crl_list_length);
+
+ int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert,
+ gnutls_digest_algorithm_t algo,
+ void *buf, size_t * buf_size);
+
+ int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * oid_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert,
+ const void *oid,
+ unsigned int critical);
/* Private key handling.
*/
@@ -771,351 +851,398 @@ extern "C"
*
* Enumeration of different PKCS encryption flags.
*/
- typedef enum gnutls_pkcs_encrypt_flags_t
- {
- GNUTLS_PKCS_PLAIN = 1,
- GNUTLS_PKCS_USE_PKCS12_3DES = 2,
- GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
- GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
- GNUTLS_PKCS_USE_PBES2_3DES = 16,
- GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
- GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
- GNUTLS_PKCS_USE_PBES2_AES_256 = 128,
- GNUTLS_PKCS_NULL_PASSWORD = 256
- } gnutls_pkcs_encrypt_flags_t;
-
- int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
- void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
- gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t
- key);
- int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
- gnutls_x509_privkey_t src);
- int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
- int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags);
- int gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key,
- const gnutls_datum_t *data,
- const char* password);
-
- int gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char* password, unsigned int flags);
-
- int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u);
- int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u,
- const gnutls_datum_t * e1,
- const gnutls_datum_t * e2);
- int gnutls_x509_privkey_import_ecc_raw (gnutls_x509_privkey_t key,
- gnutls_ecc_curve_t curve,
- const gnutls_datum_t * x,
- const gnutls_datum_t * y,
- const gnutls_datum_t * k);
-
- int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key);
-
- int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x);
- int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y,
- const gnutls_datum_t * x);
-
- int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);
- int gnutls_x509_privkey_get_pk_algorithm2 (gnutls_x509_privkey_t key, unsigned int *bits);
- int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
-
- int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
- gnutls_pk_algorithm_t algo,
- unsigned int bits, unsigned int flags);
- int gnutls_x509_privkey_verify_params (gnutls_x509_privkey_t key);
-
- int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size);
- int gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out);
- int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- void *output_data,
- size_t * output_data_size);
- int gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- gnutls_datum_t * out);
- int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u,
- gnutls_datum_t * e1,
- gnutls_datum_t * e2);
- int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u);
- int gnutls_x509_privkey_export_ecc_raw (gnutls_x509_privkey_t key,
- gnutls_ecc_curve_t *curve,
- gnutls_datum_t * x, gnutls_datum_t * y,
- gnutls_datum_t* k);
+ typedef enum gnutls_pkcs_encrypt_flags_t {
+ GNUTLS_PKCS_PLAIN = 1,
+ GNUTLS_PKCS_USE_PKCS12_3DES = 2,
+ GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
+ GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
+ GNUTLS_PKCS_USE_PBES2_3DES = 16,
+ GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
+ GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
+ GNUTLS_PKCS_USE_PBES2_AES_256 = 128,
+ GNUTLS_PKCS_NULL_PASSWORD = 256
+ } gnutls_pkcs_encrypt_flags_t;
+
+ int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key);
+ void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key);
+ gnutls_sec_param_t
+ gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key);
+ int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst,
+ gnutls_x509_privkey_t src);
+ int gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
+ int gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ const char *password);
+
+ int gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
+
+ int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u);
+ int gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u,
+ const gnutls_datum_t * e1,
+ const gnutls_datum_t * e2);
+ int gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key,
+ gnutls_ecc_curve_t curve,
+ const gnutls_datum_t * x,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * k);
+
+ int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key);
+
+ int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x);
+ int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * x);
+
+ int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t
+ key);
+ int gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t
+ key, unsigned int *bits);
+ int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+ int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,
+ gnutls_pk_algorithm_t algo,
+ unsigned int bits,
+ unsigned int flags);
+ int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t key);
+
+ int gnutls_x509_privkey_export(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_privkey_export2(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+ int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ gnutls_datum_t * out);
+ int gnutls_x509_privkey_export_rsa_raw2(gnutls_x509_privkey_t key,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u,
+ gnutls_datum_t * e1,
+ gnutls_datum_t * e2);
+ int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u);
+ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key,
+ gnutls_ecc_curve_t * curve,
+ gnutls_datum_t * x,
+ gnutls_datum_t * y,
+ gnutls_datum_t * k);
/* Certificate request stuff.
*/
- int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq,
- gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags);
-
- int gnutls_x509_crq_print (gnutls_x509_crq_t crq,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out);
-
- int gnutls_x509_crq_verify (gnutls_x509_crq_t crq, unsigned int flags);
-
- int gnutls_x509_crq_init (gnutls_x509_crq_t * crq);
- void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq);
- int gnutls_x509_crq_import (gnutls_x509_crq_t crq,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format);
-
- int gnutls_x509_crq_get_private_key_usage_period (gnutls_x509_crq_t cert, time_t* activation, time_t* expiration,
- unsigned int *critical);
-
- int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf,
- size_t * sizeof_buf);
- int gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t* dn);
- int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid);
- int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf);
- int gnutls_x509_crq_set_dn (gnutls_x509_crq_t crq, const char *dn, const char** err);
- int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq,
- const char *oid,
- unsigned int raw_flag,
- const void *data,
- unsigned int sizeof_data);
- int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq,
- unsigned int version);
- int gnutls_x509_crq_get_version (gnutls_x509_crq_t crq);
- int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq,
- gnutls_x509_privkey_t key);
-
- int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
- const char *pass);
- int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
- char *pass,
- size_t * sizeof_pass);
-
- int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, void *buf,
- size_t sizeof_buf);
- int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- void *buf, size_t * sizeof_buf);
-
- int gnutls_x509_crq_export (gnutls_x509_crq_t crq,
- gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
- int gnutls_x509_crq_export2 (gnutls_x509_crq_t crq,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out);
-
- int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
- int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
- gnutls_x509_crq_t crq);
-
- int gnutls_x509_crq_set_private_key_usage_period (gnutls_x509_crq_t crq,
- time_t activation,
- time_t expiration);
- int gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e);
- int gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq,
- gnutls_x509_subject_alt_name_t nt,
- const void *data,
- unsigned int data_size,
- unsigned int flags);
-
- int gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq,
- unsigned int usage);
- int gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int ca,
- int pathLenConstraint);
- int gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
- const void *oid,
- unsigned int critical);
- int gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical);
-
- int gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data);
- int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical);
- int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data);
- int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid);
- int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq,
- unsigned int *bits);
-
- int gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
- int gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq,
- gnutls_datum_t * m,
- gnutls_datum_t * e);
-
- int gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
- unsigned int *key_usage,
- unsigned int *critical);
- int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int *critical,
- unsigned int *ca, int *pathlen);
- int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical);
- int gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
- unsigned int seq,
- void *ret,
- size_t * ret_size);
-
- int gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- void *buf, size_t * sizeof_buf,
- unsigned int *critical);
-
- typedef struct gnutls_x509_trust_list_st *gnutls_x509_trust_list_t;
-
- int
- gnutls_x509_trust_list_init (gnutls_x509_trust_list_t * list, unsigned int size);
-
- void
- gnutls_x509_trust_list_deinit (gnutls_x509_trust_list_t list, unsigned int all);
-
- int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags);
-
- int
- gnutls_x509_trust_list_add_cas (gnutls_x509_trust_list_t list,
- const gnutls_x509_crt_t * clist, int clist_size, unsigned int flags);
- int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list,
- const gnutls_x509_crt_t * clist,
- int clist_size);
-
- int gnutls_x509_trust_list_add_named_crt (gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert, const void* name, size_t name_size, unsigned int flags);
+ int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq,
+ gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+ int gnutls_x509_crq_print(gnutls_x509_crq_t crq,
+ gnutls_certificate_print_formats_t
+ format, gnutls_datum_t * out);
+
+ int gnutls_x509_crq_verify(gnutls_x509_crq_t crq,
+ unsigned int flags);
+
+ int gnutls_x509_crq_init(gnutls_x509_crq_t * crq);
+ void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq);
+ int gnutls_x509_crq_import(gnutls_x509_crq_t crq,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+
+ int gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t
+ cert,
+ time_t *
+ activation,
+ time_t *
+ expiration,
+ unsigned int
+ *critical);
+
+ int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crq_get_dn2(gnutls_x509_crq_t crq,
+ gnutls_datum_t * dn);
+ int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid);
+ int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crq_set_dn(gnutls_x509_crq_t crq, const char *dn,
+ const char **err);
+ int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *data,
+ unsigned int sizeof_data);
+ int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq,
+ unsigned int version);
+ int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq);
+ int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq,
+ gnutls_x509_privkey_t key);
+
+ int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq,
+ const char *pass);
+ int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq,
+ char *pass,
+ size_t * sizeof_pass);
+
+ int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq,
+ const char *oid,
+ void *buf,
+ size_t sizeof_buf);
+ int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ void *buf,
+ size_t * sizeof_buf);
+
+ int gnutls_x509_crq_export(gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_crq_export2(gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt,
+ gnutls_x509_crq_t crq);
+ int gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
+ gnutls_x509_crq_t crq);
+
+ int gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t
+ crq,
+ time_t activation,
+ time_t
+ expiration);
+ int gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e);
+ int gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq,
+ gnutls_x509_subject_alt_name_t
+ nt, const void *data,
+ unsigned int data_size,
+ unsigned int flags);
+
+ int gnutls_x509_crq_set_key_usage(gnutls_x509_crq_t crq,
+ unsigned int usage);
+ int gnutls_x509_crq_set_basic_constraints(gnutls_x509_crq_t crq,
+ unsigned int ca,
+ int pathLenConstraint);
+ int gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq,
+ const void *oid,
+ unsigned int critical);
+ int gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq,
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical);
+
+ int gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq,
+ int indx, void *data,
+ size_t * sizeof_data);
+ int gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq,
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical);
+ int gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq,
+ int indx, void *data,
+ size_t * sizeof_data);
+ int gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq,
+ int indx, void *oid,
+ size_t * sizeof_oid);
+ int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq,
+ unsigned int *bits);
+
+ int gnutls_x509_crq_get_key_id(gnutls_x509_crq_t crq,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t crq,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+
+ int gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t crq,
+ unsigned int *key_usage,
+ unsigned int *critical);
+ int gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq,
+ unsigned int *critical,
+ unsigned int *ca,
+ int *pathlen);
+ int gnutls_x509_crq_get_subject_alt_name(gnutls_x509_crq_t crq,
+ unsigned int seq,
+ void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical);
+ int gnutls_x509_crq_get_subject_alt_othername_oid(gnutls_x509_crq_t
+ crq,
+ unsigned int seq,
+ void *ret,
+ size_t *
+ ret_size);
+
+ int gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ void *buf,
+ size_t * sizeof_buf,
+ unsigned int *critical);
+
+ typedef struct gnutls_x509_trust_list_st *gnutls_x509_trust_list_t;
+
+ int
+ gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list,
+ unsigned int size);
+
+ void
+ gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list,
+ unsigned int all);
+
+ int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t
+ list, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t * issuer,
+ unsigned int flags);
+
+ int
+ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
+ const gnutls_x509_crt_t * clist,
+ int clist_size,
+ unsigned int flags);
+ int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t
+ list,
+ const gnutls_x509_crt_t *
+ clist, int clist_size);
+
+ int gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t
+ list,
+ gnutls_x509_crt_t cert,
+ const void *name,
+ size_t name_size,
+ unsigned int flags);
#define GNUTLS_TL_VERIFY_CRL 1
- int
- gnutls_x509_trust_list_add_crls (gnutls_x509_trust_list_t list,
- const gnutls_x509_crl_t * crl_list, int crl_size, unsigned int flags,
- unsigned int verification_flags);
-
- typedef int gnutls_verify_output_function (
- gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer, /* The issuer if verification failed
- * because of him. might be null.
- */
- gnutls_x509_crl_t crl, /* The CRL that caused verification failure
- * if any. Might be null.
- */
- unsigned int verification_output);
-
- int gnutls_x509_trust_list_verify_named_crt (
- gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert,
- const void * name, size_t name_size,
- unsigned int flags,
- unsigned int *verify,
- gnutls_verify_output_function func);
-
- int
- gnutls_x509_trust_list_verify_crt (
- gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t *cert_list,
- unsigned int cert_list_size,
- unsigned int flags,
- unsigned int *verify,
- gnutls_verify_output_function func);
-
- /* trust list convenience functions */
-int
-gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list,
- const gnutls_datum_t * cas,
- const gnutls_datum_t * crls,
- gnutls_x509_crt_fmt_t type,
- unsigned int tl_flags,
- unsigned int tl_vflags);
-
-int
-gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
- const char* ca_file,
- const char* crl_file,
- gnutls_x509_crt_fmt_t type,
- unsigned int tl_flags,
- unsigned int tl_vflags);
-
-int
-gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list,
- const char* ca_file,
- gnutls_x509_crt_fmt_t type);
-
-int
-gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list,
- const gnutls_datum_t * cas,
- gnutls_x509_crt_fmt_t type);
-
-int
-gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags);
-
-void gnutls_certificate_set_trust_list (gnutls_certificate_credentials_t res,
- gnutls_x509_trust_list_t tlist, unsigned flags);
+ int
+ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
+ const gnutls_x509_crl_t *
+ crl_list, int crl_size,
+ unsigned int flags,
+ unsigned int verification_flags);
+
+ typedef int gnutls_verify_output_function(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, /* The issuer if verification failed
+ * because of him. might be null.
+ */
+ gnutls_x509_crl_t crl, /* The CRL that caused verification failure
+ * if any. Might be null.
+ */
+ unsigned int
+ verification_output);
+
+ int gnutls_x509_trust_list_verify_named_crt
+ (gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert,
+ const void *name, size_t name_size, unsigned int flags,
+ unsigned int *verify, gnutls_verify_output_function func);
+
+ int
+ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
+ gnutls_x509_crt_t * cert_list,
+ unsigned int cert_list_size,
+ unsigned int flags,
+ unsigned int *verify,
+ gnutls_verify_output_function
+ func);
+
+ /* trust list convenience functions */
+ int
+ gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t
+ list,
+ const gnutls_datum_t * cas,
+ const gnutls_datum_t * crls,
+ gnutls_x509_crt_fmt_t type,
+ unsigned int tl_flags,
+ unsigned int tl_vflags);
+
+ int
+ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t
+ list, const char *ca_file,
+ const char *crl_file,
+ gnutls_x509_crt_fmt_t type,
+ unsigned int tl_flags,
+ unsigned int tl_vflags);
+
+ int
+ gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t
+ list,
+ const char *ca_file,
+ gnutls_x509_crt_fmt_t
+ type);
+
+ int
+ gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t
+ list,
+ const gnutls_datum_t *
+ cas,
+ gnutls_x509_crt_fmt_t
+ type);
+
+ int
+ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t
+ list,
+ unsigned int tl_flags,
+ unsigned int tl_vflags);
+
+ void gnutls_certificate_set_trust_list
+ (gnutls_certificate_credentials_t res,
+ gnutls_x509_trust_list_t tlist, unsigned flags);
#ifdef __cplusplus
}
#endif
-
-#endif /* GNUTLS_X509_H */
+#endif /* GNUTLS_X509_H */
diff --git a/lib/includes/gnutls/xssl.h b/lib/includes/gnutls/xssl.h
index 0afe88dc26..578eca6e08 100644
--- a/lib/includes/gnutls/xssl.h
+++ b/lib/includes/gnutls/xssl.h
@@ -27,95 +27,87 @@
typedef struct xssl_st *xssl_t;
typedef struct xssl_cred_st *xssl_cred_t;
-ssize_t xssl_printf (xssl_t sb, const char *fmt, ...)
+ssize_t xssl_printf(xssl_t sb, const char *fmt, ...)
#ifdef __GNUC__
- __attribute__ ((format (printf, 2, 3)))
+ __attribute__ ((format(printf, 2, 3)))
#endif
-;
+ ;
-ssize_t xssl_write (xssl_t sb, const void *data,
- size_t data_size);
+ssize_t xssl_write(xssl_t sb, const void *data, size_t data_size);
-ssize_t xssl_flush (xssl_t sb);
+ssize_t xssl_flush(xssl_t sb);
-ssize_t xssl_read(xssl_t sb, void* data, size_t data_size);
+ssize_t xssl_read(xssl_t sb, void *data, size_t data_size);
ssize_t
-xssl_getdelim (xssl_t sbuf, char **lineptr, size_t *n, int delimiter);
+xssl_getdelim(xssl_t sbuf, char **lineptr, size_t * n, int delimiter);
#define xssl_getline(sbuf, ptr, n) xssl_getdelim(sbuf, ptr, n, '\n')
void xssl_deinit(xssl_t sb);
#define GNUTLS_SBUF_WRITE_FLUSHES (1<<0)
-int xssl_sinit (xssl_t * isb, gnutls_session_t session,
- unsigned int flags);
+int xssl_sinit(xssl_t * isb, gnutls_session_t session, unsigned int flags);
gnutls_session_t xssl_get_session(xssl_t sb);
-int xssl_client_init (xssl_t * isb, const char* hostname,
- const char* service,
- gnutls_transport_ptr fd,
- const char* priority, xssl_cred_t cred,
- unsigned int *status,
- unsigned int flags);
+int xssl_client_init(xssl_t * isb, const char *hostname,
+ const char *service,
+ gnutls_transport_ptr fd,
+ const char *priority, xssl_cred_t cred,
+ unsigned int *status, unsigned int flags);
-int xssl_server_init (xssl_t * isb,
- gnutls_transport_ptr fd,
- const char* priority, xssl_cred_t cred,
- unsigned int *status,
- unsigned int flags);
+int xssl_server_init(xssl_t * isb,
+ gnutls_transport_ptr fd,
+ const char *priority, xssl_cred_t cred,
+ unsigned int *status, unsigned int flags);
/* High level credential structures */
-typedef enum
-{
- GNUTLS_VMETHOD_NO_AUTH = 0,
- GNUTLS_VMETHOD_TOFU = 1<<0,
- GNUTLS_VMETHOD_GIVEN_CAS = 1<<1,
- GNUTLS_VMETHOD_SYSTEM_CAS = 1<<2
+typedef enum {
+ GNUTLS_VMETHOD_NO_AUTH = 0,
+ GNUTLS_VMETHOD_TOFU = 1 << 0,
+ GNUTLS_VMETHOD_GIVEN_CAS = 1 << 1,
+ GNUTLS_VMETHOD_SYSTEM_CAS = 1 << 2
} gnutls_vmethod_t;
-typedef enum
-{
- GNUTLS_CINPUT_TYPE_FILE = 0,
- GNUTLS_CINPUT_TYPE_MEM = 1,
- GNUTLS_CINPUT_TYPE_PIN_FUNC = 2,
+typedef enum {
+ GNUTLS_CINPUT_TYPE_FILE = 0,
+ GNUTLS_CINPUT_TYPE_MEM = 1,
+ GNUTLS_CINPUT_TYPE_PIN_FUNC = 2,
} gnutls_cinput_type_t;
-typedef enum
-{
- GNUTLS_CINPUT_CAS = 1, /* i1 contains the CAs */
- GNUTLS_CINPUT_CRLS = 2,/* i1 contains the CRLs */
- GNUTLS_CINPUT_TOFU_DB = 3, /* i1 contains the DB filename */
- GNUTLS_CINPUT_KEYPAIR = 4, /* i1 contains the certificate, i2 the key
- * or i1.pin_fn contains the pin function,
- * and i2.udata the user pointer */
+typedef enum {
+ GNUTLS_CINPUT_CAS = 1, /* i1 contains the CAs */
+ GNUTLS_CINPUT_CRLS = 2, /* i1 contains the CRLs */
+ GNUTLS_CINPUT_TOFU_DB = 3, /* i1 contains the DB filename */
+ GNUTLS_CINPUT_KEYPAIR = 4, /* i1 contains the certificate, i2 the key
+ * or i1.pin_fn contains the pin function,
+ * and i2.udata the user pointer */
} gnutls_cinput_contents_t;
typedef struct gnutls_cinput_st {
- gnutls_cinput_type_t type;
- gnutls_cinput_contents_t contents;
- gnutls_x509_crt_fmt_t fmt; /* if applicable */
-
- union {
- gnutls_pin_callback_t pin_fn;
- const char* file;
- gnutls_datum_t mem;
- } i1;
-
- union {
- void* udata;
- const char* file;
- gnutls_datum_t mem;
- } i2;
-
- unsigned long future_pad[8];
+ gnutls_cinput_type_t type;
+ gnutls_cinput_contents_t contents;
+ gnutls_x509_crt_fmt_t fmt; /* if applicable */
+
+ union {
+ gnutls_pin_callback_t pin_fn;
+ const char *file;
+ gnutls_datum_t mem;
+ } i1;
+
+ union {
+ void *udata;
+ const char *file;
+ gnutls_datum_t mem;
+ } i2;
+
+ unsigned long future_pad[8];
} gnutls_cinput_st;
-int xssl_cred_init (xssl_cred_t *c, unsigned vflags,
- gnutls_cinput_st* aux,
- unsigned aux_size);
-void xssl_cred_deinit (xssl_cred_t cred);
+int xssl_cred_init(xssl_cred_t * c, unsigned vflags,
+ gnutls_cinput_st * aux, unsigned aux_size);
+void xssl_cred_deinit(xssl_cred_t cred);
-#endif /* GNUTLS_SBUF_H */
+#endif /* GNUTLS_SBUF_H */
diff --git a/lib/locks.c b/lib/locks.c
index 324aa29d14..a5f16e9e88 100644
--- a/lib/locks.c
+++ b/lib/locks.c
@@ -47,14 +47,15 @@
* Since: 2.12.0
**/
void
-gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit,
- mutex_lock_func lock, mutex_unlock_func unlock)
+gnutls_global_set_mutex(mutex_init_func init, mutex_deinit_func deinit,
+ mutex_lock_func lock, mutex_unlock_func unlock)
{
- if (init == NULL || deinit == NULL || lock == NULL || unlock == NULL)
- return;
+ if (init == NULL || deinit == NULL || lock == NULL
+ || unlock == NULL)
+ return;
- gnutls_mutex_init = init;
- gnutls_mutex_deinit = deinit;
- gnutls_mutex_lock = lock;
- gnutls_mutex_unlock = unlock;
+ gnutls_mutex_init = init;
+ gnutls_mutex_deinit = deinit;
+ gnutls_mutex_lock = lock;
+ gnutls_mutex_unlock = unlock;
}
diff --git a/lib/minitasn1/coding.c b/lib/minitasn1/coding.c
index 5361b3f068..8e71683d24 100644
--- a/lib/minitasn1/coding.c
+++ b/lib/minitasn1/coding.c
@@ -44,17 +44,19 @@
/* Return: */
/******************************************************/
static void
-_asn1_error_description_value_not_found (asn1_node node,
- char *ErrorDescription)
+_asn1_error_description_value_not_found(asn1_node node,
+ char *ErrorDescription)
{
- if (ErrorDescription == NULL)
- return;
+ if (ErrorDescription == NULL)
+ return;
- Estrcpy (ErrorDescription, ":: value of element '");
- _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription),
- ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
- Estrcat (ErrorDescription, "' not found");
+ Estrcpy(ErrorDescription, ":: value of element '");
+ _asn1_hierarchical_name(node,
+ ErrorDescription +
+ strlen(ErrorDescription),
+ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
+ Estrcat(ErrorDescription, "' not found");
}
@@ -71,38 +73,33 @@ _asn1_error_description_value_not_found (asn1_node node,
* To know the size of the DER encoding use a %NULL value for @der.
**/
void
-asn1_length_der (unsigned long int len, unsigned char *der, int *der_len)
+asn1_length_der(unsigned long int len, unsigned char *der, int *der_len)
{
- int k;
- unsigned char temp[ASN1_MAX_LENGTH_SIZE];
+ int k;
+ unsigned char temp[ASN1_MAX_LENGTH_SIZE];
#if SIZEOF_UNSIGNED_LONG_INT > 8
- len &= 0xFFFFFFFFFFFFFFFF;
+ len &= 0xFFFFFFFFFFFFFFFF;
#endif
- if (len < 128)
- {
- /* short form */
- if (der != NULL)
- der[0] = (unsigned char) len;
- *der_len = 1;
- }
- else
- {
- /* Long form */
- k = 0;
- while (len)
- {
- temp[k++] = len & 0xFF;
- len = len >> 8;
- }
- *der_len = k + 1;
- if (der != NULL)
- {
- der[0] = ((unsigned char) k & 0x7F) + 128;
- while (k--)
- der[*der_len - 1 - k] = temp[k];
+ if (len < 128) {
+ /* short form */
+ if (der != NULL)
+ der[0] = (unsigned char) len;
+ *der_len = 1;
+ } else {
+ /* Long form */
+ k = 0;
+ while (len) {
+ temp[k++] = len & 0xFF;
+ len = len >> 8;
+ }
+ *der_len = k + 1;
+ if (der != NULL) {
+ der[0] = ((unsigned char) k & 0x7F) + 128;
+ while (k--)
+ der[*der_len - 1 - k] = temp[k];
+ }
}
- }
}
/******************************************************/
@@ -119,36 +116,33 @@ asn1_length_der (unsigned long int len, unsigned char *der, int *der_len)
/* Return: */
/******************************************************/
static void
-_asn1_tag_der (unsigned char class, unsigned int tag_value,
- unsigned char *ans, int *ans_len)
+_asn1_tag_der(unsigned char class, unsigned int tag_value,
+ unsigned char *ans, int *ans_len)
{
- int k;
- unsigned char temp[ASN1_MAX_TAG_SIZE];
-
- if (tag_value < 31)
- {
- /* short form */
- ans[0] = (class & 0xE0) + ((unsigned char) (tag_value & 0x1F));
- *ans_len = 1;
- }
- else
- {
- /* Long form */
- ans[0] = (class & 0xE0) + 31;
- k = 0;
- while (tag_value != 0)
- {
- temp[k++] = tag_value & 0x7F;
- tag_value >>= 7;
-
- if (k > ASN1_MAX_TAG_SIZE-1)
- break; /* will not encode larger tags */
+ int k;
+ unsigned char temp[ASN1_MAX_TAG_SIZE];
+
+ if (tag_value < 31) {
+ /* short form */
+ ans[0] =
+ (class & 0xE0) + ((unsigned char) (tag_value & 0x1F));
+ *ans_len = 1;
+ } else {
+ /* Long form */
+ ans[0] = (class & 0xE0) + 31;
+ k = 0;
+ while (tag_value != 0) {
+ temp[k++] = tag_value & 0x7F;
+ tag_value >>= 7;
+
+ if (k > ASN1_MAX_TAG_SIZE - 1)
+ break; /* will not encode larger tags */
+ }
+ *ans_len = k + 1;
+ while (k--)
+ ans[*ans_len - 1 - k] = temp[k] + 128;
+ ans[*ans_len - 1] -= 128;
}
- *ans_len = k + 1;
- while (k--)
- ans[*ans_len - 1 - k] = temp[k] + 128;
- ans[*ans_len - 1] -= 128;
- }
}
/**
@@ -169,17 +163,17 @@ _asn1_tag_der (unsigned char class, unsigned int tag_value,
* asn1_length_der().
**/
void
-asn1_octet_der (const unsigned char *str, int str_len,
- unsigned char *der, int *der_len)
+asn1_octet_der(const unsigned char *str, int str_len,
+ unsigned char *der, int *der_len)
{
- int len_len;
+ int len_len;
- if (der == NULL || str_len < 0)
- return;
+ if (der == NULL || str_len < 0)
+ return;
- asn1_length_der (str_len, der, &len_len);
- memcpy (der + len_len, str, str_len);
- *der_len = str_len + len_len;
+ asn1_length_der(str_len, der, &len_len);
+ memcpy(der + len_len, str, str_len);
+ *der_len = str_len + len_len;
}
@@ -201,46 +195,47 @@ asn1_octet_der (const unsigned char *str, int str_len,
* Returns: %ASN1_SUCCESS if successful or an error value.
**/
int
-asn1_encode_simple_der (unsigned int etype, const unsigned char *str, unsigned int str_len,
- unsigned char *tl, unsigned int *tl_len)
+asn1_encode_simple_der(unsigned int etype, const unsigned char *str,
+ unsigned int str_len, unsigned char *tl,
+ unsigned int *tl_len)
{
- int tag_len, len_len;
- unsigned tlen;
- unsigned char der_tag[ASN1_MAX_TAG_SIZE];
- unsigned char der_length[ASN1_MAX_LENGTH_SIZE];
- unsigned char* p;
+ int tag_len, len_len;
+ unsigned tlen;
+ unsigned char der_tag[ASN1_MAX_TAG_SIZE];
+ unsigned char der_length[ASN1_MAX_LENGTH_SIZE];
+ unsigned char *p;
- if (str == NULL)
- return ASN1_VALUE_NOT_VALID;
+ if (str == NULL)
+ return ASN1_VALUE_NOT_VALID;
- if (ETYPE_OK(etype) == 0)
- return ASN1_VALUE_NOT_VALID;
+ if (ETYPE_OK(etype) == 0)
+ return ASN1_VALUE_NOT_VALID;
- /* doesn't handle constructed classes */
- if (ETYPE_CLASS(etype) != ASN1_CLASS_UNIVERSAL)
- return ASN1_VALUE_NOT_VALID;
+ /* doesn't handle constructed classes */
+ if (ETYPE_CLASS(etype) != ASN1_CLASS_UNIVERSAL)
+ return ASN1_VALUE_NOT_VALID;
- _asn1_tag_der (ETYPE_CLASS(etype), ETYPE_TAG(etype),
- der_tag, &tag_len);
+ _asn1_tag_der(ETYPE_CLASS(etype), ETYPE_TAG(etype),
+ der_tag, &tag_len);
- asn1_length_der(str_len, der_length, &len_len);
+ asn1_length_der(str_len, der_length, &len_len);
- if (tag_len <= 0 || len_len <= 0)
- return ASN1_VALUE_NOT_VALID;
-
- tlen = tag_len + len_len;
+ if (tag_len <= 0 || len_len <= 0)
+ return ASN1_VALUE_NOT_VALID;
- if (*tl_len < tlen)
- return ASN1_MEM_ERROR;
+ tlen = tag_len + len_len;
- p = tl;
- memcpy(p, der_tag, tag_len);
- p+=tag_len;
- memcpy(p, der_length, len_len);
-
- *tl_len = tlen;
+ if (*tl_len < tlen)
+ return ASN1_MEM_ERROR;
- return ASN1_SUCCESS;
+ p = tl;
+ memcpy(p, der_tag, tag_len);
+ p += tag_len;
+ memcpy(p, der_length, len_len);
+
+ *tl_len = tlen;
+
+ return ASN1_SUCCESS;
}
/******************************************************/
@@ -258,23 +253,24 @@ asn1_encode_simple_der (unsigned int etype, const unsigned char *str, unsigned i
/* ASN1_SUCCESS otherwise */
/******************************************************/
static int
-_asn1_time_der (unsigned char *str, int str_len, unsigned char *der, int *der_len)
+_asn1_time_der(unsigned char *str, int str_len, unsigned char *der,
+ int *der_len)
{
- int len_len;
- int max_len;
+ int len_len;
+ int max_len;
- max_len = *der_len;
+ max_len = *der_len;
- asn1_length_der (str_len, (max_len > 0) ? der : NULL, &len_len);
+ asn1_length_der(str_len, (max_len > 0) ? der : NULL, &len_len);
- if ((len_len + str_len) <= max_len)
- memcpy (der + len_len, str, str_len);
- *der_len = len_len + str_len;
+ if ((len_len + str_len) <= max_len)
+ memcpy(der + len_len, str, str_len);
+ *der_len = len_len + str_len;
- if ((*der_len) > max_len)
- return ASN1_MEM_ERROR;
+ if ((*der_len) > max_len)
+ return ASN1_MEM_ERROR;
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -329,80 +325,73 @@ _asn1_get_utctime_der(unsigned char *der,int *der_len,unsigned char *str)
/* ASN1_SUCCESS otherwise */
/******************************************************/
static int
-_asn1_objectid_der (unsigned char *str, unsigned char *der, int *der_len)
+_asn1_objectid_der(unsigned char *str, unsigned char *der, int *der_len)
{
- int len_len, counter, k, first, max_len;
- char *temp, *n_end, *n_start;
- unsigned char bit7;
- unsigned long val, val1 = 0;
- int str_len = _asn1_strlen (str);
-
- max_len = *der_len;
-
- temp = malloc (str_len + 2);
- if (temp == NULL)
- return ASN1_MEM_ALLOC_ERROR;
-
- memcpy (temp, str, str_len);
- temp[str_len] = '.';
- temp[str_len + 1] = 0;
-
- counter = 0;
- n_start = temp;
- while ((n_end = strchr (n_start, '.')))
- {
- *n_end = 0;
- val = strtoul (n_start, NULL, 10);
- counter++;
-
- if (counter == 1)
- val1 = val;
- else if (counter == 2)
- {
- if (max_len > 0)
- der[0] = 40 * val1 + val;
- *der_len = 1;
- }
- else
- {
- first = 0;
- for (k = 4; k >= 0; k--)
- {
- bit7 = (val >> (k * 7)) & 0x7F;
- if (bit7 || first || !k)
- {
- if (k)
- bit7 |= 0x80;
- if (max_len > (*der_len))
- der[*der_len] = bit7;
- (*der_len)++;
- first = 1;
- }
- }
+ int len_len, counter, k, first, max_len;
+ char *temp, *n_end, *n_start;
+ unsigned char bit7;
+ unsigned long val, val1 = 0;
+ int str_len = _asn1_strlen(str);
+
+ max_len = *der_len;
+
+ temp = malloc(str_len + 2);
+ if (temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ memcpy(temp, str, str_len);
+ temp[str_len] = '.';
+ temp[str_len + 1] = 0;
+
+ counter = 0;
+ n_start = temp;
+ while ((n_end = strchr(n_start, '.'))) {
+ *n_end = 0;
+ val = strtoul(n_start, NULL, 10);
+ counter++;
+
+ if (counter == 1)
+ val1 = val;
+ else if (counter == 2) {
+ if (max_len > 0)
+ der[0] = 40 * val1 + val;
+ *der_len = 1;
+ } else {
+ first = 0;
+ for (k = 4; k >= 0; k--) {
+ bit7 = (val >> (k * 7)) & 0x7F;
+ if (bit7 || first || !k) {
+ if (k)
+ bit7 |= 0x80;
+ if (max_len > (*der_len))
+ der[*der_len] = bit7;
+ (*der_len)++;
+ first = 1;
+ }
+ }
+ }
+ n_start = n_end + 1;
}
- n_start = n_end + 1;
- }
- asn1_length_der (*der_len, NULL, &len_len);
- if (max_len >= (*der_len + len_len))
- {
- memmove (der + len_len, der, *der_len);
- asn1_length_der (*der_len, der, &len_len);
- }
- *der_len += len_len;
+ asn1_length_der(*der_len, NULL, &len_len);
+ if (max_len >= (*der_len + len_len)) {
+ memmove(der + len_len, der, *der_len);
+ asn1_length_der(*der_len, der, &len_len);
+ }
+ *der_len += len_len;
- free (temp);
+ free(temp);
- if (max_len < (*der_len))
- return ASN1_MEM_ERROR;
+ if (max_len < (*der_len))
+ return ASN1_MEM_ERROR;
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
static const unsigned char bit_mask[] =
- { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 };
+ { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 };
/**
* asn1_bit_der:
@@ -424,25 +413,25 @@ static const unsigned char bit_mask[] =
* asn1_length_der().
**/
void
-asn1_bit_der (const unsigned char *str, int bit_len,
- unsigned char *der, int *der_len)
+asn1_bit_der(const unsigned char *str, int bit_len,
+ unsigned char *der, int *der_len)
{
- int len_len, len_byte, len_pad;
+ int len_len, len_byte, len_pad;
- if (der == NULL)
- return;
+ if (der == NULL)
+ return;
- len_byte = bit_len >> 3;
- len_pad = 8 - (bit_len & 7);
- if (len_pad == 8)
- len_pad = 0;
- else
- len_byte++;
- asn1_length_der (len_byte + 1, der, &len_len);
- der[len_len] = len_pad;
- memcpy (der + len_len + 1, str, len_byte);
- der[len_len + len_byte] &= bit_mask[len_pad];
- *der_len = len_byte + len_len + 1;
+ len_byte = bit_len >> 3;
+ len_pad = 8 - (bit_len & 7);
+ if (len_pad == 8)
+ len_pad = 0;
+ else
+ len_byte++;
+ asn1_length_der(len_byte + 1, der, &len_len);
+ der[len_len] = len_pad;
+ memcpy(der + len_len + 1, str, len_byte);
+ der[len_len + len_byte] &= bit_mask[len_pad];
+ *der_len = len_byte + len_len + 1;
}
@@ -461,89 +450,117 @@ asn1_bit_der (const unsigned char *str, int bit_len,
/* otherwise ASN1_SUCCESS. */
/******************************************************/
static int
-_asn1_complete_explicit_tag (asn1_node node, unsigned char *der,
- int *counter, int *max_len)
+_asn1_complete_explicit_tag(asn1_node node, unsigned char *der,
+ int *counter, int *max_len)
{
- asn1_node p;
- int is_tag_implicit, len2, len3;
- unsigned char temp[SIZEOF_UNSIGNED_INT];
-
- is_tag_implicit = 0;
-
- if (node->type & CONST_TAG)
- {
- p = node->down;
- /* When there are nested tags we must complete them reverse to
- the order they were created. This is because completing a tag
- modifies all data within it, including the incomplete tags
- which store buffer positions -- simon@josefsson.org 2002-09-06
- */
- while (p->right)
- p = p->right;
- while (p && p != node->down->left)
- {
- if (type_field (p->type) == ASN1_ETYPE_TAG)
- {
- if (p->type & CONST_EXPLICIT)
- {
- len2 = strtol (p->name, NULL, 10);
- _asn1_set_name (p, NULL);
- asn1_length_der (*counter - len2, temp, &len3);
- if (len3 <= (*max_len))
- {
- memmove (der + len2 + len3, der + len2,
- *counter - len2);
- memcpy (der + len2, temp, len3);
- }
- *max_len -= len3;
- *counter += len3;
- is_tag_implicit = 0;
- }
- else
- { /* CONST_IMPLICIT */
- if (!is_tag_implicit)
- {
- is_tag_implicit = 1;
- }
+ asn1_node p;
+ int is_tag_implicit, len2, len3;
+ unsigned char temp[SIZEOF_UNSIGNED_INT];
+
+ is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG) {
+ p = node->down;
+ /* When there are nested tags we must complete them reverse to
+ the order they were created. This is because completing a tag
+ modifies all data within it, including the incomplete tags
+ which store buffer positions -- simon@josefsson.org 2002-09-06
+ */
+ while (p->right)
+ p = p->right;
+ while (p && p != node->down->left) {
+ if (type_field(p->type) == ASN1_ETYPE_TAG) {
+ if (p->type & CONST_EXPLICIT) {
+ len2 = strtol(p->name, NULL, 10);
+ _asn1_set_name(p, NULL);
+ asn1_length_der(*counter - len2,
+ temp, &len3);
+ if (len3 <= (*max_len)) {
+ memmove(der + len2 + len3,
+ der + len2,
+ *counter - len2);
+ memcpy(der + len2, temp,
+ len3);
+ }
+ *max_len -= len3;
+ *counter += len3;
+ is_tag_implicit = 0;
+ } else { /* CONST_IMPLICIT */
+ if (!is_tag_implicit) {
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->left;
}
- }
- p = p->left;
}
- }
- if (*max_len < 0)
- return ASN1_MEM_ERROR;
+ if (*max_len < 0)
+ return ASN1_MEM_ERROR;
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
-const tag_and_class_st _asn1_tags[] =
-{
- [ASN1_ETYPE_GENERALSTRING] = {ASN1_TAG_GENERALSTRING, ASN1_CLASS_UNIVERSAL, "type:GENERALSTRING"},
- [ASN1_ETYPE_NUMERIC_STRING] = {ASN1_TAG_NUMERIC_STRING, ASN1_CLASS_UNIVERSAL, "type:NUMERIC_STR"},
- [ASN1_ETYPE_IA5_STRING] = {ASN1_TAG_IA5_STRING, ASN1_CLASS_UNIVERSAL, "type:IA5_STR"},
- [ASN1_ETYPE_TELETEX_STRING] = {ASN1_TAG_TELETEX_STRING, ASN1_CLASS_UNIVERSAL, "type:TELETEX_STR"},
- [ASN1_ETYPE_PRINTABLE_STRING] = {ASN1_TAG_PRINTABLE_STRING, ASN1_CLASS_UNIVERSAL, "type:PRINTABLE_STR"},
- [ASN1_ETYPE_UNIVERSAL_STRING] = {ASN1_TAG_UNIVERSAL_STRING, ASN1_CLASS_UNIVERSAL, "type:UNIVERSAL_STR"},
- [ASN1_ETYPE_BMP_STRING] = {ASN1_TAG_BMP_STRING, ASN1_CLASS_UNIVERSAL, "type:BMP_STR"},
- [ASN1_ETYPE_UTF8_STRING] = {ASN1_TAG_UTF8_STRING, ASN1_CLASS_UNIVERSAL, "type:UTF8_STR"},
- [ASN1_ETYPE_VISIBLE_STRING] = {ASN1_TAG_VISIBLE_STRING, ASN1_CLASS_UNIVERSAL, "type:VISIBLE_STR"},
- [ASN1_ETYPE_OCTET_STRING] = {ASN1_TAG_OCTET_STRING, ASN1_CLASS_UNIVERSAL, "type:OCT_STR"},
- [ASN1_ETYPE_BIT_STRING] = {ASN1_TAG_BIT_STRING, ASN1_CLASS_UNIVERSAL, "type:BIT_STR"},
- [ASN1_ETYPE_OBJECT_ID] = {ASN1_TAG_OBJECT_ID, ASN1_CLASS_UNIVERSAL, "type:OBJ_ID"},
- [ASN1_ETYPE_NULL] = {ASN1_TAG_NULL, ASN1_CLASS_UNIVERSAL, "type:NULL"},
- [ASN1_ETYPE_BOOLEAN] = {ASN1_TAG_BOOLEAN, ASN1_CLASS_UNIVERSAL, "type:BOOLEAN"},
- [ASN1_ETYPE_INTEGER] = {ASN1_TAG_INTEGER, ASN1_CLASS_UNIVERSAL, "type:INTEGER"},
- [ASN1_ETYPE_ENUMERATED] = {ASN1_TAG_ENUMERATED, ASN1_CLASS_UNIVERSAL, "type:ENUMERATED"},
- [ASN1_ETYPE_SEQUENCE] = {ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SEQUENCE"},
- [ASN1_ETYPE_SEQUENCE_OF] ={ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SEQ_OF"},
- [ASN1_ETYPE_SET] = {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SET"},
- [ASN1_ETYPE_SET_OF] = {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SET_OF"},
- [ASN1_ETYPE_GENERALIZED_TIME] = {ASN1_TAG_GENERALIZEDTime, ASN1_CLASS_UNIVERSAL, "type:GENERALIZED_TIME"},
- [ASN1_ETYPE_UTC_TIME] = {ASN1_TAG_UTCTime, ASN1_CLASS_UNIVERSAL, "type:UTC_TIME"},
+const tag_and_class_st _asn1_tags[] = {
+ [ASN1_ETYPE_GENERALSTRING] =
+ {ASN1_TAG_GENERALSTRING, ASN1_CLASS_UNIVERSAL,
+ "type:GENERALSTRING"},
+ [ASN1_ETYPE_NUMERIC_STRING] =
+ {ASN1_TAG_NUMERIC_STRING, ASN1_CLASS_UNIVERSAL,
+ "type:NUMERIC_STR"},
+ [ASN1_ETYPE_IA5_STRING] =
+ {ASN1_TAG_IA5_STRING, ASN1_CLASS_UNIVERSAL, "type:IA5_STR"},
+ [ASN1_ETYPE_TELETEX_STRING] =
+ {ASN1_TAG_TELETEX_STRING, ASN1_CLASS_UNIVERSAL,
+ "type:TELETEX_STR"},
+ [ASN1_ETYPE_PRINTABLE_STRING] =
+ {ASN1_TAG_PRINTABLE_STRING, ASN1_CLASS_UNIVERSAL,
+ "type:PRINTABLE_STR"},
+ [ASN1_ETYPE_UNIVERSAL_STRING] =
+ {ASN1_TAG_UNIVERSAL_STRING, ASN1_CLASS_UNIVERSAL,
+ "type:UNIVERSAL_STR"},
+ [ASN1_ETYPE_BMP_STRING] =
+ {ASN1_TAG_BMP_STRING, ASN1_CLASS_UNIVERSAL, "type:BMP_STR"},
+ [ASN1_ETYPE_UTF8_STRING] =
+ {ASN1_TAG_UTF8_STRING, ASN1_CLASS_UNIVERSAL, "type:UTF8_STR"},
+ [ASN1_ETYPE_VISIBLE_STRING] =
+ {ASN1_TAG_VISIBLE_STRING, ASN1_CLASS_UNIVERSAL,
+ "type:VISIBLE_STR"},
+ [ASN1_ETYPE_OCTET_STRING] =
+ {ASN1_TAG_OCTET_STRING, ASN1_CLASS_UNIVERSAL, "type:OCT_STR"},
+ [ASN1_ETYPE_BIT_STRING] =
+ {ASN1_TAG_BIT_STRING, ASN1_CLASS_UNIVERSAL, "type:BIT_STR"},
+ [ASN1_ETYPE_OBJECT_ID] =
+ {ASN1_TAG_OBJECT_ID, ASN1_CLASS_UNIVERSAL, "type:OBJ_ID"},
+ [ASN1_ETYPE_NULL] =
+ {ASN1_TAG_NULL, ASN1_CLASS_UNIVERSAL, "type:NULL"},
+ [ASN1_ETYPE_BOOLEAN] =
+ {ASN1_TAG_BOOLEAN, ASN1_CLASS_UNIVERSAL, "type:BOOLEAN"},
+ [ASN1_ETYPE_INTEGER] =
+ {ASN1_TAG_INTEGER, ASN1_CLASS_UNIVERSAL, "type:INTEGER"},
+ [ASN1_ETYPE_ENUMERATED] =
+ {ASN1_TAG_ENUMERATED, ASN1_CLASS_UNIVERSAL, "type:ENUMERATED"},
+ [ASN1_ETYPE_SEQUENCE] =
+ {ASN1_TAG_SEQUENCE,
+ ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ "type:SEQUENCE"},
+ [ASN1_ETYPE_SEQUENCE_OF] =
+ {ASN1_TAG_SEQUENCE,
+ ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SEQ_OF"},
+ [ASN1_ETYPE_SET] =
+ {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ "type:SET"},
+ [ASN1_ETYPE_SET_OF] =
+ {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ "type:SET_OF"},
+ [ASN1_ETYPE_GENERALIZED_TIME] =
+ {ASN1_TAG_GENERALIZEDTime, ASN1_CLASS_UNIVERSAL,
+ "type:GENERALIZED_TIME"},
+ [ASN1_ETYPE_UTC_TIME] =
+ {ASN1_TAG_UTCTime, ASN1_CLASS_UNIVERSAL, "type:UTC_TIME"},
};
-unsigned int _asn1_tags_size = sizeof(_asn1_tags)/sizeof(_asn1_tags[0]);
+unsigned int _asn1_tags_size = sizeof(_asn1_tags) / sizeof(_asn1_tags[0]);
/******************************************************/
/* Function : _asn1_insert_tag_der */
@@ -561,104 +578,120 @@ unsigned int _asn1_tags_size = sizeof(_asn1_tags)/sizeof(_asn1_tags[0]);
/* otherwise ASN1_SUCCESS. */
/******************************************************/
static int
-_asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter,
- int *max_len)
+_asn1_insert_tag_der(asn1_node node, unsigned char *der, int *counter,
+ int *max_len)
{
- asn1_node p;
- int tag_len, is_tag_implicit;
- unsigned char class, class_implicit = 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1];
- unsigned long tag_implicit = 0;
- unsigned char tag_der[MAX_TAG_LEN];
-
- is_tag_implicit = 0;
-
- if (node->type & CONST_TAG)
- {
- p = node->down;
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_TAG)
- {
- if (p->type & CONST_APPLICATION)
- class = ASN1_CLASS_APPLICATION;
- else if (p->type & CONST_UNIVERSAL)
- class = ASN1_CLASS_UNIVERSAL;
- else if (p->type & CONST_PRIVATE)
- class = ASN1_CLASS_PRIVATE;
- else
- class = ASN1_CLASS_CONTEXT_SPECIFIC;
-
- if (p->type & CONST_EXPLICIT)
- {
- if (is_tag_implicit)
- _asn1_tag_der (class_implicit, tag_implicit, tag_der,
- &tag_len);
- else
- _asn1_tag_der (class | ASN1_CLASS_STRUCTURED,
- _asn1_strtoul (p->value, NULL, 10),
- tag_der, &tag_len);
-
- *max_len -= tag_len;
- if (*max_len >= 0)
- memcpy (der + *counter, tag_der, tag_len);
- *counter += tag_len;
-
- _asn1_ltostr (*counter, (char *) temp);
- _asn1_set_name (p, (const char *) temp);
-
- is_tag_implicit = 0;
- }
- else
- { /* CONST_IMPLICIT */
- if (!is_tag_implicit)
- {
- if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) ||
- (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF) ||
- (type_field (node->type) == ASN1_ETYPE_SET) ||
- (type_field (node->type) == ASN1_ETYPE_SET_OF))
- class |= ASN1_CLASS_STRUCTURED;
- class_implicit = class;
- tag_implicit = _asn1_strtoul (p->value, NULL, 10);
- is_tag_implicit = 1;
- }
+ asn1_node p;
+ int tag_len, is_tag_implicit;
+ unsigned char class, class_implicit =
+ 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1];
+ unsigned long tag_implicit = 0;
+ unsigned char tag_der[MAX_TAG_LEN];
+
+ is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG) {
+ p = node->down;
+ while (p) {
+ if (type_field(p->type) == ASN1_ETYPE_TAG) {
+ if (p->type & CONST_APPLICATION)
+ class = ASN1_CLASS_APPLICATION;
+ else if (p->type & CONST_UNIVERSAL)
+ class = ASN1_CLASS_UNIVERSAL;
+ else if (p->type & CONST_PRIVATE)
+ class = ASN1_CLASS_PRIVATE;
+ else
+ class =
+ ASN1_CLASS_CONTEXT_SPECIFIC;
+
+ if (p->type & CONST_EXPLICIT) {
+ if (is_tag_implicit)
+ _asn1_tag_der
+ (class_implicit,
+ tag_implicit, tag_der,
+ &tag_len);
+ else
+ _asn1_tag_der(class |
+ ASN1_CLASS_STRUCTURED,
+ _asn1_strtoul
+ (p->value,
+ NULL, 10),
+ tag_der,
+ &tag_len);
+
+ *max_len -= tag_len;
+ if (*max_len >= 0)
+ memcpy(der + *counter,
+ tag_der, tag_len);
+ *counter += tag_len;
+
+ _asn1_ltostr(*counter,
+ (char *) temp);
+ _asn1_set_name(p,
+ (const char *)
+ temp);
+
+ is_tag_implicit = 0;
+ } else { /* CONST_IMPLICIT */
+ if (!is_tag_implicit) {
+ if ((type_field(node->type)
+ ==
+ ASN1_ETYPE_SEQUENCE)
+ ||
+ (type_field(node->type)
+ ==
+ ASN1_ETYPE_SEQUENCE_OF)
+ ||
+ (type_field(node->type)
+ == ASN1_ETYPE_SET)
+ ||
+ (type_field(node->type)
+ == ASN1_ETYPE_SET_OF))
+ class |=
+ ASN1_CLASS_STRUCTURED;
+ class_implicit = class;
+ tag_implicit =
+ _asn1_strtoul(p->value,
+ NULL,
+ 10);
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->right;
}
- }
- p = p->right;
}
- }
-
- if (is_tag_implicit)
- {
- _asn1_tag_der (class_implicit, tag_implicit, tag_der, &tag_len);
- }
- else
- {
- unsigned type = type_field (node->type);
- switch (type)
- {
- CASE_HANDLED_ETYPES:
- _asn1_tag_der (_asn1_tags[type].class, _asn1_tags[type].tag,
- tag_der, &tag_len);
- break;
- case ASN1_ETYPE_TAG:
- case ASN1_ETYPE_CHOICE:
- case ASN1_ETYPE_ANY:
- tag_len = 0;
- break;
- default:
- return ASN1_GENERIC_ERROR;
+
+ if (is_tag_implicit) {
+ _asn1_tag_der(class_implicit, tag_implicit, tag_der,
+ &tag_len);
+ } else {
+ unsigned type = type_field(node->type);
+ switch (type) {
+ CASE_HANDLED_ETYPES:
+ _asn1_tag_der(_asn1_tags[type].class,
+ _asn1_tags[type].tag, tag_der,
+ &tag_len);
+ break;
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_CHOICE:
+ case ASN1_ETYPE_ANY:
+ tag_len = 0;
+ break;
+ default:
+ return ASN1_GENERIC_ERROR;
+ }
}
- }
- *max_len -= tag_len;
- if (*max_len >= 0)
- memcpy (der + *counter, tag_der, tag_len);
- *counter += tag_len;
+ *max_len -= tag_len;
+ if (*max_len >= 0)
+ memcpy(der + *counter, tag_der, tag_len);
+ *counter += tag_len;
- if (*max_len < 0)
- return ASN1_MEM_ERROR;
+ if (*max_len < 0)
+ return ASN1_MEM_ERROR;
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
/******************************************************/
@@ -671,108 +704,108 @@ _asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter,
/* Return: */
/******************************************************/
static void
-_asn1_ordering_set (unsigned char *der, int der_len, asn1_node node)
+_asn1_ordering_set(unsigned char *der, int der_len, asn1_node node)
{
- struct vet
- {
- int end;
- unsigned long value;
- struct vet *next, *prev;
- };
-
- int counter, len, len2;
- struct vet *first, *last, *p_vet, *p2_vet;
- asn1_node p;
- unsigned char class, *temp;
- unsigned long tag;
-
- counter = 0;
-
- if (type_field (node->type) != ASN1_ETYPE_SET)
- return;
+ struct vet {
+ int end;
+ unsigned long value;
+ struct vet *next, *prev;
+ };
- p = node->down;
- while ((type_field (p->type) == ASN1_ETYPE_TAG)
- || (type_field (p->type) == ASN1_ETYPE_SIZE))
- p = p->right;
+ int counter, len, len2;
+ struct vet *first, *last, *p_vet, *p2_vet;
+ asn1_node p;
+ unsigned char class, *temp;
+ unsigned long tag;
- if ((p == NULL) || (p->right == NULL))
- return;
+ counter = 0;
- first = last = NULL;
- while (p)
- {
- p_vet = malloc (sizeof (struct vet));
- if (p_vet == NULL)
- return;
-
- p_vet->next = NULL;
- p_vet->prev = last;
- if (first == NULL)
- first = p_vet;
- else
- last->next = p_vet;
- last = p_vet;
-
- /* tag value calculation */
- if (asn1_get_tag_der
- (der + counter, der_len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return;
- p_vet->value = (class << 24) | tag;
- counter += len2;
-
- /* extraction and length */
- len2 = asn1_get_length_der (der + counter, der_len - counter, &len);
- if (len2 < 0)
- return;
- counter += len + len2;
-
- p_vet->end = counter;
- p = p->right;
- }
-
- p_vet = first;
-
- while (p_vet)
- {
- p2_vet = p_vet->next;
- counter = 0;
- while (p2_vet)
- {
- if (p_vet->value > p2_vet->value)
- {
- /* change position */
- temp = malloc (p_vet->end - counter);
- if (temp == NULL)
+ if (type_field(node->type) != ASN1_ETYPE_SET)
return;
- memcpy (temp, der + counter, p_vet->end - counter);
- memcpy (der + counter, der + p_vet->end,
- p2_vet->end - p_vet->end);
- memcpy (der + counter + p2_vet->end - p_vet->end, temp,
- p_vet->end - counter);
- free (temp);
-
- tag = p_vet->value;
- p_vet->value = p2_vet->value;
- p2_vet->value = tag;
+ p = node->down;
+ while ((type_field(p->type) == ASN1_ETYPE_TAG)
+ || (type_field(p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
- p_vet->end = counter + (p2_vet->end - p_vet->end);
- }
- counter = p_vet->end;
+ if ((p == NULL) || (p->right == NULL))
+ return;
- p2_vet = p2_vet->next;
- p_vet = p_vet->next;
+ first = last = NULL;
+ while (p) {
+ p_vet = malloc(sizeof(struct vet));
+ if (p_vet == NULL)
+ return;
+
+ p_vet->next = NULL;
+ p_vet->prev = last;
+ if (first == NULL)
+ first = p_vet;
+ else
+ last->next = p_vet;
+ last = p_vet;
+
+ /* tag value calculation */
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return;
+ p_vet->value = (class << 24) | tag;
+ counter += len2;
+
+ /* extraction and length */
+ len2 =
+ asn1_get_length_der(der + counter, der_len - counter,
+ &len);
+ if (len2 < 0)
+ return;
+ counter += len + len2;
+
+ p_vet->end = counter;
+ p = p->right;
}
- if (p_vet != first)
- p_vet->prev->next = NULL;
- else
- first = NULL;
- free (p_vet);
- p_vet = first;
- }
+ p_vet = first;
+
+ while (p_vet) {
+ p2_vet = p_vet->next;
+ counter = 0;
+ while (p2_vet) {
+ if (p_vet->value > p2_vet->value) {
+ /* change position */
+ temp = malloc(p_vet->end - counter);
+ if (temp == NULL)
+ return;
+
+ memcpy(temp, der + counter,
+ p_vet->end - counter);
+ memcpy(der + counter, der + p_vet->end,
+ p2_vet->end - p_vet->end);
+ memcpy(der + counter + p2_vet->end -
+ p_vet->end, temp,
+ p_vet->end - counter);
+ free(temp);
+
+ tag = p_vet->value;
+ p_vet->value = p2_vet->value;
+ p2_vet->value = tag;
+
+ p_vet->end =
+ counter + (p2_vet->end - p_vet->end);
+ }
+ counter = p_vet->end;
+
+ p2_vet = p2_vet->next;
+ p_vet = p_vet->next;
+ }
+
+ if (p_vet != first)
+ p_vet->prev->next = NULL;
+ else
+ first = NULL;
+ free(p_vet);
+ p_vet = first;
+ }
}
/******************************************************/
@@ -785,128 +818,127 @@ _asn1_ordering_set (unsigned char *der, int der_len, asn1_node node)
/* Return: */
/******************************************************/
static void
-_asn1_ordering_set_of (unsigned char *der, int der_len, asn1_node node)
+_asn1_ordering_set_of(unsigned char *der, int der_len, asn1_node node)
{
- struct vet
- {
- int end;
- struct vet *next, *prev;
- };
+ struct vet {
+ int end;
+ struct vet *next, *prev;
+ };
- int counter, len, len2, change;
- struct vet *first, *last, *p_vet, *p2_vet;
- asn1_node p;
- unsigned char *temp, class;
- unsigned long k, max;
+ int counter, len, len2, change;
+ struct vet *first, *last, *p_vet, *p2_vet;
+ asn1_node p;
+ unsigned char *temp, class;
+ unsigned long k, max;
- counter = 0;
+ counter = 0;
- if (type_field (node->type) != ASN1_ETYPE_SET_OF)
- return;
-
- p = node->down;
- while ((type_field (p->type) == ASN1_ETYPE_TAG)
- || (type_field (p->type) == ASN1_ETYPE_SIZE))
- p = p->right;
- p = p->right;
-
- if ((p == NULL) || (p->right == NULL))
- return;
+ if (type_field(node->type) != ASN1_ETYPE_SET_OF)
+ return;
- first = last = NULL;
- while (p)
- {
- p_vet = malloc (sizeof (struct vet));
- if (p_vet == NULL)
- return;
-
- p_vet->next = NULL;
- p_vet->prev = last;
- if (first == NULL)
- first = p_vet;
- else
- last->next = p_vet;
- last = p_vet;
-
- /* extraction of tag and length */
- if (der_len - counter > 0)
- {
-
- if (asn1_get_tag_der
- (der + counter, der_len - counter, &class, &len,
- NULL) != ASN1_SUCCESS)
- return;
- counter += len;
-
- len2 = asn1_get_length_der (der + counter, der_len - counter, &len);
- if (len2 < 0)
- return;
- counter += len + len2;
- }
+ p = node->down;
+ while ((type_field(p->type) == ASN1_ETYPE_TAG)
+ || (type_field(p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
+ p = p->right;
- p_vet->end = counter;
- p = p->right;
- }
-
- p_vet = first;
-
- while (p_vet)
- {
- p2_vet = p_vet->next;
- counter = 0;
- while (p2_vet)
- {
- if ((p_vet->end - counter) > (p2_vet->end - p_vet->end))
- max = p_vet->end - counter;
- else
- max = p2_vet->end - p_vet->end;
-
- change = -1;
- for (k = 0; k < max; k++)
- if (der[counter + k] > der[p_vet->end + k])
- {
- change = 1;
- break;
- }
- else if (der[counter + k] < der[p_vet->end + k])
- {
- change = 0;
- break;
- }
-
- if ((change == -1)
- && ((p_vet->end - counter) > (p2_vet->end - p_vet->end)))
- change = 1;
-
- if (change == 1)
- {
- /* change position */
- temp = malloc (p_vet->end - counter);
- if (temp == NULL)
+ if ((p == NULL) || (p->right == NULL))
return;
- memcpy (temp, der + counter, (p_vet->end) - counter);
- memcpy (der + counter, der + (p_vet->end),
- (p2_vet->end) - (p_vet->end));
- memcpy (der + counter + (p2_vet->end) - (p_vet->end), temp,
- (p_vet->end) - counter);
- free (temp);
-
- p_vet->end = counter + (p2_vet->end - p_vet->end);
- }
- counter = p_vet->end;
+ first = last = NULL;
+ while (p) {
+ p_vet = malloc(sizeof(struct vet));
+ if (p_vet == NULL)
+ return;
+
+ p_vet->next = NULL;
+ p_vet->prev = last;
+ if (first == NULL)
+ first = p_vet;
+ else
+ last->next = p_vet;
+ last = p_vet;
+
+ /* extraction of tag and length */
+ if (der_len - counter > 0) {
+
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class,
+ &len, NULL) != ASN1_SUCCESS)
+ return;
+ counter += len;
+
+ len2 =
+ asn1_get_length_der(der + counter,
+ der_len - counter, &len);
+ if (len2 < 0)
+ return;
+ counter += len + len2;
+ }
- p2_vet = p2_vet->next;
- p_vet = p_vet->next;
+ p_vet->end = counter;
+ p = p->right;
}
- if (p_vet != first)
- p_vet->prev->next = NULL;
- else
- first = NULL;
- free (p_vet);
- p_vet = first;
- }
+ p_vet = first;
+
+ while (p_vet) {
+ p2_vet = p_vet->next;
+ counter = 0;
+ while (p2_vet) {
+ if ((p_vet->end - counter) >
+ (p2_vet->end - p_vet->end))
+ max = p_vet->end - counter;
+ else
+ max = p2_vet->end - p_vet->end;
+
+ change = -1;
+ for (k = 0; k < max; k++)
+ if (der[counter + k] > der[p_vet->end + k]) {
+ change = 1;
+ break;
+ } else if (der[counter + k] <
+ der[p_vet->end + k]) {
+ change = 0;
+ break;
+ }
+
+ if ((change == -1)
+ && ((p_vet->end - counter) >
+ (p2_vet->end - p_vet->end)))
+ change = 1;
+
+ if (change == 1) {
+ /* change position */
+ temp = malloc(p_vet->end - counter);
+ if (temp == NULL)
+ return;
+
+ memcpy(temp, der + counter,
+ (p_vet->end) - counter);
+ memcpy(der + counter, der + (p_vet->end),
+ (p2_vet->end) - (p_vet->end));
+ memcpy(der + counter + (p2_vet->end) -
+ (p_vet->end), temp,
+ (p_vet->end) - counter);
+ free(temp);
+
+ p_vet->end =
+ counter + (p2_vet->end - p_vet->end);
+ }
+ counter = p_vet->end;
+
+ p2_vet = p2_vet->next;
+ p_vet = p_vet->next;
+ }
+
+ if (p_vet != first)
+ p_vet->prev->next = NULL;
+ else
+ first = NULL;
+ free(p_vet);
+ p_vet = first;
+ }
}
/**
@@ -931,332 +963,334 @@ _asn1_ordering_set_of (unsigned char *der, int der_len, asn1_node node)
* length needed.
**/
int
-asn1_der_coding (asn1_node element, const char *name, void *ider, int *len,
- char *ErrorDescription)
+asn1_der_coding(asn1_node element, const char *name, void *ider, int *len,
+ char *ErrorDescription)
{
- asn1_node node, p, p2;
- unsigned char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1];
- int counter, counter_old, len2, len3, tlen, move, max_len, max_len_old;
- int err;
- unsigned char *der = ider;
-
- node = asn1_find_node (element, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- /* Node is now a locally allocated variable.
- * That is because in some point we modify the
- * structure, and I don't know why! --nmav
- */
- node = _asn1_copy_structure3 (node);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- max_len = *len;
-
- counter = 0;
- move = DOWN;
- p = node;
- while (1)
- {
-
- counter_old = counter;
- max_len_old = max_len;
- if (move != UP)
- {
- err = _asn1_insert_tag_der (p, der, &counter, &max_len);
- if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
- goto error;
- }
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_NULL:
- max_len--;
- if (max_len >= 0)
- der[counter] = 0;
- counter++;
- move = RIGHT;
- break;
- case ASN1_ETYPE_BOOLEAN:
- if ((p->type & CONST_DEFAULT) && (p->value == NULL))
- {
- counter = counter_old;
- max_len = max_len_old;
- }
- else
- {
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p,
- ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
- }
- max_len -= 2;
- if (max_len >= 0)
- {
- der[counter++] = 1;
- if (p->value[0] == 'F')
- der[counter++] = 0;
- else
- der[counter++] = 0xFF;
+ asn1_node node, p, p2;
+ unsigned char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1];
+ int counter, counter_old, len2, len3, tlen, move, max_len,
+ max_len_old;
+ int err;
+ unsigned char *der = ider;
+
+ node = asn1_find_node(element, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ /* Node is now a locally allocated variable.
+ * That is because in some point we modify the
+ * structure, and I don't know why! --nmav
+ */
+ node = _asn1_copy_structure3(node);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ max_len = *len;
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1) {
+
+ counter_old = counter;
+ max_len_old = max_len;
+ if (move != UP) {
+ err =
+ _asn1_insert_tag_der(p, der, &counter,
+ &max_len);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
}
- else
- counter += 2;
- }
- move = RIGHT;
- break;
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- if ((p->type & CONST_DEFAULT) && (p->value == NULL))
- {
- counter = counter_old;
- max_len = max_len_old;
- }
- else
- {
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p,
- ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_NULL:
+ max_len--;
+ if (max_len >= 0)
+ der[counter] = 0;
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if ((p->type & CONST_DEFAULT)
+ && (p->value == NULL)) {
+ counter = counter_old;
+ max_len = max_len_old;
+ } else {
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found
+ (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ max_len -= 2;
+ if (max_len >= 0) {
+ der[counter++] = 1;
+ if (p->value[0] == 'F')
+ der[counter++] = 0;
+ else
+ der[counter++] = 0xFF;
+ } else
+ counter += 2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ if ((p->type & CONST_DEFAULT)
+ && (p->value == NULL)) {
+ counter = counter_old;
+ max_len = max_len_old;
+ } else {
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found
+ (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 =
+ asn1_get_length_der(p->value,
+ p->value_len,
+ &len3);
+ if (len2 < 0) {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2 + len3;
+ if (max_len >= 0)
+ memcpy(der + counter, p->value,
+ len3 + len2);
+ counter += len3 + len2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if ((p->type & CONST_DEFAULT)
+ && (p->value == NULL)) {
+ counter = counter_old;
+ max_len = max_len_old;
+ } else {
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found
+ (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = max_len;
+ err =
+ _asn1_objectid_der(p->value,
+ der + counter,
+ &len2);
+ if (err != ASN1_SUCCESS
+ && err != ASN1_MEM_ERROR)
+ goto error;
+
+ max_len -= len2;
+ counter += len2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found(p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = max_len;
+ err =
+ _asn1_time_der(p->value, p->value_len,
+ der + counter, &len2);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
+
+ max_len -= len2;
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found(p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 =
+ asn1_get_length_der(p->value, p->value_len,
+ &len3);
+ if (len2 < 0) {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2 + len3;
+ if (max_len >= 0)
+ memcpy(der + counter, p->value,
+ len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SET:
+ if (move != UP) {
+ _asn1_ltostr(counter, (char *) temp);
+ tlen = _asn1_strlen(temp);
+ if (tlen > 0)
+ _asn1_set_value(p, temp, tlen + 1);
+ if (p->down == NULL) {
+ move = UP;
+ continue;
+ } else {
+ p2 = p->down;
+ while (p2
+ && (type_field(p2->type) ==
+ ASN1_ETYPE_TAG))
+ p2 = p2->right;
+ if (p2) {
+ p = p2;
+ move = RIGHT;
+ continue;
+ }
+ move = UP;
+ continue;
+ }
+ } else { /* move==UP */
+ len2 = _asn1_strtol(p->value, NULL, 10);
+ _asn1_set_value(p, NULL, 0);
+ if ((type_field(p->type) == ASN1_ETYPE_SET)
+ && (max_len >= 0))
+ _asn1_ordering_set(der + len2,
+ max_len - len2,
+ p);
+ asn1_length_der(counter - len2, temp,
+ &len3);
+ max_len -= len3;
+ if (max_len >= 0) {
+ memmove(der + len2 + len3,
+ der + len2,
+ counter - len2);
+ memcpy(der + len2, temp, len3);
+ }
+ counter += len3;
+ move = RIGHT;
+ }
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (move != UP) {
+ _asn1_ltostr(counter, (char *) temp);
+ tlen = _asn1_strlen(temp);
+
+ if (tlen > 0)
+ _asn1_set_value(p, temp, tlen + 1);
+ p = p->down;
+ while ((type_field(p->type) ==
+ ASN1_ETYPE_TAG)
+ || (type_field(p->type) ==
+ ASN1_ETYPE_SIZE))
+ p = p->right;
+ if (p->right) {
+ p = p->right;
+ move = RIGHT;
+ continue;
+ } else
+ p = _asn1_find_up(p);
+ move = UP;
+ }
+ if (move == UP) {
+ len2 = _asn1_strtol(p->value, NULL, 10);
+ _asn1_set_value(p, NULL, 0);
+ if ((type_field(p->type) ==
+ ASN1_ETYPE_SET_OF)
+ && (max_len - len2 > 0)) {
+ _asn1_ordering_set_of(der + len2,
+ max_len -
+ len2, p);
+ }
+ asn1_length_der(counter - len2, temp,
+ &len3);
+ max_len -= len3;
+ if (max_len >= 0) {
+ memmove(der + len2 + len3,
+ der + len2,
+ counter - len2);
+ memcpy(der + len2, temp, len3);
+ }
+ counter += len3;
+ move = RIGHT;
+ }
+ break;
+ case ASN1_ETYPE_ANY:
+ if (p->value == NULL) {
+ _asn1_error_description_value_not_found(p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 =
+ asn1_get_length_der(p->value, p->value_len,
+ &len3);
+ if (len2 < 0) {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2;
+ if (max_len >= 0)
+ memcpy(der + counter, p->value + len3,
+ len2);
+ counter += len2;
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
}
- len2 = asn1_get_length_der (p->value, p->value_len, &len3);
- if (len2 < 0)
- {
- err = ASN1_DER_ERROR;
- goto error;
- }
- max_len -= len2 + len3;
- if (max_len >= 0)
- memcpy (der + counter, p->value, len3 + len2);
- counter += len3 + len2;
- }
- move = RIGHT;
- break;
- case ASN1_ETYPE_OBJECT_ID:
- if ((p->type & CONST_DEFAULT) && (p->value == NULL))
- {
- counter = counter_old;
- max_len = max_len_old;
- }
- else
- {
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p,
- ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
- }
- len2 = max_len;
- err = _asn1_objectid_der (p->value, der + counter, &len2);
- if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
- goto error;
- max_len -= len2;
- counter += len2;
- }
- move = RIGHT;
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p, ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
- }
- len2 = max_len;
- err = _asn1_time_der (p->value, p->value_len, der + counter, &len2);
- if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
- goto error;
-
- max_len -= len2;
- counter += len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OCTET_STRING:
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- case ASN1_ETYPE_BIT_STRING:
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p, ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
- }
- len2 = asn1_get_length_der (p->value, p->value_len, &len3);
- if (len2 < 0)
- {
- err = ASN1_DER_ERROR;
- goto error;
- }
- max_len -= len2 + len3;
- if (max_len >= 0)
- memcpy (der + counter, p->value, len3 + len2);
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_SET:
- if (move != UP)
- {
- _asn1_ltostr (counter, (char *) temp);
- tlen = _asn1_strlen (temp);
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- if (p->down == NULL)
- {
- move = UP;
- continue;
- }
- else
- {
- p2 = p->down;
- while (p2 && (type_field (p2->type) == ASN1_ETYPE_TAG))
- p2 = p2->right;
- if (p2)
- {
- p = p2;
- move = RIGHT;
- continue;
- }
- move = UP;
- continue;
+ if ((move != DOWN) && (counter != counter_old)) {
+ err =
+ _asn1_complete_explicit_tag(p, der, &counter,
+ &max_len);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
}
- }
- else
- { /* move==UP */
- len2 = _asn1_strtol (p->value, NULL, 10);
- _asn1_set_value (p, NULL, 0);
- if ((type_field (p->type) == ASN1_ETYPE_SET) && (max_len >= 0))
- _asn1_ordering_set (der + len2, max_len - len2, p);
- asn1_length_der (counter - len2, temp, &len3);
- max_len -= len3;
- if (max_len >= 0)
- {
- memmove (der + len2 + len3, der + len2, counter - len2);
- memcpy (der + len2, temp, len3);
- }
- counter += len3;
- move = RIGHT;
- }
- break;
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET_OF:
- if (move != UP)
- {
- _asn1_ltostr (counter, (char *) temp);
- tlen = _asn1_strlen (temp);
-
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- p = p->down;
- while ((type_field (p->type) == ASN1_ETYPE_TAG)
- || (type_field (p->type) == ASN1_ETYPE_SIZE))
- p = p->right;
- if (p->right)
- {
- p = p->right;
- move = RIGHT;
- continue;
- }
- else
- p = _asn1_find_up (p);
- move = UP;
- }
- if (move == UP)
- {
- len2 = _asn1_strtol (p->value, NULL, 10);
- _asn1_set_value (p, NULL, 0);
- if ((type_field (p->type) == ASN1_ETYPE_SET_OF)
- && (max_len - len2 > 0))
- {
- _asn1_ordering_set_of (der + len2, max_len - len2, p);
+
+ if (p == node && move != DOWN)
+ break;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- asn1_length_der (counter - len2, temp, &len3);
- max_len -= len3;
- if (max_len >= 0)
- {
- memmove (der + len2 + len3, der + len2, counter - len2);
- memcpy (der + len2, temp, len3);
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
}
- counter += len3;
- move = RIGHT;
- }
- break;
- case ASN1_ETYPE_ANY:
- if (p->value == NULL)
- {
- _asn1_error_description_value_not_found (p, ErrorDescription);
- err = ASN1_VALUE_NOT_FOUND;
- goto error;
- }
- len2 = asn1_get_length_der (p->value, p->value_len, &len3);
- if (len2 < 0)
- {
- err = ASN1_DER_ERROR;
- goto error;
- }
- max_len -= len2;
- if (max_len >= 0)
- memcpy (der + counter, p->value + len3, len2);
- counter += len2;
- move = RIGHT;
- break;
- default:
- move = (move == UP) ? RIGHT : DOWN;
- break;
- }
-
- if ((move != DOWN) && (counter != counter_old))
- {
- err = _asn1_complete_explicit_tag (p, der, &counter, &max_len);
- if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
- goto error;
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (p == node && move != DOWN)
- break;
+ *len = counter;
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (max_len < 0) {
+ err = ASN1_MEM_ERROR;
+ goto error;
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
-
- *len = counter;
-
- if (max_len < 0)
- {
- err = ASN1_MEM_ERROR;
- goto error;
- }
- err = ASN1_SUCCESS;
+ err = ASN1_SUCCESS;
-error:
- asn1_delete_structure (&node);
- return err;
+ error:
+ asn1_delete_structure(&node);
+ return err;
}
diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c
index f02fe10686..40084d43b7 100644
--- a/lib/minitasn1/decoding.c
+++ b/lib/minitasn1/decoding.c
@@ -33,16 +33,18 @@
#include <limits.h>
static int
-_asn1_get_indefinite_length_string (const unsigned char *der, int *len);
+_asn1_get_indefinite_length_string(const unsigned char *der, int *len);
static void
-_asn1_error_description_tag_error (asn1_node node, char *ErrorDescription)
+_asn1_error_description_tag_error(asn1_node node, char *ErrorDescription)
{
- Estrcpy (ErrorDescription, ":: tag error near element '");
- _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription),
- ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
- Estrcat (ErrorDescription, "'");
+ Estrcpy(ErrorDescription, ":: tag error near element '");
+ _asn1_hierarchical_name(node,
+ ErrorDescription +
+ strlen(ErrorDescription),
+ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
+ Estrcat(ErrorDescription, "'");
}
@@ -58,60 +60,52 @@ _asn1_error_description_tag_error (asn1_node node, char *ErrorDescription)
* length, or -2 when the value was too big to fit in a int, or -4
* when the decoded length value plus @len would exceed @der_len.
**/
-long
-asn1_get_length_der (const unsigned char *der, int der_len, int *len)
+long asn1_get_length_der(const unsigned char *der, int der_len, int *len)
{
- unsigned int ans, sum, last;
- int k, punt;
-
- *len = 0;
- if (der_len <= 0)
- return 0;
-
- if (!(der[0] & 128))
- {
- /* short form */
- *len = 1;
- ans = der[0];
- }
- else
- {
- /* Long form */
- k = der[0] & 0x7F;
- punt = 1;
- if (k)
- { /* definite length method */
- ans = 0;
- while (punt <= k && punt < der_len)
- {
- last = ans;
-
- ans = (ans*256) + der[punt++];
- if (ans < last)
- /* we wrapped around, no bignum support... */
- return -2;
- }
- }
- else
- { /* indefinite length method */
- *len = punt;
- return -1;
- }
+ unsigned int ans, sum, last;
+ int k, punt;
+
+ *len = 0;
+ if (der_len <= 0)
+ return 0;
+
+ if (!(der[0] & 128)) {
+ /* short form */
+ *len = 1;
+ ans = der[0];
+ } else {
+ /* Long form */
+ k = der[0] & 0x7F;
+ punt = 1;
+ if (k) { /* definite length method */
+ ans = 0;
+ while (punt <= k && punt < der_len) {
+ last = ans;
+
+ ans = (ans * 256) + der[punt++];
+ if (ans < last)
+ /* we wrapped around, no bignum support... */
+ return -2;
+ }
+ } else { /* indefinite length method */
+ *len = punt;
+ return -1;
+ }
- *len = punt;
- }
+ *len = punt;
+ }
- sum = ans + *len;
+ sum = ans + *len;
- /* check for overflow as well INT_MAX as a maximum upper
- * limit for length */
- if (sum >= INT_MAX || sum < ans)
- return -2;
+ /* check for overflow as well INT_MAX as a maximum upper
+ * limit for length */
+ if (sum >= INT_MAX || sum < ans)
+ return -2;
- if (((int) sum) > der_len)
- return -4;
+ if (((int) sum) > der_len)
+ return -4;
- return ans;
+ return ans;
}
/**
@@ -127,52 +121,48 @@ asn1_get_length_der (const unsigned char *der, int der_len, int *len)
* Returns: Returns %ASN1_SUCCESS on success, or an error.
**/
int
-asn1_get_tag_der (const unsigned char *der, int der_len,
- unsigned char *cls, int *len, unsigned long *tag)
+asn1_get_tag_der(const unsigned char *der, int der_len,
+ unsigned char *cls, int *len, unsigned long *tag)
{
- unsigned int ris;
- int punt;
- unsigned int last;
-
- if (der == NULL || der_len < 2 || len == NULL)
- return ASN1_DER_ERROR;
-
- *cls = der[0] & 0xE0;
- if ((der[0] & 0x1F) != 0x1F)
- {
- /* short form */
- *len = 1;
- ris = der[0] & 0x1F;
- }
- else
- {
- /* Long form */
- punt = 1;
- ris = 0;
- while (punt <= der_len && der[punt] & 128)
- {
- last = ris;
-
- ris = (ris * 128) + (der[punt++] & 0x7F);
- if (ris < last)
- /* wrapped around, and no bignums... */
- return ASN1_DER_ERROR;
- }
+ unsigned int ris;
+ int punt;
+ unsigned int last;
- if (punt >= der_len)
- return ASN1_DER_ERROR;
+ if (der == NULL || der_len < 2 || len == NULL)
+ return ASN1_DER_ERROR;
- last = ris;
+ *cls = der[0] & 0xE0;
+ if ((der[0] & 0x1F) != 0x1F) {
+ /* short form */
+ *len = 1;
+ ris = der[0] & 0x1F;
+ } else {
+ /* Long form */
+ punt = 1;
+ ris = 0;
+ while (punt <= der_len && der[punt] & 128) {
+ last = ris;
+
+ ris = (ris * 128) + (der[punt++] & 0x7F);
+ if (ris < last)
+ /* wrapped around, and no bignums... */
+ return ASN1_DER_ERROR;
+ }
+
+ if (punt >= der_len)
+ return ASN1_DER_ERROR;
- ris = (ris * 128) + (der[punt++] & 0x7F);
- if (ris < last)
- return ASN1_DER_ERROR;
+ last = ris;
- *len = punt;
- }
- if (tag)
- *tag = ris;
- return ASN1_SUCCESS;
+ ris = (ris * 128) + (der[punt++] & 0x7F);
+ if (ris < last)
+ return ASN1_DER_ERROR;
+
+ *len = punt;
+ }
+ if (tag)
+ *tag = ris;
+ return ASN1_SUCCESS;
}
/**
@@ -190,22 +180,20 @@ asn1_get_tag_der (const unsigned char *der, int der_len,
*
* Since: 2.0
**/
-long
-asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len)
+long asn1_get_length_ber(const unsigned char *ber, int ber_len, int *len)
{
- int ret;
- long err;
-
- ret = asn1_get_length_der (ber, ber_len, len);
- if (ret == -1)
- { /* indefinite length method */
- ret = ber_len;
- err = _asn1_get_indefinite_length_string (ber + 1, &ret);
- if (err != ASN1_SUCCESS)
- return -3;
- }
-
- return ret;
+ int ret;
+ long err;
+
+ ret = asn1_get_length_der(ber, ber_len, len);
+ if (ret == -1) { /* indefinite length method */
+ ret = ber_len;
+ err = _asn1_get_indefinite_length_string(ber + 1, &ret);
+ if (err != ASN1_SUCCESS)
+ return -3;
+ }
+
+ return ret;
}
/**
@@ -222,111 +210,109 @@ asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len)
* Returns: Returns %ASN1_SUCCESS on success, or an error.
**/
int
-asn1_get_octet_der (const unsigned char *der, int der_len,
- int *ret_len, unsigned char *str, int str_size,
- int *str_len)
+asn1_get_octet_der(const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str, int str_size,
+ int *str_len)
{
- int len_len;
+ int len_len;
- if (der_len <= 0)
- return ASN1_GENERIC_ERROR;
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
- /* if(str==NULL) return ASN1_SUCCESS; */
- *str_len = asn1_get_length_der (der, der_len, &len_len);
+ /* if(str==NULL) return ASN1_SUCCESS; */
+ *str_len = asn1_get_length_der(der, der_len, &len_len);
- if (*str_len < 0)
- return ASN1_DER_ERROR;
+ if (*str_len < 0)
+ return ASN1_DER_ERROR;
- *ret_len = *str_len + len_len;
- if (str_size >= *str_len)
- memcpy (str, der + len_len, *str_len);
- else
- {
- return ASN1_MEM_ERROR;
- }
+ *ret_len = *str_len + len_len;
+ if (str_size >= *str_len)
+ memcpy(str, der + len_len, *str_len);
+ else {
+ return ASN1_MEM_ERROR;
+ }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
/* Returns ASN1_SUCCESS on success or an error code on error.
*/
static int
-_asn1_get_time_der (const unsigned char *der, int der_len, int *ret_len,
- char *str, int str_size)
+_asn1_get_time_der(const unsigned char *der, int der_len, int *ret_len,
+ char *str, int str_size)
{
- int len_len, str_len;
-
- if (der_len <= 0 || str == NULL)
- return ASN1_DER_ERROR;
- str_len = asn1_get_length_der (der, der_len, &len_len);
- if (str_len < 0 || str_size < str_len)
- return ASN1_DER_ERROR;
- memcpy (str, der + len_len, str_len);
- str[str_len] = 0;
- *ret_len = str_len + len_len;
-
- return ASN1_SUCCESS;
+ int len_len, str_len;
+
+ if (der_len <= 0 || str == NULL)
+ return ASN1_DER_ERROR;
+ str_len = asn1_get_length_der(der, der_len, &len_len);
+ if (str_len < 0 || str_size < str_len)
+ return ASN1_DER_ERROR;
+ memcpy(str, der + len_len, str_len);
+ str[str_len] = 0;
+ *ret_len = str_len + len_len;
+
+ return ASN1_SUCCESS;
}
static int
-_asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len,
- char *str, int str_size)
+_asn1_get_objectid_der(const unsigned char *der, int der_len, int *ret_len,
+ char *str, int str_size)
{
- int len_len, len, k;
- int leading;
- char temp[20];
- unsigned long val, val1, prev_val;
-
- *ret_len = 0;
- if (str && str_size > 0)
- str[0] = 0; /* no oid */
-
- if (str == NULL || der_len <= 0)
- return ASN1_GENERIC_ERROR;
- len = asn1_get_length_der (der, der_len, &len_len);
-
- if (len < 0 || len > der_len || len_len > der_len)
- return ASN1_DER_ERROR;
-
- val1 = der[len_len] / 40;
- val = der[len_len] - val1 * 40;
-
- _asn1_str_cpy (str, str_size, _asn1_ltostr (val1, temp));
- _asn1_str_cat (str, str_size, ".");
- _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp));
-
- prev_val = 0;
- val = 0;
- leading = 1;
- for (k = 1; k < len; k++)
- {
- /* X.690 mandates that the leading byte must never be 0x80
- */
- if (leading != 0 && der[len_len + k] == 0x80)
- return ASN1_DER_ERROR;
- leading = 0;
-
- /* check for wrap around */
- val = val << 7;
- val |= der[len_len + k] & 0x7F;
-
- if (val < prev_val)
- return ASN1_DER_ERROR;
-
- prev_val = val;
-
- if (!(der[len_len + k] & 0x80))
- {
- _asn1_str_cat (str, str_size, ".");
- _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp));
- val = 0;
- prev_val = 0;
- leading = 1;
+ int len_len, len, k;
+ int leading;
+ char temp[20];
+ unsigned long val, val1, prev_val;
+
+ *ret_len = 0;
+ if (str && str_size > 0)
+ str[0] = 0; /* no oid */
+
+ if (str == NULL || der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+ len = asn1_get_length_der(der, der_len, &len_len);
+
+ if (len < 0 || len > der_len || len_len > der_len)
+ return ASN1_DER_ERROR;
+
+ val1 = der[len_len] / 40;
+ val = der[len_len] - val1 * 40;
+
+ _asn1_str_cpy(str, str_size, _asn1_ltostr(val1, temp));
+ _asn1_str_cat(str, str_size, ".");
+ _asn1_str_cat(str, str_size, _asn1_ltostr(val, temp));
+
+ prev_val = 0;
+ val = 0;
+ leading = 1;
+ for (k = 1; k < len; k++) {
+ /* X.690 mandates that the leading byte must never be 0x80
+ */
+ if (leading != 0 && der[len_len + k] == 0x80)
+ return ASN1_DER_ERROR;
+ leading = 0;
+
+ /* check for wrap around */
+ val = val << 7;
+ val |= der[len_len + k] & 0x7F;
+
+ if (val < prev_val)
+ return ASN1_DER_ERROR;
+
+ prev_val = val;
+
+ if (!(der[len_len + k] & 0x80)) {
+ _asn1_str_cat(str, str_size, ".");
+ _asn1_str_cat(str, str_size,
+ _asn1_ltostr(val, temp));
+ val = 0;
+ prev_val = 0;
+ leading = 1;
+ }
}
- }
- *ret_len = len + len_len;
+ *ret_len = len + len_len;
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
/**
@@ -343,433 +329,429 @@ _asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len,
* Returns: Return %ASN1_SUCCESS on success, or an error.
**/
int
-asn1_get_bit_der (const unsigned char *der, int der_len,
- int *ret_len, unsigned char *str, int str_size,
- int *bit_len)
+asn1_get_bit_der(const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str, int str_size,
+ int *bit_len)
{
- int len_len, len_byte;
+ int len_len, len_byte;
- if (der_len <= 0)
- return ASN1_GENERIC_ERROR;
- len_byte = asn1_get_length_der (der, der_len, &len_len) - 1;
- if (len_byte < 0)
- return ASN1_DER_ERROR;
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+ len_byte = asn1_get_length_der(der, der_len, &len_len) - 1;
+ if (len_byte < 0)
+ return ASN1_DER_ERROR;
- *ret_len = len_byte + len_len + 1;
- *bit_len = len_byte * 8 - der[len_len];
+ *ret_len = len_byte + len_len + 1;
+ *bit_len = len_byte * 8 - der[len_len];
- if (str_size >= len_byte)
- memcpy (str, der + len_len + 1, len_byte);
- else
- {
- return ASN1_MEM_ERROR;
- }
+ if (str_size >= len_byte)
+ memcpy(str, der + len_len + 1, len_byte);
+ else {
+ return ASN1_MEM_ERROR;
+ }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
static int
-_asn1_extract_tag_der (asn1_node node, const unsigned char *der, int der_len,
- int *ret_len)
+_asn1_extract_tag_der(asn1_node node, const unsigned char *der,
+ int der_len, int *ret_len)
{
- asn1_node p;
- int counter, len2, len3, is_tag_implicit;
- unsigned long tag, tag_implicit = 0;
- unsigned char class, class2, class_implicit = 0;
-
- if (der_len <= 0)
- return ASN1_GENERIC_ERROR;
-
- counter = is_tag_implicit = 0;
-
- if (node->type & CONST_TAG)
- {
- p = node->down;
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_TAG)
- {
- if (p->type & CONST_APPLICATION)
- class2 = ASN1_CLASS_APPLICATION;
- else if (p->type & CONST_UNIVERSAL)
- class2 = ASN1_CLASS_UNIVERSAL;
- else if (p->type & CONST_PRIVATE)
- class2 = ASN1_CLASS_PRIVATE;
- else
- class2 = ASN1_CLASS_CONTEXT_SPECIFIC;
-
- if (p->type & CONST_EXPLICIT)
- {
- if (asn1_get_tag_der
- (der + counter, der_len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
-
- if (counter + len2 > der_len)
- return ASN1_DER_ERROR;
- counter += len2;
-
- len3 =
- asn1_get_length_ber (der + counter, der_len - counter,
- &len2);
- if (len3 < 0)
- return ASN1_DER_ERROR;
-
- counter += len2;
- if (counter > der_len)
- return ASN1_DER_ERROR;
-
- if (!is_tag_implicit)
- {
- if ((class != (class2 | ASN1_CLASS_STRUCTURED)) ||
- (tag != strtoul ((char *) p->value, NULL, 10)))
- return ASN1_TAG_ERROR;
- }
- else
- { /* ASN1_TAG_IMPLICIT */
- if ((class != class_implicit) || (tag != tag_implicit))
- return ASN1_TAG_ERROR;
- }
- is_tag_implicit = 0;
- }
- else
- { /* ASN1_TAG_IMPLICIT */
- if (!is_tag_implicit)
- {
- if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) ||
- (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF) ||
- (type_field (node->type) == ASN1_ETYPE_SET) ||
- (type_field (node->type) == ASN1_ETYPE_SET_OF))
- class2 |= ASN1_CLASS_STRUCTURED;
- class_implicit = class2;
- tag_implicit = strtoul ((char *) p->value, NULL, 10);
- is_tag_implicit = 1;
- }
+ asn1_node p;
+ int counter, len2, len3, is_tag_implicit;
+ unsigned long tag, tag_implicit = 0;
+ unsigned char class, class2, class_implicit = 0;
+
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+
+ counter = is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG) {
+ p = node->down;
+ while (p) {
+ if (type_field(p->type) == ASN1_ETYPE_TAG) {
+ if (p->type & CONST_APPLICATION)
+ class2 = ASN1_CLASS_APPLICATION;
+ else if (p->type & CONST_UNIVERSAL)
+ class2 = ASN1_CLASS_UNIVERSAL;
+ else if (p->type & CONST_PRIVATE)
+ class2 = ASN1_CLASS_PRIVATE;
+ else
+ class2 =
+ ASN1_CLASS_CONTEXT_SPECIFIC;
+
+ if (p->type & CONST_EXPLICIT) {
+ if (asn1_get_tag_der
+ (der + counter,
+ der_len - counter, &class,
+ &len2, &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+
+ if (counter + len2 > der_len)
+ return ASN1_DER_ERROR;
+ counter += len2;
+
+ len3 =
+ asn1_get_length_ber(der +
+ counter,
+ der_len -
+ counter,
+ &len2);
+ if (len3 < 0)
+ return ASN1_DER_ERROR;
+
+ counter += len2;
+ if (counter > der_len)
+ return ASN1_DER_ERROR;
+
+ if (!is_tag_implicit) {
+ if ((class !=
+ (class2 |
+ ASN1_CLASS_STRUCTURED))
+ || (tag !=
+ strtoul((char *)
+ p->value,
+ NULL, 10)))
+ return
+ ASN1_TAG_ERROR;
+ } else { /* ASN1_TAG_IMPLICIT */
+ if ((class !=
+ class_implicit)
+ || (tag !=
+ tag_implicit))
+ return
+ ASN1_TAG_ERROR;
+ }
+ is_tag_implicit = 0;
+ } else { /* ASN1_TAG_IMPLICIT */
+ if (!is_tag_implicit) {
+ if ((type_field(node->type)
+ ==
+ ASN1_ETYPE_SEQUENCE)
+ ||
+ (type_field(node->type)
+ ==
+ ASN1_ETYPE_SEQUENCE_OF)
+ ||
+ (type_field(node->type)
+ == ASN1_ETYPE_SET)
+ ||
+ (type_field(node->type)
+ == ASN1_ETYPE_SET_OF))
+ class2 |=
+ ASN1_CLASS_STRUCTURED;
+ class_implicit = class2;
+ tag_implicit =
+ strtoul((char *) p->
+ value, NULL,
+ 10);
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->right;
}
- }
- p = p->right;
- }
- }
-
- if (is_tag_implicit)
- {
- if (asn1_get_tag_der
- (der + counter, der_len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
- if (counter + len2 > der_len)
- return ASN1_DER_ERROR;
-
- if ((class != class_implicit) || (tag != tag_implicit))
- {
- if (type_field (node->type) == ASN1_ETYPE_OCTET_STRING)
- {
- class_implicit |= ASN1_CLASS_STRUCTURED;
- if ((class != class_implicit) || (tag != tag_implicit))
- return ASN1_TAG_ERROR;
- }
- else
- return ASN1_TAG_ERROR;
- }
- }
- else
- {
- unsigned type = type_field (node->type);
- if (type == ASN1_ETYPE_TAG)
- {
- counter = 0;
- *ret_len = counter;
- return ASN1_SUCCESS;
}
- if (asn1_get_tag_der
- (der + counter, der_len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
-
- if (counter + len2 > der_len)
- return ASN1_DER_ERROR;
-
- switch (type)
- {
- case ASN1_ETYPE_NULL:
- case ASN1_ETYPE_BOOLEAN:
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- case ASN1_ETYPE_OBJECT_ID:
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- case ASN1_ETYPE_BIT_STRING:
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET:
- case ASN1_ETYPE_SET_OF:
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- if ((class != _asn1_tags[type].class) || (tag != _asn1_tags[type].tag))
- return ASN1_DER_ERROR;
- break;
-
- case ASN1_ETYPE_OCTET_STRING:
- /* OCTET STRING is handled differently to allow
- * BER encodings (structured class). */
- if (((class != ASN1_CLASS_UNIVERSAL)
- && (class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED)))
- || (tag != ASN1_TAG_OCTET_STRING))
- return ASN1_DER_ERROR;
- break;
- case ASN1_ETYPE_ANY:
- counter -= len2;
- break;
- default:
- return ASN1_DER_ERROR;
- break;
- }
- }
+ if (is_tag_implicit) {
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > der_len)
+ return ASN1_DER_ERROR;
- counter += len2;
- *ret_len = counter;
- return ASN1_SUCCESS;
-}
+ if ((class != class_implicit) || (tag != tag_implicit)) {
+ if (type_field(node->type) ==
+ ASN1_ETYPE_OCTET_STRING) {
+ class_implicit |= ASN1_CLASS_STRUCTURED;
+ if ((class != class_implicit)
+ || (tag != tag_implicit))
+ return ASN1_TAG_ERROR;
+ } else
+ return ASN1_TAG_ERROR;
+ }
+ } else {
+ unsigned type = type_field(node->type);
+ if (type == ASN1_ETYPE_TAG) {
+ counter = 0;
+ *ret_len = counter;
+ return ASN1_SUCCESS;
+ }
+
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
-static int
-_asn1_delete_not_used (asn1_node node)
-{
- asn1_node p, p2;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- while (p)
- {
- if (p->type & CONST_NOT_USED)
- {
- p2 = NULL;
- if (p != node)
- {
- p2 = _asn1_find_left (p);
- if (!p2)
- p2 = _asn1_find_up (p);
- }
- asn1_delete_structure (&p);
- p = p2;
- }
+ if (counter + len2 > der_len)
+ return ASN1_DER_ERROR;
- if (!p)
- break; /* reach node */
+ switch (type) {
+ case ASN1_ETYPE_NULL:
+ case ASN1_ETYPE_BOOLEAN:
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ case ASN1_ETYPE_OBJECT_ID:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET:
+ case ASN1_ETYPE_SET_OF:
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if ((class != _asn1_tags[type].class)
+ || (tag != _asn1_tags[type].tag))
+ return ASN1_DER_ERROR;
+ break;
- if (p->down)
- {
- p = p->down;
+ case ASN1_ETYPE_OCTET_STRING:
+ /* OCTET STRING is handled differently to allow
+ * BER encodings (structured class). */
+ if (((class != ASN1_CLASS_UNIVERSAL)
+ && (class !=
+ (ASN1_CLASS_UNIVERSAL |
+ ASN1_CLASS_STRUCTURED)))
+ || (tag != ASN1_TAG_OCTET_STRING))
+ return ASN1_DER_ERROR;
+ break;
+ case ASN1_ETYPE_ANY:
+ counter -= len2;
+ break;
+ default:
+ return ASN1_DER_ERROR;
+ break;
+ }
}
- else
- {
- if (p == node)
- p = NULL;
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == node)
- {
- p = NULL;
- break;
- }
- if (p->right)
- {
- p = p->right;
- break;
- }
+
+ counter += len2;
+ *ret_len = counter;
+ return ASN1_SUCCESS;
+}
+
+static int _asn1_delete_not_used(asn1_node node)
+{
+ asn1_node p, p2;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p) {
+ if (p->type & CONST_NOT_USED) {
+ p2 = NULL;
+ if (p != node) {
+ p2 = _asn1_find_left(p);
+ if (!p2)
+ p2 = _asn1_find_up(p);
+ }
+ asn1_delete_structure(&p);
+ p = p2;
+ }
+
+ if (!p)
+ break; /* reach node */
+
+ if (p->down) {
+ p = p->down;
+ } else {
+ if (p == node)
+ p = NULL;
+ else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == node) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
+ }
}
- }
}
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
static int
-_asn1_extract_der_octet (asn1_node node, const unsigned char *der,
- int der_len)
+_asn1_extract_der_octet(asn1_node node, const unsigned char *der,
+ int der_len)
{
- int len2, len3;
- int counter2, counter_end;
+ int len2, len3;
+ int counter2, counter_end;
- len2 = asn1_get_length_der (der, der_len, &len3);
- if (len2 < -1)
- return ASN1_DER_ERROR;
+ len2 = asn1_get_length_der(der, der_len, &len3);
+ if (len2 < -1)
+ return ASN1_DER_ERROR;
- counter2 = len3 + 1;
+ counter2 = len3 + 1;
- if (len2 == -1)
- counter_end = der_len - 2;
- else
- counter_end = der_len;
+ if (len2 == -1)
+ counter_end = der_len - 2;
+ else
+ counter_end = der_len;
- while (counter2 < counter_end)
- {
- len2 = asn1_get_length_der (der + counter2, der_len - counter2, &len3);
+ while (counter2 < counter_end) {
+ len2 =
+ asn1_get_length_der(der + counter2, der_len - counter2,
+ &len3);
- if (len2 < -1)
- return ASN1_DER_ERROR;
+ if (len2 < -1)
+ return ASN1_DER_ERROR;
- if (len2 > 0)
- {
- _asn1_append_value (node, der + counter2 + len3, len2);
- }
- else
- { /* indefinite */
-
- len2 =
- _asn1_extract_der_octet (node, der + counter2 + len3,
- der_len - counter2 - len3);
- if (len2 < 0)
- return len2;
- }
+ if (len2 > 0) {
+ _asn1_append_value(node, der + counter2 + len3,
+ len2);
+ } else { /* indefinite */
- counter2 += len2 + len3 + 1;
- }
+ len2 =
+ _asn1_extract_der_octet(node,
+ der + counter2 + len3,
+ der_len - counter2 -
+ len3);
+ if (len2 < 0)
+ return len2;
+ }
- return ASN1_SUCCESS;
+ counter2 += len2 + len3 + 1;
+ }
+
+ return ASN1_SUCCESS;
}
static int
-_asn1_get_octet_string (const unsigned char *der, asn1_node node, int *len)
+_asn1_get_octet_string(const unsigned char *der, asn1_node node, int *len)
{
- int len2, len3, counter, tot_len, indefinite;
-
- counter = 0;
-
- if (*(der - 1) & ASN1_CLASS_STRUCTURED)
- {
- tot_len = 0;
- indefinite = asn1_get_length_der (der, *len, &len3);
- if (indefinite < -1)
- return ASN1_DER_ERROR;
-
- counter += len3;
- if (indefinite >= 0)
- indefinite += len3;
-
- while (1)
- {
- if (counter > (*len))
- return ASN1_DER_ERROR;
-
- if (indefinite == -1)
- {
- if ((der[counter] == 0) && (der[counter + 1] == 0))
- {
- counter += 2;
- break;
- }
- }
- else if (counter >= indefinite)
- break;
+ int len2, len3, counter, tot_len, indefinite;
+
+ counter = 0;
- if (der[counter] != ASN1_TAG_OCTET_STRING)
- return ASN1_DER_ERROR;
+ if (*(der - 1) & ASN1_CLASS_STRUCTURED) {
+ tot_len = 0;
+ indefinite = asn1_get_length_der(der, *len, &len3);
+ if (indefinite < -1)
+ return ASN1_DER_ERROR;
- counter++;
+ counter += len3;
+ if (indefinite >= 0)
+ indefinite += len3;
- len2 = asn1_get_length_der (der + counter, *len - counter, &len3);
- if (len2 <= 0)
- return ASN1_DER_ERROR;
+ while (1) {
+ if (counter > (*len))
+ return ASN1_DER_ERROR;
- counter += len3 + len2;
- tot_len += len2;
- }
+ if (indefinite == -1) {
+ if ((der[counter] == 0)
+ && (der[counter + 1] == 0)) {
+ counter += 2;
+ break;
+ }
+ } else if (counter >= indefinite)
+ break;
+
+ if (der[counter] != ASN1_TAG_OCTET_STRING)
+ return ASN1_DER_ERROR;
- /* copy */
- if (node)
- {
- unsigned char temp[DER_LEN];
- int ret;
+ counter++;
- len2 = sizeof (temp);
+ len2 =
+ asn1_get_length_der(der + counter,
+ *len - counter, &len3);
+ if (len2 <= 0)
+ return ASN1_DER_ERROR;
- asn1_length_der (tot_len, temp, &len2);
- _asn1_set_value (node, temp, len2);
+ counter += len3 + len2;
+ tot_len += len2;
+ }
- ret = _asn1_extract_der_octet (node, der, *len);
- if (ret != ASN1_SUCCESS)
- return ret;
+ /* copy */
+ if (node) {
+ unsigned char temp[DER_LEN];
+ int ret;
- }
- }
- else
- { /* NOT STRUCTURED */
- len2 = asn1_get_length_der (der, *len, &len3);
- if (len2 < 0)
- return ASN1_DER_ERROR;
+ len2 = sizeof(temp);
+
+ asn1_length_der(tot_len, temp, &len2);
+ _asn1_set_value(node, temp, len2);
+
+ ret = _asn1_extract_der_octet(node, der, *len);
+ if (ret != ASN1_SUCCESS)
+ return ret;
+
+ }
+ } else { /* NOT STRUCTURED */
+ len2 = asn1_get_length_der(der, *len, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
- counter = len3 + len2;
- if (node)
- _asn1_set_value (node, der, counter);
- }
+ counter = len3 + len2;
+ if (node)
+ _asn1_set_value(node, der, counter);
+ }
- *len = counter;
- return ASN1_SUCCESS;
+ *len = counter;
+ return ASN1_SUCCESS;
}
static int
-_asn1_get_indefinite_length_string (const unsigned char *der, int *len)
+_asn1_get_indefinite_length_string(const unsigned char *der, int *len)
{
- int len2, len3, counter, indefinite;
- unsigned long tag;
- unsigned char class;
-
- counter = indefinite = 0;
-
- while (1)
- {
- if ((*len) < counter)
- return ASN1_DER_ERROR;
-
- if ((der[counter] == 0) && (der[counter + 1] == 0))
- {
- counter += 2;
- indefinite--;
- if (indefinite <= 0)
- break;
- else
- continue;
- }
+ int len2, len3, counter, indefinite;
+ unsigned long tag;
+ unsigned char class;
- if (asn1_get_tag_der
- (der + counter, *len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
- if (counter + len2 > *len)
- return ASN1_DER_ERROR;
- counter += len2;
- len2 = asn1_get_length_der (der + counter, *len - counter, &len3);
- if (len2 < -1)
- return ASN1_DER_ERROR;
- if (len2 == -1)
- {
- indefinite++;
- counter += 1;
- }
- else
- {
- counter += len2 + len3;
+ counter = indefinite = 0;
+
+ while (1) {
+ if ((*len) < counter)
+ return ASN1_DER_ERROR;
+
+ if ((der[counter] == 0) && (der[counter + 1] == 0)) {
+ counter += 2;
+ indefinite--;
+ if (indefinite <= 0)
+ break;
+ else
+ continue;
+ }
+
+ if (asn1_get_tag_der
+ (der + counter, *len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > *len)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ len2 =
+ asn1_get_length_der(der + counter, *len - counter,
+ &len3);
+ if (len2 < -1)
+ return ASN1_DER_ERROR;
+ if (len2 == -1) {
+ indefinite++;
+ counter += 1;
+ } else {
+ counter += len2 + len3;
+ }
}
- }
- *len = counter;
- return ASN1_SUCCESS;
+ *len = counter;
+ return ASN1_SUCCESS;
}
@@ -793,555 +775,563 @@ _asn1_get_indefinite_length_string (const unsigned char *der, int *len)
* name (*@ELEMENT deleted).
**/
int
-asn1_der_decoding (asn1_node * element, const void *ider, int len,
- char *errorDescription)
+asn1_der_decoding(asn1_node * element, const void *ider, int len,
+ char *errorDescription)
{
- asn1_node node, p, p2, p3;
- char temp[128];
- int counter, len2, len3, len4, move, ris, tlen;
- unsigned char class;
- unsigned long tag;
- int indefinite, result;
- const unsigned char *der = ider;
-
- node = *element;
-
- if (errorDescription != NULL)
- errorDescription[0] = 0;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if (node->type & CONST_OPTION)
- {
- result = ASN1_GENERIC_ERROR;
- goto cleanup;
- }
-
- counter = 0;
- move = DOWN;
- p = node;
- while (1)
- {
- ris = ASN1_SUCCESS;
- if (move != UP)
- {
- if (p->type & CONST_SET)
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (len2 == -1)
- {
- if (!der[counter] && !der[counter + 1])
- {
- p = p2;
- move = UP;
- counter += 2;
- continue;
- }
- }
- else if (counter == len2)
- {
- p = p2;
- move = UP;
- continue;
- }
- else if (counter > len2)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- p2 = p2->down;
- while (p2)
- {
- if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
- {
- if (type_field (p2->type) != ASN1_ETYPE_CHOICE)
- ris =
- _asn1_extract_tag_der (p2, der + counter,
- len - counter, &len2);
- else
- {
- p3 = p2->down;
- while (p3)
- {
- ris =
- _asn1_extract_tag_der (p3, der + counter,
- len - counter, &len2);
- if (ris == ASN1_SUCCESS)
- break;
- p3 = p3->right;
- }
- }
- if (ris == ASN1_SUCCESS)
- {
- p2->type &= ~CONST_NOT_USED;
- p = p2;
- break;
- }
- }
- p2 = p2->right;
- }
- if (p2 == NULL)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
-
- if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (counter == len2)
- {
- if (p->right)
- {
- p2 = p->right;
- move = RIGHT;
- }
- else
- move = UP;
-
- if (p->type & CONST_OPTION)
- asn1_delete_structure (&p);
-
- p = p2;
- continue;
- }
- }
-
- if (type_field (p->type) == ASN1_ETYPE_CHOICE)
- {
- while (p->down)
- {
- if (counter < len)
- ris =
- _asn1_extract_tag_der (p->down, der + counter,
- len - counter, &len2);
- else
- ris = ASN1_DER_ERROR;
- if (ris == ASN1_SUCCESS)
- {
- while (p->down->right)
- {
- p2 = p->down->right;
- asn1_delete_structure (&p2);
- }
- break;
- }
- else if (ris == ASN1_ERROR_TYPE_ANY)
- {
- result = ASN1_ERROR_TYPE_ANY;
- goto cleanup;
- }
- else
- {
- p2 = p->down;
- asn1_delete_structure (&p2);
- }
- }
+ asn1_node node, p, p2, p3;
+ char temp[128];
+ int counter, len2, len3, len4, move, ris, tlen;
+ unsigned char class;
+ unsigned long tag;
+ int indefinite, result;
+ const unsigned char *der = ider;
- if (p->down == NULL)
- {
- if (!(p->type & CONST_OPTION))
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
- else
- p = p->down;
- }
-
- if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if ((len2 != -1) && (counter > len2))
- ris = ASN1_TAG_ERROR;
- }
-
- if (ris == ASN1_SUCCESS)
- ris =
- _asn1_extract_tag_der (p, der + counter, len - counter, &len2);
- if (ris != ASN1_SUCCESS)
- {
- if (p->type & CONST_OPTION)
- {
- p->type |= CONST_NOT_USED;
- move = RIGHT;
- }
- else if (p->type & CONST_DEFAULT)
- {
- _asn1_set_value (p, NULL, 0);
- move = RIGHT;
- }
- else
- {
- if (errorDescription != NULL)
- _asn1_error_description_tag_error (p, errorDescription);
+ node = *element;
- result = ASN1_TAG_ERROR;
- goto cleanup;
- }
- }
- else
- counter += len2;
- }
+ if (errorDescription != NULL)
+ errorDescription[0] = 0;
- if (ris == ASN1_SUCCESS)
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_NULL:
- if (der[counter])
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter++;
- move = RIGHT;
- break;
- case ASN1_ETYPE_BOOLEAN:
- if (der[counter++] != 1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- if (der[counter++] == 0)
- _asn1_set_value (p, "F", 1);
- else
- _asn1_set_value (p, "T", 1);
- move = RIGHT;
- break;
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
- _asn1_set_value (p, der + counter, len3 + len2);
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OBJECT_ID:
- result =
- _asn1_get_objectid_der (der + counter, len - counter, &len2,
- temp, sizeof (temp));
- if (result != ASN1_SUCCESS)
+ if (node->type & CONST_OPTION) {
+ result = ASN1_GENERIC_ERROR;
goto cleanup;
+ }
- tlen = strlen (temp);
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- counter += len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- result =
- _asn1_get_time_der (der + counter, len - counter, &len2, temp,
- sizeof (temp) - 1);
- if (result != ASN1_SUCCESS)
- goto cleanup;
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1) {
+ ris = ASN1_SUCCESS;
+ if (move != UP) {
+ if (p->type & CONST_SET) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (len2 == -1) {
+ if (!der[counter]
+ && !der[counter + 1]) {
+ p = p2;
+ move = UP;
+ counter += 2;
+ continue;
+ }
+ } else if (counter == len2) {
+ p = p2;
+ move = UP;
+ continue;
+ } else if (counter > len2) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ p2 = p2->down;
+ while (p2) {
+ if ((p2->type & CONST_SET)
+ && (p2->
+ type & CONST_NOT_USED)) {
+ if (type_field(p2->type) !=
+ ASN1_ETYPE_CHOICE)
+ ris =
+ _asn1_extract_tag_der
+ (p2,
+ der + counter,
+ len - counter,
+ &len2);
+ else {
+ p3 = p2->down;
+ while (p3) {
+ ris =
+ _asn1_extract_tag_der
+ (p3,
+ der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (ris ==
+ ASN1_SUCCESS)
+ break;
+ p3 = p3->
+ right;
+ }
+ }
+ if (ris == ASN1_SUCCESS) {
+ p2->type &=
+ ~CONST_NOT_USED;
+ p = p2;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
- tlen = strlen (temp);
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen);
- counter += len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OCTET_STRING:
- len3 = len - counter;
- result = _asn1_get_octet_string (der + counter, p, &len3);
- if (result != ASN1_SUCCESS)
- goto cleanup;
+ if ((p->type & CONST_OPTION)
+ || (p->type & CONST_DEFAULT)) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (counter == len2) {
+ if (p->right) {
+ p2 = p->right;
+ move = RIGHT;
+ } else
+ move = UP;
+
+ if (p->type & CONST_OPTION)
+ asn1_delete_structure(&p);
+
+ p = p2;
+ continue;
+ }
+ }
- counter += len3;
- move = RIGHT;
- break;
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- case ASN1_ETYPE_BIT_STRING:
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (type_field(p->type) == ASN1_ETYPE_CHOICE) {
+ while (p->down) {
+ if (counter < len)
+ ris =
+ _asn1_extract_tag_der
+ (p->down,
+ der + counter,
+ len - counter, &len2);
+ else
+ ris = ASN1_DER_ERROR;
+ if (ris == ASN1_SUCCESS) {
+ while (p->down->right) {
+ p2 = p->down->
+ right;
+ asn1_delete_structure
+ (&p2);
+ }
+ break;
+ } else if (ris ==
+ ASN1_ERROR_TYPE_ANY) {
+ result =
+ ASN1_ERROR_TYPE_ANY;
+ goto cleanup;
+ } else {
+ p2 = p->down;
+ asn1_delete_structure(&p2);
+ }
+ }
- _asn1_set_value (p, der + counter, len3 + len2);
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_SET:
- if (move == UP)
- {
- len2 = _asn1_strtol (p->value, NULL, 10);
- _asn1_set_value (p, NULL, 0);
- if (len2 == -1)
- { /* indefinite length method */
- if (len - counter + 1 > 0)
- {
- if ((der[counter]) || der[counter + 1])
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
- else
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += 2;
- }
- else
- { /* definite length method */
- if (len2 != counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
- move = RIGHT;
- }
- else
- { /* move==DOWN || move==RIGHT */
- len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
- if (len3 < -1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2;
- if (len3 > 0)
- {
- _asn1_ltostr (counter + len3, temp);
- tlen = strlen (temp);
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- move = DOWN;
- }
- else if (len3 == 0)
- {
- p2 = p->down;
- while (p2)
- {
- if (type_field (p2->type) != ASN1_ETYPE_TAG)
- {
- p3 = p2->right;
- asn1_delete_structure (&p2);
- p2 = p3;
- }
- else
- p2 = p2->right;
- }
- move = RIGHT;
- }
- else
- { /* indefinite length method */
- _asn1_set_value (p, "-1", 3);
- move = DOWN;
- }
- }
- break;
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET_OF:
- if (move == UP)
- {
- len2 = _asn1_strtol (p->value, NULL, 10);
- if (len2 == -1)
- { /* indefinite length method */
- if ((counter + 2) > len)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
+ if (p->down == NULL) {
+ if (!(p->type & CONST_OPTION)) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ } else
+ p = p->down;
}
- if ((der[counter]) || der[counter + 1])
- {
- _asn1_append_sequence_set (p);
- p = p->down;
- while (p->right)
- p = p->right;
- move = RIGHT;
- continue;
- }
- _asn1_set_value (p, NULL, 0);
- counter += 2;
- }
- else
- { /* definite length method */
- if (len2 > counter)
- {
- _asn1_append_sequence_set (p);
- p = p->down;
- while (p->right)
- p = p->right;
- move = RIGHT;
- continue;
- }
- _asn1_set_value (p, NULL, 0);
- if (len2 != counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
+ if ((p->type & CONST_OPTION)
+ || (p->type & CONST_DEFAULT)) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if ((len2 != -1) && (counter > len2))
+ ris = ASN1_TAG_ERROR;
}
- }
+
+ if (ris == ASN1_SUCCESS)
+ ris =
+ _asn1_extract_tag_der(p, der + counter,
+ len - counter,
+ &len2);
+ if (ris != ASN1_SUCCESS) {
+ if (p->type & CONST_OPTION) {
+ p->type |= CONST_NOT_USED;
+ move = RIGHT;
+ } else if (p->type & CONST_DEFAULT) {
+ _asn1_set_value(p, NULL, 0);
+ move = RIGHT;
+ } else {
+ if (errorDescription != NULL)
+ _asn1_error_description_tag_error
+ (p, errorDescription);
+
+ result = ASN1_TAG_ERROR;
+ goto cleanup;
+ }
+ } else
+ counter += len2;
}
- else
- { /* move==DOWN || move==RIGHT */
- len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
- if (len3 < -1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2;
- if (len3)
- {
- if (len3 > 0)
- { /* definite length method */
- _asn1_ltostr (counter + len3, temp);
- tlen = strlen (temp);
-
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- }
- else
- { /* indefinite length method */
- _asn1_set_value (p, "-1", 3);
+
+ if (ris == ASN1_SUCCESS) {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_NULL:
+ if (der[counter]) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if (der[counter++] != 1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ if (der[counter++] == 0)
+ _asn1_set_value(p, "F", 1);
+ else
+ _asn1_set_value(p, "T", 1);
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ len2 =
+ asn1_get_length_der(der + counter,
+ len - counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ _asn1_set_value(p, der + counter,
+ len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ result =
+ _asn1_get_objectid_der(der + counter,
+ len - counter,
+ &len2, temp,
+ sizeof(temp));
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ tlen = strlen(temp);
+ if (tlen > 0)
+ _asn1_set_value(p, temp, tlen + 1);
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ result =
+ _asn1_get_time_der(der + counter,
+ len - counter,
+ &len2, temp,
+ sizeof(temp) - 1);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ tlen = strlen(temp);
+ if (tlen > 0)
+ _asn1_set_value(p, temp, tlen);
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ len3 = len - counter;
+ result =
+ _asn1_get_octet_string(der + counter,
+ p, &len3);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ counter += len3;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ len2 =
+ asn1_get_length_der(der + counter,
+ len - counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ _asn1_set_value(p, der + counter,
+ len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SET:
+ if (move == UP) {
+ len2 =
+ _asn1_strtol(p->value, NULL,
+ 10);
+ _asn1_set_value(p, NULL, 0);
+ if (len2 == -1) { /* indefinite length method */
+ if (len - counter + 1 > 0) {
+ if ((der[counter])
+ || der[counter
+ + 1]) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ } else {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += 2;
+ } else { /* definite length method */
+ if (len2 != counter) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ move = RIGHT;
+ } else { /* move==DOWN || move==RIGHT */
+ len3 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (len3 < -1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2;
+ if (len3 > 0) {
+ _asn1_ltostr(counter +
+ len3, temp);
+ tlen = strlen(temp);
+ if (tlen > 0)
+ _asn1_set_value(p,
+ temp,
+ tlen
+ +
+ 1);
+ move = DOWN;
+ } else if (len3 == 0) {
+ p2 = p->down;
+ while (p2) {
+ if (type_field
+ (p2->type) !=
+ ASN1_ETYPE_TAG)
+ {
+ p3 = p2->
+ right;
+ asn1_delete_structure
+ (&p2);
+ p2 = p3;
+ } else
+ p2 = p2->
+ right;
+ }
+ move = RIGHT;
+ } else { /* indefinite length method */
+ _asn1_set_value(p, "-1",
+ 3);
+ move = DOWN;
+ }
+ }
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (move == UP) {
+ len2 =
+ _asn1_strtol(p->value, NULL,
+ 10);
+ if (len2 == -1) { /* indefinite length method */
+ if ((counter + 2) > len) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ if ((der[counter])
+ || der[counter + 1]) {
+ _asn1_append_sequence_set
+ (p);
+ p = p->down;
+ while (p->right)
+ p = p->
+ right;
+ move = RIGHT;
+ continue;
+ }
+ _asn1_set_value(p, NULL,
+ 0);
+ counter += 2;
+ } else { /* definite length method */
+ if (len2 > counter) {
+ _asn1_append_sequence_set
+ (p);
+ p = p->down;
+ while (p->right)
+ p = p->
+ right;
+ move = RIGHT;
+ continue;
+ }
+ _asn1_set_value(p, NULL,
+ 0);
+ if (len2 != counter) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ } else { /* move==DOWN || move==RIGHT */
+ len3 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (len3 < -1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2;
+ if (len3) {
+ if (len3 > 0) { /* definite length method */
+ _asn1_ltostr
+ (counter +
+ len3, temp);
+ tlen =
+ strlen(temp);
+
+ if (tlen > 0)
+ _asn1_set_value
+ (p,
+ temp,
+ tlen +
+ 1);
+ } else { /* indefinite length method */
+ _asn1_set_value(p,
+ "-1",
+ 3);
+ }
+ p2 = p->down;
+ while ((type_field
+ (p2->type) ==
+ ASN1_ETYPE_TAG)
+ ||
+ (type_field
+ (p2->type) ==
+ ASN1_ETYPE_SIZE))
+ p2 = p2->right;
+ if (p2->right == NULL)
+ _asn1_append_sequence_set
+ (p);
+ p = p2;
+ }
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_ANY:
+ if (asn1_get_tag_der
+ (der + counter, len - counter, &class,
+ &len2, &tag) != ASN1_SUCCESS) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ if (counter + len2 > len) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ len4 =
+ asn1_get_length_der(der + counter +
+ len2,
+ len - counter -
+ len2, &len3);
+ if (len4 < -1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ if (len4 != -1) {
+ len2 += len4;
+ _asn1_set_value_lv(p,
+ der + counter,
+ len2 + len3);
+ counter += len2 + len3;
+ } else { /* indefinite length */
+ /* Check indefinite lenth method in an EXPLICIT TAG */
+ if ((p->type & CONST_TAG)
+ && (der[counter - 1] == 0x80))
+ indefinite = 1;
+ else
+ indefinite = 0;
+
+ len2 = len - counter;
+ result =
+ _asn1_get_indefinite_length_string
+ (der + counter, &len2);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ _asn1_set_value_lv(p,
+ der + counter,
+ len2);
+ counter += len2;
+
+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
+ an indefinite length method. */
+ if (indefinite) {
+ if (!der[counter]
+ && !der[counter + 1]) {
+ counter += 2;
+ } else {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ }
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
}
- p2 = p->down;
- while ((type_field (p2->type) == ASN1_ETYPE_TAG)
- || (type_field (p2->type) == ASN1_ETYPE_SIZE))
- p2 = p2->right;
- if (p2->right == NULL)
- _asn1_append_sequence_set (p);
- p = p2;
- }
- }
- move = RIGHT;
- break;
- case ASN1_ETYPE_ANY:
- if (asn1_get_tag_der
- (der + counter, len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
}
- if (counter + len2 > len)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- len4 =
- asn1_get_length_der (der + counter + len2,
- len - counter - len2, &len3);
- if (len4 < -1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- if (len4 != -1)
- {
- len2 += len4;
- _asn1_set_value_lv (p, der + counter, len2 + len3);
- counter += len2 + len3;
+ if (p == node && move != DOWN)
+ break;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- else
- { /* indefinite length */
- /* Check indefinite lenth method in an EXPLICIT TAG */
- if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
- indefinite = 1;
- else
- indefinite = 0;
-
- len2 = len - counter;
- result =
- _asn1_get_indefinite_length_string (der + counter, &len2);
- if (result != ASN1_SUCCESS)
- goto cleanup;
-
- _asn1_set_value_lv (p, der + counter, len2);
- counter += len2;
-
- /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
- an indefinite length method. */
- if (indefinite)
- {
- if (!der[counter] && !der[counter + 1])
- {
- counter += 2;
- }
- else
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
+ if ((move == RIGHT) && !(p->type & CONST_SET)) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
}
- move = RIGHT;
- break;
- default:
- move = (move == UP) ? RIGHT : DOWN;
- break;
- }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (p == node && move != DOWN)
- break;
+ _asn1_delete_not_used(*element);
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if ((move == RIGHT) && !(p->type & CONST_SET))
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (counter != len) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
-
- _asn1_delete_not_used (*element);
- if (counter != len)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ return ASN1_SUCCESS;
- return ASN1_SUCCESS;
-
-cleanup:
- asn1_delete_structure (element);
- return result;
+ cleanup:
+ asn1_delete_structure(element);
+ return result;
}
#define FOUND 1
@@ -1371,779 +1361,796 @@ cleanup:
* match the structure @structure (*ELEMENT deleted).
**/
int
-asn1_der_decoding_element (asn1_node * structure, const char *elementName,
- const void *ider, int len, char *errorDescription)
+asn1_der_decoding_element(asn1_node * structure, const char *elementName,
+ const void *ider, int len,
+ char *errorDescription)
{
- asn1_node node, p, p2, p3, nodeFound = NULL;
- char temp[128], currentName[ASN1_MAX_NAME_SIZE * 10], *dot_p, *char_p;
- int nameLen = ASN1_MAX_NAME_SIZE * 10 - 1, state;
- int counter, len2, len3, len4, move, ris, tlen;
- unsigned char class;
- unsigned long tag;
- int indefinite, result;
- const unsigned char *der = ider;
-
- node = *structure;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if (elementName == NULL)
- {
- result = ASN1_ELEMENT_NOT_FOUND;
- goto cleanup;
- }
-
- if (node->type & CONST_OPTION)
- {
- result = ASN1_GENERIC_ERROR;
- goto cleanup;
- }
-
- if ((*structure)->name[0] != 0)
- { /* Has *structure got a name? */
- nameLen -= strlen ((*structure)->name);
- if (nameLen > 0)
- strcpy (currentName, (*structure)->name);
- else
- {
- result = ASN1_MEM_ERROR;
- goto cleanup;
- }
- if (!(strcmp (currentName, elementName)))
- {
- state = FOUND;
- nodeFound = *structure;
- }
- else if (!memcmp (currentName, elementName, strlen (currentName)))
- state = SAME_BRANCH;
- else
- state = OTHER_BRANCH;
- }
- else
- { /* *structure doesn't have a name? */
- currentName[0] = 0;
- if (elementName[0] == 0)
- {
- state = FOUND;
- nodeFound = *structure;
+ asn1_node node, p, p2, p3, nodeFound = NULL;
+ char temp[128], currentName[ASN1_MAX_NAME_SIZE * 10], *dot_p,
+ *char_p;
+ int nameLen = ASN1_MAX_NAME_SIZE * 10 - 1, state;
+ int counter, len2, len3, len4, move, ris, tlen;
+ unsigned char class;
+ unsigned long tag;
+ int indefinite, result;
+ const unsigned char *der = ider;
+
+ node = *structure;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (elementName == NULL) {
+ result = ASN1_ELEMENT_NOT_FOUND;
+ goto cleanup;
}
- else
- {
- state = SAME_BRANCH;
+
+ if (node->type & CONST_OPTION) {
+ result = ASN1_GENERIC_ERROR;
+ goto cleanup;
}
- }
-
- counter = 0;
- move = DOWN;
- p = node;
- while (1)
- {
-
- ris = ASN1_SUCCESS;
-
- if (move != UP)
- {
- if (p->type & CONST_SET)
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (counter == len2)
- {
- p = p2;
- move = UP;
- continue;
- }
- else if (counter > len2)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
+
+ if ((*structure)->name[0] != 0) { /* Has *structure got a name? */
+ nameLen -= strlen((*structure)->name);
+ if (nameLen > 0)
+ strcpy(currentName, (*structure)->name);
+ else {
+ result = ASN1_MEM_ERROR;
+ goto cleanup;
+ }
+ if (!(strcmp(currentName, elementName))) {
+ state = FOUND;
+ nodeFound = *structure;
+ } else
+ if (!memcmp
+ (currentName, elementName, strlen(currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ } else { /* *structure doesn't have a name? */
+ currentName[0] = 0;
+ if (elementName[0] == 0) {
+ state = FOUND;
+ nodeFound = *structure;
+ } else {
+ state = SAME_BRANCH;
}
- p2 = p2->down;
- while (p2)
- {
- if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
- {
- if (type_field (p2->type) != ASN1_ETYPE_CHOICE)
- ris =
- _asn1_extract_tag_der (p2, der + counter,
- len - counter, &len2);
- else
- {
- p3 = p2->down;
- while (p3)
- {
- ris =
- _asn1_extract_tag_der (p3, der + counter,
- len - counter, &len2);
- if (ris == ASN1_SUCCESS)
- break;
- p3 = p3->right;
- }
+ }
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1) {
+
+ ris = ASN1_SUCCESS;
+
+ if (move != UP) {
+ if (p->type & CONST_SET) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (counter == len2) {
+ p = p2;
+ move = UP;
+ continue;
+ } else if (counter > len2) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ p2 = p2->down;
+ while (p2) {
+ if ((p2->type & CONST_SET)
+ && (p2->
+ type & CONST_NOT_USED)) {
+ if (type_field(p2->type) !=
+ ASN1_ETYPE_CHOICE)
+ ris =
+ _asn1_extract_tag_der
+ (p2,
+ der + counter,
+ len - counter,
+ &len2);
+ else {
+ p3 = p2->down;
+ while (p3) {
+ ris =
+ _asn1_extract_tag_der
+ (p3,
+ der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (ris ==
+ ASN1_SUCCESS)
+ break;
+ p3 = p3->
+ right;
+ }
+ }
+ if (ris == ASN1_SUCCESS) {
+ p2->type &=
+ ~CONST_NOT_USED;
+ p = p2;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
}
- if (ris == ASN1_SUCCESS)
- {
- p2->type &= ~CONST_NOT_USED;
- p = p2;
- break;
+
+ if ((p->type & CONST_OPTION)
+ || (p->type & CONST_DEFAULT)) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (counter == len2) {
+ if (p->right) {
+ p2 = p->right;
+ move = RIGHT;
+ } else
+ move = UP;
+
+ if (p->type & CONST_OPTION)
+ asn1_delete_structure(&p);
+
+ p = p2;
+ continue;
+ }
}
- }
- p2 = p2->right;
- }
- if (p2 == NULL)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
-
- if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (counter == len2)
- {
- if (p->right)
- {
- p2 = p->right;
- move = RIGHT;
- }
- else
- move = UP;
-
- if (p->type & CONST_OPTION)
- asn1_delete_structure (&p);
-
- p = p2;
- continue;
- }
- }
-
- if (type_field (p->type) == ASN1_ETYPE_CHOICE)
- {
- while (p->down)
- {
- if (counter < len)
- ris =
- _asn1_extract_tag_der (p->down, der + counter,
- len - counter, &len2);
- else
- ris = ASN1_DER_ERROR;
- if (ris == ASN1_SUCCESS)
- {
- while (p->down->right)
- {
- p2 = p->down->right;
- asn1_delete_structure (&p2);
+
+ if (type_field(p->type) == ASN1_ETYPE_CHOICE) {
+ while (p->down) {
+ if (counter < len)
+ ris =
+ _asn1_extract_tag_der
+ (p->down,
+ der + counter,
+ len - counter, &len2);
+ else
+ ris = ASN1_DER_ERROR;
+ if (ris == ASN1_SUCCESS) {
+ while (p->down->right) {
+ p2 = p->down->
+ right;
+ asn1_delete_structure
+ (&p2);
+ }
+ break;
+ } else if (ris ==
+ ASN1_ERROR_TYPE_ANY) {
+ result =
+ ASN1_ERROR_TYPE_ANY;
+ goto cleanup;
+ } else {
+ p2 = p->down;
+ asn1_delete_structure(&p2);
+ }
+ }
+
+ if (p->down == NULL) {
+ if (!(p->type & CONST_OPTION)) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ } else
+ p = p->down;
}
- break;
- }
- else if (ris == ASN1_ERROR_TYPE_ANY)
- {
- result = ASN1_ERROR_TYPE_ANY;
- goto cleanup;
- }
- else
- {
- p2 = p->down;
- asn1_delete_structure (&p2);
- }
- }
- if (p->down == NULL)
- {
- if (!(p->type & CONST_OPTION))
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
- else
- p = p->down;
- }
-
- if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
- {
- p2 = _asn1_find_up (p);
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (counter > len2)
- ris = ASN1_TAG_ERROR;
- }
-
- if (ris == ASN1_SUCCESS)
- ris =
- _asn1_extract_tag_der (p, der + counter, len - counter, &len2);
- if (ris != ASN1_SUCCESS)
- {
- if (p->type & CONST_OPTION)
- {
- p->type |= CONST_NOT_USED;
- move = RIGHT;
- }
- else if (p->type & CONST_DEFAULT)
- {
- _asn1_set_value (p, NULL, 0);
- move = RIGHT;
- }
- else
- {
- if (errorDescription != NULL)
- _asn1_error_description_tag_error (p, errorDescription);
+ if ((p->type & CONST_OPTION)
+ || (p->type & CONST_DEFAULT)) {
+ p2 = _asn1_find_up(p);
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (counter > len2)
+ ris = ASN1_TAG_ERROR;
+ }
- result = ASN1_TAG_ERROR;
- goto cleanup;
+ if (ris == ASN1_SUCCESS)
+ ris =
+ _asn1_extract_tag_der(p, der + counter,
+ len - counter,
+ &len2);
+ if (ris != ASN1_SUCCESS) {
+ if (p->type & CONST_OPTION) {
+ p->type |= CONST_NOT_USED;
+ move = RIGHT;
+ } else if (p->type & CONST_DEFAULT) {
+ _asn1_set_value(p, NULL, 0);
+ move = RIGHT;
+ } else {
+ if (errorDescription != NULL)
+ _asn1_error_description_tag_error
+ (p, errorDescription);
+
+ result = ASN1_TAG_ERROR;
+ goto cleanup;
+ }
+ } else
+ counter += len2;
}
- }
- else
- counter += len2;
- }
- if (ris == ASN1_SUCCESS)
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_NULL:
- if (der[counter])
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (ris == ASN1_SUCCESS) {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_NULL:
+ if (der[counter]) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
- if (p == nodeFound)
- state = EXIT;
-
- counter++;
- move = RIGHT;
- break;
- case ASN1_ETYPE_BOOLEAN:
- if (der[counter++] != 1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (p == nodeFound)
+ state = EXIT;
- if (state == FOUND)
- {
- if (der[counter++] == 0)
- _asn1_set_value (p, "F", 1);
- else
- _asn1_set_value (p, "T", 1);
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if (der[counter++] != 1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
- if (p == nodeFound)
- state = EXIT;
+ if (state == FOUND) {
+ if (der[counter++] == 0)
+ _asn1_set_value(p, "F", 1);
+ else
+ _asn1_set_value(p, "T", 1);
- }
- else
- counter++;
-
- move = RIGHT;
- break;
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (p == nodeFound)
+ state = EXIT;
- if (state == FOUND)
- {
- if (len3 + len2 > len - counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- _asn1_set_value (p, der + counter, len3 + len2);
-
- if (p == nodeFound)
- state = EXIT;
- }
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OBJECT_ID:
- if (state == FOUND)
- {
- result =
- _asn1_get_objectid_der (der + counter, len - counter,
- &len2, temp, sizeof (temp));
- if (result != ASN1_SUCCESS)
- goto cleanup;
-
- tlen = strlen (temp);
-
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
-
- if (p == nodeFound)
- state = EXIT;
- }
- else
- {
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- len2 += len3;
- }
+ } else
+ counter++;
- counter += len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- if (state == FOUND)
- {
- result =
- _asn1_get_time_der (der + counter, len - counter, &len2,
- temp, sizeof (temp) - 1);
- if (result != ASN1_SUCCESS)
- goto cleanup;
-
- tlen = strlen (temp);
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
-
- if (p == nodeFound)
- state = EXIT;
- }
- else
- {
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- len2 += len3;
- }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ len2 =
+ asn1_get_length_der(der + counter,
+ len - counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
- counter += len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OCTET_STRING:
- len3 = len - counter;
- if (state == FOUND)
- {
- result = _asn1_get_octet_string (der + counter, p, &len3);
- if (p == nodeFound)
- state = EXIT;
- }
- else
- result = _asn1_get_octet_string (der + counter, NULL, &len3);
+ if (state == FOUND) {
+ if (len3 + len2 > len - counter) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ _asn1_set_value(p, der + counter,
+ len3 + len2);
- if (result != ASN1_SUCCESS)
- goto cleanup;
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if (state == FOUND) {
+ result =
+ _asn1_get_objectid_der(der +
+ counter,
+ len -
+ counter,
+ &len2,
+ temp,
+ sizeof
+ (temp));
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ tlen = strlen(temp);
+
+ if (tlen > 0)
+ _asn1_set_value(p, temp,
+ tlen + 1);
+
+ if (p == nodeFound)
+ state = EXIT;
+ } else {
+ len2 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ len2 += len3;
+ }
- counter += len3;
- move = RIGHT;
- break;
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- case ASN1_ETYPE_BIT_STRING:
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if (state == FOUND) {
+ result =
+ _asn1_get_time_der(der +
+ counter,
+ len -
+ counter,
+ &len2, temp,
+ sizeof(temp)
+ - 1);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ tlen = strlen(temp);
+ if (tlen > 0)
+ _asn1_set_value(p, temp,
+ tlen + 1);
+
+ if (p == nodeFound)
+ state = EXIT;
+ } else {
+ len2 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ len2 += len3;
+ }
- if (state == FOUND)
- {
- if (len3 + len2 > len - counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- _asn1_set_value (p, der + counter, len3 + len2);
-
- if (p == nodeFound)
- state = EXIT;
- }
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_SET:
- if (move == UP)
- {
- len2 = _asn1_strtol (p->value, NULL, 10);
- _asn1_set_value (p, NULL, 0);
- if (len2 == -1)
- { /* indefinite length method */
- if ((der[counter]) || der[counter + 1])
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += 2;
- }
- else
- { /* definite length method */
- if (len2 != counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- }
- if (p == nodeFound)
- state = EXIT;
- move = RIGHT;
- }
- else
- { /* move==DOWN || move==RIGHT */
- if (state == OTHER_BRANCH)
- {
- len3 =
- asn1_get_length_der (der + counter, len - counter,
- &len2);
- if (len3 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2 + len3;
- move = RIGHT;
- }
- else
- { /* state==SAME_BRANCH or state==FOUND */
- len3 =
- asn1_get_length_der (der + counter, len - counter,
- &len2);
- if (len3 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2;
- if (len3 > 0)
- {
- _asn1_ltostr (counter + len3, temp);
- tlen = strlen (temp);
-
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- move = DOWN;
- }
- else if (len3 == 0)
- {
- p2 = p->down;
- while (p2)
- {
- if (type_field (p2->type) != ASN1_ETYPE_TAG)
- {
- p3 = p2->right;
- asn1_delete_structure (&p2);
- p2 = p3;
+ counter += len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ len3 = len - counter;
+ if (state == FOUND) {
+ result =
+ _asn1_get_octet_string(der +
+ counter,
+ p,
+ &len3);
+ if (p == nodeFound)
+ state = EXIT;
+ } else
+ result =
+ _asn1_get_octet_string(der +
+ counter,
+ NULL,
+ &len3);
+
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ counter += len3;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ len2 =
+ asn1_get_length_der(der + counter,
+ len - counter,
+ &len3);
+ if (len2 < 0) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
- else
- p2 = p2->right;
- }
- move = RIGHT;
- }
- else
- { /* indefinite length method */
- _asn1_set_value (p, "-1", 3);
- move = DOWN;
- }
- }
- }
- break;
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET_OF:
- if (move == UP)
- {
- len2 = _asn1_strtol (p->value, NULL, 10);
- if (len2 > counter)
- {
- _asn1_append_sequence_set (p);
- p = p->down;
- while (p->right)
- p = p->right;
- move = RIGHT;
- continue;
- }
- _asn1_set_value (p, NULL, 0);
- if (len2 != counter)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
-
- if (p == nodeFound)
- state = EXIT;
- }
- else
- { /* move==DOWN || move==RIGHT */
- if (state == OTHER_BRANCH)
- {
- len3 =
- asn1_get_length_der (der + counter, len - counter,
- &len2);
- if (len3 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2 + len3;
- move = RIGHT;
- }
- else
- { /* state==FOUND or state==SAME_BRANCH */
- len3 =
- asn1_get_length_der (der + counter, len - counter,
- &len2);
- if (len3 < 0)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
- counter += len2;
- if (len3)
- {
- _asn1_ltostr (counter + len3, temp);
- tlen = strlen (temp);
-
- if (tlen > 0)
- _asn1_set_value (p, temp, tlen + 1);
- p2 = p->down;
- while ((type_field (p2->type) == ASN1_ETYPE_TAG)
- || (type_field (p2->type) == ASN1_ETYPE_SIZE))
- p2 = p2->right;
- if (p2->right == NULL)
- _asn1_append_sequence_set (p);
- p = p2;
- state = FOUND;
- }
- }
- }
- break;
- case ASN1_ETYPE_ANY:
- if (asn1_get_tag_der
- (der + counter, len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (state == FOUND) {
+ if (len3 + len2 > len - counter) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ _asn1_set_value(p, der + counter,
+ len3 + len2);
- if (counter + len2 > len)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SET:
+ if (move == UP) {
+ len2 =
+ _asn1_strtol(p->value, NULL,
+ 10);
+ _asn1_set_value(p, NULL, 0);
+ if (len2 == -1) { /* indefinite length method */
+ if ((der[counter])
+ || der[counter + 1]) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += 2;
+ } else { /* definite length method */
+ if (len2 != counter) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ if (p == nodeFound)
+ state = EXIT;
+ move = RIGHT;
+ } else { /* move==DOWN || move==RIGHT */
+ if (state == OTHER_BRANCH) {
+ len3 =
+ asn1_get_length_der(der
+ +
+ counter,
+ len
+ -
+ counter,
+ &len2);
+ if (len3 < 0) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2 + len3;
+ move = RIGHT;
+ } else { /* state==SAME_BRANCH or state==FOUND */
+ len3 =
+ asn1_get_length_der(der
+ +
+ counter,
+ len
+ -
+ counter,
+ &len2);
+ if (len3 < 0) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2;
+ if (len3 > 0) {
+ _asn1_ltostr
+ (counter +
+ len3, temp);
+ tlen =
+ strlen(temp);
+
+ if (tlen > 0)
+ _asn1_set_value
+ (p,
+ temp,
+ tlen +
+ 1);
+ move = DOWN;
+ } else if (len3 == 0) {
+ p2 = p->down;
+ while (p2) {
+ if (type_field(p2->type) != ASN1_ETYPE_TAG) {
+ p3 = p2->right;
+ asn1_delete_structure
+ (&p2);
+ p2 = p3;
+ } else
+ p2 = p2->right;
+ }
+ move = RIGHT;
+ } else { /* indefinite length method */
+ _asn1_set_value(p,
+ "-1",
+ 3);
+ move = DOWN;
+ }
+ }
+ }
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (move == UP) {
+ len2 =
+ _asn1_strtol(p->value, NULL,
+ 10);
+ if (len2 > counter) {
+ _asn1_append_sequence_set
+ (p);
+ p = p->down;
+ while (p->right)
+ p = p->right;
+ move = RIGHT;
+ continue;
+ }
+ _asn1_set_value(p, NULL, 0);
+ if (len2 != counter) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
- len4 =
- asn1_get_length_der (der + counter + len2,
- len - counter - len2, &len3);
- if (len4 < -1)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (p == nodeFound)
+ state = EXIT;
+ } else { /* move==DOWN || move==RIGHT */
+ if (state == OTHER_BRANCH) {
+ len3 =
+ asn1_get_length_der(der
+ +
+ counter,
+ len
+ -
+ counter,
+ &len2);
+ if (len3 < 0) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2 + len3;
+ move = RIGHT;
+ } else { /* state==FOUND or state==SAME_BRANCH */
+ len3 =
+ asn1_get_length_der(der
+ +
+ counter,
+ len
+ -
+ counter,
+ &len2);
+ if (len3 < 0) {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ counter += len2;
+ if (len3) {
+ _asn1_ltostr
+ (counter +
+ len3, temp);
+ tlen =
+ strlen(temp);
+
+ if (tlen > 0)
+ _asn1_set_value
+ (p,
+ temp,
+ tlen +
+ 1);
+ p2 = p->down;
+ while ((type_field
+ (p2->
+ type) ==
+ ASN1_ETYPE_TAG)
+ ||
+ (type_field
+ (p2->
+ type) ==
+ ASN1_ETYPE_SIZE))
+ p2 = p2->
+ right;
+ if (p2->right ==
+ NULL)
+ _asn1_append_sequence_set
+ (p);
+ p = p2;
+ state = FOUND;
+ }
+ }
+ }
- if (len4 != -1)
- {
- len2 += len4;
- if (state == FOUND)
- {
- _asn1_set_value_lv (p, der + counter, len2 + len3);
-
- if (p == nodeFound)
- state = EXIT;
- }
- counter += len2 + len3;
- }
- else
- { /* indefinite length */
- /* Check indefinite lenth method in an EXPLICIT TAG */
- if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
- indefinite = 1;
- else
- indefinite = 0;
-
- len2 = len - counter;
- result =
- _asn1_get_indefinite_length_string (der + counter, &len2);
- if (result != ASN1_SUCCESS)
- goto cleanup;
-
- if (state == FOUND)
- {
- _asn1_set_value_lv (p, der + counter, len2);
-
- if (p == nodeFound)
- state = EXIT;
- }
-
- counter += len2;
-
- /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
- an indefinite length method. */
- if (indefinite)
- {
- if (!der[counter] && !der[counter + 1])
- {
- counter += 2;
- }
- else
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
+ break;
+ case ASN1_ETYPE_ANY:
+ if (asn1_get_tag_der
+ (der + counter, len - counter, &class,
+ &len2, &tag) != ASN1_SUCCESS) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ if (counter + len2 > len) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ len4 =
+ asn1_get_length_der(der + counter +
+ len2,
+ len - counter -
+ len2, &len3);
+ if (len4 < -1) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
+ if (len4 != -1) {
+ len2 += len4;
+ if (state == FOUND) {
+ _asn1_set_value_lv(p,
+ der +
+ counter,
+ len2 +
+ len3);
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ counter += len2 + len3;
+ } else { /* indefinite length */
+ /* Check indefinite lenth method in an EXPLICIT TAG */
+ if ((p->type & CONST_TAG)
+ && (der[counter - 1] == 0x80))
+ indefinite = 1;
+ else
+ indefinite = 0;
+
+ len2 = len - counter;
+ result =
+ _asn1_get_indefinite_length_string
+ (der + counter, &len2);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
+ if (state == FOUND) {
+ _asn1_set_value_lv(p,
+ der +
+ counter,
+ len2);
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+
+ counter += len2;
+
+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
+ an indefinite length method. */
+ if (indefinite) {
+ if (!der[counter]
+ && !der[counter + 1]) {
+ counter += 2;
+ } else {
+ result =
+ ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ }
+ }
+ move = RIGHT;
+ break;
+
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
}
- }
}
- move = RIGHT;
- break;
- default:
- move = (move == UP) ? RIGHT : DOWN;
- break;
- }
- }
+ if ((p == node && move != DOWN) || (state == EXIT))
+ break;
- if ((p == node && move != DOWN) || (state == EXIT))
- break;
-
- if (move == DOWN)
- {
- if (p->down)
- {
- p = p->down;
-
- if (state != FOUND)
- {
- nameLen -= strlen (p->name) + 1;
- if (nameLen > 0)
- {
- if (currentName[0])
- strcat (currentName, ".");
- strcat (currentName, p->name);
- }
- else
- {
- result = ASN1_MEM_ERROR;
- goto cleanup;
- }
- if (!(strcmp (currentName, elementName)))
- {
- state = FOUND;
- nodeFound = p;
- }
- else
- if (!memcmp
- (currentName, elementName, strlen (currentName)))
- state = SAME_BRANCH;
- else
- state = OTHER_BRANCH;
+ if (move == DOWN) {
+ if (p->down) {
+ p = p->down;
+
+ if (state != FOUND) {
+ nameLen -= strlen(p->name) + 1;
+ if (nameLen > 0) {
+ if (currentName[0])
+ strcat(currentName,
+ ".");
+ strcat(currentName,
+ p->name);
+ } else {
+ result = ASN1_MEM_ERROR;
+ goto cleanup;
+ }
+ if (!
+ (strcmp
+ (currentName, elementName))) {
+ state = FOUND;
+ nodeFound = p;
+ } else
+ if (!memcmp
+ (currentName, elementName,
+ strlen(currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ }
+ } else
+ move = RIGHT;
}
- }
- else
- move = RIGHT;
- }
- if ((move == RIGHT) && !(p->type & CONST_SET))
- {
- if (p->right)
- {
- p = p->right;
-
- if (state != FOUND)
- {
- dot_p = char_p = currentName;
- while ((char_p = strchr (char_p, '.')))
- {
- dot_p = char_p++;
- dot_p++;
- }
-
- nameLen += strlen (currentName) - (dot_p - currentName);
- *dot_p = 0;
-
- nameLen -= strlen (p->name);
- if (nameLen > 0)
- strcat (currentName, p->name);
- else
- {
- result = ASN1_MEM_ERROR;
- goto cleanup;
- }
-
- if (!(strcmp (currentName, elementName)))
- {
- state = FOUND;
- nodeFound = p;
- }
- else
- if (!memcmp
- (currentName, elementName, strlen (currentName)))
- state = SAME_BRANCH;
- else
- state = OTHER_BRANCH;
- }
- }
- else
- move = UP;
- }
+ if ((move == RIGHT) && !(p->type & CONST_SET)) {
+ if (p->right) {
+ p = p->right;
+
+ if (state != FOUND) {
+ dot_p = char_p = currentName;
+ while ((char_p =
+ strchr(char_p, '.'))) {
+ dot_p = char_p++;
+ dot_p++;
+ }
- if (move == UP)
- {
- p = _asn1_find_up (p);
-
- if (state != FOUND)
- {
- dot_p = char_p = currentName;
- while ((char_p = strchr (char_p, '.')))
- {
- dot_p = char_p++;
- dot_p++;
+ nameLen +=
+ strlen(currentName) - (dot_p -
+ currentName);
+ *dot_p = 0;
+
+ nameLen -= strlen(p->name);
+ if (nameLen > 0)
+ strcat(currentName,
+ p->name);
+ else {
+ result = ASN1_MEM_ERROR;
+ goto cleanup;
+ }
+
+ if (!
+ (strcmp
+ (currentName, elementName))) {
+ state = FOUND;
+ nodeFound = p;
+ } else
+ if (!memcmp
+ (currentName, elementName,
+ strlen(currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ }
+ } else
+ move = UP;
}
- nameLen += strlen (currentName) - (dot_p - currentName);
- *dot_p = 0;
+ if (move == UP) {
+ p = _asn1_find_up(p);
- if (!(strcmp (currentName, elementName)))
- {
- state = FOUND;
- nodeFound = p;
+ if (state != FOUND) {
+ dot_p = char_p = currentName;
+ while ((char_p = strchr(char_p, '.'))) {
+ dot_p = char_p++;
+ dot_p++;
+ }
+
+ nameLen +=
+ strlen(currentName) - (dot_p -
+ currentName);
+ *dot_p = 0;
+
+ if (!(strcmp(currentName, elementName))) {
+ state = FOUND;
+ nodeFound = p;
+ } else
+ if (!memcmp
+ (currentName, elementName,
+ strlen(currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ }
}
- else
- if (!memcmp (currentName, elementName, strlen (currentName)))
- state = SAME_BRANCH;
- else
- state = OTHER_BRANCH;
- }
}
- }
- _asn1_delete_not_used (*structure);
+ _asn1_delete_not_used(*structure);
- if (counter > len)
- {
- result = ASN1_DER_ERROR;
- goto cleanup;
- }
+ if (counter > len) {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
-cleanup:
- asn1_delete_structure (structure);
- return result;
+ cleanup:
+ asn1_delete_structure(structure);
+ return result;
}
/**
@@ -2172,319 +2179,319 @@ cleanup:
* doesn't match the structure ELEMENT.
**/
int
-asn1_der_decoding_startEnd (asn1_node element, const void *ider, int len,
- const char *name_element, int *start, int *end)
+asn1_der_decoding_startEnd(asn1_node element, const void *ider, int len,
+ const char *name_element, int *start, int *end)
{
- asn1_node node, node_to_find, p, p2, p3;
- int counter, len2, len3, len4, move, ris;
- unsigned char class;
- unsigned long tag;
- int indefinite;
- const unsigned char *der = ider;
-
- node = element;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- node_to_find = asn1_find_node (node, name_element);
-
- if (node_to_find == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if (node_to_find == node)
- {
- *start = 0;
- *end = len - 1;
- return ASN1_SUCCESS;
- }
-
- if (node->type & CONST_OPTION)
- return ASN1_GENERIC_ERROR;
-
- counter = 0;
- move = DOWN;
- p = node;
- while (1)
- {
- if (p == NULL)
- return ASN1_DER_ERROR;
-
- ris = ASN1_SUCCESS;
-
- if (move != UP)
- {
- if (p->type & CONST_SET)
- {
- p2 = _asn1_find_up (p);
- if (p2 == NULL)
- return ASN1_DER_ERROR;
-
- len2 = _asn1_strtol (p2->value, NULL, 10);
- if (len2 == -1)
- {
- if (!der[counter] && !der[counter + 1])
- {
- p = p2;
- move = UP;
- counter += 2;
- continue;
- }
- }
- else if (counter == len2)
- {
- p = p2;
- move = UP;
- continue;
- }
- else if (counter > len2)
- return ASN1_DER_ERROR;
+ asn1_node node, node_to_find, p, p2, p3;
+ int counter, len2, len3, len4, move, ris;
+ unsigned char class;
+ unsigned long tag;
+ int indefinite;
+ const unsigned char *der = ider;
+
+ node = element;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
- p2 = p2->down;
-
- while (p2)
- {
- if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
- { /* CONTROLLARE */
- if (type_field (p2->type) != ASN1_ETYPE_CHOICE)
- ris =
- _asn1_extract_tag_der (p2, der + counter,
- len - counter, &len2);
- else
- {
- p3 = p2->down;
- if (p3 == NULL)
- return ASN1_DER_ERROR;
-
- ris =
- _asn1_extract_tag_der (p3, der + counter,
- len - counter, &len2);
+ node_to_find = asn1_find_node(node, name_element);
+
+ if (node_to_find == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (node_to_find == node) {
+ *start = 0;
+ *end = len - 1;
+ return ASN1_SUCCESS;
+ }
+
+ if (node->type & CONST_OPTION)
+ return ASN1_GENERIC_ERROR;
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1) {
+ if (p == NULL)
+ return ASN1_DER_ERROR;
+
+ ris = ASN1_SUCCESS;
+
+ if (move != UP) {
+ if (p->type & CONST_SET) {
+ p2 = _asn1_find_up(p);
+ if (p2 == NULL)
+ return ASN1_DER_ERROR;
+
+ len2 = _asn1_strtol(p2->value, NULL, 10);
+ if (len2 == -1) {
+ if (!der[counter]
+ && !der[counter + 1]) {
+ p = p2;
+ move = UP;
+ counter += 2;
+ continue;
+ }
+ } else if (counter == len2) {
+ p = p2;
+ move = UP;
+ continue;
+ } else if (counter > len2)
+ return ASN1_DER_ERROR;
+
+ p2 = p2->down;
+
+ while (p2) {
+ if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED)) { /* CONTROLLARE */
+ if (type_field(p2->type) !=
+ ASN1_ETYPE_CHOICE)
+ ris =
+ _asn1_extract_tag_der
+ (p2,
+ der + counter,
+ len - counter,
+ &len2);
+ else {
+ p3 = p2->down;
+ if (p3 == NULL)
+ return
+ ASN1_DER_ERROR;
+
+ ris =
+ _asn1_extract_tag_der
+ (p3,
+ der + counter,
+ len - counter,
+ &len2);
+ }
+ if (ris == ASN1_SUCCESS) {
+ p2->type &=
+ ~CONST_NOT_USED;
+ p = p2;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL)
+ return ASN1_DER_ERROR;
}
- if (ris == ASN1_SUCCESS)
- {
- p2->type &= ~CONST_NOT_USED;
- p = p2;
- break;
+
+ if (p == node_to_find)
+ *start = counter;
+
+ if (type_field(p->type) == ASN1_ETYPE_CHOICE) {
+ p = p->down;
+ if (p == NULL)
+ return ASN1_DER_ERROR;
+
+ ris =
+ _asn1_extract_tag_der(p, der + counter,
+ len - counter,
+ &len2);
+ if (p == node_to_find)
+ *start = counter;
}
- }
- p2 = p2->right;
- }
- if (p2 == NULL)
- return ASN1_DER_ERROR;
- }
-
- if (p == node_to_find)
- *start = counter;
-
- if (type_field (p->type) == ASN1_ETYPE_CHOICE)
- {
- p = p->down;
- if (p == NULL)
- return ASN1_DER_ERROR;
-
- ris =
- _asn1_extract_tag_der (p, der + counter, len - counter,
- &len2);
- if (p == node_to_find)
- *start = counter;
- }
-
- if (ris == ASN1_SUCCESS)
- ris =
- _asn1_extract_tag_der (p, der + counter, len - counter, &len2);
- if (ris != ASN1_SUCCESS)
- {
- if (p->type & CONST_OPTION)
- {
- p->type |= CONST_NOT_USED;
- move = RIGHT;
- }
- else if (p->type & CONST_DEFAULT)
- {
- move = RIGHT;
- }
- else
- {
- return ASN1_TAG_ERROR;
- }
- }
- else
- counter += len2;
- }
- if (ris == ASN1_SUCCESS)
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_NULL:
- if (der[counter])
- return ASN1_DER_ERROR;
- counter++;
- move = RIGHT;
- break;
- case ASN1_ETYPE_BOOLEAN:
- if (der[counter++] != 1)
- return ASN1_DER_ERROR;
- counter++;
- move = RIGHT;
- break;
- case ASN1_ETYPE_OCTET_STRING:
- len3 = len - counter;
- ris = _asn1_get_octet_string (der + counter, NULL, &len3);
- if (ris != ASN1_SUCCESS)
- return ris;
- counter += len3;
- move = RIGHT;
- break;
- case ASN1_ETYPE_UTC_TIME:
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_OBJECT_ID:
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- case ASN1_ETYPE_BIT_STRING:
- len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
- if (len2 < 0)
- return ASN1_DER_ERROR;
- counter += len3 + len2;
- move = RIGHT;
- break;
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_SET:
- if (move != UP)
- {
- len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
- if (len3 < -1)
- return ASN1_DER_ERROR;
- counter += len2;
- if (len3 == 0)
- move = RIGHT;
- else
- move = DOWN;
- }
- else
- {
- if (!der[counter] && !der[counter + 1]) /* indefinite length method */
- counter += 2;
- move = RIGHT;
+ if (ris == ASN1_SUCCESS)
+ ris =
+ _asn1_extract_tag_der(p, der + counter,
+ len - counter,
+ &len2);
+ if (ris != ASN1_SUCCESS) {
+ if (p->type & CONST_OPTION) {
+ p->type |= CONST_NOT_USED;
+ move = RIGHT;
+ } else if (p->type & CONST_DEFAULT) {
+ move = RIGHT;
+ } else {
+ return ASN1_TAG_ERROR;
+ }
+ } else
+ counter += len2;
}
- break;
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET_OF:
- if (move != UP)
- {
- len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
- if (len3 < -1)
- return ASN1_DER_ERROR;
- counter += len2;
- if ((len3 == -1) && !der[counter] && !der[counter + 1])
- counter += 2;
- else if (len3)
- {
- p2 = p->down;
- while ((type_field (p2->type) == ASN1_ETYPE_TAG) ||
- (type_field (p2->type) == ASN1_ETYPE_SIZE))
- p2 = p2->right;
- p = p2;
- }
+
+ if (ris == ASN1_SUCCESS) {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_NULL:
+ if (der[counter])
+ return ASN1_DER_ERROR;
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if (der[counter++] != 1)
+ return ASN1_DER_ERROR;
+ counter++;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ len3 = len - counter;
+ ris =
+ _asn1_get_octet_string(der + counter,
+ NULL, &len3);
+ if (ris != ASN1_SUCCESS)
+ return ris;
+ counter += len3;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_UTC_TIME:
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_OBJECT_ID:
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ case ASN1_ETYPE_BIT_STRING:
+ len2 =
+ asn1_get_length_der(der + counter,
+ len - counter,
+ &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_SET:
+ if (move != UP) {
+ len3 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (len3 < -1)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ if (len3 == 0)
+ move = RIGHT;
+ else
+ move = DOWN;
+ } else {
+ if (!der[counter] && !der[counter + 1]) /* indefinite length method */
+ counter += 2;
+ move = RIGHT;
+ }
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (move != UP) {
+ len3 =
+ asn1_get_length_der(der +
+ counter,
+ len -
+ counter,
+ &len2);
+ if (len3 < -1)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ if ((len3 == -1) && !der[counter]
+ && !der[counter + 1])
+ counter += 2;
+ else if (len3) {
+ p2 = p->down;
+ while ((type_field
+ (p2->type) ==
+ ASN1_ETYPE_TAG)
+ ||
+ (type_field
+ (p2->type) ==
+ ASN1_ETYPE_SIZE))
+ p2 = p2->right;
+ p = p2;
+ }
+ } else {
+ if (!der[counter] && !der[counter + 1]) /* indefinite length method */
+ counter += 2;
+ }
+ move = RIGHT;
+ break;
+ case ASN1_ETYPE_ANY:
+ if (asn1_get_tag_der
+ (der + counter, len - counter, &class,
+ &len2, &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > len)
+ return ASN1_DER_ERROR;
+
+ len4 =
+ asn1_get_length_der(der + counter +
+ len2,
+ len - counter -
+ len2, &len3);
+ if (len4 < -1)
+ return ASN1_DER_ERROR;
+
+ if (len4 != -1) {
+ counter += len2 + len4 + len3;
+ } else { /* indefinite length */
+ /* Check indefinite lenth method in an EXPLICIT TAG */
+ if ((p->type & CONST_TAG)
+ && (der[counter - 1] == 0x80))
+ indefinite = 1;
+ else
+ indefinite = 0;
+
+ len2 = len - counter;
+ ris =
+ _asn1_get_indefinite_length_string
+ (der + counter, &len2);
+ if (ris != ASN1_SUCCESS)
+ return ris;
+ counter += len2;
+
+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
+ an indefinite length method. */
+ if (indefinite) {
+ if (!der[counter]
+ && !der[counter + 1])
+ counter += 2;
+ else
+ return
+ ASN1_DER_ERROR;
+ }
+ }
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
+ }
}
- else
- {
- if (!der[counter] && !der[counter + 1]) /* indefinite length method */
- counter += 2;
+
+ if ((p == node_to_find) && (move == RIGHT)) {
+ *end = counter - 1;
+ return ASN1_SUCCESS;
}
- move = RIGHT;
- break;
- case ASN1_ETYPE_ANY:
- if (asn1_get_tag_der
- (der + counter, len - counter, &class, &len2,
- &tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
- if (counter + len2 > len)
- return ASN1_DER_ERROR;
- len4 =
- asn1_get_length_der (der + counter + len2,
- len - counter - len2, &len3);
- if (len4 < -1)
- return ASN1_DER_ERROR;
+ if (p == node && move != DOWN)
+ break;
- if (len4 != -1)
- {
- counter += len2 + len4 + len3;
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- else
- { /* indefinite length */
- /* Check indefinite lenth method in an EXPLICIT TAG */
- if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
- indefinite = 1;
- else
- indefinite = 0;
-
- len2 = len - counter;
- ris =
- _asn1_get_indefinite_length_string (der + counter, &len2);
- if (ris != ASN1_SUCCESS)
- return ris;
- counter += len2;
-
- /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
- an indefinite length method. */
- if (indefinite)
- {
- if (!der[counter] && !der[counter + 1])
- counter += 2;
- else
- return ASN1_DER_ERROR;
- }
+ if ((move == RIGHT) && !(p->type & CONST_SET)) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
}
- move = RIGHT;
- break;
- default:
- move = (move == UP) ? RIGHT : DOWN;
- break;
- }
- }
-
- if ((p == node_to_find) && (move == RIGHT))
- {
- *end = counter - 1;
- return ASN1_SUCCESS;
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (p == node && move != DOWN)
- break;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if ((move == RIGHT) && !(p->type & CONST_SET))
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
- }
- if (move == UP)
- p = _asn1_find_up (p);
- }
-
- return ASN1_ELEMENT_NOT_FOUND;
+ return ASN1_ELEMENT_NOT_FOUND;
}
/**
@@ -2503,216 +2510,236 @@ asn1_der_decoding_startEnd (asn1_node element, const void *ider, int len,
* problem in OBJECT_ID -> TYPE association, or other error codes
* depending on DER decoding.
**/
-int
-asn1_expand_any_defined_by (asn1_node definitions, asn1_node * element)
+int asn1_expand_any_defined_by(asn1_node definitions, asn1_node * element)
{
- char definitionsName[ASN1_MAX_NAME_SIZE], name[2 * ASN1_MAX_NAME_SIZE + 1],
- value[ASN1_MAX_NAME_SIZE];
- int retCode = ASN1_SUCCESS, result;
- int len, len2, len3;
- asn1_node p, p2, p3, aux = NULL;
- char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
-
- if ((definitions == NULL) || (*element == NULL))
- return ASN1_ELEMENT_NOT_FOUND;
-
- strcpy (definitionsName, definitions->name);
- strcat (definitionsName, ".");
-
- p = *element;
- while (p)
- {
-
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_ANY:
- if ((p->type & CONST_DEFINED_BY) && (p->value))
- {
- /* search the "DEF_BY" element */
- p2 = p->down;
- while ((p2) && (type_field (p2->type) != ASN1_ETYPE_CONSTANT))
- p2 = p2->right;
-
- if (!p2)
- {
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
- }
+ char definitionsName[ASN1_MAX_NAME_SIZE],
+ name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
+ int retCode = ASN1_SUCCESS, result;
+ int len, len2, len3;
+ asn1_node p, p2, p3, aux = NULL;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ if ((definitions == NULL) || (*element == NULL))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ strcpy(definitionsName, definitions->name);
+ strcat(definitionsName, ".");
+
+ p = *element;
+ while (p) {
+
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_ANY:
+ if ((p->type & CONST_DEFINED_BY) && (p->value)) {
+ /* search the "DEF_BY" element */
+ p2 = p->down;
+ while ((p2)
+ && (type_field(p2->type) !=
+ ASN1_ETYPE_CONSTANT))
+ p2 = p2->right;
+
+ if (!p2) {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
- p3 = _asn1_find_up (p);
+ p3 = _asn1_find_up(p);
- if (!p3)
- {
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
- }
-
- p3 = p3->down;
- while (p3)
- {
- if (!(strcmp (p3->name, p2->name)))
- break;
- p3 = p3->right;
- }
+ if (!p3) {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
- if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ||
- (p3->value == NULL))
- {
+ p3 = p3->down;
+ while (p3) {
+ if (!(strcmp(p3->name, p2->name)))
+ break;
+ p3 = p3->right;
+ }
- p3 = _asn1_find_up (p);
- p3 = _asn1_find_up (p3);
+ if ((!p3)
+ || (type_field(p3->type) !=
+ ASN1_ETYPE_OBJECT_ID)
+ || (p3->value == NULL)) {
- if (!p3)
- {
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
- }
+ p3 = _asn1_find_up(p);
+ p3 = _asn1_find_up(p3);
- p3 = p3->down;
+ if (!p3) {
+ retCode =
+ ASN1_ERROR_TYPE_ANY;
+ break;
+ }
- while (p3)
- {
- if (!(strcmp (p3->name, p2->name)))
- break;
- p3 = p3->right;
- }
-
- if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ||
- (p3->value == NULL))
- {
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
- }
- }
+ p3 = p3->down;
- /* search the OBJECT_ID into definitions */
- p2 = definitions->down;
- while (p2)
- {
- if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p2->type & CONST_ASSIGN))
- {
- strcpy (name, definitionsName);
- strcat (name, p2->name);
-
- len = ASN1_MAX_NAME_SIZE;
- result =
- asn1_read_value (definitions, name, value, &len);
-
- if ((result == ASN1_SUCCESS)
- && (!_asn1_strcmp (p3->value, value)))
- {
- p2 = p2->right; /* pointer to the structure to
- use for expansion */
- while ((p2) && (p2->type & CONST_ASSIGN))
- p2 = p2->right;
-
- if (p2)
- {
- strcpy (name, definitionsName);
- strcat (name, p2->name);
-
- result =
- asn1_create_element (definitions, name, &aux);
- if (result == ASN1_SUCCESS)
- {
- _asn1_cpy_name (aux, p);
- len2 =
- asn1_get_length_der (p->value,
- p->value_len, &len3);
- if (len2 < 0)
- return ASN1_DER_ERROR;
-
- result =
- asn1_der_decoding (&aux, p->value + len3,
- len2,
- errorDescription);
- if (result == ASN1_SUCCESS)
- {
-
- _asn1_set_right (aux, p->right);
- _asn1_set_right (p, aux);
-
- result = asn1_delete_structure (&p);
- if (result == ASN1_SUCCESS)
- {
- p = aux;
- aux = NULL;
- break;
+ while (p3) {
+ if (!
+ (strcmp
+ (p3->name, p2->name)))
+ break;
+ p3 = p3->right;
}
- else
- { /* error with asn1_delete_structure */
- asn1_delete_structure (&aux);
- retCode = result;
- break;
+
+ if ((!p3)
+ || (type_field(p3->type) !=
+ ASN1_ETYPE_OBJECT_ID)
+ || (p3->value == NULL)) {
+ retCode =
+ ASN1_ERROR_TYPE_ANY;
+ break;
}
- }
- else
- { /* error with asn1_der_decoding */
- retCode = result;
- break;
- }
}
- else
- { /* error with asn1_create_element */
- retCode = result;
- break;
+
+ /* search the OBJECT_ID into definitions */
+ p2 = definitions->down;
+ while (p2) {
+ if ((type_field(p2->type) ==
+ ASN1_ETYPE_OBJECT_ID)
+ && (p2->type & CONST_ASSIGN)) {
+ strcpy(name,
+ definitionsName);
+ strcat(name, p2->name);
+
+ len = ASN1_MAX_NAME_SIZE;
+ result =
+ asn1_read_value
+ (definitions, name,
+ value, &len);
+
+ if ((result ==
+ ASN1_SUCCESS)
+ &&
+ (!_asn1_strcmp
+ (p3->value, value))) {
+ p2 = p2->right; /* pointer to the structure to
+ use for expansion */
+ while ((p2)
+ && (p2->
+ type &
+ CONST_ASSIGN))
+ p2 = p2->
+ right;
+
+ if (p2) {
+ strcpy
+ (name,
+ definitionsName);
+ strcat
+ (name,
+ p2->
+ name);
+
+ result =
+ asn1_create_element
+ (definitions,
+ name,
+ &aux);
+ if (result
+ ==
+ ASN1_SUCCESS)
+ {
+ _asn1_cpy_name
+ (aux,
+ p);
+ len2 = asn1_get_length_der(p->value, p->value_len, &len3);
+ if (len2 < 0)
+ return
+ ASN1_DER_ERROR;
+
+ result
+ =
+ asn1_der_decoding
+ (&aux,
+ p->
+ value
+ +
+ len3,
+ len2,
+ errorDescription);
+ if (result == ASN1_SUCCESS) {
+
+ _asn1_set_right
+ (aux,
+ p->
+ right);
+ _asn1_set_right
+ (p,
+ aux);
+
+ result
+ =
+ asn1_delete_structure
+ (&p);
+ if (result == ASN1_SUCCESS) {
+ p = aux;
+ aux = NULL;
+ break;
+ } else { /* error with asn1_delete_structure */
+ asn1_delete_structure
+ (&aux);
+ retCode
+ =
+ result;
+ break;
+ }
+ } else { /* error with asn1_der_decoding */
+ retCode
+ =
+ result;
+ break;
+ }
+ } else { /* error with asn1_create_element */
+ retCode
+ =
+ result;
+ break;
+ }
+ } else { /* error with the pointer to the structure to exapand */
+ retCode =
+ ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+ }
+ }
+ p2 = p2->right;
+ } /* end while */
+
+ if (!p2) {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
}
- }
- else
- { /* error with the pointer to the structure to exapand */
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
- }
+
}
- }
- p2 = p2->right;
- } /* end while */
-
- if (!p2)
- {
- retCode = ASN1_ERROR_TYPE_ANY;
- break;
+ break;
+ default:
+ break;
}
- }
- break;
- default:
- break;
- }
-
- if (p->down)
- {
- p = p->down;
- }
- else if (p == *element)
- {
- p = NULL;
- break;
- }
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == *element)
- {
- p = NULL;
- break;
- }
- if (p->right)
- {
- p = p->right;
- break;
+ if (p->down) {
+ p = p->down;
+ } else if (p == *element) {
+ p = NULL;
+ break;
+ } else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == *element) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
}
- }
}
- }
- return retCode;
+ return retCode;
}
/**
@@ -2734,127 +2761,135 @@ asn1_expand_any_defined_by (asn1_node definitions, asn1_node * element)
* use for expansion, or other errors depending on DER decoding.
**/
int
-asn1_expand_octet_string (asn1_node definitions, asn1_node * element,
- const char *octetName, const char *objectName)
+asn1_expand_octet_string(asn1_node definitions, asn1_node * element,
+ const char *octetName, const char *objectName)
{
- char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
- int retCode = ASN1_SUCCESS, result;
- int len, len2, len3;
- asn1_node p2, aux = NULL;
- asn1_node octetNode = NULL, objectNode = NULL;
- char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
-
- if ((definitions == NULL) || (*element == NULL))
- return ASN1_ELEMENT_NOT_FOUND;
-
- octetNode = asn1_find_node (*element, octetName);
- if (octetNode == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
- if (type_field (octetNode->type) != ASN1_ETYPE_OCTET_STRING)
- return ASN1_ELEMENT_NOT_FOUND;
- if (octetNode->value == NULL)
- return ASN1_VALUE_NOT_FOUND;
-
- objectNode = asn1_find_node (*element, objectName);
- if (objectNode == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if (type_field (objectNode->type) != ASN1_ETYPE_OBJECT_ID)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if (objectNode->value == NULL)
- return ASN1_VALUE_NOT_FOUND;
-
-
- /* search the OBJECT_ID into definitions */
- p2 = definitions->down;
- while (p2)
- {
- if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p2->type & CONST_ASSIGN))
- {
- strcpy (name, definitions->name);
- strcat (name, ".");
- strcat (name, p2->name);
-
- len = sizeof (value);
- result = asn1_read_value (definitions, name, value, &len);
-
- if ((result == ASN1_SUCCESS)
- && (!_asn1_strcmp (objectNode->value, value)))
- {
-
- p2 = p2->right; /* pointer to the structure to
- use for expansion */
- while ((p2) && (p2->type & CONST_ASSIGN))
- p2 = p2->right;
-
- if (p2)
- {
- strcpy (name, definitions->name);
- strcat (name, ".");
- strcat (name, p2->name);
-
- result = asn1_create_element (definitions, name, &aux);
- if (result == ASN1_SUCCESS)
- {
- _asn1_cpy_name (aux, octetNode);
- len2 =
- asn1_get_length_der (octetNode->value,
- octetNode->value_len, &len3);
- if (len2 < 0)
- return ASN1_DER_ERROR;
-
- result =
- asn1_der_decoding (&aux, octetNode->value + len3,
- len2, errorDescription);
- if (result == ASN1_SUCCESS)
- {
-
- _asn1_set_right (aux, octetNode->right);
- _asn1_set_right (octetNode, aux);
-
- result = asn1_delete_structure (&octetNode);
- if (result == ASN1_SUCCESS)
- {
- aux = NULL;
- break;
- }
- else
- { /* error with asn1_delete_structure */
- asn1_delete_structure (&aux);
- retCode = result;
- break;
- }
- }
- else
- { /* error with asn1_der_decoding */
- retCode = result;
- break;
+ char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
+ int retCode = ASN1_SUCCESS, result;
+ int len, len2, len3;
+ asn1_node p2, aux = NULL;
+ asn1_node octetNode = NULL, objectNode = NULL;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ if ((definitions == NULL) || (*element == NULL))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ octetNode = asn1_find_node(*element, octetName);
+ if (octetNode == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+ if (type_field(octetNode->type) != ASN1_ETYPE_OCTET_STRING)
+ return ASN1_ELEMENT_NOT_FOUND;
+ if (octetNode->value == NULL)
+ return ASN1_VALUE_NOT_FOUND;
+
+ objectNode = asn1_find_node(*element, objectName);
+ if (objectNode == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (type_field(objectNode->type) != ASN1_ETYPE_OBJECT_ID)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (objectNode->value == NULL)
+ return ASN1_VALUE_NOT_FOUND;
+
+
+ /* search the OBJECT_ID into definitions */
+ p2 = definitions->down;
+ while (p2) {
+ if ((type_field(p2->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p2->type & CONST_ASSIGN)) {
+ strcpy(name, definitions->name);
+ strcat(name, ".");
+ strcat(name, p2->name);
+
+ len = sizeof(value);
+ result =
+ asn1_read_value(definitions, name, value,
+ &len);
+
+ if ((result == ASN1_SUCCESS)
+ && (!_asn1_strcmp(objectNode->value, value))) {
+
+ p2 = p2->right; /* pointer to the structure to
+ use for expansion */
+ while ((p2) && (p2->type & CONST_ASSIGN))
+ p2 = p2->right;
+
+ if (p2) {
+ strcpy(name, definitions->name);
+ strcat(name, ".");
+ strcat(name, p2->name);
+
+ result =
+ asn1_create_element
+ (definitions, name, &aux);
+ if (result == ASN1_SUCCESS) {
+ _asn1_cpy_name(aux,
+ octetNode);
+ len2 =
+ asn1_get_length_der
+ (octetNode->value,
+ octetNode->value_len,
+ &len3);
+ if (len2 < 0)
+ return
+ ASN1_DER_ERROR;
+
+ result =
+ asn1_der_decoding(&aux,
+ octetNode->
+ value
+ +
+ len3,
+ len2,
+ errorDescription);
+ if (result == ASN1_SUCCESS) {
+
+ _asn1_set_right
+ (aux,
+ octetNode->
+ right);
+ _asn1_set_right
+ (octetNode,
+ aux);
+
+ result =
+ asn1_delete_structure
+ (&octetNode);
+ if (result ==
+ ASN1_SUCCESS) {
+ aux = NULL;
+ break;
+ } else { /* error with asn1_delete_structure */
+ asn1_delete_structure
+ (&aux);
+ retCode =
+ result;
+ break;
+ }
+ } else { /* error with asn1_der_decoding */
+ retCode = result;
+ break;
+ }
+ } else { /* error with asn1_create_element */
+ retCode = result;
+ break;
+ }
+ } else { /* error with the pointer to the structure to exapand */
+ retCode = ASN1_VALUE_NOT_VALID;
+ break;
+ }
}
- }
- else
- { /* error with asn1_create_element */
- retCode = result;
- break;
- }
}
- else
- { /* error with the pointer to the structure to exapand */
- retCode = ASN1_VALUE_NOT_VALID;
- break;
- }
- }
- }
- p2 = p2->right;
+ p2 = p2->right;
- }
+ }
- if (!p2)
- retCode = ASN1_VALUE_NOT_VALID;
+ if (!p2)
+ retCode = ASN1_VALUE_NOT_VALID;
- return retCode;
+ return retCode;
}
/**
@@ -2871,45 +2906,46 @@ asn1_expand_octet_string (asn1_node definitions, asn1_node * element,
* Returns: %ASN1_SUCCESS if successful or an error value.
**/
int
-asn1_decode_simple_der (unsigned int etype, const unsigned char *der, unsigned int der_len,
- const unsigned char **str, unsigned int *str_len)
+asn1_decode_simple_der(unsigned int etype, const unsigned char *der,
+ unsigned int der_len, const unsigned char **str,
+ unsigned int *str_len)
{
- int tag_len, len_len;
- const unsigned char* p;
- unsigned char class;
- unsigned long tag;
- long ret;
-
- if (der == NULL || der_len == 0)
- return ASN1_VALUE_NOT_VALID;
-
- if (ETYPE_OK(etype) == 0)
- return ASN1_VALUE_NOT_VALID;
-
- /* doesn't handle constructed classes */
- if (ETYPE_CLASS(etype) != ASN1_CLASS_UNIVERSAL)
- return ASN1_VALUE_NOT_VALID;
-
- p = der;
- ret = asn1_get_tag_der (p, der_len, &class, &tag_len, &tag);
- if (ret != ASN1_SUCCESS)
- return ret;
-
- if (class != ETYPE_CLASS(etype) || tag != ETYPE_TAG(etype))
- return ASN1_DER_ERROR;
-
- p += tag_len;
- der_len -= tag_len;
-
- ret = asn1_get_length_der (p, der_len, &len_len);
- if (ret < 0)
- return ASN1_DER_ERROR;
-
- p += len_len;
- der_len -= len_len;
-
- *str_len = ret;
- *str = p;
-
- return ASN1_SUCCESS;
+ int tag_len, len_len;
+ const unsigned char *p;
+ unsigned char class;
+ unsigned long tag;
+ long ret;
+
+ if (der == NULL || der_len == 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ if (ETYPE_OK(etype) == 0)
+ return ASN1_VALUE_NOT_VALID;
+
+ /* doesn't handle constructed classes */
+ if (ETYPE_CLASS(etype) != ASN1_CLASS_UNIVERSAL)
+ return ASN1_VALUE_NOT_VALID;
+
+ p = der;
+ ret = asn1_get_tag_der(p, der_len, &class, &tag_len, &tag);
+ if (ret != ASN1_SUCCESS)
+ return ret;
+
+ if (class != ETYPE_CLASS(etype) || tag != ETYPE_TAG(etype))
+ return ASN1_DER_ERROR;
+
+ p += tag_len;
+ der_len -= tag_len;
+
+ ret = asn1_get_length_der(p, der_len, &len_len);
+ if (ret < 0)
+ return ASN1_DER_ERROR;
+
+ p += len_len;
+ der_len -= len_len;
+
+ *str_len = ret;
+ *str = p;
+
+ return ASN1_SUCCESS;
}
diff --git a/lib/minitasn1/element.c b/lib/minitasn1/element.c
index 763ac586b7..dd561802ad 100644
--- a/lib/minitasn1/element.c
+++ b/lib/minitasn1/element.c
@@ -33,30 +33,27 @@
#include "element.h"
-void
-_asn1_hierarchical_name (asn1_node node, char *name, int name_size)
+void _asn1_hierarchical_name(asn1_node node, char *name, int name_size)
{
- asn1_node p;
- char tmp_name[64];
+ asn1_node p;
+ char tmp_name[64];
- p = node;
+ p = node;
- name[0] = 0;
+ name[0] = 0;
- while (p != NULL)
- {
- if (p->name[0] != 0)
- {
- _asn1_str_cpy (tmp_name, sizeof (tmp_name), name),
- _asn1_str_cpy (name, name_size, p->name);
- _asn1_str_cat (name, name_size, ".");
- _asn1_str_cat (name, name_size, tmp_name);
+ while (p != NULL) {
+ if (p->name[0] != 0) {
+ _asn1_str_cpy(tmp_name, sizeof(tmp_name), name),
+ _asn1_str_cpy(name, name_size, p->name);
+ _asn1_str_cat(name, name_size, ".");
+ _asn1_str_cat(name, name_size, tmp_name);
+ }
+ p = _asn1_find_up(p);
}
- p = _asn1_find_up (p);
- }
- if (name[0] == 0)
- _asn1_str_cpy (name, name_size, "ROOT");
+ if (name[0] == 0)
+ _asn1_str_cpy(name, name_size, "ROOT");
}
@@ -75,89 +72,88 @@ _asn1_hierarchical_name (asn1_node node, char *name, int name_size)
/* Return: ASN1_MEM_ERROR or ASN1_SUCCESS */
/******************************************************************/
int
-_asn1_convert_integer (const unsigned char *value, unsigned char *value_out,
- int value_out_size, int *len)
+_asn1_convert_integer(const unsigned char *value, unsigned char *value_out,
+ int value_out_size, int *len)
{
- char negative;
- unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
- long valtmp;
- int k, k2;
+ char negative;
+ unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
+ long valtmp;
+ int k, k2;
- valtmp = _asn1_strtol (value, NULL, 10);
+ valtmp = _asn1_strtol(value, NULL, 10);
- for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
- {
- val[SIZEOF_UNSIGNED_LONG_INT - k - 1] = (valtmp >> (8 * k)) & 0xFF;
- }
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) {
+ val[SIZEOF_UNSIGNED_LONG_INT - k - 1] =
+ (valtmp >> (8 * k)) & 0xFF;
+ }
- if (val[0] & 0x80)
- negative = 1;
- else
- negative = 0;
+ if (val[0] & 0x80)
+ negative = 1;
+ else
+ negative = 0;
- for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++)
- {
- if (negative && (val[k] != 0xFF))
- break;
- else if (!negative && val[k])
- break;
- }
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++) {
+ if (negative && (val[k] != 0xFF))
+ break;
+ else if (!negative && val[k])
+ break;
+ }
- if ((negative && !(val[k] & 0x80)) || (!negative && (val[k] & 0x80)))
- k--;
+ if ((negative && !(val[k] & 0x80))
+ || (!negative && (val[k] & 0x80)))
+ k--;
- *len = SIZEOF_UNSIGNED_LONG_INT - k;
+ *len = SIZEOF_UNSIGNED_LONG_INT - k;
- if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size)
- /* VALUE_OUT is too short to contain the value conversion */
- return ASN1_MEM_ERROR;
+ if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size)
+ /* VALUE_OUT is too short to contain the value conversion */
+ return ASN1_MEM_ERROR;
- for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
- value_out[k2 - k] = val[k2];
+ for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
+ value_out[k2 - k] = val[k2];
#if 0
- printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
- for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
- printf (", vOut[%d]=%d", k, value_out[k]);
- printf ("\n");
+ printf("_asn1_convert_integer: valueIn=%s, lenOut=%d", value,
+ *len);
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
+ printf(", vOut[%d]=%d", k, value_out[k]);
+ printf("\n");
#endif
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
-int
-_asn1_append_sequence_set (asn1_node node)
+int _asn1_append_sequence_set(asn1_node node)
{
- asn1_node p, p2;
- char temp[10];
- long n;
-
- if (!node || !(node->down))
- return ASN1_GENERIC_ERROR;
-
- p = node->down;
- while ((type_field (p->type) == ASN1_ETYPE_TAG)
- || (type_field (p->type) == ASN1_ETYPE_SIZE))
- p = p->right;
- p2 = _asn1_copy_structure3 (p);
- while (p->right)
- p = p->right;
- _asn1_set_right (p, p2);
-
- if (p->name[0] == 0)
- _asn1_str_cpy (temp, sizeof (temp), "?1");
- else
- {
- n = strtol (p->name + 1, NULL, 0);
- n++;
- temp[0] = '?';
- _asn1_ltostr (n, temp + 1);
- }
- _asn1_set_name (p2, temp);
- /* p2->type |= CONST_OPTION; */
-
- return ASN1_SUCCESS;
+ asn1_node p, p2;
+ char temp[10];
+ long n;
+
+ if (!node || !(node->down))
+ return ASN1_GENERIC_ERROR;
+
+ p = node->down;
+ while ((type_field(p->type) == ASN1_ETYPE_TAG)
+ || (type_field(p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
+ p2 = _asn1_copy_structure3(p);
+ while (p->right)
+ p = p->right;
+ _asn1_set_right(p, p2);
+
+ if (p->name[0] == 0)
+ _asn1_str_cpy(temp, sizeof(temp), "?1");
+ else {
+ n = strtol(p->name + 1, NULL, 0);
+ n++;
+ temp[0] = '?';
+ _asn1_ltostr(n, temp + 1);
+ }
+ _asn1_set_name(p2, temp);
+ /* p2->type |= CONST_OPTION; */
+
+ return ASN1_SUCCESS;
}
@@ -268,346 +264,334 @@ _asn1_append_sequence_set (asn1_node node)
* %ASN1_VALUE_NOT_VALID if @ivalue has a wrong format.
**/
int
-asn1_write_value (asn1_node node_root, const char *name,
- const void *ivalue, int len)
+asn1_write_value(asn1_node node_root, const char *name,
+ const void *ivalue, int len)
{
- asn1_node node, p, p2;
- unsigned char *temp, *value_temp = NULL, *default_temp = NULL;
- int len2, k, k2, negative;
- size_t i;
- const unsigned char *value = ivalue;
- unsigned int type;
-
- node = asn1_find_node (node_root, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0))
- {
- asn1_delete_structure (&node);
- return ASN1_SUCCESS;
- }
-
- type = type_field(node->type);
-
- if ((type == ASN1_ETYPE_SEQUENCE_OF) && (value == NULL)
- && (len == 0))
- {
- p = node->down;
- while ((type_field (p->type) == ASN1_ETYPE_TAG)
- || (type_field (p->type) == ASN1_ETYPE_SIZE))
- p = p->right;
-
- while (p->right)
- asn1_delete_structure (&p->right);
-
- return ASN1_SUCCESS;
- }
-
- switch (type)
- {
- case ASN1_ETYPE_BOOLEAN:
- if (!_asn1_strcmp (value, "TRUE"))
- {
- if (node->type & CONST_DEFAULT)
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if (p->type & CONST_TRUE)
- _asn1_set_value (node, NULL, 0);
- else
- _asn1_set_value (node, "T", 1);
- }
- else
- _asn1_set_value (node, "T", 1);
+ asn1_node node, p, p2;
+ unsigned char *temp, *value_temp = NULL, *default_temp = NULL;
+ int len2, k, k2, negative;
+ size_t i;
+ const unsigned char *value = ivalue;
+ unsigned int type;
+
+ node = asn1_find_node(node_root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0)) {
+ asn1_delete_structure(&node);
+ return ASN1_SUCCESS;
}
- else if (!_asn1_strcmp (value, "FALSE"))
- {
- if (node->type & CONST_DEFAULT)
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if (p->type & CONST_FALSE)
- _asn1_set_value (node, NULL, 0);
- else
- _asn1_set_value (node, "F", 1);
- }
- else
- _asn1_set_value (node, "F", 1);
+
+ type = type_field(node->type);
+
+ if ((type == ASN1_ETYPE_SEQUENCE_OF) && (value == NULL)
+ && (len == 0)) {
+ p = node->down;
+ while ((type_field(p->type) == ASN1_ETYPE_TAG)
+ || (type_field(p->type) == ASN1_ETYPE_SIZE))
+ p = p->right;
+
+ while (p->right)
+ asn1_delete_structure(&p->right);
+
+ return ASN1_SUCCESS;
}
- else
- return ASN1_VALUE_NOT_VALID;
- break;
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- if (len == 0)
- {
- if ((isdigit (value[0])) || (value[0] == '-'))
- {
- value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
- if (value_temp == NULL)
- return ASN1_MEM_ALLOC_ERROR;
-
- _asn1_convert_integer (value, value_temp,
- SIZEOF_UNSIGNED_LONG_INT, &len);
- }
- else
- { /* is an identifier like v1 */
- if (!(node->type & CONST_LIST))
- return ASN1_VALUE_NOT_VALID;
- p = node->down;
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_CONSTANT)
- {
- if (!_asn1_strcmp (p->name, value))
- {
- value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
- if (value_temp == NULL)
- return ASN1_MEM_ALLOC_ERROR;
-
- _asn1_convert_integer (p->value,
- value_temp,
- SIZEOF_UNSIGNED_LONG_INT,
- &len);
- break;
+
+ switch (type) {
+ case ASN1_ETYPE_BOOLEAN:
+ if (!_asn1_strcmp(value, "TRUE")) {
+ if (node->type & CONST_DEFAULT) {
+ p = node->down;
+ while (type_field(p->type) !=
+ ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_TRUE)
+ _asn1_set_value(node, NULL, 0);
+ else
+ _asn1_set_value(node, "T", 1);
+ } else
+ _asn1_set_value(node, "T", 1);
+ } else if (!_asn1_strcmp(value, "FALSE")) {
+ if (node->type & CONST_DEFAULT) {
+ p = node->down;
+ while (type_field(p->type) !=
+ ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_FALSE)
+ _asn1_set_value(node, NULL, 0);
+ else
+ _asn1_set_value(node, "F", 1);
+ } else
+ _asn1_set_value(node, "F", 1);
+ } else
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ if (len == 0) {
+ if ((isdigit(value[0])) || (value[0] == '-')) {
+ value_temp =
+ malloc(SIZEOF_UNSIGNED_LONG_INT);
+ if (value_temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ _asn1_convert_integer(value, value_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len);
+ } else { /* is an identifier like v1 */
+ if (!(node->type & CONST_LIST))
+ return ASN1_VALUE_NOT_VALID;
+ p = node->down;
+ while (p) {
+ if (type_field(p->type) ==
+ ASN1_ETYPE_CONSTANT) {
+ if (!_asn1_strcmp
+ (p->name, value)) {
+ value_temp =
+ malloc
+ (SIZEOF_UNSIGNED_LONG_INT);
+ if (value_temp ==
+ NULL)
+ return
+ ASN1_MEM_ALLOC_ERROR;
+
+ _asn1_convert_integer
+ (p->value,
+ value_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len);
+ break;
+ }
+ }
+ p = p->right;
+ }
+ if (p == NULL)
+ return ASN1_VALUE_NOT_VALID;
}
- }
- p = p->right;
+ } else { /* len != 0 */
+ value_temp = malloc(len);
+ if (value_temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+ memcpy(value_temp, value, len);
}
- if (p == NULL)
- return ASN1_VALUE_NOT_VALID;
- }
- }
- else
- { /* len != 0 */
- value_temp = malloc (len);
- if (value_temp == NULL)
- return ASN1_MEM_ALLOC_ERROR;
- memcpy (value_temp, value, len);
- }
-
- if (value_temp[0] & 0x80)
- negative = 1;
- else
- negative = 0;
- if (negative && (type_field (node->type) == ASN1_ETYPE_ENUMERATED))
- {
- free (value_temp);
- return ASN1_VALUE_NOT_VALID;
- }
+ if (value_temp[0] & 0x80)
+ negative = 1;
+ else
+ negative = 0;
- for (k = 0; k < len - 1; k++)
- if (negative && (value_temp[k] != 0xFF))
- break;
- else if (!negative && value_temp[k])
- break;
-
- if ((negative && !(value_temp[k] & 0x80)) ||
- (!negative && (value_temp[k] & 0x80)))
- k--;
-
- _asn1_set_value_lv (node, value_temp + k, len - k);
-
- if (node->type & CONST_DEFAULT)
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if ((isdigit (p->value[0])) || (p->value[0] == '-'))
- {
- default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
- if (default_temp == NULL)
- {
- free (value_temp);
- return ASN1_MEM_ALLOC_ERROR;
+ if (negative
+ && (type_field(node->type) == ASN1_ETYPE_ENUMERATED)) {
+ free(value_temp);
+ return ASN1_VALUE_NOT_VALID;
}
- _asn1_convert_integer (p->value, default_temp,
- SIZEOF_UNSIGNED_LONG_INT, &len2);
- }
- else
- { /* is an identifier like v1 */
- if (!(node->type & CONST_LIST))
- {
- free (value_temp);
- return ASN1_VALUE_NOT_VALID;
+ for (k = 0; k < len - 1; k++)
+ if (negative && (value_temp[k] != 0xFF))
+ break;
+ else if (!negative && value_temp[k])
+ break;
+
+ if ((negative && !(value_temp[k] & 0x80)) ||
+ (!negative && (value_temp[k] & 0x80)))
+ k--;
+
+ _asn1_set_value_lv(node, value_temp + k, len - k);
+
+ if (node->type & CONST_DEFAULT) {
+ p = node->down;
+ while (type_field(p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if ((isdigit(p->value[0])) || (p->value[0] == '-')) {
+ default_temp =
+ malloc(SIZEOF_UNSIGNED_LONG_INT);
+ if (default_temp == NULL) {
+ free(value_temp);
+ return ASN1_MEM_ALLOC_ERROR;
+ }
+
+ _asn1_convert_integer(p->value,
+ default_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len2);
+ } else { /* is an identifier like v1 */
+ if (!(node->type & CONST_LIST)) {
+ free(value_temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+ p2 = node->down;
+ while (p2) {
+ if (type_field(p2->type) ==
+ ASN1_ETYPE_CONSTANT) {
+ if (!_asn1_strcmp
+ (p2->name, p->value)) {
+ default_temp =
+ malloc
+ (SIZEOF_UNSIGNED_LONG_INT);
+ if (default_temp ==
+ NULL) {
+ free(value_temp);
+ return
+ ASN1_MEM_ALLOC_ERROR;
+ }
+
+ _asn1_convert_integer
+ (p2->value,
+ default_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len2);
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL) {
+ free(value_temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+ }
+
+
+ if ((len - k) == len2) {
+ for (k2 = 0; k2 < len2; k2++)
+ if (value_temp[k + k2] !=
+ default_temp[k2]) {
+ break;
+ }
+ if (k2 == len2)
+ _asn1_set_value(node, NULL, 0);
+ }
+ free(default_temp);
}
- p2 = node->down;
- while (p2)
- {
- if (type_field (p2->type) == ASN1_ETYPE_CONSTANT)
- {
- if (!_asn1_strcmp (p2->name, p->value))
- {
- default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT);
- if (default_temp == NULL)
- {
- free (value_temp);
- return ASN1_MEM_ALLOC_ERROR;
- }
-
- _asn1_convert_integer (p2->value,
- default_temp,
- SIZEOF_UNSIGNED_LONG_INT,
- &len2);
- break;
+ free(value_temp);
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ for (i = 0; i < _asn1_strlen(value); i++)
+ if ((!isdigit(value[i])) && (value[i] != '.')
+ && (value[i] != '+'))
+ return ASN1_VALUE_NOT_VALID;
+ if (node->type & CONST_DEFAULT) {
+ p = node->down;
+ while (type_field(p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (!_asn1_strcmp(value, p->value)) {
+ _asn1_set_value(node, NULL, 0);
+ break;
}
- }
- p2 = p2->right;
}
- if (p2 == NULL)
+ _asn1_set_value(node, value, _asn1_strlen(value) + 1);
+ break;
+ case ASN1_ETYPE_UTC_TIME:
{
- free (value_temp);
- return ASN1_VALUE_NOT_VALID;
+ len = _asn1_strlen(value);
+ if (len < 11)
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 0; k < 10; k++)
+ if (!isdigit(value[k]))
+ return ASN1_VALUE_NOT_VALID;
+ switch (len) {
+ case 11:
+ if (value[10] != 'Z')
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case 13:
+ if ((!isdigit(value[10]))
+ || (!isdigit(value[11]))
+ || (value[12] != 'Z'))
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case 15:
+ if ((value[10] != '+')
+ && (value[10] != '-'))
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 11; k < 15; k++)
+ if (!isdigit(value[k]))
+ return
+ ASN1_VALUE_NOT_VALID;
+ break;
+ case 17:
+ if ((!isdigit(value[10]))
+ || (!isdigit(value[11])))
+ return ASN1_VALUE_NOT_VALID;
+ if ((value[12] != '+')
+ && (value[12] != '-'))
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 13; k < 17; k++)
+ if (!isdigit(value[k]))
+ return
+ ASN1_VALUE_NOT_VALID;
+ break;
+ default:
+ return ASN1_VALUE_NOT_FOUND;
+ }
+ _asn1_set_value(node, value, len);
}
- }
-
-
- if ((len - k) == len2)
- {
- for (k2 = 0; k2 < len2; k2++)
- if (value_temp[k + k2] != default_temp[k2])
- {
- break;
- }
- if (k2 == len2)
- _asn1_set_value (node, NULL, 0);
- }
- free (default_temp);
- }
- free (value_temp);
- break;
- case ASN1_ETYPE_OBJECT_ID:
- for (i = 0; i < _asn1_strlen (value); i++)
- if ((!isdigit (value[i])) && (value[i] != '.') && (value[i] != '+'))
- return ASN1_VALUE_NOT_VALID;
- if (node->type & CONST_DEFAULT)
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if (!_asn1_strcmp (value, p->value))
- {
- _asn1_set_value (node, NULL, 0);
- break;
- }
- }
- _asn1_set_value (node, value, _asn1_strlen (value) + 1);
- break;
- case ASN1_ETYPE_UTC_TIME:
- {
- len = _asn1_strlen(value);
- if (len < 11)
- return ASN1_VALUE_NOT_VALID;
- for (k = 0; k < 10; k++)
- if (!isdigit (value[k]))
- return ASN1_VALUE_NOT_VALID;
- switch (len)
- {
- case 11:
- if (value[10] != 'Z')
- return ASN1_VALUE_NOT_VALID;
- break;
- case 13:
- if ((!isdigit (value[10])) || (!isdigit (value[11])) ||
- (value[12] != 'Z'))
- return ASN1_VALUE_NOT_VALID;
- break;
- case 15:
- if ((value[10] != '+') && (value[10] != '-'))
- return ASN1_VALUE_NOT_VALID;
- for (k = 11; k < 15; k++)
- if (!isdigit (value[k]))
- return ASN1_VALUE_NOT_VALID;
- break;
- case 17:
- if ((!isdigit (value[10])) || (!isdigit (value[11])))
- return ASN1_VALUE_NOT_VALID;
- if ((value[12] != '+') && (value[12] != '-'))
- return ASN1_VALUE_NOT_VALID;
- for (k = 13; k < 17; k++)
- if (!isdigit (value[k]))
- return ASN1_VALUE_NOT_VALID;
- break;
- default:
- return ASN1_VALUE_NOT_FOUND;
- }
- _asn1_set_value (node, value, len);
- }
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- len = _asn1_strlen(value);
- _asn1_set_value (node, value, len);
- break;
- case ASN1_ETYPE_OCTET_STRING:
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- if (len == 0)
- len = _asn1_strlen (value);
- _asn1_set_value_lv (node, value, len);
- break;
- case ASN1_ETYPE_BIT_STRING:
- if (len == 0)
- len = _asn1_strlen (value);
- asn1_length_der ((len >> 3) + 2, NULL, &len2);
- temp = malloc ((len >> 3) + 2 + len2);
- if (temp == NULL)
- return ASN1_MEM_ALLOC_ERROR;
-
- asn1_bit_der (value, len, temp, &len2);
- _asn1_set_value_m (node, temp, len2);
- temp = NULL;
- break;
- case ASN1_ETYPE_CHOICE:
- p = node->down;
- while (p)
- {
- if (!_asn1_strcmp (p->name, value))
- {
- p2 = node->down;
- while (p2)
- {
- if (p2 != p)
- {
- asn1_delete_structure (&p2);
- p2 = node->down;
- }
- else
- p2 = p2->right;
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ len = _asn1_strlen(value);
+ _asn1_set_value(node, value, len);
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ if (len == 0)
+ len = _asn1_strlen(value);
+ _asn1_set_value_lv(node, value, len);
+ break;
+ case ASN1_ETYPE_BIT_STRING:
+ if (len == 0)
+ len = _asn1_strlen(value);
+ asn1_length_der((len >> 3) + 2, NULL, &len2);
+ temp = malloc((len >> 3) + 2 + len2);
+ if (temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ asn1_bit_der(value, len, temp, &len2);
+ _asn1_set_value_m(node, temp, len2);
+ temp = NULL;
+ break;
+ case ASN1_ETYPE_CHOICE:
+ p = node->down;
+ while (p) {
+ if (!_asn1_strcmp(p->name, value)) {
+ p2 = node->down;
+ while (p2) {
+ if (p2 != p) {
+ asn1_delete_structure(&p2);
+ p2 = node->down;
+ } else
+ p2 = p2->right;
+ }
+ break;
+ }
+ p = p->right;
}
- break;
- }
- p = p->right;
+ if (!p)
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
+ case ASN1_ETYPE_ANY:
+ _asn1_set_value_lv(node, value, len);
+ break;
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SET_OF:
+ if (_asn1_strcmp(value, "NEW"))
+ return ASN1_VALUE_NOT_VALID;
+ _asn1_append_sequence_set(node);
+ break;
+ default:
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
}
- if (!p)
- return ASN1_ELEMENT_NOT_FOUND;
- break;
- case ASN1_ETYPE_ANY:
- _asn1_set_value_lv (node, value, len);
- break;
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SET_OF:
- if (_asn1_strcmp (value, "NEW"))
- return ASN1_VALUE_NOT_VALID;
- _asn1_append_sequence_set (node);
- break;
- default:
- return ASN1_ELEMENT_NOT_FOUND;
- break;
- }
-
- return ASN1_SUCCESS;
+
+ return ASN1_SUCCESS;
}
@@ -709,9 +693,9 @@ asn1_write_value (asn1_node node_root, const char *name,
* bytes needed.
**/
int
-asn1_read_value (asn1_node root, const char *name, void *ivalue, int *len)
+asn1_read_value(asn1_node root, const char *name, void *ivalue, int *len)
{
- return asn1_read_value_type( root, name, ivalue, len, NULL);
+ return asn1_read_value_type(root, name, ivalue, len, NULL);
}
/**
@@ -777,174 +761,158 @@ asn1_read_value (asn1_node root, const char *name, void *ivalue, int *len)
* bytes needed.
**/
int
-asn1_read_value_type (asn1_node root, const char *name, void *ivalue, int *len,
- unsigned int *etype)
+asn1_read_value_type(asn1_node root, const char *name, void *ivalue,
+ int *len, unsigned int *etype)
{
- asn1_node node, p, p2;
- int len2, len3;
- int value_size = *len;
- unsigned char *value = ivalue;
- unsigned type;
-
- node = asn1_find_node (root, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- type = type_field (node->type);
-
- if ((type != ASN1_ETYPE_NULL) &&
- (type != ASN1_ETYPE_CHOICE) &&
- !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN) &&
- (node->value == NULL))
- return ASN1_VALUE_NOT_FOUND;
-
- if (etype)
- *etype = type;
- switch (type)
- {
- case ASN1_ETYPE_NULL:
- PUT_STR_VALUE (value, value_size, "NULL");
- break;
- case ASN1_ETYPE_BOOLEAN:
- if ((node->type & CONST_DEFAULT) && (node->value == NULL))
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if (p->type & CONST_TRUE)
- {
- PUT_STR_VALUE (value, value_size, "TRUE");
- }
- else
- {
- PUT_STR_VALUE (value, value_size, "FALSE");
- }
- }
- else if (node->value[0] == 'T')
- {
- PUT_STR_VALUE (value, value_size, "TRUE");
- }
- else
- {
- PUT_STR_VALUE (value, value_size, "FALSE");
- }
- break;
- case ASN1_ETYPE_INTEGER:
- case ASN1_ETYPE_ENUMERATED:
- if ((node->type & CONST_DEFAULT) && (node->value == NULL))
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- if ((isdigit (p->value[0])) || (p->value[0] == '-')
- || (p->value[0] == '+'))
- {
- if (_asn1_convert_integer
- (p->value, value, value_size, len) != ASN1_SUCCESS)
- return ASN1_MEM_ERROR;
- }
- else
- { /* is an identifier like v1 */
- p2 = node->down;
- while (p2)
- {
- if (type_field (p2->type) == ASN1_ETYPE_CONSTANT)
- {
- if (!_asn1_strcmp (p2->name, p->value))
- {
- if (_asn1_convert_integer
- (p2->value, value, value_size,
- len) != ASN1_SUCCESS)
- return ASN1_MEM_ERROR;
- break;
+ asn1_node node, p, p2;
+ int len2, len3;
+ int value_size = *len;
+ unsigned char *value = ivalue;
+ unsigned type;
+
+ node = asn1_find_node(root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ type = type_field(node->type);
+
+ if ((type != ASN1_ETYPE_NULL) &&
+ (type != ASN1_ETYPE_CHOICE) &&
+ !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN)
+ && (node->value == NULL))
+ return ASN1_VALUE_NOT_FOUND;
+
+ if (etype)
+ *etype = type;
+ switch (type) {
+ case ASN1_ETYPE_NULL:
+ PUT_STR_VALUE(value, value_size, "NULL");
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if ((node->type & CONST_DEFAULT) && (node->value == NULL)) {
+ p = node->down;
+ while (type_field(p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_TRUE) {
+ PUT_STR_VALUE(value, value_size, "TRUE");
+ } else {
+ PUT_STR_VALUE(value, value_size, "FALSE");
}
- }
- p2 = p2->right;
+ } else if (node->value[0] == 'T') {
+ PUT_STR_VALUE(value, value_size, "TRUE");
+ } else {
+ PUT_STR_VALUE(value, value_size, "FALSE");
}
- }
- }
- else
- {
- len2 = -1;
- if (asn1_get_octet_der
- (node->value, node->value_len, &len2, value, value_size,
- len) != ASN1_SUCCESS)
- return ASN1_MEM_ERROR;
- }
- break;
- case ASN1_ETYPE_OBJECT_ID:
- if (node->type & CONST_ASSIGN)
- {
- value[0] = 0;
- p = node->down;
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_CONSTANT)
- {
- ADD_STR_VALUE (value, value_size, p->value);
- if (p->right)
- {
- ADD_STR_VALUE (value, value_size, ".");
- }
+ break;
+ case ASN1_ETYPE_INTEGER:
+ case ASN1_ETYPE_ENUMERATED:
+ if ((node->type & CONST_DEFAULT) && (node->value == NULL)) {
+ p = node->down;
+ while (type_field(p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ if ((isdigit(p->value[0])) || (p->value[0] == '-')
+ || (p->value[0] == '+')) {
+ if (_asn1_convert_integer
+ (p->value, value, value_size,
+ len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ } else { /* is an identifier like v1 */
+ p2 = node->down;
+ while (p2) {
+ if (type_field(p2->type) ==
+ ASN1_ETYPE_CONSTANT) {
+ if (!_asn1_strcmp
+ (p2->name, p->value)) {
+ if (_asn1_convert_integer(p2->value, value, value_size, len) != ASN1_SUCCESS)
+ return
+ ASN1_MEM_ERROR;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ }
+ } else {
+ len2 = -1;
+ if (asn1_get_octet_der
+ (node->value, node->value_len, &len2, value,
+ value_size, len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
}
- p = p->right;
- }
- *len = _asn1_strlen (value) + 1;
- }
- else if ((node->type & CONST_DEFAULT) && (node->value == NULL))
- {
- p = node->down;
- while (type_field (p->type) != ASN1_ETYPE_DEFAULT)
- p = p->right;
- PUT_STR_VALUE (value, value_size, p->value);
- }
- else
- {
- PUT_STR_VALUE (value, value_size, node->value);
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if (node->type & CONST_ASSIGN) {
+ value[0] = 0;
+ p = node->down;
+ while (p) {
+ if (type_field(p->type) ==
+ ASN1_ETYPE_CONSTANT) {
+ ADD_STR_VALUE(value, value_size,
+ p->value);
+ if (p->right) {
+ ADD_STR_VALUE(value,
+ value_size,
+ ".");
+ }
+ }
+ p = p->right;
+ }
+ *len = _asn1_strlen(value) + 1;
+ } else if ((node->type & CONST_DEFAULT)
+ && (node->value == NULL)) {
+ p = node->down;
+ while (type_field(p->type) != ASN1_ETYPE_DEFAULT)
+ p = p->right;
+ PUT_STR_VALUE(value, value_size, p->value);
+ } else {
+ PUT_STR_VALUE(value, value_size, node->value);
+ }
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ PUT_AS_STR_VALUE(value, value_size, node->value,
+ node->value_len);
+ break;
+ case ASN1_ETYPE_OCTET_STRING:
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ len2 = -1;
+ if (asn1_get_octet_der
+ (node->value, node->value_len, &len2, value,
+ value_size, len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ break;
+ case ASN1_ETYPE_BIT_STRING:
+ len2 = -1;
+ if (asn1_get_bit_der
+ (node->value, node->value_len, &len2, value,
+ value_size, len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ break;
+ case ASN1_ETYPE_CHOICE:
+ PUT_STR_VALUE(value, value_size, node->down->name);
+ break;
+ case ASN1_ETYPE_ANY:
+ len3 = -1;
+ len2 =
+ asn1_get_length_der(node->value, node->value_len,
+ &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ PUT_VALUE(value, value_size, node->value + len3, len2);
+ break;
+ default:
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
}
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- PUT_AS_STR_VALUE (value, value_size, node->value, node->value_len);
- break;
- case ASN1_ETYPE_OCTET_STRING:
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- len2 = -1;
- if (asn1_get_octet_der
- (node->value, node->value_len, &len2, value, value_size,
- len) != ASN1_SUCCESS)
- return ASN1_MEM_ERROR;
- break;
- case ASN1_ETYPE_BIT_STRING:
- len2 = -1;
- if (asn1_get_bit_der
- (node->value, node->value_len, &len2, value, value_size,
- len) != ASN1_SUCCESS)
- return ASN1_MEM_ERROR;
- break;
- case ASN1_ETYPE_CHOICE:
- PUT_STR_VALUE (value, value_size, node->down->name);
- break;
- case ASN1_ETYPE_ANY:
- len3 = -1;
- len2 = asn1_get_length_der (node->value, node->value_len, &len3);
- if (len2 < 0)
- return ASN1_DER_ERROR;
- PUT_VALUE (value, value_size, node->value + len3, len2);
- break;
- default:
- return ASN1_ELEMENT_NOT_FOUND;
- break;
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -964,68 +932,62 @@ asn1_read_value_type (asn1_node root, const char *name, void *ivalue, int *len,
* @name is not a valid element.
**/
int
-asn1_read_tag (asn1_node root, const char *name, int *tagValue,
- int *classValue)
+asn1_read_tag(asn1_node root, const char *name, int *tagValue,
+ int *classValue)
{
- asn1_node node, p, pTag;
-
- node = asn1_find_node (root, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node->down;
-
- /* pTag will points to the IMPLICIT TAG */
- pTag = NULL;
- if (node->type & CONST_TAG)
- {
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_TAG)
- {
- if ((p->type & CONST_IMPLICIT) && (pTag == NULL))
- pTag = p;
- else if (p->type & CONST_EXPLICIT)
- pTag = NULL;
- }
- p = p->right;
+ asn1_node node, p, pTag;
+
+ node = asn1_find_node(root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node->down;
+
+ /* pTag will points to the IMPLICIT TAG */
+ pTag = NULL;
+ if (node->type & CONST_TAG) {
+ while (p) {
+ if (type_field(p->type) == ASN1_ETYPE_TAG) {
+ if ((p->type & CONST_IMPLICIT)
+ && (pTag == NULL))
+ pTag = p;
+ else if (p->type & CONST_EXPLICIT)
+ pTag = NULL;
+ }
+ p = p->right;
+ }
}
- }
-
- if (pTag)
- {
- *tagValue = _asn1_strtoul (pTag->value, NULL, 10);
-
- if (pTag->type & CONST_APPLICATION)
- *classValue = ASN1_CLASS_APPLICATION;
- else if (pTag->type & CONST_UNIVERSAL)
- *classValue = ASN1_CLASS_UNIVERSAL;
- else if (pTag->type & CONST_PRIVATE)
- *classValue = ASN1_CLASS_PRIVATE;
- else
- *classValue = ASN1_CLASS_CONTEXT_SPECIFIC;
- }
- else
- {
- unsigned type = type_field (node->type);
- *classValue = ASN1_CLASS_UNIVERSAL;
-
- switch (type)
- {
- CASE_HANDLED_ETYPES:
- *tagValue = _asn1_tags[type].tag;
- break;
- case ASN1_ETYPE_TAG:
- case ASN1_ETYPE_CHOICE:
- case ASN1_ETYPE_ANY:
- *tagValue = -1;
- break;
- default:
- break;
+
+ if (pTag) {
+ *tagValue = _asn1_strtoul(pTag->value, NULL, 10);
+
+ if (pTag->type & CONST_APPLICATION)
+ *classValue = ASN1_CLASS_APPLICATION;
+ else if (pTag->type & CONST_UNIVERSAL)
+ *classValue = ASN1_CLASS_UNIVERSAL;
+ else if (pTag->type & CONST_PRIVATE)
+ *classValue = ASN1_CLASS_PRIVATE;
+ else
+ *classValue = ASN1_CLASS_CONTEXT_SPECIFIC;
+ } else {
+ unsigned type = type_field(node->type);
+ *classValue = ASN1_CLASS_UNIVERSAL;
+
+ switch (type) {
+ CASE_HANDLED_ETYPES:
+ *tagValue = _asn1_tags[type].tag;
+ break;
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_CHOICE:
+ case ASN1_ETYPE_ANY:
+ *tagValue = -1;
+ break;
+ default:
+ break;
+ }
}
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
/**
@@ -1038,12 +1000,12 @@ asn1_read_tag (asn1_node root, const char *name, int *tagValue,
*
* Returns: %ASN1_SUCCESS if the node exists.
**/
-int asn1_read_node_value (asn1_node node, asn1_data_node_st* data)
+int asn1_read_node_value(asn1_node node, asn1_data_node_st * data)
{
- data->name = node->name;
- data->value = node->value;
- data->value_len = node->value_len;
- data->type = type_field(node->type);
-
- return ASN1_SUCCESS;
+ data->name = node->name;
+ data->value = node->value;
+ data->value_len = node->value_len;
+ data->type = type_field(node->type);
+
+ return ASN1_SUCCESS;
}
diff --git a/lib/minitasn1/element.h b/lib/minitasn1/element.h
index 3bd38bb923..aca0238b42 100644
--- a/lib/minitasn1/element.h
+++ b/lib/minitasn1/element.h
@@ -23,12 +23,12 @@
#define _ELEMENT_H
-int _asn1_append_sequence_set (asn1_node node);
+int _asn1_append_sequence_set(asn1_node node);
-int _asn1_convert_integer (const unsigned char *value,
- unsigned char *value_out,
- int value_out_size, int *len);
+int _asn1_convert_integer(const unsigned char *value,
+ unsigned char *value_out,
+ int value_out_size, int *len);
-void _asn1_hierarchical_name (asn1_node node, char *name, int name_size);
+void _asn1_hierarchical_name(asn1_node node, char *name, int name_size);
#endif
diff --git a/lib/minitasn1/errors.c b/lib/minitasn1/errors.c
index e01c3ee9ea..db9f1fa051 100644
--- a/lib/minitasn1/errors.c
+++ b/lib/minitasn1/errors.c
@@ -26,33 +26,32 @@
#define LIBTASN1_ERROR_ENTRY(name) { #name, name }
-struct libtasn1_error_entry
-{
- const char *name;
- int number;
+struct libtasn1_error_entry {
+ const char *name;
+ int number;
};
typedef struct libtasn1_error_entry libtasn1_error_entry;
static const libtasn1_error_entry error_algorithms[] = {
- LIBTASN1_ERROR_ENTRY (ASN1_SUCCESS),
- LIBTASN1_ERROR_ENTRY (ASN1_FILE_NOT_FOUND),
- LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_FOUND),
- LIBTASN1_ERROR_ENTRY (ASN1_IDENTIFIER_NOT_FOUND),
- LIBTASN1_ERROR_ENTRY (ASN1_DER_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_FOUND),
- LIBTASN1_ERROR_ENTRY (ASN1_GENERIC_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_VALID),
- LIBTASN1_ERROR_ENTRY (ASN1_TAG_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_TAG_IMPLICIT),
- LIBTASN1_ERROR_ENTRY (ASN1_ERROR_TYPE_ANY),
- LIBTASN1_ERROR_ENTRY (ASN1_SYNTAX_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_MEM_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_MEM_ALLOC_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_DER_OVERFLOW),
- LIBTASN1_ERROR_ENTRY (ASN1_NAME_TOO_LONG),
- LIBTASN1_ERROR_ENTRY (ASN1_ARRAY_ERROR),
- LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_EMPTY),
- {0, 0}
+ LIBTASN1_ERROR_ENTRY(ASN1_SUCCESS),
+ LIBTASN1_ERROR_ENTRY(ASN1_FILE_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY(ASN1_ELEMENT_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY(ASN1_IDENTIFIER_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY(ASN1_DER_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_VALUE_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY(ASN1_GENERIC_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_VALUE_NOT_VALID),
+ LIBTASN1_ERROR_ENTRY(ASN1_TAG_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_TAG_IMPLICIT),
+ LIBTASN1_ERROR_ENTRY(ASN1_ERROR_TYPE_ANY),
+ LIBTASN1_ERROR_ENTRY(ASN1_SYNTAX_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_MEM_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_MEM_ALLOC_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_DER_OVERFLOW),
+ LIBTASN1_ERROR_ENTRY(ASN1_NAME_TOO_LONG),
+ LIBTASN1_ERROR_ENTRY(ASN1_ARRAY_ERROR),
+ LIBTASN1_ERROR_ENTRY(ASN1_ELEMENT_NOT_EMPTY),
+ {0, 0}
};
/**
@@ -67,11 +66,10 @@ static const libtasn1_error_entry error_algorithms[] = {
*
* Since: 1.6
**/
-void
-asn1_perror (int error)
+void asn1_perror(int error)
{
- const char *str = asn1_strerror (error);
- fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)");
+ const char *str = asn1_strerror(error);
+ fprintf(stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)");
}
/**
@@ -89,14 +87,13 @@ asn1_perror (int error)
*
* Since: 1.6
**/
-const char *
-asn1_strerror (int error)
+const char *asn1_strerror(int error)
{
- const libtasn1_error_entry *p;
+ const libtasn1_error_entry *p;
- for (p = error_algorithms; p->name != NULL; p++)
- if (p->number == error)
- return p->name + sizeof ("ASN1_") - 1;
+ for (p = error_algorithms; p->name != NULL; p++)
+ if (p->number == error)
+ return p->name + sizeof("ASN1_") - 1;
- return NULL;
+ return NULL;
}
diff --git a/lib/minitasn1/gstr.c b/lib/minitasn1/gstr.c
index 0558c77771..f10dd2ac3d 100644
--- a/lib/minitasn1/gstr.c
+++ b/lib/minitasn1/gstr.c
@@ -28,46 +28,38 @@
*
* They should be used only with null terminated strings.
*/
-void
-_asn1_str_cat (char *dest, size_t dest_tot_size, const char *src)
+void _asn1_str_cat(char *dest, size_t dest_tot_size, const char *src)
{
- size_t str_size = strlen (src);
- size_t dest_size = strlen (dest);
+ size_t str_size = strlen(src);
+ size_t dest_size = strlen(dest);
- if (dest_tot_size - dest_size > str_size)
- {
- strcat (dest, src);
- }
- else
- {
- if (dest_tot_size - dest_size > 0)
- {
- strncat (dest, src, (dest_tot_size - dest_size) - 1);
- dest[dest_tot_size - 1] = 0;
+ if (dest_tot_size - dest_size > str_size) {
+ strcat(dest, src);
+ } else {
+ if (dest_tot_size - dest_size > 0) {
+ strncat(dest, src,
+ (dest_tot_size - dest_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
}
- }
}
/* Returns the bytes copied (not including the null terminator) */
unsigned int
-_asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src)
+_asn1_str_cpy(char *dest, size_t dest_tot_size, const char *src)
{
- size_t str_size = strlen (src);
+ size_t str_size = strlen(src);
- if (dest_tot_size > str_size)
- {
- strcpy (dest, src);
- return str_size;
- }
- else
- {
- if (dest_tot_size > 0)
- {
- str_size = dest_tot_size - 1;
- memcpy (dest, src, str_size);
- dest[str_size] = 0;
- return str_size;
+ if (dest_tot_size > str_size) {
+ strcpy(dest, src);
+ return str_size;
+ } else {
+ if (dest_tot_size > 0) {
+ str_size = dest_tot_size - 1;
+ memcpy(dest, src, str_size);
+ dest[str_size] = 0;
+ return str_size;
+ } else
+ return 0;
}
- else return 0;
- }
}
diff --git a/lib/minitasn1/gstr.h b/lib/minitasn1/gstr.h
index 672d59eb59..9b7176a4a1 100644
--- a/lib/minitasn1/gstr.h
+++ b/lib/minitasn1/gstr.h
@@ -19,8 +19,9 @@
* 02110-1301, USA
*/
-unsigned int _asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src);
-void _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src);
+unsigned int _asn1_str_cpy(char *dest, size_t dest_tot_size,
+ const char *src);
+void _asn1_str_cat(char *dest, size_t dest_tot_size, const char *src);
#define Estrcpy(x,y) _asn1_str_cpy(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y)
#define Estrcat(x,y) _asn1_str_cat(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y)
diff --git a/lib/minitasn1/int.h b/lib/minitasn1/int.h
index 3163d50d14..d422a79c6b 100644
--- a/lib/minitasn1/int.h
+++ b/lib/minitasn1/int.h
@@ -43,25 +43,24 @@
/* This structure is also in libtasn1.h, but then contains less
fields. You cannot make any modifications to these first fields
without breaking ABI. */
-struct asn1_node_st
-{
- /* public fields: */
- char name[ASN1_MAX_NAME_SIZE+1]; /* Node name */
- unsigned int name_hash;
- unsigned int type; /* Node type */
- unsigned char *value; /* Node value */
- int value_len;
- asn1_node down; /* Pointer to the son node */
- asn1_node right; /* Pointer to the brother node */
- asn1_node left; /* Pointer to the next list element */
- /* private fields: */
- unsigned char small_value[ASN1_SMALL_VALUE_SIZE]; /* For small values */
+struct asn1_node_st {
+ /* public fields: */
+ char name[ASN1_MAX_NAME_SIZE + 1]; /* Node name */
+ unsigned int name_hash;
+ unsigned int type; /* Node type */
+ unsigned char *value; /* Node value */
+ int value_len;
+ asn1_node down; /* Pointer to the son node */
+ asn1_node right; /* Pointer to the brother node */
+ asn1_node left; /* Pointer to the next list element */
+ /* private fields: */
+ unsigned char small_value[ASN1_SMALL_VALUE_SIZE]; /* For small values */
};
typedef struct tag_and_class_st {
- unsigned tag;
- unsigned class;
- const char* desc;
+ unsigned tag;
+ unsigned class;
+ const char *desc;
} tag_and_class_st;
/* the types that are handled in _asn1_tags */
@@ -158,28 +157,26 @@ extern const tag_and_class_st _asn1_tags[];
/****************************************/
inline static unsigned int type_field(unsigned int ntype)
{
- return (ntype & 0xff);
+ return (ntype & 0xff);
}
/* To convert old types from a static structure */
inline static unsigned int convert_old_type(unsigned int ntype)
{
-unsigned int type = ntype & 0xff;
- if (type == ASN1_ETYPE_TIME)
- {
- if (ntype & CONST_UTC)
- type = ASN1_ETYPE_UTC_TIME;
- else
- type = ASN1_ETYPE_GENERALIZED_TIME;
-
- ntype &= ~(CONST_UTC|CONST_GENERALIZED);
- ntype &= 0xffffff00;
- ntype |= type;
-
- return ntype;
- }
- else
- return ntype;
+ unsigned int type = ntype & 0xff;
+ if (type == ASN1_ETYPE_TIME) {
+ if (ntype & CONST_UTC)
+ type = ASN1_ETYPE_UTC_TIME;
+ else
+ type = ASN1_ETYPE_GENERALIZED_TIME;
+
+ ntype &= ~(CONST_UTC | CONST_GENERALIZED);
+ ntype &= 0xffffff00;
+ ntype |= type;
+
+ return ntype;
+ } else
+ return ntype;
}
-#endif /* INT_H */
+#endif /* INT_H */
diff --git a/lib/minitasn1/libtasn1.h b/lib/minitasn1/libtasn1.h
index 06474f3f33..37fd376c68 100644
--- a/lib/minitasn1/libtasn1.h
+++ b/lib/minitasn1/libtasn1.h
@@ -21,33 +21,32 @@
*/
#ifndef LIBTASN1_H
-# define LIBTASN1_H
-
-# ifndef ASN1_API
-# if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY
-# define ASN1_API __attribute__((__visibility__("default")))
-# elif defined ASN1_BUILDING && defined _MSC_VER && ! defined ASN1_STATIC
-# define ASN1_API __declspec(dllexport)
-# elif defined _MSC_VER && ! defined ASN1_STATIC
-# define ASN1_API __declspec(dllimport)
-# else
-# define ASN1_API
-# endif
-# endif
+#define LIBTASN1_H
+
+#ifndef ASN1_API
+#if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY
+#define ASN1_API __attribute__((__visibility__("default")))
+#elif defined ASN1_BUILDING && defined _MSC_VER && ! defined ASN1_STATIC
+#define ASN1_API __declspec(dllexport)
+#elif defined _MSC_VER && ! defined ASN1_STATIC
+#define ASN1_API __declspec(dllimport)
+#else
+#define ASN1_API
+#endif
+#endif
#include <stdio.h> /* for FILE* */
#include <sys/types.h>
#include <time.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#define ASN1_VERSION "3.1"
/*****************************************/
- /* Errors returned by libtasn1 functions */
+ /* Errors returned by libtasn1 functions */
/*****************************************/
#define ASN1_SUCCESS 0
#define ASN1_FILE_NOT_FOUND 1
@@ -69,7 +68,7 @@ extern "C"
#define ASN1_ELEMENT_NOT_EMPTY 17
/*************************************/
- /* Constants used in asn1_visit_tree */
+ /* Constants used in asn1_visit_tree */
/*************************************/
#define ASN1_PRINT_NAME 1
#define ASN1_PRINT_NAME_TYPE 2
@@ -77,7 +76,7 @@ extern "C"
#define ASN1_PRINT_ALL 4
/*****************************************/
- /* Constants returned by asn1_read_tag */
+ /* Constants returned by asn1_read_tag */
/*****************************************/
#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */
#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */
@@ -86,7 +85,7 @@ extern "C"
#define ASN1_CLASS_STRUCTURED 0x20
/*****************************************/
- /* Constants returned by asn1_read_tag */
+ /* Constants returned by asn1_read_tag */
/*****************************************/
#define ASN1_TAG_BOOLEAN 0x01
#define ASN1_TAG_INTEGER 0x02
@@ -110,29 +109,28 @@ extern "C"
#define ASN1_TAG_VISIBLE_STRING 0x1A
/******************************************************/
- /* Structure definition used for the node of the tree */
- /* that represent an ASN.1 DEFINITION. */
+ /* Structure definition used for the node of the tree */
+ /* that represent an ASN.1 DEFINITION. */
/******************************************************/
- typedef struct asn1_node_st asn1_node_st;
+ typedef struct asn1_node_st asn1_node_st;
- typedef asn1_node_st *asn1_node;
+ typedef asn1_node_st *asn1_node;
- /* maximum number of characters of a name */
- /* inside a file with ASN1 definitons */
+ /* maximum number of characters of a name */
+ /* inside a file with ASN1 definitons */
#define ASN1_MAX_NAME_SIZE 64
/*****************************************/
- /* For the on-disk format of ASN.1 trees */
+ /* For the on-disk format of ASN.1 trees */
/*****************************************/
- struct asn1_static_node_st
- {
- const char *name; /* Node name */
- unsigned int type; /* Node type */
- const void *value; /* Node value */
- };
- typedef struct asn1_static_node_st asn1_static_node;
+ struct asn1_static_node_st {
+ const char *name; /* Node name */
+ unsigned int type; /* Node type */
+ const void *value; /* Node value */
+ };
+ typedef struct asn1_static_node_st asn1_static_node;
/* List of constants for field type of node_asn */
#define ASN1_ETYPE_INVALID 0
@@ -168,171 +166,185 @@ extern "C"
#define ASN1_ETYPE_UTC_TIME 36
#define ASN1_ETYPE_GENERALIZED_TIME 37
- struct asn1_data_node_st
- {
- const char *name; /* Node name */
- const void *value; /* Node value */
- unsigned int value_len; /* Node value size */
- unsigned int type; /* Node value type (ASN1_ETYPE_*) */
- };
- typedef struct asn1_data_node_st asn1_data_node_st;
+ struct asn1_data_node_st {
+ const char *name; /* Node name */
+ const void *value; /* Node value */
+ unsigned int value_len; /* Node value size */
+ unsigned int type; /* Node value type (ASN1_ETYPE_*) */
+ };
+ typedef struct asn1_data_node_st asn1_data_node_st;
/***********************************/
- /* Fixed constants */
+ /* Fixed constants */
/***********************************/
- /* maximum number of characters */
- /* of a description message */
- /* (null character included) */
+ /* maximum number of characters */
+ /* of a description message */
+ /* (null character included) */
#define ASN1_MAX_ERROR_DESCRIPTION_SIZE 128
/***********************************/
- /* Functions definitions */
+ /* Functions definitions */
/***********************************/
- extern ASN1_API int
- asn1_parser2tree (const char *file_name,
- asn1_node * definitions, char *errorDescription);
+ extern ASN1_API int
+ asn1_parser2tree(const char *file_name,
+ asn1_node * definitions, char *errorDescription);
- extern ASN1_API int
- asn1_parser2array (const char *inputFileName,
- const char *outputFileName,
- const char *vectorName, char *errorDescription);
+ extern ASN1_API int
+ asn1_parser2array(const char *inputFileName,
+ const char *outputFileName,
+ const char *vectorName, char *errorDescription);
- extern ASN1_API int
- asn1_array2tree (const asn1_static_node * array,
- asn1_node * definitions, char *errorDescription);
+ extern ASN1_API int
+ asn1_array2tree(const asn1_static_node * array,
+ asn1_node * definitions, char *errorDescription);
- extern ASN1_API void
- asn1_print_structure (FILE * out, asn1_node structure,
- const char *name, int mode);
+ extern ASN1_API void
+ asn1_print_structure(FILE * out, asn1_node structure,
+ const char *name, int mode);
- extern ASN1_API int
- asn1_create_element (asn1_node definitions,
- const char *source_name, asn1_node * element);
+ extern ASN1_API int
+ asn1_create_element(asn1_node definitions,
+ const char *source_name, asn1_node * element);
- extern ASN1_API int asn1_delete_structure (asn1_node * structure);
+ extern ASN1_API int asn1_delete_structure(asn1_node * structure);
- extern ASN1_API int
- asn1_delete_element (asn1_node structure, const char *element_name);
+ extern ASN1_API int
+ asn1_delete_element(asn1_node structure,
+ const char *element_name);
- extern ASN1_API int
- asn1_write_value (asn1_node node_root, const char *name,
- const void *ivalue, int len);
+ extern ASN1_API int
+ asn1_write_value(asn1_node node_root, const char *name,
+ const void *ivalue, int len);
- extern ASN1_API int
- asn1_read_value (asn1_node root, const char *name,
- void *ivalue, int *len);
+ extern ASN1_API int
+ asn1_read_value(asn1_node root, const char *name,
+ void *ivalue, int *len);
- extern ASN1_API int
- asn1_read_value_type (asn1_node root, const char *name,
- void *ivalue, int *len, unsigned int* etype);
+ extern ASN1_API int
+ asn1_read_value_type(asn1_node root, const char *name,
+ void *ivalue, int *len, unsigned int *etype);
- extern ASN1_API int
- asn1_read_node_value (asn1_node node, asn1_data_node_st* data);
+ extern ASN1_API int
+ asn1_read_node_value(asn1_node node, asn1_data_node_st * data);
- extern ASN1_API int
- asn1_number_of_elements (asn1_node element, const char *name, int *num);
+ extern ASN1_API int
+ asn1_number_of_elements(asn1_node element, const char *name,
+ int *num);
- extern ASN1_API int
- asn1_der_coding (asn1_node element, const char *name,
- void *ider, int *len, char *ErrorDescription);
+ extern ASN1_API int
+ asn1_der_coding(asn1_node element, const char *name,
+ void *ider, int *len, char *ErrorDescription);
- extern ASN1_API int
- asn1_der_decoding (asn1_node * element, const void *ider,
- int len, char *errorDescription);
+ extern ASN1_API int
+ asn1_der_decoding(asn1_node * element, const void *ider,
+ int len, char *errorDescription);
- extern ASN1_API int
- asn1_der_decoding_element (asn1_node * structure,
- const char *elementName,
- const void *ider, int len,
- char *errorDescription);
+ extern ASN1_API int
+ asn1_der_decoding_element(asn1_node * structure,
+ const char *elementName,
+ const void *ider, int len,
+ char *errorDescription);
- extern ASN1_API int
- asn1_der_decoding_startEnd (asn1_node element,
- const void *ider, int len,
- const char *name_element,
- int *start, int *end);
+ extern ASN1_API int
+ asn1_der_decoding_startEnd(asn1_node element,
+ const void *ider, int len,
+ const char *name_element,
+ int *start, int *end);
- extern ASN1_API int
- asn1_expand_any_defined_by (asn1_node definitions, asn1_node * element);
+ extern ASN1_API int
+ asn1_expand_any_defined_by(asn1_node definitions,
+ asn1_node * element);
- extern ASN1_API int
- asn1_expand_octet_string (asn1_node definitions,
- asn1_node * element,
- const char *octetName, const char *objectName);
+ extern ASN1_API int
+ asn1_expand_octet_string(asn1_node definitions,
+ asn1_node * element,
+ const char *octetName,
+ const char *objectName);
- extern ASN1_API int
- asn1_read_tag (asn1_node root, const char *name,
- int *tagValue, int *classValue);
+ extern ASN1_API int
+ asn1_read_tag(asn1_node root, const char *name,
+ int *tagValue, int *classValue);
- extern ASN1_API const char *asn1_find_structure_from_oid (asn1_node
- definitions,
- const char
- *oidValue);
+ extern ASN1_API const char *asn1_find_structure_from_oid(asn1_node
+ definitions,
+ const char
+ *oidValue);
- extern ASN1_API const char *asn1_check_version (const char *req_version);
+ extern ASN1_API const char *asn1_check_version(const char
+ *req_version);
- extern ASN1_API const char *asn1_strerror (int error);
+ extern ASN1_API const char *asn1_strerror(int error);
- extern ASN1_API void asn1_perror (int error);
+ extern ASN1_API void asn1_perror(int error);
#define ASN1_MAX_TAG_SIZE 4
#define ASN1_MAX_LENGTH_SIZE 9
#define ASN1_MAX_TL_SIZE (ASN1_MAX_TAG_SIZE+ASN1_MAX_LENGTH_SIZE)
- extern ASN1_API long
- asn1_get_length_der (const unsigned char *der, int der_len, int *len);
+ extern ASN1_API long
+ asn1_get_length_der(const unsigned char *der, int der_len,
+ int *len);
- extern ASN1_API long
- asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len);
+ extern ASN1_API long
+ asn1_get_length_ber(const unsigned char *ber, int ber_len,
+ int *len);
- extern ASN1_API void
- asn1_length_der (unsigned long int len, unsigned char *ans, int *ans_len);
+ extern ASN1_API void
+ asn1_length_der(unsigned long int len, unsigned char *ans,
+ int *ans_len);
- /* Other utility functions. */
+ /* Other utility functions. */
- extern ASN1_API
- int asn1_decode_simple_der (unsigned int etype, const unsigned char *der, unsigned int der_len,
- const unsigned char **str, unsigned int *str_len);
+ extern ASN1_API
+ int asn1_decode_simple_der(unsigned int etype,
+ const unsigned char *der,
+ unsigned int der_len,
+ const unsigned char **str,
+ unsigned int *str_len);
- extern ASN1_API int
- asn1_encode_simple_der (unsigned int etype, const unsigned char *str, unsigned int str_len,
- unsigned char *tl, unsigned int *tl_len);
+ extern ASN1_API int
+ asn1_encode_simple_der(unsigned int etype,
+ const unsigned char *str,
+ unsigned int str_len, unsigned char *tl,
+ unsigned int *tl_len);
- extern ASN1_API asn1_node
- asn1_find_node (asn1_node pointer, const char *name);
+ extern ASN1_API asn1_node
+ asn1_find_node(asn1_node pointer, const char *name);
- extern ASN1_API int
- asn1_copy_node (asn1_node dst, const char *dst_name,
- asn1_node src, const char *src_name);
+ extern ASN1_API int
+ asn1_copy_node(asn1_node dst, const char *dst_name,
+ asn1_node src, const char *src_name);
- /* Internal and low-level DER utility functions. */
+ /* Internal and low-level DER utility functions. */
- extern ASN1_API int
- asn1_get_tag_der (const unsigned char *der, int der_len,
- unsigned char *cls, int *len, unsigned long *tag);
+ extern ASN1_API int
+ asn1_get_tag_der(const unsigned char *der, int der_len,
+ unsigned char *cls, int *len,
+ unsigned long *tag);
- extern ASN1_API void
- asn1_octet_der (const unsigned char *str, int str_len,
- unsigned char *der, int *der_len);
+ extern ASN1_API void
+ asn1_octet_der(const unsigned char *str, int str_len,
+ unsigned char *der, int *der_len);
- extern ASN1_API int
- asn1_get_octet_der (const unsigned char *der, int der_len,
- int *ret_len, unsigned char *str,
- int str_size, int *str_len);
+ extern ASN1_API int
+ asn1_get_octet_der(const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str,
+ int str_size, int *str_len);
- extern ASN1_API void asn1_bit_der (const unsigned char *str, int bit_len,
- unsigned char *der, int *der_len);
+ extern ASN1_API void asn1_bit_der(const unsigned char *str,
+ int bit_len, unsigned char *der,
+ int *der_len);
- extern ASN1_API int
- asn1_get_bit_der (const unsigned char *der, int der_len,
- int *ret_len, unsigned char *str,
- int str_size, int *bit_len);
+ extern ASN1_API int
+ asn1_get_bit_der(const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str,
+ int str_size, int *bit_len);
/* Compatibility types */
-typedef int asn1_retCode; /* type returned by libtasn1 functions */
+ typedef int asn1_retCode; /* type returned by libtasn1 functions */
#define node_asn_struct asn1_node_st
#define node_asn asn1_node_st
@@ -349,5 +361,4 @@ typedef int asn1_retCode; /* type returned by libtasn1 functions */
#ifdef __cplusplus
}
#endif
-
#endif /* LIBTASN1_H */
diff --git a/lib/minitasn1/parser_aux.c b/lib/minitasn1/parser_aux.c
index 50238d2c92..3413dab6f7 100644
--- a/lib/minitasn1/parser_aux.c
+++ b/lib/minitasn1/parser_aux.c
@@ -33,10 +33,9 @@ char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not fou
/* Description: type used in the list during */
/* the structure creation. */
/***********************************************/
-typedef struct list_struct
-{
- asn1_node node;
- struct list_struct *next;
+typedef struct list_struct {
+ asn1_node node;
+ struct list_struct *next;
} list_type;
@@ -52,30 +51,28 @@ list_type *firstElement = NULL;
/* and CONST_ constants). */
/* Return: pointer to the new element. */
/******************************************************/
-asn1_node
-_asn1_add_static_node (unsigned int type)
+asn1_node _asn1_add_static_node(unsigned int type)
{
- list_type *listElement;
- asn1_node punt;
+ list_type *listElement;
+ asn1_node punt;
- punt = calloc (1, sizeof (struct asn1_node_st));
- if (punt == NULL)
- return NULL;
+ punt = calloc(1, sizeof(struct asn1_node_st));
+ if (punt == NULL)
+ return NULL;
- listElement = malloc (sizeof (list_type));
- if (listElement == NULL)
- {
- free (punt);
- return NULL;
- }
+ listElement = malloc(sizeof(list_type));
+ if (listElement == NULL) {
+ free(punt);
+ return NULL;
+ }
- listElement->node = punt;
- listElement->next = firstElement;
- firstElement = listElement;
+ listElement->node = punt;
+ listElement->next = firstElement;
+ firstElement = listElement;
- punt->type = type;
+ punt->type = type;
- return punt;
+ return punt;
}
/**
@@ -90,111 +87,97 @@ _asn1_add_static_node (unsigned int type)
*
* Returns: the search result, or %NULL if not found.
**/
-asn1_node
-asn1_find_node (asn1_node pointer, const char *name)
+asn1_node asn1_find_node(asn1_node pointer, const char *name)
{
- asn1_node p;
- char *n_end, n[ASN1_MAX_NAME_SIZE + 1];
- const char *n_start;
- unsigned int nsize;
- unsigned int nhash;
-
- if (pointer == NULL)
- return NULL;
-
- if (name == NULL)
- return NULL;
-
- p = pointer;
- n_start = name;
-
- if (p->name[0] != 0)
- { /* has *pointer got a name ? */
- n_end = strchr (n_start, '.'); /* search the first dot */
- if (n_end)
- {
- nsize = n_end - n_start;
- memcpy (n, n_start, nsize);
- n[nsize] = 0;
- n_start = n_end;
- n_start++;
-
- nhash = hash_pjw_bare(n, nsize);
- }
- else
- {
- nsize = _asn1_str_cpy (n, sizeof (n), n_start);
- nhash = hash_pjw_bare(n, nsize);
+ asn1_node p;
+ char *n_end, n[ASN1_MAX_NAME_SIZE + 1];
+ const char *n_start;
+ unsigned int nsize;
+ unsigned int nhash;
+
+ if (pointer == NULL)
+ return NULL;
+
+ if (name == NULL)
+ return NULL;
+
+ p = pointer;
+ n_start = name;
+
+ if (p->name[0] != 0) { /* has *pointer got a name ? */
+ n_end = strchr(n_start, '.'); /* search the first dot */
+ if (n_end) {
+ nsize = n_end - n_start;
+ memcpy(n, n_start, nsize);
+ n[nsize] = 0;
+ n_start = n_end;
+ n_start++;
+
+ nhash = hash_pjw_bare(n, nsize);
+ } else {
+ nsize = _asn1_str_cpy(n, sizeof(n), n_start);
+ nhash = hash_pjw_bare(n, nsize);
+
+ n_start = NULL;
+ }
- n_start = NULL;
+ while (p) {
+ if ((p->name) && nhash == p->name_hash
+ && (!strcmp(p->name, n)))
+ break;
+ else
+ p = p->right;
+ } /* while */
+
+ if (p == NULL)
+ return NULL;
+ } else { /* *pointer doesn't have a name */
+ if (n_start[0] == 0)
+ return p;
}
- while (p)
- {
- if ((p->name) && nhash == p->name_hash && (!strcmp (p->name, n)))
- break;
- else
- p = p->right;
+ while (n_start) { /* Has the end of NAME been reached? */
+ n_end = strchr(n_start, '.'); /* search the next dot */
+ if (n_end) {
+ nsize = n_end - n_start;
+ memcpy(n, n_start, nsize);
+ n[nsize] = 0;
+ n_start = n_end;
+ n_start++;
+
+ nhash = hash_pjw_bare(n, nsize);
+ } else {
+ nsize = _asn1_str_cpy(n, sizeof(n), n_start);
+ nhash = hash_pjw_bare(n, nsize);
+ n_start = NULL;
+ }
+
+ if (p->down == NULL)
+ return NULL;
+
+ p = p->down;
+
+ /* The identifier "?LAST" indicates the last element
+ in the right chain. */
+ if (!strcmp(n, "?LAST")) {
+ if (p == NULL)
+ return NULL;
+ while (p->right)
+ p = p->right;
+ } else { /* no "?LAST" */
+ while (p) {
+ if (p->name_hash == nhash
+ && !strcmp(p->name, n))
+ break;
+ else
+ p = p->right;
+ }
+ if (p == NULL)
+ return NULL;
+ }
} /* while */
- if (p == NULL)
- return NULL;
- }
- else
- { /* *pointer doesn't have a name */
- if (n_start[0] == 0)
return p;
- }
-
- while (n_start)
- { /* Has the end of NAME been reached? */
- n_end = strchr (n_start, '.'); /* search the next dot */
- if (n_end)
- {
- nsize = n_end - n_start;
- memcpy (n, n_start, nsize);
- n[nsize] = 0;
- n_start = n_end;
- n_start++;
-
- nhash = hash_pjw_bare(n, nsize);
- }
- else
- {
- nsize = _asn1_str_cpy (n, sizeof (n), n_start);
- nhash = hash_pjw_bare(n, nsize);
- n_start = NULL;
- }
-
- if (p->down == NULL)
- return NULL;
-
- p = p->down;
-
- /* The identifier "?LAST" indicates the last element
- in the right chain. */
- if (!strcmp (n, "?LAST"))
- {
- if (p == NULL)
- return NULL;
- while (p->right)
- p = p->right;
- }
- else
- { /* no "?LAST" */
- while (p)
- {
- if (p->name_hash == nhash && !strcmp (p->name, n))
- break;
- else
- p = p->right;
- }
- if (p == NULL)
- return NULL;
- }
- } /* while */
-
- return p;
}
@@ -209,35 +192,31 @@ asn1_find_node (asn1_node pointer, const char *name)
/* Return: pointer to the NODE_ASN element. */
/******************************************************************/
asn1_node
-_asn1_set_value (asn1_node node, const void *value, unsigned int len)
+_asn1_set_value(asn1_node node, const void *value, unsigned int len)
{
- if (node == NULL)
- return node;
- if (node->value)
- {
- if (node->value != node->small_value)
- free (node->value);
- node->value = NULL;
- node->value_len = 0;
- }
-
- if (!len)
- return node;
-
- if (len < sizeof (node->small_value))
- {
- node->value = node->small_value;
- }
- else
- {
- node->value = malloc (len);
- if (node->value == NULL)
- return NULL;
- }
- node->value_len = len;
-
- memcpy (node->value, value, len);
- return node;
+ if (node == NULL)
+ return node;
+ if (node->value) {
+ if (node->value != node->small_value)
+ free(node->value);
+ node->value = NULL;
+ node->value_len = 0;
+ }
+
+ if (!len)
+ return node;
+
+ if (len < sizeof(node->small_value)) {
+ node->value = node->small_value;
+ } else {
+ node->value = malloc(len);
+ if (node->value == NULL)
+ return NULL;
+ }
+ node->value_len = len;
+
+ memcpy(node->value, value, len);
+ return node;
}
/******************************************************************/
@@ -252,47 +231,45 @@ _asn1_set_value (asn1_node node, const void *value, unsigned int len)
/* Return: pointer to the NODE_ASN element. */
/******************************************************************/
asn1_node
-_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len)
+_asn1_set_value_lv(asn1_node node, const void *value, unsigned int len)
{
- int len2;
- void *temp;
+ int len2;
+ void *temp;
- if (node == NULL)
- return node;
+ if (node == NULL)
+ return node;
- asn1_length_der (len, NULL, &len2);
- temp = malloc (len + len2);
- if (temp == NULL)
- return NULL;
+ asn1_length_der(len, NULL, &len2);
+ temp = malloc(len + len2);
+ if (temp == NULL)
+ return NULL;
- asn1_octet_der (value, len, temp, &len2);
- return _asn1_set_value_m (node, temp, len2);
+ asn1_octet_der(value, len, temp, &len2);
+ return _asn1_set_value_m(node, temp, len2);
}
/* the same as _asn1_set_value except that it sets an already malloc'ed
* value.
*/
-asn1_node
-_asn1_set_value_m (asn1_node node, void *value, unsigned int len)
+asn1_node _asn1_set_value_m(asn1_node node, void *value, unsigned int len)
{
- if (node == NULL)
- return node;
-
- if (node->value)
- {
- if (node->value != node->small_value)
- free (node->value);
- node->value = NULL;
- node->value_len = 0;
- }
+ if (node == NULL)
+ return node;
+
+ if (node->value) {
+ if (node->value != node->small_value)
+ free(node->value);
+ node->value = NULL;
+ node->value_len = 0;
+ }
- if (!len)
- return node;
+ if (!len)
+ return node;
- node->value = value;
- node->value_len = len;
+ node->value = value;
+ node->value_len = len;
- return node;
+ return node;
}
/******************************************************************/
@@ -306,43 +283,37 @@ _asn1_set_value_m (asn1_node node, void *value, unsigned int len)
/* Return: pointer to the NODE_ASN element. */
/******************************************************************/
asn1_node
-_asn1_append_value (asn1_node node, const void *value, unsigned int len)
+_asn1_append_value(asn1_node node, const void *value, unsigned int len)
{
- if (node == NULL)
- return node;
- if (node->value != NULL && node->value != node->small_value)
- {
- /* value is allocated */
- int prev_len = node->value_len;
- node->value_len += len;
- node->value = realloc (node->value, node->value_len);
- if (node->value == NULL)
- {
- node->value_len = 0;
- return NULL;
- }
- memcpy (&node->value[prev_len], value, len);
-
- return node;
- }
- else if (node->value == node->small_value)
- {
- /* value is in node */
- int prev_len = node->value_len;
- node->value_len += len;
- node->value = malloc (node->value_len);
- if (node->value == NULL)
- {
- node->value_len = 0;
- return NULL;
- }
- memcpy (node->value, node->small_value, prev_len);
- memcpy (&node->value[prev_len], value, len);
+ if (node == NULL)
+ return node;
+ if (node->value != NULL && node->value != node->small_value) {
+ /* value is allocated */
+ int prev_len = node->value_len;
+ node->value_len += len;
+ node->value = realloc(node->value, node->value_len);
+ if (node->value == NULL) {
+ node->value_len = 0;
+ return NULL;
+ }
+ memcpy(&node->value[prev_len], value, len);
+
+ return node;
+ } else if (node->value == node->small_value) {
+ /* value is in node */
+ int prev_len = node->value_len;
+ node->value_len += len;
+ node->value = malloc(node->value_len);
+ if (node->value == NULL) {
+ node->value_len = 0;
+ return NULL;
+ }
+ memcpy(node->value, node->small_value, prev_len);
+ memcpy(&node->value[prev_len], value, len);
- return node;
- }
- else /* node->value == NULL */
- return _asn1_set_value (node, value, len);
+ return node;
+ } else /* node->value == NULL */
+ return _asn1_set_value(node, value, len);
}
/******************************************************************/
@@ -355,25 +326,23 @@ _asn1_append_value (asn1_node node, const void *value, unsigned int len)
/* to set. */
/* Return: pointer to the NODE_ASN element. */
/******************************************************************/
-asn1_node
-_asn1_set_name (asn1_node node, const char *name)
+asn1_node _asn1_set_name(asn1_node node, const char *name)
{
-unsigned int nsize;
+ unsigned int nsize;
- if (node == NULL)
- return node;
+ if (node == NULL)
+ return node;
- if (name == NULL)
- {
- node->name[0] = 0;
- node->name_hash = hash_pjw_bare(node->name, 0);
- return node;
- }
+ if (name == NULL) {
+ node->name[0] = 0;
+ node->name_hash = hash_pjw_bare(node->name, 0);
+ return node;
+ }
- nsize = _asn1_str_cpy (node->name, sizeof (node->name), name);
- node->name_hash = hash_pjw_bare(node->name, nsize);
+ nsize = _asn1_str_cpy(node->name, sizeof(node->name), name);
+ node->name_hash = hash_pjw_bare(node->name, nsize);
- return node;
+ return node;
}
/******************************************************************/
@@ -384,23 +353,21 @@ unsigned int nsize;
/* src: a source element pointer. */
/* Return: pointer to the NODE_ASN element. */
/******************************************************************/
-asn1_node
-_asn1_cpy_name (asn1_node dst, asn1_node src)
+asn1_node _asn1_cpy_name(asn1_node dst, asn1_node src)
{
- if (dst == NULL)
- return dst;
+ if (dst == NULL)
+ return dst;
- if (src == NULL)
- {
- dst->name[0] = 0;
- dst->name_hash = hash_pjw_bare(dst->name, 0);
- return dst;
- }
+ if (src == NULL) {
+ dst->name[0] = 0;
+ dst->name_hash = hash_pjw_bare(dst->name, 0);
+ return dst;
+ }
- _asn1_str_cpy (dst->name, sizeof (dst->name), src->name);
- dst->name_hash = src->name_hash;
+ _asn1_str_cpy(dst->name, sizeof(dst->name), src->name);
+ dst->name_hash = src->name_hash;
- return dst;
+ return dst;
}
/******************************************************************/
@@ -412,15 +379,14 @@ _asn1_cpy_name (asn1_node dst, asn1_node src)
/* by NODE. */
/* Return: pointer to *NODE. */
/******************************************************************/
-asn1_node
-_asn1_set_right (asn1_node node, asn1_node right)
+asn1_node _asn1_set_right(asn1_node node, asn1_node right)
{
- if (node == NULL)
- return node;
- node->right = right;
- if (right)
- right->left = node;
- return node;
+ if (node == NULL)
+ return node;
+ node->right = right;
+ if (right)
+ right->left = node;
+ return node;
}
@@ -431,17 +397,16 @@ _asn1_set_right (asn1_node node, asn1_node right)
/* node: starting element pointer. */
/* Return: pointer to the last element along the right chain. */
/******************************************************************/
-asn1_node
-_asn1_get_last_right (asn1_node node)
+asn1_node _asn1_get_last_right(asn1_node node)
{
- asn1_node p;
-
- if (node == NULL)
- return NULL;
- p = node;
- while (p->right)
- p = p->right;
- return p;
+ asn1_node p;
+
+ if (node == NULL)
+ return NULL;
+ p = node;
+ while (p->right)
+ p = p->right;
+ return p;
}
/******************************************************************/
@@ -451,15 +416,14 @@ _asn1_get_last_right (asn1_node node)
/* Parameters: */
/* node: NODE_ASN element pointer. */
/******************************************************************/
-void
-_asn1_remove_node (asn1_node node)
+void _asn1_remove_node(asn1_node node)
{
- if (node == NULL)
- return;
+ if (node == NULL)
+ return;
- if (node->value != NULL && node->value != node->small_value)
- free (node->value);
- free (node);
+ if (node->value != NULL && node->value != node->small_value)
+ free(node->value);
+ free(node);
}
/******************************************************************/
@@ -469,20 +433,19 @@ _asn1_remove_node (asn1_node node)
/* node: NODE_ASN element pointer. */
/* Return: Null if not found. */
/******************************************************************/
-asn1_node
-_asn1_find_up (asn1_node node)
+asn1_node _asn1_find_up(asn1_node node)
{
- asn1_node p;
+ asn1_node p;
- if (node == NULL)
- return NULL;
+ if (node == NULL)
+ return NULL;
- p = node;
+ p = node;
- while ((p->left != NULL) && (p->left->right == p))
- p = p->left;
+ while ((p->left != NULL) && (p->left->right == p))
+ p = p->left;
- return p->left;
+ return p->left;
}
/******************************************************************/
@@ -490,17 +453,15 @@ _asn1_find_up (asn1_node node)
/* Description: deletes the list elements (not the elements */
/* pointed by them). */
/******************************************************************/
-void
-_asn1_delete_list (void)
+void _asn1_delete_list(void)
{
- list_type *listElement;
-
- while (firstElement)
- {
- listElement = firstElement;
- firstElement = firstElement->next;
- free (listElement);
- }
+ list_type *listElement;
+
+ while (firstElement) {
+ listElement = firstElement;
+ firstElement = firstElement->next;
+ free(listElement);
+ }
}
/******************************************************************/
@@ -508,52 +469,46 @@ _asn1_delete_list (void)
/* Description: deletes the list elements and the elements */
/* pointed by them. */
/******************************************************************/
-void
-_asn1_delete_list_and_nodes (void)
+void _asn1_delete_list_and_nodes(void)
{
- list_type *listElement;
-
- while (firstElement)
- {
- listElement = firstElement;
- firstElement = firstElement->next;
- _asn1_remove_node (listElement->node);
- free (listElement);
- }
+ list_type *listElement;
+
+ while (firstElement) {
+ listElement = firstElement;
+ firstElement = firstElement->next;
+ _asn1_remove_node(listElement->node);
+ free(listElement);
+ }
}
-char *
-_asn1_ltostr (long v, char *str)
+char *_asn1_ltostr(long v, char *str)
{
- long d, r;
- char temp[20];
- int count, k, start;
-
- if (v < 0)
- {
- str[0] = '-';
- start = 1;
- v = -v;
- }
- else
- start = 0;
-
- count = 0;
- do
- {
- d = v / 10;
- r = v - d * 10;
- temp[start + count] = '0' + (char) r;
- count++;
- v = d;
- }
- while (v);
-
- for (k = 0; k < count; k++)
- str[k + start] = temp[start + count - k - 1];
- str[count + start] = 0;
- return str;
+ long d, r;
+ char temp[20];
+ int count, k, start;
+
+ if (v < 0) {
+ str[0] = '-';
+ start = 1;
+ v = -v;
+ } else
+ start = 0;
+
+ count = 0;
+ do {
+ d = v / 10;
+ r = v - d * 10;
+ temp[start + count] = '0' + (char) r;
+ count++;
+ v = d;
+ }
+ while (v);
+
+ for (k = 0; k < count; k++)
+ str[k + start] = temp[start + count - k - 1];
+ str[count + start] = 0;
+ return str;
}
@@ -567,61 +522,52 @@ _asn1_ltostr (long v, char *str)
/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
/* otherwise ASN1_SUCCESS */
/******************************************************************/
-int
-_asn1_change_integer_value (asn1_node node)
+int _asn1_change_integer_value(asn1_node node)
{
- asn1_node p;
- unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
- unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1];
- int len;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- while (p)
- {
- if ((type_field (p->type) == ASN1_ETYPE_INTEGER) && (p->type & CONST_ASSIGN))
- {
- if (p->value)
- {
- _asn1_convert_integer (p->value, val, sizeof (val), &len);
- asn1_octet_der (val, len, val2, &len);
- _asn1_set_value (p, val2, len);
- }
- }
+ asn1_node p;
+ unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
+ unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1];
+ int len;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p) {
+ if ((type_field(p->type) == ASN1_ETYPE_INTEGER)
+ && (p->type & CONST_ASSIGN)) {
+ if (p->value) {
+ _asn1_convert_integer(p->value, val,
+ sizeof(val), &len);
+ asn1_octet_der(val, len, val2, &len);
+ _asn1_set_value(p, val2, len);
+ }
+ }
- if (p->down)
- {
- p = p->down;
- }
- else
- {
- if (p == node)
- p = NULL;
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == node)
- {
- p = NULL;
- break;
- }
- if (p->right)
- {
- p = p->right;
- break;
- }
+ if (p->down) {
+ p = p->down;
+ } else {
+ if (p == node)
+ p = NULL;
+ else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == node) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
+ }
}
- }
}
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -634,176 +580,217 @@ _asn1_change_integer_value (asn1_node node)
/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
/* otherwise ASN1_SUCCESS */
/******************************************************************/
-int
-_asn1_expand_object_id (asn1_node node)
+int _asn1_expand_object_id(asn1_node node)
{
- asn1_node p, p2, p3, p4, p5;
- char name_root[ASN1_MAX_NAME_SIZE], name2[2 * ASN1_MAX_NAME_SIZE + 1];
- int move, tlen;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- _asn1_str_cpy (name_root, sizeof (name_root), node->name);
-
- p = node;
- move = DOWN;
-
- while (!((p == node) && (move == UP)))
- {
- if (move != UP)
- {
- if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID)
- && (p->type & CONST_ASSIGN))
- {
- p2 = p->down;
- if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT))
- {
- if (p2->value && !isdigit (p2->value[0]))
- {
- _asn1_str_cpy (name2, sizeof (name2), name_root);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2),
- (char *) p2->value);
- p3 = asn1_find_node (node, name2);
- if (!p3 || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ||
- !(p3->type & CONST_ASSIGN))
- return ASN1_ELEMENT_NOT_FOUND;
- _asn1_set_down (p, p2->right);
- _asn1_remove_node (p2);
- p2 = p;
- p4 = p3->down;
- while (p4)
- {
- if (type_field (p4->type) == ASN1_ETYPE_CONSTANT)
- {
- p5 = _asn1_add_single_node (ASN1_ETYPE_CONSTANT);
- _asn1_set_name (p5, p4->name);
- tlen = _asn1_strlen (p4->value);
- if (tlen > 0)
- _asn1_set_value (p5, p4->value, tlen + 1);
- if (p2 == p)
- {
- _asn1_set_right (p5, p->down);
- _asn1_set_down (p, p5);
- }
- else
- {
- _asn1_set_right (p5, p2->right);
- _asn1_set_right (p2, p5);
+ asn1_node p, p2, p3, p4, p5;
+ char name_root[ASN1_MAX_NAME_SIZE],
+ name2[2 * ASN1_MAX_NAME_SIZE + 1];
+ int move, tlen;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ _asn1_str_cpy(name_root, sizeof(name_root), node->name);
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP))) {
+ if (move != UP) {
+ if ((type_field(p->type) == ASN1_ETYPE_OBJECT_ID)
+ && (p->type & CONST_ASSIGN)) {
+ p2 = p->down;
+ if (p2
+ && (type_field(p2->type) ==
+ ASN1_ETYPE_CONSTANT)) {
+ if (p2->value
+ && !isdigit(p2->value[0])) {
+ _asn1_str_cpy(name2,
+ sizeof
+ (name2),
+ name_root);
+ _asn1_str_cat(name2,
+ sizeof
+ (name2),
+ ".");
+ _asn1_str_cat(name2,
+ sizeof
+ (name2),
+ (char *) p2->
+ value);
+ p3 = asn1_find_node(node,
+ name2);
+ if (!p3
+ ||
+ (type_field(p3->type)
+ !=
+ ASN1_ETYPE_OBJECT_ID)
+ || !(p3->
+ type &
+ CONST_ASSIGN))
+ return
+ ASN1_ELEMENT_NOT_FOUND;
+ _asn1_set_down(p,
+ p2->right);
+ _asn1_remove_node(p2);
+ p2 = p;
+ p4 = p3->down;
+ while (p4) {
+ if (type_field
+ (p4->type) ==
+ ASN1_ETYPE_CONSTANT)
+ {
+ p5 = _asn1_add_single_node(ASN1_ETYPE_CONSTANT);
+ _asn1_set_name
+ (p5,
+ p4->
+ name);
+ tlen =
+ _asn1_strlen
+ (p4->
+ value);
+ if (tlen >
+ 0)
+ _asn1_set_value
+ (p5,
+ p4->
+ value,
+ tlen
+ +
+ 1);
+ if (p2 ==
+ p) {
+ _asn1_set_right
+ (p5,
+ p->
+ down);
+ _asn1_set_down
+ (p,
+ p5);
+ } else {
+ _asn1_set_right
+ (p5,
+ p2->
+ right);
+ _asn1_set_right
+ (p2,
+ p5);
+ }
+ p2 = p5;
+ }
+ p4 = p4->right;
+ }
+ move = DOWN;
+ continue;
+ }
}
- p2 = p5;
- }
- p4 = p4->right;
}
- move = DOWN;
- continue;
- }
+ move = DOWN;
+ } else
+ move = RIGHT;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- }
- move = DOWN;
- }
- else
- move = RIGHT;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if (p == node)
- {
- move = UP;
- continue;
- }
+ if (p == node) {
+ move = UP;
+ continue;
+ }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
/*******************************/
- /* expand DEFAULT */
+ /* expand DEFAULT */
/*******************************/
- p = node;
- move = DOWN;
-
- while (!((p == node) && (move == UP)))
- {
- if (move != UP)
- {
- if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p->type & CONST_DEFAULT))
- {
- p2 = p->down;
- if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
- {
- _asn1_str_cpy (name2, sizeof (name2), name_root);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
- p3 = asn1_find_node (node, name2);
- if (!p3 || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) ||
- !(p3->type & CONST_ASSIGN))
- return ASN1_ELEMENT_NOT_FOUND;
- p4 = p3->down;
- name2[0] = 0;
- while (p4)
- {
- if (type_field (p4->type) == ASN1_ETYPE_CONSTANT)
- {
- if (name2[0])
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2),
- (char *) p4->value);
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP))) {
+ if (move != UP) {
+ if ((type_field(p->type) == ASN1_ETYPE_OBJECT_ID)
+ && (p->type & CONST_DEFAULT)) {
+ p2 = p->down;
+ if (p2
+ && (type_field(p2->type) ==
+ ASN1_ETYPE_DEFAULT)) {
+ _asn1_str_cpy(name2, sizeof(name2),
+ name_root);
+ _asn1_str_cat(name2, sizeof(name2),
+ ".");
+ _asn1_str_cat(name2, sizeof(name2),
+ (char *) p2->value);
+ p3 = asn1_find_node(node, name2);
+ if (!p3
+ || (type_field(p3->type) !=
+ ASN1_ETYPE_OBJECT_ID)
+ || !(p3->type & CONST_ASSIGN))
+ return
+ ASN1_ELEMENT_NOT_FOUND;
+ p4 = p3->down;
+ name2[0] = 0;
+ while (p4) {
+ if (type_field(p4->type) ==
+ ASN1_ETYPE_CONSTANT) {
+ if (name2[0])
+ _asn1_str_cat
+ (name2,
+ sizeof
+ (name2),
+ ".");
+ _asn1_str_cat
+ (name2,
+ sizeof(name2),
+ (char *) p4->
+ value);
+ }
+ p4 = p4->right;
+ }
+ tlen = strlen(name2);
+ if (tlen > 0)
+ _asn1_set_value(p2, name2,
+ tlen + 1);
+ }
}
- p4 = p4->right;
- }
- tlen = strlen (name2);
- if (tlen > 0)
- _asn1_set_value (p2, name2, tlen + 1);
+ move = DOWN;
+ } else
+ move = RIGHT;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- }
- move = DOWN;
- }
- else
- move = RIGHT;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if (p == node)
- {
- move = UP;
- continue;
- }
+ if (p == node) {
+ move = UP;
+ continue;
+ }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -817,63 +804,57 @@ _asn1_expand_object_id (asn1_node node)
/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
/* otherwise ASN1_SUCCESS */
/******************************************************************/
-int
-_asn1_type_set_config (asn1_node node)
+int _asn1_type_set_config(asn1_node node)
{
- asn1_node p, p2;
- int move;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- move = DOWN;
-
- while (!((p == node) && (move == UP)))
- {
- if (move != UP)
- {
- if (type_field (p->type) == ASN1_ETYPE_SET)
- {
- p2 = p->down;
- while (p2)
- {
- if (type_field (p2->type) != ASN1_ETYPE_TAG)
- p2->type |= CONST_SET | CONST_NOT_USED;
- p2 = p2->right;
+ asn1_node p, p2;
+ int move;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP))) {
+ if (move != UP) {
+ if (type_field(p->type) == ASN1_ETYPE_SET) {
+ p2 = p->down;
+ while (p2) {
+ if (type_field(p2->type) !=
+ ASN1_ETYPE_TAG)
+ p2->type |=
+ CONST_SET |
+ CONST_NOT_USED;
+ p2 = p2->right;
+ }
+ }
+ move = DOWN;
+ } else
+ move = RIGHT;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- }
- move = DOWN;
- }
- else
- move = RIGHT;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if (p == node)
- {
- move = UP;
- continue;
- }
+ if (p == node) {
+ move = UP;
+ continue;
+ }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -890,99 +871,105 @@ _asn1_type_set_config (asn1_node node)
/* ASN1_IDENTIFIER_NOT_FOUND if an identifier is not defined, */
/* otherwise ASN1_SUCCESS */
/******************************************************************/
-int
-_asn1_check_identifier (asn1_node node)
+int _asn1_check_identifier(asn1_node node)
{
- asn1_node p, p2;
- char name2[ASN1_MAX_NAME_SIZE * 2 + 2];
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- while (p)
- {
- if (type_field (p->type) == ASN1_ETYPE_IDENTIFIER)
- {
- _asn1_str_cpy (name2, sizeof (name2), node->name);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), (char *) p->value);
- p2 = asn1_find_node (node, name2);
- if (p2 == NULL)
- {
- if (p->value)
- _asn1_strcpy (_asn1_identifierMissing, p->value);
- else
- _asn1_strcpy (_asn1_identifierMissing, "(null)");
- return ASN1_IDENTIFIER_NOT_FOUND;
- }
- }
- else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p->type & CONST_DEFAULT))
- {
- p2 = p->down;
- if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
- {
- _asn1_str_cpy (name2, sizeof (name2), node->name);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
- _asn1_strcpy (_asn1_identifierMissing, p2->value);
- p2 = asn1_find_node (node, name2);
- if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
- !(p2->type & CONST_ASSIGN))
- return ASN1_IDENTIFIER_NOT_FOUND;
- else
- _asn1_identifierMissing[0] = 0;
- }
- }
- else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p->type & CONST_ASSIGN))
- {
- p2 = p->down;
- if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT))
- {
- if (p2->value && !isdigit (p2->value[0]))
- {
- _asn1_str_cpy (name2, sizeof (name2), node->name);
- _asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
- _asn1_strcpy (_asn1_identifierMissing, p2->value);
- p2 = asn1_find_node (node, name2);
- if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
- !(p2->type & CONST_ASSIGN))
- return ASN1_IDENTIFIER_NOT_FOUND;
- else
- _asn1_identifierMissing[0] = 0;
+ asn1_node p, p2;
+ char name2[ASN1_MAX_NAME_SIZE * 2 + 2];
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p) {
+ if (type_field(p->type) == ASN1_ETYPE_IDENTIFIER) {
+ _asn1_str_cpy(name2, sizeof(name2), node->name);
+ _asn1_str_cat(name2, sizeof(name2), ".");
+ _asn1_str_cat(name2, sizeof(name2),
+ (char *) p->value);
+ p2 = asn1_find_node(node, name2);
+ if (p2 == NULL) {
+ if (p->value)
+ _asn1_strcpy
+ (_asn1_identifierMissing,
+ p->value);
+ else
+ _asn1_strcpy
+ (_asn1_identifierMissing,
+ "(null)");
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ }
+ } else if ((type_field(p->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p->type & CONST_DEFAULT)) {
+ p2 = p->down;
+ if (p2
+ && (type_field(p2->type) ==
+ ASN1_ETYPE_DEFAULT)) {
+ _asn1_str_cpy(name2, sizeof(name2),
+ node->name);
+ _asn1_str_cat(name2, sizeof(name2), ".");
+ _asn1_str_cat(name2, sizeof(name2),
+ (char *) p2->value);
+ _asn1_strcpy(_asn1_identifierMissing,
+ p2->value);
+ p2 = asn1_find_node(node, name2);
+ if (!p2
+ || (type_field(p2->type) !=
+ ASN1_ETYPE_OBJECT_ID)
+ || !(p2->type & CONST_ASSIGN))
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ else
+ _asn1_identifierMissing[0] = 0;
+ }
+ } else if ((type_field(p->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p->type & CONST_ASSIGN)) {
+ p2 = p->down;
+ if (p2
+ && (type_field(p2->type) ==
+ ASN1_ETYPE_CONSTANT)) {
+ if (p2->value && !isdigit(p2->value[0])) {
+ _asn1_str_cpy(name2, sizeof(name2),
+ node->name);
+ _asn1_str_cat(name2, sizeof(name2),
+ ".");
+ _asn1_str_cat(name2, sizeof(name2),
+ (char *) p2->value);
+ _asn1_strcpy
+ (_asn1_identifierMissing,
+ p2->value);
+ p2 = asn1_find_node(node, name2);
+ if (!p2
+ || (type_field(p2->type) !=
+ ASN1_ETYPE_OBJECT_ID)
+ || !(p2->type & CONST_ASSIGN))
+ return
+ ASN1_IDENTIFIER_NOT_FOUND;
+ else
+ _asn1_identifierMissing[0]
+ = 0;
+ }
+ }
}
- }
- }
- if (p->down)
- {
- p = p->down;
- }
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == node)
- {
- p = NULL;
- break;
- }
- if (p->right)
- {
- p = p->right;
- break;
+ if (p->down) {
+ p = p->down;
+ } else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == node) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
}
- }
}
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -997,50 +984,43 @@ _asn1_check_identifier (asn1_node node)
/* a DEFINITIONS element, */
/* otherwise ASN1_SUCCESS */
/******************************************************************/
-int
-_asn1_set_default_tag (asn1_node node)
+int _asn1_set_default_tag(asn1_node node)
{
- asn1_node p;
-
- if ((node == NULL) || (type_field (node->type) != ASN1_ETYPE_DEFINITIONS))
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- while (p)
- {
- if ((type_field (p->type) == ASN1_ETYPE_TAG) &&
- !(p->type & CONST_EXPLICIT) && !(p->type & CONST_IMPLICIT))
- {
- if (node->type & CONST_EXPLICIT)
- p->type |= CONST_EXPLICIT;
- else
- p->type |= CONST_IMPLICIT;
- }
-
- if (p->down)
- {
- p = p->down;
- }
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == node)
- {
- p = NULL;
- break;
+ asn1_node p;
+
+ if ((node == NULL)
+ || (type_field(node->type) != ASN1_ETYPE_DEFINITIONS))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p) {
+ if ((type_field(p->type) == ASN1_ETYPE_TAG) &&
+ !(p->type & CONST_EXPLICIT)
+ && !(p->type & CONST_IMPLICIT)) {
+ if (node->type & CONST_EXPLICIT)
+ p->type |= CONST_EXPLICIT;
+ else
+ p->type |= CONST_IMPLICIT;
}
- if (p->right)
- {
- p = p->right;
- break;
+
+ if (p->down) {
+ p = p->down;
+ } else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == node) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
}
- }
}
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
diff --git a/lib/minitasn1/parser_aux.h b/lib/minitasn1/parser_aux.h
index f270b73595..8b5e6c79bc 100644
--- a/lib/minitasn1/parser_aux.h
+++ b/lib/minitasn1/parser_aux.h
@@ -27,46 +27,46 @@
/***************************************/
/* Functions used by ASN.1 parser */
/***************************************/
-asn1_node _asn1_add_static_node (unsigned int type);
+asn1_node _asn1_add_static_node(unsigned int type);
asn1_node
-_asn1_set_value (asn1_node node, const void *value, unsigned int len);
+_asn1_set_value(asn1_node node, const void *value, unsigned int len);
-asn1_node _asn1_set_value_m (asn1_node node, void *value, unsigned int len);
+asn1_node _asn1_set_value_m(asn1_node node, void *value, unsigned int len);
asn1_node
-_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len);
+_asn1_set_value_lv(asn1_node node, const void *value, unsigned int len);
asn1_node
-_asn1_append_value (asn1_node node, const void *value, unsigned int len);
+_asn1_append_value(asn1_node node, const void *value, unsigned int len);
-asn1_node _asn1_set_name (asn1_node node, const char *name);
+asn1_node _asn1_set_name(asn1_node node, const char *name);
-asn1_node _asn1_cpy_name (asn1_node dst, asn1_node src);
+asn1_node _asn1_cpy_name(asn1_node dst, asn1_node src);
-asn1_node _asn1_set_right (asn1_node node, asn1_node right);
+asn1_node _asn1_set_right(asn1_node node, asn1_node right);
-asn1_node _asn1_get_last_right (asn1_node node);
+asn1_node _asn1_get_last_right(asn1_node node);
-void _asn1_remove_node (asn1_node node);
+void _asn1_remove_node(asn1_node node);
-void _asn1_delete_list (void);
+void _asn1_delete_list(void);
-void _asn1_delete_list_and_nodes (void);
+void _asn1_delete_list_and_nodes(void);
-char *_asn1_ltostr (long v, char *str);
+char *_asn1_ltostr(long v, char *str);
-asn1_node _asn1_find_up (asn1_node node);
+asn1_node _asn1_find_up(asn1_node node);
-int _asn1_change_integer_value (asn1_node node);
+int _asn1_change_integer_value(asn1_node node);
-int _asn1_expand_object_id (asn1_node node);
+int _asn1_expand_object_id(asn1_node node);
-int _asn1_type_set_config (asn1_node node);
+int _asn1_type_set_config(asn1_node node);
-int _asn1_check_identifier (asn1_node node);
+int _asn1_check_identifier(asn1_node node);
-int _asn1_set_default_tag (asn1_node node);
+int _asn1_set_default_tag(asn1_node node);
/******************************************************************/
/* Function : _asn1_get_right */
@@ -76,12 +76,11 @@ int _asn1_set_default_tag (asn1_node node);
/* node: NODE_ASN element pointer. */
/* Return: field RIGHT of NODE. */
/******************************************************************/
-inline static asn1_node
-_asn1_get_right (asn1_node node)
+inline static asn1_node _asn1_get_right(asn1_node node)
{
- if (node == NULL)
- return NULL;
- return node->right;
+ if (node == NULL)
+ return NULL;
+ return node->right;
}
/******************************************************************/
@@ -93,15 +92,14 @@ _asn1_get_right (asn1_node node)
/* by NODE. */
/* Return: pointer to *NODE. */
/******************************************************************/
-inline static asn1_node
-_asn1_set_down (asn1_node node, asn1_node down)
+inline static asn1_node _asn1_set_down(asn1_node node, asn1_node down)
{
- if (node == NULL)
- return node;
- node->down = down;
- if (down)
- down->left = node;
- return node;
+ if (node == NULL)
+ return node;
+ node->down = down;
+ if (down)
+ down->left = node;
+ return node;
}
/******************************************************************/
@@ -112,12 +110,11 @@ _asn1_set_down (asn1_node node, asn1_node down)
/* node: NODE_ASN element pointer. */
/* Return: field DOWN of NODE. */
/******************************************************************/
-inline static asn1_node
-_asn1_get_down (asn1_node node)
+inline static asn1_node _asn1_get_down(asn1_node node)
{
- if (node == NULL)
- return NULL;
- return node->down;
+ if (node == NULL)
+ return NULL;
+ return node->down;
}
/******************************************************************/
@@ -127,12 +124,11 @@ _asn1_get_down (asn1_node node)
/* node: NODE_ASN element pointer. */
/* Return: a null terminated string. */
/******************************************************************/
-inline static char *
-_asn1_get_name (asn1_node node)
+inline static char *_asn1_get_name(asn1_node node)
{
- if (node == NULL)
- return NULL;
- return node->name;
+ if (node == NULL)
+ return NULL;
+ return node->name;
}
/******************************************************************/
@@ -146,13 +142,12 @@ _asn1_get_name (asn1_node node)
/* value of field TYPE. */
/* Return: NODE pointer. */
/******************************************************************/
-inline static asn1_node
-_asn1_mod_type (asn1_node node, unsigned int value)
+inline static asn1_node _asn1_mod_type(asn1_node node, unsigned int value)
{
- if (node == NULL)
- return node;
- node->type |= value;
- return node;
+ if (node == NULL)
+ return node;
+ node->type |= value;
+ return node;
}
#endif
diff --git a/lib/minitasn1/structure.c b/lib/minitasn1/structure.c
index 31a5f654bb..567c5cec67 100644
--- a/lib/minitasn1/structure.c
+++ b/lib/minitasn1/structure.c
@@ -44,18 +44,17 @@ extern char _asn1_identifierMissing[];
/* and CONST_ constants). */
/* Return: pointer to the new element. */
/******************************************************/
-asn1_node
-_asn1_add_single_node (unsigned int type)
+asn1_node _asn1_add_single_node(unsigned int type)
{
- asn1_node punt;
+ asn1_node punt;
- punt = calloc (1, sizeof (struct asn1_node_st));
- if (punt == NULL)
- return NULL;
+ punt = calloc(1, sizeof(struct asn1_node_st));
+ if (punt == NULL)
+ return NULL;
- punt->type = type;
+ punt->type = type;
- return punt;
+ return punt;
}
@@ -67,93 +66,84 @@ _asn1_add_single_node (unsigned int type)
/* node: NODE_ASN element pointer. */
/* Return: NULL if not found. */
/******************************************************************/
-asn1_node
-_asn1_find_left (asn1_node node)
+asn1_node _asn1_find_left(asn1_node node)
{
- if ((node == NULL) || (node->left == NULL) || (node->left->down == node))
- return NULL;
+ if ((node == NULL) || (node->left == NULL)
+ || (node->left->down == node))
+ return NULL;
- return node->left;
+ return node->left;
}
int
-_asn1_create_static_structure (asn1_node pointer, char *output_file_name,
- char *vector_name)
+_asn1_create_static_structure(asn1_node pointer, char *output_file_name,
+ char *vector_name)
{
- FILE *file;
- asn1_node p;
- unsigned long t;
+ FILE *file;
+ asn1_node p;
+ unsigned long t;
- file = fopen (output_file_name, "w");
+ file = fopen(output_file_name, "w");
- if (file == NULL)
- return ASN1_FILE_NOT_FOUND;
+ if (file == NULL)
+ return ASN1_FILE_NOT_FOUND;
- fprintf (file, "#if HAVE_CONFIG_H\n");
- fprintf (file, "# include \"config.h\"\n");
- fprintf (file, "#endif\n\n");
+ fprintf(file, "#if HAVE_CONFIG_H\n");
+ fprintf(file, "# include \"config.h\"\n");
+ fprintf(file, "#endif\n\n");
- fprintf (file, "#include <libtasn1.h>\n\n");
+ fprintf(file, "#include <libtasn1.h>\n\n");
- fprintf (file, "const asn1_static_node %s[] = {\n", vector_name);
+ fprintf(file, "const asn1_static_node %s[] = {\n", vector_name);
- p = pointer;
+ p = pointer;
- while (p)
- {
- fprintf (file, " { ");
+ while (p) {
+ fprintf(file, " { ");
- if (p->name[0] != 0)
- fprintf (file, "\"%s\", ", p->name);
- else
- fprintf (file, "NULL, ");
+ if (p->name[0] != 0)
+ fprintf(file, "\"%s\", ", p->name);
+ else
+ fprintf(file, "NULL, ");
- t = p->type;
- if (p->down)
- t |= CONST_DOWN;
- if (p->right)
- t |= CONST_RIGHT;
+ t = p->type;
+ if (p->down)
+ t |= CONST_DOWN;
+ if (p->right)
+ t |= CONST_RIGHT;
- fprintf (file, "%lu, ", t);
+ fprintf(file, "%lu, ", t);
- if (p->value)
- fprintf (file, "\"%s\"},\n", p->value);
- else
- fprintf (file, "NULL },\n");
-
- if (p->down)
- {
- p = p->down;
- }
- else if (p->right)
- {
- p = p->right;
- }
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == pointer)
- {
- p = NULL;
- break;
- }
- if (p->right)
- {
- p = p->right;
- break;
+ if (p->value)
+ fprintf(file, "\"%s\"},\n", p->value);
+ else
+ fprintf(file, "NULL },\n");
+
+ if (p->down) {
+ p = p->down;
+ } else if (p->right) {
+ p = p->right;
+ } else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == pointer) {
+ p = NULL;
+ break;
+ }
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
}
- }
}
- }
- fprintf (file, " { NULL, 0, NULL }\n};\n");
+ fprintf(file, " { NULL, 0, NULL }\n};\n");
- fclose (file);
+ fclose(file);
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -174,104 +164,92 @@ _asn1_create_static_structure (asn1_node pointer, char *output_file_name,
* %ASN1_ARRAY_ERROR if the array pointed by @array is wrong.
**/
int
-asn1_array2tree (const asn1_static_node * array, asn1_node * definitions,
- char *errorDescription)
+asn1_array2tree(const asn1_static_node * array, asn1_node * definitions,
+ char *errorDescription)
{
- asn1_node p, p_last = NULL;
- unsigned long k;
- int move;
- int result;
- unsigned int type;
-
-
- if (*definitions != NULL)
- return ASN1_ELEMENT_NOT_EMPTY;
-
- move = UP;
-
- k = 0;
- while (array[k].value || array[k].type || array[k].name)
- {
- type = convert_old_type(array[k].type);
-
- p = _asn1_add_static_node (type & (~CONST_DOWN));
- if (array[k].name)
- _asn1_set_name (p, array[k].name);
- if (array[k].value)
- _asn1_set_value (p, array[k].value, strlen (array[k].value) + 1);
-
- if (*definitions == NULL)
- *definitions = p;
-
- if (move == DOWN)
- _asn1_set_down (p_last, p);
- else if (move == RIGHT)
- _asn1_set_right (p_last, p);
-
- p_last = p;
-
- if (type & CONST_DOWN)
- move = DOWN;
- else if (type & CONST_RIGHT)
- move = RIGHT;
- else
- {
- while (1)
- {
- if (p_last == *definitions)
- break;
-
- p_last = _asn1_find_up (p_last);
-
- if (p_last == NULL)
- break;
-
- if (p_last->type & CONST_RIGHT)
- {
- p_last->type &= ~CONST_RIGHT;
- move = RIGHT;
- break;
+ asn1_node p, p_last = NULL;
+ unsigned long k;
+ int move;
+ int result;
+ unsigned int type;
+
+
+ if (*definitions != NULL)
+ return ASN1_ELEMENT_NOT_EMPTY;
+
+ move = UP;
+
+ k = 0;
+ while (array[k].value || array[k].type || array[k].name) {
+ type = convert_old_type(array[k].type);
+
+ p = _asn1_add_static_node(type & (~CONST_DOWN));
+ if (array[k].name)
+ _asn1_set_name(p, array[k].name);
+ if (array[k].value)
+ _asn1_set_value(p, array[k].value,
+ strlen(array[k].value) + 1);
+
+ if (*definitions == NULL)
+ *definitions = p;
+
+ if (move == DOWN)
+ _asn1_set_down(p_last, p);
+ else if (move == RIGHT)
+ _asn1_set_right(p_last, p);
+
+ p_last = p;
+
+ if (type & CONST_DOWN)
+ move = DOWN;
+ else if (type & CONST_RIGHT)
+ move = RIGHT;
+ else {
+ while (1) {
+ if (p_last == *definitions)
+ break;
+
+ p_last = _asn1_find_up(p_last);
+
+ if (p_last == NULL)
+ break;
+
+ if (p_last->type & CONST_RIGHT) {
+ p_last->type &= ~CONST_RIGHT;
+ move = RIGHT;
+ break;
+ }
+ } /* while */
}
- } /* while */
- }
- k++;
- } /* while */
-
- if (p_last == *definitions)
- {
- result = _asn1_check_identifier (*definitions);
- if (result == ASN1_SUCCESS)
- {
- _asn1_change_integer_value (*definitions);
- _asn1_expand_object_id (*definitions);
+ k++;
+ } /* while */
+
+ if (p_last == *definitions) {
+ result = _asn1_check_identifier(*definitions);
+ if (result == ASN1_SUCCESS) {
+ _asn1_change_integer_value(*definitions);
+ _asn1_expand_object_id(*definitions);
+ }
+ } else {
+ result = ASN1_ARRAY_ERROR;
}
- }
- else
- {
- result = ASN1_ARRAY_ERROR;
- }
-
- if (errorDescription != NULL)
- {
- if (result == ASN1_IDENTIFIER_NOT_FOUND)
- {
- Estrcpy (errorDescription, ":: identifier '");
- Estrcat (errorDescription, _asn1_identifierMissing);
- Estrcat (errorDescription, "' not found");
+
+ if (errorDescription != NULL) {
+ if (result == ASN1_IDENTIFIER_NOT_FOUND) {
+ Estrcpy(errorDescription, ":: identifier '");
+ Estrcat(errorDescription, _asn1_identifierMissing);
+ Estrcat(errorDescription, "' not found");
+ } else
+ errorDescription[0] = 0;
}
- else
- errorDescription[0] = 0;
- }
-
- if (result != ASN1_SUCCESS)
- {
- _asn1_delete_list_and_nodes ();
- *definitions = NULL;
- }
- else
- _asn1_delete_list ();
-
- return result;
+
+ if (result != ASN1_SUCCESS) {
+ _asn1_delete_list_and_nodes();
+ *definitions = NULL;
+ } else
+ _asn1_delete_list();
+
+ return result;
}
/**
@@ -284,55 +262,45 @@ asn1_array2tree (const asn1_static_node * array, asn1_node * definitions,
* Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
* *@structure was NULL.
**/
-int
-asn1_delete_structure (asn1_node * structure)
+int asn1_delete_structure(asn1_node * structure)
{
- asn1_node p, p2, p3;
-
- if (*structure == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = *structure;
- while (p)
- {
- if (p->down)
- {
- p = p->down;
- }
- else
- { /* no down */
- p2 = p->right;
- if (p != *structure)
- {
- p3 = _asn1_find_up (p);
- _asn1_set_down (p3, p2);
- _asn1_remove_node (p);
- p = p3;
- }
- else
- { /* p==root */
- p3 = _asn1_find_left (p);
- if (!p3)
- {
- p3 = _asn1_find_up (p);
- if (p3)
- _asn1_set_down (p3, p2);
- else
- {
- if (p->right)
- p->right->left = NULL;
- }
+ asn1_node p, p2, p3;
+
+ if (*structure == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = *structure;
+ while (p) {
+ if (p->down) {
+ p = p->down;
+ } else { /* no down */
+ p2 = p->right;
+ if (p != *structure) {
+ p3 = _asn1_find_up(p);
+ _asn1_set_down(p3, p2);
+ _asn1_remove_node(p);
+ p = p3;
+ } else { /* p==root */
+ p3 = _asn1_find_left(p);
+ if (!p3) {
+ p3 = _asn1_find_up(p);
+ if (p3)
+ _asn1_set_down(p3, p2);
+ else {
+ if (p->right)
+ p->right->left =
+ NULL;
+ }
+ } else
+ _asn1_set_right(p3, p2);
+ _asn1_remove_node(p);
+ p = NULL;
+ }
}
- else
- _asn1_set_right (p3, p2);
- _asn1_remove_node (p);
- p = NULL;
- }
}
- }
- *structure = NULL;
- return ASN1_SUCCESS;
+ *structure = NULL;
+ return ASN1_SUCCESS;
}
@@ -348,291 +316,279 @@ asn1_delete_structure (asn1_node * structure)
* Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
* the @element_name was not found.
**/
-int
-asn1_delete_element (asn1_node structure, const char *element_name)
+int asn1_delete_element(asn1_node structure, const char *element_name)
{
- asn1_node p2, p3, source_node;
-
- source_node = asn1_find_node (structure, element_name);
-
- if (source_node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p2 = source_node->right;
- p3 = _asn1_find_left (source_node);
- if (!p3)
- {
- p3 = _asn1_find_up (source_node);
- if (p3)
- _asn1_set_down (p3, p2);
- else if (source_node->right)
- source_node->right->left = NULL;
- }
- else
- _asn1_set_right (p3, p2);
-
- return asn1_delete_structure (&source_node);
+ asn1_node p2, p3, source_node;
+
+ source_node = asn1_find_node(structure, element_name);
+
+ if (source_node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p2 = source_node->right;
+ p3 = _asn1_find_left(source_node);
+ if (!p3) {
+ p3 = _asn1_find_up(source_node);
+ if (p3)
+ _asn1_set_down(p3, p2);
+ else if (source_node->right)
+ source_node->right->left = NULL;
+ } else
+ _asn1_set_right(p3, p2);
+
+ return asn1_delete_structure(&source_node);
}
-asn1_node
-_asn1_copy_structure3 (asn1_node source_node)
+asn1_node _asn1_copy_structure3(asn1_node source_node)
{
- asn1_node dest_node, p_s, p_d, p_d_prev;
- int move;
-
- if (source_node == NULL)
- return NULL;
-
- dest_node = _asn1_add_single_node (source_node->type);
-
- p_s = source_node;
- p_d = dest_node;
-
- move = DOWN;
-
- do
- {
- if (move != UP)
- {
- if (p_s->name[0] != 0)
- _asn1_cpy_name (p_d, p_s);
- if (p_s->value)
- _asn1_set_value (p_d, p_s->value, p_s->value_len);
- if (p_s->down)
- {
- p_s = p_s->down;
- p_d_prev = p_d;
- p_d = _asn1_add_single_node (p_s->type);
- _asn1_set_down (p_d_prev, p_d);
- continue;
- }
+ asn1_node dest_node, p_s, p_d, p_d_prev;
+ int move;
+
+ if (source_node == NULL)
+ return NULL;
+
+ dest_node = _asn1_add_single_node(source_node->type);
+
+ p_s = source_node;
+ p_d = dest_node;
+
+ move = DOWN;
+
+ do {
+ if (move != UP) {
+ if (p_s->name[0] != 0)
+ _asn1_cpy_name(p_d, p_s);
+ if (p_s->value)
+ _asn1_set_value(p_d, p_s->value,
+ p_s->value_len);
+ if (p_s->down) {
+ p_s = p_s->down;
+ p_d_prev = p_d;
+ p_d = _asn1_add_single_node(p_s->type);
+ _asn1_set_down(p_d_prev, p_d);
+ continue;
+ }
+ }
+
+ if (p_s == source_node)
+ break;
+
+ if (p_s->right) {
+ move = RIGHT;
+ p_s = p_s->right;
+ p_d_prev = p_d;
+ p_d = _asn1_add_single_node(p_s->type);
+ _asn1_set_right(p_d_prev, p_d);
+ } else {
+ move = UP;
+ p_s = _asn1_find_up(p_s);
+ p_d = _asn1_find_up(p_d);
+ }
}
+ while (p_s != source_node);
- if (p_s == source_node)
- break;
-
- if (p_s->right)
- {
- move = RIGHT;
- p_s = p_s->right;
- p_d_prev = p_d;
- p_d = _asn1_add_single_node (p_s->type);
- _asn1_set_right (p_d_prev, p_d);
- }
- else
- {
- move = UP;
- p_s = _asn1_find_up (p_s);
- p_d = _asn1_find_up (p_d);
- }
- }
- while (p_s != source_node);
-
- return dest_node;
+ return dest_node;
}
static asn1_node
-_asn1_copy_structure2 (asn1_node root, const char *source_name)
+_asn1_copy_structure2(asn1_node root, const char *source_name)
{
- asn1_node source_node;
+ asn1_node source_node;
- source_node = asn1_find_node (root, source_name);
+ source_node = asn1_find_node(root, source_name);
- return _asn1_copy_structure3 (source_node);
+ return _asn1_copy_structure3(source_node);
}
-static int
-_asn1_type_choice_config (asn1_node node)
+static int _asn1_type_choice_config(asn1_node node)
{
- asn1_node p, p2, p3, p4;
- int move, tlen;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node;
- move = DOWN;
-
- while (!((p == node) && (move == UP)))
- {
- if (move != UP)
- {
- if ((type_field (p->type) == ASN1_ETYPE_CHOICE) && (p->type & CONST_TAG))
- {
- p2 = p->down;
- while (p2)
- {
- if (type_field (p2->type) != ASN1_ETYPE_TAG)
- {
- p2->type |= CONST_TAG;
- p3 = _asn1_find_left (p2);
- while (p3)
- {
- if (type_field (p3->type) == ASN1_ETYPE_TAG)
- {
- p4 = _asn1_add_single_node (p3->type);
- tlen = _asn1_strlen (p3->value);
- if (tlen > 0)
- _asn1_set_value (p4, p3->value, tlen + 1);
- _asn1_set_right (p4, p2->down);
- _asn1_set_down (p2, p4);
- }
- p3 = _asn1_find_left (p3);
+ asn1_node p, p2, p3, p4;
+ int move, tlen;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP))) {
+ if (move != UP) {
+ if ((type_field(p->type) == ASN1_ETYPE_CHOICE)
+ && (p->type & CONST_TAG)) {
+ p2 = p->down;
+ while (p2) {
+ if (type_field(p2->type) !=
+ ASN1_ETYPE_TAG) {
+ p2->type |= CONST_TAG;
+ p3 = _asn1_find_left(p2);
+ while (p3) {
+ if (type_field
+ (p3->type) ==
+ ASN1_ETYPE_TAG)
+ {
+ p4 = _asn1_add_single_node(p3->type);
+ tlen =
+ _asn1_strlen
+ (p3->
+ value);
+ if (tlen >
+ 0)
+ _asn1_set_value
+ (p4,
+ p3->
+ value,
+ tlen
+ +
+ 1);
+ _asn1_set_right
+ (p4,
+ p2->
+ down);
+ _asn1_set_down
+ (p2,
+ p4);
+ }
+ p3 = _asn1_find_left(p3);
+ }
+ }
+ p2 = p2->right;
+ }
+ p->type &= ~(CONST_TAG);
+ p2 = p->down;
+ while (p2) {
+ p3 = p2->right;
+ if (type_field(p2->type) ==
+ ASN1_ETYPE_TAG)
+ asn1_delete_structure(&p2);
+ p2 = p3;
+ }
}
- }
- p2 = p2->right;
+ move = DOWN;
+ } else
+ move = RIGHT;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
}
- p->type &= ~(CONST_TAG);
- p2 = p->down;
- while (p2)
- {
- p3 = p2->right;
- if (type_field (p2->type) == ASN1_ETYPE_TAG)
- asn1_delete_structure (&p2);
- p2 = p3;
- }
- }
- move = DOWN;
- }
- else
- move = RIGHT;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
- if (p == node)
- {
- move = UP;
- continue;
- }
+ if (p == node) {
+ move = UP;
+ continue;
+ }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
-static int
-_asn1_expand_identifier (asn1_node * node, asn1_node root)
+static int _asn1_expand_identifier(asn1_node * node, asn1_node root)
{
- asn1_node p, p2, p3;
- char name2[ASN1_MAX_NAME_SIZE + 2];
- int move;
-
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = *node;
- move = DOWN;
-
- while (!((p == *node) && (move == UP)))
- {
- if (move != UP)
- {
- if (type_field (p->type) == ASN1_ETYPE_IDENTIFIER)
- {
- snprintf(name2, sizeof (name2), "%s.%s", root->name, p->value);
- p2 = _asn1_copy_structure2 (root, name2);
- if (p2 == NULL)
- {
- return ASN1_IDENTIFIER_NOT_FOUND;
- }
- _asn1_cpy_name (p2, p);
- p2->right = p->right;
- p2->left = p->left;
- if (p->right)
- p->right->left = p2;
- p3 = p->down;
- if (p3)
- {
- while (p3->right)
- p3 = p3->right;
- _asn1_set_right (p3, p2->down);
- _asn1_set_down (p2, p->down);
- }
+ asn1_node p, p2, p3;
+ char name2[ASN1_MAX_NAME_SIZE + 2];
+ int move;
- p3 = _asn1_find_left (p);
- if (p3)
- _asn1_set_right (p3, p2);
- else
- {
- p3 = _asn1_find_up (p);
- if (p3)
- _asn1_set_down (p3, p2);
- else
- {
- p2->left = NULL;
- }
- }
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
- if (p->type & CONST_SIZE)
- p2->type |= CONST_SIZE;
- if (p->type & CONST_TAG)
- p2->type |= CONST_TAG;
- if (p->type & CONST_OPTION)
- p2->type |= CONST_OPTION;
- if (p->type & CONST_DEFAULT)
- p2->type |= CONST_DEFAULT;
- if (p->type & CONST_SET)
- p2->type |= CONST_SET;
- if (p->type & CONST_NOT_USED)
- p2->type |= CONST_NOT_USED;
-
- if (p == *node)
- *node = p2;
- _asn1_remove_node (p);
- p = p2;
- move = DOWN;
- continue;
- }
- move = DOWN;
- }
- else
- move = RIGHT;
-
- if (move == DOWN)
- {
- if (p->down)
- p = p->down;
- else
- move = RIGHT;
- }
+ p = *node;
+ move = DOWN;
- if (p == *node)
- {
- move = UP;
- continue;
- }
+ while (!((p == *node) && (move == UP))) {
+ if (move != UP) {
+ if (type_field(p->type) == ASN1_ETYPE_IDENTIFIER) {
+ snprintf(name2, sizeof(name2), "%s.%s",
+ root->name, p->value);
+ p2 = _asn1_copy_structure2(root, name2);
+ if (p2 == NULL) {
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ }
+ _asn1_cpy_name(p2, p);
+ p2->right = p->right;
+ p2->left = p->left;
+ if (p->right)
+ p->right->left = p2;
+ p3 = p->down;
+ if (p3) {
+ while (p3->right)
+ p3 = p3->right;
+ _asn1_set_right(p3, p2->down);
+ _asn1_set_down(p2, p->down);
+ }
+
+ p3 = _asn1_find_left(p);
+ if (p3)
+ _asn1_set_right(p3, p2);
+ else {
+ p3 = _asn1_find_up(p);
+ if (p3)
+ _asn1_set_down(p3, p2);
+ else {
+ p2->left = NULL;
+ }
+ }
+
+ if (p->type & CONST_SIZE)
+ p2->type |= CONST_SIZE;
+ if (p->type & CONST_TAG)
+ p2->type |= CONST_TAG;
+ if (p->type & CONST_OPTION)
+ p2->type |= CONST_OPTION;
+ if (p->type & CONST_DEFAULT)
+ p2->type |= CONST_DEFAULT;
+ if (p->type & CONST_SET)
+ p2->type |= CONST_SET;
+ if (p->type & CONST_NOT_USED)
+ p2->type |= CONST_NOT_USED;
+
+ if (p == *node)
+ *node = p2;
+ _asn1_remove_node(p);
+ p = p2;
+ move = DOWN;
+ continue;
+ }
+ move = DOWN;
+ } else
+ move = RIGHT;
+
+ if (move == DOWN) {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == *node) {
+ move = UP;
+ continue;
+ }
- if (move == RIGHT)
- {
- if (p->right)
- p = p->right;
- else
- move = UP;
+ if (move == RIGHT) {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up(p);
}
- if (move == UP)
- p = _asn1_find_up (p);
- }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -652,25 +608,25 @@ _asn1_expand_identifier (asn1_node * node, asn1_node root)
* @source_name is not known.
**/
int
-asn1_create_element (asn1_node definitions, const char *source_name,
- asn1_node * element)
+asn1_create_element(asn1_node definitions, const char *source_name,
+ asn1_node * element)
{
- asn1_node dest_node;
- int res;
+ asn1_node dest_node;
+ int res;
- dest_node = _asn1_copy_structure2 (definitions, source_name);
+ dest_node = _asn1_copy_structure2(definitions, source_name);
- if (dest_node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
+ if (dest_node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
- _asn1_set_name (dest_node, "");
+ _asn1_set_name(dest_node, "");
- res = _asn1_expand_identifier (&dest_node, definitions);
- _asn1_type_choice_config (dest_node);
+ res = _asn1_expand_identifier(&dest_node, definitions);
+ _asn1_type_choice_config(dest_node);
- *element = dest_node;
+ *element = dest_node;
- return res;
+ return res;
}
@@ -687,331 +643,358 @@ asn1_create_element (asn1_node definitions, const char *source_name,
* from the @name element inside the structure @structure.
**/
void
-asn1_print_structure (FILE * out, asn1_node structure, const char *name,
- int mode)
+asn1_print_structure(FILE * out, asn1_node structure, const char *name,
+ int mode)
{
- asn1_node p, root;
- int k, indent = 0, len, len2, len3;
-
- if (out == NULL)
- return;
-
- root = asn1_find_node (structure, name);
-
- if (root == NULL)
- return;
-
- p = root;
- while (p)
- {
- if (mode == ASN1_PRINT_ALL)
- {
- for (k = 0; k < indent; k++)
- fprintf (out, " ");
- fprintf (out, "name:");
- if (p->name[0] != 0)
- fprintf (out, "%s ", p->name);
- else
- fprintf (out, "NULL ");
- }
- else
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_CONSTANT:
- case ASN1_ETYPE_TAG:
- case ASN1_ETYPE_SIZE:
- break;
- default:
- for (k = 0; k < indent; k++)
- fprintf (out, " ");
- fprintf (out, "name:");
- if (p->name[0] != 0)
- fprintf (out, "%s ", p->name);
- else
- fprintf (out, "NULL ");
- }
- }
-
- if (mode != ASN1_PRINT_NAME)
- {
- unsigned type = type_field (p->type);
- switch (type)
- {
- case ASN1_ETYPE_CONSTANT:
- if (mode == ASN1_PRINT_ALL)
- fprintf (out, "type:CONST");
- break;
- case ASN1_ETYPE_TAG:
- if (mode == ASN1_PRINT_ALL)
- fprintf (out, "type:TAG");
- break;
- case ASN1_ETYPE_SIZE:
- if (mode == ASN1_PRINT_ALL)
- fprintf (out, "type:SIZE");
- break;
- case ASN1_ETYPE_DEFAULT:
- fprintf (out, "type:DEFAULT");
- break;
- case ASN1_ETYPE_IDENTIFIER:
- fprintf (out, "type:IDENTIFIER");
- break;
- case ASN1_ETYPE_ANY:
- fprintf (out, "type:ANY");
- break;
- case ASN1_ETYPE_CHOICE:
- fprintf (out, "type:CHOICE");
- break;
- case ASN1_ETYPE_DEFINITIONS:
- fprintf (out, "type:DEFINITIONS");
- break;
- CASE_HANDLED_ETYPES:
- fprintf (out, "%s", _asn1_tags[type].desc);
- break;
- default:
- break;
- }
- }
-
- if ((mode == ASN1_PRINT_NAME_TYPE_VALUE) || (mode == ASN1_PRINT_ALL))
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_CONSTANT:
- if (mode == ASN1_PRINT_ALL)
- if (p->value)
- fprintf (out, " value:%s", p->value);
- break;
- case ASN1_ETYPE_TAG:
- if (mode == ASN1_PRINT_ALL)
- if (p->value)
- fprintf (out, " value:%s", p->value);
- break;
- case ASN1_ETYPE_SIZE:
- if (mode == ASN1_PRINT_ALL)
- if (p->value)
- fprintf (out, " value:%s", p->value);
- break;
- case ASN1_ETYPE_DEFAULT:
- if (p->value)
- fprintf (out, " value:%s", p->value);
- else if (p->type & CONST_TRUE)
- fprintf (out, " value:TRUE");
- else if (p->type & CONST_FALSE)
- fprintf (out, " value:FALSE");
- break;
- case ASN1_ETYPE_IDENTIFIER:
- if (p->value)
- fprintf (out, " value:%s", p->value);
- break;
- case ASN1_ETYPE_INTEGER:
- if (p->value)
- {
- len2 = -1;
- len = asn1_get_length_der (p->value, p->value_len, &len2);
- fprintf (out, " value:0x");
- if (len > 0)
- for (k = 0; k < len; k++)
- fprintf (out, "%02x", (p->value)[k + len2]);
- }
- break;
- case ASN1_ETYPE_ENUMERATED:
- if (p->value)
- {
- len2 = -1;
- len = asn1_get_length_der (p->value, p->value_len, &len2);
- fprintf (out, " value:0x");
- if (len > 0)
- for (k = 0; k < len; k++)
- fprintf (out, "%02x", (p->value)[k + len2]);
- }
- break;
- case ASN1_ETYPE_BOOLEAN:
- if (p->value)
- {
- if (p->value[0] == 'T')
- fprintf (out, " value:TRUE");
- else if (p->value[0] == 'F')
- fprintf (out, " value:FALSE");
- }
- break;
- case ASN1_ETYPE_BIT_STRING:
- if (p->value)
- {
- len2 = -1;
- len = asn1_get_length_der (p->value, p->value_len, &len2);
- if (len > 0)
- {
- fprintf (out, " value(%i):",
- (len - 1) * 8 - (p->value[len2]));
- for (k = 1; k < len; k++)
- fprintf (out, "%02x", (p->value)[k + len2]);
- }
- }
- break;
- case ASN1_ETYPE_GENERALIZED_TIME:
- case ASN1_ETYPE_UTC_TIME:
- if (p->value)
- {
- fprintf (out, " value:");
- for (k = 0; k < p->value_len; k++)
- fprintf (out, "%c", (p->value)[k]);
- }
- break;
- case ASN1_ETYPE_GENERALSTRING:
- case ASN1_ETYPE_NUMERIC_STRING:
- case ASN1_ETYPE_IA5_STRING:
- case ASN1_ETYPE_TELETEX_STRING:
- case ASN1_ETYPE_PRINTABLE_STRING:
- case ASN1_ETYPE_UNIVERSAL_STRING:
- case ASN1_ETYPE_UTF8_STRING:
- case ASN1_ETYPE_VISIBLE_STRING:
- if (p->value)
- {
- len2 = -1;
- len = asn1_get_length_der (p->value, p->value_len, &len2);
- fprintf (out, " value:");
- if (len > 0)
- for (k = 0; k < len; k++)
- fprintf (out, "%c", (p->value)[k + len2]);
- }
- break;
- case ASN1_ETYPE_BMP_STRING:
- case ASN1_ETYPE_OCTET_STRING:
- if (p->value)
- {
- len2 = -1;
- len = asn1_get_length_der (p->value, p->value_len, &len2);
- fprintf (out, " value:");
- if (len > 0)
- for (k = 0; k < len; k++)
- fprintf (out, "%02x", (p->value)[k + len2]);
+ asn1_node p, root;
+ int k, indent = 0, len, len2, len3;
+
+ if (out == NULL)
+ return;
+
+ root = asn1_find_node(structure, name);
+
+ if (root == NULL)
+ return;
+
+ p = root;
+ while (p) {
+ if (mode == ASN1_PRINT_ALL) {
+ for (k = 0; k < indent; k++)
+ fprintf(out, " ");
+ fprintf(out, "name:");
+ if (p->name[0] != 0)
+ fprintf(out, "%s ", p->name);
+ else
+ fprintf(out, "NULL ");
+ } else {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_CONSTANT:
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_SIZE:
+ break;
+ default:
+ for (k = 0; k < indent; k++)
+ fprintf(out, " ");
+ fprintf(out, "name:");
+ if (p->name[0] != 0)
+ fprintf(out, "%s ", p->name);
+ else
+ fprintf(out, "NULL ");
+ }
}
- break;
- case ASN1_ETYPE_OBJECT_ID:
- if (p->value)
- fprintf (out, " value:%s", p->value);
- break;
- case ASN1_ETYPE_ANY:
- if (p->value)
- {
- len3 = -1;
- len2 = asn1_get_length_der (p->value, p->value_len, &len3);
- fprintf (out, " value:");
- if (len2 > 0)
- for (k = 0; k < len2; k++)
- fprintf (out, "%02x", (p->value)[k + len3]);
+
+ if (mode != ASN1_PRINT_NAME) {
+ unsigned type = type_field(p->type);
+ switch (type) {
+ case ASN1_ETYPE_CONSTANT:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf(out, "type:CONST");
+ break;
+ case ASN1_ETYPE_TAG:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf(out, "type:TAG");
+ break;
+ case ASN1_ETYPE_SIZE:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf(out, "type:SIZE");
+ break;
+ case ASN1_ETYPE_DEFAULT:
+ fprintf(out, "type:DEFAULT");
+ break;
+ case ASN1_ETYPE_IDENTIFIER:
+ fprintf(out, "type:IDENTIFIER");
+ break;
+ case ASN1_ETYPE_ANY:
+ fprintf(out, "type:ANY");
+ break;
+ case ASN1_ETYPE_CHOICE:
+ fprintf(out, "type:CHOICE");
+ break;
+ case ASN1_ETYPE_DEFINITIONS:
+ fprintf(out, "type:DEFINITIONS");
+ break;
+ CASE_HANDLED_ETYPES:
+ fprintf(out, "%s", _asn1_tags[type].desc);
+ break;
+ default:
+ break;
+ }
}
- break;
- case ASN1_ETYPE_SET:
- case ASN1_ETYPE_SET_OF:
- case ASN1_ETYPE_CHOICE:
- case ASN1_ETYPE_DEFINITIONS:
- case ASN1_ETYPE_SEQUENCE_OF:
- case ASN1_ETYPE_SEQUENCE:
- case ASN1_ETYPE_NULL:
- break;
- default:
- break;
- }
- }
- if (mode == ASN1_PRINT_ALL)
- {
- if (p->type & 0x1FFFFF00)
- {
- fprintf (out, " attr:");
- if (p->type & CONST_UNIVERSAL)
- fprintf (out, "UNIVERSAL,");
- if (p->type & CONST_PRIVATE)
- fprintf (out, "PRIVATE,");
- if (p->type & CONST_APPLICATION)
- fprintf (out, "APPLICATION,");
- if (p->type & CONST_EXPLICIT)
- fprintf (out, "EXPLICIT,");
- if (p->type & CONST_IMPLICIT)
- fprintf (out, "IMPLICIT,");
- if (p->type & CONST_TAG)
- fprintf (out, "TAG,");
- if (p->type & CONST_DEFAULT)
- fprintf (out, "DEFAULT,");
- if (p->type & CONST_TRUE)
- fprintf (out, "TRUE,");
- if (p->type & CONST_FALSE)
- fprintf (out, "FALSE,");
- if (p->type & CONST_LIST)
- fprintf (out, "LIST,");
- if (p->type & CONST_MIN_MAX)
- fprintf (out, "MIN_MAX,");
- if (p->type & CONST_OPTION)
- fprintf (out, "OPTION,");
- if (p->type & CONST_1_PARAM)
- fprintf (out, "1_PARAM,");
- if (p->type & CONST_SIZE)
- fprintf (out, "SIZE,");
- if (p->type & CONST_DEFINED_BY)
- fprintf (out, "DEF_BY,");
- if (p->type & CONST_GENERALIZED)
- fprintf (out, "GENERALIZED,");
- if (p->type & CONST_UTC)
- fprintf (out, "UTC,");
- if (p->type & CONST_SET)
- fprintf (out, "SET,");
- if (p->type & CONST_NOT_USED)
- fprintf (out, "NOT_USED,");
- if (p->type & CONST_ASSIGN)
- fprintf (out, "ASSIGNMENT,");
- }
- }
+ if ((mode == ASN1_PRINT_NAME_TYPE_VALUE)
+ || (mode == ASN1_PRINT_ALL)) {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_CONSTANT:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ break;
+ case ASN1_ETYPE_TAG:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ break;
+ case ASN1_ETYPE_SIZE:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ break;
+ case ASN1_ETYPE_DEFAULT:
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ else if (p->type & CONST_TRUE)
+ fprintf(out, " value:TRUE");
+ else if (p->type & CONST_FALSE)
+ fprintf(out, " value:FALSE");
+ break;
+ case ASN1_ETYPE_IDENTIFIER:
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ break;
+ case ASN1_ETYPE_INTEGER:
+ if (p->value) {
+ len2 = -1;
+ len =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len2);
+ fprintf(out, " value:0x");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf(out,
+ "%02x",
+ (p->
+ value)[k +
+ len2]);
+ }
+ break;
+ case ASN1_ETYPE_ENUMERATED:
+ if (p->value) {
+ len2 = -1;
+ len =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len2);
+ fprintf(out, " value:0x");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf(out,
+ "%02x",
+ (p->
+ value)[k +
+ len2]);
+ }
+ break;
+ case ASN1_ETYPE_BOOLEAN:
+ if (p->value) {
+ if (p->value[0] == 'T')
+ fprintf(out,
+ " value:TRUE");
+ else if (p->value[0] == 'F')
+ fprintf(out,
+ " value:FALSE");
+ }
+ break;
+ case ASN1_ETYPE_BIT_STRING:
+ if (p->value) {
+ len2 = -1;
+ len =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len2);
+ if (len > 0) {
+ fprintf(out,
+ " value(%i):",
+ (len - 1) * 8 -
+ (p->value[len2]));
+ for (k = 1; k < len; k++)
+ fprintf(out,
+ "%02x",
+ (p->
+ value)[k +
+ len2]);
+ }
+ }
+ break;
+ case ASN1_ETYPE_GENERALIZED_TIME:
+ case ASN1_ETYPE_UTC_TIME:
+ if (p->value) {
+ fprintf(out, " value:");
+ for (k = 0; k < p->value_len; k++)
+ fprintf(out, "%c",
+ (p->value)[k]);
+ }
+ break;
+ case ASN1_ETYPE_GENERALSTRING:
+ case ASN1_ETYPE_NUMERIC_STRING:
+ case ASN1_ETYPE_IA5_STRING:
+ case ASN1_ETYPE_TELETEX_STRING:
+ case ASN1_ETYPE_PRINTABLE_STRING:
+ case ASN1_ETYPE_UNIVERSAL_STRING:
+ case ASN1_ETYPE_UTF8_STRING:
+ case ASN1_ETYPE_VISIBLE_STRING:
+ if (p->value) {
+ len2 = -1;
+ len =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len2);
+ fprintf(out, " value:");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf(out, "%c",
+ (p->
+ value)[k +
+ len2]);
+ }
+ break;
+ case ASN1_ETYPE_BMP_STRING:
+ case ASN1_ETYPE_OCTET_STRING:
+ if (p->value) {
+ len2 = -1;
+ len =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len2);
+ fprintf(out, " value:");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf(out,
+ "%02x",
+ (p->
+ value)[k +
+ len2]);
+ }
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if (p->value)
+ fprintf(out, " value:%s",
+ p->value);
+ break;
+ case ASN1_ETYPE_ANY:
+ if (p->value) {
+ len3 = -1;
+ len2 =
+ asn1_get_length_der(p->value,
+ p->
+ value_len,
+ &len3);
+ fprintf(out, " value:");
+ if (len2 > 0)
+ for (k = 0; k < len2; k++)
+ fprintf(out,
+ "%02x",
+ (p->
+ value)[k +
+ len3]);
+ }
+ break;
+ case ASN1_ETYPE_SET:
+ case ASN1_ETYPE_SET_OF:
+ case ASN1_ETYPE_CHOICE:
+ case ASN1_ETYPE_DEFINITIONS:
+ case ASN1_ETYPE_SEQUENCE_OF:
+ case ASN1_ETYPE_SEQUENCE:
+ case ASN1_ETYPE_NULL:
+ break;
+ default:
+ break;
+ }
+ }
- if (mode == ASN1_PRINT_ALL)
- {
- fprintf (out, "\n");
- }
- else
- {
- switch (type_field (p->type))
- {
- case ASN1_ETYPE_CONSTANT:
- case ASN1_ETYPE_TAG:
- case ASN1_ETYPE_SIZE:
- break;
- default:
- fprintf (out, "\n");
- }
- }
+ if (mode == ASN1_PRINT_ALL) {
+ if (p->type & 0x1FFFFF00) {
+ fprintf(out, " attr:");
+ if (p->type & CONST_UNIVERSAL)
+ fprintf(out, "UNIVERSAL,");
+ if (p->type & CONST_PRIVATE)
+ fprintf(out, "PRIVATE,");
+ if (p->type & CONST_APPLICATION)
+ fprintf(out, "APPLICATION,");
+ if (p->type & CONST_EXPLICIT)
+ fprintf(out, "EXPLICIT,");
+ if (p->type & CONST_IMPLICIT)
+ fprintf(out, "IMPLICIT,");
+ if (p->type & CONST_TAG)
+ fprintf(out, "TAG,");
+ if (p->type & CONST_DEFAULT)
+ fprintf(out, "DEFAULT,");
+ if (p->type & CONST_TRUE)
+ fprintf(out, "TRUE,");
+ if (p->type & CONST_FALSE)
+ fprintf(out, "FALSE,");
+ if (p->type & CONST_LIST)
+ fprintf(out, "LIST,");
+ if (p->type & CONST_MIN_MAX)
+ fprintf(out, "MIN_MAX,");
+ if (p->type & CONST_OPTION)
+ fprintf(out, "OPTION,");
+ if (p->type & CONST_1_PARAM)
+ fprintf(out, "1_PARAM,");
+ if (p->type & CONST_SIZE)
+ fprintf(out, "SIZE,");
+ if (p->type & CONST_DEFINED_BY)
+ fprintf(out, "DEF_BY,");
+ if (p->type & CONST_GENERALIZED)
+ fprintf(out, "GENERALIZED,");
+ if (p->type & CONST_UTC)
+ fprintf(out, "UTC,");
+ if (p->type & CONST_SET)
+ fprintf(out, "SET,");
+ if (p->type & CONST_NOT_USED)
+ fprintf(out, "NOT_USED,");
+ if (p->type & CONST_ASSIGN)
+ fprintf(out, "ASSIGNMENT,");
+ }
+ }
- if (p->down)
- {
- p = p->down;
- indent += 2;
- }
- else if (p == root)
- {
- p = NULL;
- break;
- }
- else if (p->right)
- p = p->right;
- else
- {
- while (1)
- {
- p = _asn1_find_up (p);
- if (p == root)
- {
- p = NULL;
- break;
+ if (mode == ASN1_PRINT_ALL) {
+ fprintf(out, "\n");
+ } else {
+ switch (type_field(p->type)) {
+ case ASN1_ETYPE_CONSTANT:
+ case ASN1_ETYPE_TAG:
+ case ASN1_ETYPE_SIZE:
+ break;
+ default:
+ fprintf(out, "\n");
+ }
}
- indent -= 2;
- if (p->right)
- {
- p = p->right;
- break;
+
+ if (p->down) {
+ p = p->down;
+ indent += 2;
+ } else if (p == root) {
+ p = NULL;
+ break;
+ } else if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ p = _asn1_find_up(p);
+ if (p == root) {
+ p = NULL;
+ break;
+ }
+ indent -= 2;
+ if (p->right) {
+ p = p->right;
+ break;
+ }
+ }
}
- }
}
- }
}
@@ -1028,30 +1011,28 @@ asn1_print_structure (FILE * out, asn1_node structure, const char *name,
* Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if
* @name is not known, %ASN1_GENERIC_ERROR if pointer @num is %NULL.
**/
-int
-asn1_number_of_elements (asn1_node element, const char *name, int *num)
+int asn1_number_of_elements(asn1_node element, const char *name, int *num)
{
- asn1_node node, p;
+ asn1_node node, p;
- if (num == NULL)
- return ASN1_GENERIC_ERROR;
+ if (num == NULL)
+ return ASN1_GENERIC_ERROR;
- *num = 0;
+ *num = 0;
- node = asn1_find_node (element, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
+ node = asn1_find_node(element, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
- p = node->down;
+ p = node->down;
- while (p)
- {
- if (p->name[0] == '?')
- (*num)++;
- p = p->right;
- }
+ while (p) {
+ if (p->name[0] == '?')
+ (*num)++;
+ p = p->right;
+ }
- return ASN1_SUCCESS;
+ return ASN1_SUCCESS;
}
@@ -1066,48 +1047,49 @@ asn1_number_of_elements (asn1_node element, const char *name, int *num)
* constant string that contains the element name defined just after
* the OID.
**/
-const char *
-asn1_find_structure_from_oid (asn1_node definitions, const char *oidValue)
+const char *asn1_find_structure_from_oid(asn1_node definitions,
+ const char *oidValue)
{
- char definitionsName[ASN1_MAX_NAME_SIZE], name[2 * ASN1_MAX_NAME_SIZE + 1];
- char value[ASN1_MAX_NAME_SIZE];
- asn1_node p;
- int len;
- int result;
-
- if ((definitions == NULL) || (oidValue == NULL))
- return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
-
-
- strcpy (definitionsName, definitions->name);
- strcat (definitionsName, ".");
-
- /* search the OBJECT_ID into definitions */
- p = definitions->down;
- while (p)
- {
- if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) &&
- (p->type & CONST_ASSIGN))
- {
- strcpy (name, definitionsName);
- strcat (name, p->name);
-
- len = ASN1_MAX_NAME_SIZE;
- result = asn1_read_value (definitions, name, value, &len);
-
- if ((result == ASN1_SUCCESS) && (!strcmp (oidValue, value)))
- {
- p = p->right;
- if (p == NULL) /* reach the end of ASN1 definitions */
+ char definitionsName[ASN1_MAX_NAME_SIZE],
+ name[2 * ASN1_MAX_NAME_SIZE + 1];
+ char value[ASN1_MAX_NAME_SIZE];
+ asn1_node p;
+ int len;
+ int result;
+
+ if ((definitions == NULL) || (oidValue == NULL))
return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
- return p->name;
- }
+
+ strcpy(definitionsName, definitions->name);
+ strcat(definitionsName, ".");
+
+ /* search the OBJECT_ID into definitions */
+ p = definitions->down;
+ while (p) {
+ if ((type_field(p->type) == ASN1_ETYPE_OBJECT_ID) &&
+ (p->type & CONST_ASSIGN)) {
+ strcpy(name, definitionsName);
+ strcat(name, p->name);
+
+ len = ASN1_MAX_NAME_SIZE;
+ result =
+ asn1_read_value(definitions, name, value,
+ &len);
+
+ if ((result == ASN1_SUCCESS)
+ && (!strcmp(oidValue, value))) {
+ p = p->right;
+ if (p == NULL) /* reach the end of ASN1 definitions */
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+
+ return p->name;
+ }
+ }
+ p = p->right;
}
- p = p->right;
- }
- return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
}
/**
@@ -1122,42 +1104,40 @@ asn1_find_structure_from_oid (asn1_node definitions, const char *oidValue)
* Returns: Return %ASN1_SUCCESS on success.
**/
int
-asn1_copy_node (asn1_node dst, const char *dst_name,
- asn1_node src, const char *src_name)
+asn1_copy_node(asn1_node dst, const char *dst_name,
+ asn1_node src, const char *src_name)
{
/* FIXME: rewrite using copy_structure().
* It seems quite hard to do.
*/
- int result;
- asn1_node dst_node;
- void *data = NULL;
- int size = 0;
-
- result = asn1_der_coding (src, src_name, NULL, &size, NULL);
- if (result != ASN1_MEM_ERROR)
- return result;
-
- data = malloc (size);
- if (data == NULL)
- return ASN1_MEM_ERROR;
-
- result = asn1_der_coding (src, src_name, data, &size, NULL);
- if (result != ASN1_SUCCESS)
- {
- free (data);
- return result;
- }
-
- dst_node = asn1_find_node (dst, dst_name);
- if (dst_node == NULL)
- {
- free (data);
- return ASN1_ELEMENT_NOT_FOUND;
- }
-
- result = asn1_der_decoding (&dst_node, data, size, NULL);
-
- free (data);
-
- return result;
+ int result;
+ asn1_node dst_node;
+ void *data = NULL;
+ int size = 0;
+
+ result = asn1_der_coding(src, src_name, NULL, &size, NULL);
+ if (result != ASN1_MEM_ERROR)
+ return result;
+
+ data = malloc(size);
+ if (data == NULL)
+ return ASN1_MEM_ERROR;
+
+ result = asn1_der_coding(src, src_name, data, &size, NULL);
+ if (result != ASN1_SUCCESS) {
+ free(data);
+ return result;
+ }
+
+ dst_node = asn1_find_node(dst, dst_name);
+ if (dst_node == NULL) {
+ free(data);
+ return ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ result = asn1_der_decoding(&dst_node, data, size, NULL);
+
+ free(data);
+
+ return result;
}
diff --git a/lib/minitasn1/structure.h b/lib/minitasn1/structure.h
index 986e13a309..c56beb6413 100644
--- a/lib/minitasn1/structure.h
+++ b/lib/minitasn1/structure.h
@@ -28,14 +28,14 @@
#ifndef _STRUCTURE_H
#define _STRUCTURE_H
-int _asn1_create_static_structure (asn1_node pointer,
- char *output_file_name,
- char *vector_name);
+int _asn1_create_static_structure(asn1_node pointer,
+ char *output_file_name,
+ char *vector_name);
-asn1_node _asn1_copy_structure3 (asn1_node source_node);
+asn1_node _asn1_copy_structure3(asn1_node source_node);
-asn1_node _asn1_add_single_node (unsigned int type);
+asn1_node _asn1_add_single_node(unsigned int type);
-asn1_node _asn1_find_left (asn1_node node);
+asn1_node _asn1_find_left(asn1_node node);
#endif
diff --git a/lib/minitasn1/version.c b/lib/minitasn1/version.c
index 83d70c9623..2941af916a 100644
--- a/lib/minitasn1/version.c
+++ b/lib/minitasn1/version.c
@@ -41,11 +41,10 @@
* Returns: Version string of run-time library, or %NULL if the
* run-time library does not meet the required version number.
*/
-const char *
-asn1_check_version (const char *req_version)
+const char *asn1_check_version(const char *req_version)
{
- if (!req_version || strverscmp (req_version, ASN1_VERSION) <= 0)
- return ASN1_VERSION;
+ if (!req_version || strverscmp(req_version, ASN1_VERSION) <= 0)
+ return ASN1_VERSION;
- return NULL;
+ return NULL;
}
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 9522059186..e471ca2a14 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -42,10 +42,12 @@
#define MAX_BLOCK_SIZE 32
-typedef void (*encrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *,
- unsigned, uint8_t *, const uint8_t *);
-typedef void (*decrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *,
- unsigned, uint8_t *, const uint8_t *);
+typedef void (*encrypt_func) (void *, nettle_crypt_func, unsigned,
+ uint8_t *, unsigned, uint8_t *,
+ const uint8_t *);
+typedef void (*decrypt_func) (void *, nettle_crypt_func, unsigned,
+ uint8_t *, unsigned, uint8_t *,
+ const uint8_t *);
typedef void (*auth_func) (void *, unsigned, const uint8_t *);
typedef void (*tag_func) (void *, unsigned, uint8_t *);
@@ -53,395 +55,388 @@ typedef void (*tag_func) (void *, unsigned, uint8_t *);
typedef void (*setkey_func) (void *, unsigned, const uint8_t *);
static void
-stream_encrypt (void *ctx, nettle_crypt_func func, unsigned block_size,
- uint8_t * iv, unsigned length, uint8_t * dst,
- const uint8_t * src)
+stream_encrypt(void *ctx, nettle_crypt_func func, unsigned block_size,
+ uint8_t * iv, unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- func (ctx, length, dst, src);
+ func(ctx, length, dst, src);
}
-struct nettle_cipher_ctx
-{
- union
- {
- struct aes_ctx aes;
- struct camellia_ctx camellia;
- struct arcfour_ctx arcfour;
- struct arctwo_ctx arctwo;
- struct des3_ctx des3;
- struct des_ctx des;
- struct gcm_aes_ctx aes_gcm;
- struct _gcm_camellia_ctx camellia_gcm;
- struct salsa20_ctx salsa20;
- } ctx;
- void *ctx_ptr;
- uint8_t iv[MAX_BLOCK_SIZE];
- gnutls_cipher_algorithm_t algo;
- size_t block_size;
- nettle_crypt_func *i_encrypt;
- nettle_crypt_func *i_decrypt;
- encrypt_func encrypt;
- decrypt_func decrypt;
- auth_func auth;
- tag_func tag;
- int enc;
+struct nettle_cipher_ctx {
+ union {
+ struct aes_ctx aes;
+ struct camellia_ctx camellia;
+ struct arcfour_ctx arcfour;
+ struct arctwo_ctx arctwo;
+ struct des3_ctx des3;
+ struct des_ctx des;
+ struct gcm_aes_ctx aes_gcm;
+ struct _gcm_camellia_ctx camellia_gcm;
+ struct salsa20_ctx salsa20;
+ } ctx;
+ void *ctx_ptr;
+ uint8_t iv[MAX_BLOCK_SIZE];
+ gnutls_cipher_algorithm_t algo;
+ size_t block_size;
+ nettle_crypt_func *i_encrypt;
+ nettle_crypt_func *i_decrypt;
+ encrypt_func encrypt;
+ decrypt_func decrypt;
+ auth_func auth;
+ tag_func tag;
+ int enc;
};
#define GCM_DEFAULT_NONCE_SIZE 12
-static void _aes_gcm_encrypt(void *_ctx, nettle_crypt_func f,
- unsigned block_size, uint8_t *iv,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
+static void _aes_gcm_encrypt(void *_ctx, nettle_crypt_func f,
+ unsigned block_size, uint8_t * iv,
+ unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- gcm_aes_encrypt(_ctx, length, dst, src);
+ gcm_aes_encrypt(_ctx, length, dst, src);
}
-static void _aes_gcm_decrypt(void *_ctx, nettle_crypt_func f,
- unsigned block_size, uint8_t *iv,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
+static void _aes_gcm_decrypt(void *_ctx, nettle_crypt_func f,
+ unsigned block_size, uint8_t * iv,
+ unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- gcm_aes_decrypt(_ctx, length, dst, src);
+ gcm_aes_decrypt(_ctx, length, dst, src);
}
-static void _camellia_gcm_encrypt(void *_ctx, nettle_crypt_func f,
- unsigned block_size, uint8_t *iv,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
+static void _camellia_gcm_encrypt(void *_ctx, nettle_crypt_func f,
+ unsigned block_size, uint8_t * iv,
+ unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- _gcm_camellia_encrypt(_ctx, length, dst, src);
+ _gcm_camellia_encrypt(_ctx, length, dst, src);
}
-static void _camellia_gcm_decrypt(void *_ctx, nettle_crypt_func f,
- unsigned block_size, uint8_t *iv,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
+static void _camellia_gcm_decrypt(void *_ctx, nettle_crypt_func f,
+ unsigned block_size, uint8_t * iv,
+ unsigned length, uint8_t * dst,
+ const uint8_t * src)
{
- _gcm_camellia_decrypt(_ctx, length, dst, src);
+ _gcm_camellia_decrypt(_ctx, length, dst, src);
}
static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo)
{
- switch (algo)
- {
- case GNUTLS_CIPHER_AES_128_GCM:
- case GNUTLS_CIPHER_AES_256_GCM:
- case GNUTLS_CIPHER_CAMELLIA_128_GCM:
- case GNUTLS_CIPHER_CAMELLIA_256_GCM:
- case GNUTLS_CIPHER_CAMELLIA_128_CBC:
- case GNUTLS_CIPHER_CAMELLIA_192_CBC:
- case GNUTLS_CIPHER_CAMELLIA_256_CBC:
- case GNUTLS_CIPHER_AES_128_CBC:
- case GNUTLS_CIPHER_AES_192_CBC:
- case GNUTLS_CIPHER_AES_256_CBC:
- case GNUTLS_CIPHER_3DES_CBC:
- case GNUTLS_CIPHER_DES_CBC:
- case GNUTLS_CIPHER_ARCFOUR_128:
- case GNUTLS_CIPHER_SALSA20_256:
- case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
- case GNUTLS_CIPHER_ARCFOUR_40:
- case GNUTLS_CIPHER_RC2_40_CBC:
- return 1;
- default:
- return 0;
- }
+ switch (algo) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_256_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ case GNUTLS_CIPHER_AES_128_CBC:
+ case GNUTLS_CIPHER_AES_192_CBC:
+ case GNUTLS_CIPHER_AES_256_CBC:
+ case GNUTLS_CIPHER_3DES_CBC:
+ case GNUTLS_CIPHER_DES_CBC:
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_SALSA20_256:
+ case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ return 1;
+ default:
+ return 0;
+ }
}
static int
-wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx, int enc)
+wrap_nettle_cipher_init(gnutls_cipher_algorithm_t algo, void **_ctx,
+ int enc)
{
- struct nettle_cipher_ctx *ctx;
-
- ctx = gnutls_calloc (1, sizeof (*ctx));
- if (ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ctx->algo = algo;
- ctx->enc = enc;
-
- switch (algo)
- {
- case GNUTLS_CIPHER_AES_128_GCM:
- case GNUTLS_CIPHER_AES_256_GCM:
- ctx->encrypt = _aes_gcm_encrypt;
- ctx->decrypt = _aes_gcm_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*) aes_encrypt;
- ctx->auth = (auth_func)gcm_aes_update;
- ctx->tag = (tag_func)gcm_aes_digest;
- ctx->ctx_ptr = &ctx->ctx.aes_gcm;
- ctx->block_size = AES_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_CAMELLIA_128_GCM:
- case GNUTLS_CIPHER_CAMELLIA_256_GCM:
- ctx->encrypt = _camellia_gcm_encrypt;
- ctx->decrypt = _camellia_gcm_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*) camellia_crypt;
- ctx->auth = (auth_func)_gcm_camellia_update;
- ctx->tag = (tag_func)_gcm_camellia_digest;
- ctx->ctx_ptr = &ctx->ctx.camellia_gcm;
- ctx->block_size = CAMELLIA_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_CAMELLIA_128_CBC:
- case GNUTLS_CIPHER_CAMELLIA_192_CBC:
- case GNUTLS_CIPHER_CAMELLIA_256_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*)camellia_crypt;
- ctx->i_decrypt = (nettle_crypt_func*)camellia_crypt;
- ctx->ctx_ptr = &ctx->ctx.camellia;
- ctx->block_size = CAMELLIA_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_AES_128_CBC:
- case GNUTLS_CIPHER_AES_192_CBC:
- case GNUTLS_CIPHER_AES_256_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func*)aes_encrypt;
- ctx->i_decrypt = (nettle_crypt_func*)aes_decrypt;
- ctx->ctx_ptr = &ctx->ctx.aes;
- ctx->block_size = AES_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func *) des3_encrypt;
- ctx->i_decrypt = (nettle_crypt_func *) des3_decrypt;
- ctx->ctx_ptr = &ctx->ctx.des3;
- ctx->block_size = DES3_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_DES_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func *) des_encrypt;
- ctx->i_decrypt = (nettle_crypt_func *) des_decrypt;
- ctx->ctx_ptr = &ctx->ctx.des;
- ctx->block_size = DES_BLOCK_SIZE;
- break;
- case GNUTLS_CIPHER_ARCFOUR_128:
- case GNUTLS_CIPHER_ARCFOUR_40:
- ctx->encrypt = stream_encrypt;
- ctx->decrypt = stream_encrypt;
- ctx->i_encrypt = (nettle_crypt_func *) arcfour_crypt;
- ctx->i_decrypt = (nettle_crypt_func *) arcfour_crypt;
- ctx->ctx_ptr = &ctx->ctx.arcfour;
- ctx->block_size = 1;
- break;
- case GNUTLS_CIPHER_SALSA20_256:
- ctx->encrypt = stream_encrypt;
- ctx->decrypt = stream_encrypt;
- ctx->i_encrypt = (nettle_crypt_func *) salsa20_crypt;
- ctx->i_decrypt = (nettle_crypt_func *) salsa20_crypt;
- ctx->ctx_ptr = &ctx->ctx.salsa20;
- ctx->block_size = 1;
- break;
- case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
- ctx->encrypt = stream_encrypt;
- ctx->decrypt = stream_encrypt;
- ctx->i_encrypt = (nettle_crypt_func *) salsa20r12_crypt;
- ctx->i_decrypt = (nettle_crypt_func *) salsa20r12_crypt;
- ctx->ctx_ptr = &ctx->ctx.salsa20;
- ctx->block_size = 1;
- break;
- case GNUTLS_CIPHER_RC2_40_CBC:
- ctx->encrypt = cbc_encrypt;
- ctx->decrypt = cbc_decrypt;
- ctx->i_encrypt = (nettle_crypt_func *) arctwo_encrypt;
- ctx->i_decrypt = (nettle_crypt_func *) arctwo_decrypt;
- ctx->ctx_ptr = &ctx->ctx.arctwo;
- ctx->block_size = ARCTWO_BLOCK_SIZE;
- break;
- default:
- gnutls_assert ();
- gnutls_free(ctx);
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- *_ctx = ctx;
-
- return 0;
+ struct nettle_cipher_ctx *ctx;
+
+ ctx = gnutls_calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ctx->algo = algo;
+ ctx->enc = enc;
+
+ switch (algo) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_256_GCM:
+ ctx->encrypt = _aes_gcm_encrypt;
+ ctx->decrypt = _aes_gcm_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) aes_encrypt;
+ ctx->auth = (auth_func) gcm_aes_update;
+ ctx->tag = (tag_func) gcm_aes_digest;
+ ctx->ctx_ptr = &ctx->ctx.aes_gcm;
+ ctx->block_size = AES_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+ ctx->encrypt = _camellia_gcm_encrypt;
+ ctx->decrypt = _camellia_gcm_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) camellia_crypt;
+ ctx->auth = (auth_func) _gcm_camellia_update;
+ ctx->tag = (tag_func) _gcm_camellia_digest;
+ ctx->ctx_ptr = &ctx->ctx.camellia_gcm;
+ ctx->block_size = CAMELLIA_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) camellia_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) camellia_crypt;
+ ctx->ctx_ptr = &ctx->ctx.camellia;
+ ctx->block_size = CAMELLIA_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_AES_128_CBC:
+ case GNUTLS_CIPHER_AES_192_CBC:
+ case GNUTLS_CIPHER_AES_256_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) aes_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) aes_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.aes;
+ ctx->block_size = AES_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) des3_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) des3_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.des3;
+ ctx->block_size = DES3_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_DES_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) des_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) des_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.des;
+ ctx->block_size = DES_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) arcfour_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) arcfour_crypt;
+ ctx->ctx_ptr = &ctx->ctx.arcfour;
+ ctx->block_size = 1;
+ break;
+ case GNUTLS_CIPHER_SALSA20_256:
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) salsa20_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) salsa20_crypt;
+ ctx->ctx_ptr = &ctx->ctx.salsa20;
+ ctx->block_size = 1;
+ break;
+ case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) salsa20r12_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) salsa20r12_crypt;
+ ctx->ctx_ptr = &ctx->ctx.salsa20;
+ ctx->block_size = 1;
+ break;
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) arctwo_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) arctwo_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.arctwo;
+ ctx->block_size = ARCTWO_BLOCK_SIZE;
+ break;
+ default:
+ gnutls_assert();
+ gnutls_free(ctx);
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *_ctx = ctx;
+
+ return 0;
}
static int
-wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
+wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
{
- struct nettle_cipher_ctx *ctx = _ctx;
- uint8_t des_key[DES3_KEY_SIZE];
-
- switch (ctx->algo)
- {
- case GNUTLS_CIPHER_AES_128_GCM:
- case GNUTLS_CIPHER_AES_256_GCM:
- gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
- break;
- case GNUTLS_CIPHER_CAMELLIA_128_GCM:
- case GNUTLS_CIPHER_CAMELLIA_256_GCM:
- _gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize, key);
- break;
- case GNUTLS_CIPHER_AES_128_CBC:
- case GNUTLS_CIPHER_AES_192_CBC:
- case GNUTLS_CIPHER_AES_256_CBC:
- if (ctx->enc)
- aes_set_encrypt_key (ctx->ctx_ptr, keysize, key);
- else
- aes_set_decrypt_key (ctx->ctx_ptr, keysize, key);
- break;
- case GNUTLS_CIPHER_CAMELLIA_128_CBC:
- case GNUTLS_CIPHER_CAMELLIA_192_CBC:
- case GNUTLS_CIPHER_CAMELLIA_256_CBC:
- if (ctx->enc)
- camellia_set_encrypt_key (ctx->ctx_ptr, keysize, key);
- else
- camellia_set_decrypt_key (ctx->ctx_ptr, keysize, key);
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- if (keysize != DES3_KEY_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- des_fix_parity (keysize, des_key, key);
-
- /* this fails on weak keys */
- if (des3_set_key (ctx->ctx_ptr, des_key) != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- break;
- case GNUTLS_CIPHER_DES_CBC:
- if (keysize != DES_KEY_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- des_fix_parity (keysize, des_key, key);
-
- if (des_set_key (ctx->ctx_ptr, des_key) != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- break;
- case GNUTLS_CIPHER_ARCFOUR_128:
- case GNUTLS_CIPHER_ARCFOUR_40:
- arcfour_set_key (ctx->ctx_ptr, keysize, key);
- break;
- case GNUTLS_CIPHER_SALSA20_256:
- case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
- salsa20_set_key (ctx->ctx_ptr, keysize, key);
- break;
- case GNUTLS_CIPHER_RC2_40_CBC:
- arctwo_set_key (ctx->ctx_ptr, keysize, key);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ struct nettle_cipher_ctx *ctx = _ctx;
+ uint8_t des_key[DES3_KEY_SIZE];
+
+ switch (ctx->algo) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_256_GCM:
+ gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+ _gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize,
+ key);
+ break;
+ case GNUTLS_CIPHER_AES_128_CBC:
+ case GNUTLS_CIPHER_AES_192_CBC:
+ case GNUTLS_CIPHER_AES_256_CBC:
+ if (ctx->enc)
+ aes_set_encrypt_key(ctx->ctx_ptr, keysize, key);
+ else
+ aes_set_decrypt_key(ctx->ctx_ptr, keysize, key);
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ if (ctx->enc)
+ camellia_set_encrypt_key(ctx->ctx_ptr, keysize,
+ key);
+ else
+ camellia_set_decrypt_key(ctx->ctx_ptr, keysize,
+ key);
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ if (keysize != DES3_KEY_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ des_fix_parity(keysize, des_key, key);
+
+ /* this fails on weak keys */
+ if (des3_set_key(ctx->ctx_ptr, des_key) != 1) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ break;
+ case GNUTLS_CIPHER_DES_CBC:
+ if (keysize != DES_KEY_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ des_fix_parity(keysize, des_key, key);
+
+ if (des_set_key(ctx->ctx_ptr, des_key) != 1) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ break;
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ arcfour_set_key(ctx->ctx_ptr, keysize, key);
+ break;
+ case GNUTLS_CIPHER_SALSA20_256:
+ case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
+ salsa20_set_key(ctx->ctx_ptr, keysize, key);
+ break;
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ arctwo_set_key(ctx->ctx_ptr, keysize, key);
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
static int
-wrap_nettle_cipher_setiv (void *_ctx, const void *iv, size_t ivsize)
+wrap_nettle_cipher_setiv(void *_ctx, const void *iv, size_t ivsize)
{
-struct nettle_cipher_ctx *ctx = _ctx;
-
- switch (ctx->algo)
- {
- case GNUTLS_CIPHER_AES_128_GCM:
- case GNUTLS_CIPHER_AES_256_GCM:
- if (ivsize != GCM_DEFAULT_NONCE_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE, iv);
- break;
- case GNUTLS_CIPHER_CAMELLIA_128_GCM:
- case GNUTLS_CIPHER_CAMELLIA_256_GCM:
- if (ivsize != GCM_DEFAULT_NONCE_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- _gcm_camellia_set_iv(&ctx->ctx.camellia_gcm, GCM_DEFAULT_NONCE_SIZE, iv);
- break;
- case GNUTLS_CIPHER_SALSA20_256:
- case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
- if (ivsize != SALSA20_IV_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- salsa20_set_iv(&ctx->ctx.salsa20, iv);
- break;
- default:
- if (ivsize > ctx->block_size)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- memcpy (ctx->iv, iv, ivsize);
- }
-
- return 0;
+ struct nettle_cipher_ctx *ctx = _ctx;
+
+ switch (ctx->algo) {
+ case GNUTLS_CIPHER_AES_128_GCM:
+ case GNUTLS_CIPHER_AES_256_GCM:
+ if (ivsize != GCM_DEFAULT_NONCE_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE,
+ iv);
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_GCM:
+ case GNUTLS_CIPHER_CAMELLIA_256_GCM:
+ if (ivsize != GCM_DEFAULT_NONCE_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ _gcm_camellia_set_iv(&ctx->ctx.camellia_gcm,
+ GCM_DEFAULT_NONCE_SIZE, iv);
+ break;
+ case GNUTLS_CIPHER_SALSA20_256:
+ case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
+ if (ivsize != SALSA20_IV_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ salsa20_set_iv(&ctx->ctx.salsa20, iv);
+ break;
+ default:
+ if (ivsize > ctx->block_size)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ memcpy(ctx->iv, iv, ivsize);
+ }
+
+ return 0;
}
static int
-wrap_nettle_cipher_decrypt (void *_ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize)
+wrap_nettle_cipher_decrypt(void *_ctx, const void *encr, size_t encrsize,
+ void *plain, size_t plainsize)
{
- struct nettle_cipher_ctx *ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
- ctx->decrypt (ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size, ctx->iv,
- encrsize, plain, encr);
+ ctx->decrypt(ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size,
+ ctx->iv, encrsize, plain, encr);
- return 0;
+ return 0;
}
static int
-wrap_nettle_cipher_encrypt (void *_ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize)
+wrap_nettle_cipher_encrypt(void *_ctx, const void *plain, size_t plainsize,
+ void *encr, size_t encrsize)
{
- struct nettle_cipher_ctx *ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
- ctx->encrypt (ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size, ctx->iv,
- plainsize, encr, plain);
+ ctx->encrypt(ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size,
+ ctx->iv, plainsize, encr, plain);
- return 0;
+ return 0;
}
static int
-wrap_nettle_cipher_auth (void *_ctx, const void *plain, size_t plainsize)
+wrap_nettle_cipher_auth(void *_ctx, const void *plain, size_t plainsize)
{
- struct nettle_cipher_ctx *ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
- ctx->auth (ctx->ctx_ptr, plainsize, plain);
+ ctx->auth(ctx->ctx_ptr, plainsize, plain);
- return 0;
+ return 0;
}
-static void
-wrap_nettle_cipher_tag (void *_ctx, void *tag, size_t tagsize)
+static void wrap_nettle_cipher_tag(void *_ctx, void *tag, size_t tagsize)
{
- struct nettle_cipher_ctx *ctx = _ctx;
+ struct nettle_cipher_ctx *ctx = _ctx;
- ctx->tag (ctx->ctx_ptr, tagsize, tag);
+ ctx->tag(ctx->ctx_ptr, tagsize, tag);
}
-static void
-wrap_nettle_cipher_close (void *h)
+static void wrap_nettle_cipher_close(void *h)
{
- gnutls_free (h);
+ gnutls_free(h);
}
gnutls_crypto_cipher_st _gnutls_cipher_ops = {
- .init = wrap_nettle_cipher_init,
- .exists = wrap_nettle_cipher_exists,
- .setiv = wrap_nettle_cipher_setiv,
- .setkey = wrap_nettle_cipher_setkey,
- .encrypt = wrap_nettle_cipher_encrypt,
- .decrypt = wrap_nettle_cipher_decrypt,
- .deinit = wrap_nettle_cipher_close,
- .auth = wrap_nettle_cipher_auth,
- .tag = wrap_nettle_cipher_tag,
+ .init = wrap_nettle_cipher_init,
+ .exists = wrap_nettle_cipher_exists,
+ .setiv = wrap_nettle_cipher_setiv,
+ .setkey = wrap_nettle_cipher_setkey,
+ .encrypt = wrap_nettle_cipher_encrypt,
+ .decrypt = wrap_nettle_cipher_decrypt,
+ .deinit = wrap_nettle_cipher_close,
+ .auth = wrap_nettle_cipher_auth,
+ .tag = wrap_nettle_cipher_tag,
};
diff --git a/lib/nettle/egd.c b/lib/nettle/egd.c
index dc0bd2373e..19b0302f68 100644
--- a/lib/nettle/egd.c
+++ b/lib/nettle/egd.c
@@ -38,9 +38,9 @@
#include <gnutls_errors.h>
#ifdef AF_UNIX
-# define LOCAL_SOCKET_TYPE AF_UNIX
+#define LOCAL_SOCKET_TYPE AF_UNIX
#else
-# define LOCAL_SOCKET_TYPE AF_LOCAL
+#define LOCAL_SOCKET_TYPE AF_LOCAL
#endif
#ifndef offsetof
@@ -49,141 +49,125 @@
static int egd_socket = -1;
-static int
-do_write (int fd, void *buf, size_t nbytes)
+static int do_write(int fd, void *buf, size_t nbytes)
{
- size_t nleft = nbytes;
- int nwritten;
-
- while (nleft > 0)
- {
- nwritten = write (fd, buf, nleft);
- if (nwritten < 0)
- {
- if (errno == EINTR)
- continue;
- return -1;
- }
- nleft -= nwritten;
- buf = (char *) buf + nwritten;
- }
- return 0;
+ size_t nleft = nbytes;
+ int nwritten;
+
+ while (nleft > 0) {
+ nwritten = write(fd, buf, nleft);
+ if (nwritten < 0) {
+ if (errno == EINTR)
+ continue;
+ return -1;
+ }
+ nleft -= nwritten;
+ buf = (char *) buf + nwritten;
+ }
+ return 0;
}
-static int
-do_read (int fd, void *buf, size_t nbytes)
+static int do_read(int fd, void *buf, size_t nbytes)
{
- int n;
- size_t nread = 0;
-
- do
- {
- do
- {
- n = read (fd, (char *) buf + nread, nbytes);
- }
- while (n == -1 && errno == EINTR);
- if (n == -1)
- {
- if (nread > 0)
- return nread;
- else return -1;
- }
- if (n == 0)
- return -1;
- nread += n;
- nbytes -= n;
- }
- while (nread < nbytes);
- return nread;
+ int n;
+ size_t nread = 0;
+
+ do {
+ do {
+ n = read(fd, (char *) buf + nread, nbytes);
+ }
+ while (n == -1 && errno == EINTR);
+ if (n == -1) {
+ if (nread > 0)
+ return nread;
+ else
+ return -1;
+ }
+ if (n == 0)
+ return -1;
+ nread += n;
+ nbytes -= n;
+ }
+ while (nread < nbytes);
+ return nread;
}
static const char *egd_names[] = {
- "/var/run/egd-pool",
- "/dev/egd-pool",
- "/etc/egd-pool",
- "/etc/entropy",
- "/var/run/entropy",
- "/dev/entropy",
- NULL
+ "/var/run/egd-pool",
+ "/dev/egd-pool",
+ "/etc/egd-pool",
+ "/etc/entropy",
+ "/var/run/entropy",
+ "/dev/entropy",
+ NULL
};
-static const char *
-find_egd_name (void)
+static const char *find_egd_name(void)
{
- int i = 0;
- struct stat st;
+ int i = 0;
+ struct stat st;
- do
- {
- if (stat (egd_names[i], &st) != 0)
- continue;
+ do {
+ if (stat(egd_names[i], &st) != 0)
+ continue;
- if (st.st_mode & S_IFSOCK)
- { /* found */
- return egd_names[i];
- }
+ if (st.st_mode & S_IFSOCK) { /* found */
+ return egd_names[i];
+ }
- }
- while (egd_names[++i] != NULL);
+ }
+ while (egd_names[++i] != NULL);
- return NULL;
+ return NULL;
}
/* Connect to the EGD and return the file descriptor. Return -1 on
error. With NOFAIL set to true, silently fail and return the
error, otherwise print an error message and die. */
-int
-_rndegd_connect_socket (void)
+int _rndegd_connect_socket(void)
{
- int fd;
- const char *name;
- struct sockaddr_un addr;
- int addr_len;
-
- if (egd_socket != -1)
- {
- close (egd_socket);
- egd_socket = -1;
- }
-
- name = find_egd_name ();
- if (name == NULL)
- {
- _gnutls_debug_log ("Could not detect an egd device.\n");
- return -1;
- }
-
- if (strlen (name) + 1 >= sizeof addr.sun_path)
- {
- _gnutls_debug_log ("EGD socketname is too long\n");
- return -1;
- }
-
- memset (&addr, 0, sizeof addr);
- addr.sun_family = LOCAL_SOCKET_TYPE;
- _gnutls_str_cpy (addr.sun_path, sizeof(addr.sun_path), name);
- addr_len = (offsetof (struct sockaddr_un, sun_path)
- + strlen (addr.sun_path));
-
- fd = socket (LOCAL_SOCKET_TYPE, SOCK_STREAM, 0);
- if (fd == -1)
- {
- _gnutls_debug_log ("can't create unix domain socket: %s\n",
- strerror (errno));
- return -1;
- }
- else if (connect (fd, (struct sockaddr *) &addr, addr_len) == -1)
- {
- _gnutls_debug_log ("can't connect to EGD socket `%s': %s\n",
- name, strerror (errno));
- close (fd);
- fd = -1;
- }
-
- if (fd != -1)
- egd_socket = fd;
- return fd;
+ int fd;
+ const char *name;
+ struct sockaddr_un addr;
+ int addr_len;
+
+ if (egd_socket != -1) {
+ close(egd_socket);
+ egd_socket = -1;
+ }
+
+ name = find_egd_name();
+ if (name == NULL) {
+ _gnutls_debug_log("Could not detect an egd device.\n");
+ return -1;
+ }
+
+ if (strlen(name) + 1 >= sizeof addr.sun_path) {
+ _gnutls_debug_log("EGD socketname is too long\n");
+ return -1;
+ }
+
+ memset(&addr, 0, sizeof addr);
+ addr.sun_family = LOCAL_SOCKET_TYPE;
+ _gnutls_str_cpy(addr.sun_path, sizeof(addr.sun_path), name);
+ addr_len = (offsetof(struct sockaddr_un, sun_path)
+ + strlen(addr.sun_path));
+
+ fd = socket(LOCAL_SOCKET_TYPE, SOCK_STREAM, 0);
+ if (fd == -1) {
+ _gnutls_debug_log("can't create unix domain socket: %s\n",
+ strerror(errno));
+ return -1;
+ } else if (connect(fd, (struct sockaddr *) &addr, addr_len) == -1) {
+ _gnutls_debug_log("can't connect to EGD socket `%s': %s\n",
+ name, strerror(errno));
+ close(fd);
+ fd = -1;
+ }
+
+ if (fd != -1)
+ egd_socket = fd;
+ return fd;
}
/****************
@@ -194,91 +178,90 @@ _rndegd_connect_socket (void)
* Using a level of 0 should never block and better add nothing
* to the pool. So this is just a dummy for EGD.
*/
-int
-_rndegd_read (int *fd, void *_output, size_t _length)
+int _rndegd_read(int *fd, void *_output, size_t _length)
{
- ssize_t n;
- uint8_t buffer[256 + 2];
- int nbytes;
- int do_restart = 0;
- unsigned char *output = _output;
- ssize_t length = (ssize_t)_length;
-
- if (!length)
- return 0;
-
-restart:
- if (*fd == -1 || do_restart)
- *fd = _rndegd_connect_socket ();
-
- do_restart = 0;
-
- nbytes = length < 255 ? length : 255;
- /* First time we do it with a non blocking request */
- buffer[0] = 1; /* non blocking */
- buffer[1] = nbytes;
-
- if (do_write (*fd, buffer, 2) == -1)
- _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno));
-
- n = do_read (*fd, buffer, 1);
- if (n == -1)
- {
- _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
- do_restart = 1;
- goto restart;
- }
-
- n = buffer[0];
- if (n)
- {
- n = do_read (*fd, buffer, n);
- if (n == -1)
- {
- _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
- do_restart = 1;
- goto restart;
- }
-
- if (n > length)
- {
- _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
- n = length;
- }
-
- memcpy (output, buffer, n);
- output += n;
- length -= n;
- }
-
- while (length)
- {
- nbytes = length < 255 ? length : 255;
-
- buffer[0] = 2; /* blocking */
- buffer[1] = nbytes;
- if (do_write (*fd, buffer, 2) == -1)
- _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno));
- n = do_read (*fd, buffer, nbytes);
- if (n == -1)
- {
- _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
- do_restart = 1;
- goto restart;
- }
-
- if (n > length)
- {
- _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
- n = length;
- }
-
- memcpy (output, buffer, n);
- output += n;
- length -= n;
- }
-
- return _length; /* success */
+ ssize_t n;
+ uint8_t buffer[256 + 2];
+ int nbytes;
+ int do_restart = 0;
+ unsigned char *output = _output;
+ ssize_t length = (ssize_t) _length;
+
+ if (!length)
+ return 0;
+
+ restart:
+ if (*fd == -1 || do_restart)
+ *fd = _rndegd_connect_socket();
+
+ do_restart = 0;
+
+ nbytes = length < 255 ? length : 255;
+ /* First time we do it with a non blocking request */
+ buffer[0] = 1; /* non blocking */
+ buffer[1] = nbytes;
+
+ if (do_write(*fd, buffer, 2) == -1)
+ _gnutls_debug_log("can't write to the EGD: %s\n",
+ strerror(errno));
+
+ n = do_read(*fd, buffer, 1);
+ if (n == -1) {
+ _gnutls_debug_log("read error on EGD: %s\n",
+ strerror(errno));
+ do_restart = 1;
+ goto restart;
+ }
+
+ n = buffer[0];
+ if (n) {
+ n = do_read(*fd, buffer, n);
+ if (n == -1) {
+ _gnutls_debug_log("read error on EGD: %s\n",
+ strerror(errno));
+ do_restart = 1;
+ goto restart;
+ }
+
+ if (n > length) {
+ _gnutls_debug_log
+ ("read error on EGD: returned more bytes!\n");
+ n = length;
+ }
+
+ memcpy(output, buffer, n);
+ output += n;
+ length -= n;
+ }
+
+ while (length) {
+ nbytes = length < 255 ? length : 255;
+
+ buffer[0] = 2; /* blocking */
+ buffer[1] = nbytes;
+ if (do_write(*fd, buffer, 2) == -1)
+ _gnutls_debug_log("can't write to the EGD: %s\n",
+ strerror(errno));
+ n = do_read(*fd, buffer, nbytes);
+ if (n == -1) {
+ _gnutls_debug_log("read error on EGD: %s\n",
+ strerror(errno));
+ do_restart = 1;
+ goto restart;
+ }
+
+ if (n > length) {
+ _gnutls_debug_log
+ ("read error on EGD: returned more bytes!\n");
+ n = length;
+ }
+
+ memcpy(output, buffer, n);
+ output += n;
+ length -= n;
+ }
+
+ return _length; /* success */
}
#endif
diff --git a/lib/nettle/egd.h b/lib/nettle/egd.h
index d440852f70..2239143a3a 100644
--- a/lib/nettle/egd.h
+++ b/lib/nettle/egd.h
@@ -18,5 +18,5 @@
*
*/
-int _rndegd_read (int *fd, void *output, size_t length);
-int _rndegd_connect_socket (void);
+int _rndegd_read(int *fd, void *output, size_t length);
+int _rndegd_connect_socket(void);
diff --git a/lib/nettle/gcm-camellia.c b/lib/nettle/gcm-camellia.c
index 45d31fea6d..cebb476635 100644
--- a/lib/nettle/gcm-camellia.c
+++ b/lib/nettle/gcm-camellia.c
@@ -26,7 +26,7 @@
*/
#if HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <nettle/gcm.h>
@@ -34,42 +34,45 @@
#include <gcm-camellia.h>
void
-_gcm_camellia_set_key(struct _gcm_camellia_ctx *ctx, unsigned length, const uint8_t *key)
+_gcm_camellia_set_key(struct _gcm_camellia_ctx *ctx, unsigned length,
+ const uint8_t * key)
{
- GCM_SET_KEY(ctx, camellia_set_encrypt_key, camellia_crypt, length, key);
+ GCM_SET_KEY(ctx, camellia_set_encrypt_key, camellia_crypt, length,
+ key);
}
void
_gcm_camellia_set_iv(struct _gcm_camellia_ctx *ctx,
- unsigned length, const uint8_t *iv)
+ unsigned length, const uint8_t * iv)
{
- GCM_SET_IV(ctx, length, iv);
+ GCM_SET_IV(ctx, length, iv);
}
void
-_gcm_camellia_update(struct _gcm_camellia_ctx *ctx, unsigned length, const uint8_t *data)
+_gcm_camellia_update(struct _gcm_camellia_ctx *ctx, unsigned length,
+ const uint8_t * data)
{
- GCM_UPDATE(ctx, length, data);
+ GCM_UPDATE(ctx, length, data);
}
void
_gcm_camellia_encrypt(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src)
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
- GCM_ENCRYPT(ctx, camellia_crypt, length, dst, src);
+ GCM_ENCRYPT(ctx, camellia_crypt, length, dst, src);
}
void
_gcm_camellia_decrypt(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src)
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
- GCM_DECRYPT(ctx, camellia_crypt, length, dst, src);
+ GCM_DECRYPT(ctx, camellia_crypt, length, dst, src);
}
void
_gcm_camellia_digest(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *digest)
+ unsigned length, uint8_t * digest)
{
- GCM_DIGEST(ctx, camellia_crypt, length, digest);
-
+ GCM_DIGEST(ctx, camellia_crypt, length, digest);
+
}
diff --git a/lib/nettle/gcm-camellia.h b/lib/nettle/gcm-camellia.h
index 415562131d..0baabb1d95 100644
--- a/lib/nettle/gcm-camellia.h
+++ b/lib/nettle/gcm-camellia.h
@@ -24,13 +24,15 @@
struct _gcm_camellia_ctx GCM_CTX(struct camellia_ctx);
-void _gcm_camellia_set_key(struct _gcm_camellia_ctx *ctx, unsigned length, const uint8_t *key);
-void _gcm_camellia_set_iv(struct _gcm_camellia_ctx *ctx,
- unsigned length, const uint8_t *iv);
-void _gcm_camellia_update(struct _gcm_camellia_ctx *ctx, unsigned length, const uint8_t *data);
-void _gcm_camellia_encrypt(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src);
-void _gcm_camellia_decrypt(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *dst, const uint8_t *src);
-void _gcm_camellia_digest(struct _gcm_camellia_ctx *ctx,
- unsigned length, uint8_t *digest);
+void _gcm_camellia_set_key(struct _gcm_camellia_ctx *ctx, unsigned length,
+ const uint8_t * key);
+void _gcm_camellia_set_iv(struct _gcm_camellia_ctx *ctx, unsigned length,
+ const uint8_t * iv);
+void _gcm_camellia_update(struct _gcm_camellia_ctx *ctx, unsigned length,
+ const uint8_t * data);
+void _gcm_camellia_encrypt(struct _gcm_camellia_ctx *ctx, unsigned length,
+ uint8_t * dst, const uint8_t * src);
+void _gcm_camellia_decrypt(struct _gcm_camellia_ctx *ctx, unsigned length,
+ uint8_t * dst, const uint8_t * src);
+void _gcm_camellia_digest(struct _gcm_camellia_ctx *ctx, unsigned length,
+ uint8_t * digest);
diff --git a/lib/nettle/init.c b/lib/nettle/init.c
index 0799d33bfc..4f75859403 100644
--- a/lib/nettle/init.c
+++ b/lib/nettle/init.c
@@ -28,16 +28,14 @@
/* Functions that refer to the initialization of the nettle library.
*/
-int
-gnutls_crypto_init (void)
+int gnutls_crypto_init(void)
{
- return 0;
+ return 0;
}
/* Functions that refer to the deinitialization of the nettle library.
*/
-void
-gnutls_crypto_deinit (void)
+void gnutls_crypto_deinit(void)
{
}
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index ae73256b1b..a2e68811fd 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -37,432 +37,418 @@ typedef void (*digest_func) (void *, unsigned, uint8_t *);
typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
typedef void (*set_nonce_func) (void *, unsigned, const uint8_t *);
-static int wrap_nettle_hash_init (gnutls_digest_algorithm_t algo, void **_ctx);
-
-struct nettle_hash_ctx
-{
- union
- {
- struct md5_ctx md5;
- struct md2_ctx md2;
- struct sha224_ctx sha224;
- struct sha256_ctx sha256;
- struct sha384_ctx sha384;
- struct sha512_ctx sha512;
- struct sha1_ctx sha1;
- } ctx;
- void *ctx_ptr;
- gnutls_digest_algorithm_t algo;
- size_t length;
- update_func update;
- digest_func digest;
+static int wrap_nettle_hash_init(gnutls_digest_algorithm_t algo,
+ void **_ctx);
+
+struct nettle_hash_ctx {
+ union {
+ struct md5_ctx md5;
+ struct md2_ctx md2;
+ struct sha224_ctx sha224;
+ struct sha256_ctx sha256;
+ struct sha384_ctx sha384;
+ struct sha512_ctx sha512;
+ struct sha1_ctx sha1;
+ } ctx;
+ void *ctx_ptr;
+ gnutls_digest_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
};
-struct nettle_mac_ctx
-{
- union
- {
- struct hmac_md5_ctx md5;
- struct hmac_sha224_ctx sha224;
- struct hmac_sha256_ctx sha256;
- struct hmac_sha384_ctx sha384;
- struct hmac_sha512_ctx sha512;
- struct hmac_sha1_ctx sha1;
- struct umac96_ctx umac96;
- struct umac128_ctx umac128;
- } ctx;
-
- void *ctx_ptr;
- gnutls_mac_algorithm_t algo;
- size_t length;
- update_func update;
- digest_func digest;
- set_key_func set_key;
- set_nonce_func set_nonce;
+struct nettle_mac_ctx {
+ union {
+ struct hmac_md5_ctx md5;
+ struct hmac_sha224_ctx sha224;
+ struct hmac_sha256_ctx sha256;
+ struct hmac_sha384_ctx sha384;
+ struct hmac_sha512_ctx sha512;
+ struct hmac_sha1_ctx sha1;
+ struct umac96_ctx umac96;
+ struct umac128_ctx umac128;
+ } ctx;
+
+ void *ctx_ptr;
+ gnutls_mac_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
+ set_key_func set_key;
+ set_nonce_func set_nonce;
};
static void
-_wrap_umac96_set_key(void* ctx, unsigned len, const uint8_t* key)
+_wrap_umac96_set_key(void *ctx, unsigned len, const uint8_t * key)
{
if (unlikely(len != 16))
- abort();
+ abort();
umac96_set_key(ctx, key);
}
static void
-_wrap_umac128_set_key(void* ctx, unsigned len, const uint8_t* key)
+_wrap_umac128_set_key(void *ctx, unsigned len, const uint8_t * key)
{
if (unlikely(len != 16))
- abort();
+ abort();
umac128_set_key(ctx, key);
}
-static int _mac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_mac_ctx *ctx)
+static int _mac_ctx_init(gnutls_mac_algorithm_t algo,
+ struct nettle_mac_ctx *ctx)
{
- ctx->set_nonce = NULL;
- switch (algo)
- {
- case GNUTLS_MAC_MD5:
- ctx->update = (update_func) hmac_md5_update;
- ctx->digest = (digest_func) hmac_md5_digest;
- ctx->set_key = (set_key_func) hmac_md5_set_key;
- ctx->ctx_ptr = &ctx->ctx.md5;
- ctx->length = MD5_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA1:
- ctx->update = (update_func) hmac_sha1_update;
- ctx->digest = (digest_func) hmac_sha1_digest;
- ctx->set_key = (set_key_func) hmac_sha1_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha1;
- ctx->length = SHA1_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA224:
- ctx->update = (update_func) hmac_sha224_update;
- ctx->digest = (digest_func) hmac_sha224_digest;
- ctx->set_key = (set_key_func) hmac_sha224_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA256:
- ctx->update = (update_func) hmac_sha256_update;
- ctx->digest = (digest_func) hmac_sha256_digest;
- ctx->set_key = (set_key_func) hmac_sha256_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha256;
- ctx->length = SHA256_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA384:
- ctx->update = (update_func) hmac_sha384_update;
- ctx->digest = (digest_func) hmac_sha384_digest;
- ctx->set_key = (set_key_func) hmac_sha384_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha384;
- ctx->length = SHA384_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_SHA512:
- ctx->update = (update_func) hmac_sha512_update;
- ctx->digest = (digest_func) hmac_sha512_digest;
- ctx->set_key = (set_key_func) hmac_sha512_set_key;
- ctx->ctx_ptr = &ctx->ctx.sha512;
- ctx->length = SHA512_DIGEST_SIZE;
- break;
- case GNUTLS_MAC_UMAC_96:
- ctx->update = (update_func) umac96_update;
- ctx->digest = (digest_func) umac96_digest;
- ctx->set_key = _wrap_umac96_set_key;
- ctx->set_nonce = (set_nonce_func) umac96_set_nonce;
- ctx->ctx_ptr = &ctx->ctx.umac96;
- ctx->length = 12;
- break;
- case GNUTLS_MAC_UMAC_128:
- ctx->update = (update_func) umac128_update;
- ctx->digest = (digest_func) umac128_digest;
- ctx->set_key = _wrap_umac128_set_key;
- ctx->set_nonce = (set_nonce_func) umac128_set_nonce;
- ctx->ctx_ptr = &ctx->ctx.umac128;
- ctx->length = 16;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ ctx->set_nonce = NULL;
+ switch (algo) {
+ case GNUTLS_MAC_MD5:
+ ctx->update = (update_func) hmac_md5_update;
+ ctx->digest = (digest_func) hmac_md5_digest;
+ ctx->set_key = (set_key_func) hmac_md5_set_key;
+ ctx->ctx_ptr = &ctx->ctx.md5;
+ ctx->length = MD5_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA1:
+ ctx->update = (update_func) hmac_sha1_update;
+ ctx->digest = (digest_func) hmac_sha1_digest;
+ ctx->set_key = (set_key_func) hmac_sha1_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA224:
+ ctx->update = (update_func) hmac_sha224_update;
+ ctx->digest = (digest_func) hmac_sha224_digest;
+ ctx->set_key = (set_key_func) hmac_sha224_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA256:
+ ctx->update = (update_func) hmac_sha256_update;
+ ctx->digest = (digest_func) hmac_sha256_digest;
+ ctx->set_key = (set_key_func) hmac_sha256_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA384:
+ ctx->update = (update_func) hmac_sha384_update;
+ ctx->digest = (digest_func) hmac_sha384_digest;
+ ctx->set_key = (set_key_func) hmac_sha384_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA512:
+ ctx->update = (update_func) hmac_sha512_update;
+ ctx->digest = (digest_func) hmac_sha512_digest;
+ ctx->set_key = (set_key_func) hmac_sha512_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_UMAC_96:
+ ctx->update = (update_func) umac96_update;
+ ctx->digest = (digest_func) umac96_digest;
+ ctx->set_key = _wrap_umac96_set_key;
+ ctx->set_nonce = (set_nonce_func) umac96_set_nonce;
+ ctx->ctx_ptr = &ctx->ctx.umac96;
+ ctx->length = 12;
+ break;
+ case GNUTLS_MAC_UMAC_128:
+ ctx->update = (update_func) umac128_update;
+ ctx->digest = (digest_func) umac128_digest;
+ ctx->set_key = _wrap_umac128_set_key;
+ ctx->set_nonce = (set_nonce_func) umac128_set_nonce;
+ ctx->ctx_ptr = &ctx->ctx.umac128;
+ ctx->length = 16;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
-static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo,
- const void* nonce, size_t nonce_size,
- const void *key, size_t key_size,
- const void* text, size_t text_size,
- void* digest)
+static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo,
+ const void *nonce, size_t nonce_size,
+ const void *key, size_t key_size,
+ const void *text, size_t text_size,
+ void *digest)
{
- struct nettle_mac_ctx ctx;
- int ret;
-
- ret = _mac_ctx_init(algo, &ctx);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (ctx.set_nonce)
- ctx.set_nonce (&ctx, nonce_size, nonce);
- ctx.set_key (&ctx, key_size, key);
- ctx.update (&ctx, text_size, text);
- ctx.digest (&ctx, ctx.length, digest);
-
- return 0;
+ struct nettle_mac_ctx ctx;
+ int ret;
+
+ ret = _mac_ctx_init(algo, &ctx);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (ctx.set_nonce)
+ ctx.set_nonce(&ctx, nonce_size, nonce);
+ ctx.set_key(&ctx, key_size, key);
+ ctx.update(&ctx, text_size, text);
+ ctx.digest(&ctx, ctx.length, digest);
+
+ return 0;
}
static int wrap_nettle_mac_exists(gnutls_mac_algorithm_t algo)
{
- switch (algo)
- {
- case GNUTLS_MAC_MD5:
- case GNUTLS_MAC_SHA1:
- case GNUTLS_MAC_SHA224:
- case GNUTLS_MAC_SHA256:
- case GNUTLS_MAC_SHA384:
- case GNUTLS_MAC_SHA512:
- case GNUTLS_MAC_UMAC_96:
- case GNUTLS_MAC_UMAC_128:
- return 1;
- default:
- return 0;
- }
+ switch (algo) {
+ case GNUTLS_MAC_MD5:
+ case GNUTLS_MAC_SHA1:
+ case GNUTLS_MAC_SHA224:
+ case GNUTLS_MAC_SHA256:
+ case GNUTLS_MAC_SHA384:
+ case GNUTLS_MAC_SHA512:
+ case GNUTLS_MAC_UMAC_96:
+ case GNUTLS_MAC_UMAC_128:
+ return 1;
+ default:
+ return 0;
+ }
}
-static int
-wrap_nettle_mac_init (gnutls_mac_algorithm_t algo, void **_ctx)
+static int wrap_nettle_mac_init(gnutls_mac_algorithm_t algo, void **_ctx)
{
- struct nettle_mac_ctx *ctx;
- int ret;
+ struct nettle_mac_ctx *ctx;
+ int ret;
- ctx = gnutls_calloc (1, sizeof (struct nettle_mac_ctx));
- if (ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ctx = gnutls_calloc(1, sizeof(struct nettle_mac_ctx));
+ if (ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx->algo = algo;
+ ctx->algo = algo;
- ret = _mac_ctx_init(algo, ctx);
- if (ret < 0)
- {
- gnutls_free(ctx);
- return gnutls_assert_val(ret);
- }
+ ret = _mac_ctx_init(algo, ctx);
+ if (ret < 0) {
+ gnutls_free(ctx);
+ return gnutls_assert_val(ret);
+ }
- *_ctx = ctx;
+ *_ctx = ctx;
- return 0;
+ return 0;
}
static int
-wrap_nettle_mac_set_key (void *_ctx, const void *key, size_t keylen)
+wrap_nettle_mac_set_key(void *_ctx, const void *key, size_t keylen)
{
- struct nettle_mac_ctx *ctx = _ctx;
+ struct nettle_mac_ctx *ctx = _ctx;
- ctx->set_key (ctx->ctx_ptr, keylen, key);
- return 0;
+ ctx->set_key(ctx->ctx_ptr, keylen, key);
+ return 0;
}
static int
-wrap_nettle_mac_set_nonce (void *_ctx, const void *nonce, size_t noncelen)
+wrap_nettle_mac_set_nonce(void *_ctx, const void *nonce, size_t noncelen)
{
- struct nettle_mac_ctx *ctx = _ctx;
-
- if (ctx->set_nonce == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ struct nettle_mac_ctx *ctx = _ctx;
- ctx->set_nonce (ctx->ctx_ptr, noncelen, nonce);
+ if (ctx->set_nonce == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return GNUTLS_E_SUCCESS;
+ ctx->set_nonce(ctx->ctx_ptr, noncelen, nonce);
+
+ return GNUTLS_E_SUCCESS;
}
static int
-wrap_nettle_mac_update (void *_ctx, const void *text, size_t textsize)
+wrap_nettle_mac_update(void *_ctx, const void *text, size_t textsize)
{
- struct nettle_mac_ctx *ctx = _ctx;
+ struct nettle_mac_ctx *ctx = _ctx;
- ctx->update (ctx->ctx_ptr, textsize, text);
+ ctx->update(ctx->ctx_ptr, textsize, text);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
static int
-wrap_nettle_mac_output (void *src_ctx, void *digest, size_t digestsize)
+wrap_nettle_mac_output(void *src_ctx, void *digest, size_t digestsize)
{
- struct nettle_mac_ctx *ctx;
- ctx = src_ctx;
+ struct nettle_mac_ctx *ctx;
+ ctx = src_ctx;
- if (digestsize < ctx->length)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (digestsize < ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- ctx->digest (ctx->ctx_ptr, digestsize, digest);
+ ctx->digest(ctx->ctx_ptr, digestsize, digest);
- return 0;
+ return 0;
}
-static void
-wrap_nettle_mac_deinit (void *hd)
+static void wrap_nettle_mac_deinit(void *hd)
{
- gnutls_free (hd);
+ gnutls_free(hd);
}
/* Hash functions
*/
static int
-wrap_nettle_hash_update (void *_ctx, const void *text, size_t textsize)
+wrap_nettle_hash_update(void *_ctx, const void *text, size_t textsize)
{
- struct nettle_hash_ctx *ctx = _ctx;
+ struct nettle_hash_ctx *ctx = _ctx;
- ctx->update (ctx->ctx_ptr, textsize, text);
+ ctx->update(ctx->ctx_ptr, textsize, text);
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
-static void
-wrap_nettle_hash_deinit (void *hd)
+static void wrap_nettle_hash_deinit(void *hd)
{
- gnutls_free (hd);
+ gnutls_free(hd);
}
static int wrap_nettle_hash_exists(gnutls_digest_algorithm_t algo)
{
- switch (algo)
- {
- case GNUTLS_DIG_MD5:
- case GNUTLS_DIG_SHA1:
- case GNUTLS_DIG_MD2:
- case GNUTLS_DIG_SHA224:
- case GNUTLS_DIG_SHA256:
- case GNUTLS_DIG_SHA384:
- case GNUTLS_DIG_SHA512:
- return 1;
- default:
- return 0;
- }
+ switch (algo) {
+ case GNUTLS_DIG_MD5:
+ case GNUTLS_DIG_SHA1:
+ case GNUTLS_DIG_MD2:
+ case GNUTLS_DIG_SHA224:
+ case GNUTLS_DIG_SHA256:
+ case GNUTLS_DIG_SHA384:
+ case GNUTLS_DIG_SHA512:
+ return 1;
+ default:
+ return 0;
+ }
}
-static int _ctx_init(gnutls_digest_algorithm_t algo, struct nettle_hash_ctx *ctx)
+static int _ctx_init(gnutls_digest_algorithm_t algo,
+ struct nettle_hash_ctx *ctx)
{
- switch (algo)
- {
- case GNUTLS_DIG_MD5:
- md5_init (&ctx->ctx.md5);
- ctx->update = (update_func) md5_update;
- ctx->digest = (digest_func) md5_digest;
- ctx->ctx_ptr = &ctx->ctx.md5;
- ctx->length = MD5_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA1:
- sha1_init (&ctx->ctx.sha1);
- ctx->update = (update_func) sha1_update;
- ctx->digest = (digest_func) sha1_digest;
- ctx->ctx_ptr = &ctx->ctx.sha1;
- ctx->length = SHA1_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_MD2:
- md2_init (&ctx->ctx.md2);
- ctx->update = (update_func) md2_update;
- ctx->digest = (digest_func) md2_digest;
- ctx->ctx_ptr = &ctx->ctx.md2;
- ctx->length = MD2_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA224:
- sha224_init (&ctx->ctx.sha224);
- ctx->update = (update_func) sha224_update;
- ctx->digest = (digest_func) sha224_digest;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA256:
- sha256_init (&ctx->ctx.sha256);
- ctx->update = (update_func) sha256_update;
- ctx->digest = (digest_func) sha256_digest;
- ctx->ctx_ptr = &ctx->ctx.sha256;
- ctx->length = SHA256_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA384:
- sha384_init (&ctx->ctx.sha384);
- ctx->update = (update_func) sha384_update;
- ctx->digest = (digest_func) sha384_digest;
- ctx->ctx_ptr = &ctx->ctx.sha384;
- ctx->length = SHA384_DIGEST_SIZE;
- break;
- case GNUTLS_DIG_SHA512:
- sha512_init (&ctx->ctx.sha512);
- ctx->update = (update_func) sha512_update;
- ctx->digest = (digest_func) sha512_digest;
- ctx->ctx_ptr = &ctx->ctx.sha512;
- ctx->length = SHA512_DIGEST_SIZE;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ switch (algo) {
+ case GNUTLS_DIG_MD5:
+ md5_init(&ctx->ctx.md5);
+ ctx->update = (update_func) md5_update;
+ ctx->digest = (digest_func) md5_digest;
+ ctx->ctx_ptr = &ctx->ctx.md5;
+ ctx->length = MD5_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA1:
+ sha1_init(&ctx->ctx.sha1);
+ ctx->update = (update_func) sha1_update;
+ ctx->digest = (digest_func) sha1_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_MD2:
+ md2_init(&ctx->ctx.md2);
+ ctx->update = (update_func) md2_update;
+ ctx->digest = (digest_func) md2_digest;
+ ctx->ctx_ptr = &ctx->ctx.md2;
+ ctx->length = MD2_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA224:
+ sha224_init(&ctx->ctx.sha224);
+ ctx->update = (update_func) sha224_update;
+ ctx->digest = (digest_func) sha224_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA256:
+ sha256_init(&ctx->ctx.sha256);
+ ctx->update = (update_func) sha256_update;
+ ctx->digest = (digest_func) sha256_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA384:
+ sha384_init(&ctx->ctx.sha384);
+ ctx->update = (update_func) sha384_update;
+ ctx->digest = (digest_func) sha384_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA512:
+ sha512_init(&ctx->ctx.sha512);
+ ctx->update = (update_func) sha512_update;
+ ctx->digest = (digest_func) sha512_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
-static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo,
- const void* text, size_t text_size,
- void* digest)
+static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo,
+ const void *text, size_t text_size,
+ void *digest)
{
- struct nettle_hash_ctx ctx;
- int ret;
-
- ret = _ctx_init(algo, &ctx);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ctx.update (&ctx, text_size, text);
- ctx.digest (&ctx, ctx.length, digest);
-
- return 0;
+ struct nettle_hash_ctx ctx;
+ int ret;
+
+ ret = _ctx_init(algo, &ctx);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ctx.update(&ctx, text_size, text);
+ ctx.digest(&ctx, ctx.length, digest);
+
+ return 0;
}
static int
-wrap_nettle_hash_init (gnutls_digest_algorithm_t algo, void **_ctx)
+wrap_nettle_hash_init(gnutls_digest_algorithm_t algo, void **_ctx)
{
- struct nettle_hash_ctx *ctx;
- int ret;
+ struct nettle_hash_ctx *ctx;
+ int ret;
- ctx = gnutls_malloc (sizeof (struct nettle_hash_ctx));
- if (ctx == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ctx = gnutls_malloc(sizeof(struct nettle_hash_ctx));
+ if (ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ctx->algo = algo;
+ ctx->algo = algo;
- if ((ret=_ctx_init( algo, ctx)) < 0)
- {
- gnutls_assert ();
- gnutls_free(ctx);
- return ret;
- }
+ if ((ret = _ctx_init(algo, ctx)) < 0) {
+ gnutls_assert();
+ gnutls_free(ctx);
+ return ret;
+ }
- *_ctx = ctx;
+ *_ctx = ctx;
- return 0;
+ return 0;
}
static int
-wrap_nettle_hash_output (void *src_ctx, void *digest, size_t digestsize)
+wrap_nettle_hash_output(void *src_ctx, void *digest, size_t digestsize)
{
- struct nettle_hash_ctx *ctx;
- ctx = src_ctx;
+ struct nettle_hash_ctx *ctx;
+ ctx = src_ctx;
- if (digestsize < ctx->length)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (digestsize < ctx->length) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- ctx->digest (ctx->ctx_ptr, digestsize, digest);
+ ctx->digest(ctx->ctx_ptr, digestsize, digest);
- return 0;
+ return 0;
}
gnutls_crypto_mac_st _gnutls_mac_ops = {
- .init = wrap_nettle_mac_init,
- .setkey = wrap_nettle_mac_set_key,
- .setnonce = wrap_nettle_mac_set_nonce,
- .hash = wrap_nettle_mac_update,
- .output = wrap_nettle_mac_output,
- .deinit = wrap_nettle_mac_deinit,
- .fast = wrap_nettle_mac_fast,
- .exists = wrap_nettle_mac_exists,
+ .init = wrap_nettle_mac_init,
+ .setkey = wrap_nettle_mac_set_key,
+ .setnonce = wrap_nettle_mac_set_nonce,
+ .hash = wrap_nettle_mac_update,
+ .output = wrap_nettle_mac_output,
+ .deinit = wrap_nettle_mac_deinit,
+ .fast = wrap_nettle_mac_fast,
+ .exists = wrap_nettle_mac_exists,
};
gnutls_crypto_digest_st _gnutls_digest_ops = {
- .init = wrap_nettle_hash_init,
- .hash = wrap_nettle_hash_update,
- .output = wrap_nettle_hash_output,
- .deinit = wrap_nettle_hash_deinit,
- .fast = wrap_nettle_hash_fast,
- .exists = wrap_nettle_hash_exists,
+ .init = wrap_nettle_hash_init,
+ .hash = wrap_nettle_hash_update,
+ .output = wrap_nettle_hash_output,
+ .deinit = wrap_nettle_hash_deinit,
+ .fast = wrap_nettle_hash_fast,
+ .exists = wrap_nettle_hash_exists,
};
diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c
index 61729b94b6..994f84198c 100644
--- a/lib/nettle/mpi.c
+++ b/lib/nettle/mpi.c
@@ -36,379 +36,347 @@
#define TOMPZ(x) (*((mpz_t*)(x)))
static int
-wrap_nettle_mpi_print (const bigint_t a, void *buffer, size_t * nbytes,
- gnutls_bigint_format_t format)
+wrap_nettle_mpi_print(const bigint_t a, void *buffer, size_t * nbytes,
+ gnutls_bigint_format_t format)
{
- unsigned int size;
- mpz_t *p = (void *) a;
-
- if (format == GNUTLS_MPI_FORMAT_USG)
- {
- size = nettle_mpz_sizeinbase_256_u (*p);
- }
- else if (format == GNUTLS_MPI_FORMAT_STD)
- {
- size = nettle_mpz_sizeinbase_256_s (*p);
- }
- else if (format == GNUTLS_MPI_FORMAT_PGP)
- {
- size = nettle_mpz_sizeinbase_256_u (*p) + 2;
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (buffer == NULL || size > *nbytes)
- {
- *nbytes = size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (format == GNUTLS_MPI_FORMAT_PGP)
- {
- uint8_t *buf = buffer;
- unsigned int nbits = _gnutls_mpi_get_nbits (a);
- buf[0] = (nbits >> 8) & 0xff;
- buf[1] = (nbits) & 0xff;
- nettle_mpz_get_str_256 (size - 2, buf + 2, *p);
- }
- else
- {
- nettle_mpz_get_str_256 (size, buffer, *p);
- }
- *nbytes = size;
-
- return 0;
+ unsigned int size;
+ mpz_t *p = (void *) a;
+
+ if (format == GNUTLS_MPI_FORMAT_USG) {
+ size = nettle_mpz_sizeinbase_256_u(*p);
+ } else if (format == GNUTLS_MPI_FORMAT_STD) {
+ size = nettle_mpz_sizeinbase_256_s(*p);
+ } else if (format == GNUTLS_MPI_FORMAT_PGP) {
+ size = nettle_mpz_sizeinbase_256_u(*p) + 2;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (buffer == NULL || size > *nbytes) {
+ *nbytes = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (format == GNUTLS_MPI_FORMAT_PGP) {
+ uint8_t *buf = buffer;
+ unsigned int nbits = _gnutls_mpi_get_nbits(a);
+ buf[0] = (nbits >> 8) & 0xff;
+ buf[1] = (nbits) & 0xff;
+ nettle_mpz_get_str_256(size - 2, buf + 2, *p);
+ } else {
+ nettle_mpz_get_str_256(size, buffer, *p);
+ }
+ *nbytes = size;
+
+ return 0;
}
-static bigint_t
-wrap_nettle_mpi_new (int nbits)
+static bigint_t wrap_nettle_mpi_new(int nbits)
{
- mpz_t *p;
-
- p = gnutls_malloc (sizeof (*p));
- if (p == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
- if (nbits == 0)
- mpz_init(*p);
- else
- mpz_init2 (*p, nbits);
-
- return p;
+ mpz_t *p;
+
+ p = gnutls_malloc(sizeof(*p));
+ if (p == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+ if (nbits == 0)
+ mpz_init(*p);
+ else
+ mpz_init2(*p, nbits);
+
+ return p;
}
static bigint_t
-wrap_nettle_mpi_scan (const void *buffer, size_t nbytes,
- gnutls_bigint_format_t format)
+wrap_nettle_mpi_scan(const void *buffer, size_t nbytes,
+ gnutls_bigint_format_t format)
{
- bigint_t r = wrap_nettle_mpi_new (nbytes * 8);
-
- if (r == NULL)
- {
- gnutls_assert ();
- return r;
- }
-
- if (format == GNUTLS_MPI_FORMAT_USG)
- {
- nettle_mpz_set_str_256_u (TOMPZ (r), nbytes, buffer);
- }
- else if (format == GNUTLS_MPI_FORMAT_STD)
- {
- nettle_mpz_set_str_256_s (TOMPZ (r), nbytes, buffer);
- }
- else if (format == GNUTLS_MPI_FORMAT_PGP)
- {
- const uint8_t *buf = buffer;
- size_t size;
-
- if (nbytes < 3)
- {
- gnutls_assert ();
- goto fail;
- }
-
- size = (buf[0] << 8) | buf[1];
- size = (size + 7) / 8;
-
- if (size > nbytes - 2)
- {
- gnutls_assert ();
- goto fail;
- }
- nettle_mpz_set_str_256_u (TOMPZ (r), size, buf + 2);
- }
- else
- {
- gnutls_assert ();
- goto fail;
- }
-
- return r;
-fail:
- _gnutls_mpi_release (&r);
- return NULL;
+ bigint_t r = wrap_nettle_mpi_new(nbytes * 8);
+
+ if (r == NULL) {
+ gnutls_assert();
+ return r;
+ }
+
+ if (format == GNUTLS_MPI_FORMAT_USG) {
+ nettle_mpz_set_str_256_u(TOMPZ(r), nbytes, buffer);
+ } else if (format == GNUTLS_MPI_FORMAT_STD) {
+ nettle_mpz_set_str_256_s(TOMPZ(r), nbytes, buffer);
+ } else if (format == GNUTLS_MPI_FORMAT_PGP) {
+ const uint8_t *buf = buffer;
+ size_t size;
+
+ if (nbytes < 3) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ size = (buf[0] << 8) | buf[1];
+ size = (size + 7) / 8;
+
+ if (size > nbytes - 2) {
+ gnutls_assert();
+ goto fail;
+ }
+ nettle_mpz_set_str_256_u(TOMPZ(r), size, buf + 2);
+ } else {
+ gnutls_assert();
+ goto fail;
+ }
+
+ return r;
+ fail:
+ _gnutls_mpi_release(&r);
+ return NULL;
}
-static int
-wrap_nettle_mpi_cmp (const bigint_t u, const bigint_t v)
+static int wrap_nettle_mpi_cmp(const bigint_t u, const bigint_t v)
{
- mpz_t *i1 = u, *i2 = v;
+ mpz_t *i1 = u, *i2 = v;
- return mpz_cmp (*i1, *i2);
+ return mpz_cmp(*i1, *i2);
}
-static int
-wrap_nettle_mpi_cmp_ui (const bigint_t u, unsigned long v)
+static int wrap_nettle_mpi_cmp_ui(const bigint_t u, unsigned long v)
{
- mpz_t *i1 = u;
+ mpz_t *i1 = u;
- return mpz_cmp_ui (*i1, v);
+ return mpz_cmp_ui(*i1, v);
}
-static bigint_t
-wrap_nettle_mpi_set (bigint_t w, const bigint_t u)
+static bigint_t wrap_nettle_mpi_set(bigint_t w, const bigint_t u)
{
- mpz_t *i1, *i2 = u;
+ mpz_t *i1, *i2 = u;
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (u);
- i1 = w;
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like(u);
+ i1 = w;
- mpz_set (*i1, *i2);
+ mpz_set(*i1, *i2);
- return i1;
+ return i1;
}
-static bigint_t
-wrap_nettle_mpi_set_ui (bigint_t w, unsigned long u)
+static bigint_t wrap_nettle_mpi_set_ui(bigint_t w, unsigned long u)
{
- mpz_t *i1;
+ mpz_t *i1;
- if (w == NULL)
- w = wrap_nettle_mpi_new (32);
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(32);
- i1 = w;
+ i1 = w;
- mpz_set_ui (*i1, u);
+ mpz_set_ui(*i1, u);
- return i1;
+ return i1;
}
-static unsigned int
-wrap_nettle_mpi_get_nbits (bigint_t a)
+static unsigned int wrap_nettle_mpi_get_nbits(bigint_t a)
{
- return mpz_sizeinbase (TOMPZ( a), 2);
+ return mpz_sizeinbase(TOMPZ(a), 2);
}
-static void
-wrap_nettle_mpi_release (bigint_t a)
+static void wrap_nettle_mpi_release(bigint_t a)
{
- mpz_clear (TOMPZ( a));
- gnutls_free (a);
+ mpz_clear(TOMPZ(a));
+ gnutls_free(a);
}
-static void
-wrap_nettle_mpi_clear (bigint_t a)
+static void wrap_nettle_mpi_clear(bigint_t a)
{
- memset(TOMPZ(a)[0]._mp_d, 0, TOMPZ(a)[0]._mp_alloc*sizeof(mp_limb_t));
+ memset(TOMPZ(a)[0]._mp_d, 0,
+ TOMPZ(a)[0]._mp_alloc * sizeof(mp_limb_t));
}
-static bigint_t
-wrap_nettle_mpi_mod (const bigint_t a, const bigint_t b)
+static bigint_t wrap_nettle_mpi_mod(const bigint_t a, const bigint_t b)
{
- bigint_t r = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (b));
+ bigint_t r = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(b));
- if (r == NULL)
- return NULL;
+ if (r == NULL)
+ return NULL;
- mpz_mod (TOMPZ( r), TOMPZ( a), TOMPZ( b));
+ mpz_mod(TOMPZ(r), TOMPZ(a), TOMPZ(b));
- return r;
+ return r;
}
static bigint_t
-wrap_nettle_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e,
- const bigint_t m)
+wrap_nettle_mpi_powm(bigint_t w, const bigint_t b, const bigint_t e,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(m));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_powm (TOMPZ( w), TOMPZ( b), TOMPZ( e), TOMPZ( m));
+ mpz_powm(TOMPZ(w), TOMPZ(b), TOMPZ(e), TOMPZ(m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+wrap_nettle_mpi_addm(bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_add (TOMPZ( w), TOMPZ( b), TOMPZ( a));
- mpz_fdiv_r (TOMPZ( w), TOMPZ( w), TOMPZ( m));
+ mpz_add(TOMPZ(w), TOMPZ(b), TOMPZ(a));
+ mpz_fdiv_r(TOMPZ(w), TOMPZ(w), TOMPZ(m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+wrap_nettle_mpi_subm(bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_sub (TOMPZ( w), TOMPZ( a), TOMPZ( b));
- mpz_fdiv_r (TOMPZ( w), TOMPZ( w), TOMPZ( m));
+ mpz_sub(TOMPZ(w), TOMPZ(a), TOMPZ(b));
+ mpz_fdiv_r(TOMPZ(w), TOMPZ(w), TOMPZ(m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
+wrap_nettle_mpi_mulm(bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(m));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_mul (TOMPZ( w), TOMPZ( a), TOMPZ( b));
- mpz_fdiv_r (TOMPZ( w), TOMPZ( w), TOMPZ( m));
+ mpz_mul(TOMPZ(w), TOMPZ(a), TOMPZ(b));
+ mpz_fdiv_r(TOMPZ(w), TOMPZ(w), TOMPZ(m));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_add (bigint_t w, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_add(bigint_t w, const bigint_t a, const bigint_t b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (b));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(b));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_add (TOMPZ( w), TOMPZ( a), TOMPZ( b));
+ mpz_add(TOMPZ(w), TOMPZ(a), TOMPZ(b));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_sub (bigint_t w, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_sub(bigint_t w, const bigint_t a, const bigint_t b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_sub (TOMPZ( w), TOMPZ( a), TOMPZ( b));
+ mpz_sub(TOMPZ(w), TOMPZ(a), TOMPZ(b));
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_mul (bigint_t w, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_mul(bigint_t w, const bigint_t a, const bigint_t b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_mul (TOMPZ( w), TOMPZ( a), TOMPZ( b));
+ mpz_mul(TOMPZ(w), TOMPZ(a), TOMPZ(b));
- return w;
+ return w;
}
/* q = a / b */
static bigint_t
-wrap_nettle_mpi_div (bigint_t q, const bigint_t a, const bigint_t b)
+wrap_nettle_mpi_div(bigint_t q, const bigint_t a, const bigint_t b)
{
- if (q == NULL)
- q = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (q == NULL)
+ q = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (q == NULL)
- return NULL;
+ if (q == NULL)
+ return NULL;
- mpz_cdiv_q (TOMPZ( q), TOMPZ( a), TOMPZ( b));
+ mpz_cdiv_q(TOMPZ(q), TOMPZ(a), TOMPZ(b));
- return q;
+ return q;
}
static bigint_t
-wrap_nettle_mpi_add_ui (bigint_t w, const bigint_t a, unsigned long b)
+wrap_nettle_mpi_add_ui(bigint_t w, const bigint_t a, unsigned long b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_add_ui (TOMPZ( w), TOMPZ( a), b);
+ mpz_add_ui(TOMPZ(w), TOMPZ(a), b);
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_sub_ui (bigint_t w, const bigint_t a, unsigned long b)
+wrap_nettle_mpi_sub_ui(bigint_t w, const bigint_t a, unsigned long b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_sub_ui (TOMPZ( w), TOMPZ( a), b);
+ mpz_sub_ui(TOMPZ(w), TOMPZ(a), b);
- return w;
+ return w;
}
static bigint_t
-wrap_nettle_mpi_mul_ui (bigint_t w, const bigint_t a, unsigned long b)
+wrap_nettle_mpi_mul_ui(bigint_t w, const bigint_t a, unsigned long b)
{
- if (w == NULL)
- w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+ if (w == NULL)
+ w = wrap_nettle_mpi_new(wrap_nettle_mpi_get_nbits(a));
- if (w == NULL)
- return NULL;
+ if (w == NULL)
+ return NULL;
- mpz_mul_ui (TOMPZ( w), TOMPZ( a), b);
+ mpz_mul_ui(TOMPZ(w), TOMPZ(a), b);
- return w;
+ return w;
}
-static int
-wrap_nettle_prime_check (bigint_t pp)
+static int wrap_nettle_prime_check(bigint_t pp)
{
- int ret;
- ret = mpz_probab_prime_p (TOMPZ( pp), PRIME_CHECK_PARAM);
+ int ret;
+ ret = mpz_probab_prime_p(TOMPZ(pp), PRIME_CHECK_PARAM);
- if (ret > 0)
- {
- return 0;
- }
+ if (ret > 0) {
+ return 0;
+ }
- return GNUTLS_E_INTERNAL_ERROR; /* ignored */
+ return GNUTLS_E_INTERNAL_ERROR; /* ignored */
}
@@ -422,231 +390,219 @@ wrap_nettle_prime_check (bigint_t pp)
*
*/
inline static int
-gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits, unsigned int *q_bits)
+gen_group(mpz_t * prime, mpz_t * generator, unsigned int nbits,
+ unsigned int *q_bits)
{
- mpz_t q, w, r;
- unsigned int p_bytes = nbits / 8;
- uint8_t *buffer = NULL;
- unsigned int q_bytes, w_bytes, r_bytes, w_bits;
- int ret;
-
- /* security level enforcement.
- * Values for q are selected according to ECRYPT II recommendations.
- */
- q_bytes = _gnutls_pk_bits_to_subgroup_bits (nbits);
- q_bytes /= 8;
-
- if (q_bytes == 0 || q_bytes >= p_bytes)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (nbits % 8 != 0)
- p_bytes++;
-
- w_bits = nbits - q_bytes * 8;
- w_bytes = w_bits / 8;
- if (w_bits % 8 != 0)
- w_bytes++;
-
- _gnutls_debug_log
- ("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n",
- nbits, q_bytes * 8);
- buffer = gnutls_malloc (p_bytes); /* p_bytes > q_bytes */
- if (buffer == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- mpz_init (q);
- mpz_init (w);
- mpz_init (r);
-
- /* search for a prime. We are not that unlucky so search
- * forever.
- */
- for (;;)
- {
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, w_bytes);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- nettle_mpz_set_str_256_u (w, w_bytes, buffer);
- /* always odd */
- mpz_setbit (w, 0);
-
- ret = mpz_probab_prime_p (w, PRIME_CHECK_PARAM);
- if (ret > 0)
- {
- break;
- }
- }
-
- /* now generate q of size p_bytes - w_bytes */
-
- _gnutls_debug_log
- ("Found prime w of %u bits. Will look for q of %u bits...\n",
- wrap_nettle_mpi_get_nbits (&w), q_bytes*8);
-
- for (;;)
- {
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, q_bytes);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- nettle_mpz_set_str_256_u (q, q_bytes, buffer);
- /* always odd */
- mpz_setbit (q, 0);
-
- ret = mpz_probab_prime_p (q, PRIME_CHECK_PARAM);
- if (ret == 0)
- {
- continue;
- }
-
- /* check if 2wq+1 is prime */
- mpz_mul_ui (*prime, w, 2);
- mpz_mul (*prime, *prime, q);
- mpz_add_ui (*prime, *prime, 1);
-
- ret = mpz_probab_prime_p (*prime, PRIME_CHECK_PARAM);
- if (ret > 0)
- {
- break;
- }
- }
-
- *q_bits = wrap_nettle_mpi_get_nbits (&q);
- _gnutls_debug_log ("Found prime q of %u bits. Looking for generator...\n",
- *q_bits);
-
- /* finally a prime! Let's calculate generator
- */
-
- /* c = r^((p-1)/q), r == random
- * c = r^(2w)
- * if c!=1 c is the generator for the subgroup of order q-1
- *
- */
- r_bytes = p_bytes;
-
- mpz_mul_ui (w, w, 2); /* w = w*2 */
- mpz_fdiv_r (w, w, *prime);
-
- for (;;)
- {
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, buffer, r_bytes);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- nettle_mpz_set_str_256_u (r, r_bytes, buffer);
- mpz_fdiv_r (r, r, *prime);
-
- /* check if r^w mod n != 1 mod n */
- mpz_powm (*generator, r, w, *prime);
-
- if (mpz_cmp_ui (*generator, 1) == 0)
- continue;
- else
- break;
- }
-
- _gnutls_debug_log ("Found generator g of %u bits\n",
- wrap_nettle_mpi_get_nbits (generator));
- _gnutls_debug_log ("Prime n is %u bits\n",
- wrap_nettle_mpi_get_nbits (prime));
-
- ret = 0;
- goto exit;
-
-fail:
- mpz_clear (*prime);
- mpz_clear (*generator);
-
-exit:
- mpz_clear (q);
- mpz_clear (w);
- mpz_clear (r);
- gnutls_free (buffer);
-
- return ret;
+ mpz_t q, w, r;
+ unsigned int p_bytes = nbits / 8;
+ uint8_t *buffer = NULL;
+ unsigned int q_bytes, w_bytes, r_bytes, w_bits;
+ int ret;
+
+ /* security level enforcement.
+ * Values for q are selected according to ECRYPT II recommendations.
+ */
+ q_bytes = _gnutls_pk_bits_to_subgroup_bits(nbits);
+ q_bytes /= 8;
+
+ if (q_bytes == 0 || q_bytes >= p_bytes) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (nbits % 8 != 0)
+ p_bytes++;
+
+ w_bits = nbits - q_bytes * 8;
+ w_bytes = w_bits / 8;
+ if (w_bits % 8 != 0)
+ w_bytes++;
+
+ _gnutls_debug_log
+ ("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n",
+ nbits, q_bytes * 8);
+ buffer = gnutls_malloc(p_bytes); /* p_bytes > q_bytes */
+ if (buffer == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ mpz_init(q);
+ mpz_init(w);
+ mpz_init(r);
+
+ /* search for a prime. We are not that unlucky so search
+ * forever.
+ */
+ for (;;) {
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buffer, w_bytes);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ nettle_mpz_set_str_256_u(w, w_bytes, buffer);
+ /* always odd */
+ mpz_setbit(w, 0);
+
+ ret = mpz_probab_prime_p(w, PRIME_CHECK_PARAM);
+ if (ret > 0) {
+ break;
+ }
+ }
+
+ /* now generate q of size p_bytes - w_bytes */
+
+ _gnutls_debug_log
+ ("Found prime w of %u bits. Will look for q of %u bits...\n",
+ wrap_nettle_mpi_get_nbits(&w), q_bytes * 8);
+
+ for (;;) {
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buffer, q_bytes);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ nettle_mpz_set_str_256_u(q, q_bytes, buffer);
+ /* always odd */
+ mpz_setbit(q, 0);
+
+ ret = mpz_probab_prime_p(q, PRIME_CHECK_PARAM);
+ if (ret == 0) {
+ continue;
+ }
+
+ /* check if 2wq+1 is prime */
+ mpz_mul_ui(*prime, w, 2);
+ mpz_mul(*prime, *prime, q);
+ mpz_add_ui(*prime, *prime, 1);
+
+ ret = mpz_probab_prime_p(*prime, PRIME_CHECK_PARAM);
+ if (ret > 0) {
+ break;
+ }
+ }
+
+ *q_bits = wrap_nettle_mpi_get_nbits(&q);
+ _gnutls_debug_log
+ ("Found prime q of %u bits. Looking for generator...\n",
+ *q_bits);
+
+ /* finally a prime! Let's calculate generator
+ */
+
+ /* c = r^((p-1)/q), r == random
+ * c = r^(2w)
+ * if c!=1 c is the generator for the subgroup of order q-1
+ *
+ */
+ r_bytes = p_bytes;
+
+ mpz_mul_ui(w, w, 2); /* w = w*2 */
+ mpz_fdiv_r(w, w, *prime);
+
+ for (;;) {
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, buffer, r_bytes);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ nettle_mpz_set_str_256_u(r, r_bytes, buffer);
+ mpz_fdiv_r(r, r, *prime);
+
+ /* check if r^w mod n != 1 mod n */
+ mpz_powm(*generator, r, w, *prime);
+
+ if (mpz_cmp_ui(*generator, 1) == 0)
+ continue;
+ else
+ break;
+ }
+
+ _gnutls_debug_log("Found generator g of %u bits\n",
+ wrap_nettle_mpi_get_nbits(generator));
+ _gnutls_debug_log("Prime n is %u bits\n",
+ wrap_nettle_mpi_get_nbits(prime));
+
+ ret = 0;
+ goto exit;
+
+ fail:
+ mpz_clear(*prime);
+ mpz_clear(*generator);
+
+ exit:
+ mpz_clear(q);
+ mpz_clear(w);
+ mpz_clear(r);
+ gnutls_free(buffer);
+
+ return ret;
}
static int
-wrap_nettle_generate_group (gnutls_group_st * group, unsigned int bits)
+wrap_nettle_generate_group(gnutls_group_st * group, unsigned int bits)
{
- int ret;
- bigint_t p = wrap_nettle_mpi_new (bits);
- bigint_t g;
- unsigned int q_bits;
-
- if (p == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- g = wrap_nettle_mpi_new (bits);
- if (g == NULL)
- {
- gnutls_assert ();
- _gnutls_mpi_release (&p);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gen_group (p, g, bits, &q_bits);
- if (ret < 0)
- {
- _gnutls_mpi_release (&g);
- _gnutls_mpi_release (&p);
- gnutls_assert ();
- return ret;
- }
-
- group->p = p;
- group->g = g;
- group->q_bits = q_bits;
-
- return 0;
+ int ret;
+ bigint_t p = wrap_nettle_mpi_new(bits);
+ bigint_t g;
+ unsigned int q_bits;
+
+ if (p == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ g = wrap_nettle_mpi_new(bits);
+ if (g == NULL) {
+ gnutls_assert();
+ _gnutls_mpi_release(&p);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gen_group(p, g, bits, &q_bits);
+ if (ret < 0) {
+ _gnutls_mpi_release(&g);
+ _gnutls_mpi_release(&p);
+ gnutls_assert();
+ return ret;
+ }
+
+ group->p = p;
+ group->g = g;
+ group->q_bits = q_bits;
+
+ return 0;
}
int crypto_bigint_prio = INT_MAX;
gnutls_crypto_bigint_st _gnutls_mpi_ops = {
- .bigint_new = wrap_nettle_mpi_new,
- .bigint_cmp = wrap_nettle_mpi_cmp,
- .bigint_cmp_ui = wrap_nettle_mpi_cmp_ui,
- .bigint_mod = wrap_nettle_mpi_mod,
- .bigint_set = wrap_nettle_mpi_set,
- .bigint_set_ui = wrap_nettle_mpi_set_ui,
- .bigint_get_nbits = wrap_nettle_mpi_get_nbits,
- .bigint_powm = wrap_nettle_mpi_powm,
- .bigint_addm = wrap_nettle_mpi_addm,
- .bigint_subm = wrap_nettle_mpi_subm,
- .bigint_add = wrap_nettle_mpi_add,
- .bigint_sub = wrap_nettle_mpi_sub,
- .bigint_add_ui = wrap_nettle_mpi_add_ui,
- .bigint_sub_ui = wrap_nettle_mpi_sub_ui,
- .bigint_mul = wrap_nettle_mpi_mul,
- .bigint_mulm = wrap_nettle_mpi_mulm,
- .bigint_mul_ui = wrap_nettle_mpi_mul_ui,
- .bigint_div = wrap_nettle_mpi_div,
- .bigint_prime_check = wrap_nettle_prime_check,
- .bigint_release = wrap_nettle_mpi_release,
- .bigint_clear = wrap_nettle_mpi_clear,
- .bigint_print = wrap_nettle_mpi_print,
- .bigint_scan = wrap_nettle_mpi_scan,
- .bigint_generate_group = wrap_nettle_generate_group
+ .bigint_new = wrap_nettle_mpi_new,
+ .bigint_cmp = wrap_nettle_mpi_cmp,
+ .bigint_cmp_ui = wrap_nettle_mpi_cmp_ui,
+ .bigint_mod = wrap_nettle_mpi_mod,
+ .bigint_set = wrap_nettle_mpi_set,
+ .bigint_set_ui = wrap_nettle_mpi_set_ui,
+ .bigint_get_nbits = wrap_nettle_mpi_get_nbits,
+ .bigint_powm = wrap_nettle_mpi_powm,
+ .bigint_addm = wrap_nettle_mpi_addm,
+ .bigint_subm = wrap_nettle_mpi_subm,
+ .bigint_add = wrap_nettle_mpi_add,
+ .bigint_sub = wrap_nettle_mpi_sub,
+ .bigint_add_ui = wrap_nettle_mpi_add_ui,
+ .bigint_sub_ui = wrap_nettle_mpi_sub_ui,
+ .bigint_mul = wrap_nettle_mpi_mul,
+ .bigint_mulm = wrap_nettle_mpi_mulm,
+ .bigint_mul_ui = wrap_nettle_mpi_mul_ui,
+ .bigint_div = wrap_nettle_mpi_div,
+ .bigint_prime_check = wrap_nettle_prime_check,
+ .bigint_release = wrap_nettle_mpi_release,
+ .bigint_clear = wrap_nettle_mpi_clear,
+ .bigint_print = wrap_nettle_mpi_print,
+ .bigint_scan = wrap_nettle_mpi_scan,
+ .bigint_generate_group = wrap_nettle_generate_group
};
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index de578054c3..673495dcf0 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -49,1025 +49,1094 @@
static inline const struct ecc_curve *get_supported_curve(int curve);
-static void
-rnd_func (void *_ctx, unsigned length, uint8_t * data)
+static void rnd_func(void *_ctx, unsigned length, uint8_t * data)
{
- _gnutls_rnd (GNUTLS_RND_RANDOM, data, length);
+ _gnutls_rnd(GNUTLS_RND_RANDOM, data, length);
}
static void
-_dsa_params_to_pubkey (const gnutls_pk_params_st * pk_params,
- struct dsa_public_key *pub)
+_dsa_params_to_pubkey(const gnutls_pk_params_st * pk_params,
+ struct dsa_public_key *pub)
{
- memcpy (&pub->p, pk_params->params[0], sizeof (mpz_t));
- memcpy (&pub->q, pk_params->params[1], sizeof (mpz_t));
- memcpy (&pub->g, pk_params->params[2], sizeof (mpz_t));
- memcpy (&pub->y, pk_params->params[3], sizeof (mpz_t));
+ memcpy(&pub->p, pk_params->params[0], sizeof(mpz_t));
+ memcpy(&pub->q, pk_params->params[1], sizeof(mpz_t));
+ memcpy(&pub->g, pk_params->params[2], sizeof(mpz_t));
+ memcpy(&pub->y, pk_params->params[3], sizeof(mpz_t));
}
static void
-_dsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
- struct dsa_private_key *pub)
+_dsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
+ struct dsa_private_key *pub)
{
- memcpy (&pub->x, pk_params->params[4], sizeof (mpz_t));
+ memcpy(&pub->x, pk_params->params[4], sizeof(mpz_t));
}
static void
-_rsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
- struct rsa_private_key *priv)
+_rsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
+ struct rsa_private_key *priv)
{
- memcpy (&priv->d, pk_params->params[2], sizeof (mpz_t));
- memcpy (&priv->p, pk_params->params[3], sizeof (mpz_t));
- memcpy (&priv->q, pk_params->params[4], sizeof (mpz_t));
- memcpy (&priv->c, pk_params->params[5], sizeof (mpz_t));
- memcpy (&priv->a, pk_params->params[6], sizeof (mpz_t));
- memcpy (&priv->b, pk_params->params[7], sizeof (mpz_t));
- priv->size = nettle_mpz_sizeinbase_256_u(TOMPZ(pk_params->params[RSA_MODULUS]));
+ memcpy(&priv->d, pk_params->params[2], sizeof(mpz_t));
+ memcpy(&priv->p, pk_params->params[3], sizeof(mpz_t));
+ memcpy(&priv->q, pk_params->params[4], sizeof(mpz_t));
+ memcpy(&priv->c, pk_params->params[5], sizeof(mpz_t));
+ memcpy(&priv->a, pk_params->params[6], sizeof(mpz_t));
+ memcpy(&priv->b, pk_params->params[7], sizeof(mpz_t));
+ priv->size =
+ nettle_mpz_sizeinbase_256_u(TOMPZ
+ (pk_params->params[RSA_MODULUS]));
}
static void
-_rsa_params_to_pubkey (const gnutls_pk_params_st * pk_params,
- struct rsa_public_key *pub)
+_rsa_params_to_pubkey(const gnutls_pk_params_st * pk_params,
+ struct rsa_public_key *pub)
{
- memcpy (&pub->n, pk_params->params[RSA_MODULUS], sizeof (mpz_t));
- memcpy (&pub->e, pk_params->params[RSA_PUB], sizeof (mpz_t));
- pub->size = nettle_mpz_sizeinbase_256_u(pub->n);
+ memcpy(&pub->n, pk_params->params[RSA_MODULUS], sizeof(mpz_t));
+ memcpy(&pub->e, pk_params->params[RSA_PUB], sizeof(mpz_t));
+ pub->size = nettle_mpz_sizeinbase_256_u(pub->n);
}
static int
_ecc_params_to_privkey(const gnutls_pk_params_st * pk_params,
- struct ecc_scalar * priv, const struct ecc_curve *curve)
+ struct ecc_scalar *priv,
+ const struct ecc_curve *curve)
{
- ecc_scalar_init(priv, curve);
- if (ecc_scalar_set(priv, pk_params->params[ECC_K]) == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ ecc_scalar_init(priv, curve);
+ if (ecc_scalar_set(priv, pk_params->params[ECC_K]) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return 0;
+ return 0;
}
static int
_ecc_params_to_pubkey(const gnutls_pk_params_st * pk_params,
- struct ecc_point * pub, const struct ecc_curve *curve)
+ struct ecc_point *pub, const struct ecc_curve *curve)
{
- ecc_point_init(pub, curve);
- if (ecc_point_set(pub, pk_params->params[ECC_X], pk_params->params[ECC_Y]) == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ ecc_point_init(pub, curve);
+ if (ecc_point_set
+ (pub, pk_params->params[ECC_X], pk_params->params[ECC_Y]) == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return 0;
+ return 0;
}
static void
-ecc_shared_secret (struct ecc_scalar * private_key,
- struct ecc_point * public_key,
- void *out, unsigned size)
+ecc_shared_secret(struct ecc_scalar *private_key,
+ struct ecc_point *public_key, void *out, unsigned size)
{
-struct ecc_point r;
-mpz_t x;
+ struct ecc_point r;
+ mpz_t x;
+
+ mpz_init(x);
+ ecc_point_init(&r, public_key->ecc);
+
+ ecc_point_mul(&r, private_key, public_key);
- mpz_init(x);
- ecc_point_init(&r, public_key->ecc);
+ ecc_point_get(&r, x, NULL);
+ nettle_mpz_get_str_256(size, out, x);
- ecc_point_mul(&r, private_key, public_key);
-
- ecc_point_get(&r, x, NULL);
- nettle_mpz_get_str_256(size, out, x);
+ mpz_clear(x);
+ ecc_point_clear(&r);
- mpz_clear(x);
- ecc_point_clear(&r);
-
- return;
+ return;
}
-static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * out,
- const gnutls_pk_params_st * priv,
- const gnutls_pk_params_st * pub)
+static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * out,
+ const gnutls_pk_params_st * priv,
+ const gnutls_pk_params_st * pub)
{
- int ret;
-
- switch (algo)
- {
- case GNUTLS_PK_EC:
- {
- struct ecc_scalar ecc_priv;
- struct ecc_point ecc_pub;
- const struct ecc_curve * curve;
-
- out->data = NULL;
-
- curve = get_supported_curve(priv->flags);
- if (curve == NULL)
- return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
-
- ret = _ecc_params_to_pubkey(pub, &ecc_pub, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _ecc_params_to_privkey(priv, &ecc_priv, curve);
- if (ret < 0)
- {
- ecc_point_clear(&ecc_pub);
- return gnutls_assert_val(ret);
- }
-
- out->size = gnutls_ecc_curve_get_size(priv->flags);
- /*ecc_size(curve)*sizeof(mp_limb_t);*/
- out->data = gnutls_malloc(out->size);
- if (out->data == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto ecc_cleanup;
- }
-
- ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, out->size);
-
-ecc_cleanup:
- ecc_point_clear(&ecc_pub);
- ecc_scalar_clear(&ecc_priv);
- if (ret < 0) goto cleanup;
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- return ret;
+ int ret;
+
+ switch (algo) {
+ case GNUTLS_PK_EC:
+ {
+ struct ecc_scalar ecc_priv;
+ struct ecc_point ecc_pub;
+ const struct ecc_curve *curve;
+
+ out->data = NULL;
+
+ curve = get_supported_curve(priv->flags);
+ if (curve == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+ ret = _ecc_params_to_pubkey(pub, &ecc_pub, curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _ecc_params_to_privkey(priv, &ecc_priv, curve);
+ if (ret < 0) {
+ ecc_point_clear(&ecc_pub);
+ return gnutls_assert_val(ret);
+ }
+
+ out->size = gnutls_ecc_curve_get_size(priv->flags);
+ /*ecc_size(curve)*sizeof(mp_limb_t); */
+ out->data = gnutls_malloc(out->size);
+ if (out->data == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+ goto ecc_cleanup;
+ }
+
+ ecc_shared_secret(&ecc_priv, &ecc_pub, out->data,
+ out->size);
+
+ ecc_cleanup:
+ ecc_point_clear(&ecc_pub);
+ ecc_scalar_clear(&ecc_priv);
+ if (ret < 0)
+ goto cleanup;
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ return ret;
}
static int
-_wrap_nettle_pk_encrypt (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pk_params)
{
- int ret;
- mpz_t p;
-
- mpz_init(p);
-
- switch (algo)
- {
- case GNUTLS_PK_RSA:
- {
- struct rsa_public_key pub;
-
- _rsa_params_to_pubkey (pk_params, &pub);
-
- ret = rsa_encrypt(&pub, NULL, rnd_func, plaintext->size, plaintext->data, p);
- if (ret == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint_size (p, ciphertext, pub.size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- mpz_clear(p);
- return ret;
+ int ret;
+ mpz_t p;
+
+ mpz_init(p);
+
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_public_key pub;
+
+ _rsa_params_to_pubkey(pk_params, &pub);
+
+ ret =
+ rsa_encrypt(&pub, NULL, rnd_func,
+ plaintext->size, plaintext->data,
+ p);
+ if (ret == 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ENCRYPTION_FAILED);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_mpi_dprint_size(p, ciphertext,
+ pub.size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ mpz_clear(p);
+ return ret;
}
static int
-_wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * pk_params)
{
- int ret;
-
- plaintext->data = NULL;
-
- /* make a sexp from pkey */
- switch (algo)
- {
- case GNUTLS_PK_RSA:
- {
- struct rsa_private_key priv;
- struct rsa_public_key pub;
- unsigned length;
- bigint_t c;
-
- _rsa_params_to_privkey (pk_params, &priv);
- _rsa_params_to_pubkey (pk_params, &pub);
-
- if (ciphertext->size != pub.size)
- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
-
- if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
- goto cleanup;
- }
-
- length = pub.size;
- plaintext->data = gnutls_malloc(length);
- if (plaintext->data == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- ret = rsa_decrypt_tr(&pub, &priv, NULL, rnd_func, &length, plaintext->data,
- TOMPZ(c));
- _gnutls_mpi_release (&c);
- plaintext->size = length;
-
- if (ret == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
- goto cleanup;
- }
-
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- if (ret < 0)
- gnutls_free(plaintext->data);
-
- return ret;
+ int ret;
+
+ plaintext->data = NULL;
+
+ /* make a sexp from pkey */
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_private_key priv;
+ struct rsa_public_key pub;
+ unsigned length;
+ bigint_t c;
+
+ _rsa_params_to_privkey(pk_params, &priv);
+ _rsa_params_to_pubkey(pk_params, &pub);
+
+ if (ciphertext->size != pub.size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_DECRYPTION_FAILED);
+
+ if (_gnutls_mpi_scan_nz
+ (&c, ciphertext->data,
+ ciphertext->size) != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MPI_SCAN_FAILED);
+ goto cleanup;
+ }
+
+ length = pub.size;
+ plaintext->data = gnutls_malloc(length);
+ if (plaintext->data == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+ goto cleanup;
+ }
+
+ ret =
+ rsa_decrypt_tr(&pub, &priv, NULL, rnd_func,
+ &length, plaintext->data,
+ TOMPZ(c));
+ _gnutls_mpi_release(&c);
+ plaintext->size = length;
+
+ if (ret == 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_DECRYPTION_FAILED);
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ if (ret < 0)
+ gnutls_free(plaintext->data);
+
+ return ret;
}
/* in case of DSA puts into data, r,s
*/
static int
-_wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * signature,
- const gnutls_datum_t * vdata,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * signature,
+ const gnutls_datum_t * vdata,
+ const gnutls_pk_params_st * pk_params)
{
- int ret;
- unsigned int hash_len;
- const mac_entry_st* me;
-
- switch (algo)
- {
- case GNUTLS_PK_EC: /* we do ECDSA */
- {
- struct ecc_scalar priv;
- struct dsa_signature sig;
- int curve_id = pk_params->flags;
- const struct ecc_curve * curve;
-
- curve = get_supported_curve(curve_id);
- if (curve == NULL)
- return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
-
- ret = _ecc_params_to_privkey(pk_params, &priv, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- dsa_signature_init (&sig);
-
- me = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
-
- if (hash_len > vdata->size)
- {
- gnutls_assert ();
- _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", _gnutls_mac_get_name(me), hash_len);
- hash_len = vdata->size;
- }
-
- ecdsa_sign(&priv, NULL, rnd_func, hash_len, vdata->data, &sig);
-
- ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s);
-
- dsa_signature_clear (&sig);
- ecc_scalar_clear( &priv);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
- }
- case GNUTLS_PK_DSA:
- {
- struct dsa_public_key pub;
- struct dsa_private_key priv;
- struct dsa_signature sig;
-
- memset(&priv, 0, sizeof(priv));
- memset(&pub, 0, sizeof(pub));
- _dsa_params_to_pubkey (pk_params, &pub);
- _dsa_params_to_privkey (pk_params, &priv);
-
- dsa_signature_init (&sig);
-
- me = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
-
- if (hash_len > vdata->size)
- {
- gnutls_assert ();
- _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", _gnutls_mac_get_name(me), hash_len);
- hash_len = vdata->size;
- }
-
- ret =
- _dsa_sign (&pub, &priv, NULL, rnd_func,
- hash_len, vdata->data, &sig);
- if (ret == 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto dsa_fail;
- }
-
- ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s);
-
- dsa_fail:
- dsa_signature_clear (&sig);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
- }
- case GNUTLS_PK_RSA:
- {
- struct rsa_private_key priv;
- struct rsa_public_key pub;
- mpz_t s;
-
- _rsa_params_to_privkey (pk_params, &priv);
- _rsa_params_to_pubkey (pk_params, &pub);
-
- mpz_init(s);
-
- ret = rsa_pkcs1_sign_tr(&pub, &priv, NULL, rnd_func,
- vdata->size, vdata->data, s);
- if (ret == 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto rsa_fail;
- }
-
- ret = _gnutls_mpi_dprint_size (s, signature, pub.size);
-
-rsa_fail:
- mpz_clear(s);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- return ret;
+ int ret;
+ unsigned int hash_len;
+ const mac_entry_st *me;
+
+ switch (algo) {
+ case GNUTLS_PK_EC: /* we do ECDSA */
+ {
+ struct ecc_scalar priv;
+ struct dsa_signature sig;
+ int curve_id = pk_params->flags;
+ const struct ecc_curve *curve;
+
+ curve = get_supported_curve(curve_id);
+ if (curve == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+ ret =
+ _ecc_params_to_privkey(pk_params, &priv,
+ curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ dsa_signature_init(&sig);
+
+ me = _gnutls_dsa_q_to_hash(algo, pk_params,
+ &hash_len);
+
+ if (hash_len > vdata->size) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Security level of algorithm requires hash %s(%d) or better\n",
+ _gnutls_mac_get_name(me), hash_len);
+ hash_len = vdata->size;
+ }
+
+ ecdsa_sign(&priv, NULL, rnd_func, hash_len,
+ vdata->data, &sig);
+
+ ret =
+ _gnutls_encode_ber_rs(signature, &sig.r,
+ &sig.s);
+
+ dsa_signature_clear(&sig);
+ ecc_scalar_clear(&priv);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+ struct dsa_signature sig;
+
+ memset(&priv, 0, sizeof(priv));
+ memset(&pub, 0, sizeof(pub));
+ _dsa_params_to_pubkey(pk_params, &pub);
+ _dsa_params_to_privkey(pk_params, &priv);
+
+ dsa_signature_init(&sig);
+
+ me = _gnutls_dsa_q_to_hash(algo, pk_params,
+ &hash_len);
+
+ if (hash_len > vdata->size) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Security level of algorithm requires hash %s(%d) or better\n",
+ _gnutls_mac_get_name(me), hash_len);
+ hash_len = vdata->size;
+ }
+
+ ret =
+ _dsa_sign(&pub, &priv, NULL, rnd_func,
+ hash_len, vdata->data, &sig);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto dsa_fail;
+ }
+
+ ret =
+ _gnutls_encode_ber_rs(signature, &sig.r,
+ &sig.s);
+
+ dsa_fail:
+ dsa_signature_clear(&sig);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_private_key priv;
+ struct rsa_public_key pub;
+ mpz_t s;
+
+ _rsa_params_to_privkey(pk_params, &priv);
+ _rsa_params_to_pubkey(pk_params, &pub);
+
+ mpz_init(s);
+
+ ret =
+ rsa_pkcs1_sign_tr(&pub, &priv, NULL, rnd_func,
+ vdata->size, vdata->data, s);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto rsa_fail;
+ }
+
+ ret =
+ _gnutls_mpi_dprint_size(s, signature,
+ pub.size);
+
+ rsa_fail:
+ mpz_clear(s);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ return ret;
}
static int
-_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
- const gnutls_datum_t * vdata,
- const gnutls_datum_t * signature,
- const gnutls_pk_params_st * pk_params)
+_wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
+ const gnutls_datum_t * vdata,
+ const gnutls_datum_t * signature,
+ const gnutls_pk_params_st * pk_params)
{
- int ret;
- unsigned int hash_len;
- bigint_t tmp[2] = { NULL, NULL };
-
- switch (algo)
- {
- case GNUTLS_PK_EC: /* ECDSA */
- {
- struct ecc_point pub;
- struct dsa_signature sig;
- int curve_id = pk_params->flags;
- const struct ecc_curve * curve;
-
- curve = get_supported_curve(curve_id);
- if (curve == NULL)
- return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
-
- ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _ecc_params_to_pubkey(pk_params, &pub, curve);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- memcpy (&sig.r, tmp[0], sizeof (sig.r));
- memcpy (&sig.s, tmp[1], sizeof (sig.s));
-
- _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
-
- if (hash_len > vdata->size)
- hash_len = vdata->size;
-
- ret = ecdsa_verify(&pub, hash_len, vdata->data, &sig);
- if (ret == 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
- else
- ret = 0;
-
- ecc_point_clear( &pub);
- break;
- }
- case GNUTLS_PK_DSA:
- {
- struct dsa_public_key pub;
- struct dsa_signature sig;
-
- ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- memset(&pub, 0, sizeof(pub));
- _dsa_params_to_pubkey (pk_params, &pub);
- memcpy (&sig.r, tmp[0], sizeof (sig.r));
- memcpy (&sig.s, tmp[1], sizeof (sig.s));
-
- _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
-
- if (hash_len > vdata->size)
- hash_len = vdata->size;
-
- ret = _dsa_verify (&pub, hash_len, vdata->data, &sig);
- if (ret == 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
- else
- ret = 0;
-
- break;
- }
- case GNUTLS_PK_RSA:
- {
- struct rsa_public_key pub;
-
- _rsa_params_to_pubkey (pk_params, &pub);
-
- if (signature->size != pub.size)
- return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
-
- ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = rsa_pkcs1_verify (&pub, vdata->size, vdata->data, TOMPZ(tmp[0]));
- if (ret == 0)
- ret = gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
- else ret = 0;
-
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
-cleanup:
-
- _gnutls_mpi_release (&tmp[0]);
- _gnutls_mpi_release (&tmp[1]);
- return ret;
+ int ret;
+ unsigned int hash_len;
+ bigint_t tmp[2] = { NULL, NULL };
+
+ switch (algo) {
+ case GNUTLS_PK_EC: /* ECDSA */
+ {
+ struct ecc_point pub;
+ struct dsa_signature sig;
+ int curve_id = pk_params->flags;
+ const struct ecc_curve *curve;
+
+ curve = get_supported_curve(curve_id);
+ if (curve == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+ ret =
+ _gnutls_decode_ber_rs(signature, &tmp[0],
+ &tmp[1]);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _ecc_params_to_pubkey(pk_params, &pub, curve);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ memcpy(&sig.r, tmp[0], sizeof(sig.r));
+ memcpy(&sig.s, tmp[1], sizeof(sig.s));
+
+ _gnutls_dsa_q_to_hash(algo, pk_params, &hash_len);
+
+ if (hash_len > vdata->size)
+ hash_len = vdata->size;
+
+ ret =
+ ecdsa_verify(&pub, hash_len, vdata->data,
+ &sig);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ } else
+ ret = 0;
+
+ ecc_point_clear(&pub);
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_signature sig;
+
+ ret =
+ _gnutls_decode_ber_rs(signature, &tmp[0],
+ &tmp[1]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ memset(&pub, 0, sizeof(pub));
+ _dsa_params_to_pubkey(pk_params, &pub);
+ memcpy(&sig.r, tmp[0], sizeof(sig.r));
+ memcpy(&sig.s, tmp[1], sizeof(sig.s));
+
+ _gnutls_dsa_q_to_hash(algo, pk_params, &hash_len);
+
+ if (hash_len > vdata->size)
+ hash_len = vdata->size;
+
+ ret =
+ _dsa_verify(&pub, hash_len, vdata->data, &sig);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ } else
+ ret = 0;
+
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_public_key pub;
+
+ _rsa_params_to_pubkey(pk_params, &pub);
+
+ if (signature->size != pub.size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_PK_SIG_VERIFY_FAILED);
+
+ ret =
+ _gnutls_mpi_scan_nz(&tmp[0], signature->data,
+ signature->size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ rsa_pkcs1_verify(&pub, vdata->size,
+ vdata->data, TOMPZ(tmp[0]));
+ if (ret == 0)
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_PK_SIG_VERIFY_FAILED);
+ else
+ ret = 0;
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ cleanup:
+
+ _gnutls_mpi_release(&tmp[0]);
+ _gnutls_mpi_release(&tmp[1]);
+ return ret;
}
static inline const struct ecc_curve *get_supported_curve(int curve)
{
- switch(curve)
- {
- case GNUTLS_ECC_CURVE_SECP192R1:
- return &nettle_secp_192r1;
- case GNUTLS_ECC_CURVE_SECP224R1:
- return &nettle_secp_224r1;
- case GNUTLS_ECC_CURVE_SECP256R1:
- return &nettle_secp_256r1;
- case GNUTLS_ECC_CURVE_SECP384R1:
- return &nettle_secp_384r1;
- case GNUTLS_ECC_CURVE_SECP521R1:
- return &nettle_secp_521r1;
- default:
- return NULL;
- }
+ switch (curve) {
+ case GNUTLS_ECC_CURVE_SECP192R1:
+ return &nettle_secp_192r1;
+ case GNUTLS_ECC_CURVE_SECP224R1:
+ return &nettle_secp_224r1;
+ case GNUTLS_ECC_CURVE_SECP256R1:
+ return &nettle_secp_256r1;
+ case GNUTLS_ECC_CURVE_SECP384R1:
+ return &nettle_secp_384r1;
+ case GNUTLS_ECC_CURVE_SECP521R1:
+ return &nettle_secp_521r1;
+ default:
+ return NULL;
+ }
}
static int
-wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo,
- unsigned int level /*bits */ ,
- gnutls_pk_params_st * params)
+wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
+ unsigned int level /*bits */ ,
+ gnutls_pk_params_st * params)
{
- int ret;
- unsigned int i, q_bits;
-
- memset(params, 0, sizeof(*params));
-
- switch (algo)
- {
-
- case GNUTLS_PK_DSA:
- {
- struct dsa_public_key pub;
- struct dsa_private_key priv;
-
- dsa_public_key_init (&pub);
- dsa_private_key_init (&priv);
-
- /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
- * but we do NIST DSA here */
- if (level <= 1024)
- q_bits = 160;
- else
- q_bits = 256;
-
- ret =
- dsa_generate_keypair (&pub, &priv, NULL,
- rnd_func, NULL, NULL, level, q_bits);
- if (ret != 1)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto dsa_fail;
- }
-
- params->params_nr = 0;
- for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
- {
- params->params[i] = _gnutls_mpi_alloc_like (&pub.p);
- if (params->params[i] == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- goto dsa_fail;
- }
- params->params_nr++;
- }
-
- ret = 0;
- _gnutls_mpi_set (params->params[0], pub.p);
- _gnutls_mpi_set (params->params[1], pub.q);
- _gnutls_mpi_set (params->params[2], pub.g);
- _gnutls_mpi_set (params->params[3], pub.y);
- _gnutls_mpi_set (params->params[4], priv.x);
-
-dsa_fail:
- dsa_private_key_clear (&priv);
- dsa_public_key_clear (&pub);
-
- if (ret < 0)
- goto fail;
-
- break;
- }
- case GNUTLS_PK_RSA:
- {
- struct rsa_public_key pub;
- struct rsa_private_key priv;
-
- rsa_public_key_init (&pub);
- rsa_private_key_init (&priv);
-
- _gnutls_mpi_set_ui (&pub.e, 65537);
-
- ret =
- rsa_generate_keypair (&pub, &priv, NULL,
- rnd_func, NULL, NULL, level, 0);
- if (ret != 1)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto rsa_fail;
- }
-
- params->params_nr = 0;
- for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
- {
- params->params[i] = _gnutls_mpi_alloc_like (&pub.n);
- if (params->params[i] == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- goto rsa_fail;
- }
- params->params_nr++;
-
- }
-
- ret = 0;
-
- _gnutls_mpi_set (params->params[0], pub.n);
- _gnutls_mpi_set (params->params[1], pub.e);
- _gnutls_mpi_set (params->params[2], priv.d);
- _gnutls_mpi_set (params->params[3], priv.p);
- _gnutls_mpi_set (params->params[4], priv.q);
- _gnutls_mpi_set (params->params[5], priv.c);
- _gnutls_mpi_set (params->params[6], priv.a);
- _gnutls_mpi_set (params->params[7], priv.b);
-
-rsa_fail:
- rsa_private_key_clear (&priv);
- rsa_public_key_clear (&pub);
-
- if (ret < 0)
- goto fail;
-
- break;
- }
- case GNUTLS_PK_EC:
- {
- struct ecc_scalar key;
- struct ecc_point pub;
- const struct ecc_curve* curve;
-
- curve = get_supported_curve(level);
- if (curve == NULL)
- return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
-
- ecc_scalar_init(&key, curve);
- ecc_point_init(&pub, curve);
-
- ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
-
- params->params[ECC_X] = _gnutls_mpi_new (0);
- params->params[ECC_Y] = _gnutls_mpi_new (0);
- params->params[ECC_K] = _gnutls_mpi_new (0);
-
- if (params->params[ECC_X] == NULL || params->params[ECC_Y] == NULL ||
- params->params[ECC_K] == NULL)
- {
- _gnutls_mpi_release(&params->params[ECC_X]);
- _gnutls_mpi_release(&params->params[ECC_Y]);
- _gnutls_mpi_release(&params->params[ECC_K]);
- goto ecc_cleanup;
- }
-
- params->flags = level;
- params->params_nr = ECC_PRIVATE_PARAMS;
-
- ecc_point_get(&pub, TOMPZ(params->params[ECC_X]), TOMPZ(params->params[ECC_Y]));
- ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
-
-ecc_cleanup:
- ecc_point_clear(&pub);
- ecc_scalar_clear(&key);
-
- break;
- }
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
-
-fail:
-
- for (i = 0; i < params->params_nr; i++)
- {
- _gnutls_mpi_release (&params->params[i]);
- }
- params->params_nr = 0;
-
- return ret;
+ int ret;
+ unsigned int i, q_bits;
+
+ memset(params, 0, sizeof(*params));
+
+ switch (algo) {
+
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+
+ dsa_public_key_init(&pub);
+ dsa_private_key_init(&priv);
+
+ /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
+ * but we do NIST DSA here */
+ if (level <= 1024)
+ q_bits = 160;
+ else
+ q_bits = 256;
+
+ ret =
+ dsa_generate_keypair(&pub, &priv, NULL,
+ rnd_func, NULL, NULL,
+ level, q_bits);
+ if (ret != 1) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto dsa_fail;
+ }
+
+ params->params_nr = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
+ params->params[i] =
+ _gnutls_mpi_alloc_like(&pub.p);
+ if (params->params[i] == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto dsa_fail;
+ }
+ params->params_nr++;
+ }
+
+ ret = 0;
+ _gnutls_mpi_set(params->params[0], pub.p);
+ _gnutls_mpi_set(params->params[1], pub.q);
+ _gnutls_mpi_set(params->params[2], pub.g);
+ _gnutls_mpi_set(params->params[3], pub.y);
+ _gnutls_mpi_set(params->params[4], priv.x);
+
+ dsa_fail:
+ dsa_private_key_clear(&priv);
+ dsa_public_key_clear(&pub);
+
+ if (ret < 0)
+ goto fail;
+
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_public_key pub;
+ struct rsa_private_key priv;
+
+ rsa_public_key_init(&pub);
+ rsa_private_key_init(&priv);
+
+ _gnutls_mpi_set_ui(&pub.e, 65537);
+
+ ret =
+ rsa_generate_keypair(&pub, &priv, NULL,
+ rnd_func, NULL, NULL,
+ level, 0);
+ if (ret != 1) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto rsa_fail;
+ }
+
+ params->params_nr = 0;
+ for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
+ params->params[i] =
+ _gnutls_mpi_alloc_like(&pub.n);
+ if (params->params[i] == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto rsa_fail;
+ }
+ params->params_nr++;
+
+ }
+
+ ret = 0;
+
+ _gnutls_mpi_set(params->params[0], pub.n);
+ _gnutls_mpi_set(params->params[1], pub.e);
+ _gnutls_mpi_set(params->params[2], priv.d);
+ _gnutls_mpi_set(params->params[3], priv.p);
+ _gnutls_mpi_set(params->params[4], priv.q);
+ _gnutls_mpi_set(params->params[5], priv.c);
+ _gnutls_mpi_set(params->params[6], priv.a);
+ _gnutls_mpi_set(params->params[7], priv.b);
+
+ rsa_fail:
+ rsa_private_key_clear(&priv);
+ rsa_public_key_clear(&pub);
+
+ if (ret < 0)
+ goto fail;
+
+ break;
+ }
+ case GNUTLS_PK_EC:
+ {
+ struct ecc_scalar key;
+ struct ecc_point pub;
+ const struct ecc_curve *curve;
+
+ curve = get_supported_curve(level);
+ if (curve == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+ ecc_scalar_init(&key, curve);
+ ecc_point_init(&pub, curve);
+
+ ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
+
+ params->params[ECC_X] = _gnutls_mpi_new(0);
+ params->params[ECC_Y] = _gnutls_mpi_new(0);
+ params->params[ECC_K] = _gnutls_mpi_new(0);
+
+ if (params->params[ECC_X] == NULL
+ || params->params[ECC_Y] == NULL
+ || params->params[ECC_K] == NULL) {
+ _gnutls_mpi_release(&params->
+ params[ECC_X]);
+ _gnutls_mpi_release(&params->
+ params[ECC_Y]);
+ _gnutls_mpi_release(&params->
+ params[ECC_K]);
+ goto ecc_cleanup;
+ }
+
+ params->flags = level;
+ params->params_nr = ECC_PRIVATE_PARAMS;
+
+ ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
+ TOMPZ(params->params[ECC_Y]));
+ ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
+
+ ecc_cleanup:
+ ecc_point_clear(&pub);
+ ecc_scalar_clear(&key);
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+
+ fail:
+
+ for (i = 0; i < params->params_nr; i++) {
+ _gnutls_mpi_release(&params->params[i]);
+ }
+ params->params_nr = 0;
+
+ return ret;
}
static int
-wrap_nettle_pk_verify_params (gnutls_pk_algorithm_t algo,
- const gnutls_pk_params_st * params)
+wrap_nettle_pk_verify_params(gnutls_pk_algorithm_t algo,
+ const gnutls_pk_params_st * params)
{
- int ret;
-
- switch (algo)
- {
- case GNUTLS_PK_RSA:
- {
- bigint_t t1 = NULL, t2 = NULL;
-
- if (params->params_nr != RSA_PRIVATE_PARAMS)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- t1 = _gnutls_mpi_new (256);
- if (t1 == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_mpi_mulm (t1, params->params[RSA_PRIME1], params->params[RSA_PRIME2], params->params[RSA_MODULUS]);
- if (_gnutls_mpi_cmp_ui(t1, 0) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto rsa_cleanup;
- }
-
- mpz_invert (TOMPZ(t1), TOMPZ (params->params[RSA_PRIME2]), TOMPZ (params->params[RSA_PRIME1]));
- if (_gnutls_mpi_cmp(t1, params->params[RSA_COEF]) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto rsa_cleanup;
- }
-
- /* [RSA_PRIME1] = d % p-1, [RSA_PRIME2] = d % q-1 */
- _gnutls_mpi_sub_ui (t1, params->params[RSA_PRIME1], 1);
- t2 = _gnutls_mpi_mod (params->params[RSA_PRIV], t1);
- if (t2 == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto rsa_cleanup;
- }
-
- if (_gnutls_mpi_cmp(params->params[RSA_E1], t2) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto rsa_cleanup;
- }
-
- _gnutls_mpi_sub_ui (t1, params->params[RSA_PRIME2], 1);
- _gnutls_mpi_release(&t2);
-
- t2 = _gnutls_mpi_mod (params->params[RSA_PRIV], t1);
- if (t2 == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto rsa_cleanup;
- }
-
- if (_gnutls_mpi_cmp(params->params[RSA_E2], t2) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto rsa_cleanup;
- }
-
- ret = 0;
-
-rsa_cleanup:
- _gnutls_mpi_release(&t1);
- _gnutls_mpi_release(&t2);
- }
-
- break;
- case GNUTLS_PK_DSA:
- {
- bigint_t t1 = NULL;
-
- if (params->params_nr != DSA_PRIVATE_PARAMS)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- t1 = _gnutls_mpi_new (256);
- if (t1 == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_mpi_powm (t1, params->params[DSA_G], params->params[DSA_X], params->params[DSA_P]);
-
- if (_gnutls_mpi_cmp(t1, params->params[DSA_Y]) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto dsa_cleanup;
- }
-
- ret = 0;
-
-dsa_cleanup:
- _gnutls_mpi_release(&t1);
- }
-
- break;
- case GNUTLS_PK_EC:
- {
- struct ecc_point r, pub;
- struct ecc_scalar priv;
- mpz_t x1, y1, x2, y2;
- const struct ecc_curve * curve;
-
- if (params->params_nr != ECC_PRIVATE_PARAMS)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- curve = get_supported_curve(params->flags);
- if (curve == NULL)
- return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
-
- ret = _ecc_params_to_pubkey(params, &pub, curve);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _ecc_params_to_privkey(params, &priv, curve);
- if (ret < 0)
- {
- ecc_point_clear(&pub);
- return gnutls_assert_val(ret);
- }
-
- ecc_point_init(&r, curve);
- /* verify that x,y lie on the curve */
- ret = ecc_point_set(&r, TOMPZ(params->params[ECC_X]), TOMPZ(params->params[ECC_Y]));
- if (ret == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto ecc_cleanup;
- }
- ecc_point_clear(&r);
-
- ecc_point_init(&r, curve);
- ecc_point_mul_g(&r, &priv);
-
- mpz_init(x1);
- mpz_init(y1);
- ecc_point_get(&r, x1, y1);
- ecc_point_clear(&r);
-
- mpz_init(x2);
- mpz_init(y2);
- ecc_point_get(&pub, x2, y2);
-
- /* verify that k*(Gx,Gy)=(x,y) */
- if (mpz_cmp(x1, x2) != 0 || mpz_cmp(y1, y2) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- goto ecc_cleanup;
- }
-
- ret = 0;
-
-ecc_cleanup:
- ecc_scalar_clear(&priv);
- ecc_point_clear(&pub);
- }
- break;
- default:
- ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- }
-
- return ret;
+ int ret;
+
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ {
+ bigint_t t1 = NULL, t2 = NULL;
+
+ if (params->params_nr != RSA_PRIVATE_PARAMS)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+
+ t1 = _gnutls_mpi_new(256);
+ if (t1 == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_mpi_mulm(t1, params->params[RSA_PRIME1],
+ params->params[RSA_PRIME2],
+ params->params[RSA_MODULUS]);
+ if (_gnutls_mpi_cmp_ui(t1, 0) != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto rsa_cleanup;
+ }
+
+ mpz_invert(TOMPZ(t1),
+ TOMPZ(params->params[RSA_PRIME2]),
+ TOMPZ(params->params[RSA_PRIME1]));
+ if (_gnutls_mpi_cmp(t1, params->params[RSA_COEF])
+ != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto rsa_cleanup;
+ }
+
+ /* [RSA_PRIME1] = d % p-1, [RSA_PRIME2] = d % q-1 */
+ _gnutls_mpi_sub_ui(t1, params->params[RSA_PRIME1],
+ 1);
+ t2 = _gnutls_mpi_mod(params->params[RSA_PRIV], t1);
+ if (t2 == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+ goto rsa_cleanup;
+ }
+
+ if (_gnutls_mpi_cmp(params->params[RSA_E1], t2) !=
+ 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto rsa_cleanup;
+ }
+
+ _gnutls_mpi_sub_ui(t1, params->params[RSA_PRIME2],
+ 1);
+ _gnutls_mpi_release(&t2);
+
+ t2 = _gnutls_mpi_mod(params->params[RSA_PRIV], t1);
+ if (t2 == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+ goto rsa_cleanup;
+ }
+
+ if (_gnutls_mpi_cmp(params->params[RSA_E2], t2) !=
+ 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto rsa_cleanup;
+ }
+
+ ret = 0;
+
+ rsa_cleanup:
+ _gnutls_mpi_release(&t1);
+ _gnutls_mpi_release(&t2);
+ }
+
+ break;
+ case GNUTLS_PK_DSA:
+ {
+ bigint_t t1 = NULL;
+
+ if (params->params_nr != DSA_PRIVATE_PARAMS)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+
+ t1 = _gnutls_mpi_new(256);
+ if (t1 == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_mpi_powm(t1, params->params[DSA_G],
+ params->params[DSA_X],
+ params->params[DSA_P]);
+
+ if (_gnutls_mpi_cmp(t1, params->params[DSA_Y]) !=
+ 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto dsa_cleanup;
+ }
+
+ ret = 0;
+
+ dsa_cleanup:
+ _gnutls_mpi_release(&t1);
+ }
+
+ break;
+ case GNUTLS_PK_EC:
+ {
+ struct ecc_point r, pub;
+ struct ecc_scalar priv;
+ mpz_t x1, y1, x2, y2;
+ const struct ecc_curve *curve;
+
+ if (params->params_nr != ECC_PRIVATE_PARAMS)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+
+ curve = get_supported_curve(params->flags);
+ if (curve == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+ ret = _ecc_params_to_pubkey(params, &pub, curve);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _ecc_params_to_privkey(params, &priv, curve);
+ if (ret < 0) {
+ ecc_point_clear(&pub);
+ return gnutls_assert_val(ret);
+ }
+
+ ecc_point_init(&r, curve);
+ /* verify that x,y lie on the curve */
+ ret =
+ ecc_point_set(&r, TOMPZ(params->params[ECC_X]),
+ TOMPZ(params->params[ECC_Y]));
+ if (ret == 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto ecc_cleanup;
+ }
+ ecc_point_clear(&r);
+
+ ecc_point_init(&r, curve);
+ ecc_point_mul_g(&r, &priv);
+
+ mpz_init(x1);
+ mpz_init(y1);
+ ecc_point_get(&r, x1, y1);
+ ecc_point_clear(&r);
+
+ mpz_init(x2);
+ mpz_init(y2);
+ ecc_point_get(&pub, x2, y2);
+
+ /* verify that k*(Gx,Gy)=(x,y) */
+ if (mpz_cmp(x1, x2) != 0 || mpz_cmp(y1, y2) != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_ILLEGAL_PARAMETER);
+ goto ecc_cleanup;
+ }
+
+ ret = 0;
+
+ ecc_cleanup:
+ ecc_scalar_clear(&priv);
+ ecc_point_clear(&pub);
+ }
+ break;
+ default:
+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ return ret;
}
-static int calc_rsa_exp (gnutls_pk_params_st* params)
+static int calc_rsa_exp(gnutls_pk_params_st * params)
{
- bigint_t tmp = _gnutls_mpi_alloc_like (params->params[0]);
+ bigint_t tmp = _gnutls_mpi_alloc_like(params->params[0]);
- if (params->params_nr < RSA_PRIVATE_PARAMS - 2)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (params->params_nr < RSA_PRIVATE_PARAMS - 2) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (tmp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (tmp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- /* [6] = d % p-1, [7] = d % q-1 */
- _gnutls_mpi_sub_ui (tmp, params->params[3], 1);
- params->params[6] = _gnutls_mpi_mod (params->params[2] /*d */ , tmp);
+ /* [6] = d % p-1, [7] = d % q-1 */
+ _gnutls_mpi_sub_ui(tmp, params->params[3], 1);
+ params->params[6] =
+ _gnutls_mpi_mod(params->params[2] /*d */ , tmp);
- _gnutls_mpi_sub_ui (tmp, params->params[4], 1);
- params->params[7] = _gnutls_mpi_mod (params->params[2] /*d */ , tmp);
+ _gnutls_mpi_sub_ui(tmp, params->params[4], 1);
+ params->params[7] =
+ _gnutls_mpi_mod(params->params[2] /*d */ , tmp);
- _gnutls_mpi_release (&tmp);
+ _gnutls_mpi_release(&tmp);
- if (params->params[7] == NULL || params->params[6] == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (params->params[7] == NULL || params->params[6] == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
static int
-wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo,
- gnutls_direction_t direction,
- gnutls_pk_params_st * params)
+wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
+ gnutls_direction_t direction,
+ gnutls_pk_params_st * params)
{
- int result;
-
- if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA)
- {
- /* do not trust the generated values. Some old private keys
- * generated by us have mess on the values. Those were very
- * old but it seemed some of the shipped example private
- * keys were as old.
- */
- mpz_invert (TOMPZ (params->params[RSA_COEF]),
- TOMPZ (params->params[RSA_PRIME2]), TOMPZ (params->params[RSA_PRIME1]));
-
- /* calculate exp1 [6] and exp2 [7] */
- _gnutls_mpi_release (&params->params[RSA_E1]);
- _gnutls_mpi_release (&params->params[RSA_E2]);
-
- result = calc_rsa_exp (params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- params->params_nr = RSA_PRIVATE_PARAMS;
- }
-
- return 0;
+ int result;
+
+ if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA) {
+ /* do not trust the generated values. Some old private keys
+ * generated by us have mess on the values. Those were very
+ * old but it seemed some of the shipped example private
+ * keys were as old.
+ */
+ mpz_invert(TOMPZ(params->params[RSA_COEF]),
+ TOMPZ(params->params[RSA_PRIME2]),
+ TOMPZ(params->params[RSA_PRIME1]));
+
+ /* calculate exp1 [6] and exp2 [7] */
+ _gnutls_mpi_release(&params->params[RSA_E1]);
+ _gnutls_mpi_release(&params->params[RSA_E2]);
+
+ result = calc_rsa_exp(params);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ params->params_nr = RSA_PRIVATE_PARAMS;
+ }
+
+ return 0;
}
static int
extract_digest_info(const struct rsa_public_key *key,
- gnutls_datum_t *di, uint8_t** rdi,
- const mpz_t signature)
+ gnutls_datum_t * di, uint8_t ** rdi,
+ const mpz_t signature)
{
- unsigned i;
- int ret;
- mpz_t m;
- uint8_t *em;
-
- if (key->size == 0)
- return 0;
-
- em = gnutls_malloc(key->size);
- if (em == NULL)
- return 0;
-
- mpz_init (m);
-
- mpz_powm(m, signature, key->e, key->n);
-
- nettle_mpz_get_str_256(key->size, em, m);
- mpz_clear(m);
-
- if (em[0] != 0 || em[1] != 1)
- {
- ret = 0;
- goto cleanup;
- }
-
- for (i = 2; i < key->size; i++)
- {
- if (em[i] == 0 && i > 2)
- break;
-
- if (em[i] != 0xff)
- {
- ret = 0;
- goto cleanup;
- }
- }
-
- i++;
-
- *rdi = em;
-
- di->data = &em[i];
- di->size = key->size - i;
-
- return 1;
-
-cleanup:
- gnutls_free(em);
-
- return ret;
+ unsigned i;
+ int ret;
+ mpz_t m;
+ uint8_t *em;
+
+ if (key->size == 0)
+ return 0;
+
+ em = gnutls_malloc(key->size);
+ if (em == NULL)
+ return 0;
+
+ mpz_init(m);
+
+ mpz_powm(m, signature, key->e, key->n);
+
+ nettle_mpz_get_str_256(key->size, em, m);
+ mpz_clear(m);
+
+ if (em[0] != 0 || em[1] != 1) {
+ ret = 0;
+ goto cleanup;
+ }
+
+ for (i = 2; i < key->size; i++) {
+ if (em[i] == 0 && i > 2)
+ break;
+
+ if (em[i] != 0xff) {
+ ret = 0;
+ goto cleanup;
+ }
+ }
+
+ i++;
+
+ *rdi = em;
+
+ di->data = &em[i];
+ di->size = key->size - i;
+
+ return 1;
+
+ cleanup:
+ gnutls_free(em);
+
+ return ret;
}
/* Given a signature and parameters, it should return
@@ -1075,82 +1144,80 @@ cleanup:
* but until we deprecate gnutls_pubkey_get_verify_algorithm()
* we depend on it.
*/
-static int wrap_nettle_hash_algorithm (gnutls_pk_algorithm_t pk,
- const gnutls_datum_t * sig, gnutls_pk_params_st * issuer_params,
- gnutls_digest_algorithm_t* hash_algo)
+static int wrap_nettle_hash_algorithm(gnutls_pk_algorithm_t pk,
+ const gnutls_datum_t * sig,
+ gnutls_pk_params_st * issuer_params,
+ gnutls_digest_algorithm_t *
+ hash_algo)
{
- uint8_t digest[MAX_HASH_SIZE];
- uint8_t* rdi = NULL;
- gnutls_datum_t di;
- unsigned digest_size;
- mpz_t s;
- struct rsa_public_key pub;
- const mac_entry_st* me;
- int ret;
-
- mpz_init(s);
-
- switch (pk)
- {
- case GNUTLS_PK_DSA:
- case GNUTLS_PK_EC:
-
- me = _gnutls_dsa_q_to_hash (pk, issuer_params, NULL);
- if (hash_algo)
- *hash_algo = me->id;
-
- ret = 0;
- break;
- case GNUTLS_PK_RSA:
- if (sig == NULL)
- { /* return a sensible algorithm */
- if (hash_algo)
- *hash_algo = GNUTLS_DIG_SHA256;
- return 0;
- }
-
- _rsa_params_to_pubkey (issuer_params, &pub);
-
- digest_size = sizeof(digest);
-
- nettle_mpz_set_str_256_u(s, sig->size, sig->data);
-
- ret = extract_digest_info( &pub, &di, &rdi, s);
- if (ret == 0)
- {
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- gnutls_assert ();
- goto cleanup;
- }
-
- digest_size = sizeof(digest);
- if ((ret =
- decode_ber_digest_info (&di, hash_algo, digest,
- &digest_size)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (digest_size != _gnutls_hash_get_algo_len (mac_to_entry(*hash_algo)))
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- goto cleanup;
- }
-
- ret = 0;
- break;
-
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- }
-
-cleanup:
- mpz_clear(s);
- gnutls_free(rdi);
- return ret;
+ uint8_t digest[MAX_HASH_SIZE];
+ uint8_t *rdi = NULL;
+ gnutls_datum_t di;
+ unsigned digest_size;
+ mpz_t s;
+ struct rsa_public_key pub;
+ const mac_entry_st *me;
+ int ret;
+
+ mpz_init(s);
+
+ switch (pk) {
+ case GNUTLS_PK_DSA:
+ case GNUTLS_PK_EC:
+
+ me = _gnutls_dsa_q_to_hash(pk, issuer_params, NULL);
+ if (hash_algo)
+ *hash_algo = me->id;
+
+ ret = 0;
+ break;
+ case GNUTLS_PK_RSA:
+ if (sig == NULL) { /* return a sensible algorithm */
+ if (hash_algo)
+ *hash_algo = GNUTLS_DIG_SHA256;
+ return 0;
+ }
+
+ _rsa_params_to_pubkey(issuer_params, &pub);
+
+ digest_size = sizeof(digest);
+
+ nettle_mpz_set_str_256_u(s, sig->size, sig->data);
+
+ ret = extract_digest_info(&pub, &di, &rdi, s);
+ if (ret == 0) {
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ digest_size = sizeof(digest);
+ if ((ret =
+ decode_ber_digest_info(&di, hash_algo, digest,
+ &digest_size)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (digest_size !=
+ _gnutls_hash_get_algo_len(mac_to_entry(*hash_algo))) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ goto cleanup;
+ }
+
+ ret = 0;
+ break;
+
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ cleanup:
+ mpz_clear(s);
+ gnutls_free(rdi);
+ return ret;
}
@@ -1158,13 +1225,13 @@ cleanup:
int crypto_pk_prio = INT_MAX;
gnutls_crypto_pk_st _gnutls_pk_ops = {
- .hash_algorithm = wrap_nettle_hash_algorithm,
- .encrypt = _wrap_nettle_pk_encrypt,
- .decrypt = _wrap_nettle_pk_decrypt,
- .sign = _wrap_nettle_pk_sign,
- .verify = _wrap_nettle_pk_verify,
- .verify_params = wrap_nettle_pk_verify_params,
- .generate = wrap_nettle_pk_generate_params,
- .pk_fixup_private_params = wrap_nettle_pk_fixup,
- .derive = _wrap_nettle_pk_derive,
+ .hash_algorithm = wrap_nettle_hash_algorithm,
+ .encrypt = _wrap_nettle_pk_encrypt,
+ .decrypt = _wrap_nettle_pk_decrypt,
+ .sign = _wrap_nettle_pk_sign,
+ .verify = _wrap_nettle_pk_verify,
+ .verify_params = wrap_nettle_pk_verify_params,
+ .generate = wrap_nettle_pk_generate_params,
+ .pk_fixup_private_params = wrap_nettle_pk_fixup,
+ .derive = _wrap_nettle_pk_derive,
};
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
index 46a76d4f4a..cd988c2be6 100644
--- a/lib/nettle/rnd.c
+++ b/lib/nettle/rnd.c
@@ -33,10 +33,10 @@
#include <gnutls_num.h>
#include <nettle/yarrow.h>
#ifdef HAVE_GETPID
-# include <unistd.h> /* getpid */
+#include <unistd.h> /* getpid */
#endif
#ifdef HAVE_GETRUSAGE
-# include <sys/resource.h>
+#include <sys/resource.h>
#endif
#include <errno.h>
@@ -45,10 +45,9 @@
#define RND_LOCK if (gnutls_mutex_lock(&rnd_mutex)!=0) abort()
#define RND_UNLOCK if (gnutls_mutex_unlock(&rnd_mutex)!=0) abort()
-enum
-{
- RANDOM_SOURCE_TRIVIA = 0,
- RANDOM_SOURCE_DEVICE,
+enum {
+ RANDOM_SOURCE_TRIVIA = 0,
+ RANDOM_SOURCE_DEVICE,
};
static struct yarrow256_ctx yctx;
@@ -60,73 +59,68 @@ static struct timespec current_time = { 0, 0 };
static time_t trivia_previous_time = 0;
static time_t trivia_time_count = 0;
#ifdef HAVE_GETPID
-static pid_t pid; /* detect fork() */
+static pid_t pid; /* detect fork() */
#endif
static void *rnd_mutex;
inline static unsigned int
-timespec_sub_sec (struct timespec *a, struct timespec *b)
+timespec_sub_sec(struct timespec *a, struct timespec *b)
{
- return (a->tv_sec - b->tv_sec);
+ return (a->tv_sec - b->tv_sec);
}
#define DEVICE_READ_INTERVAL (1200)
/* universal functions */
-static int
-do_trivia_source (int init)
+static int do_trivia_source(int init)
{
- static struct
- {
- struct timespec now;
+ static struct {
+ struct timespec now;
#ifdef HAVE_GETRUSAGE
- struct rusage rusage;
+ struct rusage rusage;
#endif
#ifdef HAVE_GETPID
- pid_t pid;
+ pid_t pid;
#endif
- unsigned count;
- } event;
- unsigned entropy = 0;
+ unsigned count;
+ } event;
+ unsigned entropy = 0;
- memcpy(&event.now, &current_time, sizeof(event.now));
+ memcpy(&event.now, &current_time, sizeof(event.now));
#ifdef HAVE_GETRUSAGE
- if (getrusage (RUSAGE_SELF, &event.rusage) < 0)
- {
- _gnutls_debug_log ("getrusage failed: %s\n", strerror (errno));
- abort ();
- }
+ if (getrusage(RUSAGE_SELF, &event.rusage) < 0) {
+ _gnutls_debug_log("getrusage failed: %s\n",
+ strerror(errno));
+ abort();
+ }
#endif
- event.count = 0;
- if (init)
- {
- trivia_time_count = 0;
- }
- else
- {
- event.count = trivia_time_count++;
-
- if (event.now.tv_sec != trivia_previous_time)
- {
- /* Count one bit of entropy if we either have more than two
- * invocations in one second, or more than two seconds
- * between invocations. */
- if ((trivia_time_count > 2)
- || ((event.now.tv_sec - trivia_previous_time) > 2))
- entropy++;
-
- trivia_time_count = 0;
- }
- }
- trivia_previous_time = event.now.tv_sec;
+ event.count = 0;
+ if (init) {
+ trivia_time_count = 0;
+ } else {
+ event.count = trivia_time_count++;
+
+ if (event.now.tv_sec != trivia_previous_time) {
+ /* Count one bit of entropy if we either have more than two
+ * invocations in one second, or more than two seconds
+ * between invocations. */
+ if ((trivia_time_count > 2)
+ || ((event.now.tv_sec - trivia_previous_time) >
+ 2))
+ entropy++;
+
+ trivia_time_count = 0;
+ }
+ }
+ trivia_previous_time = event.now.tv_sec;
#ifdef HAVE_GETPID
- event.pid = pid;
+ event.pid = pid;
#endif
-
- return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy,
- sizeof (event), (void *) &event);
+
+ return yarrow256_update(&yctx, RANDOM_SOURCE_TRIVIA, entropy,
+ sizeof(event), (void *) &event);
}
@@ -142,61 +136,60 @@ do_trivia_source (int init)
static HCRYPTPROV device_fd = 0;
-static int
-do_device_source (int init)
+static int do_device_source(int init)
{
- int read_size = DEVICE_READ_SIZE;
-
- if (init)
- {
- int old;
-
- if (!CryptAcquireContext
- (&device_fd, NULL, NULL, PROV_RSA_FULL,
- CRYPT_SILENT | CRYPT_VERIFYCONTEXT))
- {
- _gnutls_debug_log ("error in CryptAcquireContext!\n");
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
- gettime(&device_last_read);
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
- }
-
- if ((device_fd != 0)
- && (init || timespec_sub_sec(&current_time, &device_last_read) > DEVICE_READ_INTERVAL))
- {
-
- /* More than 20 minutes since we last read the device */
- uint8_t buf[DEVICE_READ_SIZE_MAX];
-
- if (!CryptGenRandom (device_fd, (DWORD) read_size, buf))
- {
- _gnutls_debug_log ("Error in CryptGenRandom: %s\n",
- GetLastError ());
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
-
- memcpy(&device_last_read, &current_time, sizeof(device_last_read));
- return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE,
- read_size * 8 /
- 2 /* we trust the system RNG */ ,
- read_size, buf);
- }
- return 0;
+ int read_size = DEVICE_READ_SIZE;
+
+ if (init) {
+ int old;
+
+ if (!CryptAcquireContext
+ (&device_fd, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) {
+ _gnutls_debug_log
+ ("error in CryptAcquireContext!\n");
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+ gettime(&device_last_read);
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ }
+
+ if ((device_fd != 0)
+ && (init
+ || timespec_sub_sec(&current_time,
+ &device_last_read) >
+ DEVICE_READ_INTERVAL)) {
+
+ /* More than 20 minutes since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+
+ if (!CryptGenRandom(device_fd, (DWORD) read_size, buf)) {
+ _gnutls_debug_log("Error in CryptGenRandom: %s\n",
+ GetLastError());
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+
+ memcpy(&device_last_read, &current_time,
+ sizeof(device_last_read));
+ return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE,
+ read_size * 8 /
+ 2 /* we trust the system RNG */ ,
+ read_size, buf);
+ }
+ return 0;
}
-static void
-wrap_nettle_rnd_deinit (void *ctx)
+static void wrap_nettle_rnd_deinit(void *ctx)
{
- RND_LOCK;
- CryptReleaseContext (device_fd, 0);
- RND_UNLOCK;
+ RND_LOCK;
+ CryptReleaseContext(device_fd, 0);
+ RND_UNLOCK;
- gnutls_mutex_deinit (&rnd_mutex);
- rnd_mutex = NULL;
+ gnutls_mutex_deinit(&rnd_mutex);
+ rnd_mutex = NULL;
}
-#else /* POSIX */
+#else /* POSIX */
#include <time.h>
#include <sys/types.h>
@@ -211,172 +204,167 @@ wrap_nettle_rnd_deinit (void *ctx)
static int device_fd;
-static int
-do_device_source_urandom (int init)
+static int do_device_source_urandom(int init)
{
- unsigned int read_size = DEVICE_READ_SIZE;
-
- if (init)
- {
- int old;
-
- device_fd = open ("/dev/urandom", O_RDONLY);
- if (device_fd < 0)
- {
- _gnutls_debug_log ("Cannot open urandom!\n");
- return GNUTLS_E_FILE_ERROR;
- }
-
- old = fcntl (device_fd, F_GETFD);
- if (old != -1)
- fcntl (device_fd, F_SETFD, old | FD_CLOEXEC);
- memcpy(&device_last_read, &current_time, sizeof(device_last_read));
-
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
- }
-
- if ((init || (timespec_sub_sec(&current_time, &device_last_read) > DEVICE_READ_INTERVAL)) && (device_fd > 0))
- {
- /* More than 20 minutes since we last read the device */
- uint8_t buf[DEVICE_READ_SIZE_MAX];
- uint32_t done;
-
- for (done = 0; done < read_size;)
- {
- int res;
- do
- res = read (device_fd, buf + done, sizeof (buf) - done);
- while (res < 0 && errno == EINTR);
-
- if (res <= 0)
- {
- if (res < 0)
- {
- _gnutls_debug_log ("Failed to read /dev/urandom: %s\n",
- strerror (errno));
- }
- else
- {
- _gnutls_debug_log
- ("Failed to read /dev/urandom: end of file\n");
- }
-
- return GNUTLS_E_RANDOM_DEVICE_ERROR;
- }
-
- done += res;
- }
-
- memcpy(&device_last_read, &current_time, sizeof(device_last_read));
- return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE,
- read_size * 8 / 2 /* we trust the RNG */ ,
- read_size, buf);
- }
- return 0;
+ unsigned int read_size = DEVICE_READ_SIZE;
+
+ if (init) {
+ int old;
+
+ device_fd = open("/dev/urandom", O_RDONLY);
+ if (device_fd < 0) {
+ _gnutls_debug_log("Cannot open urandom!\n");
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ old = fcntl(device_fd, F_GETFD);
+ if (old != -1)
+ fcntl(device_fd, F_SETFD, old | FD_CLOEXEC);
+ memcpy(&device_last_read, &current_time,
+ sizeof(device_last_read));
+
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ }
+
+ if ((init
+ || (timespec_sub_sec(&current_time, &device_last_read) >
+ DEVICE_READ_INTERVAL)) && (device_fd > 0)) {
+ /* More than 20 minutes since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+ uint32_t done;
+
+ for (done = 0; done < read_size;) {
+ int res;
+ do
+ res =
+ read(device_fd, buf + done,
+ sizeof(buf) - done);
+ while (res < 0 && errno == EINTR);
+
+ if (res <= 0) {
+ if (res < 0) {
+ _gnutls_debug_log
+ ("Failed to read /dev/urandom: %s\n",
+ strerror(errno));
+ } else {
+ _gnutls_debug_log
+ ("Failed to read /dev/urandom: end of file\n");
+ }
+
+ return GNUTLS_E_RANDOM_DEVICE_ERROR;
+ }
+
+ done += res;
+ }
+
+ memcpy(&device_last_read, &current_time,
+ sizeof(device_last_read));
+ return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE,
+ read_size * 8 /
+ 2 /* we trust the RNG */ ,
+ read_size, buf);
+ }
+ return 0;
}
-static int
-do_device_source_egd (int init)
+static int do_device_source_egd(int init)
{
- unsigned int read_size = DEVICE_READ_SIZE;
-
- if (init)
- {
- device_fd = _rndegd_connect_socket ();
- if (device_fd < 0)
- {
- _gnutls_debug_log ("Cannot open egd socket!\n");
- return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
- }
-
- memcpy(&device_last_read, &current_time, sizeof(device_last_read));
-
- read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
- }
-
- if ((device_fd > 0)
- && (init || (timespec_sub_sec(&current_time, &device_last_read) > DEVICE_READ_INTERVAL)))
- {
-
- /* More than 20 minutes since we last read the device */
- uint8_t buf[DEVICE_READ_SIZE_MAX];
- uint32_t done;
-
- for (done = 0; done < read_size;)
- {
- int res;
- res = _rndegd_read (&device_fd, buf + done, sizeof (buf) - done);
- if (res <= 0)
- {
- if (res < 0)
- {
- _gnutls_debug_log ("Failed to read egd.\n");
- }
- else
- {
- _gnutls_debug_log ("Failed to read egd: end of file\n");
- }
-
- return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
- }
- done += res;
- }
-
- memcpy(&device_last_read, &current_time, sizeof(device_last_read));
- return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, read_size * 8 / 2,
- read_size, buf);
- }
- return 0;
+ unsigned int read_size = DEVICE_READ_SIZE;
+
+ if (init) {
+ device_fd = _rndegd_connect_socket();
+ if (device_fd < 0) {
+ _gnutls_debug_log("Cannot open egd socket!\n");
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RANDOM_DEVICE_ERROR);
+ }
+
+ memcpy(&device_last_read, &current_time,
+ sizeof(device_last_read));
+
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ }
+
+ if ((device_fd > 0)
+ && (init
+ || (timespec_sub_sec(&current_time, &device_last_read) >
+ DEVICE_READ_INTERVAL))) {
+
+ /* More than 20 minutes since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+ uint32_t done;
+
+ for (done = 0; done < read_size;) {
+ int res;
+ res =
+ _rndegd_read(&device_fd, buf + done,
+ sizeof(buf) - done);
+ if (res <= 0) {
+ if (res < 0) {
+ _gnutls_debug_log
+ ("Failed to read egd.\n");
+ } else {
+ _gnutls_debug_log
+ ("Failed to read egd: end of file\n");
+ }
+
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RANDOM_DEVICE_ERROR);
+ }
+ done += res;
+ }
+
+ memcpy(&device_last_read, &current_time,
+ sizeof(device_last_read));
+ return yarrow256_update(&yctx, RANDOM_SOURCE_DEVICE,
+ read_size * 8 / 2, read_size, buf);
+ }
+ return 0;
}
-static int
-do_device_source (int init)
+static int do_device_source(int init)
{
- int ret;
- static int (*do_source) (int init) = NULL;
+ int ret;
+ static int (*do_source) (int init) = NULL;
/* using static var here is ok since we are
* always called with mutexes down
*/
- if (init == 1)
- {
+ if (init == 1) {
#ifdef HAVE_GETPID
- pid = getpid();
+ pid = getpid();
#endif
- do_source = do_device_source_urandom;
- ret = do_source (init);
- if (ret < 0)
- {
- do_source = do_device_source_egd;
- ret = do_source (init);
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
- }
- else
- {
- ret = do_source (init);
-
- return ret;
- }
+ do_source = do_device_source_urandom;
+ ret = do_source(init);
+ if (ret < 0) {
+ do_source = do_device_source_egd;
+ ret = do_source(init);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
+ } else {
+ ret = do_source(init);
+
+ return ret;
+ }
}
-static void
-wrap_nettle_rnd_deinit (void *ctx)
+static void wrap_nettle_rnd_deinit(void *ctx)
{
- RND_LOCK;
- close (device_fd);
- RND_UNLOCK;
+ RND_LOCK;
+ close(device_fd);
+ RND_UNLOCK;
- gnutls_mutex_deinit (&rnd_mutex);
- rnd_mutex = NULL;
+ gnutls_mutex_deinit(&rnd_mutex);
+ rnd_mutex = NULL;
}
#endif
@@ -384,109 +372,100 @@ wrap_nettle_rnd_deinit (void *ctx)
/* API functions */
-static int
-wrap_nettle_rnd_init (void **ctx)
+static int wrap_nettle_rnd_init(void **ctx)
{
- int ret;
-
- ret = gnutls_mutex_init (&rnd_mutex);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- yarrow256_init (&yctx, SOURCES, ysources);
- gettime(&current_time);
-
- ret = do_device_source (1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = do_trivia_source (1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- yarrow256_slow_reseed (&yctx);
-
- return 0;
+ int ret;
+
+ ret = gnutls_mutex_init(&rnd_mutex);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ yarrow256_init(&yctx, SOURCES, ysources);
+ gettime(&current_time);
+
+ ret = do_device_source(1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = do_trivia_source(1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ yarrow256_slow_reseed(&yctx);
+
+ return 0;
}
static int
-wrap_nettle_rnd (void *_ctx, int level, void *data, size_t datasize)
+wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize)
{
- int ret, reseed = 0;
+ int ret, reseed = 0;
- RND_LOCK;
+ RND_LOCK;
#ifdef HAVE_GETPID
- if (getpid() != pid)
- { /* fork() detected */
- memset(&device_last_read, 0, sizeof(device_last_read));
- pid = getpid();
- reseed = 1;
- }
+ if (getpid() != pid) { /* fork() detected */
+ memset(&device_last_read, 0, sizeof(device_last_read));
+ pid = getpid();
+ reseed = 1;
+ }
#endif
- /* update state only when having a non-nonce or if nonce
- * and nsecs%4096 == 0, i.e., one out of 4096 times called .
- *
- * The reason we do that is to avoid any delays when generating nonces.
- */
- if (level != GNUTLS_RND_NONCE || reseed != 0)
- {
- gettime(&current_time);
-
- ret = do_trivia_source (0);
- if (ret < 0)
- {
- RND_UNLOCK;
- gnutls_assert ();
- return ret;
- }
-
- ret = do_device_source (0);
- if (ret < 0)
- {
- RND_UNLOCK;
- gnutls_assert ();
- return ret;
- }
-
- if (reseed)
- yarrow256_slow_reseed (&yctx);
- }
-
- yarrow256_random (&yctx, datasize, data);
- RND_UNLOCK;
- return 0;
+ /* update state only when having a non-nonce or if nonce
+ * and nsecs%4096 == 0, i.e., one out of 4096 times called .
+ *
+ * The reason we do that is to avoid any delays when generating nonces.
+ */
+ if (level != GNUTLS_RND_NONCE || reseed != 0) {
+ gettime(&current_time);
+
+ ret = do_trivia_source(0);
+ if (ret < 0) {
+ RND_UNLOCK;
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = do_device_source(0);
+ if (ret < 0) {
+ RND_UNLOCK;
+ gnutls_assert();
+ return ret;
+ }
+
+ if (reseed)
+ yarrow256_slow_reseed(&yctx);
+ }
+
+ yarrow256_random(&yctx, datasize, data);
+ RND_UNLOCK;
+ return 0;
}
-static void
-wrap_nettle_rnd_refresh (void *_ctx)
+static void wrap_nettle_rnd_refresh(void *_ctx)
{
- RND_LOCK;
- gettime(&current_time);
+ RND_LOCK;
+ gettime(&current_time);
- do_trivia_source (0);
- do_device_source (0);
+ do_trivia_source(0);
+ do_device_source(0);
- RND_UNLOCK;
- return;
+ RND_UNLOCK;
+ return;
}
int crypto_rnd_prio = INT_MAX;
gnutls_crypto_rnd_st _gnutls_rnd_ops = {
- .init = wrap_nettle_rnd_init,
- .deinit = wrap_nettle_rnd_deinit,
- .rnd = wrap_nettle_rnd,
- .rnd_refresh = wrap_nettle_rnd_refresh,
+ .init = wrap_nettle_rnd_init,
+ .deinit = wrap_nettle_rnd_deinit,
+ .rnd = wrap_nettle_rnd,
+ .rnd_refresh = wrap_nettle_rnd_refresh,
};
diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c
index b8d232a25f..7a26c6b80f 100644
--- a/lib/opencdk/armor.c
+++ b/lib/opencdk/armor.c
@@ -43,431 +43,439 @@
#define CRCINIT 0xB704CE
static u32 crc_table[] = {
- 0x000000, 0x864CFB, 0x8AD50D, 0x0C99F6, 0x93E6E1, 0x15AA1A, 0x1933EC,
- 0x9F7F17, 0xA18139, 0x27CDC2, 0x2B5434, 0xAD18CF, 0x3267D8, 0xB42B23,
- 0xB8B2D5, 0x3EFE2E, 0xC54E89, 0x430272, 0x4F9B84, 0xC9D77F, 0x56A868,
- 0xD0E493, 0xDC7D65, 0x5A319E, 0x64CFB0, 0xE2834B, 0xEE1ABD, 0x685646,
- 0xF72951, 0x7165AA, 0x7DFC5C, 0xFBB0A7, 0x0CD1E9, 0x8A9D12, 0x8604E4,
- 0x00481F, 0x9F3708, 0x197BF3, 0x15E205, 0x93AEFE, 0xAD50D0, 0x2B1C2B,
- 0x2785DD, 0xA1C926, 0x3EB631, 0xB8FACA, 0xB4633C, 0x322FC7, 0xC99F60,
- 0x4FD39B, 0x434A6D, 0xC50696, 0x5A7981, 0xDC357A, 0xD0AC8C, 0x56E077,
- 0x681E59, 0xEE52A2, 0xE2CB54, 0x6487AF, 0xFBF8B8, 0x7DB443, 0x712DB5,
- 0xF7614E, 0x19A3D2, 0x9FEF29, 0x9376DF, 0x153A24, 0x8A4533, 0x0C09C8,
- 0x00903E, 0x86DCC5, 0xB822EB, 0x3E6E10, 0x32F7E6, 0xB4BB1D, 0x2BC40A,
- 0xAD88F1, 0xA11107, 0x275DFC, 0xDCED5B, 0x5AA1A0, 0x563856, 0xD074AD,
- 0x4F0BBA, 0xC94741, 0xC5DEB7, 0x43924C, 0x7D6C62, 0xFB2099, 0xF7B96F,
- 0x71F594, 0xEE8A83, 0x68C678, 0x645F8E, 0xE21375, 0x15723B, 0x933EC0,
- 0x9FA736, 0x19EBCD, 0x8694DA, 0x00D821, 0x0C41D7, 0x8A0D2C, 0xB4F302,
- 0x32BFF9, 0x3E260F, 0xB86AF4, 0x2715E3, 0xA15918, 0xADC0EE, 0x2B8C15,
- 0xD03CB2, 0x567049, 0x5AE9BF, 0xDCA544, 0x43DA53, 0xC596A8, 0xC90F5E,
- 0x4F43A5, 0x71BD8B, 0xF7F170, 0xFB6886, 0x7D247D, 0xE25B6A, 0x641791,
- 0x688E67, 0xEEC29C, 0x3347A4, 0xB50B5F, 0xB992A9, 0x3FDE52, 0xA0A145,
- 0x26EDBE, 0x2A7448, 0xAC38B3, 0x92C69D, 0x148A66, 0x181390, 0x9E5F6B,
- 0x01207C, 0x876C87, 0x8BF571, 0x0DB98A, 0xF6092D, 0x7045D6, 0x7CDC20,
- 0xFA90DB, 0x65EFCC, 0xE3A337, 0xEF3AC1, 0x69763A, 0x578814, 0xD1C4EF,
- 0xDD5D19, 0x5B11E2, 0xC46EF5, 0x42220E, 0x4EBBF8, 0xC8F703, 0x3F964D,
- 0xB9DAB6, 0xB54340, 0x330FBB, 0xAC70AC, 0x2A3C57, 0x26A5A1, 0xA0E95A,
- 0x9E1774, 0x185B8F, 0x14C279, 0x928E82, 0x0DF195, 0x8BBD6E, 0x872498,
- 0x016863, 0xFAD8C4, 0x7C943F, 0x700DC9, 0xF64132, 0x693E25, 0xEF72DE,
- 0xE3EB28, 0x65A7D3, 0x5B59FD, 0xDD1506, 0xD18CF0, 0x57C00B, 0xC8BF1C,
- 0x4EF3E7, 0x426A11, 0xC426EA, 0x2AE476, 0xACA88D, 0xA0317B, 0x267D80,
- 0xB90297, 0x3F4E6C, 0x33D79A, 0xB59B61, 0x8B654F, 0x0D29B4, 0x01B042,
- 0x87FCB9, 0x1883AE, 0x9ECF55, 0x9256A3, 0x141A58, 0xEFAAFF, 0x69E604,
- 0x657FF2, 0xE33309, 0x7C4C1E, 0xFA00E5, 0xF69913, 0x70D5E8, 0x4E2BC6,
- 0xC8673D, 0xC4FECB, 0x42B230, 0xDDCD27, 0x5B81DC, 0x57182A, 0xD154D1,
- 0x26359F, 0xA07964, 0xACE092, 0x2AAC69, 0xB5D37E, 0x339F85, 0x3F0673,
- 0xB94A88, 0x87B4A6, 0x01F85D, 0x0D61AB, 0x8B2D50, 0x145247, 0x921EBC,
- 0x9E874A, 0x18CBB1, 0xE37B16, 0x6537ED, 0x69AE1B, 0xEFE2E0, 0x709DF7,
- 0xF6D10C, 0xFA48FA, 0x7C0401, 0x42FA2F, 0xC4B6D4, 0xC82F22, 0x4E63D9,
- 0xD11CCE, 0x575035, 0x5BC9C3, 0xDD8538
+ 0x000000, 0x864CFB, 0x8AD50D, 0x0C99F6, 0x93E6E1, 0x15AA1A,
+ 0x1933EC,
+ 0x9F7F17, 0xA18139, 0x27CDC2, 0x2B5434, 0xAD18CF, 0x3267D8,
+ 0xB42B23,
+ 0xB8B2D5, 0x3EFE2E, 0xC54E89, 0x430272, 0x4F9B84, 0xC9D77F,
+ 0x56A868,
+ 0xD0E493, 0xDC7D65, 0x5A319E, 0x64CFB0, 0xE2834B, 0xEE1ABD,
+ 0x685646,
+ 0xF72951, 0x7165AA, 0x7DFC5C, 0xFBB0A7, 0x0CD1E9, 0x8A9D12,
+ 0x8604E4,
+ 0x00481F, 0x9F3708, 0x197BF3, 0x15E205, 0x93AEFE, 0xAD50D0,
+ 0x2B1C2B,
+ 0x2785DD, 0xA1C926, 0x3EB631, 0xB8FACA, 0xB4633C, 0x322FC7,
+ 0xC99F60,
+ 0x4FD39B, 0x434A6D, 0xC50696, 0x5A7981, 0xDC357A, 0xD0AC8C,
+ 0x56E077,
+ 0x681E59, 0xEE52A2, 0xE2CB54, 0x6487AF, 0xFBF8B8, 0x7DB443,
+ 0x712DB5,
+ 0xF7614E, 0x19A3D2, 0x9FEF29, 0x9376DF, 0x153A24, 0x8A4533,
+ 0x0C09C8,
+ 0x00903E, 0x86DCC5, 0xB822EB, 0x3E6E10, 0x32F7E6, 0xB4BB1D,
+ 0x2BC40A,
+ 0xAD88F1, 0xA11107, 0x275DFC, 0xDCED5B, 0x5AA1A0, 0x563856,
+ 0xD074AD,
+ 0x4F0BBA, 0xC94741, 0xC5DEB7, 0x43924C, 0x7D6C62, 0xFB2099,
+ 0xF7B96F,
+ 0x71F594, 0xEE8A83, 0x68C678, 0x645F8E, 0xE21375, 0x15723B,
+ 0x933EC0,
+ 0x9FA736, 0x19EBCD, 0x8694DA, 0x00D821, 0x0C41D7, 0x8A0D2C,
+ 0xB4F302,
+ 0x32BFF9, 0x3E260F, 0xB86AF4, 0x2715E3, 0xA15918, 0xADC0EE,
+ 0x2B8C15,
+ 0xD03CB2, 0x567049, 0x5AE9BF, 0xDCA544, 0x43DA53, 0xC596A8,
+ 0xC90F5E,
+ 0x4F43A5, 0x71BD8B, 0xF7F170, 0xFB6886, 0x7D247D, 0xE25B6A,
+ 0x641791,
+ 0x688E67, 0xEEC29C, 0x3347A4, 0xB50B5F, 0xB992A9, 0x3FDE52,
+ 0xA0A145,
+ 0x26EDBE, 0x2A7448, 0xAC38B3, 0x92C69D, 0x148A66, 0x181390,
+ 0x9E5F6B,
+ 0x01207C, 0x876C87, 0x8BF571, 0x0DB98A, 0xF6092D, 0x7045D6,
+ 0x7CDC20,
+ 0xFA90DB, 0x65EFCC, 0xE3A337, 0xEF3AC1, 0x69763A, 0x578814,
+ 0xD1C4EF,
+ 0xDD5D19, 0x5B11E2, 0xC46EF5, 0x42220E, 0x4EBBF8, 0xC8F703,
+ 0x3F964D,
+ 0xB9DAB6, 0xB54340, 0x330FBB, 0xAC70AC, 0x2A3C57, 0x26A5A1,
+ 0xA0E95A,
+ 0x9E1774, 0x185B8F, 0x14C279, 0x928E82, 0x0DF195, 0x8BBD6E,
+ 0x872498,
+ 0x016863, 0xFAD8C4, 0x7C943F, 0x700DC9, 0xF64132, 0x693E25,
+ 0xEF72DE,
+ 0xE3EB28, 0x65A7D3, 0x5B59FD, 0xDD1506, 0xD18CF0, 0x57C00B,
+ 0xC8BF1C,
+ 0x4EF3E7, 0x426A11, 0xC426EA, 0x2AE476, 0xACA88D, 0xA0317B,
+ 0x267D80,
+ 0xB90297, 0x3F4E6C, 0x33D79A, 0xB59B61, 0x8B654F, 0x0D29B4,
+ 0x01B042,
+ 0x87FCB9, 0x1883AE, 0x9ECF55, 0x9256A3, 0x141A58, 0xEFAAFF,
+ 0x69E604,
+ 0x657FF2, 0xE33309, 0x7C4C1E, 0xFA00E5, 0xF69913, 0x70D5E8,
+ 0x4E2BC6,
+ 0xC8673D, 0xC4FECB, 0x42B230, 0xDDCD27, 0x5B81DC, 0x57182A,
+ 0xD154D1,
+ 0x26359F, 0xA07964, 0xACE092, 0x2AAC69, 0xB5D37E, 0x339F85,
+ 0x3F0673,
+ 0xB94A88, 0x87B4A6, 0x01F85D, 0x0D61AB, 0x8B2D50, 0x145247,
+ 0x921EBC,
+ 0x9E874A, 0x18CBB1, 0xE37B16, 0x6537ED, 0x69AE1B, 0xEFE2E0,
+ 0x709DF7,
+ 0xF6D10C, 0xFA48FA, 0x7C0401, 0x42FA2F, 0xC4B6D4, 0xC82F22,
+ 0x4E63D9,
+ 0xD11CCE, 0x575035, 0x5BC9C3, 0xDD8538
};
static const char *armor_begin[] = {
- "BEGIN PGP MESSAGE",
- "BEGIN PGP PUBLIC KEY BLOCK",
- "BEGIN PGP PRIVATE KEY BLOCK",
- "BEGIN PGP SIGNATURE",
- NULL
+ "BEGIN PGP MESSAGE",
+ "BEGIN PGP PUBLIC KEY BLOCK",
+ "BEGIN PGP PRIVATE KEY BLOCK",
+ "BEGIN PGP SIGNATURE",
+ NULL
};
static const char *armor_end[] = {
- "END PGP MESSAGE",
- "END PGP PUBLIC KEY BLOCK",
- "END PGP PRIVATE KEY BLOCK",
- "END PGP SIGNATURE",
- NULL
+ "END PGP MESSAGE",
+ "END PGP PUBLIC KEY BLOCK",
+ "END PGP PRIVATE KEY BLOCK",
+ "END PGP SIGNATURE",
+ NULL
};
static const char *valid_headers[] = {
- "Comment",
- "Version",
- "MessageID",
- "Hash",
- "Charset",
- NULL
+ "Comment",
+ "Version",
+ "MessageID",
+ "Hash",
+ "Charset",
+ NULL
};
static char b64chars[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/* Return the compression algorithm in @r_zipalgo.
If the parameter is not set after execution,
the stream is not compressed. */
-static int
-compress_get_algo (cdk_stream_t inp, int *r_zipalgo)
+static int compress_get_algo(cdk_stream_t inp, int *r_zipalgo)
{
- byte plain[512];
- char buf[128];
- int nread, pkttype;
- size_t plain_size;
-
- *r_zipalgo = 0;
- cdk_stream_seek (inp, 0);
- while (!cdk_stream_eof (inp))
- {
- nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
- if (!nread || nread == -1)
- break;
- if (nread == 1 && !cdk_stream_eof (inp)
- && (nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1)) > 0)
- {
- plain_size = sizeof(plain);
- base64_decode (buf, nread, (char*)plain, &plain_size);
- if (!(*plain & 0x80))
- break;
- pkttype = *plain & 0x40 ? (*plain & 0x3f) : ((*plain >> 2) & 0xf);
- if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo)
- {
- _gnutls_buffers_log ("armor compressed (algo=%d)\n",
- *(plain + 1));
- *r_zipalgo = *(plain + 1);
- }
- break;
- }
- }
- return 0;
+ byte plain[512];
+ char buf[128];
+ int nread, pkttype;
+ size_t plain_size;
+
+ *r_zipalgo = 0;
+ cdk_stream_seek(inp, 0);
+ while (!cdk_stream_eof(inp)) {
+ nread = _cdk_stream_gets(inp, buf, DIM(buf) - 1);
+ if (!nread || nread == -1)
+ break;
+ if (nread == 1 && !cdk_stream_eof(inp)
+ && (nread =
+ _cdk_stream_gets(inp, buf, DIM(buf) - 1)) > 0) {
+ plain_size = sizeof(plain);
+ base64_decode(buf, nread, (char *) plain,
+ &plain_size);
+ if (!(*plain & 0x80))
+ break;
+ pkttype =
+ *plain & 0x40 ? (*plain & 0x3f)
+ : ((*plain >> 2) & 0xf);
+ if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo) {
+ _gnutls_buffers_log
+ ("armor compressed (algo=%d)\n",
+ *(plain + 1));
+ *r_zipalgo = *(plain + 1);
+ }
+ break;
+ }
+ }
+ return 0;
}
-static int
-check_armor (cdk_stream_t inp, int *r_zipalgo)
+static int check_armor(cdk_stream_t inp, int *r_zipalgo)
{
- char buf[4096];
- size_t nread;
- int check;
-
- check = 0;
- nread = cdk_stream_read (inp, buf, DIM (buf) - 1);
- if (nread > 0)
- {
- buf[nread] = '\0';
- if (strstr (buf, "-----BEGIN PGP"))
- {
- compress_get_algo (inp, r_zipalgo);
- check = 1;
- }
- cdk_stream_seek (inp, 0);
- }
- return check;
+ char buf[4096];
+ size_t nread;
+ int check;
+
+ check = 0;
+ nread = cdk_stream_read(inp, buf, DIM(buf) - 1);
+ if (nread > 0) {
+ buf[nread] = '\0';
+ if (strstr(buf, "-----BEGIN PGP")) {
+ compress_get_algo(inp, r_zipalgo);
+ check = 1;
+ }
+ cdk_stream_seek(inp, 0);
+ }
+ return check;
}
-static int
-is_armored (int ctb)
+static int is_armored(int ctb)
{
- int pkttype = 0;
-
- if (!(ctb & 0x80))
- {
- gnutls_assert ();
- return 1; /* invalid packet: assume it is armored */
- }
- pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb >> 2) & 0xf);
- switch (pkttype)
- {
- case CDK_PKT_MARKER:
- case CDK_PKT_ONEPASS_SIG:
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_PUBKEY_ENC:
- case CDK_PKT_SIGNATURE:
- case CDK_PKT_LITERAL:
- case CDK_PKT_COMPRESSED:
- return 0; /* seems to be a regular packet: not armored */
- }
- return 1;
+ int pkttype = 0;
+
+ if (!(ctb & 0x80)) {
+ gnutls_assert();
+ return 1; /* invalid packet: assume it is armored */
+ }
+ pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb >> 2) & 0xf);
+ switch (pkttype) {
+ case CDK_PKT_MARKER:
+ case CDK_PKT_ONEPASS_SIG:
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_PUBKEY_ENC:
+ case CDK_PKT_SIGNATURE:
+ case CDK_PKT_LITERAL:
+ case CDK_PKT_COMPRESSED:
+ return 0; /* seems to be a regular packet: not armored */
+ }
+ return 1;
}
-static u32
-update_crc (u32 crc, const byte * buf, size_t buflen)
+static u32 update_crc(u32 crc, const byte * buf, size_t buflen)
{
- unsigned int j;
+ unsigned int j;
- if (!crc)
- crc = CRCINIT;
+ if (!crc)
+ crc = CRCINIT;
- for (j = 0; j < buflen; j++)
- crc = (crc << 8) ^ crc_table[0xff & ((crc >> 16) ^ buf[j])];
- crc &= 0xffffff;
- return crc;
+ for (j = 0; j < buflen; j++)
+ crc =
+ (crc << 8) ^ crc_table[0xff & ((crc >> 16) ^ buf[j])];
+ crc &= 0xffffff;
+ return crc;
}
-static cdk_error_t
-armor_encode (void *data, FILE * in, FILE * out)
+static cdk_error_t armor_encode(void *data, FILE * in, FILE * out)
{
- armor_filter_t *afx = data;
- struct stat statbuf;
- char crcbuf[5], buf[128], raw[49];
- byte crcbuf2[3];
- size_t nread = 0;
- const char *lf;
-
- if (!afx)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (afx->idx < 0 || afx->idx > (int) DIM (armor_begin) ||
- afx->idx2 < 0 || afx->idx2 > (int) DIM (armor_end))
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- _gnutls_buffers_log ("armor filter: encode\n");
-
- memset (crcbuf, 0, sizeof (crcbuf));
-
- lf = afx->le ? afx->le : LF;
- fprintf (out, "-----%s-----%s", armor_begin[afx->idx], lf);
- fprintf (out, "Version: OpenPrivacy " PACKAGE_VERSION "%s", lf);
- if (afx->hdrlines)
- fwrite (afx->hdrlines, 1, strlen (afx->hdrlines), out);
- fprintf (out, "%s", lf);
-
- if (fstat (fileno (in), &statbuf))
- {
- gnutls_assert ();
- return CDK_General_Error;
- }
-
- while (!feof (in))
- {
- nread = fread (raw, 1, DIM (raw) - 1, in);
- if (!nread)
- break;
- if (ferror (in))
- {
- gnutls_assert ();
- return CDK_File_Error;
- }
- afx->crc = update_crc (afx->crc, (byte *) raw, nread);
- base64_encode (raw, nread, buf, DIM (buf) - 1);
- fprintf (out, "%s%s", buf, lf);
- }
-
- crcbuf2[0] = afx->crc >> 16;
- crcbuf2[1] = afx->crc >> 8;
- crcbuf2[2] = afx->crc;
- crcbuf[0] = b64chars[crcbuf2[0] >> 2];
- crcbuf[1] = b64chars[((crcbuf2[0] << 4) & 0x30) | (crcbuf2[1] >> 4)];
- crcbuf[2] = b64chars[((crcbuf2[1] << 2) & 0x3c) | (crcbuf2[2] >> 6)];
- crcbuf[3] = b64chars[crcbuf2[2] & 0x3f];
- fprintf (out, "=%s%s", crcbuf, lf);
- fprintf (out, "-----%s-----%s", armor_end[afx->idx2], lf);
-
- return 0;
+ armor_filter_t *afx = data;
+ struct stat statbuf;
+ char crcbuf[5], buf[128], raw[49];
+ byte crcbuf2[3];
+ size_t nread = 0;
+ const char *lf;
+
+ if (!afx) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (afx->idx < 0 || afx->idx > (int) DIM(armor_begin) ||
+ afx->idx2 < 0 || afx->idx2 > (int) DIM(armor_end)) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ _gnutls_buffers_log("armor filter: encode\n");
+
+ memset(crcbuf, 0, sizeof(crcbuf));
+
+ lf = afx->le ? afx->le : LF;
+ fprintf(out, "-----%s-----%s", armor_begin[afx->idx], lf);
+ fprintf(out, "Version: OpenPrivacy " PACKAGE_VERSION "%s", lf);
+ if (afx->hdrlines)
+ fwrite(afx->hdrlines, 1, strlen(afx->hdrlines), out);
+ fprintf(out, "%s", lf);
+
+ if (fstat(fileno(in), &statbuf)) {
+ gnutls_assert();
+ return CDK_General_Error;
+ }
+
+ while (!feof(in)) {
+ nread = fread(raw, 1, DIM(raw) - 1, in);
+ if (!nread)
+ break;
+ if (ferror(in)) {
+ gnutls_assert();
+ return CDK_File_Error;
+ }
+ afx->crc = update_crc(afx->crc, (byte *) raw, nread);
+ base64_encode(raw, nread, buf, DIM(buf) - 1);
+ fprintf(out, "%s%s", buf, lf);
+ }
+
+ crcbuf2[0] = afx->crc >> 16;
+ crcbuf2[1] = afx->crc >> 8;
+ crcbuf2[2] = afx->crc;
+ crcbuf[0] = b64chars[crcbuf2[0] >> 2];
+ crcbuf[1] =
+ b64chars[((crcbuf2[0] << 4) & 0x30) | (crcbuf2[1] >> 4)];
+ crcbuf[2] =
+ b64chars[((crcbuf2[1] << 2) & 0x3c) | (crcbuf2[2] >> 6)];
+ crcbuf[3] = b64chars[crcbuf2[2] & 0x3f];
+ fprintf(out, "=%s%s", crcbuf, lf);
+ fprintf(out, "-----%s-----%s", armor_end[afx->idx2], lf);
+
+ return 0;
}
-static int
-search_header (const char *buf, const char **array)
+static int search_header(const char *buf, const char **array)
{
- const char *s;
- int i;
-
- if (strlen (buf) < 5 || strncmp (buf, "-----", 5))
- {
- return -1;
- }
- for (i = 0; (s = array[i]); i++)
- {
- if (!strncmp (s, buf + 5, strlen (s)))
- return i;
- }
- return -1;
+ const char *s;
+ int i;
+
+ if (strlen(buf) < 5 || strncmp(buf, "-----", 5)) {
+ return -1;
+ }
+ for (i = 0; (s = array[i]); i++) {
+ if (!strncmp(s, buf + 5, strlen(s)))
+ return i;
+ }
+ return -1;
}
-static cdk_error_t
-armor_decode (void *data, FILE * in, FILE * out)
+static cdk_error_t armor_decode(void *data, FILE * in, FILE * out)
{
- armor_filter_t *afx = data;
- const char *s;
- char buf[127];
- byte raw[128], crcbuf[4];
- u32 crc2 = 0;
- ssize_t nread = 0;
- int i, pgp_data = 0;
- cdk_error_t rc = 0;
- int len;
- size_t raw_size, crcbuf_size;
-
- if (!afx)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- _gnutls_buffers_log ("armor filter: decode\n");
-
- fseek (in, 0, SEEK_SET);
- /* Search the begin of the message */
- while (!feof (in) && !pgp_data)
- {
- s = fgets (buf, DIM (buf) - 1, in);
- if (!s)
- break;
- afx->idx = search_header (buf, armor_begin);
- if (afx->idx >= 0)
- pgp_data = 1;
- }
-
- if (feof (in) || !pgp_data)
- {
- return CDK_Armor_Error; /* no data found */
- }
-
- /* Parse header until the empty line is reached */
- while (!feof (in))
- {
- s = fgets (buf, DIM (buf) - 1, in);
- if (!s)
- return CDK_EOF;
- if (strcmp (s, LF) == 0 || strcmp (s, ALTLF) == 0)
- {
- rc = 0;
- break; /* empty line */
- }
- /* From RFC2440: OpenPGP should consider improperly formatted Armor
- Headers to be corruption of the ASCII Armor. A colon and a single
- space separate the key and value. */
- if (!strstr (buf, ": "))
- {
- gnutls_assert ();
- return CDK_Armor_Error;
- }
- rc = CDK_General_Error;
- for (i = 0; (s = valid_headers[i]); i++)
- {
- if (!strncmp (s, buf, strlen (s)))
- rc = 0;
- }
- if (rc)
- {
- /* From RFC2440: Unknown keys should be reported to the user,
- but OpenPGP should continue to process the message. */
- _cdk_log_info ("unknown header: `%s'\n", buf);
- rc = 0;
- }
- }
-
- /* Read the data body */
- while (!feof (in))
- {
- s = fgets (buf, DIM (buf) - 1, in);
- if (!s)
- break;
-
- len = strlen(buf);
-
- if (len > 0 && buf[len - 1] == '\n')
- {
- len--;
- buf[len] = '\0';
- }
- if (len > 0 && buf[len - 1] == '\r')
- {
- len--;
- buf[len] = '\0';
- }
- if (buf[0] == '=' && strlen (s) == 5)
- { /* CRC */
- memset (crcbuf, 0, sizeof (crcbuf));
- crcbuf_size = sizeof(crcbuf);
- base64_decode (buf + 1, len-1, (char*)crcbuf, &crcbuf_size);
- crc2 = (crcbuf[0] << 16) | (crcbuf[1] << 8) | crcbuf[2];
- break; /* stop here */
- }
- else
- {
- raw_size = sizeof(raw);
- nread = base64_decode (buf, len, (char*)raw, &raw_size);
- if (nread == 0)
- break;
- afx->crc = update_crc (afx->crc, raw, raw_size);
- fwrite (raw, 1, raw_size, out);
- }
- }
-
- /* Search the tail of the message */
- s = fgets (buf, DIM (buf) - 1, in);
- if (s)
- {
- int len = strlen(buf);
- if (buf[len - 1] == '\n')
- {
- len--;
- buf[len] = '\0';
- }
- if (buf[len - 1] == '\r')
- {
- len--;
- buf[len] = '\0';
- }
- rc = CDK_General_Error;
- afx->idx2 = search_header (buf, armor_end);
- if (afx->idx2 >= 0)
- rc = 0;
- }
-
- /* This catches error when no tail was found or the header is
- different then the tail line. */
- if (rc || afx->idx != afx->idx2)
- rc = CDK_Armor_Error;
-
- afx->crc_okay = (afx->crc == crc2) ? 1 : 0;
- if (!afx->crc_okay && !rc)
- {
- _gnutls_buffers_log ("file crc=%08X afx_crc=%08X\n",
- (unsigned int) crc2, (unsigned int) afx->crc);
- rc = CDK_Armor_CRC_Error;
- }
-
- return rc;
+ armor_filter_t *afx = data;
+ const char *s;
+ char buf[127];
+ byte raw[128], crcbuf[4];
+ u32 crc2 = 0;
+ ssize_t nread = 0;
+ int i, pgp_data = 0;
+ cdk_error_t rc = 0;
+ int len;
+ size_t raw_size, crcbuf_size;
+
+ if (!afx) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ _gnutls_buffers_log("armor filter: decode\n");
+
+ fseek(in, 0, SEEK_SET);
+ /* Search the begin of the message */
+ while (!feof(in) && !pgp_data) {
+ s = fgets(buf, DIM(buf) - 1, in);
+ if (!s)
+ break;
+ afx->idx = search_header(buf, armor_begin);
+ if (afx->idx >= 0)
+ pgp_data = 1;
+ }
+
+ if (feof(in) || !pgp_data) {
+ return CDK_Armor_Error; /* no data found */
+ }
+
+ /* Parse header until the empty line is reached */
+ while (!feof(in)) {
+ s = fgets(buf, DIM(buf) - 1, in);
+ if (!s)
+ return CDK_EOF;
+ if (strcmp(s, LF) == 0 || strcmp(s, ALTLF) == 0) {
+ rc = 0;
+ break; /* empty line */
+ }
+ /* From RFC2440: OpenPGP should consider improperly formatted Armor
+ Headers to be corruption of the ASCII Armor. A colon and a single
+ space separate the key and value. */
+ if (!strstr(buf, ": ")) {
+ gnutls_assert();
+ return CDK_Armor_Error;
+ }
+ rc = CDK_General_Error;
+ for (i = 0; (s = valid_headers[i]); i++) {
+ if (!strncmp(s, buf, strlen(s)))
+ rc = 0;
+ }
+ if (rc) {
+ /* From RFC2440: Unknown keys should be reported to the user,
+ but OpenPGP should continue to process the message. */
+ _cdk_log_info("unknown header: `%s'\n", buf);
+ rc = 0;
+ }
+ }
+
+ /* Read the data body */
+ while (!feof(in)) {
+ s = fgets(buf, DIM(buf) - 1, in);
+ if (!s)
+ break;
+
+ len = strlen(buf);
+
+ if (len > 0 && buf[len - 1] == '\n') {
+ len--;
+ buf[len] = '\0';
+ }
+ if (len > 0 && buf[len - 1] == '\r') {
+ len--;
+ buf[len] = '\0';
+ }
+ if (buf[0] == '=' && strlen(s) == 5) { /* CRC */
+ memset(crcbuf, 0, sizeof(crcbuf));
+ crcbuf_size = sizeof(crcbuf);
+ base64_decode(buf + 1, len - 1, (char *) crcbuf,
+ &crcbuf_size);
+ crc2 =
+ (crcbuf[0] << 16) | (crcbuf[1] << 8) |
+ crcbuf[2];
+ break; /* stop here */
+ } else {
+ raw_size = sizeof(raw);
+ nread =
+ base64_decode(buf, len, (char *) raw,
+ &raw_size);
+ if (nread == 0)
+ break;
+ afx->crc = update_crc(afx->crc, raw, raw_size);
+ fwrite(raw, 1, raw_size, out);
+ }
+ }
+
+ /* Search the tail of the message */
+ s = fgets(buf, DIM(buf) - 1, in);
+ if (s) {
+ int len = strlen(buf);
+ if (buf[len - 1] == '\n') {
+ len--;
+ buf[len] = '\0';
+ }
+ if (buf[len - 1] == '\r') {
+ len--;
+ buf[len] = '\0';
+ }
+ rc = CDK_General_Error;
+ afx->idx2 = search_header(buf, armor_end);
+ if (afx->idx2 >= 0)
+ rc = 0;
+ }
+
+ /* This catches error when no tail was found or the header is
+ different then the tail line. */
+ if (rc || afx->idx != afx->idx2)
+ rc = CDK_Armor_Error;
+
+ afx->crc_okay = (afx->crc == crc2) ? 1 : 0;
+ if (!afx->crc_okay && !rc) {
+ _gnutls_buffers_log("file crc=%08X afx_crc=%08X\n",
+ (unsigned int) crc2,
+ (unsigned int) afx->crc);
+ rc = CDK_Armor_CRC_Error;
+ }
+
+ return rc;
}
-int
-_cdk_filter_armor (void *data, int ctl, FILE * in, FILE * out)
+int _cdk_filter_armor(void *data, int ctl, FILE * in, FILE * out)
{
- if (ctl == STREAMCTL_READ)
- return armor_decode (data, in, out);
- else if (ctl == STREAMCTL_WRITE)
- return armor_encode (data, in, out);
- else if (ctl == STREAMCTL_FREE)
- {
- armor_filter_t *afx = data;
- if (afx)
- {
- _gnutls_buffers_log ("free armor filter\n");
- afx->idx = afx->idx2 = 0;
- afx->crc = afx->crc_okay = 0;
- return 0;
- }
- }
-
- gnutls_assert ();
- return CDK_Inv_Mode;
+ if (ctl == STREAMCTL_READ)
+ return armor_decode(data, in, out);
+ else if (ctl == STREAMCTL_WRITE)
+ return armor_encode(data, in, out);
+ else if (ctl == STREAMCTL_FREE) {
+ armor_filter_t *afx = data;
+ if (afx) {
+ _gnutls_buffers_log("free armor filter\n");
+ afx->idx = afx->idx2 = 0;
+ afx->crc = afx->crc_okay = 0;
+ return 0;
+ }
+ }
+
+ gnutls_assert();
+ return CDK_Inv_Mode;
}
@@ -485,90 +493,83 @@ _cdk_filter_armor (void *data, int ctl, FILE * in, FILE * out)
* not be contained in the size.
**/
cdk_error_t
-cdk_armor_encode_buffer (const byte * inbuf, size_t inlen,
- char *outbuf, size_t outlen,
- size_t * nwritten, int type)
+cdk_armor_encode_buffer(const byte * inbuf, size_t inlen,
+ char *outbuf, size_t outlen,
+ size_t * nwritten, int type)
{
- const char *head, *tail, *le;
- char tempbuf[48];
- char tempout[128];
- size_t pos, off, len, rest;
-
- if (!inbuf || !nwritten)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (type > CDK_ARMOR_SIGNATURE)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- head = armor_begin[type];
- tail = armor_end[type];
- le = LF;
- pos = strlen (head) + 10 + 2 + 2 + strlen (tail) + 10 + 2 + 5 + 2 + 1;
- /* The output data is 4/3 times larger, plus a line end for each line. */
- pos += (4 * inlen / 3) + 2 * (4 * inlen / 3 / 64) + 1;
-
- if (outbuf && outlen < pos)
- {
- gnutls_assert ();
- *nwritten = pos;
- return CDK_Too_Short;
- }
-
- /* Only return the size of the output. */
- if (!outbuf)
- {
- *nwritten = pos;
- return 0;
- }
-
- memset (outbuf, 0, outlen);
- memcpy (outbuf, "-----", 5);
- pos = 5;
- memcpy (outbuf + pos, head, strlen (head));
- pos += strlen (head);
- memcpy (outbuf + pos, "-----", 5);
- pos += 5;
- memcpy (outbuf + pos, le, strlen (le));
- pos += strlen (le);
- memcpy (outbuf + pos, le, strlen (le));
- pos += strlen (le);
- rest = inlen;
- for (off = 0; off < inlen;)
- {
- if (rest > 48)
- {
- memcpy (tempbuf, inbuf + off, 48);
- off += 48;
- len = 48;
- }
- else
- {
- memcpy (tempbuf, inbuf + off, rest);
- off += rest;
- len = rest;
- }
- rest -= len;
- base64_encode (tempbuf, len, tempout, DIM (tempout) - 1);
- memcpy (outbuf + pos, tempout, strlen (tempout));
- pos += strlen (tempout);
- memcpy (outbuf + pos, le, strlen (le));
- pos += strlen (le);
- }
-
- memcpy (outbuf + pos, "-----", 5);
- pos += 5;
- memcpy (outbuf + pos, tail, strlen (tail));
- pos += strlen (tail);
- memcpy (outbuf + pos, "-----", 5);
- pos += 5;
- memcpy (outbuf + pos, le, strlen (le));
- pos += strlen (le);
- outbuf[pos] = 0;
- *nwritten = pos - 1;
- return 0;
+ const char *head, *tail, *le;
+ char tempbuf[48];
+ char tempout[128];
+ size_t pos, off, len, rest;
+
+ if (!inbuf || !nwritten) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (type > CDK_ARMOR_SIGNATURE) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ head = armor_begin[type];
+ tail = armor_end[type];
+ le = LF;
+ pos =
+ strlen(head) + 10 + 2 + 2 + strlen(tail) + 10 + 2 + 5 + 2 + 1;
+ /* The output data is 4/3 times larger, plus a line end for each line. */
+ pos += (4 * inlen / 3) + 2 * (4 * inlen / 3 / 64) + 1;
+
+ if (outbuf && outlen < pos) {
+ gnutls_assert();
+ *nwritten = pos;
+ return CDK_Too_Short;
+ }
+
+ /* Only return the size of the output. */
+ if (!outbuf) {
+ *nwritten = pos;
+ return 0;
+ }
+
+ memset(outbuf, 0, outlen);
+ memcpy(outbuf, "-----", 5);
+ pos = 5;
+ memcpy(outbuf + pos, head, strlen(head));
+ pos += strlen(head);
+ memcpy(outbuf + pos, "-----", 5);
+ pos += 5;
+ memcpy(outbuf + pos, le, strlen(le));
+ pos += strlen(le);
+ memcpy(outbuf + pos, le, strlen(le));
+ pos += strlen(le);
+ rest = inlen;
+ for (off = 0; off < inlen;) {
+ if (rest > 48) {
+ memcpy(tempbuf, inbuf + off, 48);
+ off += 48;
+ len = 48;
+ } else {
+ memcpy(tempbuf, inbuf + off, rest);
+ off += rest;
+ len = rest;
+ }
+ rest -= len;
+ base64_encode(tempbuf, len, tempout, DIM(tempout) - 1);
+ memcpy(outbuf + pos, tempout, strlen(tempout));
+ pos += strlen(tempout);
+ memcpy(outbuf + pos, le, strlen(le));
+ pos += strlen(le);
+ }
+
+ memcpy(outbuf + pos, "-----", 5);
+ pos += 5;
+ memcpy(outbuf + pos, tail, strlen(tail));
+ pos += strlen(tail);
+ memcpy(outbuf + pos, "-----", 5);
+ pos += 5;
+ memcpy(outbuf + pos, le, strlen(le));
+ pos += strlen(le);
+ outbuf[pos] = 0;
+ *nwritten = pos - 1;
+ return 0;
}
diff --git a/lib/opencdk/context.h b/lib/opencdk/context.h
index e0b747cfe4..ba17d24d29 100644
--- a/lib/opencdk/context.h
+++ b/lib/opencdk/context.h
@@ -25,115 +25,99 @@
#include "types.h"
-struct cdk_listkey_s
-{
- unsigned init:1;
- cdk_stream_t inp;
- cdk_keydb_hd_t db;
- int type;
- union
- {
- char *patt;
- cdk_strlist_t fpatt;
- } u;
- cdk_strlist_t t;
+struct cdk_listkey_s {
+ unsigned init:1;
+ cdk_stream_t inp;
+ cdk_keydb_hd_t db;
+ int type;
+ union {
+ char *patt;
+ cdk_strlist_t fpatt;
+ } u;
+ cdk_strlist_t t;
};
-struct cdk_s2k_s
-{
- int mode;
- byte hash_algo;
- byte salt[8];
- u32 count;
+struct cdk_s2k_s {
+ int mode;
+ byte hash_algo;
+ byte salt[8];
+ u32 count;
};
-struct cdk_ctx_s
-{
- int cipher_algo;
- int digest_algo;
- struct
- {
- int algo;
- int level;
- } compress;
- struct
- {
- int mode;
- int digest_algo;
- } _s2k;
- struct
- {
- unsigned blockmode:1;
- unsigned armor:1;
- unsigned textmode:1;
- unsigned compress:1;
- unsigned mdc:1;
- unsigned overwrite;
- unsigned force_digest:1;
- } opt;
- struct
- {
- cdk_pkt_seckey_t sk;
- unsigned on:1;
- } cache;
- struct
- {
- cdk_keydb_hd_t sec;
- cdk_keydb_hd_t pub;
- unsigned int close_db:1;
- } db;
- char *(*passphrase_cb) (void *uint8_t, const char *prompt);
- void *passphrase_cb_value;
+struct cdk_ctx_s {
+ int cipher_algo;
+ int digest_algo;
+ struct {
+ int algo;
+ int level;
+ } compress;
+ struct {
+ int mode;
+ int digest_algo;
+ } _s2k;
+ struct {
+ unsigned blockmode:1;
+ unsigned armor:1;
+ unsigned textmode:1;
+ unsigned compress:1;
+ unsigned mdc:1;
+ unsigned overwrite;
+ unsigned force_digest:1;
+ } opt;
+ struct {
+ cdk_pkt_seckey_t sk;
+ unsigned on:1;
+ } cache;
+ struct {
+ cdk_keydb_hd_t sec;
+ cdk_keydb_hd_t pub;
+ unsigned int close_db:1;
+ } db;
+ char *(*passphrase_cb) (void *uint8_t, const char *prompt);
+ void *passphrase_cb_value;
};
-struct cdk_prefitem_s
-{
- byte type;
- byte value;
+struct cdk_prefitem_s {
+ byte type;
+ byte value;
};
-struct cdk_desig_revoker_s
-{
- struct cdk_desig_revoker_s *next;
- byte r_class;
- byte algid;
- byte fpr[KEY_FPR_LEN];
+struct cdk_desig_revoker_s {
+ struct cdk_desig_revoker_s *next;
+ byte r_class;
+ byte algid;
+ byte fpr[KEY_FPR_LEN];
};
-struct cdk_subpkt_s
-{
- struct cdk_subpkt_s *next;
- u32 size;
- byte type;
- byte *d;
+struct cdk_subpkt_s {
+ struct cdk_subpkt_s *next;
+ u32 size;
+ byte type;
+ byte *d;
};
-struct cdk_keylist_s
-{
- struct cdk_keylist_s *next;
- union
- {
- cdk_pkt_pubkey_t pk;
- cdk_pkt_seckey_t sk;
- } key;
- int version;
- int type;
+struct cdk_keylist_s {
+ struct cdk_keylist_s *next;
+ union {
+ cdk_pkt_pubkey_t pk;
+ cdk_pkt_seckey_t sk;
+ } key;
+ int version;
+ int type;
};
-struct cdk_dek_s
-{
- int algo;
- int keylen;
- int use_mdc;
- byte key[32]; /* 256-bit */
+struct cdk_dek_s {
+ int algo;
+ int keylen;
+ int use_mdc;
+ byte key[32]; /* 256-bit */
};
-struct cdk_strlist_s
-{
- struct cdk_strlist_s *next;
- char *d;
+struct cdk_strlist_s {
+ struct cdk_strlist_s *next;
+ char *d;
};
-#endif /* CDK_CONTEXT_H */
+#endif /* CDK_CONTEXT_H */
diff --git a/lib/opencdk/filters.h b/lib/opencdk/filters.h
index 4a26f7a85c..e5a96d54ad 100644
--- a/lib/opencdk/filters.h
+++ b/lib/opencdk/filters.h
@@ -23,87 +23,80 @@
#ifndef CDK_FILTERS_H
#define CDK_FILTERS_H
-enum
-{
- STREAMCTL_READ = 0,
- STREAMCTL_WRITE = 1,
- STREAMCTL_FREE = 2
+enum {
+ STREAMCTL_READ = 0,
+ STREAMCTL_WRITE = 1,
+ STREAMCTL_FREE = 2
};
-typedef struct
-{
- cipher_hd_st hd;
- digest_hd_st mdc;
- int mdc_method;
- u32 datalen;
- struct
- {
- size_t on;
- off_t size;
- off_t nleft;
- } blkmode;
- cdk_stream_t s;
+typedef struct {
+ cipher_hd_st hd;
+ digest_hd_st mdc;
+ int mdc_method;
+ u32 datalen;
+ struct {
+ size_t on;
+ off_t size;
+ off_t nleft;
+ } blkmode;
+ cdk_stream_t s;
} cipher_filter_t;
-typedef struct
-{
- int digest_algo;
- digest_hd_st md;
- int md_initialized;
+typedef struct {
+ int digest_algo;
+ digest_hd_st md;
+ int md_initialized;
} md_filter_t;
-typedef struct
-{
- const char *le; /* line endings */
- const char *hdrlines;
- u32 crc;
- int crc_okay;
- int idx, idx2;
+typedef struct {
+ const char *le; /* line endings */
+ const char *hdrlines;
+ u32 crc;
+ int crc_okay;
+ int idx, idx2;
} armor_filter_t;
-typedef struct
-{
- cdk_lit_format_t mode;
- char *orig_filename; /* This original name of the input file. */
- char *filename;
- digest_hd_st md;
- int md_initialized;
- struct
- {
- size_t on;
- off_t size;
- } blkmode;
+typedef struct {
+ cdk_lit_format_t mode;
+ char *orig_filename; /* This original name of the input file. */
+ char *filename;
+ digest_hd_st md;
+ int md_initialized;
+ struct {
+ size_t on;
+ off_t size;
+ } blkmode;
} literal_filter_t;
-typedef struct
-{
- size_t inbufsize;
- byte inbuf[8192];
- size_t outbufsize;
- byte outbuf[8192];
- int algo; /* compress algo */
- int level;
+typedef struct {
+ size_t inbufsize;
+ byte inbuf[8192];
+ size_t outbufsize;
+ byte outbuf[8192];
+ int algo; /* compress algo */
+ int level;
} compress_filter_t;
-typedef struct
-{
- const char *lf;
+typedef struct {
+ const char *lf;
} text_filter_t;
/*-- armor.c -*/
-int _cdk_filter_armor (void *uint8_t, int ctl, FILE * in, FILE * out);
+int _cdk_filter_armor(void *uint8_t, int ctl, FILE * in, FILE * out);
/*-- cipher.c --*/
-cdk_error_t _cdk_filter_hash (void *uint8_t, int ctl, FILE * in, FILE * out);
-cdk_error_t _cdk_filter_cipher (void *uint8_t, int ctl, FILE * in, FILE * out);
+cdk_error_t _cdk_filter_hash(void *uint8_t, int ctl, FILE * in,
+ FILE * out);
+cdk_error_t _cdk_filter_cipher(void *uint8_t, int ctl, FILE * in,
+ FILE * out);
/*-- literal.c --*/
-int _cdk_filter_literal (void *uint8_t, int ctl, FILE * in, FILE * out);
-int _cdk_filter_text (void *uint8_t, int ctl, FILE * in, FILE * out);
+int _cdk_filter_literal(void *uint8_t, int ctl, FILE * in, FILE * out);
+int _cdk_filter_text(void *uint8_t, int ctl, FILE * in, FILE * out);
/*-- compress.c --*/
-cdk_error_t _cdk_filter_compress (void *uint8_t, int ctl,
- FILE * in, FILE * out);
+cdk_error_t _cdk_filter_compress(void *uint8_t, int ctl,
+ FILE * in, FILE * out);
-#endif /* CDK_FILTERS_H */
+#endif /* CDK_FILTERS_H */
diff --git a/lib/opencdk/kbnode.c b/lib/opencdk/kbnode.c
index 2b6f8bd20a..b09c64a804 100644
--- a/lib/opencdk/kbnode.c
+++ b/lib/opencdk/kbnode.c
@@ -38,26 +38,24 @@
*
* Allocates a new key node and adds a packet.
**/
-cdk_kbnode_t
-cdk_kbnode_new (cdk_packet_t pkt)
+cdk_kbnode_t cdk_kbnode_new(cdk_packet_t pkt)
{
- cdk_kbnode_t n;
+ cdk_kbnode_t n;
- n = cdk_calloc (1, sizeof *n);
- if (!n)
- return NULL;
- n->pkt = pkt;
- return n;
+ n = cdk_calloc(1, sizeof *n);
+ if (!n)
+ return NULL;
+ n->pkt = pkt;
+ return n;
}
-void
-_cdk_kbnode_clone (cdk_kbnode_t node)
+void _cdk_kbnode_clone(cdk_kbnode_t node)
{
- /* Mark the node as clone which means that the packet
- will not be freed, just the node itself. */
- if (node)
- node->is_cloned = 1;
+ /* Mark the node as clone which means that the packet
+ will not be freed, just the node itself. */
+ if (node)
+ node->is_cloned = 1;
}
@@ -67,19 +65,17 @@ _cdk_kbnode_clone (cdk_kbnode_t node)
*
* Releases the memory of the node.
**/
-void
-cdk_kbnode_release (cdk_kbnode_t node)
+void cdk_kbnode_release(cdk_kbnode_t node)
{
- cdk_kbnode_t n2;
-
- while (node)
- {
- n2 = node->next;
- if (!node->is_cloned)
- cdk_pkt_release (node->pkt);
- cdk_free (node);
- node = n2;
- }
+ cdk_kbnode_t n2;
+
+ while (node) {
+ n2 = node->next;
+ if (!node->is_cloned)
+ cdk_pkt_release(node->pkt);
+ cdk_free(node);
+ node = n2;
+ }
}
@@ -89,23 +85,20 @@ cdk_kbnode_release (cdk_kbnode_t node)
*
* Marks the given node as deleted.
**/
-void
-cdk_kbnode_delete (cdk_kbnode_t node)
+void cdk_kbnode_delete(cdk_kbnode_t node)
{
- if (node)
- node->is_deleted = 1;
+ if (node)
+ node->is_deleted = 1;
}
/* Append NODE to ROOT. ROOT must exist! */
-void
-_cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node)
+void _cdk_kbnode_add(cdk_kbnode_t root, cdk_kbnode_t node)
{
- cdk_kbnode_t n1;
+ cdk_kbnode_t n1;
- for (n1 = root; n1->next; n1 = n1->next)
- ;
- n1->next = node;
+ for (n1 = root; n1->next; n1 = n1->next);
+ n1->next = node;
}
@@ -119,29 +112,25 @@ _cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node)
* type @pkttype (only if @pkttype != 0).
**/
void
-cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype)
+cdk_kbnode_insert(cdk_kbnode_t root, cdk_kbnode_t node,
+ cdk_packet_type_t pkttype)
{
- if (!pkttype)
- {
- node->next = root->next;
- root->next = node;
- }
- else
- {
- cdk_kbnode_t n1;
-
- for (n1 = root; n1->next; n1 = n1->next)
- if (pkttype != n1->next->pkt->pkttype)
- {
- node->next = n1->next;
- n1->next = node;
- return;
- }
- /* No such packet, append */
- node->next = NULL;
- n1->next = node;
- }
+ if (!pkttype) {
+ node->next = root->next;
+ root->next = node;
+ } else {
+ cdk_kbnode_t n1;
+
+ for (n1 = root; n1->next; n1 = n1->next)
+ if (pkttype != n1->next->pkt->pkttype) {
+ node->next = n1->next;
+ n1->next = node;
+ return;
+ }
+ /* No such packet, append */
+ node->next = NULL;
+ n1->next = node;
+ }
}
@@ -155,17 +144,16 @@ cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
* with pkttype @pkttype in the list starting with @root of @node.
**/
cdk_kbnode_t
-cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype)
+cdk_kbnode_find_prev(cdk_kbnode_t root, cdk_kbnode_t node,
+ cdk_packet_type_t pkttype)
{
- cdk_kbnode_t n1;
-
- for (n1 = NULL; root && root != node; root = root->next)
- {
- if (!pkttype || root->pkt->pkttype == pkttype)
- n1 = root;
- }
- return n1;
+ cdk_kbnode_t n1;
+
+ for (n1 = NULL; root && root != node; root = root->next) {
+ if (!pkttype || root->pkt->pkttype == pkttype)
+ n1 = root;
+ }
+ return n1;
}
@@ -182,25 +170,24 @@ cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
* a user-id.
**/
cdk_kbnode_t
-cdk_kbnode_find_next (cdk_kbnode_t node, cdk_packet_type_t pkttype)
+cdk_kbnode_find_next(cdk_kbnode_t node, cdk_packet_type_t pkttype)
{
- for (node = node->next; node; node = node->next)
- {
- if (!pkttype)
- return node;
- else if (pkttype == CDK_PKT_USER_ID &&
- (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY))
- return NULL;
- else if (pkttype == CDK_PKT_SIGNATURE &&
- (node->pkt->pkttype == CDK_PKT_USER_ID ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY))
- return NULL;
- else if (node->pkt->pkttype == pkttype)
- return node;
- }
- return NULL;
+ for (node = node->next; node; node = node->next) {
+ if (!pkttype)
+ return node;
+ else if (pkttype == CDK_PKT_USER_ID &&
+ (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY))
+ return NULL;
+ else if (pkttype == CDK_PKT_SIGNATURE &&
+ (node->pkt->pkttype == CDK_PKT_USER_ID ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY))
+ return NULL;
+ else if (node->pkt->pkttype == pkttype)
+ return node;
+ }
+ return NULL;
}
@@ -211,15 +198,13 @@ cdk_kbnode_find_next (cdk_kbnode_t node, cdk_packet_type_t pkttype)
*
* Tries to find the next node with the packettype @pkttype.
**/
-cdk_kbnode_t
-cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype)
+cdk_kbnode_t cdk_kbnode_find(cdk_kbnode_t node, cdk_packet_type_t pkttype)
{
- for (; node; node = node->next)
- {
- if (node->pkt->pkttype == pkttype)
- return node;
- }
- return NULL;
+ for (; node; node = node->next) {
+ if (node->pkt->pkttype == pkttype)
+ return node;
+ }
+ return NULL;
}
@@ -231,12 +216,12 @@ cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype)
* Same as cdk_kbnode_find but it returns the packet instead of the node.
**/
cdk_packet_t
-cdk_kbnode_find_packet (cdk_kbnode_t node, cdk_packet_type_t pkttype)
+cdk_kbnode_find_packet(cdk_kbnode_t node, cdk_packet_type_t pkttype)
{
- cdk_kbnode_t res;
+ cdk_kbnode_t res;
- res = cdk_kbnode_find (node, pkttype);
- return res ? res->pkt : NULL;
+ res = cdk_kbnode_find(node, pkttype);
+ return res ? res->pkt : NULL;
}
@@ -249,25 +234,21 @@ cdk_kbnode_find_packet (cdk_kbnode_t node, cdk_packet_type_t pkttype)
* to start with ROOT).
*/
cdk_kbnode_t
-cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx, int all)
+cdk_kbnode_walk(cdk_kbnode_t root, cdk_kbnode_t * ctx, int all)
{
- cdk_kbnode_t n;
-
- do
- {
- if (!*ctx)
- {
- *ctx = root;
- n = root;
- }
- else
- {
- n = (*ctx)->next;
- *ctx = n;
- }
- }
- while (!all && n && n->is_deleted);
- return n;
+ cdk_kbnode_t n;
+
+ do {
+ if (!*ctx) {
+ *ctx = root;
+ n = root;
+ } else {
+ n = (*ctx)->next;
+ *ctx = n;
+ }
+ }
+ while (!all && n && n->is_deleted);
+ return n;
}
@@ -281,29 +262,25 @@ cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx, int all)
*
* Returns: true if any node has been changed
*/
-int
-cdk_kbnode_commit (cdk_kbnode_t * root)
+int cdk_kbnode_commit(cdk_kbnode_t * root)
{
- cdk_kbnode_t n, nl;
- int changed = 0;
-
- for (n = *root, nl = NULL; n; n = nl->next)
- {
- if (n->is_deleted)
- {
- if (n == *root)
- *root = nl = n->next;
- else
- nl->next = n->next;
- if (!n->is_cloned)
- cdk_pkt_release (n->pkt);
- cdk_free (n);
- changed = 1;
- }
- else
- nl = n;
- }
- return changed;
+ cdk_kbnode_t n, nl;
+ int changed = 0;
+
+ for (n = *root, nl = NULL; n; n = nl->next) {
+ if (n->is_deleted) {
+ if (n == *root)
+ *root = nl = n->next;
+ else
+ nl->next = n->next;
+ if (!n->is_cloned)
+ cdk_pkt_release(n->pkt);
+ cdk_free(n);
+ changed = 1;
+ } else
+ nl = n;
+ }
+ return changed;
}
@@ -314,26 +291,22 @@ cdk_kbnode_commit (cdk_kbnode_t * root)
*
* Removes a node from the root node.
*/
-void
-cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node)
+void cdk_kbnode_remove(cdk_kbnode_t * root, cdk_kbnode_t node)
{
- cdk_kbnode_t n, nl;
-
- for (n = *root, nl = NULL; n; n = nl->next)
- {
- if (n == node)
- {
- if (n == *root)
- *root = nl = n->next;
- else
- nl->next = n->next;
- if (!n->is_cloned)
- cdk_pkt_release (n->pkt);
- cdk_free (n);
- }
- else
- nl = n;
- }
+ cdk_kbnode_t n, nl;
+
+ for (n = *root, nl = NULL; n; n = nl->next) {
+ if (n == node) {
+ if (n == *root)
+ *root = nl = n->next;
+ else
+ nl->next = n->next;
+ if (!n->is_cloned)
+ cdk_pkt_release(n->pkt);
+ cdk_free(n);
+ } else
+ nl = n;
+ }
}
@@ -347,32 +320,30 @@ cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node)
* Moves NODE behind right after WHERE or to the beginning if WHERE is NULL.
*/
void
-cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node, cdk_kbnode_t where)
+cdk_kbnode_move(cdk_kbnode_t * root, cdk_kbnode_t node, cdk_kbnode_t where)
{
- cdk_kbnode_t tmp, prev;
-
- if (!root || !*root || !node)
- return;
- for (prev = *root; prev && prev->next != node; prev = prev->next)
- ;
- if (!prev)
- return; /* Node is not in the list */
-
- if (!where)
- { /* Move node before root */
- if (node == *root)
- return;
- prev->next = node->next;
- node->next = *root;
- *root = node;
- return;
- }
- if (node == where) /* Move it after where. */
- return;
- tmp = node->next;
- node->next = where->next;
- where->next = node;
- prev->next = tmp;
+ cdk_kbnode_t tmp, prev;
+
+ if (!root || !*root || !node)
+ return;
+ for (prev = *root; prev && prev->next != node; prev = prev->next);
+ if (!prev)
+ return; /* Node is not in the list */
+
+ if (!where) { /* Move node before root */
+ if (node == *root)
+ return;
+ prev->next = node->next;
+ node->next = *root;
+ *root = node;
+ return;
+ }
+ if (node == where) /* Move it after where. */
+ return;
+ tmp = node->next;
+ node->next = where->next;
+ where->next = node;
+ prev->next = tmp;
}
@@ -384,12 +355,11 @@ cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node, cdk_kbnode_t where)
*
* Returns: the packet which is stored inside the node in @node.
**/
-cdk_packet_t
-cdk_kbnode_get_packet (cdk_kbnode_t node)
+cdk_packet_t cdk_kbnode_get_packet(cdk_kbnode_t node)
{
- if (node)
- return node->pkt;
- return NULL;
+ if (node)
+ return node->pkt;
+ return NULL;
}
@@ -403,32 +373,31 @@ cdk_kbnode_get_packet (cdk_kbnode_t node)
* Tries to read a key node from the memory buffer @buf.
**/
cdk_error_t
-cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
- int armor,
- const byte * buf, size_t buflen)
+cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node,
+ int armor, const byte * buf, size_t buflen)
{
- cdk_stream_t inp;
- cdk_error_t rc;
-
- if (!ret_node || !buf)
- return CDK_Inv_Value;
-
- *ret_node = NULL;
- if (!buflen)
- return gnutls_assert_val(CDK_Too_Short);
-
- rc = cdk_stream_tmp_from_mem (buf, buflen, &inp);
- if (rc)
- return gnutls_assert_val(rc);
-
- if (armor)
- cdk_stream_set_armor_flag (inp, 0);
-
- rc = cdk_keydb_get_keyblock (inp, ret_node);
- if (rc)
- gnutls_assert ();
- cdk_stream_close (inp);
- return rc;
+ cdk_stream_t inp;
+ cdk_error_t rc;
+
+ if (!ret_node || !buf)
+ return CDK_Inv_Value;
+
+ *ret_node = NULL;
+ if (!buflen)
+ return gnutls_assert_val(CDK_Too_Short);
+
+ rc = cdk_stream_tmp_from_mem(buf, buflen, &inp);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ if (armor)
+ cdk_stream_set_armor_flag(inp, 0);
+
+ rc = cdk_keydb_get_keyblock(inp, ret_node);
+ if (rc)
+ gnutls_assert();
+ cdk_stream_close(inp);
+ return rc;
}
@@ -442,56 +411,52 @@ cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
* it allocates the buffer to avoid the lengthy second run.
*/
cdk_error_t
-cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
- byte ** r_buf, size_t * r_buflen)
+cdk_kbnode_write_to_mem_alloc(cdk_kbnode_t node,
+ byte ** r_buf, size_t * r_buflen)
{
- cdk_kbnode_t n;
- cdk_stream_t s;
- cdk_error_t rc;
- size_t len;
-
- if (!node || !r_buf || !r_buflen)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- *r_buf = NULL;
- *r_buflen = 0;
-
- rc = cdk_stream_tmp_new (&s);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- for (n = node; n; n = n->next)
- {
- /* Skip all packets which cannot occur in a key composition. */
- if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
- n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SIGNATURE &&
- n->pkt->pkttype != CDK_PKT_USER_ID &&
- n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
- continue;
- rc = cdk_pkt_write (s, n->pkt);
- if (rc)
- {
- cdk_stream_close (s);
- gnutls_assert ();
- return rc;
- }
- }
-
- cdk_stream_seek (s, 0);
- len = cdk_stream_get_length (s);
- *r_buf = cdk_calloc (1, len);
- *r_buflen = cdk_stream_read (s, *r_buf, len);
- cdk_stream_close (s);
- return 0;
+ cdk_kbnode_t n;
+ cdk_stream_t s;
+ cdk_error_t rc;
+ size_t len;
+
+ if (!node || !r_buf || !r_buflen) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ *r_buf = NULL;
+ *r_buflen = 0;
+
+ rc = cdk_stream_tmp_new(&s);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ for (n = node; n; n = n->next) {
+ /* Skip all packets which cannot occur in a key composition. */
+ if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
+ n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SIGNATURE &&
+ n->pkt->pkttype != CDK_PKT_USER_ID &&
+ n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
+ continue;
+ rc = cdk_pkt_write(s, n->pkt);
+ if (rc) {
+ cdk_stream_close(s);
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ cdk_stream_seek(s, 0);
+ len = cdk_stream_get_length(s);
+ *r_buf = cdk_calloc(1, len);
+ *r_buflen = cdk_stream_read(s, *r_buf, len);
+ cdk_stream_close(s);
+ return 0;
}
@@ -507,65 +472,59 @@ cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
* Whenever it is possible, the cdk_kbnode_write_to_mem_alloc should be used.
**/
cdk_error_t
-cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf, size_t * r_nbytes)
+cdk_kbnode_write_to_mem(cdk_kbnode_t node, byte * buf, size_t * r_nbytes)
{
- cdk_kbnode_t n;
- cdk_stream_t s;
- cdk_error_t rc;
- size_t len;
-
- if (!node || !r_nbytes)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- rc = cdk_stream_tmp_new (&s);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- for (n = node; n; n = n->next)
- {
- /* Skip all packets which cannot occur in a key composition. */
- if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
- n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
- n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
- n->pkt->pkttype != CDK_PKT_SIGNATURE &&
- n->pkt->pkttype != CDK_PKT_USER_ID &&
- n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
- continue;
- rc = cdk_pkt_write (s, n->pkt);
- if (rc)
- {
- cdk_stream_close (s);
- gnutls_assert ();
- return rc;
- }
- }
-
- cdk_stream_seek (s, 0);
- len = cdk_stream_get_length (s);
- if (!buf)
- {
- *r_nbytes = len; /* Only return the length of the buffer */
- cdk_stream_close (s);
- return 0;
- }
- if (*r_nbytes < len)
- {
- *r_nbytes = len;
- rc = CDK_Too_Short;
- }
- if (!rc)
- *r_nbytes = cdk_stream_read (s, buf, len);
- else
- gnutls_assert ();
- cdk_stream_close (s);
- return rc;
+ cdk_kbnode_t n;
+ cdk_stream_t s;
+ cdk_error_t rc;
+ size_t len;
+
+ if (!node || !r_nbytes) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_stream_tmp_new(&s);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ for (n = node; n; n = n->next) {
+ /* Skip all packets which cannot occur in a key composition. */
+ if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
+ n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SIGNATURE &&
+ n->pkt->pkttype != CDK_PKT_USER_ID &&
+ n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
+ continue;
+ rc = cdk_pkt_write(s, n->pkt);
+ if (rc) {
+ cdk_stream_close(s);
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ cdk_stream_seek(s, 0);
+ len = cdk_stream_get_length(s);
+ if (!buf) {
+ *r_nbytes = len; /* Only return the length of the buffer */
+ cdk_stream_close(s);
+ return 0;
+ }
+ if (*r_nbytes < len) {
+ *r_nbytes = len;
+ rc = CDK_Too_Short;
+ }
+ if (!rc)
+ *r_nbytes = cdk_stream_read(s, buf, len);
+ else
+ gnutls_assert();
+ cdk_stream_close(s);
+ return rc;
}
@@ -583,49 +542,43 @@ cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf, size_t * r_nbytes)
* is extracted from it.
**/
cdk_error_t
-cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, int is_v4,
- cdk_packet_type_t pkttype, int flags)
+cdk_kbnode_hash(cdk_kbnode_t node, digest_hd_st * md, int is_v4,
+ cdk_packet_type_t pkttype, int flags)
{
- cdk_packet_t pkt;
-
- if (!node || !md)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!pkttype)
- {
- pkt = cdk_kbnode_get_packet (node);
- pkttype = pkt->pkttype;
- }
- else
- {
- pkt = cdk_kbnode_find_packet (node, pkttype);
- if (!pkt)
- {
- gnutls_assert ();
- return CDK_Inv_Packet;
- }
- }
-
- switch (pkttype)
- {
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- _cdk_hash_pubkey (pkt->pkt.public_key, md, flags & 1);
- break;
-
- case CDK_PKT_USER_ID:
- _cdk_hash_userid (pkt->pkt.user_id, is_v4, md);
- break;
-
- case CDK_PKT_SIGNATURE:
- _cdk_hash_sig_data (pkt->pkt.signature, md);
- break;
-
- default:
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- return 0;
+ cdk_packet_t pkt;
+
+ if (!node || !md) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!pkttype) {
+ pkt = cdk_kbnode_get_packet(node);
+ pkttype = pkt->pkttype;
+ } else {
+ pkt = cdk_kbnode_find_packet(node, pkttype);
+ if (!pkt) {
+ gnutls_assert();
+ return CDK_Inv_Packet;
+ }
+ }
+
+ switch (pkttype) {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ _cdk_hash_pubkey(pkt->pkt.public_key, md, flags & 1);
+ break;
+
+ case CDK_PKT_USER_ID:
+ _cdk_hash_userid(pkt->pkt.user_id, is_v4, md);
+ break;
+
+ case CDK_PKT_SIGNATURE:
+ _cdk_hash_sig_data(pkt->pkt.signature, md);
+ break;
+
+ default:
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+ return 0;
}
diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c
index fd43982c66..9724e8ad46 100644
--- a/lib/opencdk/keydb.c
+++ b/lib/opencdk/keydb.c
@@ -39,23 +39,23 @@
#define KEYID_CMP(a, b) ((a[0]) == (b[0]) && (a[1]) == (b[1]))
#define KEYDB_CACHE_ENTRIES 8
-static void keydb_cache_free (key_table_t cache);
-static int classify_data (const byte * buf, size_t len);
-static cdk_kbnode_t find_selfsig_node (cdk_kbnode_t key, cdk_pkt_pubkey_t pk);
+static void keydb_cache_free(key_table_t cache);
+static int classify_data(const byte * buf, size_t len);
+static cdk_kbnode_t find_selfsig_node(cdk_kbnode_t key,
+ cdk_pkt_pubkey_t pk);
-static char *
-keydb_idx_mkname (const char *file)
+static char *keydb_idx_mkname(const char *file)
{
- static const char *fmt = "%s.idx";
- char *fname;
- size_t len = strlen (file) + strlen (fmt);
-
- fname = cdk_calloc (1, len + 1);
- if (!fname)
- return NULL;
- if (snprintf (fname, len, fmt, file) <= 0)
- return NULL;
- return fname;
+ static const char *fmt = "%s.idx";
+ char *fname;
+ size_t len = strlen(file) + strlen(fmt);
+
+ fname = cdk_calloc(1, len + 1);
+ if (!fname)
+ return NULL;
+ if (snprintf(fname, len, fmt, file) <= 0)
+ return NULL;
+ return fname;
}
@@ -70,76 +70,71 @@ keydb_idx_mkname (const char *file)
We store the keyid and the fingerprint due to the fact we can't get
the keyid from a v3 fingerprint directly.
*/
-static cdk_error_t
-keydb_idx_build (const char *file)
+static cdk_error_t keydb_idx_build(const char *file)
{
- cdk_packet_t pkt;
- cdk_stream_t inp, out = NULL;
- byte buf[4 + 8 + KEY_FPR_LEN];
- char *idx_name;
- u32 keyid[2];
- cdk_error_t rc;
-
- if (!file)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- rc = cdk_stream_open (file, &inp);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- idx_name = keydb_idx_mkname (file);
- if (!idx_name)
- {
- cdk_stream_close (inp);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- rc = cdk_stream_create (idx_name, &out);
- cdk_free (idx_name);
- if (rc)
- {
- cdk_stream_close (inp);
- gnutls_assert ();
- return rc;
- }
-
- cdk_pkt_new (&pkt);
- while (!cdk_stream_eof (inp))
- {
- off_t pos = cdk_stream_tell (inp);
-
- rc = cdk_pkt_read (inp, pkt);
- if (rc)
- {
- _cdk_log_debug ("index build failed packet off=%lu\n", (unsigned long)pos);
- /* FIXME: The index is incomplete */
- break;
- }
- if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- {
- _cdk_u32tobuf (pos, buf);
- cdk_pk_get_keyid (pkt->pkt.public_key, keyid);
- _cdk_u32tobuf (keyid[0], buf + 4);
- _cdk_u32tobuf (keyid[1], buf + 8);
- cdk_pk_get_fingerprint (pkt->pkt.public_key, buf + 12);
- cdk_stream_write (out, buf, 4 + 8 + KEY_FPR_LEN);
- }
- cdk_pkt_free (pkt);
- }
-
- cdk_pkt_release (pkt);
-
- cdk_stream_close (out);
- cdk_stream_close (inp);
- gnutls_assert ();
- return rc;
+ cdk_packet_t pkt;
+ cdk_stream_t inp, out = NULL;
+ byte buf[4 + 8 + KEY_FPR_LEN];
+ char *idx_name;
+ u32 keyid[2];
+ cdk_error_t rc;
+
+ if (!file) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_stream_open(file, &inp);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ idx_name = keydb_idx_mkname(file);
+ if (!idx_name) {
+ cdk_stream_close(inp);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ rc = cdk_stream_create(idx_name, &out);
+ cdk_free(idx_name);
+ if (rc) {
+ cdk_stream_close(inp);
+ gnutls_assert();
+ return rc;
+ }
+
+ cdk_pkt_new(&pkt);
+ while (!cdk_stream_eof(inp)) {
+ off_t pos = cdk_stream_tell(inp);
+
+ rc = cdk_pkt_read(inp, pkt);
+ if (rc) {
+ _cdk_log_debug
+ ("index build failed packet off=%lu\n",
+ (unsigned long) pos);
+ /* FIXME: The index is incomplete */
+ break;
+ }
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) {
+ _cdk_u32tobuf(pos, buf);
+ cdk_pk_get_keyid(pkt->pkt.public_key, keyid);
+ _cdk_u32tobuf(keyid[0], buf + 4);
+ _cdk_u32tobuf(keyid[1], buf + 8);
+ cdk_pk_get_fingerprint(pkt->pkt.public_key,
+ buf + 12);
+ cdk_stream_write(out, buf, 4 + 8 + KEY_FPR_LEN);
+ }
+ cdk_pkt_free(pkt);
+ }
+
+ cdk_pkt_release(pkt);
+
+ cdk_stream_close(out);
+ cdk_stream_close(inp);
+ gnutls_assert();
+ return rc;
}
@@ -150,127 +145,113 @@ keydb_idx_build (const char *file)
* Rebuild the key index files for the given key database.
**/
cdk_error_t
-cdk_keydb_idx_rebuild (cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
+cdk_keydb_idx_rebuild(cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
{
- struct stat stbuf;
- char *tmp_idx_name;
- cdk_error_t rc;
- int err;
-
- if (!db || !db->name || !dbs)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (db->secret)
- return 0;
-
- tmp_idx_name = keydb_idx_mkname (db->name);
- if (!tmp_idx_name)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- err = stat (tmp_idx_name, &stbuf);
- cdk_free (tmp_idx_name);
- /* This function expects an existing index which can be rebuild,
- if no index exists we do not build one and just return. */
- if (err)
- return 0;
-
- cdk_stream_close (dbs->idx);
- dbs->idx = NULL;
- if (!dbs->idx_name)
- {
- dbs->idx_name = keydb_idx_mkname (db->name);
- if (!dbs->idx_name)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- }
- rc = keydb_idx_build (db->name);
- if (!rc)
- rc = cdk_stream_open (dbs->idx_name, &dbs->idx);
- else
- gnutls_assert ();
- return rc;
+ struct stat stbuf;
+ char *tmp_idx_name;
+ cdk_error_t rc;
+ int err;
+
+ if (!db || !db->name || !dbs) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (db->secret)
+ return 0;
+
+ tmp_idx_name = keydb_idx_mkname(db->name);
+ if (!tmp_idx_name) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ err = stat(tmp_idx_name, &stbuf);
+ cdk_free(tmp_idx_name);
+ /* This function expects an existing index which can be rebuild,
+ if no index exists we do not build one and just return. */
+ if (err)
+ return 0;
+
+ cdk_stream_close(dbs->idx);
+ dbs->idx = NULL;
+ if (!dbs->idx_name) {
+ dbs->idx_name = keydb_idx_mkname(db->name);
+ if (!dbs->idx_name) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ }
+ rc = keydb_idx_build(db->name);
+ if (!rc)
+ rc = cdk_stream_open(dbs->idx_name, &dbs->idx);
+ else
+ gnutls_assert();
+ return rc;
}
-static cdk_error_t
-keydb_idx_parse (cdk_stream_t inp, key_idx_t * r_idx)
+static cdk_error_t keydb_idx_parse(cdk_stream_t inp, key_idx_t * r_idx)
{
- key_idx_t idx;
- byte buf[4];
-
- if (!inp || !r_idx)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- idx = cdk_calloc (1, sizeof *idx);
- if (!idx)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
-
- while (!cdk_stream_eof (inp))
- {
- if (cdk_stream_read (inp, buf, 4) == CDK_EOF)
- break;
- idx->offset = _cdk_buftou32 (buf);
- cdk_stream_read (inp, buf, 4);
- idx->keyid[0] = _cdk_buftou32 (buf);
- cdk_stream_read (inp, buf, 4);
- idx->keyid[1] = _cdk_buftou32 (buf);
- cdk_stream_read (inp, idx->fpr, KEY_FPR_LEN);
- break;
- }
- *r_idx = idx;
- return cdk_stream_eof (inp) ? CDK_EOF : 0;
+ key_idx_t idx;
+ byte buf[4];
+
+ if (!inp || !r_idx) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ idx = cdk_calloc(1, sizeof *idx);
+ if (!idx) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+
+ while (!cdk_stream_eof(inp)) {
+ if (cdk_stream_read(inp, buf, 4) == CDK_EOF)
+ break;
+ idx->offset = _cdk_buftou32(buf);
+ cdk_stream_read(inp, buf, 4);
+ idx->keyid[0] = _cdk_buftou32(buf);
+ cdk_stream_read(inp, buf, 4);
+ idx->keyid[1] = _cdk_buftou32(buf);
+ cdk_stream_read(inp, idx->fpr, KEY_FPR_LEN);
+ break;
+ }
+ *r_idx = idx;
+ return cdk_stream_eof(inp) ? CDK_EOF : 0;
}
static cdk_error_t
-keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr,
- off_t * r_off)
+keydb_idx_search(cdk_stream_t inp, u32 * keyid, const byte * fpr,
+ off_t * r_off)
{
- key_idx_t idx;
-
- if (!inp || !r_off)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if ((keyid && fpr) || (!keyid && !fpr))
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- /* We need an initialize the offset var with a value
- because it might be possible the returned offset will
- be 0 and then we cannot differ between the begin and an EOF. */
- *r_off = 0xFFFFFFFF;
- cdk_stream_seek (inp, 0);
- while (keydb_idx_parse (inp, &idx) != CDK_EOF)
- {
- if (keyid && KEYID_CMP (keyid, idx->keyid))
- {
- *r_off = idx->offset;
- break;
- }
- else if (fpr && !memcmp (idx->fpr, fpr, KEY_FPR_LEN))
- {
- *r_off = idx->offset;
- break;
- }
- }
- cdk_free (idx);
- return *r_off != 0xFFFFFFFF ? 0 : CDK_EOF;
+ key_idx_t idx;
+
+ if (!inp || !r_off) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if ((keyid && fpr) || (!keyid && !fpr)) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ /* We need an initialize the offset var with a value
+ because it might be possible the returned offset will
+ be 0 and then we cannot differ between the begin and an EOF. */
+ *r_off = 0xFFFFFFFF;
+ cdk_stream_seek(inp, 0);
+ while (keydb_idx_parse(inp, &idx) != CDK_EOF) {
+ if (keyid && KEYID_CMP(keyid, idx->keyid)) {
+ *r_off = idx->offset;
+ break;
+ } else if (fpr && !memcmp(idx->fpr, fpr, KEY_FPR_LEN)) {
+ *r_off = idx->offset;
+ break;
+ }
+ }
+ cdk_free(idx);
+ return *r_off != 0xFFFFFFFF ? 0 : CDK_EOF;
}
@@ -285,33 +266,31 @@ keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr,
* Create a new keyring db handle from the contents of a buffer.
*/
cdk_error_t
-cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_db, int secret, int armor,
- const void *data, size_t datlen)
+cdk_keydb_new_from_mem(cdk_keydb_hd_t * r_db, int secret, int armor,
+ const void *data, size_t datlen)
{
- cdk_keydb_hd_t db;
- cdk_error_t rc;
-
- if (!r_db)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- *r_db = NULL;
- db = calloc (1, sizeof *db);
- rc = cdk_stream_tmp_from_mem (data, datlen, &db->fp);
- if (!db->fp)
- {
- cdk_free (db);
- gnutls_assert ();
- return rc;
- }
-
- if (armor)
- cdk_stream_set_armor_flag (db->fp, 0);
- db->type = CDK_DBTYPE_DATA;
- db->secret = secret;
- *r_db = db;
- return 0;
+ cdk_keydb_hd_t db;
+ cdk_error_t rc;
+
+ if (!r_db) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ *r_db = NULL;
+ db = calloc(1, sizeof *db);
+ rc = cdk_stream_tmp_from_mem(data, datlen, &db->fp);
+ if (!db->fp) {
+ cdk_free(db);
+ gnutls_assert();
+ return rc;
+ }
+
+ if (armor)
+ cdk_stream_set_armor_flag(db->fp, 0);
+ db->type = CDK_DBTYPE_DATA;
+ db->secret = secret;
+ *r_db = db;
+ return 0;
}
/**
@@ -320,294 +299,266 @@ cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_db, int secret, int armor,
*
* Free the keydb object.
**/
-void
-cdk_keydb_free (cdk_keydb_hd_t hd)
+void cdk_keydb_free(cdk_keydb_hd_t hd)
{
- if (!hd)
- return;
+ if (!hd)
+ return;
- if (hd->name)
- {
- cdk_free (hd->name);
- hd->name = NULL;
- }
+ if (hd->name) {
+ cdk_free(hd->name);
+ hd->name = NULL;
+ }
- if (hd->fp && !hd->fp_ref)
- {
- cdk_stream_close (hd->fp);
- hd->fp = NULL;
- }
+ if (hd->fp && !hd->fp_ref) {
+ cdk_stream_close(hd->fp);
+ hd->fp = NULL;
+ }
- hd->isopen = 0;
- hd->secret = 0;
- cdk_free (hd);
+ hd->isopen = 0;
+ hd->secret = 0;
+ cdk_free(hd);
}
static cdk_error_t
-_cdk_keydb_open (cdk_keydb_hd_t hd, cdk_stream_t * ret_kr)
+_cdk_keydb_open(cdk_keydb_hd_t hd, cdk_stream_t * ret_kr)
{
- cdk_error_t rc;
- cdk_stream_t kr;
-
- if (!hd || !ret_kr)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- rc = 0;
- if ((hd->type == CDK_DBTYPE_DATA)
- && hd->fp)
- {
- kr = hd->fp;
- cdk_stream_seek (kr, 0);
- }
- else if (hd->type == CDK_DBTYPE_PK_KEYRING ||
- hd->type == CDK_DBTYPE_SK_KEYRING)
- {
- rc = cdk_stream_open (hd->name, &kr);
-
- if (rc)
- goto leave;
- }
- else
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
-leave:
-
- *ret_kr = kr;
- return rc;
+ cdk_error_t rc;
+ cdk_stream_t kr;
+
+ if (!hd || !ret_kr) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ rc = 0;
+ if ((hd->type == CDK_DBTYPE_DATA)
+ && hd->fp) {
+ kr = hd->fp;
+ cdk_stream_seek(kr, 0);
+ } else if (hd->type == CDK_DBTYPE_PK_KEYRING ||
+ hd->type == CDK_DBTYPE_SK_KEYRING) {
+ rc = cdk_stream_open(hd->name, &kr);
+
+ if (rc)
+ goto leave;
+ } else {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ leave:
+
+ *ret_kr = kr;
+ return rc;
}
-static int
-find_by_keyid (cdk_kbnode_t knode, cdk_keydb_search_t ks)
+static int find_by_keyid(cdk_kbnode_t knode, cdk_keydb_search_t ks)
{
- cdk_kbnode_t node;
- u32 keyid[2];
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- _cdk_pkt_get_keyid (node->pkt, keyid);
- switch (ks->type)
- {
- case CDK_DBSEARCH_SHORT_KEYID:
- if (keyid[1] == ks->u.keyid[1])
- return 1;
- break;
-
- case CDK_DBSEARCH_KEYID:
- if (KEYID_CMP (keyid, ks->u.keyid))
- return 1;
- break;
-
- default:
- _cdk_log_debug ("find_by_keyid: invalid mode = %d\n", ks->type);
- return 0;
- }
- }
- }
- return 0;
+ cdk_kbnode_t node;
+ u32 keyid[2];
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY) {
+ _cdk_pkt_get_keyid(node->pkt, keyid);
+ switch (ks->type) {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ if (keyid[1] == ks->u.keyid[1])
+ return 1;
+ break;
+
+ case CDK_DBSEARCH_KEYID:
+ if (KEYID_CMP(keyid, ks->u.keyid))
+ return 1;
+ break;
+
+ default:
+ _cdk_log_debug
+ ("find_by_keyid: invalid mode = %d\n",
+ ks->type);
+ return 0;
+ }
+ }
+ }
+ return 0;
}
-static int
-find_by_fpr (cdk_kbnode_t knode, cdk_keydb_search_t ks)
+static int find_by_fpr(cdk_kbnode_t knode, cdk_keydb_search_t ks)
{
- cdk_kbnode_t node;
- byte fpr[KEY_FPR_LEN];
-
- if (ks->type != CDK_DBSEARCH_FPR)
- return 0;
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- _cdk_pkt_get_fingerprint (node->pkt, fpr);
- if (!memcmp (ks->u.fpr, fpr, KEY_FPR_LEN))
- return 1;
- break;
- }
- }
-
- return 0;
+ cdk_kbnode_t node;
+ byte fpr[KEY_FPR_LEN];
+
+ if (ks->type != CDK_DBSEARCH_FPR)
+ return 0;
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY) {
+ _cdk_pkt_get_fingerprint(node->pkt, fpr);
+ if (!memcmp(ks->u.fpr, fpr, KEY_FPR_LEN))
+ return 1;
+ break;
+ }
+ }
+
+ return 0;
}
-static int
-find_by_pattern (cdk_kbnode_t knode, cdk_keydb_search_t ks)
+static int find_by_pattern(cdk_kbnode_t knode, cdk_keydb_search_t ks)
{
- cdk_kbnode_t node;
- size_t uidlen;
- char *name;
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype != CDK_PKT_USER_ID)
- continue;
- if (node->pkt->pkt.user_id->attrib_img != NULL)
- continue; /* Skip attribute packets. */
- uidlen = node->pkt->pkt.user_id->len;
- name = node->pkt->pkt.user_id->name;
- switch (ks->type)
- {
- case CDK_DBSEARCH_EXACT:
- if (name &&
- (strlen (ks->u.pattern) == uidlen &&
- !strncmp (ks->u.pattern, name, uidlen)))
- return 1;
- break;
-
- case CDK_DBSEARCH_SUBSTR:
- if (uidlen > 65536)
- break;
- if (name && strlen (ks->u.pattern) > uidlen)
- break;
- if (name && _cdk_memistr (name, uidlen, ks->u.pattern))
- return 1;
- break;
-
- default: /* Invalid mode */
- return 0;
- }
- }
- return 0;
+ cdk_kbnode_t node;
+ size_t uidlen;
+ char *name;
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype != CDK_PKT_USER_ID)
+ continue;
+ if (node->pkt->pkt.user_id->attrib_img != NULL)
+ continue; /* Skip attribute packets. */
+ uidlen = node->pkt->pkt.user_id->len;
+ name = node->pkt->pkt.user_id->name;
+ switch (ks->type) {
+ case CDK_DBSEARCH_EXACT:
+ if (name &&
+ (strlen(ks->u.pattern) == uidlen &&
+ !strncmp(ks->u.pattern, name, uidlen)))
+ return 1;
+ break;
+
+ case CDK_DBSEARCH_SUBSTR:
+ if (uidlen > 65536)
+ break;
+ if (name && strlen(ks->u.pattern) > uidlen)
+ break;
+ if (name
+ && _cdk_memistr(name, uidlen, ks->u.pattern))
+ return 1;
+ break;
+
+ default: /* Invalid mode */
+ return 0;
+ }
+ }
+ return 0;
}
-static void
-keydb_cache_free (key_table_t cache)
+static void keydb_cache_free(key_table_t cache)
{
- key_table_t c2;
-
- while (cache)
- {
- c2 = cache->next;
- cache->offset = 0;
- cdk_free (cache);
- cache = c2;
- }
+ key_table_t c2;
+
+ while (cache) {
+ c2 = cache->next;
+ cache->offset = 0;
+ cdk_free(cache);
+ cache = c2;
+ }
}
-static key_table_t
-keydb_cache_find (cdk_keydb_search_t desc)
+static key_table_t keydb_cache_find(cdk_keydb_search_t desc)
{
- key_table_t cache = desc->cache;
- key_table_t t;
-
- for (t = cache; t; t = t->next)
- {
- switch (desc->type)
- {
- case CDK_DBSEARCH_SHORT_KEYID:
- case CDK_DBSEARCH_KEYID:
- if (KEYID_CMP (desc->u.keyid, desc->u.keyid))
- return t;
- break;
-
- case CDK_DBSEARCH_EXACT:
- if (strlen (desc->u.pattern) == strlen (desc->u.pattern) &&
- !strcmp (desc->u.pattern, desc->u.pattern))
- return t;
- break;
-
- case CDK_DBSEARCH_SUBSTR:
- if (strstr (desc->u.pattern, desc->u.pattern))
- return t;
- break;
-
- case CDK_DBSEARCH_FPR:
- if (!memcmp (desc->u.fpr, desc->u.fpr, KEY_FPR_LEN))
- return t;
- break;
- }
- }
-
- return NULL;
+ key_table_t cache = desc->cache;
+ key_table_t t;
+
+ for (t = cache; t; t = t->next) {
+ switch (desc->type) {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ if (KEYID_CMP(desc->u.keyid, desc->u.keyid))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_EXACT:
+ if (strlen(desc->u.pattern) ==
+ strlen(desc->u.pattern)
+ && !strcmp(desc->u.pattern, desc->u.pattern))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_SUBSTR:
+ if (strstr(desc->u.pattern, desc->u.pattern))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ if (!memcmp(desc->u.fpr, desc->u.fpr, KEY_FPR_LEN))
+ return t;
+ break;
+ }
+ }
+
+ return NULL;
}
-static cdk_error_t
-keydb_cache_add (cdk_keydb_search_t dbs, off_t offset)
+static cdk_error_t keydb_cache_add(cdk_keydb_search_t dbs, off_t offset)
{
- key_table_t k;
-
- if (dbs->ncache > KEYDB_CACHE_ENTRIES)
- return 0; /* FIXME: we should replace the last entry. */
- k = cdk_calloc (1, sizeof *k);
- if (!k)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
-
- k->offset = offset;
-
- k->next = dbs->cache;
- dbs->cache = k;
- dbs->ncache++;
- _cdk_log_debug ("cache: add entry off=%d type=%d\n", (int) offset,
- (int) dbs->type);
- return 0;
+ key_table_t k;
+
+ if (dbs->ncache > KEYDB_CACHE_ENTRIES)
+ return 0; /* FIXME: we should replace the last entry. */
+ k = cdk_calloc(1, sizeof *k);
+ if (!k) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+
+ k->offset = offset;
+
+ k->next = dbs->cache;
+ dbs->cache = k;
+ dbs->ncache++;
+ _cdk_log_debug("cache: add entry off=%d type=%d\n", (int) offset,
+ (int) dbs->type);
+ return 0;
}
-static cdk_error_t
-idx_init (cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
+static cdk_error_t idx_init(cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
{
- cdk_error_t ec, rc = 0;
-
- if (cdk_stream_get_length (db->fp) < 524288)
- {
- dbs->no_cache = 1;
- goto leave;
- }
-
- dbs->idx_name = keydb_idx_mkname (db->name);
- if (!dbs->idx_name)
- {
- rc = CDK_Out_Of_Core;
- goto leave;
- }
- ec = cdk_stream_open (dbs->idx_name, &dbs->idx);
-
- if (ec && !db->secret)
- {
- rc = keydb_idx_build (db->name);
- if (!rc)
- rc = cdk_stream_open (dbs->idx_name, &dbs->idx);
- if (!rc)
- {
- _cdk_log_debug ("create key index table\n");
- }
- else
- {
- /* This is no real error, it just means we can't create
- the index at the given directory. maybe we've no write
- access. in this case, we simply disable the index. */
- _cdk_log_debug ("disable key index table err=%d\n", rc);
- rc = 0;
- dbs->no_cache = 1;
- }
- }
-
-leave:
-
- return rc;
+ cdk_error_t ec, rc = 0;
+
+ if (cdk_stream_get_length(db->fp) < 524288) {
+ dbs->no_cache = 1;
+ goto leave;
+ }
+
+ dbs->idx_name = keydb_idx_mkname(db->name);
+ if (!dbs->idx_name) {
+ rc = CDK_Out_Of_Core;
+ goto leave;
+ }
+ ec = cdk_stream_open(dbs->idx_name, &dbs->idx);
+
+ if (ec && !db->secret) {
+ rc = keydb_idx_build(db->name);
+ if (!rc)
+ rc = cdk_stream_open(dbs->idx_name, &dbs->idx);
+ if (!rc) {
+ _cdk_log_debug("create key index table\n");
+ } else {
+ /* This is no real error, it just means we can't create
+ the index at the given directory. maybe we've no write
+ access. in this case, we simply disable the index. */
+ _cdk_log_debug("disable key index table err=%d\n",
+ rc);
+ rc = 0;
+ dbs->no_cache = 1;
+ }
+ }
+
+ leave:
+
+ return rc;
}
/**
@@ -620,216 +571,199 @@ leave:
* Create a new keydb search object.
**/
cdk_error_t
-cdk_keydb_search_start (cdk_keydb_search_t * st, cdk_keydb_hd_t db, int type,
- void *desc)
+cdk_keydb_search_start(cdk_keydb_search_t * st, cdk_keydb_hd_t db,
+ int type, void *desc)
{
- u32 *keyid;
- char *p, tmp[3];
- int i;
- cdk_error_t rc;
-
- if (!db)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (type != CDK_DBSEARCH_NEXT && !desc)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- *st = cdk_calloc (1, sizeof (cdk_keydb_search_s));
- if (!(*st))
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
-
- rc = idx_init (db, *st);
- if (rc != CDK_Success)
- {
- free (*st);
- gnutls_assert ();
- return rc;
- }
-
- (*st)->type = type;
- switch (type)
- {
- case CDK_DBSEARCH_EXACT:
- case CDK_DBSEARCH_SUBSTR:
- cdk_free ((*st)->u.pattern);
- (*st)->u.pattern = cdk_strdup (desc);
- if (!(*st)->u.pattern)
- {
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- break;
-
- case CDK_DBSEARCH_SHORT_KEYID:
- keyid = desc;
- (*st)->u.keyid[1] = keyid[0];
- break;
-
- case CDK_DBSEARCH_KEYID:
- keyid = desc;
- (*st)->u.keyid[0] = keyid[0];
- (*st)->u.keyid[1] = keyid[1];
- break;
-
- case CDK_DBSEARCH_FPR:
- memcpy ((*st)->u.fpr, desc, KEY_FPR_LEN);
- break;
-
- case CDK_DBSEARCH_NEXT:
- break;
-
- case CDK_DBSEARCH_AUTO:
- /* Override the type with the actual db search type. */
- (*st)->type = classify_data (desc, strlen (desc));
- switch ((*st)->type)
- {
- case CDK_DBSEARCH_SUBSTR:
- case CDK_DBSEARCH_EXACT:
- cdk_free ((*st)->u.pattern);
- p = (*st)->u.pattern = cdk_strdup (desc);
- if (!p)
- {
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- break;
-
- case CDK_DBSEARCH_SHORT_KEYID:
- case CDK_DBSEARCH_KEYID:
- p = desc;
- if (!strncmp (p, "0x", 2))
- p += 2;
- if (strlen (p) == 8)
- {
- (*st)->u.keyid[0] = 0;
- (*st)->u.keyid[1] = strtoul (p, NULL, 16);
- }
- else if (strlen (p) == 16)
- {
- (*st)->u.keyid[0] = strtoul (p, NULL, 16);
- (*st)->u.keyid[1] = strtoul (p + 8, NULL, 16);
- }
- else
- { /* Invalid key ID object. */
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- break;
-
- case CDK_DBSEARCH_FPR:
- p = desc;
- if (strlen (p) != 2 * KEY_FPR_LEN)
- {
- cdk_free (*st);
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- for (i = 0; i < KEY_FPR_LEN; i++)
- {
- tmp[0] = p[2 * i];
- tmp[1] = p[2 * i + 1];
- tmp[2] = 0x00;
- (*st)->u.fpr[i] = strtoul (tmp, NULL, 16);
- }
- break;
- }
- break;
-
- default:
- cdk_free (*st);
- _cdk_log_debug ("cdk_keydb_search_start: invalid mode = %d\n", type);
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- return 0;
+ u32 *keyid;
+ char *p, tmp[3];
+ int i;
+ cdk_error_t rc;
+
+ if (!db) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (type != CDK_DBSEARCH_NEXT && !desc) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ *st = cdk_calloc(1, sizeof(cdk_keydb_search_s));
+ if (!(*st)) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+
+ rc = idx_init(db, *st);
+ if (rc != CDK_Success) {
+ free(*st);
+ gnutls_assert();
+ return rc;
+ }
+
+ (*st)->type = type;
+ switch (type) {
+ case CDK_DBSEARCH_EXACT:
+ case CDK_DBSEARCH_SUBSTR:
+ cdk_free((*st)->u.pattern);
+ (*st)->u.pattern = cdk_strdup(desc);
+ if (!(*st)->u.pattern) {
+ cdk_free(*st);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ break;
+
+ case CDK_DBSEARCH_SHORT_KEYID:
+ keyid = desc;
+ (*st)->u.keyid[1] = keyid[0];
+ break;
+
+ case CDK_DBSEARCH_KEYID:
+ keyid = desc;
+ (*st)->u.keyid[0] = keyid[0];
+ (*st)->u.keyid[1] = keyid[1];
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ memcpy((*st)->u.fpr, desc, KEY_FPR_LEN);
+ break;
+
+ case CDK_DBSEARCH_NEXT:
+ break;
+
+ case CDK_DBSEARCH_AUTO:
+ /* Override the type with the actual db search type. */
+ (*st)->type = classify_data(desc, strlen(desc));
+ switch ((*st)->type) {
+ case CDK_DBSEARCH_SUBSTR:
+ case CDK_DBSEARCH_EXACT:
+ cdk_free((*st)->u.pattern);
+ p = (*st)->u.pattern = cdk_strdup(desc);
+ if (!p) {
+ cdk_free(*st);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ break;
+
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ p = desc;
+ if (!strncmp(p, "0x", 2))
+ p += 2;
+ if (strlen(p) == 8) {
+ (*st)->u.keyid[0] = 0;
+ (*st)->u.keyid[1] = strtoul(p, NULL, 16);
+ } else if (strlen(p) == 16) {
+ (*st)->u.keyid[0] = strtoul(p, NULL, 16);
+ (*st)->u.keyid[1] =
+ strtoul(p + 8, NULL, 16);
+ } else { /* Invalid key ID object. */
+ cdk_free(*st);
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ p = desc;
+ if (strlen(p) != 2 * KEY_FPR_LEN) {
+ cdk_free(*st);
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+ for (i = 0; i < KEY_FPR_LEN; i++) {
+ tmp[0] = p[2 * i];
+ tmp[1] = p[2 * i + 1];
+ tmp[2] = 0x00;
+ (*st)->u.fpr[i] = strtoul(tmp, NULL, 16);
+ }
+ break;
+ }
+ break;
+
+ default:
+ cdk_free(*st);
+ _cdk_log_debug
+ ("cdk_keydb_search_start: invalid mode = %d\n", type);
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ return 0;
}
static cdk_error_t
-keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks,
- int *r_cache_hit, off_t * r_off)
+keydb_pos_from_cache(cdk_keydb_hd_t hd, cdk_keydb_search_t ks,
+ int *r_cache_hit, off_t * r_off)
{
- key_table_t c;
-
- if (!hd || !r_cache_hit || !r_off)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- /* Reset the values. */
- *r_cache_hit = 0;
- *r_off = 0;
-
- c = keydb_cache_find (ks);
- if (c != NULL)
- {
- _cdk_log_debug ("cache: found entry in cache.\n");
- *r_cache_hit = 1;
- *r_off = c->offset;
- return 0;
- }
-
- /* No index cache available so we just return here. */
- if (!ks->idx)
- return 0;
-
- if (ks->idx)
- {
- if (ks->type == CDK_DBSEARCH_KEYID)
- {
- if (keydb_idx_search (ks->idx, ks->u.keyid, NULL, r_off))
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- _cdk_log_debug ("cache: found keyid entry in idx table.\n");
- *r_cache_hit = 1;
- }
- else if (ks->type == CDK_DBSEARCH_FPR)
- {
- if (keydb_idx_search (ks->idx, NULL, ks->u.fpr, r_off))
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- _cdk_log_debug ("cache: found fpr entry in idx table.\n");
- *r_cache_hit = 1;
- }
- }
-
- return 0;
+ key_table_t c;
+
+ if (!hd || !r_cache_hit || !r_off) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ /* Reset the values. */
+ *r_cache_hit = 0;
+ *r_off = 0;
+
+ c = keydb_cache_find(ks);
+ if (c != NULL) {
+ _cdk_log_debug("cache: found entry in cache.\n");
+ *r_cache_hit = 1;
+ *r_off = c->offset;
+ return 0;
+ }
+
+ /* No index cache available so we just return here. */
+ if (!ks->idx)
+ return 0;
+
+ if (ks->idx) {
+ if (ks->type == CDK_DBSEARCH_KEYID) {
+ if (keydb_idx_search
+ (ks->idx, ks->u.keyid, NULL, r_off)) {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ _cdk_log_debug
+ ("cache: found keyid entry in idx table.\n");
+ *r_cache_hit = 1;
+ } else if (ks->type == CDK_DBSEARCH_FPR) {
+ if (keydb_idx_search
+ (ks->idx, NULL, ks->u.fpr, r_off)) {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ _cdk_log_debug
+ ("cache: found fpr entry in idx table.\n");
+ *r_cache_hit = 1;
+ }
+ }
+
+ return 0;
}
-void
-cdk_keydb_search_release (cdk_keydb_search_t st)
+void cdk_keydb_search_release(cdk_keydb_search_t st)
{
- if (st == NULL)
- return;
+ if (st == NULL)
+ return;
- keydb_cache_free (st->cache);
+ keydb_cache_free(st->cache);
- if (st->idx)
- cdk_stream_close (st->idx);
+ if (st->idx)
+ cdk_stream_close(st->idx);
- if (!st)
- return;
- if (st->type == CDK_DBSEARCH_EXACT || st->type == CDK_DBSEARCH_SUBSTR)
- cdk_free (st->u.pattern);
+ if (!st)
+ return;
+ if (st->type == CDK_DBSEARCH_EXACT
+ || st->type == CDK_DBSEARCH_SUBSTR)
+ cdk_free(st->u.pattern);
- cdk_free (st);
+ cdk_free(st);
}
/**
@@ -842,446 +776,423 @@ cdk_keydb_search_release (cdk_keydb_search_t st)
* via @ks. If the key was found, @ret_key contains the key data.
**/
cdk_error_t
-cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
- cdk_kbnode_t * ret_key)
+cdk_keydb_search(cdk_keydb_search_t st, cdk_keydb_hd_t hd,
+ cdk_kbnode_t * ret_key)
{
- cdk_stream_t kr;
- cdk_kbnode_t knode;
- cdk_error_t rc = 0;
- off_t pos = 0, off = 0;
- int key_found = 0, cache_hit = 0;
-
- if (!hd || !ret_key || !st)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- *ret_key = NULL;
- kr = NULL;
-
- rc = _cdk_keydb_open (hd, &kr);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- if (!st->no_cache)
- {
- /* It is possible the index is not up-to-date and thus we do
- not find the requesed key. In this case, we reset cache hit
- and continue our normal search procedure. */
- rc = keydb_pos_from_cache (hd, st, &cache_hit, &off);
- if (rc)
- cache_hit = 0;
- }
-
- knode = NULL;
-
- while (!key_found && !rc)
- {
- if (cache_hit && st->type != CDK_DBSEARCH_NEXT)
- cdk_stream_seek (kr, off);
- else if (st->type == CDK_DBSEARCH_NEXT)
- cdk_stream_seek (kr, st->off);
-
- pos = cdk_stream_tell (kr);
-
- rc = cdk_keydb_get_keyblock (kr, &knode);
-
- if (rc)
- {
- if (rc == CDK_EOF)
- break;
- else
- {
- gnutls_assert ();
- return rc;
- }
- }
-
- switch (st->type)
- {
- case CDK_DBSEARCH_SHORT_KEYID:
- case CDK_DBSEARCH_KEYID:
- key_found = find_by_keyid (knode, st);
- break;
-
- case CDK_DBSEARCH_FPR:
- key_found = find_by_fpr (knode, st);
- break;
-
- case CDK_DBSEARCH_EXACT:
- case CDK_DBSEARCH_SUBSTR:
- key_found = find_by_pattern (knode, st);
- break;
-
- case CDK_DBSEARCH_NEXT:
- st->off = cdk_stream_tell (kr);
- key_found = knode ? 1 : 0;
- break;
- }
-
- if (key_found)
- {
- if (!keydb_cache_find (st))
- keydb_cache_add (st, pos);
- break;
- }
-
- cdk_kbnode_release (knode);
- knode = NULL;
- }
-
- if (key_found && rc == CDK_EOF)
- rc = 0;
- else if (rc == CDK_EOF && !key_found)
- {
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- }
- *ret_key = key_found ? knode : NULL;
- return rc;
+ cdk_stream_t kr;
+ cdk_kbnode_t knode;
+ cdk_error_t rc = 0;
+ off_t pos = 0, off = 0;
+ int key_found = 0, cache_hit = 0;
+
+ if (!hd || !ret_key || !st) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ *ret_key = NULL;
+ kr = NULL;
+
+ rc = _cdk_keydb_open(hd, &kr);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ if (!st->no_cache) {
+ /* It is possible the index is not up-to-date and thus we do
+ not find the requesed key. In this case, we reset cache hit
+ and continue our normal search procedure. */
+ rc = keydb_pos_from_cache(hd, st, &cache_hit, &off);
+ if (rc)
+ cache_hit = 0;
+ }
+
+ knode = NULL;
+
+ while (!key_found && !rc) {
+ if (cache_hit && st->type != CDK_DBSEARCH_NEXT)
+ cdk_stream_seek(kr, off);
+ else if (st->type == CDK_DBSEARCH_NEXT)
+ cdk_stream_seek(kr, st->off);
+
+ pos = cdk_stream_tell(kr);
+
+ rc = cdk_keydb_get_keyblock(kr, &knode);
+
+ if (rc) {
+ if (rc == CDK_EOF)
+ break;
+ else {
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ switch (st->type) {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ key_found = find_by_keyid(knode, st);
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ key_found = find_by_fpr(knode, st);
+ break;
+
+ case CDK_DBSEARCH_EXACT:
+ case CDK_DBSEARCH_SUBSTR:
+ key_found = find_by_pattern(knode, st);
+ break;
+
+ case CDK_DBSEARCH_NEXT:
+ st->off = cdk_stream_tell(kr);
+ key_found = knode ? 1 : 0;
+ break;
+ }
+
+ if (key_found) {
+ if (!keydb_cache_find(st))
+ keydb_cache_add(st, pos);
+ break;
+ }
+
+ cdk_kbnode_release(knode);
+ knode = NULL;
+ }
+
+ if (key_found && rc == CDK_EOF)
+ rc = 0;
+ else if (rc == CDK_EOF && !key_found) {
+ gnutls_assert();
+ rc = CDK_Error_No_Key;
+ }
+ *ret_key = key_found ? knode : NULL;
+ return rc;
}
cdk_error_t
-cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, u32 * keyid, cdk_kbnode_t * ret_key)
+cdk_keydb_get_bykeyid(cdk_keydb_hd_t hd, u32 * keyid,
+ cdk_kbnode_t * ret_key)
{
- cdk_error_t rc;
- cdk_keydb_search_t st;
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
- if (!hd || !keyid || !ret_key)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ if (!hd || !keyid || !ret_key) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
- if (!rc)
- rc = cdk_keydb_search (st, hd, ret_key);
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_KEYID, keyid);
+ if (!rc)
+ rc = cdk_keydb_search(st, hd, ret_key);
- cdk_keydb_search_release (st);
- return rc;
+ cdk_keydb_search_release(st);
+ return rc;
}
cdk_error_t
-cdk_keydb_get_byfpr (cdk_keydb_hd_t hd, const byte * fpr,
- cdk_kbnode_t * r_key)
+cdk_keydb_get_byfpr(cdk_keydb_hd_t hd, const byte * fpr,
+ cdk_kbnode_t * r_key)
{
- cdk_error_t rc;
- cdk_keydb_search_t st;
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
- if (!hd || !fpr || !r_key)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ if (!hd || !fpr || !r_key) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_FPR, (byte *) fpr);
- if (!rc)
- rc = cdk_keydb_search (st, hd, r_key);
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_FPR,
+ (byte *) fpr);
+ if (!rc)
+ rc = cdk_keydb_search(st, hd, r_key);
- cdk_keydb_search_release (st);
- return rc;
+ cdk_keydb_search_release(st);
+ return rc;
}
cdk_error_t
-cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
- cdk_kbnode_t * ret_key)
+cdk_keydb_get_bypattern(cdk_keydb_hd_t hd, const char *patt,
+ cdk_kbnode_t * ret_key)
{
- cdk_error_t rc;
- cdk_keydb_search_t st;
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
- if (!hd || !patt || !ret_key)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ if (!hd || !patt || !ret_key) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_SUBSTR, (char *) patt);
- if (!rc)
- rc = cdk_keydb_search (st, hd, ret_key);
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_SUBSTR,
+ (char *) patt);
+ if (!rc)
+ rc = cdk_keydb_search(st, hd, ret_key);
- if (rc)
- gnutls_assert ();
+ if (rc)
+ gnutls_assert();
- cdk_keydb_search_release (st);
- return rc;
+ cdk_keydb_search_release(st);
+ return rc;
}
-static int
-keydb_check_key (cdk_packet_t pkt)
+static int keydb_check_key(cdk_packet_t pkt)
{
- cdk_pkt_pubkey_t pk;
- int is_sk, valid;
-
- if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- {
- pk = pkt->pkt.public_key;
- is_sk = 0;
- }
- else if (pkt->pkttype == CDK_PKT_SECRET_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- pk = pkt->pkt.secret_key->pk;
- is_sk = 1;
- }
- else /* No key object. */
- return 0;
- valid = !pk->is_revoked && !pk->has_expired;
- if (is_sk)
- return valid;
- return valid && !pk->is_invalid;
+ cdk_pkt_pubkey_t pk;
+ int is_sk, valid;
+
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) {
+ pk = pkt->pkt.public_key;
+ is_sk = 0;
+ } else if (pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY) {
+ pk = pkt->pkt.secret_key->pk;
+ is_sk = 1;
+ } else /* No key object. */
+ return 0;
+ valid = !pk->is_revoked && !pk->has_expired;
+ if (is_sk)
+ return valid;
+ return valid && !pk->is_invalid;
}
/* Find the first kbnode with the requested packet type
that represents a valid key. */
static cdk_kbnode_t
-kbnode_find_valid (cdk_kbnode_t root, cdk_packet_type_t pkttype)
+kbnode_find_valid(cdk_kbnode_t root, cdk_packet_type_t pkttype)
{
- cdk_kbnode_t n;
+ cdk_kbnode_t n;
- for (n = root; n; n = n->next)
- {
- if (n->pkt->pkttype != pkttype)
- continue;
- if (keydb_check_key (n->pkt))
- return n;
- }
+ for (n = root; n; n = n->next) {
+ if (n->pkt->pkttype != pkttype)
+ continue;
+ if (keydb_check_key(n->pkt))
+ return n;
+ }
- return NULL;
+ return NULL;
}
static cdk_kbnode_t
-keydb_find_byusage (cdk_kbnode_t root, int req_usage, int is_pk)
+keydb_find_byusage(cdk_kbnode_t root, int req_usage, int is_pk)
{
- cdk_kbnode_t node, key;
- int req_type;
- long timestamp;
-
- req_type = is_pk ? CDK_PKT_PUBLIC_KEY : CDK_PKT_SECRET_KEY;
- if (!req_usage)
- return kbnode_find_valid (root, req_type);
-
- node = cdk_kbnode_find (root, req_type);
- if (node && !keydb_check_key (node->pkt))
- return NULL;
-
- key = NULL;
- timestamp = 0;
- /* We iteratre over the all nodes and search for keys or
- subkeys which match the usage and which are not invalid.
- A timestamp is used to figure out the newest valid key. */
- for (node = root; node; node = node->next)
- {
- if (is_pk && (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- && keydb_check_key (node->pkt)
- && (node->pkt->pkt.public_key->pubkey_usage & req_usage))
- {
- if (node->pkt->pkt.public_key->timestamp > timestamp)
- key = node;
- }
- if (!is_pk && (node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
- node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- && keydb_check_key (node->pkt)
- && (node->pkt->pkt.secret_key->pk->pubkey_usage & req_usage))
- {
- if (node->pkt->pkt.secret_key->pk->timestamp > timestamp)
- key = node;
- }
-
- }
- return key;
+ cdk_kbnode_t node, key;
+ int req_type;
+ long timestamp;
+
+ req_type = is_pk ? CDK_PKT_PUBLIC_KEY : CDK_PKT_SECRET_KEY;
+ if (!req_usage)
+ return kbnode_find_valid(root, req_type);
+
+ node = cdk_kbnode_find(root, req_type);
+ if (node && !keydb_check_key(node->pkt))
+ return NULL;
+
+ key = NULL;
+ timestamp = 0;
+ /* We iteratre over the all nodes and search for keys or
+ subkeys which match the usage and which are not invalid.
+ A timestamp is used to figure out the newest valid key. */
+ for (node = root; node; node = node->next) {
+ if (is_pk && (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ && keydb_check_key(node->pkt)
+ && (node->pkt->pkt.public_key->
+ pubkey_usage & req_usage)) {
+ if (node->pkt->pkt.public_key->timestamp >
+ timestamp)
+ key = node;
+ }
+ if (!is_pk && (node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ && keydb_check_key(node->pkt)
+ && (node->pkt->pkt.secret_key->pk->
+ pubkey_usage & req_usage)) {
+ if (node->pkt->pkt.secret_key->pk->timestamp >
+ timestamp)
+ key = node;
+ }
+
+ }
+ return key;
}
static cdk_kbnode_t
-keydb_find_bykeyid (cdk_kbnode_t root, const u32 * keyid, int search_mode)
+keydb_find_bykeyid(cdk_kbnode_t root, const u32 * keyid, int search_mode)
{
- cdk_kbnode_t node;
- u32 kid[2];
-
- for (node = root; node; node = node->next)
- {
- if (!_cdk_pkt_get_keyid (node->pkt, kid))
- continue;
- if (search_mode == CDK_DBSEARCH_SHORT_KEYID && kid[1] == keyid[1])
- return node;
- else if (kid[0] == keyid[0] && kid[1] == keyid[1])
- return node;
- }
- return NULL;
+ cdk_kbnode_t node;
+ u32 kid[2];
+
+ for (node = root; node; node = node->next) {
+ if (!_cdk_pkt_get_keyid(node->pkt, kid))
+ continue;
+ if (search_mode == CDK_DBSEARCH_SHORT_KEYID
+ && kid[1] == keyid[1])
+ return node;
+ else if (kid[0] == keyid[0] && kid[1] == keyid[1])
+ return node;
+ }
+ return NULL;
}
cdk_error_t
-_cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_seckey_t * ret_sk, int usage)
+_cdk_keydb_get_sk_byusage(cdk_keydb_hd_t hd, const char *name,
+ cdk_seckey_t * ret_sk, int usage)
{
- cdk_kbnode_t knode = NULL;
- cdk_kbnode_t node, sk_node, pk_node;
- cdk_pkt_seckey_t sk;
- cdk_error_t rc;
- const char *s;
- int pkttype;
- cdk_keydb_search_t st;
-
- if (!ret_sk || !usage)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- if (!hd)
- {
- gnutls_assert ();
- return CDK_Error_No_Keyring;
- }
-
- *ret_sk = NULL;
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, (char *) name);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = cdk_keydb_search (st, hd, &knode);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- cdk_keydb_search_release (st);
-
- sk_node = keydb_find_byusage (knode, usage, 0);
- if (!sk_node)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return CDK_Unusable_Key;
- }
-
- /* We clone the node with the secret key to avoid that the
- packet will be released. */
- _cdk_kbnode_clone (sk_node);
- sk = sk_node->pkt->pkt.secret_key;
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_USER_ID)
- {
- s = node->pkt->pkt.user_id->name;
- if (sk && !sk->pk->uid && _cdk_memistr (s, strlen (s), name))
- {
- _cdk_copy_userid (&sk->pk->uid, node->pkt->pkt.user_id);
- break;
- }
- }
- }
-
- /* To find the self signature, we need the primary public key because
- the selected secret key might be different from the primary key. */
- pk_node = cdk_kbnode_find (knode, CDK_PKT_SECRET_KEY);
- if (!pk_node)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return CDK_Unusable_Key;
- }
- node = find_selfsig_node (knode, pk_node->pkt->pkt.secret_key->pk);
- if (sk && sk->pk && sk->pk->uid && node)
- _cdk_copy_signature (&sk->pk->uid->selfsig, node->pkt->pkt.signature);
-
- /* We only release the outer packet. */
- _cdk_pkt_detach_free (sk_node->pkt, &pkttype, (void *) &sk);
- cdk_kbnode_release (knode);
- *ret_sk = sk;
- return rc;
+ cdk_kbnode_t knode = NULL;
+ cdk_kbnode_t node, sk_node, pk_node;
+ cdk_pkt_seckey_t sk;
+ cdk_error_t rc;
+ const char *s;
+ int pkttype;
+ cdk_keydb_search_t st;
+
+ if (!ret_sk || !usage) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ if (!hd) {
+ gnutls_assert();
+ return CDK_Error_No_Keyring;
+ }
+
+ *ret_sk = NULL;
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_AUTO,
+ (char *) name);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ rc = cdk_keydb_search(st, hd, &knode);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ cdk_keydb_search_release(st);
+
+ sk_node = keydb_find_byusage(knode, usage, 0);
+ if (!sk_node) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return CDK_Unusable_Key;
+ }
+
+ /* We clone the node with the secret key to avoid that the
+ packet will be released. */
+ _cdk_kbnode_clone(sk_node);
+ sk = sk_node->pkt->pkt.secret_key;
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_USER_ID) {
+ s = node->pkt->pkt.user_id->name;
+ if (sk && !sk->pk->uid
+ && _cdk_memistr(s, strlen(s), name)) {
+ _cdk_copy_userid(&sk->pk->uid,
+ node->pkt->pkt.user_id);
+ break;
+ }
+ }
+ }
+
+ /* To find the self signature, we need the primary public key because
+ the selected secret key might be different from the primary key. */
+ pk_node = cdk_kbnode_find(knode, CDK_PKT_SECRET_KEY);
+ if (!pk_node) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return CDK_Unusable_Key;
+ }
+ node = find_selfsig_node(knode, pk_node->pkt->pkt.secret_key->pk);
+ if (sk && sk->pk && sk->pk->uid && node)
+ _cdk_copy_signature(&sk->pk->uid->selfsig,
+ node->pkt->pkt.signature);
+
+ /* We only release the outer packet. */
+ _cdk_pkt_detach_free(sk_node->pkt, &pkttype, (void *) &sk);
+ cdk_kbnode_release(knode);
+ *ret_sk = sk;
+ return rc;
}
cdk_error_t
-_cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_pubkey_t * ret_pk, int usage)
+_cdk_keydb_get_pk_byusage(cdk_keydb_hd_t hd, const char *name,
+ cdk_pubkey_t * ret_pk, int usage)
{
- cdk_kbnode_t knode, node, pk_node;
- cdk_pkt_pubkey_t pk;
- const char *s;
- cdk_error_t rc;
- cdk_keydb_search_t st;
-
- if (!ret_pk || !usage)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!hd)
- {
- gnutls_assert ();
- return CDK_Error_No_Keyring;
- }
-
- *ret_pk = NULL;
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, (char *) name);
- if (!rc)
- rc = cdk_keydb_search (st, hd, &knode);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- cdk_keydb_search_release (st);
-
- node = keydb_find_byusage (knode, usage, 1);
- if (!node)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return CDK_Unusable_Key;
- }
-
- pk = NULL;
- _cdk_copy_pubkey (&pk, node->pkt->pkt.public_key);
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_USER_ID)
- {
- s = node->pkt->pkt.user_id->name;
- if (pk && !pk->uid && _cdk_memistr (s, strlen (s), name))
- {
- _cdk_copy_userid (&pk->uid, node->pkt->pkt.user_id);
- break;
- }
- }
- }
-
- /* Same as in the sk code, the selected key can be a sub key
- and thus we need the primary key to find the self sig. */
- pk_node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (!pk_node)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return CDK_Unusable_Key;
- }
- node = find_selfsig_node (knode, pk_node->pkt->pkt.public_key);
- if (pk && pk->uid && node)
- _cdk_copy_signature (&pk->uid->selfsig, node->pkt->pkt.signature);
- cdk_kbnode_release (knode);
-
- *ret_pk = pk;
- return rc;
+ cdk_kbnode_t knode, node, pk_node;
+ cdk_pkt_pubkey_t pk;
+ const char *s;
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
+
+ if (!ret_pk || !usage) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!hd) {
+ gnutls_assert();
+ return CDK_Error_No_Keyring;
+ }
+
+ *ret_pk = NULL;
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_AUTO,
+ (char *) name);
+ if (!rc)
+ rc = cdk_keydb_search(st, hd, &knode);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ cdk_keydb_search_release(st);
+
+ node = keydb_find_byusage(knode, usage, 1);
+ if (!node) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return CDK_Unusable_Key;
+ }
+
+ pk = NULL;
+ _cdk_copy_pubkey(&pk, node->pkt->pkt.public_key);
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_USER_ID) {
+ s = node->pkt->pkt.user_id->name;
+ if (pk && !pk->uid
+ && _cdk_memistr(s, strlen(s), name)) {
+ _cdk_copy_userid(&pk->uid,
+ node->pkt->pkt.user_id);
+ break;
+ }
+ }
+ }
+
+ /* Same as in the sk code, the selected key can be a sub key
+ and thus we need the primary key to find the self sig. */
+ pk_node = cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY);
+ if (!pk_node) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return CDK_Unusable_Key;
+ }
+ node = find_selfsig_node(knode, pk_node->pkt->pkt.public_key);
+ if (pk && pk->uid && node)
+ _cdk_copy_signature(&pk->uid->selfsig,
+ node->pkt->pkt.signature);
+ cdk_kbnode_release(knode);
+
+ *ret_pk = pk;
+ return rc;
}
@@ -1295,57 +1206,52 @@ _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
* key without any signatures or user id's.
**/
cdk_error_t
-cdk_keydb_get_pk (cdk_keydb_hd_t hd, u32 * keyid, cdk_pubkey_t * r_pk)
+cdk_keydb_get_pk(cdk_keydb_hd_t hd, u32 * keyid, cdk_pubkey_t * r_pk)
{
- cdk_kbnode_t knode = NULL, node;
- cdk_pubkey_t pk;
- cdk_error_t rc;
- size_t s_type;
- int pkttype;
- cdk_keydb_search_t st;
-
- if (!keyid || !r_pk)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!hd)
- {
- gnutls_assert ();
- return CDK_Error_No_Keyring;
- }
-
- *r_pk = NULL;
- s_type = !keyid[0] ? CDK_DBSEARCH_SHORT_KEYID : CDK_DBSEARCH_KEYID;
- rc = cdk_keydb_search_start (&st, hd, s_type, keyid);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- rc = cdk_keydb_search (st, hd, &knode);
- cdk_keydb_search_release (st);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- node = keydb_find_bykeyid (knode, keyid, s_type);
- if (!node)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
-
- /* See comment in cdk_keydb_get_sk() */
- _cdk_pkt_detach_free (node->pkt, &pkttype, (void *) &pk);
- *r_pk = pk;
- _cdk_kbnode_clone (node);
- cdk_kbnode_release (knode);
-
- return rc;
+ cdk_kbnode_t knode = NULL, node;
+ cdk_pubkey_t pk;
+ cdk_error_t rc;
+ size_t s_type;
+ int pkttype;
+ cdk_keydb_search_t st;
+
+ if (!keyid || !r_pk) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!hd) {
+ gnutls_assert();
+ return CDK_Error_No_Keyring;
+ }
+
+ *r_pk = NULL;
+ s_type = !keyid[0] ? CDK_DBSEARCH_SHORT_KEYID : CDK_DBSEARCH_KEYID;
+ rc = cdk_keydb_search_start(&st, hd, s_type, keyid);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ rc = cdk_keydb_search(st, hd, &knode);
+ cdk_keydb_search_release(st);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ node = keydb_find_bykeyid(knode, keyid, s_type);
+ if (!node) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+
+ /* See comment in cdk_keydb_get_sk() */
+ _cdk_pkt_detach_free(node->pkt, &pkttype, (void *) &pk);
+ *r_pk = pk;
+ _cdk_kbnode_clone(node);
+ cdk_kbnode_release(knode);
+
+ return rc;
}
@@ -1360,612 +1266,583 @@ cdk_keydb_get_pk (cdk_keydb_hd_t hd, u32 * keyid, cdk_pubkey_t * r_pk)
* like the user id or the signatures.
**/
cdk_error_t
-cdk_keydb_get_sk (cdk_keydb_hd_t hd, u32 * keyid, cdk_seckey_t * ret_sk)
+cdk_keydb_get_sk(cdk_keydb_hd_t hd, u32 * keyid, cdk_seckey_t * ret_sk)
{
- cdk_kbnode_t snode, node;
- cdk_seckey_t sk;
- cdk_error_t rc;
- int pkttype;
-
- if (!keyid || !ret_sk)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!hd)
- {
- gnutls_assert ();
- return CDK_Error_No_Keyring;
- }
-
- *ret_sk = NULL;
- rc = cdk_keydb_get_bykeyid (hd, keyid, &snode);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- node = keydb_find_bykeyid (snode, keyid, CDK_DBSEARCH_KEYID);
- if (!node)
- {
- cdk_kbnode_release (snode);
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
-
- /* We need to release the packet itself but not its contents
- and thus we detach the openpgp packet and release the structure. */
- _cdk_pkt_detach_free (node->pkt, &pkttype, (void *) &sk);
- _cdk_kbnode_clone (node);
- cdk_kbnode_release (snode);
-
- *ret_sk = sk;
- return 0;
+ cdk_kbnode_t snode, node;
+ cdk_seckey_t sk;
+ cdk_error_t rc;
+ int pkttype;
+
+ if (!keyid || !ret_sk) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!hd) {
+ gnutls_assert();
+ return CDK_Error_No_Keyring;
+ }
+
+ *ret_sk = NULL;
+ rc = cdk_keydb_get_bykeyid(hd, keyid, &snode);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ node = keydb_find_bykeyid(snode, keyid, CDK_DBSEARCH_KEYID);
+ if (!node) {
+ cdk_kbnode_release(snode);
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+
+ /* We need to release the packet itself but not its contents
+ and thus we detach the openpgp packet and release the structure. */
+ _cdk_pkt_detach_free(node->pkt, &pkttype, (void *) &sk);
+ _cdk_kbnode_clone(node);
+ cdk_kbnode_release(snode);
+
+ *ret_sk = sk;
+ return 0;
}
-static int
-is_selfsig (cdk_kbnode_t node, const u32 * keyid)
+static int is_selfsig(cdk_kbnode_t node, const u32 * keyid)
{
- cdk_pkt_signature_t sig;
+ cdk_pkt_signature_t sig;
- if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
- return 0;
- sig = node->pkt->pkt.signature;
- if ((sig->sig_class >= 0x10 && sig->sig_class <= 0x13) &&
- sig->keyid[0] == keyid[0] && sig->keyid[1] == keyid[1])
- return 1;
+ if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
+ return 0;
+ sig = node->pkt->pkt.signature;
+ if ((sig->sig_class >= 0x10 && sig->sig_class <= 0x13) &&
+ sig->keyid[0] == keyid[0] && sig->keyid[1] == keyid[1])
+ return 1;
- return 0;
+ return 0;
}
/* Find the newest self signature for the public key @pk
and return the signature node. */
static cdk_kbnode_t
-find_selfsig_node (cdk_kbnode_t key, cdk_pkt_pubkey_t pk)
+find_selfsig_node(cdk_kbnode_t key, cdk_pkt_pubkey_t pk)
{
- cdk_kbnode_t n, sig;
- unsigned int ts;
- u32 keyid[2];
-
- cdk_pk_get_keyid (pk, keyid);
- sig = NULL;
- ts = 0;
- for (n = key; n; n = n->next)
- {
- if (is_selfsig (n, keyid) && n->pkt->pkt.signature->timestamp > ts)
- {
- ts = n->pkt->pkt.signature->timestamp;
- sig = n;
- }
- }
-
- return sig;
+ cdk_kbnode_t n, sig;
+ unsigned int ts;
+ u32 keyid[2];
+
+ cdk_pk_get_keyid(pk, keyid);
+ sig = NULL;
+ ts = 0;
+ for (n = key; n; n = n->next) {
+ if (is_selfsig(n, keyid)
+ && n->pkt->pkt.signature->timestamp > ts) {
+ ts = n->pkt->pkt.signature->timestamp;
+ sig = n;
+ }
+ }
+
+ return sig;
}
-static unsigned int
-key_usage_to_cdk_usage (unsigned int usage)
+static unsigned int key_usage_to_cdk_usage(unsigned int usage)
{
- unsigned key_usage = 0;
-
- if (usage & 0x01) /* cert + sign data */
- key_usage |= CDK_KEY_USG_CERT_SIGN;
- if (usage & 0x02) /* cert + sign data */
- key_usage |= CDK_KEY_USG_DATA_SIGN;
- if (usage & 0x04) /* encrypt comm. + storage */
- key_usage |= CDK_KEY_USG_COMM_ENCR;
- if (usage & 0x08) /* encrypt comm. + storage */
- key_usage |= CDK_KEY_USG_STORAGE_ENCR;
- if (usage & 0x10) /* encrypt comm. + storage */
- key_usage |= CDK_KEY_USG_SPLIT_KEY;
- if (usage & 0x20)
- key_usage |= CDK_KEY_USG_AUTH;
- if (usage & 0x80) /* encrypt comm. + storage */
- key_usage |= CDK_KEY_USG_SHARED_KEY;
-
- return key_usage;
+ unsigned key_usage = 0;
+
+ if (usage & 0x01) /* cert + sign data */
+ key_usage |= CDK_KEY_USG_CERT_SIGN;
+ if (usage & 0x02) /* cert + sign data */
+ key_usage |= CDK_KEY_USG_DATA_SIGN;
+ if (usage & 0x04) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_COMM_ENCR;
+ if (usage & 0x08) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_STORAGE_ENCR;
+ if (usage & 0x10) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_SPLIT_KEY;
+ if (usage & 0x20)
+ key_usage |= CDK_KEY_USG_AUTH;
+ if (usage & 0x80) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_SHARED_KEY;
+
+ return key_usage;
}
-static cdk_error_t
-keydb_merge_selfsig (cdk_kbnode_t key, u32 * keyid)
+static cdk_error_t keydb_merge_selfsig(cdk_kbnode_t key, u32 * keyid)
{
- cdk_kbnode_t node, kbnode, unode;
- cdk_subpkt_t s = NULL;
- cdk_pkt_signature_t sig = NULL;
- cdk_pkt_userid_t uid = NULL;
- const byte *symalg = NULL, *hashalg = NULL, *compalg = NULL;
- size_t nsymalg = 0, nhashalg = 0, ncompalg = 0, n = 0;
- size_t key_expire = 0;
-
- if (!key)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- for (node = key; node; node = node->next)
- {
- if (!is_selfsig (node, keyid))
- continue;
- unode = cdk_kbnode_find_prev (key, node, CDK_PKT_USER_ID);
- if (!unode)
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- uid = unode->pkt->pkt.user_id;
- sig = node->pkt->pkt.signature;
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PRIMARY_UID);
- if (s)
- uid->is_primary = 1;
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_FEATURES);
- if (s && s->size == 1 && s->d[0] & 0x01)
- uid->mdc_feature = 1;
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_KEY_EXPIRE);
- if (s && s->size == 4)
- key_expire = _cdk_buftou32 (s->d);
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_SYM);
- if (s)
- {
- symalg = s->d;
- nsymalg = s->size;
- n += s->size + 1;
- }
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_HASH);
- if (s)
- {
- hashalg = s->d;
- nhashalg = s->size;
- n += s->size + 1;
- }
- s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_ZIP);
- if (s)
- {
- compalg = s->d;
- ncompalg = s->size;
- n += s->size + 1;
- }
- if (uid->prefs != NULL)
- cdk_free (uid->prefs);
- if (!n || !hashalg || !compalg || !symalg)
- uid->prefs = NULL;
- else
- {
- uid->prefs = cdk_calloc (1, sizeof (*uid->prefs) * (n + 1));
- if (!uid->prefs)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- n = 0;
- for (; nsymalg; nsymalg--, n++)
- {
- uid->prefs[n].type = CDK_PREFTYPE_SYM;
- uid->prefs[n].value = *symalg++;
- }
- for (; nhashalg; nhashalg--, n++)
- {
- uid->prefs[n].type = CDK_PREFTYPE_HASH;
- uid->prefs[n].value = *hashalg++;
- }
- for (; ncompalg; ncompalg--, n++)
- {
- uid->prefs[n].type = CDK_PREFTYPE_ZIP;
- uid->prefs[n].value = *compalg++;
- }
-
- uid->prefs[n].type = CDK_PREFTYPE_NONE; /* end of list marker */
- uid->prefs[n].value = 0;
- uid->prefs_size = n;
- }
- }
-
- /* Now we add the extracted information to the primary key. */
- kbnode = cdk_kbnode_find (key, CDK_PKT_PUBLIC_KEY);
- if (kbnode)
- {
- cdk_pkt_pubkey_t pk = kbnode->pkt->pkt.public_key;
- if (uid && uid->prefs && n)
- {
- if (pk->prefs != NULL)
- cdk_free (pk->prefs);
- pk->prefs = _cdk_copy_prefs (uid->prefs);
- pk->prefs_size = n;
- }
- if (key_expire)
- {
- pk->expiredate = pk->timestamp + key_expire;
- pk->has_expired = pk->expiredate > (u32) gnutls_time (NULL) ? 0 : 1;
- }
-
- pk->is_invalid = 0;
- }
-
- return 0;
+ cdk_kbnode_t node, kbnode, unode;
+ cdk_subpkt_t s = NULL;
+ cdk_pkt_signature_t sig = NULL;
+ cdk_pkt_userid_t uid = NULL;
+ const byte *symalg = NULL, *hashalg = NULL, *compalg = NULL;
+ size_t nsymalg = 0, nhashalg = 0, ncompalg = 0, n = 0;
+ size_t key_expire = 0;
+
+ if (!key) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ for (node = key; node; node = node->next) {
+ if (!is_selfsig(node, keyid))
+ continue;
+ unode = cdk_kbnode_find_prev(key, node, CDK_PKT_USER_ID);
+ if (!unode) {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ uid = unode->pkt->pkt.user_id;
+ sig = node->pkt->pkt.signature;
+ s = cdk_subpkt_find(sig->hashed,
+ CDK_SIGSUBPKT_PRIMARY_UID);
+ if (s)
+ uid->is_primary = 1;
+ s = cdk_subpkt_find(sig->hashed, CDK_SIGSUBPKT_FEATURES);
+ if (s && s->size == 1 && s->d[0] & 0x01)
+ uid->mdc_feature = 1;
+ s = cdk_subpkt_find(sig->hashed, CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s && s->size == 4)
+ key_expire = _cdk_buftou32(s->d);
+ s = cdk_subpkt_find(sig->hashed, CDK_SIGSUBPKT_PREFS_SYM);
+ if (s) {
+ symalg = s->d;
+ nsymalg = s->size;
+ n += s->size + 1;
+ }
+ s = cdk_subpkt_find(sig->hashed, CDK_SIGSUBPKT_PREFS_HASH);
+ if (s) {
+ hashalg = s->d;
+ nhashalg = s->size;
+ n += s->size + 1;
+ }
+ s = cdk_subpkt_find(sig->hashed, CDK_SIGSUBPKT_PREFS_ZIP);
+ if (s) {
+ compalg = s->d;
+ ncompalg = s->size;
+ n += s->size + 1;
+ }
+ if (uid->prefs != NULL)
+ cdk_free(uid->prefs);
+ if (!n || !hashalg || !compalg || !symalg)
+ uid->prefs = NULL;
+ else {
+ uid->prefs =
+ cdk_calloc(1, sizeof(*uid->prefs) * (n + 1));
+ if (!uid->prefs) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ n = 0;
+ for (; nsymalg; nsymalg--, n++) {
+ uid->prefs[n].type = CDK_PREFTYPE_SYM;
+ uid->prefs[n].value = *symalg++;
+ }
+ for (; nhashalg; nhashalg--, n++) {
+ uid->prefs[n].type = CDK_PREFTYPE_HASH;
+ uid->prefs[n].value = *hashalg++;
+ }
+ for (; ncompalg; ncompalg--, n++) {
+ uid->prefs[n].type = CDK_PREFTYPE_ZIP;
+ uid->prefs[n].value = *compalg++;
+ }
+
+ uid->prefs[n].type = CDK_PREFTYPE_NONE; /* end of list marker */
+ uid->prefs[n].value = 0;
+ uid->prefs_size = n;
+ }
+ }
+
+ /* Now we add the extracted information to the primary key. */
+ kbnode = cdk_kbnode_find(key, CDK_PKT_PUBLIC_KEY);
+ if (kbnode) {
+ cdk_pkt_pubkey_t pk = kbnode->pkt->pkt.public_key;
+ if (uid && uid->prefs && n) {
+ if (pk->prefs != NULL)
+ cdk_free(pk->prefs);
+ pk->prefs = _cdk_copy_prefs(uid->prefs);
+ pk->prefs_size = n;
+ }
+ if (key_expire) {
+ pk->expiredate = pk->timestamp + key_expire;
+ pk->has_expired =
+ pk->expiredate >
+ (u32) gnutls_time(NULL) ? 0 : 1;
+ }
+
+ pk->is_invalid = 0;
+ }
+
+ return 0;
}
static cdk_error_t
-keydb_parse_allsigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check)
+keydb_parse_allsigs(cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check)
{
- cdk_kbnode_t node, kb;
- cdk_pkt_signature_t sig;
- cdk_pkt_pubkey_t pk;
- cdk_subpkt_t s = NULL;
- u32 expiredate = 0, curtime = (u32) gnutls_time (NULL);
- u32 keyid[2];
-
- if (!knode)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (check && !hd)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- kb = cdk_kbnode_find (knode, CDK_PKT_SECRET_KEY);
- if (kb)
- return 0;
-
- /* Reset */
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_USER_ID)
- node->pkt->pkt.user_id->is_revoked = 0;
- else if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- node->pkt->pkt.public_key->is_revoked = 0;
- }
-
- kb = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (!kb)
- {
- gnutls_assert ();
- return CDK_Wrong_Format;
- }
- cdk_pk_get_keyid (kb->pkt->pkt.public_key, keyid);
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_SIGNATURE)
- {
- sig = node->pkt->pkt.signature;
- /* Revocation certificates for primary keys */
- if (sig->sig_class == 0x20)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
- if (kb)
- {
- kb->pkt->pkt.public_key->is_revoked = 1;
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Revocation certificates for subkeys */
- else if (sig->sig_class == 0x28)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
- if (kb)
- {
- kb->pkt->pkt.public_key->is_revoked = 1;
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Revocation certifcates for user ID's */
- else if (sig->sig_class == 0x30)
- {
- if (sig->keyid[0] != keyid[0] || sig->keyid[1] != keyid[1])
- continue; /* revokes an earlier signature, no userID. */
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_USER_ID);
- if (kb)
- {
- kb->pkt->pkt.user_id->is_revoked = 1;
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Direct certificates for primary keys */
- else if (sig->sig_class == 0x1F)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
- if (kb)
- {
- pk = kb->pkt->pkt.public_key;
- pk->is_invalid = 0;
- s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
- CDK_SIGSUBPKT_KEY_EXPIRE);
- if (s)
- {
- expiredate = _cdk_buftou32 (s->d);
- pk->expiredate = pk->timestamp + expiredate;
- pk->has_expired = pk->expiredate > curtime ? 0 : 1;
- }
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- /* Direct certificates for subkeys */
- else if (sig->sig_class == 0x18)
- {
- kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
- if (kb)
- {
- pk = kb->pkt->pkt.public_key;
- pk->is_invalid = 0;
- s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
- CDK_SIGSUBPKT_KEY_EXPIRE);
- if (s)
- {
- expiredate = _cdk_buftou32 (s->d);
- pk->expiredate = pk->timestamp + expiredate;
- pk->has_expired = pk->expiredate > curtime ? 0 : 1;
- }
- if (check)
- _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
- }
- else
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
- }
- }
- }
- node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (node && node->pkt->pkt.public_key->version == 3)
- {
- /* v3 public keys have no additonal signatures for the key directly.
- we say the key is valid when we have at least a self signature. */
- pk = node->pkt->pkt.public_key;
- for (node = knode; node; node = node->next)
- {
- if (is_selfsig (node, keyid))
- {
- pk->is_invalid = 0;
- break;
- }
- }
- }
- if (node && (node->pkt->pkt.public_key->is_revoked ||
- node->pkt->pkt.public_key->has_expired))
- {
- /* If the primary key has been revoked, mark all subkeys as invalid
- because without a primary key they are not useable */
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- node->pkt->pkt.public_key->is_invalid = 1;
- }
- }
-
- return 0;
+ cdk_kbnode_t node, kb;
+ cdk_pkt_signature_t sig;
+ cdk_pkt_pubkey_t pk;
+ cdk_subpkt_t s = NULL;
+ u32 expiredate = 0, curtime = (u32) gnutls_time(NULL);
+ u32 keyid[2];
+
+ if (!knode) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (check && !hd) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ kb = cdk_kbnode_find(knode, CDK_PKT_SECRET_KEY);
+ if (kb)
+ return 0;
+
+ /* Reset */
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_USER_ID)
+ node->pkt->pkt.user_id->is_revoked = 0;
+ else if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ node->pkt->pkt.public_key->is_revoked = 0;
+ }
+
+ kb = cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY);
+ if (!kb) {
+ gnutls_assert();
+ return CDK_Wrong_Format;
+ }
+ cdk_pk_get_keyid(kb->pkt->pkt.public_key, keyid);
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE) {
+ sig = node->pkt->pkt.signature;
+ /* Revocation certificates for primary keys */
+ if (sig->sig_class == 0x20) {
+ kb = cdk_kbnode_find_prev(knode, node,
+ CDK_PKT_PUBLIC_KEY);
+ if (kb) {
+ kb->pkt->pkt.public_key->
+ is_revoked = 1;
+ if (check)
+ _cdk_pk_check_sig(hd, kb,
+ node,
+ NULL,
+ NULL);
+ } else {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Revocation certificates for subkeys */
+ else if (sig->sig_class == 0x28) {
+ kb = cdk_kbnode_find_prev(knode, node,
+ CDK_PKT_PUBLIC_SUBKEY);
+ if (kb) {
+ kb->pkt->pkt.public_key->
+ is_revoked = 1;
+ if (check)
+ _cdk_pk_check_sig(hd, kb,
+ node,
+ NULL,
+ NULL);
+ } else {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Revocation certifcates for user ID's */
+ else if (sig->sig_class == 0x30) {
+ if (sig->keyid[0] != keyid[0]
+ || sig->keyid[1] != keyid[1])
+ continue; /* revokes an earlier signature, no userID. */
+ kb = cdk_kbnode_find_prev(knode, node,
+ CDK_PKT_USER_ID);
+ if (kb) {
+ kb->pkt->pkt.user_id->is_revoked =
+ 1;
+ if (check)
+ _cdk_pk_check_sig(hd, kb,
+ node,
+ NULL,
+ NULL);
+ } else {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Direct certificates for primary keys */
+ else if (sig->sig_class == 0x1F) {
+ kb = cdk_kbnode_find_prev(knode, node,
+ CDK_PKT_PUBLIC_KEY);
+ if (kb) {
+ pk = kb->pkt->pkt.public_key;
+ pk->is_invalid = 0;
+ s = cdk_subpkt_find(node->pkt->pkt.
+ signature->
+ hashed,
+ CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s) {
+ expiredate =
+ _cdk_buftou32(s->d);
+ pk->expiredate =
+ pk->timestamp +
+ expiredate;
+ pk->has_expired =
+ pk->expiredate >
+ curtime ? 0 : 1;
+ }
+ if (check)
+ _cdk_pk_check_sig(hd, kb,
+ node,
+ NULL,
+ NULL);
+ } else {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Direct certificates for subkeys */
+ else if (sig->sig_class == 0x18) {
+ kb = cdk_kbnode_find_prev(knode, node,
+ CDK_PKT_PUBLIC_SUBKEY);
+ if (kb) {
+ pk = kb->pkt->pkt.public_key;
+ pk->is_invalid = 0;
+ s = cdk_subpkt_find(node->pkt->pkt.
+ signature->
+ hashed,
+ CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s) {
+ expiredate =
+ _cdk_buftou32(s->d);
+ pk->expiredate =
+ pk->timestamp +
+ expiredate;
+ pk->has_expired =
+ pk->expiredate >
+ curtime ? 0 : 1;
+ }
+ if (check)
+ _cdk_pk_check_sig(hd, kb,
+ node,
+ NULL,
+ NULL);
+ } else {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+ }
+ }
+ }
+ node = cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY);
+ if (node && node->pkt->pkt.public_key->version == 3) {
+ /* v3 public keys have no additonal signatures for the key directly.
+ we say the key is valid when we have at least a self signature. */
+ pk = node->pkt->pkt.public_key;
+ for (node = knode; node; node = node->next) {
+ if (is_selfsig(node, keyid)) {
+ pk->is_invalid = 0;
+ break;
+ }
+ }
+ }
+ if (node && (node->pkt->pkt.public_key->is_revoked ||
+ node->pkt->pkt.public_key->has_expired)) {
+ /* If the primary key has been revoked, mark all subkeys as invalid
+ because without a primary key they are not useable */
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ node->pkt->pkt.public_key->is_invalid = 1;
+ }
+ }
+
+ return 0;
}
static void
-add_key_usage (cdk_kbnode_t knode, u32 keyid[2], unsigned int usage)
+add_key_usage(cdk_kbnode_t knode, u32 keyid[2], unsigned int usage)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
-
- ctx = NULL;
- while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if ((pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
- || pkt->pkttype == CDK_PKT_PUBLIC_KEY)
- && pkt->pkt.public_key->keyid[0] == keyid[0]
- && pkt->pkt.public_key->keyid[1] == keyid[1])
- {
- pkt->pkt.public_key->pubkey_usage = usage;
- return;
- }
- }
- return;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+
+ ctx = NULL;
+ while ((p = cdk_kbnode_walk(knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if ((pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
+ || pkt->pkttype == CDK_PKT_PUBLIC_KEY)
+ && pkt->pkt.public_key->keyid[0] == keyid[0]
+ && pkt->pkt.public_key->keyid[1] == keyid[1]) {
+ pkt->pkt.public_key->pubkey_usage = usage;
+ return;
+ }
+ }
+ return;
}
cdk_error_t
-cdk_keydb_get_keyblock (cdk_stream_t inp, cdk_kbnode_t * r_knode)
+cdk_keydb_get_keyblock(cdk_stream_t inp, cdk_kbnode_t * r_knode)
{
- cdk_packet_t pkt;
- cdk_kbnode_t knode, node;
- cdk_desig_revoker_t revkeys;
- cdk_error_t rc;
- u32 keyid[2], main_keyid[2];
- off_t old_off;
- int key_seen, got_key;
-
- if (!inp || !r_knode)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- /* Reset all values. */
- keyid[0] = keyid[1] = 0;
- main_keyid[0] = main_keyid[1] = 0;
- revkeys = NULL;
- knode = NULL;
- key_seen = got_key = 0;
-
- *r_knode = NULL;
- rc = CDK_EOF;
- while (!cdk_stream_eof (inp))
- {
- cdk_pkt_new (&pkt);
- old_off = cdk_stream_tell (inp);
- rc = cdk_pkt_read (inp, pkt);
- if (rc)
- {
- cdk_pkt_release (pkt);
- if (rc == CDK_EOF)
- break;
- else
- { /* Release all packets we reached so far. */
- _cdk_log_debug ("keydb_get_keyblock: error %d\n", rc);
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
- }
-
- if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- pkt->pkttype == CDK_PKT_SECRET_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- if (key_seen && (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_KEY))
- {
- /* The next key starts here so set the file pointer
- and leave the loop. */
- cdk_stream_seek (inp, old_off);
- cdk_pkt_release (pkt);
- break;
- }
- if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
- pkt->pkttype == CDK_PKT_SECRET_KEY)
- {
- _cdk_pkt_get_keyid (pkt, main_keyid);
- key_seen = 1;
- }
- else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
- pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- {
- if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- {
- pkt->pkt.public_key->main_keyid[0] = main_keyid[0];
- pkt->pkt.public_key->main_keyid[1] = main_keyid[1];
- }
- else
- {
- pkt->pkt.secret_key->main_keyid[0] = main_keyid[0];
- pkt->pkt.secret_key->main_keyid[1] = main_keyid[1];
- }
- }
- /* We save this for the signature */
- _cdk_pkt_get_keyid (pkt, keyid);
- got_key = 1;
- }
- else if (pkt->pkttype == CDK_PKT_USER_ID)
- ;
- else if (pkt->pkttype == CDK_PKT_SIGNATURE)
- {
- cdk_subpkt_t s;
-
- pkt->pkt.signature->key[0] = keyid[0];
- pkt->pkt.signature->key[1] = keyid[1];
- if (pkt->pkt.signature->sig_class == 0x1F &&
- pkt->pkt.signature->revkeys)
- revkeys = pkt->pkt.signature->revkeys;
-
- s =
- cdk_subpkt_find (pkt->pkt.signature->hashed,
- CDK_SIGSUBPKT_KEY_FLAGS);
- if (s)
- {
- unsigned int key_usage = key_usage_to_cdk_usage (s->d[0]);
- add_key_usage (knode, pkt->pkt.signature->key, key_usage);
- }
- }
- node = cdk_kbnode_new (pkt);
- if (!knode)
- knode = node;
- else
- _cdk_kbnode_add (knode, node);
- }
-
- if (got_key)
- {
- keydb_merge_selfsig (knode, main_keyid);
- rc = keydb_parse_allsigs (knode, NULL, 0);
- if (revkeys)
- {
- node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (node)
- node->pkt->pkt.public_key->revkeys = revkeys;
- }
- }
- else
- cdk_kbnode_release (knode);
- *r_knode = got_key ? knode : NULL;
-
- /* It is possible that we are in an EOF condition after we
- successfully read a keyblock. For example if the requested
- key is the last in the file. */
- if (rc == CDK_EOF && got_key)
- rc = 0;
- return rc;
+ cdk_packet_t pkt;
+ cdk_kbnode_t knode, node;
+ cdk_desig_revoker_t revkeys;
+ cdk_error_t rc;
+ u32 keyid[2], main_keyid[2];
+ off_t old_off;
+ int key_seen, got_key;
+
+ if (!inp || !r_knode) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ /* Reset all values. */
+ keyid[0] = keyid[1] = 0;
+ main_keyid[0] = main_keyid[1] = 0;
+ revkeys = NULL;
+ knode = NULL;
+ key_seen = got_key = 0;
+
+ *r_knode = NULL;
+ rc = CDK_EOF;
+ while (!cdk_stream_eof(inp)) {
+ cdk_pkt_new(&pkt);
+ old_off = cdk_stream_tell(inp);
+ rc = cdk_pkt_read(inp, pkt);
+ if (rc) {
+ cdk_pkt_release(pkt);
+ if (rc == CDK_EOF)
+ break;
+ else { /* Release all packets we reached so far. */
+ _cdk_log_debug
+ ("keydb_get_keyblock: error %d\n", rc);
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY) {
+ if (key_seen
+ && (pkt->pkttype == CDK_PKT_PUBLIC_KEY
+ || pkt->pkttype == CDK_PKT_SECRET_KEY)) {
+ /* The next key starts here so set the file pointer
+ and leave the loop. */
+ cdk_stream_seek(inp, old_off);
+ cdk_pkt_release(pkt);
+ break;
+ }
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_KEY) {
+ _cdk_pkt_get_keyid(pkt, main_keyid);
+ key_seen = 1;
+ } else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY) {
+ if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) {
+ pkt->pkt.public_key->
+ main_keyid[0] = main_keyid[0];
+ pkt->pkt.public_key->
+ main_keyid[1] = main_keyid[1];
+ } else {
+ pkt->pkt.secret_key->
+ main_keyid[0] = main_keyid[0];
+ pkt->pkt.secret_key->
+ main_keyid[1] = main_keyid[1];
+ }
+ }
+ /* We save this for the signature */
+ _cdk_pkt_get_keyid(pkt, keyid);
+ got_key = 1;
+ } else if (pkt->pkttype == CDK_PKT_USER_ID);
+ else if (pkt->pkttype == CDK_PKT_SIGNATURE) {
+ cdk_subpkt_t s;
+
+ pkt->pkt.signature->key[0] = keyid[0];
+ pkt->pkt.signature->key[1] = keyid[1];
+ if (pkt->pkt.signature->sig_class == 0x1F &&
+ pkt->pkt.signature->revkeys)
+ revkeys = pkt->pkt.signature->revkeys;
+
+ s = cdk_subpkt_find(pkt->pkt.signature->hashed,
+ CDK_SIGSUBPKT_KEY_FLAGS);
+ if (s) {
+ unsigned int key_usage =
+ key_usage_to_cdk_usage(s->d[0]);
+ add_key_usage(knode,
+ pkt->pkt.signature->key,
+ key_usage);
+ }
+ }
+ node = cdk_kbnode_new(pkt);
+ if (!knode)
+ knode = node;
+ else
+ _cdk_kbnode_add(knode, node);
+ }
+
+ if (got_key) {
+ keydb_merge_selfsig(knode, main_keyid);
+ rc = keydb_parse_allsigs(knode, NULL, 0);
+ if (revkeys) {
+ node = cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY);
+ if (node)
+ node->pkt->pkt.public_key->revkeys =
+ revkeys;
+ }
+ } else
+ cdk_kbnode_release(knode);
+ *r_knode = got_key ? knode : NULL;
+
+ /* It is possible that we are in an EOF condition after we
+ successfully read a keyblock. For example if the requested
+ key is the last in the file. */
+ if (rc == CDK_EOF && got_key)
+ rc = 0;
+ return rc;
}
/* Return the type of the given data. In case it cannot be classified,
a substring search will be performed. */
-static int
-classify_data (const byte * buf, size_t len)
+static int classify_data(const byte * buf, size_t len)
{
- int type;
- unsigned int i;
-
- if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X'))
- { /* Skip hex prefix. */
- buf += 2;
- len -= 2;
- }
-
- /* The length of the data does not match either a keyid or a fingerprint. */
- if (len != 8 && len != 16 && len != 40)
- return CDK_DBSEARCH_SUBSTR;
-
- for (i = 0; i < len; i++)
- {
- if (!isxdigit (buf[i]))
- return CDK_DBSEARCH_SUBSTR;
- }
- if (i != len)
- return CDK_DBSEARCH_SUBSTR;
- switch (len)
- {
- case 8:
- type = CDK_DBSEARCH_SHORT_KEYID;
- break;
- case 16:
- type = CDK_DBSEARCH_KEYID;
- break;
- case 40:
- type = CDK_DBSEARCH_FPR;
- break;
- default:
- type = CDK_DBSEARCH_SUBSTR;
- break;
- }
-
- return type;
+ int type;
+ unsigned int i;
+
+ if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X')) { /* Skip hex prefix. */
+ buf += 2;
+ len -= 2;
+ }
+
+ /* The length of the data does not match either a keyid or a fingerprint. */
+ if (len != 8 && len != 16 && len != 40)
+ return CDK_DBSEARCH_SUBSTR;
+
+ for (i = 0; i < len; i++) {
+ if (!isxdigit(buf[i]))
+ return CDK_DBSEARCH_SUBSTR;
+ }
+ if (i != len)
+ return CDK_DBSEARCH_SUBSTR;
+ switch (len) {
+ case 8:
+ type = CDK_DBSEARCH_SHORT_KEYID;
+ break;
+ case 16:
+ type = CDK_DBSEARCH_KEYID;
+ break;
+ case 40:
+ type = CDK_DBSEARCH_FPR;
+ break;
+ default:
+ type = CDK_DBSEARCH_SUBSTR;
+ break;
+ }
+
+ return type;
}
@@ -1980,265 +1857,244 @@ classify_data (const byte * buf, size_t len)
* This procedure strips local signatures.
**/
cdk_error_t
-cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out, cdk_strlist_t remusr)
+cdk_keydb_export(cdk_keydb_hd_t hd, cdk_stream_t out, cdk_strlist_t remusr)
{
- cdk_kbnode_t knode, node;
- cdk_strlist_t r;
- cdk_error_t rc;
- int old_ctb;
- cdk_keydb_search_t st;
-
- for (r = remusr; r; r = r->next)
- {
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, r->d);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- rc = cdk_keydb_search (st, hd, &knode);
- cdk_keydb_search_release (st);
-
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
- if (!node)
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
-
- /* If the key is a version 3 key, use the old packet
- format for the output. */
- if (node->pkt->pkt.public_key->version == 3)
- old_ctb = 1;
- else
- old_ctb = 0;
-
- for (node = knode; node; node = node->next)
- {
- /* No specified format; skip them */
- if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
- continue;
- /* We never export local signed signatures */
- if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
- !node->pkt->pkt.signature->flags.exportable)
- continue;
- /* Filter out invalid signatures */
- if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
- (!KEY_CAN_SIGN (node->pkt->pkt.signature->pubkey_algo)))
- continue;
-
- /* Adjust the ctb flag if needed. */
- node->pkt->old_ctb = old_ctb;
- rc = cdk_pkt_write (out, node->pkt);
- if (rc)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
- }
- cdk_kbnode_release (knode);
- knode = NULL;
- }
- return 0;
+ cdk_kbnode_t knode, node;
+ cdk_strlist_t r;
+ cdk_error_t rc;
+ int old_ctb;
+ cdk_keydb_search_t st;
+
+ for (r = remusr; r; r = r->next) {
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_AUTO,
+ r->d);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ rc = cdk_keydb_search(st, hd, &knode);
+ cdk_keydb_search_release(st);
+
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ node = cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY);
+ if (!node) {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+
+ /* If the key is a version 3 key, use the old packet
+ format for the output. */
+ if (node->pkt->pkt.public_key->version == 3)
+ old_ctb = 1;
+ else
+ old_ctb = 0;
+
+ for (node = knode; node; node = node->next) {
+ /* No specified format; skip them */
+ if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
+ continue;
+ /* We never export local signed signatures */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ !node->pkt->pkt.signature->flags.exportable)
+ continue;
+ /* Filter out invalid signatures */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ (!KEY_CAN_SIGN
+ (node->pkt->pkt.signature->pubkey_algo)))
+ continue;
+
+ /* Adjust the ctb flag if needed. */
+ node->pkt->old_ctb = old_ctb;
+ rc = cdk_pkt_write(out, node->pkt);
+ if (rc) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return rc;
+ }
+ }
+ cdk_kbnode_release(knode);
+ knode = NULL;
+ }
+ return 0;
}
-static cdk_packet_t
-find_key_packet (cdk_kbnode_t knode, int *r_is_sk)
+static cdk_packet_t find_key_packet(cdk_kbnode_t knode, int *r_is_sk)
{
- cdk_packet_t pkt;
-
- pkt = cdk_kbnode_find_packet (knode, CDK_PKT_PUBLIC_KEY);
- if (!pkt)
- {
- pkt = cdk_kbnode_find_packet (knode, CDK_PKT_SECRET_KEY);
- if (r_is_sk)
- *r_is_sk = pkt ? 1 : 0;
- }
- return pkt;
+ cdk_packet_t pkt;
+
+ pkt = cdk_kbnode_find_packet(knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt) {
+ pkt = cdk_kbnode_find_packet(knode, CDK_PKT_SECRET_KEY);
+ if (r_is_sk)
+ *r_is_sk = pkt ? 1 : 0;
+ }
+ return pkt;
}
/* Return 1 if the is allowd in a key node. */
-static int
-is_key_node (cdk_kbnode_t node)
+static int is_key_node(cdk_kbnode_t node)
{
- switch (node->pkt->pkttype)
- {
- case CDK_PKT_SIGNATURE:
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- case CDK_PKT_USER_ID:
- case CDK_PKT_ATTRIBUTE:
- return 1;
-
- default:
- return 0;
- }
-
- return 0;
+ switch (node->pkt->pkttype) {
+ case CDK_PKT_SIGNATURE:
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ case CDK_PKT_USER_ID:
+ case CDK_PKT_ATTRIBUTE:
+ return 1;
+
+ default:
+ return 0;
+ }
+
+ return 0;
}
-cdk_error_t
-cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode)
+cdk_error_t cdk_keydb_import(cdk_keydb_hd_t hd, cdk_kbnode_t knode)
{
- cdk_kbnode_t node, chk;
- cdk_packet_t pkt;
- cdk_stream_t out;
- cdk_error_t rc;
- u32 keyid[2];
-
- if (!hd || !knode)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- pkt = find_key_packet (knode, NULL);
- if (!pkt)
- {
- gnutls_assert ();
- return CDK_Inv_Packet;
- }
-
- _cdk_pkt_get_keyid (pkt, keyid);
- chk = NULL;
- cdk_keydb_get_bykeyid (hd, keyid, &chk);
- if (chk)
- { /* FIXME: search for new signatures */
- cdk_kbnode_release (chk);
- return 0;
- }
-
- /* We append data to the stream so we need to close
- the stream here to re-open it later. */
- if (hd->fp)
- {
- cdk_stream_close (hd->fp);
- hd->fp = NULL;
- }
-
- rc = _cdk_stream_append (hd->name, &out);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- for (node = knode; node; node = node->next)
- {
- if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
- continue; /* No uniformed syntax for this packet */
- if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
- !node->pkt->pkt.signature->flags.exportable)
- {
- _cdk_log_debug ("key db import: skip local signature\n");
- continue;
- }
-
- if (!is_key_node (node))
- {
- _cdk_log_debug ("key db import: skip invalid node of type %d\n",
- node->pkt->pkttype);
- continue;
- }
-
- rc = cdk_pkt_write (out, node->pkt);
- if (rc)
- {
- cdk_stream_close (out);
- gnutls_assert ();
- return rc;
- }
- }
-
- cdk_stream_close (out);
- hd->stats.new_keys++;
-
- return 0;
+ cdk_kbnode_t node, chk;
+ cdk_packet_t pkt;
+ cdk_stream_t out;
+ cdk_error_t rc;
+ u32 keyid[2];
+
+ if (!hd || !knode) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ pkt = find_key_packet(knode, NULL);
+ if (!pkt) {
+ gnutls_assert();
+ return CDK_Inv_Packet;
+ }
+
+ _cdk_pkt_get_keyid(pkt, keyid);
+ chk = NULL;
+ cdk_keydb_get_bykeyid(hd, keyid, &chk);
+ if (chk) { /* FIXME: search for new signatures */
+ cdk_kbnode_release(chk);
+ return 0;
+ }
+
+ /* We append data to the stream so we need to close
+ the stream here to re-open it later. */
+ if (hd->fp) {
+ cdk_stream_close(hd->fp);
+ hd->fp = NULL;
+ }
+
+ rc = _cdk_stream_append(hd->name, &out);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ for (node = knode; node; node = node->next) {
+ if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
+ continue; /* No uniformed syntax for this packet */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ !node->pkt->pkt.signature->flags.exportable) {
+ _cdk_log_debug
+ ("key db import: skip local signature\n");
+ continue;
+ }
+
+ if (!is_key_node(node)) {
+ _cdk_log_debug
+ ("key db import: skip invalid node of type %d\n",
+ node->pkt->pkttype);
+ continue;
+ }
+
+ rc = cdk_pkt_write(out, node->pkt);
+ if (rc) {
+ cdk_stream_close(out);
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ cdk_stream_close(out);
+ hd->stats.new_keys++;
+
+ return 0;
}
cdk_error_t
-_cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, const char *id)
+_cdk_keydb_check_userid(cdk_keydb_hd_t hd, u32 * keyid, const char *id)
{
- cdk_kbnode_t knode = NULL, unode = NULL;
- cdk_error_t rc;
- int check;
- cdk_keydb_search_t st;
-
- if (!hd)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- rc = cdk_keydb_search (st, hd, &knode);
- cdk_keydb_search_release (st);
-
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
- if (!rc)
- {
- rc = cdk_keydb_search (st, hd, &unode);
- cdk_keydb_search_release (st);
- }
- if (rc)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
-
- check = 0;
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
- if (rc)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
-
- if (unode && find_by_keyid (unode, st))
- check++;
- cdk_keydb_search_release (st);
- cdk_kbnode_release (unode);
-
- rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
- if (rc)
- {
- cdk_kbnode_release (knode);
- gnutls_assert ();
- return rc;
- }
-
- if (knode && find_by_pattern (knode, st))
- check++;
- cdk_keydb_search_release (st);
- cdk_kbnode_release (knode);
-
- return check == 2 ? 0 : CDK_Inv_Value;
+ cdk_kbnode_t knode = NULL, unode = NULL;
+ cdk_error_t rc;
+ int check;
+ cdk_keydb_search_t st;
+
+ if (!hd) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_KEYID, keyid);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ rc = cdk_keydb_search(st, hd, &knode);
+ cdk_keydb_search_release(st);
+
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_EXACT,
+ (char *) id);
+ if (!rc) {
+ rc = cdk_keydb_search(st, hd, &unode);
+ cdk_keydb_search_release(st);
+ }
+ if (rc) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return rc;
+ }
+
+ check = 0;
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_KEYID, keyid);
+ if (rc) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return rc;
+ }
+
+ if (unode && find_by_keyid(unode, st))
+ check++;
+ cdk_keydb_search_release(st);
+ cdk_kbnode_release(unode);
+
+ rc = cdk_keydb_search_start(&st, hd, CDK_DBSEARCH_EXACT,
+ (char *) id);
+ if (rc) {
+ cdk_kbnode_release(knode);
+ gnutls_assert();
+ return rc;
+ }
+
+ if (knode && find_by_pattern(knode, st))
+ check++;
+ cdk_keydb_search_release(st);
+ cdk_kbnode_release(knode);
+
+ return check == 2 ? 0 : CDK_Inv_Value;
}
@@ -2250,51 +2106,44 @@ _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, const char *id)
* Check if a secret key with the given key ID is available
* in the key database.
**/
-cdk_error_t
-cdk_keydb_check_sk (cdk_keydb_hd_t hd, u32 * keyid)
+cdk_error_t cdk_keydb_check_sk(cdk_keydb_hd_t hd, u32 * keyid)
{
- cdk_stream_t db;
- cdk_packet_t pkt;
- cdk_error_t rc;
- u32 kid[2];
-
- if (!hd || !keyid)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!hd->secret)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- rc = _cdk_keydb_open (hd, &db);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- cdk_pkt_new (&pkt);
- while (!cdk_pkt_read (db, pkt))
- {
- if (pkt->pkttype != CDK_PKT_SECRET_KEY &&
- pkt->pkttype != CDK_PKT_SECRET_SUBKEY)
- {
- cdk_pkt_free (pkt);
- continue;
- }
- cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
- if (KEYID_CMP (kid, keyid))
- {
- cdk_pkt_release (pkt);
- return 0;
- }
- cdk_pkt_free (pkt);
- }
- cdk_pkt_release (pkt);
- gnutls_assert ();
- return CDK_Error_No_Key;
+ cdk_stream_t db;
+ cdk_packet_t pkt;
+ cdk_error_t rc;
+ u32 kid[2];
+
+ if (!hd || !keyid) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!hd->secret) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ rc = _cdk_keydb_open(hd, &db);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ cdk_pkt_new(&pkt);
+ while (!cdk_pkt_read(db, pkt)) {
+ if (pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ pkt->pkttype != CDK_PKT_SECRET_SUBKEY) {
+ cdk_pkt_free(pkt);
+ continue;
+ }
+ cdk_sk_get_keyid(pkt->pkt.secret_key, kid);
+ if (KEYID_CMP(kid, keyid)) {
+ cdk_pkt_release(pkt);
+ return 0;
+ }
+ cdk_pkt_free(pkt);
+ }
+ cdk_pkt_release(pkt);
+ gnutls_assert();
+ return CDK_Error_No_Key;
}
@@ -2311,56 +2160,48 @@ cdk_keydb_check_sk (cdk_keydb_hd_t hd, u32 * keyid)
* which should be listed.
**/
cdk_error_t
-cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
- const char *patt, cdk_strlist_t fpatt)
+cdk_listkey_start(cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
+ const char *patt, cdk_strlist_t fpatt)
{
- cdk_listkey_t ctx;
- cdk_stream_t inp;
- cdk_error_t rc;
-
- if (!r_ctx || !db)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if ((patt && fpatt) || (!patt && !fpatt))
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- rc = _cdk_keydb_open (db, &inp);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- ctx = cdk_calloc (1, sizeof *ctx);
- if (!ctx)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- ctx->db = db;
- ctx->inp = inp;
- if (patt)
- {
- ctx->u.patt = cdk_strdup (patt);
- if (!ctx->u.patt)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- }
- else if (fpatt)
- {
- cdk_strlist_t l;
- for (l = fpatt; l; l = l->next)
- cdk_strlist_add (&ctx->u.fpatt, l->d);
- }
- ctx->type = patt ? 1 : 0;
- ctx->init = 1;
- *r_ctx = ctx;
- return 0;
+ cdk_listkey_t ctx;
+ cdk_stream_t inp;
+ cdk_error_t rc;
+
+ if (!r_ctx || !db) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if ((patt && fpatt) || (!patt && !fpatt)) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+ rc = _cdk_keydb_open(db, &inp);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ ctx = cdk_calloc(1, sizeof *ctx);
+ if (!ctx) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ ctx->db = db;
+ ctx->inp = inp;
+ if (patt) {
+ ctx->u.patt = cdk_strdup(patt);
+ if (!ctx->u.patt) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ } else if (fpatt) {
+ cdk_strlist_t l;
+ for (l = fpatt; l; l = l->next)
+ cdk_strlist_add(&ctx->u.fpatt, l->d);
+ }
+ ctx->type = patt ? 1 : 0;
+ ctx->init = 1;
+ *r_ctx = ctx;
+ return 0;
}
@@ -2370,17 +2211,16 @@ cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
*
* Free the list key context.
**/
-void
-cdk_listkey_close (cdk_listkey_t ctx)
+void cdk_listkey_close(cdk_listkey_t ctx)
{
- if (!ctx)
- return;
-
- if (ctx->type)
- cdk_free (ctx->u.patt);
- else
- cdk_strlist_free (ctx->u.fpatt);
- cdk_free (ctx);
+ if (!ctx)
+ return;
+
+ if (ctx->type)
+ cdk_free(ctx->u.patt);
+ else
+ cdk_strlist_free(ctx->u.fpatt);
+ cdk_free(ctx);
}
@@ -2391,65 +2231,56 @@ cdk_listkey_close (cdk_listkey_t ctx)
*
* Retrieve the next key from the pattern of the key list context.
**/
-cdk_error_t
-cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key)
+cdk_error_t cdk_listkey_next(cdk_listkey_t ctx, cdk_kbnode_t * ret_key)
{
- if (!ctx || !ret_key)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!ctx->init)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- if (ctx->type && ctx->u.patt[0] == '*')
- return cdk_keydb_get_keyblock (ctx->inp, ret_key);
- else if (ctx->type)
- {
- cdk_kbnode_t node;
- struct cdk_keydb_search_s ks;
- cdk_error_t rc;
-
- for (;;)
- {
- rc = cdk_keydb_get_keyblock (ctx->inp, &node);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- memset (&ks, 0, sizeof (ks));
- ks.type = CDK_DBSEARCH_SUBSTR;
- ks.u.pattern = ctx->u.patt;
- if (find_by_pattern (node, &ks))
- {
- *ret_key = node;
- return 0;
- }
- cdk_kbnode_release (node);
- node = NULL;
- }
- }
- else
- {
- if (!ctx->t)
- ctx->t = ctx->u.fpatt;
- else if (ctx->t->next)
- ctx->t = ctx->t->next;
- else
- return CDK_EOF;
- return cdk_keydb_get_bypattern (ctx->db, ctx->t->d, ret_key);
- }
- gnutls_assert ();
- return CDK_General_Error;
+ if (!ctx || !ret_key) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!ctx->init) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ if (ctx->type && ctx->u.patt[0] == '*')
+ return cdk_keydb_get_keyblock(ctx->inp, ret_key);
+ else if (ctx->type) {
+ cdk_kbnode_t node;
+ struct cdk_keydb_search_s ks;
+ cdk_error_t rc;
+
+ for (;;) {
+ rc = cdk_keydb_get_keyblock(ctx->inp, &node);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ memset(&ks, 0, sizeof(ks));
+ ks.type = CDK_DBSEARCH_SUBSTR;
+ ks.u.pattern = ctx->u.patt;
+ if (find_by_pattern(node, &ks)) {
+ *ret_key = node;
+ return 0;
+ }
+ cdk_kbnode_release(node);
+ node = NULL;
+ }
+ } else {
+ if (!ctx->t)
+ ctx->t = ctx->u.fpatt;
+ else if (ctx->t->next)
+ ctx->t = ctx->t->next;
+ else
+ return CDK_EOF;
+ return cdk_keydb_get_bypattern(ctx->db, ctx->t->d,
+ ret_key);
+ }
+ gnutls_assert();
+ return CDK_General_Error;
}
-int
-_cdk_keydb_is_secret (cdk_keydb_hd_t db)
+int _cdk_keydb_is_secret(cdk_keydb_hd_t db)
{
- return db->secret;
+ return db->secret;
}
diff --git a/lib/opencdk/keydb.h b/lib/opencdk/keydb.h
index 086bfa88d3..a7a12c1e85 100644
--- a/lib/opencdk/keydb.h
+++ b/lib/opencdk/keydb.h
@@ -21,54 +21,48 @@
*/
/* Internal key index structure. */
-struct key_idx_s
-{
- off_t offset;
- u32 keyid[2];
- byte fpr[KEY_FPR_LEN];
+struct key_idx_s {
+ off_t offset;
+ u32 keyid[2];
+ byte fpr[KEY_FPR_LEN];
};
typedef struct key_idx_s *key_idx_t;
/* Internal key cache to associate a key with an file offset. */
-struct key_table_s
-{
- struct key_table_s *next;
- off_t offset;
+struct key_table_s {
+ struct key_table_s *next;
+ off_t offset;
};
typedef struct key_table_s *key_table_t;
-typedef struct cdk_keydb_search_s
-{
- off_t off; /* last file offset */
- union
- {
- char *pattern; /* A search is performed by pattern. */
- u32 keyid[2]; /* A search by keyid. */
- byte fpr[KEY_FPR_LEN]; /* A search by fingerprint. */
- } u;
- int type;
- struct key_table_s *cache;
- size_t ncache;
- unsigned int no_cache:1; /* disable the index cache. */
+typedef struct cdk_keydb_search_s {
+ off_t off; /* last file offset */
+ union {
+ char *pattern; /* A search is performed by pattern. */
+ u32 keyid[2]; /* A search by keyid. */
+ byte fpr[KEY_FPR_LEN]; /* A search by fingerprint. */
+ } u;
+ int type;
+ struct key_table_s *cache;
+ size_t ncache;
+ unsigned int no_cache:1; /* disable the index cache. */
- cdk_stream_t idx;
- char *idx_name; /* name of the index file or NULL. */
+ cdk_stream_t idx;
+ char *idx_name; /* name of the index file or NULL. */
} cdk_keydb_search_s;
/* Internal key database handle. */
-struct cdk_keydb_hd_s
-{
- int type; /* type of the key db handle. */
- int fp_ref; /* 1=means it is a reference and shall not be closed. */
- cdk_stream_t fp;
- char *name; /* name of the underlying file or NULL. */
- unsigned int secret:1; /* contain secret keys. */
- unsigned int isopen:1; /* the underlying stream is opened. */
+struct cdk_keydb_hd_s {
+ int type; /* type of the key db handle. */
+ int fp_ref; /* 1=means it is a reference and shall not be closed. */
+ cdk_stream_t fp;
+ char *name; /* name of the underlying file or NULL. */
+ unsigned int secret:1; /* contain secret keys. */
+ unsigned int isopen:1; /* the underlying stream is opened. */
- /* structure to store some stats about the keydb. */
- struct
- {
- size_t new_keys; /* amount of new keys that were imported. */
- } stats;
+ /* structure to store some stats about the keydb. */
+ struct {
+ size_t new_keys; /* amount of new keys that were imported. */
+ } stats;
};
diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c
index bdfa8d6aa3..d7facdf78e 100644
--- a/lib/opencdk/literal.c
+++ b/lib/opencdk/literal.c
@@ -33,284 +33,261 @@
/* Duplicate the string @s but strip of possible
relative folder names of it. */
-static char *
-dup_trim_filename (const char *s)
+static char *dup_trim_filename(const char *s)
{
- char *p = NULL;
-
- p = strrchr (s, '/');
- if (!p)
- p = strrchr (s, '\\');
- if (!p)
- return cdk_strdup (s);
- return cdk_strdup (p + 1);
+ char *p = NULL;
+
+ p = strrchr(s, '/');
+ if (!p)
+ p = strrchr(s, '\\');
+ if (!p)
+ return cdk_strdup(s);
+ return cdk_strdup(p + 1);
}
-static cdk_error_t
-literal_decode (void *data, FILE * in, FILE * out)
+static cdk_error_t literal_decode(void *data, FILE * in, FILE * out)
{
- literal_filter_t *pfx = data;
- cdk_stream_t si, so;
- cdk_packet_t pkt;
- cdk_pkt_literal_t pt;
- byte buf[BUFSIZE];
- ssize_t nread;
- int bufsize;
- cdk_error_t rc;
-
- _cdk_log_debug ("literal filter: decode\n");
-
- if (!pfx || !in || !out)
- return CDK_Inv_Value;
-
- rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si);
- if (rc)
- return rc;
-
- cdk_pkt_new (&pkt);
- rc = cdk_pkt_read (si, pkt);
- if (rc || pkt->pkttype != CDK_PKT_LITERAL)
- {
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- return !rc ? CDK_Inv_Packet : rc;
- }
-
- rc = _cdk_stream_fpopen (out, STREAMCTL_WRITE, &so);
- if (rc)
- {
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- return rc;
- }
-
- pt = pkt->pkt.literal;
- pfx->mode = pt->mode;
-
- if (pfx->filename && pt->namelen > 0)
- {
- /* The name in the literal packet is more authorative. */
- cdk_free (pfx->filename);
- pfx->filename = dup_trim_filename (pt->name);
- }
- else if (!pfx->filename && pt->namelen > 0)
- pfx->filename = dup_trim_filename (pt->name);
- else if (!pt->namelen && !pfx->filename && pfx->orig_filename)
- {
- /* In this case, we need to derrive the output file name
- from the original name and cut off the OpenPGP extension.
- If this is not possible, we return an error. */
- if (!stristr (pfx->orig_filename, ".gpg") &&
- !stristr (pfx->orig_filename, ".pgp") &&
- !stristr (pfx->orig_filename, ".asc"))
- {
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- cdk_stream_close (so);
- _cdk_log_debug
- ("literal filter: no file name and no PGP extension\n");
- return CDK_Inv_Mode;
- }
- _cdk_log_debug ("literal filter: derrive file name from original\n");
- pfx->filename = dup_trim_filename (pfx->orig_filename);
- pfx->filename[strlen (pfx->filename) - 4] = '\0';
- }
-
- while (!feof (in))
- {
- _cdk_log_debug ("literal_decode: part on %d size %lu\n",
- (int) pfx->blkmode.on, (unsigned long)pfx->blkmode.size);
- if (pfx->blkmode.on)
- bufsize = pfx->blkmode.size;
- else
- bufsize = pt->len < DIM (buf) ? pt->len : DIM (buf);
- nread = cdk_stream_read (pt->buf, buf, bufsize);
- if (nread == EOF)
- {
- rc = CDK_File_Error;
- break;
- }
- if (pfx->md_initialized)
- _gnutls_hash (&pfx->md, buf, nread);
- cdk_stream_write (so, buf, nread);
- pt->len -= nread;
- if (pfx->blkmode.on)
- {
- pfx->blkmode.size = _cdk_pkt_read_len (in, &pfx->blkmode.on);
- if ((ssize_t) pfx->blkmode.size == EOF)
- return CDK_Inv_Packet;
- }
- if (pt->len <= 0 && !pfx->blkmode.on)
- break;
- }
-
- cdk_stream_close (si);
- cdk_stream_close (so);
- cdk_pkt_release (pkt);
- return rc;
+ literal_filter_t *pfx = data;
+ cdk_stream_t si, so;
+ cdk_packet_t pkt;
+ cdk_pkt_literal_t pt;
+ byte buf[BUFSIZE];
+ ssize_t nread;
+ int bufsize;
+ cdk_error_t rc;
+
+ _cdk_log_debug("literal filter: decode\n");
+
+ if (!pfx || !in || !out)
+ return CDK_Inv_Value;
+
+ rc = _cdk_stream_fpopen(in, STREAMCTL_READ, &si);
+ if (rc)
+ return rc;
+
+ cdk_pkt_new(&pkt);
+ rc = cdk_pkt_read(si, pkt);
+ if (rc || pkt->pkttype != CDK_PKT_LITERAL) {
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+ return !rc ? CDK_Inv_Packet : rc;
+ }
+
+ rc = _cdk_stream_fpopen(out, STREAMCTL_WRITE, &so);
+ if (rc) {
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+ return rc;
+ }
+
+ pt = pkt->pkt.literal;
+ pfx->mode = pt->mode;
+
+ if (pfx->filename && pt->namelen > 0) {
+ /* The name in the literal packet is more authorative. */
+ cdk_free(pfx->filename);
+ pfx->filename = dup_trim_filename(pt->name);
+ } else if (!pfx->filename && pt->namelen > 0)
+ pfx->filename = dup_trim_filename(pt->name);
+ else if (!pt->namelen && !pfx->filename && pfx->orig_filename) {
+ /* In this case, we need to derrive the output file name
+ from the original name and cut off the OpenPGP extension.
+ If this is not possible, we return an error. */
+ if (!stristr(pfx->orig_filename, ".gpg") &&
+ !stristr(pfx->orig_filename, ".pgp") &&
+ !stristr(pfx->orig_filename, ".asc")) {
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+ cdk_stream_close(so);
+ _cdk_log_debug
+ ("literal filter: no file name and no PGP extension\n");
+ return CDK_Inv_Mode;
+ }
+ _cdk_log_debug
+ ("literal filter: derrive file name from original\n");
+ pfx->filename = dup_trim_filename(pfx->orig_filename);
+ pfx->filename[strlen(pfx->filename) - 4] = '\0';
+ }
+
+ while (!feof(in)) {
+ _cdk_log_debug("literal_decode: part on %d size %lu\n",
+ (int) pfx->blkmode.on,
+ (unsigned long) pfx->blkmode.size);
+ if (pfx->blkmode.on)
+ bufsize = pfx->blkmode.size;
+ else
+ bufsize = pt->len < DIM(buf) ? pt->len : DIM(buf);
+ nread = cdk_stream_read(pt->buf, buf, bufsize);
+ if (nread == EOF) {
+ rc = CDK_File_Error;
+ break;
+ }
+ if (pfx->md_initialized)
+ _gnutls_hash(&pfx->md, buf, nread);
+ cdk_stream_write(so, buf, nread);
+ pt->len -= nread;
+ if (pfx->blkmode.on) {
+ pfx->blkmode.size =
+ _cdk_pkt_read_len(in, &pfx->blkmode.on);
+ if ((ssize_t) pfx->blkmode.size == EOF)
+ return CDK_Inv_Packet;
+ }
+ if (pt->len <= 0 && !pfx->blkmode.on)
+ break;
+ }
+
+ cdk_stream_close(si);
+ cdk_stream_close(so);
+ cdk_pkt_release(pkt);
+ return rc;
}
-static char
-intmode_to_char (int mode)
+static char intmode_to_char(int mode)
{
- switch (mode)
- {
- case CDK_LITFMT_BINARY:
- return 'b';
- case CDK_LITFMT_TEXT:
- return 't';
- case CDK_LITFMT_UNICODE:
- return 'u';
- default:
- return 'b';
- }
-
- return 'b';
+ switch (mode) {
+ case CDK_LITFMT_BINARY:
+ return 'b';
+ case CDK_LITFMT_TEXT:
+ return 't';
+ case CDK_LITFMT_UNICODE:
+ return 'u';
+ default:
+ return 'b';
+ }
+
+ return 'b';
}
-static cdk_error_t
-literal_encode (void *data, FILE * in, FILE * out)
+static cdk_error_t literal_encode(void *data, FILE * in, FILE * out)
{
- literal_filter_t *pfx = data;
- cdk_pkt_literal_t pt;
- cdk_stream_t si;
- cdk_packet_t pkt;
- size_t filelen;
- cdk_error_t rc;
-
- _cdk_log_debug ("literal filter: encode\n");
-
- if (!pfx || !in || !out)
- return CDK_Inv_Value;
- if (!pfx->filename)
- {
- pfx->filename = cdk_strdup ("_CONSOLE");
- if (!pfx->filename)
- return CDK_Out_Of_Core;
- }
-
- rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si);
- if (rc)
- return rc;
-
- filelen = strlen (pfx->filename);
- cdk_pkt_new (&pkt);
- pt = pkt->pkt.literal = cdk_calloc (1, sizeof *pt + filelen);
- pt->name = (char *) pt + sizeof (*pt);
- if (!pt)
- {
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- return CDK_Out_Of_Core;
- }
- memcpy (pt->name, pfx->filename, filelen);
- pt->namelen = filelen;
- pt->name[pt->namelen] = '\0';
- pt->timestamp = (u32) gnutls_time (NULL);
- pt->mode = intmode_to_char (pfx->mode);
- pt->len = cdk_stream_get_length (si);
- pt->buf = si;
- pkt->old_ctb = 1;
- pkt->pkttype = CDK_PKT_LITERAL;
- rc = _cdk_pkt_write_fp (out, pkt);
-
- cdk_pkt_release (pkt);
- cdk_stream_close (si);
- return rc;
+ literal_filter_t *pfx = data;
+ cdk_pkt_literal_t pt;
+ cdk_stream_t si;
+ cdk_packet_t pkt;
+ size_t filelen;
+ cdk_error_t rc;
+
+ _cdk_log_debug("literal filter: encode\n");
+
+ if (!pfx || !in || !out)
+ return CDK_Inv_Value;
+ if (!pfx->filename) {
+ pfx->filename = cdk_strdup("_CONSOLE");
+ if (!pfx->filename)
+ return CDK_Out_Of_Core;
+ }
+
+ rc = _cdk_stream_fpopen(in, STREAMCTL_READ, &si);
+ if (rc)
+ return rc;
+
+ filelen = strlen(pfx->filename);
+ cdk_pkt_new(&pkt);
+ pt = pkt->pkt.literal = cdk_calloc(1, sizeof *pt + filelen);
+ pt->name = (char *) pt + sizeof(*pt);
+ if (!pt) {
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+ return CDK_Out_Of_Core;
+ }
+ memcpy(pt->name, pfx->filename, filelen);
+ pt->namelen = filelen;
+ pt->name[pt->namelen] = '\0';
+ pt->timestamp = (u32) gnutls_time(NULL);
+ pt->mode = intmode_to_char(pfx->mode);
+ pt->len = cdk_stream_get_length(si);
+ pt->buf = si;
+ pkt->old_ctb = 1;
+ pkt->pkttype = CDK_PKT_LITERAL;
+ rc = _cdk_pkt_write_fp(out, pkt);
+
+ cdk_pkt_release(pkt);
+ cdk_stream_close(si);
+ return rc;
}
-int
-_cdk_filter_literal (void *data, int ctl, FILE * in, FILE * out)
+int _cdk_filter_literal(void *data, int ctl, FILE * in, FILE * out)
{
- if (ctl == STREAMCTL_READ)
- return literal_decode (data, in, out);
- else if (ctl == STREAMCTL_WRITE)
- return literal_encode (data, in, out);
- else if (ctl == STREAMCTL_FREE)
- {
- literal_filter_t *pfx = data;
- if (pfx)
- {
- _cdk_log_debug ("free literal filter\n");
- cdk_free (pfx->filename);
- pfx->filename = NULL;
- cdk_free (pfx->orig_filename);
- pfx->orig_filename = NULL;
- return 0;
- }
- }
- return CDK_Inv_Mode;
+ if (ctl == STREAMCTL_READ)
+ return literal_decode(data, in, out);
+ else if (ctl == STREAMCTL_WRITE)
+ return literal_encode(data, in, out);
+ else if (ctl == STREAMCTL_FREE) {
+ literal_filter_t *pfx = data;
+ if (pfx) {
+ _cdk_log_debug("free literal filter\n");
+ cdk_free(pfx->filename);
+ pfx->filename = NULL;
+ cdk_free(pfx->orig_filename);
+ pfx->orig_filename = NULL;
+ return 0;
+ }
+ }
+ return CDK_Inv_Mode;
}
-static int
-text_encode (void *data, FILE * in, FILE * out)
+static int text_encode(void *data, FILE * in, FILE * out)
{
- const char *s;
- char buf[2048];
-
- if (!in || !out)
- return CDK_Inv_Value;
-
- /* FIXME: This code does not work for very long lines. */
- while (!feof (in))
- {
- /* give space for trim_string \r\n */
- s = fgets (buf, DIM (buf) - 3, in);
- if (!s)
- break;
- _cdk_trim_string (buf);
- _gnutls_str_cat (buf, sizeof(buf), "\r\n");
- fwrite (buf, 1, strlen (buf), out);
- }
-
- return 0;
+ const char *s;
+ char buf[2048];
+
+ if (!in || !out)
+ return CDK_Inv_Value;
+
+ /* FIXME: This code does not work for very long lines. */
+ while (!feof(in)) {
+ /* give space for trim_string \r\n */
+ s = fgets(buf, DIM(buf) - 3, in);
+ if (!s)
+ break;
+ _cdk_trim_string(buf);
+ _gnutls_str_cat(buf, sizeof(buf), "\r\n");
+ fwrite(buf, 1, strlen(buf), out);
+ }
+
+ return 0;
}
-static int
-text_decode (void *data, FILE * in, FILE * out)
+static int text_decode(void *data, FILE * in, FILE * out)
{
- text_filter_t *tfx = data;
- const char *s;
- char buf[2048];
-
- if (!tfx || !in || !out)
- return CDK_Inv_Value;
-
- while (!feof (in))
- {
- s = fgets (buf, DIM (buf) - 1, in);
- if (!s)
- break;
- _cdk_trim_string (buf);
- fwrite (buf, 1, strlen (buf), out);
- fwrite (tfx->lf, 1, strlen (tfx->lf), out);
- }
-
- return 0;
+ text_filter_t *tfx = data;
+ const char *s;
+ char buf[2048];
+
+ if (!tfx || !in || !out)
+ return CDK_Inv_Value;
+
+ while (!feof(in)) {
+ s = fgets(buf, DIM(buf) - 1, in);
+ if (!s)
+ break;
+ _cdk_trim_string(buf);
+ fwrite(buf, 1, strlen(buf), out);
+ fwrite(tfx->lf, 1, strlen(tfx->lf), out);
+ }
+
+ return 0;
}
-int
-_cdk_filter_text (void *data, int ctl, FILE * in, FILE * out)
+int _cdk_filter_text(void *data, int ctl, FILE * in, FILE * out)
{
- if (ctl == STREAMCTL_READ)
- return text_encode (data, in, out);
- else if (ctl == STREAMCTL_WRITE)
- return text_decode (data, in, out);
- else if (ctl == STREAMCTL_FREE)
- {
- text_filter_t *tfx = data;
- if (tfx)
- {
- _cdk_log_debug ("free text filter\n");
- tfx->lf = NULL;
- }
- }
- return CDK_Inv_Mode;
+ if (ctl == STREAMCTL_READ)
+ return text_encode(data, in, out);
+ else if (ctl == STREAMCTL_WRITE)
+ return text_decode(data, in, out);
+ else if (ctl == STREAMCTL_FREE) {
+ text_filter_t *tfx = data;
+ if (tfx) {
+ _cdk_log_debug("free text filter\n");
+ tfx->lf = NULL;
+ }
+ }
+ return CDK_Inv_Mode;
}
diff --git a/lib/opencdk/main.h b/lib/opencdk/main.h
index 13144dbcfc..eaf7589c1e 100644
--- a/lib/opencdk/main.h
+++ b/lib/opencdk/main.h
@@ -38,14 +38,14 @@
#define map_gnutls_error _cdk_map_gnutls_error
-cdk_error_t map_gnutls_error (int err);
+cdk_error_t map_gnutls_error(int err);
/* The general size of a buffer for the variou modules. */
#define BUFSIZE 8192
/* This is the default block size for the partial length packet mode. */
#define DEF_BLOCKSIZE 8192
-#define DEF_BLOCKBITS 13 /* 2^13 = 8192 */
+#define DEF_BLOCKBITS 13 /* 2^13 = 8192 */
/* For now SHA-1 is used to create fingerprint for keys.
But if this will ever change, it is a good idea to
@@ -76,100 +76,102 @@ cdk_error_t map_gnutls_error (int err);
#define DEBUG_PKT 0
/*-- main.c --*/
-char *_cdk_passphrase_get (cdk_ctx_t hd, const char *prompt);
+char *_cdk_passphrase_get(cdk_ctx_t hd, const char *prompt);
/*-- misc.c --*/
-int _cdk_check_args (int overwrite, const char *in, const char *out);
-u32 _cdk_buftou32 (const byte * buf);
-void _cdk_u32tobuf (u32 u, byte * buf);
-const char *_cdk_memistr (const char *buf, size_t buflen, const char *sub);
-FILE *_cdk_tmpfile (void);
+int _cdk_check_args(int overwrite, const char *in, const char *out);
+u32 _cdk_buftou32(const byte * buf);
+void _cdk_u32tobuf(u32 u, byte * buf);
+const char *_cdk_memistr(const char *buf, size_t buflen, const char *sub);
+FILE *_cdk_tmpfile(void);
/* Helper to provide case insentensive strstr version. */
#define stristr(haystack, needle) \
_cdk_memistr((haystack), strlen (haystack), (needle))
/*-- proc-packet.c --*/
-cdk_error_t _cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx);
+cdk_error_t _cdk_pkt_write2(cdk_stream_t out, int pkttype, void *pktctx);
/*-- pubkey.c --*/
-u32 _cdk_pkt_get_keyid (cdk_packet_t pkt, u32 * keyid);
-cdk_error_t _cdk_pkt_get_fingerprint (cdk_packet_t pkt, byte * fpr);
-int _cdk_pk_algo_usage (int algo);
-int _cdk_pk_test_algo (int algo, unsigned int usage);
-int _cdk_sk_get_csum (cdk_pkt_seckey_t sk);
+u32 _cdk_pkt_get_keyid(cdk_packet_t pkt, u32 * keyid);
+cdk_error_t _cdk_pkt_get_fingerprint(cdk_packet_t pkt, byte * fpr);
+int _cdk_pk_algo_usage(int algo);
+int _cdk_pk_test_algo(int algo, unsigned int usage);
+int _cdk_sk_get_csum(cdk_pkt_seckey_t sk);
/*-- new-packet.c --*/
-byte *_cdk_subpkt_get_array (cdk_subpkt_t s, int count, size_t * r_nbytes);
-cdk_error_t _cdk_subpkt_copy (cdk_subpkt_t * r_dst, cdk_subpkt_t src);
-void _cdk_pkt_detach_free (cdk_packet_t pkt, int *r_pkttype, void **ctx);
+byte *_cdk_subpkt_get_array(cdk_subpkt_t s, int count, size_t * r_nbytes);
+cdk_error_t _cdk_subpkt_copy(cdk_subpkt_t * r_dst, cdk_subpkt_t src);
+void _cdk_pkt_detach_free(cdk_packet_t pkt, int *r_pkttype, void **ctx);
/*-- sig-check.c --*/
-cdk_error_t _cdk_sig_check (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig,
- digest_hd_st * digest, int *r_expired);
-cdk_error_t _cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * hd);
-cdk_error_t _cdk_hash_userid (cdk_pkt_userid_t uid, int sig_version,
- digest_hd_st * md);
-cdk_error_t _cdk_hash_pubkey (cdk_pkt_pubkey_t pk, digest_hd_st * md,
- int use_fpr);
-cdk_error_t _cdk_pk_check_sig (cdk_keydb_hd_t hd, cdk_kbnode_t knode,
- cdk_kbnode_t snode, int *is_selfsig,
- char **ret_uid);
+cdk_error_t _cdk_sig_check(cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig,
+ digest_hd_st * digest, int *r_expired);
+cdk_error_t _cdk_hash_sig_data(cdk_pkt_signature_t sig, digest_hd_st * hd);
+cdk_error_t _cdk_hash_userid(cdk_pkt_userid_t uid, int sig_version,
+ digest_hd_st * md);
+cdk_error_t _cdk_hash_pubkey(cdk_pkt_pubkey_t pk, digest_hd_st * md,
+ int use_fpr);
+cdk_error_t _cdk_pk_check_sig(cdk_keydb_hd_t hd, cdk_kbnode_t knode,
+ cdk_kbnode_t snode, int *is_selfsig,
+ char **ret_uid);
/*-- kbnode.c --*/
-void _cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node);
-void _cdk_kbnode_clone (cdk_kbnode_t node);
+void _cdk_kbnode_add(cdk_kbnode_t root, cdk_kbnode_t node);
+void _cdk_kbnode_clone(cdk_kbnode_t node);
/*-- sesskey.c --*/
-cdk_error_t _cdk_sk_unprotect_auto (cdk_ctx_t hd, cdk_pkt_seckey_t sk);
+cdk_error_t _cdk_sk_unprotect_auto(cdk_ctx_t hd, cdk_pkt_seckey_t sk);
/*-- keydb.c --*/
-int _cdk_keydb_is_secret (cdk_keydb_hd_t db);
-cdk_error_t _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_pkt_pubkey_t * ret_pk, int usage);
-cdk_error_t _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name,
- cdk_pkt_seckey_t * ret_sk, int usage);
-cdk_error_t _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid,
- const char *id);
+int _cdk_keydb_is_secret(cdk_keydb_hd_t db);
+cdk_error_t _cdk_keydb_get_pk_byusage(cdk_keydb_hd_t hd, const char *name,
+ cdk_pkt_pubkey_t * ret_pk,
+ int usage);
+cdk_error_t _cdk_keydb_get_sk_byusage(cdk_keydb_hd_t hd, const char *name,
+ cdk_pkt_seckey_t * ret_sk,
+ int usage);
+cdk_error_t _cdk_keydb_check_userid(cdk_keydb_hd_t hd, u32 * keyid,
+ const char *id);
/*-- sign.c --*/
-int _cdk_sig_hash_for (cdk_pkt_pubkey_t pk);
-void _cdk_trim_string (char *s);
-cdk_error_t _cdk_sig_create (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig);
-cdk_error_t _cdk_sig_complete (cdk_pkt_signature_t sig, cdk_pkt_seckey_t sk,
- digest_hd_st * hd);
+int _cdk_sig_hash_for(cdk_pkt_pubkey_t pk);
+void _cdk_trim_string(char *s);
+cdk_error_t _cdk_sig_create(cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig);
+cdk_error_t _cdk_sig_complete(cdk_pkt_signature_t sig, cdk_pkt_seckey_t sk,
+ digest_hd_st * hd);
/*-- stream.c --*/
-void _cdk_stream_set_compress_algo (cdk_stream_t s, int algo);
-cdk_error_t _cdk_stream_open_mode (const char *file, const char *mode,
- cdk_stream_t * ret_s);
-void *_cdk_stream_get_uint8_t (cdk_stream_t s, int fid);
-const char *_cdk_stream_get_fname (cdk_stream_t s);
-FILE *_cdk_stream_get_fp (cdk_stream_t s);
-int _cdk_stream_gets (cdk_stream_t s, char *buf, size_t count);
-cdk_error_t _cdk_stream_append (const char *file, cdk_stream_t * ret_s);
-int _cdk_stream_get_errno (cdk_stream_t s);
-cdk_error_t _cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes);
-int _cdk_stream_get_blockmode (cdk_stream_t s);
-int _cdk_stream_puts (cdk_stream_t s, const char *buf);
-cdk_error_t _cdk_stream_fpopen (FILE * fp, unsigned write_mode,
- cdk_stream_t * ret_out);
+void _cdk_stream_set_compress_algo(cdk_stream_t s, int algo);
+cdk_error_t _cdk_stream_open_mode(const char *file, const char *mode,
+ cdk_stream_t * ret_s);
+void *_cdk_stream_get_uint8_t(cdk_stream_t s, int fid);
+const char *_cdk_stream_get_fname(cdk_stream_t s);
+FILE *_cdk_stream_get_fp(cdk_stream_t s);
+int _cdk_stream_gets(cdk_stream_t s, char *buf, size_t count);
+cdk_error_t _cdk_stream_append(const char *file, cdk_stream_t * ret_s);
+int _cdk_stream_get_errno(cdk_stream_t s);
+cdk_error_t _cdk_stream_set_blockmode(cdk_stream_t s, size_t nbytes);
+int _cdk_stream_get_blockmode(cdk_stream_t s);
+int _cdk_stream_puts(cdk_stream_t s, const char *buf);
+cdk_error_t _cdk_stream_fpopen(FILE * fp, unsigned write_mode,
+ cdk_stream_t * ret_out);
/*-- read-packet.c --*/
-size_t _cdk_pkt_read_len (FILE * inp, size_t * ret_partial);
+size_t _cdk_pkt_read_len(FILE * inp, size_t * ret_partial);
/*-- write-packet.c --*/
-cdk_error_t _cdk_pkt_write_fp (FILE * out, cdk_packet_t pkt);
+cdk_error_t _cdk_pkt_write_fp(FILE * out, cdk_packet_t pkt);
/*-- seskey.c --*/
-cdk_error_t _cdk_s2k_copy (cdk_s2k_t * r_dst, cdk_s2k_t src);
+cdk_error_t _cdk_s2k_copy(cdk_s2k_t * r_dst, cdk_s2k_t src);
#define _cdk_pub_algo_to_pgp(algo) (algo)
#define _pgp_pub_algo_to_cdk(algo) (algo)
-int _gnutls_hash_algo_to_pgp (int algo);
-int _pgp_hash_algo_to_gnutls (int algo);
-int _gnutls_cipher_to_pgp (int cipher);
-int _pgp_cipher_to_gnutls (int cipher);
+int _gnutls_hash_algo_to_pgp(int algo);
+int _pgp_hash_algo_to_gnutls(int algo);
+int _gnutls_cipher_to_pgp(int cipher);
+int _pgp_cipher_to_gnutls(int cipher);
-#endif /* CDK_MAIN_H */
+#endif /* CDK_MAIN_H */
diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c
index 58ad02eb9e..8ee74d7ded 100644
--- a/lib/opencdk/misc.c
+++ b/lib/opencdk/misc.c
@@ -35,30 +35,28 @@
#include <gnutls_str.h>
-u32
-_cdk_buftou32 (const byte * buf)
+u32 _cdk_buftou32(const byte * buf)
{
- u32 u;
+ u32 u;
- if (!buf)
- return 0;
- u = buf[0] << 24;
- u |= buf[1] << 16;
- u |= buf[2] << 8;
- u |= buf[3];
- return u;
+ if (!buf)
+ return 0;
+ u = buf[0] << 24;
+ u |= buf[1] << 16;
+ u |= buf[2] << 8;
+ u |= buf[3];
+ return u;
}
-void
-_cdk_u32tobuf (u32 u, byte * buf)
+void _cdk_u32tobuf(u32 u, byte * buf)
{
- if (!buf)
- return;
- buf[0] = u >> 24;
- buf[1] = u >> 16;
- buf[2] = u >> 8;
- buf[3] = u;
+ if (!buf)
+ return;
+ buf[0] = u >> 24;
+ buf[1] = u >> 16;
+ buf[2] = u >> 8;
+ buf[3] = u;
}
/**
@@ -67,16 +65,14 @@ _cdk_u32tobuf (u32 u, byte * buf)
*
* Release the string list object.
**/
-void
-cdk_strlist_free (cdk_strlist_t sl)
+void cdk_strlist_free(cdk_strlist_t sl)
{
- cdk_strlist_t sl2;
+ cdk_strlist_t sl2;
- for (; sl; sl = sl2)
- {
- sl2 = sl->next;
- cdk_free (sl);
- }
+ for (; sl; sl = sl2) {
+ sl2 = sl->next;
+ cdk_free(sl);
+ }
}
@@ -87,250 +83,231 @@ cdk_strlist_free (cdk_strlist_t sl)
*
* Add the given list to the string list.
**/
-cdk_strlist_t
-cdk_strlist_add (cdk_strlist_t * list, const char *string)
+cdk_strlist_t cdk_strlist_add(cdk_strlist_t * list, const char *string)
{
- cdk_strlist_t sl;
- int string_size = strlen(string);
+ cdk_strlist_t sl;
+ int string_size = strlen(string);
- if (!string)
- return NULL;
+ if (!string)
+ return NULL;
- sl = cdk_calloc (1, sizeof *sl + string_size + 2);
- if (!sl)
- return NULL;
- sl->d = (char *) sl + sizeof (*sl);
- memcpy (sl->d, string, string_size+1);
- sl->next = *list;
- *list = sl;
- return sl;
+ sl = cdk_calloc(1, sizeof *sl + string_size + 2);
+ if (!sl)
+ return NULL;
+ sl->d = (char *) sl + sizeof(*sl);
+ memcpy(sl->d, string, string_size + 1);
+ sl->next = *list;
+ *list = sl;
+ return sl;
}
-const char *
-_cdk_memistr (const char *buf, size_t buflen, const char *sub)
+const char *_cdk_memistr(const char *buf, size_t buflen, const char *sub)
{
- const byte *t, *s;
- size_t n;
+ const byte *t, *s;
+ size_t n;
- for (t = (byte *) buf, n = buflen, s = (byte *) sub; n; t++, n--)
- {
- if (c_toupper (*t) == c_toupper (*s))
- {
- for (buf = (char*)t++, buflen = n--, s++;
- n && c_toupper (*t) == c_toupper ((byte) * s); t++, s++, n--)
- ;
- if (!*s)
- return buf;
- t = (byte *) buf;
- n = buflen;
- s = (byte *) sub;
- }
- }
+ for (t = (byte *) buf, n = buflen, s = (byte *) sub; n; t++, n--) {
+ if (c_toupper(*t) == c_toupper(*s)) {
+ for (buf = (char *) t++, buflen = n--, s++;
+ n && c_toupper(*t) == c_toupper((byte) * s);
+ t++, s++, n--);
+ if (!*s)
+ return buf;
+ t = (byte *) buf;
+ n = buflen;
+ s = (byte *) sub;
+ }
+ }
- return NULL;
+ return NULL;
}
-cdk_error_t
-_cdk_map_gnutls_error (int err)
+cdk_error_t _cdk_map_gnutls_error(int err)
{
- switch (err)
- {
- case 0:
- return CDK_Success;
- case GNUTLS_E_INVALID_REQUEST:
- return CDK_Inv_Value;
- default:
- return CDK_General_Error;
- }
+ switch (err) {
+ case 0:
+ return CDK_Success;
+ case GNUTLS_E_INVALID_REQUEST:
+ return CDK_Inv_Value;
+ default:
+ return CDK_General_Error;
+ }
}
/* Remove all trailing white spaces from the string. */
-void
-_cdk_trim_string (char *s)
+void _cdk_trim_string(char *s)
{
-int len = strlen(s);
- while (s && *s &&
- (s[len - 1] == '\t' ||
- s[len - 1] == '\r' ||
- s[len - 1] == '\n' || s[len - 1] == ' '))
- s[len - 1] = '\0';
+ int len = strlen(s);
+ while (s && *s &&
+ (s[len - 1] == '\t' ||
+ s[len - 1] == '\r' ||
+ s[len - 1] == '\n' || s[len - 1] == ' '))
+ s[len - 1] = '\0';
}
-int
-_cdk_check_args (int overwrite, const char *in, const char *out)
+int _cdk_check_args(int overwrite, const char *in, const char *out)
{
- struct stat stbuf;
+ struct stat stbuf;
- if (!in || !out)
- return CDK_Inv_Value;
- if (strlen (in) == strlen (out) && strcmp (in, out) == 0)
- return CDK_Inv_Mode;
- if (!overwrite && !stat (out, &stbuf))
- return CDK_Inv_Mode;
- return 0;
+ if (!in || !out)
+ return CDK_Inv_Value;
+ if (strlen(in) == strlen(out) && strcmp(in, out) == 0)
+ return CDK_Inv_Mode;
+ if (!overwrite && !stat(out, &stbuf))
+ return CDK_Inv_Mode;
+ return 0;
}
#ifdef _WIN32
#include <io.h>
#include <fcntl.h>
-FILE *
-_cdk_tmpfile (void)
+FILE *_cdk_tmpfile(void)
{
- /* Because the tmpfile() version of wine is not really useful,
- we implement our own version to avoid problems with 'make check'. */
- static const char *letters = "abcdefghijklmnopqrstuvwxyz";
- unsigned char buf[512], rnd[24];
- FILE *fp;
- int fd, i;
+ /* Because the tmpfile() version of wine is not really useful,
+ we implement our own version to avoid problems with 'make check'. */
+ static const char *letters = "abcdefghijklmnopqrstuvwxyz";
+ unsigned char buf[512], rnd[24];
+ FILE *fp;
+ int fd, i;
- _gnutls_rnd (GNUTLS_RND_NONCE, rnd, DIM (rnd));
- for (i = 0; i < DIM (rnd) - 1; i++)
- {
- char c = letters[(unsigned char) rnd[i] % 26];
- rnd[i] = c;
- }
- rnd[DIM (rnd) - 1] = 0;
- if (!GetTempPath (464, buf))
- return NULL;
- _gnutls_str_cat (buf, sizeof(buf), "_cdk_");
- _gnutls_str_cat (buf, sizeof(buf), rnd);
+ _gnutls_rnd(GNUTLS_RND_NONCE, rnd, DIM(rnd));
+ for (i = 0; i < DIM(rnd) - 1; i++) {
+ char c = letters[(unsigned char) rnd[i] % 26];
+ rnd[i] = c;
+ }
+ rnd[DIM(rnd) - 1] = 0;
+ if (!GetTempPath(464, buf))
+ return NULL;
+ _gnutls_str_cat(buf, sizeof(buf), "_cdk_");
+ _gnutls_str_cat(buf, sizeof(buf), rnd);
- /* We need to make sure the file will be deleted when it is closed. */
- fd = _open (buf, _O_CREAT | _O_EXCL | _O_TEMPORARY |
- _O_RDWR | _O_BINARY, _S_IREAD | _S_IWRITE);
- if (fd == -1)
- return NULL;
- fp = fdopen (fd, "w+b");
- if (fp != NULL)
- return fp;
- _close (fd);
- return NULL;
+ /* We need to make sure the file will be deleted when it is closed. */
+ fd = _open(buf, _O_CREAT | _O_EXCL | _O_TEMPORARY |
+ _O_RDWR | _O_BINARY, _S_IREAD | _S_IWRITE);
+ if (fd == -1)
+ return NULL;
+ fp = fdopen(fd, "w+b");
+ if (fp != NULL)
+ return fp;
+ _close(fd);
+ return NULL;
}
#else
-FILE *
-_cdk_tmpfile (void)
+FILE *_cdk_tmpfile(void)
{
- return tmpfile ();
+ return tmpfile();
}
#endif
-int
-_gnutls_hash_algo_to_pgp (int algo)
+int _gnutls_hash_algo_to_pgp(int algo)
{
- switch (algo)
- {
- case GNUTLS_DIG_MD5:
- return 0x01;
- case GNUTLS_DIG_MD2:
- return 0x05;
- case GNUTLS_DIG_SHA1:
- return 0x02;
- case GNUTLS_DIG_RMD160:
- return 0x03;
- case GNUTLS_DIG_SHA256:
- return 0x08;
- case GNUTLS_DIG_SHA384:
- return 0x09;
- case GNUTLS_DIG_SHA512:
- return 0x0A;
- case GNUTLS_DIG_SHA224:
- return 0x0B;
- default:
- gnutls_assert ();
- return 0x00;
- }
+ switch (algo) {
+ case GNUTLS_DIG_MD5:
+ return 0x01;
+ case GNUTLS_DIG_MD2:
+ return 0x05;
+ case GNUTLS_DIG_SHA1:
+ return 0x02;
+ case GNUTLS_DIG_RMD160:
+ return 0x03;
+ case GNUTLS_DIG_SHA256:
+ return 0x08;
+ case GNUTLS_DIG_SHA384:
+ return 0x09;
+ case GNUTLS_DIG_SHA512:
+ return 0x0A;
+ case GNUTLS_DIG_SHA224:
+ return 0x0B;
+ default:
+ gnutls_assert();
+ return 0x00;
+ }
}
-int
-_pgp_hash_algo_to_gnutls (int algo)
+int _pgp_hash_algo_to_gnutls(int algo)
{
- switch (algo)
- {
- case 0x01:
- return GNUTLS_DIG_MD5;
- case 0x02:
- return GNUTLS_DIG_SHA1;
- case 0x03:
- return GNUTLS_DIG_RMD160;
- case 0x05:
- return GNUTLS_DIG_MD2;
- case 0x08:
- return GNUTLS_DIG_SHA256;
- case 0x09:
- return GNUTLS_DIG_SHA384;
- case 0x0A:
- return GNUTLS_DIG_SHA512;
- case 0x0B:
- return GNUTLS_DIG_SHA224;
- default:
- gnutls_assert ();
- return GNUTLS_DIG_NULL;
- }
+ switch (algo) {
+ case 0x01:
+ return GNUTLS_DIG_MD5;
+ case 0x02:
+ return GNUTLS_DIG_SHA1;
+ case 0x03:
+ return GNUTLS_DIG_RMD160;
+ case 0x05:
+ return GNUTLS_DIG_MD2;
+ case 0x08:
+ return GNUTLS_DIG_SHA256;
+ case 0x09:
+ return GNUTLS_DIG_SHA384;
+ case 0x0A:
+ return GNUTLS_DIG_SHA512;
+ case 0x0B:
+ return GNUTLS_DIG_SHA224;
+ default:
+ gnutls_assert();
+ return GNUTLS_DIG_NULL;
+ }
}
-int
-_pgp_cipher_to_gnutls (int cipher)
+int _pgp_cipher_to_gnutls(int cipher)
{
- switch (cipher)
- {
- case 0:
- return GNUTLS_CIPHER_NULL;
- case 1:
- return GNUTLS_CIPHER_IDEA_PGP_CFB;
- case 2:
- return GNUTLS_CIPHER_3DES_PGP_CFB;
- case 3:
- return GNUTLS_CIPHER_CAST5_PGP_CFB;
- case 4:
- return GNUTLS_CIPHER_BLOWFISH_PGP_CFB;
- case 5:
- return GNUTLS_CIPHER_SAFER_SK128_PGP_CFB;
- case 7:
- return GNUTLS_CIPHER_AES128_PGP_CFB;
- case 8:
- return GNUTLS_CIPHER_AES192_PGP_CFB;
- case 9:
- return GNUTLS_CIPHER_AES256_PGP_CFB;
- case 10:
- return GNUTLS_CIPHER_TWOFISH_PGP_CFB;
+ switch (cipher) {
+ case 0:
+ return GNUTLS_CIPHER_NULL;
+ case 1:
+ return GNUTLS_CIPHER_IDEA_PGP_CFB;
+ case 2:
+ return GNUTLS_CIPHER_3DES_PGP_CFB;
+ case 3:
+ return GNUTLS_CIPHER_CAST5_PGP_CFB;
+ case 4:
+ return GNUTLS_CIPHER_BLOWFISH_PGP_CFB;
+ case 5:
+ return GNUTLS_CIPHER_SAFER_SK128_PGP_CFB;
+ case 7:
+ return GNUTLS_CIPHER_AES128_PGP_CFB;
+ case 8:
+ return GNUTLS_CIPHER_AES192_PGP_CFB;
+ case 9:
+ return GNUTLS_CIPHER_AES256_PGP_CFB;
+ case 10:
+ return GNUTLS_CIPHER_TWOFISH_PGP_CFB;
- default:
- gnutls_assert ();
- _gnutls_debug_log("Unknown openpgp cipher %u\n", cipher);
- return GNUTLS_CIPHER_UNKNOWN;
- }
+ default:
+ gnutls_assert();
+ _gnutls_debug_log("Unknown openpgp cipher %u\n", cipher);
+ return GNUTLS_CIPHER_UNKNOWN;
+ }
}
-int
-_gnutls_cipher_to_pgp (int cipher)
+int _gnutls_cipher_to_pgp(int cipher)
{
- switch (cipher)
- {
- case GNUTLS_CIPHER_NULL:
- return 0;
- case GNUTLS_CIPHER_IDEA_PGP_CFB:
- return 1;
- case GNUTLS_CIPHER_3DES_PGP_CFB:
- return 2;
- case GNUTLS_CIPHER_CAST5_PGP_CFB:
- return 3;
- case GNUTLS_CIPHER_BLOWFISH_PGP_CFB:
- return 4;
- case GNUTLS_CIPHER_SAFER_SK128_PGP_CFB:
- return 5;
- case GNUTLS_CIPHER_AES128_PGP_CFB:
- return 7;
- case GNUTLS_CIPHER_AES192_PGP_CFB:
- return 8;
- case GNUTLS_CIPHER_AES256_PGP_CFB:
- return 9;
- case GNUTLS_CIPHER_TWOFISH_PGP_CFB:
- return 10;
- default:
- gnutls_assert ();
- return 0;
- }
+ switch (cipher) {
+ case GNUTLS_CIPHER_NULL:
+ return 0;
+ case GNUTLS_CIPHER_IDEA_PGP_CFB:
+ return 1;
+ case GNUTLS_CIPHER_3DES_PGP_CFB:
+ return 2;
+ case GNUTLS_CIPHER_CAST5_PGP_CFB:
+ return 3;
+ case GNUTLS_CIPHER_BLOWFISH_PGP_CFB:
+ return 4;
+ case GNUTLS_CIPHER_SAFER_SK128_PGP_CFB:
+ return 5;
+ case GNUTLS_CIPHER_AES128_PGP_CFB:
+ return 7;
+ case GNUTLS_CIPHER_AES192_PGP_CFB:
+ return 8;
+ case GNUTLS_CIPHER_AES256_PGP_CFB:
+ return 9;
+ case GNUTLS_CIPHER_TWOFISH_PGP_CFB:
+ return 10;
+ default:
+ gnutls_assert();
+ return 0;
+ }
}
diff --git a/lib/opencdk/new-packet.c b/lib/opencdk/new-packet.c
index acf2a7606d..7d61c2c415 100644
--- a/lib/opencdk/new-packet.c
+++ b/lib/opencdk/new-packet.c
@@ -32,13 +32,11 @@
/* Release an array of MPI values. */
-void
-_cdk_free_mpibuf (size_t n, bigint_t * array)
+void _cdk_free_mpibuf(size_t n, bigint_t * array)
{
- while (n--)
- {
- _gnutls_mpi_release (&array[n]);
- }
+ while (n--) {
+ _gnutls_mpi_release(&array[n]);
+ }
}
@@ -48,201 +46,189 @@ _cdk_free_mpibuf (size_t n, bigint_t * array)
*
* Allocate a new packet.
**/
-cdk_error_t
-cdk_pkt_new (cdk_packet_t * r_pkt)
+cdk_error_t cdk_pkt_new(cdk_packet_t * r_pkt)
{
- cdk_packet_t pkt;
-
- if (!r_pkt)
- return CDK_Inv_Value;
- pkt = cdk_calloc (1, sizeof *pkt);
- if (!pkt)
- return CDK_Out_Of_Core;
- *r_pkt = pkt;
- return 0;
+ cdk_packet_t pkt;
+
+ if (!r_pkt)
+ return CDK_Inv_Value;
+ pkt = cdk_calloc(1, sizeof *pkt);
+ if (!pkt)
+ return CDK_Out_Of_Core;
+ *r_pkt = pkt;
+ return 0;
}
-static void
-free_pubkey_enc (cdk_pkt_pubkey_enc_t enc)
+static void free_pubkey_enc(cdk_pkt_pubkey_enc_t enc)
{
- size_t nenc;
+ size_t nenc;
- if (!enc)
- return;
+ if (!enc)
+ return;
- nenc = cdk_pk_get_nenc (enc->pubkey_algo);
- _cdk_free_mpibuf (nenc, enc->mpi);
- cdk_free (enc);
+ nenc = cdk_pk_get_nenc(enc->pubkey_algo);
+ _cdk_free_mpibuf(nenc, enc->mpi);
+ cdk_free(enc);
}
-static void
-free_literal (cdk_pkt_literal_t pt)
+static void free_literal(cdk_pkt_literal_t pt)
{
- if (!pt)
- return;
- /* The buffer which is referenced in this packet is closed
- elsewhere. To close it here would cause a double close. */
- cdk_free (pt);
+ if (!pt)
+ return;
+ /* The buffer which is referenced in this packet is closed
+ elsewhere. To close it here would cause a double close. */
+ cdk_free(pt);
}
-void
-_cdk_free_userid (cdk_pkt_userid_t uid)
+void _cdk_free_userid(cdk_pkt_userid_t uid)
{
- if (!uid)
- return;
-
- cdk_free (uid->prefs);
- uid->prefs = NULL;
- cdk_free (uid->attrib_img);
- uid->attrib_img = NULL;
- cdk_free (uid);
+ if (!uid)
+ return;
+
+ cdk_free(uid->prefs);
+ uid->prefs = NULL;
+ cdk_free(uid->attrib_img);
+ uid->attrib_img = NULL;
+ cdk_free(uid);
}
-void
-_cdk_free_signature (cdk_pkt_signature_t sig)
+void _cdk_free_signature(cdk_pkt_signature_t sig)
{
- cdk_desig_revoker_t r;
- size_t nsig;
-
- if (!sig)
- return;
-
- nsig = cdk_pk_get_nsig (sig->pubkey_algo);
- _cdk_free_mpibuf (nsig, sig->mpi);
-
- cdk_subpkt_free (sig->hashed);
- sig->hashed = NULL;
- cdk_subpkt_free (sig->unhashed);
- sig->unhashed = NULL;
- while (sig->revkeys)
- {
- r = sig->revkeys->next;
- cdk_free (sig->revkeys);
- sig->revkeys = r;
- }
- cdk_free (sig);
+ cdk_desig_revoker_t r;
+ size_t nsig;
+
+ if (!sig)
+ return;
+
+ nsig = cdk_pk_get_nsig(sig->pubkey_algo);
+ _cdk_free_mpibuf(nsig, sig->mpi);
+
+ cdk_subpkt_free(sig->hashed);
+ sig->hashed = NULL;
+ cdk_subpkt_free(sig->unhashed);
+ sig->unhashed = NULL;
+ while (sig->revkeys) {
+ r = sig->revkeys->next;
+ cdk_free(sig->revkeys);
+ sig->revkeys = r;
+ }
+ cdk_free(sig);
}
-void
-cdk_pk_release (cdk_pubkey_t pk)
+void cdk_pk_release(cdk_pubkey_t pk)
{
- size_t npkey;
-
- if (!pk)
- return;
-
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- _cdk_free_userid (pk->uid);
- pk->uid = NULL;
- cdk_free (pk->prefs);
- pk->prefs = NULL;
- _cdk_free_mpibuf (npkey, pk->mpi);
- cdk_free (pk);
+ size_t npkey;
+
+ if (!pk)
+ return;
+
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ _cdk_free_userid(pk->uid);
+ pk->uid = NULL;
+ cdk_free(pk->prefs);
+ pk->prefs = NULL;
+ _cdk_free_mpibuf(npkey, pk->mpi);
+ cdk_free(pk);
}
-void
-cdk_sk_release (cdk_seckey_t sk)
+void cdk_sk_release(cdk_seckey_t sk)
{
- size_t nskey;
-
- if (!sk)
- return;
-
- nskey = cdk_pk_get_nskey (sk->pubkey_algo);
- _cdk_free_mpibuf (nskey, sk->mpi);
- cdk_free (sk->encdata);
- sk->encdata = NULL;
- cdk_pk_release (sk->pk);
- sk->pk = NULL;
- cdk_s2k_free (sk->protect.s2k);
- sk->protect.s2k = NULL;
- cdk_free (sk);
+ size_t nskey;
+
+ if (!sk)
+ return;
+
+ nskey = cdk_pk_get_nskey(sk->pubkey_algo);
+ _cdk_free_mpibuf(nskey, sk->mpi);
+ cdk_free(sk->encdata);
+ sk->encdata = NULL;
+ cdk_pk_release(sk->pk);
+ sk->pk = NULL;
+ cdk_s2k_free(sk->protect.s2k);
+ sk->protect.s2k = NULL;
+ cdk_free(sk);
}
/* Detach the openpgp packet from the packet structure
and release the packet structure itself. */
-void
-_cdk_pkt_detach_free (cdk_packet_t pkt, int *r_pkttype, void **ctx)
+void _cdk_pkt_detach_free(cdk_packet_t pkt, int *r_pkttype, void **ctx)
{
- /* For now we just allow this for keys. */
- switch (pkt->pkttype)
- {
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- *ctx = pkt->pkt.public_key;
- break;
-
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- *ctx = pkt->pkt.secret_key;
- break;
-
- default:
- *r_pkttype = 0;
- return;
- }
-
- /* The caller might expect a specific packet type and
- is not interested to store it for later use. */
- if (r_pkttype)
- *r_pkttype = pkt->pkttype;
-
- cdk_free (pkt);
+ /* For now we just allow this for keys. */
+ switch (pkt->pkttype) {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ *ctx = pkt->pkt.public_key;
+ break;
+
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ *ctx = pkt->pkt.secret_key;
+ break;
+
+ default:
+ *r_pkttype = 0;
+ return;
+ }
+
+ /* The caller might expect a specific packet type and
+ is not interested to store it for later use. */
+ if (r_pkttype)
+ *r_pkttype = pkt->pkttype;
+
+ cdk_free(pkt);
}
-void
-cdk_pkt_free (cdk_packet_t pkt)
+void cdk_pkt_free(cdk_packet_t pkt)
{
- if (!pkt)
- return;
-
- switch (pkt->pkttype)
- {
- case CDK_PKT_ATTRIBUTE:
- case CDK_PKT_USER_ID:
- _cdk_free_userid (pkt->pkt.user_id);
- break;
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- cdk_pk_release (pkt->pkt.public_key);
- break;
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- cdk_sk_release (pkt->pkt.secret_key);
- break;
- case CDK_PKT_SIGNATURE:
- _cdk_free_signature (pkt->pkt.signature);
- break;
- case CDK_PKT_PUBKEY_ENC:
- free_pubkey_enc (pkt->pkt.pubkey_enc);
- break;
- case CDK_PKT_MDC:
- cdk_free (pkt->pkt.mdc);
- break;
- case CDK_PKT_ONEPASS_SIG:
- cdk_free (pkt->pkt.onepass_sig);
- break;
- case CDK_PKT_LITERAL:
- free_literal (pkt->pkt.literal);
- break;
- case CDK_PKT_COMPRESSED:
- cdk_free (pkt->pkt.compressed);
- break;
- default:
- break;
- }
-
- /* Reset the packet type to avoid, when cdk_pkt_release() will be
- used, that the second cdk_pkt_free() call will double free the data. */
- pkt->pkttype = 0;
+ if (!pkt)
+ return;
+
+ switch (pkt->pkttype) {
+ case CDK_PKT_ATTRIBUTE:
+ case CDK_PKT_USER_ID:
+ _cdk_free_userid(pkt->pkt.user_id);
+ break;
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ cdk_pk_release(pkt->pkt.public_key);
+ break;
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ cdk_sk_release(pkt->pkt.secret_key);
+ break;
+ case CDK_PKT_SIGNATURE:
+ _cdk_free_signature(pkt->pkt.signature);
+ break;
+ case CDK_PKT_PUBKEY_ENC:
+ free_pubkey_enc(pkt->pkt.pubkey_enc);
+ break;
+ case CDK_PKT_MDC:
+ cdk_free(pkt->pkt.mdc);
+ break;
+ case CDK_PKT_ONEPASS_SIG:
+ cdk_free(pkt->pkt.onepass_sig);
+ break;
+ case CDK_PKT_LITERAL:
+ free_literal(pkt->pkt.literal);
+ break;
+ case CDK_PKT_COMPRESSED:
+ cdk_free(pkt->pkt.compressed);
+ break;
+ default:
+ break;
+ }
+
+ /* Reset the packet type to avoid, when cdk_pkt_release() will be
+ used, that the second cdk_pkt_free() call will double free the data. */
+ pkt->pkttype = 0;
}
@@ -253,13 +239,12 @@ cdk_pkt_free (cdk_packet_t pkt)
* Free the contents of the given package and
* release the memory of the structure.
**/
-void
-cdk_pkt_release (cdk_packet_t pkt)
+void cdk_pkt_release(cdk_packet_t pkt)
{
- if (!pkt)
- return;
- cdk_pkt_free (pkt);
- cdk_free (pkt);
+ if (!pkt)
+ return;
+ cdk_pkt_free(pkt);
+ cdk_free(pkt);
}
@@ -270,260 +255,253 @@ cdk_pkt_release (cdk_packet_t pkt)
*
* Allocate a new packet structure with the given packet type.
**/
-cdk_error_t
-cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype)
+cdk_error_t cdk_pkt_alloc(cdk_packet_t * r_pkt, cdk_packet_type_t pkttype)
{
- cdk_packet_t pkt;
- int rc;
-
- if (!r_pkt)
- return CDK_Inv_Value;
-
- rc = cdk_pkt_new (&pkt);
- if (rc)
- return rc;
-
- switch (pkttype)
- {
- case CDK_PKT_USER_ID:
- pkt->pkt.user_id = cdk_calloc (1, sizeof pkt->pkt.user_id);
- if (!pkt->pkt.user_id)
- return CDK_Out_Of_Core;
- pkt->pkt.user_id->name = NULL;
- break;
-
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
- if (!pkt->pkt.public_key)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
- pkt->pkt.secret_key->pk =
- cdk_calloc (1, sizeof *pkt->pkt.secret_key->pk);
- if (!pkt->pkt.secret_key || !pkt->pkt.secret_key->pk)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_SIGNATURE:
- pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
- if (!pkt->pkt.signature)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_PUBKEY_ENC:
- pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
- if (!pkt->pkt.pubkey_enc)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_MDC:
- pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
- if (!pkt->pkt.mdc)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_ONEPASS_SIG:
- pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
- if (!pkt->pkt.onepass_sig)
- return CDK_Out_Of_Core;
- break;
-
- case CDK_PKT_LITERAL:
- /* FIXME: We would need the size of the file name to allocate extra
- bytes, otherwise the result would be useless. */
- pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
- if (!pkt->pkt.literal)
- return CDK_Out_Of_Core;
- pkt->pkt.literal->name = NULL;
- break;
-
- default:
- return CDK_Not_Implemented;
- }
- pkt->pkttype = pkttype;
- *r_pkt = pkt;
- return 0;
+ cdk_packet_t pkt;
+ int rc;
+
+ if (!r_pkt)
+ return CDK_Inv_Value;
+
+ rc = cdk_pkt_new(&pkt);
+ if (rc)
+ return rc;
+
+ switch (pkttype) {
+ case CDK_PKT_USER_ID:
+ pkt->pkt.user_id = cdk_calloc(1, sizeof pkt->pkt.user_id);
+ if (!pkt->pkt.user_id)
+ return CDK_Out_Of_Core;
+ pkt->pkt.user_id->name = NULL;
+ break;
+
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key =
+ cdk_calloc(1, sizeof *pkt->pkt.public_key);
+ if (!pkt->pkt.public_key)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key =
+ cdk_calloc(1, sizeof *pkt->pkt.secret_key);
+ pkt->pkt.secret_key->pk =
+ cdk_calloc(1, sizeof *pkt->pkt.secret_key->pk);
+ if (!pkt->pkt.secret_key || !pkt->pkt.secret_key->pk)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_SIGNATURE:
+ pkt->pkt.signature =
+ cdk_calloc(1, sizeof *pkt->pkt.signature);
+ if (!pkt->pkt.signature)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_PUBKEY_ENC:
+ pkt->pkt.pubkey_enc =
+ cdk_calloc(1, sizeof *pkt->pkt.pubkey_enc);
+ if (!pkt->pkt.pubkey_enc)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_MDC:
+ pkt->pkt.mdc = cdk_calloc(1, sizeof *pkt->pkt.mdc);
+ if (!pkt->pkt.mdc)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_ONEPASS_SIG:
+ pkt->pkt.onepass_sig =
+ cdk_calloc(1, sizeof *pkt->pkt.onepass_sig);
+ if (!pkt->pkt.onepass_sig)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_LITERAL:
+ /* FIXME: We would need the size of the file name to allocate extra
+ bytes, otherwise the result would be useless. */
+ pkt->pkt.literal = cdk_calloc(1, sizeof *pkt->pkt.literal);
+ if (!pkt->pkt.literal)
+ return CDK_Out_Of_Core;
+ pkt->pkt.literal->name = NULL;
+ break;
+
+ default:
+ return CDK_Not_Implemented;
+ }
+ pkt->pkttype = pkttype;
+ *r_pkt = pkt;
+ return 0;
}
-cdk_prefitem_t
-_cdk_copy_prefs (const cdk_prefitem_t prefs)
+cdk_prefitem_t _cdk_copy_prefs(const cdk_prefitem_t prefs)
{
- size_t n = 0;
- struct cdk_prefitem_s *new_prefs;
-
- if (!prefs)
- return NULL;
-
- for (n = 0; prefs[n].type; n++)
- ;
- new_prefs = cdk_calloc (1, sizeof *new_prefs * (n + 1));
- if (!new_prefs)
- return NULL;
- for (n = 0; prefs[n].type; n++)
- {
- new_prefs[n].type = prefs[n].type;
- new_prefs[n].value = prefs[n].value;
- }
- new_prefs[n].type = CDK_PREFTYPE_NONE;
- new_prefs[n].value = 0;
- return new_prefs;
+ size_t n = 0;
+ struct cdk_prefitem_s *new_prefs;
+
+ if (!prefs)
+ return NULL;
+
+ for (n = 0; prefs[n].type; n++);
+ new_prefs = cdk_calloc(1, sizeof *new_prefs * (n + 1));
+ if (!new_prefs)
+ return NULL;
+ for (n = 0; prefs[n].type; n++) {
+ new_prefs[n].type = prefs[n].type;
+ new_prefs[n].value = prefs[n].value;
+ }
+ new_prefs[n].type = CDK_PREFTYPE_NONE;
+ new_prefs[n].value = 0;
+ return new_prefs;
}
-cdk_error_t
-_cdk_copy_userid (cdk_pkt_userid_t * dst, cdk_pkt_userid_t src)
+cdk_error_t _cdk_copy_userid(cdk_pkt_userid_t * dst, cdk_pkt_userid_t src)
{
- cdk_pkt_userid_t u;
+ cdk_pkt_userid_t u;
- if (!dst || !src)
- return CDK_Inv_Value;
+ if (!dst || !src)
+ return CDK_Inv_Value;
- *dst = NULL;
- u = cdk_calloc (1, sizeof *u + strlen (src->name) + 2);
- if (!u)
- return CDK_Out_Of_Core;
- u->name = (char *) u + sizeof (*u);
+ *dst = NULL;
+ u = cdk_calloc(1, sizeof *u + strlen(src->name) + 2);
+ if (!u)
+ return CDK_Out_Of_Core;
+ u->name = (char *) u + sizeof(*u);
- memcpy (u, src, sizeof *u);
- memcpy (u->name, src->name, strlen (src->name));
- u->prefs = _cdk_copy_prefs (src->prefs);
- if (src->selfsig)
- _cdk_copy_signature (&u->selfsig, src->selfsig);
- *dst = u;
+ memcpy(u, src, sizeof *u);
+ memcpy(u->name, src->name, strlen(src->name));
+ u->prefs = _cdk_copy_prefs(src->prefs);
+ if (src->selfsig)
+ _cdk_copy_signature(&u->selfsig, src->selfsig);
+ *dst = u;
- return 0;
+ return 0;
}
-cdk_error_t
-_cdk_copy_pubkey (cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src)
+cdk_error_t _cdk_copy_pubkey(cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src)
{
- cdk_pkt_pubkey_t k;
- int i;
-
- if (!dst || !src)
- return CDK_Inv_Value;
-
- *dst = NULL;
- k = cdk_calloc (1, sizeof *k);
- if (!k)
- return CDK_Out_Of_Core;
- memcpy (k, src, sizeof *k);
- if (src->uid)
- _cdk_copy_userid (&k->uid, src->uid);
- if (src->prefs)
- k->prefs = _cdk_copy_prefs (src->prefs);
- for (i = 0; i < cdk_pk_get_npkey (src->pubkey_algo); i++)
- k->mpi[i] = _gnutls_mpi_copy (src->mpi[i]);
- *dst = k;
-
- return 0;
+ cdk_pkt_pubkey_t k;
+ int i;
+
+ if (!dst || !src)
+ return CDK_Inv_Value;
+
+ *dst = NULL;
+ k = cdk_calloc(1, sizeof *k);
+ if (!k)
+ return CDK_Out_Of_Core;
+ memcpy(k, src, sizeof *k);
+ if (src->uid)
+ _cdk_copy_userid(&k->uid, src->uid);
+ if (src->prefs)
+ k->prefs = _cdk_copy_prefs(src->prefs);
+ for (i = 0; i < cdk_pk_get_npkey(src->pubkey_algo); i++)
+ k->mpi[i] = _gnutls_mpi_copy(src->mpi[i]);
+ *dst = k;
+
+ return 0;
}
-cdk_error_t
-_cdk_copy_seckey (cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src)
+cdk_error_t _cdk_copy_seckey(cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src)
{
- cdk_pkt_seckey_t k;
- int i;
-
- if (!dst || !src)
- return CDK_Inv_Value;
-
- *dst = NULL;
- k = cdk_calloc (1, sizeof *k);
- if (!k)
- return CDK_Out_Of_Core;
- memcpy (k, src, sizeof *k);
- _cdk_copy_pubkey (&k->pk, src->pk);
-
- if (src->encdata)
- {
- k->encdata = cdk_calloc (1, src->enclen + 1);
- if (!k->encdata)
- return CDK_Out_Of_Core;
- memcpy (k->encdata, src->encdata, src->enclen);
- }
-
- _cdk_s2k_copy (&k->protect.s2k, src->protect.s2k);
- for (i = 0; i < cdk_pk_get_nskey (src->pubkey_algo); i++)
- {
- k->mpi[i] = _gnutls_mpi_copy (src->mpi[i]);
- }
-
- *dst = k;
- return 0;
+ cdk_pkt_seckey_t k;
+ int i;
+
+ if (!dst || !src)
+ return CDK_Inv_Value;
+
+ *dst = NULL;
+ k = cdk_calloc(1, sizeof *k);
+ if (!k)
+ return CDK_Out_Of_Core;
+ memcpy(k, src, sizeof *k);
+ _cdk_copy_pubkey(&k->pk, src->pk);
+
+ if (src->encdata) {
+ k->encdata = cdk_calloc(1, src->enclen + 1);
+ if (!k->encdata)
+ return CDK_Out_Of_Core;
+ memcpy(k->encdata, src->encdata, src->enclen);
+ }
+
+ _cdk_s2k_copy(&k->protect.s2k, src->protect.s2k);
+ for (i = 0; i < cdk_pk_get_nskey(src->pubkey_algo); i++) {
+ k->mpi[i] = _gnutls_mpi_copy(src->mpi[i]);
+ }
+
+ *dst = k;
+ return 0;
}
-cdk_error_t
-_cdk_copy_pk_to_sk (cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk)
+cdk_error_t _cdk_copy_pk_to_sk(cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk)
{
- if (!pk || !sk)
- return CDK_Inv_Value;
-
- sk->version = pk->version;
- sk->expiredate = pk->expiredate;
- sk->pubkey_algo = _pgp_pub_algo_to_cdk (pk->pubkey_algo);
- sk->has_expired = pk->has_expired;
- sk->is_revoked = pk->is_revoked;
- sk->main_keyid[0] = pk->main_keyid[0];
- sk->main_keyid[1] = pk->main_keyid[1];
- sk->keyid[0] = pk->keyid[0];
- sk->keyid[1] = pk->keyid[1];
-
- return 0;
+ if (!pk || !sk)
+ return CDK_Inv_Value;
+
+ sk->version = pk->version;
+ sk->expiredate = pk->expiredate;
+ sk->pubkey_algo = _pgp_pub_algo_to_cdk(pk->pubkey_algo);
+ sk->has_expired = pk->has_expired;
+ sk->is_revoked = pk->is_revoked;
+ sk->main_keyid[0] = pk->main_keyid[0];
+ sk->main_keyid[1] = pk->main_keyid[1];
+ sk->keyid[0] = pk->keyid[0];
+ sk->keyid[1] = pk->keyid[1];
+
+ return 0;
}
cdk_error_t
-_cdk_copy_signature (cdk_pkt_signature_t * dst, cdk_pkt_signature_t src)
+_cdk_copy_signature(cdk_pkt_signature_t * dst, cdk_pkt_signature_t src)
{
- cdk_pkt_signature_t s;
-
- if (!dst || !src)
- return CDK_Inv_Value;
-
- *dst = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- return CDK_Out_Of_Core;
- memcpy (s, src, sizeof *src);
- _cdk_subpkt_copy (&s->hashed, src->hashed);
- _cdk_subpkt_copy (&s->unhashed, src->unhashed);
- /* FIXME: Copy MPI parts */
- *dst = s;
-
- return 0;
+ cdk_pkt_signature_t s;
+
+ if (!dst || !src)
+ return CDK_Inv_Value;
+
+ *dst = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s)
+ return CDK_Out_Of_Core;
+ memcpy(s, src, sizeof *src);
+ _cdk_subpkt_copy(&s->hashed, src->hashed);
+ _cdk_subpkt_copy(&s->unhashed, src->unhashed);
+ /* FIXME: Copy MPI parts */
+ *dst = s;
+
+ return 0;
}
-cdk_error_t
-_cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b)
+cdk_error_t _cdk_pubkey_compare(cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b)
{
- int na, nb, i;
-
- if (a->timestamp != b->timestamp || a->pubkey_algo != b->pubkey_algo)
- return -1;
- if (a->version < 4 && a->expiredate != b->expiredate)
- return -1;
- na = cdk_pk_get_npkey (a->pubkey_algo);
- nb = cdk_pk_get_npkey (b->pubkey_algo);
- if (na != nb)
- return -1;
-
- for (i = 0; i < na; i++)
- {
- if (_gnutls_mpi_cmp (a->mpi[i], b->mpi[i]))
- return -1;
- }
-
- return 0;
+ int na, nb, i;
+
+ if (a->timestamp != b->timestamp
+ || a->pubkey_algo != b->pubkey_algo)
+ return -1;
+ if (a->version < 4 && a->expiredate != b->expiredate)
+ return -1;
+ na = cdk_pk_get_npkey(a->pubkey_algo);
+ nb = cdk_pk_get_npkey(b->pubkey_algo);
+ if (na != nb)
+ return -1;
+
+ for (i = 0; i < na; i++) {
+ if (_gnutls_mpi_cmp(a->mpi[i], b->mpi[i]))
+ return -1;
+ }
+
+ return 0;
}
@@ -533,17 +511,15 @@ _cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b)
*
* Release the context.
**/
-void
-cdk_subpkt_free (cdk_subpkt_t ctx)
+void cdk_subpkt_free(cdk_subpkt_t ctx)
{
- cdk_subpkt_t s;
-
- while (ctx)
- {
- s = ctx->next;
- cdk_free (ctx);
- ctx = s;
- }
+ cdk_subpkt_t s;
+
+ while (ctx) {
+ s = ctx->next;
+ cdk_free(ctx);
+ ctx = s;
+ }
}
@@ -555,10 +531,9 @@ cdk_subpkt_free (cdk_subpkt_t ctx)
* Find the given packet type in the node. If no packet with this
* type was found, return null otherwise pointer to the node.
**/
-cdk_subpkt_t
-cdk_subpkt_find (cdk_subpkt_t ctx, size_t type)
+cdk_subpkt_t cdk_subpkt_find(cdk_subpkt_t ctx, size_t type)
{
- return cdk_subpkt_find_nth (ctx, type, 0);
+ return cdk_subpkt_find_nth(ctx, type, 0);
}
/**
@@ -568,20 +543,18 @@ cdk_subpkt_find (cdk_subpkt_t ctx, size_t type)
*
* Return the amount of sub packets with this type.
**/
-size_t
-cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type)
+size_t cdk_subpkt_type_count(cdk_subpkt_t ctx, size_t type)
{
- cdk_subpkt_t s;
- size_t count;
+ cdk_subpkt_t s;
+ size_t count;
- count = 0;
- for (s = ctx; s; s = s->next)
- {
- if (s->type == type)
- count++;
- }
+ count = 0;
+ for (s = ctx; s; s = s->next) {
+ if (s->type == type)
+ count++;
+ }
- return count;
+ return count;
}
@@ -593,20 +566,18 @@ cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type)
*
* Return the nth sub packet of the given type.
**/
-cdk_subpkt_t
-cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type, size_t idx)
+cdk_subpkt_t cdk_subpkt_find_nth(cdk_subpkt_t ctx, size_t type, size_t idx)
{
- cdk_subpkt_t s;
- size_t pos;
+ cdk_subpkt_t s;
+ size_t pos;
- pos = 0;
- for (s = ctx; s; s = s->next)
- {
- if (s->type == type && pos++ == idx)
- return s;
- }
+ pos = 0;
+ for (s = ctx; s; s = s->next) {
+ if (s->type == type && pos++ == idx)
+ return s;
+ }
- return NULL;
+ return NULL;
}
@@ -616,19 +587,18 @@ cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type, size_t idx)
*
* Create a new sub packet node with the size of @size.
**/
-cdk_subpkt_t
-cdk_subpkt_new (size_t size)
+cdk_subpkt_t cdk_subpkt_new(size_t size)
{
- cdk_subpkt_t s;
+ cdk_subpkt_t s;
- if (!size)
- return NULL;
- s = cdk_calloc (1, sizeof *s + size + 2);
- if (!s)
- return NULL;
- s->d = (byte*)s + sizeof (*s);
+ if (!size)
+ return NULL;
+ s = cdk_calloc(1, sizeof *s + size + 2);
+ if (!s)
+ return NULL;
+ s->d = (byte *) s + sizeof(*s);
- return s;
+ return s;
}
@@ -641,15 +611,15 @@ cdk_subpkt_new (size_t size)
* Extract the data from the given sub packet. The type is returned
* in @r_type and the size in @r_nbytes.
**/
-const byte *
-cdk_subpkt_get_data (cdk_subpkt_t ctx, size_t * r_type, size_t * r_nbytes)
+const byte *cdk_subpkt_get_data(cdk_subpkt_t ctx, size_t * r_type,
+ size_t * r_nbytes)
{
- if (!ctx || !r_nbytes)
- return NULL;
- if (r_type)
- *r_type = ctx->type;
- *r_nbytes = ctx->size;
- return ctx->d;
+ if (!ctx || !r_nbytes)
+ return NULL;
+ if (r_type)
+ *r_type = ctx->type;
+ *r_nbytes = ctx->size;
+ return ctx->d;
}
@@ -660,111 +630,98 @@ cdk_subpkt_get_data (cdk_subpkt_t ctx, size_t * r_type, size_t * r_nbytes)
*
* Add the node in @node to the root node @root.
**/
-cdk_error_t
-cdk_subpkt_add (cdk_subpkt_t root, cdk_subpkt_t node)
+cdk_error_t cdk_subpkt_add(cdk_subpkt_t root, cdk_subpkt_t node)
{
- cdk_subpkt_t n1;
-
- if (!root)
- return CDK_Inv_Value;
- for (n1 = root; n1->next; n1 = n1->next)
- ;
- n1->next = node;
- return 0;
+ cdk_subpkt_t n1;
+
+ if (!root)
+ return CDK_Inv_Value;
+ for (n1 = root; n1->next; n1 = n1->next);
+ n1->next = node;
+ return 0;
}
-byte *
-_cdk_subpkt_get_array (cdk_subpkt_t s, int count, size_t * r_nbytes)
+byte *_cdk_subpkt_get_array(cdk_subpkt_t s, int count, size_t * r_nbytes)
{
- cdk_subpkt_t list;
- byte *buf;
- size_t n, nbytes;
-
- if (!s)
- {
- if (r_nbytes)
- *r_nbytes = 0;
- return NULL;
- }
-
- for (n = 0, list = s; list; list = list->next)
- {
- n++; /* type */
- n += list->size;
- if (list->size < 192)
- n++;
- else if (list->size < 8384)
- n += 2;
- else
- n += 5;
- }
- buf = cdk_calloc (1, n + 1);
- if (!buf)
- return NULL;
-
- n = 0;
- for (list = s; list; list = list->next)
- {
- nbytes = 1 + list->size; /* type */
- if (nbytes < 192)
- buf[n++] = nbytes;
- else if (nbytes < 8384)
- {
- nbytes -= 192;
- buf[n++] = nbytes / 256 + 192;
- buf[n++] = nbytes & 0xff;
- }
- else
- {
- buf[n++] = 0xFF;
- buf[n++] = nbytes >> 24;
- buf[n++] = nbytes >> 16;
- buf[n++] = nbytes >> 8;
- buf[n++] = nbytes;
- }
-
- buf[n++] = list->type;
- memcpy (buf + n, list->d, list->size);
- n += list->size;
- }
-
- if (count)
- {
- cdk_free (buf);
- buf = NULL;
- }
- if (r_nbytes)
- *r_nbytes = n;
- return buf;
+ cdk_subpkt_t list;
+ byte *buf;
+ size_t n, nbytes;
+
+ if (!s) {
+ if (r_nbytes)
+ *r_nbytes = 0;
+ return NULL;
+ }
+
+ for (n = 0, list = s; list; list = list->next) {
+ n++; /* type */
+ n += list->size;
+ if (list->size < 192)
+ n++;
+ else if (list->size < 8384)
+ n += 2;
+ else
+ n += 5;
+ }
+ buf = cdk_calloc(1, n + 1);
+ if (!buf)
+ return NULL;
+
+ n = 0;
+ for (list = s; list; list = list->next) {
+ nbytes = 1 + list->size; /* type */
+ if (nbytes < 192)
+ buf[n++] = nbytes;
+ else if (nbytes < 8384) {
+ nbytes -= 192;
+ buf[n++] = nbytes / 256 + 192;
+ buf[n++] = nbytes & 0xff;
+ } else {
+ buf[n++] = 0xFF;
+ buf[n++] = nbytes >> 24;
+ buf[n++] = nbytes >> 16;
+ buf[n++] = nbytes >> 8;
+ buf[n++] = nbytes;
+ }
+
+ buf[n++] = list->type;
+ memcpy(buf + n, list->d, list->size);
+ n += list->size;
+ }
+
+ if (count) {
+ cdk_free(buf);
+ buf = NULL;
+ }
+ if (r_nbytes)
+ *r_nbytes = n;
+ return buf;
}
-cdk_error_t
-_cdk_subpkt_copy (cdk_subpkt_t * r_dst, cdk_subpkt_t src)
+cdk_error_t _cdk_subpkt_copy(cdk_subpkt_t * r_dst, cdk_subpkt_t src)
{
- cdk_subpkt_t root, p, node;
-
- if (!src || !r_dst)
- return CDK_Inv_Value;
-
- root = NULL;
- for (p = src; p; p = p->next)
- {
- node = cdk_subpkt_new (p->size);
- if (node)
- {
- memcpy (node->d, p->d, p->size);
- node->type = p->type;
- node->size = p->size;
- }
- if (!root)
- root = node;
- else
- cdk_subpkt_add (root, node);
- }
- *r_dst = root;
- return 0;
+ cdk_subpkt_t root, p, node;
+
+ if (!src || !r_dst)
+ return CDK_Inv_Value;
+
+ root = NULL;
+ for (p = src; p; p = p->next) {
+ node = cdk_subpkt_new(p->size);
+ if (node) {
+ memcpy(node->d, p->d, p->size);
+ node->type = p->type;
+ node->size = p->size;
+ }
+ if (!root)
+ root = node;
+ else
+ cdk_subpkt_add(root, node);
+ }
+ *r_dst = root;
+ return 0;
}
@@ -778,43 +735,38 @@ _cdk_subpkt_copy (cdk_subpkt_t * r_dst, cdk_subpkt_t src)
* Set the packet data of the given root and set the type of it.
**/
void
-cdk_subpkt_init (cdk_subpkt_t node, size_t type,
- const void *buf, size_t buflen)
+cdk_subpkt_init(cdk_subpkt_t node, size_t type,
+ const void *buf, size_t buflen)
{
- if (!node)
- return;
- node->type = type;
- node->size = buflen;
- memcpy (node->d, buf, buflen);
+ if (!node)
+ return;
+ node->type = type;
+ node->size = buflen;
+ memcpy(node->d, buf, buflen);
}
/* FIXME: We need to think of a public interface for it. */
-const byte *
-cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
- cdk_desig_revoker_t * ctx,
- int *r_class, int *r_algid)
+const byte *cdk_key_desig_revoker_walk(cdk_desig_revoker_t root,
+ cdk_desig_revoker_t * ctx,
+ int *r_class, int *r_algid)
{
- cdk_desig_revoker_t n;
-
- if (!*ctx)
- {
- *ctx = root;
- n = root;
- }
- else
- {
- n = (*ctx)->next;
- *ctx = n;
- }
-
- if (n && r_class && r_algid)
- {
- *r_class = n->r_class;
- *r_algid = n->algid;
- }
-
- return n ? n->fpr : NULL;
+ cdk_desig_revoker_t n;
+
+ if (!*ctx) {
+ *ctx = root;
+ n = root;
+ } else {
+ n = (*ctx)->next;
+ *ctx = n;
+ }
+
+ if (n && r_class && r_algid) {
+ *r_class = n->r_class;
+ *r_algid = n->algid;
+ }
+
+ return n ? n->fpr : NULL;
}
@@ -826,18 +778,16 @@ cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
* Try to find the next node after @root with type.
* If type is 0, the next node will be returned.
**/
-cdk_subpkt_t
-cdk_subpkt_find_next (cdk_subpkt_t root, size_t type)
+cdk_subpkt_t cdk_subpkt_find_next(cdk_subpkt_t root, size_t type)
{
- cdk_subpkt_t node;
+ cdk_subpkt_t node;
- for (node = root->next; node; node = node->next)
- {
- if (!type)
- return node;
- else if (node->type == type)
- return node;
- }
+ for (node = root->next; node; node = node->next) {
+ if (!type)
+ return node;
+ else if (node->type == type)
+ return node;
+ }
- return NULL;
+ return NULL;
}
diff --git a/lib/opencdk/opencdk.h b/lib/opencdk/opencdk.h
index b8eef0e407..c06b749845 100644
--- a/lib/opencdk/opencdk.h
+++ b/lib/opencdk/opencdk.h
@@ -25,7 +25,7 @@
#include <config.h>
#include <gnutls_int.h>
-#include <stddef.h> /* for size_t */
+#include <stddef.h> /* for size_t */
#include <stdarg.h>
#include <gnutls_mem.h>
#include <gnutls/gnutls.h>
@@ -41,335 +41,316 @@
#define OPENCDK_VERSION_PATCH 6
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/* General contexts */
/* 'Session' handle to support the various options and run-time
information. */
- struct cdk_ctx_s;
- typedef struct cdk_ctx_s *cdk_ctx_t;
+ struct cdk_ctx_s;
+ typedef struct cdk_ctx_s *cdk_ctx_t;
/* A generic context to store list of strings. */
- struct cdk_strlist_s;
- typedef struct cdk_strlist_s *cdk_strlist_t;
+ struct cdk_strlist_s;
+ typedef struct cdk_strlist_s *cdk_strlist_t;
/* Context used to list keys of a keyring. */
- struct cdk_listkey_s;
- typedef struct cdk_listkey_s *cdk_listkey_t;
+ struct cdk_listkey_s;
+ typedef struct cdk_listkey_s *cdk_listkey_t;
/* Opaque String to Key (S2K) handle. */
- struct cdk_s2k_s;
- typedef struct cdk_s2k_s *cdk_s2k_t;
+ struct cdk_s2k_s;
+ typedef struct cdk_s2k_s *cdk_s2k_t;
/* Abstract I/O object, a stream, which is used for most operations. */
- struct cdk_stream_s;
- typedef struct cdk_stream_s *cdk_stream_t;
+ struct cdk_stream_s;
+ typedef struct cdk_stream_s *cdk_stream_t;
/* Opaque handle for the user ID preferences. */
- struct cdk_prefitem_s;
- typedef struct cdk_prefitem_s *cdk_prefitem_t;
+ struct cdk_prefitem_s;
+ typedef struct cdk_prefitem_s *cdk_prefitem_t;
/* Node to store a single key node packet. */
- struct cdk_kbnode_s;
- typedef struct cdk_kbnode_s *cdk_kbnode_t;
+ struct cdk_kbnode_s;
+ typedef struct cdk_kbnode_s *cdk_kbnode_t;
/* Key database handle. */
- struct cdk_keydb_hd_s;
- typedef struct cdk_keydb_hd_s *cdk_keydb_hd_t;
+ struct cdk_keydb_hd_s;
+ typedef struct cdk_keydb_hd_s *cdk_keydb_hd_t;
- struct cdk_keydb_search_s;
- typedef struct cdk_keydb_search_s *cdk_keydb_search_t;
+ struct cdk_keydb_search_s;
+ typedef struct cdk_keydb_search_s *cdk_keydb_search_t;
/* Context to store a list of recipient keys. */
- struct cdk_keylist_s;
- typedef struct cdk_keylist_s *cdk_keylist_t;
+ struct cdk_keylist_s;
+ typedef struct cdk_keylist_s *cdk_keylist_t;
/* Context to encapsulate a single sub packet of a signature. */
- struct cdk_subpkt_s;
- typedef struct cdk_subpkt_s *cdk_subpkt_t;
+ struct cdk_subpkt_s;
+ typedef struct cdk_subpkt_s *cdk_subpkt_t;
/* Context used to generate key pairs. */
- struct cdk_keygen_ctx_s;
- typedef struct cdk_keygen_ctx_s *cdk_keygen_ctx_t;
+ struct cdk_keygen_ctx_s;
+ typedef struct cdk_keygen_ctx_s *cdk_keygen_ctx_t;
/* Handle for a single designated revoker. */
- struct cdk_desig_revoker_s;
- typedef struct cdk_desig_revoker_s *cdk_desig_revoker_t;
+ struct cdk_desig_revoker_s;
+ typedef struct cdk_desig_revoker_s *cdk_desig_revoker_t;
/* Alias for backward compatibility. */
- typedef bigint_t cdk_mpi_t;
+ typedef bigint_t cdk_mpi_t;
/* All valid error constants. */
- typedef enum
- {
- CDK_EOF = -1,
- CDK_Success = 0,
- CDK_General_Error = 1,
- CDK_File_Error = 2,
- CDK_Bad_Sig = 3,
- CDK_Inv_Packet = 4,
- CDK_Inv_Algo = 5,
- CDK_Not_Implemented = 6,
- CDK_Armor_Error = 8,
- CDK_Armor_CRC_Error = 9,
- CDK_MPI_Error = 10,
- CDK_Inv_Value = 11,
- CDK_Error_No_Key = 12,
- CDK_Chksum_Error = 13,
- CDK_Time_Conflict = 14,
- CDK_Zlib_Error = 15,
- CDK_Weak_Key = 16,
- CDK_Out_Of_Core = 17,
- CDK_Wrong_Seckey = 18,
- CDK_Bad_MDC = 19,
- CDK_Inv_Mode = 20,
- CDK_Error_No_Keyring = 21,
- CDK_Wrong_Format = 22,
- CDK_Inv_Packet_Ver = 23,
- CDK_Too_Short = 24,
- CDK_Unusable_Key = 25,
- CDK_No_Data = 26,
- CDK_No_Passphrase = 27,
- CDK_Network_Error = 28
- } cdk_error_t;
-
-
- enum cdk_control_flags
- {
- CDK_CTLF_SET = 0, /* Value to set an option */
- CDK_CTLF_GET = 1, /* Value to get an option */
- CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */
- CDK_CTL_ARMOR = 12, /* Option to enable armor output. */
- CDK_CTL_COMPRESS = 13, /* Option to enable compression. */
- CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */
- CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */
- CDK_CTL_S2K = 16, /* Option to set S2K values. */
- CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */
- CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */
- };
+ typedef enum {
+ CDK_EOF = -1,
+ CDK_Success = 0,
+ CDK_General_Error = 1,
+ CDK_File_Error = 2,
+ CDK_Bad_Sig = 3,
+ CDK_Inv_Packet = 4,
+ CDK_Inv_Algo = 5,
+ CDK_Not_Implemented = 6,
+ CDK_Armor_Error = 8,
+ CDK_Armor_CRC_Error = 9,
+ CDK_MPI_Error = 10,
+ CDK_Inv_Value = 11,
+ CDK_Error_No_Key = 12,
+ CDK_Chksum_Error = 13,
+ CDK_Time_Conflict = 14,
+ CDK_Zlib_Error = 15,
+ CDK_Weak_Key = 16,
+ CDK_Out_Of_Core = 17,
+ CDK_Wrong_Seckey = 18,
+ CDK_Bad_MDC = 19,
+ CDK_Inv_Mode = 20,
+ CDK_Error_No_Keyring = 21,
+ CDK_Wrong_Format = 22,
+ CDK_Inv_Packet_Ver = 23,
+ CDK_Too_Short = 24,
+ CDK_Unusable_Key = 25,
+ CDK_No_Data = 26,
+ CDK_No_Passphrase = 27,
+ CDK_Network_Error = 28
+ } cdk_error_t;
+
+
+ enum cdk_control_flags {
+ CDK_CTLF_SET = 0, /* Value to set an option */
+ CDK_CTLF_GET = 1, /* Value to get an option */
+ CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */
+ CDK_CTL_ARMOR = 12, /* Option to enable armor output. */
+ CDK_CTL_COMPRESS = 13, /* Option to enable compression. */
+ CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */
+ CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */
+ CDK_CTL_S2K = 16, /* Option to set S2K values. */
+ CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */
+ CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */
+ };
/* Specifies all valid log levels. */
- enum cdk_log_level_t
- {
- CDK_LOG_NONE = 0, /* No log message will be shown. */
- CDK_LOG_INFO = 1,
- CDK_LOG_DEBUG = 2,
- CDK_LOG_DEBUG_PKT = 3
- };
+ enum cdk_log_level_t {
+ CDK_LOG_NONE = 0, /* No log message will be shown. */
+ CDK_LOG_INFO = 1,
+ CDK_LOG_DEBUG = 2,
+ CDK_LOG_DEBUG_PKT = 3
+ };
/* All valid compression algorithms in OpenPGP */
- enum cdk_compress_algo_t
- {
- CDK_COMPRESS_NONE = 0,
- CDK_COMPRESS_ZIP = 1,
- CDK_COMPRESS_ZLIB = 2,
- CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */
- };
+ enum cdk_compress_algo_t {
+ CDK_COMPRESS_NONE = 0,
+ CDK_COMPRESS_ZIP = 1,
+ CDK_COMPRESS_ZLIB = 2,
+ CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */
+ };
/* All valid public key algorithms valid in OpenPGP */
- enum cdk_pubkey_algo_t
- {
- CDK_PK_UNKNOWN = 0,
- CDK_PK_RSA = 1,
- CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */
- CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */
- CDK_PK_ELG_E = 16,
- CDK_PK_DSA = 17
- };
+ enum cdk_pubkey_algo_t {
+ CDK_PK_UNKNOWN = 0,
+ CDK_PK_RSA = 1,
+ CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */
+ CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */
+ CDK_PK_ELG_E = 16,
+ CDK_PK_DSA = 17
+ };
/* The valid 'String-To-Key' modes */
- enum cdk_s2k_type_t
- {
- CDK_S2K_SIMPLE = 0,
- CDK_S2K_SALTED = 1,
- CDK_S2K_ITERSALTED = 3,
- CDK_S2K_GNU_EXT = 101
- /* GNU extensions: refer to DETAILS from GnuPG:
- http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG
- */
- };
+ enum cdk_s2k_type_t {
+ CDK_S2K_SIMPLE = 0,
+ CDK_S2K_SALTED = 1,
+ CDK_S2K_ITERSALTED = 3,
+ CDK_S2K_GNU_EXT = 101
+ /* GNU extensions: refer to DETAILS from GnuPG:
+ http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG
+ */
+ };
/* The different kind of user ID preferences. */
- enum cdk_pref_type_t
- {
- CDK_PREFTYPE_NONE = 0,
- CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */
- CDK_PREFTYPE_HASH = 2, /* Message digests */
- CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */
- };
+ enum cdk_pref_type_t {
+ CDK_PREFTYPE_NONE = 0,
+ CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */
+ CDK_PREFTYPE_HASH = 2, /* Message digests */
+ CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */
+ };
/* All valid sub packet types. */
- enum cdk_sig_subpacket_t
- {
- CDK_SIGSUBPKT_NONE = 0,
- CDK_SIGSUBPKT_SIG_CREATED = 2,
- CDK_SIGSUBPKT_SIG_EXPIRE = 3,
- CDK_SIGSUBPKT_EXPORTABLE = 4,
- CDK_SIGSUBPKT_TRUST = 5,
- CDK_SIGSUBPKT_REGEXP = 6,
- CDK_SIGSUBPKT_REVOCABLE = 7,
- CDK_SIGSUBPKT_KEY_EXPIRE = 9,
- CDK_SIGSUBPKT_PREFS_SYM = 11,
- CDK_SIGSUBPKT_REV_KEY = 12,
- CDK_SIGSUBPKT_ISSUER = 16,
- CDK_SIGSUBPKT_NOTATION = 20,
- CDK_SIGSUBPKT_PREFS_HASH = 21,
- CDK_SIGSUBPKT_PREFS_ZIP = 22,
- CDK_SIGSUBPKT_KS_FLAGS = 23,
- CDK_SIGSUBPKT_PREF_KS = 24,
- CDK_SIGSUBPKT_PRIMARY_UID = 25,
- CDK_SIGSUBPKT_POLICY = 26,
- CDK_SIGSUBPKT_KEY_FLAGS = 27,
- CDK_SIGSUBPKT_SIGNERS_UID = 28,
- CDK_SIGSUBPKT_REVOC_REASON = 29,
- CDK_SIGSUBPKT_FEATURES = 30
- };
+ enum cdk_sig_subpacket_t {
+ CDK_SIGSUBPKT_NONE = 0,
+ CDK_SIGSUBPKT_SIG_CREATED = 2,
+ CDK_SIGSUBPKT_SIG_EXPIRE = 3,
+ CDK_SIGSUBPKT_EXPORTABLE = 4,
+ CDK_SIGSUBPKT_TRUST = 5,
+ CDK_SIGSUBPKT_REGEXP = 6,
+ CDK_SIGSUBPKT_REVOCABLE = 7,
+ CDK_SIGSUBPKT_KEY_EXPIRE = 9,
+ CDK_SIGSUBPKT_PREFS_SYM = 11,
+ CDK_SIGSUBPKT_REV_KEY = 12,
+ CDK_SIGSUBPKT_ISSUER = 16,
+ CDK_SIGSUBPKT_NOTATION = 20,
+ CDK_SIGSUBPKT_PREFS_HASH = 21,
+ CDK_SIGSUBPKT_PREFS_ZIP = 22,
+ CDK_SIGSUBPKT_KS_FLAGS = 23,
+ CDK_SIGSUBPKT_PREF_KS = 24,
+ CDK_SIGSUBPKT_PRIMARY_UID = 25,
+ CDK_SIGSUBPKT_POLICY = 26,
+ CDK_SIGSUBPKT_KEY_FLAGS = 27,
+ CDK_SIGSUBPKT_SIGNERS_UID = 28,
+ CDK_SIGSUBPKT_REVOC_REASON = 29,
+ CDK_SIGSUBPKT_FEATURES = 30
+ };
/* All valid armor types. */
- enum cdk_armor_type_t
- {
- CDK_ARMOR_MESSAGE = 0,
- CDK_ARMOR_PUBKEY = 1,
- CDK_ARMOR_SECKEY = 2,
- CDK_ARMOR_SIGNATURE = 3,
- CDK_ARMOR_CLEARSIG = 4
- };
-
- enum cdk_keydb_flag_t
- {
- /* Valid database search modes */
- CDK_DBSEARCH_EXACT = 1, /* Exact string search */
- CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */
- CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */
- CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */
- CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */
- CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */
- CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */
- /* Valid database types */
- CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */
- CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */
- CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */
- };
+ enum cdk_armor_type_t {
+ CDK_ARMOR_MESSAGE = 0,
+ CDK_ARMOR_PUBKEY = 1,
+ CDK_ARMOR_SECKEY = 2,
+ CDK_ARMOR_SIGNATURE = 3,
+ CDK_ARMOR_CLEARSIG = 4
+ };
+
+ enum cdk_keydb_flag_t {
+ /* Valid database search modes */
+ CDK_DBSEARCH_EXACT = 1, /* Exact string search */
+ CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */
+ CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */
+ CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */
+ CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */
+ CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */
+ CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */
+ /* Valid database types */
+ CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */
+ CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */
+ CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */
+ };
/* All valid modes for cdk_data_transform() */
- enum cdk_crypto_mode_t
- {
- CDK_CRYPTYPE_NONE = 0,
- CDK_CRYPTYPE_ENCRYPT = 1,
- CDK_CRYPTYPE_DECRYPT = 2,
- CDK_CRYPTYPE_SIGN = 3,
- CDK_CRYPTYPE_VERIFY = 4,
- CDK_CRYPTYPE_EXPORT = 5,
- CDK_CRYPTYPE_IMPORT = 6
- };
+ enum cdk_crypto_mode_t {
+ CDK_CRYPTYPE_NONE = 0,
+ CDK_CRYPTYPE_ENCRYPT = 1,
+ CDK_CRYPTYPE_DECRYPT = 2,
+ CDK_CRYPTYPE_SIGN = 3,
+ CDK_CRYPTYPE_VERIFY = 4,
+ CDK_CRYPTYPE_EXPORT = 5,
+ CDK_CRYPTYPE_IMPORT = 6
+ };
#define CDK_KEY_USG_ENCR (CDK_KEY_USG_COMM_ENCR | CDK_KEY_USG_STORAGE_ENCR)
#define CDK_KEY_USG_SIGN (CDK_KEY_USG_DATA_SIGN | CDK_KEY_USG_CERT_SIGN)
/* A list of valid public key usages. */
- enum cdk_key_usage_t
- {
- CDK_KEY_USG_CERT_SIGN = 1,
- CDK_KEY_USG_DATA_SIGN = 2,
- CDK_KEY_USG_COMM_ENCR = 4,
- CDK_KEY_USG_STORAGE_ENCR = 8,
- CDK_KEY_USG_SPLIT_KEY = 16,
- CDK_KEY_USG_AUTH = 32,
- CDK_KEY_USG_SHARED_KEY = 128
- };
+ enum cdk_key_usage_t {
+ CDK_KEY_USG_CERT_SIGN = 1,
+ CDK_KEY_USG_DATA_SIGN = 2,
+ CDK_KEY_USG_COMM_ENCR = 4,
+ CDK_KEY_USG_STORAGE_ENCR = 8,
+ CDK_KEY_USG_SPLIT_KEY = 16,
+ CDK_KEY_USG_AUTH = 32,
+ CDK_KEY_USG_SHARED_KEY = 128
+ };
/* Valid flags for keys. */
- enum cdk_key_flag_t
- {
- CDK_KEY_VALID = 0,
- CDK_KEY_INVALID = 1, /* Missing or wrong self signature */
- CDK_KEY_EXPIRED = 2, /* Key is expired. */
- CDK_KEY_REVOKED = 4, /* Key has been revoked. */
- CDK_KEY_NOSIGNER = 8
- };
+ enum cdk_key_flag_t {
+ CDK_KEY_VALID = 0,
+ CDK_KEY_INVALID = 1, /* Missing or wrong self signature */
+ CDK_KEY_EXPIRED = 2, /* Key is expired. */
+ CDK_KEY_REVOKED = 4, /* Key has been revoked. */
+ CDK_KEY_NOSIGNER = 8
+ };
/* Trust values and flags for keys and user IDs */
- enum cdk_trust_flag_t
- {
- CDK_TRUST_UNKNOWN = 0,
- CDK_TRUST_EXPIRED = 1,
- CDK_TRUST_UNDEFINED = 2,
- CDK_TRUST_NEVER = 3,
- CDK_TRUST_MARGINAL = 4,
- CDK_TRUST_FULLY = 5,
- CDK_TRUST_ULTIMATE = 6,
- /* trust flags */
- CDK_TFLAG_REVOKED = 32,
- CDK_TFLAG_SUB_REVOKED = 64,
- CDK_TFLAG_DISABLED = 128
- };
+ enum cdk_trust_flag_t {
+ CDK_TRUST_UNKNOWN = 0,
+ CDK_TRUST_EXPIRED = 1,
+ CDK_TRUST_UNDEFINED = 2,
+ CDK_TRUST_NEVER = 3,
+ CDK_TRUST_MARGINAL = 4,
+ CDK_TRUST_FULLY = 5,
+ CDK_TRUST_ULTIMATE = 6,
+ /* trust flags */
+ CDK_TFLAG_REVOKED = 32,
+ CDK_TFLAG_SUB_REVOKED = 64,
+ CDK_TFLAG_DISABLED = 128
+ };
/* Signature states and the signature modes. */
- enum cdk_signature_stat_t
- {
- /* Signature status */
- CDK_SIGSTAT_NONE = 0,
- CDK_SIGSTAT_GOOD = 1,
- CDK_SIGSTAT_BAD = 2,
- CDK_SIGSTAT_NOKEY = 3,
- CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */
- /* FIXME: We need indicators for revoked/expires signatures. */
-
- /* Signature modes */
- CDK_SIGMODE_NORMAL = 100,
- CDK_SIGMODE_DETACHED = 101,
- CDK_SIGMODE_CLEAR = 102
- };
+ enum cdk_signature_stat_t {
+ /* Signature status */
+ CDK_SIGSTAT_NONE = 0,
+ CDK_SIGSTAT_GOOD = 1,
+ CDK_SIGSTAT_BAD = 2,
+ CDK_SIGSTAT_NOKEY = 3,
+ CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */
+ /* FIXME: We need indicators for revoked/expires signatures. */
+
+ /* Signature modes */
+ CDK_SIGMODE_NORMAL = 100,
+ CDK_SIGMODE_DETACHED = 101,
+ CDK_SIGMODE_CLEAR = 102
+ };
/* Key flags. */
- typedef enum
- {
- CDK_FLAG_KEY_REVOKED = 256,
- CDK_FLAG_KEY_EXPIRED = 512,
- CDK_FLAG_SIG_EXPIRED = 1024
- } cdk_key_flags_t;
+ typedef enum {
+ CDK_FLAG_KEY_REVOKED = 256,
+ CDK_FLAG_KEY_EXPIRED = 512,
+ CDK_FLAG_SIG_EXPIRED = 1024
+ } cdk_key_flags_t;
/* Possible format for the literal data. */
- typedef enum
- {
- CDK_LITFMT_BINARY = 0,
- CDK_LITFMT_TEXT = 1,
- CDK_LITFMT_UNICODE = 2
- } cdk_lit_format_t;
+ typedef enum {
+ CDK_LITFMT_BINARY = 0,
+ CDK_LITFMT_TEXT = 1,
+ CDK_LITFMT_UNICODE = 2
+ } cdk_lit_format_t;
/* Valid OpenPGP packet types and their IDs */
- typedef enum
- {
- CDK_PKT_RESERVED = 0,
- CDK_PKT_PUBKEY_ENC = 1,
- CDK_PKT_SIGNATURE = 2,
- CDK_PKT_ONEPASS_SIG = 4,
- CDK_PKT_SECRET_KEY = 5,
- CDK_PKT_PUBLIC_KEY = 6,
- CDK_PKT_SECRET_SUBKEY = 7,
- CDK_PKT_COMPRESSED = 8,
- CDK_PKT_MARKER = 10,
- CDK_PKT_LITERAL = 11,
- CDK_PKT_RING_TRUST = 12,
- CDK_PKT_USER_ID = 13,
- CDK_PKT_PUBLIC_SUBKEY = 14,
- CDK_PKT_OLD_COMMENT = 16,
- CDK_PKT_ATTRIBUTE = 17,
- CDK_PKT_MDC = 19
- } cdk_packet_type_t;
+ typedef enum {
+ CDK_PKT_RESERVED = 0,
+ CDK_PKT_PUBKEY_ENC = 1,
+ CDK_PKT_SIGNATURE = 2,
+ CDK_PKT_ONEPASS_SIG = 4,
+ CDK_PKT_SECRET_KEY = 5,
+ CDK_PKT_PUBLIC_KEY = 6,
+ CDK_PKT_SECRET_SUBKEY = 7,
+ CDK_PKT_COMPRESSED = 8,
+ CDK_PKT_MARKER = 10,
+ CDK_PKT_LITERAL = 11,
+ CDK_PKT_RING_TRUST = 12,
+ CDK_PKT_USER_ID = 13,
+ CDK_PKT_PUBLIC_SUBKEY = 14,
+ CDK_PKT_OLD_COMMENT = 16,
+ CDK_PKT_ATTRIBUTE = 17,
+ CDK_PKT_MDC = 19
+ } cdk_packet_type_t;
/* Define the maximal number of multiprecion integers for
a public key. */
@@ -386,228 +367,217 @@ extern "C"
|| ((pkttype)==CDK_PKT_ENCRYPTED))
- struct cdk_pkt_signature_s
- {
- unsigned char version;
- unsigned char sig_class;
- unsigned int timestamp;
- unsigned int expiredate;
- unsigned int keyid[2];
- unsigned char pubkey_algo;
- unsigned char digest_algo;
- unsigned char digest_start[2];
- unsigned short hashed_size;
- cdk_subpkt_t hashed;
- unsigned short unhashed_size;
- cdk_subpkt_t unhashed;
- bigint_t mpi[MAX_CDK_DATA_PARTS];
- cdk_desig_revoker_t revkeys;
- struct
- {
- unsigned exportable:1;
- unsigned revocable:1;
- unsigned policy_url:1;
- unsigned notation:1;
- unsigned expired:1;
- unsigned checked:1;
- unsigned valid:1;
- unsigned missing_key:1;
- } flags;
- unsigned int key[2]; /* only valid for key signatures */
- };
- typedef struct cdk_pkt_signature_s *cdk_pkt_signature_t;
-
-
- struct cdk_pkt_userid_s
- {
- unsigned int len;
- unsigned is_primary:1;
- unsigned is_revoked:1;
- unsigned mdc_feature:1;
- cdk_prefitem_t prefs;
- size_t prefs_size;
- unsigned char *attrib_img; /* Tag 17 if not null */
- size_t attrib_len;
- cdk_pkt_signature_t selfsig;
- char *name;
- };
- typedef struct cdk_pkt_userid_s *cdk_pkt_userid_t;
-
-
- struct cdk_pkt_pubkey_s
- {
- unsigned char version;
- unsigned char pubkey_algo;
- unsigned char fpr[20];
- unsigned int keyid[2];
- unsigned int main_keyid[2];
- unsigned int timestamp;
- unsigned int expiredate;
- bigint_t mpi[MAX_CDK_PK_PARTS];
- unsigned is_revoked:1;
- unsigned is_invalid:1;
- unsigned has_expired:1;
- int pubkey_usage;
- cdk_pkt_userid_t uid;
- cdk_prefitem_t prefs;
- size_t prefs_size;
- cdk_desig_revoker_t revkeys;
- };
- typedef struct cdk_pkt_pubkey_s *cdk_pkt_pubkey_t;
+ struct cdk_pkt_signature_s {
+ unsigned char version;
+ unsigned char sig_class;
+ unsigned int timestamp;
+ unsigned int expiredate;
+ unsigned int keyid[2];
+ unsigned char pubkey_algo;
+ unsigned char digest_algo;
+ unsigned char digest_start[2];
+ unsigned short hashed_size;
+ cdk_subpkt_t hashed;
+ unsigned short unhashed_size;
+ cdk_subpkt_t unhashed;
+ bigint_t mpi[MAX_CDK_DATA_PARTS];
+ cdk_desig_revoker_t revkeys;
+ struct {
+ unsigned exportable:1;
+ unsigned revocable:1;
+ unsigned policy_url:1;
+ unsigned notation:1;
+ unsigned expired:1;
+ unsigned checked:1;
+ unsigned valid:1;
+ unsigned missing_key:1;
+ } flags;
+ unsigned int key[2]; /* only valid for key signatures */
+ };
+ typedef struct cdk_pkt_signature_s *cdk_pkt_signature_t;
+
+
+ struct cdk_pkt_userid_s {
+ unsigned int len;
+ unsigned is_primary:1;
+ unsigned is_revoked:1;
+ unsigned mdc_feature:1;
+ cdk_prefitem_t prefs;
+ size_t prefs_size;
+ unsigned char *attrib_img; /* Tag 17 if not null */
+ size_t attrib_len;
+ cdk_pkt_signature_t selfsig;
+ char *name;
+ };
+ typedef struct cdk_pkt_userid_s *cdk_pkt_userid_t;
+
+
+ struct cdk_pkt_pubkey_s {
+ unsigned char version;
+ unsigned char pubkey_algo;
+ unsigned char fpr[20];
+ unsigned int keyid[2];
+ unsigned int main_keyid[2];
+ unsigned int timestamp;
+ unsigned int expiredate;
+ bigint_t mpi[MAX_CDK_PK_PARTS];
+ unsigned is_revoked:1;
+ unsigned is_invalid:1;
+ unsigned has_expired:1;
+ int pubkey_usage;
+ cdk_pkt_userid_t uid;
+ cdk_prefitem_t prefs;
+ size_t prefs_size;
+ cdk_desig_revoker_t revkeys;
+ };
+ typedef struct cdk_pkt_pubkey_s *cdk_pkt_pubkey_t;
/* Alias to define a generic public key context. */
- typedef cdk_pkt_pubkey_t cdk_pubkey_t;
-
-
- struct cdk_pkt_seckey_s
- {
- cdk_pkt_pubkey_t pk;
- unsigned int expiredate;
- int version;
- int pubkey_algo;
- unsigned int keyid[2];
- unsigned int main_keyid[2];
- unsigned char s2k_usage;
- struct
- {
- unsigned char algo;
- unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */
- cdk_s2k_t s2k;
- unsigned char iv[16];
- unsigned char ivlen;
- } protect;
- unsigned short csum;
- bigint_t mpi[MAX_CDK_PK_PARTS];
- unsigned char *encdata;
- size_t enclen;
- unsigned char is_protected;
- unsigned is_primary:1;
- unsigned has_expired:1;
- unsigned is_revoked:1;
- };
- typedef struct cdk_pkt_seckey_s *cdk_pkt_seckey_t;
+ typedef cdk_pkt_pubkey_t cdk_pubkey_t;
+
+
+ struct cdk_pkt_seckey_s {
+ cdk_pkt_pubkey_t pk;
+ unsigned int expiredate;
+ int version;
+ int pubkey_algo;
+ unsigned int keyid[2];
+ unsigned int main_keyid[2];
+ unsigned char s2k_usage;
+ struct {
+ unsigned char algo;
+ unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */
+ cdk_s2k_t s2k;
+ unsigned char iv[16];
+ unsigned char ivlen;
+ } protect;
+ unsigned short csum;
+ bigint_t mpi[MAX_CDK_PK_PARTS];
+ unsigned char *encdata;
+ size_t enclen;
+ unsigned char is_protected;
+ unsigned is_primary:1;
+ unsigned has_expired:1;
+ unsigned is_revoked:1;
+ };
+ typedef struct cdk_pkt_seckey_s *cdk_pkt_seckey_t;
/* Alias to define a generic secret key context. */
- typedef cdk_pkt_seckey_t cdk_seckey_t;
-
-
- struct cdk_pkt_onepass_sig_s
- {
- unsigned char version;
- unsigned int keyid[2];
- unsigned char sig_class;
- unsigned char digest_algo;
- unsigned char pubkey_algo;
- unsigned char last;
- };
- typedef struct cdk_pkt_onepass_sig_s *cdk_pkt_onepass_sig_t;
-
-
- struct cdk_pkt_pubkey_enc_s
- {
- unsigned char version;
- unsigned int keyid[2];
- int throw_keyid;
- unsigned char pubkey_algo;
- bigint_t mpi[MAX_CDK_DATA_PARTS];
- };
- typedef struct cdk_pkt_pubkey_enc_s *cdk_pkt_pubkey_enc_t;
-
- struct cdk_pkt_encrypted_s
- {
- unsigned int len;
- int extralen;
- unsigned char mdc_method;
- cdk_stream_t buf;
- };
- typedef struct cdk_pkt_encrypted_s *cdk_pkt_encrypted_t;
-
-
- struct cdk_pkt_mdc_s
- {
- unsigned char hash[20];
- };
- typedef struct cdk_pkt_mdc_s *cdk_pkt_mdc_t;
-
-
- struct cdk_pkt_literal_s
- {
- unsigned int len;
- cdk_stream_t buf;
- int mode;
- unsigned int timestamp;
- int namelen;
- char *name;
- };
- typedef struct cdk_pkt_literal_s *cdk_pkt_literal_t;
-
-
- struct cdk_pkt_compressed_s
- {
- unsigned int len;
- int algorithm;
- cdk_stream_t buf;
- };
- typedef struct cdk_pkt_compressed_s *cdk_pkt_compressed_t;
+ typedef cdk_pkt_seckey_t cdk_seckey_t;
+
+
+ struct cdk_pkt_onepass_sig_s {
+ unsigned char version;
+ unsigned int keyid[2];
+ unsigned char sig_class;
+ unsigned char digest_algo;
+ unsigned char pubkey_algo;
+ unsigned char last;
+ };
+ typedef struct cdk_pkt_onepass_sig_s *cdk_pkt_onepass_sig_t;
+
+
+ struct cdk_pkt_pubkey_enc_s {
+ unsigned char version;
+ unsigned int keyid[2];
+ int throw_keyid;
+ unsigned char pubkey_algo;
+ bigint_t mpi[MAX_CDK_DATA_PARTS];
+ };
+ typedef struct cdk_pkt_pubkey_enc_s *cdk_pkt_pubkey_enc_t;
+
+ struct cdk_pkt_encrypted_s {
+ unsigned int len;
+ int extralen;
+ unsigned char mdc_method;
+ cdk_stream_t buf;
+ };
+ typedef struct cdk_pkt_encrypted_s *cdk_pkt_encrypted_t;
+
+
+ struct cdk_pkt_mdc_s {
+ unsigned char hash[20];
+ };
+ typedef struct cdk_pkt_mdc_s *cdk_pkt_mdc_t;
+
+
+ struct cdk_pkt_literal_s {
+ unsigned int len;
+ cdk_stream_t buf;
+ int mode;
+ unsigned int timestamp;
+ int namelen;
+ char *name;
+ };
+ typedef struct cdk_pkt_literal_s *cdk_pkt_literal_t;
+
+
+ struct cdk_pkt_compressed_s {
+ unsigned int len;
+ int algorithm;
+ cdk_stream_t buf;
+ };
+ typedef struct cdk_pkt_compressed_s *cdk_pkt_compressed_t;
/* Structure which represents a single OpenPGP packet. */
- struct cdk_packet_s
- {
- size_t pktlen; /* real packet length */
- size_t pktsize; /* length with all headers */
- int old_ctb; /* 1 if RFC1991 mode is used */
- cdk_packet_type_t pkttype;
- union
- {
- cdk_pkt_mdc_t mdc;
- cdk_pkt_userid_t user_id;
- cdk_pkt_pubkey_t public_key;
- cdk_pkt_seckey_t secret_key;
- cdk_pkt_signature_t signature;
- cdk_pkt_pubkey_enc_t pubkey_enc;
- cdk_pkt_compressed_t compressed;
- cdk_pkt_encrypted_t encrypted;
- cdk_pkt_literal_t literal;
- cdk_pkt_onepass_sig_t onepass_sig;
- } pkt;
- };
- typedef struct cdk_packet_s *cdk_packet_t;
+ struct cdk_packet_s {
+ size_t pktlen; /* real packet length */
+ size_t pktsize; /* length with all headers */
+ int old_ctb; /* 1 if RFC1991 mode is used */
+ cdk_packet_type_t pkttype;
+ union {
+ cdk_pkt_mdc_t mdc;
+ cdk_pkt_userid_t user_id;
+ cdk_pkt_pubkey_t public_key;
+ cdk_pkt_seckey_t secret_key;
+ cdk_pkt_signature_t signature;
+ cdk_pkt_pubkey_enc_t pubkey_enc;
+ cdk_pkt_compressed_t compressed;
+ cdk_pkt_encrypted_t encrypted;
+ cdk_pkt_literal_t literal;
+ cdk_pkt_onepass_sig_t onepass_sig;
+ } pkt;
+ };
+ typedef struct cdk_packet_s *cdk_packet_t;
/* Allocate a new packet or a new packet with the given packet type. */
- cdk_error_t cdk_pkt_new (cdk_packet_t * r_pkt);
- cdk_error_t cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype);
+ cdk_error_t cdk_pkt_new(cdk_packet_t * r_pkt);
+ cdk_error_t cdk_pkt_alloc(cdk_packet_t * r_pkt,
+ cdk_packet_type_t pkttype);
/* Only release the contents of the packet but not @PKT itself. */
- void cdk_pkt_free (cdk_packet_t pkt);
+ void cdk_pkt_free(cdk_packet_t pkt);
/* Release the packet contents and the packet structure @PKT itself. */
- void cdk_pkt_release (cdk_packet_t pkt);
+ void cdk_pkt_release(cdk_packet_t pkt);
/* Read or write the given output from or to the stream. */
- cdk_error_t cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt);
- cdk_error_t cdk_pkt_write (cdk_stream_t out, cdk_packet_t pkt);
+ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt);
+ cdk_error_t cdk_pkt_write(cdk_stream_t out, cdk_packet_t pkt);
/* Sub packet routines */
- cdk_subpkt_t cdk_subpkt_new (size_t size);
- void cdk_subpkt_free (cdk_subpkt_t ctx);
- cdk_subpkt_t cdk_subpkt_find (cdk_subpkt_t ctx, size_t type);
- cdk_subpkt_t cdk_subpkt_find_next (cdk_subpkt_t root, size_t type);
- size_t cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type);
- cdk_subpkt_t cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type,
- size_t index);
- cdk_error_t cdk_subpkt_add (cdk_subpkt_t root, cdk_subpkt_t node);
- const unsigned char *cdk_subpkt_get_data (cdk_subpkt_t ctx,
- size_t * r_type,
- size_t * r_nbytes);
- void cdk_subpkt_init (cdk_subpkt_t node, size_t type, const void *buf,
- size_t buflen);
+ cdk_subpkt_t cdk_subpkt_new(size_t size);
+ void cdk_subpkt_free(cdk_subpkt_t ctx);
+ cdk_subpkt_t cdk_subpkt_find(cdk_subpkt_t ctx, size_t type);
+ cdk_subpkt_t cdk_subpkt_find_next(cdk_subpkt_t root, size_t type);
+ size_t cdk_subpkt_type_count(cdk_subpkt_t ctx, size_t type);
+ cdk_subpkt_t cdk_subpkt_find_nth(cdk_subpkt_t ctx, size_t type,
+ size_t index);
+ cdk_error_t cdk_subpkt_add(cdk_subpkt_t root, cdk_subpkt_t node);
+ const unsigned char *cdk_subpkt_get_data(cdk_subpkt_t ctx,
+ size_t * r_type,
+ size_t * r_nbytes);
+ void cdk_subpkt_init(cdk_subpkt_t node, size_t type,
+ const void *buf, size_t buflen);
/* Designated Revoker routines */
- const unsigned char *cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
- cdk_desig_revoker_t * ctx,
- int *r_class,
- int *r_algid);
+ const unsigned char *cdk_key_desig_revoker_walk(cdk_desig_revoker_t
+ root,
+ cdk_desig_revoker_t
+ * ctx,
+ int *r_class,
+ int *r_algid);
#define is_RSA(a) ((a) == CDK_PK_RSA \
|| (a) == CDK_PK_RSA_E \
@@ -617,23 +587,24 @@ extern "C"
/* Encrypt the given session key @SK with the public key @PK
and write the contents into the packet @PKE. */
- cdk_error_t cdk_pk_encrypt (cdk_pubkey_t pk, cdk_pkt_pubkey_enc_t pke,
- bigint_t sk);
+ cdk_error_t cdk_pk_encrypt(cdk_pubkey_t pk,
+ cdk_pkt_pubkey_enc_t pke, bigint_t sk);
/* Decrypt the given encrypted session key in @PKE with the secret key
@SK and store it in @R_SK. */
- cdk_error_t cdk_pk_decrypt (cdk_seckey_t sk, cdk_pkt_pubkey_enc_t pke,
- bigint_t * r_sk);
+ cdk_error_t cdk_pk_decrypt(cdk_seckey_t sk,
+ cdk_pkt_pubkey_enc_t pke,
+ bigint_t * r_sk);
/* Sign the given message digest @MD with the secret key @SK and
store the signature in the packet @SIG. */
- cdk_error_t cdk_pk_sign (cdk_seckey_t sk, cdk_pkt_signature_t sig,
- const unsigned char *md);
+ cdk_error_t cdk_pk_sign(cdk_seckey_t sk, cdk_pkt_signature_t sig,
+ const unsigned char *md);
/* Verify the given signature in @SIG with the public key @PK
and compare it against the message digest @MD. */
- cdk_error_t cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
- const unsigned char *md);
+ cdk_error_t cdk_pk_verify(cdk_pubkey_t pk, cdk_pkt_signature_t sig,
+ const unsigned char *md);
/* Use cdk_pk_get_npkey() and cdk_pk_get_nskey to find out how much
multiprecision integers a key consists of. */
@@ -641,316 +612,351 @@ extern "C"
/* Return a multi precision integer of the public key with the index @IDX
in the buffer @BUF. @R_NWRITTEN will contain the length in octets.
Optional @R_NBITS may contain the size in bits. */
- cdk_error_t cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
- unsigned char *buf, size_t buflen,
- size_t * r_nwritten, size_t * r_nbits);
+ cdk_error_t cdk_pk_get_mpi(cdk_pubkey_t pk, size_t idx,
+ unsigned char *buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits);
/* Same as the function above but of the secret key. */
- cdk_error_t cdk_sk_get_mpi (cdk_seckey_t sk, size_t idx,
- unsigned char *buf, size_t buflen,
- size_t * r_nwritten, size_t * r_nbits);
+ cdk_error_t cdk_sk_get_mpi(cdk_seckey_t sk, size_t idx,
+ unsigned char *buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits);
/* Helper to get the exact number of multi precision integers
for the given object. */
- int cdk_pk_get_nbits (cdk_pubkey_t pk);
- int cdk_pk_get_npkey (int algo);
- int cdk_pk_get_nskey (int algo);
- int cdk_pk_get_nsig (int algo);
- int cdk_pk_get_nenc (int algo);
+ int cdk_pk_get_nbits(cdk_pubkey_t pk);
+ int cdk_pk_get_npkey(int algo);
+ int cdk_pk_get_nskey(int algo);
+ int cdk_pk_get_nsig(int algo);
+ int cdk_pk_get_nenc(int algo);
/* Fingerprint and key ID routines. */
/* Calculate the fingerprint of the given public key.
the FPR parameter must be at least 20 octets to hold the SHA1 hash. */
- cdk_error_t cdk_pk_get_fingerprint (cdk_pubkey_t pk, unsigned char *fpr);
+ cdk_error_t cdk_pk_get_fingerprint(cdk_pubkey_t pk,
+ unsigned char *fpr);
/* Same as above, but with additional sanity checks of the buffer size. */
- cdk_error_t cdk_pk_to_fingerprint (cdk_pubkey_t pk,
- unsigned char *fpr, size_t fprlen,
- size_t * r_nout);
+ cdk_error_t cdk_pk_to_fingerprint(cdk_pubkey_t pk,
+ unsigned char *fpr,
+ size_t fprlen, size_t * r_nout);
/* Derive the keyid from the fingerprint. This is only possible for
modern, version 4 keys. */
- unsigned int cdk_pk_fingerprint_get_keyid (const unsigned char *fpr,
- size_t fprlen,
- unsigned int *keyid);
+ unsigned int cdk_pk_fingerprint_get_keyid(const unsigned char *fpr,
+ size_t fprlen,
+ unsigned int *keyid);
/* Various functions to get the keyid from the specific packet type. */
- unsigned int cdk_pk_get_keyid (cdk_pubkey_t pk, unsigned int *keyid);
- unsigned int cdk_sk_get_keyid (cdk_seckey_t sk, unsigned int *keyid);
- unsigned int cdk_sig_get_keyid (cdk_pkt_signature_t sig,
- unsigned int *keyid);
+ unsigned int cdk_pk_get_keyid(cdk_pubkey_t pk,
+ unsigned int *keyid);
+ unsigned int cdk_sk_get_keyid(cdk_seckey_t sk,
+ unsigned int *keyid);
+ unsigned int cdk_sig_get_keyid(cdk_pkt_signature_t sig,
+ unsigned int *keyid);
/* Key release functions. */
- void cdk_pk_release (cdk_pubkey_t pk);
- void cdk_sk_release (cdk_seckey_t sk);
+ void cdk_pk_release(cdk_pubkey_t pk);
+ void cdk_sk_release(cdk_seckey_t sk);
/* Create a public key with the data from the secret key @SK. */
- cdk_error_t cdk_pk_from_secret_key (cdk_seckey_t sk, cdk_pubkey_t * ret_pk);
+ cdk_error_t cdk_pk_from_secret_key(cdk_seckey_t sk,
+ cdk_pubkey_t * ret_pk);
/* Sexp conversion of keys. */
- cdk_error_t cdk_pubkey_to_sexp (cdk_pubkey_t pk, char **sexp, size_t * len);
- cdk_error_t cdk_seckey_to_sexp (cdk_seckey_t sk, char **sexp, size_t * len);
+ cdk_error_t cdk_pubkey_to_sexp(cdk_pubkey_t pk, char **sexp,
+ size_t * len);
+ cdk_error_t cdk_seckey_to_sexp(cdk_seckey_t sk, char **sexp,
+ size_t * len);
/* String to Key routines. */
- cdk_error_t cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
- const unsigned char *salt);
- void cdk_s2k_free (cdk_s2k_t s2k);
+ cdk_error_t cdk_s2k_new(cdk_s2k_t * ret_s2k, int mode,
+ int digest_algo,
+ const unsigned char *salt);
+ void cdk_s2k_free(cdk_s2k_t s2k);
/* Protect the inbuf with ASCII armor of the specified type.
If @outbuf and @outlen are NULL, the function returns the calculated
size of the base64 encoded data in @nwritten. */
- cdk_error_t cdk_armor_encode_buffer (const unsigned char *inbuf,
- size_t inlen, char *outbuf,
- size_t outlen, size_t * nwritten,
- int type);
+ cdk_error_t cdk_armor_encode_buffer(const unsigned char *inbuf,
+ size_t inlen, char *outbuf,
+ size_t outlen,
+ size_t * nwritten, int type);
/* This context contain user callbacks for different stream operations.
Some of these callbacks might be NULL to indicate that the callback
is not used. */
- struct cdk_stream_cbs_s
- {
- cdk_error_t (*open) (void *);
- cdk_error_t (*release) (void *);
- int (*read) (void *, void *buf, size_t);
- int (*write) (void *, const void *buf, size_t);
- int (*seek) (void *, off_t);
- };
- typedef struct cdk_stream_cbs_s *cdk_stream_cbs_t;
-
- int cdk_stream_is_compressed (cdk_stream_t s);
+ struct cdk_stream_cbs_s {
+ cdk_error_t(*open) (void *);
+ cdk_error_t(*release) (void *);
+ int (*read) (void *, void *buf, size_t);
+ int (*write) (void *, const void *buf, size_t);
+ int (*seek) (void *, off_t);
+ };
+ typedef struct cdk_stream_cbs_s *cdk_stream_cbs_t;
+
+ int cdk_stream_is_compressed(cdk_stream_t s);
/* Return a stream object which is associated to a socket. */
- cdk_error_t cdk_stream_sockopen (const char *host, unsigned short port,
- cdk_stream_t * ret_out);
+ cdk_error_t cdk_stream_sockopen(const char *host,
+ unsigned short port,
+ cdk_stream_t * ret_out);
/* Return a stream object which is associated to an existing file. */
- cdk_error_t cdk_stream_open (const char *file, cdk_stream_t * ret_s);
+ cdk_error_t cdk_stream_open(const char *file,
+ cdk_stream_t * ret_s);
/* Return a stream object which is associated to a file which will
be created when the stream is closed. */
- cdk_error_t cdk_stream_new (const char *file, cdk_stream_t * ret_s);
+ cdk_error_t cdk_stream_new(const char *file, cdk_stream_t * ret_s);
/* Return a stream object with custom callback functions for the
various core operations. */
- cdk_error_t cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
- cdk_stream_t * ret_s);
- cdk_error_t cdk_stream_create (const char *file, cdk_stream_t * ret_s);
- cdk_error_t cdk_stream_tmp_new (cdk_stream_t * r_out);
- cdk_error_t cdk_stream_tmp_from_mem (const void *buf, size_t buflen,
- cdk_stream_t * r_out);
- void cdk_stream_tmp_set_mode (cdk_stream_t s, int val);
- cdk_error_t cdk_stream_flush (cdk_stream_t s);
- cdk_error_t cdk_stream_enable_cache (cdk_stream_t s, int val);
- cdk_error_t cdk_stream_filter_disable (cdk_stream_t s, int type);
- cdk_error_t cdk_stream_close (cdk_stream_t s);
- off_t cdk_stream_get_length (cdk_stream_t s);
- int cdk_stream_read (cdk_stream_t s, void *buf, size_t count);
- int cdk_stream_write (cdk_stream_t s, const void *buf, size_t count);
- int cdk_stream_putc (cdk_stream_t s, int c);
- int cdk_stream_getc (cdk_stream_t s);
- int cdk_stream_eof (cdk_stream_t s);
- off_t cdk_stream_tell (cdk_stream_t s);
- cdk_error_t cdk_stream_seek (cdk_stream_t s, off_t offset);
- cdk_error_t cdk_stream_set_armor_flag (cdk_stream_t s, int type);
+ cdk_error_t cdk_stream_new_from_cbs(cdk_stream_cbs_t cbs,
+ void *opa,
+ cdk_stream_t * ret_s);
+ cdk_error_t cdk_stream_create(const char *file,
+ cdk_stream_t * ret_s);
+ cdk_error_t cdk_stream_tmp_new(cdk_stream_t * r_out);
+ cdk_error_t cdk_stream_tmp_from_mem(const void *buf, size_t buflen,
+ cdk_stream_t * r_out);
+ void cdk_stream_tmp_set_mode(cdk_stream_t s, int val);
+ cdk_error_t cdk_stream_flush(cdk_stream_t s);
+ cdk_error_t cdk_stream_enable_cache(cdk_stream_t s, int val);
+ cdk_error_t cdk_stream_filter_disable(cdk_stream_t s, int type);
+ cdk_error_t cdk_stream_close(cdk_stream_t s);
+ off_t cdk_stream_get_length(cdk_stream_t s);
+ int cdk_stream_read(cdk_stream_t s, void *buf, size_t count);
+ int cdk_stream_write(cdk_stream_t s, const void *buf,
+ size_t count);
+ int cdk_stream_putc(cdk_stream_t s, int c);
+ int cdk_stream_getc(cdk_stream_t s);
+ int cdk_stream_eof(cdk_stream_t s);
+ off_t cdk_stream_tell(cdk_stream_t s);
+ cdk_error_t cdk_stream_seek(cdk_stream_t s, off_t offset);
+ cdk_error_t cdk_stream_set_armor_flag(cdk_stream_t s, int type);
/* Push the literal filter for the given stream. */
- cdk_error_t cdk_stream_set_literal_flag (cdk_stream_t s,
- cdk_lit_format_t mode,
- const char *fname);
-
- cdk_error_t cdk_stream_set_compress_flag (cdk_stream_t s, int algo,
- int level);
- cdk_error_t cdk_stream_set_hash_flag (cdk_stream_t s, int algo);
- cdk_error_t cdk_stream_set_text_flag (cdk_stream_t s, const char *lf);
- cdk_error_t cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out);
- cdk_error_t cdk_stream_mmap (cdk_stream_t s, unsigned char **ret_buf,
- size_t * ret_buflen);
- cdk_error_t cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
- unsigned char **ret_buf,
- size_t * ret_buflen);
+ cdk_error_t cdk_stream_set_literal_flag(cdk_stream_t s,
+ cdk_lit_format_t mode,
+ const char *fname);
+
+ cdk_error_t cdk_stream_set_compress_flag(cdk_stream_t s, int algo,
+ int level);
+ cdk_error_t cdk_stream_set_hash_flag(cdk_stream_t s, int algo);
+ cdk_error_t cdk_stream_set_text_flag(cdk_stream_t s,
+ const char *lf);
+ cdk_error_t cdk_stream_kick_off(cdk_stream_t inp,
+ cdk_stream_t out);
+ cdk_error_t cdk_stream_mmap(cdk_stream_t s,
+ unsigned char **ret_buf,
+ size_t * ret_buflen);
+ cdk_error_t cdk_stream_mmap_part(cdk_stream_t s, off_t off,
+ size_t len,
+ unsigned char **ret_buf,
+ size_t * ret_buflen);
/* Read from the stream but restore the file pointer after reading
the requested amount of bytes. */
- int cdk_stream_peek (cdk_stream_t inp, unsigned char *buf, size_t buflen);
+ int cdk_stream_peek(cdk_stream_t inp, unsigned char *buf,
+ size_t buflen);
/* Create a new key db handle from a memory buffer. */
- cdk_error_t cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_hd, int secret,
- int armor,
- const void *data, size_t datlen);
+ cdk_error_t cdk_keydb_new_from_mem(cdk_keydb_hd_t * r_hd,
+ int secret, int armor,
+ const void *data,
+ size_t datlen);
/* Check that a secret key with the given key ID is available. */
- cdk_error_t cdk_keydb_check_sk (cdk_keydb_hd_t hd, unsigned int *keyid);
+ cdk_error_t cdk_keydb_check_sk(cdk_keydb_hd_t hd,
+ unsigned int *keyid);
/* Prepare the key db search. */
- cdk_error_t cdk_keydb_search_start (cdk_keydb_search_t * st,
- cdk_keydb_hd_t db, int type,
- void *desc);
+ cdk_error_t cdk_keydb_search_start(cdk_keydb_search_t * st,
+ cdk_keydb_hd_t db, int type,
+ void *desc);
- void cdk_keydb_search_release (cdk_keydb_search_t st);
+ void cdk_keydb_search_release(cdk_keydb_search_t st);
/* Return a key which matches a valid description given in
cdk_keydb_search_start(). */
- cdk_error_t cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
- cdk_kbnode_t * ret_key);
+ cdk_error_t cdk_keydb_search(cdk_keydb_search_t st,
+ cdk_keydb_hd_t hd,
+ cdk_kbnode_t * ret_key);
/* Release the key db handle and all its resources. */
- void cdk_keydb_free (cdk_keydb_hd_t hd);
+ void cdk_keydb_free(cdk_keydb_hd_t hd);
/* The following functions will try to find a key in the given key
db handle either by keyid, by fingerprint or by some pattern. */
- cdk_error_t cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, unsigned int *keyid,
- cdk_kbnode_t * ret_pk);
- cdk_error_t cdk_keydb_get_byfpr (cdk_keydb_hd_t hd,
- const unsigned char *fpr,
- cdk_kbnode_t * ret_pk);
- cdk_error_t cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
- cdk_kbnode_t * ret_pk);
+ cdk_error_t cdk_keydb_get_bykeyid(cdk_keydb_hd_t hd,
+ unsigned int *keyid,
+ cdk_kbnode_t * ret_pk);
+ cdk_error_t cdk_keydb_get_byfpr(cdk_keydb_hd_t hd,
+ const unsigned char *fpr,
+ cdk_kbnode_t * ret_pk);
+ cdk_error_t cdk_keydb_get_bypattern(cdk_keydb_hd_t hd,
+ const char *patt,
+ cdk_kbnode_t * ret_pk);
/* These function, in contrast to most other key db functions, only
return the public or secret key packet without the additional
signatures and user IDs. */
- cdk_error_t cdk_keydb_get_pk (cdk_keydb_hd_t khd, unsigned int *keyid,
- cdk_pubkey_t * ret_pk);
- cdk_error_t cdk_keydb_get_sk (cdk_keydb_hd_t khd, unsigned int *keyid,
- cdk_seckey_t * ret_sk);
+ cdk_error_t cdk_keydb_get_pk(cdk_keydb_hd_t khd,
+ unsigned int *keyid,
+ cdk_pubkey_t * ret_pk);
+ cdk_error_t cdk_keydb_get_sk(cdk_keydb_hd_t khd,
+ unsigned int *keyid,
+ cdk_seckey_t * ret_sk);
/* Try to read the next key block from the given input stream.
The key will be returned in @RET_KEY on success. */
- cdk_error_t cdk_keydb_get_keyblock (cdk_stream_t inp,
- cdk_kbnode_t * ret_key);
+ cdk_error_t cdk_keydb_get_keyblock(cdk_stream_t inp,
+ cdk_kbnode_t * ret_key);
/* Rebuild the key db index if possible. */
- cdk_error_t cdk_keydb_idx_rebuild (cdk_keydb_hd_t db,
- cdk_keydb_search_t dbs);
+ cdk_error_t cdk_keydb_idx_rebuild(cdk_keydb_hd_t db,
+ cdk_keydb_search_t dbs);
/* Export one or more keys from the given key db handle into
the stream @OUT. The export is done by substring search and
uses the string list @REMUSR for the pattern. */
- cdk_error_t cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out,
- cdk_strlist_t remusr);
+ cdk_error_t cdk_keydb_export(cdk_keydb_hd_t hd, cdk_stream_t out,
+ cdk_strlist_t remusr);
/* Import the given key node @knode into the key db. */
- cdk_error_t cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode);
+ cdk_error_t cdk_keydb_import(cdk_keydb_hd_t hd,
+ cdk_kbnode_t knode);
/* List or enumerate keys from a given key db handle. */
/* Start the key list process. Either use @PATT for a pattern search
or @FPATT for a list of pattern. */
- cdk_error_t cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
- const char *patt, cdk_strlist_t fpatt);
- void cdk_listkey_close (cdk_listkey_t ctx);
+ cdk_error_t cdk_listkey_start(cdk_listkey_t * r_ctx,
+ cdk_keydb_hd_t db, const char *patt,
+ cdk_strlist_t fpatt);
+ void cdk_listkey_close(cdk_listkey_t ctx);
/* Return the next key which matches the pattern. */
- cdk_error_t cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key);
-
- cdk_kbnode_t cdk_kbnode_new (cdk_packet_t pkt);
- cdk_error_t cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
- int armor,
- const unsigned char *buf,
- size_t buflen);
- cdk_error_t cdk_kbnode_write_to_mem (cdk_kbnode_t node,
- unsigned char *buf, size_t * r_nbytes);
- cdk_error_t cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
- unsigned char **r_buf,
- size_t * r_buflen);
-
- void cdk_kbnode_release (cdk_kbnode_t node);
- void cdk_kbnode_delete (cdk_kbnode_t node);
- void cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
- int cdk_kbnode_commit (cdk_kbnode_t * root);
- void cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node);
- void cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node,
- cdk_kbnode_t where);
- cdk_kbnode_t cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx,
- int all);
- cdk_packet_t cdk_kbnode_find_packet (cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
- cdk_packet_t cdk_kbnode_get_packet (cdk_kbnode_t node);
- cdk_kbnode_t cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype);
- cdk_kbnode_t cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
- cdk_kbnode_t cdk_kbnode_find_next (cdk_kbnode_t node,
- cdk_packet_type_t pkttype);
- cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md,
- int is_v4, cdk_packet_type_t pkttype,
- int flags);
+ cdk_error_t cdk_listkey_next(cdk_listkey_t ctx,
+ cdk_kbnode_t * ret_key);
+
+ cdk_kbnode_t cdk_kbnode_new(cdk_packet_t pkt);
+ cdk_error_t cdk_kbnode_read_from_mem(cdk_kbnode_t * ret_node,
+ int armor,
+ const unsigned char *buf,
+ size_t buflen);
+ cdk_error_t cdk_kbnode_write_to_mem(cdk_kbnode_t node,
+ unsigned char *buf,
+ size_t * r_nbytes);
+ cdk_error_t cdk_kbnode_write_to_mem_alloc(cdk_kbnode_t node,
+ unsigned char **r_buf,
+ size_t * r_buflen);
+
+ void cdk_kbnode_release(cdk_kbnode_t node);
+ void cdk_kbnode_delete(cdk_kbnode_t node);
+ void cdk_kbnode_insert(cdk_kbnode_t root, cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ int cdk_kbnode_commit(cdk_kbnode_t * root);
+ void cdk_kbnode_remove(cdk_kbnode_t * root, cdk_kbnode_t node);
+ void cdk_kbnode_move(cdk_kbnode_t * root, cdk_kbnode_t node,
+ cdk_kbnode_t where);
+ cdk_kbnode_t cdk_kbnode_walk(cdk_kbnode_t root, cdk_kbnode_t * ctx,
+ int all);
+ cdk_packet_t cdk_kbnode_find_packet(cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_packet_t cdk_kbnode_get_packet(cdk_kbnode_t node);
+ cdk_kbnode_t cdk_kbnode_find(cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_kbnode_t cdk_kbnode_find_prev(cdk_kbnode_t root,
+ cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_kbnode_t cdk_kbnode_find_next(cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_error_t cdk_kbnode_hash(cdk_kbnode_t node, digest_hd_st * md,
+ int is_v4, cdk_packet_type_t pkttype,
+ int flags);
/* Check each signature in the key node and return a summary of the
key status in @r_status. Values of cdk_key_flag_t are used. */
- cdk_error_t cdk_pk_check_sigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd,
- int *r_status);
+ cdk_error_t cdk_pk_check_sigs(cdk_kbnode_t knode,
+ cdk_keydb_hd_t hd, int *r_status);
/* Check the self signature of the key to make sure it is valid. */
- cdk_error_t cdk_pk_check_self_sig (cdk_kbnode_t knode, int *r_status);
+ cdk_error_t cdk_pk_check_self_sig(cdk_kbnode_t knode,
+ int *r_status);
/* Return a matching algorithm from the given public key list.
@PREFTYPE can be either sym-cipher/compress/digest. */
- int cdk_pklist_select_algo (cdk_keylist_t pkl, int preftype);
+ int cdk_pklist_select_algo(cdk_keylist_t pkl, int preftype);
/* Return 0 or 1 if the given key list is able to understand the
MDC feature. */
- int cdk_pklist_use_mdc (cdk_keylist_t pkl);
- cdk_error_t cdk_pklist_build (cdk_keylist_t * ret_pkl, cdk_keydb_hd_t hd,
- cdk_strlist_t remusr, int use);
- void cdk_pklist_release (cdk_keylist_t pkl);
+ int cdk_pklist_use_mdc(cdk_keylist_t pkl);
+ cdk_error_t cdk_pklist_build(cdk_keylist_t * ret_pkl,
+ cdk_keydb_hd_t hd,
+ cdk_strlist_t remusr, int use);
+ void cdk_pklist_release(cdk_keylist_t pkl);
/* Secret key lists */
- cdk_error_t cdk_sklist_build (cdk_keylist_t * ret_skl,
- cdk_keydb_hd_t db, cdk_ctx_t hd,
- cdk_strlist_t locusr,
- int unlock, unsigned int use);
- void cdk_sklist_release (cdk_keylist_t skl);
- cdk_error_t cdk_sklist_write (cdk_keylist_t skl, cdk_stream_t outp,
- digest_hd_st * mdctx, int sigclass,
- int sigver);
- cdk_error_t cdk_sklist_write_onepass (cdk_keylist_t skl, cdk_stream_t outp,
- int sigclass, int mdalgo);
+ cdk_error_t cdk_sklist_build(cdk_keylist_t * ret_skl,
+ cdk_keydb_hd_t db, cdk_ctx_t hd,
+ cdk_strlist_t locusr,
+ int unlock, unsigned int use);
+ void cdk_sklist_release(cdk_keylist_t skl);
+ cdk_error_t cdk_sklist_write(cdk_keylist_t skl, cdk_stream_t outp,
+ digest_hd_st * mdctx, int sigclass,
+ int sigver);
+ cdk_error_t cdk_sklist_write_onepass(cdk_keylist_t skl,
+ cdk_stream_t outp,
+ int sigclass, int mdalgo);
/* Encrypt the given stream @INP with the recipients given in @REMUSR.
If @REMUSR is NULL, symmetric encryption will be used. The output
will be written to @OUT. */
- cdk_error_t cdk_stream_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
- cdk_stream_t inp, cdk_stream_t out);
+ cdk_error_t cdk_stream_encrypt(cdk_ctx_t hd, cdk_strlist_t remusr,
+ cdk_stream_t inp, cdk_stream_t out);
/* Decrypt the @INP stream into @OUT. */
- cdk_error_t cdk_stream_decrypt (cdk_ctx_t hd, cdk_stream_t inp,
- cdk_stream_t out);
+ cdk_error_t cdk_stream_decrypt(cdk_ctx_t hd, cdk_stream_t inp,
+ cdk_stream_t out);
/* Same as the function above but it works on files. */
- cdk_error_t cdk_file_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
- const char *file, const char *output);
- cdk_error_t cdk_file_decrypt (cdk_ctx_t hd, const char *file,
- const char *output);
+ cdk_error_t cdk_file_encrypt(cdk_ctx_t hd, cdk_strlist_t remusr,
+ const char *file, const char *output);
+ cdk_error_t cdk_file_decrypt(cdk_ctx_t hd, const char *file,
+ const char *output);
/* Generic function to transform data. The mode can be either sign,
verify, encrypt, decrypt, import or export. The meanings of the
parameters are similar to the functions above.
@OUTBUF will contain the output and @OUTSIZE the length of it. */
- cdk_error_t cdk_data_transform (cdk_ctx_t hd, enum cdk_crypto_mode_t mode,
- cdk_strlist_t locusr, cdk_strlist_t remusr,
- const void *inbuf, size_t insize,
- unsigned char **outbuf, size_t * outsize,
- int modval);
-
- int cdk_trustdb_get_validity (cdk_stream_t inp, cdk_pkt_userid_t id,
- int *r_val);
- int cdk_trustdb_get_ownertrust (cdk_stream_t inp, cdk_pubkey_t pk,
- int *r_val, int *r_flags);
-
- void cdk_strlist_free (cdk_strlist_t sl);
- cdk_strlist_t cdk_strlist_add (cdk_strlist_t * list, const char *string);
- const char *cdk_check_version (const char *req_version);
+ cdk_error_t cdk_data_transform(cdk_ctx_t hd,
+ enum cdk_crypto_mode_t mode,
+ cdk_strlist_t locusr,
+ cdk_strlist_t remusr,
+ const void *inbuf, size_t insize,
+ unsigned char **outbuf,
+ size_t * outsize, int modval);
+
+ int cdk_trustdb_get_validity(cdk_stream_t inp, cdk_pkt_userid_t id,
+ int *r_val);
+ int cdk_trustdb_get_ownertrust(cdk_stream_t inp, cdk_pubkey_t pk,
+ int *r_val, int *r_flags);
+
+ void cdk_strlist_free(cdk_strlist_t sl);
+ cdk_strlist_t cdk_strlist_add(cdk_strlist_t * list,
+ const char *string);
+ const char *cdk_check_version(const char *req_version);
/* UTF8 */
- char *cdk_utf8_encode (const char *string);
- char *cdk_utf8_decode (const char *string, size_t length, int delim);
+ char *cdk_utf8_encode(const char *string);
+ char *cdk_utf8_decode(const char *string, size_t length,
+ int delim);
#ifdef __cplusplus
}
#endif
-
-#endif /* OPENCDK_H */
+#endif /* OPENCDK_H */
diff --git a/lib/opencdk/packet.h b/lib/opencdk/packet.h
index a7680134fd..a5629ec44b 100644
--- a/lib/opencdk/packet.h
+++ b/lib/opencdk/packet.h
@@ -23,25 +23,24 @@
#ifndef CDK_PACKET_H
#define CDK_PACKET_H
-struct cdk_kbnode_s
-{
- struct cdk_kbnode_s *next;
- cdk_packet_t pkt;
- unsigned int is_deleted:1;
- unsigned int is_cloned:1;
+struct cdk_kbnode_s {
+ struct cdk_kbnode_s *next;
+ cdk_packet_t pkt;
+ unsigned int is_deleted:1;
+ unsigned int is_cloned:1;
};
/*-- new-packet.c --*/
-void _cdk_free_mpibuf (size_t n, bigint_t * array);
-void _cdk_free_userid (cdk_pkt_userid_t uid);
-void _cdk_free_signature (cdk_pkt_signature_t sig);
-cdk_prefitem_t _cdk_copy_prefs (const cdk_prefitem_t prefs);
-cdk_error_t _cdk_copy_userid (cdk_pkt_userid_t * dst, cdk_pkt_userid_t src);
-cdk_error_t _cdk_copy_pubkey (cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src);
-cdk_error_t _cdk_copy_seckey (cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src);
-cdk_error_t _cdk_copy_pk_to_sk (cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk);
-cdk_error_t _cdk_copy_signature (cdk_pkt_signature_t * dst,
- cdk_pkt_signature_t src);
-cdk_error_t _cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b);
+void _cdk_free_mpibuf(size_t n, bigint_t * array);
+void _cdk_free_userid(cdk_pkt_userid_t uid);
+void _cdk_free_signature(cdk_pkt_signature_t sig);
+cdk_prefitem_t _cdk_copy_prefs(const cdk_prefitem_t prefs);
+cdk_error_t _cdk_copy_userid(cdk_pkt_userid_t * dst, cdk_pkt_userid_t src);
+cdk_error_t _cdk_copy_pubkey(cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src);
+cdk_error_t _cdk_copy_seckey(cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src);
+cdk_error_t _cdk_copy_pk_to_sk(cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk);
+cdk_error_t _cdk_copy_signature(cdk_pkt_signature_t * dst,
+ cdk_pkt_signature_t src);
+cdk_error_t _cdk_pubkey_compare(cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b);
-#endif /* CDK_PACKET_H */
+#endif /* CDK_PACKET_H */
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c
index 5a52db211f..14a7da58ce 100644
--- a/lib/opencdk/pubkey.c
+++ b/lib/opencdk/pubkey.c
@@ -36,30 +36,27 @@
* them into a way for _gnutls_pk_verify to use.
*/
static cdk_error_t
-sig_to_datum (gnutls_datum_t * r_sig, cdk_pkt_signature_t sig)
+sig_to_datum(gnutls_datum_t * r_sig, cdk_pkt_signature_t sig)
{
- int err;
- cdk_error_t rc;
-
- if (!r_sig || !sig)
- return CDK_Inv_Value;
-
- rc = 0;
- if (is_RSA (sig->pubkey_algo))
- {
- err = _gnutls_mpi_dprint (sig->mpi[0], r_sig);
- if (err < 0)
- rc = map_gnutls_error (err);
- }
- else if (is_DSA (sig->pubkey_algo))
- {
- err = _gnutls_encode_ber_rs (r_sig, sig->mpi[0], sig->mpi[1]);
- if (err < 0)
- rc = map_gnutls_error (err);
- }
- else
- rc = CDK_Inv_Algo;
- return rc;
+ int err;
+ cdk_error_t rc;
+
+ if (!r_sig || !sig)
+ return CDK_Inv_Value;
+
+ rc = 0;
+ if (is_RSA(sig->pubkey_algo)) {
+ err = _gnutls_mpi_dprint(sig->mpi[0], r_sig);
+ if (err < 0)
+ rc = map_gnutls_error(err);
+ } else if (is_DSA(sig->pubkey_algo)) {
+ err =
+ _gnutls_encode_ber_rs(r_sig, sig->mpi[0], sig->mpi[1]);
+ if (err < 0)
+ rc = map_gnutls_error(err);
+ } else
+ rc = CDK_Inv_Algo;
+ return rc;
}
/**
@@ -71,75 +68,70 @@ sig_to_datum (gnutls_datum_t * r_sig, cdk_pkt_signature_t sig)
* Verify the signature in @sig and compare it with the message digest in @md.
**/
cdk_error_t
-cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig, const byte * md)
+cdk_pk_verify(cdk_pubkey_t pk, cdk_pkt_signature_t sig, const byte * md)
{
- gnutls_datum_t s_sig = { NULL, 0}, di = {NULL, 0};
- byte *encmd = NULL;
- size_t enclen;
- cdk_error_t rc;
- int ret, algo;
- unsigned int i;
- gnutls_pk_params_st params;
- const mac_entry_st* me;
-
- if (!pk || !sig || !md)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- if (is_DSA (pk->pubkey_algo))
- algo = GNUTLS_PK_DSA;
- else if (is_RSA (pk->pubkey_algo))
- algo = GNUTLS_PK_RSA;
- else
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- rc = sig_to_datum (&s_sig, sig);
- if (rc)
- {
- gnutls_assert ();
- goto leave;
- }
-
- me = mac_to_entry(sig->digest_algo);
- rc = _gnutls_set_datum (&di, md, _gnutls_hash_get_algo_len(me));
- if (rc < 0)
- {
- rc = gnutls_assert_val(CDK_Out_Of_Core);
- goto leave;
- }
-
- rc = pk_prepare_hash (algo, me, &di);
- if (rc < 0)
- {
- rc = gnutls_assert_val(CDK_General_Error);
- goto leave;
- }
-
- params.params_nr = cdk_pk_get_npkey (pk->pubkey_algo);
- for (i = 0; i < params.params_nr; i++)
- params.params[i] = pk->mpi[i];
- params.flags = 0;
- ret = _gnutls_pk_verify (algo, &di, &s_sig, &params);
-
- if (ret < 0)
- {
- gnutls_assert ();
- rc = map_gnutls_error (ret);
- goto leave;
- }
-
- rc = 0;
-
-leave:
- _gnutls_free_datum (&s_sig);
- _gnutls_free_datum (&di);
- cdk_free (encmd);
- return rc;
+ gnutls_datum_t s_sig = { NULL, 0 }, di = {
+ NULL, 0};
+ byte *encmd = NULL;
+ size_t enclen;
+ cdk_error_t rc;
+ int ret, algo;
+ unsigned int i;
+ gnutls_pk_params_st params;
+ const mac_entry_st *me;
+
+ if (!pk || !sig || !md) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ if (is_DSA(pk->pubkey_algo))
+ algo = GNUTLS_PK_DSA;
+ else if (is_RSA(pk->pubkey_algo))
+ algo = GNUTLS_PK_RSA;
+ else {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ rc = sig_to_datum(&s_sig, sig);
+ if (rc) {
+ gnutls_assert();
+ goto leave;
+ }
+
+ me = mac_to_entry(sig->digest_algo);
+ rc = _gnutls_set_datum(&di, md, _gnutls_hash_get_algo_len(me));
+ if (rc < 0) {
+ rc = gnutls_assert_val(CDK_Out_Of_Core);
+ goto leave;
+ }
+
+ rc = pk_prepare_hash(algo, me, &di);
+ if (rc < 0) {
+ rc = gnutls_assert_val(CDK_General_Error);
+ goto leave;
+ }
+
+ params.params_nr = cdk_pk_get_npkey(pk->pubkey_algo);
+ for (i = 0; i < params.params_nr; i++)
+ params.params[i] = pk->mpi[i];
+ params.flags = 0;
+ ret = _gnutls_pk_verify(algo, &di, &s_sig, &params);
+
+ if (ret < 0) {
+ gnutls_assert();
+ rc = map_gnutls_error(ret);
+ goto leave;
+ }
+
+ rc = 0;
+
+ leave:
+ _gnutls_free_datum(&s_sig);
+ _gnutls_free_datum(&di);
+ cdk_free(encmd);
+ return rc;
}
@@ -152,12 +144,11 @@ leave:
* object in the key. For RSA keys the modulus, for ElG/DSA
* the size of the public prime.
**/
-int
-cdk_pk_get_nbits (cdk_pubkey_t pk)
+int cdk_pk_get_nbits(cdk_pubkey_t pk)
{
- if (!pk || !pk->mpi[0])
- return 0;
- return _gnutls_mpi_get_nbits (pk->mpi[0]);
+ if (!pk || !pk->mpi[0])
+ return 0;
+ return _gnutls_mpi_get_nbits(pk->mpi[0]);
}
@@ -168,20 +159,18 @@ cdk_pk_get_nbits (cdk_pubkey_t pk)
* Return the number of multiprecison integer forming an public
* key with the given algorithm.
*/
-int
-cdk_pk_get_npkey (int algo)
+int cdk_pk_get_npkey(int algo)
{
- if (is_RSA (algo))
- return RSA_PUBLIC_PARAMS;
- else if (is_DSA (algo))
- return DSA_PUBLIC_PARAMS;
- else if (is_ELG (algo))
- return 3;
- else
- {
- gnutls_assert ();
- return 0;
- }
+ if (is_RSA(algo))
+ return RSA_PUBLIC_PARAMS;
+ else if (is_DSA(algo))
+ return DSA_PUBLIC_PARAMS;
+ else if (is_ELG(algo))
+ return 3;
+ else {
+ gnutls_assert();
+ return 0;
+ }
}
@@ -192,25 +181,23 @@ cdk_pk_get_npkey (int algo)
* Return the number of multiprecision integers forming an
* secret key with the given algorithm.
**/
-int
-cdk_pk_get_nskey (int algo)
+int cdk_pk_get_nskey(int algo)
{
- int ret;
-
- if (is_RSA (algo))
- ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */
- else if (is_DSA (algo))
- ret = DSA_PRIVATE_PARAMS;
- else if (is_ELG (algo))
- ret = 4;
- else
- {
- gnutls_assert ();
- return 0;
- }
-
- ret -= cdk_pk_get_npkey (algo);
- return ret;
+ int ret;
+
+ if (is_RSA(algo))
+ ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */
+ else if (is_DSA(algo))
+ ret = DSA_PRIVATE_PARAMS;
+ else if (is_ELG(algo))
+ ret = 4;
+ else {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret -= cdk_pk_get_npkey(algo);
+ return ret;
}
@@ -220,15 +207,14 @@ cdk_pk_get_nskey (int algo)
*
* Return the number of MPIs a signature consists of.
**/
-int
-cdk_pk_get_nsig (int algo)
+int cdk_pk_get_nsig(int algo)
{
- if (is_RSA (algo))
- return 1;
- else if (is_DSA (algo))
- return 2;
- else
- return 0;
+ if (is_RSA(algo))
+ return 1;
+ else if (is_DSA(algo))
+ return 2;
+ else
+ return 0;
}
@@ -238,81 +224,76 @@ cdk_pk_get_nsig (int algo)
*
* Return the number of MPI's the encrypted data consists of.
**/
-int
-cdk_pk_get_nenc (int algo)
+int cdk_pk_get_nenc(int algo)
{
- if (is_RSA (algo))
- return 1;
- else if (is_ELG (algo))
- return 2;
- else
- return 0;
+ if (is_RSA(algo))
+ return 1;
+ else if (is_ELG(algo))
+ return 2;
+ else
+ return 0;
}
-int
-_cdk_pk_algo_usage (int algo)
+int _cdk_pk_algo_usage(int algo)
{
- int usage;
-
- /* The ElGamal sign+encrypt algorithm is not supported any longer. */
- switch (algo)
- {
- case CDK_PK_RSA:
- usage = CDK_KEY_USG_SIGN | CDK_KEY_USG_ENCR;
- break;
- case CDK_PK_RSA_E:
- usage = CDK_KEY_USG_ENCR;
- break;
- case CDK_PK_RSA_S:
- usage = CDK_KEY_USG_SIGN;
- break;
- case CDK_PK_ELG_E:
- usage = CDK_KEY_USG_ENCR;
- break;
- case CDK_PK_DSA:
- usage = CDK_KEY_USG_SIGN;
- break;
- default:
- usage = 0;
- }
- return usage;
+ int usage;
+
+ /* The ElGamal sign+encrypt algorithm is not supported any longer. */
+ switch (algo) {
+ case CDK_PK_RSA:
+ usage = CDK_KEY_USG_SIGN | CDK_KEY_USG_ENCR;
+ break;
+ case CDK_PK_RSA_E:
+ usage = CDK_KEY_USG_ENCR;
+ break;
+ case CDK_PK_RSA_S:
+ usage = CDK_KEY_USG_SIGN;
+ break;
+ case CDK_PK_ELG_E:
+ usage = CDK_KEY_USG_ENCR;
+ break;
+ case CDK_PK_DSA:
+ usage = CDK_KEY_USG_SIGN;
+ break;
+ default:
+ usage = 0;
+ }
+ return usage;
}
/* You can use a NULL buf to get the output size only
*/
static cdk_error_t
-mpi_to_buffer (bigint_t a, byte * buf, size_t buflen,
- size_t * r_nwritten, size_t * r_nbits)
+mpi_to_buffer(bigint_t a, byte * buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits)
{
- size_t nbits;
- int err;
-
- if (!a || !r_nwritten)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- nbits = _gnutls_mpi_get_nbits (a);
- if (r_nbits)
- *r_nbits = nbits;
-
- if (r_nwritten)
- *r_nwritten = (nbits + 7) / 8 + 2;
-
- if ((nbits + 7) / 8 + 2 > buflen)
- return CDK_Too_Short;
-
- *r_nwritten = buflen;
- err = _gnutls_mpi_print (a, buf, r_nwritten);
- if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
-
- return 0;
+ size_t nbits;
+ int err;
+
+ if (!a || !r_nwritten) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ nbits = _gnutls_mpi_get_nbits(a);
+ if (r_nbits)
+ *r_nbits = nbits;
+
+ if (r_nwritten)
+ *r_nwritten = (nbits + 7) / 8 + 2;
+
+ if ((nbits + 7) / 8 + 2 > buflen)
+ return CDK_Too_Short;
+
+ *r_nwritten = buflen;
+ err = _gnutls_mpi_print(a, buf, r_nwritten);
+ if (err < 0) {
+ gnutls_assert();
+ return map_gnutls_error(err);
+ }
+
+ return 0;
}
@@ -327,16 +308,17 @@ mpi_to_buffer (bigint_t a, byte * buf, size_t buflen,
* Return the MPI with the given index of the public key.
**/
cdk_error_t
-cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
- byte * buf, size_t buflen, size_t * r_nwritten,
- size_t * r_nbits)
+cdk_pk_get_mpi(cdk_pubkey_t pk, size_t idx,
+ byte * buf, size_t buflen, size_t * r_nwritten,
+ size_t * r_nbits)
{
- if (!pk || !r_nwritten)
- return CDK_Inv_Value;
+ if (!pk || !r_nwritten)
+ return CDK_Inv_Value;
- if ((ssize_t) idx > cdk_pk_get_npkey (pk->pubkey_algo))
- return CDK_Inv_Value;
- return mpi_to_buffer (pk->mpi[idx], buf, buflen, r_nwritten, r_nbits);
+ if ((ssize_t) idx > cdk_pk_get_npkey(pk->pubkey_algo))
+ return CDK_Inv_Value;
+ return mpi_to_buffer(pk->mpi[idx], buf, buflen, r_nwritten,
+ r_nbits);
}
@@ -353,35 +335,35 @@ cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
* is protected and thus no real MPI data will be returned then.
**/
cdk_error_t
-cdk_sk_get_mpi (cdk_pkt_seckey_t sk, size_t idx,
- byte * buf, size_t buflen, size_t * r_nwritten,
- size_t * r_nbits)
+cdk_sk_get_mpi(cdk_pkt_seckey_t sk, size_t idx,
+ byte * buf, size_t buflen, size_t * r_nwritten,
+ size_t * r_nbits)
{
- if (!sk || !r_nwritten)
- return CDK_Inv_Value;
+ if (!sk || !r_nwritten)
+ return CDK_Inv_Value;
- if ((ssize_t) idx > cdk_pk_get_nskey (sk->pubkey_algo))
- return CDK_Inv_Value;
- return mpi_to_buffer (sk->mpi[idx], buf, buflen, r_nwritten, r_nbits);
+ if ((ssize_t) idx > cdk_pk_get_nskey(sk->pubkey_algo))
+ return CDK_Inv_Value;
+ return mpi_to_buffer(sk->mpi[idx], buf, buflen, r_nwritten,
+ r_nbits);
}
-static u16
-checksum_mpi (bigint_t m)
+static u16 checksum_mpi(bigint_t m)
{
- byte buf[MAX_MPI_BYTES + 2];
- size_t nread;
- unsigned int i;
- u16 chksum = 0;
-
- if (!m)
- return 0;
- nread = DIM (buf);
- if (_gnutls_mpi_print_pgp (m, buf, &nread) < 0)
- return 0;
- for (i = 0; i < nread; i++)
- chksum += buf[i];
- return chksum;
+ byte buf[MAX_MPI_BYTES + 2];
+ size_t nread;
+ unsigned int i;
+ u16 chksum = 0;
+
+ if (!m)
+ return 0;
+ nread = DIM(buf);
+ if (_gnutls_mpi_print_pgp(m, buf, &nread) < 0)
+ return 0;
+ for (i = 0; i < nread; i++)
+ chksum += buf[i];
+ return chksum;
}
/**
@@ -392,24 +374,23 @@ checksum_mpi (bigint_t m)
* Create a new public key from a secret key.
**/
cdk_error_t
-cdk_pk_from_secret_key (cdk_pkt_seckey_t sk, cdk_pubkey_t * ret_pk)
+cdk_pk_from_secret_key(cdk_pkt_seckey_t sk, cdk_pubkey_t * ret_pk)
{
- if (!sk)
- return CDK_Inv_Value;
- return _cdk_copy_pubkey (ret_pk, sk->pk);
+ if (!sk)
+ return CDK_Inv_Value;
+ return _cdk_copy_pubkey(ret_pk, sk->pk);
}
-int
-_cdk_sk_get_csum (cdk_pkt_seckey_t sk)
+int _cdk_sk_get_csum(cdk_pkt_seckey_t sk)
{
- u16 csum = 0, i;
+ u16 csum = 0, i;
- if (!sk)
- return 0;
- for (i = 0; i < cdk_pk_get_nskey (sk->pubkey_algo); i++)
- csum += checksum_mpi (sk->mpi[i]);
- return csum;
+ if (!sk)
+ return 0;
+ for (i = 0; i < cdk_pk_get_nskey(sk->pubkey_algo); i++)
+ csum += checksum_mpi(sk->mpi[i]);
+ return csum;
}
@@ -424,37 +405,35 @@ _cdk_sk_get_csum (cdk_pkt_seckey_t sk)
* the new cdk_pk_to_fingerprint() should be used whenever
* possible to avoid overflows.
**/
-cdk_error_t
-cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
+cdk_error_t cdk_pk_get_fingerprint(cdk_pubkey_t pk, byte * fpr)
{
- digest_hd_st hd;
- int md_algo;
- int dlen = 0;
- int err;
- const mac_entry_st* me;
-
- if (!pk || !fpr)
- return CDK_Inv_Value;
-
- if (pk->version < 4 && is_RSA (pk->pubkey_algo))
- md_algo = GNUTLS_DIG_MD5; /* special */
- else
- md_algo = GNUTLS_DIG_SHA1;
-
- me = mac_to_entry(md_algo);
-
- dlen = _gnutls_hash_get_algo_len (me);
- err = _gnutls_hash_init (&hd, me);
- if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
- _cdk_hash_pubkey (pk, &hd, 1);
- _gnutls_hash_deinit (&hd, fpr);
- if (dlen == 16)
- memset (fpr + 16, 0, 4);
- return 0;
+ digest_hd_st hd;
+ int md_algo;
+ int dlen = 0;
+ int err;
+ const mac_entry_st *me;
+
+ if (!pk || !fpr)
+ return CDK_Inv_Value;
+
+ if (pk->version < 4 && is_RSA(pk->pubkey_algo))
+ md_algo = GNUTLS_DIG_MD5; /* special */
+ else
+ md_algo = GNUTLS_DIG_SHA1;
+
+ me = mac_to_entry(md_algo);
+
+ dlen = _gnutls_hash_get_algo_len(me);
+ err = _gnutls_hash_init(&hd, me);
+ if (err < 0) {
+ gnutls_assert();
+ return map_gnutls_error(err);
+ }
+ _cdk_hash_pubkey(pk, &hd, 1);
+ _gnutls_hash_deinit(&hd, fpr);
+ if (dlen == 16)
+ memset(fpr + 16, 0, 4);
+ return 0;
}
@@ -469,35 +448,34 @@ cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
* return it in the given byte array.
**/
cdk_error_t
-cdk_pk_to_fingerprint (cdk_pubkey_t pk,
- byte * fprbuf, size_t fprbuflen, size_t * r_nout)
+cdk_pk_to_fingerprint(cdk_pubkey_t pk,
+ byte * fprbuf, size_t fprbuflen, size_t * r_nout)
{
- size_t key_fprlen;
- cdk_error_t err;
+ size_t key_fprlen;
+ cdk_error_t err;
- if (!pk)
- return CDK_Inv_Value;
+ if (!pk)
+ return CDK_Inv_Value;
- if (pk->version < 4)
- key_fprlen = 16;
- else
- key_fprlen = 20;
+ if (pk->version < 4)
+ key_fprlen = 16;
+ else
+ key_fprlen = 20;
- /* Only return the required buffer size for the fingerprint. */
- if (!fprbuf && !fprbuflen && r_nout)
- {
- *r_nout = key_fprlen;
- return 0;
- }
+ /* Only return the required buffer size for the fingerprint. */
+ if (!fprbuf && !fprbuflen && r_nout) {
+ *r_nout = key_fprlen;
+ return 0;
+ }
- if (!fprbuf || key_fprlen > fprbuflen)
- return CDK_Too_Short;
+ if (!fprbuf || key_fprlen > fprbuflen)
+ return CDK_Too_Short;
- err = cdk_pk_get_fingerprint (pk, fprbuf);
- if (r_nout)
- *r_nout = key_fprlen;
+ err = cdk_pk_get_fingerprint(pk, fprbuf);
+ if (r_nout)
+ *r_nout = key_fprlen;
- return err;
+ return err;
}
@@ -510,27 +488,23 @@ cdk_pk_to_fingerprint (cdk_pubkey_t pk,
* For version 3 keys, this is not working.
**/
u32
-cdk_pk_fingerprint_get_keyid (const byte * fpr, size_t fprlen, u32 * keyid)
+cdk_pk_fingerprint_get_keyid(const byte * fpr, size_t fprlen, u32 * keyid)
{
- u32 lowbits = 0;
-
- /* In this case we say the key is a V3 RSA key and we can't
- use the fingerprint to get the keyid. */
- if (fpr && fprlen == 16)
- {
- keyid[0] = 0;
- keyid[1] = 0;
- return 0;
- }
- else if (keyid && fpr)
- {
- keyid[0] = _cdk_buftou32 (fpr + 12);
- keyid[1] = _cdk_buftou32 (fpr + 16);
- lowbits = keyid[1];
- }
- else if (fpr)
- lowbits = _cdk_buftou32 (fpr + 16);
- return lowbits;
+ u32 lowbits = 0;
+
+ /* In this case we say the key is a V3 RSA key and we can't
+ use the fingerprint to get the keyid. */
+ if (fpr && fprlen == 16) {
+ keyid[0] = 0;
+ keyid[1] = 0;
+ return 0;
+ } else if (keyid && fpr) {
+ keyid[0] = _cdk_buftou32(fpr + 12);
+ keyid[1] = _cdk_buftou32(fpr + 16);
+ lowbits = keyid[1];
+ } else if (fpr)
+ lowbits = _cdk_buftou32(fpr + 16);
+ return lowbits;
}
@@ -541,41 +515,39 @@ cdk_pk_fingerprint_get_keyid (const byte * fpr, size_t fprlen, u32 * keyid)
*
* Calculate the key ID of the given public key.
**/
-u32
-cdk_pk_get_keyid (cdk_pubkey_t pk, u32 * keyid)
+u32 cdk_pk_get_keyid(cdk_pubkey_t pk, u32 * keyid)
{
- u32 lowbits = 0;
- byte buf[24];
-
- if (pk && (!pk->keyid[0] || !pk->keyid[1]))
- {
- if (pk->version < 4 && is_RSA (pk->pubkey_algo))
- {
- byte p[MAX_MPI_BYTES];
- size_t n;
-
- n = MAX_MPI_BYTES;
- _gnutls_mpi_print (pk->mpi[0], p, &n);
- pk->keyid[0] =
- p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | p[n - 5];
- pk->keyid[1] =
- p[n - 4] << 24 | p[n - 3] << 16 | p[n - 2] << 8 | p[n - 1];
- }
- else if (pk->version == 4)
- {
- cdk_pk_get_fingerprint (pk, buf);
- pk->keyid[0] = _cdk_buftou32 (buf + 12);
- pk->keyid[1] = _cdk_buftou32 (buf + 16);
- }
- }
- lowbits = pk ? pk->keyid[1] : 0;
- if (keyid && pk)
- {
- keyid[0] = pk->keyid[0];
- keyid[1] = pk->keyid[1];
- }
-
- return lowbits;
+ u32 lowbits = 0;
+ byte buf[24];
+
+ if (pk && (!pk->keyid[0] || !pk->keyid[1])) {
+ if (pk->version < 4 && is_RSA(pk->pubkey_algo)) {
+ byte p[MAX_MPI_BYTES];
+ size_t n;
+
+ n = MAX_MPI_BYTES;
+ _gnutls_mpi_print(pk->mpi[0], p, &n);
+ pk->keyid[0] =
+ p[n - 8] << 24 | p[n - 7] << 16 | p[n -
+ 6] << 8 |
+ p[n - 5];
+ pk->keyid[1] =
+ p[n - 4] << 24 | p[n - 3] << 16 | p[n -
+ 2] << 8 |
+ p[n - 1];
+ } else if (pk->version == 4) {
+ cdk_pk_get_fingerprint(pk, buf);
+ pk->keyid[0] = _cdk_buftou32(buf + 12);
+ pk->keyid[1] = _cdk_buftou32(buf + 16);
+ }
+ }
+ lowbits = pk ? pk->keyid[1] : 0;
+ if (keyid && pk) {
+ keyid[0] = pk->keyid[0];
+ keyid[1] = pk->keyid[1];
+ }
+
+ return lowbits;
}
@@ -586,19 +558,17 @@ cdk_pk_get_keyid (cdk_pubkey_t pk, u32 * keyid)
*
* Calculate the key ID of the secret key, actually the public key.
**/
-u32
-cdk_sk_get_keyid (cdk_pkt_seckey_t sk, u32 * keyid)
+u32 cdk_sk_get_keyid(cdk_pkt_seckey_t sk, u32 * keyid)
{
- u32 lowbits = 0;
+ u32 lowbits = 0;
- if (sk && sk->pk)
- {
- lowbits = cdk_pk_get_keyid (sk->pk, keyid);
- sk->keyid[0] = sk->pk->keyid[0];
- sk->keyid[1] = sk->pk->keyid[1];
- }
+ if (sk && sk->pk) {
+ lowbits = cdk_pk_get_keyid(sk->pk, keyid);
+ sk->keyid[0] = sk->pk->keyid[0];
+ sk->keyid[1] = sk->pk->keyid[1];
+ }
- return lowbits;
+ return lowbits;
}
@@ -609,74 +579,69 @@ cdk_sk_get_keyid (cdk_pkt_seckey_t sk, u32 * keyid)
*
* Retrieve the key ID from the given signature.
**/
-u32
-cdk_sig_get_keyid (cdk_pkt_signature_t sig, u32 * keyid)
+u32 cdk_sig_get_keyid(cdk_pkt_signature_t sig, u32 * keyid)
{
- u32 lowbits = sig ? sig->keyid[1] : 0;
-
- if (keyid && sig)
- {
- keyid[0] = sig->keyid[0];
- keyid[1] = sig->keyid[1];
- }
- return lowbits;
+ u32 lowbits = sig ? sig->keyid[1] : 0;
+
+ if (keyid && sig) {
+ keyid[0] = sig->keyid[0];
+ keyid[1] = sig->keyid[1];
+ }
+ return lowbits;
}
/* Return the key ID from the given packet.
If this is not possible, 0 is returned */
-u32
-_cdk_pkt_get_keyid (cdk_packet_t pkt, u32 * keyid)
+u32 _cdk_pkt_get_keyid(cdk_packet_t pkt, u32 * keyid)
{
- u32 lowbits;
+ u32 lowbits;
- if (!pkt)
- return 0;
+ if (!pkt)
+ return 0;
- switch (pkt->pkttype)
- {
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- lowbits = cdk_pk_get_keyid (pkt->pkt.public_key, keyid);
- break;
+ switch (pkt->pkttype) {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ lowbits = cdk_pk_get_keyid(pkt->pkt.public_key, keyid);
+ break;
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- lowbits = cdk_sk_get_keyid (pkt->pkt.secret_key, keyid);
- break;
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ lowbits = cdk_sk_get_keyid(pkt->pkt.secret_key, keyid);
+ break;
- case CDK_PKT_SIGNATURE:
- lowbits = cdk_sig_get_keyid (pkt->pkt.signature, keyid);
- break;
+ case CDK_PKT_SIGNATURE:
+ lowbits = cdk_sig_get_keyid(pkt->pkt.signature, keyid);
+ break;
- default:
- lowbits = 0;
- break;
- }
+ default:
+ lowbits = 0;
+ break;
+ }
- return lowbits;
+ return lowbits;
}
/* Get the fingerprint of the packet if possible. */
-cdk_error_t
-_cdk_pkt_get_fingerprint (cdk_packet_t pkt, byte * fpr)
+cdk_error_t _cdk_pkt_get_fingerprint(cdk_packet_t pkt, byte * fpr)
{
- if (!pkt || !fpr)
- return CDK_Inv_Value;
-
- switch (pkt->pkttype)
- {
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- return cdk_pk_get_fingerprint (pkt->pkt.public_key, fpr);
-
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- return cdk_pk_get_fingerprint (pkt->pkt.secret_key->pk, fpr);
-
- default:
- return CDK_Inv_Mode;
- }
- return 0;
+ if (!pkt || !fpr)
+ return CDK_Inv_Value;
+
+ switch (pkt->pkttype) {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ return cdk_pk_get_fingerprint(pkt->pkt.public_key, fpr);
+
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ return cdk_pk_get_fingerprint(pkt->pkt.secret_key->pk,
+ fpr);
+
+ default:
+ return CDK_Inv_Mode;
+ }
+ return 0;
}
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index 670f3de3a4..01b50057f9 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -40,902 +40,853 @@
#define MDC_PKT_VER 1
static int
-stream_read (cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
{
- *r_nread = cdk_stream_read (s, buf, buflen);
- return *r_nread > 0 ? 0 : _cdk_stream_get_errno (s);
+ *r_nread = cdk_stream_read(s, buf, buflen);
+ return *r_nread > 0 ? 0 : _cdk_stream_get_errno(s);
}
/* Try to read 4 octets from the stream. */
-static u32
-read_32 (cdk_stream_t s)
+static u32 read_32(cdk_stream_t s)
{
- byte buf[4];
- size_t nread;
+ byte buf[4];
+ size_t nread;
- assert (s != NULL);
+ assert(s != NULL);
- stream_read (s, buf, 4, &nread);
- if (nread != 4)
- return (u32) - 1;
- return buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3];
+ stream_read(s, buf, 4, &nread);
+ if (nread != 4)
+ return (u32) - 1;
+ return buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3];
}
/* Try to read 2 octets from a stream. */
-static u16
-read_16 (cdk_stream_t s)
+static u16 read_16(cdk_stream_t s)
{
- byte buf[2];
- size_t nread;
+ byte buf[2];
+ size_t nread;
- assert (s != NULL);
+ assert(s != NULL);
- stream_read (s, buf, 2, &nread);
- if (nread != 2)
- return (u16) - 1;
- return buf[0] << 8 | buf[1];
+ stream_read(s, buf, 2, &nread);
+ if (nread != 2)
+ return (u16) - 1;
+ return buf[0] << 8 | buf[1];
}
/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */
-static cdk_error_t
-read_s2k (cdk_stream_t inp, cdk_s2k_t s2k)
+static cdk_error_t read_s2k(cdk_stream_t inp, cdk_s2k_t s2k)
{
- size_t nread;
-
- s2k->mode = cdk_stream_getc (inp);
- s2k->hash_algo = cdk_stream_getc (inp);
- if (s2k->mode == CDK_S2K_SIMPLE)
- return 0;
- else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED)
- {
- if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread))
- return CDK_Inv_Packet;
- if (nread != DIM (s2k->salt))
- return CDK_Inv_Packet;
-
- if (s2k->mode == CDK_S2K_ITERSALTED)
- s2k->count = cdk_stream_getc (inp);
- }
- else if (s2k->mode == CDK_S2K_GNU_EXT)
- {
- /* GNU extensions to the S2K : read DETAILS from gnupg */
- return 0;
- }
- else
- return CDK_Not_Implemented;
-
- return 0;
+ size_t nread;
+
+ s2k->mode = cdk_stream_getc(inp);
+ s2k->hash_algo = cdk_stream_getc(inp);
+ if (s2k->mode == CDK_S2K_SIMPLE)
+ return 0;
+ else if (s2k->mode == CDK_S2K_SALTED
+ || s2k->mode == CDK_S2K_ITERSALTED) {
+ if (stream_read(inp, s2k->salt, DIM(s2k->salt), &nread))
+ return CDK_Inv_Packet;
+ if (nread != DIM(s2k->salt))
+ return CDK_Inv_Packet;
+
+ if (s2k->mode == CDK_S2K_ITERSALTED)
+ s2k->count = cdk_stream_getc(inp);
+ } else if (s2k->mode == CDK_S2K_GNU_EXT) {
+ /* GNU extensions to the S2K : read DETAILS from gnupg */
+ return 0;
+ } else
+ return CDK_Not_Implemented;
+
+ return 0;
}
-static cdk_error_t
-read_mpi (cdk_stream_t inp, bigint_t * ret_m, int secure)
+static cdk_error_t read_mpi(cdk_stream_t inp, bigint_t * ret_m, int secure)
{
- bigint_t m;
- int err;
- byte buf[MAX_MPI_BYTES + 2];
- size_t nread, nbits;
- cdk_error_t rc;
-
- if (!inp || !ret_m)
- return CDK_Inv_Value;
-
- *ret_m = NULL;
- nbits = read_16 (inp);
- nread = (nbits + 7) / 8;
-
- if (nbits > MAX_MPI_BITS || nbits == 0)
- {
- _gnutls_write_log ("read_mpi: too large %d bits\n", (int) nbits);
- return gnutls_assert_val(CDK_MPI_Error); /* Sanity check */
- }
-
- rc = stream_read (inp, buf + 2, nread, &nread);
- if (!rc && nread != ((nbits + 7) / 8))
- {
- _gnutls_write_log ("read_mpi: too short %d < %d\n", (int) nread,
- (int) ((nbits + 7) / 8));
- return gnutls_assert_val(CDK_MPI_Error);
- }
-
- buf[0] = nbits >> 8;
- buf[1] = nbits >> 0;
- nread += 2;
- err = _gnutls_mpi_scan_pgp (&m, buf, nread);
- if (err < 0)
- return gnutls_assert_val(map_gnutls_error (err));
-
- *ret_m = m;
- return rc;
+ bigint_t m;
+ int err;
+ byte buf[MAX_MPI_BYTES + 2];
+ size_t nread, nbits;
+ cdk_error_t rc;
+
+ if (!inp || !ret_m)
+ return CDK_Inv_Value;
+
+ *ret_m = NULL;
+ nbits = read_16(inp);
+ nread = (nbits + 7) / 8;
+
+ if (nbits > MAX_MPI_BITS || nbits == 0) {
+ _gnutls_write_log("read_mpi: too large %d bits\n",
+ (int) nbits);
+ return gnutls_assert_val(CDK_MPI_Error); /* Sanity check */
+ }
+
+ rc = stream_read(inp, buf + 2, nread, &nread);
+ if (!rc && nread != ((nbits + 7) / 8)) {
+ _gnutls_write_log("read_mpi: too short %d < %d\n",
+ (int) nread, (int) ((nbits + 7) / 8));
+ return gnutls_assert_val(CDK_MPI_Error);
+ }
+
+ buf[0] = nbits >> 8;
+ buf[1] = nbits >> 0;
+ nread += 2;
+ err = _gnutls_mpi_scan_pgp(&m, buf, nread);
+ if (err < 0)
+ return gnutls_assert_val(map_gnutls_error(err));
+
+ *ret_m = m;
+ return rc;
}
/* Read the encoded packet length directly from the file
object INP and return it. Reset RET_PARTIAL if this is
the last packet in block mode. */
-size_t
-_cdk_pkt_read_len (FILE * inp, size_t * ret_partial)
+size_t _cdk_pkt_read_len(FILE * inp, size_t * ret_partial)
{
- int c1, c2;
- size_t pktlen;
-
- c1 = fgetc (inp);
- if (c1 == EOF)
- return (size_t) EOF;
- if (c1 < 224 || c1 == 255)
- *ret_partial = 0; /* End of partial data */
- if (c1 < 192)
- pktlen = c1;
- else if (c1 >= 192 && c1 <= 223)
- {
- c2 = fgetc (inp);
- if (c2 == EOF)
- return (size_t) EOF;
- pktlen = ((c1 - 192) << 8) + c2 + 192;
- }
- else if (c1 == 255)
- {
- pktlen = fgetc (inp) << 24;
- pktlen |= fgetc (inp) << 16;
- pktlen |= fgetc (inp) << 8;
- pktlen |= fgetc (inp) << 0;
- }
- else
- pktlen = 1 << (c1 & 0x1f);
- return pktlen;
+ int c1, c2;
+ size_t pktlen;
+
+ c1 = fgetc(inp);
+ if (c1 == EOF)
+ return (size_t) EOF;
+ if (c1 < 224 || c1 == 255)
+ *ret_partial = 0; /* End of partial data */
+ if (c1 < 192)
+ pktlen = c1;
+ else if (c1 >= 192 && c1 <= 223) {
+ c2 = fgetc(inp);
+ if (c2 == EOF)
+ return (size_t) EOF;
+ pktlen = ((c1 - 192) << 8) + c2 + 192;
+ } else if (c1 == 255) {
+ pktlen = fgetc(inp) << 24;
+ pktlen |= fgetc(inp) << 16;
+ pktlen |= fgetc(inp) << 8;
+ pktlen |= fgetc(inp) << 0;
+ } else
+ pktlen = 1 << (c1 & 0x1f);
+ return pktlen;
}
static cdk_error_t
-read_pubkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke)
+read_pubkey_enc(cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke)
{
- size_t i, nenc;
-
- if (!inp || !pke)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_pubkey_enc: %d octets\n", (int) pktlen);
-
- if (pktlen < 12)
- return CDK_Inv_Packet;
- pke->version = cdk_stream_getc (inp);
- if (pke->version < 2 || pke->version > 3)
- return CDK_Inv_Packet;
- pke->keyid[0] = read_32 (inp);
- pke->keyid[1] = read_32 (inp);
- if (!pke->keyid[0] && !pke->keyid[1])
- pke->throw_keyid = 1; /* RFC2440 "speculative" keyID */
- pke->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
- nenc = cdk_pk_get_nenc (pke->pubkey_algo);
- if (!nenc)
- return CDK_Inv_Algo;
- for (i = 0; i < nenc; i++)
- {
- cdk_error_t rc = read_mpi (inp, &pke->mpi[i], 0);
- if (rc)
- return gnutls_assert_val(rc);
- }
-
- return 0;
+ size_t i, nenc;
+
+ if (!inp || !pke)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_pubkey_enc: %d octets\n",
+ (int) pktlen);
+
+ if (pktlen < 12)
+ return CDK_Inv_Packet;
+ pke->version = cdk_stream_getc(inp);
+ if (pke->version < 2 || pke->version > 3)
+ return CDK_Inv_Packet;
+ pke->keyid[0] = read_32(inp);
+ pke->keyid[1] = read_32(inp);
+ if (!pke->keyid[0] && !pke->keyid[1])
+ pke->throw_keyid = 1; /* RFC2440 "speculative" keyID */
+ pke->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc(inp));
+ nenc = cdk_pk_get_nenc(pke->pubkey_algo);
+ if (!nenc)
+ return CDK_Inv_Algo;
+ for (i = 0; i < nenc; i++) {
+ cdk_error_t rc = read_mpi(inp, &pke->mpi[i], 0);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+
+ return 0;
}
-static cdk_error_t
-read_mdc (cdk_stream_t inp, cdk_pkt_mdc_t mdc)
+static cdk_error_t read_mdc(cdk_stream_t inp, cdk_pkt_mdc_t mdc)
{
- size_t n;
- cdk_error_t rc;
+ size_t n;
+ cdk_error_t rc;
- if (!inp || !mdc)
- return CDK_Inv_Value;
+ if (!inp || !mdc)
+ return CDK_Inv_Value;
- if (DEBUG_PKT)
- _gnutls_write_log ("read_mdc:\n");
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_mdc:\n");
- rc = stream_read (inp, mdc->hash, DIM (mdc->hash), &n);
- if (rc)
- return rc;
+ rc = stream_read(inp, mdc->hash, DIM(mdc->hash), &n);
+ if (rc)
+ return rc;
- return n != DIM (mdc->hash) ? CDK_Inv_Packet : 0;
+ return n != DIM(mdc->hash) ? CDK_Inv_Packet : 0;
}
static cdk_error_t
-read_compressed (cdk_stream_t inp, size_t pktlen, cdk_pkt_compressed_t c)
+read_compressed(cdk_stream_t inp, size_t pktlen, cdk_pkt_compressed_t c)
{
- if (!inp || !c)
- return CDK_Inv_Value;
+ if (!inp || !c)
+ return CDK_Inv_Value;
- if (DEBUG_PKT)
- _gnutls_write_log ("read_compressed: %d octets\n", (int) pktlen);
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_compressed: %d octets\n",
+ (int) pktlen);
- c->algorithm = cdk_stream_getc (inp);
- if (c->algorithm > 3)
- return CDK_Inv_Packet;
+ c->algorithm = cdk_stream_getc(inp);
+ if (c->algorithm > 3)
+ return CDK_Inv_Packet;
- /* don't know the size, so we read until EOF */
- if (!pktlen)
- {
- c->len = 0;
- c->buf = inp;
- }
+ /* don't know the size, so we read until EOF */
+ if (!pktlen) {
+ c->len = 0;
+ c->buf = inp;
+ }
- /* FIXME: Support partial bodies. */
- return 0;
+ /* FIXME: Support partial bodies. */
+ return 0;
}
static cdk_error_t
-read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
+read_public_key(cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
{
- size_t i, ndays, npkey;
-
- if (!inp || !pk)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_public_key: %d octets\n", (int) pktlen);
-
- pk->is_invalid = 1; /* default to detect missing self signatures */
- pk->is_revoked = 0;
- pk->has_expired = 0;
-
- pk->version = cdk_stream_getc (inp);
- if (pk->version < 2 || pk->version > 4)
- return CDK_Inv_Packet_Ver;
- pk->timestamp = read_32 (inp);
- if (pk->version < 4)
- {
- ndays = read_16 (inp);
- if (ndays)
- pk->expiredate = pk->timestamp + ndays * 86400L;
- }
-
- pk->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- if (!npkey)
- {
- gnutls_assert ();
- _gnutls_write_log ("invalid public key algorithm %d\n",
- pk->pubkey_algo);
- return CDK_Inv_Algo;
- }
- for (i = 0; i < npkey; i++)
- {
- cdk_error_t rc = read_mpi (inp, &pk->mpi[i], 0);
- if (rc)
- return gnutls_assert_val(rc);
- }
-
- /* This value is just for the first run and will be
- replaced with the actual key flags from the self signature. */
- pk->pubkey_usage = 0;
- return 0;
+ size_t i, ndays, npkey;
+
+ if (!inp || !pk)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_public_key: %d octets\n",
+ (int) pktlen);
+
+ pk->is_invalid = 1; /* default to detect missing self signatures */
+ pk->is_revoked = 0;
+ pk->has_expired = 0;
+
+ pk->version = cdk_stream_getc(inp);
+ if (pk->version < 2 || pk->version > 4)
+ return CDK_Inv_Packet_Ver;
+ pk->timestamp = read_32(inp);
+ if (pk->version < 4) {
+ ndays = read_16(inp);
+ if (ndays)
+ pk->expiredate = pk->timestamp + ndays * 86400L;
+ }
+
+ pk->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc(inp));
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ if (!npkey) {
+ gnutls_assert();
+ _gnutls_write_log("invalid public key algorithm %d\n",
+ pk->pubkey_algo);
+ return CDK_Inv_Algo;
+ }
+ for (i = 0; i < npkey; i++) {
+ cdk_error_t rc = read_mpi(inp, &pk->mpi[i], 0);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+
+ /* This value is just for the first run and will be
+ replaced with the actual key flags from the self signature. */
+ pk->pubkey_usage = 0;
+ return 0;
}
static cdk_error_t
-read_public_subkey (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
+read_public_subkey(cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
{
- if (!inp || !pk)
- return CDK_Inv_Value;
- return read_public_key (inp, pktlen, pk);
+ if (!inp || !pk)
+ return CDK_Inv_Value;
+ return read_public_key(inp, pktlen, pk);
}
static cdk_error_t
-read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
+read_secret_key(cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
{
- size_t p1, p2, nread;
- int i, nskey;
- int rc;
-
- if (!inp || !sk || !sk->pk)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_secret_key: %d octets\n", (int) pktlen);
-
- p1 = cdk_stream_tell (inp);
- rc = read_public_key (inp, pktlen, sk->pk);
- if (rc)
- return rc;
-
- sk->s2k_usage = cdk_stream_getc (inp);
- sk->protect.sha1chk = 0;
- if (sk->s2k_usage == 254 || sk->s2k_usage == 255)
- {
- sk->protect.sha1chk = (sk->s2k_usage == 254);
- sk->protect.algo = _pgp_cipher_to_gnutls (cdk_stream_getc (inp));
- if (sk->protect.algo == GNUTLS_CIPHER_UNKNOWN)
- return gnutls_assert_val(CDK_Inv_Algo);
-
- sk->protect.s2k = cdk_calloc (1, sizeof *sk->protect.s2k);
- if (!sk->protect.s2k)
- return CDK_Out_Of_Core;
- rc = read_s2k (inp, sk->protect.s2k);
- if (rc)
- return rc;
- /* refer to --export-secret-subkeys in gpg(1) */
- if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
- sk->protect.ivlen = 0;
- else
- {
- sk->protect.ivlen = gnutls_cipher_get_block_size (sk->protect.algo);
- if (!sk->protect.ivlen)
- return CDK_Inv_Packet;
- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
- if (rc)
- return rc;
- if (nread != sk->protect.ivlen)
- return CDK_Inv_Packet;
- }
- }
- else
- sk->protect.algo = _pgp_cipher_to_gnutls (sk->s2k_usage);
- if (sk->protect.algo == GNUTLS_CIPHER_UNKNOWN)
- return gnutls_assert_val(CDK_Inv_Algo);
- else if (sk->protect.algo == GNUTLS_CIPHER_NULL)
- {
- sk->csum = 0;
- nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
- if (!nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
- for (i = 0; i < nskey; i++)
- {
- rc = read_mpi (inp, &sk->mpi[i], 1);
- if (rc)
- return gnutls_assert_val(rc);
- }
- sk->csum = read_16 (inp);
- sk->is_protected = 0;
- }
- else if (sk->pk->version < 4)
- {
- /* The length of each multiprecision integer is stored in plaintext. */
- nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
- if (!nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
- for (i = 0; i < nskey; i++)
- {
- rc = read_mpi (inp, &sk->mpi[i], 1);
- if (rc)
- return gnutls_assert_val(rc);
- }
- sk->csum = read_16 (inp);
- sk->is_protected = 1;
- }
- else
- {
- /* We need to read the rest of the packet because we do not
- have any information how long the encrypted mpi's are */
- p2 = cdk_stream_tell (inp);
- p2 -= p1;
- sk->enclen = pktlen - p2;
- if (sk->enclen < 2)
- return CDK_Inv_Packet; /* at least 16 bits for the checksum! */
- sk->encdata = cdk_calloc (1, sk->enclen + 1);
- if (!sk->encdata)
- return CDK_Out_Of_Core;
- if (stream_read (inp, sk->encdata, sk->enclen, &nread))
- return CDK_Inv_Packet;
- /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */
- if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
- {
- unsigned char gnumode;
- if ((sk->enclen < strlen ("GNU") + 1) ||
- (0 != memcmp ("GNU", sk->encdata, strlen ("GNU"))))
- return CDK_Inv_Packet;
- gnumode = sk->encdata[strlen ("GNU")];
- /* we only handle gnu-dummy (mode 1).
- mode 2 should refer to external smart cards.
- */
- if (gnumode != 1)
- return CDK_Inv_Packet;
- /* gnu-dummy should have no more data */
- if (sk->enclen != strlen ("GNU") + 1)
- return CDK_Inv_Packet;
- }
- nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
- if (!nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
- /* We mark each MPI entry with NULL to indicate a protected key. */
- for (i = 0; i < nskey; i++)
- sk->mpi[i] = NULL;
- sk->is_protected = 1;
- }
-
- sk->is_primary = 1;
- _cdk_copy_pk_to_sk (sk->pk, sk);
- return 0;
+ size_t p1, p2, nread;
+ int i, nskey;
+ int rc;
+
+ if (!inp || !sk || !sk->pk)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_secret_key: %d octets\n",
+ (int) pktlen);
+
+ p1 = cdk_stream_tell(inp);
+ rc = read_public_key(inp, pktlen, sk->pk);
+ if (rc)
+ return rc;
+
+ sk->s2k_usage = cdk_stream_getc(inp);
+ sk->protect.sha1chk = 0;
+ if (sk->s2k_usage == 254 || sk->s2k_usage == 255) {
+ sk->protect.sha1chk = (sk->s2k_usage == 254);
+ sk->protect.algo =
+ _pgp_cipher_to_gnutls(cdk_stream_getc(inp));
+ if (sk->protect.algo == GNUTLS_CIPHER_UNKNOWN)
+ return gnutls_assert_val(CDK_Inv_Algo);
+
+ sk->protect.s2k = cdk_calloc(1, sizeof *sk->protect.s2k);
+ if (!sk->protect.s2k)
+ return CDK_Out_Of_Core;
+ rc = read_s2k(inp, sk->protect.s2k);
+ if (rc)
+ return rc;
+ /* refer to --export-secret-subkeys in gpg(1) */
+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
+ sk->protect.ivlen = 0;
+ else {
+ sk->protect.ivlen =
+ gnutls_cipher_get_block_size(sk->protect.algo);
+ if (!sk->protect.ivlen)
+ return CDK_Inv_Packet;
+ rc = stream_read(inp, sk->protect.iv,
+ sk->protect.ivlen, &nread);
+ if (rc)
+ return rc;
+ if (nread != sk->protect.ivlen)
+ return CDK_Inv_Packet;
+ }
+ } else
+ sk->protect.algo = _pgp_cipher_to_gnutls(sk->s2k_usage);
+ if (sk->protect.algo == GNUTLS_CIPHER_UNKNOWN)
+ return gnutls_assert_val(CDK_Inv_Algo);
+ else if (sk->protect.algo == GNUTLS_CIPHER_NULL) {
+ sk->csum = 0;
+ nskey = cdk_pk_get_nskey(sk->pk->pubkey_algo);
+ if (!nskey) {
+ gnutls_assert();
+ return CDK_Inv_Algo;
+ }
+ for (i = 0; i < nskey; i++) {
+ rc = read_mpi(inp, &sk->mpi[i], 1);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+ sk->csum = read_16(inp);
+ sk->is_protected = 0;
+ } else if (sk->pk->version < 4) {
+ /* The length of each multiprecision integer is stored in plaintext. */
+ nskey = cdk_pk_get_nskey(sk->pk->pubkey_algo);
+ if (!nskey) {
+ gnutls_assert();
+ return CDK_Inv_Algo;
+ }
+ for (i = 0; i < nskey; i++) {
+ rc = read_mpi(inp, &sk->mpi[i], 1);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+ sk->csum = read_16(inp);
+ sk->is_protected = 1;
+ } else {
+ /* We need to read the rest of the packet because we do not
+ have any information how long the encrypted mpi's are */
+ p2 = cdk_stream_tell(inp);
+ p2 -= p1;
+ sk->enclen = pktlen - p2;
+ if (sk->enclen < 2)
+ return CDK_Inv_Packet; /* at least 16 bits for the checksum! */
+ sk->encdata = cdk_calloc(1, sk->enclen + 1);
+ if (!sk->encdata)
+ return CDK_Out_Of_Core;
+ if (stream_read(inp, sk->encdata, sk->enclen, &nread))
+ return CDK_Inv_Packet;
+ /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */
+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) {
+ unsigned char gnumode;
+ if ((sk->enclen < strlen("GNU") + 1) ||
+ (0 !=
+ memcmp("GNU", sk->encdata, strlen("GNU"))))
+ return CDK_Inv_Packet;
+ gnumode = sk->encdata[strlen("GNU")];
+ /* we only handle gnu-dummy (mode 1).
+ mode 2 should refer to external smart cards.
+ */
+ if (gnumode != 1)
+ return CDK_Inv_Packet;
+ /* gnu-dummy should have no more data */
+ if (sk->enclen != strlen("GNU") + 1)
+ return CDK_Inv_Packet;
+ }
+ nskey = cdk_pk_get_nskey(sk->pk->pubkey_algo);
+ if (!nskey) {
+ gnutls_assert();
+ return CDK_Inv_Algo;
+ }
+ /* We mark each MPI entry with NULL to indicate a protected key. */
+ for (i = 0; i < nskey; i++)
+ sk->mpi[i] = NULL;
+ sk->is_protected = 1;
+ }
+
+ sk->is_primary = 1;
+ _cdk_copy_pk_to_sk(sk->pk, sk);
+ return 0;
}
static cdk_error_t
-read_secret_subkey (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
+read_secret_subkey(cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
{
- cdk_error_t rc;
+ cdk_error_t rc;
- if (!inp || !sk || !sk->pk)
- return CDK_Inv_Value;
+ if (!inp || !sk || !sk->pk)
+ return CDK_Inv_Value;
- rc = read_secret_key (inp, pktlen, sk);
- sk->is_primary = 0;
- return rc;
+ rc = read_secret_key(inp, pktlen, sk);
+ sk->is_primary = 0;
+ return rc;
}
#define ATTRIBUTE "[attribute]"
static cdk_error_t
-read_attribute (cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr, int name_size)
+read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr,
+ int name_size)
{
- const byte *p;
- byte *buf;
- size_t len, nread;
- cdk_error_t rc;
-
- if (!inp || !attr || !pktlen)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_attribute: %d octets\n", (int) pktlen);
-
- _gnutls_str_cpy (attr->name, name_size, ATTRIBUTE);
- attr->len = MIN(name_size, sizeof(ATTRIBUTE)-1);
-
- buf = cdk_calloc (1, pktlen);
- if (!buf)
- return CDK_Out_Of_Core;
- rc = stream_read (inp, buf, pktlen, &nread);
- if (rc)
- {
- cdk_free (buf);
- return CDK_Inv_Packet;
- }
- p = buf;
- len = *p++;
- pktlen--;
- if (len == 255)
- {
- len = _cdk_buftou32 (p);
- p += 4;
- pktlen -= 4;
- }
- else if (len >= 192)
- {
- if (pktlen < 2)
- {
- cdk_free (buf);
- return CDK_Inv_Packet;
- }
- len = ((len - 192) << 8) + *p + 192;
- p++;
- pktlen--;
- }
-
- if (*p != 1) /* Currently only 1, meaning an image, is defined. */
- {
- cdk_free (buf);
- return CDK_Inv_Packet;
- }
- p++;
- len--;
-
- if (len >= pktlen)
- return CDK_Inv_Packet;
- attr->attrib_img = cdk_calloc (1, len);
- if (!attr->attrib_img)
- {
- cdk_free (buf);
- return CDK_Out_Of_Core;
- }
- attr->attrib_len = len;
- memcpy (attr->attrib_img, p, len);
- cdk_free (buf);
- return rc;
+ const byte *p;
+ byte *buf;
+ size_t len, nread;
+ cdk_error_t rc;
+
+ if (!inp || !attr || !pktlen)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_attribute: %d octets\n",
+ (int) pktlen);
+
+ _gnutls_str_cpy(attr->name, name_size, ATTRIBUTE);
+ attr->len = MIN(name_size, sizeof(ATTRIBUTE) - 1);
+
+ buf = cdk_calloc(1, pktlen);
+ if (!buf)
+ return CDK_Out_Of_Core;
+ rc = stream_read(inp, buf, pktlen, &nread);
+ if (rc) {
+ cdk_free(buf);
+ return CDK_Inv_Packet;
+ }
+ p = buf;
+ len = *p++;
+ pktlen--;
+ if (len == 255) {
+ len = _cdk_buftou32(p);
+ p += 4;
+ pktlen -= 4;
+ } else if (len >= 192) {
+ if (pktlen < 2) {
+ cdk_free(buf);
+ return CDK_Inv_Packet;
+ }
+ len = ((len - 192) << 8) + *p + 192;
+ p++;
+ pktlen--;
+ }
+
+ if (*p != 1) { /* Currently only 1, meaning an image, is defined. */
+ cdk_free(buf);
+ return CDK_Inv_Packet;
+ }
+ p++;
+ len--;
+
+ if (len >= pktlen)
+ return CDK_Inv_Packet;
+ attr->attrib_img = cdk_calloc(1, len);
+ if (!attr->attrib_img) {
+ cdk_free(buf);
+ return CDK_Out_Of_Core;
+ }
+ attr->attrib_len = len;
+ memcpy(attr->attrib_img, p, len);
+ cdk_free(buf);
+ return rc;
}
static cdk_error_t
-read_user_id (cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id)
+read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id)
{
- size_t nread;
- cdk_error_t rc;
-
- if (!inp || !user_id)
- return CDK_Inv_Value;
- if (!pktlen)
- return CDK_Inv_Packet;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_user_id: %lu octets\n", (unsigned long)pktlen);
-
- user_id->len = pktlen;
- rc = stream_read (inp, user_id->name, pktlen, &nread);
- if (rc)
- return rc;
- if (nread != pktlen)
- return CDK_Inv_Packet;
- user_id->name[nread] = '\0';
- return rc;
+ size_t nread;
+ cdk_error_t rc;
+
+ if (!inp || !user_id)
+ return CDK_Inv_Value;
+ if (!pktlen)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_user_id: %lu octets\n",
+ (unsigned long) pktlen);
+
+ user_id->len = pktlen;
+ rc = stream_read(inp, user_id->name, pktlen, &nread);
+ if (rc)
+ return rc;
+ if (nread != pktlen)
+ return CDK_Inv_Packet;
+ user_id->name[nread] = '\0';
+ return rc;
}
static cdk_error_t
-read_subpkt (cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
{
- byte c, c1;
- size_t size, nread, n;
- cdk_subpkt_t node;
- cdk_error_t rc;
-
- if (!inp || !r_nbytes)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_subpkt:\n");
-
- n = 0;
- *r_nbytes = 0;
- c = cdk_stream_getc (inp);
- n++;
- if (c == 255)
- {
- size = read_32 (inp);
- n += 4;
- }
- else if (c >= 192 && c < 255)
- {
- c1 = cdk_stream_getc (inp);
- n++;
- if (c1 == 0)
- return 0;
- size = ((c - 192) << 8) + c1 + 192;
- }
- else if (c < 192)
- size = c;
- else
- return CDK_Inv_Packet;
-
- node = cdk_subpkt_new (size);
- if (!node)
- return CDK_Out_Of_Core;
- node->size = size;
- node->type = cdk_stream_getc (inp);
- if (DEBUG_PKT)
- _gnutls_write_log (" %d octets %d type\n", node->size, node->type);
- n++;
- node->size--;
- rc = stream_read (inp, node->d, node->size, &nread);
- n += nread;
- if (rc)
- return rc;
- *r_nbytes = n;
- if (!*r_ctx)
- *r_ctx = node;
- else
- cdk_subpkt_add (*r_ctx, node);
- return rc;
+ byte c, c1;
+ size_t size, nread, n;
+ cdk_subpkt_t node;
+ cdk_error_t rc;
+
+ if (!inp || !r_nbytes)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_subpkt:\n");
+
+ n = 0;
+ *r_nbytes = 0;
+ c = cdk_stream_getc(inp);
+ n++;
+ if (c == 255) {
+ size = read_32(inp);
+ n += 4;
+ } else if (c >= 192 && c < 255) {
+ c1 = cdk_stream_getc(inp);
+ n++;
+ if (c1 == 0)
+ return 0;
+ size = ((c - 192) << 8) + c1 + 192;
+ } else if (c < 192)
+ size = c;
+ else
+ return CDK_Inv_Packet;
+
+ node = cdk_subpkt_new(size);
+ if (!node)
+ return CDK_Out_Of_Core;
+ node->size = size;
+ node->type = cdk_stream_getc(inp);
+ if (DEBUG_PKT)
+ _gnutls_write_log(" %d octets %d type\n", node->size,
+ node->type);
+ n++;
+ node->size--;
+ rc = stream_read(inp, node->d, node->size, &nread);
+ n += nread;
+ if (rc)
+ return rc;
+ *r_nbytes = n;
+ if (!*r_ctx)
+ *r_ctx = node;
+ else
+ cdk_subpkt_add(*r_ctx, node);
+ return rc;
}
static cdk_error_t
-read_onepass_sig (cdk_stream_t inp, size_t pktlen, cdk_pkt_onepass_sig_t sig)
+read_onepass_sig(cdk_stream_t inp, size_t pktlen,
+ cdk_pkt_onepass_sig_t sig)
{
- if (!inp || !sig)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_onepass_sig: %d octets\n", (int) pktlen);
-
- if (pktlen != 13)
- return CDK_Inv_Packet;
- sig->version = cdk_stream_getc (inp);
- if (sig->version != 3)
- return CDK_Inv_Packet_Ver;
- sig->sig_class = cdk_stream_getc (inp);
- sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
- sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
- sig->keyid[0] = read_32 (inp);
- sig->keyid[1] = read_32 (inp);
- sig->last = cdk_stream_getc (inp);
- return 0;
+ if (!inp || !sig)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_onepass_sig: %d octets\n",
+ (int) pktlen);
+
+ if (pktlen != 13)
+ return CDK_Inv_Packet;
+ sig->version = cdk_stream_getc(inp);
+ if (sig->version != 3)
+ return CDK_Inv_Packet_Ver;
+ sig->sig_class = cdk_stream_getc(inp);
+ sig->digest_algo = _pgp_hash_algo_to_gnutls(cdk_stream_getc(inp));
+ sig->pubkey_algo = _pgp_pub_algo_to_cdk(cdk_stream_getc(inp));
+ sig->keyid[0] = read_32(inp);
+ sig->keyid[1] = read_32(inp);
+ sig->last = cdk_stream_getc(inp);
+ return 0;
}
-static cdk_error_t
-parse_sig_subpackets (cdk_pkt_signature_t sig)
+static cdk_error_t parse_sig_subpackets(cdk_pkt_signature_t sig)
{
- cdk_subpkt_t node;
-
- /* Setup the standard packet entries, so we can use V4
- signatures similar to V3. */
- for (node = sig->unhashed; node; node = node->next)
- {
- if (node->type == CDK_SIGSUBPKT_ISSUER && node->size >= 8)
- {
- sig->keyid[0] = _cdk_buftou32 (node->d);
- sig->keyid[1] = _cdk_buftou32 (node->d + 4);
- }
- else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0)
- {
- /* Sometimes this packet might be placed in the unhashed area */
- sig->flags.exportable = 0;
- }
- }
- for (node = sig->hashed; node; node = node->next)
- {
- if (node->type == CDK_SIGSUBPKT_SIG_CREATED && node->size >= 4)
- sig->timestamp = _cdk_buftou32 (node->d);
- else if (node->type == CDK_SIGSUBPKT_SIG_EXPIRE && node->size >= 4)
- {
- sig->expiredate = _cdk_buftou32 (node->d);
- if (sig->expiredate > 0 && sig->expiredate < (u32) gnutls_time (NULL))
- sig->flags.expired = 1;
- }
- else if (node->type == CDK_SIGSUBPKT_POLICY)
- sig->flags.policy_url = 1;
- else if (node->type == CDK_SIGSUBPKT_NOTATION)
- sig->flags.notation = 1;
- else if (node->type == CDK_SIGSUBPKT_REVOCABLE && node->d[0] == 0)
- sig->flags.revocable = 0;
- else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0)
- sig->flags.exportable = 0;
- }
- if (sig->sig_class == 0x1F)
- {
- cdk_desig_revoker_t r, rnode;
-
- for (node = sig->hashed; node; node = node->next)
- {
- if (node->type == CDK_SIGSUBPKT_REV_KEY)
- {
- if (node->size < 22)
- continue;
- rnode = cdk_calloc (1, sizeof *rnode);
- if (!rnode)
- return CDK_Out_Of_Core;
- rnode->r_class = node->d[0];
- rnode->algid = node->d[1];
- memcpy (rnode->fpr, node->d + 2, KEY_FPR_LEN);
- if (!sig->revkeys)
- sig->revkeys = rnode;
- else
- {
- for (r = sig->revkeys; r->next; r = r->next)
- ;
- r->next = rnode;
- }
- }
- }
- }
-
- return 0;
+ cdk_subpkt_t node;
+
+ /* Setup the standard packet entries, so we can use V4
+ signatures similar to V3. */
+ for (node = sig->unhashed; node; node = node->next) {
+ if (node->type == CDK_SIGSUBPKT_ISSUER && node->size >= 8) {
+ sig->keyid[0] = _cdk_buftou32(node->d);
+ sig->keyid[1] = _cdk_buftou32(node->d + 4);
+ } else if (node->type == CDK_SIGSUBPKT_EXPORTABLE
+ && node->d[0] == 0) {
+ /* Sometimes this packet might be placed in the unhashed area */
+ sig->flags.exportable = 0;
+ }
+ }
+ for (node = sig->hashed; node; node = node->next) {
+ if (node->type == CDK_SIGSUBPKT_SIG_CREATED
+ && node->size >= 4)
+ sig->timestamp = _cdk_buftou32(node->d);
+ else if (node->type == CDK_SIGSUBPKT_SIG_EXPIRE
+ && node->size >= 4) {
+ sig->expiredate = _cdk_buftou32(node->d);
+ if (sig->expiredate > 0
+ && sig->expiredate < (u32) gnutls_time(NULL))
+ sig->flags.expired = 1;
+ } else if (node->type == CDK_SIGSUBPKT_POLICY)
+ sig->flags.policy_url = 1;
+ else if (node->type == CDK_SIGSUBPKT_NOTATION)
+ sig->flags.notation = 1;
+ else if (node->type == CDK_SIGSUBPKT_REVOCABLE
+ && node->d[0] == 0)
+ sig->flags.revocable = 0;
+ else if (node->type == CDK_SIGSUBPKT_EXPORTABLE
+ && node->d[0] == 0)
+ sig->flags.exportable = 0;
+ }
+ if (sig->sig_class == 0x1F) {
+ cdk_desig_revoker_t r, rnode;
+
+ for (node = sig->hashed; node; node = node->next) {
+ if (node->type == CDK_SIGSUBPKT_REV_KEY) {
+ if (node->size < 22)
+ continue;
+ rnode = cdk_calloc(1, sizeof *rnode);
+ if (!rnode)
+ return CDK_Out_Of_Core;
+ rnode->r_class = node->d[0];
+ rnode->algid = node->d[1];
+ memcpy(rnode->fpr, node->d + 2,
+ KEY_FPR_LEN);
+ if (!sig->revkeys)
+ sig->revkeys = rnode;
+ else {
+ for (r = sig->revkeys; r->next;
+ r = r->next);
+ r->next = rnode;
+ }
+ }
+ }
+ }
+
+ return 0;
}
static cdk_error_t
-read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig)
+read_signature(cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig)
{
- size_t nbytes;
- size_t i, nsig;
- ssize_t size;
- cdk_error_t rc;
-
- if (!inp || !sig)
- return gnutls_assert_val(CDK_Inv_Value);
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_signature: %d octets\n", (int) pktlen);
-
- if (pktlen < 16)
- return gnutls_assert_val(CDK_Inv_Packet);
- sig->version = cdk_stream_getc (inp);
- if (sig->version < 2 || sig->version > 4)
- return gnutls_assert_val(CDK_Inv_Packet_Ver);
-
- sig->flags.exportable = 1;
- sig->flags.revocable = 1;
-
- if (sig->version < 4)
- {
- if (cdk_stream_getc (inp) != 5)
- return gnutls_assert_val(CDK_Inv_Packet);
- sig->sig_class = cdk_stream_getc (inp);
- sig->timestamp = read_32 (inp);
- sig->keyid[0] = read_32 (inp);
- sig->keyid[1] = read_32 (inp);
- sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
- sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
- sig->digest_start[0] = cdk_stream_getc (inp);
- sig->digest_start[1] = cdk_stream_getc (inp);
- nsig = cdk_pk_get_nsig (sig->pubkey_algo);
- if (!nsig)
- return gnutls_assert_val(CDK_Inv_Algo);
- for (i = 0; i < nsig; i++)
- {
- rc = read_mpi (inp, &sig->mpi[i], 0);
- if (rc)
- return gnutls_assert_val(rc);
- }
- }
- else
- {
- sig->sig_class = cdk_stream_getc (inp);
- sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
- sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
- sig->hashed_size = read_16 (inp);
- size = sig->hashed_size;
- sig->hashed = NULL;
- while (size > 0)
- {
- rc = read_subpkt (inp, &sig->hashed, &nbytes);
- if (rc)
- return gnutls_assert_val(rc);
- size -= nbytes;
- }
- sig->unhashed_size = read_16 (inp);
- size = sig->unhashed_size;
- sig->unhashed = NULL;
- while (size > 0)
- {
- rc = read_subpkt (inp, &sig->unhashed, &nbytes);
- if (rc)
- return gnutls_assert_val(rc);
- size -= nbytes;
- }
-
- rc = parse_sig_subpackets (sig);
- if (rc)
- return gnutls_assert_val(rc);
-
- sig->digest_start[0] = cdk_stream_getc (inp);
- sig->digest_start[1] = cdk_stream_getc (inp);
- nsig = cdk_pk_get_nsig (sig->pubkey_algo);
- if (!nsig)
- return gnutls_assert_val(CDK_Inv_Algo);
- for (i = 0; i < nsig; i++)
- {
- rc = read_mpi (inp, &sig->mpi[i], 0);
- if (rc)
- return gnutls_assert_val(rc);
- }
- }
-
- return 0;
+ size_t nbytes;
+ size_t i, nsig;
+ ssize_t size;
+ cdk_error_t rc;
+
+ if (!inp || !sig)
+ return gnutls_assert_val(CDK_Inv_Value);
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_signature: %d octets\n",
+ (int) pktlen);
+
+ if (pktlen < 16)
+ return gnutls_assert_val(CDK_Inv_Packet);
+ sig->version = cdk_stream_getc(inp);
+ if (sig->version < 2 || sig->version > 4)
+ return gnutls_assert_val(CDK_Inv_Packet_Ver);
+
+ sig->flags.exportable = 1;
+ sig->flags.revocable = 1;
+
+ if (sig->version < 4) {
+ if (cdk_stream_getc(inp) != 5)
+ return gnutls_assert_val(CDK_Inv_Packet);
+ sig->sig_class = cdk_stream_getc(inp);
+ sig->timestamp = read_32(inp);
+ sig->keyid[0] = read_32(inp);
+ sig->keyid[1] = read_32(inp);
+ sig->pubkey_algo =
+ _pgp_pub_algo_to_cdk(cdk_stream_getc(inp));
+ sig->digest_algo =
+ _pgp_hash_algo_to_gnutls(cdk_stream_getc(inp));
+ sig->digest_start[0] = cdk_stream_getc(inp);
+ sig->digest_start[1] = cdk_stream_getc(inp);
+ nsig = cdk_pk_get_nsig(sig->pubkey_algo);
+ if (!nsig)
+ return gnutls_assert_val(CDK_Inv_Algo);
+ for (i = 0; i < nsig; i++) {
+ rc = read_mpi(inp, &sig->mpi[i], 0);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+ } else {
+ sig->sig_class = cdk_stream_getc(inp);
+ sig->pubkey_algo =
+ _pgp_pub_algo_to_cdk(cdk_stream_getc(inp));
+ sig->digest_algo =
+ _pgp_hash_algo_to_gnutls(cdk_stream_getc(inp));
+ sig->hashed_size = read_16(inp);
+ size = sig->hashed_size;
+ sig->hashed = NULL;
+ while (size > 0) {
+ rc = read_subpkt(inp, &sig->hashed, &nbytes);
+ if (rc)
+ return gnutls_assert_val(rc);
+ size -= nbytes;
+ }
+ sig->unhashed_size = read_16(inp);
+ size = sig->unhashed_size;
+ sig->unhashed = NULL;
+ while (size > 0) {
+ rc = read_subpkt(inp, &sig->unhashed, &nbytes);
+ if (rc)
+ return gnutls_assert_val(rc);
+ size -= nbytes;
+ }
+
+ rc = parse_sig_subpackets(sig);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ sig->digest_start[0] = cdk_stream_getc(inp);
+ sig->digest_start[1] = cdk_stream_getc(inp);
+ nsig = cdk_pk_get_nsig(sig->pubkey_algo);
+ if (!nsig)
+ return gnutls_assert_val(CDK_Inv_Algo);
+ for (i = 0; i < nsig; i++) {
+ rc = read_mpi(inp, &sig->mpi[i], 0);
+ if (rc)
+ return gnutls_assert_val(rc);
+ }
+ }
+
+ return 0;
}
static cdk_error_t
-read_literal (cdk_stream_t inp, size_t pktlen,
- cdk_pkt_literal_t * ret_pt, int is_partial)
+read_literal(cdk_stream_t inp, size_t pktlen,
+ cdk_pkt_literal_t * ret_pt, int is_partial)
{
- cdk_pkt_literal_t pt = *ret_pt;
- size_t nread;
- cdk_error_t rc;
-
- if (!inp || !pt)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("read_literal: %d octets\n", (int) pktlen);
-
- pt->mode = cdk_stream_getc (inp);
- if (pt->mode != 0x62 && pt->mode != 0x74 && pt->mode != 0x75)
- return CDK_Inv_Packet;
- if (cdk_stream_eof (inp))
- return CDK_Inv_Packet;
-
- pt->namelen = cdk_stream_getc (inp);
- if (pt->namelen > 0)
- {
- *ret_pt = pt = cdk_realloc (pt, sizeof *pt + pt->namelen + 2);
- if (!pt)
- return CDK_Out_Of_Core;
- pt->name = (char *) pt + sizeof (*pt);
- rc = stream_read (inp, pt->name, pt->namelen, &nread);
- if (rc)
- return rc;
- if ((int) nread != pt->namelen)
- return CDK_Inv_Packet;
- pt->name[pt->namelen] = '\0';
- }
- pt->timestamp = read_32 (inp);
- pktlen = pktlen - 6 - pt->namelen;
- if (is_partial)
- _cdk_stream_set_blockmode (inp, pktlen);
- pt->buf = inp;
- pt->len = pktlen;
- return 0;
+ cdk_pkt_literal_t pt = *ret_pt;
+ size_t nread;
+ cdk_error_t rc;
+
+ if (!inp || !pt)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("read_literal: %d octets\n",
+ (int) pktlen);
+
+ pt->mode = cdk_stream_getc(inp);
+ if (pt->mode != 0x62 && pt->mode != 0x74 && pt->mode != 0x75)
+ return CDK_Inv_Packet;
+ if (cdk_stream_eof(inp))
+ return CDK_Inv_Packet;
+
+ pt->namelen = cdk_stream_getc(inp);
+ if (pt->namelen > 0) {
+ *ret_pt = pt =
+ cdk_realloc(pt, sizeof *pt + pt->namelen + 2);
+ if (!pt)
+ return CDK_Out_Of_Core;
+ pt->name = (char *) pt + sizeof(*pt);
+ rc = stream_read(inp, pt->name, pt->namelen, &nread);
+ if (rc)
+ return rc;
+ if ((int) nread != pt->namelen)
+ return CDK_Inv_Packet;
+ pt->name[pt->namelen] = '\0';
+ }
+ pt->timestamp = read_32(inp);
+ pktlen = pktlen - 6 - pt->namelen;
+ if (is_partial)
+ _cdk_stream_set_blockmode(inp, pktlen);
+ pt->buf = inp;
+ pt->len = pktlen;
+ return 0;
}
/* Read an old packet CTB and return the length of the body. */
static void
-read_old_length (cdk_stream_t inp, int ctb, size_t * r_len, size_t * r_size)
+read_old_length(cdk_stream_t inp, int ctb, size_t * r_len, size_t * r_size)
{
- int llen = ctb & 0x03;
-
- if (llen == 0)
- {
- *r_len = cdk_stream_getc (inp);
- (*r_size)++;
- }
- else if (llen == 1)
- {
- *r_len = read_16 (inp);
- (*r_size) += 2;
- }
- else if (llen == 2)
- {
- *r_len = read_32 (inp);
- (*r_size) += 4;
- }
- else
- {
- *r_len = 0;
- *r_size = 0;
- }
+ int llen = ctb & 0x03;
+
+ if (llen == 0) {
+ *r_len = cdk_stream_getc(inp);
+ (*r_size)++;
+ } else if (llen == 1) {
+ *r_len = read_16(inp);
+ (*r_size) += 2;
+ } else if (llen == 2) {
+ *r_len = read_32(inp);
+ (*r_size) += 4;
+ } else {
+ *r_len = 0;
+ *r_size = 0;
+ }
}
/* Read a new CTB and decode the body length. */
static void
-read_new_length (cdk_stream_t inp,
- size_t * r_len, size_t * r_size, size_t * r_partial)
+read_new_length(cdk_stream_t inp,
+ size_t * r_len, size_t * r_size, size_t * r_partial)
{
- int c, c1;
-
- c = cdk_stream_getc (inp);
- (*r_size)++;
- if (c < 192)
- *r_len = c;
- else if (c >= 192 && c <= 223)
- {
- c1 = cdk_stream_getc (inp);
- (*r_size)++;
- *r_len = ((c - 192) << 8) + c1 + 192;
- }
- else if (c == 255)
- {
- *r_len = read_32 (inp);
- (*r_size) += 4;
- }
- else
- {
- *r_len = 1 << (c & 0x1f);
- *r_partial = 1;
- }
+ int c, c1;
+
+ c = cdk_stream_getc(inp);
+ (*r_size)++;
+ if (c < 192)
+ *r_len = c;
+ else if (c >= 192 && c <= 223) {
+ c1 = cdk_stream_getc(inp);
+ (*r_size)++;
+ *r_len = ((c - 192) << 8) + c1 + 192;
+ } else if (c == 255) {
+ *r_len = read_32(inp);
+ (*r_size) += 4;
+ } else {
+ *r_len = 1 << (c & 0x1f);
+ *r_partial = 1;
+ }
}
/* Skip the current packet body. */
-static void
-skip_packet (cdk_stream_t inp, size_t pktlen)
+static void skip_packet(cdk_stream_t inp, size_t pktlen)
{
- byte buf[BUFSIZE];
- size_t nread, buflen = DIM (buf);
+ byte buf[BUFSIZE];
+ size_t nread, buflen = DIM(buf);
- while (pktlen > 0)
- {
- stream_read (inp, buf, pktlen > buflen ? buflen : pktlen, &nread);
- pktlen -= nread;
- }
+ while (pktlen > 0) {
+ stream_read(inp, buf, pktlen > buflen ? buflen : pktlen,
+ &nread);
+ pktlen -= nread;
+ }
- assert (pktlen == 0);
+ assert(pktlen == 0);
}
@@ -946,193 +897,199 @@ skip_packet (cdk_stream_t inp, size_t pktlen)
*
* Parse the next packet on the @inp stream and return its contents in @pkt.
**/
-cdk_error_t
-cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt)
+cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
{
- int ctb, is_newctb;
- int pkttype;
- size_t pktlen = 0, pktsize = 0, is_partial = 0;
- cdk_error_t rc;
-
- if (!inp || !pkt)
- return CDK_Inv_Value;
-
- ctb = cdk_stream_getc (inp);
- if (cdk_stream_eof (inp) || ctb == EOF)
- return CDK_EOF;
- else if (!ctb)
- return gnutls_assert_val(CDK_Inv_Packet);
-
- pktsize++;
- if (!(ctb & 0x80))
- {
- _cdk_log_info ("cdk_pkt_read: no openpgp data found. "
- "(ctb=%02X; fpos=%02X)\n", (int) ctb,
- (int) cdk_stream_tell (inp));
- return gnutls_assert_val(CDK_Inv_Packet);
- }
-
- if (ctb & 0x40) /* RFC2440 packet format. */
- {
- pkttype = ctb & 0x3f;
- is_newctb = 1;
- }
- else /* the old RFC1991 packet format. */
- {
- pkttype = ctb & 0x3f;
- pkttype >>= 2;
- is_newctb = 0;
- }
-
- if (pkttype > 63)
- {
- _cdk_log_info ("cdk_pkt_read: unknown type %d\n", pkttype);
- return gnutls_assert_val(CDK_Inv_Packet);
- }
-
- if (is_newctb)
- read_new_length (inp, &pktlen, &pktsize, &is_partial);
- else
- read_old_length (inp, ctb, &pktlen, &pktsize);
-
- pkt->pkttype = pkttype;
- pkt->pktlen = pktlen;
- pkt->pktsize = pktsize + pktlen;
- pkt->old_ctb = is_newctb ? 0 : 1;
-
- rc = 0;
- switch (pkt->pkttype)
- {
- case CDK_PKT_ATTRIBUTE:
+ int ctb, is_newctb;
+ int pkttype;
+ size_t pktlen = 0, pktsize = 0, is_partial = 0;
+ cdk_error_t rc;
+
+ if (!inp || !pkt)
+ return CDK_Inv_Value;
+
+ ctb = cdk_stream_getc(inp);
+ if (cdk_stream_eof(inp) || ctb == EOF)
+ return CDK_EOF;
+ else if (!ctb)
+ return gnutls_assert_val(CDK_Inv_Packet);
+
+ pktsize++;
+ if (!(ctb & 0x80)) {
+ _cdk_log_info("cdk_pkt_read: no openpgp data found. "
+ "(ctb=%02X; fpos=%02X)\n", (int) ctb,
+ (int) cdk_stream_tell(inp));
+ return gnutls_assert_val(CDK_Inv_Packet);
+ }
+
+ if (ctb & 0x40) { /* RFC2440 packet format. */
+ pkttype = ctb & 0x3f;
+ is_newctb = 1;
+ } else { /* the old RFC1991 packet format. */
+
+ pkttype = ctb & 0x3f;
+ pkttype >>= 2;
+ is_newctb = 0;
+ }
+
+ if (pkttype > 63) {
+ _cdk_log_info("cdk_pkt_read: unknown type %d\n", pkttype);
+ return gnutls_assert_val(CDK_Inv_Packet);
+ }
+
+ if (is_newctb)
+ read_new_length(inp, &pktlen, &pktsize, &is_partial);
+ else
+ read_old_length(inp, ctb, &pktlen, &pktsize);
+
+ pkt->pkttype = pkttype;
+ pkt->pktlen = pktlen;
+ pkt->pktsize = pktsize + pktlen;
+ pkt->old_ctb = is_newctb ? 0 : 1;
+
+ rc = 0;
+ switch (pkt->pkttype) {
+ case CDK_PKT_ATTRIBUTE:
#define NAME_SIZE (pkt->pktlen + 16 + 1)
- pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
- + NAME_SIZE);
- if (!pkt->pkt.user_id)
- return gnutls_assert_val(CDK_Out_Of_Core);
- pkt->pkt.user_id->name =
- (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
-
- rc = read_attribute (inp, pktlen, pkt->pkt.user_id, NAME_SIZE);
- pkt->pkttype = CDK_PKT_ATTRIBUTE;
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_USER_ID:
- pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
- + pkt->pktlen + 1);
- if (!pkt->pkt.user_id)
- return gnutls_assert_val(CDK_Out_Of_Core);
- pkt->pkt.user_id->name =
- (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
- rc = read_user_id (inp, pktlen, pkt->pkt.user_id);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_PUBLIC_KEY:
- pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
- if (!pkt->pkt.public_key)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_public_key (inp, pktlen, pkt->pkt.public_key);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_PUBLIC_SUBKEY:
- pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
- if (!pkt->pkt.public_key)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_public_subkey (inp, pktlen, pkt->pkt.public_key);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_SECRET_KEY:
- pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
- if (!pkt->pkt.secret_key)
- return gnutls_assert_val(CDK_Out_Of_Core);
- pkt->pkt.secret_key->pk = cdk_calloc (1,
- sizeof *pkt->pkt.secret_key->pk);
- if (!pkt->pkt.secret_key->pk)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_secret_key (inp, pktlen, pkt->pkt.secret_key);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_SECRET_SUBKEY:
- pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
- if (!pkt->pkt.secret_key)
- return gnutls_assert_val(CDK_Out_Of_Core);
- pkt->pkt.secret_key->pk = cdk_calloc (1,
- sizeof *pkt->pkt.secret_key->pk);
- if (!pkt->pkt.secret_key->pk)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_secret_subkey (inp, pktlen, pkt->pkt.secret_key);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_LITERAL:
- pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
- if (!pkt->pkt.literal)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_literal (inp, pktlen, &pkt->pkt.literal, is_partial);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_ONEPASS_SIG:
- pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
- if (!pkt->pkt.onepass_sig)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_onepass_sig (inp, pktlen, pkt->pkt.onepass_sig);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_SIGNATURE:
- pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
- if (!pkt->pkt.signature)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_signature (inp, pktlen, pkt->pkt.signature);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_PUBKEY_ENC:
- pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
- if (!pkt->pkt.pubkey_enc)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_pubkey_enc (inp, pktlen, pkt->pkt.pubkey_enc);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_COMPRESSED:
- pkt->pkt.compressed = cdk_calloc (1, sizeof *pkt->pkt.compressed);
- if (!pkt->pkt.compressed)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_compressed (inp, pktlen, pkt->pkt.compressed);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- case CDK_PKT_MDC:
- pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
- if (!pkt->pkt.mdc)
- return gnutls_assert_val(CDK_Out_Of_Core);
- rc = read_mdc (inp, pkt->pkt.mdc);
- if (rc)
- return gnutls_assert_val(rc);
- break;
-
- default:
- /* Skip all packets we don't understand */
- skip_packet (inp, pktlen);
- break;
- }
-
- return rc;
+ pkt->pkt.user_id = cdk_calloc(1, sizeof *pkt->pkt.user_id
+ + NAME_SIZE);
+ if (!pkt->pkt.user_id)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ pkt->pkt.user_id->name =
+ (char *) pkt->pkt.user_id + sizeof(*pkt->pkt.user_id);
+
+ rc = read_attribute(inp, pktlen, pkt->pkt.user_id,
+ NAME_SIZE);
+ pkt->pkttype = CDK_PKT_ATTRIBUTE;
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_USER_ID:
+ pkt->pkt.user_id = cdk_calloc(1, sizeof *pkt->pkt.user_id
+ + pkt->pktlen + 1);
+ if (!pkt->pkt.user_id)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ pkt->pkt.user_id->name =
+ (char *) pkt->pkt.user_id + sizeof(*pkt->pkt.user_id);
+ rc = read_user_id(inp, pktlen, pkt->pkt.user_id);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_PUBLIC_KEY:
+ pkt->pkt.public_key =
+ cdk_calloc(1, sizeof *pkt->pkt.public_key);
+ if (!pkt->pkt.public_key)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_public_key(inp, pktlen, pkt->pkt.public_key);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key =
+ cdk_calloc(1, sizeof *pkt->pkt.public_key);
+ if (!pkt->pkt.public_key)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_public_subkey(inp, pktlen, pkt->pkt.public_key);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_SECRET_KEY:
+ pkt->pkt.secret_key =
+ cdk_calloc(1, sizeof *pkt->pkt.secret_key);
+ if (!pkt->pkt.secret_key)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ pkt->pkt.secret_key->pk = cdk_calloc(1,
+ sizeof *pkt->pkt.
+ secret_key->pk);
+ if (!pkt->pkt.secret_key->pk)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_secret_key(inp, pktlen, pkt->pkt.secret_key);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key =
+ cdk_calloc(1, sizeof *pkt->pkt.secret_key);
+ if (!pkt->pkt.secret_key)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ pkt->pkt.secret_key->pk = cdk_calloc(1,
+ sizeof *pkt->pkt.
+ secret_key->pk);
+ if (!pkt->pkt.secret_key->pk)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_secret_subkey(inp, pktlen, pkt->pkt.secret_key);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_LITERAL:
+ pkt->pkt.literal = cdk_calloc(1, sizeof *pkt->pkt.literal);
+ if (!pkt->pkt.literal)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_literal(inp, pktlen, &pkt->pkt.literal,
+ is_partial);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_ONEPASS_SIG:
+ pkt->pkt.onepass_sig =
+ cdk_calloc(1, sizeof *pkt->pkt.onepass_sig);
+ if (!pkt->pkt.onepass_sig)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_onepass_sig(inp, pktlen, pkt->pkt.onepass_sig);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_SIGNATURE:
+ pkt->pkt.signature =
+ cdk_calloc(1, sizeof *pkt->pkt.signature);
+ if (!pkt->pkt.signature)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_signature(inp, pktlen, pkt->pkt.signature);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_PUBKEY_ENC:
+ pkt->pkt.pubkey_enc =
+ cdk_calloc(1, sizeof *pkt->pkt.pubkey_enc);
+ if (!pkt->pkt.pubkey_enc)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_pubkey_enc(inp, pktlen, pkt->pkt.pubkey_enc);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_COMPRESSED:
+ pkt->pkt.compressed =
+ cdk_calloc(1, sizeof *pkt->pkt.compressed);
+ if (!pkt->pkt.compressed)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_compressed(inp, pktlen, pkt->pkt.compressed);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ case CDK_PKT_MDC:
+ pkt->pkt.mdc = cdk_calloc(1, sizeof *pkt->pkt.mdc);
+ if (!pkt->pkt.mdc)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+ rc = read_mdc(inp, pkt->pkt.mdc);
+ if (rc)
+ return gnutls_assert_val(rc);
+ break;
+
+ default:
+ /* Skip all packets we don't understand */
+ skip_packet(inp, pktlen);
+ break;
+ }
+
+ return rc;
}
diff --git a/lib/opencdk/seskey.c b/lib/opencdk/seskey.c
index 7ffeb1ad1c..77fbd1f9d6 100644
--- a/lib/opencdk/seskey.c
+++ b/lib/opencdk/seskey.c
@@ -41,29 +41,29 @@
* The @salt parameter must be always 8 octets.
**/
cdk_error_t
-cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
- const byte * salt)
+cdk_s2k_new(cdk_s2k_t * ret_s2k, int mode, int digest_algo,
+ const byte * salt)
{
- cdk_s2k_t s2k;
+ cdk_s2k_t s2k;
- if (!ret_s2k)
- return CDK_Inv_Value;
+ if (!ret_s2k)
+ return CDK_Inv_Value;
- if (mode != 0x00 && mode != 0x01 && mode != 0x03)
- return CDK_Inv_Mode;
+ if (mode != 0x00 && mode != 0x01 && mode != 0x03)
+ return CDK_Inv_Mode;
- if (_gnutls_hash_get_algo_len (mac_to_entry(digest_algo)) <= 0)
- return CDK_Inv_Algo;
+ if (_gnutls_hash_get_algo_len(mac_to_entry(digest_algo)) <= 0)
+ return CDK_Inv_Algo;
- s2k = cdk_calloc (1, sizeof *s2k);
- if (!s2k)
- return CDK_Out_Of_Core;
- s2k->mode = mode;
- s2k->hash_algo = digest_algo;
- if (salt)
- memcpy (s2k->salt, salt, 8);
- *ret_s2k = s2k;
- return 0;
+ s2k = cdk_calloc(1, sizeof *s2k);
+ if (!s2k)
+ return CDK_Out_Of_Core;
+ s2k->mode = mode;
+ s2k->hash_algo = digest_algo;
+ if (salt)
+ memcpy(s2k->salt, salt, 8);
+ *ret_s2k = s2k;
+ return 0;
}
@@ -73,25 +73,23 @@ cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
*
* Release the given S2K object.
**/
-void
-cdk_s2k_free (cdk_s2k_t s2k)
+void cdk_s2k_free(cdk_s2k_t s2k)
{
- cdk_free (s2k);
+ cdk_free(s2k);
}
/* Make a copy of the source s2k into R_DST. */
-cdk_error_t
-_cdk_s2k_copy (cdk_s2k_t * r_dst, cdk_s2k_t src)
+cdk_error_t _cdk_s2k_copy(cdk_s2k_t * r_dst, cdk_s2k_t src)
{
- cdk_s2k_t dst;
- cdk_error_t err;
+ cdk_s2k_t dst;
+ cdk_error_t err;
- err = cdk_s2k_new (&dst, src->mode, src->hash_algo, src->salt);
- if (err)
- return err;
- dst->count = src->count;
- *r_dst = dst;
+ err = cdk_s2k_new(&dst, src->mode, src->hash_algo, src->salt);
+ if (err)
+ return err;
+ dst->count = src->count;
+ *r_dst = dst;
- return 0;
+ return 0;
}
diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c
index 9083fb56d3..931bb138cb 100644
--- a/lib/opencdk/sig-check.c
+++ b/lib/opencdk/sig-check.c
@@ -33,35 +33,32 @@
/* Hash all multi precision integers of the key PK with the given
message digest context MD. */
-static int
-hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
+static int hash_mpibuf(cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
{
- byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */
- size_t nbytes;
- size_t i, npkey;
- int err;
-
- /* We have to differ between two modes for v3 keys. To form the
- fingerprint, we hash the MPI values without the length prefix.
- But if we calculate the hash for verifying/signing we use all data. */
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- for (i = 0; i < npkey; i++)
- {
- nbytes = MAX_MPI_BYTES;
- err = _gnutls_mpi_print_pgp (pk->mpi[i], buf, &nbytes);
-
- if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
-
- if (!usefpr || pk->version == 4)
- _gnutls_hash (md, buf, nbytes);
- else /* without the prefix. */
- _gnutls_hash (md, buf + 2, nbytes - 2);
- }
- return 0;
+ byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */
+ size_t nbytes;
+ size_t i, npkey;
+ int err;
+
+ /* We have to differ between two modes for v3 keys. To form the
+ fingerprint, we hash the MPI values without the length prefix.
+ But if we calculate the hash for verifying/signing we use all data. */
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ for (i = 0; i < npkey; i++) {
+ nbytes = MAX_MPI_BYTES;
+ err = _gnutls_mpi_print_pgp(pk->mpi[i], buf, &nbytes);
+
+ if (err < 0) {
+ gnutls_assert();
+ return map_gnutls_error(err);
+ }
+
+ if (!usefpr || pk->version == 4)
+ _gnutls_hash(md, buf, nbytes);
+ else /* without the prefix. */
+ _gnutls_hash(md, buf + 2, nbytes - 2);
+ }
+ return 0;
}
@@ -69,417 +66,378 @@ hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
MD. The @usefpr param is only valid for version 3 keys because of
the different way to calculate the fingerprint. */
cdk_error_t
-_cdk_hash_pubkey (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
+_cdk_hash_pubkey(cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
{
- byte buf[12];
- size_t i, n, npkey;
-
- if (!pk || !md)
- return CDK_Inv_Value;
-
- if (usefpr && pk->version < 4 && is_RSA (pk->pubkey_algo))
- return hash_mpibuf (pk, md, 1);
-
- /* The version 4 public key packet does not have the 2 octets for
- the expiration date. */
- n = pk->version < 4 ? 8 : 6;
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- for (i = 0; i < npkey; i++)
- n = n + (_gnutls_mpi_get_nbits (pk->mpi[i]) + 7) / 8 + 2;
-
- i = 0;
- buf[i++] = 0x99;
- buf[i++] = n >> 8;
- buf[i++] = n >> 0;
- buf[i++] = pk->version;
- buf[i++] = pk->timestamp >> 24;
- buf[i++] = pk->timestamp >> 16;
- buf[i++] = pk->timestamp >> 8;
- buf[i++] = pk->timestamp >> 0;
-
- if (pk->version < 4)
- {
- u16 a = 0;
-
- /* Convert the expiration date into days. */
- if (pk->expiredate)
- a = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
- buf[i++] = a >> 8;
- buf[i++] = a;
- }
- buf[i++] = pk->pubkey_algo;
- _gnutls_hash (md, buf, i);
- return hash_mpibuf (pk, md, 0);
+ byte buf[12];
+ size_t i, n, npkey;
+
+ if (!pk || !md)
+ return CDK_Inv_Value;
+
+ if (usefpr && pk->version < 4 && is_RSA(pk->pubkey_algo))
+ return hash_mpibuf(pk, md, 1);
+
+ /* The version 4 public key packet does not have the 2 octets for
+ the expiration date. */
+ n = pk->version < 4 ? 8 : 6;
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ for (i = 0; i < npkey; i++)
+ n = n + (_gnutls_mpi_get_nbits(pk->mpi[i]) + 7) / 8 + 2;
+
+ i = 0;
+ buf[i++] = 0x99;
+ buf[i++] = n >> 8;
+ buf[i++] = n >> 0;
+ buf[i++] = pk->version;
+ buf[i++] = pk->timestamp >> 24;
+ buf[i++] = pk->timestamp >> 16;
+ buf[i++] = pk->timestamp >> 8;
+ buf[i++] = pk->timestamp >> 0;
+
+ if (pk->version < 4) {
+ u16 a = 0;
+
+ /* Convert the expiration date into days. */
+ if (pk->expiredate)
+ a = (u16) ((pk->expiredate -
+ pk->timestamp) / 86400L);
+ buf[i++] = a >> 8;
+ buf[i++] = a;
+ }
+ buf[i++] = pk->pubkey_algo;
+ _gnutls_hash(md, buf, i);
+ return hash_mpibuf(pk, md, 0);
}
/* Hash the user ID @uid with the given message digest @md.
Use openpgp mode if @is_v4 is 1. */
cdk_error_t
-_cdk_hash_userid (cdk_pkt_userid_t uid, int is_v4, digest_hd_st * md)
+_cdk_hash_userid(cdk_pkt_userid_t uid, int is_v4, digest_hd_st * md)
{
- const byte *data;
- byte buf[5];
- u32 dlen;
-
- if (!uid || !md)
- return CDK_Inv_Value;
-
- if (!is_v4)
- {
- _gnutls_hash (md, (byte *) uid->name, uid->len);
- return 0;
- }
-
- dlen = uid->attrib_img ? uid->attrib_len : uid->len;
- data = uid->attrib_img ? uid->attrib_img : (byte *) uid->name;
- buf[0] = uid->attrib_img ? 0xD1 : 0xB4;
- buf[1] = dlen >> 24;
- buf[2] = dlen >> 16;
- buf[3] = dlen >> 8;
- buf[4] = dlen >> 0;
- _gnutls_hash (md, buf, 5);
- _gnutls_hash (md, data, dlen);
- return 0;
+ const byte *data;
+ byte buf[5];
+ u32 dlen;
+
+ if (!uid || !md)
+ return CDK_Inv_Value;
+
+ if (!is_v4) {
+ _gnutls_hash(md, (byte *) uid->name, uid->len);
+ return 0;
+ }
+
+ dlen = uid->attrib_img ? uid->attrib_len : uid->len;
+ data = uid->attrib_img ? uid->attrib_img : (byte *) uid->name;
+ buf[0] = uid->attrib_img ? 0xD1 : 0xB4;
+ buf[1] = dlen >> 24;
+ buf[2] = dlen >> 16;
+ buf[3] = dlen >> 8;
+ buf[4] = dlen >> 0;
+ _gnutls_hash(md, buf, 5);
+ _gnutls_hash(md, data, dlen);
+ return 0;
}
/* Hash all parts of the signature which are needed to derive
the correct message digest to verify the sig. */
-cdk_error_t
-_cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * md)
+cdk_error_t _cdk_hash_sig_data(cdk_pkt_signature_t sig, digest_hd_st * md)
{
- byte buf[4];
- byte tmp;
-
- if (!sig || !md)
- return CDK_Inv_Value;
-
- if (sig->version == 4)
- _gnutls_hash (md, &sig->version, 1);
-
- _gnutls_hash (md, &sig->sig_class, 1);
- if (sig->version < 4)
- {
- buf[0] = sig->timestamp >> 24;
- buf[1] = sig->timestamp >> 16;
- buf[2] = sig->timestamp >> 8;
- buf[3] = sig->timestamp >> 0;
- _gnutls_hash (md, buf, 4);
- }
- else
- {
- size_t n;
-
- tmp = _cdk_pub_algo_to_pgp (sig->pubkey_algo);
- _gnutls_hash (md, &tmp, 1);
- tmp = _gnutls_hash_algo_to_pgp (sig->digest_algo);
- _gnutls_hash (md, &tmp, 1);
- if (sig->hashed != NULL)
- {
- byte *p = _cdk_subpkt_get_array (sig->hashed, 0, &n);
- if (p == NULL)
- return gnutls_assert_val(CDK_Inv_Value);
-
- buf[0] = n >> 8;
- buf[1] = n >> 0;
- _gnutls_hash (md, buf, 2);
- _gnutls_hash (md, p, n);
- cdk_free (p);
- sig->hashed_size = n;
- n = sig->hashed_size + 6;
- }
- else
- {
- tmp = 0x00;
- _gnutls_hash (md, &tmp, 1);
- _gnutls_hash (md, &tmp, 1);
- n = 6;
- }
- _gnutls_hash (md, &sig->version, 1);
- tmp = 0xff;
- _gnutls_hash (md, &tmp, 1);
- buf[0] = n >> 24;
- buf[1] = n >> 16;
- buf[2] = n >> 8;
- buf[3] = n >> 0;
- _gnutls_hash (md, buf, 4);
- }
- return 0;
+ byte buf[4];
+ byte tmp;
+
+ if (!sig || !md)
+ return CDK_Inv_Value;
+
+ if (sig->version == 4)
+ _gnutls_hash(md, &sig->version, 1);
+
+ _gnutls_hash(md, &sig->sig_class, 1);
+ if (sig->version < 4) {
+ buf[0] = sig->timestamp >> 24;
+ buf[1] = sig->timestamp >> 16;
+ buf[2] = sig->timestamp >> 8;
+ buf[3] = sig->timestamp >> 0;
+ _gnutls_hash(md, buf, 4);
+ } else {
+ size_t n;
+
+ tmp = _cdk_pub_algo_to_pgp(sig->pubkey_algo);
+ _gnutls_hash(md, &tmp, 1);
+ tmp = _gnutls_hash_algo_to_pgp(sig->digest_algo);
+ _gnutls_hash(md, &tmp, 1);
+ if (sig->hashed != NULL) {
+ byte *p =
+ _cdk_subpkt_get_array(sig->hashed, 0, &n);
+ if (p == NULL)
+ return gnutls_assert_val(CDK_Inv_Value);
+
+ buf[0] = n >> 8;
+ buf[1] = n >> 0;
+ _gnutls_hash(md, buf, 2);
+ _gnutls_hash(md, p, n);
+ cdk_free(p);
+ sig->hashed_size = n;
+ n = sig->hashed_size + 6;
+ } else {
+ tmp = 0x00;
+ _gnutls_hash(md, &tmp, 1);
+ _gnutls_hash(md, &tmp, 1);
+ n = 6;
+ }
+ _gnutls_hash(md, &sig->version, 1);
+ tmp = 0xff;
+ _gnutls_hash(md, &tmp, 1);
+ buf[0] = n >> 24;
+ buf[1] = n >> 16;
+ buf[2] = n >> 8;
+ buf[3] = n >> 0;
+ _gnutls_hash(md, buf, 4);
+ }
+ return 0;
}
/* Cache the signature result and store it inside the sig. */
-static void
-cache_sig_result (cdk_pkt_signature_t sig, int res)
+static void cache_sig_result(cdk_pkt_signature_t sig, int res)
{
- sig->flags.checked = 0;
- sig->flags.valid = 0;
- if (res == 0)
- {
- sig->flags.checked = 1;
- sig->flags.valid = 1;
- }
- else if (res == CDK_Bad_Sig)
- {
- sig->flags.checked = 1;
- sig->flags.valid = 0;
- }
+ sig->flags.checked = 0;
+ sig->flags.valid = 0;
+ if (res == 0) {
+ sig->flags.checked = 1;
+ sig->flags.valid = 1;
+ } else if (res == CDK_Bad_Sig) {
+ sig->flags.checked = 1;
+ sig->flags.valid = 0;
+ }
}
/* Check the given signature @sig with the public key @pk.
Use the digest handle @digest. */
cdk_error_t
-_cdk_sig_check (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
- digest_hd_st * digest, int *r_expired)
+_cdk_sig_check(cdk_pubkey_t pk, cdk_pkt_signature_t sig,
+ digest_hd_st * digest, int *r_expired)
{
- cdk_error_t rc;
- byte md[MAX_DIGEST_LEN];
- time_t cur_time = (u32) gnutls_time (NULL);
-
- if (!pk || !sig || !digest)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- if (sig->flags.checked)
- return sig->flags.valid ? 0 : CDK_Bad_Sig;
- if (!KEY_CAN_SIGN (pk->pubkey_algo))
- return CDK_Inv_Algo;
- if (pk->timestamp > sig->timestamp || pk->timestamp > cur_time)
- return CDK_Time_Conflict;
-
- if (r_expired && pk->expiredate
- && (pk->expiredate + pk->timestamp) > cur_time)
- *r_expired = 1;
-
- _cdk_hash_sig_data (sig, digest);
- _gnutls_hash_output (digest, md);
-
- if (md[0] != sig->digest_start[0] || md[1] != sig->digest_start[1])
- {
- gnutls_assert ();
- return CDK_Chksum_Error;
- }
-
- rc = cdk_pk_verify (pk, sig, md);
- cache_sig_result (sig, rc);
- return rc;
+ cdk_error_t rc;
+ byte md[MAX_DIGEST_LEN];
+ time_t cur_time = (u32) gnutls_time(NULL);
+
+ if (!pk || !sig || !digest) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ if (sig->flags.checked)
+ return sig->flags.valid ? 0 : CDK_Bad_Sig;
+ if (!KEY_CAN_SIGN(pk->pubkey_algo))
+ return CDK_Inv_Algo;
+ if (pk->timestamp > sig->timestamp || pk->timestamp > cur_time)
+ return CDK_Time_Conflict;
+
+ if (r_expired && pk->expiredate
+ && (pk->expiredate + pk->timestamp) > cur_time)
+ *r_expired = 1;
+
+ _cdk_hash_sig_data(sig, digest);
+ _gnutls_hash_output(digest, md);
+
+ if (md[0] != sig->digest_start[0] || md[1] != sig->digest_start[1]) {
+ gnutls_assert();
+ return CDK_Chksum_Error;
+ }
+
+ rc = cdk_pk_verify(pk, sig, md);
+ cache_sig_result(sig, rc);
+ return rc;
}
/* Check the given key signature.
@knode is the key node and @snode the signature node. */
cdk_error_t
-_cdk_pk_check_sig (cdk_keydb_hd_t keydb,
- cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig,
- char **ret_uid)
+_cdk_pk_check_sig(cdk_keydb_hd_t keydb,
+ cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig,
+ char **ret_uid)
{
- digest_hd_st md;
- int err;
- cdk_pubkey_t pk;
- cdk_pkt_signature_t sig;
- cdk_kbnode_t node;
- cdk_error_t rc = 0;
- int is_expired;
-
- if (!knode || !snode)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- if (is_selfsig)
- *is_selfsig = 0;
- if ((knode->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
- knode->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY) ||
- snode->pkt->pkttype != CDK_PKT_SIGNATURE)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- pk = knode->pkt->pkt.public_key;
- sig = snode->pkt->pkt.signature;
-
- err = _gnutls_hash_init (&md, mac_to_entry(sig->digest_algo));
- if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
-
- is_expired = 0;
- if (sig->sig_class == 0x20)
- { /* key revocation */
- cdk_kbnode_hash (knode, &md, 0, 0, 0);
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- }
- else if (sig->sig_class == 0x28)
- { /* subkey revocation */
- node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY);
- if (!node)
- { /* no subkey for subkey revocation packet */
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- goto fail;
- }
- cdk_kbnode_hash (knode, &md, 0, 0, 0);
- cdk_kbnode_hash (node, &md, 0, 0, 0);
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- }
- else if (sig->sig_class == 0x18 || sig->sig_class == 0x19)
- { /* primary/secondary key binding */
- node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY);
- if (!node)
- { /* no subkey for subkey binding packet */
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- goto fail;
- }
- cdk_kbnode_hash (knode, &md, 0, 0, 0);
- cdk_kbnode_hash (node, &md, 0, 0, 0);
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- }
- else if (sig->sig_class == 0x1F)
- { /* direct key signature */
- cdk_kbnode_hash (knode, &md, 0, 0, 0);
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- }
- else
- { /* all other classes */
- cdk_pkt_userid_t uid;
- node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_USER_ID);
- if (!node)
- { /* no user ID for key signature packet */
- gnutls_assert ();
- rc = CDK_Error_No_Key;
- goto fail;
- }
-
- uid = node->pkt->pkt.user_id;
- if (ret_uid)
- {
- *ret_uid = uid->name;
- }
- cdk_kbnode_hash (knode, &md, 0, 0, 0);
- cdk_kbnode_hash (node, &md, sig->version == 4, 0, 0);
-
- if (pk->keyid[0] == sig->keyid[0] && pk->keyid[1] == sig->keyid[1])
- {
- rc = _cdk_sig_check (pk, sig, &md, &is_expired);
- if (is_selfsig)
- *is_selfsig = 1;
- }
- else if (keydb != NULL)
- {
- cdk_pubkey_t sig_pk;
- rc = cdk_keydb_get_pk (keydb, sig->keyid, &sig_pk);
- if (!rc)
- rc = _cdk_sig_check (sig_pk, sig, &md, &is_expired);
- cdk_pk_release (sig_pk);
- }
- }
-fail:
- _gnutls_hash_deinit (&md, NULL);
- return rc;
+ digest_hd_st md;
+ int err;
+ cdk_pubkey_t pk;
+ cdk_pkt_signature_t sig;
+ cdk_kbnode_t node;
+ cdk_error_t rc = 0;
+ int is_expired;
+
+ if (!knode || !snode) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ if (is_selfsig)
+ *is_selfsig = 0;
+ if ((knode->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
+ knode->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY) ||
+ snode->pkt->pkttype != CDK_PKT_SIGNATURE) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ pk = knode->pkt->pkt.public_key;
+ sig = snode->pkt->pkt.signature;
+
+ err = _gnutls_hash_init(&md, mac_to_entry(sig->digest_algo));
+ if (err < 0) {
+ gnutls_assert();
+ return map_gnutls_error(err);
+ }
+
+ is_expired = 0;
+ if (sig->sig_class == 0x20) { /* key revocation */
+ cdk_kbnode_hash(knode, &md, 0, 0, 0);
+ rc = _cdk_sig_check(pk, sig, &md, &is_expired);
+ } else if (sig->sig_class == 0x28) { /* subkey revocation */
+ node =
+ cdk_kbnode_find_prev(knode, snode,
+ CDK_PKT_PUBLIC_SUBKEY);
+ if (!node) { /* no subkey for subkey revocation packet */
+ gnutls_assert();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
+ cdk_kbnode_hash(knode, &md, 0, 0, 0);
+ cdk_kbnode_hash(node, &md, 0, 0, 0);
+ rc = _cdk_sig_check(pk, sig, &md, &is_expired);
+ } else if (sig->sig_class == 0x18 || sig->sig_class == 0x19) { /* primary/secondary key binding */
+ node =
+ cdk_kbnode_find_prev(knode, snode,
+ CDK_PKT_PUBLIC_SUBKEY);
+ if (!node) { /* no subkey for subkey binding packet */
+ gnutls_assert();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
+ cdk_kbnode_hash(knode, &md, 0, 0, 0);
+ cdk_kbnode_hash(node, &md, 0, 0, 0);
+ rc = _cdk_sig_check(pk, sig, &md, &is_expired);
+ } else if (sig->sig_class == 0x1F) { /* direct key signature */
+ cdk_kbnode_hash(knode, &md, 0, 0, 0);
+ rc = _cdk_sig_check(pk, sig, &md, &is_expired);
+ } else { /* all other classes */
+ cdk_pkt_userid_t uid;
+ node = cdk_kbnode_find_prev(knode, snode, CDK_PKT_USER_ID);
+ if (!node) { /* no user ID for key signature packet */
+ gnutls_assert();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
+
+ uid = node->pkt->pkt.user_id;
+ if (ret_uid) {
+ *ret_uid = uid->name;
+ }
+ cdk_kbnode_hash(knode, &md, 0, 0, 0);
+ cdk_kbnode_hash(node, &md, sig->version == 4, 0, 0);
+
+ if (pk->keyid[0] == sig->keyid[0]
+ && pk->keyid[1] == sig->keyid[1]) {
+ rc = _cdk_sig_check(pk, sig, &md, &is_expired);
+ if (is_selfsig)
+ *is_selfsig = 1;
+ } else if (keydb != NULL) {
+ cdk_pubkey_t sig_pk;
+ rc = cdk_keydb_get_pk(keydb, sig->keyid, &sig_pk);
+ if (!rc)
+ rc = _cdk_sig_check(sig_pk, sig, &md,
+ &is_expired);
+ cdk_pk_release(sig_pk);
+ }
+ }
+ fail:
+ _gnutls_hash_deinit(&md, NULL);
+ return rc;
}
-struct verify_uid
-{
- const char *name;
- int nsigs;
- struct verify_uid *next;
+struct verify_uid {
+ const char *name;
+ int nsigs;
+ struct verify_uid *next;
};
static int
-uid_list_add_sig (struct verify_uid **list, const char *uid,
- unsigned int flag)
+uid_list_add_sig(struct verify_uid **list, const char *uid,
+ unsigned int flag)
{
- if (*list == NULL)
- {
- *list = cdk_calloc (1, sizeof (struct verify_uid));
- if (*list == NULL)
- return CDK_Out_Of_Core;
- (*list)->name = uid;
-
- if (flag != 0)
- (*list)->nsigs++;
- }
- else
- {
- struct verify_uid *p, *prev_p = NULL;
- int found = 0;
-
- p = *list;
-
- while (p != NULL)
- {
- if (strcmp (uid, p->name) == 0)
- {
- found = 1;
- break;
- }
- prev_p = p;
- p = p->next;
- }
-
- if (found == 0)
- { /* not found add to the last */
- prev_p->next = cdk_calloc (1, sizeof (struct verify_uid));
- if (prev_p->next == NULL)
- return CDK_Out_Of_Core;
- prev_p->next->name = uid;
- if (flag != 0)
- prev_p->next->nsigs++;
- }
- else
- { /* found... increase sigs */
- if (flag != 0)
- p->nsigs++;
- }
- }
-
- return CDK_Success;
+ if (*list == NULL) {
+ *list = cdk_calloc(1, sizeof(struct verify_uid));
+ if (*list == NULL)
+ return CDK_Out_Of_Core;
+ (*list)->name = uid;
+
+ if (flag != 0)
+ (*list)->nsigs++;
+ } else {
+ struct verify_uid *p, *prev_p = NULL;
+ int found = 0;
+
+ p = *list;
+
+ while (p != NULL) {
+ if (strcmp(uid, p->name) == 0) {
+ found = 1;
+ break;
+ }
+ prev_p = p;
+ p = p->next;
+ }
+
+ if (found == 0) { /* not found add to the last */
+ prev_p->next =
+ cdk_calloc(1, sizeof(struct verify_uid));
+ if (prev_p->next == NULL)
+ return CDK_Out_Of_Core;
+ prev_p->next->name = uid;
+ if (flag != 0)
+ prev_p->next->nsigs++;
+ } else { /* found... increase sigs */
+ if (flag != 0)
+ p->nsigs++;
+ }
+ }
+
+ return CDK_Success;
}
-static void
-uid_list_free (struct verify_uid *list)
+static void uid_list_free(struct verify_uid *list)
{
- struct verify_uid *p, *p1;
-
- p = list;
- while (p != NULL)
- {
- p1 = p->next;
- cdk_free (p);
- p = p1;
- }
+ struct verify_uid *p, *p1;
+
+ p = list;
+ while (p != NULL) {
+ p1 = p->next;
+ cdk_free(p);
+ p = p1;
+ }
}
/* returns non (0) if all UIDs in the list have at least one
* signature. If the list is empty or no signatures are present
* a (0) value is returned.
*/
-static int
-uid_list_all_signed (struct verify_uid *list)
+static int uid_list_all_signed(struct verify_uid *list)
{
- struct verify_uid *p;
-
- if (list == NULL)
- return 0;
-
- p = list;
- while (p != NULL)
- {
- if (p->nsigs == 0)
- {
- return 0;
- }
- p = p->next;
- }
- return 1; /* all signed */
+ struct verify_uid *p;
+
+ if (list == NULL)
+ return 0;
+
+ p = list;
+ while (p != NULL) {
+ if (p->nsigs == 0) {
+ return 0;
+ }
+ p = p->next;
+ }
+ return 1; /* all signed */
}
/**
@@ -493,91 +451,87 @@ uid_list_all_signed (struct verify_uid *list)
* which are or-ed or (0) when there are no flags.
**/
cdk_error_t
-cdk_pk_check_sigs (cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status)
+cdk_pk_check_sigs(cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status)
{
- cdk_pkt_signature_t sig;
- cdk_kbnode_t node;
- cdk_error_t rc;
- u32 keyid;
- int key_status, is_selfsig = 0;
- struct verify_uid *uid_list = NULL;
- char *uid_name = NULL;
-
- if (!key || !r_status)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- *r_status = 0;
- node = cdk_kbnode_find (key, CDK_PKT_PUBLIC_KEY);
- if (!node)
- {
- gnutls_assert ();
- return CDK_Error_No_Key;
- }
-
- key_status = 0;
- /* Continue with the signature check but adjust the
- key status flags accordingly. */
- if (node->pkt->pkt.public_key->is_revoked)
- key_status |= CDK_KEY_REVOKED;
- if (node->pkt->pkt.public_key->has_expired)
- key_status |= CDK_KEY_EXPIRED;
- rc = 0;
-
- keyid = cdk_pk_get_keyid (node->pkt->pkt.public_key, NULL);
- for (node = key; node; node = node->next)
- {
- if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
- continue;
- sig = node->pkt->pkt.signature;
- rc = _cdk_pk_check_sig (keydb, key, node, &is_selfsig, &uid_name);
-
- if (rc && rc != CDK_Error_No_Key)
- {
- /* It might be possible that a single signature has been
- corrupted, thus we do not consider it a problem when
- one ore more signatures are bad. But at least the self
- signature has to be valid. */
- if (is_selfsig)
- {
- key_status |= CDK_KEY_INVALID;
- break;
- }
- }
-
- _cdk_log_debug ("signature %s: signer %08X keyid %08X\n",
- rc == CDK_Bad_Sig ? "BAD" : "good",
- (unsigned int) sig->keyid[1], (unsigned int) keyid);
-
- if (IS_UID_SIG (sig) && uid_name != NULL)
- {
- /* add every uid in the uid list. Only consider valid:
- * - verification was ok
- * - not a selfsig
- */
- rc =
- uid_list_add_sig (&uid_list, uid_name,
- (rc == CDK_Success && is_selfsig == 0) ? 1 : 0);
- if (rc != CDK_Success)
- {
- gnutls_assert ();
- goto exit;
- }
- }
-
- }
-
- if (uid_list_all_signed (uid_list) == 0)
- key_status |= CDK_KEY_NOSIGNER;
- *r_status = key_status;
- if (rc == CDK_Error_No_Key)
- rc = 0;
-
-exit:
- uid_list_free (uid_list);
- return rc;
+ cdk_pkt_signature_t sig;
+ cdk_kbnode_t node;
+ cdk_error_t rc;
+ u32 keyid;
+ int key_status, is_selfsig = 0;
+ struct verify_uid *uid_list = NULL;
+ char *uid_name = NULL;
+
+ if (!key || !r_status) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ *r_status = 0;
+ node = cdk_kbnode_find(key, CDK_PKT_PUBLIC_KEY);
+ if (!node) {
+ gnutls_assert();
+ return CDK_Error_No_Key;
+ }
+
+ key_status = 0;
+ /* Continue with the signature check but adjust the
+ key status flags accordingly. */
+ if (node->pkt->pkt.public_key->is_revoked)
+ key_status |= CDK_KEY_REVOKED;
+ if (node->pkt->pkt.public_key->has_expired)
+ key_status |= CDK_KEY_EXPIRED;
+ rc = 0;
+
+ keyid = cdk_pk_get_keyid(node->pkt->pkt.public_key, NULL);
+ for (node = key; node; node = node->next) {
+ if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
+ continue;
+ sig = node->pkt->pkt.signature;
+ rc = _cdk_pk_check_sig(keydb, key, node, &is_selfsig,
+ &uid_name);
+
+ if (rc && rc != CDK_Error_No_Key) {
+ /* It might be possible that a single signature has been
+ corrupted, thus we do not consider it a problem when
+ one ore more signatures are bad. But at least the self
+ signature has to be valid. */
+ if (is_selfsig) {
+ key_status |= CDK_KEY_INVALID;
+ break;
+ }
+ }
+
+ _cdk_log_debug("signature %s: signer %08X keyid %08X\n",
+ rc == CDK_Bad_Sig ? "BAD" : "good",
+ (unsigned int) sig->keyid[1],
+ (unsigned int) keyid);
+
+ if (IS_UID_SIG(sig) && uid_name != NULL) {
+ /* add every uid in the uid list. Only consider valid:
+ * - verification was ok
+ * - not a selfsig
+ */
+ rc = uid_list_add_sig(&uid_list, uid_name,
+ (rc == CDK_Success
+ && is_selfsig ==
+ 0) ? 1 : 0);
+ if (rc != CDK_Success) {
+ gnutls_assert();
+ goto exit;
+ }
+ }
+
+ }
+
+ if (uid_list_all_signed(uid_list) == 0)
+ key_status |= CDK_KEY_NOSIGNER;
+ *r_status = key_status;
+ if (rc == CDK_Error_No_Key)
+ rc = 0;
+
+ exit:
+ uid_list_free(uid_list);
+ return rc;
}
@@ -589,64 +543,59 @@ exit:
* A convenient function to make sure the key is valid.
* Valid means the self signature is ok.
**/
-cdk_error_t
-cdk_pk_check_self_sig (cdk_kbnode_t key, int *r_status)
+cdk_error_t cdk_pk_check_self_sig(cdk_kbnode_t key, int *r_status)
{
- cdk_pkt_signature_t sig;
- cdk_kbnode_t node;
- cdk_error_t rc;
- u32 keyid[2], sigid[2];
- int is_selfsig, sig_ok;
- cdk_kbnode_t p, ctx = NULL;
- cdk_packet_t pkt;
-
- if (!key || !r_status)
- return CDK_Inv_Value;
-
- cdk_pk_get_keyid (key->pkt->pkt.public_key, keyid);
-
- while ((p = cdk_kbnode_walk (key, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY
- && pkt->pkttype != CDK_PKT_PUBLIC_KEY)
- continue;
-
- /* FIXME: we should set expire/revoke here also but callers
- expect CDK_KEY_VALID=0 if the key is okay. */
- sig_ok = 0;
- for (node = p; node; node = node->next)
- {
- if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
- continue;
- sig = node->pkt->pkt.signature;
-
- cdk_sig_get_keyid (sig, sigid);
- if (sigid[0] != keyid[0] || sigid[1] != keyid[1])
- continue;
- /* FIXME: Now we check all self signatures. */
- rc = _cdk_pk_check_sig (NULL, p, node, &is_selfsig, NULL);
- if (rc)
- {
- *r_status = CDK_KEY_INVALID;
- return rc;
- }
- else /* For each valid self sig we increase this counter. */
- sig_ok++;
- }
-
- /* A key without a self signature is not valid. At least one
- * signature for the given key has to be found.
- */
- if (!sig_ok)
- {
- *r_status = CDK_KEY_INVALID;
- return CDK_General_Error;
- }
- }
-
- /* No flags indicate a valid key. */
- *r_status = CDK_KEY_VALID;
-
- return 0;
+ cdk_pkt_signature_t sig;
+ cdk_kbnode_t node;
+ cdk_error_t rc;
+ u32 keyid[2], sigid[2];
+ int is_selfsig, sig_ok;
+ cdk_kbnode_t p, ctx = NULL;
+ cdk_packet_t pkt;
+
+ if (!key || !r_status)
+ return CDK_Inv_Value;
+
+ cdk_pk_get_keyid(key->pkt->pkt.public_key, keyid);
+
+ while ((p = cdk_kbnode_walk(key, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY
+ && pkt->pkttype != CDK_PKT_PUBLIC_KEY)
+ continue;
+
+ /* FIXME: we should set expire/revoke here also but callers
+ expect CDK_KEY_VALID=0 if the key is okay. */
+ sig_ok = 0;
+ for (node = p; node; node = node->next) {
+ if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
+ continue;
+ sig = node->pkt->pkt.signature;
+
+ cdk_sig_get_keyid(sig, sigid);
+ if (sigid[0] != keyid[0] || sigid[1] != keyid[1])
+ continue;
+ /* FIXME: Now we check all self signatures. */
+ rc = _cdk_pk_check_sig(NULL, p, node, &is_selfsig,
+ NULL);
+ if (rc) {
+ *r_status = CDK_KEY_INVALID;
+ return rc;
+ } else /* For each valid self sig we increase this counter. */
+ sig_ok++;
+ }
+
+ /* A key without a self signature is not valid. At least one
+ * signature for the given key has to be found.
+ */
+ if (!sig_ok) {
+ *r_status = CDK_KEY_INVALID;
+ return CDK_General_Error;
+ }
+ }
+
+ /* No flags indicate a valid key. */
+ *r_status = CDK_KEY_VALID;
+
+ return 0;
}
diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c
index 2756fbbb7a..18da0f35c9 100644
--- a/lib/opencdk/stream.c
+++ b/lib/opencdk/stream.c
@@ -42,11 +42,11 @@
/* This is the maximal amount of bytes we map. */
#define MAX_MAP_SIZE 16777216
-static cdk_error_t stream_flush (cdk_stream_t s);
-static cdk_error_t stream_filter_write (cdk_stream_t s);
-static int stream_cache_flush (cdk_stream_t s, FILE * fp);
-struct stream_filter_s *filter_add (cdk_stream_t s, filter_fnct_t fnc,
- int type);
+static cdk_error_t stream_flush(cdk_stream_t s);
+static cdk_error_t stream_filter_write(cdk_stream_t s);
+static int stream_cache_flush(cdk_stream_t s, FILE * fp);
+struct stream_filter_s *filter_add(cdk_stream_t s, filter_fnct_t fnc,
+ int type);
/* FIXME: The read/write/putc/getc function cannot directly
@@ -62,57 +62,51 @@ struct stream_filter_s *filter_add (cdk_stream_t s, filter_fnct_t fnc,
* Creates a new stream based on an existing file. The stream is
* opened in read-only mode.
**/
-cdk_error_t
-cdk_stream_open (const char *file, cdk_stream_t * ret_s)
+cdk_error_t cdk_stream_open(const char *file, cdk_stream_t * ret_s)
{
- return _cdk_stream_open_mode (file, "rb", ret_s);
+ return _cdk_stream_open_mode(file, "rb", ret_s);
}
/* Helper function to allow to open a stream in different modes. */
cdk_error_t
-_cdk_stream_open_mode (const char *file, const char *mode,
- cdk_stream_t * ret_s)
+_cdk_stream_open_mode(const char *file, const char *mode,
+ cdk_stream_t * ret_s)
{
- cdk_stream_t s;
-
- if (!file || !ret_s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ cdk_stream_t s;
+ if (!file || !ret_s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("open stream `%s'\n", file);
+ _gnutls_read_log("open stream `%s'\n", file);
#endif
- *ret_s = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- s->fname = cdk_strdup (file);
- if (!s->fname)
- {
- cdk_free (s);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- s->fp = fopen (file, mode);
- if (!s->fp)
- {
- cdk_free (s->fname);
- cdk_free (s);
- gnutls_assert ();
- return CDK_File_Error;
- }
+ *ret_s = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ s->fname = cdk_strdup(file);
+ if (!s->fname) {
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ s->fp = fopen(file, mode);
+ if (!s->fp) {
+ cdk_free(s->fname);
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_File_Error;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("open stream fd=%d\n", fileno (s->fp));
+ _gnutls_read_log("open stream fd=%d\n", fileno(s->fp));
#endif
- s->flags.write = 0;
- *ret_s = s;
- return 0;
+ s->flags.write = 0;
+ *ret_s = s;
+ return 0;
}
@@ -126,38 +120,36 @@ _cdk_stream_open_mode (const char *file, const char *mode,
* for the core operations (open, close, read, write, seek).
*/
cdk_error_t
-cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
- cdk_stream_t * ret_s)
+cdk_stream_new_from_cbs(cdk_stream_cbs_t cbs, void *opa,
+ cdk_stream_t * ret_s)
{
- cdk_stream_t s;
-
- if (!cbs || !opa || !ret_s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- *ret_s = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
-
- s->cbs.read = cbs->read;
- s->cbs.write = cbs->write;
- s->cbs.seek = cbs->seek;
- s->cbs.release = cbs->release;
- s->cbs.open = cbs->open;
- s->cbs_hd = opa;
- *ret_s = s;
-
- /* If there is a user callback for open, we need to call it
- here because read/write expects an open stream. */
- if (s->cbs.open)
- return s->cbs.open (s->cbs_hd);
- return 0;
+ cdk_stream_t s;
+
+ if (!cbs || !opa || !ret_s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ *ret_s = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+
+ s->cbs.read = cbs->read;
+ s->cbs.write = cbs->write;
+ s->cbs.seek = cbs->seek;
+ s->cbs.release = cbs->release;
+ s->cbs.open = cbs->open;
+ s->cbs_hd = opa;
+ *ret_s = s;
+
+ /* If there is a user callback for open, we need to call it
+ here because read/write expects an open stream. */
+ if (s->cbs.open)
+ return s->cbs.open(s->cbs_hd);
+ return 0;
}
@@ -168,53 +160,46 @@ cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
*
* Create a new stream into the given file.
**/
-cdk_error_t
-cdk_stream_new (const char *file, cdk_stream_t * ret_s)
+cdk_error_t cdk_stream_new(const char *file, cdk_stream_t * ret_s)
{
- cdk_stream_t s;
-
- if (!ret_s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ cdk_stream_t s;
+ if (!ret_s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("new stream `%s'\n", file ? file : "[temp]");
+ _gnutls_read_log("new stream `%s'\n", file ? file : "[temp]");
#endif
- *ret_s = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- s->flags.write = 1;
- if (!file)
- s->flags.temp = 1;
- else
- {
- s->fname = cdk_strdup (file);
- if (!s->fname)
- {
- cdk_free (s);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- }
- s->fp = _cdk_tmpfile ();
- if (!s->fp)
- {
- cdk_free (s->fname);
- cdk_free (s);
- gnutls_assert ();
- return CDK_File_Error;
- }
+ *ret_s = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ s->flags.write = 1;
+ if (!file)
+ s->flags.temp = 1;
+ else {
+ s->fname = cdk_strdup(file);
+ if (!s->fname) {
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ }
+ s->fp = _cdk_tmpfile();
+ if (!s->fp) {
+ cdk_free(s->fname);
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_File_Error;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("new stream fd=%d\n", fileno (s->fp));
+ _gnutls_read_log("new stream fd=%d\n", fileno(s->fp));
#endif
- *ret_s = s;
- return 0;
+ *ret_s = s;
+ return 0;
}
/**
@@ -226,49 +211,43 @@ cdk_stream_new (const char *file, cdk_stream_t * ret_s)
* The difference to cdk_stream_new is, that no filtering can be used with
* this kind of stream and everything is written directly to the stream.
**/
-cdk_error_t
-cdk_stream_create (const char *file, cdk_stream_t * ret_s)
+cdk_error_t cdk_stream_create(const char *file, cdk_stream_t * ret_s)
{
- cdk_stream_t s;
-
- if (!file || !ret_s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ cdk_stream_t s;
+ if (!file || !ret_s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("create stream `%s'\n", file);
+ _gnutls_read_log("create stream `%s'\n", file);
#endif
- *ret_s = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- s->flags.write = 1;
- s->flags.filtrated = 1;
- s->fname = cdk_strdup (file);
- if (!s->fname)
- {
- cdk_free (s);
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- s->fp = fopen (file, "w+b");
- if (!s->fp)
- {
- cdk_free (s->fname);
- cdk_free (s);
- gnutls_assert ();
- return CDK_File_Error;
- }
+ *ret_s = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ s->flags.write = 1;
+ s->flags.filtrated = 1;
+ s->fname = cdk_strdup(file);
+ if (!s->fname) {
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ s->fp = fopen(file, "w+b");
+ if (!s->fp) {
+ cdk_free(s->fname);
+ cdk_free(s);
+ gnutls_assert();
+ return CDK_File_Error;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream create fd=%d\n", fileno (s->fp));
+ _gnutls_read_log("stream create fd=%d\n", fileno(s->fp));
#endif
- *ret_s = s;
- return 0;
+ *ret_s = s;
+ return 0;
}
@@ -278,10 +257,9 @@ cdk_stream_create (const char *file, cdk_stream_t * ret_s)
*
* Allocates a new tempory stream which is not associated with a file.
*/
-cdk_error_t
-cdk_stream_tmp_new (cdk_stream_t * r_out)
+cdk_error_t cdk_stream_tmp_new(cdk_stream_t * r_out)
{
- return cdk_stream_new (NULL, r_out);
+ return cdk_stream_new(NULL, r_out);
}
@@ -295,83 +273,77 @@ cdk_stream_tmp_new (cdk_stream_t * r_out)
* Creates a new tempory stream with the given contests.
*/
cdk_error_t
-cdk_stream_tmp_from_mem (const void *buf, size_t buflen, cdk_stream_t * r_out)
+cdk_stream_tmp_from_mem(const void *buf, size_t buflen,
+ cdk_stream_t * r_out)
{
- cdk_stream_t s;
- cdk_error_t rc;
- int nwritten;
-
- *r_out = NULL;
- rc = cdk_stream_tmp_new (&s);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- nwritten = cdk_stream_write (s, buf, buflen);
- if (nwritten == EOF)
- {
- cdk_stream_close (s);
- gnutls_assert ();
- return s->error;
- }
- cdk_stream_seek (s, 0);
- *r_out = s;
- return 0;
+ cdk_stream_t s;
+ cdk_error_t rc;
+ int nwritten;
+
+ *r_out = NULL;
+ rc = cdk_stream_tmp_new(&s);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ nwritten = cdk_stream_write(s, buf, buflen);
+ if (nwritten == EOF) {
+ cdk_stream_close(s);
+ gnutls_assert();
+ return s->error;
+ }
+ cdk_stream_seek(s, 0);
+ *r_out = s;
+ return 0;
}
cdk_error_t
-_cdk_stream_fpopen (FILE * fp, unsigned write_mode, cdk_stream_t * ret_out)
+_cdk_stream_fpopen(FILE * fp, unsigned write_mode, cdk_stream_t * ret_out)
{
- cdk_stream_t s;
-
- *ret_out = NULL;
- s = cdk_calloc (1, sizeof *s);
- if (!s)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
-
+ cdk_stream_t s;
+
+ *ret_out = NULL;
+ s = cdk_calloc(1, sizeof *s);
+ if (!s) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream ref fd=%d\n", fileno (fp));
+ _gnutls_read_log("stream ref fd=%d\n", fileno(fp));
#endif
- s->fp = fp;
- s->fp_ref = 1;
- s->flags.filtrated = 1;
- s->flags.write = write_mode;
+ s->fp = fp;
+ s->fp_ref = 1;
+ s->flags.filtrated = 1;
+ s->flags.write = write_mode;
- *ret_out = s;
- return 0;
+ *ret_out = s;
+ return 0;
}
-cdk_error_t
-_cdk_stream_append (const char *file, cdk_stream_t * ret_s)
+cdk_error_t _cdk_stream_append(const char *file, cdk_stream_t * ret_s)
{
- cdk_stream_t s;
- cdk_error_t rc;
-
- if (!ret_s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- *ret_s = NULL;
-
- rc = _cdk_stream_open_mode (file, "a+b", &s);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
-
- /* In the append mode, we need to write to the flag. */
- s->flags.write = 1;
- *ret_s = s;
- return 0;
+ cdk_stream_t s;
+ cdk_error_t rc;
+
+ if (!ret_s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ *ret_s = NULL;
+
+ rc = _cdk_stream_open_mode(file, "a+b", &s);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+
+ /* In the append mode, we need to write to the flag. */
+ s->flags.write = 1;
+ *ret_s = s;
+ return 0;
}
/**
@@ -383,68 +355,61 @@ _cdk_stream_append (const char *file, cdk_stream_t * ret_s)
* Returns: 0 if the stream is uncompressed, otherwise the compression
* algorithm.
*/
-int
-cdk_stream_is_compressed (cdk_stream_t s)
+int cdk_stream_is_compressed(cdk_stream_t s)
{
- if (!s)
- return 0;
- return s->flags.compressed;
+ if (!s)
+ return 0;
+ return s->flags.compressed;
}
-void
-_cdk_stream_set_compress_algo (cdk_stream_t s, int algo)
+void _cdk_stream_set_compress_algo(cdk_stream_t s, int algo)
{
- if (!s)
- return;
- s->flags.compressed = algo;
+ if (!s)
+ return;
+ s->flags.compressed = algo;
}
-cdk_error_t
-cdk_stream_flush (cdk_stream_t s)
+cdk_error_t cdk_stream_flush(cdk_stream_t s)
{
- cdk_error_t rc;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- /* The user callback does not support flush */
- if (s->cbs_hd)
- return 0;
-
- /* For read-only streams, no flush is needed. */
- if (!s->flags.write)
- return 0;
-
- if (!s->flags.filtrated)
- {
- if (!cdk_stream_get_length (s))
- return 0;
- rc = cdk_stream_seek (s, 0);
- if (!rc)
- rc = stream_flush (s);
- if (!rc)
- rc = stream_filter_write (s);
- s->flags.filtrated = 1;
- if (rc)
- {
- s->error = rc;
- gnutls_assert ();
- return rc;
- }
- }
- return 0;
+ cdk_error_t rc;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ /* The user callback does not support flush */
+ if (s->cbs_hd)
+ return 0;
+
+ /* For read-only streams, no flush is needed. */
+ if (!s->flags.write)
+ return 0;
+
+ if (!s->flags.filtrated) {
+ if (!cdk_stream_get_length(s))
+ return 0;
+ rc = cdk_stream_seek(s, 0);
+ if (!rc)
+ rc = stream_flush(s);
+ if (!rc)
+ rc = stream_filter_write(s);
+ s->flags.filtrated = 1;
+ if (rc) {
+ s->error = rc;
+ gnutls_assert();
+ return rc;
+ }
+ }
+ return 0;
}
-void
-cdk_stream_tmp_set_mode (cdk_stream_t s, int val)
+void cdk_stream_tmp_set_mode(cdk_stream_t s, int val)
{
- if (s && s->flags.temp)
- s->fmode = val;
+ if (s && s->flags.temp)
+ s->fmode = val;
}
@@ -459,80 +424,73 @@ cdk_stream_tmp_set_mode (cdk_stream_t s, int val)
* all registered filters now. The file is closed in the filter
* function and not here.
**/
-cdk_error_t
-cdk_stream_close (cdk_stream_t s)
+cdk_error_t cdk_stream_close(cdk_stream_t s)
{
- struct stream_filter_s *f, *f2;
- cdk_error_t rc;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
+ struct stream_filter_s *f, *f2;
+ cdk_error_t rc;
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("close stream ref=%d `%s'\n",
- s->fp_ref, s->fname ? s->fname : "[temp]");
+ _gnutls_read_log("close stream ref=%d `%s'\n",
+ s->fp_ref, s->fname ? s->fname : "[temp]");
#endif
- /* In the user callback mode, we call the release cb if possible
- and just free the stream. */
- if (s->cbs_hd)
- {
- if (s->cbs.release)
- rc = s->cbs.release (s->cbs_hd);
- else
- rc = 0;
- cdk_free (s);
- gnutls_assert ();
- return rc;
- }
-
-
- rc = 0;
- if (!s->flags.filtrated && !s->error)
- rc = cdk_stream_flush (s);
- if (!s->fp_ref && (s->fname || s->flags.temp))
- {
- int err;
+ /* In the user callback mode, we call the release cb if possible
+ and just free the stream. */
+ if (s->cbs_hd) {
+ if (s->cbs.release)
+ rc = s->cbs.release(s->cbs_hd);
+ else
+ rc = 0;
+ cdk_free(s);
+ gnutls_assert();
+ return rc;
+ }
+
+
+ rc = 0;
+ if (!s->flags.filtrated && !s->error)
+ rc = cdk_stream_flush(s);
+ if (!s->fp_ref && (s->fname || s->flags.temp)) {
+ int err;
#ifdef DEBUG_STREAM
- _gnutls_read_log ("close stream fd=%d\n", fileno (s->fp));
+ _gnutls_read_log("close stream fd=%d\n", fileno(s->fp));
#endif
- err = fclose (s->fp);
- s->fp = NULL;
- if (err)
- rc = CDK_File_Error;
- }
-
- /* Iterate over the filter list and use the cleanup flag to
- free the allocated internal structures. */
- f = s->filters;
- while (f)
- {
- f2 = f->next;
- if (f->fnct)
- f->fnct (f->uint8_t, STREAMCTL_FREE, NULL, NULL);
- cdk_free (f);
- f = f2;
- }
-
- if (s->fname)
- {
- cdk_free (s->fname);
- s->fname = NULL;
- }
-
- cdk_free (s->cache.buf);
- s->cache.alloced = 0;
-
- cdk_free (s);
-
- if (rc)
- gnutls_assert ();
-
- return rc;
+ err = fclose(s->fp);
+ s->fp = NULL;
+ if (err)
+ rc = CDK_File_Error;
+ }
+
+ /* Iterate over the filter list and use the cleanup flag to
+ free the allocated internal structures. */
+ f = s->filters;
+ while (f) {
+ f2 = f->next;
+ if (f->fnct)
+ f->fnct(f->uint8_t, STREAMCTL_FREE, NULL, NULL);
+ cdk_free(f);
+ f = f2;
+ }
+
+ if (s->fname) {
+ cdk_free(s->fname);
+ s->fname = NULL;
+ }
+
+ cdk_free(s->cache.buf);
+ s->cache.alloced = 0;
+
+ cdk_free(s);
+
+ if (rc)
+ gnutls_assert();
+
+ return rc;
}
@@ -543,37 +501,33 @@ cdk_stream_close (cdk_stream_t s)
* Return if the associated file handle was set to EOF. This
* function will only work with read streams.
**/
-int
-cdk_stream_eof (cdk_stream_t s)
+int cdk_stream_eof(cdk_stream_t s)
{
- return s ? s->flags.eof : -1;
+ return s ? s->flags.eof : -1;
}
-const char *
-_cdk_stream_get_fname (cdk_stream_t s)
+const char *_cdk_stream_get_fname(cdk_stream_t s)
{
- if (!s)
- return NULL;
- if (s->flags.temp)
- return NULL;
- return s->fname ? s->fname : NULL;
+ if (!s)
+ return NULL;
+ if (s->flags.temp)
+ return NULL;
+ return s->fname ? s->fname : NULL;
}
/* Return the underlying FP of the stream.
WARNING: This handle should not be closed. */
-FILE *
-_cdk_stream_get_fp (cdk_stream_t s)
+FILE *_cdk_stream_get_fp(cdk_stream_t s)
{
- return s ? s->fp : NULL;
+ return s ? s->fp : NULL;
}
-int
-_cdk_stream_get_errno (cdk_stream_t s)
+int _cdk_stream_get_errno(cdk_stream_t s)
{
- return s ? s->error : CDK_Inv_Value;
+ return s ? s->error : CDK_Inv_Value;
}
@@ -585,153 +539,142 @@ _cdk_stream_get_errno (cdk_stream_t s)
* should work for both read and write streams. For write streams an
* additional flush is used to write possible pending data.
**/
-off_t
-cdk_stream_get_length (cdk_stream_t s)
+off_t cdk_stream_get_length(cdk_stream_t s)
{
- struct stat statbuf;
- cdk_error_t rc;
-
- if (!s)
- {
- gnutls_assert ();
- return (off_t) - 1;
- }
-
- /* The user callback does not support stat. */
- if (s->cbs_hd)
- return 0;
-
- rc = stream_flush (s);
- if (rc)
- {
- s->error = rc;
- gnutls_assert ();
- return (off_t) - 1;
- }
-
- if (fstat (fileno (s->fp), &statbuf))
- {
- s->error = CDK_File_Error;
- gnutls_assert ();
- return (off_t) - 1;
- }
-
- return statbuf.st_size;
+ struct stat statbuf;
+ cdk_error_t rc;
+
+ if (!s) {
+ gnutls_assert();
+ return (off_t) - 1;
+ }
+
+ /* The user callback does not support stat. */
+ if (s->cbs_hd)
+ return 0;
+
+ rc = stream_flush(s);
+ if (rc) {
+ s->error = rc;
+ gnutls_assert();
+ return (off_t) - 1;
+ }
+
+ if (fstat(fileno(s->fp), &statbuf)) {
+ s->error = CDK_File_Error;
+ gnutls_assert();
+ return (off_t) - 1;
+ }
+
+ return statbuf.st_size;
}
-static struct stream_filter_s *
-filter_add2 (cdk_stream_t s)
+static struct stream_filter_s *filter_add2(cdk_stream_t s)
{
- struct stream_filter_s *f;
+ struct stream_filter_s *f;
- assert (s);
+ assert(s);
- f = cdk_calloc (1, sizeof *f);
- if (!f)
- return NULL;
- f->next = s->filters;
- s->filters = f;
- return f;
+ f = cdk_calloc(1, sizeof *f);
+ if (!f)
+ return NULL;
+ f->next = s->filters;
+ s->filters = f;
+ return f;
}
-static struct stream_filter_s *
-filter_search (cdk_stream_t s, filter_fnct_t fnc)
+static struct stream_filter_s *filter_search(cdk_stream_t s,
+ filter_fnct_t fnc)
{
- struct stream_filter_s *f;
+ struct stream_filter_s *f;
- assert (s);
+ assert(s);
- for (f = s->filters; f; f = f->next)
- {
- if (f->fnct == fnc)
- return f;
- }
+ for (f = s->filters; f; f = f->next) {
+ if (f->fnct == fnc)
+ return f;
+ }
- return NULL;
+ return NULL;
}
-static inline void
-set_uint8_t (struct stream_filter_s *f)
+static inline void set_uint8_t(struct stream_filter_s *f)
{
- switch (f->type)
- {
- case fARMOR:
- f->uint8_t = &f->u.afx;
- break;
- case fCIPHER:
- f->uint8_t = &f->u.cfx;
- break;
- case fLITERAL:
- f->uint8_t = &f->u.pfx;
- break;
- case fCOMPRESS:
- f->uint8_t = &f->u.zfx;
- break;
- case fHASH:
- f->uint8_t = &f->u.mfx;
- break;
- case fTEXT:
- f->uint8_t = &f->u.tfx;
- break;
- default:
- f->uint8_t = NULL;
- }
+ switch (f->type) {
+ case fARMOR:
+ f->uint8_t = &f->u.afx;
+ break;
+ case fCIPHER:
+ f->uint8_t = &f->u.cfx;
+ break;
+ case fLITERAL:
+ f->uint8_t = &f->u.pfx;
+ break;
+ case fCOMPRESS:
+ f->uint8_t = &f->u.zfx;
+ break;
+ case fHASH:
+ f->uint8_t = &f->u.mfx;
+ break;
+ case fTEXT:
+ f->uint8_t = &f->u.tfx;
+ break;
+ default:
+ f->uint8_t = NULL;
+ }
}
-struct stream_filter_s *
-filter_add (cdk_stream_t s, filter_fnct_t fnc, int type)
+struct stream_filter_s *filter_add(cdk_stream_t s, filter_fnct_t fnc,
+ int type)
{
- struct stream_filter_s *f;
+ struct stream_filter_s *f;
- assert (s);
+ assert(s);
- s->flags.filtrated = 0;
- f = filter_search (s, fnc);
- if (f)
- return f;
- f = filter_add2 (s);
- if (!f)
- return NULL;
- f->fnct = fnc;
- f->flags.enabled = 1;
- f->tmp = NULL;
- f->type = type;
+ s->flags.filtrated = 0;
+ f = filter_search(s, fnc);
+ if (f)
+ return f;
+ f = filter_add2(s);
+ if (!f)
+ return NULL;
+ f->fnct = fnc;
+ f->flags.enabled = 1;
+ f->tmp = NULL;
+ f->type = type;
- set_uint8_t (f);
+ set_uint8_t(f);
- return f;
+ return f;
}
-static int
-stream_get_mode (cdk_stream_t s)
+static int stream_get_mode(cdk_stream_t s)
{
- assert (s);
+ assert(s);
- if (s->flags.temp)
- return s->fmode;
- return s->flags.write;
+ if (s->flags.temp)
+ return s->fmode;
+ return s->flags.write;
}
-static filter_fnct_t
-stream_id_to_filter (int type)
+static filter_fnct_t stream_id_to_filter(int type)
{
- switch (type)
- {
- case fARMOR:
- return _cdk_filter_armor;
- case fLITERAL:
- return _cdk_filter_literal;
- case fTEXT:
- return _cdk_filter_text;
+ switch (type) {
+ case fARMOR:
+ return _cdk_filter_armor;
+ case fLITERAL:
+ return _cdk_filter_literal;
+ case fTEXT:
+ return _cdk_filter_text;
/* case fCIPHER : return _cdk_filter_cipher; */
/* case fCOMPRESS: return _cdk_filter_compress; */
- default:
- return NULL;
- }
+ default:
+ return NULL;
+ }
}
@@ -742,119 +685,111 @@ stream_id_to_filter (int type)
*
* Disables the filter with the type 'type'.
**/
-cdk_error_t
-cdk_stream_filter_disable (cdk_stream_t s, int type)
+cdk_error_t cdk_stream_filter_disable(cdk_stream_t s, int type)
{
- struct stream_filter_s *f;
- filter_fnct_t fnc;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- fnc = stream_id_to_filter (type);
- if (!fnc)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- f = filter_search (s, fnc);
- if (f)
- f->flags.enabled = 0;
- return 0;
+ struct stream_filter_s *f;
+ filter_fnct_t fnc;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ fnc = stream_id_to_filter(type);
+ if (!fnc) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ f = filter_search(s, fnc);
+ if (f)
+ f->flags.enabled = 0;
+ return 0;
}
/* WARNING: tmp should not be closed by the caller. */
-static cdk_error_t
-stream_fp_replace (cdk_stream_t s, FILE ** tmp)
+static cdk_error_t stream_fp_replace(cdk_stream_t s, FILE ** tmp)
{
- int rc;
+ int rc;
- assert (s);
+ assert(s);
#ifdef DEBUG_STREAM
- _gnutls_read_log ("replace stream fd=%d with fd=%d\n",
- fileno (s->fp), fileno (*tmp));
+ _gnutls_read_log("replace stream fd=%d with fd=%d\n",
+ fileno(s->fp), fileno(*tmp));
#endif
- rc = fclose (s->fp);
- if (rc)
- {
- s->fp = NULL;
- gnutls_assert ();
- return CDK_File_Error;
- }
- s->fp = *tmp;
- *tmp = NULL;
- return 0;
+ rc = fclose(s->fp);
+ if (rc) {
+ s->fp = NULL;
+ gnutls_assert();
+ return CDK_File_Error;
+ }
+ s->fp = *tmp;
+ *tmp = NULL;
+ return 0;
}
/* This function is exactly like filter_read, except the fact that we can't
use tmpfile () all the time. That's why we open the real file when there
is no last filter. */
-static cdk_error_t
-stream_filter_write (cdk_stream_t s)
+static cdk_error_t stream_filter_write(cdk_stream_t s)
{
- struct stream_filter_s *f;
- cdk_error_t rc = 0;
-
- assert (s);
-
- if (s->flags.filtrated)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- for (f = s->filters; f; f = f->next)
- {
- if (!f->flags.enabled)
- continue;
- /* if there is no next filter, create the final output file */
+ struct stream_filter_s *f;
+ cdk_error_t rc = 0;
+
+ assert(s);
+
+ if (s->flags.filtrated) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ for (f = s->filters; f; f = f->next) {
+ if (!f->flags.enabled)
+ continue;
+ /* if there is no next filter, create the final output file */
#ifdef DEBUG_STREAM
- _gnutls_read_log ("filter [write]: last filter=%d fname=%s\n",
- f->next ? 1 : 0, s->fname);
+ _gnutls_read_log
+ ("filter [write]: last filter=%d fname=%s\n",
+ f->next ? 1 : 0, s->fname);
#endif
- if (!f->next && s->fname)
- f->tmp = fopen (s->fname, "w+b");
- else
- f->tmp = _cdk_tmpfile ();
- if (!f->tmp)
- {
- rc = CDK_File_Error;
- break;
- }
- /* If there is no next filter, flush the cache. We also do this
- when the next filter is the armor filter because this filter
- is special and before it starts, all data should be written. */
- if ((!f->next || f->next->type == fARMOR) && s->cache.size)
- {
- rc = stream_cache_flush (s, f->tmp);
- if (rc)
- break;
- }
- rc = f->fnct (f->uint8_t, f->ctl, s->fp, f->tmp);
+ if (!f->next && s->fname)
+ f->tmp = fopen(s->fname, "w+b");
+ else
+ f->tmp = _cdk_tmpfile();
+ if (!f->tmp) {
+ rc = CDK_File_Error;
+ break;
+ }
+ /* If there is no next filter, flush the cache. We also do this
+ when the next filter is the armor filter because this filter
+ is special and before it starts, all data should be written. */
+ if ((!f->next || f->next->type == fARMOR) && s->cache.size) {
+ rc = stream_cache_flush(s, f->tmp);
+ if (rc)
+ break;
+ }
+ rc = f->fnct(f->uint8_t, f->ctl, s->fp, f->tmp);
#ifdef DEBUG_STREAM
- _gnutls_read_log ("filter [write]: type=%d rc=%d\n", f->type, rc);
+ _gnutls_read_log("filter [write]: type=%d rc=%d\n",
+ f->type, rc);
#endif
- if (!rc)
- rc = stream_fp_replace (s, &f->tmp);
- if (!rc)
- rc = cdk_stream_seek (s, 0);
- if (rc)
- {
+ if (!rc)
+ rc = stream_fp_replace(s, &f->tmp);
+ if (!rc)
+ rc = cdk_stream_seek(s, 0);
+ if (rc) {
#ifdef DEBUG_STREAM
- _gnutls_read_log ("filter [close]: fd=%d\n", fileno (f->tmp));
+ _gnutls_read_log("filter [close]: fd=%d\n",
+ fileno(f->tmp));
#endif
- fclose (f->tmp);
- f->tmp = NULL;
- break;
- }
- }
- return rc;
+ fclose(f->tmp);
+ f->tmp = NULL;
+ break;
+ }
+ }
+ return rc;
}
@@ -863,90 +798,82 @@ stream_filter_write (cdk_stream_t s)
Create a tempfile and use it for the output of the filter. Then the
original file handle will be closed and replace with the temp handle.
The file pointer will be set to the begin and the game starts again. */
-static cdk_error_t
-stream_filter_read (cdk_stream_t s)
+static cdk_error_t stream_filter_read(cdk_stream_t s)
{
- struct stream_filter_s *f;
- cdk_error_t rc = 0;
+ struct stream_filter_s *f;
+ cdk_error_t rc = 0;
- assert (s);
+ assert(s);
- if (s->flags.filtrated)
- return 0;
+ if (s->flags.filtrated)
+ return 0;
- for (f = s->filters; f; f = f->next)
- {
- if (!f->flags.enabled)
- continue;
- if (f->flags.error)
- {
+ for (f = s->filters; f; f = f->next) {
+ if (!f->flags.enabled)
+ continue;
+ if (f->flags.error) {
#ifdef DEBUG_STREAM
- _gnutls_read_log ("filter %s [read]: has the error flag; skipped\n",
- s->fname ? s->fname : "[temp]");
+ _gnutls_read_log
+ ("filter %s [read]: has the error flag; skipped\n",
+ s->fname ? s->fname : "[temp]");
#endif
- continue;
- }
-
- f->tmp = _cdk_tmpfile ();
- if (!f->tmp)
- {
- rc = CDK_File_Error;
- break;
- }
- rc = f->fnct (f->uint8_t, f->ctl, s->fp, f->tmp);
+ continue;
+ }
+
+ f->tmp = _cdk_tmpfile();
+ if (!f->tmp) {
+ rc = CDK_File_Error;
+ break;
+ }
+ rc = f->fnct(f->uint8_t, f->ctl, s->fp, f->tmp);
#ifdef DEBUG_STREAM
- _gnutls_read_log ("filter %s [read]: type=%d rc=%d\n",
- s->fname ? s->fname : "[temp]", f->type, rc);
+ _gnutls_read_log("filter %s [read]: type=%d rc=%d\n",
+ s->fname ? s->fname : "[temp]", f->type,
+ rc);
#endif
- if (rc)
- {
- f->flags.error = 1;
- break;
- }
-
- f->flags.error = 0;
- /* If the filter is read-only, do not replace the FP because
- the contents were not altered in any way. */
- if (!f->flags.rdonly)
- {
- rc = stream_fp_replace (s, &f->tmp);
- if (rc)
- break;
- }
- else
- {
- fclose (f->tmp);
- f->tmp = NULL;
- }
- rc = cdk_stream_seek (s, 0);
- if (rc)
- break;
- /* Disable the filter after it was successfully used. The idea
- is the following: let's say the armor filter was pushed and
- later more filters were added. The second time the filter code
- will be executed, only the new filter should be started but
- not the old because we already used it. */
- f->flags.enabled = 0;
- }
-
- return rc;
+ if (rc) {
+ f->flags.error = 1;
+ break;
+ }
+
+ f->flags.error = 0;
+ /* If the filter is read-only, do not replace the FP because
+ the contents were not altered in any way. */
+ if (!f->flags.rdonly) {
+ rc = stream_fp_replace(s, &f->tmp);
+ if (rc)
+ break;
+ } else {
+ fclose(f->tmp);
+ f->tmp = NULL;
+ }
+ rc = cdk_stream_seek(s, 0);
+ if (rc)
+ break;
+ /* Disable the filter after it was successfully used. The idea
+ is the following: let's say the armor filter was pushed and
+ later more filters were added. The second time the filter code
+ will be executed, only the new filter should be started but
+ not the old because we already used it. */
+ f->flags.enabled = 0;
+ }
+
+ return rc;
}
-void *
-_cdk_stream_get_uint8_t (cdk_stream_t s, int fid)
+void *_cdk_stream_get_uint8_t(cdk_stream_t s, int fid)
{
- struct stream_filter_s *f;
+ struct stream_filter_s *f;
- if (!s)
- return NULL;
+ if (!s)
+ return NULL;
- for (f = s->filters; f; f = f->next)
- {
- if ((int) f->type == fid)
- return f->uint8_t;
- }
- return NULL;
+ for (f = s->filters; f; f = f->next) {
+ if ((int) f->type == fid)
+ return f->uint8_t;
+ }
+ return NULL;
}
@@ -961,81 +888,71 @@ _cdk_stream_get_uint8_t (cdk_stream_t s, int fid)
* because all filters need to be processed. Please remember that you
* need to add the filters in reserved order.
**/
-int
-cdk_stream_read (cdk_stream_t s, void *buf, size_t buflen)
+int cdk_stream_read(cdk_stream_t s, void *buf, size_t buflen)
{
- int nread;
- int rc;
-
- if (!s)
- {
- gnutls_assert ();
- return EOF;
- }
-
- if (s->cbs_hd)
- {
- if (s->cbs.read)
- return s->cbs.read (s->cbs_hd, buf, buflen);
- return 0;
- }
-
- if (s->flags.write && !s->flags.temp)
- {
- s->error = CDK_Inv_Mode;
- gnutls_assert ();
- return EOF; /* This is a write stream */
- }
-
- if (!s->flags.no_filter && !s->cache.on && !s->flags.filtrated)
- {
- rc = stream_filter_read (s);
- if (rc)
- {
- s->error = rc;
- if (s->fp && feof (s->fp))
- s->flags.eof = 1;
- gnutls_assert ();
- return EOF;
- }
- s->flags.filtrated = 1;
- }
-
- if (!buf && !buflen)
- return 0;
-
- nread = fread (buf, 1, buflen, s->fp);
- if (!nread)
- nread = EOF;
-
- if (feof (s->fp))
- {
- s->error = 0;
- s->flags.eof = 1;
- }
- return nread;
+ int nread;
+ int rc;
+
+ if (!s) {
+ gnutls_assert();
+ return EOF;
+ }
+
+ if (s->cbs_hd) {
+ if (s->cbs.read)
+ return s->cbs.read(s->cbs_hd, buf, buflen);
+ return 0;
+ }
+
+ if (s->flags.write && !s->flags.temp) {
+ s->error = CDK_Inv_Mode;
+ gnutls_assert();
+ return EOF; /* This is a write stream */
+ }
+
+ if (!s->flags.no_filter && !s->cache.on && !s->flags.filtrated) {
+ rc = stream_filter_read(s);
+ if (rc) {
+ s->error = rc;
+ if (s->fp && feof(s->fp))
+ s->flags.eof = 1;
+ gnutls_assert();
+ return EOF;
+ }
+ s->flags.filtrated = 1;
+ }
+
+ if (!buf && !buflen)
+ return 0;
+
+ nread = fread(buf, 1, buflen, s->fp);
+ if (!nread)
+ nread = EOF;
+
+ if (feof(s->fp)) {
+ s->error = 0;
+ s->flags.eof = 1;
+ }
+ return nread;
}
-int
-cdk_stream_getc (cdk_stream_t s)
+int cdk_stream_getc(cdk_stream_t s)
{
- unsigned char buf[2];
- int nread;
-
- if (!s)
- {
- gnutls_assert ();
- return EOF;
- }
- nread = cdk_stream_read (s, buf, 1);
- if (nread == EOF)
- {
- s->error = CDK_File_Error;
- gnutls_assert ();
- return EOF;
- }
- return buf[0];
+ unsigned char buf[2];
+ int nread;
+
+ if (!s) {
+ gnutls_assert();
+ return EOF;
+ }
+ nread = cdk_stream_read(s, buf, 1);
+ if (nread == EOF) {
+ s->error = CDK_File_Error;
+ gnutls_assert();
+ return EOF;
+ }
+ return buf[0];
}
@@ -1050,143 +967,133 @@ cdk_stream_getc (cdk_stream_t s)
* use the filters here because it would mean they have to support
* partial flushing.
**/
-int
-cdk_stream_write (cdk_stream_t s, const void *buf, size_t count)
+int cdk_stream_write(cdk_stream_t s, const void *buf, size_t count)
{
- int nwritten;
-
- if (!s)
- {
- gnutls_assert ();
- return EOF;
- }
-
- if (s->cbs_hd)
- {
- if (s->cbs.write)
- return s->cbs.write (s->cbs_hd, buf, count);
- return 0;
- }
-
- if (!s->flags.write)
- {
- s->error = CDK_Inv_Mode; /* this is a read stream */
- gnutls_assert ();
- return EOF;
- }
-
- if (!buf || !count)
- return stream_flush (s);
-
- if (s->cache.on)
- {
+ int nwritten;
+
+ if (!s) {
+ gnutls_assert();
+ return EOF;
+ }
+
+ if (s->cbs_hd) {
+ if (s->cbs.write)
+ return s->cbs.write(s->cbs_hd, buf, count);
+ return 0;
+ }
+
+ if (!s->flags.write) {
+ s->error = CDK_Inv_Mode; /* this is a read stream */
+ gnutls_assert();
+ return EOF;
+ }
+
+ if (!buf || !count)
+ return stream_flush(s);
+
+ if (s->cache.on) {
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream[ref=%u]: written %d bytes\n", s->fp_ref, (int) count);
+ _gnutls_read_log("stream[ref=%u]: written %d bytes\n",
+ s->fp_ref, (int) count);
#endif
- /* We need to resize the buffer if the additional data wouldn't
- fit into it. We allocate more memory to avoid to resize it the
- next time the function is used. */
- if (s->cache.size + count > s->cache.alloced)
- {
- byte *old = s->cache.buf;
-
- s->cache.buf =
- cdk_calloc (1, s->cache.alloced + count + STREAM_BUFSIZE);
- s->cache.alloced += (count + STREAM_BUFSIZE);
- memcpy (s->cache.buf, old, s->cache.size);
- cdk_free (old);
+ /* We need to resize the buffer if the additional data wouldn't
+ fit into it. We allocate more memory to avoid to resize it the
+ next time the function is used. */
+ if (s->cache.size + count > s->cache.alloced) {
+ byte *old = s->cache.buf;
+
+ s->cache.buf =
+ cdk_calloc(1,
+ s->cache.alloced + count +
+ STREAM_BUFSIZE);
+ s->cache.alloced += (count + STREAM_BUFSIZE);
+ memcpy(s->cache.buf, old, s->cache.size);
+ cdk_free(old);
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream: enlarge cache to %d octets\n",
- (int) s->cache.alloced);
+ _gnutls_read_log
+ ("stream: enlarge cache to %d octets\n",
+ (int) s->cache.alloced);
#endif
- }
-
- memcpy (s->cache.buf + s->cache.size, buf, count);
- s->cache.size += count;
- return count;
- }
+ }
+ memcpy(s->cache.buf + s->cache.size, buf, count);
+ s->cache.size += count;
+ return count;
+ }
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream[fd=%u]: written %d bytes\n", fileno (s->fp), (int) count);
+ _gnutls_read_log("stream[fd=%u]: written %d bytes\n",
+ fileno(s->fp), (int) count);
#endif
- nwritten = fwrite (buf, 1, count, s->fp);
- if (!nwritten)
- nwritten = EOF;
- return nwritten;
+ nwritten = fwrite(buf, 1, count, s->fp);
+ if (!nwritten)
+ nwritten = EOF;
+ return nwritten;
}
-int
-cdk_stream_putc (cdk_stream_t s, int c)
+int cdk_stream_putc(cdk_stream_t s, int c)
{
- byte buf[2];
- int nwritten;
-
- if (!s)
- {
- gnutls_assert ();
- return EOF;
- }
- buf[0] = c;
- nwritten = cdk_stream_write (s, buf, 1);
- if (nwritten == EOF)
- return EOF;
- return 0;
+ byte buf[2];
+ int nwritten;
+
+ if (!s) {
+ gnutls_assert();
+ return EOF;
+ }
+ buf[0] = c;
+ nwritten = cdk_stream_write(s, buf, 1);
+ if (nwritten == EOF)
+ return EOF;
+ return 0;
}
-off_t
-cdk_stream_tell (cdk_stream_t s)
+off_t cdk_stream_tell(cdk_stream_t s)
{
- return s ? ftell (s->fp) : (off_t) - 1;
+ return s ? ftell(s->fp) : (off_t) - 1;
}
-cdk_error_t
-cdk_stream_seek (cdk_stream_t s, off_t offset)
+cdk_error_t cdk_stream_seek(cdk_stream_t s, off_t offset)
{
- off_t len;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- if (s->cbs_hd)
- {
- if (s->cbs.seek)
- return s->cbs.seek (s->cbs_hd, offset);
- return 0;
- }
-
- /* Set or reset the EOF flag. */
- len = cdk_stream_get_length (s);
- if (len == offset)
- s->flags.eof = 1;
- else
- s->flags.eof = 0;
-
- if (fseek (s->fp, offset, SEEK_SET))
- {
- gnutls_assert ();
- return CDK_File_Error;
- }
- return 0;
+ off_t len;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ if (s->cbs_hd) {
+ if (s->cbs.seek)
+ return s->cbs.seek(s->cbs_hd, offset);
+ return 0;
+ }
+
+ /* Set or reset the EOF flag. */
+ len = cdk_stream_get_length(s);
+ if (len == offset)
+ s->flags.eof = 1;
+ else
+ s->flags.eof = 0;
+
+ if (fseek(s->fp, offset, SEEK_SET)) {
+ gnutls_assert();
+ return CDK_File_Error;
+ }
+ return 0;
}
-static cdk_error_t
-stream_flush (cdk_stream_t s)
+static cdk_error_t stream_flush(cdk_stream_t s)
{
- assert (s);
+ assert(s);
- /* For some constellations it cannot be assured that the
- return value is defined, thus we ignore it for now. */
- (void) fflush (s->fp);
- return 0;
+ /* For some constellations it cannot be assured that the
+ return value is defined, thus we ignore it for now. */
+ (void) fflush(s->fp);
+ return 0;
}
@@ -1201,25 +1108,22 @@ stream_flush (cdk_stream_t s)
* For the write mode, @armor_type can be set to any valid
* armor type (message, key, sig).
**/
-cdk_error_t
-cdk_stream_set_armor_flag (cdk_stream_t s, int armor_type)
+cdk_error_t cdk_stream_set_armor_flag(cdk_stream_t s, int armor_type)
{
- struct stream_filter_s *f;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- f = filter_add (s, _cdk_filter_armor, fARMOR);
- if (!f)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- f->u.afx.idx = f->u.afx.idx2 = armor_type;
- f->ctl = stream_get_mode (s);
- return 0;
+ struct stream_filter_s *f;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ f = filter_add(s, _cdk_filter_armor, fARMOR);
+ if (!f) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ f->u.afx.idx = f->u.afx.idx2 = armor_type;
+ f->ctl = stream_get_mode(s);
+ return 0;
}
@@ -1235,39 +1139,37 @@ cdk_stream_set_armor_flag (cdk_stream_t s, int armor_type)
* into a literal packet with the given mode and file name.
**/
cdk_error_t
-cdk_stream_set_literal_flag (cdk_stream_t s, cdk_lit_format_t mode,
- const char *fname)
+cdk_stream_set_literal_flag(cdk_stream_t s, cdk_lit_format_t mode,
+ const char *fname)
{
- struct stream_filter_s *f;
- const char *orig_fname;
+ struct stream_filter_s *f;
+ const char *orig_fname;
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream: enable literal mode.\n");
+ _gnutls_read_log("stream: enable literal mode.\n");
#endif
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- orig_fname = _cdk_stream_get_fname (s);
- f = filter_add (s, _cdk_filter_literal, fLITERAL);
- if (!f)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- f->u.pfx.mode = mode;
- f->u.pfx.filename = fname ? cdk_strdup (fname) : NULL;
- f->u.pfx.orig_filename = orig_fname ? cdk_strdup (orig_fname) : NULL;
- f->ctl = stream_get_mode (s);
- if (s->blkmode > 0)
- {
- f->u.pfx.blkmode.on = 1;
- f->u.pfx.blkmode.size = s->blkmode;
- }
- return 0;
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ orig_fname = _cdk_stream_get_fname(s);
+ f = filter_add(s, _cdk_filter_literal, fLITERAL);
+ if (!f) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ f->u.pfx.mode = mode;
+ f->u.pfx.filename = fname ? cdk_strdup(fname) : NULL;
+ f->u.pfx.orig_filename =
+ orig_fname ? cdk_strdup(orig_fname) : NULL;
+ f->ctl = stream_get_mode(s);
+ if (s->blkmode > 0) {
+ f->u.pfx.blkmode.on = 1;
+ f->u.pfx.blkmode.size = s->blkmode;
+ }
+ return 0;
}
@@ -1283,11 +1185,11 @@ cdk_stream_set_literal_flag (cdk_stream_t s, cdk_lit_format_t mode,
* given algorithm at the given level.
**/
cdk_error_t
-cdk_stream_set_compress_flag (cdk_stream_t s, int algo, int level)
+cdk_stream_set_compress_flag(cdk_stream_t s, int algo, int level)
{
- gnutls_assert ();
- return CDK_Not_Implemented;
+ gnutls_assert();
+ return CDK_Not_Implemented;
}
@@ -1298,25 +1200,22 @@ cdk_stream_set_compress_flag (cdk_stream_t s, int algo, int level)
*
* Pushes the text filter to store the stream data in cannoncial format.
**/
-cdk_error_t
-cdk_stream_set_text_flag (cdk_stream_t s, const char *lf)
+cdk_error_t cdk_stream_set_text_flag(cdk_stream_t s, const char *lf)
{
- struct stream_filter_s *f;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- f = filter_add (s, _cdk_filter_text, fTEXT);
- if (!f)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- f->ctl = stream_get_mode (s);
- f->u.tfx.lf = lf;
- return 0;
+ struct stream_filter_s *f;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ f = filter_add(s, _cdk_filter_text, fTEXT);
+ if (!f) {
+ gnutls_assert();
+ return CDK_Out_Of_Core;
+ }
+ f->ctl = stream_get_mode(s);
+ f->u.tfx.lf = lf;
+ return 0;
}
/**
@@ -1326,54 +1225,47 @@ cdk_stream_set_text_flag (cdk_stream_t s, const char *lf)
*
* Enables or disable the cache section of a stream object.
**/
-cdk_error_t
-cdk_stream_enable_cache (cdk_stream_t s, int val)
+cdk_error_t cdk_stream_enable_cache(cdk_stream_t s, int val)
{
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (!s->flags.write)
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- s->cache.on = val;
- if (!s->cache.buf)
- {
- s->cache.buf = cdk_calloc (1, STREAM_BUFSIZE);
- s->cache.alloced = STREAM_BUFSIZE;
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ if (!s->flags.write) {
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+ s->cache.on = val;
+ if (!s->cache.buf) {
+ s->cache.buf = cdk_calloc(1, STREAM_BUFSIZE);
+ s->cache.alloced = STREAM_BUFSIZE;
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream: allocate cache of %d octets\n",
- STREAM_BUFSIZE);
+ _gnutls_read_log("stream: allocate cache of %d octets\n",
+ STREAM_BUFSIZE);
#endif
- }
- return 0;
+ }
+ return 0;
}
-static int
-stream_cache_flush (cdk_stream_t s, FILE * fp)
+static int stream_cache_flush(cdk_stream_t s, FILE * fp)
{
- int nwritten;
-
- assert (s);
-
- /* FIXME: We should find a way to use cdk_stream_write here. */
- if (s->cache.size > 0)
- {
- nwritten = fwrite (s->cache.buf, 1, s->cache.size, fp);
- if (!nwritten)
- {
- gnutls_assert ();
- return CDK_File_Error;
- }
- s->cache.size = 0;
- s->cache.on = 0;
- memset (s->cache.buf, 0, s->cache.alloced);
- }
- return 0;
+ int nwritten;
+
+ assert(s);
+
+ /* FIXME: We should find a way to use cdk_stream_write here. */
+ if (s->cache.size > 0) {
+ nwritten = fwrite(s->cache.buf, 1, s->cache.size, fp);
+ if (!nwritten) {
+ gnutls_assert();
+ return CDK_File_Error;
+ }
+ s->cache.size = 0;
+ s->cache.on = 0;
+ memset(s->cache.buf, 0, s->cache.alloced);
+ }
+ return 0;
}
@@ -1385,34 +1277,30 @@ stream_cache_flush (cdk_stream_t s, FILE * fp)
* Passes the entire data from @inp into the output stream @out
* with all the activated filters.
*/
-cdk_error_t
-cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out)
+cdk_error_t cdk_stream_kick_off(cdk_stream_t inp, cdk_stream_t out)
{
- byte buf[BUFSIZE];
- int nread, nwritten;
- cdk_error_t rc;
-
- if (!inp || !out)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- rc = CDK_Success;
- while (!cdk_stream_eof (inp))
- {
- nread = cdk_stream_read (inp, buf, DIM (buf));
- if (!nread || nread == EOF)
- break;
- nwritten = cdk_stream_write (out, buf, nread);
- if (!nwritten || nwritten == EOF)
- { /* In case of errors, we leave the loop. */
- rc = inp->error;
- break;
- }
- }
-
- memset (buf, 0, sizeof (buf));
- return rc;
+ byte buf[BUFSIZE];
+ int nread, nwritten;
+ cdk_error_t rc;
+
+ if (!inp || !out) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ rc = CDK_Success;
+ while (!cdk_stream_eof(inp)) {
+ nread = cdk_stream_read(inp, buf, DIM(buf));
+ if (!nread || nread == EOF)
+ break;
+ nwritten = cdk_stream_write(out, buf, nread);
+ if (!nwritten || nwritten == EOF) { /* In case of errors, we leave the loop. */
+ rc = inp->error;
+ break;
+ }
+ }
+
+ memset(buf, 0, sizeof(buf));
+ return rc;
}
@@ -1428,85 +1316,80 @@ cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out)
* contains the length of the buffer.
**/
cdk_error_t
-cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
- byte ** ret_buf, size_t * ret_buflen)
+cdk_stream_mmap_part(cdk_stream_t s, off_t off, size_t len,
+ byte ** ret_buf, size_t * ret_buflen)
{
- cdk_error_t rc;
- off_t oldpos;
- unsigned int n;
-
- if (!ret_buf || !ret_buflen)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- *ret_buf = NULL;
- *ret_buflen = 0;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- /* Memory mapping is not supported on custom I/O objects. */
- if (s->cbs_hd)
- {
+ cdk_error_t rc;
+ off_t oldpos;
+ unsigned int n;
+
+ if (!ret_buf || !ret_buflen) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+ *ret_buf = NULL;
+ *ret_buflen = 0;
+
+ if (!s) {
+ gnutls_assert();
+ return CDK_Inv_Value;
+ }
+
+ /* Memory mapping is not supported on custom I/O objects. */
+ if (s->cbs_hd) {
#ifdef DEBUG_STREAM
- _gnutls_read_log ("cdk_stream_mmap_part: not supported on callbacks\n");
+ _gnutls_read_log
+ ("cdk_stream_mmap_part: not supported on callbacks\n");
#endif
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
-
- oldpos = cdk_stream_tell (s);
- rc = cdk_stream_flush (s);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- rc = cdk_stream_seek (s, off);
- if (rc)
- {
- gnutls_assert ();
- return rc;
- }
- if (!len)
- len = cdk_stream_get_length (s);
- if (!len)
- {
- _gnutls_read_log ("cdk_stream_mmap_part: invalid file size %lu\n", (unsigned long)len);
- gnutls_assert ();
- return s->error;
- }
- if (len > MAX_MAP_SIZE)
- {
- gnutls_assert ();
- return CDK_Too_Short;
- }
-
- *ret_buf = cdk_calloc (1, len + 1);
- *ret_buflen = len;
- n = cdk_stream_read (s, *ret_buf, len);
- if (n != len)
- *ret_buflen = n;
- rc = cdk_stream_seek (s, oldpos);
- if (rc)
- gnutls_assert ();
- return rc;
+ gnutls_assert();
+ return CDK_Inv_Mode;
+ }
+
+ oldpos = cdk_stream_tell(s);
+ rc = cdk_stream_flush(s);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ rc = cdk_stream_seek(s, off);
+ if (rc) {
+ gnutls_assert();
+ return rc;
+ }
+ if (!len)
+ len = cdk_stream_get_length(s);
+ if (!len) {
+ _gnutls_read_log
+ ("cdk_stream_mmap_part: invalid file size %lu\n",
+ (unsigned long) len);
+ gnutls_assert();
+ return s->error;
+ }
+ if (len > MAX_MAP_SIZE) {
+ gnutls_assert();
+ return CDK_Too_Short;
+ }
+
+ *ret_buf = cdk_calloc(1, len + 1);
+ *ret_buflen = len;
+ n = cdk_stream_read(s, *ret_buf, len);
+ if (n != len)
+ *ret_buflen = n;
+ rc = cdk_stream_seek(s, oldpos);
+ if (rc)
+ gnutls_assert();
+ return rc;
}
-cdk_error_t
-cdk_stream_mmap (cdk_stream_t inp, byte ** buf, size_t * buflen)
+cdk_error_t cdk_stream_mmap(cdk_stream_t inp, byte ** buf, size_t * buflen)
{
- off_t len;
+ off_t len;
- /* We need to make sure all data is flushed before we retrieve the size. */
- cdk_stream_flush (inp);
- len = cdk_stream_get_length (inp);
- return cdk_stream_mmap_part (inp, 0, len, buf, buflen);
+ /* We need to make sure all data is flushed before we retrieve the size. */
+ cdk_stream_flush(inp);
+ len = cdk_stream_get_length(inp);
+ return cdk_stream_mmap_part(inp, 0, len, buf, buflen);
}
@@ -1519,77 +1402,70 @@ cdk_stream_mmap (cdk_stream_t inp, byte ** buf, size_t * buflen)
* The function acts like cdk_stream_read with the difference that
* the file pointer is moved to the old position after the bytes were read.
**/
-int
-cdk_stream_peek (cdk_stream_t inp, byte * buf, size_t buflen)
+int cdk_stream_peek(cdk_stream_t inp, byte * buf, size_t buflen)
{
- off_t off;
- int nbytes;
-
- if (!inp || !buf)
- return 0;
- if (inp->cbs_hd)
- return 0;
-
- off = cdk_stream_tell (inp);
- nbytes = cdk_stream_read (inp, buf, buflen);
- if (nbytes == -1)
- return 0;
- if (cdk_stream_seek (inp, off))
- return 0;
- return nbytes;
+ off_t off;
+ int nbytes;
+
+ if (!inp || !buf)
+ return 0;
+ if (inp->cbs_hd)
+ return 0;
+
+ off = cdk_stream_tell(inp);
+ nbytes = cdk_stream_read(inp, buf, buflen);
+ if (nbytes == -1)
+ return 0;
+ if (cdk_stream_seek(inp, off))
+ return 0;
+ return nbytes;
}
/* Try to read a line from the given stream. */
-int
-_cdk_stream_gets (cdk_stream_t s, char *buf, size_t count)
+int _cdk_stream_gets(cdk_stream_t s, char *buf, size_t count)
{
- int c, i;
-
- assert (s);
-
- i = 0;
- while (!cdk_stream_eof (s) && count > 0)
- {
- c = cdk_stream_getc (s);
- if (c == EOF || c == '\r' || c == '\n')
- {
- buf[i++] = '\0';
- break;
- }
- buf[i++] = c;
- count--;
- }
- return i;
+ int c, i;
+
+ assert(s);
+
+ i = 0;
+ while (!cdk_stream_eof(s) && count > 0) {
+ c = cdk_stream_getc(s);
+ if (c == EOF || c == '\r' || c == '\n') {
+ buf[i++] = '\0';
+ break;
+ }
+ buf[i++] = c;
+ count--;
+ }
+ return i;
}
/* Try to write string into the stream @s. */
-int
-_cdk_stream_puts (cdk_stream_t s, const char *buf)
+int _cdk_stream_puts(cdk_stream_t s, const char *buf)
{
- return cdk_stream_write (s, buf, strlen (buf));
+ return cdk_stream_write(s, buf, strlen(buf));
}
/* Activate the block mode for the given stream. */
-cdk_error_t
-_cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes)
+cdk_error_t _cdk_stream_set_blockmode(cdk_stream_t s, size_t nbytes)
{
- assert (s);
+ assert(s);
#ifdef DEBUG_STREAM
- _gnutls_read_log ("stream: activate block mode with blocksize %d\n",
- (int) nbytes);
+ _gnutls_read_log("stream: activate block mode with blocksize %d\n",
+ (int) nbytes);
#endif
- s->blkmode = nbytes;
- return 0;
+ s->blkmode = nbytes;
+ return 0;
}
/* Return the block mode state of the given stream. */
-int
-_cdk_stream_get_blockmode (cdk_stream_t s)
+int _cdk_stream_get_blockmode(cdk_stream_t s)
{
- return s ? s->blkmode : 0;
+ return s ? s->blkmode : 0;
}
diff --git a/lib/opencdk/stream.h b/lib/opencdk/stream.h
index be57fb2963..3a7b93495e 100644
--- a/lib/opencdk/stream.h
+++ b/lib/opencdk/stream.h
@@ -26,77 +26,70 @@
/* The default buffer size for the stream. */
#define STREAM_BUFSIZE 8192
-enum
-{
- fDUMMY = 0,
- fARMOR = 1,
- fCIPHER = 2,
- fLITERAL = 3,
- fCOMPRESS = 4,
- fHASH = 5,
- fTEXT = 6
+enum {
+ fDUMMY = 0,
+ fARMOR = 1,
+ fCIPHER = 2,
+ fLITERAL = 3,
+ fCOMPRESS = 4,
+ fHASH = 5,
+ fTEXT = 6
};
/* Type definition for the filter function. */
-typedef cdk_error_t (*filter_fnct_t) (void *uint8_t, int ctl, FILE * in,
- FILE * out);
+typedef cdk_error_t(*filter_fnct_t) (void *uint8_t, int ctl, FILE * in,
+ FILE * out);
/* The stream filter context structure. */
-struct stream_filter_s
-{
- struct stream_filter_s *next;
- filter_fnct_t fnct;
- void *uint8_t;
- FILE *tmp;
- union
- {
- armor_filter_t afx;
- cipher_filter_t cfx;
- literal_filter_t pfx;
- compress_filter_t zfx;
- text_filter_t tfx;
- md_filter_t mfx;
- } u;
- struct
- {
- unsigned enabled:1;
- unsigned rdonly:1;
- unsigned error:1;
- } flags;
- unsigned type;
- unsigned ctl;
+struct stream_filter_s {
+ struct stream_filter_s *next;
+ filter_fnct_t fnct;
+ void *uint8_t;
+ FILE *tmp;
+ union {
+ armor_filter_t afx;
+ cipher_filter_t cfx;
+ literal_filter_t pfx;
+ compress_filter_t zfx;
+ text_filter_t tfx;
+ md_filter_t mfx;
+ } u;
+ struct {
+ unsigned enabled:1;
+ unsigned rdonly:1;
+ unsigned error:1;
+ } flags;
+ unsigned type;
+ unsigned ctl;
};
/* The stream context structure. */
-struct cdk_stream_s
-{
- struct stream_filter_s *filters;
- int fmode;
- int error;
- size_t blkmode;
- struct
- {
- unsigned filtrated:1;
- unsigned eof:1;
- unsigned write:1;
- unsigned temp:1;
- unsigned reset:1;
- unsigned no_filter:1;
- unsigned compressed:3;
- } flags;
- struct
- {
- unsigned char *buf;
- unsigned on:1;
- size_t size;
- size_t alloced;
- } cache;
- char *fname;
- FILE *fp;
- unsigned int fp_ref:1;
- struct cdk_stream_cbs_s cbs;
- void *cbs_hd;
+struct cdk_stream_s {
+ struct stream_filter_s *filters;
+ int fmode;
+ int error;
+ size_t blkmode;
+ struct {
+ unsigned filtrated:1;
+ unsigned eof:1;
+ unsigned write:1;
+ unsigned temp:1;
+ unsigned reset:1;
+ unsigned no_filter:1;
+ unsigned compressed:3;
+ } flags;
+ struct {
+ unsigned char *buf;
+ unsigned on:1;
+ size_t size;
+ size_t alloced;
+ } cache;
+ char *fname;
+ FILE *fp;
+ unsigned int fp_ref:1;
+ struct cdk_stream_cbs_s cbs;
+ void *cbs_hd;
};
-#endif /* CDK_STREAM_H */
+#endif /* CDK_STREAM_H */
diff --git a/lib/opencdk/types.h b/lib/opencdk/types.h
index fb31c765d8..8fae6ce629 100644
--- a/lib/opencdk/types.h
+++ b/lib/opencdk/types.h
@@ -46,4 +46,4 @@ typedef unsigned int u32;
#define DIMof(type, member) DIM(((type *)0)->member)
#endif
-#endif /* CDK_TYPES_H */
+#endif /* CDK_TYPES_H */
diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c
index 6e76e7227b..b852e0e8d1 100644
--- a/lib/opencdk/write-packet.c
+++ b/lib/opencdk/write-packet.c
@@ -31,756 +31,750 @@
#include "main.h"
-static int
-stream_write (cdk_stream_t s, const void *buf, size_t buflen)
+static int stream_write(cdk_stream_t s, const void *buf, size_t buflen)
{
- int nwritten;
+ int nwritten;
- nwritten = cdk_stream_write (s, buf, buflen);
- if (nwritten == EOF)
- return _cdk_stream_get_errno (s);
- return 0;
+ nwritten = cdk_stream_write(s, buf, buflen);
+ if (nwritten == EOF)
+ return _cdk_stream_get_errno(s);
+ return 0;
}
static int
-stream_read (cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+stream_read(cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
{
- int nread;
+ int nread;
- assert (r_nread);
+ assert(r_nread);
- nread = cdk_stream_read (s, buf, buflen);
- if (nread == EOF)
- return _cdk_stream_get_errno (s);
- *r_nread = nread;
- return 0;
+ nread = cdk_stream_read(s, buf, buflen);
+ if (nread == EOF)
+ return _cdk_stream_get_errno(s);
+ *r_nread = nread;
+ return 0;
}
-static int
-stream_putc (cdk_stream_t s, int c)
+static int stream_putc(cdk_stream_t s, int c)
{
- int nwritten = cdk_stream_putc (s, c);
- if (nwritten == EOF)
- return _cdk_stream_get_errno (s);
- return 0;
+ int nwritten = cdk_stream_putc(s, c);
+ if (nwritten == EOF)
+ return _cdk_stream_get_errno(s);
+ return 0;
}
-static int
-write_32 (cdk_stream_t out, u32 u)
+static int write_32(cdk_stream_t out, u32 u)
{
- byte buf[4];
+ byte buf[4];
- buf[0] = u >> 24;
- buf[1] = u >> 16;
- buf[2] = u >> 8;
- buf[3] = u;
- return stream_write (out, buf, 4);
+ buf[0] = u >> 24;
+ buf[1] = u >> 16;
+ buf[2] = u >> 8;
+ buf[3] = u;
+ return stream_write(out, buf, 4);
}
-static int
-write_16 (cdk_stream_t out, u16 u)
+static int write_16(cdk_stream_t out, u16 u)
{
- byte buf[2];
+ byte buf[2];
- buf[0] = u >> 8;
- buf[1] = u;
- return stream_write (out, buf, 2);
+ buf[0] = u >> 8;
+ buf[1] = u;
+ return stream_write(out, buf, 2);
}
-static size_t
-calc_mpisize (bigint_t mpi[MAX_CDK_PK_PARTS], size_t ncount)
+static size_t calc_mpisize(bigint_t mpi[MAX_CDK_PK_PARTS], size_t ncount)
{
- size_t size, i;
+ size_t size, i;
- size = 0;
- for (i = 0; i < ncount; i++)
- size += (_gnutls_mpi_get_nbits (mpi[i]) + 7) / 8 + 2;
- return size;
+ size = 0;
+ for (i = 0; i < ncount; i++)
+ size += (_gnutls_mpi_get_nbits(mpi[i]) + 7) / 8 + 2;
+ return size;
}
-static int
-write_mpi (cdk_stream_t out, bigint_t m)
+static int write_mpi(cdk_stream_t out, bigint_t m)
{
- byte buf[MAX_MPI_BYTES + 2];
- size_t nbits, nread;
- int err;
-
- if (!out || !m)
- return CDK_Inv_Value;
- nbits = _gnutls_mpi_get_nbits (m);
- if (nbits > MAX_MPI_BITS || nbits < 1)
- return CDK_MPI_Error;
-
- nread = MAX_MPI_BYTES + 2;
- err = _gnutls_mpi_print_pgp (m, buf, &nread);
- if (err < 0)
- return map_gnutls_error (err);
- return stream_write (out, buf, nread);
+ byte buf[MAX_MPI_BYTES + 2];
+ size_t nbits, nread;
+ int err;
+
+ if (!out || !m)
+ return CDK_Inv_Value;
+ nbits = _gnutls_mpi_get_nbits(m);
+ if (nbits > MAX_MPI_BITS || nbits < 1)
+ return CDK_MPI_Error;
+
+ nread = MAX_MPI_BYTES + 2;
+ err = _gnutls_mpi_print_pgp(m, buf, &nread);
+ if (err < 0)
+ return map_gnutls_error(err);
+ return stream_write(out, buf, nread);
}
static cdk_error_t
-write_mpibuf (cdk_stream_t out, bigint_t mpi[MAX_CDK_PK_PARTS], size_t count)
+write_mpibuf(cdk_stream_t out, bigint_t mpi[MAX_CDK_PK_PARTS],
+ size_t count)
{
- size_t i;
- cdk_error_t rc;
-
- for (i = 0; i < count; i++)
- {
- rc = write_mpi (out, mpi[i]);
- if (rc)
- return rc;
- }
- return 0;
+ size_t i;
+ cdk_error_t rc;
+
+ for (i = 0; i < count; i++) {
+ rc = write_mpi(out, mpi[i]);
+ if (rc)
+ return rc;
+ }
+ return 0;
}
-static cdk_error_t
-pkt_encode_len (cdk_stream_t out, size_t pktlen)
+static cdk_error_t pkt_encode_len(cdk_stream_t out, size_t pktlen)
{
- cdk_error_t rc;
-
- if (!out)
- return CDK_Inv_Value;
-
- if (!pktlen)
- {
- /* Block mode, partial bodies, with 'DEF_BLOCKSIZE' from main.h */
- rc = stream_putc (out, (0xE0 | DEF_BLOCKBITS));
- }
- else if (pktlen < 192)
- rc = stream_putc (out, pktlen);
- else if (pktlen < 8384)
- {
- pktlen -= 192;
- rc = stream_putc (out, (pktlen >> 8) + 192);
- if (!rc)
- rc = stream_putc (out, (pktlen & 0xff));
- }
- else
- {
- rc = stream_putc (out, 255);
- if (!rc)
- rc = write_32 (out, pktlen);
- }
-
- return rc;
+ cdk_error_t rc;
+
+ if (!out)
+ return CDK_Inv_Value;
+
+ if (!pktlen) {
+ /* Block mode, partial bodies, with 'DEF_BLOCKSIZE' from main.h */
+ rc = stream_putc(out, (0xE0 | DEF_BLOCKBITS));
+ } else if (pktlen < 192)
+ rc = stream_putc(out, pktlen);
+ else if (pktlen < 8384) {
+ pktlen -= 192;
+ rc = stream_putc(out, (pktlen >> 8) + 192);
+ if (!rc)
+ rc = stream_putc(out, (pktlen & 0xff));
+ } else {
+ rc = stream_putc(out, 255);
+ if (!rc)
+ rc = write_32(out, pktlen);
+ }
+
+ return rc;
}
-static cdk_error_t
-write_head_new (cdk_stream_t out, size_t size, int type)
+static cdk_error_t write_head_new(cdk_stream_t out, size_t size, int type)
{
- cdk_error_t rc;
+ cdk_error_t rc;
- if (!out)
- return CDK_Inv_Value;
+ if (!out)
+ return CDK_Inv_Value;
- if (type < 0 || type > 63)
- return CDK_Inv_Packet;
- rc = stream_putc (out, (0xC0 | type));
- if (!rc)
- rc = pkt_encode_len (out, size);
- return rc;
+ if (type < 0 || type > 63)
+ return CDK_Inv_Packet;
+ rc = stream_putc(out, (0xC0 | type));
+ if (!rc)
+ rc = pkt_encode_len(out, size);
+ return rc;
}
-static cdk_error_t
-write_head_old (cdk_stream_t out, size_t size, int type)
+static cdk_error_t write_head_old(cdk_stream_t out, size_t size, int type)
{
- cdk_error_t rc;
- int ctb;
-
- if (!out)
- return CDK_Inv_Value;
-
- if (type < 0 || type > 16)
- return CDK_Inv_Packet;
- ctb = 0x80 | (type << 2);
- if (!size)
- ctb |= 3;
- else if (size < 256)
- ;
- else if (size < 65536)
- ctb |= 1;
- else
- ctb |= 2;
- rc = stream_putc (out, ctb);
- if (!size)
- return rc;
- if (!rc)
- {
- if (size < 256)
- rc = stream_putc (out, size);
- else if (size < 65536)
- rc = write_16 (out, size);
- else
- rc = write_32 (out, size);
- }
-
- return rc;
+ cdk_error_t rc;
+ int ctb;
+
+ if (!out)
+ return CDK_Inv_Value;
+
+ if (type < 0 || type > 16)
+ return CDK_Inv_Packet;
+ ctb = 0x80 | (type << 2);
+ if (!size)
+ ctb |= 3;
+ else if (size < 256);
+ else if (size < 65536)
+ ctb |= 1;
+ else
+ ctb |= 2;
+ rc = stream_putc(out, ctb);
+ if (!size)
+ return rc;
+ if (!rc) {
+ if (size < 256)
+ rc = stream_putc(out, size);
+ else if (size < 65536)
+ rc = write_16(out, size);
+ else
+ rc = write_32(out, size);
+ }
+
+ return rc;
}
/* Write special PGP2 packet header. PGP2 (wrongly) uses two byte header
length for signatures and keys even if the size is < 256. */
-static cdk_error_t
-pkt_write_head2 (cdk_stream_t out, size_t size, int type)
+static cdk_error_t pkt_write_head2(cdk_stream_t out, size_t size, int type)
{
- cdk_error_t rc;
-
- rc = cdk_stream_putc (out, 0x80 | (type << 2) | 1);
- if (!rc)
- rc = cdk_stream_putc (out, size >> 8);
- if (!rc)
- rc = cdk_stream_putc (out, size & 0xff);
- return rc;
+ cdk_error_t rc;
+
+ rc = cdk_stream_putc(out, 0x80 | (type << 2) | 1);
+ if (!rc)
+ rc = cdk_stream_putc(out, size >> 8);
+ if (!rc)
+ rc = cdk_stream_putc(out, size & 0xff);
+ return rc;
}
static int
-pkt_write_head (cdk_stream_t out, int old_ctb, size_t size, int type)
+pkt_write_head(cdk_stream_t out, int old_ctb, size_t size, int type)
{
- if (old_ctb)
- return write_head_old (out, size, type);
- return write_head_new (out, size, type);
+ if (old_ctb)
+ return write_head_old(out, size, type);
+ return write_head_new(out, size, type);
}
static int
-write_pubkey_enc (cdk_stream_t out, cdk_pkt_pubkey_enc_t pke, int old_ctb)
+write_pubkey_enc(cdk_stream_t out, cdk_pkt_pubkey_enc_t pke, int old_ctb)
{
- size_t size;
- int rc, nenc;
-
- if (!out || !pke)
- return CDK_Inv_Value;
-
- if (pke->version < 2 || pke->version > 3)
- return CDK_Inv_Packet;
- if (!KEY_CAN_ENCRYPT (pke->pubkey_algo))
- return CDK_Inv_Algo;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_pubkey_enc:\n");
-
- nenc = cdk_pk_get_nenc (pke->pubkey_algo);
- size = 10 + calc_mpisize (pke->mpi, nenc);
- rc = pkt_write_head (out, old_ctb, size, CDK_PKT_PUBKEY_ENC);
- if (rc)
- return rc;
-
- rc = stream_putc (out, pke->version);
- if (!rc)
- rc = write_32 (out, pke->keyid[0]);
- if (!rc)
- rc = write_32 (out, pke->keyid[1]);
- if (!rc)
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (pke->pubkey_algo));
- if (!rc)
- rc = write_mpibuf (out, pke->mpi, nenc);
- return rc;
+ size_t size;
+ int rc, nenc;
+
+ if (!out || !pke)
+ return CDK_Inv_Value;
+
+ if (pke->version < 2 || pke->version > 3)
+ return CDK_Inv_Packet;
+ if (!KEY_CAN_ENCRYPT(pke->pubkey_algo))
+ return CDK_Inv_Algo;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_pubkey_enc:\n");
+
+ nenc = cdk_pk_get_nenc(pke->pubkey_algo);
+ size = 10 + calc_mpisize(pke->mpi, nenc);
+ rc = pkt_write_head(out, old_ctb, size, CDK_PKT_PUBKEY_ENC);
+ if (rc)
+ return rc;
+
+ rc = stream_putc(out, pke->version);
+ if (!rc)
+ rc = write_32(out, pke->keyid[0]);
+ if (!rc)
+ rc = write_32(out, pke->keyid[1]);
+ if (!rc)
+ rc = stream_putc(out,
+ _cdk_pub_algo_to_pgp(pke->pubkey_algo));
+ if (!rc)
+ rc = write_mpibuf(out, pke->mpi, nenc);
+ return rc;
}
-static cdk_error_t
-write_mdc (cdk_stream_t out, cdk_pkt_mdc_t mdc)
+static cdk_error_t write_mdc(cdk_stream_t out, cdk_pkt_mdc_t mdc)
{
- cdk_error_t rc;
+ cdk_error_t rc;
- if (!out || !mdc)
- return CDK_Inv_Value;
+ if (!out || !mdc)
+ return CDK_Inv_Value;
- if (DEBUG_PKT)
- _gnutls_write_log ("write_mdc:\n");
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_mdc:\n");
- /* This packet requires a fixed header encoding */
- rc = stream_putc (out, 0xD3); /* packet ID and 1 byte length */
- if (!rc)
- rc = stream_putc (out, 0x14);
- if (!rc)
- rc = stream_write (out, mdc->hash, DIM (mdc->hash));
- return rc;
+ /* This packet requires a fixed header encoding */
+ rc = stream_putc(out, 0xD3); /* packet ID and 1 byte length */
+ if (!rc)
+ rc = stream_putc(out, 0x14);
+ if (!rc)
+ rc = stream_write(out, mdc->hash, DIM(mdc->hash));
+ return rc;
}
-static size_t
-calc_subpktsize (cdk_subpkt_t s)
+static size_t calc_subpktsize(cdk_subpkt_t s)
{
- size_t nbytes;
+ size_t nbytes;
- /* In the count mode, no buffer is returned. */
- _cdk_subpkt_get_array (s, 1, &nbytes);
- return nbytes;
+ /* In the count mode, no buffer is returned. */
+ _cdk_subpkt_get_array(s, 1, &nbytes);
+ return nbytes;
}
static cdk_error_t
-write_v3_sig (cdk_stream_t out, cdk_pkt_signature_t sig, int nsig)
+write_v3_sig(cdk_stream_t out, cdk_pkt_signature_t sig, int nsig)
{
- size_t size;
- cdk_error_t rc;
-
- size = 19 + calc_mpisize (sig->mpi, nsig);
- if (is_RSA (sig->pubkey_algo))
- rc = pkt_write_head2 (out, size, CDK_PKT_SIGNATURE);
- else
- rc = pkt_write_head (out, 1, size, CDK_PKT_SIGNATURE);
- if (!rc)
- rc = stream_putc (out, sig->version);
- if (!rc)
- rc = stream_putc (out, 5);
- if (!rc)
- rc = stream_putc (out, sig->sig_class);
- if (!rc)
- rc = write_32 (out, sig->timestamp);
- if (!rc)
- rc = write_32 (out, sig->keyid[0]);
- if (!rc)
- rc = write_32 (out, sig->keyid[1]);
- if (!rc)
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
- if (!rc)
- rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
- if (!rc)
- rc = stream_putc (out, sig->digest_start[0]);
- if (!rc)
- rc = stream_putc (out, sig->digest_start[1]);
- if (!rc)
- rc = write_mpibuf (out, sig->mpi, nsig);
- return rc;
+ size_t size;
+ cdk_error_t rc;
+
+ size = 19 + calc_mpisize(sig->mpi, nsig);
+ if (is_RSA(sig->pubkey_algo))
+ rc = pkt_write_head2(out, size, CDK_PKT_SIGNATURE);
+ else
+ rc = pkt_write_head(out, 1, size, CDK_PKT_SIGNATURE);
+ if (!rc)
+ rc = stream_putc(out, sig->version);
+ if (!rc)
+ rc = stream_putc(out, 5);
+ if (!rc)
+ rc = stream_putc(out, sig->sig_class);
+ if (!rc)
+ rc = write_32(out, sig->timestamp);
+ if (!rc)
+ rc = write_32(out, sig->keyid[0]);
+ if (!rc)
+ rc = write_32(out, sig->keyid[1]);
+ if (!rc)
+ rc = stream_putc(out,
+ _cdk_pub_algo_to_pgp(sig->pubkey_algo));
+ if (!rc)
+ rc = stream_putc(out,
+ _gnutls_hash_algo_to_pgp(sig->
+ digest_algo));
+ if (!rc)
+ rc = stream_putc(out, sig->digest_start[0]);
+ if (!rc)
+ rc = stream_putc(out, sig->digest_start[1]);
+ if (!rc)
+ rc = write_mpibuf(out, sig->mpi, nsig);
+ return rc;
}
static cdk_error_t
-write_signature (cdk_stream_t out, cdk_pkt_signature_t sig, int old_ctb)
+write_signature(cdk_stream_t out, cdk_pkt_signature_t sig, int old_ctb)
{
- byte *buf;
- size_t nbytes, size, nsig;
- cdk_error_t rc;
-
- if (!out || !sig)
- return CDK_Inv_Value;
-
- if (!KEY_CAN_SIGN (sig->pubkey_algo))
- return gnutls_assert_val(CDK_Inv_Algo);
- if (sig->version < 2 || sig->version > 4)
- return gnutls_assert_val(CDK_Inv_Packet);
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_signature:\n");
-
- nsig = cdk_pk_get_nsig (sig->pubkey_algo);
- if (!nsig)
- return gnutls_assert_val(CDK_Inv_Algo);
- if (sig->version < 4)
- return write_v3_sig (out, sig, nsig);
-
- size = 10 + calc_subpktsize (sig->hashed)
- + calc_subpktsize (sig->unhashed) + calc_mpisize (sig->mpi, nsig);
-
- rc = pkt_write_head (out, 0, size, CDK_PKT_SIGNATURE);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, 4);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, sig->sig_class);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = write_16 (out, sig->hashed_size);
- if (rc)
- return gnutls_assert_val(rc);
-
- buf = _cdk_subpkt_get_array (sig->hashed, 0, &nbytes);
- if (!buf)
- return gnutls_assert_val(CDK_Out_Of_Core);
-
- rc = stream_write (out, buf, nbytes);
- cdk_free (buf);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = write_16 (out, sig->unhashed_size);
- if (rc)
- return gnutls_assert_val(rc);
-
- buf = _cdk_subpkt_get_array (sig->unhashed, 0, &nbytes);
- if (!buf)
- return gnutls_assert_val(CDK_Out_Of_Core);
-
- rc = stream_write (out, buf, nbytes);
- cdk_free (buf);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, sig->digest_start[0]);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = stream_putc (out, sig->digest_start[1]);
- if (rc)
- return gnutls_assert_val(rc);
-
- rc = write_mpibuf (out, sig->mpi, nsig);
- if (rc)
- return gnutls_assert_val(rc);
-
- return 0;
+ byte *buf;
+ size_t nbytes, size, nsig;
+ cdk_error_t rc;
+
+ if (!out || !sig)
+ return CDK_Inv_Value;
+
+ if (!KEY_CAN_SIGN(sig->pubkey_algo))
+ return gnutls_assert_val(CDK_Inv_Algo);
+ if (sig->version < 2 || sig->version > 4)
+ return gnutls_assert_val(CDK_Inv_Packet);
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_signature:\n");
+
+ nsig = cdk_pk_get_nsig(sig->pubkey_algo);
+ if (!nsig)
+ return gnutls_assert_val(CDK_Inv_Algo);
+ if (sig->version < 4)
+ return write_v3_sig(out, sig, nsig);
+
+ size = 10 + calc_subpktsize(sig->hashed)
+ + calc_subpktsize(sig->unhashed) + calc_mpisize(sig->mpi,
+ nsig);
+
+ rc = pkt_write_head(out, 0, size, CDK_PKT_SIGNATURE);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, 4);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, sig->sig_class);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, _cdk_pub_algo_to_pgp(sig->pubkey_algo));
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, _gnutls_hash_algo_to_pgp(sig->digest_algo));
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = write_16(out, sig->hashed_size);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ buf = _cdk_subpkt_get_array(sig->hashed, 0, &nbytes);
+ if (!buf)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+
+ rc = stream_write(out, buf, nbytes);
+ cdk_free(buf);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = write_16(out, sig->unhashed_size);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ buf = _cdk_subpkt_get_array(sig->unhashed, 0, &nbytes);
+ if (!buf)
+ return gnutls_assert_val(CDK_Out_Of_Core);
+
+ rc = stream_write(out, buf, nbytes);
+ cdk_free(buf);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, sig->digest_start[0]);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = stream_putc(out, sig->digest_start[1]);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ rc = write_mpibuf(out, sig->mpi, nsig);
+ if (rc)
+ return gnutls_assert_val(rc);
+
+ return 0;
}
static cdk_error_t
-write_public_key (cdk_stream_t out, cdk_pkt_pubkey_t pk,
- int is_subkey, int old_ctb)
+write_public_key(cdk_stream_t out, cdk_pkt_pubkey_t pk,
+ int is_subkey, int old_ctb)
{
- int pkttype, ndays = 0;
- size_t npkey = 0, size = 6;
- cdk_error_t rc;
-
- if (!out || !pk)
- return CDK_Inv_Value;
-
- if (pk->version < 2 || pk->version > 4)
- return CDK_Inv_Packet;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_public_key: subkey=%d\n", is_subkey);
-
- pkttype = is_subkey ? CDK_PKT_PUBLIC_SUBKEY : CDK_PKT_PUBLIC_KEY;
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- if (!npkey)
- return CDK_Inv_Algo;
- if (pk->version < 4)
- size += 2; /* expire date */
- if (is_subkey)
- old_ctb = 0;
- size += calc_mpisize (pk->mpi, npkey);
- if (old_ctb)
- rc = pkt_write_head2 (out, size, pkttype);
- else
- rc = pkt_write_head (out, old_ctb, size, pkttype);
- if (!rc)
- rc = stream_putc (out, pk->version);
- if (!rc)
- rc = write_32 (out, pk->timestamp);
- if (!rc && pk->version < 4)
- {
- if (pk->expiredate)
- ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
- rc = write_16 (out, ndays);
- }
- if (!rc)
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo));
- if (!rc)
- rc = write_mpibuf (out, pk->mpi, npkey);
- return rc;
+ int pkttype, ndays = 0;
+ size_t npkey = 0, size = 6;
+ cdk_error_t rc;
+
+ if (!out || !pk)
+ return CDK_Inv_Value;
+
+ if (pk->version < 2 || pk->version > 4)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_public_key: subkey=%d\n",
+ is_subkey);
+
+ pkttype = is_subkey ? CDK_PKT_PUBLIC_SUBKEY : CDK_PKT_PUBLIC_KEY;
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ if (!npkey)
+ return CDK_Inv_Algo;
+ if (pk->version < 4)
+ size += 2; /* expire date */
+ if (is_subkey)
+ old_ctb = 0;
+ size += calc_mpisize(pk->mpi, npkey);
+ if (old_ctb)
+ rc = pkt_write_head2(out, size, pkttype);
+ else
+ rc = pkt_write_head(out, old_ctb, size, pkttype);
+ if (!rc)
+ rc = stream_putc(out, pk->version);
+ if (!rc)
+ rc = write_32(out, pk->timestamp);
+ if (!rc && pk->version < 4) {
+ if (pk->expiredate)
+ ndays =
+ (u16) ((pk->expiredate -
+ pk->timestamp) / 86400L);
+ rc = write_16(out, ndays);
+ }
+ if (!rc)
+ rc = stream_putc(out,
+ _cdk_pub_algo_to_pgp(pk->pubkey_algo));
+ if (!rc)
+ rc = write_mpibuf(out, pk->mpi, npkey);
+ return rc;
}
-static int
-calc_s2ksize (cdk_pkt_seckey_t sk)
+static int calc_s2ksize(cdk_pkt_seckey_t sk)
{
- size_t nbytes = 0;
-
- if (!sk->is_protected)
- return 0;
- switch (sk->protect.s2k->mode)
- {
- case CDK_S2K_SIMPLE:
- nbytes = 2;
- break;
- case CDK_S2K_SALTED:
- nbytes = 10;
- break;
- case CDK_S2K_ITERSALTED:
- nbytes = 11;
- break;
- case CDK_S2K_GNU_EXT:
- nbytes = 2;
- break;
- }
- nbytes += sk->protect.ivlen;
- nbytes++; /* single cipher byte */
- return nbytes;
+ size_t nbytes = 0;
+
+ if (!sk->is_protected)
+ return 0;
+ switch (sk->protect.s2k->mode) {
+ case CDK_S2K_SIMPLE:
+ nbytes = 2;
+ break;
+ case CDK_S2K_SALTED:
+ nbytes = 10;
+ break;
+ case CDK_S2K_ITERSALTED:
+ nbytes = 11;
+ break;
+ case CDK_S2K_GNU_EXT:
+ nbytes = 2;
+ break;
+ }
+ nbytes += sk->protect.ivlen;
+ nbytes++; /* single cipher byte */
+ return nbytes;
}
static cdk_error_t
-write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk,
- int is_subkey, int old_ctb)
+write_secret_key(cdk_stream_t out, cdk_pkt_seckey_t sk,
+ int is_subkey, int old_ctb)
{
- cdk_pkt_pubkey_t pk = NULL;
- size_t size = 6, npkey, nskey;
- int pkttype, s2k_mode;
- cdk_error_t rc;
-
- if (!out || !sk)
- return CDK_Inv_Value;
-
- if (!sk->pk)
- return CDK_Inv_Value;
- pk = sk->pk;
- if (pk->version < 2 || pk->version > 4)
- return CDK_Inv_Packet;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_secret_key:\n");
-
- npkey = cdk_pk_get_npkey (pk->pubkey_algo);
- nskey = cdk_pk_get_nskey (pk->pubkey_algo);
- if (!npkey || !nskey)
- {
- gnutls_assert ();
- return CDK_Inv_Algo;
- }
- if (pk->version < 4)
- size += 2;
- /* If the key is unprotected, the 1 extra byte:
- 1 octet - cipher algorithm byte (0x00)
- the other bytes depend on the mode:
- a) simple checksum - 2 octets
- b) sha-1 checksum - 20 octets */
- size = !sk->is_protected ? size + 1 : size + 1 + calc_s2ksize (sk);
- size += calc_mpisize (pk->mpi, npkey);
- if (sk->version == 3 || !sk->is_protected)
- {
- if (sk->version == 3)
- {
- size += 2; /* force simple checksum */
- sk->protect.sha1chk = 0;
- }
- else
- size += sk->protect.sha1chk ? 20 : 2;
- size += calc_mpisize (sk->mpi, nskey);
- }
- else /* We do not know anything about the encrypted mpi's so we
- treat the data as uint8_t. */
- size += sk->enclen;
-
- pkttype = is_subkey ? CDK_PKT_SECRET_SUBKEY : CDK_PKT_SECRET_KEY;
- rc = pkt_write_head (out, old_ctb, size, pkttype);
- if (!rc)
- rc = stream_putc (out, pk->version);
- if (!rc)
- rc = write_32 (out, pk->timestamp);
- if (!rc && pk->version < 4)
- {
- u16 ndays = 0;
- if (pk->expiredate)
- ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
- rc = write_16 (out, ndays);
- }
- if (!rc)
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo));
-
- if (!rc)
- rc = write_mpibuf (out, pk->mpi, npkey);
-
- if (!rc)
- {
- if (sk->is_protected == 0)
- rc = stream_putc (out, 0x00);
- else
- {
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
- else if (sk->protect.s2k)
- {
- s2k_mode = sk->protect.s2k->mode;
- rc = stream_putc (out, sk->protect.sha1chk ? 0xFE : 0xFF);
- if (!rc)
- rc =
- stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
- if (!rc)
- rc = stream_putc (out, sk->protect.s2k->mode);
- if (!rc)
- rc = stream_putc (out, sk->protect.s2k->hash_algo);
- if (!rc && (s2k_mode == 1 || s2k_mode == 3))
- {
- rc = stream_write (out, sk->protect.s2k->salt, 8);
- if (!rc && s2k_mode == 3)
- rc = stream_putc (out, sk->protect.s2k->count);
- }
- }
- else
- return CDK_Inv_Value;
- if (!rc)
- rc = stream_write (out, sk->protect.iv, sk->protect.ivlen);
- }
- }
- if (!rc && sk->is_protected && pk->version == 4)
- {
- if (sk->encdata && sk->enclen)
- rc = stream_write (out, sk->encdata, sk->enclen);
- }
- else
- {
- if (!rc)
- rc = write_mpibuf (out, sk->mpi, nskey);
- if (!rc)
- {
- if (!sk->csum)
- sk->csum = _cdk_sk_get_csum (sk);
- rc = write_16 (out, sk->csum);
- }
- }
-
- return rc;
+ cdk_pkt_pubkey_t pk = NULL;
+ size_t size = 6, npkey, nskey;
+ int pkttype, s2k_mode;
+ cdk_error_t rc;
+
+ if (!out || !sk)
+ return CDK_Inv_Value;
+
+ if (!sk->pk)
+ return CDK_Inv_Value;
+ pk = sk->pk;
+ if (pk->version < 2 || pk->version > 4)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_secret_key:\n");
+
+ npkey = cdk_pk_get_npkey(pk->pubkey_algo);
+ nskey = cdk_pk_get_nskey(pk->pubkey_algo);
+ if (!npkey || !nskey) {
+ gnutls_assert();
+ return CDK_Inv_Algo;
+ }
+ if (pk->version < 4)
+ size += 2;
+ /* If the key is unprotected, the 1 extra byte:
+ 1 octet - cipher algorithm byte (0x00)
+ the other bytes depend on the mode:
+ a) simple checksum - 2 octets
+ b) sha-1 checksum - 20 octets */
+ size = !sk->is_protected ? size + 1 : size + 1 + calc_s2ksize(sk);
+ size += calc_mpisize(pk->mpi, npkey);
+ if (sk->version == 3 || !sk->is_protected) {
+ if (sk->version == 3) {
+ size += 2; /* force simple checksum */
+ sk->protect.sha1chk = 0;
+ } else
+ size += sk->protect.sha1chk ? 20 : 2;
+ size += calc_mpisize(sk->mpi, nskey);
+ } else /* We do not know anything about the encrypted mpi's so we
+ treat the data as uint8_t. */
+ size += sk->enclen;
+
+ pkttype = is_subkey ? CDK_PKT_SECRET_SUBKEY : CDK_PKT_SECRET_KEY;
+ rc = pkt_write_head(out, old_ctb, size, pkttype);
+ if (!rc)
+ rc = stream_putc(out, pk->version);
+ if (!rc)
+ rc = write_32(out, pk->timestamp);
+ if (!rc && pk->version < 4) {
+ u16 ndays = 0;
+ if (pk->expiredate)
+ ndays =
+ (u16) ((pk->expiredate -
+ pk->timestamp) / 86400L);
+ rc = write_16(out, ndays);
+ }
+ if (!rc)
+ rc = stream_putc(out,
+ _cdk_pub_algo_to_pgp(pk->pubkey_algo));
+
+ if (!rc)
+ rc = write_mpibuf(out, pk->mpi, npkey);
+
+ if (!rc) {
+ if (sk->is_protected == 0)
+ rc = stream_putc(out, 0x00);
+ else {
+ if (is_RSA(pk->pubkey_algo) && pk->version < 4)
+ rc = stream_putc(out,
+ _gnutls_cipher_to_pgp(sk->
+ protect.
+ algo));
+ else if (sk->protect.s2k) {
+ s2k_mode = sk->protect.s2k->mode;
+ rc = stream_putc(out,
+ sk->protect.
+ sha1chk ? 0xFE : 0xFF);
+ if (!rc)
+ rc = stream_putc(out,
+ _gnutls_cipher_to_pgp
+ (sk->protect.
+ algo));
+ if (!rc)
+ rc = stream_putc(out,
+ sk->protect.s2k->
+ mode);
+ if (!rc)
+ rc = stream_putc(out,
+ sk->protect.s2k->
+ hash_algo);
+ if (!rc
+ && (s2k_mode == 1 || s2k_mode == 3)) {
+ rc = stream_write(out,
+ sk->protect.s2k->
+ salt, 8);
+ if (!rc && s2k_mode == 3)
+ rc = stream_putc(out,
+ sk->
+ protect.
+ s2k->
+ count);
+ }
+ } else
+ return CDK_Inv_Value;
+ if (!rc)
+ rc = stream_write(out, sk->protect.iv,
+ sk->protect.ivlen);
+ }
+ }
+ if (!rc && sk->is_protected && pk->version == 4) {
+ if (sk->encdata && sk->enclen)
+ rc = stream_write(out, sk->encdata, sk->enclen);
+ } else {
+ if (!rc)
+ rc = write_mpibuf(out, sk->mpi, nskey);
+ if (!rc) {
+ if (!sk->csum)
+ sk->csum = _cdk_sk_get_csum(sk);
+ rc = write_16(out, sk->csum);
+ }
+ }
+
+ return rc;
}
static cdk_error_t
-write_compressed (cdk_stream_t out, cdk_pkt_compressed_t cd)
+write_compressed(cdk_stream_t out, cdk_pkt_compressed_t cd)
{
- cdk_error_t rc;
+ cdk_error_t rc;
- if (!out || !cd)
- return CDK_Inv_Value;
+ if (!out || !cd)
+ return CDK_Inv_Value;
- if (DEBUG_PKT)
- _gnutls_write_log ("packet: write_compressed\n");
+ if (DEBUG_PKT)
+ _gnutls_write_log("packet: write_compressed\n");
- /* Use an old (RFC1991) header for this packet. */
- rc = pkt_write_head (out, 1, 0, CDK_PKT_COMPRESSED);
- if (!rc)
- rc = stream_putc (out, cd->algorithm);
- return rc;
+ /* Use an old (RFC1991) header for this packet. */
+ rc = pkt_write_head(out, 1, 0, CDK_PKT_COMPRESSED);
+ if (!rc)
+ rc = stream_putc(out, cd->algorithm);
+ return rc;
}
static cdk_error_t
-write_literal (cdk_stream_t out, cdk_pkt_literal_t pt, int old_ctb)
+write_literal(cdk_stream_t out, cdk_pkt_literal_t pt, int old_ctb)
{
- byte buf[BUFSIZE];
- size_t size;
- cdk_error_t rc;
-
- if (!out || !pt)
- return CDK_Inv_Value;
-
- /* We consider a packet without a body as an invalid packet.
- At least one octet must be present. */
- if (!pt->len)
- return CDK_Inv_Packet;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_literal:\n");
-
- size = 6 + pt->namelen + pt->len;
- rc = pkt_write_head (out, old_ctb, size, CDK_PKT_LITERAL);
- if (rc)
- return rc;
-
- rc = stream_putc (out, pt->mode);
- if (rc)
- return rc;
- rc = stream_putc (out, pt->namelen);
- if (rc)
- return rc;
-
- if (pt->namelen > 0)
- rc = stream_write (out, pt->name, pt->namelen);
- if (!rc)
- rc = write_32 (out, pt->timestamp);
- if (rc)
- return rc;
-
- while (!cdk_stream_eof (pt->buf) && !rc)
- {
- rc = stream_read (pt->buf, buf, DIM (buf), &size);
- if (!rc)
- rc = stream_write (out, buf, size);
- }
-
- memset (buf, 0, sizeof (buf));
- return rc;
+ byte buf[BUFSIZE];
+ size_t size;
+ cdk_error_t rc;
+
+ if (!out || !pt)
+ return CDK_Inv_Value;
+
+ /* We consider a packet without a body as an invalid packet.
+ At least one octet must be present. */
+ if (!pt->len)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_literal:\n");
+
+ size = 6 + pt->namelen + pt->len;
+ rc = pkt_write_head(out, old_ctb, size, CDK_PKT_LITERAL);
+ if (rc)
+ return rc;
+
+ rc = stream_putc(out, pt->mode);
+ if (rc)
+ return rc;
+ rc = stream_putc(out, pt->namelen);
+ if (rc)
+ return rc;
+
+ if (pt->namelen > 0)
+ rc = stream_write(out, pt->name, pt->namelen);
+ if (!rc)
+ rc = write_32(out, pt->timestamp);
+ if (rc)
+ return rc;
+
+ while (!cdk_stream_eof(pt->buf) && !rc) {
+ rc = stream_read(pt->buf, buf, DIM(buf), &size);
+ if (!rc)
+ rc = stream_write(out, buf, size);
+ }
+
+ memset(buf, 0, sizeof(buf));
+ return rc;
}
static cdk_error_t
-write_onepass_sig (cdk_stream_t out, cdk_pkt_onepass_sig_t sig)
+write_onepass_sig(cdk_stream_t out, cdk_pkt_onepass_sig_t sig)
{
- cdk_error_t rc;
-
- if (!out || !sig)
- return CDK_Inv_Value;
-
- if (sig->version != 3)
- return CDK_Inv_Packet;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_onepass_sig:\n");
-
- rc = pkt_write_head (out, 0, 13, CDK_PKT_ONEPASS_SIG);
- if (!rc)
- rc = stream_putc (out, sig->version);
- if (!rc)
- rc = stream_putc (out, sig->sig_class);
- if (!rc)
- rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
- if (!rc)
- rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
- if (!rc)
- rc = write_32 (out, sig->keyid[0]);
- if (!rc)
- rc = write_32 (out, sig->keyid[1]);
- if (!rc)
- rc = stream_putc (out, sig->last);
- return rc;
+ cdk_error_t rc;
+
+ if (!out || !sig)
+ return CDK_Inv_Value;
+
+ if (sig->version != 3)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_onepass_sig:\n");
+
+ rc = pkt_write_head(out, 0, 13, CDK_PKT_ONEPASS_SIG);
+ if (!rc)
+ rc = stream_putc(out, sig->version);
+ if (!rc)
+ rc = stream_putc(out, sig->sig_class);
+ if (!rc)
+ rc = stream_putc(out,
+ _gnutls_hash_algo_to_pgp(sig->
+ digest_algo));
+ if (!rc)
+ rc = stream_putc(out,
+ _cdk_pub_algo_to_pgp(sig->pubkey_algo));
+ if (!rc)
+ rc = write_32(out, sig->keyid[0]);
+ if (!rc)
+ rc = write_32(out, sig->keyid[1]);
+ if (!rc)
+ rc = stream_putc(out, sig->last);
+ return rc;
}
static cdk_error_t
-write_user_id (cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb,
- int pkttype)
+write_user_id(cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb,
+ int pkttype)
{
- cdk_error_t rc;
-
- if (!out || !id)
- return CDK_Inv_Value;
-
- if (pkttype == CDK_PKT_ATTRIBUTE)
- {
- if (!id->attrib_img)
- return CDK_Inv_Value;
- rc =
- pkt_write_head (out, old_ctb, id->attrib_len + 6, CDK_PKT_ATTRIBUTE);
- if (rc)
- return rc;
- /* Write subpacket part. */
- stream_putc (out, 255);
- write_32 (out, id->attrib_len + 1);
- stream_putc (out, 1);
- rc = stream_write (out, id->attrib_img, id->attrib_len);
- }
- else
- {
- if (!id->name)
- return CDK_Inv_Value;
- rc = pkt_write_head (out, old_ctb, id->len, CDK_PKT_USER_ID);
- if (!rc)
- rc = stream_write (out, id->name, id->len);
- }
-
- return rc;
+ cdk_error_t rc;
+
+ if (!out || !id)
+ return CDK_Inv_Value;
+
+ if (pkttype == CDK_PKT_ATTRIBUTE) {
+ if (!id->attrib_img)
+ return CDK_Inv_Value;
+ rc = pkt_write_head(out, old_ctb, id->attrib_len + 6,
+ CDK_PKT_ATTRIBUTE);
+ if (rc)
+ return rc;
+ /* Write subpacket part. */
+ stream_putc(out, 255);
+ write_32(out, id->attrib_len + 1);
+ stream_putc(out, 1);
+ rc = stream_write(out, id->attrib_img, id->attrib_len);
+ } else {
+ if (!id->name)
+ return CDK_Inv_Value;
+ rc = pkt_write_head(out, old_ctb, id->len,
+ CDK_PKT_USER_ID);
+ if (!rc)
+ rc = stream_write(out, id->name, id->len);
+ }
+
+ return rc;
}
@@ -792,109 +786,113 @@ write_user_id (cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb,
* Write the contents of @pkt into the @out stream.
* Return 0 on success.
**/
-cdk_error_t
-cdk_pkt_write (cdk_stream_t out, cdk_packet_t pkt)
+cdk_error_t cdk_pkt_write(cdk_stream_t out, cdk_packet_t pkt)
{
- cdk_error_t rc;
-
- if (!out || !pkt)
- return CDK_Inv_Value;
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write packet pkttype=%d\n", pkt->pkttype);
-
- switch (pkt->pkttype)
- {
- case CDK_PKT_LITERAL:
- rc = write_literal (out, pkt->pkt.literal, pkt->old_ctb);
- break;
- case CDK_PKT_ONEPASS_SIG:
- rc = write_onepass_sig (out, pkt->pkt.onepass_sig);
- break;
- case CDK_PKT_MDC:
- rc = write_mdc (out, pkt->pkt.mdc);
- break;
- case CDK_PKT_PUBKEY_ENC:
- rc = write_pubkey_enc (out, pkt->pkt.pubkey_enc, pkt->old_ctb);
- break;
- case CDK_PKT_SIGNATURE:
- rc = write_signature (out, pkt->pkt.signature, pkt->old_ctb);
- break;
- case CDK_PKT_PUBLIC_KEY:
- rc = write_public_key (out, pkt->pkt.public_key, 0, pkt->old_ctb);
- break;
- case CDK_PKT_PUBLIC_SUBKEY:
- rc = write_public_key (out, pkt->pkt.public_key, 1, pkt->old_ctb);
- break;
- case CDK_PKT_COMPRESSED:
- rc = write_compressed (out, pkt->pkt.compressed);
- break;
- case CDK_PKT_SECRET_KEY:
- rc = write_secret_key (out, pkt->pkt.secret_key, 0, pkt->old_ctb);
- break;
- case CDK_PKT_SECRET_SUBKEY:
- rc = write_secret_key (out, pkt->pkt.secret_key, 1, pkt->old_ctb);
- break;
- case CDK_PKT_USER_ID:
- case CDK_PKT_ATTRIBUTE:
- rc = write_user_id (out, pkt->pkt.user_id, pkt->old_ctb, pkt->pkttype);
- break;
- default:
- rc = CDK_Inv_Packet;
- break;
- }
-
- if (DEBUG_PKT)
- _gnutls_write_log ("write_packet rc=%d pkttype=%d\n", rc, pkt->pkttype);
- return rc;
+ cdk_error_t rc;
+
+ if (!out || !pkt)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write packet pkttype=%d\n",
+ pkt->pkttype);
+
+ switch (pkt->pkttype) {
+ case CDK_PKT_LITERAL:
+ rc = write_literal(out, pkt->pkt.literal, pkt->old_ctb);
+ break;
+ case CDK_PKT_ONEPASS_SIG:
+ rc = write_onepass_sig(out, pkt->pkt.onepass_sig);
+ break;
+ case CDK_PKT_MDC:
+ rc = write_mdc(out, pkt->pkt.mdc);
+ break;
+ case CDK_PKT_PUBKEY_ENC:
+ rc = write_pubkey_enc(out, pkt->pkt.pubkey_enc,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_SIGNATURE:
+ rc = write_signature(out, pkt->pkt.signature,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_PUBLIC_KEY:
+ rc = write_public_key(out, pkt->pkt.public_key, 0,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_PUBLIC_SUBKEY:
+ rc = write_public_key(out, pkt->pkt.public_key, 1,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_COMPRESSED:
+ rc = write_compressed(out, pkt->pkt.compressed);
+ break;
+ case CDK_PKT_SECRET_KEY:
+ rc = write_secret_key(out, pkt->pkt.secret_key, 0,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_SECRET_SUBKEY:
+ rc = write_secret_key(out, pkt->pkt.secret_key, 1,
+ pkt->old_ctb);
+ break;
+ case CDK_PKT_USER_ID:
+ case CDK_PKT_ATTRIBUTE:
+ rc = write_user_id(out, pkt->pkt.user_id, pkt->old_ctb,
+ pkt->pkttype);
+ break;
+ default:
+ rc = CDK_Inv_Packet;
+ break;
+ }
+
+ if (DEBUG_PKT)
+ _gnutls_write_log("write_packet rc=%d pkttype=%d\n", rc,
+ pkt->pkttype);
+ return rc;
}
-cdk_error_t
-_cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx)
+cdk_error_t _cdk_pkt_write2(cdk_stream_t out, int pkttype, void *pktctx)
{
- cdk_packet_t pkt;
- cdk_error_t rc;
-
- rc = cdk_pkt_new (&pkt);
- if (rc)
- return rc;
-
- switch (pkttype)
- {
- case CDK_PKT_PUBLIC_KEY:
- case CDK_PKT_PUBLIC_SUBKEY:
- pkt->pkt.public_key = pktctx;
- break;
- case CDK_PKT_SIGNATURE:
- pkt->pkt.signature = pktctx;
- break;
- case CDK_PKT_SECRET_KEY:
- case CDK_PKT_SECRET_SUBKEY:
- pkt->pkt.secret_key = pktctx;
- break;
-
- case CDK_PKT_USER_ID:
- pkt->pkt.user_id = pktctx;
- break;
- }
- pkt->pkttype = pkttype;
- rc = cdk_pkt_write (out, pkt);
- cdk_free (pkt);
- return rc;
+ cdk_packet_t pkt;
+ cdk_error_t rc;
+
+ rc = cdk_pkt_new(&pkt);
+ if (rc)
+ return rc;
+
+ switch (pkttype) {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key = pktctx;
+ break;
+ case CDK_PKT_SIGNATURE:
+ pkt->pkt.signature = pktctx;
+ break;
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key = pktctx;
+ break;
+
+ case CDK_PKT_USER_ID:
+ pkt->pkt.user_id = pktctx;
+ break;
+ }
+ pkt->pkttype = pkttype;
+ rc = cdk_pkt_write(out, pkt);
+ cdk_free(pkt);
+ return rc;
}
-cdk_error_t
-_cdk_pkt_write_fp (FILE * out, cdk_packet_t pkt)
+cdk_error_t _cdk_pkt_write_fp(FILE * out, cdk_packet_t pkt)
{
- cdk_stream_t so;
- cdk_error_t rc;
-
- rc = _cdk_stream_fpopen (out, 1, &so);
- if (rc)
- return rc;
- rc = cdk_pkt_write (so, pkt);
- cdk_stream_close (so);
- return rc;
+ cdk_stream_t so;
+ cdk_error_t rc;
+
+ rc = _cdk_stream_fpopen(out, 1, &so);
+ if (rc)
+ return rc;
+ rc = cdk_pkt_write(so, pkt);
+ cdk_stream_close(so);
+ return rc;
}
diff --git a/lib/openpgp/compat.c b/lib/openpgp/compat.c
index 56472967e3..7c7bd698e4 100644
--- a/lib/openpgp/compat.c
+++ b/lib/openpgp/compat.c
@@ -44,73 +44,69 @@
* may use GnuPG for that purpose, or any other external PGP application.
-*/
int
-_gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred,
- const char* hostname,
- const gnutls_datum_t * cert_list,
- int cert_list_length, unsigned int *status)
+_gnutls_openpgp_verify_key(const gnutls_certificate_credentials_t cred,
+ const char *hostname,
+ const gnutls_datum_t * cert_list,
+ int cert_list_length, unsigned int *status)
{
- int ret = 0;
- gnutls_openpgp_crt_t key = NULL;
- unsigned int verify = 0, verify_self = 0;
-
- if (!cert_list || cert_list_length != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- ret = gnutls_openpgp_crt_init (&key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- gnutls_openpgp_crt_import (key, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- gnutls_assert ();
- goto leave;
- }
-
- if (cred->keyring != NULL)
- {
- ret = gnutls_openpgp_crt_verify_ring (key, cred->keyring, 0, &verify);
- if (ret < 0)
- {
- gnutls_assert ();
- goto leave;
- }
- }
-
- /* Now try the self signature. */
- ret = gnutls_openpgp_crt_verify_self (key, 0, &verify_self);
- if (ret < 0)
- {
- gnutls_assert ();
- goto leave;
- }
-
- *status = verify_self | verify;
-
- /* If we only checked the self signature. */
- if (!cred->keyring)
- *status |= GNUTLS_CERT_SIGNER_NOT_FOUND;
-
- if (hostname)
- {
- ret = gnutls_openpgp_crt_check_hostname(key, hostname);
- if (ret == 0)
- *status |= GNUTLS_CERT_UNEXPECTED_OWNER;
- }
-
- ret = 0;
-
-leave:
- gnutls_openpgp_crt_deinit (key);
-
- return ret;
+ int ret = 0;
+ gnutls_openpgp_crt_t key = NULL;
+ unsigned int verify = 0, verify_self = 0;
+
+ if (!cert_list || cert_list_length != 1) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ ret = gnutls_openpgp_crt_init(&key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_openpgp_crt_import(key, &cert_list[0],
+ GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ gnutls_assert();
+ goto leave;
+ }
+
+ if (cred->keyring != NULL) {
+ ret =
+ gnutls_openpgp_crt_verify_ring(key, cred->keyring, 0,
+ &verify);
+ if (ret < 0) {
+ gnutls_assert();
+ goto leave;
+ }
+ }
+
+ /* Now try the self signature. */
+ ret = gnutls_openpgp_crt_verify_self(key, 0, &verify_self);
+ if (ret < 0) {
+ gnutls_assert();
+ goto leave;
+ }
+
+ *status = verify_self | verify;
+
+ /* If we only checked the self signature. */
+ if (!cred->keyring)
+ *status |= GNUTLS_CERT_SIGNER_NOT_FOUND;
+
+ if (hostname) {
+ ret = gnutls_openpgp_crt_check_hostname(key, hostname);
+ if (ret == 0)
+ *status |= GNUTLS_CERT_UNEXPECTED_OWNER;
+ }
+
+ ret = 0;
+
+ leave:
+ gnutls_openpgp_crt_deinit(key);
+
+ return ret;
}
/*-
@@ -123,35 +119,32 @@ leave:
* the fingerprint can be 16 or 20 bytes.
-*/
int
-_gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
- unsigned char *fpr, size_t * fprlen)
+_gnutls_openpgp_fingerprint(const gnutls_datum_t * cert,
+ unsigned char *fpr, size_t * fprlen)
{
- gnutls_openpgp_crt_t key;
- int ret;
-
- ret = gnutls_openpgp_crt_init (&key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_openpgp_crt_get_fingerprint (key, fpr, fprlen);
- gnutls_openpgp_crt_deinit (key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+ gnutls_openpgp_crt_t key;
+ int ret;
+
+ ret = gnutls_openpgp_crt_init(&key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_import(key, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_get_fingerprint(key, fpr, fprlen);
+ gnutls_openpgp_crt_deinit(key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/*-
@@ -161,31 +154,29 @@ _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
* Returns the timestamp when the OpenPGP key was created.
-*/
time_t
-_gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * cert)
+_gnutls_openpgp_get_raw_key_creation_time(const gnutls_datum_t * cert)
{
- gnutls_openpgp_crt_t key;
- int ret;
- time_t tim;
+ gnutls_openpgp_crt_t key;
+ int ret;
+ time_t tim;
- ret = gnutls_openpgp_crt_init (&key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_init(&key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_import(key, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- tim = gnutls_openpgp_crt_get_creation_time (key);
+ tim = gnutls_openpgp_crt_get_creation_time(key);
- gnutls_openpgp_crt_deinit (key);
+ gnutls_openpgp_crt_deinit(key);
- return tim;
+ return tim;
}
@@ -197,29 +188,27 @@ _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * cert)
* that the key doesn't expire at all.
-*/
time_t
-_gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t * cert)
+_gnutls_openpgp_get_raw_key_expiration_time(const gnutls_datum_t * cert)
{
- gnutls_openpgp_crt_t key;
- int ret;
- time_t tim;
+ gnutls_openpgp_crt_t key;
+ int ret;
+ time_t tim;
- ret = gnutls_openpgp_crt_init (&key);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_init(&key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_import(key, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- tim = gnutls_openpgp_crt_get_expiration_time (key);
+ tim = gnutls_openpgp_crt_get_expiration_time(key);
- gnutls_openpgp_crt_deinit (key);
+ gnutls_openpgp_crt_deinit(key);
- return tim;
+ return tim;
}
diff --git a/lib/openpgp/extras.c b/lib/openpgp/extras.c
index d7b342c017..65bb488172 100644
--- a/lib/openpgp/extras.c
+++ b/lib/openpgp/extras.c
@@ -42,14 +42,13 @@
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring)
+int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t * keyring)
{
- *keyring = gnutls_calloc (1, sizeof (gnutls_openpgp_keyring_int));
+ *keyring = gnutls_calloc(1, sizeof(gnutls_openpgp_keyring_int));
- if (*keyring)
- return 0; /* success */
- return GNUTLS_E_MEMORY_ERROR;
+ if (*keyring)
+ return 0; /* success */
+ return GNUTLS_E_MEMORY_ERROR;
}
@@ -59,19 +58,17 @@ gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring)
*
* This function will deinitialize a keyring structure.
**/
-void
-gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring)
+void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t keyring)
{
- if (!keyring)
- return;
+ if (!keyring)
+ return;
- if (keyring->db)
- {
- cdk_keydb_free (keyring->db);
- keyring->db = NULL;
- }
+ if (keyring->db) {
+ cdk_keydb_free(keyring->db);
+ keyring->db = NULL;
+ }
- gnutls_free (keyring);
+ gnutls_free(keyring);
}
/**
@@ -86,24 +83,24 @@ gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring)
* negative error code on failure.
**/
int
-gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
- const gnutls_openpgp_keyid_t keyid,
- unsigned int flags)
+gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring,
+ const gnutls_openpgp_keyid_t keyid,
+ unsigned int flags)
{
- cdk_pkt_pubkey_t pk;
- uint32_t id[2];
+ cdk_pkt_pubkey_t pk;
+ uint32_t id[2];
- id[0] = _gnutls_read_uint32 (keyid);
- id[1] = _gnutls_read_uint32 (&keyid[4]);
+ id[0] = _gnutls_read_uint32(keyid);
+ id[1] = _gnutls_read_uint32(&keyid[4]);
- if (!cdk_keydb_get_pk (ring->db, id, &pk))
- {
- cdk_pk_release (pk);
- return 0;
- }
+ if (!cdk_keydb_get_pk(ring->db, id, &pk)) {
+ cdk_pk_release(pk);
+ return 0;
+ }
- _gnutls_debug_log ("PGP: key not found %08lX\n", (unsigned long) id[1]);
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ _gnutls_debug_log("PGP: key not found %08lX\n",
+ (unsigned long) id[1]);
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
}
/**
@@ -119,87 +116,84 @@ gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t keyring,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format)
{
- cdk_error_t err;
- cdk_stream_t input = NULL;
- size_t raw_len = 0;
- uint8_t *raw_data = NULL;
-
- if (data->data == NULL || data->size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- _gnutls_debug_log ("PGP: keyring import format '%s'\n",
- format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64");
-
- /* Create a new stream from the given data, decode it, and import
- * the raw database. This to avoid using opencdk streams which are
- * not thread safe.
- */
- if (format == GNUTLS_OPENPGP_FMT_BASE64)
- {
- size_t written = 0;
-
- err = cdk_stream_tmp_from_mem (data->data, data->size, &input);
- if (err == 0)
- err = cdk_stream_set_armor_flag (input, 0);
- if (err)
- {
- gnutls_assert ();
- err = _gnutls_map_cdk_rc (err);
- goto error;
- }
-
- raw_len = cdk_stream_get_length (input);
- if (raw_len == 0)
- {
- gnutls_assert ();
- err = GNUTLS_E_BASE64_DECODING_ERROR;
- goto error;
- }
-
- raw_data = gnutls_malloc (raw_len);
- if (raw_data == NULL)
- {
- gnutls_assert ();
- err = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- do
- {
- err =
- cdk_stream_read (input, raw_data + written, raw_len - written);
-
- if (err > 0)
- written += err;
- }
- while (written < raw_len && err != EOF && err > 0);
-
- raw_len = written;
- }
- else
- { /* RAW */
- raw_len = data->size;
- raw_data = data->data;
- }
-
- err = cdk_keydb_new_from_mem (&keyring->db, 0, 0, raw_data, raw_len);
- if (err)
- gnutls_assert ();
-
- return _gnutls_map_cdk_rc (err);
-
-error:
- gnutls_free (raw_data);
- cdk_stream_close (input);
-
- return err;
+ cdk_error_t err;
+ cdk_stream_t input = NULL;
+ size_t raw_len = 0;
+ uint8_t *raw_data = NULL;
+
+ if (data->data == NULL || data->size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ _gnutls_debug_log("PGP: keyring import format '%s'\n",
+ format ==
+ GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64");
+
+ /* Create a new stream from the given data, decode it, and import
+ * the raw database. This to avoid using opencdk streams which are
+ * not thread safe.
+ */
+ if (format == GNUTLS_OPENPGP_FMT_BASE64) {
+ size_t written = 0;
+
+ err =
+ cdk_stream_tmp_from_mem(data->data, data->size,
+ &input);
+ if (err == 0)
+ err = cdk_stream_set_armor_flag(input, 0);
+ if (err) {
+ gnutls_assert();
+ err = _gnutls_map_cdk_rc(err);
+ goto error;
+ }
+
+ raw_len = cdk_stream_get_length(input);
+ if (raw_len == 0) {
+ gnutls_assert();
+ err = GNUTLS_E_BASE64_DECODING_ERROR;
+ goto error;
+ }
+
+ raw_data = gnutls_malloc(raw_len);
+ if (raw_data == NULL) {
+ gnutls_assert();
+ err = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ do {
+ err =
+ cdk_stream_read(input, raw_data + written,
+ raw_len - written);
+
+ if (err > 0)
+ written += err;
+ }
+ while (written < raw_len && err != EOF && err > 0);
+
+ raw_len = written;
+ } else { /* RAW */
+ raw_len = data->size;
+ raw_data = data->data;
+ }
+
+ err =
+ cdk_keydb_new_from_mem(&keyring->db, 0, 0, raw_data, raw_len);
+ if (err)
+ gnutls_assert();
+
+ return _gnutls_map_cdk_rc(err);
+
+ error:
+ gnutls_free(raw_data);
+ cdk_stream_close(input);
+
+ return err;
}
#define knode_is_pkey(node) \
@@ -214,41 +208,38 @@ error:
*
* Returns: the number of subkeys, or a negative error code on error.
**/
-int
-gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring)
+int gnutls_openpgp_keyring_get_crt_count(gnutls_openpgp_keyring_t ring)
{
- cdk_kbnode_t knode;
- cdk_error_t err;
- cdk_keydb_search_t st;
- int ret = 0;
-
- err = cdk_keydb_search_start (&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
- if (err != CDK_Success)
- {
- gnutls_assert ();
- return _gnutls_map_cdk_rc (err);
- }
-
- do
- {
- err = cdk_keydb_search (st, ring->db, &knode);
- if (err != CDK_Error_No_Key && err != CDK_Success)
- {
- gnutls_assert ();
- cdk_keydb_search_release (st);
- return _gnutls_map_cdk_rc (err);
- }
-
- if (knode_is_pkey (knode))
- ret++;
-
- cdk_kbnode_release (knode);
-
- }
- while (err != CDK_Error_No_Key);
-
- cdk_keydb_search_release (st);
- return ret;
+ cdk_kbnode_t knode;
+ cdk_error_t err;
+ cdk_keydb_search_t st;
+ int ret = 0;
+
+ err =
+ cdk_keydb_search_start(&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
+ if (err != CDK_Success) {
+ gnutls_assert();
+ return _gnutls_map_cdk_rc(err);
+ }
+
+ do {
+ err = cdk_keydb_search(st, ring->db, &knode);
+ if (err != CDK_Error_No_Key && err != CDK_Success) {
+ gnutls_assert();
+ cdk_keydb_search_release(st);
+ return _gnutls_map_cdk_rc(err);
+ }
+
+ if (knode_is_pkey(knode))
+ ret++;
+
+ cdk_kbnode_release(knode);
+
+ }
+ while (err != CDK_Error_No_Key);
+
+ cdk_keydb_search_release(st);
+ return ret;
}
/**
@@ -265,49 +256,47 @@ gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring,
- unsigned int idx, gnutls_openpgp_crt_t * cert)
+gnutls_openpgp_keyring_get_crt(gnutls_openpgp_keyring_t ring,
+ unsigned int idx,
+ gnutls_openpgp_crt_t * cert)
{
- cdk_kbnode_t knode;
- cdk_error_t err;
- int ret = 0;
- unsigned int count = 0;
- cdk_keydb_search_t st;
-
- err = cdk_keydb_search_start (&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
- if (err != CDK_Success)
- {
- gnutls_assert ();
- return _gnutls_map_cdk_rc (err);
- }
-
- do
- {
- err = cdk_keydb_search (st, ring->db, &knode);
- if (err != CDK_EOF && err != CDK_Success)
- {
- gnutls_assert ();
- cdk_keydb_search_release (st);
- return _gnutls_map_cdk_rc (err);
- }
-
- if (idx == count && err == CDK_Success)
- {
- ret = gnutls_openpgp_crt_init (cert);
- if (ret == 0)
- (*cert)->knode = knode;
- cdk_keydb_search_release (st);
- return ret;
- }
-
- if (knode_is_pkey (knode))
- count++;
-
- cdk_kbnode_release (knode);
-
- }
- while (err != CDK_EOF);
-
- cdk_keydb_search_release (st);
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ cdk_kbnode_t knode;
+ cdk_error_t err;
+ int ret = 0;
+ unsigned int count = 0;
+ cdk_keydb_search_t st;
+
+ err =
+ cdk_keydb_search_start(&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
+ if (err != CDK_Success) {
+ gnutls_assert();
+ return _gnutls_map_cdk_rc(err);
+ }
+
+ do {
+ err = cdk_keydb_search(st, ring->db, &knode);
+ if (err != CDK_EOF && err != CDK_Success) {
+ gnutls_assert();
+ cdk_keydb_search_release(st);
+ return _gnutls_map_cdk_rc(err);
+ }
+
+ if (idx == count && err == CDK_Success) {
+ ret = gnutls_openpgp_crt_init(cert);
+ if (ret == 0)
+ (*cert)->knode = knode;
+ cdk_keydb_search_release(st);
+ return ret;
+ }
+
+ if (knode_is_pkey(knode))
+ count++;
+
+ cdk_kbnode_release(knode);
+
+ }
+ while (err != CDK_EOF);
+
+ cdk_keydb_search_release(st);
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index cbc0da7a98..7c05e1fbfc 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -35,32 +35,30 @@
#include <sys/stat.h>
/* Map an OpenCDK error type to a GnuTLS error type. */
-int
-_gnutls_map_cdk_rc (int rc)
+int _gnutls_map_cdk_rc(int rc)
{
- switch (rc)
- {
- case CDK_Success:
- return 0;
- case CDK_EOF:
- return GNUTLS_E_PARSING_ERROR;
- case CDK_Too_Short:
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- case CDK_General_Error:
- return GNUTLS_E_INTERNAL_ERROR;
- case CDK_File_Error:
- return GNUTLS_E_FILE_ERROR;
- case CDK_MPI_Error:
- return GNUTLS_E_MPI_SCAN_FAILED;
- case CDK_Error_No_Key:
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- case CDK_Armor_Error:
- return GNUTLS_E_BASE64_DECODING_ERROR;
- case CDK_Inv_Value:
- return GNUTLS_E_INVALID_REQUEST;
- default:
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ switch (rc) {
+ case CDK_Success:
+ return 0;
+ case CDK_EOF:
+ return GNUTLS_E_PARSING_ERROR;
+ case CDK_Too_Short:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ case CDK_General_Error:
+ return GNUTLS_E_INTERNAL_ERROR;
+ case CDK_File_Error:
+ return GNUTLS_E_FILE_ERROR;
+ case CDK_MPI_Error:
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ case CDK_Error_No_Key:
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ case CDK_Armor_Error:
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ case CDK_Inv_Value:
+ return GNUTLS_E_INVALID_REQUEST;
+ default:
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
/**
@@ -82,95 +80,90 @@ _gnutls_map_cdk_rc (int rc)
* otherwise a negative error code is returned.
**/
int
-gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res,
- gnutls_openpgp_crt_t crt,
- gnutls_openpgp_privkey_t pkey)
+gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials_t res,
+ gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_privkey_t pkey)
{
- int ret, ret2, i;
- gnutls_privkey_t privkey;
- gnutls_pcert_st *ccert = NULL;
- char name[MAX_CN];
- size_t max_size;
- gnutls_str_array_t names;
-
- _gnutls_str_array_init(&names);
-
- /* this should be first */
-
- ret = gnutls_privkey_init (&privkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- gnutls_privkey_import_openpgp (privkey, pkey,
- GNUTLS_PRIVKEY_IMPORT_COPY);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ccert = gnutls_calloc (1, sizeof (gnutls_pcert_st));
- if (ccert == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- max_size = sizeof(name);
- ret = 0;
- for (i = 0; !(ret < 0); i++)
- {
- ret = gnutls_openpgp_crt_get_name(crt, i, name, &max_size);
- if (ret >= 0)
- {
- ret2 = _gnutls_str_array_append(&names, name, max_size);
- if (ret2 < 0)
- {
- gnutls_assert();
- ret = ret2;
- goto cleanup;
- }
- }
- }
-
- ret = gnutls_pcert_import_openpgp (ccert, crt, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = certificate_credentials_append_pkey (res, privkey);
- if (ret >= 0)
- ret = certificate_credential_append_crt_list (res, names, ccert, 1);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- res->ncerts++;
-
- ret = _gnutls_check_key_cert_match (res);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
-
-cleanup:
- gnutls_privkey_deinit (privkey);
- gnutls_free (ccert);
- _gnutls_str_array_clear(&names);
- return ret;
+ int ret, ret2, i;
+ gnutls_privkey_t privkey;
+ gnutls_pcert_st *ccert = NULL;
+ char name[MAX_CN];
+ size_t max_size;
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
+
+ /* this should be first */
+
+ ret = gnutls_privkey_init(&privkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_privkey_import_openpgp(privkey, pkey,
+ GNUTLS_PRIVKEY_IMPORT_COPY);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ccert = gnutls_calloc(1, sizeof(gnutls_pcert_st));
+ if (ccert == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ max_size = sizeof(name);
+ ret = 0;
+ for (i = 0; !(ret < 0); i++) {
+ ret = gnutls_openpgp_crt_get_name(crt, i, name, &max_size);
+ if (ret >= 0) {
+ ret2 =
+ _gnutls_str_array_append(&names, name,
+ max_size);
+ if (ret2 < 0) {
+ gnutls_assert();
+ ret = ret2;
+ goto cleanup;
+ }
+ }
+ }
+
+ ret = gnutls_pcert_import_openpgp(ccert, crt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = certificate_credentials_append_pkey(res, privkey);
+ if (ret >= 0)
+ ret =
+ certificate_credential_append_crt_list(res, names,
+ ccert, 1);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ res->ncerts++;
+
+ ret = _gnutls_check_key_cert_match(res);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
+
+ cleanup:
+ gnutls_privkey_deinit(privkey);
+ gnutls_free(ccert);
+ _gnutls_str_array_clear(&names);
+ return ret;
}
/*-
@@ -184,67 +177,60 @@ cleanup:
* from a binary or a file keyring.
-*/
int
-gnutls_openpgp_get_key (gnutls_datum_t * key,
- gnutls_openpgp_keyring_t keyring, key_attr_t by,
- uint8_t * pattern)
+gnutls_openpgp_get_key(gnutls_datum_t * key,
+ gnutls_openpgp_keyring_t keyring, key_attr_t by,
+ uint8_t * pattern)
{
- cdk_kbnode_t knode = NULL;
- unsigned long keyid[2];
- unsigned char *buf;
- void *desc;
- size_t len;
- int rc = 0;
- cdk_keydb_search_t st;
-
- if (!key || !keyring || by == KEY_ATTR_NONE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- memset (key, 0, sizeof *key);
-
- if (by == KEY_ATTR_SHORT_KEYID)
- {
- keyid[0] = _gnutls_read_uint32 (pattern);
- desc = keyid;
- }
- else if (by == KEY_ATTR_KEYID)
- {
- keyid[0] = _gnutls_read_uint32 (pattern);
- keyid[1] = _gnutls_read_uint32 (pattern + 4);
- desc = keyid;
- }
- else
- desc = pattern;
- rc = cdk_keydb_search_start (&st, keyring->db, by, desc);
- if (!rc)
- rc = cdk_keydb_search (st, keyring->db, &knode);
-
- cdk_keydb_search_release (st);
-
- if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- goto leave;
- }
-
- if (!cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY))
- {
- rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
- goto leave;
- }
-
- /* We let the function allocate the buffer to avoid
- to call the function twice. */
- rc = cdk_kbnode_write_to_mem_alloc (knode, &buf, &len);
- if (!rc)
- _gnutls_datum_append (key, buf, len);
- gnutls_free (buf);
-
-leave:
- cdk_kbnode_release (knode);
- return rc;
+ cdk_kbnode_t knode = NULL;
+ unsigned long keyid[2];
+ unsigned char *buf;
+ void *desc;
+ size_t len;
+ int rc = 0;
+ cdk_keydb_search_t st;
+
+ if (!key || !keyring || by == KEY_ATTR_NONE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memset(key, 0, sizeof *key);
+
+ if (by == KEY_ATTR_SHORT_KEYID) {
+ keyid[0] = _gnutls_read_uint32(pattern);
+ desc = keyid;
+ } else if (by == KEY_ATTR_KEYID) {
+ keyid[0] = _gnutls_read_uint32(pattern);
+ keyid[1] = _gnutls_read_uint32(pattern + 4);
+ desc = keyid;
+ } else
+ desc = pattern;
+ rc = cdk_keydb_search_start(&st, keyring->db, by, desc);
+ if (!rc)
+ rc = cdk_keydb_search(st, keyring->db, &knode);
+
+ cdk_keydb_search_release(st);
+
+ if (rc) {
+ rc = _gnutls_map_cdk_rc(rc);
+ goto leave;
+ }
+
+ if (!cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY)) {
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ goto leave;
+ }
+
+ /* We let the function allocate the buffer to avoid
+ to call the function twice. */
+ rc = cdk_kbnode_write_to_mem_alloc(knode, &buf, &len);
+ if (!rc)
+ _gnutls_datum_append(key, buf, len);
+ gnutls_free(buf);
+
+ leave:
+ cdk_kbnode_release(knode);
+ return rc;
}
/**
@@ -261,13 +247,13 @@ leave:
* negative error value.
**/
int
-gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_key_mem(gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_openpgp_crt_fmt_t format)
{
- return gnutls_certificate_set_openpgp_key_mem2 (res, cert, key,
- NULL, format);
+ return gnutls_certificate_set_openpgp_key_mem2(res, cert, key,
+ NULL, format);
}
/**
@@ -284,34 +270,33 @@ gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res,
* negative error value.
**/
int
-gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t res,
- const char *certfile,
- const char *keyfile,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_key_file(gnutls_certificate_credentials_t
+ res, const char *certfile,
+ const char *keyfile,
+ gnutls_openpgp_crt_fmt_t format)
{
- return gnutls_certificate_set_openpgp_key_file2 (res, certfile,
- keyfile, NULL, format);
+ return gnutls_certificate_set_openpgp_key_file2(res, certfile,
+ keyfile, NULL,
+ format);
}
-static int
-get_keyid (gnutls_openpgp_keyid_t keyid, const char *str)
+static int get_keyid(gnutls_openpgp_keyid_t keyid, const char *str)
{
- size_t keyid_size = GNUTLS_OPENPGP_KEYID_SIZE;
-
- if (strlen (str) != 16)
- {
- _gnutls_debug_log
- ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (_gnutls_hex2bin (str, strlen (str), keyid, &keyid_size) < 0)
- {
- _gnutls_debug_log ("Error converting hex string: %s.\n", str);
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
+ size_t keyid_size = GNUTLS_OPENPGP_KEYID_SIZE;
+
+ if (strlen(str) != 16) {
+ _gnutls_debug_log
+ ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (_gnutls_hex2bin(str, strlen(str), keyid, &keyid_size) < 0) {
+ _gnutls_debug_log("Error converting hex string: %s.\n",
+ str);
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
}
/**
@@ -335,81 +320,80 @@ get_keyid (gnutls_openpgp_keyid_t keyid, const char *str)
* Since: 2.4.0
**/
int
-gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
- const gnutls_datum_t * cert,
- const gnutls_datum_t * key,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_key_mem2(gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format)
{
- gnutls_openpgp_privkey_t pkey;
- gnutls_openpgp_crt_t crt;
- int ret;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- ret = gnutls_openpgp_privkey_init (&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_openpgp_privkey_import (pkey, key, format, NULL, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- return ret;
- }
-
- ret = gnutls_openpgp_crt_init (&crt);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- return ret;
- }
-
- ret = gnutls_openpgp_crt_import (crt, cert, format);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- gnutls_openpgp_crt_deinit (crt);
- return ret;
- }
-
- if (subkey_id != NULL)
- {
- if (strcasecmp (subkey_id, "auto") == 0)
- ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
- else
- ret = get_keyid (keyid, subkey_id);
-
- if (ret < 0)
- gnutls_assert ();
-
- if (ret >= 0)
- {
- ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
- if (ret >= 0)
- ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- gnutls_openpgp_crt_deinit (crt);
- return ret;
- }
- }
-
- ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
-
- gnutls_openpgp_crt_deinit (crt);
- gnutls_openpgp_privkey_deinit (pkey);
-
- return ret;
+ gnutls_openpgp_privkey_t pkey;
+ gnutls_openpgp_crt_t crt;
+ int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ ret = gnutls_openpgp_privkey_init(&pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_privkey_import(pkey, key, format, NULL, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_openpgp_privkey_deinit(pkey);
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_init(&crt);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_openpgp_privkey_deinit(pkey);
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_import(crt, cert, format);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_openpgp_privkey_deinit(pkey);
+ gnutls_openpgp_crt_deinit(crt);
+ return ret;
+ }
+
+ if (subkey_id != NULL) {
+ if (strcasecmp(subkey_id, "auto") == 0)
+ ret =
+ gnutls_openpgp_crt_get_auth_subkey(crt, keyid,
+ 1);
+ else
+ ret = get_keyid(keyid, subkey_id);
+
+ if (ret < 0)
+ gnutls_assert();
+
+ if (ret >= 0) {
+ ret =
+ gnutls_openpgp_crt_set_preferred_key_id(crt,
+ keyid);
+ if (ret >= 0)
+ ret =
+ gnutls_openpgp_privkey_set_preferred_key_id
+ (pkey, keyid);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_openpgp_privkey_deinit(pkey);
+ gnutls_openpgp_crt_deinit(crt);
+ return ret;
+ }
+ }
+
+ ret = gnutls_certificate_set_openpgp_key(res, crt, pkey);
+
+ gnutls_openpgp_crt_deinit(crt);
+ gnutls_openpgp_privkey_deinit(pkey);
+
+ return ret;
}
/**
@@ -433,95 +417,85 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
* Since: 2.4.0
**/
int
-gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t
- res, const char *certfile,
- const char *keyfile,
- const char *subkey_id,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_key_file2(gnutls_certificate_credentials_t
+ res, const char *certfile,
+ const char *keyfile,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format)
{
- struct stat statbuf;
- gnutls_datum_t key, cert;
- int rc;
- size_t size;
-
- if (!res || !keyfile || !certfile)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (stat (certfile, &statbuf) || stat (keyfile, &statbuf))
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- cert.data = (void*)read_binary_file (certfile, &size);
- cert.size = (unsigned int) size;
- if (cert.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- key.data = (void*)read_binary_file (keyfile, &size);
- key.size = (unsigned int) size;
- if (key.data == NULL)
- {
- gnutls_assert ();
- free (cert.data);
- return GNUTLS_E_FILE_ERROR;
- }
-
- rc =
- gnutls_certificate_set_openpgp_key_mem2 (res, &cert, &key, subkey_id,
- format);
-
- free (cert.data);
- free (key.data);
-
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- return 0;
+ struct stat statbuf;
+ gnutls_datum_t key, cert;
+ int rc;
+ size_t size;
+
+ if (!res || !keyfile || !certfile) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (stat(certfile, &statbuf) || stat(keyfile, &statbuf)) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ cert.data = (void *) read_binary_file(certfile, &size);
+ cert.size = (unsigned int) size;
+ if (cert.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ key.data = (void *) read_binary_file(keyfile, &size);
+ key.size = (unsigned int) size;
+ if (key.data == NULL) {
+ gnutls_assert();
+ free(cert.data);
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ rc = gnutls_certificate_set_openpgp_key_mem2(res, &cert, &key,
+ subkey_id, format);
+
+ free(cert.data);
+ free(key.data);
+
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ return 0;
}
-int
-gnutls_openpgp_count_key_names (const gnutls_datum_t * cert)
+int gnutls_openpgp_count_key_names(const gnutls_datum_t * cert)
{
- cdk_kbnode_t knode, p, ctx;
- cdk_packet_t pkt;
- int nuids;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return 0;
- }
-
- if (cdk_kbnode_read_from_mem (&knode, 0, cert->data, cert->size))
- {
- gnutls_assert ();
- return 0;
- }
-
- ctx = NULL;
- for (nuids = 0;;)
- {
- p = cdk_kbnode_walk (knode, &ctx, 0);
- if (!p)
- break;
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_USER_ID)
- nuids++;
- }
-
- cdk_kbnode_release (knode);
- return nuids;
+ cdk_kbnode_t knode, p, ctx;
+ cdk_packet_t pkt;
+ int nuids;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return 0;
+ }
+
+ if (cdk_kbnode_read_from_mem(&knode, 0, cert->data, cert->size)) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ctx = NULL;
+ for (nuids = 0;;) {
+ p = cdk_kbnode_walk(knode, &ctx, 0);
+ if (!p)
+ break;
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_USER_ID)
+ nuids++;
+ }
+
+ cdk_kbnode_release(knode);
+ return nuids;
}
/**
@@ -539,35 +513,32 @@ gnutls_openpgp_count_key_names (const gnutls_datum_t * cert)
* negative error value.
**/
int
-gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t c,
- const char *file,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_keyring_file
+(gnutls_certificate_credentials_t c, const char *file,
+ gnutls_openpgp_crt_fmt_t format)
{
- gnutls_datum_t ring;
- size_t size;
- int rc;
-
- if (!c || !file)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ring.data = (void*)read_binary_file (file, &size);
- ring.size = (unsigned int) size;
- if (ring.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
-
- rc =
- gnutls_certificate_set_openpgp_keyring_mem (c, ring.data, ring.size,
- format);
-
- free (ring.data);
-
- return rc;
+ gnutls_datum_t ring;
+ size_t size;
+ int rc;
+
+ if (!c || !file) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ring.data = (void *) read_binary_file(file, &size);
+ ring.size = (unsigned int) size;
+ if (ring.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ rc = gnutls_certificate_set_openpgp_keyring_mem(c, ring.data,
+ ring.size, format);
+
+ free(ring.data);
+
+ return rc;
}
/**
@@ -586,39 +557,36 @@ gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t c,
* negative error value.
**/
int
-gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t
- c, const uint8_t * data,
- size_t dlen,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_certificate_set_openpgp_keyring_mem(gnutls_certificate_credentials_t
+ c, const uint8_t * data,
+ size_t dlen,
+ gnutls_openpgp_crt_fmt_t format)
{
- gnutls_datum_t ddata;
- int rc;
-
- ddata.data = (void *) data;
- ddata.size = dlen;
-
- if (!c || !data || !dlen)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- rc = gnutls_openpgp_keyring_init (&c->keyring);
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = gnutls_openpgp_keyring_import (c->keyring, &ddata, format);
- if (rc < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_keyring_deinit (c->keyring);
- return rc;
- }
-
- return 0;
+ gnutls_datum_t ddata;
+ int rc;
+
+ ddata.data = (void *) data;
+ ddata.size = dlen;
+
+ if (!c || !data || !dlen) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ rc = gnutls_openpgp_keyring_init(&c->keyring);
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ rc = gnutls_openpgp_keyring_import(c->keyring, &ddata, format);
+ if (rc < 0) {
+ gnutls_assert();
+ gnutls_openpgp_keyring_deinit(c->keyring);
+ return rc;
+ }
+
+ return 0;
}
/*-
@@ -633,48 +601,45 @@ gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t
*
-*/
int
-_gnutls_openpgp_request_key (gnutls_session_t session, gnutls_datum_t * ret,
- const gnutls_certificate_credentials_t cred,
- uint8_t * key_fpr, int key_fpr_size)
+_gnutls_openpgp_request_key(gnutls_session_t session, gnutls_datum_t * ret,
+ const gnutls_certificate_credentials_t cred,
+ uint8_t * key_fpr, int key_fpr_size)
{
- int rc = 0;
-
- if (!ret || !cred || !key_fpr)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key_fpr_size != 16 && key_fpr_size != 20)
- return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */
-
- rc = gnutls_openpgp_get_key (ret, cred->keyring, KEY_ATTR_FPR, key_fpr);
-
- if (rc >= 0) /* key was found */
- {
- rc = 0;
- goto error;
- }
- else
- rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
-
- /* If the callback function was set, then try this one. */
- if (session->internals.openpgp_recv_key_func != NULL)
- {
- rc = session->internals.openpgp_recv_key_func (session,
- key_fpr,
- key_fpr_size, ret);
- if (rc < 0)
- {
- gnutls_assert ();
- rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
- goto error;
- }
- }
-
-error:
-
- return rc;
+ int rc = 0;
+
+ if (!ret || !cred || !key_fpr) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key_fpr_size != 16 && key_fpr_size != 20)
+ return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */
+
+ rc = gnutls_openpgp_get_key(ret, cred->keyring, KEY_ATTR_FPR,
+ key_fpr);
+
+ if (rc >= 0) { /* key was found */
+ rc = 0;
+ goto error;
+ } else
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ /* If the callback function was set, then try this one. */
+ if (session->internals.openpgp_recv_key_func != NULL) {
+ rc = session->internals.openpgp_recv_key_func(session,
+ key_fpr,
+ key_fpr_size,
+ ret);
+ if (rc < 0) {
+ gnutls_assert();
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ goto error;
+ }
+ }
+
+ error:
+
+ return rc;
}
/**
@@ -690,9 +655,8 @@ error:
*
**/
void
-gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
- gnutls_openpgp_recv_key_func func)
+gnutls_openpgp_set_recv_key_function(gnutls_session_t session,
+ gnutls_openpgp_recv_key_func func)
{
- session->internals.openpgp_recv_key_func = func;
+ session->internals.openpgp_recv_key_func = func;
}
-
diff --git a/lib/openpgp/gnutls_openpgp.h b/lib/openpgp/gnutls_openpgp.h
index 49027e3e5d..8bd04dd735 100644
--- a/lib/openpgp/gnutls_openpgp.h
+++ b/lib/openpgp/gnutls_openpgp.h
@@ -32,53 +32,53 @@
#include <gnutls/abstract.h>
/* OpenCDK compatible */
-typedef enum
-{
- KEY_ATTR_NONE = 0,
- KEY_ATTR_SHORT_KEYID = 3,
- KEY_ATTR_KEYID = 4,
- KEY_ATTR_FPR = 5
+typedef enum {
+ KEY_ATTR_NONE = 0,
+ KEY_ATTR_SHORT_KEYID = 3,
+ KEY_ATTR_KEYID = 4,
+ KEY_ATTR_FPR = 5
} key_attr_t;
-int gnutls_openpgp_count_key_names (const gnutls_datum_t * cert);
+int gnutls_openpgp_count_key_names(const gnutls_datum_t * cert);
-int gnutls_openpgp_get_key (gnutls_datum_t * key,
- gnutls_openpgp_keyring_t keyring,
- key_attr_t by, uint8_t * pattern);
+int gnutls_openpgp_get_key(gnutls_datum_t * key,
+ gnutls_openpgp_keyring_t keyring,
+ key_attr_t by, uint8_t * pattern);
/* internal */
int
-_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privkey_t src);
+_gnutls_openpgp_privkey_cpy(gnutls_openpgp_privkey_t dest,
+ gnutls_openpgp_privkey_t src);
int
-_gnutls_openpgp_request_key (gnutls_session_t,
- gnutls_datum_t * ret,
- const gnutls_certificate_credentials_t cred,
- uint8_t * key_fpr, int key_fpr_size);
+_gnutls_openpgp_request_key(gnutls_session_t,
+ gnutls_datum_t * ret,
+ const gnutls_certificate_credentials_t cred,
+ uint8_t * key_fpr, int key_fpr_size);
-int _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t,
- const char* hostname,
- const gnutls_datum_t * cert_list,
- int cert_list_length, unsigned int *status);
-int _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
- unsigned char *fpr, size_t * fprlen);
-time_t _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t *
- cert);
-time_t _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t *
- cert);
+int _gnutls_openpgp_verify_key(const gnutls_certificate_credentials_t,
+ const char *hostname,
+ const gnutls_datum_t * cert_list,
+ int cert_list_length, unsigned int *status);
+int _gnutls_openpgp_fingerprint(const gnutls_datum_t * cert,
+ unsigned char *fpr, size_t * fprlen);
+time_t _gnutls_openpgp_get_raw_key_creation_time(const gnutls_datum_t *
+ cert);
+time_t _gnutls_openpgp_get_raw_key_expiration_time(const gnutls_datum_t *
+ cert);
int
-_gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
+_gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
int
-_gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
+_gnutls_openpgp_privkey_decrypt_data(gnutls_openpgp_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
-#endif /*GNUTLS_OPENPGP_LOCAL_H */
+#endif /*GNUTLS_OPENPGP_LOCAL_H */
-#endif /*ENABLE_OPENPGP */
+#endif /*ENABLE_OPENPGP */
diff --git a/lib/openpgp/openpgp_int.h b/lib/openpgp/openpgp_int.h
index 952e965591..fa55e3e28f 100644
--- a/lib/openpgp/openpgp_int.h
+++ b/lib/openpgp/openpgp_int.h
@@ -37,61 +37,60 @@
dst[1] = _gnutls_read_uint32( src+4); }
/* Internal context to store the OpenPGP key. */
-typedef struct gnutls_openpgp_crt_int
-{
- cdk_kbnode_t knode;
- uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int preferred_set;
+typedef struct gnutls_openpgp_crt_int {
+ cdk_kbnode_t knode;
+ uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int preferred_set;
} gnutls_openpgp_crt_int;
/* Internal context to store the private OpenPGP key. */
-typedef struct gnutls_openpgp_privkey_int
-{
- cdk_kbnode_t knode;
- uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int preferred_set;
+typedef struct gnutls_openpgp_privkey_int {
+ cdk_kbnode_t knode;
+ uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int preferred_set;
} gnutls_openpgp_privkey_int;
-typedef struct gnutls_openpgp_keyring_int
-{
- cdk_keydb_hd_t db;
+typedef struct gnutls_openpgp_keyring_int {
+ cdk_keydb_hd_t db;
} gnutls_openpgp_keyring_int;
-int _gnutls_map_cdk_rc (int rc);
+int _gnutls_map_cdk_rc(int rc);
-int _gnutls_openpgp_export (cdk_kbnode_t node,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data, size_t * output_data_size,
- int priv);
+int _gnutls_openpgp_export(cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data, size_t * output_data_size,
+ int priv);
-int _gnutls_openpgp_export2 (cdk_kbnode_t node,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_datum_t* out, int priv);
+int _gnutls_openpgp_export2(cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t * out, int priv);
-cdk_packet_t _gnutls_get_valid_subkey (cdk_kbnode_t knode, int key_type);
+cdk_packet_t _gnutls_get_valid_subkey(cdk_kbnode_t knode, int key_type);
-unsigned int _gnutls_get_pgp_key_usage (unsigned int pgp_usage);
+unsigned int _gnutls_get_pgp_key_usage(unsigned int pgp_usage);
int
-_gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert, uint32_t keyid[2],
- gnutls_pk_params_st * params);
+_gnutls_openpgp_crt_get_mpis(gnutls_openpgp_crt_t cert, uint32_t keyid[2],
+ gnutls_pk_params_st * params);
int
-_gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
- uint32_t keyid[2], gnutls_pk_params_st* params);
+_gnutls_openpgp_privkey_get_mpis(gnutls_openpgp_privkey_t pkey,
+ uint32_t keyid[2],
+ gnutls_pk_params_st * params);
-cdk_packet_t _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv);
+cdk_packet_t _gnutls_openpgp_find_key(cdk_kbnode_t knode,
+ uint32_t keyid[2],
+ unsigned int priv);
-int _gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx,
- bigint_t * m);
+int _gnutls_read_pgp_mpi(cdk_packet_t pkt, unsigned int priv, size_t idx,
+ bigint_t * m);
-int _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv);
+int _gnutls_openpgp_find_subkey_idx(cdk_kbnode_t knode, uint32_t keyid[2],
+ unsigned int priv);
-int _gnutls_openpgp_get_algo (int cdk_algo);
+int _gnutls_openpgp_get_algo(int cdk_algo);
-#endif /* ENABLE_OPENPGP */
+#endif /* ENABLE_OPENPGP */
-#endif /* OPENPGP_LOCAL_H */
+#endif /* OPENPGP_LOCAL_H */
diff --git a/lib/openpgp/output.c b/lib/openpgp/output.c
index 9b0a16d259..5ac9031696 100644
--- a/lib/openpgp/output.c
+++ b/lib/openpgp/output.c
@@ -32,59 +32,60 @@
#define adds _gnutls_buffer_append_str
static void
-print_key_usage (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
- unsigned int idx)
+print_key_usage(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
+ unsigned int idx)
{
- unsigned int key_usage;
- int err;
-
- adds (str, _("\t\tKey Usage:\n"));
-
-
- if (idx == (unsigned int) -1)
- err = gnutls_openpgp_crt_get_key_usage (cert, &key_usage);
- else
- err = gnutls_openpgp_crt_get_subkey_usage (cert, idx, &key_usage);
- if (err < 0)
- {
- addf (str, _("error: get_key_usage: %s\n"), gnutls_strerror (err));
- return;
- }
-
- if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
- adds (str, _("\t\t\tDigital signatures.\n"));
- if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
- adds (str, _("\t\t\tCommunications encipherment.\n"));
- if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
- adds (str, _("\t\t\tStorage data encipherment.\n"));
- if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
- adds (str, _("\t\t\tAuthentication.\n"));
- if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
- adds (str, _("\t\t\tCertificate signing.\n"));
+ unsigned int key_usage;
+ int err;
+
+ adds(str, _("\t\tKey Usage:\n"));
+
+
+ if (idx == (unsigned int) -1)
+ err = gnutls_openpgp_crt_get_key_usage(cert, &key_usage);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_usage(cert, idx,
+ &key_usage);
+ if (err < 0) {
+ addf(str, _("error: get_key_usage: %s\n"),
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
+ adds(str, _("\t\t\tDigital signatures.\n"));
+ if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
+ adds(str, _("\t\t\tCommunications encipherment.\n"));
+ if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
+ adds(str, _("\t\t\tStorage data encipherment.\n"));
+ if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
+ adds(str, _("\t\t\tAuthentication.\n"));
+ if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
+ adds(str, _("\t\t\tCertificate signing.\n"));
}
/* idx == -1 indicates main key
* otherwise the subkey.
*/
static void
-print_key_id (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+print_key_id(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
- gnutls_openpgp_keyid_t id;
- int err;
-
- if (idx < 0)
- err = gnutls_openpgp_crt_get_key_id (cert, id);
- else
- err = gnutls_openpgp_crt_get_subkey_id (cert, idx, id);
-
- if (err < 0)
- addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
- else
- {
- adds (str, _("\tID (hex): "));
- _gnutls_buffer_hexprint (str, id, sizeof (id));
- addf (str, "\n");
- }
+ gnutls_openpgp_keyid_t id;
+ int err;
+
+ if (idx < 0)
+ err = gnutls_openpgp_crt_get_key_id(cert, id);
+ else
+ err = gnutls_openpgp_crt_get_subkey_id(cert, idx, id);
+
+ if (err < 0)
+ addf(str, "error: get_key_id: %s\n", gnutls_strerror(err));
+ else {
+ adds(str, _("\tID (hex): "));
+ _gnutls_buffer_hexprint(str, id, sizeof(id));
+ addf(str, "\n");
+ }
}
@@ -92,387 +93,451 @@ print_key_id (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
* otherwise the subkey.
*/
static void
-print_key_fingerprint (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
+print_key_fingerprint(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
- uint8_t fpr[128];
- size_t fpr_size = sizeof (fpr);
- int err;
- const char* name;
- char* p;
- unsigned int bits;
-
- err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
- if (err < 0)
- addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
- else
- {
- adds (str, _("\tFingerprint (hex): "));
- _gnutls_buffer_hexprint (str, fpr, fpr_size);
- addf (str, "\n");
- }
-
- err = gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
- if (err < 0)
- return;
-
- name = gnutls_pk_get_name(err);
- if (name == NULL)
- return;
-
- p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits, "\t\t");
- if (p == NULL)
- return;
-
- adds (str, _("\tFingerprint's random art:\n"));
- adds (str, p);
- adds (str, "\n");
-
- gnutls_free(p);
+ uint8_t fpr[128];
+ size_t fpr_size = sizeof(fpr);
+ int err;
+ const char *name;
+ char *p;
+ unsigned int bits;
+
+ err = gnutls_openpgp_crt_get_fingerprint(cert, fpr, &fpr_size);
+ if (err < 0)
+ addf(str, "error: get_fingerprint: %s\n",
+ gnutls_strerror(err));
+ else {
+ adds(str, _("\tFingerprint (hex): "));
+ _gnutls_buffer_hexprint(str, fpr, fpr_size);
+ addf(str, "\n");
+ }
+
+ err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
+ if (err < 0)
+ return;
+
+ name = gnutls_pk_get_name(err);
+ if (name == NULL)
+ return;
+
+ p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits,
+ "\t\t");
+ if (p == NULL)
+ return;
+
+ adds(str, _("\tFingerprint's random art:\n"));
+ adds(str, p);
+ adds(str, "\n");
+
+ gnutls_free(p);
}
static void
-print_key_revoked (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+print_key_revoked(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
+ int idx)
{
- int err;
-
- if (idx < 0)
- err = gnutls_openpgp_crt_get_revoked_status (cert);
- else
- err = gnutls_openpgp_crt_get_subkey_revoked_status (cert, idx);
-
- if (err != 0)
- adds (str, _("\tRevoked: True\n"));
- else
- adds (str, _("\tRevoked: False\n"));
+ int err;
+
+ if (idx < 0)
+ err = gnutls_openpgp_crt_get_revoked_status(cert);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_revoked_status(cert,
+ idx);
+
+ if (err != 0)
+ adds(str, _("\tRevoked: True\n"));
+ else
+ adds(str, _("\tRevoked: False\n"));
}
static void
-print_key_times (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+print_key_times(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
- time_t tim;
-
- adds (str, _("\tTime stamps:\n"));
-
- if (idx == -1)
- tim = gnutls_openpgp_crt_get_creation_time (cert);
- else
- tim = gnutls_openpgp_crt_get_subkey_creation_time (cert, idx);
-
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tCreation: %s\n"), s);
- }
-
- if (idx == -1)
- tim = gnutls_openpgp_crt_get_expiration_time (cert);
- else
- tim = gnutls_openpgp_crt_get_subkey_expiration_time (cert, idx);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (tim == 0)
- {
- adds (str, _("\t\tExpiration: Never\n"));
- }
- else
- {
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tExpiration: %s\n"), s);
- }
- }
+ time_t tim;
+
+ adds(str, _("\tTime stamps:\n"));
+
+ if (idx == -1)
+ tim = gnutls_openpgp_crt_get_creation_time(cert);
+ else
+ tim =
+ gnutls_openpgp_crt_get_subkey_creation_time(cert, idx);
+
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t)
+ == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tCreation: %s\n"), s);
+ }
+
+ if (idx == -1)
+ tim = gnutls_openpgp_crt_get_expiration_time(cert);
+ else
+ tim =
+ gnutls_openpgp_crt_get_subkey_expiration_time(cert,
+ idx);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (tim == 0) {
+ adds(str, _("\t\tExpiration: Never\n"));
+ } else {
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tExpiration: %s\n"), s);
+ }
+ }
}
static void
-print_key_info (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+print_key_info(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
- int err;
- unsigned int bits;
-
- if (idx == -1)
- err = gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
- else
- err = gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, &bits);
-
- if (err < 0)
- addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
- else
- {
- const char *name = gnutls_pk_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
-
- addf (str, _("\tPublic Key Algorithm: %s\n"), name);
- addf (str, _("\tKey Security Level: %s\n"),
- gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
- (err, bits)));
-
- switch (err)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_datum_t m, e;
-
- if (idx == -1)
- err = gnutls_openpgp_crt_get_pk_rsa_raw (cert, &m, &e);
- else
- err =
- gnutls_openpgp_crt_get_subkey_pk_rsa_raw (cert, idx, &m, &e);
-
- if (err < 0)
- addf (str, "error: get_pk_rsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tModulus (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t");
- adds (str, _("\t\tExponent:\n"));
- _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t");
-
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
-
- }
- break;
-
- case GNUTLS_PK_DSA:
- {
- gnutls_datum_t p, q, g, y;
-
- if (idx == -1)
- err = gnutls_openpgp_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
- else
- err =
- gnutls_openpgp_crt_get_subkey_pk_dsa_raw (cert, idx, &p, &q,
- &g, &y);
- if (err < 0)
- addf (str, "error: get_pk_dsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tPublic key (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
- adds (str, _("\t\tP:\n"));
- _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t");
- adds (str, _("\t\tQ:\n"));
- _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t");
- adds (str, _("\t\tG:\n"));
- _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t");
-
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
- }
- }
- break;
-
- default:
- break;
- }
- }
+ int err;
+ unsigned int bits;
+
+ if (idx == -1)
+ err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_pk_algorithm(cert, idx,
+ &bits);
+
+ if (err < 0)
+ addf(str, "error: get_pk_algorithm: %s\n",
+ gnutls_strerror(err));
+ else {
+ const char *name = gnutls_pk_algorithm_get_name(err);
+ if (name == NULL)
+ name = _("unknown");
+
+ addf(str, _("\tPublic Key Algorithm: %s\n"), name);
+ addf(str, _("\tKey Security Level: %s\n"),
+ gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param
+ (err, bits)));
+
+ switch (err) {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ if (idx == -1)
+ err =
+ gnutls_openpgp_crt_get_pk_rsa_raw
+ (cert, &m, &e);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_pk_rsa_raw
+ (cert, idx, &m, &e);
+
+ if (err < 0)
+ addf(str,
+ "error: get_pk_rsa_raw: %s\n",
+ gnutls_strerror(err));
+ else {
+ addf(str,
+ _("\t\tModulus (bits %d):\n"),
+ bits);
+ _gnutls_buffer_hexdump(str, m.data,
+ m.size,
+ "\t\t\t");
+ adds(str, _("\t\tExponent:\n"));
+ _gnutls_buffer_hexdump(str, e.data,
+ e.size,
+ "\t\t\t");
+
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ }
+
+ }
+ break;
+
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ if (idx == -1)
+ err =
+ gnutls_openpgp_crt_get_pk_dsa_raw
+ (cert, &p, &q, &g, &y);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_pk_dsa_raw
+ (cert, idx, &p, &q, &g, &y);
+ if (err < 0)
+ addf(str,
+ "error: get_pk_dsa_raw: %s\n",
+ gnutls_strerror(err));
+ else {
+ addf(str,
+ _
+ ("\t\tPublic key (bits %d):\n"),
+ bits);
+ _gnutls_buffer_hexdump(str, y.data,
+ y.size,
+ "\t\t\t");
+ adds(str, _("\t\tP:\n"));
+ _gnutls_buffer_hexdump(str, p.data,
+ p.size,
+ "\t\t\t");
+ adds(str, _("\t\tQ:\n"));
+ _gnutls_buffer_hexdump(str, q.data,
+ q.size,
+ "\t\t\t");
+ adds(str, _("\t\tG:\n"));
+ _gnutls_buffer_hexdump(str, g.data,
+ g.size,
+ "\t\t\t");
+
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(g.data);
+ gnutls_free(y.data);
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
+ }
}
-static void
-print_cert (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
+static void print_cert(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
- int i, subkeys;
- int err;
-
- print_key_revoked (str, cert, -1);
-
- /* Version. */
- {
- int version = gnutls_openpgp_crt_get_version (cert);
- if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* ID. */
- print_key_id (str, cert, -1);
-
- print_key_fingerprint (str, cert);
-
- /* Names. */
- i = 0;
- do
- {
- char *dn;
- size_t dn_size = 0;
-
- err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
- && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
- && err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "error: get_name: %s\n", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
- if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
- err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "error: get_name: %s\n", gnutls_strerror (err));
- else if (err >= 0)
- addf (str, _("\tName[%d]: %s\n"), i, dn);
- else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, _("\tRevoked Name[%d]: %s\n"), i, dn);
-
- gnutls_free (dn);
- }
- }
-
- i++;
- }
- while (err >= 0);
-
- print_key_times (str, cert, -1);
-
- print_key_info (str, cert, -1);
- print_key_usage (str, cert, -1);
-
- subkeys = gnutls_openpgp_crt_get_subkey_count (cert);
- if (subkeys < 0)
- return;
-
- for (i = 0; i < subkeys; i++)
- {
- addf (str, _("\n\tSubkey[%d]:\n"), i);
-
- print_key_revoked (str, cert, i);
- print_key_id (str, cert, i);
- print_key_times (str, cert, i);
- print_key_info (str, cert, i);
- print_key_usage (str, cert, i);
- }
+ int i, subkeys;
+ int err;
+
+ print_key_revoked(str, cert, -1);
+
+ /* Version. */
+ {
+ int version = gnutls_openpgp_crt_get_version(cert);
+ if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
+ }
+
+ /* ID. */
+ print_key_id(str, cert, -1);
+
+ print_key_fingerprint(str, cert);
+
+ /* Names. */
+ i = 0;
+ do {
+ char *dn;
+ size_t dn_size = 0;
+
+ err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
+ && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str, "error: get_name: %s\n",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "error: malloc (%d): %s\n",
+ (int) dn_size,
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_openpgp_crt_get_name(cert, i,
+ dn,
+ &dn_size);
+ if (err < 0
+ && err !=
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str, "error: get_name: %s\n",
+ gnutls_strerror(err));
+ else if (err >= 0)
+ addf(str, _("\tName[%d]: %s\n"), i,
+ dn);
+ else if (err ==
+ GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str,
+ _("\tRevoked Name[%d]: %s\n"),
+ i, dn);
+
+ gnutls_free(dn);
+ }
+ }
+
+ i++;
+ }
+ while (err >= 0);
+
+ print_key_times(str, cert, -1);
+
+ print_key_info(str, cert, -1);
+ print_key_usage(str, cert, -1);
+
+ subkeys = gnutls_openpgp_crt_get_subkey_count(cert);
+ if (subkeys < 0)
+ return;
+
+ for (i = 0; i < subkeys; i++) {
+ addf(str, _("\n\tSubkey[%d]:\n"), i);
+
+ print_key_revoked(str, cert, i);
+ print_key_id(str, cert, i);
+ print_key_times(str, cert, i);
+ print_key_info(str, cert, i);
+ print_key_usage(str, cert, i);
+ }
}
static void
-print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
+print_oneline(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
- int err, i;
-
- i = 0;
- do
- {
- char *dn;
- size_t dn_size = 0;
-
- err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
- && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
- && err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "unknown name (%s), ", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "unknown name (%s), ",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
- if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
- err != GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, "unknown name (%s), ", gnutls_strerror (err));
- else if (err >= 0)
- addf (str, _("name[%d]: %s, "), i, dn);
- else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
- addf (str, _("revoked name[%d]: %s, "), i, dn);
-
- gnutls_free (dn);
- }
- }
-
- i++;
- }
- while (err >= 0);
-
- {
- char fpr[128];
- size_t fpr_size = sizeof (fpr);
- int err;
-
- err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
- if (err < 0)
- addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
- else
- {
- adds (str, _("fingerprint: "));
- _gnutls_buffer_hexprint (str, fpr, fpr_size);
- addf (str, ", ");
- }
- }
-
- {
- time_t tim;
-
- tim = gnutls_openpgp_crt_get_creation_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
- else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "error: strftime (%ld), ", (unsigned long) tim);
- else
- addf (str, _("created: %s, "), s);
- }
-
- tim = gnutls_openpgp_crt_get_expiration_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (tim == 0)
- adds (str, _("never expires, "));
- else
- {
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
- else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "error: strftime (%ld), ", (unsigned long) tim);
- else
- addf (str, _("expires: %s, "), s);
- }
- }
- }
-
- {
- unsigned int bits = 0;
- gnutls_pk_algorithm_t algo =
- gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
- const char *algostr = gnutls_pk_algorithm_get_name (algo);
-
- if (algostr)
- addf (str, _("key algorithm %s (%d bits)"), algostr, bits);
- else
- addf (str, _("unknown key algorithm (%d)"), algo);
- }
+ int err, i;
+
+ i = 0;
+ do {
+ char *dn;
+ size_t dn_size = 0;
+
+ err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
+ && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str, "unknown name (%s), ",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "unknown name (%s), ",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_openpgp_crt_get_name(cert, i,
+ dn,
+ &dn_size);
+ if (err < 0
+ && err !=
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str, "unknown name (%s), ",
+ gnutls_strerror(err));
+ else if (err >= 0)
+ addf(str, _("name[%d]: %s, "), i,
+ dn);
+ else if (err ==
+ GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf(str,
+ _("revoked name[%d]: %s, "),
+ i, dn);
+
+ gnutls_free(dn);
+ }
+ }
+
+ i++;
+ }
+ while (err >= 0);
+
+ {
+ char fpr[128];
+ size_t fpr_size = sizeof(fpr);
+ int err;
+
+ err =
+ gnutls_openpgp_crt_get_fingerprint(cert, fpr,
+ &fpr_size);
+ if (err < 0)
+ addf(str, "error: get_fingerprint: %s\n",
+ gnutls_strerror(err));
+ else {
+ adds(str, _("fingerprint: "));
+ _gnutls_buffer_hexprint(str, fpr, fpr_size);
+ addf(str, ", ");
+ }
+ }
+
+ {
+ time_t tim;
+
+ tim = gnutls_openpgp_crt_get_creation_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld), ",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%Y-%m-%d %H:%M:%S UTC",
+ &t) == 0)
+ addf(str, "error: strftime (%ld), ",
+ (unsigned long) tim);
+ else
+ addf(str, _("created: %s, "), s);
+ }
+
+ tim = gnutls_openpgp_crt_get_expiration_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (tim == 0)
+ adds(str, _("never expires, "));
+ else {
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str,
+ "error: gmtime_r (%ld), ",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%Y-%m-%d %H:%M:%S UTC",
+ &t) == 0)
+ addf(str,
+ "error: strftime (%ld), ",
+ (unsigned long) tim);
+ else
+ addf(str, _("expires: %s, "), s);
+ }
+ }
+ }
+
+ {
+ unsigned int bits = 0;
+ gnutls_pk_algorithm_t algo =
+ gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
+ const char *algostr = gnutls_pk_algorithm_get_name(algo);
+
+ if (algostr)
+ addf(str, _("key algorithm %s (%d bits)"), algostr,
+ bits);
+ else
+ addf(str, _("unknown key algorithm (%d)"), algo);
+ }
}
/**
@@ -491,35 +556,34 @@ print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_openpgp_crt_print(gnutls_openpgp_crt_t cert,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int ret;
-
- _gnutls_buffer_init (&str);
-
- if (format == GNUTLS_CRT_PRINT_ONELINE)
- print_oneline (&str, cert);
- else if (format == GNUTLS_CRT_PRINT_COMPACT)
- {
- print_oneline (&str, cert);
-
- _gnutls_buffer_append_data (&str, "\n", 1);
- print_key_fingerprint (&str, cert);
- }
- else
- {
- _gnutls_buffer_append_str (&str,
- _("OpenPGP Certificate Information:\n"));
- print_cert (&str, cert);
- }
-
- _gnutls_buffer_append_data (&str, "\0", 1);
-
- ret = _gnutls_buffer_to_datum( &str, out);
- if (out->size > 0) out->size--;
-
- return ret;
+ gnutls_buffer_st str;
+ int ret;
+
+ _gnutls_buffer_init(&str);
+
+ if (format == GNUTLS_CRT_PRINT_ONELINE)
+ print_oneline(&str, cert);
+ else if (format == GNUTLS_CRT_PRINT_COMPACT) {
+ print_oneline(&str, cert);
+
+ _gnutls_buffer_append_data(&str, "\n", 1);
+ print_key_fingerprint(&str, cert);
+ } else {
+ _gnutls_buffer_append_str(&str,
+ _
+ ("OpenPGP Certificate Information:\n"));
+ print_cert(&str, cert);
+ }
+
+ _gnutls_buffer_append_data(&str, "\0", 1);
+
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
+
+ return ret;
}
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index 38cab4f417..0c714e8e4c 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -40,14 +40,13 @@
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key)
+int gnutls_openpgp_crt_init(gnutls_openpgp_crt_t * key)
{
- *key = gnutls_calloc (1, sizeof (gnutls_openpgp_crt_int));
+ *key = gnutls_calloc(1, sizeof(gnutls_openpgp_crt_int));
- if (*key)
- return 0; /* success */
- return GNUTLS_E_MEMORY_ERROR;
+ if (*key)
+ return 0; /* success */
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -56,19 +55,17 @@ gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key)
*
* This function will deinitialize a key structure.
**/
-void
-gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key)
+void gnutls_openpgp_crt_deinit(gnutls_openpgp_crt_t key)
{
- if (!key)
- return;
+ if (!key)
+ return;
- if (key->knode)
- {
- cdk_kbnode_release (key->knode);
- key->knode = NULL;
- }
+ if (key->knode) {
+ cdk_kbnode_release(key->knode);
+ key->knode = NULL;
+ }
- gnutls_free (key);
+ gnutls_free(key);
}
/**
@@ -84,130 +81,125 @@ gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format)
+gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format)
{
- cdk_packet_t pkt;
- int rc, armor;
-
- if (data->data == NULL || data->size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- if (format == GNUTLS_OPENPGP_FMT_RAW) armor = 0;
- else armor = 1;
-
- rc = cdk_kbnode_read_from_mem (&key->knode, armor, data->data, data->size);
- if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
-
- /* Test if the import was successful. */
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- return 0;
+ cdk_packet_t pkt;
+ int rc, armor;
+
+ if (data->data == NULL || data->size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ if (format == GNUTLS_OPENPGP_FMT_RAW)
+ armor = 0;
+ else
+ armor = 1;
+
+ rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data,
+ data->size);
+ if (rc) {
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+ return rc;
+ }
+
+ /* Test if the import was successful. */
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ return 0;
}
-int _gnutls_openpgp_export2 (cdk_kbnode_t node,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_datum_t* out, int priv)
+int _gnutls_openpgp_export2(cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t * out, int priv)
{
-int ret;
-size_t size = 0;
-
- ret = _gnutls_openpgp_export(node, format, NULL, &size, priv);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- out->data = gnutls_malloc(size);
-
- ret = _gnutls_openpgp_export(node, format, out->data, &size, priv);
- if (ret < 0)
- {
- gnutls_free(out->data);
- return gnutls_assert_val(ret);
- }
- out->size = size;
- }
- else if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
+ int ret;
+ size_t size = 0;
+
+ ret = _gnutls_openpgp_export(node, format, NULL, &size, priv);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ out->data = gnutls_malloc(size);
+
+ ret =
+ _gnutls_openpgp_export(node, format, out->data, &size,
+ priv);
+ if (ret < 0) {
+ gnutls_free(out->data);
+ return gnutls_assert_val(ret);
+ }
+ out->size = size;
+ } else if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
/* internal version of export
*/
int
-_gnutls_openpgp_export (cdk_kbnode_t node,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size, int priv)
+_gnutls_openpgp_export(cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size, int priv)
{
- size_t input_data_size = *output_data_size;
- size_t calc_size;
- int rc;
-
- rc = cdk_kbnode_write_to_mem (node, output_data, output_data_size);
- if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
-
- /* If the caller uses output_data == NULL then return what he expects.
- */
- if (!output_data && format != GNUTLS_OPENPGP_FMT_BASE64)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (format == GNUTLS_OPENPGP_FMT_BASE64)
- {
- unsigned char *in = gnutls_calloc (1, *output_data_size);
- memcpy (in, output_data, *output_data_size);
-
- /* Calculate the size of the encoded data and check if the provided
- buffer is large enough. */
- rc = cdk_armor_encode_buffer (in, *output_data_size,
- NULL, 0, &calc_size,
- priv ? CDK_ARMOR_SECKEY :
- CDK_ARMOR_PUBKEY);
- if (rc || calc_size > input_data_size)
- {
- gnutls_free (in);
- *output_data_size = calc_size;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- rc = cdk_armor_encode_buffer (in, *output_data_size,
- output_data, input_data_size, &calc_size,
- priv ? CDK_ARMOR_SECKEY :
- CDK_ARMOR_PUBKEY);
- gnutls_free (in);
- *output_data_size = calc_size;
-
- if (rc)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
- }
-
- return 0;
+ size_t input_data_size = *output_data_size;
+ size_t calc_size;
+ int rc;
+
+ rc = cdk_kbnode_write_to_mem(node, output_data, output_data_size);
+ if (rc) {
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+ return rc;
+ }
+
+ /* If the caller uses output_data == NULL then return what he expects.
+ */
+ if (!output_data && format != GNUTLS_OPENPGP_FMT_BASE64) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (format == GNUTLS_OPENPGP_FMT_BASE64) {
+ unsigned char *in = gnutls_calloc(1, *output_data_size);
+ memcpy(in, output_data, *output_data_size);
+
+ /* Calculate the size of the encoded data and check if the provided
+ buffer is large enough. */
+ rc = cdk_armor_encode_buffer(in, *output_data_size,
+ NULL, 0, &calc_size,
+ priv ? CDK_ARMOR_SECKEY :
+ CDK_ARMOR_PUBKEY);
+ if (rc || calc_size > input_data_size) {
+ gnutls_free(in);
+ *output_data_size = calc_size;
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ rc = cdk_armor_encode_buffer(in, *output_data_size,
+ output_data, input_data_size,
+ &calc_size,
+ priv ? CDK_ARMOR_SECKEY :
+ CDK_ARMOR_PUBKEY);
+ gnutls_free(in);
+ *output_data_size = calc_size;
+
+ if (rc) {
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+ return rc;
+ }
+ }
+
+ return 0;
}
@@ -226,12 +218,12 @@ _gnutls_openpgp_export (cdk_kbnode_t node,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
- gnutls_openpgp_crt_fmt_t format,
- void *output_data, size_t * output_data_size)
+gnutls_openpgp_crt_export(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data, size_t * output_data_size)
{
- return _gnutls_openpgp_export (key->knode, format, output_data,
- output_data_size, 0);
+ return _gnutls_openpgp_export(key->knode, format, output_data,
+ output_data_size, 0);
}
/**
@@ -248,11 +240,11 @@ gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
* Since: 3.1.3
**/
int
-gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key,
- gnutls_openpgp_crt_fmt_t format,
- gnutls_datum_t *out)
+gnutls_openpgp_crt_export2(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t * out)
{
- return _gnutls_openpgp_export2 (key->knode, format, out, 0);
+ return _gnutls_openpgp_export2(key->knode, format, out, 0);
}
/**
@@ -267,58 +259,54 @@ gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key,
* Returns: On success, 0 is returned. Otherwise, an error code.
**/
int
-gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key,
- void *fpr, size_t * fprlen)
+gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t key,
+ void *fpr, size_t * fprlen)
{
- cdk_packet_t pkt;
- cdk_pkt_pubkey_t pk = NULL;
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
- if (!fpr || !fprlen)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!fpr || !fprlen) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- *fprlen = 0;
+ *fprlen = 0;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- pk = pkt->pkt.public_key;
- *fprlen = 20;
+ pk = pkt->pkt.public_key;
+ *fprlen = 20;
- /* FIXME: Check if the draft allows old PGP keys. */
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- *fprlen = 16;
- cdk_pk_get_fingerprint (pk, fpr);
+ /* FIXME: Check if the draft allows old PGP keys. */
+ if (is_RSA(pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
+ cdk_pk_get_fingerprint(pk, fpr);
- return 0;
+ return 0;
}
-static int
-_gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key)
+static int _gnutls_openpgp_count_key_names(gnutls_openpgp_crt_t key)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- int nuids;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return 0;
- }
-
- ctx = NULL;
- nuids = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_USER_ID)
- nuids++;
- }
-
- return nuids;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int nuids;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ctx = NULL;
+ nuids = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_USER_ID)
+ nuids++;
+ }
+
+ return nuids;
}
@@ -338,60 +326,54 @@ _gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key)
* error code.
**/
int
-gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
- int idx, char *buf, size_t * sizeof_buf)
+gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key,
+ int idx, char *buf, size_t * sizeof_buf)
{
- cdk_kbnode_t ctx = NULL, p;
- cdk_packet_t pkt = NULL;
- cdk_pkt_userid_t uid = NULL;
- int pos = 0;
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (idx < 0 || idx >= _gnutls_openpgp_count_key_names (key))
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
- pos = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_USER_ID)
- {
- if (pos == idx)
- break;
- pos++;
- }
- }
-
- if (!pkt)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- uid = pkt->pkt.user_id;
- if (uid->len >= *sizeof_buf)
- {
- gnutls_assert ();
- *sizeof_buf = uid->len + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (buf)
- {
- memcpy (buf, uid->name, uid->len);
- buf[uid->len] = '\0'; /* make sure it's a string */
- }
- *sizeof_buf = uid->len + 1;
-
- if (uid->is_revoked)
- return GNUTLS_E_OPENPGP_UID_REVOKED;
-
- return 0;
+ cdk_kbnode_t ctx = NULL, p;
+ cdk_packet_t pkt = NULL;
+ cdk_pkt_userid_t uid = NULL;
+ int pos = 0;
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (idx < 0 || idx >= _gnutls_openpgp_count_key_names(key))
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ pos = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_USER_ID) {
+ if (pos == idx)
+ break;
+ pos++;
+ }
+ }
+
+ if (!pkt) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ uid = pkt->pkt.user_id;
+ if (uid->len >= *sizeof_buf) {
+ gnutls_assert();
+ *sizeof_buf = uid->len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (buf) {
+ memcpy(buf, uid->name, uid->len);
+ buf[uid->len] = '\0'; /* make sure it's a string */
+ }
+ *sizeof_buf = uid->len + 1;
+
+ if (uid->is_revoked)
+ return GNUTLS_E_OPENPGP_UID_REVOKED;
+
+ return 0;
}
/**
@@ -410,42 +392,42 @@ gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
* success, or GNUTLS_PK_UNKNOWN on error.
**/
gnutls_pk_algorithm_t
-gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int *bits)
+gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t key,
+ unsigned int *bits)
{
- cdk_packet_t pkt;
- int algo = 0, ret;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_PK_UNKNOWN;
- }
-
- ret = gnutls_openpgp_crt_get_preferred_key_id (key, keyid);
- if (ret == 0)
- {
- int idx;
-
- idx = gnutls_openpgp_crt_get_subkey_idx (key, keyid);
- if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- {
- algo =
- gnutls_openpgp_crt_get_subkey_pk_algorithm (key, idx, bits);
- return algo;
- }
- }
-
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt)
- {
- if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
- algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
- }
-
- return algo;
+ cdk_packet_t pkt;
+ int algo = 0, ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_PK_UNKNOWN;
+ }
+
+ ret = gnutls_openpgp_crt_get_preferred_key_id(key, keyid);
+ if (ret == 0) {
+ int idx;
+
+ idx = gnutls_openpgp_crt_get_subkey_idx(key, keyid);
+ if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX) {
+ algo =
+ gnutls_openpgp_crt_get_subkey_pk_algorithm(key,
+ idx,
+ bits);
+ return algo;
+ }
+ }
+
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt) {
+ if (bits)
+ *bits = cdk_pk_get_nbits(pkt->pkt.public_key);
+ algo =
+ _gnutls_openpgp_get_algo(pkt->pkt.public_key->
+ pubkey_algo);
+ }
+
+ return algo;
}
@@ -457,22 +439,21 @@ gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
*
* Returns: the version number is returned, or a negative error code on errors.
**/
-int
-gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key)
+int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key)
{
- cdk_packet_t pkt;
- int version;
+ cdk_packet_t pkt;
+ int version;
- if (!key)
- return -1;
+ if (!key)
+ return -1;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt)
- version = pkt->pkt.public_key->version;
- else
- version = 0;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ version = pkt->pkt.public_key->version;
+ else
+ version = 0;
- return version;
+ return version;
}
@@ -484,22 +465,21 @@ gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key)
*
* Returns: the timestamp when the OpenPGP key was created.
**/
-time_t
-gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key)
+time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key)
{
- cdk_packet_t pkt;
- time_t timestamp;
+ cdk_packet_t pkt;
+ time_t timestamp;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt)
- timestamp = pkt->pkt.public_key->timestamp;
- else
- timestamp = 0;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ timestamp = pkt->pkt.public_key->timestamp;
+ else
+ timestamp = 0;
- return timestamp;
+ return timestamp;
}
@@ -512,22 +492,21 @@ gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key)
*
* Returns: the time when the OpenPGP key expires.
**/
-time_t
-gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key)
+time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key)
{
- cdk_packet_t pkt;
- time_t expiredate;
+ cdk_packet_t pkt;
+ time_t expiredate;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt)
- expiredate = pkt->pkt.public_key->expiredate;
- else
- expiredate = 0;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ expiredate = pkt->pkt.public_key->expiredate;
+ else
+ expiredate = 0;
- return expiredate;
+ return expiredate;
}
/**
@@ -542,27 +521,26 @@ gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key)
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyid_t keyid)
{
- cdk_packet_t pkt;
- uint32_t kid[2];
+ cdk_packet_t pkt;
+ uint32_t kid[2];
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- cdk_pk_get_keyid (pkt->pkt.public_key, kid);
- _gnutls_write_uint32 (kid[0], keyid);
- _gnutls_write_uint32 (kid[1], keyid + 4);
+ cdk_pk_get_keyid(pkt->pkt.public_key, kid);
+ _gnutls_write_uint32(kid[0], keyid);
+ _gnutls_write_uint32(kid[1], keyid + 4);
- return 0;
+ return 0;
}
/**
@@ -576,24 +554,22 @@ gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
*
* Since: 2.4.0
**/
-int
-gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key)
+int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t key)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- if (pkt->pkt.public_key->is_revoked != 0)
- return 1;
- return 0;
+ if (pkt->pkt.public_key->is_revoked != 0)
+ return 1;
+ return 0;
}
/**
@@ -608,52 +584,52 @@ gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key)
* Returns: non-zero for a successful match, and zero on failure.
**/
int
-gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
- const char *hostname)
+gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key,
+ const char *hostname)
{
- char dnsname[MAX_CN];
- size_t dnsnamesize;
- int ret = 0;
- int i;
-
- /* Check through all included names. */
- for (i = 0; !(ret < 0); i++)
- {
- dnsnamesize = sizeof (dnsname);
- ret = gnutls_openpgp_crt_get_name (key, i, dnsname, &dnsnamesize);
-
- if (ret == 0)
- {
- /* Length returned by gnutls_openpgp_crt_get_name includes
- the terminating (0). */
- dnsnamesize--;
-
- if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname, 0))
- return 1;
- }
- }
-
- /* not found a matching name */
- return 0;
+ char dnsname[MAX_CN];
+ size_t dnsnamesize;
+ int ret = 0;
+ int i;
+
+ /* Check through all included names. */
+ for (i = 0; !(ret < 0); i++) {
+ dnsnamesize = sizeof(dnsname);
+ ret =
+ gnutls_openpgp_crt_get_name(key, i, dnsname,
+ &dnsnamesize);
+
+ if (ret == 0) {
+ /* Length returned by gnutls_openpgp_crt_get_name includes
+ the terminating (0). */
+ dnsnamesize--;
+
+ if (_gnutls_hostname_compare
+ (dnsname, dnsnamesize, hostname, 0))
+ return 1;
+ }
+ }
+
+ /* not found a matching name */
+ return 0;
}
-unsigned int
-_gnutls_get_pgp_key_usage (unsigned int cdk_usage)
+unsigned int _gnutls_get_pgp_key_usage(unsigned int cdk_usage)
{
- unsigned int usage = 0;
-
- if (cdk_usage & CDK_KEY_USG_CERT_SIGN)
- usage |= GNUTLS_KEY_KEY_CERT_SIGN;
- if (cdk_usage & CDK_KEY_USG_DATA_SIGN)
- usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
- if (cdk_usage & CDK_KEY_USG_COMM_ENCR)
- usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
- if (cdk_usage & CDK_KEY_USG_STORAGE_ENCR)
- usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
- if (cdk_usage & CDK_KEY_USG_AUTH)
- usage |= GNUTLS_KEY_KEY_AGREEMENT;
-
- return usage;
+ unsigned int usage = 0;
+
+ if (cdk_usage & CDK_KEY_USG_CERT_SIGN)
+ usage |= GNUTLS_KEY_KEY_CERT_SIGN;
+ if (cdk_usage & CDK_KEY_USG_DATA_SIGN)
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+ if (cdk_usage & CDK_KEY_USG_COMM_ENCR)
+ usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ if (cdk_usage & CDK_KEY_USG_STORAGE_ENCR)
+ usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
+ if (cdk_usage & CDK_KEY_USG_AUTH)
+ usage |= GNUTLS_KEY_KEY_AGREEMENT;
+
+ return usage;
}
/**
@@ -668,24 +644,24 @@ _gnutls_get_pgp_key_usage (unsigned int cdk_usage)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
*/
int
-gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
- unsigned int *key_usage)
+gnutls_openpgp_crt_get_key_usage(gnutls_openpgp_crt_t key,
+ unsigned int *key_usage)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- *key_usage = _gnutls_get_pgp_key_usage (pkt->pkt.public_key->pubkey_usage);
+ *key_usage =
+ _gnutls_get_pgp_key_usage(pkt->pkt.public_key->pubkey_usage);
- return 0;
+ return 0;
}
/**
@@ -699,55 +675,51 @@ gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
*
* Since: 2.4.0
**/
-int
-gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key)
+int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- int subkeys;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return 0;
- }
-
- ctx = NULL;
- subkeys = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
- subkeys++;
- }
-
- return subkeys;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int subkeys;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ subkeys++;
+ }
+
+ return subkeys;
}
/* returns the subkey with the given index */
static cdk_packet_t
-_get_public_subkey (gnutls_openpgp_crt_t key, unsigned int indx)
+_get_public_subkey(gnutls_openpgp_crt_t key, unsigned int indx)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- unsigned int subkeys;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ctx = NULL;
- subkeys = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY && indx == subkeys++)
- return pkt;
- }
-
- return NULL;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ unsigned int subkeys;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
+ && indx == subkeys++)
+ return pkt;
+ }
+
+ return NULL;
}
/* returns the key with the given keyid. It can be either key or subkey.
@@ -756,41 +728,39 @@ _get_public_subkey (gnutls_openpgp_crt_t key, unsigned int indx)
* pkt->pkt.public_key;
*/
cdk_packet_t
-_gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv)
+_gnutls_openpgp_find_key(cdk_kbnode_t knode, uint32_t keyid[2],
+ unsigned int priv)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- uint32_t local_keyid[2];
-
- ctx = NULL;
- while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
-
- if ((priv == 0
- && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
- || pkt->pkttype == CDK_PKT_PUBLIC_KEY)) || (priv != 0
- && (pkt->pkttype ==
- CDK_PKT_SECRET_SUBKEY
- || pkt->pkttype
- ==
- CDK_PKT_SECRET_KEY)))
- {
- if (priv == 0)
- cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
- else
- cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
-
- if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
- {
- return pkt;
- }
- }
- }
-
- gnutls_assert ();
- return NULL;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ uint32_t local_keyid[2];
+
+ ctx = NULL;
+ while ((p = cdk_kbnode_walk(knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+
+ if ((priv == 0
+ && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
+ || pkt->pkttype == CDK_PKT_PUBLIC_KEY))
+ || (priv != 0
+ && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY
+ || pkt->pkttype == CDK_PKT_SECRET_KEY))) {
+ if (priv == 0)
+ cdk_pk_get_keyid(pkt->pkt.public_key,
+ local_keyid);
+ else
+ cdk_pk_get_keyid(pkt->pkt.secret_key->pk,
+ local_keyid);
+
+ if (local_keyid[0] == keyid[0]
+ && local_keyid[1] == keyid[1]) {
+ return pkt;
+ }
+ }
+ }
+
+ gnutls_assert();
+ return NULL;
}
/* returns the key with the given keyid
@@ -799,41 +769,42 @@ _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
* pkt->pkt.public_key;
*/
int
-_gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
- unsigned int priv)
+_gnutls_openpgp_find_subkey_idx(cdk_kbnode_t knode, uint32_t keyid[2],
+ unsigned int priv)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- int i = 0;
- uint32_t local_keyid[2];
-
- _gnutls_hard_log ("Looking keyid: %x.%x\n", keyid[0], keyid[1]);
-
- ctx = NULL;
- while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
-
- if ((priv == 0 && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)) ||
- (priv != 0 && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)))
- {
- if (priv == 0)
- cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
- else
- cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
-
- _gnutls_hard_log ("Found keyid: %x.%x\n", local_keyid[0],
- local_keyid[1]);
- if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
- {
- return i;
- }
- i++;
- }
- }
-
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int i = 0;
+ uint32_t local_keyid[2];
+
+ _gnutls_hard_log("Looking keyid: %x.%x\n", keyid[0], keyid[1]);
+
+ ctx = NULL;
+ while ((p = cdk_kbnode_walk(knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+
+ if ((priv == 0 && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY))
+ || (priv != 0
+ && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY))) {
+ if (priv == 0)
+ cdk_pk_get_keyid(pkt->pkt.public_key,
+ local_keyid);
+ else
+ cdk_pk_get_keyid(pkt->pkt.secret_key->pk,
+ local_keyid);
+
+ _gnutls_hard_log("Found keyid: %x.%x\n",
+ local_keyid[0], local_keyid[1]);
+ if (local_keyid[0] == keyid[0]
+ && local_keyid[1] == keyid[1]) {
+ return i;
+ }
+ i++;
+ }
+ }
+
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
}
/**
@@ -849,27 +820,26 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
- unsigned int idx)
+gnutls_openpgp_crt_get_subkey_revoked_status(gnutls_openpgp_crt_t key,
+ unsigned int idx)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_revoked_status(key);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_revoked_status(key);
- pkt = _get_public_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = _get_public_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- if (pkt->pkt.public_key->is_revoked != 0)
- return 1;
- return 0;
+ if (pkt->pkt.public_key->is_revoked != 0)
+ return 1;
+ return 0;
}
/**
@@ -891,33 +861,33 @@ gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
* Since: 2.4.0
**/
gnutls_pk_algorithm_t
-gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *bits)
+gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ unsigned int *bits)
{
- cdk_packet_t pkt;
- int algo;
+ cdk_packet_t pkt;
+ int algo;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_PK_UNKNOWN;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_PK_UNKNOWN;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_pk_algorithm(key, bits);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_pk_algorithm(key, bits);
- pkt = _get_public_subkey (key, idx);
+ pkt = _get_public_subkey(key, idx);
- algo = 0;
- if (pkt)
- {
- if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
- algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
- }
+ algo = 0;
+ if (pkt) {
+ if (bits)
+ *bits = cdk_pk_get_nbits(pkt->pkt.public_key);
+ algo =
+ _gnutls_openpgp_get_algo(pkt->pkt.public_key->
+ pubkey_algo);
+ }
- return algo;
+ return algo;
}
/**
@@ -932,25 +902,25 @@ gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
* Since: 2.4.0
**/
time_t
-gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t key,
- unsigned int idx)
+gnutls_openpgp_crt_get_subkey_creation_time(gnutls_openpgp_crt_t key,
+ unsigned int idx)
{
- cdk_packet_t pkt;
- time_t timestamp;
+ cdk_packet_t pkt;
+ time_t timestamp;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_creation_time(key);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_creation_time(key);
- pkt = _get_public_subkey (key, idx);
- if (pkt)
- timestamp = pkt->pkt.public_key->timestamp;
- else
- timestamp = 0;
+ pkt = _get_public_subkey(key, idx);
+ if (pkt)
+ timestamp = pkt->pkt.public_key->timestamp;
+ else
+ timestamp = 0;
- return timestamp;
+ return timestamp;
}
@@ -967,25 +937,25 @@ gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t key,
* Since: 2.4.0
**/
time_t
-gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t key,
- unsigned int idx)
+gnutls_openpgp_crt_get_subkey_expiration_time(gnutls_openpgp_crt_t key,
+ unsigned int idx)
{
- cdk_packet_t pkt;
- time_t expiredate;
+ cdk_packet_t pkt;
+ time_t expiredate;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_expiration_time(key);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_expiration_time(key);
- pkt = _get_public_subkey (key, idx);
- if (pkt)
- expiredate = pkt->pkt.public_key->expiredate;
- else
- expiredate = 0;
+ pkt = _get_public_subkey(key, idx);
+ if (pkt)
+ expiredate = pkt->pkt.public_key->expiredate;
+ else
+ expiredate = 0;
- return expiredate;
+ return expiredate;
}
/**
@@ -999,31 +969,30 @@ gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t key,
* Returns: the 64-bit keyID of the OpenPGP key.
**/
int
-gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_crt_get_subkey_id(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid)
{
- cdk_packet_t pkt;
- uint32_t kid[2];
-
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_key_id(key, keyid);
-
- pkt = _get_public_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
-
- cdk_pk_get_keyid (pkt->pkt.public_key, kid);
- _gnutls_write_uint32 (kid[0], keyid);
- _gnutls_write_uint32 (kid[1], keyid + 4);
-
- return 0;
+ cdk_packet_t pkt;
+ uint32_t kid[2];
+
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_key_id(key, keyid);
+
+ pkt = _get_public_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ cdk_pk_get_keyid(pkt->pkt.public_key, kid);
+ _gnutls_write_uint32(kid[0], keyid);
+ _gnutls_write_uint32(kid[1], keyid + 4);
+
+ return 0;
}
/**
@@ -1041,37 +1010,37 @@ gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
- unsigned int idx,
- void *fpr, size_t * fprlen)
+gnutls_openpgp_crt_get_subkey_fingerprint(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ void *fpr, size_t * fprlen)
{
- cdk_packet_t pkt;
- cdk_pkt_pubkey_t pk = NULL;
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
+
+ if (!fpr || !fprlen) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (!fpr || !fprlen)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_fingerprint(key, fpr, fprlen);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_fingerprint(key, fpr,
+ fprlen);
- *fprlen = 0;
+ *fprlen = 0;
- pkt = _get_public_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = _get_public_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- pk = pkt->pkt.public_key;
- *fprlen = 20;
+ pk = pkt->pkt.public_key;
+ *fprlen = 20;
- /* FIXME: Check if the draft allows old PGP keys. */
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- *fprlen = 16;
- cdk_pk_get_fingerprint (pk, fpr);
+ /* FIXME: Check if the draft allows old PGP keys. */
+ if (is_RSA(pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
+ cdk_pk_get_fingerprint(pk, fpr);
- return 0;
+ return 0;
}
/**
@@ -1086,34 +1055,32 @@ gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key,
+ const gnutls_openpgp_keyid_t keyid)
{
- int ret;
- uint32_t kid[2];
- uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE];
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_openpgp_crt_get_key_id (key, master_id);
- if (ret < 0)
- return gnutls_assert_val(ret);
- if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE)==0)
- return GNUTLS_OPENPGP_MASTER_KEYID_IDX;
-
- KEYID_IMPORT (kid, keyid);
- ret = _gnutls_openpgp_find_subkey_idx (key->knode, kid, 0);
-
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ int ret;
+ uint32_t kid[2];
+ uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_openpgp_crt_get_key_id(key, master_id);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE) == 0)
+ return GNUTLS_OPENPGP_MASTER_KEYID_IDX;
+
+ KEYID_IMPORT(kid, keyid);
+ ret = _gnutls_openpgp_find_subkey_idx(key->knode, kid, 0);
+
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
/**
@@ -1133,326 +1100,310 @@ gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
* Since: 2.4.0
*/
int
-gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key,
- unsigned int idx,
- unsigned int *key_usage)
+gnutls_openpgp_crt_get_subkey_usage(gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ unsigned int *key_usage)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_key_usage(key, key_usage);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_key_usage(key, key_usage);
- pkt = _get_public_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
+ pkt = _get_public_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
- *key_usage = _gnutls_get_pgp_key_usage (pkt->pkt.public_key->pubkey_usage);
+ *key_usage =
+ _gnutls_get_pgp_key_usage(pkt->pkt.public_key->pubkey_usage);
- return 0;
+ return 0;
}
int
-_gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx,
- bigint_t * m)
+_gnutls_read_pgp_mpi(cdk_packet_t pkt, unsigned int priv, size_t idx,
+ bigint_t * m)
{
- size_t buf_size = 512;
- uint8_t *buf = gnutls_malloc (buf_size);
- int err;
- unsigned int max_pub_params = 0;
-
- if (priv != 0)
- max_pub_params = cdk_pk_get_npkey (pkt->pkt.secret_key->pk->pubkey_algo);
-
- if (buf == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* FIXME: Note that opencdk doesn't like the buf to be NULL.
- */
- if (priv == 0)
- err =
- cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
- NULL);
- else
- {
- if (idx < max_pub_params)
- err =
- cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
- &buf_size, NULL);
- else
- {
- err =
- cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, buf,
- buf_size, &buf_size, NULL);
- }
- }
-
- if (err == CDK_Too_Short)
- {
- buf = gnutls_realloc_fast (buf, buf_size);
- if (buf == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (priv == 0)
- err =
- cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
- NULL);
- else
- {
- if (idx < max_pub_params)
- err =
- cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
- &buf_size, NULL);
- else
- {
- err =
- cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params,
- buf, buf_size, &buf_size, NULL);
- }
- }
- }
-
- if (err != CDK_Success)
- {
- gnutls_assert ();
- gnutls_free (buf);
- return _gnutls_map_cdk_rc (err);
- }
-
- err = _gnutls_mpi_scan (m, buf, buf_size);
- gnutls_free (buf);
-
- if (err < 0)
- {
- gnutls_assert ();
- return err;
- }
-
- return 0;
+ size_t buf_size = 512;
+ uint8_t *buf = gnutls_malloc(buf_size);
+ int err;
+ unsigned int max_pub_params = 0;
+
+ if (priv != 0)
+ max_pub_params =
+ cdk_pk_get_npkey(pkt->pkt.secret_key->pk->pubkey_algo);
+
+ if (buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* FIXME: Note that opencdk doesn't like the buf to be NULL.
+ */
+ if (priv == 0)
+ err =
+ cdk_pk_get_mpi(pkt->pkt.public_key, idx, buf, buf_size,
+ &buf_size, NULL);
+ else {
+ if (idx < max_pub_params)
+ err =
+ cdk_pk_get_mpi(pkt->pkt.secret_key->pk, idx,
+ buf, buf_size, &buf_size, NULL);
+ else {
+ err =
+ cdk_sk_get_mpi(pkt->pkt.secret_key,
+ idx - max_pub_params, buf,
+ buf_size, &buf_size, NULL);
+ }
+ }
+
+ if (err == CDK_Too_Short) {
+ buf = gnutls_realloc_fast(buf, buf_size);
+ if (buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (priv == 0)
+ err =
+ cdk_pk_get_mpi(pkt->pkt.public_key, idx, buf,
+ buf_size, &buf_size, NULL);
+ else {
+ if (idx < max_pub_params)
+ err =
+ cdk_pk_get_mpi(pkt->pkt.secret_key->pk,
+ idx, buf, buf_size,
+ &buf_size, NULL);
+ else {
+ err =
+ cdk_sk_get_mpi(pkt->pkt.secret_key,
+ idx - max_pub_params,
+ buf, buf_size,
+ &buf_size, NULL);
+ }
+ }
+ }
+
+ if (err != CDK_Success) {
+ gnutls_assert();
+ gnutls_free(buf);
+ return _gnutls_map_cdk_rc(err);
+ }
+
+ err = _gnutls_mpi_scan(m, buf, buf_size);
+ gnutls_free(buf);
+
+ if (err < 0) {
+ gnutls_assert();
+ return err;
+ }
+
+ return 0;
}
/* Extracts DSA and RSA parameters from a certificate.
*/
int
-_gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert,
- uint32_t * keyid /* [2] */ ,
- gnutls_pk_params_st * params)
+_gnutls_openpgp_crt_get_mpis(gnutls_openpgp_crt_t cert,
+ uint32_t * keyid /* [2] */ ,
+ gnutls_pk_params_st * params)
{
- int result, i;
- int pk_algorithm, local_params;
- cdk_packet_t pkt;
-
- if (keyid == NULL)
- pkt = cdk_kbnode_find_packet (cert->knode, CDK_PKT_PUBLIC_KEY);
- else
- pkt = _gnutls_openpgp_find_key (cert->knode, keyid, 0);
-
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
-
- switch (pk_algorithm)
- {
- case GNUTLS_PK_RSA:
- local_params = RSA_PUBLIC_PARAMS;
- break;
- case GNUTLS_PK_DSA:
- local_params = DSA_PUBLIC_PARAMS;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
- gnutls_pk_params_init(params);
-
- for (i = 0; i < local_params; i++)
- {
- result = _gnutls_read_pgp_mpi (pkt, 0, i, &params->params[i]);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- params->params_nr++;
- }
-
- return 0;
-
-error:
- gnutls_pk_params_release(params);
-
- return result;
+ int result, i;
+ int pk_algorithm, local_params;
+ cdk_packet_t pkt;
+
+ if (keyid == NULL)
+ pkt =
+ cdk_kbnode_find_packet(cert->knode,
+ CDK_PKT_PUBLIC_KEY);
+ else
+ pkt = _gnutls_openpgp_find_key(cert->knode, keyid, 0);
+
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.public_key->pubkey_algo);
+
+ switch (pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ local_params = RSA_PUBLIC_PARAMS;
+ break;
+ case GNUTLS_PK_DSA:
+ local_params = DSA_PUBLIC_PARAMS;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ gnutls_pk_params_init(params);
+
+ for (i = 0; i < local_params; i++) {
+ result =
+ _gnutls_read_pgp_mpi(pkt, 0, i, &params->params[i]);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ params->params_nr++;
+ }
+
+ return 0;
+
+ error:
+ gnutls_pk_params_release(params);
+
+ return result;
}
/* The internal version of export
*/
static int
-_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * m, gnutls_datum_t * e)
+_get_pk_rsa_raw(gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
- int pk_algorithm, ret;
- cdk_packet_t pkt;
- uint32_t kid32[2];
- gnutls_pk_params_st params;
-
- gnutls_pk_params_init(&params);
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- KEYID_IMPORT (kid32, keyid);
-
- pkt = _gnutls_openpgp_find_key (crt->knode, kid32, 0);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
-
- if (pk_algorithm != GNUTLS_PK_RSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_openpgp_crt_get_mpis (crt, kid32, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint (params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_release(&params);
- return ret;
+ int pk_algorithm, ret;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ gnutls_pk_params_st params;
+
+ gnutls_pk_params_init(&params);
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT(kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key(crt->knode, kid32, 0);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.public_key->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_crt_get_mpis(crt, kid32, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_release(&params);
+ return ret;
}
static int
-_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+_get_pk_dsa_raw(gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
- int pk_algorithm, ret;
- cdk_packet_t pkt;
- uint32_t kid32[2];
- gnutls_pk_params_st params;
-
- gnutls_pk_params_init(&params);
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- KEYID_IMPORT (kid32, keyid);
-
- pkt = _gnutls_openpgp_find_key (crt->knode, kid32, 0);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
-
- if (pk_algorithm != GNUTLS_PK_DSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_openpgp_crt_get_mpis (crt, kid32, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint (params.params[0], p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint (params.params[1], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- goto cleanup;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint (params.params[2], g);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint (params.params[3], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_release(&params);
- return ret;
+ int pk_algorithm, ret;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ gnutls_pk_params_st params;
+
+ gnutls_pk_params_init(&params);
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT(kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key(crt->knode, kid32, 0);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.public_key->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_DSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_crt_get_mpis(crt, kid32, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint(params.params[0], p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint(params.params[1], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint(params.params[2], g);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint(params.params[3], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_release(&params);
+ return ret;
}
@@ -1471,20 +1422,19 @@ cleanup:
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e)
+gnutls_openpgp_crt_get_pk_rsa_raw(gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- ret = gnutls_openpgp_crt_get_key_id (crt, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_get_key_id(crt, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_pk_rsa_raw (crt, keyid, m, e);
+ return _get_pk_rsa_raw(crt, keyid, m, e);
}
/**
@@ -1504,21 +1454,20 @@ gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+gnutls_openpgp_crt_get_pk_dsa_raw(gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- ret = gnutls_openpgp_crt_get_key_id (crt, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_get_key_id(crt, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_pk_dsa_raw (crt, keyid, p, q, g, y);
+ return _get_pk_dsa_raw(crt, keyid, p, q, g, y);
}
/**
@@ -1537,25 +1486,24 @@ gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e)
+gnutls_openpgp_crt_get_subkey_pk_rsa_raw(gnutls_openpgp_crt_t crt,
+ unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_pk_rsa_raw(crt, m, e);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_pk_rsa_raw(crt, m, e);
- ret = gnutls_openpgp_crt_get_subkey_id (crt, idx, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_get_subkey_id(crt, idx, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_pk_rsa_raw (crt, keyid, m, e);
+ return _get_pk_rsa_raw(crt, keyid, m, e);
}
/**
@@ -1576,27 +1524,26 @@ gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
* Since: 2.4.0
**/
int
-gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
- unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y)
+gnutls_openpgp_crt_get_subkey_pk_dsa_raw(gnutls_openpgp_crt_t crt,
+ unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_crt_get_pk_dsa_raw(crt, p,q, g, y);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_crt_get_pk_dsa_raw(crt, p, q, g, y);
- ret = gnutls_openpgp_crt_get_subkey_id (crt, idx, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_crt_get_subkey_id(crt, idx, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_pk_dsa_raw (crt, keyid, p, q, g, y);
+ return _get_pk_dsa_raw(crt, keyid, p, q, g, y);
}
/**
@@ -1610,21 +1557,22 @@ gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
* Returns: the 64-bit preferred keyID of the OpenPGP key.
**/
int
-gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyid_t keyid)
{
- if (!key->preferred_set)
- return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+ if (!key->preferred_set)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- memcpy (keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+ memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
- return 0;
+ return 0;
}
/**
@@ -1642,44 +1590,42 @@ gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
* otherwise a negative error code is returned.
**/
int
-gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
- const gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_crt_set_preferred_key_id(gnutls_openpgp_crt_t key,
+ const gnutls_openpgp_keyid_t keyid)
{
- int ret;
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (keyid == NULL) /* set the master as preferred */
- {
- uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE];
-
- ret = gnutls_openpgp_crt_get_key_id (key, tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- key->preferred_set = 1;
- memcpy (key->preferred_keyid, tmp, GNUTLS_OPENPGP_KEYID_SIZE);
-
- return 0;
- }
-
- /* check if the id is valid */
- ret = gnutls_openpgp_crt_get_subkey_idx (key, keyid);
- if (ret < 0)
- {
- _gnutls_debug_log ("the requested subkey does not exist\n");
- gnutls_assert ();
- return ret;
- }
-
- key->preferred_set = 1;
- memcpy (key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
-
- return 0;
+ int ret;
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (keyid == NULL) { /* set the master as preferred */
+ uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ ret = gnutls_openpgp_crt_get_key_id(key, tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ key->preferred_set = 1;
+ memcpy(key->preferred_keyid, tmp,
+ GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+ }
+
+ /* check if the id is valid */
+ ret = gnutls_openpgp_crt_get_subkey_idx(key, keyid);
+ if (ret < 0) {
+ _gnutls_debug_log("the requested subkey does not exist\n");
+ gnutls_assert();
+ return ret;
+ }
+
+ key->preferred_set = 1;
+ memcpy(key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
}
/**
@@ -1696,67 +1642,66 @@ gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
- unsigned int flag)
+gnutls_openpgp_crt_get_auth_subkey(gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flag)
{
- int ret, subkeys, i;
- unsigned int usage;
- unsigned int keyid_init = 0;
-
- subkeys = gnutls_openpgp_crt_get_subkey_count (crt);
- if (subkeys <= 0)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
- }
-
- /* Try to find a subkey with the authentication flag set.
- * if none exists use the last one found
- */
- for (i = 0; i < subkeys; i++)
- {
- ret = gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, i, NULL);
- if (ret == GNUTLS_PK_UNKNOWN)
- continue;
-
- ret = gnutls_openpgp_crt_get_subkey_revoked_status (crt, i);
- if (ret != 0) /* it is revoked. ignore it */
- continue;
-
- if (keyid_init == 0)
- { /* keep the first valid subkey */
- ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- keyid_init = 1;
- }
-
- ret = gnutls_openpgp_crt_get_subkey_usage (crt, i, &usage);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (usage & GNUTLS_KEY_KEY_AGREEMENT)
- {
- ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- return 0;
- }
- }
-
- if (flag && keyid_init)
- return 0;
- else
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ int ret, subkeys, i;
+ unsigned int usage;
+ unsigned int keyid_init = 0;
+
+ subkeys = gnutls_openpgp_crt_get_subkey_count(crt);
+ if (subkeys <= 0) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
+ }
+
+ /* Try to find a subkey with the authentication flag set.
+ * if none exists use the last one found
+ */
+ for (i = 0; i < subkeys; i++) {
+ ret =
+ gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, i,
+ NULL);
+ if (ret == GNUTLS_PK_UNKNOWN)
+ continue;
+
+ ret = gnutls_openpgp_crt_get_subkey_revoked_status(crt, i);
+ if (ret != 0) /* it is revoked. ignore it */
+ continue;
+
+ if (keyid_init == 0) { /* keep the first valid subkey */
+ ret =
+ gnutls_openpgp_crt_get_subkey_id(crt, i,
+ keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ keyid_init = 1;
+ }
+
+ ret = gnutls_openpgp_crt_get_subkey_usage(crt, i, &usage);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (usage & GNUTLS_KEY_KEY_AGREEMENT) {
+ ret =
+ gnutls_openpgp_crt_get_subkey_id(crt, i,
+ keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ return 0;
+ }
+ }
+
+ if (flag && keyid_init)
+ return 0;
+ else
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
diff --git a/lib/openpgp/pgpverify.c b/lib/openpgp/pgpverify.c
index 1e48de4b0d..b1748daf7e 100644
--- a/lib/openpgp/pgpverify.c
+++ b/lib/openpgp/pgpverify.c
@@ -50,65 +50,59 @@
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
- gnutls_openpgp_keyring_t keyring,
- unsigned int flags, unsigned int *verify)
+gnutls_openpgp_crt_verify_ring(gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyring_t keyring,
+ unsigned int flags, unsigned int *verify)
{
- uint8_t id[GNUTLS_OPENPGP_KEYID_SIZE];
- cdk_error_t rc;
- int status;
-
- if (!key || !keyring)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- *verify = 0;
-
- rc = cdk_pk_check_sigs (key->knode, keyring->db, &status);
- if (rc == CDK_Error_No_Key)
- {
- rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
- gnutls_assert ();
- return rc;
- }
- else if (rc != CDK_Success)
- {
- _gnutls_debug_log ("cdk_pk_check_sigs: error %d\n", rc);
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
- _gnutls_debug_log ("status: %x\n", status);
-
- if (status & CDK_KEY_INVALID)
- *verify |= GNUTLS_CERT_SIGNATURE_FAILURE;
- if (status & CDK_KEY_REVOKED)
- *verify |= GNUTLS_CERT_REVOKED;
- if (status & CDK_KEY_NOSIGNER)
- *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND;
-
- /* Check if the key is included in the ring. */
- if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
- {
- rc = gnutls_openpgp_crt_get_key_id (key, id);
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = gnutls_openpgp_keyring_check_id (keyring, id, 0);
- /* If it exists in the keyring don't treat it as unknown. */
- if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND)
- *verify &= ~GNUTLS_CERT_SIGNER_NOT_FOUND;
- }
-
- if (*verify != 0)
- *verify |= GNUTLS_CERT_INVALID;
-
- return 0;
+ uint8_t id[GNUTLS_OPENPGP_KEYID_SIZE];
+ cdk_error_t rc;
+ int status;
+
+ if (!key || !keyring) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ *verify = 0;
+
+ rc = cdk_pk_check_sigs(key->knode, keyring->db, &status);
+ if (rc == CDK_Error_No_Key) {
+ rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ gnutls_assert();
+ return rc;
+ } else if (rc != CDK_Success) {
+ _gnutls_debug_log("cdk_pk_check_sigs: error %d\n", rc);
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+ return rc;
+ }
+ _gnutls_debug_log("status: %x\n", status);
+
+ if (status & CDK_KEY_INVALID)
+ *verify |= GNUTLS_CERT_SIGNATURE_FAILURE;
+ if (status & CDK_KEY_REVOKED)
+ *verify |= GNUTLS_CERT_REVOKED;
+ if (status & CDK_KEY_NOSIGNER)
+ *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND;
+
+ /* Check if the key is included in the ring. */
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) {
+ rc = gnutls_openpgp_crt_get_key_id(key, id);
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ rc = gnutls_openpgp_keyring_check_id(keyring, id, 0);
+ /* If it exists in the keyring don't treat it as unknown. */
+ if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ *verify &= ~GNUTLS_CERT_SIGNER_NOT_FOUND;
+ }
+
+ if (*verify != 0)
+ *verify |= GNUTLS_CERT_INVALID;
+
+ return 0;
}
@@ -125,19 +119,20 @@ gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
- unsigned int flags, unsigned int *verify)
+gnutls_openpgp_crt_verify_self(gnutls_openpgp_crt_t key,
+ unsigned int flags, unsigned int *verify)
{
- int status;
- cdk_error_t rc;
+ int status;
+ cdk_error_t rc;
- *verify = 0;
+ *verify = 0;
- rc = cdk_pk_check_self_sig (key->knode, &status);
- if (rc || status != CDK_KEY_VALID)
- *verify |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
- else
- *verify = 0;
+ rc = cdk_pk_check_self_sig(key->knode, &status);
+ if (rc || status != CDK_KEY_VALID)
+ *verify |=
+ GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
+ else
+ *verify = 0;
- return 0;
+ return 0;
}
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 5318412180..58581128b4 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -41,14 +41,13 @@
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
-int
-gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key)
+int gnutls_openpgp_privkey_init(gnutls_openpgp_privkey_t * key)
{
- *key = gnutls_calloc (1, sizeof (gnutls_openpgp_privkey_int));
+ *key = gnutls_calloc(1, sizeof(gnutls_openpgp_privkey_int));
- if (*key)
- return 0; /* success */
- return GNUTLS_E_MEMORY_ERROR;
+ if (*key)
+ return 0; /* success */
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -57,19 +56,17 @@ gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key)
*
* This function will deinitialize a key structure.
**/
-void
-gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key)
+void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey_t key)
{
- if (!key)
- return;
+ if (!key)
+ return;
- if (key->knode)
- {
- cdk_kbnode_release (key->knode);
- key->knode = NULL;
- }
+ if (key->knode) {
+ cdk_kbnode_release(key->knode);
+ key->knode = NULL;
+ }
- gnutls_free (key);
+ gnutls_free(key);
}
/*-
@@ -83,42 +80,49 @@ gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key)
* negative error value.
-*/
int
-_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privkey_t src)
+_gnutls_openpgp_privkey_cpy(gnutls_openpgp_privkey_t dest,
+ gnutls_openpgp_privkey_t src)
{
- int ret;
- size_t raw_size=0;
- uint8_t *der;
- gnutls_datum_t tmp;
-
- ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0, NULL, &raw_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- return gnutls_assert_val(ret);
-
- der = gnutls_malloc (raw_size);
- if (der == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0, der, &raw_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (der);
- return ret;
- }
-
- tmp.data = der;
- tmp.size = raw_size;
- ret = gnutls_openpgp_privkey_import (dest, &tmp, GNUTLS_OPENPGP_FMT_RAW, NULL, 0);
-
- gnutls_free (der);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- memcpy(dest->preferred_keyid, src->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
- dest->preferred_set = src->preferred_set;
-
- return 0;
+ int ret;
+ size_t raw_size = 0;
+ uint8_t *der;
+ gnutls_datum_t tmp;
+
+ ret =
+ gnutls_openpgp_privkey_export(src, GNUTLS_OPENPGP_FMT_RAW,
+ NULL, 0, NULL, &raw_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ return gnutls_assert_val(ret);
+
+ der = gnutls_malloc(raw_size);
+ if (der == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret =
+ gnutls_openpgp_privkey_export(src, GNUTLS_OPENPGP_FMT_RAW,
+ NULL, 0, der, &raw_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(der);
+ return ret;
+ }
+
+ tmp.data = der;
+ tmp.size = raw_size;
+ ret =
+ gnutls_openpgp_privkey_import(dest, &tmp,
+ GNUTLS_OPENPGP_FMT_RAW, NULL, 0);
+
+ gnutls_free(der);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ memcpy(dest->preferred_keyid, src->preferred_keyid,
+ GNUTLS_OPENPGP_KEYID_SIZE);
+ dest->preferred_set = src->preferred_set;
+
+ return 0;
}
/**
@@ -134,19 +138,18 @@ _gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privk
* Since: 2.12.0
**/
gnutls_sec_param_t
-gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key)
+gnutls_openpgp_privkey_sec_param(gnutls_openpgp_privkey_t key)
{
- gnutls_pk_algorithm_t algo;
- unsigned int bits;
+ gnutls_pk_algorithm_t algo;
+ unsigned int bits;
- algo = gnutls_openpgp_privkey_get_pk_algorithm (key, &bits);
- if (algo == GNUTLS_PK_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_SEC_PARAM_UNKNOWN;
- }
+ algo = gnutls_openpgp_privkey_get_pk_algorithm(key, &bits);
+ if (algo == GNUTLS_PK_UNKNOWN) {
+ gnutls_assert();
+ return GNUTLS_SEC_PARAM_UNKNOWN;
+ }
- return gnutls_pk_bits_to_sec_param (algo, bits);
+ return gnutls_pk_bits_to_sec_param(algo, bits);
}
/**
@@ -164,41 +167,40 @@ gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key)
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
-gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_openpgp_crt_fmt_t format,
- const char *password, unsigned int flags)
+gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags)
{
- cdk_packet_t pkt;
- int rc, armor;
-
- if (data->data == NULL || data->size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- if (format == GNUTLS_OPENPGP_FMT_RAW)
- armor = 0;
- else armor = 1;
-
- rc = cdk_kbnode_read_from_mem (&key->knode, armor, data->data, data->size);
- if (rc != 0)
- {
- rc = _gnutls_map_cdk_rc (rc);
- gnutls_assert ();
- return rc;
- }
-
- /* Test if the import was successful. */
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- return 0;
+ cdk_packet_t pkt;
+ int rc, armor;
+
+ if (data->data == NULL || data->size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ if (format == GNUTLS_OPENPGP_FMT_RAW)
+ armor = 0;
+ else
+ armor = 1;
+
+ rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data,
+ data->size);
+ if (rc != 0) {
+ rc = _gnutls_map_cdk_rc(rc);
+ gnutls_assert();
+ return rc;
+ }
+
+ /* Test if the import was successful. */
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ return 0;
}
/**
@@ -220,14 +222,14 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_crt_fmt_t format,
- const char *password, unsigned int flags,
- void *output_data, size_t * output_data_size)
+gnutls_openpgp_privkey_export(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags,
+ void *output_data, size_t * output_data_size)
{
- /* FIXME for now we do not export encrypted keys */
- return _gnutls_openpgp_export (key->knode, format, output_data,
- output_data_size, 1);
+ /* FIXME for now we do not export encrypted keys */
+ return _gnutls_openpgp_export(key->knode, format, output_data,
+ output_data_size, 1);
}
/**
@@ -246,13 +248,13 @@ gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
* Since: 3.1.3
**/
int
-gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_crt_fmt_t format,
- const char *password, unsigned int flags,
- gnutls_datum_t *out)
+gnutls_openpgp_privkey_export2(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags,
+ gnutls_datum_t * out)
{
- /* FIXME for now we do not export encrypted keys */
- return _gnutls_openpgp_export2 (key->knode, format, out, 1);
+ /* FIXME for now we do not export encrypted keys */
+ return _gnutls_openpgp_export2(key->knode, format, out, 1);
}
@@ -274,60 +276,58 @@ gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
gnutls_pk_algorithm_t
-gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key,
- unsigned int *bits)
+gnutls_openpgp_privkey_get_pk_algorithm(gnutls_openpgp_privkey_t key,
+ unsigned int *bits)
{
- cdk_packet_t pkt;
- int algo = 0, ret;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_PK_UNKNOWN;
- }
-
- ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
- if (ret == 0)
- {
- int idx;
-
- idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
- if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- {
- algo =
- gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, bits);
- return algo;
- }
- }
-
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (pkt)
- {
- if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
- algo = _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
- }
-
- return algo;
+ cdk_packet_t pkt;
+ int algo = 0, ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_PK_UNKNOWN;
+ }
+
+ ret = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid);
+ if (ret == 0) {
+ int idx;
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
+ if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX) {
+ algo =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm
+ (key, idx, bits);
+ return algo;
+ }
+ }
+
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ if (pkt) {
+ if (bits)
+ *bits = cdk_pk_get_nbits(pkt->pkt.secret_key->pk);
+ algo =
+ _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->
+ pubkey_algo);
+ }
+
+ return algo;
}
-int
-_gnutls_openpgp_get_algo (int cdk_algo)
+int _gnutls_openpgp_get_algo(int cdk_algo)
{
- int algo;
-
- if (is_RSA (cdk_algo))
- algo = GNUTLS_PK_RSA;
- else if (is_DSA (cdk_algo))
- algo = GNUTLS_PK_DSA;
- else
- {
- _gnutls_debug_log ("Unknown OpenPGP algorithm %d\n", cdk_algo);
- algo = GNUTLS_PK_UNKNOWN;
- }
-
- return algo;
+ int algo;
+
+ if (is_RSA(cdk_algo))
+ algo = GNUTLS_PK_RSA;
+ else if (is_DSA(cdk_algo))
+ algo = GNUTLS_PK_DSA;
+ else {
+ _gnutls_debug_log("Unknown OpenPGP algorithm %d\n",
+ cdk_algo);
+ algo = GNUTLS_PK_UNKNOWN;
+ }
+
+ return algo;
}
/**
@@ -341,24 +341,22 @@ _gnutls_openpgp_get_algo (int cdk_algo)
*
* Since: 2.4.0
**/
-int
-gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t key)
+int gnutls_openpgp_privkey_get_revoked_status(gnutls_openpgp_privkey_t key)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- if (pkt->pkt.secret_key->is_revoked != 0)
- return 1;
- return 0;
+ if (pkt->pkt.secret_key->is_revoked != 0)
+ return 1;
+ return 0;
}
/**
@@ -375,36 +373,34 @@ gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t key)
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
- void *fpr, size_t * fprlen)
+gnutls_openpgp_privkey_get_fingerprint(gnutls_openpgp_privkey_t key,
+ void *fpr, size_t * fprlen)
{
- cdk_packet_t pkt;
- cdk_pkt_pubkey_t pk = NULL;
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
- if (!fpr || !fprlen)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!fpr || !fprlen) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- *fprlen = 0;
+ *fprlen = 0;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (!pkt)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ if (!pkt) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
- pk = pkt->pkt.secret_key->pk;
- *fprlen = 20;
+ pk = pkt->pkt.secret_key->pk;
+ *fprlen = 20;
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- *fprlen = 16;
+ if (is_RSA(pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
- cdk_pk_get_fingerprint (pk, fpr);
+ cdk_pk_get_fingerprint(pk, fpr);
- return 0;
+ return 0;
}
/**
@@ -419,27 +415,26 @@ gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_privkey_get_key_id(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_keyid_t keyid)
{
- cdk_packet_t pkt;
- uint32_t kid[2];
+ cdk_packet_t pkt;
+ uint32_t kid[2];
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
- _gnutls_write_uint32 (kid[0], keyid);
- _gnutls_write_uint32 (kid[1], keyid + 4);
+ cdk_sk_get_keyid(pkt->pkt.secret_key, kid);
+ _gnutls_write_uint32(kid[0], keyid);
+ _gnutls_write_uint32(kid[1], keyid + 4);
- return 0;
+ return 0;
}
/**
@@ -453,49 +448,46 @@ gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
*
* Since: 2.4.0
**/
-int
-gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key)
+int gnutls_openpgp_privkey_get_subkey_count(gnutls_openpgp_privkey_t key)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- int subkeys;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return 0;
- }
-
- ctx = NULL;
- subkeys = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
- subkeys++;
- }
-
- return subkeys;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int subkeys;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ subkeys++;
+ }
+
+ return subkeys;
}
/* returns the subkey with the given index */
static cdk_packet_t
-_get_secret_subkey (gnutls_openpgp_privkey_t key, unsigned int indx)
+_get_secret_subkey(gnutls_openpgp_privkey_t key, unsigned int indx)
{
- cdk_kbnode_t p, ctx;
- cdk_packet_t pkt;
- unsigned int subkeys;
-
- ctx = NULL;
- subkeys = 0;
- while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
- {
- pkt = cdk_kbnode_get_packet (p);
- if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY && indx == subkeys++)
- return pkt;
- }
-
- return NULL;
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ unsigned int subkeys;
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) {
+ pkt = cdk_kbnode_get_packet(p);
+ if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY
+ && indx == subkeys++)
+ return pkt;
+ }
+
+ return NULL;
}
/**
@@ -511,27 +503,26 @@ _get_secret_subkey (gnutls_openpgp_privkey_t key, unsigned int indx)
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
- key, unsigned int idx)
+gnutls_openpgp_privkey_get_subkey_revoked_status(gnutls_openpgp_privkey_t
+ key, unsigned int idx)
{
- cdk_packet_t pkt;
+ cdk_packet_t pkt;
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_privkey_get_revoked_status(key);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_privkey_get_revoked_status(key);
- pkt = _get_secret_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = _get_secret_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- if (pkt->pkt.secret_key->is_revoked != 0)
- return 1;
- return 0;
+ if (pkt->pkt.secret_key->is_revoked != 0)
+ return 1;
+ return 0;
}
/**
@@ -553,39 +544,37 @@ gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
* Since: 2.4.0
**/
gnutls_pk_algorithm_t
-gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- unsigned int *bits)
+gnutls_openpgp_privkey_get_subkey_pk_algorithm(gnutls_openpgp_privkey_t
+ key, unsigned int idx,
+ unsigned int *bits)
{
- cdk_packet_t pkt;
- int algo;
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_PK_UNKNOWN;
- }
-
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_privkey_get_pk_algorithm(key, bits);
-
- pkt = _get_secret_subkey (key, idx);
-
- algo = 0;
- if (pkt)
- {
- if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
- algo = pkt->pkt.secret_key->pubkey_algo;
- if (is_RSA (algo))
- algo = GNUTLS_PK_RSA;
- else if (is_DSA (algo))
- algo = GNUTLS_PK_DSA;
- else
- algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- return algo;
+ cdk_packet_t pkt;
+ int algo;
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_PK_UNKNOWN;
+ }
+
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_privkey_get_pk_algorithm(key, bits);
+
+ pkt = _get_secret_subkey(key, idx);
+
+ algo = 0;
+ if (pkt) {
+ if (bits)
+ *bits = cdk_pk_get_nbits(pkt->pkt.secret_key->pk);
+ algo = pkt->pkt.secret_key->pubkey_algo;
+ if (is_RSA(algo))
+ algo = GNUTLS_PK_RSA;
+ else if (is_DSA(algo))
+ algo = GNUTLS_PK_DSA;
+ else
+ algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ return algo;
}
/**
@@ -600,34 +589,32 @@ gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_privkey_get_subkey_idx(gnutls_openpgp_privkey_t key,
+ const gnutls_openpgp_keyid_t keyid)
{
- int ret;
- uint32_t kid[2];
- uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE];
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_openpgp_privkey_get_key_id (key, master_id);
- if (ret < 0)
- return gnutls_assert_val(ret);
- if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE)==0)
- return GNUTLS_OPENPGP_MASTER_KEYID_IDX;
-
- KEYID_IMPORT (kid, keyid);
- ret = _gnutls_openpgp_find_subkey_idx (key->knode, kid, 1);
-
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- return ret;
+ int ret;
+ uint32_t kid[2];
+ uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_openpgp_privkey_get_key_id(key, master_id);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE) == 0)
+ return GNUTLS_OPENPGP_MASTER_KEYID_IDX;
+
+ KEYID_IMPORT(kid, keyid);
+ ret = _gnutls_openpgp_find_subkey_idx(key->knode, kid, 1);
+
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
/**
@@ -642,26 +629,27 @@ gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
time_t
-gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t key,
- unsigned int idx)
+gnutls_openpgp_privkey_get_subkey_creation_time(gnutls_openpgp_privkey_t
+ key, unsigned int idx)
{
- cdk_packet_t pkt;
- time_t timestamp;
+ cdk_packet_t pkt;
+ time_t timestamp;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- else
- pkt = _get_secret_subkey (key, idx);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ pkt =
+ cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ else
+ pkt = _get_secret_subkey(key, idx);
- if (pkt)
- timestamp = pkt->pkt.secret_key->pk->timestamp;
- else
- timestamp = 0;
+ if (pkt)
+ timestamp = pkt->pkt.secret_key->pk->timestamp;
+ else
+ timestamp = 0;
- return timestamp;
+ return timestamp;
}
/**
@@ -677,26 +665,27 @@ gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
time_t
-gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t
- key, unsigned int idx)
+gnutls_openpgp_privkey_get_subkey_expiration_time(gnutls_openpgp_privkey_t
+ key, unsigned int idx)
{
- cdk_packet_t pkt;
- time_t timestamp;
+ cdk_packet_t pkt;
+ time_t timestamp;
- if (!key)
- return (time_t) - 1;
+ if (!key)
+ return (time_t) - 1;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- else
- pkt = _get_secret_subkey (key, idx);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ pkt =
+ cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY);
+ else
+ pkt = _get_secret_subkey(key, idx);
- if (pkt)
- timestamp = pkt->pkt.secret_key->pk->expiredate;
- else
- timestamp = 0;
+ if (pkt)
+ timestamp = pkt->pkt.secret_key->pk->expiredate;
+ else
+ timestamp = 0;
- return timestamp;
+ return timestamp;
}
/**
@@ -712,31 +701,30 @@ gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_privkey_get_subkey_id(gnutls_openpgp_privkey_t key,
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid)
{
- cdk_packet_t pkt;
- uint32_t kid[2];
+ cdk_packet_t pkt;
+ uint32_t kid[2];
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_privkey_get_key_id(key, keyid);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_privkey_get_key_id(key, keyid);
- pkt = _get_secret_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = _get_secret_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
- _gnutls_write_uint32 (kid[0], keyid);
- _gnutls_write_uint32 (kid[1], keyid + 4);
+ cdk_sk_get_keyid(pkt->pkt.secret_key, kid);
+ _gnutls_write_uint32(kid[0], keyid);
+ _gnutls_write_uint32(kid[1], keyid + 4);
- return 0;
+ return 0;
}
/**
@@ -754,320 +742,300 @@ gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key,
- unsigned int idx,
- void *fpr, size_t * fprlen)
+gnutls_openpgp_privkey_get_subkey_fingerprint(gnutls_openpgp_privkey_t key,
+ unsigned int idx,
+ void *fpr, size_t * fprlen)
{
- cdk_packet_t pkt;
- cdk_pkt_pubkey_t pk = NULL;
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
- if (!fpr || !fprlen)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!fpr || !fprlen) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- return gnutls_openpgp_privkey_get_fingerprint(key, fpr, fprlen);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ return gnutls_openpgp_privkey_get_fingerprint(key, fpr,
+ fprlen);
- *fprlen = 0;
+ *fprlen = 0;
- pkt = _get_secret_subkey (key, idx);
- if (!pkt)
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ pkt = _get_secret_subkey(key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- pk = pkt->pkt.secret_key->pk;
- *fprlen = 20;
+ pk = pkt->pkt.secret_key->pk;
+ *fprlen = 20;
- if (is_RSA (pk->pubkey_algo) && pk->version < 4)
- *fprlen = 16;
+ if (is_RSA(pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
- cdk_pk_get_fingerprint (pk, fpr);
+ cdk_pk_get_fingerprint(pk, fpr);
- return 0;
+ return 0;
}
/* Extracts DSA and RSA parameters from a certificate.
*/
int
-_gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
- uint32_t * keyid /*[2] */ ,
- gnutls_pk_params_st * params)
+_gnutls_openpgp_privkey_get_mpis(gnutls_openpgp_privkey_t pkey,
+ uint32_t * keyid /*[2] */ ,
+ gnutls_pk_params_st * params)
{
- int result;
- unsigned int i, pk_algorithm;
- cdk_packet_t pkt;
- unsigned total;
-
- gnutls_pk_params_init(params);
-
- if (keyid == NULL)
- pkt = cdk_kbnode_find_packet (pkey->knode, CDK_PKT_SECRET_KEY);
- else
- pkt = _gnutls_openpgp_find_key (pkey->knode, keyid, 1);
-
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm =
- _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
-
- switch (pk_algorithm)
- {
- case GNUTLS_PK_RSA:
- /* openpgp does not hold all parameters as in PKCS #1
- */
- total = RSA_PRIVATE_PARAMS - 2;
- break;
- case GNUTLS_PK_DSA:
- total = DSA_PRIVATE_PARAMS;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
- for (i = 0; i < total; i++)
- {
- result = _gnutls_read_pgp_mpi (pkt, 1, i, &params->params[i]);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- params->params_nr++;
- }
-
- /* fixup will generate exp1 and exp2 that are not
- * available here.
- */
- result = _gnutls_pk_fixup (pk_algorithm, GNUTLS_IMPORT, params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- return 0;
-
-error:
- gnutls_pk_params_clear(params);
- gnutls_pk_params_release(params);
-
- return result;
+ int result;
+ unsigned int i, pk_algorithm;
+ cdk_packet_t pkt;
+ unsigned total;
+
+ gnutls_pk_params_init(params);
+
+ if (keyid == NULL)
+ pkt =
+ cdk_kbnode_find_packet(pkey->knode,
+ CDK_PKT_SECRET_KEY);
+ else
+ pkt = _gnutls_openpgp_find_key(pkey->knode, keyid, 1);
+
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->pubkey_algo);
+
+ switch (pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ /* openpgp does not hold all parameters as in PKCS #1
+ */
+ total = RSA_PRIVATE_PARAMS - 2;
+ break;
+ case GNUTLS_PK_DSA:
+ total = DSA_PRIVATE_PARAMS;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ for (i = 0; i < total; i++) {
+ result =
+ _gnutls_read_pgp_mpi(pkt, 1, i, &params->params[i]);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ params->params_nr++;
+ }
+
+ /* fixup will generate exp1 and exp2 that are not
+ * available here.
+ */
+ result = _gnutls_pk_fixup(pk_algorithm, GNUTLS_IMPORT, params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ gnutls_pk_params_clear(params);
+ gnutls_pk_params_release(params);
+
+ return result;
}
/* The internal version of export
*/
static int
-_get_sk_rsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u)
+_get_sk_rsa_raw(gnutls_openpgp_privkey_t pkey,
+ gnutls_openpgp_keyid_t keyid, gnutls_datum_t * m,
+ gnutls_datum_t * e, gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
{
- int pk_algorithm, ret;
- cdk_packet_t pkt;
- uint32_t kid32[2];
- gnutls_pk_params_st params;
-
- if (pkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- KEYID_IMPORT (kid32, keyid);
-
- pkt = _gnutls_openpgp_find_key (pkey->knode, kid32, 1);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm =
- _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
-
- if (pk_algorithm != GNUTLS_PK_RSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_openpgp_privkey_get_mpis (pkey, kid32, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint (params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[2], d);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- _gnutls_free_datum (e);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[3], p);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- _gnutls_free_datum (e);
- _gnutls_free_datum (d);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[4], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- _gnutls_free_datum (e);
- _gnutls_free_datum (d);
- _gnutls_free_datum (p);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[5], u);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (q);
- _gnutls_free_datum (m);
- _gnutls_free_datum (e);
- _gnutls_free_datum (d);
- _gnutls_free_datum (p);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_clear(&params);
- gnutls_pk_params_release(&params);
- return ret;
+ int pk_algorithm, ret;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ gnutls_pk_params_st params;
+
+ if (pkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT(kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key(pkey->knode, kid32, 1);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_privkey_get_mpis(pkey, kid32, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[2], d);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(e);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[3], p);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(e);
+ _gnutls_free_datum(d);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[4], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(e);
+ _gnutls_free_datum(d);
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[5], u);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(q);
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(e);
+ _gnutls_free_datum(d);
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_clear(&params);
+ gnutls_pk_params_release(&params);
+ return ret;
}
static int
-_get_sk_dsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x)
+_get_sk_dsa_raw(gnutls_openpgp_privkey_t pkey,
+ gnutls_openpgp_keyid_t keyid, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * g, gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
- int pk_algorithm, ret;
- cdk_packet_t pkt;
- uint32_t kid32[2];
- gnutls_pk_params_st params;
-
- if (pkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- KEYID_IMPORT (kid32, keyid);
-
- pkt = _gnutls_openpgp_find_key (pkey->knode, kid32, 1);
- if (pkt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_GETKEY_FAILED;
- }
-
- pk_algorithm =
- _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
-
- if (pk_algorithm != GNUTLS_PK_DSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_openpgp_privkey_get_mpis (pkey, kid32, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint (params.params[0], p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint (params.params[1], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- goto cleanup;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint (params.params[2], g);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint (params.params[3], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[4], x);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (y);
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_clear(&params);
- gnutls_pk_params_release(&params);
- return ret;
+ int pk_algorithm, ret;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ gnutls_pk_params_st params;
+
+ if (pkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT(kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key(pkey->knode, kid32, 1);
+ if (pkt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_DSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_privkey_get_mpis(pkey, kid32, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint(params.params[0], p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint(params.params[1], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint(params.params[2], g);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint(params.params[3], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[4], x);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(y);
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_clear(&params);
+ gnutls_pk_params_release(&params);
+ return ret;
}
@@ -1090,22 +1058,24 @@ cleanup:
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u)
+gnutls_openpgp_privkey_export_rsa_raw(gnutls_openpgp_privkey_t pkey,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_sk_rsa_raw (pkey, keyid, m, e, d, p, q, u);
+ return _get_sk_rsa_raw(pkey, keyid, m, e, d, p, q, u);
}
/**
@@ -1126,22 +1096,23 @@ gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y,
- gnutls_datum_t * x)
+gnutls_openpgp_privkey_export_dsa_raw(gnutls_openpgp_privkey_t pkey,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_sk_dsa_raw (pkey, keyid, p, q, g, y, x);
+ return _get_sk_dsa_raw(pkey, keyid, p, q, g, y, x);
}
/**
@@ -1164,29 +1135,29 @@ gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t pkey,
- unsigned int idx,
- gnutls_datum_t * m,
- gnutls_datum_t * e,
- gnutls_datum_t * d,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * u)
+gnutls_openpgp_privkey_export_subkey_rsa_raw(gnutls_openpgp_privkey_t pkey,
+ unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
-
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid);
- else
- ret = gnutls_openpgp_privkey_get_subkey_id (pkey, idx, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return _get_sk_rsa_raw (pkey, keyid, m, e, d, p, q, u);
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
+
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid);
+ else
+ ret =
+ gnutls_openpgp_privkey_get_subkey_id(pkey, idx, keyid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return _get_sk_rsa_raw(pkey, keyid, m, e, d, p, q, u);
}
/**
@@ -1208,29 +1179,29 @@ gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t pkey,
* Since: 2.4.0
**/
int
-gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t pkey,
- unsigned int idx,
- gnutls_datum_t * p,
- gnutls_datum_t * q,
- gnutls_datum_t * g,
- gnutls_datum_t * y,
- gnutls_datum_t * x)
+gnutls_openpgp_privkey_export_subkey_dsa_raw(gnutls_openpgp_privkey_t pkey,
+ unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- int ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ int ret;
- if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
- ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid);
- else
- ret = gnutls_openpgp_privkey_get_subkey_id (pkey, idx, keyid);
+ if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX)
+ ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid);
+ else
+ ret =
+ gnutls_openpgp_privkey_get_subkey_id(pkey, idx, keyid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return _get_sk_dsa_raw (pkey, keyid, p, q, g, y, x);
+ return _get_sk_dsa_raw(pkey, keyid, p, q, g, y, x);
}
/**
@@ -1244,21 +1215,22 @@ gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t pkey,
* hasn't been set it returns %GNUTLS_E_INVALID_REQUEST.
**/
int
-gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key,
- gnutls_openpgp_keyid_t keyid)
+gnutls_openpgp_privkey_get_preferred_key_id(gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_keyid_t keyid)
{
- if (!key->preferred_set)
- return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+ if (!key->preferred_set)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
- if (!key || !keyid)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!key || !keyid) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- memcpy (keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+ memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
- return 0;
+ return 0;
}
/**
@@ -1276,45 +1248,43 @@ gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key,
* otherwise a negative error code is returned.
**/
int
-gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
- const gnutls_openpgp_keyid_t
- keyid)
+gnutls_openpgp_privkey_set_preferred_key_id(gnutls_openpgp_privkey_t key,
+ const gnutls_openpgp_keyid_t
+ keyid)
{
- int ret;
-
- if (!key)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (keyid == NULL) /* set the master as preferred */
- {
- uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE];
-
- ret = gnutls_openpgp_privkey_get_key_id (key, tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- key->preferred_set = 1;
- memcpy (key->preferred_keyid, tmp, GNUTLS_OPENPGP_KEYID_SIZE);
-
- return 0;
- }
-
- /* check if the id is valid */
- ret = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
- if (ret < 0)
- {
- _gnutls_debug_log ("the requested subkey does not exist\n");
- gnutls_assert ();
- return ret;
- }
-
- key->preferred_set = 1;
- memcpy (key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
-
- return 0;
+ int ret;
+
+ if (!key) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (keyid == NULL) { /* set the master as preferred */
+ uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ ret = gnutls_openpgp_privkey_get_key_id(key, tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ key->preferred_set = 1;
+ memcpy(key->preferred_keyid, tmp,
+ GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+ }
+
+ /* check if the id is valid */
+ ret = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
+ if (ret < 0) {
+ _gnutls_debug_log("the requested subkey does not exist\n");
+ gnutls_assert();
+ return ret;
+ }
+
+ key->preferred_set = 1;
+ memcpy(key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
}
/**
@@ -1333,66 +1303,66 @@ gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
* Deprecated: Use gnutls_privkey_sign_hash() instead.
*/
int
-gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
- int result;
- gnutls_pk_params_st params;
- int pk_algorithm;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1];
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
- if (result == 0)
- {
- uint32_t kid[2];
- int idx;
-
- KEYID_IMPORT (kid, keyid);
-
- _gnutls_hard_log("Signing using PGP key ID %s\n", _gnutls_bin2hex(keyid, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL));
-
- idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
- pk_algorithm =
- gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
- result =
- _gnutls_openpgp_privkey_get_mpis (key, kid, &params);
- }
- else
- {
- _gnutls_hard_log("Signing using master PGP key\n");
-
- pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
- result = _gnutls_openpgp_privkey_get_mpis (key, NULL, &params);
- }
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
-
- result =
- _gnutls_pk_sign (pk_algorithm, signature, hash, &params);
-
- gnutls_pk_params_clear(&params);
- gnutls_pk_params_release(&params);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_pk_params_st params;
+ int pk_algorithm;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ char buf[2 * GNUTLS_OPENPGP_KEYID_SIZE + 1];
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid);
+ if (result == 0) {
+ uint32_t kid[2];
+ int idx;
+
+ KEYID_IMPORT(kid, keyid);
+
+ _gnutls_hard_log("Signing using PGP key ID %s\n",
+ _gnutls_bin2hex(keyid,
+ GNUTLS_OPENPGP_KEYID_SIZE,
+ buf, sizeof(buf), NULL));
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
+ pk_algorithm =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm(key,
+ idx,
+ NULL);
+ result =
+ _gnutls_openpgp_privkey_get_mpis(key, kid, &params);
+ } else {
+ _gnutls_hard_log("Signing using master PGP key\n");
+
+ pk_algorithm =
+ gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
+ result =
+ _gnutls_openpgp_privkey_get_mpis(key, NULL, &params);
+ }
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+
+ result = _gnutls_pk_sign(pk_algorithm, signature, hash, &params);
+
+ gnutls_pk_params_clear(&params);
+ gnutls_pk_params_release(&params);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/*-
@@ -1410,61 +1380,66 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
* negative error value.
-*/
int
-_gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+_gnutls_openpgp_privkey_decrypt_data(gnutls_openpgp_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
- int result, i;
- gnutls_pk_params_st params;
- int pk_algorithm;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
- char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1];
+ int result, i;
+ gnutls_pk_params_st params;
+ int pk_algorithm;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ char buf[2 * GNUTLS_OPENPGP_KEYID_SIZE + 1];
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
- if (result == 0)
- {
- uint32_t kid[2];
+ result = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid);
+ if (result == 0) {
+ uint32_t kid[2];
- KEYID_IMPORT (kid, keyid);
+ KEYID_IMPORT(kid, keyid);
- _gnutls_hard_log("Decrypting using PGP key ID %s\n", _gnutls_bin2hex(keyid, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL));
+ _gnutls_hard_log("Decrypting using PGP key ID %s\n",
+ _gnutls_bin2hex(keyid,
+ GNUTLS_OPENPGP_KEYID_SIZE,
+ buf, sizeof(buf), NULL));
- result = _gnutls_openpgp_privkey_get_mpis (key, kid, &params);
+ result =
+ _gnutls_openpgp_privkey_get_mpis(key, kid, &params);
- i = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+ i = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
- pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i, NULL);
- }
- else
- {
- _gnutls_hard_log("Decrypting using master PGP key\n");
+ pk_algorithm =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm(key, i,
+ NULL);
+ } else {
+ _gnutls_hard_log("Decrypting using master PGP key\n");
- pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
+ pk_algorithm =
+ gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
- result = _gnutls_openpgp_privkey_get_mpis (key, NULL, &params);
+ result =
+ _gnutls_openpgp_privkey_get_mpis(key, NULL, &params);
- }
+ }
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_pk_decrypt (pk_algorithm, plaintext, ciphertext, &params);
+ result =
+ _gnutls_pk_decrypt(pk_algorithm, plaintext, ciphertext,
+ &params);
- gnutls_pk_params_clear(&params);
- gnutls_pk_params_release(&params);
+ gnutls_pk_params_clear(&params);
+ gnutls_pk_params_release(&params);
- if (result < 0)
- return gnutls_assert_val(result);
+ if (result < 0)
+ return gnutls_assert_val(result);
- return 0;
+ return 0;
}
diff --git a/lib/pin.c b/lib/pin.c
index 4c900dfabe..f92332ad90 100644
--- a/lib/pin.c
+++ b/lib/pin.c
@@ -37,11 +37,10 @@ void *_gnutls_pin_data;
* Since: 2.12.0
**/
void
-gnutls_pkcs11_set_pin_function (gnutls_pin_callback_t fn,
- void *userdata)
+gnutls_pkcs11_set_pin_function(gnutls_pin_callback_t fn, void *userdata)
{
- _gnutls_pin_func = fn;
- _gnutls_pin_data = userdata;
+ _gnutls_pin_func = fn;
+ _gnutls_pin_data = userdata;
}
/**
@@ -55,13 +54,11 @@ gnutls_pkcs11_set_pin_function (gnutls_pin_callback_t fn,
*
* Since: 3.1.0
**/
-gnutls_pin_callback_t
-gnutls_pkcs11_get_pin_function (void **userdata)
+gnutls_pin_callback_t gnutls_pkcs11_get_pin_function(void **userdata)
{
- if (_gnutls_pin_func != NULL)
- {
- *userdata = _gnutls_pin_data;
- return _gnutls_pin_func;
- }
- return NULL;
+ if (_gnutls_pin_func != NULL) {
+ *userdata = _gnutls_pin_data;
+ return _gnutls_pin_func;
+ }
+ return NULL;
}
diff --git a/lib/pin.h b/lib/pin.h
index d75b0f6fc7..914197873c 100644
--- a/lib/pin.h
+++ b/lib/pin.h
@@ -4,4 +4,4 @@
extern gnutls_pin_callback_t _gnutls_pin_func;
extern void *_gnutls_pin_data;
-#endif /* PIN_H */
+#endif /* PIN_H */
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 3464bc8e6b..66b572d287 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -41,30 +41,26 @@
#define MAX_CERT_SIZE 8*1024
#define MAX_SLOTS 48
-struct gnutls_pkcs11_provider_s
-{
- struct ck_function_list *module;
- struct ck_info info;
+struct gnutls_pkcs11_provider_s {
+ struct ck_function_list *module;
+ struct ck_info info;
};
-struct flags_find_data_st
-{
- struct p11_kit_uri *info;
- unsigned int slot_flags;
+struct flags_find_data_st {
+ struct p11_kit_uri *info;
+ unsigned int slot_flags;
};
-struct url_find_data_st
-{
- gnutls_pkcs11_obj_t crt;
+struct url_find_data_st {
+ gnutls_pkcs11_obj_t crt;
};
-struct crt_find_data_st
-{
- gnutls_pkcs11_obj_t *p_list;
- unsigned int *n_list;
- unsigned int current;
- gnutls_pkcs11_obj_attr_t flags;
- struct p11_kit_uri *info;
+struct crt_find_data_st {
+ gnutls_pkcs11_obj_t *p_list;
+ unsigned int *n_list;
+ unsigned int current;
+ gnutls_pkcs11_obj_attr_t flags;
+ struct p11_kit_uri *info;
};
@@ -74,141 +70,135 @@ static unsigned int active_providers = 0;
gnutls_pkcs11_token_callback_t _gnutls_token_func;
void *_gnutls_token_data;
-int
-pkcs11_rv_to_err (ck_rv_t rv)
-{
- switch (rv)
- {
- case CKR_OK:
- return 0;
- case CKR_HOST_MEMORY:
- return GNUTLS_E_MEMORY_ERROR;
- case CKR_SLOT_ID_INVALID:
- return GNUTLS_E_PKCS11_SLOT_ERROR;
- case CKR_ARGUMENTS_BAD:
- case CKR_MECHANISM_PARAM_INVALID:
- return GNUTLS_E_INVALID_REQUEST;
- case CKR_NEED_TO_CREATE_THREADS:
- case CKR_CANT_LOCK:
- case CKR_FUNCTION_NOT_PARALLEL:
- case CKR_MUTEX_BAD:
- case CKR_MUTEX_NOT_LOCKED:
- return GNUTLS_E_LOCKING_ERROR;
- case CKR_ATTRIBUTE_READ_ONLY:
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_VALUE_INVALID:
- return GNUTLS_E_PKCS11_ATTRIBUTE_ERROR;
- case CKR_DEVICE_ERROR:
- case CKR_DEVICE_MEMORY:
- case CKR_DEVICE_REMOVED:
- return GNUTLS_E_PKCS11_DEVICE_ERROR;
- case CKR_DATA_INVALID:
- case CKR_DATA_LEN_RANGE:
- case CKR_ENCRYPTED_DATA_INVALID:
- case CKR_ENCRYPTED_DATA_LEN_RANGE:
- case CKR_OBJECT_HANDLE_INVALID:
- return GNUTLS_E_PKCS11_DATA_ERROR;
- case CKR_FUNCTION_NOT_SUPPORTED:
- case CKR_MECHANISM_INVALID:
- return GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR;
- case CKR_KEY_HANDLE_INVALID:
- case CKR_KEY_SIZE_RANGE:
- case CKR_KEY_TYPE_INCONSISTENT:
- case CKR_KEY_NOT_NEEDED:
- case CKR_KEY_CHANGED:
- case CKR_KEY_NEEDED:
- case CKR_KEY_INDIGESTIBLE:
- case CKR_KEY_FUNCTION_NOT_PERMITTED:
- case CKR_KEY_NOT_WRAPPABLE:
- case CKR_KEY_UNEXTRACTABLE:
- return GNUTLS_E_PKCS11_KEY_ERROR;
- case CKR_PIN_INCORRECT:
- case CKR_PIN_INVALID:
- case CKR_PIN_LEN_RANGE:
- return GNUTLS_E_PKCS11_PIN_ERROR;
- case CKR_PIN_EXPIRED:
- return GNUTLS_E_PKCS11_PIN_EXPIRED;
- case CKR_PIN_LOCKED:
- return GNUTLS_E_PKCS11_PIN_LOCKED;
- case CKR_SESSION_CLOSED:
- case CKR_SESSION_COUNT:
- case CKR_SESSION_HANDLE_INVALID:
- case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
- case CKR_SESSION_READ_ONLY:
- case CKR_SESSION_EXISTS:
- case CKR_SESSION_READ_ONLY_EXISTS:
- case CKR_SESSION_READ_WRITE_SO_EXISTS:
- return GNUTLS_E_PKCS11_SESSION_ERROR;
- case CKR_SIGNATURE_INVALID:
- case CKR_SIGNATURE_LEN_RANGE:
- return GNUTLS_E_PKCS11_SIGNATURE_ERROR;
- case CKR_TOKEN_NOT_PRESENT:
- case CKR_TOKEN_NOT_RECOGNIZED:
- case CKR_TOKEN_WRITE_PROTECTED:
- return GNUTLS_E_PKCS11_TOKEN_ERROR;
- case CKR_USER_ALREADY_LOGGED_IN:
- case CKR_USER_NOT_LOGGED_IN:
- case CKR_USER_PIN_NOT_INITIALIZED:
- case CKR_USER_TYPE_INVALID:
- case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
- case CKR_USER_TOO_MANY_TYPES:
- return GNUTLS_E_PKCS11_USER_ERROR;
- case CKR_BUFFER_TOO_SMALL:
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- default:
- return GNUTLS_E_PKCS11_ERROR;
- }
-}
-
-
-static int scan_slots(struct gnutls_pkcs11_provider_s * p, ck_slot_id_t *slots,
- unsigned long *nslots)
-{
-ck_rv_t rv;
-
- rv = pkcs11_get_slot_list(p->module, 1, slots, nslots);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- return pkcs11_rv_to_err(rv);
- }
- return 0;
+int pkcs11_rv_to_err(ck_rv_t rv)
+{
+ switch (rv) {
+ case CKR_OK:
+ return 0;
+ case CKR_HOST_MEMORY:
+ return GNUTLS_E_MEMORY_ERROR;
+ case CKR_SLOT_ID_INVALID:
+ return GNUTLS_E_PKCS11_SLOT_ERROR;
+ case CKR_ARGUMENTS_BAD:
+ case CKR_MECHANISM_PARAM_INVALID:
+ return GNUTLS_E_INVALID_REQUEST;
+ case CKR_NEED_TO_CREATE_THREADS:
+ case CKR_CANT_LOCK:
+ case CKR_FUNCTION_NOT_PARALLEL:
+ case CKR_MUTEX_BAD:
+ case CKR_MUTEX_NOT_LOCKED:
+ return GNUTLS_E_LOCKING_ERROR;
+ case CKR_ATTRIBUTE_READ_ONLY:
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ return GNUTLS_E_PKCS11_ATTRIBUTE_ERROR;
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_DEVICE_REMOVED:
+ return GNUTLS_E_PKCS11_DEVICE_ERROR;
+ case CKR_DATA_INVALID:
+ case CKR_DATA_LEN_RANGE:
+ case CKR_ENCRYPTED_DATA_INVALID:
+ case CKR_ENCRYPTED_DATA_LEN_RANGE:
+ case CKR_OBJECT_HANDLE_INVALID:
+ return GNUTLS_E_PKCS11_DATA_ERROR;
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ case CKR_MECHANISM_INVALID:
+ return GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR;
+ case CKR_KEY_HANDLE_INVALID:
+ case CKR_KEY_SIZE_RANGE:
+ case CKR_KEY_TYPE_INCONSISTENT:
+ case CKR_KEY_NOT_NEEDED:
+ case CKR_KEY_CHANGED:
+ case CKR_KEY_NEEDED:
+ case CKR_KEY_INDIGESTIBLE:
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ case CKR_KEY_NOT_WRAPPABLE:
+ case CKR_KEY_UNEXTRACTABLE:
+ return GNUTLS_E_PKCS11_KEY_ERROR;
+ case CKR_PIN_INCORRECT:
+ case CKR_PIN_INVALID:
+ case CKR_PIN_LEN_RANGE:
+ return GNUTLS_E_PKCS11_PIN_ERROR;
+ case CKR_PIN_EXPIRED:
+ return GNUTLS_E_PKCS11_PIN_EXPIRED;
+ case CKR_PIN_LOCKED:
+ return GNUTLS_E_PKCS11_PIN_LOCKED;
+ case CKR_SESSION_CLOSED:
+ case CKR_SESSION_COUNT:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_SESSION_EXISTS:
+ case CKR_SESSION_READ_ONLY_EXISTS:
+ case CKR_SESSION_READ_WRITE_SO_EXISTS:
+ return GNUTLS_E_PKCS11_SESSION_ERROR;
+ case CKR_SIGNATURE_INVALID:
+ case CKR_SIGNATURE_LEN_RANGE:
+ return GNUTLS_E_PKCS11_SIGNATURE_ERROR;
+ case CKR_TOKEN_NOT_PRESENT:
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ return GNUTLS_E_PKCS11_TOKEN_ERROR;
+ case CKR_USER_ALREADY_LOGGED_IN:
+ case CKR_USER_NOT_LOGGED_IN:
+ case CKR_USER_PIN_NOT_INITIALIZED:
+ case CKR_USER_TYPE_INVALID:
+ case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
+ case CKR_USER_TOO_MANY_TYPES:
+ return GNUTLS_E_PKCS11_USER_ERROR;
+ case CKR_BUFFER_TOO_SMALL:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ default:
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+}
+
+
+static int scan_slots(struct gnutls_pkcs11_provider_s *p,
+ ck_slot_id_t * slots, unsigned long *nslots)
+{
+ ck_rv_t rv;
+
+ rv = pkcs11_get_slot_list(p->module, 1, slots, nslots);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ return pkcs11_rv_to_err(rv);
+ }
+ return 0;
}
static int
-pkcs11_add_module (const char *name, struct ck_function_list *module)
+pkcs11_add_module(const char *name, struct ck_function_list *module)
{
- struct ck_info info;
- unsigned int i;
+ struct ck_info info;
+ unsigned int i;
- if (active_providers >= MAX_PROVIDERS)
- {
- gnutls_assert ();
- return GNUTLS_E_CONSTRAINT_ERROR;
- }
+ if (active_providers >= MAX_PROVIDERS) {
+ gnutls_assert();
+ return GNUTLS_E_CONSTRAINT_ERROR;
+ }
- /* initially check if this module is a duplicate */
- memset(&info, 0, sizeof(info));
- pkcs11_get_module_info (module, &info);
- for (i=0;i<active_providers;i++)
- {
- /* already loaded, skip the rest */
- if (memcmp(&info, &providers[i].info, sizeof(info)) == 0)
- {
- _gnutls_debug_log("%s is already loaded.\n", name);
- return GNUTLS_E_INT_RET_0;
- }
- }
+ /* initially check if this module is a duplicate */
+ memset(&info, 0, sizeof(info));
+ pkcs11_get_module_info(module, &info);
+ for (i = 0; i < active_providers; i++) {
+ /* already loaded, skip the rest */
+ if (memcmp(&info, &providers[i].info, sizeof(info)) == 0) {
+ _gnutls_debug_log("%s is already loaded.\n", name);
+ return GNUTLS_E_INT_RET_0;
+ }
+ }
- active_providers++;
- providers[active_providers - 1].module = module;
+ active_providers++;
+ providers[active_providers - 1].module = module;
- memcpy (&providers[active_providers - 1].info, &info, sizeof(info));
+ memcpy(&providers[active_providers - 1].info, &info, sizeof(info));
- _gnutls_debug_log ("p11: loaded provider '%s'\n", name);
+ _gnutls_debug_log("p11: loaded provider '%s'\n", name);
- return 0;
+ return 0;
}
@@ -226,38 +216,36 @@ pkcs11_add_module (const char *name, struct ck_function_list *module)
*
* Since: 2.12.0
**/
-int
-gnutls_pkcs11_add_provider (const char *name, const char *params)
+int gnutls_pkcs11_add_provider(const char *name, const char *params)
{
- struct ck_function_list *module;
- int ret;
+ struct ck_function_list *module;
+ int ret;
- module = p11_kit_module_load (name, P11_KIT_MODULE_CRITICAL);
- if (module == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("p11: Cannot load provider %s\n", name);
- return GNUTLS_E_PKCS11_LOAD_ERROR;
- }
+ module = p11_kit_module_load(name, P11_KIT_MODULE_CRITICAL);
+ if (module == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("p11: Cannot load provider %s\n", name);
+ return GNUTLS_E_PKCS11_LOAD_ERROR;
+ }
- if (p11_kit_module_initialize (module) != CKR_OK)
- {
- p11_kit_module_release (module);
- gnutls_assert ();
- _gnutls_debug_log ("p11: Cannot initialize provider %s\n", name);
- return GNUTLS_E_PKCS11_LOAD_ERROR;
- }
+ if (p11_kit_module_initialize(module) != CKR_OK) {
+ p11_kit_module_release(module);
+ gnutls_assert();
+ _gnutls_debug_log("p11: Cannot initialize provider %s\n",
+ name);
+ return GNUTLS_E_PKCS11_LOAD_ERROR;
+ }
- ret = pkcs11_add_module (name, module);
- if (ret != 0)
- {
- if (ret == GNUTLS_E_INT_RET_0) ret = 0;
- p11_kit_module_finalize (module);
- p11_kit_module_release (module);
- gnutls_assert ();
- }
+ ret = pkcs11_add_module(name, module);
+ if (ret != 0) {
+ if (ret == GNUTLS_E_INT_RET_0)
+ ret = 0;
+ p11_kit_module_finalize(module);
+ p11_kit_module_release(module);
+ gnutls_assert();
+ }
- return ret;
+ return ret;
}
@@ -278,217 +266,205 @@ gnutls_pkcs11_add_provider (const char *name, const char *params)
* Since: 2.12.0
**/
int
-gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size)
+gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size)
{
- return pkcs11_get_info (crt->info, itype, output, output_size);
+ return pkcs11_get_info(crt->info, itype, output, output_size);
}
int
-pkcs11_get_info (struct p11_kit_uri *info,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size)
-{
- struct ck_attribute *attr = NULL;
- struct ck_version *version = NULL;
- const uint8_t *str = NULL;
- size_t str_max = 0;
- int terminate = 0;
- int hexify = 0;
- size_t length = 0;
- const char *data = NULL;
- char buf[32];
-
- /*
- * Either attr, str or version is valid by the time switch
- * finishes
- */
-
- switch (itype)
- {
- case GNUTLS_PKCS11_OBJ_ID:
- attr = p11_kit_uri_get_attribute (info, CKA_ID);
- break;
- case GNUTLS_PKCS11_OBJ_ID_HEX:
- attr = p11_kit_uri_get_attribute (info, CKA_ID);
- hexify = 1;
- terminate = 1;
- break;
- case GNUTLS_PKCS11_OBJ_LABEL:
- attr = p11_kit_uri_get_attribute (info, CKA_LABEL);
- terminate = 1;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_LABEL:
- str = p11_kit_uri_get_token_info (info)->label;
- str_max = 32;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_SERIAL:
- str = p11_kit_uri_get_token_info (info)->serial_number;
- str_max = 16;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER:
- str = p11_kit_uri_get_token_info (info)->manufacturer_id;
- str_max = 32;
- break;
- case GNUTLS_PKCS11_OBJ_TOKEN_MODEL:
- str = p11_kit_uri_get_token_info (info)->model;
- str_max = 16;
- break;
- case GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION:
- str = p11_kit_uri_get_module_info (info)->library_description;
- str_max = 32;
- break;
- case GNUTLS_PKCS11_OBJ_LIBRARY_VERSION:
- version = &p11_kit_uri_get_module_info (info)->library_version;
- break;
- case GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER:
- str = p11_kit_uri_get_module_info (info)->manufacturer_id;
- str_max = 32;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (attr != NULL)
- {
- data = attr->value;
- length = attr->value_len;
- }
- else if (str != NULL)
- {
- data = (void*)str;
- length = p11_kit_space_strlen (str, str_max);
- terminate = 1;
- }
- else if (version != NULL)
- {
- data = buf;
- length = snprintf (buf, sizeof (buf), "%d.%d", (int)version->major,
- (int)version->minor);
- terminate = 1;
- }
- else
- {
- *output_size = 0;
- if (output) ((uint8_t*)output)[0] = 0;
- return 0;
- }
-
- if (hexify)
- {
- /* terminate is assumed with hexify */
- if (*output_size < length * 3)
- {
- *output_size = length * 3;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- if (output)
- _gnutls_bin2hex (data, length, output, *output_size, ":");
- *output_size = length * 3;
- return 0;
- }
- else
- {
- if (*output_size < length + terminate)
- {
- *output_size = length + terminate;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- if (output)
- {
- memcpy (output, data, length);
- if (terminate)
- ((unsigned char*)output)[length] = '\0';
- }
- *output_size = length + terminate;
- }
-
- return 0;
+pkcs11_get_info(struct p11_kit_uri *info,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size)
+{
+ struct ck_attribute *attr = NULL;
+ struct ck_version *version = NULL;
+ const uint8_t *str = NULL;
+ size_t str_max = 0;
+ int terminate = 0;
+ int hexify = 0;
+ size_t length = 0;
+ const char *data = NULL;
+ char buf[32];
+
+ /*
+ * Either attr, str or version is valid by the time switch
+ * finishes
+ */
+
+ switch (itype) {
+ case GNUTLS_PKCS11_OBJ_ID:
+ attr = p11_kit_uri_get_attribute(info, CKA_ID);
+ break;
+ case GNUTLS_PKCS11_OBJ_ID_HEX:
+ attr = p11_kit_uri_get_attribute(info, CKA_ID);
+ hexify = 1;
+ terminate = 1;
+ break;
+ case GNUTLS_PKCS11_OBJ_LABEL:
+ attr = p11_kit_uri_get_attribute(info, CKA_LABEL);
+ terminate = 1;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_LABEL:
+ str = p11_kit_uri_get_token_info(info)->label;
+ str_max = 32;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_SERIAL:
+ str = p11_kit_uri_get_token_info(info)->serial_number;
+ str_max = 16;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER:
+ str = p11_kit_uri_get_token_info(info)->manufacturer_id;
+ str_max = 32;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_MODEL:
+ str = p11_kit_uri_get_token_info(info)->model;
+ str_max = 16;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION:
+ str =
+ p11_kit_uri_get_module_info(info)->library_description;
+ str_max = 32;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_VERSION:
+ version =
+ &p11_kit_uri_get_module_info(info)->library_version;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER:
+ str = p11_kit_uri_get_module_info(info)->manufacturer_id;
+ str_max = 32;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (attr != NULL) {
+ data = attr->value;
+ length = attr->value_len;
+ } else if (str != NULL) {
+ data = (void *) str;
+ length = p11_kit_space_strlen(str, str_max);
+ terminate = 1;
+ } else if (version != NULL) {
+ data = buf;
+ length =
+ snprintf(buf, sizeof(buf), "%d.%d",
+ (int) version->major, (int) version->minor);
+ terminate = 1;
+ } else {
+ *output_size = 0;
+ if (output)
+ ((uint8_t *) output)[0] = 0;
+ return 0;
+ }
+
+ if (hexify) {
+ /* terminate is assumed with hexify */
+ if (*output_size < length * 3) {
+ *output_size = length * 3;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ if (output)
+ _gnutls_bin2hex(data, length, output, *output_size,
+ ":");
+ *output_size = length * 3;
+ return 0;
+ } else {
+ if (*output_size < length + terminate) {
+ *output_size = length + terminate;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ if (output) {
+ memcpy(output, data, length);
+ if (terminate)
+ ((unsigned char *) output)[length] = '\0';
+ }
+ *output_size = length + terminate;
+ }
+
+ return 0;
}
static int init = 0;
/* tries to load modules from /etc/gnutls/pkcs11.conf if it exists
*/
-static void _pkcs11_compat_init(const char* configfile)
-{
-FILE *fp;
-int ret;
-char line[512];
-const char *library;
-
- if (configfile == NULL)
- configfile = "/etc/gnutls/pkcs11.conf";
-
- fp = fopen (configfile, "r");
- if (fp == NULL)
- {
- gnutls_assert ();
- return;
- }
-
- _gnutls_debug_log ("Loading PKCS #11 libraries from %s\n", configfile);
- while (fgets (line, sizeof (line), fp) != NULL)
- {
- if (strncmp (line, "load", sizeof ("load") - 1) == 0)
- {
- char *p;
- p = strchr (line, '=');
- if (p == NULL)
- continue;
-
- library = ++p;
- p = strchr (line, '\n');
- if (p != NULL)
- *p = 0;
-
- ret = gnutls_pkcs11_add_provider (library, NULL);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot load provider: %s\n", library);
- continue;
- }
- }
- }
- fclose(fp);
-
- return;
-}
-
-static int
-initialize_automatic_p11_kit (void)
-{
- struct ck_function_list **modules;
- char *name;
- int i, ret;
-
- modules = p11_kit_modules_load_and_initialize (0);
- if (modules == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot initialize registered modules: %s\n",
- p11_kit_message ());
- return GNUTLS_E_PKCS11_LOAD_ERROR;
- }
-
- for (i = 0; modules[i] != NULL; i++)
- {
- name = p11_kit_module_get_name (modules[i]);
- ret = pkcs11_add_module (name, modules[i]);
- if (ret != 0 && ret != GNUTLS_E_INT_RET_0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot add registered module: %s\n", name);
- }
- free(name);
- }
-
- /* Shallow free */
- free (modules);
- return 0;
+static void _pkcs11_compat_init(const char *configfile)
+{
+ FILE *fp;
+ int ret;
+ char line[512];
+ const char *library;
+
+ if (configfile == NULL)
+ configfile = "/etc/gnutls/pkcs11.conf";
+
+ fp = fopen(configfile, "r");
+ if (fp == NULL) {
+ gnutls_assert();
+ return;
+ }
+
+ _gnutls_debug_log("Loading PKCS #11 libraries from %s\n",
+ configfile);
+ while (fgets(line, sizeof(line), fp) != NULL) {
+ if (strncmp(line, "load", sizeof("load") - 1) == 0) {
+ char *p;
+ p = strchr(line, '=');
+ if (p == NULL)
+ continue;
+
+ library = ++p;
+ p = strchr(line, '\n');
+ if (p != NULL)
+ *p = 0;
+
+ ret = gnutls_pkcs11_add_provider(library, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Cannot load provider: %s\n",
+ library);
+ continue;
+ }
+ }
+ }
+ fclose(fp);
+
+ return;
+}
+
+static int initialize_automatic_p11_kit(void)
+{
+ struct ck_function_list **modules;
+ char *name;
+ int i, ret;
+
+ modules = p11_kit_modules_load_and_initialize(0);
+ if (modules == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Cannot initialize registered modules: %s\n",
+ p11_kit_message());
+ return GNUTLS_E_PKCS11_LOAD_ERROR;
+ }
+
+ for (i = 0; modules[i] != NULL; i++) {
+ name = p11_kit_module_get_name(modules[i]);
+ ret = pkcs11_add_module(name, modules[i]);
+ if (ret != 0 && ret != GNUTLS_E_INT_RET_0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Cannot add registered module: %s\n", name);
+ }
+ free(name);
+ }
+
+ /* Shallow free */
+ free(modules);
+ return 0;
}
/**
@@ -512,33 +488,32 @@ initialize_automatic_p11_kit (void)
* Since: 2.12.0
**/
int
-gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file)
+gnutls_pkcs11_init(unsigned int flags, const char *deprecated_config_file)
{
- int ret = 0;
+ int ret = 0;
- if (init != 0)
- {
- init++;
- return 0;
- }
- init++;
+ if (init != 0) {
+ init++;
+ return 0;
+ }
+ init++;
- p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
- NULL, NULL);
+ p11_kit_pin_register_callback(P11_KIT_PIN_FALLBACK,
+ p11_kit_pin_file_callback, NULL,
+ NULL);
- if (flags == GNUTLS_PKCS11_FLAG_MANUAL)
- return 0;
- else if (flags == GNUTLS_PKCS11_FLAG_AUTO)
- {
- if (deprecated_config_file == NULL)
- ret = initialize_automatic_p11_kit ();
+ if (flags == GNUTLS_PKCS11_FLAG_MANUAL)
+ return 0;
+ else if (flags == GNUTLS_PKCS11_FLAG_AUTO) {
+ if (deprecated_config_file == NULL)
+ ret = initialize_automatic_p11_kit();
- _pkcs11_compat_init(deprecated_config_file);
+ _pkcs11_compat_init(deprecated_config_file);
- return ret;
- }
-
- return 0;
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -553,23 +528,24 @@ gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file)
*
* Since: 3.0
**/
-int gnutls_pkcs11_reinit (void)
+int gnutls_pkcs11_reinit(void)
{
- unsigned i;
- ck_rv_t rv;
+ unsigned i;
+ ck_rv_t rv;
- for (i = 0; i < active_providers; i++)
- {
- if (providers[i].module != NULL)
- {
- rv = p11_kit_module_initialize (providers[i].module);
- if (rv != CKR_OK)
- _gnutls_debug_log ("Cannot initialize registered module '%s': %s\n",
- providers[i].info.library_description, p11_kit_strerror (rv));
- }
- }
+ for (i = 0; i < active_providers; i++) {
+ if (providers[i].module != NULL) {
+ rv = p11_kit_module_initialize(providers[i].
+ module);
+ if (rv != CKR_OK)
+ _gnutls_debug_log
+ ("Cannot initialize registered module '%s': %s\n",
+ providers[i].info.library_description,
+ p11_kit_strerror(rv));
+ }
+ }
- return 0;
+ return 0;
}
/**
@@ -579,31 +555,28 @@ int gnutls_pkcs11_reinit (void)
*
* Since: 2.12.0
**/
-void
-gnutls_pkcs11_deinit (void)
-{
- unsigned int i;
-
- init--;
- if (init > 0)
- return;
- if (init < 0)
- {
- init = 0;
- return;
- }
-
- for (i = 0; i < active_providers; i++)
- {
- p11_kit_module_finalize (providers[i].module);
- p11_kit_module_release (providers[i].module);
- }
- active_providers = 0;
-
- gnutls_pkcs11_set_pin_function (NULL, NULL);
- gnutls_pkcs11_set_token_function (NULL, NULL);
- p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
- NULL);
+void gnutls_pkcs11_deinit(void)
+{
+ unsigned int i;
+
+ init--;
+ if (init > 0)
+ return;
+ if (init < 0) {
+ init = 0;
+ return;
+ }
+
+ for (i = 0; i < active_providers; i++) {
+ p11_kit_module_finalize(providers[i].module);
+ p11_kit_module_release(providers[i].module);
+ }
+ active_providers = 0;
+
+ gnutls_pkcs11_set_pin_function(NULL, NULL);
+ gnutls_pkcs11_set_token_function(NULL, NULL);
+ p11_kit_pin_unregister_callback(P11_KIT_PIN_FALLBACK,
+ p11_kit_pin_file_callback, NULL);
}
/**
@@ -617,75 +590,70 @@ gnutls_pkcs11_deinit (void)
* Since: 2.12.0
**/
void
-gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
- void *userdata)
+gnutls_pkcs11_set_token_function(gnutls_pkcs11_token_callback_t fn,
+ void *userdata)
{
- _gnutls_token_func = fn;
- _gnutls_token_data = userdata;
+ _gnutls_token_func = fn;
+ _gnutls_token_data = userdata;
}
-int
-pkcs11_url_to_info (const char *url, struct p11_kit_uri **info)
-{
- int allocated = 0;
- int ret;
-
- if (*info == NULL)
- {
- *info = p11_kit_uri_new ();
- if (*info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- allocated = 1;
- }
-
- ret = p11_kit_uri_parse (url, P11_KIT_URI_FOR_ANY, *info);
- if (ret < 0)
- {
- if (allocated)
- {
- p11_kit_uri_free (*info);
- *info = NULL;
- }
- gnutls_assert ();
- return ret == P11_KIT_URI_NO_MEMORY ?
- GNUTLS_E_MEMORY_ERROR : GNUTLS_E_PARSING_ERROR;
- }
-
- return 0;
+int pkcs11_url_to_info(const char *url, struct p11_kit_uri **info)
+{
+ int allocated = 0;
+ int ret;
+
+ if (*info == NULL) {
+ *info = p11_kit_uri_new();
+ if (*info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ allocated = 1;
+ }
+
+ ret = p11_kit_uri_parse(url, P11_KIT_URI_FOR_ANY, *info);
+ if (ret < 0) {
+ if (allocated) {
+ p11_kit_uri_free(*info);
+ *info = NULL;
+ }
+ gnutls_assert();
+ return ret == P11_KIT_URI_NO_MEMORY ?
+ GNUTLS_E_MEMORY_ERROR : GNUTLS_E_PARSING_ERROR;
+ }
+
+ return 0;
}
int
-pkcs11_info_to_url (struct p11_kit_uri *info,
- gnutls_pkcs11_url_type_t detailed, char **url)
-{
- p11_kit_uri_type_t type = 0;
- int ret;
-
- switch (detailed)
- {
- case GNUTLS_PKCS11_URL_GENERIC:
- type = P11_KIT_URI_FOR_OBJECT_ON_TOKEN;
- break;
- case GNUTLS_PKCS11_URL_LIB:
- type = P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE;
- break;
- case GNUTLS_PKCS11_URL_LIB_VERSION:
- type = P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE | P11_KIT_URI_FOR_MODULE_WITH_VERSION;
- break;
- }
-
- ret = p11_kit_uri_format (info, type, url);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret == P11_KIT_URI_NO_MEMORY ?
- GNUTLS_E_MEMORY_ERROR : GNUTLS_E_INTERNAL_ERROR;
- }
-
- return 0;
+pkcs11_info_to_url(struct p11_kit_uri *info,
+ gnutls_pkcs11_url_type_t detailed, char **url)
+{
+ p11_kit_uri_type_t type = 0;
+ int ret;
+
+ switch (detailed) {
+ case GNUTLS_PKCS11_URL_GENERIC:
+ type = P11_KIT_URI_FOR_OBJECT_ON_TOKEN;
+ break;
+ case GNUTLS_PKCS11_URL_LIB:
+ type = P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE;
+ break;
+ case GNUTLS_PKCS11_URL_LIB_VERSION:
+ type =
+ P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE |
+ P11_KIT_URI_FOR_MODULE_WITH_VERSION;
+ break;
+ }
+
+ ret = p11_kit_uri_format(info, type, url);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret == P11_KIT_URI_NO_MEMORY ?
+ GNUTLS_E_MEMORY_ERROR : GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return 0;
}
/**
@@ -699,25 +667,22 @@ pkcs11_info_to_url (struct p11_kit_uri *info,
*
* Since: 2.12.0
**/
-int
-gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj)
+int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj)
{
- *obj = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_obj_st));
- if (*obj == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ *obj = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_obj_st));
+ if (*obj == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- (*obj)->info = p11_kit_uri_new ();
- if ((*obj)->info == NULL)
- {
- free (*obj);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ (*obj)->info = p11_kit_uri_new();
+ if ((*obj)->info == NULL) {
+ free(*obj);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
/**
@@ -733,12 +698,12 @@ gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj)
* Since: 3.1.0
**/
void
-gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t obj,
- gnutls_pin_callback_t fn,
- void *userdata)
+gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj,
+ gnutls_pin_callback_t fn,
+ void *userdata)
{
- obj->pin.cb = fn;
- obj->pin.data = userdata;
+ obj->pin.cb = fn;
+ obj->pin.data = userdata;
}
/**
@@ -749,12 +714,11 @@ gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t obj,
*
* Since: 2.12.0
**/
-void
-gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj)
+void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t obj)
{
- _gnutls_free_datum (&obj->raw);
- p11_kit_uri_free (obj->info);
- free (obj);
+ _gnutls_free_datum(&obj->raw);
+ p11_kit_uri_free(obj->info);
+ free(obj);
}
/**
@@ -778,25 +742,23 @@ gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj)
* Since: 2.12.0
**/
int
-gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
- void *output_data, size_t * output_data_size)
+gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
+ void *output_data, size_t * output_data_size)
{
- if (obj == NULL || obj->raw.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (obj == NULL || obj->raw.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (output_data == NULL || *output_data_size < obj->raw.size)
- {
- *output_data_size = obj->raw.size;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *output_data_size = obj->raw.size;
+ if (output_data == NULL || *output_data_size < obj->raw.size) {
+ *output_data_size = obj->raw.size;
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *output_data_size = obj->raw.size;
- memcpy (output_data, obj->raw.data, obj->raw.size);
- return 0;
+ memcpy(output_data, obj->raw.data, obj->raw.size);
+ return 0;
}
/**
@@ -816,740 +778,696 @@ gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
* Since: 3.1.3
**/
int
-gnutls_pkcs11_obj_export2 (gnutls_pkcs11_obj_t obj,
- gnutls_datum_t *out)
+gnutls_pkcs11_obj_export2(gnutls_pkcs11_obj_t obj, gnutls_datum_t * out)
{
- if (obj == NULL || obj->raw.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (obj == NULL || obj->raw.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_set_datum(out, obj->raw.data, obj->raw.size);
+ return _gnutls_set_datum(out, obj->raw.data, obj->raw.size);
}
int
-pkcs11_find_slot (struct ck_function_list ** module, ck_slot_id_t * slot,
- struct p11_kit_uri *info, struct token_info *_tinfo)
-{
- unsigned int x, z;
- int ret;
- unsigned long nslots;
- ck_slot_id_t slots[MAX_SLOTS];
-
- for (x = 0; x < active_providers; x++)
- {
- nslots = sizeof(slots)/sizeof(slots[0]);
- ret = scan_slots(&providers[x], slots, &nslots);
- if (ret < 0)
- {
- gnutls_assert();
- continue;
- }
-
- for (z = 0; z < nslots; z++)
- {
- struct token_info tinfo;
-
- if (pkcs11_get_token_info
- (providers[x].module, slots[z], &tinfo.tinfo) != CKR_OK)
- {
- continue;
- }
- tinfo.sid = slots[z];
- tinfo.prov = &providers[x];
-
- if (pkcs11_get_slot_info
- (providers[x].module, slots[z],
- &tinfo.sinfo) != CKR_OK)
- {
- continue;
- }
-
- if (!p11_kit_uri_match_token_info (info, &tinfo.tinfo) ||
- !p11_kit_uri_match_module_info (info, &providers[x].info))
- {
- continue;
- }
-
- /* ok found */
- *module = providers[x].module;
- *slot = slots[z];
-
- if (_tinfo != NULL)
- memcpy (_tinfo, &tinfo, sizeof (tinfo));
-
- return 0;
- }
- }
-
- gnutls_assert ();
- return GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE;
+pkcs11_find_slot(struct ck_function_list **module, ck_slot_id_t * slot,
+ struct p11_kit_uri *info, struct token_info *_tinfo)
+{
+ unsigned int x, z;
+ int ret;
+ unsigned long nslots;
+ ck_slot_id_t slots[MAX_SLOTS];
+
+ for (x = 0; x < active_providers; x++) {
+ nslots = sizeof(slots) / sizeof(slots[0]);
+ ret = scan_slots(&providers[x], slots, &nslots);
+ if (ret < 0) {
+ gnutls_assert();
+ continue;
+ }
+
+ for (z = 0; z < nslots; z++) {
+ struct token_info tinfo;
+
+ if (pkcs11_get_token_info
+ (providers[x].module, slots[z],
+ &tinfo.tinfo) != CKR_OK) {
+ continue;
+ }
+ tinfo.sid = slots[z];
+ tinfo.prov = &providers[x];
+
+ if (pkcs11_get_slot_info
+ (providers[x].module, slots[z],
+ &tinfo.sinfo) != CKR_OK) {
+ continue;
+ }
+
+ if (!p11_kit_uri_match_token_info
+ (info, &tinfo.tinfo)
+ || !p11_kit_uri_match_module_info(info,
+ &providers
+ [x].info)) {
+ continue;
+ }
+
+ /* ok found */
+ *module = providers[x].module;
+ *slot = slots[z];
+
+ if (_tinfo != NULL)
+ memcpy(_tinfo, &tinfo, sizeof(tinfo));
+
+ return 0;
+ }
+ }
+
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE;
}
int
-pkcs11_open_session (struct pkcs11_session_info *sinfo,
- struct pin_info_st *pin_info,
- struct p11_kit_uri *info,
- unsigned int flags)
-{
- ck_rv_t rv;
- int ret;
- ck_session_handle_t pks = 0;
- struct ck_function_list *module;
- ck_slot_id_t slot;
- struct token_info tinfo;
-
- ret = pkcs11_find_slot (&module, &slot, info, &tinfo);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- rv = (module)->C_OpenSession (slot,
- ((flags & SESSION_WRITE)
- ? CKF_RW_SESSION : 0) |
- CKF_SERIAL_SESSION, NULL, NULL, &pks);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- return pkcs11_rv_to_err (rv);
- }
-
- /* ok found */
- sinfo->pks = pks;
- sinfo->module = module;
- sinfo->init = 1;
- memcpy(&sinfo->tinfo, &tinfo.tinfo, sizeof(sinfo->tinfo));
-
- if (flags & SESSION_LOGIN)
- {
- ret = pkcs11_login (sinfo, pin_info, &tinfo, info, (flags & SESSION_SO) ? 1 : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- pkcs11_close_session (sinfo);
- return ret;
- }
- }
-
- return 0;
+pkcs11_open_session(struct pkcs11_session_info *sinfo,
+ struct pin_info_st *pin_info,
+ struct p11_kit_uri *info, unsigned int flags)
+{
+ ck_rv_t rv;
+ int ret;
+ ck_session_handle_t pks = 0;
+ struct ck_function_list *module;
+ ck_slot_id_t slot;
+ struct token_info tinfo;
+
+ ret = pkcs11_find_slot(&module, &slot, info, &tinfo);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ rv = (module)->C_OpenSession(slot, ((flags & SESSION_WRITE)
+ ? CKF_RW_SESSION : 0) |
+ CKF_SERIAL_SESSION, NULL, NULL, &pks);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ return pkcs11_rv_to_err(rv);
+ }
+
+ /* ok found */
+ sinfo->pks = pks;
+ sinfo->module = module;
+ sinfo->init = 1;
+ memcpy(&sinfo->tinfo, &tinfo.tinfo, sizeof(sinfo->tinfo));
+
+ if (flags & SESSION_LOGIN) {
+ ret =
+ pkcs11_login(sinfo, pin_info, &tinfo, info,
+ (flags & SESSION_SO) ? 1 : 0);
+ if (ret < 0) {
+ gnutls_assert();
+ pkcs11_close_session(sinfo);
+ return ret;
+ }
+ }
+
+ return 0;
}
int
-_pkcs11_traverse_tokens (find_func_t find_func, void *input,
- struct p11_kit_uri *info,
- struct pin_info_st *pin_info,
- unsigned int flags)
-{
- ck_rv_t rv;
- unsigned int found = 0, x, z;
- int ret;
- ck_session_handle_t pks = 0;
- struct pkcs11_session_info sinfo;
- struct ck_function_list *module = NULL;
- unsigned long nslots;
- ck_slot_id_t slots[MAX_SLOTS];
-
- for (x = 0; x < active_providers; x++)
- {
- nslots = sizeof(slots)/sizeof(slots[0]);
- ret = scan_slots(&providers[x], slots, &nslots);
- if (ret < 0)
- {
- gnutls_assert();
- continue;
- }
-
- module = providers[x].module;
- for (z = 0; z < nslots; z++)
- {
- struct token_info tinfo;
-
- if (pkcs11_get_token_info (module, slots[z],
- &tinfo.tinfo) != CKR_OK)
- {
- continue;
- }
- tinfo.sid = slots[z];
- tinfo.prov = &providers[x];
-
- if (pkcs11_get_slot_info (module, slots[z],
- &tinfo.sinfo) != CKR_OK)
- {
- continue;
- }
-
- rv = (module)->C_OpenSession (slots[z],
- ((flags & SESSION_WRITE)
- ? CKF_RW_SESSION : 0) |
- CKF_SERIAL_SESSION, NULL, NULL, &pks);
- if (rv != CKR_OK)
- {
- continue;
- }
-
- sinfo.module = module;
- sinfo.pks = pks;
-
- if (flags & SESSION_LOGIN)
- {
- ret = pkcs11_login (&sinfo, pin_info, &tinfo, info, (flags & SESSION_SO) ? 1 : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- ret = find_func (&sinfo, &tinfo, &providers[x].info, input);
-
- if (ret == 0)
- {
- found = 1;
- goto finish;
- }
- else
- {
- pkcs11_close_session (&sinfo);
- pks = 0;
- }
- }
- }
-
-finish:
- /* final call */
-
- if (found == 0)
- {
- if (module)
- {
- sinfo.module = module;
- sinfo.pks = pks;
- ret = find_func (&sinfo, NULL, NULL, input);
- }
- else
- ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- }
- else
- {
- ret = 0;
- }
-
- if (pks != 0 && module != NULL)
- {
- pkcs11_close_session (&sinfo);
- }
-
- return ret;
+_pkcs11_traverse_tokens(find_func_t find_func, void *input,
+ struct p11_kit_uri *info,
+ struct pin_info_st *pin_info, unsigned int flags)
+{
+ ck_rv_t rv;
+ unsigned int found = 0, x, z;
+ int ret;
+ ck_session_handle_t pks = 0;
+ struct pkcs11_session_info sinfo;
+ struct ck_function_list *module = NULL;
+ unsigned long nslots;
+ ck_slot_id_t slots[MAX_SLOTS];
+
+ for (x = 0; x < active_providers; x++) {
+ nslots = sizeof(slots) / sizeof(slots[0]);
+ ret = scan_slots(&providers[x], slots, &nslots);
+ if (ret < 0) {
+ gnutls_assert();
+ continue;
+ }
+
+ module = providers[x].module;
+ for (z = 0; z < nslots; z++) {
+ struct token_info tinfo;
+
+ if (pkcs11_get_token_info(module, slots[z],
+ &tinfo.tinfo) != CKR_OK)
+ {
+ continue;
+ }
+ tinfo.sid = slots[z];
+ tinfo.prov = &providers[x];
+
+ if (pkcs11_get_slot_info(module, slots[z],
+ &tinfo.sinfo) != CKR_OK) {
+ continue;
+ }
+
+ rv = (module)->C_OpenSession(slots[z],
+ ((flags &
+ SESSION_WRITE)
+ ? CKF_RW_SESSION : 0)
+ | CKF_SERIAL_SESSION,
+ NULL, NULL, &pks);
+ if (rv != CKR_OK) {
+ continue;
+ }
+
+ sinfo.module = module;
+ sinfo.pks = pks;
+
+ if (flags & SESSION_LOGIN) {
+ ret =
+ pkcs11_login(&sinfo, pin_info, &tinfo,
+ info,
+ (flags & SESSION_SO) ? 1 :
+ 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ ret =
+ find_func(&sinfo, &tinfo, &providers[x].info,
+ input);
+
+ if (ret == 0) {
+ found = 1;
+ goto finish;
+ } else {
+ pkcs11_close_session(&sinfo);
+ pks = 0;
+ }
+ }
+ }
+
+ finish:
+ /* final call */
+
+ if (found == 0) {
+ if (module) {
+ sinfo.module = module;
+ sinfo.pks = pks;
+ ret = find_func(&sinfo, NULL, NULL, input);
+ } else
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ } else {
+ ret = 0;
+ }
+
+ if (pks != 0 && module != NULL) {
+ pkcs11_close_session(&sinfo);
+ }
+
+ return ret;
}
/* imports an object from a token to a pkcs11_obj_t structure.
*/
static int
-pkcs11_obj_import (ck_object_class_t class, gnutls_pkcs11_obj_t obj,
- const gnutls_datum_t * data,
- const gnutls_datum_t * id,
- const gnutls_datum_t * label,
- struct ck_token_info *tinfo, struct ck_info *lib_info)
-{
- struct ck_attribute attr;
- int ret;
-
- switch (class)
- {
- case CKO_CERTIFICATE:
- obj->type = GNUTLS_PKCS11_OBJ_X509_CRT;
- break;
- case CKO_PUBLIC_KEY:
- obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
- break;
- case CKO_PRIVATE_KEY:
- obj->type = GNUTLS_PKCS11_OBJ_PRIVKEY;
- break;
- case CKO_SECRET_KEY:
- obj->type = GNUTLS_PKCS11_OBJ_SECRET_KEY;
- break;
- case CKO_DATA:
- obj->type = GNUTLS_PKCS11_OBJ_DATA;
- break;
- default:
- obj->type = GNUTLS_PKCS11_OBJ_UNKNOWN;
- }
-
- attr.type = CKA_CLASS;
- attr.value = &class;
- attr.value_len = sizeof (class);
- ret = p11_kit_uri_set_attribute (obj->info, &attr);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (data && data->data)
- {
- ret = _gnutls_set_datum (&obj->raw, data->data, data->size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- /* copy the token and library info into the uri */
- memcpy (p11_kit_uri_get_token_info (obj->info), tinfo, sizeof (struct ck_token_info));
- memcpy (p11_kit_uri_get_module_info (obj->info), lib_info, sizeof (struct ck_info));
-
- if (label && label->data)
- {
- attr.type = CKA_LABEL;
- attr.value = label->data;
- attr.value_len = label->size;
- ret = p11_kit_uri_set_attribute (obj->info, &attr);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
-
- if (id && id->data)
- {
- attr.type = CKA_ID;
- attr.value = id->data;
- attr.value_len = id->size;
- ret = p11_kit_uri_set_attribute (obj->info, &attr);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
-
- return 0;
+pkcs11_obj_import(ck_object_class_t class, gnutls_pkcs11_obj_t obj,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * id,
+ const gnutls_datum_t * label,
+ struct ck_token_info *tinfo, struct ck_info *lib_info)
+{
+ struct ck_attribute attr;
+ int ret;
+
+ switch (class) {
+ case CKO_CERTIFICATE:
+ obj->type = GNUTLS_PKCS11_OBJ_X509_CRT;
+ break;
+ case CKO_PUBLIC_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
+ break;
+ case CKO_PRIVATE_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_PRIVKEY;
+ break;
+ case CKO_SECRET_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_SECRET_KEY;
+ break;
+ case CKO_DATA:
+ obj->type = GNUTLS_PKCS11_OBJ_DATA;
+ break;
+ default:
+ obj->type = GNUTLS_PKCS11_OBJ_UNKNOWN;
+ }
+
+ attr.type = CKA_CLASS;
+ attr.value = &class;
+ attr.value_len = sizeof(class);
+ ret = p11_kit_uri_set_attribute(obj->info, &attr);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (data && data->data) {
+ ret = _gnutls_set_datum(&obj->raw, data->data, data->size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ /* copy the token and library info into the uri */
+ memcpy(p11_kit_uri_get_token_info(obj->info), tinfo,
+ sizeof(struct ck_token_info));
+ memcpy(p11_kit_uri_get_module_info(obj->info), lib_info,
+ sizeof(struct ck_info));
+
+ if (label && label->data) {
+ attr.type = CKA_LABEL;
+ attr.value = label->data;
+ attr.value_len = label->size;
+ ret = p11_kit_uri_set_attribute(obj->info, &attr);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+
+ if (id && id->data) {
+ attr.type = CKA_ID;
+ attr.value = id->data;
+ attr.value_len = id->size;
+ ret = p11_kit_uri_set_attribute(obj->info, &attr);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+
+ return 0;
}
int pkcs11_read_pubkey(struct ck_function_list *module,
- ck_session_handle_t pks, ck_object_handle_t obj,
- ck_key_type_t key_type, gnutls_datum_t * pubkey)
-{
- struct ck_attribute a[4];
- uint8_t tmp1[2048];
- uint8_t tmp2[2048];
- int ret;
-
- switch (key_type)
- {
- case CKK_RSA:
- a[0].type = CKA_MODULUS;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_PUBLIC_EXPONENT;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 2) == CKR_OK)
- {
-
- ret =
- _gnutls_set_datum (&pubkey[0],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&pubkey
- [1], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&pubkey[1]);
- _gnutls_free_datum (&pubkey[0]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
- break;
- case CKK_DSA:
- a[0].type = CKA_PRIME;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_SUBPRIME;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 2) == CKR_OK)
- {
- ret =
- _gnutls_set_datum (&pubkey[0],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&pubkey
- [1], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&pubkey[1]);
- _gnutls_free_datum (&pubkey[0]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
-
- a[0].type = CKA_BASE;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_VALUE;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 2) == CKR_OK)
- {
- ret =
- _gnutls_set_datum (&pubkey[2],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&pubkey
- [3], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&pubkey[0]);
- _gnutls_free_datum (&pubkey[1]);
- _gnutls_free_datum (&pubkey[2]);
- _gnutls_free_datum (&pubkey[3]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
- break;
- case CKK_ECDSA:
- a[0].type = CKA_EC_PARAMS;
- a[0].value = tmp1;
- a[0].value_len = sizeof (tmp1);
- a[1].type = CKA_EC_POINT;
- a[1].value = tmp2;
- a[1].value_len = sizeof (tmp2);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 2) == CKR_OK)
- {
- ret =
- _gnutls_set_datum (&pubkey[0],
- a[0].value, a[0].value_len);
-
- if (ret >= 0)
- ret =
- _gnutls_set_datum (&pubkey
- [1], a[1].value, a[1].value_len);
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&pubkey[1]);
- _gnutls_free_datum (&pubkey[0]);
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_ERROR;
- }
-
- break;
- default:
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- }
-
- return 0;
+ ck_session_handle_t pks, ck_object_handle_t obj,
+ ck_key_type_t key_type, gnutls_datum_t * pubkey)
+{
+ struct ck_attribute a[4];
+ uint8_t tmp1[2048];
+ uint8_t tmp2[2048];
+ int ret;
+
+ switch (key_type) {
+ case CKK_RSA:
+ a[0].type = CKA_MODULUS;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof(tmp1);
+ a[1].type = CKA_PUBLIC_EXPONENT;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof(tmp2);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+ CKR_OK) {
+
+ ret =
+ _gnutls_set_datum(&pubkey[0],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum(&pubkey
+ [1], a[1].value,
+ a[1].value_len);
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&pubkey[1]);
+ _gnutls_free_datum(&pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+ break;
+ case CKK_DSA:
+ a[0].type = CKA_PRIME;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof(tmp1);
+ a[1].type = CKA_SUBPRIME;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof(tmp2);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+ CKR_OK) {
+ ret =
+ _gnutls_set_datum(&pubkey[0], a[0].value,
+ a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum(&pubkey
+ [1], a[1].value,
+ a[1].value_len);
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&pubkey[1]);
+ _gnutls_free_datum(&pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+
+ a[0].type = CKA_BASE;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof(tmp1);
+ a[1].type = CKA_VALUE;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof(tmp2);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+ CKR_OK) {
+ ret =
+ _gnutls_set_datum(&pubkey[2], a[0].value,
+ a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum(&pubkey
+ [3], a[1].value,
+ a[1].value_len);
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&pubkey[0]);
+ _gnutls_free_datum(&pubkey[1]);
+ _gnutls_free_datum(&pubkey[2]);
+ _gnutls_free_datum(&pubkey[3]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+ break;
+ case CKK_ECDSA:
+ a[0].type = CKA_EC_PARAMS;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof(tmp1);
+ a[1].type = CKA_EC_POINT;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof(tmp2);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+ CKR_OK) {
+ ret =
+ _gnutls_set_datum(&pubkey[0], a[0].value,
+ a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum(&pubkey
+ [1], a[1].value,
+ a[1].value_len);
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&pubkey[1]);
+ _gnutls_free_datum(&pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+
+ break;
+ default:
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
+
+ return 0;
}
static int
-pkcs11_obj_import_pubkey (struct ck_function_list *module,
- ck_session_handle_t pks,
- ck_object_handle_t obj,
- gnutls_pkcs11_obj_t crt,
- const gnutls_datum_t * id,
- const gnutls_datum_t * label,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info)
-{
- struct ck_attribute a[4];
- ck_key_type_t key_type;
- int ret;
- ck_bool_t tval;
-
- a[0].type = CKA_KEY_TYPE;
- a[0].value = &key_type;
- a[0].value_len = sizeof (key_type);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- crt->pk_algorithm = mech_to_pk(key_type);
-
- ret = pkcs11_read_pubkey(module, pks, obj, key_type, crt->pubkey);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- /* read key usage flags */
- a[0].type = CKA_ENCRYPT;
- a[0].value = &tval;
- a[0].value_len = sizeof (tval);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
- }
- }
-
- a[0].type = CKA_VERIFY;
- a[0].value = &tval;
- a[0].value_len = sizeof (tval);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
- GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
- | GNUTLS_KEY_NON_REPUDIATION;
- }
- }
-
- a[0].type = CKA_VERIFY_RECOVER;
- a[0].value = &tval;
- a[0].value_len = sizeof (tval);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
- GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
- | GNUTLS_KEY_NON_REPUDIATION;
- }
- }
-
- a[0].type = CKA_DERIVE;
- a[0].value = &tval;
- a[0].value_len = sizeof (tval);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT;
- }
- }
-
- a[0].type = CKA_WRAP;
- a[0].value = &tval;
- a[0].value_len = sizeof (tval);
-
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
- {
- if (tval != 0)
- {
- crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
- }
- }
-
- return pkcs11_obj_import (CKO_PUBLIC_KEY, crt, NULL, id, label,
- tinfo, lib_info);
+pkcs11_obj_import_pubkey(struct ck_function_list *module,
+ ck_session_handle_t pks,
+ ck_object_handle_t obj,
+ gnutls_pkcs11_obj_t crt,
+ const gnutls_datum_t * id,
+ const gnutls_datum_t * label,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info)
+{
+ struct ck_attribute a[4];
+ ck_key_type_t key_type;
+ int ret;
+ ck_bool_t tval;
+
+ a[0].type = CKA_KEY_TYPE;
+ a[0].value = &key_type;
+ a[0].value_len = sizeof(key_type);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ crt->pk_algorithm = mech_to_pk(key_type);
+
+ ret =
+ pkcs11_read_pubkey(module, pks, obj, key_type,
+ crt->pubkey);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ /* read key usage flags */
+ a[0].type = CKA_ENCRYPT;
+ a[0].value = &tval;
+ a[0].value_len = sizeof(tval);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ if (tval != 0) {
+ crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
+ }
+ }
+
+ a[0].type = CKA_VERIFY;
+ a[0].value = &tval;
+ a[0].value_len = sizeof(tval);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ if (tval != 0) {
+ crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
+ | GNUTLS_KEY_NON_REPUDIATION;
+ }
+ }
+
+ a[0].type = CKA_VERIFY_RECOVER;
+ a[0].value = &tval;
+ a[0].value_len = sizeof(tval);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ if (tval != 0) {
+ crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
+ | GNUTLS_KEY_NON_REPUDIATION;
+ }
+ }
+
+ a[0].type = CKA_DERIVE;
+ a[0].value = &tval;
+ a[0].value_len = sizeof(tval);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ if (tval != 0) {
+ crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT;
+ }
+ }
+
+ a[0].type = CKA_WRAP;
+ a[0].value = &tval;
+ a[0].value_len = sizeof(tval);
+
+ if (pkcs11_get_attribute_value(module, pks, obj, a, 1) == CKR_OK) {
+ if (tval != 0) {
+ crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ }
+ }
+
+ return pkcs11_obj_import(CKO_PUBLIC_KEY, crt, NULL, id, label,
+ tinfo, lib_info);
}
static int
-find_obj_url (struct pkcs11_session_info *sinfo,
- struct token_info *info, struct ck_info *lib_info, void *input)
-{
- struct url_find_data_st *find_data = input;
- struct ck_attribute a[4];
- struct ck_attribute *attr;
- ck_object_class_t class = -1;
- ck_certificate_type_t type = (ck_certificate_type_t)-1;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, a_vals;
- int found = 0, ret;
- uint8_t *cert_data = NULL;
- char label_tmp[PKCS11_LABEL_SIZE];
- char id_tmp[PKCS11_ID_SIZE];
-
- if (info == NULL)
- { /* we don't support multiple calls */
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* do not bother reading the token if basic fields do not match
- */
- if (!p11_kit_uri_match_token_info (find_data->crt->info, &info->tinfo) ||
- !p11_kit_uri_match_module_info (find_data->crt->info, lib_info))
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- a_vals = 0;
- attr = p11_kit_uri_get_attribute (find_data->crt->info, CKA_ID);
- if (attr)
- {
- memcpy (a + a_vals, attr, sizeof (struct ck_attribute));
- a_vals++;
- }
-
- attr = p11_kit_uri_get_attribute (find_data->crt->info, CKA_LABEL);
- if (attr)
- {
- memcpy (a + a_vals, attr, sizeof (struct ck_attribute));
- a_vals++;
- }
-
- if (!a_vals)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* search the token for the id */
-
- cert_data = gnutls_malloc (MAX_CERT_SIZE);
- if (cert_data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Find objects with given class and type */
- attr = p11_kit_uri_get_attribute (find_data->crt->info, CKA_CLASS);
- if (attr)
- {
- if(attr->value && attr->value_len == sizeof (ck_object_class_t))
- class = *((ck_object_class_t*)attr->value);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
- memcpy (a + a_vals, attr, sizeof (struct ck_attribute));
- a_vals++;
- }
-
- if (type != (ck_certificate_type_t)-1)
- {
- a[a_vals].type = CKA_CERTIFICATE_TYPE;
- a[a_vals].value = &type;
- a[a_vals].value_len = sizeof type;
- a_vals++;
- }
-
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, a_vals);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
- a[0].type = CKA_VALUE;
- a[0].value = cert_data;
- a[0].value_len = MAX_CERT_SIZE;
- a[1].type = CKA_LABEL;
- a[1].value = label_tmp;
- a[1].value_len = sizeof (label_tmp);
- a[2].type = CKA_ID;
- a[2].value = id_tmp;
- a[2].value_len = sizeof(id_tmp);
-
- if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 3) == CKR_OK)
- {
- gnutls_datum_t id = { a[2].value, a[2].value_len };
- gnutls_datum_t data = { a[0].value, a[0].value_len };
- gnutls_datum_t label = { a[1].value, a[1].value_len };
-
- if (class == CKO_PUBLIC_KEY)
- {
- ret =
- pkcs11_obj_import_pubkey (sinfo->module, sinfo->pks, obj,
- find_data->crt,
- &id, &label,
- &info->tinfo, lib_info);
- }
- else
- {
- ret =
- pkcs11_obj_import (class,
- find_data->crt,
- &data, &id, &label,
- &info->tinfo, lib_info);
- }
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- found = 1;
- break;
- }
- else
- {
- _gnutls_debug_log ("pk11: Skipped cert, missing attrs.\n");
- }
- }
-
- if (found == 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- else
- {
- ret = 0;
- }
-
-cleanup:
- gnutls_free (cert_data);
- pkcs11_find_objects_final (sinfo);
-
- return ret;
-}
-
-unsigned int
-pkcs11_obj_flags_to_int (unsigned int flags)
-{
- unsigned int ret_flags = 0;
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN)
- ret_flags |= SESSION_LOGIN;
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO)
- ret_flags |= SESSION_LOGIN|SESSION_SO;
-
- return ret_flags;
+find_obj_url(struct pkcs11_session_info *sinfo,
+ struct token_info *info, struct ck_info *lib_info,
+ void *input)
+{
+ struct url_find_data_st *find_data = input;
+ struct ck_attribute a[4];
+ struct ck_attribute *attr;
+ ck_object_class_t class = -1;
+ ck_certificate_type_t type = (ck_certificate_type_t) - 1;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, a_vals;
+ int found = 0, ret;
+ uint8_t *cert_data = NULL;
+ char label_tmp[PKCS11_LABEL_SIZE];
+ char id_tmp[PKCS11_ID_SIZE];
+
+ if (info == NULL) { /* we don't support multiple calls */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (!p11_kit_uri_match_token_info
+ (find_data->crt->info, &info->tinfo)
+ || !p11_kit_uri_match_module_info(find_data->crt->info,
+ lib_info)) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ a_vals = 0;
+ attr = p11_kit_uri_get_attribute(find_data->crt->info, CKA_ID);
+ if (attr) {
+ memcpy(a + a_vals, attr, sizeof(struct ck_attribute));
+ a_vals++;
+ }
+
+ attr = p11_kit_uri_get_attribute(find_data->crt->info, CKA_LABEL);
+ if (attr) {
+ memcpy(a + a_vals, attr, sizeof(struct ck_attribute));
+ a_vals++;
+ }
+
+ if (!a_vals) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* search the token for the id */
+
+ cert_data = gnutls_malloc(MAX_CERT_SIZE);
+ if (cert_data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Find objects with given class and type */
+ attr = p11_kit_uri_get_attribute(find_data->crt->info, CKA_CLASS);
+ if (attr) {
+ if (attr->value
+ && attr->value_len == sizeof(ck_object_class_t))
+ class = *((ck_object_class_t *) attr->value);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+ memcpy(a + a_vals, attr, sizeof(struct ck_attribute));
+ a_vals++;
+ }
+
+ if (type != (ck_certificate_type_t) - 1) {
+ a[a_vals].type = CKA_CERTIFICATE_TYPE;
+ a[a_vals].value = &type;
+ a[a_vals].value_len = sizeof type;
+ a_vals++;
+ }
+
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a,
+ a_vals);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ while (pkcs11_find_objects
+ (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+ a[0].type = CKA_VALUE;
+ a[0].value = cert_data;
+ a[0].value_len = MAX_CERT_SIZE;
+ a[1].type = CKA_LABEL;
+ a[1].value = label_tmp;
+ a[1].value_len = sizeof(label_tmp);
+ a[2].type = CKA_ID;
+ a[2].value = id_tmp;
+ a[2].value_len = sizeof(id_tmp);
+
+ if (pkcs11_get_attribute_value
+ (sinfo->module, sinfo->pks, obj, a, 3) == CKR_OK) {
+ gnutls_datum_t id = { a[2].value, a[2].value_len };
+ gnutls_datum_t data =
+ { a[0].value, a[0].value_len };
+ gnutls_datum_t label =
+ { a[1].value, a[1].value_len };
+
+ if (class == CKO_PUBLIC_KEY) {
+ ret =
+ pkcs11_obj_import_pubkey(sinfo->module,
+ sinfo->pks,
+ obj,
+ find_data->
+ crt, &id,
+ &label,
+ &info->tinfo,
+ lib_info);
+ } else {
+ ret =
+ pkcs11_obj_import(class,
+ find_data->crt,
+ &data, &id, &label,
+ &info->tinfo,
+ lib_info);
+ }
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ found = 1;
+ break;
+ } else {
+ _gnutls_debug_log
+ ("pk11: Skipped cert, missing attrs.\n");
+ }
+ }
+
+ if (found == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ ret = 0;
+ }
+
+ cleanup:
+ gnutls_free(cert_data);
+ pkcs11_find_objects_final(sinfo);
+
+ return ret;
+}
+
+unsigned int pkcs11_obj_flags_to_int(unsigned int flags)
+{
+ unsigned int ret_flags = 0;
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN)
+ ret_flags |= SESSION_LOGIN;
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO)
+ ret_flags |= SESSION_LOGIN | SESSION_SO;
+
+ return ret_flags;
}
/**
@@ -1569,67 +1487,65 @@ pkcs11_obj_flags_to_int (unsigned int flags)
* Since: 2.12.0
**/
int
-gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t obj, const char *url,
- unsigned int flags)
+gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t obj, const char *url,
+ unsigned int flags)
{
- int ret;
- struct url_find_data_st find_data;
+ int ret;
+ struct url_find_data_st find_data;
- /* fill in the find data structure */
- find_data.crt = obj;
+ /* fill in the find data structure */
+ find_data.crt = obj;
- ret = pkcs11_url_to_info (url, &obj->info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = pkcs11_url_to_info(url, &obj->info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret =
- _pkcs11_traverse_tokens (find_obj_url, &find_data, obj->info,
- &obj->pin, pkcs11_obj_flags_to_int (flags));
+ ret =
+ _pkcs11_traverse_tokens(find_obj_url, &find_data, obj->info,
+ &obj->pin,
+ pkcs11_obj_flags_to_int(flags));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
-struct token_num
-{
- struct p11_kit_uri *info;
- unsigned int seq; /* which one we are looking for */
- unsigned int current; /* which one are we now */
+struct token_num {
+ struct p11_kit_uri *info;
+ unsigned int seq; /* which one we are looking for */
+ unsigned int current; /* which one are we now */
};
static int
-find_token_num (struct pkcs11_session_info* sinfo,
- struct token_info *tinfo,
- struct ck_info *lib_info, void *input)
+find_token_num(struct pkcs11_session_info *sinfo,
+ struct token_info *tinfo,
+ struct ck_info *lib_info, void *input)
{
- struct token_num *find_data = input;
+ struct token_num *find_data = input;
- if (tinfo == NULL)
- { /* we don't support multiple calls */
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (tinfo == NULL) { /* we don't support multiple calls */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (find_data->current == find_data->seq)
- {
- memcpy (p11_kit_uri_get_token_info (find_data->info), &tinfo->tinfo, sizeof (struct ck_token_info));
- memcpy (p11_kit_uri_get_module_info (find_data->info), lib_info, sizeof (struct ck_info));
- return 0;
- }
+ if (find_data->current == find_data->seq) {
+ memcpy(p11_kit_uri_get_token_info(find_data->info),
+ &tinfo->tinfo, sizeof(struct ck_token_info));
+ memcpy(p11_kit_uri_get_module_info(find_data->info),
+ lib_info, sizeof(struct ck_info));
+ return 0;
+ }
- find_data->current++;
- /* search the token for the id */
+ find_data->current++;
+ /* search the token for the id */
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */
}
/**
@@ -1648,34 +1564,32 @@ find_token_num (struct pkcs11_session_info* sinfo,
* Since: 2.12.0
**/
int
-gnutls_pkcs11_token_get_url (unsigned int seq,
- gnutls_pkcs11_url_type_t detailed, char **url)
+gnutls_pkcs11_token_get_url(unsigned int seq,
+ gnutls_pkcs11_url_type_t detailed, char **url)
{
- int ret;
- struct token_num tn;
+ int ret;
+ struct token_num tn;
- memset (&tn, 0, sizeof (tn));
- tn.seq = seq;
- tn.info = p11_kit_uri_new ();
+ memset(&tn, 0, sizeof(tn));
+ tn.seq = seq;
+ tn.info = p11_kit_uri_new();
- ret = _pkcs11_traverse_tokens (find_token_num, &tn, NULL, NULL, 0);
- if (ret < 0)
- {
- p11_kit_uri_free (tn.info);
- gnutls_assert ();
- return ret;
- }
+ ret = _pkcs11_traverse_tokens(find_token_num, &tn, NULL, NULL, 0);
+ if (ret < 0) {
+ p11_kit_uri_free(tn.info);
+ gnutls_assert();
+ return ret;
+ }
- ret = pkcs11_info_to_url (tn.info, detailed, url);
- p11_kit_uri_free (tn.info);
+ ret = pkcs11_info_to_url(tn.info, detailed, url);
+ p11_kit_uri_free(tn.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -1695,62 +1609,59 @@ gnutls_pkcs11_token_get_url (unsigned int seq,
* Since: 2.12.0
**/
int
-gnutls_pkcs11_token_get_info (const char *url,
- gnutls_pkcs11_token_info_t ttype,
- void *output, size_t * output_size)
-{
- struct p11_kit_uri *info = NULL;
- const uint8_t *str;
- size_t str_max;
- size_t len;
- int ret;
-
- ret = pkcs11_url_to_info (url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- switch (ttype)
- {
- case GNUTLS_PKCS11_TOKEN_LABEL:
- str = p11_kit_uri_get_token_info (info)->label;
- str_max = 32;
- break;
- case GNUTLS_PKCS11_TOKEN_SERIAL:
- str = p11_kit_uri_get_token_info (info)->serial_number;
- str_max = 16;
- break;
- case GNUTLS_PKCS11_TOKEN_MANUFACTURER:
- str = p11_kit_uri_get_token_info (info)->manufacturer_id;
- str_max = 32;
- break;
- case GNUTLS_PKCS11_TOKEN_MODEL:
- str = p11_kit_uri_get_token_info (info)->model;
- str_max = 16;
- break;
- default:
- p11_kit_uri_free (info);
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = p11_kit_space_strlen (str, str_max);
-
- if (len + 1 > *output_size)
- {
- *output_size = len + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (output, str, len);
- ((char*)output)[len] = '\0';
-
- *output_size = len;
-
- p11_kit_uri_free (info);
- return 0;
+gnutls_pkcs11_token_get_info(const char *url,
+ gnutls_pkcs11_token_info_t ttype,
+ void *output, size_t * output_size)
+{
+ struct p11_kit_uri *info = NULL;
+ const uint8_t *str;
+ size_t str_max;
+ size_t len;
+ int ret;
+
+ ret = pkcs11_url_to_info(url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ switch (ttype) {
+ case GNUTLS_PKCS11_TOKEN_LABEL:
+ str = p11_kit_uri_get_token_info(info)->label;
+ str_max = 32;
+ break;
+ case GNUTLS_PKCS11_TOKEN_SERIAL:
+ str = p11_kit_uri_get_token_info(info)->serial_number;
+ str_max = 16;
+ break;
+ case GNUTLS_PKCS11_TOKEN_MANUFACTURER:
+ str = p11_kit_uri_get_token_info(info)->manufacturer_id;
+ str_max = 32;
+ break;
+ case GNUTLS_PKCS11_TOKEN_MODEL:
+ str = p11_kit_uri_get_token_info(info)->model;
+ str_max = 16;
+ break;
+ default:
+ p11_kit_uri_free(info);
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = p11_kit_space_strlen(str, str_max);
+
+ if (len + 1 > *output_size) {
+ *output_size = len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy(output, str, len);
+ ((char *) output)[len] = '\0';
+
+ *output_size = len;
+
+ p11_kit_uri_free(info);
+ return 0;
}
/**
@@ -1767,19 +1678,18 @@ gnutls_pkcs11_token_get_info (const char *url,
* Since: 2.12.0
**/
int
-gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj,
- gnutls_pkcs11_url_type_t detailed, char **url)
+gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t obj,
+ gnutls_pkcs11_url_type_t detailed, char **url)
{
- int ret;
+ int ret;
- ret = pkcs11_info_to_url (obj->info, detailed, url);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = pkcs11_info_to_url(obj->info, detailed, url);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -1794,727 +1704,701 @@ gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj,
* Since: 2.12.0
**/
gnutls_pkcs11_obj_type_t
-gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t obj)
+gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t obj)
{
- return obj->type;
+ return obj->type;
}
-struct pkey_list
-{
- gnutls_buffer_st *key_ids;
- size_t key_ids_size;
+struct pkey_list {
+ gnutls_buffer_st *key_ids;
+ size_t key_ids_size;
};
static int
-retrieve_pin_from_source (const char *pinfile, struct ck_token_info *token_info,
- int attempts, ck_user_type_t user_type, struct p11_kit_pin **pin)
-{
- unsigned int flags = 0;
- struct p11_kit_uri *token_uri;
- struct p11_kit_pin *result;
- char *label;
-
- label = p11_kit_space_strdup (token_info->label, sizeof (token_info->label));
- if (label == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- token_uri = p11_kit_uri_new ();
- if (token_uri == NULL)
- {
- free (label);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (p11_kit_uri_get_token_info (token_uri), token_info,
- sizeof (struct ck_token_info));
-
- if (attempts)
- flags |= P11_KIT_PIN_FLAGS_RETRY;
- if (user_type == CKU_USER)
- {
- flags |= P11_KIT_PIN_FLAGS_USER_LOGIN;
- if (token_info->flags & CKF_USER_PIN_COUNT_LOW)
- flags |= P11_KIT_PIN_FLAGS_MANY_TRIES;
- if (token_info->flags & CKF_USER_PIN_FINAL_TRY)
- flags |= P11_KIT_PIN_FLAGS_FINAL_TRY;
- }
- else if (user_type == CKU_SO)
- {
- flags |= P11_KIT_PIN_FLAGS_SO_LOGIN;
- if (token_info->flags & CKF_SO_PIN_COUNT_LOW)
- flags |= P11_KIT_PIN_FLAGS_MANY_TRIES;
- if (token_info->flags & CKF_SO_PIN_FINAL_TRY)
- flags |= P11_KIT_PIN_FLAGS_FINAL_TRY;
- }
- else if (user_type == CKU_CONTEXT_SPECIFIC)
- {
- flags |= P11_KIT_PIN_FLAGS_CONTEXT_LOGIN;
- }
-
- result = p11_kit_pin_request (pinfile, token_uri, label, flags);
- p11_kit_uri_free (token_uri);
- free (label);
-
- if (result == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_PKCS11_PIN_ERROR;
- }
-
- *pin = result;
- return 0;
+retrieve_pin_from_source(const char *pinfile,
+ struct ck_token_info *token_info, int attempts,
+ ck_user_type_t user_type,
+ struct p11_kit_pin **pin)
+{
+ unsigned int flags = 0;
+ struct p11_kit_uri *token_uri;
+ struct p11_kit_pin *result;
+ char *label;
+
+ label =
+ p11_kit_space_strdup(token_info->label,
+ sizeof(token_info->label));
+ if (label == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ token_uri = p11_kit_uri_new();
+ if (token_uri == NULL) {
+ free(label);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(p11_kit_uri_get_token_info(token_uri), token_info,
+ sizeof(struct ck_token_info));
+
+ if (attempts)
+ flags |= P11_KIT_PIN_FLAGS_RETRY;
+ if (user_type == CKU_USER) {
+ flags |= P11_KIT_PIN_FLAGS_USER_LOGIN;
+ if (token_info->flags & CKF_USER_PIN_COUNT_LOW)
+ flags |= P11_KIT_PIN_FLAGS_MANY_TRIES;
+ if (token_info->flags & CKF_USER_PIN_FINAL_TRY)
+ flags |= P11_KIT_PIN_FLAGS_FINAL_TRY;
+ } else if (user_type == CKU_SO) {
+ flags |= P11_KIT_PIN_FLAGS_SO_LOGIN;
+ if (token_info->flags & CKF_SO_PIN_COUNT_LOW)
+ flags |= P11_KIT_PIN_FLAGS_MANY_TRIES;
+ if (token_info->flags & CKF_SO_PIN_FINAL_TRY)
+ flags |= P11_KIT_PIN_FLAGS_FINAL_TRY;
+ } else if (user_type == CKU_CONTEXT_SPECIFIC) {
+ flags |= P11_KIT_PIN_FLAGS_CONTEXT_LOGIN;
+ }
+
+ result = p11_kit_pin_request(pinfile, token_uri, label, flags);
+ p11_kit_uri_free(token_uri);
+ free(label);
+
+ if (result == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_PKCS11_PIN_ERROR;
+ }
+
+ *pin = result;
+ return 0;
}
static int
-retrieve_pin_from_callback (const struct pin_info_st *pin_info,
- struct ck_token_info *token_info,
- int attempts, ck_user_type_t user_type,
- struct p11_kit_pin **pin)
-{
- char pin_value[GNUTLS_PKCS11_MAX_PIN_LEN];
- unsigned int flags = 0;
- char *token_str;
- char *label;
- struct p11_kit_uri *token_uri;
- int ret = 0;
-
- label = p11_kit_space_strdup (token_info->label, sizeof (token_info->label));
- if (label == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- token_uri = p11_kit_uri_new ();
- if (token_uri == NULL)
- {
- free (label);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (p11_kit_uri_get_token_info (token_uri), token_info,
- sizeof (struct ck_token_info));
- ret = pkcs11_info_to_url (token_uri, 1, &token_str);
- p11_kit_uri_free (token_uri);
-
- if (ret < 0)
- {
- free (label);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (user_type == CKU_USER)
- {
- flags |= GNUTLS_PIN_USER;
- if (token_info->flags & CKF_USER_PIN_COUNT_LOW)
- flags |= GNUTLS_PIN_COUNT_LOW;
- if (token_info->flags & CKF_USER_PIN_FINAL_TRY)
- flags |= GNUTLS_PIN_FINAL_TRY;
- }
- else if (user_type == CKU_SO)
- {
- flags |= GNUTLS_PIN_SO;
- if (token_info->flags & CKF_SO_PIN_COUNT_LOW)
- flags |= GNUTLS_PIN_COUNT_LOW;
- if (token_info->flags & CKF_SO_PIN_FINAL_TRY)
- flags |= GNUTLS_PIN_FINAL_TRY;
- }
-
- if (attempts > 0)
- flags |= GNUTLS_PIN_WRONG;
-
- if (pin_info && pin_info->cb)
- ret = pin_info->cb (pin_info->data, attempts, (char*)token_str, label,
- flags, pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
- else if (_gnutls_pin_func)
- ret = _gnutls_pin_func (_gnutls_pin_data, attempts, (char*)token_str, label,
- flags, pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
- else
- ret = gnutls_assert_val(GNUTLS_E_PKCS11_PIN_ERROR);
-
- free (token_str);
- free (label);
-
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_PKCS11_PIN_ERROR);
-
- *pin = p11_kit_pin_new_for_string (pin_value);
-
- if (*pin == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- return 0;
+retrieve_pin_from_callback(const struct pin_info_st *pin_info,
+ struct ck_token_info *token_info,
+ int attempts, ck_user_type_t user_type,
+ struct p11_kit_pin **pin)
+{
+ char pin_value[GNUTLS_PKCS11_MAX_PIN_LEN];
+ unsigned int flags = 0;
+ char *token_str;
+ char *label;
+ struct p11_kit_uri *token_uri;
+ int ret = 0;
+
+ label =
+ p11_kit_space_strdup(token_info->label,
+ sizeof(token_info->label));
+ if (label == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ token_uri = p11_kit_uri_new();
+ if (token_uri == NULL) {
+ free(label);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(p11_kit_uri_get_token_info(token_uri), token_info,
+ sizeof(struct ck_token_info));
+ ret = pkcs11_info_to_url(token_uri, 1, &token_str);
+ p11_kit_uri_free(token_uri);
+
+ if (ret < 0) {
+ free(label);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (user_type == CKU_USER) {
+ flags |= GNUTLS_PIN_USER;
+ if (token_info->flags & CKF_USER_PIN_COUNT_LOW)
+ flags |= GNUTLS_PIN_COUNT_LOW;
+ if (token_info->flags & CKF_USER_PIN_FINAL_TRY)
+ flags |= GNUTLS_PIN_FINAL_TRY;
+ } else if (user_type == CKU_SO) {
+ flags |= GNUTLS_PIN_SO;
+ if (token_info->flags & CKF_SO_PIN_COUNT_LOW)
+ flags |= GNUTLS_PIN_COUNT_LOW;
+ if (token_info->flags & CKF_SO_PIN_FINAL_TRY)
+ flags |= GNUTLS_PIN_FINAL_TRY;
+ }
+
+ if (attempts > 0)
+ flags |= GNUTLS_PIN_WRONG;
+
+ if (pin_info && pin_info->cb)
+ ret =
+ pin_info->cb(pin_info->data, attempts,
+ (char *) token_str, label, flags,
+ pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
+ else if (_gnutls_pin_func)
+ ret =
+ _gnutls_pin_func(_gnutls_pin_data, attempts,
+ (char *) token_str, label, flags,
+ pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
+ else
+ ret = gnutls_assert_val(GNUTLS_E_PKCS11_PIN_ERROR);
+
+ free(token_str);
+ free(label);
+
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_PKCS11_PIN_ERROR);
+
+ *pin = p11_kit_pin_new_for_string(pin_value);
+
+ if (*pin == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ return 0;
}
static int
-retrieve_pin (struct pin_info_st* pin_info, struct p11_kit_uri *info,
- struct ck_token_info *token_info, int attempts,
- ck_user_type_t user_type, struct p11_kit_pin **pin)
-{
- const char *pinfile;
- int ret = GNUTLS_E_PKCS11_PIN_ERROR;
-
- *pin = NULL;
-
- /* Check if a pinfile is specified, and use that if possible */
- pinfile = p11_kit_uri_get_pinfile (info);
- if (pinfile != NULL)
- {
- _gnutls_debug_log("pk11: Using pinfile to retrieve PIN\n");
- ret = retrieve_pin_from_source (pinfile, token_info, attempts, user_type, pin);
- }
-
- /* The global gnutls pin callback */
- if (ret < 0)
- ret = retrieve_pin_from_callback (pin_info, token_info, attempts, user_type, pin);
-
- /* Otherwise, PIN entry is necessary for login, so fail if there's
- * no callback. */
-
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: No suitable pin callback but login required.\n");
- }
-
- return ret;
-}
+retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info,
+ struct ck_token_info *token_info, int attempts,
+ ck_user_type_t user_type, struct p11_kit_pin **pin)
+{
+ const char *pinfile;
+ int ret = GNUTLS_E_PKCS11_PIN_ERROR;
-int
-pkcs11_login (struct pkcs11_session_info * sinfo, struct pin_info_st * pin_info,
- const struct token_info *tokinfo, struct p11_kit_uri *info, int so)
-{
- struct ck_session_info session_info;
- int attempt = 0, ret;
- ck_user_type_t user_type;
- ck_rv_t rv;
-
- user_type = (so == 0) ? CKU_USER : CKU_SO;
- if (so == 0 && (tokinfo->tinfo.flags & CKF_LOGIN_REQUIRED) == 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: No login required.\n");
- return 0;
- }
-
- /* For a token with a "protected" (out-of-band) authentication
- * path, calling login with a NULL username is all that is
- * required. */
- if (tokinfo->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
- {
- rv = (sinfo->module)->C_Login (sinfo->pks, (so == 0) ? CKU_USER : CKU_SO, NULL, 0);
- if (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN)
- {
- return 0;
- }
- else
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: Protected login failed.\n");
- ret = GNUTLS_E_PKCS11_ERROR;
- goto cleanup;
- }
- }
-
- do
- {
- struct p11_kit_pin *pin;
- struct ck_token_info tinfo;
-
- memcpy (&tinfo, &tokinfo->tinfo, sizeof(tinfo));
-
- /* Check whether the session is already logged in, and if so, just skip */
- rv = (sinfo->module)->C_GetSessionInfo (sinfo->pks, &session_info);
- if (rv == CKR_OK && (session_info.state == CKS_RO_USER_FUNCTIONS ||
- session_info.state == CKS_RW_USER_FUNCTIONS))
- {
- ret = 0;
- goto cleanup;
- }
-
- /* If login has been attempted once already, check the token
- * status again, the flags might change. */
- if (attempt)
- {
- if (pkcs11_get_token_info
- (tokinfo->prov->module, tokinfo->sid, &tinfo) != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: GetTokenInfo failed\n");
- ret = GNUTLS_E_PKCS11_ERROR;
- goto cleanup;
- }
- }
-
- ret = retrieve_pin (pin_info, info, &tinfo, attempt++, user_type, &pin);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- rv = (sinfo->module)->C_Login (sinfo->pks, user_type,
- (unsigned char *)p11_kit_pin_get_value (pin, NULL),
- p11_kit_pin_get_length (pin));
-
- p11_kit_pin_unref (pin);
- }
- while (rv == CKR_PIN_INCORRECT);
-
- _gnutls_debug_log ("pk11: Login result = %lu\n", rv);
-
-
- ret = (rv == CKR_OK
- || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err (rv);
-
-cleanup:
- return ret;
-}
+ *pin = NULL;
-int
-pkcs11_call_token_func (struct p11_kit_uri *info, const unsigned retry)
-{
- struct ck_token_info *tinfo;
- char *label;
- int ret = 0;
+ /* Check if a pinfile is specified, and use that if possible */
+ pinfile = p11_kit_uri_get_pinfile(info);
+ if (pinfile != NULL) {
+ _gnutls_debug_log("pk11: Using pinfile to retrieve PIN\n");
+ ret =
+ retrieve_pin_from_source(pinfile, token_info, attempts,
+ user_type, pin);
+ }
+
+ /* The global gnutls pin callback */
+ if (ret < 0)
+ ret =
+ retrieve_pin_from_callback(pin_info, token_info,
+ attempts, user_type, pin);
+
+ /* Otherwise, PIN entry is necessary for login, so fail if there's
+ * no callback. */
- tinfo = p11_kit_uri_get_token_info (info);
- label = p11_kit_space_strdup (tinfo->label, sizeof (tinfo->label));
- ret = (_gnutls_token_func) (_gnutls_token_data, label, retry);
- free (label);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("pk11: No suitable pin callback but login required.\n");
+ }
+
+ return ret;
+}
- return ret;
+int
+pkcs11_login(struct pkcs11_session_info *sinfo,
+ struct pin_info_st *pin_info,
+ const struct token_info *tokinfo, struct p11_kit_uri *info,
+ int so)
+{
+ struct ck_session_info session_info;
+ int attempt = 0, ret;
+ ck_user_type_t user_type;
+ ck_rv_t rv;
+
+ user_type = (so == 0) ? CKU_USER : CKU_SO;
+ if (so == 0 && (tokinfo->tinfo.flags & CKF_LOGIN_REQUIRED) == 0) {
+ gnutls_assert();
+ _gnutls_debug_log("pk11: No login required.\n");
+ return 0;
+ }
+
+ /* For a token with a "protected" (out-of-band) authentication
+ * path, calling login with a NULL username is all that is
+ * required. */
+ if (tokinfo->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
+ rv = (sinfo->module)->C_Login(sinfo->pks,
+ (so ==
+ 0) ? CKU_USER : CKU_SO,
+ NULL, 0);
+ if (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN) {
+ return 0;
+ } else {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("pk11: Protected login failed.\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+ }
+
+ do {
+ struct p11_kit_pin *pin;
+ struct ck_token_info tinfo;
+
+ memcpy(&tinfo, &tokinfo->tinfo, sizeof(tinfo));
+
+ /* Check whether the session is already logged in, and if so, just skip */
+ rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks,
+ &session_info);
+ if (rv == CKR_OK
+ && (session_info.state == CKS_RO_USER_FUNCTIONS
+ || session_info.state == CKS_RW_USER_FUNCTIONS)) {
+ ret = 0;
+ goto cleanup;
+ }
+
+ /* If login has been attempted once already, check the token
+ * status again, the flags might change. */
+ if (attempt) {
+ if (pkcs11_get_token_info
+ (tokinfo->prov->module, tokinfo->sid,
+ &tinfo) != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("pk11: GetTokenInfo failed\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+ }
+
+ ret =
+ retrieve_pin(pin_info, info, &tinfo, attempt++,
+ user_type, &pin);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ rv = (sinfo->module)->C_Login(sinfo->pks, user_type,
+ (unsigned char *)
+ p11_kit_pin_get_value(pin,
+ NULL),
+ p11_kit_pin_get_length(pin));
+
+ p11_kit_pin_unref(pin);
+ }
+ while (rv == CKR_PIN_INCORRECT);
+
+ _gnutls_debug_log("pk11: Login result = %lu\n", rv);
+
+
+ ret = (rv == CKR_OK
+ || rv ==
+ CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err(rv);
+
+ cleanup:
+ return ret;
+}
+
+int pkcs11_call_token_func(struct p11_kit_uri *info, const unsigned retry)
+{
+ struct ck_token_info *tinfo;
+ char *label;
+ int ret = 0;
+
+ tinfo = p11_kit_uri_get_token_info(info);
+ label = p11_kit_space_strdup(tinfo->label, sizeof(tinfo->label));
+ ret = (_gnutls_token_func) (_gnutls_token_data, label, retry);
+ free(label);
+
+ return ret;
}
static int
-find_privkeys (struct pkcs11_session_info* sinfo,
- struct token_info *info, struct pkey_list *list)
-{
- struct ck_attribute a[3];
- ck_object_class_t class;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, current;
- char certid_tmp[PKCS11_ID_SIZE];
-
- class = CKO_PRIVATE_KEY;
-
- /* Find an object with private key class and a certificate ID
- * which matches the certificate. */
- /* FIXME: also match the cert subject. */
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof class;
-
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, 1);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- return pkcs11_rv_to_err (rv);
- }
-
- list->key_ids_size = 0;
- while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
- list->key_ids_size++;
- }
-
- pkcs11_find_objects_final (sinfo);
-
- if (list->key_ids_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- list->key_ids =
- gnutls_malloc (sizeof (gnutls_buffer_st) * list->key_ids_size);
- if (list->key_ids == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* actual search */
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof class;
-
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, 1);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- return pkcs11_rv_to_err (rv);
- }
-
- current = 0;
- while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
-
- a[0].type = CKA_ID;
- a[0].value = certid_tmp;
- a[0].value_len = sizeof (certid_tmp);
-
- _gnutls_buffer_init (&list->key_ids[current]);
-
- if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
- {
- _gnutls_buffer_append_data (&list->key_ids[current],
- a[0].value, a[0].value_len);
- current++;
- }
-
- if (current > list->key_ids_size)
- break;
- }
-
- pkcs11_find_objects_final (sinfo);
-
- list->key_ids_size = current - 1;
-
- return 0;
+find_privkeys(struct pkcs11_session_info *sinfo,
+ struct token_info *info, struct pkey_list *list)
+{
+ struct ck_attribute a[3];
+ ck_object_class_t class;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, current;
+ char certid_tmp[PKCS11_ID_SIZE];
+
+ class = CKO_PRIVATE_KEY;
+
+ /* Find an object with private key class and a certificate ID
+ * which matches the certificate. */
+ /* FIXME: also match the cert subject. */
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a, 1);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ return pkcs11_rv_to_err(rv);
+ }
+
+ list->key_ids_size = 0;
+ while (pkcs11_find_objects
+ (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+ list->key_ids_size++;
+ }
+
+ pkcs11_find_objects_final(sinfo);
+
+ if (list->key_ids_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ list->key_ids =
+ gnutls_malloc(sizeof(gnutls_buffer_st) * list->key_ids_size);
+ if (list->key_ids == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* actual search */
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a, 1);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ return pkcs11_rv_to_err(rv);
+ }
+
+ current = 0;
+ while (pkcs11_find_objects
+ (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+
+ a[0].type = CKA_ID;
+ a[0].value = certid_tmp;
+ a[0].value_len = sizeof(certid_tmp);
+
+ _gnutls_buffer_init(&list->key_ids[current]);
+
+ if (pkcs11_get_attribute_value
+ (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK) {
+ _gnutls_buffer_append_data(&list->key_ids[current],
+ a[0].value,
+ a[0].value_len);
+ current++;
+ }
+
+ if (current > list->key_ids_size)
+ break;
+ }
+
+ pkcs11_find_objects_final(sinfo);
+
+ list->key_ids_size = current - 1;
+
+ return 0;
}
/* Recover certificate list from tokens */
static int
-find_objs (struct pkcs11_session_info* sinfo,
- struct token_info *info, struct ck_info *lib_info, void *input)
-{
- struct crt_find_data_st *find_data = input;
- struct ck_attribute a[6];
- struct ck_attribute *attr;
- ck_object_class_t class = (ck_object_class_t)-1;
- ck_certificate_type_t type = (ck_certificate_type_t)-1;
- unsigned char trusted;
- unsigned long category;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count;
- uint8_t *cert_data;
- char certid_tmp[PKCS11_ID_SIZE];
- char label_tmp[PKCS11_LABEL_SIZE];
- int ret;
- struct pkey_list plist; /* private key holder */
- unsigned int i, tot_values = 0;
-
- if (info == NULL)
- { /* final call */
- if (find_data->current <= *find_data->n_list)
- ret = 0;
- else
- ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- *find_data->n_list = find_data->current;
-
- return ret;
- }
-
- /* do not bother reading the token if basic fields do not match
- */
- if (!p11_kit_uri_match_token_info (find_data->info, &info->tinfo) ||
- !p11_kit_uri_match_module_info (find_data->info, lib_info))
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- memset (&plist, 0, sizeof (plist));
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
- {
- ret = find_privkeys (sinfo, info, &plist);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (plist.key_ids_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- }
-
- /* Find objects with given class and type */
- attr = p11_kit_uri_get_attribute (find_data->info, CKA_CLASS);
- if (attr)
- {
- if(attr->value && attr->value_len == sizeof (ck_object_class_t))
- class = *((ck_object_class_t*)attr->value);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
- }
-
- cert_data = gnutls_malloc (MAX_CERT_SIZE);
- if (cert_data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Find objects with cert class and X.509 cert type. */
-
- tot_values = 0;
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL
- || find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
- {
- class = CKO_CERTIFICATE;
- type = CKC_X_509;
- trusted = 1;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
-
- a[tot_values].type = CKA_CERTIFICATE_TYPE;
- a[tot_values].value = &type;
- a[tot_values].value_len = sizeof type;
- tot_values++;
-
- }
- else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED)
- {
- class = CKO_CERTIFICATE;
- type = CKC_X_509;
- trusted = 1;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
-
- a[tot_values].type = CKA_TRUSTED;
- a[tot_values].value = &trusted;
- a[tot_values].value_len = sizeof trusted;
- tot_values++;
-
- }
- else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA)
- {
- class = CKO_CERTIFICATE;
- type = CKC_X_509;
- trusted = 1;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
-
- a[tot_values].type = CKA_TRUSTED;
- a[tot_values].value = &trusted;
- a[tot_values].value_len = sizeof trusted;
- tot_values++;
-
- category = 2;
- a[tot_values].type = CKA_CERTIFICATE_CATEGORY;
- a[tot_values].value = &category;
- a[tot_values].value_len = sizeof category;
- tot_values++;
- }
- else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PUBKEY)
- {
- class = CKO_PUBLIC_KEY;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
- }
- else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY)
- {
- class = CKO_PRIVATE_KEY;
-
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
- }
- else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
- {
- if (class != (ck_object_class_t)-1)
- {
- a[tot_values].type = CKA_CLASS;
- a[tot_values].value = &class;
- a[tot_values].value_len = sizeof class;
- tot_values++;
- }
- if (type != (ck_certificate_type_t)-1)
- {
- a[tot_values].type = CKA_CERTIFICATE_TYPE;
- a[tot_values].value = &type;
- a[tot_values].value_len = sizeof type;
- tot_values++;
- }
- }
- else
- {
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto fail;
- }
-
- attr = p11_kit_uri_get_attribute (find_data->info, CKA_ID);
- if (attr != NULL)
- {
- memcpy (a + tot_values, attr, sizeof (struct ck_attribute));
- tot_values++;
- }
-
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, tot_values);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
- return pkcs11_rv_to_err (rv);
- }
-
- while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
- gnutls_datum_t label, id, value;
-
- a[0].type = CKA_LABEL;
- a[0].value = label_tmp;
- a[0].value_len = sizeof label_tmp;
-
- if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
- {
- label.data = a[0].value;
- label.size = a[0].value_len;
- }
- else
- {
- label.data = NULL;
- label.size = 0;
- }
-
- a[0].type = CKA_ID;
- a[0].value = certid_tmp;
- a[0].value_len = sizeof certid_tmp;
-
- if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
- {
- id.data = a[0].value;
- id.size = a[0].value_len;
- }
- else
- {
- id.data = NULL;
- id.size = 0;
- }
-
- a[0].type = CKA_VALUE;
- a[0].value = cert_data;
- a[0].value_len = MAX_CERT_SIZE;
- if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
- {
- value.data = a[0].value;
- value.size = a[0].value_len;
- }
- else
- {
- value.data = NULL;
- value.size = 0;
- }
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
- {
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof class;
-
- pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1);
- }
-
- if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
- {
- for (i = 0; i < plist.key_ids_size; i++)
- {
- if (plist.key_ids[i].length !=
- a[1].value_len
- || memcmp (plist.key_ids[i].data,
- a[1].value, a[1].value_len) != 0)
- {
- /* not found */
- continue;
- }
- }
- }
-
- if (find_data->current < *find_data->n_list)
- {
- ret =
- gnutls_pkcs11_obj_init (&find_data->p_list[find_data->current]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- if (class == CKO_PUBLIC_KEY)
- {
- ret =
- pkcs11_obj_import_pubkey (sinfo->module, sinfo->pks, obj,
- find_data->p_list
- [find_data->current],
- &id, &label,
- &info->tinfo, lib_info);
- }
- else
- {
- ret =
- pkcs11_obj_import (class,
- find_data->p_list
- [find_data->current],
- &value, &id, &label,
- &info->tinfo, lib_info);
- }
- if (ret < 0)
- {
- gnutls_assert ();
- goto fail;
- }
- }
-
- find_data->current++;
-
- }
-
- gnutls_free (cert_data);
- pkcs11_find_objects_final (sinfo);
-
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */
-
-fail:
- gnutls_free (cert_data);
- pkcs11_find_objects_final (sinfo);
- if (plist.key_ids != NULL)
- {
- for (i = 0; i < plist.key_ids_size; i++)
- {
- _gnutls_buffer_clear (&plist.key_ids[i]);
- }
- gnutls_free (plist.key_ids);
- }
- for (i = 0; i < find_data->current; i++)
- {
- gnutls_pkcs11_obj_deinit (find_data->p_list[i]);
- }
- find_data->current = 0;
-
- return ret;
+find_objs(struct pkcs11_session_info *sinfo,
+ struct token_info *info, struct ck_info *lib_info, void *input)
+{
+ struct crt_find_data_st *find_data = input;
+ struct ck_attribute a[6];
+ struct ck_attribute *attr;
+ ck_object_class_t class = (ck_object_class_t) - 1;
+ ck_certificate_type_t type = (ck_certificate_type_t) - 1;
+ unsigned char trusted;
+ unsigned long category;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count;
+ uint8_t *cert_data;
+ char certid_tmp[PKCS11_ID_SIZE];
+ char label_tmp[PKCS11_LABEL_SIZE];
+ int ret;
+ struct pkey_list plist; /* private key holder */
+ unsigned int i, tot_values = 0;
+
+ if (info == NULL) { /* final call */
+ if (find_data->current <= *find_data->n_list)
+ ret = 0;
+ else
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ *find_data->n_list = find_data->current;
+
+ return ret;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (!p11_kit_uri_match_token_info(find_data->info, &info->tinfo) ||
+ !p11_kit_uri_match_module_info(find_data->info, lib_info)) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ memset(&plist, 0, sizeof(plist));
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) {
+ ret = find_privkeys(sinfo, info, &plist);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (plist.key_ids_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ }
+
+ /* Find objects with given class and type */
+ attr = p11_kit_uri_get_attribute(find_data->info, CKA_CLASS);
+ if (attr) {
+ if (attr->value
+ && attr->value_len == sizeof(ck_object_class_t))
+ class = *((ck_object_class_t *) attr->value);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+ }
+
+ cert_data = gnutls_malloc(MAX_CERT_SIZE);
+ if (cert_data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Find objects with cert class and X.509 cert type. */
+
+ tot_values = 0;
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL
+ || find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
+ {
+ class = CKO_CERTIFICATE;
+ type = CKC_X_509;
+ trusted = 1;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+
+ a[tot_values].type = CKA_CERTIFICATE_TYPE;
+ a[tot_values].value = &type;
+ a[tot_values].value_len = sizeof type;
+ tot_values++;
+
+ } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED) {
+ class = CKO_CERTIFICATE;
+ type = CKC_X_509;
+ trusted = 1;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+
+ a[tot_values].type = CKA_TRUSTED;
+ a[tot_values].value = &trusted;
+ a[tot_values].value_len = sizeof trusted;
+ tot_values++;
+
+ } else if (find_data->flags ==
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA) {
+ class = CKO_CERTIFICATE;
+ type = CKC_X_509;
+ trusted = 1;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+
+ a[tot_values].type = CKA_TRUSTED;
+ a[tot_values].value = &trusted;
+ a[tot_values].value_len = sizeof trusted;
+ tot_values++;
+
+ category = 2;
+ a[tot_values].type = CKA_CERTIFICATE_CATEGORY;
+ a[tot_values].value = &category;
+ a[tot_values].value_len = sizeof category;
+ tot_values++;
+ } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PUBKEY) {
+ class = CKO_PUBLIC_KEY;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) {
+ class = CKO_PRIVATE_KEY;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) {
+ if (class != (ck_object_class_t) - 1) {
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ }
+ if (type != (ck_certificate_type_t) - 1) {
+ a[tot_values].type = CKA_CERTIFICATE_TYPE;
+ a[tot_values].value = &type;
+ a[tot_values].value_len = sizeof type;
+ tot_values++;
+ }
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto fail;
+ }
+
+ attr = p11_kit_uri_get_attribute(find_data->info, CKA_ID);
+ if (attr != NULL) {
+ memcpy(a + tot_values, attr, sizeof(struct ck_attribute));
+ tot_values++;
+ }
+
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a,
+ tot_values);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
+ return pkcs11_rv_to_err(rv);
+ }
+
+ while (pkcs11_find_objects
+ (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+ gnutls_datum_t label, id, value;
+
+ a[0].type = CKA_LABEL;
+ a[0].value = label_tmp;
+ a[0].value_len = sizeof label_tmp;
+
+ if (pkcs11_get_attribute_value
+ (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK) {
+ label.data = a[0].value;
+ label.size = a[0].value_len;
+ } else {
+ label.data = NULL;
+ label.size = 0;
+ }
+
+ a[0].type = CKA_ID;
+ a[0].value = certid_tmp;
+ a[0].value_len = sizeof certid_tmp;
+
+ if (pkcs11_get_attribute_value
+ (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK) {
+ id.data = a[0].value;
+ id.size = a[0].value_len;
+ } else {
+ id.data = NULL;
+ id.size = 0;
+ }
+
+ a[0].type = CKA_VALUE;
+ a[0].value = cert_data;
+ a[0].value_len = MAX_CERT_SIZE;
+ if (pkcs11_get_attribute_value
+ (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK) {
+ value.data = a[0].value;
+ value.size = a[0].value_len;
+ } else {
+ value.data = NULL;
+ value.size = 0;
+ }
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) {
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ pkcs11_get_attribute_value(sinfo->module,
+ sinfo->pks, obj, a, 1);
+ }
+
+ if (find_data->flags ==
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) {
+ for (i = 0; i < plist.key_ids_size; i++) {
+ if (plist.key_ids[i].length !=
+ a[1].value_len
+ || memcmp(plist.key_ids[i].data,
+ a[1].value,
+ a[1].value_len) != 0) {
+ /* not found */
+ continue;
+ }
+ }
+ }
+
+ if (find_data->current < *find_data->n_list) {
+ ret =
+ gnutls_pkcs11_obj_init(&find_data->
+ p_list[find_data->
+ current]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ if (class == CKO_PUBLIC_KEY) {
+ ret =
+ pkcs11_obj_import_pubkey(sinfo->module,
+ sinfo->pks,
+ obj,
+ find_data->
+ p_list
+ [find_data->
+ current],
+ &id, &label,
+ &info->tinfo,
+ lib_info);
+ } else {
+ ret =
+ pkcs11_obj_import(class,
+ find_data->p_list
+ [find_data->current],
+ &value, &id, &label,
+ &info->tinfo,
+ lib_info);
+ }
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+ }
+
+ find_data->current++;
+
+ }
+
+ gnutls_free(cert_data);
+ pkcs11_find_objects_final(sinfo);
+
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */
+
+ fail:
+ gnutls_free(cert_data);
+ pkcs11_find_objects_final(sinfo);
+ if (plist.key_ids != NULL) {
+ for (i = 0; i < plist.key_ids_size; i++) {
+ _gnutls_buffer_clear(&plist.key_ids[i]);
+ }
+ gnutls_free(plist.key_ids);
+ }
+ for (i = 0; i < find_data->current; i++) {
+ gnutls_pkcs11_obj_deinit(find_data->p_list[i]);
+ }
+ find_data->current = 0;
+
+ return ret;
}
/**
@@ -2534,53 +2418,48 @@ fail:
* Since: 2.12.0
**/
int
-gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
- unsigned int *n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags)
-{
- int ret;
- struct crt_find_data_st priv;
-
- memset (&priv, 0, sizeof (priv));
-
- /* fill in the find data structure */
- priv.p_list = p_list;
- priv.n_list = n_list;
- priv.flags = attrs;
- priv.current = 0;
-
- if (url == NULL || url[0] == 0)
- {
- url = "pkcs11:";
- }
-
- ret = pkcs11_url_to_info (url, &priv.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _pkcs11_traverse_tokens (find_objs, &priv, priv.info,
- NULL,
- pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (priv.info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- *n_list = 0;
- ret = 0;
- }
- return ret;
- }
-
- return 0;
+gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
+ unsigned int *n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags)
+{
+ int ret;
+ struct crt_find_data_st priv;
+
+ memset(&priv, 0, sizeof(priv));
+
+ /* fill in the find data structure */
+ priv.p_list = p_list;
+ priv.n_list = n_list;
+ priv.flags = attrs;
+ priv.current = 0;
+
+ if (url == NULL || url[0] == 0) {
+ url = "pkcs11:";
+ }
+
+ ret = pkcs11_url_to_info(url, &priv.info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _pkcs11_traverse_tokens(find_objs, &priv, priv.info,
+ NULL, pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(priv.info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ *n_list = 0;
+ ret = 0;
+ }
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -2601,42 +2480,46 @@ gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
* Since: 3.1.0
**/
int
-gnutls_pkcs11_obj_list_import_url2 (gnutls_pkcs11_obj_t ** p_list,
- unsigned int *n_list,
- const char *url,
- gnutls_pkcs11_obj_attr_t attrs,
- unsigned int flags)
-{
-unsigned int init = 128;
-int ret;
-
- *p_list = gnutls_malloc(sizeof(gnutls_pkcs11_obj_t)*init);
- if (*p_list == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_pkcs11_obj_list_import_url( *p_list, &init, url, attrs, flags);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- *p_list = gnutls_realloc_fast(*p_list, sizeof(gnutls_pkcs11_obj_t)*init);
- if (*p_list == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = gnutls_pkcs11_obj_list_import_url( *p_list, &init, url, attrs, flags);
- }
-
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_free(*p_list);
- *p_list = NULL;
- return ret;
- }
-
- *n_list = init;
- return 0;
+gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list,
+ unsigned int *n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags)
+{
+ unsigned int init = 128;
+ int ret;
+
+ *p_list = gnutls_malloc(sizeof(gnutls_pkcs11_obj_t) * init);
+ if (*p_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url(*p_list, &init, url, attrs,
+ flags);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ *p_list =
+ gnutls_realloc_fast(*p_list,
+ sizeof(gnutls_pkcs11_obj_t) *
+ init);
+ if (*p_list == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url(*p_list, &init, url,
+ attrs, flags);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(*p_list);
+ *p_list = NULL;
+ return ret;
+ }
+
+ *n_list = init;
+ return 0;
}
@@ -2656,42 +2539,40 @@ int ret;
* Since: 2.12.0
**/
int
-gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt,
- const char *url, unsigned int flags)
+gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt,
+ const char *url, unsigned int flags)
{
- gnutls_pkcs11_obj_t pcrt;
- int ret;
+ gnutls_pkcs11_obj_t pcrt;
+ int ret;
+
+ ret = gnutls_pkcs11_obj_init(&pcrt);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs11_obj_init (&pcrt);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (crt->pin.cb)
- gnutls_pkcs11_obj_set_pin_function (pcrt, crt->pin.cb, crt->pin.data);
+ if (crt->pin.cb)
+ gnutls_pkcs11_obj_set_pin_function(pcrt, crt->pin.cb,
+ crt->pin.data);
- ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ ret = gnutls_pkcs11_obj_import_url(pcrt, url, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- ret = gnutls_x509_crt_import (crt, &pcrt->raw, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ ret = gnutls_x509_crt_import(crt, &pcrt->raw, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- ret = 0;
-cleanup:
+ ret = 0;
+ cleanup:
- gnutls_pkcs11_obj_deinit (pcrt);
+ gnutls_pkcs11_obj_deinit(pcrt);
- return ret;
+ return ret;
}
/**
@@ -2708,10 +2589,11 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
- gnutls_pkcs11_obj_t pkcs11_crt)
+gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt,
+ gnutls_pkcs11_obj_t pkcs11_crt)
{
- return gnutls_x509_crt_import (crt, &pkcs11_crt->raw, GNUTLS_X509_FMT_DER);
+ return gnutls_x509_crt_import(crt, &pkcs11_crt->raw,
+ GNUTLS_X509_FMT_DER);
}
/**
@@ -2730,68 +2612,62 @@ gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
* Since: 2.12.0
**/
int
-gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
- unsigned int cert_max,
- gnutls_pkcs11_obj_t * const objs,
- unsigned int flags)
-{
- unsigned int i, j;
- int ret;
-
- for (i = 0; i < cert_max; i++)
- {
- ret = gnutls_x509_crt_init (&certs[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import_pkcs11 (certs[i], objs[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- return 0;
-
-cleanup:
- for (j = 0; j < i; j++)
- {
- gnutls_x509_crt_deinit (certs[j]);
- }
-
- return ret;
+gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * certs,
+ unsigned int cert_max,
+ gnutls_pkcs11_obj_t * const objs,
+ unsigned int flags)
+{
+ unsigned int i, j;
+ int ret;
+
+ for (i = 0; i < cert_max; i++) {
+ ret = gnutls_x509_crt_init(&certs[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import_pkcs11(certs[i], objs[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ return 0;
+
+ cleanup:
+ for (j = 0; j < i; j++) {
+ gnutls_x509_crt_deinit(certs[j]);
+ }
+
+ return ret;
}
static int
-find_flags (struct pkcs11_session_info* sinfo,
- struct token_info *info, struct ck_info *lib_info, void *input)
+find_flags(struct pkcs11_session_info *sinfo,
+ struct token_info *info, struct ck_info *lib_info, void *input)
{
- struct flags_find_data_st *find_data = input;
+ struct flags_find_data_st *find_data = input;
- if (info == NULL)
- { /* we don't support multiple calls */
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (info == NULL) { /* we don't support multiple calls */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- /* do not bother reading the token if basic fields do not match
- */
- if (!p11_kit_uri_match_token_info (find_data->info, &info->tinfo) ||
- !p11_kit_uri_match_module_info (find_data->info, lib_info))
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (!p11_kit_uri_match_token_info(find_data->info, &info->tinfo) ||
+ !p11_kit_uri_match_module_info(find_data->info, lib_info)) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- /* found token! */
+ /* found token! */
- find_data->slot_flags = info->sinfo.flags;
+ find_data->slot_flags = info->sinfo.flags;
- return 0;
+ return 0;
}
/**
@@ -2806,34 +2682,33 @@ find_flags (struct pkcs11_session_info* sinfo,
*
* Since: 2.12.0
**/
-int
-gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags)
+int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags)
{
- struct flags_find_data_st find_data;
- int ret;
+ struct flags_find_data_st find_data;
+ int ret;
- memset (&find_data, 0, sizeof (find_data));
- ret = pkcs11_url_to_info (url, &find_data.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ memset(&find_data, 0, sizeof(find_data));
+ ret = pkcs11_url_to_info(url, &find_data.info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = _pkcs11_traverse_tokens (find_flags, &find_data, find_data.info, NULL, 0);
- p11_kit_uri_free (find_data.info);
+ ret =
+ _pkcs11_traverse_tokens(find_flags, &find_data, find_data.info,
+ NULL, 0);
+ p11_kit_uri_free(find_data.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- *flags = 0;
- if (find_data.slot_flags & CKF_HW_SLOT)
- *flags |= GNUTLS_PKCS11_TOKEN_HW;
+ *flags = 0;
+ if (find_data.slot_flags & CKF_HW_SLOT)
+ *flags |= GNUTLS_PKCS11_TOKEN_HW;
- return 0;
+ return 0;
}
@@ -2852,52 +2727,48 @@ gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags)
* Since: 2.12.0
**/
int
-gnutls_pkcs11_token_get_mechanism (const char *url, unsigned int idx,
- unsigned long *mechanism)
+gnutls_pkcs11_token_get_mechanism(const char *url, unsigned int idx,
+ unsigned long *mechanism)
{
- int ret;
- ck_rv_t rv;
- struct ck_function_list *module;
- ck_slot_id_t slot;
- struct token_info tinfo;
- struct p11_kit_uri *info = NULL;
- unsigned long count;
- ck_mechanism_type_t mlist[400];
+ int ret;
+ ck_rv_t rv;
+ struct ck_function_list *module;
+ ck_slot_id_t slot;
+ struct token_info tinfo;
+ struct p11_kit_uri *info = NULL;
+ unsigned long count;
+ ck_mechanism_type_t mlist[400];
- ret = pkcs11_url_to_info (url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = pkcs11_url_to_info(url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = pkcs11_find_slot (&module, &slot, info, &tinfo);
- p11_kit_uri_free (info);
+ ret = pkcs11_find_slot(&module, &slot, info, &tinfo);
+ p11_kit_uri_free(info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- count = sizeof (mlist) / sizeof (mlist[0]);
- rv = pkcs11_get_mechanism_list (module, slot, mlist, &count);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- return pkcs11_rv_to_err (rv);
- }
+ count = sizeof(mlist) / sizeof(mlist[0]);
+ rv = pkcs11_get_mechanism_list(module, slot, mlist, &count);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ return pkcs11_rv_to_err(rv);
+ }
- if (idx >= count)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (idx >= count) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- *mechanism = mlist[idx];
+ *mechanism = mlist[idx];
- return 0;
+ return 0;
}
@@ -2914,220 +2785,210 @@ gnutls_pkcs11_token_get_mechanism (const char *url, unsigned int idx,
*
* Since: 2.12.0
**/
-const char *
-gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type)
-{
- switch (type)
- {
- case GNUTLS_PKCS11_OBJ_X509_CRT:
- return "X.509 Certificate";
- case GNUTLS_PKCS11_OBJ_PUBKEY:
- return "Public key";
- case GNUTLS_PKCS11_OBJ_PRIVKEY:
- return "Private key";
- case GNUTLS_PKCS11_OBJ_SECRET_KEY:
- return "Secret key";
- case GNUTLS_PKCS11_OBJ_DATA:
- return "Data";
- case GNUTLS_PKCS11_OBJ_UNKNOWN:
- default:
- return "Unknown";
- }
+const char *gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t type)
+{
+ switch (type) {
+ case GNUTLS_PKCS11_OBJ_X509_CRT:
+ return "X.509 Certificate";
+ case GNUTLS_PKCS11_OBJ_PUBKEY:
+ return "Public key";
+ case GNUTLS_PKCS11_OBJ_PRIVKEY:
+ return "Private key";
+ case GNUTLS_PKCS11_OBJ_SECRET_KEY:
+ return "Secret key";
+ case GNUTLS_PKCS11_OBJ_DATA:
+ return "Data";
+ case GNUTLS_PKCS11_OBJ_UNKNOWN:
+ default:
+ return "Unknown";
+ }
}
ck_rv_t
-pkcs11_get_slot_list (struct ck_function_list * module, unsigned char token_present,
- ck_slot_id_t *slot_list, unsigned long *count)
+pkcs11_get_slot_list(struct ck_function_list * module,
+ unsigned char token_present, ck_slot_id_t * slot_list,
+ unsigned long *count)
{
- return (module)->C_GetSlotList (token_present, slot_list, count);
+ return (module)->C_GetSlotList(token_present, slot_list, count);
}
ck_rv_t
-pkcs11_get_module_info (struct ck_function_list * module,
- struct ck_info * info)
+pkcs11_get_module_info(struct ck_function_list * module,
+ struct ck_info * info)
{
- return (module)->C_GetInfo (info);
+ return (module)->C_GetInfo(info);
}
ck_rv_t
pkcs11_get_slot_info(struct ck_function_list * module,
- ck_slot_id_t slot_id,
- struct ck_slot_info *info)
+ ck_slot_id_t slot_id, struct ck_slot_info * info)
{
- return (module)->C_GetSlotInfo (slot_id, info);
+ return (module)->C_GetSlotInfo(slot_id, info);
}
ck_rv_t
-pkcs11_get_token_info (struct ck_function_list * module,
- ck_slot_id_t slot_id,
- struct ck_token_info *info)
+pkcs11_get_token_info(struct ck_function_list * module,
+ ck_slot_id_t slot_id, struct ck_token_info * info)
{
- return (module)->C_GetTokenInfo (slot_id, info);
+ return (module)->C_GetTokenInfo(slot_id, info);
}
ck_rv_t
-pkcs11_find_objects_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_attribute *templ,
- unsigned long count)
+pkcs11_find_objects_init(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_attribute * templ, unsigned long count)
{
- return (module)->C_FindObjectsInit (sess, templ, count);
+ return (module)->C_FindObjectsInit(sess, templ, count);
}
ck_rv_t
-pkcs11_find_objects (struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t *objects,
- unsigned long max_object_count,
- unsigned long *object_count)
+pkcs11_find_objects(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ ck_object_handle_t * objects,
+ unsigned long max_object_count,
+ unsigned long *object_count)
{
- return (module)->C_FindObjects (sess, objects, max_object_count, object_count);
+ return (module)->C_FindObjects(sess, objects, max_object_count,
+ object_count);
}
-ck_rv_t
-pkcs11_find_objects_final (struct pkcs11_session_info* sinfo)
+ck_rv_t pkcs11_find_objects_final(struct pkcs11_session_info * sinfo)
{
- return (sinfo->module)->C_FindObjectsFinal (sinfo->pks);
+ return (sinfo->module)->C_FindObjectsFinal(sinfo->pks);
}
-ck_rv_t
-pkcs11_close_session (struct pkcs11_session_info * sinfo)
+ck_rv_t pkcs11_close_session(struct pkcs11_session_info * sinfo)
{
- sinfo->init = 0;
- return (sinfo->module)->C_CloseSession (sinfo->pks);
+ sinfo->init = 0;
+ return (sinfo->module)->C_CloseSession(sinfo->pks);
}
ck_rv_t
-pkcs11_get_attribute_value(struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count)
+pkcs11_get_attribute_value(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count)
{
- return (module)->C_GetAttributeValue (sess, object, templ, count);
+ return (module)->C_GetAttributeValue(sess, object, templ, count);
}
ck_rv_t
-pkcs11_get_mechanism_list (struct ck_function_list *module,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t *mechanism_list,
- unsigned long *count)
+pkcs11_get_mechanism_list(struct ck_function_list * module,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count)
{
- return (module)->C_GetMechanismList (slot_id, mechanism_list, count);
+ return (module)->C_GetMechanismList(slot_id, mechanism_list,
+ count);
}
ck_rv_t
-pkcs11_sign_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key)
+pkcs11_sign_init(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_mechanism * mechanism, ck_object_handle_t key)
{
- return (module)->C_SignInit (sess, mechanism, key);
+ return (module)->C_SignInit(sess, mechanism, key);
}
ck_rv_t
-pkcs11_sign (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *data,
- unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len)
+pkcs11_sign(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ unsigned char *data,
+ unsigned long data_len,
+ unsigned char *signature, unsigned long *signature_len)
{
- return (module)->C_Sign (sess, data, data_len, signature, signature_len);
+ return (module)->C_Sign(sess, data, data_len, signature,
+ signature_len);
}
ck_rv_t
-pkcs11_generate_key_pair (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- struct ck_attribute *pub_templ,
- unsigned long pub_templ_count,
- struct ck_attribute *priv_templ,
- unsigned long priv_templ_count,
- ck_object_handle_t *pub,
- ck_object_handle_t *priv)
+pkcs11_generate_key_pair(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * pub_templ,
+ unsigned long pub_templ_count,
+ struct ck_attribute * priv_templ,
+ unsigned long priv_templ_count,
+ ck_object_handle_t * pub,
+ ck_object_handle_t * priv)
{
- return (module)->C_GenerateKeyPair (sess, mechanism, pub_templ, pub_templ_count,
- priv_templ, priv_templ_count, pub, priv);
+ return (module)->C_GenerateKeyPair(sess, mechanism, pub_templ,
+ pub_templ_count, priv_templ,
+ priv_templ_count, pub, priv);
}
ck_rv_t
-pkcs11_decrypt_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key)
+pkcs11_decrypt_init(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
{
- return (module)->C_DecryptInit (sess, mechanism, key);
+ return (module)->C_DecryptInit(sess, mechanism, key);
}
ck_rv_t
-pkcs11_decrypt (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len)
+pkcs11_decrypt(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len)
{
- return (module)->C_Decrypt (sess, encrypted_data, encrypted_data_len,
- data, data_len);
+ return (module)->C_Decrypt(sess, encrypted_data,
+ encrypted_data_len, data, data_len);
}
ck_rv_t
-pkcs11_create_object (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_attribute *templ,
- unsigned long count,
- ck_object_handle_t *object)
+pkcs11_create_object(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * object)
{
- return (module)->C_CreateObject (sess, templ, count, object);
+ return (module)->C_CreateObject(sess, templ, count, object);
}
ck_rv_t
-pkcs11_destroy_object (struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t object)
+pkcs11_destroy_object(struct ck_function_list * module,
+ ck_session_handle_t sess, ck_object_handle_t object)
{
- return (module)->C_DestroyObject (sess, object);
+ return (module)->C_DestroyObject(sess, object);
}
ck_rv_t
-pkcs11_init_token (struct ck_function_list *module,
- ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label)
+pkcs11_init_token(struct ck_function_list * module,
+ ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label)
{
- return (module)->C_InitToken (slot_id, pin, pin_len, label);
+ return (module)->C_InitToken(slot_id, pin, pin_len, label);
}
ck_rv_t
-pkcs11_init_pin (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *pin,
- unsigned long pin_len)
+pkcs11_init_pin(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ unsigned char *pin, unsigned long pin_len)
{
- return (module)->C_InitPIN (sess, pin, pin_len);
+ return (module)->C_InitPIN(sess, pin, pin_len);
}
ck_rv_t
-pkcs11_set_pin (struct ck_function_list *module,
- ck_session_handle_t sess,
- const char *old_pin,
- unsigned long old_len,
- const char *new_pin,
- unsigned long new_len)
+pkcs11_set_pin(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ const char *old_pin,
+ unsigned long old_len,
+ const char *new_pin, unsigned long new_len)
{
- return (module)->C_SetPIN (sess, (uint8_t*)old_pin, old_len, (uint8_t*)new_pin, new_len);
+ return (module)->C_SetPIN(sess, (uint8_t *) old_pin, old_len,
+ (uint8_t *) new_pin, new_len);
}
ck_rv_t
-pkcs11_get_random (struct ck_function_list *module,
- ck_session_handle_t sess,
- void * data,
- size_t len)
+pkcs11_get_random(struct ck_function_list * module,
+ ck_session_handle_t sess, void *data, size_t len)
{
- return (module)->C_GenerateRandom (sess, data, len);
+ return (module)->C_GenerateRandom(sess, data, len);
}
-const char *
-pkcs11_strerror (ck_rv_t rv)
+const char *pkcs11_strerror(ck_rv_t rv)
{
- return p11_kit_strerror (rv);
+ return p11_kit_strerror(rv);
}
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 32d83cd250..1cdaee3d10 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -36,258 +36,244 @@ typedef unsigned char ck_bool_t;
struct pkcs11_session_info {
- struct ck_function_list * module;
- struct ck_token_info tinfo;
- ck_session_handle_t pks;
- unsigned int init;
+ struct ck_function_list *module;
+ struct ck_token_info tinfo;
+ ck_session_handle_t pks;
+ unsigned int init;
};
-struct token_info
-{
- struct ck_token_info tinfo;
- struct ck_slot_info sinfo;
- ck_slot_id_t sid;
- struct gnutls_pkcs11_provider_s *prov;
+struct token_info {
+ struct ck_token_info tinfo;
+ struct ck_slot_info sinfo;
+ ck_slot_id_t sid;
+ struct gnutls_pkcs11_provider_s *prov;
};
-struct gnutls_pkcs11_obj_st
-{
- gnutls_datum_t raw;
- gnutls_pkcs11_obj_type_t type;
- struct p11_kit_uri *info;
+struct gnutls_pkcs11_obj_st {
+ gnutls_datum_t raw;
+ gnutls_pkcs11_obj_type_t type;
+ struct p11_kit_uri *info;
- /* only when pubkey */
- gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
- gnutls_pk_algorithm_t pk_algorithm;
- unsigned int key_usage;
+ /* only when pubkey */
+ gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
+ gnutls_pk_algorithm_t pk_algorithm;
+ unsigned int key_usage;
- struct pin_info_st pin;
+ struct pin_info_st pin;
};
/* thus function is called for every token in the traverse_tokens
* function. Once everything is traversed it is called with NULL tinfo.
* It should return 0 if found what it was looking for.
*/
-typedef int (*find_func_t) (struct pkcs11_session_info*,
- struct token_info * tinfo, struct ck_info *,
- void *input);
+typedef int (*find_func_t) (struct pkcs11_session_info *,
+ struct token_info * tinfo, struct ck_info *,
+ void *input);
-int pkcs11_rv_to_err (ck_rv_t rv);
-int pkcs11_url_to_info (const char *url, struct p11_kit_uri **info);
+int pkcs11_rv_to_err(ck_rv_t rv);
+int pkcs11_url_to_info(const char *url, struct p11_kit_uri **info);
int
-pkcs11_find_slot (struct ck_function_list ** module, ck_slot_id_t * slot,
- struct p11_kit_uri *info, struct token_info *_tinfo);
+pkcs11_find_slot(struct ck_function_list **module, ck_slot_id_t * slot,
+ struct p11_kit_uri *info, struct token_info *_tinfo);
int pkcs11_read_pubkey(struct ck_function_list *module,
- ck_session_handle_t pks, ck_object_handle_t obj,
- ck_key_type_t key_type, gnutls_datum_t * pubkey);
+ ck_session_handle_t pks, ck_object_handle_t obj,
+ ck_key_type_t key_type, gnutls_datum_t * pubkey);
-int pkcs11_get_info (struct p11_kit_uri *info,
- gnutls_pkcs11_obj_info_t itype, void *output,
- size_t * output_size);
-int pkcs11_login (struct pkcs11_session_info * sinfo, struct pin_info_st* pin_info,
- const struct token_info *tokinfo, struct p11_kit_uri *info, int so);
+int pkcs11_get_info(struct p11_kit_uri *info,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size);
+int pkcs11_login(struct pkcs11_session_info *sinfo,
+ struct pin_info_st *pin_info,
+ const struct token_info *tokinfo,
+ struct p11_kit_uri *info, int so);
-int pkcs11_call_token_func (struct p11_kit_uri *info, const unsigned retry);
+int pkcs11_call_token_func(struct p11_kit_uri *info, const unsigned retry);
extern gnutls_pkcs11_token_callback_t _gnutls_token_func;
extern void *_gnutls_token_data;
-void pkcs11_rescan_slots (void);
-int pkcs11_info_to_url (struct p11_kit_uri *info,
- gnutls_pkcs11_url_type_t detailed, char **url);
+void pkcs11_rescan_slots(void);
+int pkcs11_info_to_url(struct p11_kit_uri *info,
+ gnutls_pkcs11_url_type_t detailed, char **url);
#define SESSION_WRITE (1<<0)
#define SESSION_LOGIN (1<<1)
-#define SESSION_SO (1<<2) /* security officer session */
-int pkcs11_open_session (struct pkcs11_session_info* sinfo,
- struct pin_info_st* pin_info,
- struct p11_kit_uri *info, unsigned int flags);
-int _pkcs11_traverse_tokens (find_func_t find_func, void *input,
- struct p11_kit_uri *info,
- struct pin_info_st* pin_info,
- unsigned int flags);
-ck_object_class_t pkcs11_strtype_to_class (const char *type);
-
-int pkcs11_token_matches_info (struct p11_kit_uri *info,
- struct ck_token_info *tinfo,
- struct ck_info *lib_info);
-
-unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
+#define SESSION_SO (1<<2) /* security officer session */
+int pkcs11_open_session(struct pkcs11_session_info *sinfo,
+ struct pin_info_st *pin_info,
+ struct p11_kit_uri *info, unsigned int flags);
+int _pkcs11_traverse_tokens(find_func_t find_func, void *input,
+ struct p11_kit_uri *info,
+ struct pin_info_st *pin_info,
+ unsigned int flags);
+ck_object_class_t pkcs11_strtype_to_class(const char *type);
+
+int pkcs11_token_matches_info(struct p11_kit_uri *info,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info);
+
+unsigned int pkcs11_obj_flags_to_int(unsigned int flags);
int
-_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature);
+_gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
int
-_gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext);
+_gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
static inline int pk_to_mech(gnutls_pk_algorithm_t pk)
{
- if (pk == GNUTLS_PK_DSA)
- return CKM_DSA;
- else if (pk == GNUTLS_PK_EC)
- return CKM_ECDSA;
- else
- return CKM_RSA_PKCS;
+ if (pk == GNUTLS_PK_DSA)
+ return CKM_DSA;
+ else if (pk == GNUTLS_PK_EC)
+ return CKM_ECDSA;
+ else
+ return CKM_RSA_PKCS;
}
static inline gnutls_pk_algorithm_t mech_to_pk(ck_key_type_t m)
{
- if (m == CKK_RSA)
- return GNUTLS_PK_RSA;
- else if (m == CKK_DSA)
- return GNUTLS_PK_DSA;
- else if (m == CKK_ECDSA)
- return GNUTLS_PK_EC;
- else return GNUTLS_PK_UNKNOWN;
+ if (m == CKK_RSA)
+ return GNUTLS_PK_RSA;
+ else if (m == CKK_DSA)
+ return GNUTLS_PK_DSA;
+ else if (m == CKK_ECDSA)
+ return GNUTLS_PK_EC;
+ else
+ return GNUTLS_PK_UNKNOWN;
}
static inline int pk_to_genmech(gnutls_pk_algorithm_t pk)
{
- if (pk == GNUTLS_PK_DSA)
- return CKM_DSA_KEY_PAIR_GEN;
- else if (pk == GNUTLS_PK_EC)
- return CKM_ECDSA_KEY_PAIR_GEN;
- else
- return CKM_RSA_PKCS_KEY_PAIR_GEN;
+ if (pk == GNUTLS_PK_DSA)
+ return CKM_DSA_KEY_PAIR_GEN;
+ else if (pk == GNUTLS_PK_EC)
+ return CKM_ECDSA_KEY_PAIR_GEN;
+ else
+ return CKM_RSA_PKCS_KEY_PAIR_GEN;
}
ck_rv_t
-pkcs11_generate_key_pair (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- struct ck_attribute *pub_templ,
- unsigned long pub_templ_count,
- struct ck_attribute *priv_templ,
- unsigned long priv_templ_count,
- ck_object_handle_t *pub,
- ck_object_handle_t *priv);
+pkcs11_generate_key_pair(struct ck_function_list * module,
+ ck_session_handle_t sess,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * pub_templ,
+ unsigned long pub_templ_count,
+ struct ck_attribute * priv_templ,
+ unsigned long priv_templ_count,
+ ck_object_handle_t * pub,
+ ck_object_handle_t * priv);
ck_rv_t
-pkcs11_get_slot_list (struct ck_function_list * module,
- unsigned char token_present,
- ck_slot_id_t *slot_list,
- unsigned long *count);
+pkcs11_get_slot_list(struct ck_function_list *module,
+ unsigned char token_present,
+ ck_slot_id_t * slot_list, unsigned long *count);
ck_rv_t
-pkcs11_get_module_info (struct ck_function_list * module,
- struct ck_info * info);
+pkcs11_get_module_info(struct ck_function_list *module,
+ struct ck_info *info);
ck_rv_t
-pkcs11_get_slot_info(struct ck_function_list * module,
- ck_slot_id_t slot_id,
- struct ck_slot_info *info);
+pkcs11_get_slot_info(struct ck_function_list *module,
+ ck_slot_id_t slot_id, struct ck_slot_info *info);
ck_rv_t
-pkcs11_get_token_info (struct ck_function_list * module,
- ck_slot_id_t slot_id,
- struct ck_token_info *info);
+pkcs11_get_token_info(struct ck_function_list *module,
+ ck_slot_id_t slot_id, struct ck_token_info *info);
ck_rv_t
-pkcs11_find_objects_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_attribute *templ,
- unsigned long count);
+pkcs11_find_objects_init(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ struct ck_attribute *templ, unsigned long count);
ck_rv_t
-pkcs11_find_objects (struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t *objects,
- unsigned long max_object_count,
- unsigned long *object_count);
+pkcs11_find_objects(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ ck_object_handle_t * objects,
+ unsigned long max_object_count,
+ unsigned long *object_count);
-ck_rv_t
-pkcs11_find_objects_final (struct pkcs11_session_info*);
+ck_rv_t pkcs11_find_objects_final(struct pkcs11_session_info *);
-ck_rv_t
-pkcs11_close_session (struct pkcs11_session_info *);
+ck_rv_t pkcs11_close_session(struct pkcs11_session_info *);
ck_rv_t
pkcs11_get_attribute_value(struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count);
+ ck_session_handle_t sess,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count);
ck_rv_t
-pkcs11_get_mechanism_list (struct ck_function_list *module,
- ck_slot_id_t slot_id,
- ck_mechanism_type_t *mechanism_list,
- unsigned long *count);
+pkcs11_get_mechanism_list(struct ck_function_list *module,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count);
ck_rv_t
-pkcs11_sign_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
+pkcs11_sign_init(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ struct ck_mechanism *mechanism, ck_object_handle_t key);
ck_rv_t
-pkcs11_sign (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *data,
- unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len);
+pkcs11_sign(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ unsigned char *data,
+ unsigned long data_len,
+ unsigned char *signature, unsigned long *signature_len);
ck_rv_t
-pkcs11_decrypt_init (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key);
+pkcs11_decrypt_init(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
ck_rv_t
-pkcs11_decrypt (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len);
+pkcs11_decrypt(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len);
ck_rv_t
-pkcs11_create_object (struct ck_function_list *module,
- ck_session_handle_t sess,
- struct ck_attribute *templ,
- unsigned long count,
- ck_object_handle_t *object);
+pkcs11_create_object(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ struct ck_attribute *templ,
+ unsigned long count, ck_object_handle_t * object);
ck_rv_t
-pkcs11_destroy_object (struct ck_function_list *module,
- ck_session_handle_t sess,
- ck_object_handle_t object);
+pkcs11_destroy_object(struct ck_function_list *module,
+ ck_session_handle_t sess, ck_object_handle_t object);
ck_rv_t
-pkcs11_init_token (struct ck_function_list *module,
- ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label);
+pkcs11_init_token(struct ck_function_list *module,
+ ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label);
ck_rv_t
-pkcs11_init_pin (struct ck_function_list *module,
- ck_session_handle_t sess,
- unsigned char *pin,
- unsigned long pin_len);
+pkcs11_init_pin(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ unsigned char *pin, unsigned long pin_len);
ck_rv_t
-pkcs11_set_pin (struct ck_function_list *module,
- ck_session_handle_t sess,
- const char *old_pin,
- unsigned long old_len,
- const char *new_pin,
- unsigned long new_len);
+pkcs11_set_pin(struct ck_function_list *module,
+ ck_session_handle_t sess,
+ const char *old_pin,
+ unsigned long old_len,
+ const char *new_pin, unsigned long new_len);
ck_rv_t
-pkcs11_get_random (struct ck_function_list *module,
- ck_session_handle_t sess,
- void *data,
- size_t len);
-
+pkcs11_get_random(struct ck_function_list *module,
+ ck_session_handle_t sess, void *data, size_t len);
+
-const char *
-pkcs11_strerror (ck_rv_t rv);
+const char *pkcs11_strerror(ck_rv_t rv);
-#endif /* ENABLE_PKCS11 */
+#endif /* ENABLE_PKCS11 */
#endif
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index a6f73e1e7c..7a0aa38912 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -29,16 +29,15 @@
#include <gnutls_pk.h>
#include <p11-kit/uri.h>
-struct gnutls_pkcs11_privkey_st
-{
- gnutls_pk_algorithm_t pk_algorithm;
- unsigned int flags;
- struct p11_kit_uri *info;
-
- struct pkcs11_session_info sinfo;
- ck_object_handle_t obj; /* the key in the session */
-
- struct pin_info_st pin;
+struct gnutls_pkcs11_privkey_st {
+ gnutls_pk_algorithm_t pk_algorithm;
+ unsigned int flags;
+ struct p11_kit_uri *info;
+
+ struct pkcs11_session_info sinfo;
+ ck_object_handle_t obj; /* the key in the session */
+
+ struct pin_info_st pin;
};
/**
@@ -50,25 +49,22 @@ struct gnutls_pkcs11_privkey_st
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key)
+int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key)
{
- *key = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_privkey_st));
- if (*key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- (*key)->info = p11_kit_uri_new ();
- if ((*key)->info == NULL)
- {
- free (*key);
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ *key = gnutls_calloc(1, sizeof(struct gnutls_pkcs11_privkey_st));
+ if (*key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ (*key)->info = p11_kit_uri_new();
+ if ((*key)->info == NULL) {
+ free(*key);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/**
@@ -77,13 +73,12 @@ gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key)
*
* This function will deinitialize a private key structure.
**/
-void
-gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key)
+void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key)
{
- p11_kit_uri_free (key->info);
- if (key->sinfo.init != 0)
- pkcs11_close_session (&key->sinfo);
- gnutls_free (key);
+ p11_kit_uri_free(key->info);
+ if (key->sinfo.init != 0)
+ pkcs11_close_session(&key->sinfo);
+ gnutls_free(key);
}
/**
@@ -98,12 +93,12 @@ gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key)
* success, or a negative error code on error.
**/
int
-gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
- unsigned int *bits)
+gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key,
+ unsigned int *bits)
{
- if (bits)
- *bits = 0; /* FIXME */
- return key->pk_algorithm;
+ if (bits)
+ *bits = 0; /* FIXME */
+ return key->pk_algorithm;
}
/**
@@ -121,56 +116,57 @@ gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
* Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
**/
int
-gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
- gnutls_pkcs11_obj_info_t itype,
- void *output, size_t * output_size)
+gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size)
{
- return pkcs11_get_info (pkey->info, itype, output, output_size);
+ return pkcs11_get_info(pkey->info, itype, output, output_size);
}
static int
-find_object (struct pkcs11_session_info* sinfo,
- struct pin_info_st * pin_info,
- ck_object_handle_t * _obj,
- struct p11_kit_uri *info, unsigned int flags)
+find_object(struct pkcs11_session_info *sinfo,
+ struct pin_info_st *pin_info,
+ ck_object_handle_t * _obj,
+ struct p11_kit_uri *info, unsigned int flags)
{
- int ret;
- ck_object_handle_t obj;
- struct ck_attribute *attrs;
- unsigned long attr_count;
- unsigned long count;
- ck_rv_t rv;
-
- ret = pkcs11_open_session (sinfo, pin_info, info, flags & SESSION_LOGIN);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- attrs = p11_kit_uri_get_attributes (info, &attr_count);
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, attrs, attr_count);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err (rv);
- goto fail;
- }
-
- if (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
- *_obj = obj;
- pkcs11_find_objects_final (sinfo);
- return 0;
- }
-
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- pkcs11_find_objects_final (sinfo);
-fail:
- pkcs11_close_session (sinfo);
-
- return ret;
+ int ret;
+ ck_object_handle_t obj;
+ struct ck_attribute *attrs;
+ unsigned long attr_count;
+ unsigned long count;
+ ck_rv_t rv;
+
+ ret =
+ pkcs11_open_session(sinfo, pin_info, info,
+ flags & SESSION_LOGIN);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ attrs = p11_kit_uri_get_attributes(info, &attr_count);
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, attrs,
+ attr_count);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err(rv);
+ goto fail;
+ }
+
+ if (pkcs11_find_objects(sinfo->module, sinfo->pks, &obj, 1, &count)
+ == CKR_OK && count == 1) {
+ *_obj = obj;
+ pkcs11_find_objects_final(sinfo);
+ return 0;
+ }
+
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ pkcs11_find_objects_final(sinfo);
+ fail:
+ pkcs11_close_session(sinfo);
+
+ return ret;
}
#define FIND_OBJECT(sinfo, pin_info, obj, key) \
@@ -206,109 +202,101 @@ fail:
* negative error value.
-*/
int
-_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+_gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
- ck_rv_t rv;
- int ret;
- struct ck_mechanism mech;
- gnutls_datum_t tmp = {NULL, 0};
- unsigned long siglen;
- struct pkcs11_session_info _sinfo;
- struct pkcs11_session_info *sinfo;
- ck_object_handle_t obj;
-
- if (key->sinfo.init != 0)
- {
- sinfo = &key->sinfo;
- obj = key->obj;
- }
- else
- {
- sinfo = &_sinfo;
- memset(sinfo, 0, sizeof(*sinfo));
- FIND_OBJECT (sinfo, &key->pin, obj, key);
- }
-
- mech.mechanism = pk_to_mech(key->pk_algorithm);
- mech.parameter = NULL;
- mech.parameter_len = 0;
-
- /* Initialize signing operation; using the private key discovered
- * earlier. */
- rv = pkcs11_sign_init (sinfo->module, sinfo->pks, &mech, obj);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- /* Work out how long the signature must be: */
- rv = pkcs11_sign (sinfo->module, sinfo->pks, hash->data, hash->size, NULL, &siglen);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- tmp.data = gnutls_malloc (siglen);
- tmp.size = siglen;
-
- rv = pkcs11_sign (sinfo->module, sinfo->pks, hash->data, hash->size, tmp.data, &siglen);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
-
- if (key->pk_algorithm == GNUTLS_PK_EC || key->pk_algorithm == GNUTLS_PK_DSA)
- {
- unsigned int hlen = siglen / 2;
- gnutls_datum_t r, s;
-
- if (siglen % 2 != 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto cleanup;
- }
-
- r.data = tmp.data;
- r.size = hlen;
-
- s.data = &tmp.data[hlen];
- s.size = hlen;
-
- ret = _gnutls_encode_ber_rs_raw (signature, &r, &s);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- gnutls_free(tmp.data);
- tmp.data = NULL;
- }
- else
- {
- signature->size = siglen;
- signature->data = tmp.data;
- }
-
- ret = 0;
-
-cleanup:
- if (sinfo != &key->sinfo)
- pkcs11_close_session (sinfo);
- if (ret < 0)
- gnutls_free(tmp.data);
-
- return ret;
+ ck_rv_t rv;
+ int ret;
+ struct ck_mechanism mech;
+ gnutls_datum_t tmp = { NULL, 0 };
+ unsigned long siglen;
+ struct pkcs11_session_info _sinfo;
+ struct pkcs11_session_info *sinfo;
+ ck_object_handle_t obj;
+
+ if (key->sinfo.init != 0) {
+ sinfo = &key->sinfo;
+ obj = key->obj;
+ } else {
+ sinfo = &_sinfo;
+ memset(sinfo, 0, sizeof(*sinfo));
+ FIND_OBJECT(sinfo, &key->pin, obj, key);
+ }
+
+ mech.mechanism = pk_to_mech(key->pk_algorithm);
+ mech.parameter = NULL;
+ mech.parameter_len = 0;
+
+ /* Initialize signing operation; using the private key discovered
+ * earlier. */
+ rv = pkcs11_sign_init(sinfo->module, sinfo->pks, &mech, obj);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ /* Work out how long the signature must be: */
+ rv = pkcs11_sign(sinfo->module, sinfo->pks, hash->data, hash->size,
+ NULL, &siglen);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ tmp.data = gnutls_malloc(siglen);
+ tmp.size = siglen;
+
+ rv = pkcs11_sign(sinfo->module, sinfo->pks, hash->data, hash->size,
+ tmp.data, &siglen);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+
+ if (key->pk_algorithm == GNUTLS_PK_EC
+ || key->pk_algorithm == GNUTLS_PK_DSA) {
+ unsigned int hlen = siglen / 2;
+ gnutls_datum_t r, s;
+
+ if (siglen % 2 != 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto cleanup;
+ }
+
+ r.data = tmp.data;
+ r.size = hlen;
+
+ s.data = &tmp.data[hlen];
+ s.size = hlen;
+
+ ret = _gnutls_encode_ber_rs_raw(signature, &r, &s);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ gnutls_free(tmp.data);
+ tmp.data = NULL;
+ } else {
+ signature->size = siglen;
+ signature->data = tmp.data;
+ }
+
+ ret = 0;
+
+ cleanup:
+ if (sinfo != &key->sinfo)
+ pkcs11_close_session(sinfo);
+ if (ret < 0)
+ gnutls_free(tmp.data);
+
+ return ret;
}
/**
@@ -323,41 +311,36 @@ cleanup:
* Since: 3.1.9
*
**/
-int
-gnutls_pkcs11_privkey_status (gnutls_pkcs11_privkey_t key)
+int gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key)
{
- ck_rv_t rv;
- int ret;
- struct pkcs11_session_info _sinfo;
- struct pkcs11_session_info *sinfo;
- ck_object_handle_t obj;
- struct ck_session_info session_info;
-
- if (key->sinfo.init != 0)
- {
- sinfo = &key->sinfo;
- obj = key->obj;
- }
- else
- {
- sinfo = &_sinfo;
- memset(sinfo, 0, sizeof(*sinfo));
- FIND_OBJECT (sinfo, &key->pin, obj, key);
- }
-
- rv = (sinfo->module)->C_GetSessionInfo (sinfo->pks, &session_info);
- if (rv != CKR_OK)
- {
- ret = 0;
- goto cleanup;
- }
- ret = 1;
-
-cleanup:
- if (sinfo != &key->sinfo)
- pkcs11_close_session (sinfo);
-
- return ret;
+ ck_rv_t rv;
+ int ret;
+ struct pkcs11_session_info _sinfo;
+ struct pkcs11_session_info *sinfo;
+ ck_object_handle_t obj;
+ struct ck_session_info session_info;
+
+ if (key->sinfo.init != 0) {
+ sinfo = &key->sinfo;
+ obj = key->obj;
+ } else {
+ sinfo = &_sinfo;
+ memset(sinfo, 0, sizeof(*sinfo));
+ FIND_OBJECT(sinfo, &key->pin, obj, key);
+ }
+
+ rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks, &session_info);
+ if (rv != CKR_OK) {
+ ret = 0;
+ goto cleanup;
+ }
+ ret = 1;
+
+ cleanup:
+ if (sinfo != &key->sinfo)
+ pkcs11_close_session(sinfo);
+
+ return ret;
}
/**
@@ -375,82 +358,77 @@ cleanup:
* negative error value.
**/
int
-gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
- const char *url, unsigned int flags)
+gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
+ const char *url, unsigned int flags)
{
- int ret;
- struct ck_attribute *attr;
- ck_object_handle_t obj;
- struct ck_attribute a[4];
- ck_key_type_t key_type;
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (url, &pkey->info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- pkey->flags = flags;
-
- attr = p11_kit_uri_get_attribute (pkey->info, CKA_CLASS);
- if (!attr || attr->value_len != sizeof (ck_object_class_t) ||
- *(ck_object_class_t*)attr->value != CKO_PRIVATE_KEY)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- attr = p11_kit_uri_get_attribute (pkey->info, CKA_ID);
- if (!attr || !attr->value_len)
- {
- attr = p11_kit_uri_get_attribute (pkey->info, CKA_LABEL);
- if (!attr || !attr->value_len)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- }
-
- FIND_OBJECT (&sinfo, &pkey->pin, obj, pkey);
-
- a[0].type = CKA_KEY_TYPE;
- a[0].value = &key_type;
- a[0].value_len = sizeof (key_type);
-
- if (pkcs11_get_attribute_value (sinfo.module, sinfo.pks, obj, a, 1) == CKR_OK)
- {
- pkey->pk_algorithm = mech_to_pk(key_type);
- if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN)
- {
- _gnutls_debug_log("Cannot determine PKCS #11 key algorithm\n");
- ret = GNUTLS_E_UNKNOWN_ALGORITHM;
- goto cleanup;
- }
- }
-
- ret = 0;
-
- if (pkey->sinfo.init)
- pkcs11_close_session (&pkey->sinfo);
-
- if (sinfo.tinfo.max_session_count != 1)
- {
- /* We do not keep the session open in tokens that can
- * only support a single session.
- */
- memcpy(&pkey->sinfo, &sinfo, sizeof(pkey->sinfo));
- pkey->obj = obj;
- return ret;
- }
-
-cleanup:
- pkcs11_close_session (&sinfo);
-
- return ret;
+ int ret;
+ struct ck_attribute *attr;
+ ck_object_handle_t obj;
+ struct ck_attribute a[4];
+ ck_key_type_t key_type;
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(url, &pkey->info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ pkey->flags = flags;
+
+ attr = p11_kit_uri_get_attribute(pkey->info, CKA_CLASS);
+ if (!attr || attr->value_len != sizeof(ck_object_class_t) ||
+ *(ck_object_class_t *) attr->value != CKO_PRIVATE_KEY) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ attr = p11_kit_uri_get_attribute(pkey->info, CKA_ID);
+ if (!attr || !attr->value_len) {
+ attr = p11_kit_uri_get_attribute(pkey->info, CKA_LABEL);
+ if (!attr || !attr->value_len) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ }
+
+ FIND_OBJECT(&sinfo, &pkey->pin, obj, pkey);
+
+ a[0].type = CKA_KEY_TYPE;
+ a[0].value = &key_type;
+ a[0].value_len = sizeof(key_type);
+
+ if (pkcs11_get_attribute_value(sinfo.module, sinfo.pks, obj, a, 1)
+ == CKR_OK) {
+ pkey->pk_algorithm = mech_to_pk(key_type);
+ if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN) {
+ _gnutls_debug_log
+ ("Cannot determine PKCS #11 key algorithm\n");
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+ }
+
+ ret = 0;
+
+ if (pkey->sinfo.init)
+ pkcs11_close_session(&pkey->sinfo);
+
+ if (sinfo.tinfo.max_session_count != 1) {
+ /* We do not keep the session open in tokens that can
+ * only support a single session.
+ */
+ memcpy(&pkey->sinfo, &sinfo, sizeof(pkey->sinfo));
+ pkey->obj = obj;
+ return ret;
+ }
+
+ cleanup:
+ pkcs11_close_session(&sinfo);
+
+ return ret;
}
/*-
@@ -467,80 +445,74 @@ cleanup:
* negative error value.
-*/
int
-_gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+_gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
- ck_rv_t rv;
- int ret;
- struct ck_mechanism mech;
- unsigned long siglen;
- ck_object_handle_t obj;
- struct pkcs11_session_info _sinfo;
- struct pkcs11_session_info *sinfo;
-
- if (key->sinfo.init != 0)
- {
- sinfo = &key->sinfo;
- obj = key->obj;
- }
- else
- {
- sinfo = &_sinfo;
- memset(sinfo, 0, sizeof(*sinfo));
- FIND_OBJECT (sinfo, &key->pin, obj, key);
- }
-
- if (key->pk_algorithm != GNUTLS_PK_RSA)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- mech.mechanism = CKM_RSA_PKCS;
- mech.parameter = NULL;
- mech.parameter_len = 0;
-
- /* Initialize signing operation; using the private key discovered
- * earlier. */
- rv = pkcs11_decrypt_init (sinfo->module, sinfo->pks, &mech, obj);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- /* Work out how long the plaintext must be: */
- rv = pkcs11_decrypt (sinfo->module, sinfo->pks, ciphertext->data, ciphertext->size,
- NULL, &siglen);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- plaintext->data = gnutls_malloc (siglen);
- plaintext->size = siglen;
-
- rv = pkcs11_decrypt (sinfo->module, sinfo->pks, ciphertext->data, ciphertext->size,
- plaintext->data, &siglen);
- if (rv != CKR_OK)
- {
- gnutls_free (plaintext->data);
- gnutls_assert ();
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- plaintext->size = siglen;
-
- ret = 0;
-
-cleanup:
- if (key->sinfo.init == 0)
- pkcs11_close_session (sinfo);
-
- return ret;
+ ck_rv_t rv;
+ int ret;
+ struct ck_mechanism mech;
+ unsigned long siglen;
+ ck_object_handle_t obj;
+ struct pkcs11_session_info _sinfo;
+ struct pkcs11_session_info *sinfo;
+
+ if (key->sinfo.init != 0) {
+ sinfo = &key->sinfo;
+ obj = key->obj;
+ } else {
+ sinfo = &_sinfo;
+ memset(sinfo, 0, sizeof(*sinfo));
+ FIND_OBJECT(sinfo, &key->pin, obj, key);
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_RSA)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ mech.mechanism = CKM_RSA_PKCS;
+ mech.parameter = NULL;
+ mech.parameter_len = 0;
+
+ /* Initialize signing operation; using the private key discovered
+ * earlier. */
+ rv = pkcs11_decrypt_init(sinfo->module, sinfo->pks, &mech, obj);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ /* Work out how long the plaintext must be: */
+ rv = pkcs11_decrypt(sinfo->module, sinfo->pks, ciphertext->data,
+ ciphertext->size, NULL, &siglen);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ plaintext->data = gnutls_malloc(siglen);
+ plaintext->size = siglen;
+
+ rv = pkcs11_decrypt(sinfo->module, sinfo->pks, ciphertext->data,
+ ciphertext->size, plaintext->data, &siglen);
+ if (rv != CKR_OK) {
+ gnutls_free(plaintext->data);
+ gnutls_assert();
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ plaintext->size = siglen;
+
+ ret = 0;
+
+ cleanup:
+ if (key->sinfo.init == 0)
+ pkcs11_close_session(sinfo);
+
+ return ret;
}
/**
@@ -555,20 +527,19 @@ cleanup:
* negative error value.
**/
int
-gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
- gnutls_pkcs11_url_type_t detailed,
- char **url)
+gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url)
{
- int ret;
+ int ret;
- ret = pkcs11_info_to_url (key->info, detailed, url);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = pkcs11_info_to_url(key->info, detailed, url);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -590,11 +561,12 @@ gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
* Since: 3.0
**/
int
-gnutls_pkcs11_privkey_generate (const char* url, gnutls_pk_algorithm_t pk,
- unsigned int bits, const char* label,
- unsigned int flags)
+gnutls_pkcs11_privkey_generate(const char *url, gnutls_pk_algorithm_t pk,
+ unsigned int bits, const char *label,
+ unsigned int flags)
{
- return gnutls_pkcs11_privkey_generate2( url, pk, bits, label, 0, NULL, flags);
+ return gnutls_pkcs11_privkey_generate2(url, pk, bits, label, 0,
+ NULL, flags);
}
/**
@@ -619,229 +591,216 @@ gnutls_pkcs11_privkey_generate (const char* url, gnutls_pk_algorithm_t pk,
* Since: 3.1.5
**/
int
-gnutls_pkcs11_privkey_generate2 (const char* url, gnutls_pk_algorithm_t pk,
- unsigned int bits, const char* label,
- gnutls_x509_crt_fmt_t fmt,
- gnutls_datum_t * pubkey,
- unsigned int flags)
+gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
+ unsigned int bits, const char *label,
+ gnutls_x509_crt_fmt_t fmt,
+ gnutls_datum_t * pubkey,
+ unsigned int flags)
{
- int ret;
- const ck_bool_t tval = 1;
- const ck_bool_t fval = 0;
- struct pkcs11_session_info sinfo;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- struct ck_attribute a[10], p[10];
- ck_object_handle_t pub, priv;
- unsigned long _bits = bits;
- int a_val, p_val;
- struct ck_mechanism mech;
- gnutls_pubkey_t pkey = NULL;
- gnutls_pkcs11_obj_t obj = NULL;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pkcs11_open_session (&sinfo, NULL, info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* a holds the public key template
- * and p the private key */
- a_val = p_val = 0;
- mech.parameter = NULL;
- mech.parameter_len = 0;
- mech.mechanism = pk_to_genmech(pk);
-
- switch(pk)
- {
- case GNUTLS_PK_RSA:
- p[p_val].type = CKA_DECRYPT;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
-
- p[p_val].type = CKA_SIGN;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
-
- a[a_val].type = CKA_ENCRYPT;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- a[a_val].type = CKA_VERIFY;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- a[a_val].type = CKA_MODULUS_BITS;
- a[a_val].value = &_bits;
- a[a_val].value_len = sizeof (_bits);
- a_val++;
- break;
- case GNUTLS_PK_DSA:
- p[p_val].type = CKA_SIGN;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
-
- a[a_val].type = CKA_VERIFY;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- a[a_val].type = CKA_MODULUS_BITS;
- a[a_val].value = &_bits;
- a[a_val].value_len = sizeof (_bits);
- a_val++;
- break;
- case GNUTLS_PK_EC:
- p[p_val].type = CKA_SIGN;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
-
- a[a_val].type = CKA_VERIFY;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- a[a_val].type = CKA_MODULUS_BITS;
- a[a_val].value = &_bits;
- a[a_val].value_len = sizeof (_bits);
- a_val++;
- break;
- default:
- ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- goto cleanup;
- }
-
- /* a private key is set always as private unless
- * requested otherwise
- */
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
- {
- p[p_val].type = CKA_PRIVATE;
- p[p_val].value = (void*)&fval;
- p[p_val].value_len = sizeof(fval);
- p_val++;
- }
- else
- {
- p[p_val].type = CKA_PRIVATE;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
- }
-
- p[p_val].type = CKA_TOKEN;
- p[p_val].value = (void *)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
-
- if (label)
- {
- p[p_val].type = CKA_LABEL;
- p[p_val].value = (void*)label;
- p[p_val].value_len = strlen (label);
- p_val++;
-
- a[a_val].type = CKA_LABEL;
- a[a_val].value = (void*)label;
- a[a_val].value_len = strlen (label);
- a_val++;
- }
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
- {
- p[p_val].type = CKA_SENSITIVE;
- p[p_val].value = (void*)&tval;
- p[p_val].value_len = sizeof (tval);
- p_val++;
- }
- else
- {
- p[p_val].type = CKA_SENSITIVE;
- p[p_val].value = (void*)&fval;
- p[p_val].value_len = sizeof (fval);
- p_val++;
- }
-
- rv = pkcs11_generate_key_pair( sinfo.module, sinfo.pks, &mech, a, a_val, p, p_val, &pub, &priv);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- /* extract the public key */
- if (pubkey)
- {
- ret = gnutls_pubkey_init(&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_pkcs11_obj_init(&obj);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- obj->pk_algorithm = pk;
- obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
- ret = pkcs11_read_pubkey(sinfo.module, sinfo.pks, pub, mech.mechanism, obj->pubkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_pkcs11 (pkey, obj, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_export2 (pkey, fmt, pubkey);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
-
-cleanup:
- if (obj != NULL)
- gnutls_pkcs11_obj_deinit(obj);
- if (pkey != NULL)
- gnutls_pubkey_deinit(pkey);
- if (sinfo.pks != 0)
- pkcs11_close_session (&sinfo);
-
- return ret;
+ int ret;
+ const ck_bool_t tval = 1;
+ const ck_bool_t fval = 0;
+ struct pkcs11_session_info sinfo;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ struct ck_attribute a[10], p[10];
+ ck_object_handle_t pub, priv;
+ unsigned long _bits = bits;
+ int a_val, p_val;
+ struct ck_mechanism mech;
+ gnutls_pubkey_t pkey = NULL;
+ gnutls_pkcs11_obj_t obj = NULL;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session(&sinfo, NULL, info,
+ SESSION_WRITE |
+ pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* a holds the public key template
+ * and p the private key */
+ a_val = p_val = 0;
+ mech.parameter = NULL;
+ mech.parameter_len = 0;
+ mech.mechanism = pk_to_genmech(pk);
+
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ p[p_val].type = CKA_DECRYPT;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+
+ p[p_val].type = CKA_SIGN;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+
+ a[a_val].type = CKA_ENCRYPT;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ a[a_val].type = CKA_VERIFY;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ a[a_val].type = CKA_MODULUS_BITS;
+ a[a_val].value = &_bits;
+ a[a_val].value_len = sizeof(_bits);
+ a_val++;
+ break;
+ case GNUTLS_PK_DSA:
+ p[p_val].type = CKA_SIGN;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+
+ a[a_val].type = CKA_VERIFY;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ a[a_val].type = CKA_MODULUS_BITS;
+ a[a_val].value = &_bits;
+ a[a_val].value_len = sizeof(_bits);
+ a_val++;
+ break;
+ case GNUTLS_PK_EC:
+ p[p_val].type = CKA_SIGN;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+
+ a[a_val].type = CKA_VERIFY;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ a[a_val].type = CKA_MODULUS_BITS;
+ a[a_val].value = &_bits;
+ a[a_val].value_len = sizeof(_bits);
+ a_val++;
+ break;
+ default:
+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ goto cleanup;
+ }
+
+ /* a private key is set always as private unless
+ * requested otherwise
+ */
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) {
+ p[p_val].type = CKA_PRIVATE;
+ p[p_val].value = (void *) &fval;
+ p[p_val].value_len = sizeof(fval);
+ p_val++;
+ } else {
+ p[p_val].type = CKA_PRIVATE;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+ }
+
+ p[p_val].type = CKA_TOKEN;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+
+ if (label) {
+ p[p_val].type = CKA_LABEL;
+ p[p_val].value = (void *) label;
+ p[p_val].value_len = strlen(label);
+ p_val++;
+
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen(label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE) {
+ p[p_val].type = CKA_SENSITIVE;
+ p[p_val].value = (void *) &tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+ } else {
+ p[p_val].type = CKA_SENSITIVE;
+ p[p_val].value = (void *) &fval;
+ p[p_val].value_len = sizeof(fval);
+ p_val++;
+ }
+
+ rv = pkcs11_generate_key_pair(sinfo.module, sinfo.pks, &mech, a,
+ a_val, p, p_val, &pub, &priv);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ /* extract the public key */
+ if (pubkey) {
+ ret = gnutls_pubkey_init(&pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pkcs11_obj_init(&obj);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ obj->pk_algorithm = pk;
+ obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
+ ret =
+ pkcs11_read_pubkey(sinfo.module, sinfo.pks, pub,
+ mech.mechanism, obj->pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_pkcs11(pkey, obj, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_export2(pkey, fmt, pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+
+ cleanup:
+ if (obj != NULL)
+ gnutls_pkcs11_obj_deinit(obj);
+ if (pkey != NULL)
+ gnutls_pubkey_deinit(pkey);
+ if (sinfo.pks != 0)
+ pkcs11_close_session(&sinfo);
+
+ return ret;
}
/**
@@ -858,10 +817,10 @@ cleanup:
*
**/
void
-gnutls_pkcs11_privkey_set_pin_function (gnutls_pkcs11_privkey_t key,
- gnutls_pin_callback_t fn,
- void *userdata)
+gnutls_pkcs11_privkey_set_pin_function(gnutls_pkcs11_privkey_t key,
+ gnutls_pin_callback_t fn,
+ void *userdata)
{
- key->pin.cb = fn;
- key->pin.data = userdata;
+ key->pin.cb = fn;
+ key->pin.data = userdata;
}
diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c
index eabcd95fc6..3d01912420 100644
--- a/lib/pkcs11_secret.c
+++ b/lib/pkcs11_secret.c
@@ -44,109 +44,105 @@
* Since: 2.12.0
**/
int
-gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t * key,
- const char *label,
- unsigned int key_usage, unsigned int flags
- /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
+gnutls_pkcs11_copy_secret_key(const char *token_url, gnutls_datum_t * key,
+ const char *label,
+ unsigned int key_usage, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- struct ck_attribute a[12];
- ck_object_class_t class = CKO_SECRET_KEY;
- ck_object_handle_t obj;
- ck_key_type_t keytype = CKK_GENERIC_SECRET;
- ck_bool_t tval = 1;
- int a_val;
- uint8_t id[16];
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* generate a unique ID */
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, id, sizeof (id));
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pkcs11_open_session (&sinfo, NULL, info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* FIXME: copy key usage flags */
-
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof (class);
- a[1].type = CKA_VALUE;
- a[1].value = key->data;
- a[1].value_len = key->size;
- a[2].type = CKA_TOKEN;
- a[2].value = &tval;
- a[2].value_len = sizeof (tval);
- a[3].type = CKA_PRIVATE;
- a[3].value = &tval;
- a[3].value_len = sizeof (tval);
- a[4].type = CKA_KEY_TYPE;
- a[4].value = &keytype;
- a[4].value_len = sizeof (keytype);
- a[5].type = CKA_ID;
- a[5].value = id;
- a[5].value_len = sizeof (id);
-
- a_val = 6;
-
- if (label)
- {
- a[a_val].type = CKA_LABEL;
- a[a_val].value = (void *) label;
- a[a_val].value_len = strlen (label);
- a_val++;
- }
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
- tval = 1;
- else
- tval = 0;
-
- a[a_val].type = CKA_SENSITIVE;
- a[a_val].value = &tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- /* generated!
- */
-
- ret = 0;
-
-cleanup:
- pkcs11_close_session (&sinfo);
-
- return ret;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ struct ck_attribute a[12];
+ ck_object_class_t class = CKO_SECRET_KEY;
+ ck_object_handle_t obj;
+ ck_key_type_t keytype = CKK_GENERIC_SECRET;
+ ck_bool_t tval = 1;
+ int a_val;
+ uint8_t id[16];
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* generate a unique ID */
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, id, sizeof(id));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session(&sinfo, NULL, info,
+ SESSION_WRITE |
+ pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof(class);
+ a[1].type = CKA_VALUE;
+ a[1].value = key->data;
+ a[1].value_len = key->size;
+ a[2].type = CKA_TOKEN;
+ a[2].value = &tval;
+ a[2].value_len = sizeof(tval);
+ a[3].type = CKA_PRIVATE;
+ a[3].value = &tval;
+ a[3].value_len = sizeof(tval);
+ a[4].type = CKA_KEY_TYPE;
+ a[4].value = &keytype;
+ a[4].value_len = sizeof(keytype);
+ a[5].type = CKA_ID;
+ a[5].value = id;
+ a[5].value_len = sizeof(id);
+
+ a_val = 6;
+
+ if (label) {
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen(label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
+ tval = 1;
+ else
+ tval = 0;
+
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ rv = pkcs11_create_object(sinfo.module, sinfo.pks, a, a_val, &obj);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ /* generated!
+ */
+
+ ret = 0;
+
+ cleanup:
+ pkcs11_close_session(&sinfo);
+
+ return ret;
}
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 140147abd0..61971035e6 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -45,163 +45,153 @@ static const ck_bool_t fval = 0;
* Since: 2.12.0
**/
int
-gnutls_pkcs11_copy_x509_crt (const char *token_url,
- gnutls_x509_crt_t crt, const char *label,
- unsigned int flags)
+gnutls_pkcs11_copy_x509_crt(const char *token_url,
+ gnutls_x509_crt_t crt, const char *label,
+ unsigned int flags)
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- size_t der_size, id_size;
- uint8_t *der = NULL;
- uint8_t id[20];
- struct ck_attribute a[16];
- ck_object_class_t class = CKO_CERTIFICATE;
- ck_certificate_type_t type = CKC_X_509;
- ck_object_handle_t obj;
- int a_val;
- gnutls_datum_t subject = { NULL, 0 };
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pkcs11_open_session (&sinfo, NULL, info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, NULL, &der_size);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- der = gnutls_malloc (der_size);
- if (der == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- id_size = sizeof (id);
- ret = gnutls_x509_crt_get_key_id (crt, 0, id, &id_size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_get_raw_dn (crt, &subject);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* FIXME: copy key usage flags */
-
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof (class);
- a[1].type = CKA_ID;
- a[1].value = id;
- a[1].value_len = id_size;
- a[2].type = CKA_VALUE;
- a[2].value = der;
- a[2].value_len = der_size;
- a[3].type = CKA_TOKEN;
- a[3].value = (void*)&tval;
- a[3].value_len = sizeof (tval);
- a[4].type = CKA_CERTIFICATE_TYPE;
- a[4].value = &type;
- a[4].value_len = sizeof (type);
-
- a_val = 5;
-
- a[a_val].type = CKA_SUBJECT;
- a[a_val].value = subject.data;
- a[a_val].value_len = subject.size;
- a_val++;
-
- if (label)
- {
- a[a_val].type = CKA_LABEL;
- a[a_val].value = (void *) label;
- a[a_val].value_len = strlen (label);
- a_val++;
- }
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
- {
- a[a_val].type = CKA_TRUSTED;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = (void*)&fval;
- a[a_val].value_len = sizeof(fval);
- a_val++;
- }
- else
- {
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE)
- {
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof(tval);
- a_val++;
- }
- else if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
- {
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = (void*)&fval;
- a[a_val].value_len = sizeof(fval);
- a_val++;
- }
- }
-
- rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- /* generated!
- */
-
- ret = 0;
-
-cleanup:
- gnutls_free (der);
- pkcs11_close_session (&sinfo);
- _gnutls_free_datum(&subject);
- return ret;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ size_t der_size, id_size;
+ uint8_t *der = NULL;
+ uint8_t id[20];
+ struct ck_attribute a[16];
+ ck_object_class_t class = CKO_CERTIFICATE;
+ ck_certificate_type_t type = CKC_X_509;
+ ck_object_handle_t obj;
+ int a_val;
+ gnutls_datum_t subject = { NULL, 0 };
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session(&sinfo, NULL, info,
+ SESSION_WRITE |
+ pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, NULL,
+ &der_size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ der = gnutls_malloc(der_size);
+ if (der == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, der,
+ &der_size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ id_size = sizeof(id);
+ ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_get_raw_dn(crt, &subject);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof(class);
+ a[1].type = CKA_ID;
+ a[1].value = id;
+ a[1].value_len = id_size;
+ a[2].type = CKA_VALUE;
+ a[2].value = der;
+ a[2].value_len = der_size;
+ a[3].type = CKA_TOKEN;
+ a[3].value = (void *) &tval;
+ a[3].value_len = sizeof(tval);
+ a[4].type = CKA_CERTIFICATE_TYPE;
+ a[4].value = &type;
+ a[4].value_len = sizeof(type);
+
+ a_val = 5;
+
+ a[a_val].type = CKA_SUBJECT;
+ a[a_val].value = subject.data;
+ a[a_val].value_len = subject.size;
+ a_val++;
+
+ if (label) {
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen(label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) {
+ a[a_val].type = CKA_TRUSTED;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void *) &fval;
+ a[a_val].value_len = sizeof(fval);
+ a_val++;
+ } else {
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE) {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+ } else if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void *) &fval;
+ a[a_val].value_len = sizeof(fval);
+ a_val++;
+ }
+ }
+
+ rv = pkcs11_create_object(sinfo.module, sinfo.pks, a, a_val, &obj);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ /* generated!
+ */
+
+ ret = 0;
+
+ cleanup:
+ gnutls_free(der);
+ pkcs11_close_session(&sinfo);
+ _gnutls_free_datum(&subject);
+ return ret;
}
@@ -223,428 +213,410 @@ cleanup:
* Since: 2.12.0
**/
int
-gnutls_pkcs11_copy_x509_privkey (const char *token_url,
- gnutls_x509_privkey_t key,
- const char *label,
- unsigned int key_usage, unsigned int flags)
+gnutls_pkcs11_copy_x509_privkey(const char *token_url,
+ gnutls_x509_privkey_t key,
+ const char *label,
+ unsigned int key_usage, unsigned int flags)
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- size_t id_size;
- uint8_t id[20];
- struct ck_attribute a[16];
- ck_object_class_t class = CKO_PRIVATE_KEY;
- ck_object_handle_t obj;
- ck_key_type_t type;
- int a_val;
- gnutls_pk_algorithm_t pk;
- gnutls_datum_t p, q, g, y, x;
- gnutls_datum_t m, e, d, u, exp1, exp2;
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- memset(&p, 0, sizeof(p));
- memset(&q, 0, sizeof(q));
- memset(&g, 0, sizeof(g));
- memset(&y, 0, sizeof(y));
- memset(&x, 0, sizeof(x));
- memset(&m, 0, sizeof(m));
- memset(&e, 0, sizeof(e));
- memset(&d, 0, sizeof(d));
- memset(&u, 0, sizeof(u));
- memset(&exp1, 0, sizeof(exp1));
- memset(&exp2, 0, sizeof(exp2));
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- id_size = sizeof (id);
- ret = gnutls_x509_privkey_get_key_id (key, 0, id, &id_size);
- if (ret < 0)
- {
- p11_kit_uri_free (info);
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pkcs11_open_session (&sinfo, NULL, info,
- SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* FIXME: copy key usage flags */
- a_val = 0;
- a[a_val].type = CKA_CLASS;
- a[a_val].value = &class;
- a[a_val].value_len = sizeof (class);
- a_val++;
-
- a[a_val].type = CKA_ID;
- a[a_val].value = id;
- a[a_val].value_len = id_size;
- a_val++;
-
- a[a_val].type = CKA_KEY_TYPE;
- a[a_val].value = &type;
- a[a_val].value_len = sizeof (type);
- a_val++;
-
- a[a_val].type = CKA_TOKEN;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
-
- /* a private key is set always as private unless
- * requested otherwise
- */
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
- {
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = (void*)&fval;
- a[a_val].value_len = sizeof(fval);
- a_val++;
- }
- else
- {
- a[a_val].type = CKA_PRIVATE;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
- }
-
- if (label)
- {
- a[a_val].type = CKA_LABEL;
- a[a_val].value = (void *) label;
- a[a_val].value_len = strlen (label);
- a_val++;
- }
-
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
- {
- a[a_val].type = CKA_SENSITIVE;
- a[a_val].value = (void*)&tval;
- a[a_val].value_len = sizeof (tval);
- a_val++;
- }
- else
- {
- a[a_val].type = CKA_SENSITIVE;
- a[a_val].value = (void*)&fval;
- a[a_val].value_len = sizeof (fval);
- a_val++;
- }
-
- pk = gnutls_x509_privkey_get_pk_algorithm (key);
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- {
-
- ret =
- gnutls_x509_privkey_export_rsa_raw2 (key, &m,
- &e, &d, &p,
- &q, &u, &exp1, &exp2);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- type = CKK_RSA;
-
- a[a_val].type = CKA_MODULUS;
- a[a_val].value = m.data;
- a[a_val].value_len = m.size;
- a_val++;
-
- a[a_val].type = CKA_PUBLIC_EXPONENT;
- a[a_val].value = e.data;
- a[a_val].value_len = e.size;
- a_val++;
-
- a[a_val].type = CKA_PRIVATE_EXPONENT;
- a[a_val].value = d.data;
- a[a_val].value_len = d.size;
- a_val++;
-
- a[a_val].type = CKA_PRIME_1;
- a[a_val].value = p.data;
- a[a_val].value_len = p.size;
- a_val++;
-
- a[a_val].type = CKA_PRIME_2;
- a[a_val].value = q.data;
- a[a_val].value_len = q.size;
- a_val++;
-
- a[a_val].type = CKA_COEFFICIENT;
- a[a_val].value = u.data;
- a[a_val].value_len = u.size;
- a_val++;
-
- a[a_val].type = CKA_EXPONENT_1;
- a[a_val].value = exp1.data;
- a[a_val].value_len = exp1.size;
- a_val++;
-
- a[a_val].type = CKA_EXPONENT_2;
- a[a_val].value = exp2.data;
- a[a_val].value_len = exp2.size;
- a_val++;
-
- break;
- }
- case GNUTLS_PK_DSA:
- {
- ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- type = CKK_DSA;
-
- a[a_val].type = CKA_PRIME;
- a[a_val].value = p.data;
- a[a_val].value_len = p.size;
- a_val++;
-
- a[a_val].type = CKA_SUBPRIME;
- a[a_val].value = q.data;
- a[a_val].value_len = q.size;
- a_val++;
-
- a[a_val].type = CKA_BASE;
- a[a_val].value = g.data;
- a[a_val].value_len = g.size;
- a_val++;
-
- a[a_val].type = CKA_VALUE;
- a[a_val].value = x.data;
- a[a_val].value_len = x.size;
- a_val++;
-
- break;
- }
- case GNUTLS_PK_EC:
- {
- ret = _gnutls_x509_write_ecc_params(&key->params, &p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint_lz(&key->params.params[ECC_K], &x);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- type = CKK_ECDSA;
-
- a[a_val].type = CKA_EC_PARAMS;
- a[a_val].value = p.data;
- a[a_val].value_len = p.size;
- a_val++;
-
- a[a_val].type = CKA_VALUE;
- a[a_val].value = x.data;
- a[a_val].value_len = x.size;
- a_val++;
-
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_free (m.data);
- gnutls_free (e.data);
- gnutls_free (d.data);
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (u.data);
- gnutls_free (exp1.data);
- gnutls_free (exp2.data);
- break;
- }
- case GNUTLS_PK_DSA:
- {
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
- gnutls_free (x.data);
- break;
- }
- case GNUTLS_PK_EC:
- {
- gnutls_free (p.data);
- gnutls_free (x.data);
- break;
- }
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- break;
- }
-
- if (sinfo.pks != 0)
- pkcs11_close_session (&sinfo);
-
- return ret;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ size_t id_size;
+ uint8_t id[20];
+ struct ck_attribute a[16];
+ ck_object_class_t class = CKO_PRIVATE_KEY;
+ ck_object_handle_t obj;
+ ck_key_type_t type;
+ int a_val;
+ gnutls_pk_algorithm_t pk;
+ gnutls_datum_t p, q, g, y, x;
+ gnutls_datum_t m, e, d, u, exp1, exp2;
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ memset(&p, 0, sizeof(p));
+ memset(&q, 0, sizeof(q));
+ memset(&g, 0, sizeof(g));
+ memset(&y, 0, sizeof(y));
+ memset(&x, 0, sizeof(x));
+ memset(&m, 0, sizeof(m));
+ memset(&e, 0, sizeof(e));
+ memset(&d, 0, sizeof(d));
+ memset(&u, 0, sizeof(u));
+ memset(&exp1, 0, sizeof(exp1));
+ memset(&exp2, 0, sizeof(exp2));
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ id_size = sizeof(id);
+ ret = gnutls_x509_privkey_get_key_id(key, 0, id, &id_size);
+ if (ret < 0) {
+ p11_kit_uri_free(info);
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session(&sinfo, NULL, info,
+ SESSION_WRITE |
+ pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* FIXME: copy key usage flags */
+ a_val = 0;
+ a[a_val].type = CKA_CLASS;
+ a[a_val].value = &class;
+ a[a_val].value_len = sizeof(class);
+ a_val++;
+
+ a[a_val].type = CKA_ID;
+ a[a_val].value = id;
+ a[a_val].value_len = id_size;
+ a_val++;
+
+ a[a_val].type = CKA_KEY_TYPE;
+ a[a_val].value = &type;
+ a[a_val].value_len = sizeof(type);
+ a_val++;
+
+ a[a_val].type = CKA_TOKEN;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+
+ /* a private key is set always as private unless
+ * requested otherwise
+ */
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void *) &fval;
+ a[a_val].value_len = sizeof(fval);
+ a_val++;
+ } else {
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+ }
+
+ if (label) {
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen(label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE) {
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+ } else {
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = (void *) &fval;
+ a[a_val].value_len = sizeof(fval);
+ a_val++;
+ }
+
+ pk = gnutls_x509_privkey_get_pk_algorithm(key);
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ {
+
+ ret =
+ gnutls_x509_privkey_export_rsa_raw2(key, &m,
+ &e, &d, &p,
+ &q, &u,
+ &exp1,
+ &exp2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ type = CKK_RSA;
+
+ a[a_val].type = CKA_MODULUS;
+ a[a_val].value = m.data;
+ a[a_val].value_len = m.size;
+ a_val++;
+
+ a[a_val].type = CKA_PUBLIC_EXPONENT;
+ a[a_val].value = e.data;
+ a[a_val].value_len = e.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIVATE_EXPONENT;
+ a[a_val].value = d.data;
+ a[a_val].value_len = d.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIME_1;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIME_2;
+ a[a_val].value = q.data;
+ a[a_val].value_len = q.size;
+ a_val++;
+
+ a[a_val].type = CKA_COEFFICIENT;
+ a[a_val].value = u.data;
+ a[a_val].value_len = u.size;
+ a_val++;
+
+ a[a_val].type = CKA_EXPONENT_1;
+ a[a_val].value = exp1.data;
+ a[a_val].value_len = exp1.size;
+ a_val++;
+
+ a[a_val].type = CKA_EXPONENT_2;
+ a[a_val].value = exp2.data;
+ a[a_val].value_len = exp2.size;
+ a_val++;
+
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ ret =
+ gnutls_x509_privkey_export_dsa_raw(key, &p, &q,
+ &g, &y, &x);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ type = CKK_DSA;
+
+ a[a_val].type = CKA_PRIME;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
+
+ a[a_val].type = CKA_SUBPRIME;
+ a[a_val].value = q.data;
+ a[a_val].value_len = q.size;
+ a_val++;
+
+ a[a_val].type = CKA_BASE;
+ a[a_val].value = g.data;
+ a[a_val].value_len = g.size;
+ a_val++;
+
+ a[a_val].type = CKA_VALUE;
+ a[a_val].value = x.data;
+ a[a_val].value_len = x.size;
+ a_val++;
+
+ break;
+ }
+ case GNUTLS_PK_EC:
+ {
+ ret =
+ _gnutls_x509_write_ecc_params(&key->params,
+ &p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_mpi_dprint_lz(&key->params.
+ params[ECC_K], &x);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ type = CKK_ECDSA;
+
+ a[a_val].type = CKA_EC_PARAMS;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
+
+ a[a_val].type = CKA_VALUE;
+ a[a_val].value = x.data;
+ a[a_val].value_len = x.size;
+ a_val++;
+
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ rv = pkcs11_create_object(sinfo.module, sinfo.pks, a, a_val, &obj);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ gnutls_free(d.data);
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(u.data);
+ gnutls_free(exp1.data);
+ gnutls_free(exp2.data);
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(g.data);
+ gnutls_free(y.data);
+ gnutls_free(x.data);
+ break;
+ }
+ case GNUTLS_PK_EC:
+ {
+ gnutls_free(p.data);
+ gnutls_free(x.data);
+ break;
+ }
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ break;
+ }
+
+ if (sinfo.pks != 0)
+ pkcs11_close_session(&sinfo);
+
+ return ret;
}
-struct delete_data_st
-{
- struct p11_kit_uri *info;
- unsigned int deleted; /* how many */
+struct delete_data_st {
+ struct p11_kit_uri *info;
+ unsigned int deleted; /* how many */
};
static int
-delete_obj_url (struct pkcs11_session_info * sinfo,
- struct token_info *info,
- struct ck_info *lib_info, void *input)
+delete_obj_url(struct pkcs11_session_info *sinfo,
+ struct token_info *info,
+ struct ck_info *lib_info, void *input)
{
- struct delete_data_st *find_data = input;
- struct ck_attribute a[4];
- struct ck_attribute *attr;
- ck_object_class_t class;
- ck_certificate_type_t type = (ck_certificate_type_t)-1;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, a_vals;
- int found = 0, ret;
-
- if (info == NULL)
- { /* we don't support multiple calls */
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* do not bother reading the token if basic fields do not match
- */
- if (!p11_kit_uri_match_module_info (find_data->info, lib_info) ||
- !p11_kit_uri_match_token_info (find_data->info, &info->tinfo))
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* Find objects with given class and type */
- class = CKO_CERTIFICATE; /* default */
- a_vals = 0;
-
- attr = p11_kit_uri_get_attribute (find_data->info, CKA_CLASS);
- if (attr != NULL)
- {
- if(attr->value && attr->value_len == sizeof (ck_object_class_t))
- class = *((ck_object_class_t*)attr->value);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
- }
-
- a[a_vals].type = CKA_CLASS;
- a[a_vals].value = &class;
- a[a_vals].value_len = sizeof (class);
- a_vals++;
-
- attr = p11_kit_uri_get_attribute (find_data->info, CKA_ID);
- if (attr != NULL)
- {
- memcpy (a + a_vals, attr, sizeof (struct ck_attribute));
- a_vals++;
- }
-
- if (type != (ck_certificate_type_t)-1)
- {
- a[a_vals].type = CKA_CERTIFICATE_TYPE;
- a[a_vals].value = &type;
- a[a_vals].value_len = sizeof type;
- a_vals++;
- }
-
- attr = p11_kit_uri_get_attribute (find_data->info, CKA_LABEL);
- if (attr != NULL)
- {
- memcpy (a + a_vals, attr, sizeof (struct ck_attribute));
- a_vals++;
- }
-
- rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, a_vals);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err (rv);
- goto cleanup;
- }
-
- while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
- {
- rv = pkcs11_destroy_object (sinfo->module, sinfo->pks, obj);
- if (rv != CKR_OK)
- {
- _gnutls_debug_log
- ("pkcs11: Cannot destroy object: %s\n", pkcs11_strerror (rv));
- }
- else
- {
- find_data->deleted++;
- }
-
- found = 1;
- }
-
- if (found == 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- else
- {
- ret = 0;
- }
-
-cleanup:
- pkcs11_find_objects_final (sinfo);
-
- return ret;
+ struct delete_data_st *find_data = input;
+ struct ck_attribute a[4];
+ struct ck_attribute *attr;
+ ck_object_class_t class;
+ ck_certificate_type_t type = (ck_certificate_type_t) - 1;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, a_vals;
+ int found = 0, ret;
+
+ if (info == NULL) { /* we don't support multiple calls */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (!p11_kit_uri_match_module_info(find_data->info, lib_info) ||
+ !p11_kit_uri_match_token_info(find_data->info, &info->tinfo)) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* Find objects with given class and type */
+ class = CKO_CERTIFICATE; /* default */
+ a_vals = 0;
+
+ attr = p11_kit_uri_get_attribute(find_data->info, CKA_CLASS);
+ if (attr != NULL) {
+ if (attr->value
+ && attr->value_len == sizeof(ck_object_class_t))
+ class = *((ck_object_class_t *) attr->value);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+ }
+
+ a[a_vals].type = CKA_CLASS;
+ a[a_vals].value = &class;
+ a[a_vals].value_len = sizeof(class);
+ a_vals++;
+
+ attr = p11_kit_uri_get_attribute(find_data->info, CKA_ID);
+ if (attr != NULL) {
+ memcpy(a + a_vals, attr, sizeof(struct ck_attribute));
+ a_vals++;
+ }
+
+ if (type != (ck_certificate_type_t) - 1) {
+ a[a_vals].type = CKA_CERTIFICATE_TYPE;
+ a[a_vals].value = &type;
+ a[a_vals].value_len = sizeof type;
+ a_vals++;
+ }
+
+ attr = p11_kit_uri_get_attribute(find_data->info, CKA_LABEL);
+ if (attr != NULL) {
+ memcpy(a + a_vals, attr, sizeof(struct ck_attribute));
+ a_vals++;
+ }
+
+ rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a,
+ a_vals);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ while (pkcs11_find_objects
+ (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+ rv = pkcs11_destroy_object(sinfo->module, sinfo->pks, obj);
+ if (rv != CKR_OK) {
+ _gnutls_debug_log
+ ("pkcs11: Cannot destroy object: %s\n",
+ pkcs11_strerror(rv));
+ } else {
+ find_data->deleted++;
+ }
+
+ found = 1;
+ }
+
+ if (found == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ ret = 0;
+ }
+
+ cleanup:
+ pkcs11_find_objects_final(sinfo);
+
+ return ret;
}
@@ -661,33 +633,32 @@ cleanup:
*
* Since: 2.12.0
**/
-int
-gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags)
+int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags)
{
- int ret;
- struct delete_data_st find_data;
+ int ret;
+ struct delete_data_st find_data;
- memset (&find_data, 0, sizeof (find_data));
+ memset(&find_data, 0, sizeof(find_data));
- ret = pkcs11_url_to_info (object_url, &find_data.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = pkcs11_url_to_info(object_url, &find_data.info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret =
- _pkcs11_traverse_tokens (delete_obj_url, &find_data, find_data.info,
- NULL, SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
- p11_kit_uri_free (find_data.info);
+ ret =
+ _pkcs11_traverse_tokens(delete_obj_url, &find_data,
+ find_data.info, NULL,
+ SESSION_WRITE |
+ pkcs11_obj_flags_to_int(flags));
+ p11_kit_uri_free(find_data.info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return find_data.deleted;
+ return find_data.deleted;
}
@@ -705,48 +676,44 @@ gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags)
* negative error value.
**/
int
-gnutls_pkcs11_token_init (const char *token_url,
- const char *so_pin, const char *label)
+gnutls_pkcs11_token_init(const char *token_url,
+ const char *so_pin, const char *label)
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- struct ck_function_list *module;
- ck_slot_id_t slot;
- char flabel[32];
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = pkcs11_find_slot (&module, &slot, info, NULL);
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* so it seems memset has other uses than zeroing! */
- memset (flabel, ' ', sizeof (flabel));
- if (label != NULL)
- memcpy (flabel, label, strlen (label));
-
- rv =
- pkcs11_init_token (module, slot, (uint8_t*)so_pin, strlen (so_pin),
- (uint8_t*)flabel);
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- return pkcs11_rv_to_err (rv);
- }
-
- return 0;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ struct ck_function_list *module;
+ ck_slot_id_t slot;
+ char flabel[32];
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = pkcs11_find_slot(&module, &slot, info, NULL);
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* so it seems memset has other uses than zeroing! */
+ memset(flabel, ' ', sizeof(flabel));
+ if (label != NULL)
+ memcpy(flabel, label, strlen(label));
+
+ rv = pkcs11_init_token(module, slot, (uint8_t *) so_pin,
+ strlen(so_pin), (uint8_t *) flabel);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ return pkcs11_rv_to_err(rv);
+ }
+
+ return 0;
}
@@ -765,70 +732,66 @@ gnutls_pkcs11_token_init (const char *token_url,
* negative error value.
**/
int
-gnutls_pkcs11_token_set_pin (const char *token_url,
- const char *oldpin,
- const char *newpin, unsigned int flags)
+gnutls_pkcs11_token_set_pin(const char *token_url,
+ const char *oldpin,
+ const char *newpin, unsigned int flags)
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- unsigned int ses_flags;
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (((flags & GNUTLS_PIN_USER) && oldpin == NULL) ||
- (flags & GNUTLS_PIN_SO))
- ses_flags = SESSION_WRITE | SESSION_LOGIN | SESSION_SO;
- else
- ses_flags = SESSION_WRITE | SESSION_LOGIN;
-
- ret = pkcs11_open_session (&sinfo, NULL, info, ses_flags);
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (oldpin == NULL)
- {
- rv = pkcs11_init_pin (sinfo.module, sinfo.pks, (uint8_t *) newpin, strlen (newpin));
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto finish;
- }
- }
- else
- {
- rv = pkcs11_set_pin (sinfo.module, sinfo.pks,
- oldpin, strlen (oldpin),
- newpin, strlen (newpin));
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto finish;
- }
- }
-
- ret = 0;
-
-finish:
- pkcs11_close_session (&sinfo);
- return ret;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ unsigned int ses_flags;
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (((flags & GNUTLS_PIN_USER) && oldpin == NULL) ||
+ (flags & GNUTLS_PIN_SO))
+ ses_flags = SESSION_WRITE | SESSION_LOGIN | SESSION_SO;
+ else
+ ses_flags = SESSION_WRITE | SESSION_LOGIN;
+
+ ret = pkcs11_open_session(&sinfo, NULL, info, ses_flags);
+ p11_kit_uri_free(info);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (oldpin == NULL) {
+ rv = pkcs11_init_pin(sinfo.module, sinfo.pks,
+ (uint8_t *) newpin, strlen(newpin));
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n",
+ pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto finish;
+ }
+ } else {
+ rv = pkcs11_set_pin(sinfo.module, sinfo.pks,
+ oldpin, strlen(oldpin),
+ newpin, strlen(newpin));
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n",
+ pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto finish;
+ }
+ }
+
+ ret = 0;
+
+ finish:
+ pkcs11_close_session(&sinfo);
+ return ret;
}
@@ -846,47 +809,42 @@ finish:
* negative error value.
**/
int
-gnutls_pkcs11_token_get_random (const char *token_url,
- void *rnddata,
- size_t len)
+gnutls_pkcs11_token_get_random(const char *token_url,
+ void *rnddata, size_t len)
{
- int ret;
- struct p11_kit_uri *info = NULL;
- ck_rv_t rv;
- struct pkcs11_session_info sinfo;
-
- memset(&sinfo, 0, sizeof(sinfo));
-
- ret = pkcs11_url_to_info (token_url, &info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = pkcs11_open_session (&sinfo, NULL, info, 0);
- p11_kit_uri_free (info);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- rv = pkcs11_get_random(sinfo.module, sinfo.pks, rnddata, len);
- if (rv != CKR_OK)
- {
- gnutls_assert();
- _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
- ret = pkcs11_rv_to_err (rv);
- goto finish;
- }
-
- ret = 0;
-
-finish:
- pkcs11_close_session (&sinfo);
- return ret;
+ int ret;
+ struct p11_kit_uri *info = NULL;
+ ck_rv_t rv;
+ struct pkcs11_session_info sinfo;
-}
+ memset(&sinfo, 0, sizeof(sinfo));
+
+ ret = pkcs11_url_to_info(token_url, &info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = pkcs11_open_session(&sinfo, NULL, info, 0);
+ p11_kit_uri_free(info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ rv = pkcs11_get_random(sinfo.module, sinfo.pks, rnddata, len);
+ if (rv != CKR_OK) {
+ gnutls_assert();
+ _gnutls_debug_log("pkcs11: %s\n", pkcs11_strerror(rv));
+ ret = pkcs11_rv_to_err(rv);
+ goto finish;
+ }
+
+ ret = 0;
+
+ finish:
+ pkcs11_close_session(&sinfo);
+ return ret;
+
+}
diff --git a/lib/pkix_asn1_tab.c b/lib/pkix_asn1_tab.c
index daa5e4c263..ec4943db8d 100644
--- a/lib/pkix_asn1_tab.c
+++ b/lib/pkix_asn1_tab.c
@@ -1,503 +1,510 @@
#if HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <libtasn1.h>
const asn1_static_node pkix_asn1_tab[] = {
- { "PKIX1", 536875024, NULL },
- { NULL, 1073741836, NULL },
- { "id-pkix", 1879048204, NULL },
- { "iso", 1073741825, "1"},
- { "identified-organization", 1073741825, "3"},
- { "dod", 1073741825, "6"},
- { "internet", 1073741825, "1"},
- { "security", 1073741825, "5"},
- { "mechanisms", 1073741825, "5"},
- { "pkix", 1, "7"},
- { "PrivateKeyUsagePeriod", 1610612741, NULL },
- { "notBefore", 1610637349, NULL },
- { NULL, 4104, "0"},
- { "notAfter", 536895525, NULL },
- { NULL, 4104, "1"},
- { "AuthorityKeyIdentifier", 1610612741, NULL },
- { "keyIdentifier", 1610637314, "KeyIdentifier"},
- { NULL, 4104, "0"},
- { "authorityCertIssuer", 1610637314, "GeneralNames"},
- { NULL, 4104, "1"},
- { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"},
- { NULL, 4104, "2"},
- { "KeyIdentifier", 1073741831, NULL },
- { "SubjectKeyIdentifier", 1073741826, "KeyIdentifier"},
- { "KeyUsage", 1073741830, NULL },
- { "DirectoryString", 1610612754, NULL },
- { "teletexString", 1612709918, NULL },
- { "MAX", 524298, "1"},
- { "printableString", 1612709919, NULL },
- { "MAX", 524298, "1"},
- { "universalString", 1612709920, NULL },
- { "MAX", 524298, "1"},
- { "utf8String", 1612709922, NULL },
- { "MAX", 524298, "1"},
- { "bmpString", 1612709921, NULL },
- { "MAX", 524298, "1"},
- { "ia5String", 538968093, NULL },
- { "MAX", 524298, "1"},
- { "SubjectAltName", 1073741826, "GeneralNames"},
- { "GeneralNames", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "GeneralName"},
- { "GeneralName", 1610612754, NULL },
- { "otherName", 1610620930, "AnotherName"},
- { NULL, 4104, "0"},
- { "rfc822Name", 1610620957, NULL },
- { NULL, 4104, "1"},
- { "dNSName", 1610620957, NULL },
- { NULL, 4104, "2"},
- { "x400Address", 1610620941, NULL },
- { NULL, 4104, "3"},
- { "directoryName", 1610620930, "RDNSequence"},
- { NULL, 2056, "4"},
- { "ediPartyName", 1610620941, NULL },
- { NULL, 4104, "5"},
- { "uniformResourceIdentifier", 1610620957, NULL },
- { NULL, 4104, "6"},
- { "iPAddress", 1610620935, NULL },
- { NULL, 4104, "7"},
- { "registeredID", 536879116, NULL },
- { NULL, 4104, "8"},
- { "AnotherName", 1610612741, NULL },
- { "type-id", 1073741836, NULL },
- { "value", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "type-id", 1, NULL },
- { "IssuerAltName", 1073741826, "GeneralNames"},
- { "BasicConstraints", 1610612741, NULL },
- { "cA", 1610645508, NULL },
- { NULL, 131081, NULL },
- { "pathLenConstraint", 537411587, NULL },
- { "0", 10, "MAX"},
- { "CRLDistributionPoints", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "DistributionPoint"},
- { "DistributionPoint", 1610612741, NULL },
- { "distributionPoint", 1610637314, "DistributionPointName"},
- { NULL, 2056, "0"},
- { "reasons", 1610637314, "ReasonFlags"},
- { NULL, 4104, "1"},
- { "cRLIssuer", 536895490, "GeneralNames"},
- { NULL, 4104, "2"},
- { "DistributionPointName", 1610612754, NULL },
- { "fullName", 1610620930, "GeneralNames"},
- { NULL, 4104, "0"},
- { "nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"},
- { NULL, 4104, "1"},
- { "ReasonFlags", 1073741830, NULL },
- { "ExtKeyUsageSyntax", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "KeyPurposeId"},
- { "KeyPurposeId", 1073741836, NULL },
- { "AuthorityInfoAccessSyntax", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "AccessDescription"},
- { "AccessDescription", 1610612741, NULL },
- { "accessMethod", 1073741836, NULL },
- { "accessLocation", 2, "GeneralName"},
- { "Attribute", 1610612741, NULL },
- { "type", 1073741826, "AttributeType"},
- { "values", 536870927, NULL },
- { NULL, 2, "AttributeValue"},
- { "AttributeType", 1073741836, NULL },
- { "AttributeValue", 1614807053, NULL },
- { "type", 1, NULL },
- { "AttributeTypeAndValue", 1610612741, NULL },
- { "type", 1073741826, "AttributeType"},
- { "value", 2, "AttributeValue"},
- { "id-at", 1879048204, NULL },
- { "joint-iso-ccitt", 1073741825, "2"},
- { "ds", 1073741825, "5"},
- { NULL, 1, "4"},
- { "emailAddress", 1880096780, "AttributeType"},
- { "iso", 1073741825, "1"},
- { "member-body", 1073741825, "2"},
- { "us", 1073741825, "840"},
- { "rsadsi", 1073741825, "113549"},
- { "pkcs", 1073741825, "1"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "1"},
- { "Name", 1610612754, NULL },
- { "rdnSequence", 2, "RDNSequence"},
- { "RDNSequence", 1610612747, NULL },
- { NULL, 2, "RelativeDistinguishedName"},
- { "DistinguishedName", 1073741826, "RDNSequence"},
- { "RelativeDistinguishedName", 1612709903, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "AttributeTypeAndValue"},
- { "Certificate", 1610612741, NULL },
- { "tbsCertificate", 1073741826, "TBSCertificate"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 6, NULL },
- { "TBSCertificate", 1610612741, NULL },
- { "version", 1610653699, NULL },
- { NULL, 1073741833, "0"},
- { NULL, 2056, "0"},
- { "serialNumber", 1073741826, "CertificateSerialNumber"},
- { "signature", 1073741826, "AlgorithmIdentifier"},
- { "issuer", 1073741826, "Name"},
- { "validity", 1073741826, "Validity"},
- { "subject", 1073741826, "Name"},
- { "subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"},
- { "issuerUniqueID", 1610637314, "UniqueIdentifier"},
- { NULL, 4104, "1"},
- { "subjectUniqueID", 1610637314, "UniqueIdentifier"},
- { NULL, 4104, "2"},
- { "extensions", 536895490, "Extensions"},
- { NULL, 2056, "3"},
- { "CertificateSerialNumber", 1073741827, NULL },
- { "Validity", 1610612741, NULL },
- { "notBefore", 1073741826, "Time"},
- { "notAfter", 2, "Time"},
- { "Time", 1610612754, NULL },
- { "utcTime", 1073741860, NULL },
- { "generalTime", 37, NULL },
- { "UniqueIdentifier", 1073741830, NULL },
- { "SubjectPublicKeyInfo", 1610612741, NULL },
- { "algorithm", 1073741826, "AlgorithmIdentifier"},
- { "subjectPublicKey", 6, NULL },
- { "Extensions", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "Extension"},
- { "Extension", 1610612741, NULL },
- { "extnID", 1073741836, NULL },
- { "critical", 1610645508, NULL },
- { NULL, 131081, NULL },
- { "extnValue", 7, NULL },
- { "CertificateList", 1610612741, NULL },
- { "tbsCertList", 1073741826, "TBSCertList"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 6, NULL },
- { "TBSCertList", 1610612741, NULL },
- { "version", 1073758211, NULL },
- { "signature", 1073741826, "AlgorithmIdentifier"},
- { "issuer", 1073741826, "Name"},
- { "thisUpdate", 1073741826, "Time"},
- { "nextUpdate", 1073758210, "Time"},
- { "revokedCertificates", 1610629131, NULL },
- { NULL, 536870917, NULL },
- { "userCertificate", 1073741826, "CertificateSerialNumber"},
- { "revocationDate", 1073741826, "Time"},
- { "crlEntryExtensions", 16386, "Extensions"},
- { "crlExtensions", 536895490, "Extensions"},
- { NULL, 2056, "0"},
- { "AlgorithmIdentifier", 1610612741, NULL },
- { "algorithm", 1073741836, NULL },
- { "parameters", 541081613, NULL },
- { "algorithm", 1, NULL },
- { "Dss-Sig-Value", 1610612741, NULL },
- { "r", 1073741827, NULL },
- { "s", 3, NULL },
- { "DomainParameters", 1610612741, NULL },
- { "p", 1073741827, NULL },
- { "g", 1073741827, NULL },
- { "q", 1073741827, NULL },
- { "j", 1073758211, NULL },
- { "validationParms", 16386, "ValidationParms"},
- { "ValidationParms", 1610612741, NULL },
- { "seed", 1073741830, NULL },
- { "pgenCounter", 3, NULL },
- { "Dss-Parms", 1610612741, NULL },
- { "p", 1073741827, NULL },
- { "q", 1073741827, NULL },
- { "g", 3, NULL },
- { "CountryName", 1610620946, NULL },
- { NULL, 1073746952, "1"},
- { "x121-dcc-code", 1612709916, NULL },
- { NULL, 1048586, "ub-country-name-numeric-length"},
- { "iso-3166-alpha2-code", 538968095, NULL },
- { NULL, 1048586, "ub-country-name-alpha-length"},
- { "OrganizationName", 1612709919, NULL },
- { "ub-organization-name-length", 524298, "1"},
- { "NumericUserIdentifier", 1612709916, NULL },
- { "ub-numeric-user-id-length", 524298, "1"},
- { "OrganizationalUnitNames", 1612709899, NULL },
- { "ub-organizational-units", 1074266122, "1"},
- { NULL, 2, "OrganizationalUnitName"},
- { "OrganizationalUnitName", 1612709919, NULL },
- { "ub-organizational-unit-name-length", 524298, "1"},
- { "CommonName", 1073741855, NULL },
- { "pkcs-7-ContentInfo", 1610612741, NULL },
- { "contentType", 1073741826, "pkcs-7-ContentType"},
- { "content", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "contentType", 1, NULL },
- { "pkcs-7-DigestInfo", 1610612741, NULL },
- { "digestAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "digest", 7, NULL },
- { "pkcs-7-ContentType", 1073741836, NULL },
- { "pkcs-7-SignedData", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"},
- { "encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"},
- { "certificates", 1610637314, "pkcs-7-CertificateSet"},
- { NULL, 4104, "0"},
- { "crls", 1610637314, "pkcs-7-CertificateRevocationLists"},
- { NULL, 4104, "1"},
- { "signerInfos", 2, "pkcs-7-SignerInfos"},
- { "pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL },
- { NULL, 2, "AlgorithmIdentifier"},
- { "pkcs-7-EncapsulatedContentInfo", 1610612741, NULL },
- { "eContentType", 1073741826, "pkcs-7-ContentType"},
- { "eContent", 536895495, NULL },
- { NULL, 2056, "0"},
- { "pkcs-7-CertificateRevocationLists", 1610612751, NULL },
- { NULL, 13, NULL },
- { "pkcs-7-CertificateChoices", 1610612754, NULL },
- { "certificate", 13, NULL },
- { "pkcs-7-CertificateSet", 1610612751, NULL },
- { NULL, 2, "pkcs-7-CertificateChoices"},
- { "pkcs-7-SignerInfos", 1610612751, NULL },
- { NULL, 13, NULL },
- { "pkcs-10-CertificationRequestInfo", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "subject", 1073741826, "Name"},
- { "subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"},
- { "attributes", 536879106, "Attributes"},
- { NULL, 4104, "0"},
- { "Attributes", 1610612751, NULL },
- { NULL, 2, "Attribute"},
- { "pkcs-10-CertificationRequest", 1610612741, NULL },
- { "certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 6, NULL },
- { "pkcs-9-at-challengePassword", 1879048204, NULL },
- { "iso", 1073741825, "1"},
- { "member-body", 1073741825, "2"},
- { "us", 1073741825, "840"},
- { "rsadsi", 1073741825, "113549"},
- { "pkcs", 1073741825, "1"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "7"},
- { "pkcs-9-challengePassword", 1610612754, NULL },
- { "printableString", 1073741855, NULL },
- { "utf8String", 34, NULL },
- { "pkcs-9-localKeyId", 1073741831, NULL },
- { "pkcs-8-PrivateKeyInfo", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "privateKey", 1073741831, NULL },
- { "attributes", 536895490, "Attributes"},
- { NULL, 4104, "0"},
- { "pkcs-8-Attributes", 1610612751, NULL },
- { NULL, 2, "Attribute"},
- { "pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL },
- { "encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "encryptedData", 2, "pkcs-8-EncryptedData"},
- { "pkcs-8-EncryptedData", 1073741831, NULL },
- { "pkcs-5-des-EDE3-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "8"},
- { "pkcs-5-aes128-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "16"},
- { "pkcs-5-aes192-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "16"},
- { "pkcs-5-aes256-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "16"},
- { "pkcs-5-PBES2-params", 1610612741, NULL },
- { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"},
- { "encryptionScheme", 2, "AlgorithmIdentifier"},
- { "pkcs-5-PBKDF2-params", 1610612741, NULL },
- { "salt", 1610612754, NULL },
- { "specified", 1073741831, NULL },
- { "otherSource", 2, "AlgorithmIdentifier"},
- { "iterationCount", 1611137027, NULL },
- { "1", 10, "MAX"},
- { "keyLength", 1611153411, NULL },
- { "1", 10, "MAX"},
- { "prf", 16386, "AlgorithmIdentifier"},
- { "pkcs-12-PFX", 1610612741, NULL },
- { "version", 1610874883, NULL },
- { "v3", 1, "3"},
- { "authSafe", 1073741826, "pkcs-7-ContentInfo"},
- { "macData", 16386, "pkcs-12-MacData"},
- { "pkcs-12-PbeParams", 1610612741, NULL },
- { "salt", 1073741831, NULL },
- { "iterations", 3, NULL },
- { "pkcs-12-MacData", 1610612741, NULL },
- { "mac", 1073741826, "pkcs-7-DigestInfo"},
- { "macSalt", 1073741831, NULL },
- { "iterations", 536903683, NULL },
- { NULL, 9, "1"},
- { "pkcs-12-AuthenticatedSafe", 1610612747, NULL },
- { NULL, 2, "pkcs-7-ContentInfo"},
- { "pkcs-12-SafeContents", 1610612747, NULL },
- { NULL, 2, "pkcs-12-SafeBag"},
- { "pkcs-12-SafeBag", 1610612741, NULL },
- { "bagId", 1073741836, NULL },
- { "bagValue", 1614815245, NULL },
- { NULL, 1073743880, "0"},
- { "badId", 1, NULL },
- { "bagAttributes", 536887311, NULL },
- { NULL, 2, "Attribute"},
- { "pkcs-12-CertBag", 1610612741, NULL },
- { "certId", 1073741836, NULL },
- { "certValue", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "certId", 1, NULL },
- { "pkcs-12-CRLBag", 1610612741, NULL },
- { "crlId", 1073741836, NULL },
- { "crlValue", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "crlId", 1, NULL },
- { "pkcs-12-SecretBag", 1610612741, NULL },
- { "secretTypeId", 1073741836, NULL },
- { "secretValue", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "secretTypeId", 1, NULL },
- { "pkcs-7-Data", 1073741831, NULL },
- { "pkcs-7-EncryptedData", 1610612741, NULL },
- { "version", 1073741827, NULL },
- { "encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"},
- { "unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"},
- { NULL, 4104, "1"},
- { "pkcs-7-EncryptedContentInfo", 1610612741, NULL },
- { "contentType", 1073741826, "pkcs-7-ContentType"},
- { "contentEncryptionAlgorithm", 1073741826, "pkcs-7-ContentEncryptionAlgorithmIdentifier"},
- { "encryptedContent", 536895495, NULL },
- { NULL, 4104, "0"},
- { "pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
- { "pkcs-7-UnprotectedAttributes", 1612709903, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "Attribute"},
- { "ProxyCertInfo", 1610612741, NULL },
- { "pCPathLenConstraint", 1611153411, NULL },
- { "0", 10, "MAX"},
- { "proxyPolicy", 2, "ProxyPolicy"},
- { "ProxyPolicy", 1610612741, NULL },
- { "policyLanguage", 1073741836, NULL },
- { "policy", 16391, NULL },
- { "certificatePolicies", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "PolicyInformation"},
- { "PolicyInformation", 1610612741, NULL },
- { "policyIdentifier", 1073741836, NULL },
- { "policyQualifiers", 538984459, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "PolicyQualifierInfo"},
- { "PolicyQualifierInfo", 1610612741, NULL },
- { "policyQualifierId", 1073741836, NULL },
- { "qualifier", 541065229, NULL },
- { "policyQualifierId", 1, NULL },
- { "CPSuri", 1073741853, NULL },
- { "UserNotice", 1610612741, NULL },
- { "noticeRef", 1073758210, "NoticeReference"},
- { "explicitText", 16386, "DisplayText"},
- { "NoticeReference", 1610612741, NULL },
- { "organization", 1073741826, "DisplayText"},
- { "noticeNumbers", 536870923, NULL },
- { NULL, 3, NULL },
- { "DisplayText", 1610612754, NULL },
- { "ia5String", 1612709917, NULL },
- { "200", 524298, "1"},
- { "visibleString", 1612709923, NULL },
- { "200", 524298, "1"},
- { "bmpString", 1612709921, NULL },
- { "200", 524298, "1"},
- { "utf8String", 538968098, NULL },
- { "200", 524298, "1"},
- { "OCSPRequest", 1610612741, NULL },
- { "tbsRequest", 1073741826, "TBSRequest"},
- { "optionalSignature", 536895490, "Signature"},
- { NULL, 2056, "0"},
- { "TBSRequest", 1610612741, NULL },
- { "version", 1610653699, NULL },
- { NULL, 1073741833, "0"},
- { NULL, 2056, "0"},
- { "requestorName", 1610637314, "GeneralName"},
- { NULL, 2056, "1"},
- { "requestList", 1610612747, NULL },
- { NULL, 2, "Request"},
- { "requestExtensions", 536895490, "Extensions"},
- { NULL, 2056, "2"},
- { "Signature", 1610612741, NULL },
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 1073741830, NULL },
- { "certs", 536895499, NULL },
- { NULL, 1073743880, "0"},
- { NULL, 2, "Certificate"},
- { "Request", 1610612741, NULL },
- { "reqCert", 1073741826, "CertID"},
- { "singleRequestExtensions", 536895490, "Extensions"},
- { NULL, 2056, "0"},
- { "CertID", 1610612741, NULL },
- { "hashAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "issuerNameHash", 1073741831, NULL },
- { "issuerKeyHash", 1073741831, NULL },
- { "serialNumber", 2, "CertificateSerialNumber"},
- { "OCSPResponse", 1610612741, NULL },
- { "responseStatus", 1073741826, "OCSPResponseStatus"},
- { "responseBytes", 536895490, "ResponseBytes"},
- { NULL, 2056, "0"},
- { "OCSPResponseStatus", 1610874901, NULL },
- { "successful", 1073741825, "0"},
- { "malformedRequest", 1073741825, "1"},
- { "internalError", 1073741825, "2"},
- { "tryLater", 1073741825, "3"},
- { "sigRequired", 1073741825, "5"},
- { "unauthorized", 1, "6"},
- { "ResponseBytes", 1610612741, NULL },
- { "responseType", 1073741836, NULL },
- { "response", 7, NULL },
- { "BasicOCSPResponse", 1610612741, NULL },
- { "tbsResponseData", 1073741826, "ResponseData"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 1073741830, NULL },
- { "certs", 536895499, NULL },
- { NULL, 1073743880, "0"},
- { NULL, 2, "Certificate"},
- { "ResponseData", 1610612741, NULL },
- { "version", 1610653699, NULL },
- { NULL, 1073741833, "0"},
- { NULL, 2056, "0"},
- { "responderID", 1073741826, "ResponderID"},
- { "producedAt", 1073741861, NULL },
- { "responses", 1610612747, NULL },
- { NULL, 2, "SingleResponse"},
- { "responseExtensions", 536895490, "Extensions"},
- { NULL, 2056, "1"},
- { "ResponderID", 1610612754, NULL },
- { "byName", 1610620930, "RDNSequence"},
- { NULL, 2056, "1"},
- { "byKey", 536879111, NULL },
- { NULL, 4104, "2"},
- { "SingleResponse", 1610612741, NULL },
- { "certID", 1073741826, "CertID"},
- { "certStatus", 1073741826, "CertStatus"},
- { "thisUpdate", 1073741861, NULL },
- { "nextUpdate", 1610637349, NULL },
- { NULL, 2056, "0"},
- { "singleExtensions", 536895490, "Extensions"},
- { NULL, 2056, "1"},
- { "CertStatus", 1610612754, NULL },
- { "good", 1610620948, NULL },
- { NULL, 4104, "0"},
- { "revoked", 1610620930, "RevokedInfo"},
- { NULL, 4104, "1"},
- { "unknown", 536879106, "UnknownInfo"},
- { NULL, 4104, "2"},
- { "RevokedInfo", 1610612741, NULL },
- { "revocationTime", 1073741861, NULL },
- { "revocationReason", 536895490, "CRLReason"},
- { NULL, 2056, "0"},
- { "UnknownInfo", 1073741844, NULL },
- { "CRLReason", 537133077, NULL },
- { "unspecified", 1073741825, "0"},
- { "keyCompromise", 1073741825, "1"},
- { "cACompromise", 1073741825, "2"},
- { "affiliationChanged", 1073741825, "3"},
- { "superseded", 1073741825, "4"},
- { "cessationOfOperation", 1073741825, "5"},
- { "certificateHold", 1073741825, "6"},
- { "removeFromCRL", 1073741825, "8"},
- { "privilegeWithdrawn", 1073741825, "9"},
- { "aACompromise", 1, "10"},
- { NULL, 0, NULL }
+ {"PKIX1", 536875024, NULL},
+ {NULL, 1073741836, NULL},
+ {"id-pkix", 1879048204, NULL},
+ {"iso", 1073741825, "1"},
+ {"identified-organization", 1073741825, "3"},
+ {"dod", 1073741825, "6"},
+ {"internet", 1073741825, "1"},
+ {"security", 1073741825, "5"},
+ {"mechanisms", 1073741825, "5"},
+ {"pkix", 1, "7"},
+ {"PrivateKeyUsagePeriod", 1610612741, NULL},
+ {"notBefore", 1610637349, NULL},
+ {NULL, 4104, "0"},
+ {"notAfter", 536895525, NULL},
+ {NULL, 4104, "1"},
+ {"AuthorityKeyIdentifier", 1610612741, NULL},
+ {"keyIdentifier", 1610637314, "KeyIdentifier"},
+ {NULL, 4104, "0"},
+ {"authorityCertIssuer", 1610637314, "GeneralNames"},
+ {NULL, 4104, "1"},
+ {"authorityCertSerialNumber", 536895490,
+ "CertificateSerialNumber"},
+ {NULL, 4104, "2"},
+ {"KeyIdentifier", 1073741831, NULL},
+ {"SubjectKeyIdentifier", 1073741826, "KeyIdentifier"},
+ {"KeyUsage", 1073741830, NULL},
+ {"DirectoryString", 1610612754, NULL},
+ {"teletexString", 1612709918, NULL},
+ {"MAX", 524298, "1"},
+ {"printableString", 1612709919, NULL},
+ {"MAX", 524298, "1"},
+ {"universalString", 1612709920, NULL},
+ {"MAX", 524298, "1"},
+ {"utf8String", 1612709922, NULL},
+ {"MAX", 524298, "1"},
+ {"bmpString", 1612709921, NULL},
+ {"MAX", 524298, "1"},
+ {"ia5String", 538968093, NULL},
+ {"MAX", 524298, "1"},
+ {"SubjectAltName", 1073741826, "GeneralNames"},
+ {"GeneralNames", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "GeneralName"},
+ {"GeneralName", 1610612754, NULL},
+ {"otherName", 1610620930, "AnotherName"},
+ {NULL, 4104, "0"},
+ {"rfc822Name", 1610620957, NULL},
+ {NULL, 4104, "1"},
+ {"dNSName", 1610620957, NULL},
+ {NULL, 4104, "2"},
+ {"x400Address", 1610620941, NULL},
+ {NULL, 4104, "3"},
+ {"directoryName", 1610620930, "RDNSequence"},
+ {NULL, 2056, "4"},
+ {"ediPartyName", 1610620941, NULL},
+ {NULL, 4104, "5"},
+ {"uniformResourceIdentifier", 1610620957, NULL},
+ {NULL, 4104, "6"},
+ {"iPAddress", 1610620935, NULL},
+ {NULL, 4104, "7"},
+ {"registeredID", 536879116, NULL},
+ {NULL, 4104, "8"},
+ {"AnotherName", 1610612741, NULL},
+ {"type-id", 1073741836, NULL},
+ {"value", 541073421, NULL},
+ {NULL, 1073743880, "0"},
+ {"type-id", 1, NULL},
+ {"IssuerAltName", 1073741826, "GeneralNames"},
+ {"BasicConstraints", 1610612741, NULL},
+ {"cA", 1610645508, NULL},
+ {NULL, 131081, NULL},
+ {"pathLenConstraint", 537411587, NULL},
+ {"0", 10, "MAX"},
+ {"CRLDistributionPoints", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "DistributionPoint"},
+ {"DistributionPoint", 1610612741, NULL},
+ {"distributionPoint", 1610637314, "DistributionPointName"},
+ {NULL, 2056, "0"},
+ {"reasons", 1610637314, "ReasonFlags"},
+ {NULL, 4104, "1"},
+ {"cRLIssuer", 536895490, "GeneralNames"},
+ {NULL, 4104, "2"},
+ {"DistributionPointName", 1610612754, NULL},
+ {"fullName", 1610620930, "GeneralNames"},
+ {NULL, 4104, "0"},
+ {"nameRelativeToCRLIssuer", 536879106,
+ "RelativeDistinguishedName"},
+ {NULL, 4104, "1"},
+ {"ReasonFlags", 1073741830, NULL},
+ {"ExtKeyUsageSyntax", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "KeyPurposeId"},
+ {"KeyPurposeId", 1073741836, NULL},
+ {"AuthorityInfoAccessSyntax", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "AccessDescription"},
+ {"AccessDescription", 1610612741, NULL},
+ {"accessMethod", 1073741836, NULL},
+ {"accessLocation", 2, "GeneralName"},
+ {"Attribute", 1610612741, NULL},
+ {"type", 1073741826, "AttributeType"},
+ {"values", 536870927, NULL},
+ {NULL, 2, "AttributeValue"},
+ {"AttributeType", 1073741836, NULL},
+ {"AttributeValue", 1614807053, NULL},
+ {"type", 1, NULL},
+ {"AttributeTypeAndValue", 1610612741, NULL},
+ {"type", 1073741826, "AttributeType"},
+ {"value", 2, "AttributeValue"},
+ {"id-at", 1879048204, NULL},
+ {"joint-iso-ccitt", 1073741825, "2"},
+ {"ds", 1073741825, "5"},
+ {NULL, 1, "4"},
+ {"emailAddress", 1880096780, "AttributeType"},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"rsadsi", 1073741825, "113549"},
+ {"pkcs", 1073741825, "1"},
+ {NULL, 1073741825, "9"},
+ {NULL, 1, "1"},
+ {"Name", 1610612754, NULL},
+ {"rdnSequence", 2, "RDNSequence"},
+ {"RDNSequence", 1610612747, NULL},
+ {NULL, 2, "RelativeDistinguishedName"},
+ {"DistinguishedName", 1073741826, "RDNSequence"},
+ {"RelativeDistinguishedName", 1612709903, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "AttributeTypeAndValue"},
+ {"Certificate", 1610612741, NULL},
+ {"tbsCertificate", 1073741826, "TBSCertificate"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 6, NULL},
+ {"TBSCertificate", 1610612741, NULL},
+ {"version", 1610653699, NULL},
+ {NULL, 1073741833, "0"},
+ {NULL, 2056, "0"},
+ {"serialNumber", 1073741826, "CertificateSerialNumber"},
+ {"signature", 1073741826, "AlgorithmIdentifier"},
+ {"issuer", 1073741826, "Name"},
+ {"validity", 1073741826, "Validity"},
+ {"subject", 1073741826, "Name"},
+ {"subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"},
+ {"issuerUniqueID", 1610637314, "UniqueIdentifier"},
+ {NULL, 4104, "1"},
+ {"subjectUniqueID", 1610637314, "UniqueIdentifier"},
+ {NULL, 4104, "2"},
+ {"extensions", 536895490, "Extensions"},
+ {NULL, 2056, "3"},
+ {"CertificateSerialNumber", 1073741827, NULL},
+ {"Validity", 1610612741, NULL},
+ {"notBefore", 1073741826, "Time"},
+ {"notAfter", 2, "Time"},
+ {"Time", 1610612754, NULL},
+ {"utcTime", 1073741860, NULL},
+ {"generalTime", 37, NULL},
+ {"UniqueIdentifier", 1073741830, NULL},
+ {"SubjectPublicKeyInfo", 1610612741, NULL},
+ {"algorithm", 1073741826, "AlgorithmIdentifier"},
+ {"subjectPublicKey", 6, NULL},
+ {"Extensions", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "Extension"},
+ {"Extension", 1610612741, NULL},
+ {"extnID", 1073741836, NULL},
+ {"critical", 1610645508, NULL},
+ {NULL, 131081, NULL},
+ {"extnValue", 7, NULL},
+ {"CertificateList", 1610612741, NULL},
+ {"tbsCertList", 1073741826, "TBSCertList"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 6, NULL},
+ {"TBSCertList", 1610612741, NULL},
+ {"version", 1073758211, NULL},
+ {"signature", 1073741826, "AlgorithmIdentifier"},
+ {"issuer", 1073741826, "Name"},
+ {"thisUpdate", 1073741826, "Time"},
+ {"nextUpdate", 1073758210, "Time"},
+ {"revokedCertificates", 1610629131, NULL},
+ {NULL, 536870917, NULL},
+ {"userCertificate", 1073741826, "CertificateSerialNumber"},
+ {"revocationDate", 1073741826, "Time"},
+ {"crlEntryExtensions", 16386, "Extensions"},
+ {"crlExtensions", 536895490, "Extensions"},
+ {NULL, 2056, "0"},
+ {"AlgorithmIdentifier", 1610612741, NULL},
+ {"algorithm", 1073741836, NULL},
+ {"parameters", 541081613, NULL},
+ {"algorithm", 1, NULL},
+ {"Dss-Sig-Value", 1610612741, NULL},
+ {"r", 1073741827, NULL},
+ {"s", 3, NULL},
+ {"DomainParameters", 1610612741, NULL},
+ {"p", 1073741827, NULL},
+ {"g", 1073741827, NULL},
+ {"q", 1073741827, NULL},
+ {"j", 1073758211, NULL},
+ {"validationParms", 16386, "ValidationParms"},
+ {"ValidationParms", 1610612741, NULL},
+ {"seed", 1073741830, NULL},
+ {"pgenCounter", 3, NULL},
+ {"Dss-Parms", 1610612741, NULL},
+ {"p", 1073741827, NULL},
+ {"q", 1073741827, NULL},
+ {"g", 3, NULL},
+ {"CountryName", 1610620946, NULL},
+ {NULL, 1073746952, "1"},
+ {"x121-dcc-code", 1612709916, NULL},
+ {NULL, 1048586, "ub-country-name-numeric-length"},
+ {"iso-3166-alpha2-code", 538968095, NULL},
+ {NULL, 1048586, "ub-country-name-alpha-length"},
+ {"OrganizationName", 1612709919, NULL},
+ {"ub-organization-name-length", 524298, "1"},
+ {"NumericUserIdentifier", 1612709916, NULL},
+ {"ub-numeric-user-id-length", 524298, "1"},
+ {"OrganizationalUnitNames", 1612709899, NULL},
+ {"ub-organizational-units", 1074266122, "1"},
+ {NULL, 2, "OrganizationalUnitName"},
+ {"OrganizationalUnitName", 1612709919, NULL},
+ {"ub-organizational-unit-name-length", 524298, "1"},
+ {"CommonName", 1073741855, NULL},
+ {"pkcs-7-ContentInfo", 1610612741, NULL},
+ {"contentType", 1073741826, "pkcs-7-ContentType"},
+ {"content", 541073421, NULL},
+ {NULL, 1073743880, "0"},
+ {"contentType", 1, NULL},
+ {"pkcs-7-DigestInfo", 1610612741, NULL},
+ {"digestAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"digest", 7, NULL},
+ {"pkcs-7-ContentType", 1073741836, NULL},
+ {"pkcs-7-SignedData", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"digestAlgorithms", 1073741826,
+ "pkcs-7-DigestAlgorithmIdentifiers"},
+ {"encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"},
+ {"certificates", 1610637314, "pkcs-7-CertificateSet"},
+ {NULL, 4104, "0"},
+ {"crls", 1610637314, "pkcs-7-CertificateRevocationLists"},
+ {NULL, 4104, "1"},
+ {"signerInfos", 2, "pkcs-7-SignerInfos"},
+ {"pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL},
+ {NULL, 2, "AlgorithmIdentifier"},
+ {"pkcs-7-EncapsulatedContentInfo", 1610612741, NULL},
+ {"eContentType", 1073741826, "pkcs-7-ContentType"},
+ {"eContent", 536895495, NULL},
+ {NULL, 2056, "0"},
+ {"pkcs-7-CertificateRevocationLists", 1610612751, NULL},
+ {NULL, 13, NULL},
+ {"pkcs-7-CertificateChoices", 1610612754, NULL},
+ {"certificate", 13, NULL},
+ {"pkcs-7-CertificateSet", 1610612751, NULL},
+ {NULL, 2, "pkcs-7-CertificateChoices"},
+ {"pkcs-7-SignerInfos", 1610612751, NULL},
+ {NULL, 13, NULL},
+ {"pkcs-10-CertificationRequestInfo", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"subject", 1073741826, "Name"},
+ {"subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"},
+ {"attributes", 536879106, "Attributes"},
+ {NULL, 4104, "0"},
+ {"Attributes", 1610612751, NULL},
+ {NULL, 2, "Attribute"},
+ {"pkcs-10-CertificationRequest", 1610612741, NULL},
+ {"certificationRequestInfo", 1073741826,
+ "pkcs-10-CertificationRequestInfo"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 6, NULL},
+ {"pkcs-9-at-challengePassword", 1879048204, NULL},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"rsadsi", 1073741825, "113549"},
+ {"pkcs", 1073741825, "1"},
+ {NULL, 1073741825, "9"},
+ {NULL, 1, "7"},
+ {"pkcs-9-challengePassword", 1610612754, NULL},
+ {"printableString", 1073741855, NULL},
+ {"utf8String", 34, NULL},
+ {"pkcs-9-localKeyId", 1073741831, NULL},
+ {"pkcs-8-PrivateKeyInfo", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"privateKey", 1073741831, NULL},
+ {"attributes", 536895490, "Attributes"},
+ {NULL, 4104, "0"},
+ {"pkcs-8-Attributes", 1610612751, NULL},
+ {NULL, 2, "Attribute"},
+ {"pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL},
+ {"encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"encryptedData", 2, "pkcs-8-EncryptedData"},
+ {"pkcs-8-EncryptedData", 1073741831, NULL},
+ {"pkcs-5-des-EDE3-CBC-params", 1612709895, NULL},
+ {NULL, 1048586, "8"},
+ {"pkcs-5-aes128-CBC-params", 1612709895, NULL},
+ {NULL, 1048586, "16"},
+ {"pkcs-5-aes192-CBC-params", 1612709895, NULL},
+ {NULL, 1048586, "16"},
+ {"pkcs-5-aes256-CBC-params", 1612709895, NULL},
+ {NULL, 1048586, "16"},
+ {"pkcs-5-PBES2-params", 1610612741, NULL},
+ {"keyDerivationFunc", 1073741826, "AlgorithmIdentifier"},
+ {"encryptionScheme", 2, "AlgorithmIdentifier"},
+ {"pkcs-5-PBKDF2-params", 1610612741, NULL},
+ {"salt", 1610612754, NULL},
+ {"specified", 1073741831, NULL},
+ {"otherSource", 2, "AlgorithmIdentifier"},
+ {"iterationCount", 1611137027, NULL},
+ {"1", 10, "MAX"},
+ {"keyLength", 1611153411, NULL},
+ {"1", 10, "MAX"},
+ {"prf", 16386, "AlgorithmIdentifier"},
+ {"pkcs-12-PFX", 1610612741, NULL},
+ {"version", 1610874883, NULL},
+ {"v3", 1, "3"},
+ {"authSafe", 1073741826, "pkcs-7-ContentInfo"},
+ {"macData", 16386, "pkcs-12-MacData"},
+ {"pkcs-12-PbeParams", 1610612741, NULL},
+ {"salt", 1073741831, NULL},
+ {"iterations", 3, NULL},
+ {"pkcs-12-MacData", 1610612741, NULL},
+ {"mac", 1073741826, "pkcs-7-DigestInfo"},
+ {"macSalt", 1073741831, NULL},
+ {"iterations", 536903683, NULL},
+ {NULL, 9, "1"},
+ {"pkcs-12-AuthenticatedSafe", 1610612747, NULL},
+ {NULL, 2, "pkcs-7-ContentInfo"},
+ {"pkcs-12-SafeContents", 1610612747, NULL},
+ {NULL, 2, "pkcs-12-SafeBag"},
+ {"pkcs-12-SafeBag", 1610612741, NULL},
+ {"bagId", 1073741836, NULL},
+ {"bagValue", 1614815245, NULL},
+ {NULL, 1073743880, "0"},
+ {"badId", 1, NULL},
+ {"bagAttributes", 536887311, NULL},
+ {NULL, 2, "Attribute"},
+ {"pkcs-12-CertBag", 1610612741, NULL},
+ {"certId", 1073741836, NULL},
+ {"certValue", 541073421, NULL},
+ {NULL, 1073743880, "0"},
+ {"certId", 1, NULL},
+ {"pkcs-12-CRLBag", 1610612741, NULL},
+ {"crlId", 1073741836, NULL},
+ {"crlValue", 541073421, NULL},
+ {NULL, 1073743880, "0"},
+ {"crlId", 1, NULL},
+ {"pkcs-12-SecretBag", 1610612741, NULL},
+ {"secretTypeId", 1073741836, NULL},
+ {"secretValue", 541073421, NULL},
+ {NULL, 1073743880, "0"},
+ {"secretTypeId", 1, NULL},
+ {"pkcs-7-Data", 1073741831, NULL},
+ {"pkcs-7-EncryptedData", 1610612741, NULL},
+ {"version", 1073741827, NULL},
+ {"encryptedContentInfo", 1073741826,
+ "pkcs-7-EncryptedContentInfo"},
+ {"unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"},
+ {NULL, 4104, "1"},
+ {"pkcs-7-EncryptedContentInfo", 1610612741, NULL},
+ {"contentType", 1073741826, "pkcs-7-ContentType"},
+ {"contentEncryptionAlgorithm", 1073741826,
+ "pkcs-7-ContentEncryptionAlgorithmIdentifier"},
+ {"encryptedContent", 536895495, NULL},
+ {NULL, 4104, "0"},
+ {"pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826,
+ "AlgorithmIdentifier"},
+ {"pkcs-7-UnprotectedAttributes", 1612709903, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "Attribute"},
+ {"ProxyCertInfo", 1610612741, NULL},
+ {"pCPathLenConstraint", 1611153411, NULL},
+ {"0", 10, "MAX"},
+ {"proxyPolicy", 2, "ProxyPolicy"},
+ {"ProxyPolicy", 1610612741, NULL},
+ {"policyLanguage", 1073741836, NULL},
+ {"policy", 16391, NULL},
+ {"certificatePolicies", 1612709899, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "PolicyInformation"},
+ {"PolicyInformation", 1610612741, NULL},
+ {"policyIdentifier", 1073741836, NULL},
+ {"policyQualifiers", 538984459, NULL},
+ {"MAX", 1074266122, "1"},
+ {NULL, 2, "PolicyQualifierInfo"},
+ {"PolicyQualifierInfo", 1610612741, NULL},
+ {"policyQualifierId", 1073741836, NULL},
+ {"qualifier", 541065229, NULL},
+ {"policyQualifierId", 1, NULL},
+ {"CPSuri", 1073741853, NULL},
+ {"UserNotice", 1610612741, NULL},
+ {"noticeRef", 1073758210, "NoticeReference"},
+ {"explicitText", 16386, "DisplayText"},
+ {"NoticeReference", 1610612741, NULL},
+ {"organization", 1073741826, "DisplayText"},
+ {"noticeNumbers", 536870923, NULL},
+ {NULL, 3, NULL},
+ {"DisplayText", 1610612754, NULL},
+ {"ia5String", 1612709917, NULL},
+ {"200", 524298, "1"},
+ {"visibleString", 1612709923, NULL},
+ {"200", 524298, "1"},
+ {"bmpString", 1612709921, NULL},
+ {"200", 524298, "1"},
+ {"utf8String", 538968098, NULL},
+ {"200", 524298, "1"},
+ {"OCSPRequest", 1610612741, NULL},
+ {"tbsRequest", 1073741826, "TBSRequest"},
+ {"optionalSignature", 536895490, "Signature"},
+ {NULL, 2056, "0"},
+ {"TBSRequest", 1610612741, NULL},
+ {"version", 1610653699, NULL},
+ {NULL, 1073741833, "0"},
+ {NULL, 2056, "0"},
+ {"requestorName", 1610637314, "GeneralName"},
+ {NULL, 2056, "1"},
+ {"requestList", 1610612747, NULL},
+ {NULL, 2, "Request"},
+ {"requestExtensions", 536895490, "Extensions"},
+ {NULL, 2056, "2"},
+ {"Signature", 1610612741, NULL},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 1073741830, NULL},
+ {"certs", 536895499, NULL},
+ {NULL, 1073743880, "0"},
+ {NULL, 2, "Certificate"},
+ {"Request", 1610612741, NULL},
+ {"reqCert", 1073741826, "CertID"},
+ {"singleRequestExtensions", 536895490, "Extensions"},
+ {NULL, 2056, "0"},
+ {"CertID", 1610612741, NULL},
+ {"hashAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"issuerNameHash", 1073741831, NULL},
+ {"issuerKeyHash", 1073741831, NULL},
+ {"serialNumber", 2, "CertificateSerialNumber"},
+ {"OCSPResponse", 1610612741, NULL},
+ {"responseStatus", 1073741826, "OCSPResponseStatus"},
+ {"responseBytes", 536895490, "ResponseBytes"},
+ {NULL, 2056, "0"},
+ {"OCSPResponseStatus", 1610874901, NULL},
+ {"successful", 1073741825, "0"},
+ {"malformedRequest", 1073741825, "1"},
+ {"internalError", 1073741825, "2"},
+ {"tryLater", 1073741825, "3"},
+ {"sigRequired", 1073741825, "5"},
+ {"unauthorized", 1, "6"},
+ {"ResponseBytes", 1610612741, NULL},
+ {"responseType", 1073741836, NULL},
+ {"response", 7, NULL},
+ {"BasicOCSPResponse", 1610612741, NULL},
+ {"tbsResponseData", 1073741826, "ResponseData"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 1073741830, NULL},
+ {"certs", 536895499, NULL},
+ {NULL, 1073743880, "0"},
+ {NULL, 2, "Certificate"},
+ {"ResponseData", 1610612741, NULL},
+ {"version", 1610653699, NULL},
+ {NULL, 1073741833, "0"},
+ {NULL, 2056, "0"},
+ {"responderID", 1073741826, "ResponderID"},
+ {"producedAt", 1073741861, NULL},
+ {"responses", 1610612747, NULL},
+ {NULL, 2, "SingleResponse"},
+ {"responseExtensions", 536895490, "Extensions"},
+ {NULL, 2056, "1"},
+ {"ResponderID", 1610612754, NULL},
+ {"byName", 1610620930, "RDNSequence"},
+ {NULL, 2056, "1"},
+ {"byKey", 536879111, NULL},
+ {NULL, 4104, "2"},
+ {"SingleResponse", 1610612741, NULL},
+ {"certID", 1073741826, "CertID"},
+ {"certStatus", 1073741826, "CertStatus"},
+ {"thisUpdate", 1073741861, NULL},
+ {"nextUpdate", 1610637349, NULL},
+ {NULL, 2056, "0"},
+ {"singleExtensions", 536895490, "Extensions"},
+ {NULL, 2056, "1"},
+ {"CertStatus", 1610612754, NULL},
+ {"good", 1610620948, NULL},
+ {NULL, 4104, "0"},
+ {"revoked", 1610620930, "RevokedInfo"},
+ {NULL, 4104, "1"},
+ {"unknown", 536879106, "UnknownInfo"},
+ {NULL, 4104, "2"},
+ {"RevokedInfo", 1610612741, NULL},
+ {"revocationTime", 1073741861, NULL},
+ {"revocationReason", 536895490, "CRLReason"},
+ {NULL, 2056, "0"},
+ {"UnknownInfo", 1073741844, NULL},
+ {"CRLReason", 537133077, NULL},
+ {"unspecified", 1073741825, "0"},
+ {"keyCompromise", 1073741825, "1"},
+ {"cACompromise", 1073741825, "2"},
+ {"affiliationChanged", 1073741825, "3"},
+ {"superseded", 1073741825, "4"},
+ {"cessationOfOperation", 1073741825, "5"},
+ {"certificateHold", 1073741825, "6"},
+ {"removeFromCRL", 1073741825, "8"},
+ {"privilegeWithdrawn", 1073741825, "9"},
+ {"aACompromise", 1, "10"},
+ {NULL, 0, NULL}
};
diff --git a/lib/random.c b/lib/random.c
index ebfa21dc04..62fa785232 100644
--- a/lib/random.c
+++ b/lib/random.c
@@ -29,30 +29,25 @@
void *gnutls_rnd_ctx;
-int
-_gnutls_rnd_init (void)
+int _gnutls_rnd_init(void)
{
- if (_gnutls_rnd_ops.init != NULL)
- {
- if (_gnutls_rnd_ops.init (&gnutls_rnd_ctx) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RANDOM_FAILED;
- }
- }
+ if (_gnutls_rnd_ops.init != NULL) {
+ if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
+ }
+ }
- return 0;
+ return 0;
}
-void
-_gnutls_rnd_deinit (void)
+void _gnutls_rnd_deinit(void)
{
- if (_gnutls_rnd_ops.deinit != NULL)
- {
- _gnutls_rnd_ops.deinit (gnutls_rnd_ctx);
- }
+ if (_gnutls_rnd_ops.deinit != NULL) {
+ _gnutls_rnd_ops.deinit(gnutls_rnd_ctx);
+ }
- return;
+ return;
}
/**
@@ -68,10 +63,9 @@ _gnutls_rnd_deinit (void)
*
* Since: 2.12.0
**/
-int
-gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len)
+int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
{
- return _gnutls_rnd(level, data, len);
+ return _gnutls_rnd(level, data, len);
}
/**
@@ -85,8 +79,7 @@ gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len)
*
* Since: 3.1.7
**/
-void
-gnutls_rnd_refresh ()
+void gnutls_rnd_refresh()
{
- _gnutls_rnd_refresh();
+ _gnutls_rnd_refresh();
}
diff --git a/lib/random.h b/lib/random.h
index 5c0ea23555..0aa154527b 100644
--- a/lib/random.h
+++ b/lib/random.h
@@ -27,26 +27,25 @@
#include <crypto-backend.h>
extern int crypto_rnd_prio;
-extern void* gnutls_rnd_ctx;
+extern void *gnutls_rnd_ctx;
extern gnutls_crypto_rnd_st _gnutls_rnd_ops;
inline static int
-_gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len)
+_gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
{
- if (len > 0)
- {
- return _gnutls_rnd_ops.rnd (gnutls_rnd_ctx, level, data, len);
- }
- return 0;
+ if (len > 0) {
+ return _gnutls_rnd_ops.rnd(gnutls_rnd_ctx, level, data,
+ len);
+ }
+ return 0;
}
-inline static void
-_gnutls_rnd_refresh (void)
+inline static void _gnutls_rnd_refresh(void)
{
- _gnutls_rnd_ops.rnd_refresh (gnutls_rnd_ctx);
+ _gnutls_rnd_ops.rnd_refresh(gnutls_rnd_ctx);
}
-void _gnutls_rnd_deinit (void);
-int _gnutls_rnd_init (void);
+void _gnutls_rnd_deinit(void);
+int _gnutls_rnd_init(void);
#endif
diff --git a/lib/system.c b/lib/system.c
index 6dc604e404..ad91b24cf0 100644
--- a/lib/system.c
+++ b/lib/system.c
@@ -32,23 +32,26 @@
#define GNUTLS_PATH_MAX 1024
#ifdef _WIN32
-# include <windows.h>
-# include <wincrypt.h>
-# if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
-typedef PCCRL_CONTEXT WINAPI (*Type_CertEnumCRLsInStore) (HCERTSTORE hCertStore, PCCRL_CONTEXT pPrevCrlContext);
+#include <windows.h>
+#include <wincrypt.h>
+#if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
+typedef PCCRL_CONTEXT WINAPI(*Type_CertEnumCRLsInStore) (HCERTSTORE
+ hCertStore,
+ PCCRL_CONTEXT
+ pPrevCrlContext);
static Type_CertEnumCRLsInStore Loaded_CertEnumCRLsInStore;
static HMODULE Crypt32_dll;
-# else
-# define Loaded_CertEnumCRLsInStore CertEnumCRLsInStore
-# endif
#else
-# ifdef HAVE_PTHREAD_LOCKS
-# include <pthread.h>
-# endif
+#define Loaded_CertEnumCRLsInStore CertEnumCRLsInStore
+#endif
+#else
+#ifdef HAVE_PTHREAD_LOCKS
+#include <pthread.h>
+#endif
-# if defined(HAVE_GETPWUID_R)
-# include <pwd.h>
-# endif
+#if defined(HAVE_GETPWUID_R)
+#include <pwd.h>
+#endif
#endif
/* We need to disable gnulib's replacement wrappers to get native
@@ -61,64 +64,62 @@ static HMODULE Crypt32_dll;
*/
#ifdef _WIN32
-int
-system_errno (gnutls_transport_ptr p)
+int system_errno(gnutls_transport_ptr p)
{
- int tmperr = WSAGetLastError ();
- int ret = 0;
- switch (tmperr)
- {
- case WSAEWOULDBLOCK:
- ret = EAGAIN;
- break;
- case NO_ERROR:
- ret = 0;
- break;
- case WSAEINTR:
- ret = EINTR;
- break;
- case WSAEMSGSIZE:
- ret = EMSGSIZE;
- break;
- default:
- ret = EIO;
- break;
- }
- WSASetLastError (tmperr);
-
- return ret;
+ int tmperr = WSAGetLastError();
+ int ret = 0;
+ switch (tmperr) {
+ case WSAEWOULDBLOCK:
+ ret = EAGAIN;
+ break;
+ case NO_ERROR:
+ ret = 0;
+ break;
+ case WSAEINTR:
+ ret = EINTR;
+ break;
+ case WSAEMSGSIZE:
+ ret = EMSGSIZE;
+ break;
+ default:
+ ret = EIO;
+ break;
+ }
+ WSASetLastError(tmperr);
+
+ return ret;
}
ssize_t
-system_write (gnutls_transport_ptr ptr, const void *data, size_t data_size)
+system_write(gnutls_transport_ptr ptr, const void *data, size_t data_size)
{
- return send (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
+ return send(GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0);
}
-#else /* POSIX */
-int
-system_errno (gnutls_transport_ptr_t ptr)
+#else /* POSIX */
+int system_errno(gnutls_transport_ptr_t ptr)
{
#if defined(_AIX) || defined(AIX)
- if (errno == 0) errno = EAGAIN;
+ if (errno == 0)
+ errno = EAGAIN;
#endif
- return errno;
+ return errno;
}
ssize_t
-system_writev (gnutls_transport_ptr_t ptr, const giovec_t * iovec,
- int iovec_cnt)
+system_writev(gnutls_transport_ptr_t ptr, const giovec_t * iovec,
+ int iovec_cnt)
{
- return writev (GNUTLS_POINTER_TO_INT (ptr), (struct iovec *) iovec,
- iovec_cnt);
+ return writev(GNUTLS_POINTER_TO_INT(ptr), (struct iovec *) iovec,
+ iovec_cnt);
}
#endif
ssize_t
-system_read (gnutls_transport_ptr_t ptr, void *data, size_t data_size)
+system_read(gnutls_transport_ptr_t ptr, void *data, size_t data_size)
{
- return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
+ return recv(GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0);
}
/* Wait for data to be received within a timeout period in milliseconds.
@@ -129,158 +130,142 @@ system_read (gnutls_transport_ptr_t ptr, void *data, size_t data_size)
*/
int system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)
{
-fd_set rfds;
-struct timeval tv;
-int ret;
-int fd = GNUTLS_POINTER_TO_INT(ptr);
-
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
-
- tv.tv_sec = 0;
- tv.tv_usec = ms * 1000;
-
- while(tv.tv_usec >= 1000000)
- {
- tv.tv_usec -= 1000000;
- tv.tv_sec++;
- }
-
- ret = select(fd+1, &rfds, NULL, NULL, &tv);
- if (ret <= 0)
- return ret;
-
- return ret;
+ fd_set rfds;
+ struct timeval tv;
+ int ret;
+ int fd = GNUTLS_POINTER_TO_INT(ptr);
+
+ FD_ZERO(&rfds);
+ FD_SET(fd, &rfds);
+
+ tv.tv_sec = 0;
+ tv.tv_usec = ms * 1000;
+
+ while (tv.tv_usec >= 1000000) {
+ tv.tv_usec -= 1000000;
+ tv.tv_sec++;
+ }
+
+ ret = select(fd + 1, &rfds, NULL, NULL, &tv);
+ if (ret <= 0)
+ return ret;
+
+ return ret;
}
/* Thread stuff */
#ifdef HAVE_WIN32_LOCKS
-static int
-gnutls_system_mutex_init (void **priv)
+static int gnutls_system_mutex_init(void **priv)
{
- CRITICAL_SECTION *lock = malloc (sizeof (CRITICAL_SECTION));
+ CRITICAL_SECTION *lock = malloc(sizeof(CRITICAL_SECTION));
- if (lock == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (lock == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- InitializeCriticalSection (lock);
+ InitializeCriticalSection(lock);
- *priv = lock;
+ *priv = lock;
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_deinit (void **priv)
+static int gnutls_system_mutex_deinit(void **priv)
{
- DeleteCriticalSection ((CRITICAL_SECTION *) * priv);
- free (*priv);
+ DeleteCriticalSection((CRITICAL_SECTION *) * priv);
+ free(*priv);
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_lock (void **priv)
+static int gnutls_system_mutex_lock(void **priv)
{
- EnterCriticalSection ((CRITICAL_SECTION *) * priv);
- return 0;
+ EnterCriticalSection((CRITICAL_SECTION *) * priv);
+ return 0;
}
-static int
-gnutls_system_mutex_unlock (void **priv)
+static int gnutls_system_mutex_unlock(void **priv)
{
- LeaveCriticalSection ((CRITICAL_SECTION *) * priv);
- return 0;
+ LeaveCriticalSection((CRITICAL_SECTION *) * priv);
+ return 0;
}
-#endif /* WIN32_LOCKS */
+#endif /* WIN32_LOCKS */
#ifdef HAVE_PTHREAD_LOCKS
-static int
-gnutls_system_mutex_init (void **priv)
+static int gnutls_system_mutex_init(void **priv)
{
- pthread_mutex_t *lock = malloc (sizeof (pthread_mutex_t));
- int ret;
+ pthread_mutex_t *lock = malloc(sizeof(pthread_mutex_t));
+ int ret;
- if (lock == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (lock == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- ret = pthread_mutex_init (lock, NULL);
- if (ret)
- {
- free (lock);
- gnutls_assert ();
- return GNUTLS_E_LOCKING_ERROR;
- }
+ ret = pthread_mutex_init(lock, NULL);
+ if (ret) {
+ free(lock);
+ gnutls_assert();
+ return GNUTLS_E_LOCKING_ERROR;
+ }
- *priv = lock;
+ *priv = lock;
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_deinit (void **priv)
+static int gnutls_system_mutex_deinit(void **priv)
{
- pthread_mutex_destroy ((pthread_mutex_t *) * priv);
- free (*priv);
- return 0;
+ pthread_mutex_destroy((pthread_mutex_t *) * priv);
+ free(*priv);
+ return 0;
}
-static int
-gnutls_system_mutex_lock (void **priv)
+static int gnutls_system_mutex_lock(void **priv)
{
- if (pthread_mutex_lock ((pthread_mutex_t *) * priv))
- {
- gnutls_assert ();
- return GNUTLS_E_LOCKING_ERROR;
- }
+ if (pthread_mutex_lock((pthread_mutex_t *) * priv)) {
+ gnutls_assert();
+ return GNUTLS_E_LOCKING_ERROR;
+ }
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_unlock (void **priv)
+static int gnutls_system_mutex_unlock(void **priv)
{
- if (pthread_mutex_unlock ((pthread_mutex_t *) * priv))
- {
- gnutls_assert ();
- return GNUTLS_E_LOCKING_ERROR;
- }
+ if (pthread_mutex_unlock((pthread_mutex_t *) * priv)) {
+ gnutls_assert();
+ return GNUTLS_E_LOCKING_ERROR;
+ }
- return 0;
+ return 0;
}
-#endif /* PTHREAD_LOCKS */
+#endif /* PTHREAD_LOCKS */
#ifdef HAVE_NO_LOCKS
-static int
-gnutls_system_mutex_init (void **priv)
+static int gnutls_system_mutex_init(void **priv)
{
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_deinit (void **priv)
+static int gnutls_system_mutex_deinit(void **priv)
{
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_lock (void **priv)
+static int gnutls_system_mutex_lock(void **priv)
{
- return 0;
+ return 0;
}
-static int
-gnutls_system_mutex_unlock (void **priv)
+static int gnutls_system_mutex_unlock(void **priv)
{
- return 0;
+ return 0;
}
-#endif /* NO_LOCKS */
+#endif /* NO_LOCKS */
gnutls_time_func gnutls_time = time;
mutex_init_func gnutls_mutex_init = gnutls_system_mutex_init;
@@ -288,37 +273,36 @@ mutex_deinit_func gnutls_mutex_deinit = gnutls_system_mutex_deinit;
mutex_lock_func gnutls_mutex_lock = gnutls_system_mutex_lock;
mutex_unlock_func gnutls_mutex_unlock = gnutls_system_mutex_unlock;
-int
-gnutls_system_global_init ()
+int gnutls_system_global_init()
{
#ifdef _WIN32
-# if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
- HMODULE crypto;
- crypto = LoadLibraryA ("Crypt32.dll");
-
- if (crypto == NULL)
- return GNUTLS_E_CRYPTO_INIT_FAILED;
-
- Loaded_CertEnumCRLsInStore = (Type_CertEnumCRLsInStore) GetProcAddress (crypto, "CertEnumCRLsInStore");
- if (Loaded_CertEnumCRLsInStore == NULL)
- {
- FreeLibrary (crypto);
- return GNUTLS_E_CRYPTO_INIT_FAILED;
- }
-
- Crypt32_dll = crypto;
-# endif
+#if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
+ HMODULE crypto;
+ crypto = LoadLibraryA("Crypt32.dll");
+
+ if (crypto == NULL)
+ return GNUTLS_E_CRYPTO_INIT_FAILED;
+
+ Loaded_CertEnumCRLsInStore =
+ (Type_CertEnumCRLsInStore) GetProcAddress(crypto,
+ "CertEnumCRLsInStore");
+ if (Loaded_CertEnumCRLsInStore == NULL) {
+ FreeLibrary(crypto);
+ return GNUTLS_E_CRYPTO_INIT_FAILED;
+ }
+
+ Crypt32_dll = crypto;
+#endif
#endif
- return 0;
+ return 0;
}
-void
-gnutls_system_global_deinit ()
+void gnutls_system_global_deinit()
{
#ifdef _WIN32
-# if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
- FreeLibrary (Crypt32_dll);
-# endif
+#if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
+ FreeLibrary(Crypt32_dll);
+#endif
#endif
}
@@ -328,227 +312,244 @@ gnutls_system_global_deinit ()
/* Returns a path to store user-specific configuration
* data.
*/
-int _gnutls_find_config_path(char* path, size_t max_size)
+int _gnutls_find_config_path(char *path, size_t max_size)
{
-char tmp_home_dir[GNUTLS_PATH_MAX];
-const char *home_dir = getenv ("HOME");
+ char tmp_home_dir[GNUTLS_PATH_MAX];
+ const char *home_dir = getenv("HOME");
#ifdef _WIN32
- if (home_dir == NULL || home_dir[0] == '\0')
- {
- const char *home_drive = getenv ("HOMEDRIVE");
- const char *home_path = getenv ("HOMEPATH");
-
- if (home_drive != NULL && home_path != NULL)
- {
- snprintf(tmp_home_dir, sizeof(tmp_home_dir), "%s%s", home_drive, home_path);
- }
- else
- {
- tmp_home_dir[0] = 0;
- }
-
- home_dir = tmp_home_dir;
- }
+ if (home_dir == NULL || home_dir[0] == '\0') {
+ const char *home_drive = getenv("HOMEDRIVE");
+ const char *home_path = getenv("HOMEPATH");
+
+ if (home_drive != NULL && home_path != NULL) {
+ snprintf(tmp_home_dir, sizeof(tmp_home_dir),
+ "%s%s", home_drive, home_path);
+ } else {
+ tmp_home_dir[0] = 0;
+ }
+
+ home_dir = tmp_home_dir;
+ }
#elif defined(HAVE_GETPWUID_R)
- if (home_dir == NULL || home_dir[0] == '\0')
- {
- struct passwd *pwd;
- struct passwd _pwd;
- char buf[1024];
-
- getpwuid_r(getuid(), &_pwd, buf, sizeof(buf), &pwd);
- if (pwd != NULL)
- {
- snprintf(tmp_home_dir, sizeof(tmp_home_dir), "%s", pwd->pw_dir);
- }
- else
- {
- tmp_home_dir[0] = 0;
- }
-
- home_dir = tmp_home_dir;
- }
+ if (home_dir == NULL || home_dir[0] == '\0') {
+ struct passwd *pwd;
+ struct passwd _pwd;
+ char buf[1024];
+
+ getpwuid_r(getuid(), &_pwd, buf, sizeof(buf), &pwd);
+ if (pwd != NULL) {
+ snprintf(tmp_home_dir, sizeof(tmp_home_dir), "%s",
+ pwd->pw_dir);
+ } else {
+ tmp_home_dir[0] = 0;
+ }
+
+ home_dir = tmp_home_dir;
+ }
#else
- if (home_dir == NULL || home_dir[0] == '\0')
- {
- tmp_home_dir[0] = 0;
- home_dir = tmp_home_dir;
- }
+ if (home_dir == NULL || home_dir[0] == '\0') {
+ tmp_home_dir[0] = 0;
+ home_dir = tmp_home_dir;
+ }
#endif
- if (home_dir == NULL || home_dir[0] == 0)
- path[0] = 0;
- else
- snprintf(path, max_size, "%s/"CONFIG_PATH, home_dir);
-
- return 0;
+ if (home_dir == NULL || home_dir[0] == 0)
+ path[0] = 0;
+ else
+ snprintf(path, max_size, "%s/" CONFIG_PATH, home_dir);
+
+ return 0;
}
#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11))
static
int
add_system_trust(gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags)
+ unsigned int tl_flags, unsigned int tl_vflags)
{
- int ret, r = 0;
- const char* crl_file =
-# ifdef DEFAULT_CRL_FILE
- DEFAULT_CRL_FILE;
-# else
- NULL;
-# endif
-
-# if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11)
- ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_PKCS11, crl_file,
- GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);
- if (ret > 0)
- r += ret;
-# endif
-
-# ifdef DEFAULT_TRUST_STORE_FILE
- ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_FILE, crl_file,
- GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags);
- if (ret > 0)
- r += ret;
-# endif
-
- return r;
+ int ret, r = 0;
+ const char *crl_file =
+#ifdef DEFAULT_CRL_FILE
+ DEFAULT_CRL_FILE;
+#else
+ NULL;
+#endif
+
+#if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11)
+ ret =
+ gnutls_x509_trust_list_add_trust_file(list,
+ DEFAULT_TRUST_STORE_PKCS11,
+ crl_file,
+ GNUTLS_X509_FMT_DER,
+ tl_flags, tl_vflags);
+ if (ret > 0)
+ r += ret;
+#endif
+
+#ifdef DEFAULT_TRUST_STORE_FILE
+ ret =
+ gnutls_x509_trust_list_add_trust_file(list,
+ DEFAULT_TRUST_STORE_FILE,
+ crl_file,
+ GNUTLS_X509_FMT_PEM,
+ tl_flags, tl_vflags);
+ if (ret > 0)
+ r += ret;
+#endif
+
+ return r;
}
#elif defined(_WIN32)
static
-int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags)
+int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
+ unsigned int tl_vflags)
{
- char path[GNUTLS_PATH_MAX];
- unsigned int i;
- int r = 0;
-
- for (i=0;i<2;i++)
- {
- HCERTSTORE store;
- const CERT_CONTEXT *cert;
- const CRL_CONTEXT *crl;
- gnutls_datum_t data;
-
- if (i==0) store = CertOpenSystemStore(0, "ROOT");
- else store = CertOpenSystemStore(0, "CA");
-
- if (store == NULL) return GNUTLS_E_FILE_ERROR;
-
- cert = CertEnumCertificatesInStore(store, NULL);
- crl = Loaded_CertEnumCRLsInStore(store, NULL);
-
- while(cert != NULL)
- {
- if (cert->dwCertEncodingType == X509_ASN_ENCODING)
- {
- data.data = cert->pbCertEncoded;
- data.size = cert->cbCertEncoded;
- if (gnutls_x509_trust_list_add_trust_mem(list, &data, NULL, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags) > 0)
- r++;
- }
- cert = CertEnumCertificatesInStore(store, cert);
- }
-
- while(crl != NULL)
- {
- if (crl->dwCertEncodingType == X509_ASN_ENCODING)
- {
- data.data = crl->pbCrlEncoded;
- data.size = crl->cbCrlEncoded;
- gnutls_x509_trust_list_add_trust_mem(list, NULL, &data, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);
- }
- crl = Loaded_CertEnumCRLsInStore(store, crl);
- }
- CertCloseStore(store, 0);
- }
-
- return r;
+ char path[GNUTLS_PATH_MAX];
+ unsigned int i;
+ int r = 0;
+
+ for (i = 0; i < 2; i++) {
+ HCERTSTORE store;
+ const CERT_CONTEXT *cert;
+ const CRL_CONTEXT *crl;
+ gnutls_datum_t data;
+
+ if (i == 0)
+ store = CertOpenSystemStore(0, "ROOT");
+ else
+ store = CertOpenSystemStore(0, "CA");
+
+ if (store == NULL)
+ return GNUTLS_E_FILE_ERROR;
+
+ cert = CertEnumCertificatesInStore(store, NULL);
+ crl = Loaded_CertEnumCRLsInStore(store, NULL);
+
+ while (cert != NULL) {
+ if (cert->dwCertEncodingType == X509_ASN_ENCODING) {
+ data.data = cert->pbCertEncoded;
+ data.size = cert->cbCertEncoded;
+ if (gnutls_x509_trust_list_add_trust_mem
+ (list, &data, NULL,
+ GNUTLS_X509_FMT_DER, tl_flags,
+ tl_vflags) > 0)
+ r++;
+ }
+ cert = CertEnumCertificatesInStore(store, cert);
+ }
+
+ while (crl != NULL) {
+ if (crl->dwCertEncodingType == X509_ASN_ENCODING) {
+ data.data = crl->pbCrlEncoded;
+ data.size = crl->cbCrlEncoded;
+ gnutls_x509_trust_list_add_trust_mem(list,
+ NULL,
+ &data,
+ GNUTLS_X509_FMT_DER,
+ tl_flags,
+ tl_vflags);
+ }
+ crl = Loaded_CertEnumCRLsInStore(store, crl);
+ }
+ CertCloseStore(store, 0);
+ }
+
+ return r;
}
#elif defined(ANDROID) || defined(__ANDROID__)
-# include <dirent.h>
-# include <unistd.h>
-static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags, unsigned type)
+#include <dirent.h>
+#include <unistd.h>
+static int load_dir_certs(const char *dirname,
+ gnutls_x509_trust_list_t list,
+ unsigned int tl_flags, unsigned int tl_vflags,
+ unsigned type)
{
-DIR * dirp;
-struct dirent *d;
-int ret;
-int r = 0;
-char path[GNUTLS_PATH_MAX];
-
- dirp = opendir(dirname);
- if (dirp != NULL)
- {
- do
- {
- d = readdir(dirp);
- if (d != NULL && d->d_type == DT_REG)
- {
- snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name);
-
- ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags);
- if (ret >= 0)
- r += ret;
- }
- }
- while(d != NULL);
- closedir(dirp);
- }
-
- return r;
+ DIR *dirp;
+ struct dirent *d;
+ int ret;
+ int r = 0;
+ char path[GNUTLS_PATH_MAX];
+
+ dirp = opendir(dirname);
+ if (dirp != NULL) {
+ do {
+ d = readdir(dirp);
+ if (d != NULL && d->d_type == DT_REG) {
+ snprintf(path, sizeof(path), "%s/%s",
+ dirname, d->d_name);
+
+ ret =
+ gnutls_x509_trust_list_add_trust_file
+ (list, path, NULL, type, tl_flags,
+ tl_vflags);
+ if (ret >= 0)
+ r += ret;
+ }
+ }
+ while (d != NULL);
+ closedir(dirp);
+ }
+
+ return r;
}
static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type)
{
-DIR * dirp;
-struct dirent *d;
-int ret;
-int r = 0;
-char path[GNUTLS_PATH_MAX];
-
- dirp = opendir("/data/misc/keychain/cacerts-removed/");
- if (dirp != NULL)
- {
- do
- {
- d = readdir(dirp);
- if (d != NULL && d->d_type == DT_REG)
- {
- snprintf(path, sizeof(path), "/data/misc/keychain/cacerts-removed/%s", d->d_name);
-
- ret = gnutls_x509_trust_list_remove_trust_file(list, path, type);
- if (ret >= 0)
- r += ret;
- }
- }
- while(d != NULL);
- closedir(dirp);
- }
-
- return r;
+ DIR *dirp;
+ struct dirent *d;
+ int ret;
+ int r = 0;
+ char path[GNUTLS_PATH_MAX];
+
+ dirp = opendir("/data/misc/keychain/cacerts-removed/");
+ if (dirp != NULL) {
+ do {
+ d = readdir(dirp);
+ if (d != NULL && d->d_type == DT_REG) {
+ snprintf(path, sizeof(path),
+ "/data/misc/keychain/cacerts-removed/%s",
+ d->d_name);
+
+ ret =
+ gnutls_x509_trust_list_remove_trust_file
+ (list, path, type);
+ if (ret >= 0)
+ r += ret;
+ }
+ }
+ while (d != NULL);
+ closedir(dirp);
+ }
+
+ return r;
}
/* This works on android 4.x
*/
static
-int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags)
+int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
+ unsigned int tl_vflags)
{
- int r = 0, ret;
+ int r = 0, ret;
- ret = load_dir_certs("/system/etc/security/cacerts/", list, tl_flags, tl_vflags, GNUTLS_X509_FMT_PEM);
- if (ret >= 0)
- r += ret;
+ ret =
+ load_dir_certs("/system/etc/security/cacerts/", list, tl_flags,
+ tl_vflags, GNUTLS_X509_FMT_PEM);
+ if (ret >= 0)
+ r += ret;
- ret = load_revoked_certs(list, GNUTLS_X509_FMT_DER);
- if (ret >= 0)
- r -= ret;
+ ret = load_revoked_certs(list, GNUTLS_X509_FMT_DER);
+ if (ret >= 0)
+ r -= ret;
- ret = load_dir_certs("/data/misc/keychain/cacerts-added/", list, tl_flags, tl_vflags, GNUTLS_X509_FMT_DER);
- if (ret >= 0)
- r += ret;
+ ret =
+ load_dir_certs("/data/misc/keychain/cacerts-added/", list,
+ tl_flags, tl_vflags, GNUTLS_X509_FMT_DER);
+ if (ret >= 0)
+ r += ret;
- return r;
+ return r;
}
#else
@@ -572,154 +573,155 @@ int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsig
**/
int
gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags)
+ unsigned int tl_flags,
+ unsigned int tl_vflags)
{
- return add_system_trust(list, tl_flags, tl_vflags);
+ return add_system_trust(list, tl_flags, tl_vflags);
}
#if defined(HAVE_ICONV) || defined(HAVE_LIBICONV)
-# include <iconv.h>
+#include <iconv.h>
-int _gnutls_ucs2_to_utf8(const void* data, size_t size, gnutls_datum_t *output)
+int _gnutls_ucs2_to_utf8(const void *data, size_t size,
+ gnutls_datum_t * output)
{
-iconv_t conv;
-int ret;
-size_t orig, dstlen = size*2;
-char* src = (void*)data;
-char* dst = NULL, *pdst;
-
- if (size == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- conv = iconv_open("UTF-8", "UTF-16BE");
- if (conv == (iconv_t)-1)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- /* Note that dstlen has enough size for every possible input characters.
- * (remember the in UTF-16 the characters in data are at most size/2,
- * and we allocate 4 bytes per character).
- */
- pdst = dst = gnutls_malloc(dstlen+1);
- if (dst == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail;
- }
-
- orig = dstlen;
- ret = iconv(conv, &src, &size, &pdst, &dstlen);
- if (ret == -1)
- {
- ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- goto fail;
- }
-
- output->data = (void*)dst;
- output->size = orig-dstlen;
- output->data[output->size] = 0;
-
- ret = 0;
- goto cleanup;
-
-fail:
- gnutls_free(dst);
-
-cleanup:
- iconv_close(conv);
-
- return ret;
+ iconv_t conv;
+ int ret;
+ size_t orig, dstlen = size * 2;
+ char *src = (void *) data;
+ char *dst = NULL, *pdst;
+
+ if (size == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ conv = iconv_open("UTF-8", "UTF-16BE");
+ if (conv == (iconv_t) - 1)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ /* Note that dstlen has enough size for every possible input characters.
+ * (remember the in UTF-16 the characters in data are at most size/2,
+ * and we allocate 4 bytes per character).
+ */
+ pdst = dst = gnutls_malloc(dstlen + 1);
+ if (dst == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail;
+ }
+
+ orig = dstlen;
+ ret = iconv(conv, &src, &size, &pdst, &dstlen);
+ if (ret == -1) {
+ ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ goto fail;
+ }
+
+ output->data = (void *) dst;
+ output->size = orig - dstlen;
+ output->data[output->size] = 0;
+
+ ret = 0;
+ goto cleanup;
+
+ fail:
+ gnutls_free(dst);
+
+ cleanup:
+ iconv_close(conv);
+
+ return ret;
}
#elif defined(_WIN32)
#include <winnls.h>
/* Can convert only english */
-int _gnutls_ucs2_to_utf8(const void* data, size_t size, gnutls_datum_t *output)
+int _gnutls_ucs2_to_utf8(const void *data, size_t size,
+ gnutls_datum_t * output)
{
-int ret;
-unsigned i;
-int len = 0, src_len;
-char* dst = NULL;
-char* src = NULL;
-
- src_len = size/2;
-
- src = gnutls_malloc(size);
- if (src == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- /* convert to LE */
- for (i=0;i<size;i+=2)
- {
- src[i] = ((char*)data)[1+i];
- src[1+i] = ((char*)data)[i];
- }
-
- ret = WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS, (void*)src, src_len,
- NULL, 0, NULL, NULL);
- if (ret == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- goto fail;
- }
-
- len = ret+1;
- dst = gnutls_malloc(len);
- if (dst == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail;
- }
-
- ret = WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS, (void*)src, src_len,
- dst, len, NULL, NULL);
- if (ret == 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- goto fail;
- }
-
- dst[len-1] = 0;
- output->data = dst;
- output->size = ret;
- ret = 0;
- goto cleanup;
-
-fail:
- gnutls_free(dst);
-
-cleanup:
- gnutls_free(src);
- return ret;
+ int ret;
+ unsigned i;
+ int len = 0, src_len;
+ char *dst = NULL;
+ char *src = NULL;
+
+ src_len = size / 2;
+
+ src = gnutls_malloc(size);
+ if (src == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ /* convert to LE */
+ for (i = 0; i < size; i += 2) {
+ src[i] = ((char *) data)[1 + i];
+ src[1 + i] = ((char *) data)[i];
+ }
+
+ ret =
+ WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS,
+ (void *) src, src_len, NULL, 0, NULL,
+ NULL);
+ if (ret == 0) {
+ ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ goto fail;
+ }
+
+ len = ret + 1;
+ dst = gnutls_malloc(len);
+ if (dst == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail;
+ }
+
+ ret =
+ WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS,
+ (void *) src, src_len, dst, len, NULL,
+ NULL);
+ if (ret == 0) {
+ ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ goto fail;
+ }
+
+ dst[len - 1] = 0;
+ output->data = dst;
+ output->size = ret;
+ ret = 0;
+ goto cleanup;
+
+ fail:
+ gnutls_free(dst);
+
+ cleanup:
+ gnutls_free(src);
+ return ret;
}
#else
/* Can convert only english (ASCII) */
-int _gnutls_ucs2_to_utf8(const void* data, size_t size, gnutls_datum_t *output)
+int _gnutls_ucs2_to_utf8(const void *data, size_t size,
+ gnutls_datum_t * output)
{
-unsigned int i, j;
-char* dst;
-const char *src = data;
-
- if (size == 0 || size % 2 != 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- dst = gnutls_malloc(size+1);
- if (dst == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- for (i=j=0;i<size;i+=2,j++)
- {
- if (src[i] != 0 || !c_isascii(src[i+1]))
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- dst[j] = src[i+1];
- }
-
- output->data = (void*)dst;
- output->size = j;
- output->data[output->size] = 0;
-
- return 0;
+ unsigned int i, j;
+ char *dst;
+ const char *src = data;
+
+ if (size == 0 || size % 2 != 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ dst = gnutls_malloc(size + 1);
+ if (dst == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ for (i = j = 0; i < size; i += 2, j++) {
+ if (src[i] != 0 || !c_isascii(src[i + 1]))
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ dst[j] = src[i + 1];
+ }
+
+ output->data = (void *) dst;
+ output->size = j;
+ output->data[output->size] = 0;
+
+ return 0;
}
#endif
diff --git a/lib/system.h b/lib/system.h
index d2bfa27a6e..b2a73e7677 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -28,23 +28,24 @@
#include <sys/time.h>
#ifndef _WIN32
-# include <sys/uio.h> /* for writev */
+#include <sys/uio.h> /* for writev */
#else
-# include <windows.h> /* for Sleep */
+#include <windows.h> /* for Sleep */
#endif
-int system_errno (gnutls_transport_ptr_t);
+int system_errno(gnutls_transport_ptr_t);
int system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms);
#ifdef _WIN32
-ssize_t system_write (gnutls_transport_ptr_t ptr, const void *data,
- size_t data_size);
+ssize_t system_write(gnutls_transport_ptr_t ptr, const void *data,
+ size_t data_size);
#else
#define HAVE_WRITEV
-ssize_t system_writev (gnutls_transport_ptr_t ptr, const giovec_t * iovec,
- int iovec_cnt);
+ssize_t system_writev(gnutls_transport_ptr_t ptr, const giovec_t * iovec,
+ int iovec_cnt);
#endif
-ssize_t system_read (gnutls_transport_ptr_t ptr, void *data, size_t data_size);
+ssize_t system_read(gnutls_transport_ptr_t ptr, void *data,
+ size_t data_size);
#ifdef _WIN32
#define HAVE_WIN32_LOCKS
@@ -61,36 +62,36 @@ extern gnutls_time_func gnutls_time;
static inline void millisleep(unsigned int ms)
{
#ifdef _WIN32
- Sleep(ms);
+ Sleep(ms);
#else
- struct timespec ts;
+ struct timespec ts;
- ts.tv_sec = 0;
- ts.tv_nsec = ms*1000*1000;
-
- nanosleep(&ts, NULL);
+ ts.tv_sec = 0;
+ ts.tv_nsec = ms * 1000 * 1000;
+
+ nanosleep(&ts, NULL);
#endif
}
/* emulate gnulib's gettime using gettimeofday to avoid linking to
* librt */
-inline static void
-gettime (struct timespec *t)
+inline static void gettime(struct timespec *t)
{
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_REALTIME)
- clock_gettime (CLOCK_REALTIME, t);
+ clock_gettime(CLOCK_REALTIME, t);
#else
-struct timeval tv;
- gettimeofday (&tv, NULL);
- t->tv_sec = tv.tv_sec;
- t->tv_nsec = tv.tv_usec * 1000;
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ t->tv_sec = tv.tv_sec;
+ t->tv_nsec = tv.tv_usec * 1000;
#endif
}
-int _gnutls_find_config_path(char* path, size_t max_size);
-int _gnutls_ucs2_to_utf8(const void* data, size_t size, gnutls_datum_t *output);
+int _gnutls_find_config_path(char *path, size_t max_size);
+int _gnutls_ucs2_to_utf8(const void *data, size_t size,
+ gnutls_datum_t * output);
-int gnutls_system_global_init (void);
-void gnutls_system_global_deinit (void);
+int gnutls_system_global_init(void);
+void gnutls_system_global_deinit(void);
-#endif /* SYSTEM_H */
+#endif /* SYSTEM_H */
diff --git a/lib/system_override.c b/lib/system_override.c
index 2fa82df0b3..d673f2dd90 100644
--- a/lib/system_override.c
+++ b/lib/system_override.c
@@ -36,7 +36,7 @@
#include <errno.h>
#ifdef _WIN32
-# include <windows.h>
+#include <windows.h>
#endif
/**
@@ -56,10 +56,9 @@
* msvcr71.dll and gnutls is linked to msvcrt.dll).
*
**/
-void
-gnutls_transport_set_errno (gnutls_session_t session, int err)
+void gnutls_transport_set_errno(gnutls_session_t session, int err)
{
- session->internals.errnum = err;
+ session->internals.errnum = err;
}
/**
@@ -77,10 +76,10 @@ gnutls_transport_set_errno (gnutls_session_t session, int err)
* ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t);
**/
void
-gnutls_transport_set_pull_function (gnutls_session_t session,
- gnutls_pull_func pull_func)
+gnutls_transport_set_pull_function(gnutls_session_t session,
+ gnutls_pull_func pull_func)
{
- session->internals.pull_func = pull_func;
+ session->internals.pull_func = pull_func;
}
/**
@@ -104,10 +103,10 @@ gnutls_transport_set_pull_function (gnutls_session_t session,
* Since: 3.0
**/
void
-gnutls_transport_set_pull_timeout_function (gnutls_session_t session,
- gnutls_pull_timeout_func func)
+gnutls_transport_set_pull_timeout_function(gnutls_session_t session,
+ gnutls_pull_timeout_func func)
{
- session->internals.pull_timeout_func = func;
+ session->internals.pull_timeout_func = func;
}
/**
@@ -128,11 +127,11 @@ gnutls_transport_set_pull_timeout_function (gnutls_session_t session,
*
**/
void
-gnutls_transport_set_push_function (gnutls_session_t session,
- gnutls_push_func push_func)
+gnutls_transport_set_push_function(gnutls_session_t session,
+ gnutls_push_func push_func)
{
- session->internals.push_func = push_func;
- session->internals.vec_push_func = NULL;
+ session->internals.push_func = push_func;
+ session->internals.vec_push_func = NULL;
}
/**
@@ -151,11 +150,11 @@ gnutls_transport_set_push_function (gnutls_session_t session,
* Since: 2.12.0
**/
void
-gnutls_transport_set_vec_push_function (gnutls_session_t session,
- gnutls_vec_push_func vec_func)
+gnutls_transport_set_vec_push_function(gnutls_session_t session,
+ gnutls_vec_push_func vec_func)
{
- session->internals.push_func = NULL;
- session->internals.vec_push_func = vec_func;
+ session->internals.push_func = NULL;
+ session->internals.vec_push_func = vec_func;
}
/**
@@ -173,8 +172,8 @@ gnutls_transport_set_vec_push_function (gnutls_session_t session,
* Since: 2.12.0
**/
void
-gnutls_transport_set_errno_function (gnutls_session_t session,
- gnutls_errno_func errno_func)
+gnutls_transport_set_errno_function(gnutls_session_t session,
+ gnutls_errno_func errno_func)
{
- session->internals.errno_func = errno_func;
+ session->internals.errno_func = errno_func;
}
diff --git a/lib/tpm.c b/lib/tpm.c
index cc57012d2e..86b0047a9b 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -46,31 +46,30 @@
#include <trousers/tss.h>
#include <trousers/trousers.h>
-struct tpm_ctx_st
-{
- TSS_HCONTEXT tpm_ctx;
- TSS_HKEY tpm_key;
- TSS_HPOLICY tpm_key_policy;
- TSS_HKEY srk;
- TSS_HPOLICY srk_policy;
+struct tpm_ctx_st {
+ TSS_HCONTEXT tpm_ctx;
+ TSS_HKEY tpm_key;
+ TSS_HPOLICY tpm_key_policy;
+ TSS_HKEY srk;
+ TSS_HPOLICY srk_policy;
};
-struct tpm_key_list_st
-{
- UINT32 size;
- TSS_KM_KEYINFO2 * ki;
- TSS_HCONTEXT tpm_ctx;
+struct tpm_key_list_st {
+ UINT32 size;
+ TSS_KM_KEYINFO2 *ki;
+ TSS_HCONTEXT tpm_ctx;
};
static void tpm_close_session(struct tpm_ctx_st *s);
-static int import_tpm_key (gnutls_privkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- TSS_UUID *uuid,
- TSS_FLAG storage_type,
- const char *srk_password,
- const char *key_password);
-static int encode_tpmkey_url(char** url, const TSS_UUID* uuid, TSS_FLAG storage);
+static int import_tpm_key(gnutls_privkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ TSS_UUID * uuid,
+ TSS_FLAG storage_type,
+ const char *srk_password,
+ const char *key_password);
+static int encode_tpmkey_url(char **url, const TSS_UUID * uuid,
+ TSS_FLAG storage);
/* TPM URL format: (draft-mavrogiannopoulos-tpmuri-01)
*
@@ -83,488 +82,474 @@ static int encode_tpmkey_url(char** url, const TSS_UUID* uuid, TSS_FLAG storage)
static int tss_err_pwd(TSS_RESULT err, int pwd_error)
{
- _gnutls_debug_log("TPM (%s) error: %s (%x)\n", Trspi_Error_Layer(err), Trspi_Error_String(err), (unsigned int)Trspi_Error_Code(err));
-
- switch(ERROR_LAYER(err))
- {
- case TSS_LAYER_TPM:
- switch(ERROR_CODE(err))
- {
- case TPM_E_AUTHFAIL:
- return pwd_error;
- case TPM_E_NOSRK:
- return GNUTLS_E_TPM_UNINITIALIZED;
- default:
- return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
- }
- case TSS_LAYER_TCS:
- case TSS_LAYER_TSP:
- switch(ERROR_CODE(err))
- {
- case TSS_E_COMM_FAILURE:
- case TSS_E_NO_CONNECTION:
- case TSS_E_CONNECTION_FAILED:
- case TSS_E_CONNECTION_BROKEN:
- return GNUTLS_E_TPM_SESSION_ERROR;
- case TSS_E_PS_KEY_NOTFOUND:
- return GNUTLS_E_TPM_KEY_NOT_FOUND;
- default:
- return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
- }
- default:
- return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
- }
+ _gnutls_debug_log("TPM (%s) error: %s (%x)\n",
+ Trspi_Error_Layer(err), Trspi_Error_String(err),
+ (unsigned int) Trspi_Error_Code(err));
+
+ switch (ERROR_LAYER(err)) {
+ case TSS_LAYER_TPM:
+ switch (ERROR_CODE(err)) {
+ case TPM_E_AUTHFAIL:
+ return pwd_error;
+ case TPM_E_NOSRK:
+ return GNUTLS_E_TPM_UNINITIALIZED;
+ default:
+ return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
+ }
+ case TSS_LAYER_TCS:
+ case TSS_LAYER_TSP:
+ switch (ERROR_CODE(err)) {
+ case TSS_E_COMM_FAILURE:
+ case TSS_E_NO_CONNECTION:
+ case TSS_E_CONNECTION_FAILED:
+ case TSS_E_CONNECTION_BROKEN:
+ return GNUTLS_E_TPM_SESSION_ERROR;
+ case TSS_E_PS_KEY_NOTFOUND:
+ return GNUTLS_E_TPM_KEY_NOT_FOUND;
+ default:
+ return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
+ }
+ default:
+ return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
+ }
}
#define tss_err(x) tss_err_pwd(x, GNUTLS_E_TPM_SRK_PASSWORD_ERROR)
#define tss_err_key(x) tss_err_pwd(x, GNUTLS_E_TPM_KEY_PASSWORD_ERROR)
-static void
-tpm_deinit_fn (gnutls_privkey_t key, void *_s)
+static void tpm_deinit_fn(gnutls_privkey_t key, void *_s)
{
- struct tpm_ctx_st *s = _s;
+ struct tpm_ctx_st *s = _s;
- Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key_policy);
- Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key);
+ Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key_policy);
+ Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key);
- tpm_close_session(s);
- gnutls_free (s);
+ tpm_close_session(s);
+ gnutls_free(s);
}
static int
-tpm_sign_fn (gnutls_privkey_t key, void *_s,
- const gnutls_datum_t * data, gnutls_datum_t * sig)
+tpm_sign_fn(gnutls_privkey_t key, void *_s,
+ const gnutls_datum_t * data, gnutls_datum_t * sig)
{
- struct tpm_ctx_st *s = _s;
- TSS_HHASH hash;
- int err;
-
- _gnutls_debug_log ("TPM sign function called for %u bytes.\n",
- data->size);
-
- err =
- Tspi_Context_CreateObject (s->tpm_ctx,
- TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER,
- &hash);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Failed to create TPM hash object: %s\n",
- Trspi_Error_String (err));
- return GNUTLS_E_PK_SIGN_FAILED;
- }
- err = Tspi_Hash_SetHashValue (hash, data->size, data->data);
- if (err)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Failed to set value in TPM hash object: %s\n",
- Trspi_Error_String (err));
- Tspi_Context_CloseObject (s->tpm_ctx, hash);
- return GNUTLS_E_PK_SIGN_FAILED;
- }
- err = Tspi_Hash_Sign (hash, s->tpm_key, &sig->size, &sig->data);
- Tspi_Context_CloseObject (s->tpm_ctx, hash);
- if (err)
- {
- if (s->tpm_key_policy || err != TPM_E_AUTHFAIL)
- _gnutls_debug_log ("TPM hash signature failed: %s\n",
- Trspi_Error_String (err));
- if (err == TPM_E_AUTHFAIL)
- return GNUTLS_E_TPM_KEY_PASSWORD_ERROR;
- else
- return GNUTLS_E_PK_SIGN_FAILED;
- }
- return 0;
+ struct tpm_ctx_st *s = _s;
+ TSS_HHASH hash;
+ int err;
+
+ _gnutls_debug_log("TPM sign function called for %u bytes.\n",
+ data->size);
+
+ err =
+ Tspi_Context_CreateObject(s->tpm_ctx,
+ TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER,
+ &hash);
+ if (err) {
+ gnutls_assert();
+ _gnutls_debug_log("Failed to create TPM hash object: %s\n",
+ Trspi_Error_String(err));
+ return GNUTLS_E_PK_SIGN_FAILED;
+ }
+ err = Tspi_Hash_SetHashValue(hash, data->size, data->data);
+ if (err) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Failed to set value in TPM hash object: %s\n",
+ Trspi_Error_String(err));
+ Tspi_Context_CloseObject(s->tpm_ctx, hash);
+ return GNUTLS_E_PK_SIGN_FAILED;
+ }
+ err = Tspi_Hash_Sign(hash, s->tpm_key, &sig->size, &sig->data);
+ Tspi_Context_CloseObject(s->tpm_ctx, hash);
+ if (err) {
+ if (s->tpm_key_policy || err != TPM_E_AUTHFAIL)
+ _gnutls_debug_log
+ ("TPM hash signature failed: %s\n",
+ Trspi_Error_String(err));
+ if (err == TPM_E_AUTHFAIL)
+ return GNUTLS_E_TPM_KEY_PASSWORD_ERROR;
+ else
+ return GNUTLS_E_PK_SIGN_FAILED;
+ }
+ return 0;
}
static const unsigned char nullpass[20];
-static const gnutls_datum_t nulldata = {(void*)nullpass, 20};
+static const gnutls_datum_t nulldata = { (void *) nullpass, 20 };
+
const TSS_UUID srk_uuid = TSS_UUID_SRK;
-static int tpm_pin(struct pin_info_st* pin_info, const TSS_UUID* uuid, TSS_FLAG storage,
- char* pin, unsigned int pin_size, unsigned int attempts)
+static int tpm_pin(struct pin_info_st *pin_info, const TSS_UUID * uuid,
+ TSS_FLAG storage, char *pin, unsigned int pin_size,
+ unsigned int attempts)
{
-unsigned int flags = 0;
-const char* label;
-char* url = NULL;
-int ret;
-
- if (attempts > 0)
- flags |= GNUTLS_PIN_WRONG;
-
- if (uuid)
- {
- if (memcmp(uuid, &srk_uuid, sizeof(TSS_UUID)) == 0)
- {
- label = "SRK";
-
- ret = encode_tpmkey_url(&url, uuid, storage);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- {
- label = "TPM";
-
- ret = encode_tpmkey_url(&url, uuid, storage);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- }
- else
- label = "unknown";
-
- if (pin_info && pin_info->cb)
- ret = pin_info->cb(pin_info->data, attempts, url, label, flags, pin, pin_size);
- else if (_gnutls_pin_func)
- ret = _gnutls_pin_func(_gnutls_pin_data, attempts, url, label, flags, pin, pin_size);
- else
- ret = gnutls_assert_val(GNUTLS_E_TPM_KEY_PASSWORD_ERROR); /* doesn't really matter */
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-cleanup:
- gnutls_free(url);
- return ret;
+ unsigned int flags = 0;
+ const char *label;
+ char *url = NULL;
+ int ret;
+
+ if (attempts > 0)
+ flags |= GNUTLS_PIN_WRONG;
+
+ if (uuid) {
+ if (memcmp(uuid, &srk_uuid, sizeof(TSS_UUID)) == 0) {
+ label = "SRK";
+
+ ret = encode_tpmkey_url(&url, uuid, storage);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else {
+ label = "TPM";
+
+ ret = encode_tpmkey_url(&url, uuid, storage);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+ } else
+ label = "unknown";
+
+ if (pin_info && pin_info->cb)
+ ret =
+ pin_info->cb(pin_info->data, attempts, url, label,
+ flags, pin, pin_size);
+ else if (_gnutls_pin_func)
+ ret =
+ _gnutls_pin_func(_gnutls_pin_data, attempts, url,
+ label, flags, pin, pin_size);
+ else
+ ret = gnutls_assert_val(GNUTLS_E_TPM_KEY_PASSWORD_ERROR); /* doesn't really matter */
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ gnutls_free(url);
+ return ret;
}
-static TSS_RESULT myTspi_Policy_SetSecret(TSS_HPOLICY hPolicy,
- UINT32 ulSecretLength, BYTE* rgbSecret)
+static TSS_RESULT myTspi_Policy_SetSecret(TSS_HPOLICY hPolicy,
+ UINT32 ulSecretLength,
+ BYTE * rgbSecret)
{
- if (rgbSecret == NULL)
- {
- /* Well known NULL key */
- return Tspi_Policy_SetSecret (hPolicy,
- TSS_SECRET_MODE_SHA1,
- sizeof (nullpass), (BYTE *) nullpass);
- }
- else /* key is given */
- {
- return Tspi_Policy_SetSecret (hPolicy, TSS_SECRET_MODE_PLAIN,
- ulSecretLength, rgbSecret);
- }
+ if (rgbSecret == NULL) {
+ /* Well known NULL key */
+ return Tspi_Policy_SetSecret(hPolicy,
+ TSS_SECRET_MODE_SHA1,
+ sizeof(nullpass),
+ (BYTE *) nullpass);
+ } else { /* key is given */
+
+ return Tspi_Policy_SetSecret(hPolicy,
+ TSS_SECRET_MODE_PLAIN,
+ ulSecretLength, rgbSecret);
+ }
}
#define SAFE_LEN(x) (x==NULL?0:strlen(x))
-static int tpm_open_session(struct tpm_ctx_st *s, const char* srk_password)
+static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password)
{
-int err, ret;
-
- err = Tspi_Context_Create (&s->tpm_ctx);
- if (err)
- {
- gnutls_assert ();
- return tss_err(err);
- }
-
- err = Tspi_Context_Connect (s->tpm_ctx, NULL);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_tspi_ctx;
- }
-
- err =
- Tspi_Context_LoadKeyByUUID (s->tpm_ctx, TSS_PS_TYPE_SYSTEM,
- srk_uuid, &s->srk);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_tspi_ctx;
- }
-
- err = Tspi_GetPolicyObject (s->srk, TSS_POLICY_USAGE, &s->srk_policy);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_srk;
- }
-
- err = myTspi_Policy_SetSecret (s->srk_policy,
- SAFE_LEN (srk_password), (BYTE *) srk_password);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_srkpol;
- }
-
- return 0;
-
-out_srkpol:
- Tspi_Context_CloseObject (s->tpm_ctx, s->srk_policy);
- s->srk_policy = 0;
-out_srk:
- Tspi_Context_CloseObject (s->tpm_ctx, s->srk);
- s->srk = 0;
-out_tspi_ctx:
- Tspi_Context_Close (s->tpm_ctx);
- s->tpm_ctx = 0;
- return ret;
+ int err, ret;
+
+ err = Tspi_Context_Create(&s->tpm_ctx);
+ if (err) {
+ gnutls_assert();
+ return tss_err(err);
+ }
+
+ err = Tspi_Context_Connect(s->tpm_ctx, NULL);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_tspi_ctx;
+ }
+
+ err =
+ Tspi_Context_LoadKeyByUUID(s->tpm_ctx, TSS_PS_TYPE_SYSTEM,
+ srk_uuid, &s->srk);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_tspi_ctx;
+ }
+
+ err =
+ Tspi_GetPolicyObject(s->srk, TSS_POLICY_USAGE, &s->srk_policy);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_srk;
+ }
+
+ err = myTspi_Policy_SetSecret(s->srk_policy,
+ SAFE_LEN(srk_password),
+ (BYTE *) srk_password);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_srkpol;
+ }
+
+ return 0;
+
+ out_srkpol:
+ Tspi_Context_CloseObject(s->tpm_ctx, s->srk_policy);
+ s->srk_policy = 0;
+ out_srk:
+ Tspi_Context_CloseObject(s->tpm_ctx, s->srk);
+ s->srk = 0;
+ out_tspi_ctx:
+ Tspi_Context_Close(s->tpm_ctx);
+ s->tpm_ctx = 0;
+ return ret;
}
static void tpm_close_session(struct tpm_ctx_st *s)
{
- Tspi_Context_CloseObject (s->tpm_ctx, s->srk_policy);
- s->srk_policy = 0;
- Tspi_Context_CloseObject (s->tpm_ctx, s->srk);
- s->srk = 0;
- Tspi_Context_Close (s->tpm_ctx);
- s->tpm_ctx = 0;
+ Tspi_Context_CloseObject(s->tpm_ctx, s->srk_policy);
+ s->srk_policy = 0;
+ Tspi_Context_CloseObject(s->tpm_ctx, s->srk);
+ s->srk = 0;
+ Tspi_Context_Close(s->tpm_ctx);
+ s->tpm_ctx = 0;
}
static int
-import_tpm_key_cb (gnutls_privkey_t pkey, const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format, TSS_UUID *uuid,
- TSS_FLAG storage, const char *srk_password,
- const char *key_password)
+import_tpm_key_cb(gnutls_privkey_t pkey, const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format, TSS_UUID * uuid,
+ TSS_FLAG storage, const char *srk_password,
+ const char *key_password)
{
-unsigned int attempts = 0;
-char pin1[GNUTLS_PKCS11_MAX_PIN_LEN];
-char pin2[GNUTLS_PKCS11_MAX_PIN_LEN];
-int ret, ret2;
-
- do
- {
- ret = import_tpm_key(pkey, fdata, format, uuid, storage, srk_password, key_password);
-
- if (attempts > 3)
- break;
-
- if (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR)
- {
- ret2 = tpm_pin(&pkey->pin, &srk_uuid, storage, pin1, sizeof(pin1), attempts++);
- if (ret2 < 0)
- {
- gnutls_assert();
- return GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
- }
- srk_password = pin1;
- }
-
- if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR)
- {
- ret2 = tpm_pin(&pkey->pin, uuid, storage, pin2, sizeof(pin2), attempts++);
- if (ret2 < 0)
- {
- gnutls_assert();
- return GNUTLS_E_TPM_KEY_PASSWORD_ERROR;
- }
- key_password = pin2;
- }
- }
- while(ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR || ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR);
-
- if (ret < 0)
- gnutls_assert();
- return ret;
+ unsigned int attempts = 0;
+ char pin1[GNUTLS_PKCS11_MAX_PIN_LEN];
+ char pin2[GNUTLS_PKCS11_MAX_PIN_LEN];
+ int ret, ret2;
+
+ do {
+ ret =
+ import_tpm_key(pkey, fdata, format, uuid, storage,
+ srk_password, key_password);
+
+ if (attempts > 3)
+ break;
+
+ if (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR) {
+ ret2 =
+ tpm_pin(&pkey->pin, &srk_uuid, storage, pin1,
+ sizeof(pin1), attempts++);
+ if (ret2 < 0) {
+ gnutls_assert();
+ return GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
+ }
+ srk_password = pin1;
+ }
+
+ if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR) {
+ ret2 =
+ tpm_pin(&pkey->pin, uuid, storage, pin2,
+ sizeof(pin2), attempts++);
+ if (ret2 < 0) {
+ gnutls_assert();
+ return GNUTLS_E_TPM_KEY_PASSWORD_ERROR;
+ }
+ key_password = pin2;
+ }
+ }
+ while (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR
+ || ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR);
+
+ if (ret < 0)
+ gnutls_assert();
+ return ret;
}
-static int load_key(TSS_HCONTEXT tpm_ctx, TSS_HKEY srk,
- const gnutls_datum_t * fdata, gnutls_tpmkey_fmt_t format,
- TSS_HKEY* tpm_key)
+static int load_key(TSS_HCONTEXT tpm_ctx, TSS_HKEY srk,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format, TSS_HKEY * tpm_key)
{
-int ret, err;
-gnutls_datum_t asn1 = { NULL, 0 };
-
- if (format == GNUTLS_TPMKEY_FMT_CTK_PEM)
- {
- gnutls_datum_t td;
-
- ret = gnutls_pem_base64_decode_alloc ("TSS KEY BLOB", fdata, &asn1);
- if (ret)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Error decoding TSS key blob: %s\n",
- gnutls_strerror (ret));
- return ret;
- }
-
- ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, asn1.data, asn1.size, &td);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- gnutls_free(asn1.data);
- asn1.data = td.data;
- asn1.size = td.size;
- }
- else /* DER */
- {
- UINT32 tint2;
- UINT32 type;
-
- asn1.size = fdata->size;
- asn1.data = gnutls_malloc(asn1.size);
- if (asn1.data == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- tint2 = asn1.size;
- err = Tspi_DecodeBER_TssBlob(fdata->size, fdata->data, &type,
- &tint2, asn1.data);
- if (err != 0)
- {
- gnutls_assert();
- ret = tss_err(err);
- goto cleanup;
- }
-
- asn1.size = tint2;
- }
-
- /* ... we get it here instead. */
- err = Tspi_Context_LoadKeyByBlob (tpm_ctx, srk,
- asn1.size, asn1.data, tpm_key);
- if (err != 0)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_free (asn1.data);
-
- return ret;
+ int ret, err;
+ gnutls_datum_t asn1 = { NULL, 0 };
+
+ if (format == GNUTLS_TPMKEY_FMT_CTK_PEM) {
+ gnutls_datum_t td;
+
+ ret =
+ gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata,
+ &asn1);
+ if (ret) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Error decoding TSS key blob: %s\n",
+ gnutls_strerror(ret));
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
+ asn1.data, asn1.size, &td);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ gnutls_free(asn1.data);
+ asn1.data = td.data;
+ asn1.size = td.size;
+ } else { /* DER */
+
+ UINT32 tint2;
+ UINT32 type;
+
+ asn1.size = fdata->size;
+ asn1.data = gnutls_malloc(asn1.size);
+ if (asn1.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ tint2 = asn1.size;
+ err =
+ Tspi_DecodeBER_TssBlob(fdata->size, fdata->data, &type,
+ &tint2, asn1.data);
+ if (err != 0) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto cleanup;
+ }
+
+ asn1.size = tint2;
+ }
+
+ /* ... we get it here instead. */
+ err = Tspi_Context_LoadKeyByBlob(tpm_ctx, srk,
+ asn1.size, asn1.data, tpm_key);
+ if (err != 0) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_free(asn1.data);
+
+ return ret;
}
static int
-import_tpm_key (gnutls_privkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- TSS_UUID *uuid,
- TSS_FLAG storage,
- const char *srk_password,
- const char *key_password)
+import_tpm_key(gnutls_privkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ TSS_UUID * uuid,
+ TSS_FLAG storage,
+ const char *srk_password, const char *key_password)
{
- int err, ret;
- struct tpm_ctx_st *s;
- gnutls_datum_t tmp_sig;
-
- s = gnutls_malloc (sizeof (*s));
- if (s == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = tpm_open_session(s, srk_password);
- if (ret < 0)
- {
- gnutls_assert();
- goto out_ctx;
- }
-
- if (fdata != NULL)
- {
- ret = load_key(s->tpm_ctx, s->srk, fdata, format, &s->tpm_key);
- if (ret < 0)
- {
- gnutls_assert();
- goto out_session;
- }
- }
- else if (uuid)
- {
- err =
- Tspi_Context_LoadKeyByUUID (s->tpm_ctx, storage,
- *uuid, &s->tpm_key);
-
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_session;
- }
- }
- else
- {
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto out_session;
- }
-
- ret =
- gnutls_privkey_import_ext2 (pkey, GNUTLS_PK_RSA, s,
- tpm_sign_fn, NULL, tpm_deinit_fn, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto out_session;
- }
-
- ret =
- gnutls_privkey_sign_data (pkey, GNUTLS_DIG_SHA1, 0, &nulldata, &tmp_sig);
- if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR)
- {
- if (!s->tpm_key_policy)
- {
- err = Tspi_Context_CreateObject (s->tpm_ctx,
- TSS_OBJECT_TYPE_POLICY,
- TSS_POLICY_USAGE,
- &s->tpm_key_policy);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_key;
- }
-
- err = Tspi_Policy_AssignToObject (s->tpm_key_policy, s->tpm_key);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_key_policy;
- }
- }
-
- err = myTspi_Policy_SetSecret (s->tpm_key_policy,
- SAFE_LEN(key_password), (void *) key_password);
-
- if (err)
- {
- gnutls_assert ();
- ret = tss_err_key(err);
- goto out_key_policy;
- }
- }
- else if (ret < 0)
- {
- gnutls_assert ();
- goto out_session;
- }
-
- return 0;
-out_key_policy:
- Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key_policy);
- s->tpm_key_policy = 0;
-out_key:
- Tspi_Context_CloseObject (s->tpm_ctx, s->tpm_key);
- s->tpm_key = 0;
-out_session:
- tpm_close_session(s);
-out_ctx:
- gnutls_free (s);
- return ret;
+ int err, ret;
+ struct tpm_ctx_st *s;
+ gnutls_datum_t tmp_sig;
+
+ s = gnutls_malloc(sizeof(*s));
+ if (s == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = tpm_open_session(s, srk_password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_ctx;
+ }
+
+ if (fdata != NULL) {
+ ret =
+ load_key(s->tpm_ctx, s->srk, fdata, format,
+ &s->tpm_key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_session;
+ }
+ } else if (uuid) {
+ err =
+ Tspi_Context_LoadKeyByUUID(s->tpm_ctx, storage,
+ *uuid, &s->tpm_key);
+
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_session;
+ }
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto out_session;
+ }
+
+ ret =
+ gnutls_privkey_import_ext2(pkey, GNUTLS_PK_RSA, s,
+ tpm_sign_fn, NULL, tpm_deinit_fn,
+ 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_session;
+ }
+
+ ret =
+ gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA1, 0, &nulldata,
+ &tmp_sig);
+ if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR) {
+ if (!s->tpm_key_policy) {
+ err = Tspi_Context_CreateObject(s->tpm_ctx,
+ TSS_OBJECT_TYPE_POLICY,
+ TSS_POLICY_USAGE,
+ &s->
+ tpm_key_policy);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_key;
+ }
+
+ err =
+ Tspi_Policy_AssignToObject(s->tpm_key_policy,
+ s->tpm_key);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_key_policy;
+ }
+ }
+
+ err = myTspi_Policy_SetSecret(s->tpm_key_policy,
+ SAFE_LEN(key_password),
+ (void *) key_password);
+
+ if (err) {
+ gnutls_assert();
+ ret = tss_err_key(err);
+ goto out_key_policy;
+ }
+ } else if (ret < 0) {
+ gnutls_assert();
+ goto out_session;
+ }
+
+ return 0;
+ out_key_policy:
+ Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key_policy);
+ s->tpm_key_policy = 0;
+ out_key:
+ Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key);
+ s->tpm_key = 0;
+ out_session:
+ tpm_close_session(s);
+ out_ctx:
+ gnutls_free(s);
+ return ret;
}
/**
@@ -588,245 +573,251 @@ out_ctx:
*
**/
int
-gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- const char *key_password,
- unsigned int flags)
+gnutls_privkey_import_tpm_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password,
+ const char *key_password, unsigned int flags)
{
- if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
- return import_tpm_key(pkey, fdata, format, NULL, 0, srk_password, key_password);
- else
- return import_tpm_key_cb(pkey, fdata, format, NULL, 0, srk_password, key_password);
+ if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
+ return import_tpm_key(pkey, fdata, format, NULL, 0,
+ srk_password, key_password);
+ else
+ return import_tpm_key_cb(pkey, fdata, format, NULL, 0,
+ srk_password, key_password);
}
-struct tpmkey_url_st
-{
- char* filename;
- TSS_UUID uuid;
- TSS_FLAG storage;
- unsigned int uuid_set;
+struct tpmkey_url_st {
+ char *filename;
+ TSS_UUID uuid;
+ TSS_FLAG storage;
+ unsigned int uuid_set;
};
static void clear_tpmkey_url(struct tpmkey_url_st *s)
{
- gnutls_free(s->filename);
- memset(s, 0, sizeof(*s));
+ gnutls_free(s->filename);
+ memset(s, 0, sizeof(*s));
}
static int
-unescape_string (char *output, const char *input, size_t * size,
- char terminator)
+unescape_string(char *output, const char *input, size_t * size,
+ char terminator)
{
- gnutls_buffer_st str;
- int ret = 0;
- char *p;
- int len;
-
- _gnutls_buffer_init (&str);
-
- /* find terminator */
- p = strchr (input, terminator);
- if (p != NULL)
- len = p - input;
- else
- len = strlen (input);
-
- ret = _gnutls_buffer_append_data (&str, input, len);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_buffer_unescape (&str);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_buffer_append_data (&str, "", 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- _gnutls_buffer_pop_data (&str, output, size);
-
- _gnutls_buffer_clear (&str);
-
- return ret;
+ gnutls_buffer_st str;
+ int ret = 0;
+ char *p;
+ int len;
+
+ _gnutls_buffer_init(&str);
+
+ /* find terminator */
+ p = strchr(input, terminator);
+ if (p != NULL)
+ len = p - input;
+ else
+ len = strlen(input);
+
+ ret = _gnutls_buffer_append_data(&str, input, len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_unescape(&str);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_append_data(&str, "", 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_buffer_pop_data(&str, output, size);
+
+ _gnutls_buffer_clear(&str);
+
+ return ret;
}
#define UUID_SIZE 16
-static int randomize_uuid(TSS_UUID* uuid)
+static int randomize_uuid(TSS_UUID * uuid)
{
- uint8_t raw_uuid[16];
- int ret;
-
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, raw_uuid, sizeof(raw_uuid));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* mark it as random uuid */
- raw_uuid[6] &= 0x0f;
- raw_uuid[6] |= 0x40;
- raw_uuid[8] &= 0x0f;
- raw_uuid[8] |= 0x80;
-
- memcpy(&uuid->ulTimeLow, raw_uuid, 4);
- memcpy(&uuid->usTimeMid, &raw_uuid[4], 2);
- memcpy(&uuid->usTimeHigh, &raw_uuid[6], 2);
- uuid->bClockSeqHigh = raw_uuid[8];
- uuid->bClockSeqLow = raw_uuid[9];
- memcpy(&uuid->rgbNode, &raw_uuid[10], 6);
-
- return 0;
+ uint8_t raw_uuid[16];
+ int ret;
+
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE, raw_uuid, sizeof(raw_uuid));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* mark it as random uuid */
+ raw_uuid[6] &= 0x0f;
+ raw_uuid[6] |= 0x40;
+ raw_uuid[8] &= 0x0f;
+ raw_uuid[8] |= 0x80;
+
+ memcpy(&uuid->ulTimeLow, raw_uuid, 4);
+ memcpy(&uuid->usTimeMid, &raw_uuid[4], 2);
+ memcpy(&uuid->usTimeHigh, &raw_uuid[6], 2);
+ uuid->bClockSeqHigh = raw_uuid[8];
+ uuid->bClockSeqLow = raw_uuid[9];
+ memcpy(&uuid->rgbNode, &raw_uuid[10], 6);
+
+ return 0;
}
-static int encode_tpmkey_url(char** url, const TSS_UUID* uuid, TSS_FLAG storage)
+static int encode_tpmkey_url(char **url, const TSS_UUID * uuid,
+ TSS_FLAG storage)
{
-size_t size = (UUID_SIZE*2+4)*2+32;
-uint8_t u1[UUID_SIZE];
-gnutls_buffer_st buf;
-gnutls_datum_t dret;
-int ret;
-
- *url = gnutls_malloc(size);
- if (*url == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_buffer_init(&buf);
-
- memcpy(u1, &uuid->ulTimeLow, 4);
- memcpy(&u1[4], &uuid->usTimeMid, 2);
- memcpy(&u1[6], &uuid->usTimeHigh, 2);
- u1[8] = uuid->bClockSeqHigh;
- u1[9] = uuid->bClockSeqLow;
- memcpy(&u1[10], uuid->rgbNode, 6);
-
- ret = _gnutls_buffer_append_str(&buf, "tpmkey:uuid=");
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_printf(&buf, "%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x",
- (unsigned int)u1[0], (unsigned int)u1[1], (unsigned int)u1[2], (unsigned int)u1[3],
- (unsigned int)u1[4], (unsigned int)u1[5], (unsigned int)u1[6], (unsigned int)u1[7],
- (unsigned int)u1[8], (unsigned int)u1[9], (unsigned int)u1[10], (unsigned int)u1[11],
- (unsigned int)u1[12], (unsigned int)u1[13], (unsigned int)u1[14], (unsigned int)u1[15]);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_append_printf(&buf, ";storage=%s", (storage==TSS_PS_TYPE_USER)?"user":"system");
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_buffer_to_datum(&buf, &dret);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- *url = (char*)dret.data;
-
- return 0;
-cleanup:
- _gnutls_buffer_clear(&buf);
- return ret;
+ size_t size = (UUID_SIZE * 2 + 4) * 2 + 32;
+ uint8_t u1[UUID_SIZE];
+ gnutls_buffer_st buf;
+ gnutls_datum_t dret;
+ int ret;
+
+ *url = gnutls_malloc(size);
+ if (*url == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_buffer_init(&buf);
+
+ memcpy(u1, &uuid->ulTimeLow, 4);
+ memcpy(&u1[4], &uuid->usTimeMid, 2);
+ memcpy(&u1[6], &uuid->usTimeHigh, 2);
+ u1[8] = uuid->bClockSeqHigh;
+ u1[9] = uuid->bClockSeqLow;
+ memcpy(&u1[10], uuid->rgbNode, 6);
+
+ ret = _gnutls_buffer_append_str(&buf, "tpmkey:uuid=");
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_buffer_append_printf(&buf,
+ "%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x",
+ (unsigned int) u1[0],
+ (unsigned int) u1[1],
+ (unsigned int) u1[2],
+ (unsigned int) u1[3],
+ (unsigned int) u1[4],
+ (unsigned int) u1[5],
+ (unsigned int) u1[6],
+ (unsigned int) u1[7],
+ (unsigned int) u1[8],
+ (unsigned int) u1[9],
+ (unsigned int) u1[10],
+ (unsigned int) u1[11],
+ (unsigned int) u1[12],
+ (unsigned int) u1[13],
+ (unsigned int) u1[14],
+ (unsigned int) u1[15]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_buffer_append_printf(&buf, ";storage=%s",
+ (storage ==
+ TSS_PS_TYPE_USER) ? "user" :
+ "system");
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_buffer_to_datum(&buf, &dret);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ *url = (char *) dret.data;
+
+ return 0;
+ cleanup:
+ _gnutls_buffer_clear(&buf);
+ return ret;
}
-static int decode_tpmkey_url(const char* url, struct tpmkey_url_st *s)
+static int decode_tpmkey_url(const char *url, struct tpmkey_url_st *s)
{
- char* p;
- size_t size;
- int ret;
- unsigned int i, j;
-
- if (strstr (url, "tpmkey:") == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- memset(s, 0, sizeof(*s));
-
- p = strstr(url, "file=");
- if (p != NULL)
- {
- p += sizeof ("file=") - 1;
- size = strlen(p);
- s->filename = gnutls_malloc(size+1);
- if (s->filename == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = unescape_string (s->filename, p, &size, ';');
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- s->filename[size] = 0;
- }
- else if ((p = strstr(url, "uuid=")) != NULL)
- {
- char tmp_uuid[33];
- uint8_t raw_uuid[16];
-
- p += sizeof ("uuid=") - 1;
- size = strlen(p);
-
- for (j=i=0;i<size;i++)
- {
- if (j==sizeof(tmp_uuid)-1)
- {
- break;
- }
- if (c_isalnum(p[i])) tmp_uuid[j++]=p[i];
- }
- tmp_uuid[j] = 0;
-
- size = sizeof(raw_uuid);
- ret = _gnutls_hex2bin(tmp_uuid, strlen(tmp_uuid), raw_uuid, &size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- memcpy(&s->uuid.ulTimeLow, raw_uuid, 4);
- memcpy(&s->uuid.usTimeMid, &raw_uuid[4], 2);
- memcpy(&s->uuid.usTimeHigh, &raw_uuid[6], 2);
- s->uuid.bClockSeqHigh = raw_uuid[8];
- s->uuid.bClockSeqLow = raw_uuid[9];
- memcpy(&s->uuid.rgbNode, &raw_uuid[10], 6);
- s->uuid_set = 1;
- }
- else
- {
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- }
-
- if ((p = strstr(url, "storage=user")) != NULL)
- s->storage = TSS_PS_TYPE_USER;
- else
- s->storage = TSS_PS_TYPE_SYSTEM;
-
- return 0;
-
-cleanup:
- clear_tpmkey_url(s);
- return ret;
+ char *p;
+ size_t size;
+ int ret;
+ unsigned int i, j;
+
+ if (strstr(url, "tpmkey:") == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ memset(s, 0, sizeof(*s));
+
+ p = strstr(url, "file=");
+ if (p != NULL) {
+ p += sizeof("file=") - 1;
+ size = strlen(p);
+ s->filename = gnutls_malloc(size + 1);
+ if (s->filename == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret = unescape_string(s->filename, p, &size, ';');
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ s->filename[size] = 0;
+ } else if ((p = strstr(url, "uuid=")) != NULL) {
+ char tmp_uuid[33];
+ uint8_t raw_uuid[16];
+
+ p += sizeof("uuid=") - 1;
+ size = strlen(p);
+
+ for (j = i = 0; i < size; i++) {
+ if (j == sizeof(tmp_uuid) - 1) {
+ break;
+ }
+ if (c_isalnum(p[i]))
+ tmp_uuid[j++] = p[i];
+ }
+ tmp_uuid[j] = 0;
+
+ size = sizeof(raw_uuid);
+ ret =
+ _gnutls_hex2bin(tmp_uuid, strlen(tmp_uuid), raw_uuid,
+ &size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ memcpy(&s->uuid.ulTimeLow, raw_uuid, 4);
+ memcpy(&s->uuid.usTimeMid, &raw_uuid[4], 2);
+ memcpy(&s->uuid.usTimeHigh, &raw_uuid[6], 2);
+ s->uuid.bClockSeqHigh = raw_uuid[8];
+ s->uuid.bClockSeqLow = raw_uuid[9];
+ memcpy(&s->uuid.rgbNode, &raw_uuid[10], 6);
+ s->uuid_set = 1;
+ } else {
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+
+ if ((p = strstr(url, "storage=user")) != NULL)
+ s->storage = TSS_PS_TYPE_USER;
+ else
+ s->storage = TSS_PS_TYPE_SYSTEM;
+
+ return 0;
+
+ cleanup:
+ clear_tpmkey_url(s);
+ return ret;
}
/**
@@ -855,206 +846,206 @@ cleanup:
*
**/
int
-gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey,
- const char* url,
- const char *srk_password,
- const char *key_password,
- unsigned int flags)
+gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey,
+ const char *url,
+ const char *srk_password,
+ const char *key_password, unsigned int flags)
{
-struct tpmkey_url_st durl;
-gnutls_datum_t fdata = { NULL, 0 };
-int ret;
-
- ret = decode_tpmkey_url(url, &durl);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (durl.filename)
- {
- ret = gnutls_load_file(durl.filename, &fdata);
- if (ret < 0)
- {
- gnutls_assert();
- _gnutls_debug_log("Error loading %s\n", durl.filename);
- goto cleanup;
- }
-
- ret = gnutls_privkey_import_tpm_raw (pkey, &fdata, GNUTLS_TPMKEY_FMT_CTK_PEM,
- srk_password, key_password, flags);
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- ret = gnutls_privkey_import_tpm_raw (pkey, &fdata, GNUTLS_TPMKEY_FMT_RAW,
- srk_password, key_password, flags);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- else if (durl.uuid_set)
- {
- if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
- ret = import_tpm_key (pkey, NULL, 0, &durl.uuid, durl.storage, srk_password, key_password);
- else
- ret = import_tpm_key_cb (pkey, NULL, 0, &durl.uuid, durl.storage, srk_password, key_password);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = 0;
-cleanup:
- gnutls_free(fdata.data);
- clear_tpmkey_url(&durl);
- return ret;
+ struct tpmkey_url_st durl;
+ gnutls_datum_t fdata = { NULL, 0 };
+ int ret;
+
+ ret = decode_tpmkey_url(url, &durl);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (durl.filename) {
+ ret = gnutls_load_file(durl.filename, &fdata);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_debug_log("Error loading %s\n",
+ durl.filename);
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_import_tpm_raw(pkey, &fdata,
+ GNUTLS_TPMKEY_FMT_CTK_PEM,
+ srk_password,
+ key_password, flags);
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ ret =
+ gnutls_privkey_import_tpm_raw(pkey, &fdata,
+ GNUTLS_TPMKEY_FMT_RAW,
+ srk_password,
+ key_password,
+ flags);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else if (durl.uuid_set) {
+ if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
+ ret =
+ import_tpm_key(pkey, NULL, 0, &durl.uuid,
+ durl.storage, srk_password,
+ key_password);
+ else
+ ret =
+ import_tpm_key_cb(pkey, NULL, 0, &durl.uuid,
+ durl.storage, srk_password,
+ key_password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = 0;
+ cleanup:
+ gnutls_free(fdata.data);
+ clear_tpmkey_url(&durl);
+ return ret;
}
/* reads the RSA public key from the given TSS key.
* If psize is non-null it contains the total size of the parameters
* in bytes */
-static int read_pubkey(gnutls_pubkey_t pub, TSS_HKEY key_ctx, size_t *psize)
+static int read_pubkey(gnutls_pubkey_t pub, TSS_HKEY key_ctx,
+ size_t * psize)
{
-void* tdata;
-UINT32 tint;
-TSS_RESULT tssret;
-gnutls_datum_t m, e;
-int ret;
-
- /* read the public key */
-
- tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
- TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &tint, (void*)&tdata);
- if (tssret != 0)
- {
- gnutls_assert();
- return tss_err(tssret);
- }
-
- m.data = tdata;
- m.size = tint;
-
- tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
- TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &tint, (void*)&tdata);
- if (tssret != 0)
- {
- gnutls_assert();
- Tspi_Context_FreeMemory(key_ctx, m.data);
- return tss_err(tssret);
- }
-
- e.data = tdata;
- e.size = tint;
-
- ret = gnutls_pubkey_import_rsa_raw(pub, &m, &e);
-
- Tspi_Context_FreeMemory(key_ctx, m.data);
- Tspi_Context_FreeMemory(key_ctx, e.data);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (psize)
- *psize = e.size + m.size;
-
- return 0;
+ void *tdata;
+ UINT32 tint;
+ TSS_RESULT tssret;
+ gnutls_datum_t m, e;
+ int ret;
+
+ /* read the public key */
+
+ tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
+ TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
+ &tint, (void *) &tdata);
+ if (tssret != 0) {
+ gnutls_assert();
+ return tss_err(tssret);
+ }
+
+ m.data = tdata;
+ m.size = tint;
+
+ tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
+ TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT,
+ &tint, (void *) &tdata);
+ if (tssret != 0) {
+ gnutls_assert();
+ Tspi_Context_FreeMemory(key_ctx, m.data);
+ return tss_err(tssret);
+ }
+
+ e.data = tdata;
+ e.size = tint;
+
+ ret = gnutls_pubkey_import_rsa_raw(pub, &m, &e);
+
+ Tspi_Context_FreeMemory(key_ctx, m.data);
+ Tspi_Context_FreeMemory(key_ctx, e.data);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (psize)
+ *psize = e.size + m.size;
+
+ return 0;
}
static int
-import_tpm_pubkey (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- TSS_UUID *uuid,
- TSS_FLAG storage,
- const char *srk_password)
+import_tpm_pubkey(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ TSS_UUID * uuid,
+ TSS_FLAG storage, const char *srk_password)
{
-int err, ret;
-struct tpm_ctx_st s;
-
- ret = tpm_open_session(&s, srk_password);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (fdata != NULL)
- {
- ret = load_key(s.tpm_ctx, s.srk, fdata, format, &s.tpm_key);
- if (ret < 0)
- {
- gnutls_assert();
- goto out_session;
- }
- }
- else if (uuid)
- {
- err =
- Tspi_Context_LoadKeyByUUID (s.tpm_ctx, storage,
- *uuid, &s.tpm_key);
- if (err)
- {
- gnutls_assert ();
- ret = tss_err(err);
- goto out_session;
- }
- }
- else
- {
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto out_session;
- }
-
- ret = read_pubkey(pkey, s.tpm_key, NULL);
- if (ret < 0)
- {
- gnutls_assert();
- goto out_session;
- }
-
- ret = 0;
-out_session:
- tpm_close_session(&s);
- return ret;
+ int err, ret;
+ struct tpm_ctx_st s;
+
+ ret = tpm_open_session(&s, srk_password);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (fdata != NULL) {
+ ret =
+ load_key(s.tpm_ctx, s.srk, fdata, format, &s.tpm_key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_session;
+ }
+ } else if (uuid) {
+ err =
+ Tspi_Context_LoadKeyByUUID(s.tpm_ctx, storage,
+ *uuid, &s.tpm_key);
+ if (err) {
+ gnutls_assert();
+ ret = tss_err(err);
+ goto out_session;
+ }
+ } else {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto out_session;
+ }
+
+ ret = read_pubkey(pkey, s.tpm_key, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_session;
+ }
+
+ ret = 0;
+ out_session:
+ tpm_close_session(&s);
+ return ret;
}
static int
-import_tpm_pubkey_cb (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- TSS_UUID *uuid,
- TSS_FLAG storage,
- const char *srk_password)
+import_tpm_pubkey_cb(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ TSS_UUID * uuid,
+ TSS_FLAG storage, const char *srk_password)
{
-unsigned int attempts = 0;
-char pin1[GNUTLS_PKCS11_MAX_PIN_LEN];
-int ret;
-
- do
- {
- ret = import_tpm_pubkey(pkey, fdata, format, uuid, storage, srk_password);
-
- if (attempts > 3)
- break;
-
- if (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR)
- {
- ret = tpm_pin(&pkey->pin, &srk_uuid, storage, pin1, sizeof(pin1), attempts++);
- if (ret < 0)
- {
- gnutls_assert();
- return GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
- }
- srk_password = pin1;
- }
- }
- while(ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR);
-
- if (ret < 0)
- gnutls_assert();
- return ret;
+ unsigned int attempts = 0;
+ char pin1[GNUTLS_PKCS11_MAX_PIN_LEN];
+ int ret;
+
+ do {
+ ret =
+ import_tpm_pubkey(pkey, fdata, format, uuid, storage,
+ srk_password);
+
+ if (attempts > 3)
+ break;
+
+ if (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR) {
+ ret =
+ tpm_pin(&pkey->pin, &srk_uuid, storage, pin1,
+ sizeof(pin1), attempts++);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_TPM_SRK_PASSWORD_ERROR;
+ }
+ srk_password = pin1;
+ }
+ }
+ while (ret == GNUTLS_E_TPM_SRK_PASSWORD_ERROR);
+
+ if (ret < 0)
+ gnutls_assert();
+ return ret;
}
@@ -1078,16 +1069,17 @@ int ret;
* Since: 3.1.0
**/
int
-gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- unsigned int flags)
+gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password, unsigned int flags)
{
- if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
- return import_tpm_pubkey_cb(pkey, fdata, format, NULL, 0, srk_password);
- else
- return import_tpm_pubkey(pkey, fdata, format, NULL, 0, srk_password);
+ if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
+ return import_tpm_pubkey_cb(pkey, fdata, format, NULL, 0,
+ srk_password);
+ else
+ return import_tpm_pubkey(pkey, fdata, format, NULL, 0,
+ srk_password);
}
/**
@@ -1113,58 +1105,61 @@ gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
*
**/
int
-gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey,
- const char* url,
- const char *srk_password,
- unsigned int flags)
+gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey,
+ const char *url,
+ const char *srk_password, unsigned int flags)
{
-struct tpmkey_url_st durl;
-gnutls_datum_t fdata = { NULL, 0 };
-int ret;
-
- ret = decode_tpmkey_url(url, &durl);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (durl.filename)
- {
-
- ret = gnutls_load_file(durl.filename, &fdata);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_tpm_raw (pkey, &fdata, GNUTLS_TPMKEY_FMT_CTK_PEM,
- srk_password, flags);
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- ret = gnutls_pubkey_import_tpm_raw (pkey, &fdata, GNUTLS_TPMKEY_FMT_RAW,
- srk_password, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- else if (durl.uuid_set)
- {
- if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
- ret = import_tpm_pubkey (pkey, NULL, 0, &durl.uuid, durl.storage, srk_password);
- else
- ret = import_tpm_pubkey_cb (pkey, NULL, 0, &durl.uuid, durl.storage, srk_password);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- ret = 0;
-cleanup:
- gnutls_free(fdata.data);
- clear_tpmkey_url(&durl);
- return ret;
+ struct tpmkey_url_st durl;
+ gnutls_datum_t fdata = { NULL, 0 };
+ int ret;
+
+ ret = decode_tpmkey_url(url, &durl);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (durl.filename) {
+
+ ret = gnutls_load_file(durl.filename, &fdata);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_pubkey_import_tpm_raw(pkey, &fdata,
+ GNUTLS_TPMKEY_FMT_CTK_PEM,
+ srk_password, flags);
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ ret =
+ gnutls_pubkey_import_tpm_raw(pkey, &fdata,
+ GNUTLS_TPMKEY_FMT_RAW,
+ srk_password,
+ flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else if (durl.uuid_set) {
+ if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
+ ret =
+ import_tpm_pubkey(pkey, NULL, 0, &durl.uuid,
+ durl.storage, srk_password);
+ else
+ ret =
+ import_tpm_pubkey_cb(pkey, NULL, 0, &durl.uuid,
+ durl.storage,
+ srk_password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = 0;
+ cleanup:
+ gnutls_free(fdata.data);
+ clear_tpmkey_url(&durl);
+ return ret;
}
@@ -1203,274 +1198,270 @@ cleanup:
* Since: 3.1.0
**/
int
-gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits,
- const char* srk_password,
- const char* key_password,
- gnutls_tpmkey_fmt_t format,
- gnutls_x509_crt_fmt_t pub_format,
- gnutls_datum_t* privkey,
- gnutls_datum_t* pubkey,
- unsigned int flags)
+gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
+ const char *srk_password,
+ const char *key_password,
+ gnutls_tpmkey_fmt_t format,
+ gnutls_x509_crt_fmt_t pub_format,
+ gnutls_datum_t * privkey,
+ gnutls_datum_t * pubkey, unsigned int flags)
{
-TSS_FLAG tpm_flags = TSS_KEY_VOLATILE;
-TSS_HKEY key_ctx;
-TSS_RESULT tssret;
-int ret;
-void* tdata;
-UINT32 tint;
-gnutls_datum_t tmpkey = {NULL, 0};
-TSS_HPOLICY key_policy;
-gnutls_pubkey_t pub;
-struct tpm_ctx_st s;
-TSS_FLAG storage_type;
-TSS_HTPM htpm;
-uint8_t buf[32];
-
- if (flags & GNUTLS_TPM_KEY_SIGNING)
- tpm_flags |= TSS_KEY_TYPE_SIGNING;
- else
- tpm_flags |= TSS_KEY_TYPE_LEGACY;
-
- if (flags & GNUTLS_TPM_KEY_USER)
- storage_type = TSS_PS_TYPE_USER;
- else
- storage_type = TSS_PS_TYPE_SYSTEM;
-
- if (bits <= 512)
- tpm_flags |= TSS_KEY_SIZE_512;
- else if (bits <= 1024)
- tpm_flags |= TSS_KEY_SIZE_1024;
- else if (bits <= 2048)
- tpm_flags |= TSS_KEY_SIZE_2048;
- else if (bits <= 4096)
- tpm_flags |= TSS_KEY_SIZE_4096;
- else if (bits <= 8192)
- tpm_flags |= TSS_KEY_SIZE_8192;
- else
- tpm_flags |= TSS_KEY_SIZE_16384;
-
- ret = tpm_open_session(&s, srk_password);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* put some randomness into TPM.
- * Let's not trust it completely.
- */
- tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_cc;
- }
-
-
- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
- if (ret < 0)
- {
- gnutls_assert();
- goto err_cc;
- }
-
- tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf);
- if (tssret)
- {
- gnutls_assert();
- }
-
- tssret = Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY, tpm_flags, &key_ctx);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_cc;
- }
-
- tssret = Tspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
- TSS_SS_RSASSAPKCS1V15_DER);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
-
- /* set the password of the actual key */
- if (key_password)
- {
- tssret = Tspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE, &key_policy);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
-
- tssret = myTspi_Policy_SetSecret(key_policy,
- SAFE_LEN(key_password), (void*)key_password);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
- }
-
- tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
-
- if (flags & GNUTLS_TPM_REGISTER_KEY)
- {
- TSS_UUID key_uuid;
-
- ret = randomize_uuid(&key_uuid);
- if (ret < 0)
- {
- gnutls_assert();
- goto err_sa;
- }
-
- tssret = Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx, storage_type,
- key_uuid, TSS_PS_TYPE_SYSTEM, srk_uuid);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
-
- ret = encode_tpmkey_url((char**)&privkey->data, &key_uuid, storage_type);
- if (ret < 0)
- {
- TSS_HKEY tkey;
-
- Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type, key_uuid, &tkey);
- gnutls_assert();
- goto err_sa;
- }
- privkey->size = strlen((char*)privkey->data);
-
- }
- else /* get the key as blob */
- {
-
- tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB,
- TSS_TSPATTRIB_KEYBLOB_BLOB, &tint, (void*)&tdata);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_sa;
- }
-
-
- if (format == GNUTLS_TPMKEY_FMT_CTK_PEM)
- {
- ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING, tdata, tint, &tmpkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_fbase64_encode ("TSS KEY BLOB", tmpkey.data, tmpkey.size, privkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- else
- {
- UINT32 tint2;
-
- tmpkey.size = tint + 32; /* spec says no more than 20 */
- tmpkey.data = gnutls_malloc(tmpkey.size);
- if (tmpkey.data == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- tint2 = tmpkey.size;
- tssret = Tspi_EncodeDER_TssBlob(tint, tdata, TSS_BLOB_TYPE_PRIVATEKEY,
- &tint2, tmpkey.data);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto cleanup;
- }
-
- tmpkey.size = tint2;
-
- privkey->data = tmpkey.data;
- privkey->size = tmpkey.size;
- tmpkey.data = NULL;
- }
- }
-
- /* read the public key */
- if (pubkey != NULL)
- {
- size_t psize;
-
- ret = gnutls_pubkey_init(&pub);
- if (ret < 0)
- {
- gnutls_assert();
- goto privkey_cleanup;
- }
-
- ret = read_pubkey(pub, key_ctx, &psize);
- if (ret < 0)
- {
- gnutls_assert();
- goto privkey_cleanup;
- }
- psize+=512;
-
- pubkey->data = gnutls_malloc(psize);
- if (pubkey->data == NULL)
- {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto pubkey_cleanup;
- }
-
- ret = gnutls_pubkey_export(pub, pub_format, pubkey->data, &psize);
- if (ret < 0)
- {
- gnutls_assert();
- goto pubkey_cleanup;
- }
- pubkey->size = psize;
-
- gnutls_pubkey_deinit(pub);
- }
-
- ret = 0;
- goto cleanup;
-
-pubkey_cleanup:
- gnutls_pubkey_deinit(pub);
-privkey_cleanup:
- gnutls_free(privkey->data);
- privkey->data = NULL;
-cleanup:
- gnutls_free(tmpkey.data);
- tmpkey.data = NULL;
-err_sa:
- Tspi_Context_CloseObject(s.tpm_ctx, key_ctx);
-err_cc:
- tpm_close_session(&s);
- return ret;
+ TSS_FLAG tpm_flags = TSS_KEY_VOLATILE;
+ TSS_HKEY key_ctx;
+ TSS_RESULT tssret;
+ int ret;
+ void *tdata;
+ UINT32 tint;
+ gnutls_datum_t tmpkey = { NULL, 0 };
+ TSS_HPOLICY key_policy;
+ gnutls_pubkey_t pub;
+ struct tpm_ctx_st s;
+ TSS_FLAG storage_type;
+ TSS_HTPM htpm;
+ uint8_t buf[32];
+
+ if (flags & GNUTLS_TPM_KEY_SIGNING)
+ tpm_flags |= TSS_KEY_TYPE_SIGNING;
+ else
+ tpm_flags |= TSS_KEY_TYPE_LEGACY;
+
+ if (flags & GNUTLS_TPM_KEY_USER)
+ storage_type = TSS_PS_TYPE_USER;
+ else
+ storage_type = TSS_PS_TYPE_SYSTEM;
+
+ if (bits <= 512)
+ tpm_flags |= TSS_KEY_SIZE_512;
+ else if (bits <= 1024)
+ tpm_flags |= TSS_KEY_SIZE_1024;
+ else if (bits <= 2048)
+ tpm_flags |= TSS_KEY_SIZE_2048;
+ else if (bits <= 4096)
+ tpm_flags |= TSS_KEY_SIZE_4096;
+ else if (bits <= 8192)
+ tpm_flags |= TSS_KEY_SIZE_8192;
+ else
+ tpm_flags |= TSS_KEY_SIZE_16384;
+
+ ret = tpm_open_session(&s, srk_password);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* put some randomness into TPM.
+ * Let's not trust it completely.
+ */
+ tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_cc;
+ }
+
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
+ if (ret < 0) {
+ gnutls_assert();
+ goto err_cc;
+ }
+
+ tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf);
+ if (tssret) {
+ gnutls_assert();
+ }
+
+ tssret =
+ Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY,
+ tpm_flags, &key_ctx);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_cc;
+ }
+
+ tssret =
+ Tspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO,
+ TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
+ TSS_SS_RSASSAPKCS1V15_DER);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+
+ /* set the password of the actual key */
+ if (key_password) {
+ tssret =
+ Tspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE,
+ &key_policy);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+
+ tssret = myTspi_Policy_SetSecret(key_policy,
+ SAFE_LEN(key_password),
+ (void *) key_password);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+ }
+
+ tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+
+ if (flags & GNUTLS_TPM_REGISTER_KEY) {
+ TSS_UUID key_uuid;
+
+ ret = randomize_uuid(&key_uuid);
+ if (ret < 0) {
+ gnutls_assert();
+ goto err_sa;
+ }
+
+ tssret =
+ Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx,
+ storage_type, key_uuid,
+ TSS_PS_TYPE_SYSTEM, srk_uuid);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+
+ ret =
+ encode_tpmkey_url((char **) &privkey->data, &key_uuid,
+ storage_type);
+ if (ret < 0) {
+ TSS_HKEY tkey;
+
+ Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type,
+ key_uuid, &tkey);
+ gnutls_assert();
+ goto err_sa;
+ }
+ privkey->size = strlen((char *) privkey->data);
+
+ } else { /* get the key as blob */
+
+
+ tssret =
+ Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB,
+ TSS_TSPATTRIB_KEYBLOB_BLOB, &tint,
+ (void *) &tdata);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_sa;
+ }
+
+
+ if (format == GNUTLS_TPMKEY_FMT_CTK_PEM) {
+ ret =
+ _gnutls_x509_encode_string
+ (ASN1_ETYPE_OCTET_STRING, tdata, tint,
+ &tmpkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_fbase64_encode("TSS KEY BLOB",
+ tmpkey.data,
+ tmpkey.size, privkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else {
+ UINT32 tint2;
+
+ tmpkey.size = tint + 32; /* spec says no more than 20 */
+ tmpkey.data = gnutls_malloc(tmpkey.size);
+ if (tmpkey.data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ tint2 = tmpkey.size;
+ tssret =
+ Tspi_EncodeDER_TssBlob(tint, tdata,
+ TSS_BLOB_TYPE_PRIVATEKEY,
+ &tint2, tmpkey.data);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto cleanup;
+ }
+
+ tmpkey.size = tint2;
+
+ privkey->data = tmpkey.data;
+ privkey->size = tmpkey.size;
+ tmpkey.data = NULL;
+ }
+ }
+
+ /* read the public key */
+ if (pubkey != NULL) {
+ size_t psize;
+
+ ret = gnutls_pubkey_init(&pub);
+ if (ret < 0) {
+ gnutls_assert();
+ goto privkey_cleanup;
+ }
+
+ ret = read_pubkey(pub, key_ctx, &psize);
+ if (ret < 0) {
+ gnutls_assert();
+ goto privkey_cleanup;
+ }
+ psize += 512;
+
+ pubkey->data = gnutls_malloc(psize);
+ if (pubkey->data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto pubkey_cleanup;
+ }
+
+ ret =
+ gnutls_pubkey_export(pub, pub_format, pubkey->data,
+ &psize);
+ if (ret < 0) {
+ gnutls_assert();
+ goto pubkey_cleanup;
+ }
+ pubkey->size = psize;
+
+ gnutls_pubkey_deinit(pub);
+ }
+
+ ret = 0;
+ goto cleanup;
+
+ pubkey_cleanup:
+ gnutls_pubkey_deinit(pub);
+ privkey_cleanup:
+ gnutls_free(privkey->data);
+ privkey->data = NULL;
+ cleanup:
+ gnutls_free(tmpkey.data);
+ tmpkey.data = NULL;
+ err_sa:
+ Tspi_Context_CloseObject(s.tpm_ctx, key_ctx);
+ err_cc:
+ tpm_close_session(&s);
+ return ret;
}
@@ -1482,11 +1473,11 @@ err_cc:
*
* Since: 3.1.0
**/
-void
-gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list)
+void gnutls_tpm_key_list_deinit(gnutls_tpm_key_list_t list)
{
- if (list->tpm_ctx != 0) Tspi_Context_Close (list->tpm_ctx);
- gnutls_free(list);
+ if (list->tpm_ctx != 0)
+ Tspi_Context_Close(list->tpm_ctx);
+ gnutls_free(list);
}
/**
@@ -1507,12 +1498,16 @@ gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list)
* Since: 3.1.0
**/
int
-gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char** url, unsigned int flags)
+gnutls_tpm_key_list_get_url(gnutls_tpm_key_list_t list, unsigned int idx,
+ char **url, unsigned int flags)
{
- if (idx >= list->size)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+ if (idx >= list->size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
- return encode_tpmkey_url(url, &list->ki[idx].keyUUID, list->ki[idx].persistentStorageType);
+ return encode_tpmkey_url(url, &list->ki[idx].keyUUID,
+ list->ki[idx].persistentStorageType);
}
/**
@@ -1527,47 +1522,45 @@ gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char*
*
* Since: 3.1.0
**/
-int
-gnutls_tpm_get_registered (gnutls_tpm_key_list_t *list)
+int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list)
{
-TSS_RESULT tssret;
-int ret;
-
- *list = gnutls_calloc(1, sizeof(struct tpm_key_list_st));
- if (*list == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- tssret = Tspi_Context_Create (&(*list)->tpm_ctx);
- if (tssret)
- {
- gnutls_assert ();
- ret = tss_err(tssret);
- goto cleanup;
- }
-
- tssret = Tspi_Context_Connect ((*list)->tpm_ctx, NULL);
- if (tssret)
- {
- gnutls_assert ();
- ret = tss_err(tssret);
- goto cleanup;
- }
-
- tssret =
- Tspi_Context_GetRegisteredKeysByUUID2((*list)->tpm_ctx, TSS_PS_TYPE_SYSTEM,
- NULL, &(*list)->size, &(*list)->ki);
- if (tssret)
- {
- gnutls_assert ();
- ret = tss_err(tssret);
- goto cleanup;
- }
- return 0;
-
-cleanup:
- gnutls_tpm_key_list_deinit(*list);
-
- return ret;
+ TSS_RESULT tssret;
+ int ret;
+
+ *list = gnutls_calloc(1, sizeof(struct tpm_key_list_st));
+ if (*list == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ tssret = Tspi_Context_Create(&(*list)->tpm_ctx);
+ if (tssret) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto cleanup;
+ }
+
+ tssret = Tspi_Context_Connect((*list)->tpm_ctx, NULL);
+ if (tssret) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto cleanup;
+ }
+
+ tssret =
+ Tspi_Context_GetRegisteredKeysByUUID2((*list)->tpm_ctx,
+ TSS_PS_TYPE_SYSTEM, NULL,
+ &(*list)->size,
+ &(*list)->ki);
+ if (tssret) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto cleanup;
+ }
+ return 0;
+
+ cleanup:
+ gnutls_tpm_key_list_deinit(*list);
+
+ return ret;
}
/**
@@ -1583,115 +1576,107 @@ cleanup:
*
* Since: 3.1.0
**/
-int
-gnutls_tpm_privkey_delete (const char* url, const char* srk_password)
+int gnutls_tpm_privkey_delete(const char *url, const char *srk_password)
{
-struct tpm_ctx_st s;
-struct tpmkey_url_st durl;
-TSS_RESULT tssret;
-TSS_HKEY tkey;
-int ret;
-
- ret = decode_tpmkey_url(url, &durl);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (durl.uuid_set == 0)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = tpm_open_session(&s, srk_password);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- tssret = Tspi_Context_UnregisterKey(s.tpm_ctx, durl.storage, durl.uuid, &tkey);
- if (tssret != 0)
- {
- gnutls_assert();
- ret = tss_err(tssret);
- goto err_cc;
- }
-
- ret = 0;
-err_cc:
- tpm_close_session(&s);
- return ret;
+ struct tpm_ctx_st s;
+ struct tpmkey_url_st durl;
+ TSS_RESULT tssret;
+ TSS_HKEY tkey;
+ int ret;
+
+ ret = decode_tpmkey_url(url, &durl);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (durl.uuid_set == 0)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = tpm_open_session(&s, srk_password);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ tssret =
+ Tspi_Context_UnregisterKey(s.tpm_ctx, durl.storage, durl.uuid,
+ &tkey);
+ if (tssret != 0) {
+ gnutls_assert();
+ ret = tss_err(tssret);
+ goto err_cc;
+ }
+
+ ret = 0;
+ err_cc:
+ tpm_close_session(&s);
+ return ret;
}
-#else /* HAVE_TROUSERS */
+#else /* HAVE_TROUSERS */
int
-gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- const char *key_password,
- unsigned int flags)
+gnutls_privkey_import_tpm_raw(gnutls_privkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password,
+ const char *key_password, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
-gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey,
- const char* url,
- const char *srk_password,
- const char *key_password,
- unsigned int flags)
+gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey,
+ const char *url,
+ const char *srk_password,
+ const char *key_password, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
-gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
- const gnutls_datum_t * fdata,
- gnutls_tpmkey_fmt_t format,
- const char *srk_password,
- unsigned int flags)
+gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey,
+ const gnutls_datum_t * fdata,
+ gnutls_tpmkey_fmt_t format,
+ const char *srk_password, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
-gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey,
- const char* url,
- const char *srk_password,
- unsigned int flags)
+gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey,
+ const char *url,
+ const char *srk_password, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
-gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits,
- const char* srk_password,
- const char* key_password,
- gnutls_tpmkey_fmt_t format,
- gnutls_x509_crt_fmt_t pub_format,
- gnutls_datum_t* privkey,
- gnutls_datum_t* pubkey,
- unsigned int flags)
+gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
+ const char *srk_password,
+ const char *key_password,
+ gnutls_tpmkey_fmt_t format,
+ gnutls_x509_crt_fmt_t pub_format,
+ gnutls_datum_t * privkey,
+ gnutls_datum_t * pubkey, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
-void
-gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list)
+void gnutls_tpm_key_list_deinit(gnutls_tpm_key_list_t list)
{
- return;
+ return;
}
int
-gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char** url, unsigned int flags)
+gnutls_tpm_key_list_get_url(gnutls_tpm_key_list_t list, unsigned int idx,
+ char **url, unsigned int flags)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
-int
-gnutls_tpm_get_registered (gnutls_tpm_key_list_t *list)
+int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
-int
-gnutls_tpm_privkey_delete (const char* url, const char* srk_password)
+int gnutls_tpm_privkey_delete(const char *url, const char *srk_password)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
-#endif /* HAVE_TROUSERS */
-
+#endif /* HAVE_TROUSERS */
diff --git a/lib/vasprintf.c b/lib/vasprintf.c
index dcc3061966..24e30d8731 100644
--- a/lib/vasprintf.c
+++ b/lib/vasprintf.c
@@ -9,24 +9,23 @@
int _gnutls_vasprintf(char **strp, const char *fmt, va_list ap)
{
-char * buf;
-int ret, max;
+ char *buf;
+ int ret, max;
- max = MAX_BSIZE/2;
+ max = MAX_BSIZE / 2;
- do
- {
- max *= 2;
+ do {
+ max *= 2;
- buf = malloc(max);
- if (buf == NULL)
- return -1;
-
- ret = vsnprintf(buf, max, fmt, ap);
- }
- while (ret > max && max < NO_MORE_MAX);
+ buf = malloc(max);
+ if (buf == NULL)
+ return -1;
- return ret;
+ ret = vsnprintf(buf, max, fmt, ap);
+ }
+ while (ret > max && max < NO_MORE_MAX);
+
+ return ret;
}
#endif
diff --git a/lib/vasprintf.h b/lib/vasprintf.h
index 6e0090c2d6..70574806bc 100644
--- a/lib/vasprintf.h
+++ b/lib/vasprintf.h
@@ -1,5 +1,5 @@
#ifndef VASPRINTF_H
-# define VASPRINTF_H
+#define VASPRINTF_H
#include <config.h>
#ifndef HAVE_VASPRINTF
diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c
index fd6b720204..e640a72031 100644
--- a/lib/verify-tofu.c
+++ b/lib/verify-tofu.c
@@ -24,7 +24,7 @@
#include <gnutls_errors.h>
#include <libtasn1.h>
#include <gnutls_global.h>
-#include <gnutls_num.h> /* MAX */
+#include <gnutls_num.h> /* MAX */
#include <gnutls_sig.h>
#include <gnutls_str.h>
#include <gnutls_datum.h>
@@ -36,35 +36,38 @@
#include <locks.h>
struct gnutls_tdb_int {
- gnutls_tdb_store_func store;
- gnutls_tdb_store_commitment_func cstore;
- gnutls_tdb_verify_func verify;
+ gnutls_tdb_store_func store;
+ gnutls_tdb_store_commitment_func cstore;
+ gnutls_tdb_verify_func verify;
};
-static int raw_pubkey_to_base64(const gnutls_datum_t* raw, gnutls_datum_t * b64);
-static int x509_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t *rpubkey);
-static int pgp_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t *rpubkey);
-static int verify_pubkey(const char* file,
- const char* host, const char* service,
- const gnutls_datum_t* skey);
-
-static
-int store_commitment(const char* db_name, const char* host,
- const char* service, time_t expiration,
- gnutls_digest_algorithm_t hash_algo,
- const gnutls_datum_t* hash);
-static
-int store_pubkey(const char* db_name, const char* host,
- const char* service, time_t expiration, const gnutls_datum_t* pubkey);
-
-static int find_config_file(char* file, size_t max_size);
+static int raw_pubkey_to_base64(const gnutls_datum_t * raw,
+ gnutls_datum_t * b64);
+static int x509_crt_to_raw_pubkey(const gnutls_datum_t * cert,
+ gnutls_datum_t * rpubkey);
+static int pgp_crt_to_raw_pubkey(const gnutls_datum_t * cert,
+ gnutls_datum_t * rpubkey);
+static int verify_pubkey(const char *file, const char *host,
+ const char *service, const gnutls_datum_t * skey);
+
+static
+int store_commitment(const char *db_name, const char *host,
+ const char *service, time_t expiration,
+ gnutls_digest_algorithm_t hash_algo,
+ const gnutls_datum_t * hash);
+static
+int store_pubkey(const char *db_name, const char *host,
+ const char *service, time_t expiration,
+ const gnutls_datum_t * pubkey);
+
+static int find_config_file(char *file, size_t max_size);
extern void *_gnutls_file_mutex;
struct gnutls_tdb_int default_tdb = {
- store_pubkey,
- store_commitment,
- verify_pubkey
+ store_pubkey,
+ store_commitment,
+ verify_pubkey
};
@@ -103,477 +106,489 @@ struct gnutls_tdb_int default_tdb = {
* Since: 3.0
**/
int
-gnutls_verify_stored_pubkey(const char* db_name,
- gnutls_tdb_t tdb,
- const char* host,
- const char* service,
- gnutls_certificate_type_t cert_type,
- const gnutls_datum_t * cert, unsigned int flags)
+gnutls_verify_stored_pubkey(const char *db_name,
+ gnutls_tdb_t tdb,
+ const char *host,
+ const char *service,
+ gnutls_certificate_type_t cert_type,
+ const gnutls_datum_t * cert,
+ unsigned int flags)
{
-gnutls_datum_t pubkey = { NULL, 0 };
-int ret;
-char local_file[MAX_FILENAME];
-
- if (cert_type != GNUTLS_CRT_X509 && cert_type != GNUTLS_CRT_OPENPGP)
- return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
-
- if (db_name == NULL && tdb == NULL)
- {
- ret = find_config_file(local_file, sizeof(local_file));
- if (ret < 0)
- return gnutls_assert_val(ret);
- db_name = local_file;
- }
-
- if (tdb == NULL)
- tdb = &default_tdb;
-
- if (cert_type == GNUTLS_CRT_X509)
- ret = x509_crt_to_raw_pubkey(cert, &pubkey);
- else
- ret = pgp_crt_to_raw_pubkey(cert, &pubkey);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = tdb->verify(db_name, host, service, &pubkey);
- if (ret < 0 && ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
- ret = gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
-
-cleanup:
- gnutls_free(pubkey.data);
- return ret;
+ gnutls_datum_t pubkey = { NULL, 0 };
+ int ret;
+ char local_file[MAX_FILENAME];
+
+ if (cert_type != GNUTLS_CRT_X509
+ && cert_type != GNUTLS_CRT_OPENPGP)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
+
+ if (db_name == NULL && tdb == NULL) {
+ ret = find_config_file(local_file, sizeof(local_file));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ db_name = local_file;
+ }
+
+ if (tdb == NULL)
+ tdb = &default_tdb;
+
+ if (cert_type == GNUTLS_CRT_X509)
+ ret = x509_crt_to_raw_pubkey(cert, &pubkey);
+ else
+ ret = pgp_crt_to_raw_pubkey(cert, &pubkey);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = tdb->verify(db_name, host, service, &pubkey);
+ if (ret < 0 && ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
+ ret = gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
+
+ cleanup:
+ gnutls_free(pubkey.data);
+ return ret;
}
-static int parse_commitment_line(char* line,
- const char* host, size_t host_len,
- const char* service, size_t service_len,
- time_t now,
- const gnutls_datum_t *skey)
+static int parse_commitment_line(char *line,
+ const char *host, size_t host_len,
+ const char *service, size_t service_len,
+ time_t now, const gnutls_datum_t * skey)
{
-char* p, *kp;
-char* savep = NULL;
-size_t kp_len, phash_size;
-time_t expiration;
-int ret;
-const mac_entry_st* hash_algo;
-uint8_t phash[MAX_HASH_SIZE];
-uint8_t hphash[MAX_HASH_SIZE*2+1];
-
- /* read host */
- p = strtok_r(line, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (p[0] != '*' && strcmp(p, host) != 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read service */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (p[0] != '*' && strcmp(p, service) != 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read expiration */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- expiration = (time_t)atol(p);
- if (expiration > 0 && now > expiration)
- return gnutls_assert_val(GNUTLS_E_EXPIRED);
-
- /* read hash algorithm */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- hash_algo = mac_to_entry(atol(p));
- if (_gnutls_digest_get_name(hash_algo) == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read hash */
- kp = strtok_r(NULL, "|", &savep);
- if (kp == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- p = strpbrk(kp, "\n \r\t|");
- if (p != NULL) *p = 0;
-
- /* hash and hex encode */
- ret = _gnutls_hash_fast (hash_algo->id, skey->data, skey->size, phash);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- phash_size = _gnutls_hash_get_algo_len(hash_algo);
-
- p = _gnutls_bin2hex (phash, phash_size,(void*) hphash,
- sizeof(hphash), NULL);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- kp_len = strlen(kp);
- if (kp_len != phash_size*2)
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
-
- if (memcmp(kp, hphash, kp_len) != 0)
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
-
- /* key found and matches */
- return 0;
+ char *p, *kp;
+ char *savep = NULL;
+ size_t kp_len, phash_size;
+ time_t expiration;
+ int ret;
+ const mac_entry_st *hash_algo;
+ uint8_t phash[MAX_HASH_SIZE];
+ uint8_t hphash[MAX_HASH_SIZE * 2 + 1];
+
+ /* read host */
+ p = strtok_r(line, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (p[0] != '*' && strcmp(p, host) != 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read service */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (p[0] != '*' && strcmp(p, service) != 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read expiration */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ expiration = (time_t) atol(p);
+ if (expiration > 0 && now > expiration)
+ return gnutls_assert_val(GNUTLS_E_EXPIRED);
+
+ /* read hash algorithm */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ hash_algo = mac_to_entry(atol(p));
+ if (_gnutls_digest_get_name(hash_algo) == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read hash */
+ kp = strtok_r(NULL, "|", &savep);
+ if (kp == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ p = strpbrk(kp, "\n \r\t|");
+ if (p != NULL)
+ *p = 0;
+
+ /* hash and hex encode */
+ ret =
+ _gnutls_hash_fast(hash_algo->id, skey->data, skey->size,
+ phash);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ phash_size = _gnutls_hash_get_algo_len(hash_algo);
+
+ p = _gnutls_bin2hex(phash, phash_size, (void *) hphash,
+ sizeof(hphash), NULL);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ kp_len = strlen(kp);
+ if (kp_len != phash_size * 2)
+ return
+ gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
+
+ if (memcmp(kp, hphash, kp_len) != 0)
+ return
+ gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
+
+ /* key found and matches */
+ return 0;
}
-static int parse_line(char* line,
- const char* host, size_t host_len,
- const char* service, size_t service_len,
- time_t now,
- const gnutls_datum_t *rawkey,
- const gnutls_datum_t *b64key)
+static int parse_line(char *line,
+ const char *host, size_t host_len,
+ const char *service, size_t service_len,
+ time_t now,
+ const gnutls_datum_t * rawkey,
+ const gnutls_datum_t * b64key)
{
-char* p, *kp;
-char* savep = NULL;
-size_t kp_len;
-time_t expiration;
-
- /* read version */
- p = strtok_r(line, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (strncmp(p, "c0", 2) == 0)
- return parse_commitment_line(p+3, host, host_len, service, service_len, now, rawkey);
-
- if (strncmp(p, "g0", 2) != 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read host */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (p[0] != '*' && strcmp(p, host) != 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read service */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (p[0] != '*' && strcmp(p, service) != 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- /* read expiration */
- p = strtok_r(NULL, "|", &savep);
- if (p == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- expiration = (time_t)atol(p);
- if (expiration > 0 && now > expiration)
- return gnutls_assert_val(GNUTLS_E_EXPIRED);
-
- /* read key */
- kp = strtok_r(NULL, "|", &savep);
- if (kp == NULL)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- p = strpbrk(kp, "\n \r\t|");
- if (p != NULL) *p = 0;
-
- kp_len = strlen(kp);
- if (kp_len != b64key->size)
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
-
- if (memcmp(kp, b64key->data, b64key->size) != 0)
- return gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
-
- /* key found and matches */
- return 0;
+ char *p, *kp;
+ char *savep = NULL;
+ size_t kp_len;
+ time_t expiration;
+
+ /* read version */
+ p = strtok_r(line, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (strncmp(p, "c0", 2) == 0)
+ return parse_commitment_line(p + 3, host, host_len,
+ service, service_len, now,
+ rawkey);
+
+ if (strncmp(p, "g0", 2) != 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read host */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (p[0] != '*' && strcmp(p, host) != 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read service */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (p[0] != '*' && strcmp(p, service) != 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ /* read expiration */
+ p = strtok_r(NULL, "|", &savep);
+ if (p == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ expiration = (time_t) atol(p);
+ if (expiration > 0 && now > expiration)
+ return gnutls_assert_val(GNUTLS_E_EXPIRED);
+
+ /* read key */
+ kp = strtok_r(NULL, "|", &savep);
+ if (kp == NULL)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ p = strpbrk(kp, "\n \r\t|");
+ if (p != NULL)
+ *p = 0;
+
+ kp_len = strlen(kp);
+ if (kp_len != b64key->size)
+ return
+ gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
+
+ if (memcmp(kp, b64key->data, b64key->size) != 0)
+ return
+ gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH);
+
+ /* key found and matches */
+ return 0;
}
/* Returns the base64 key if found
*/
-static int verify_pubkey(const char* file,
- const char* host, const char* service,
- const gnutls_datum_t* pubkey)
+static int verify_pubkey(const char *file,
+ const char *host, const char *service,
+ const gnutls_datum_t * pubkey)
{
-FILE* fd;
-char* line = NULL;
-size_t line_size = 0;
-int ret, l2, mismatch = 0;
-size_t host_len = 0, service_len = 0;
-time_t now = gnutls_time(0);
-gnutls_datum_t b64key = { NULL, 0 };
-
- ret = raw_pubkey_to_base64(pubkey, &b64key);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (host != NULL) host_len = strlen(host);
- if (service != NULL) service_len = strlen(service);
-
- fd = fopen(file, "rb");
- if (fd == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR);
- goto cleanup;
- }
-
- do
- {
- l2 = getline(&line, &line_size, fd);
- if (l2 > 0)
- {
- ret = parse_line(line, host, host_len, service, service_len, now, pubkey, &b64key);
- if (ret == 0) /* found */
- {
- goto cleanup;
- }
- else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
- mismatch = 1;
- }
- }
- while(l2 >= 0);
-
- if (mismatch)
- ret = GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
- else
- ret = GNUTLS_E_NO_CERTIFICATE_FOUND;
-
-cleanup:
- free(line);
- if (fd != NULL)
- fclose(fd);
- gnutls_free(b64key.data);
-
- return ret;
+ FILE *fd;
+ char *line = NULL;
+ size_t line_size = 0;
+ int ret, l2, mismatch = 0;
+ size_t host_len = 0, service_len = 0;
+ time_t now = gnutls_time(0);
+ gnutls_datum_t b64key = { NULL, 0 };
+
+ ret = raw_pubkey_to_base64(pubkey, &b64key);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (host != NULL)
+ host_len = strlen(host);
+ if (service != NULL)
+ service_len = strlen(service);
+
+ fd = fopen(file, "rb");
+ if (fd == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+ goto cleanup;
+ }
+
+ do {
+ l2 = getline(&line, &line_size, fd);
+ if (l2 > 0) {
+ ret =
+ parse_line(line, host, host_len, service,
+ service_len, now, pubkey, &b64key);
+ if (ret == 0) { /* found */
+ goto cleanup;
+ } else if (ret ==
+ GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
+ mismatch = 1;
+ }
+ }
+ while (l2 >= 0);
+
+ if (mismatch)
+ ret = GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
+ else
+ ret = GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ cleanup:
+ free(line);
+ if (fd != NULL)
+ fclose(fd);
+ gnutls_free(b64key.data);
+
+ return ret;
}
-static int raw_pubkey_to_base64(const gnutls_datum_t* raw, gnutls_datum_t * b64)
+static int raw_pubkey_to_base64(const gnutls_datum_t * raw,
+ gnutls_datum_t * b64)
{
- int ret;
- char* out;
-
- ret = base64_encode_alloc((void*)raw->data, raw->size, &out);
- if (ret == 0)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- b64->data = (void*)out;
- b64->size = ret;
-
- return 0;
+ int ret;
+ char *out;
+
+ ret = base64_encode_alloc((void *) raw->data, raw->size, &out);
+ if (ret == 0)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ b64->data = (void *) out;
+ b64->size = ret;
+
+ return 0;
}
-static int x509_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t *rpubkey)
+static int x509_crt_to_raw_pubkey(const gnutls_datum_t * cert,
+ gnutls_datum_t * rpubkey)
{
-gnutls_x509_crt_t crt = NULL;
-gnutls_pubkey_t pubkey = NULL;
-size_t size;
-int ret;
-
- ret = gnutls_x509_crt_init(&crt);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_pubkey_init(&pubkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_import(crt, cert, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- size = 0;
- ret = gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, NULL, &size);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- rpubkey->data = gnutls_malloc(size);
- if (rpubkey->data == NULL)
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, rpubkey->data, &size);
- if (ret < 0)
- {
- gnutls_free(rpubkey->data);
- gnutls_assert();
- goto cleanup;
- }
-
- rpubkey->size = size;
- ret = 0;
-
-cleanup:
- gnutls_x509_crt_deinit(crt);
- gnutls_pubkey_deinit(pubkey);
-
- return ret;
+ gnutls_x509_crt_t crt = NULL;
+ gnutls_pubkey_t pubkey = NULL;
+ size_t size;
+ int ret;
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import(crt, cert, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ size = 0;
+ ret =
+ gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, NULL, &size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ rpubkey->data = gnutls_malloc(size);
+ if (rpubkey->data == NULL)
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER,
+ rpubkey->data, &size);
+ if (ret < 0) {
+ gnutls_free(rpubkey->data);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ rpubkey->size = size;
+ ret = 0;
+
+ cleanup:
+ gnutls_x509_crt_deinit(crt);
+ gnutls_pubkey_deinit(pubkey);
+
+ return ret;
}
-static int pgp_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t *rpubkey)
+static int pgp_crt_to_raw_pubkey(const gnutls_datum_t * cert,
+ gnutls_datum_t * rpubkey)
{
#ifdef ENABLE_OPENPGP
-gnutls_openpgp_crt_t crt = NULL;
-gnutls_pubkey_t pubkey = NULL;
-size_t size;
-int ret;
-
- ret = gnutls_openpgp_crt_init(&crt);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_pubkey_init(&pubkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_openpgp_crt_import(crt, cert, GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_import_openpgp (pubkey, crt, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- size = 0;
- ret = gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, NULL, &size);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- rpubkey->data = gnutls_malloc(size);
- if (rpubkey->data == NULL)
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, rpubkey->data, &size);
- if (ret < 0)
- {
- gnutls_free(rpubkey->data);
- gnutls_assert();
- goto cleanup;
- }
-
- rpubkey->size = size;
- ret = 0;
-
-cleanup:
- gnutls_openpgp_crt_deinit(crt);
- gnutls_pubkey_deinit(pubkey);
-
- return ret;
+ gnutls_openpgp_crt_t crt = NULL;
+ gnutls_pubkey_t pubkey = NULL;
+ size_t size;
+ int ret;
+
+ ret = gnutls_openpgp_crt_init(&crt);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_openpgp_crt_import(crt, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_openpgp(pubkey, crt, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ size = 0;
+ ret =
+ gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER, NULL, &size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ rpubkey->data = gnutls_malloc(size);
+ if (rpubkey->data == NULL)
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_DER,
+ rpubkey->data, &size);
+ if (ret < 0) {
+ gnutls_free(rpubkey->data);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ rpubkey->size = size;
+ ret = 0;
+
+ cleanup:
+ gnutls_openpgp_crt_deinit(crt);
+ gnutls_pubkey_deinit(pubkey);
+
+ return ret;
#else
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
#endif
}
-static
-int store_pubkey(const char* db_name, const char* host,
- const char* service, time_t expiration,
- const gnutls_datum_t* pubkey)
+static
+int store_pubkey(const char *db_name, const char *host,
+ const char *service, time_t expiration,
+ const gnutls_datum_t * pubkey)
{
-FILE* fd = NULL;
-gnutls_datum_t b64key = { NULL, 0 };
-int ret;
-
- ret = gnutls_mutex_lock(&_gnutls_file_mutex);
- if (ret != 0)
- return gnutls_assert_val(GNUTLS_E_LOCKING_ERROR);
-
- ret = raw_pubkey_to_base64(pubkey, &b64key);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- fd = fopen(db_name, "ab+");
- if (fd == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR);
- goto cleanup;
- }
-
- if (service == NULL) service = "*";
- if (host == NULL) host = "*";
-
- fprintf(fd, "|g0|%s|%s|%lu|%.*s\n", host, service, (unsigned long)expiration,
- b64key.size, b64key.data);
-
- ret = 0;
-
-cleanup:
- if (fd != NULL)
- fclose(fd);
-
- gnutls_mutex_unlock(&_gnutls_file_mutex);
- gnutls_free(b64key.data);
-
- return ret;
+ FILE *fd = NULL;
+ gnutls_datum_t b64key = { NULL, 0 };
+ int ret;
+
+ ret = gnutls_mutex_lock(&_gnutls_file_mutex);
+ if (ret != 0)
+ return gnutls_assert_val(GNUTLS_E_LOCKING_ERROR);
+
+ ret = raw_pubkey_to_base64(pubkey, &b64key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ fd = fopen(db_name, "ab+");
+ if (fd == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+ goto cleanup;
+ }
+
+ if (service == NULL)
+ service = "*";
+ if (host == NULL)
+ host = "*";
+
+ fprintf(fd, "|g0|%s|%s|%lu|%.*s\n", host, service,
+ (unsigned long) expiration, b64key.size, b64key.data);
+
+ ret = 0;
+
+ cleanup:
+ if (fd != NULL)
+ fclose(fd);
+
+ gnutls_mutex_unlock(&_gnutls_file_mutex);
+ gnutls_free(b64key.data);
+
+ return ret;
}
-static
-int store_commitment(const char* db_name, const char* host,
- const char* service, time_t expiration,
- gnutls_digest_algorithm_t hash_algo,
- const gnutls_datum_t* hash)
+static
+int store_commitment(const char *db_name, const char *host,
+ const char *service, time_t expiration,
+ gnutls_digest_algorithm_t hash_algo,
+ const gnutls_datum_t * hash)
{
-FILE* fd;
-char buffer[MAX_HASH_SIZE*2+1];
-
- fd = fopen(db_name, "ab+");
- if (fd == NULL)
- return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
-
- if (service == NULL) service = "*";
- if (host == NULL) host = "*";
-
- fprintf(fd, "|c0|%s|%s|%lu|%u|%s\n", host, service, (unsigned long)expiration,
- (unsigned)hash_algo, _gnutls_bin2hex(hash->data, hash->size, buffer, sizeof(buffer), NULL));
-
- fclose(fd);
-
- return 0;
+ FILE *fd;
+ char buffer[MAX_HASH_SIZE * 2 + 1];
+
+ fd = fopen(db_name, "ab+");
+ if (fd == NULL)
+ return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+
+ if (service == NULL)
+ service = "*";
+ if (host == NULL)
+ host = "*";
+
+ fprintf(fd, "|c0|%s|%s|%lu|%u|%s\n", host, service,
+ (unsigned long) expiration, (unsigned) hash_algo,
+ _gnutls_bin2hex(hash->data, hash->size, buffer,
+ sizeof(buffer), NULL));
+
+ fclose(fd);
+
+ return 0;
}
/**
@@ -601,62 +616,65 @@ char buffer[MAX_HASH_SIZE*2+1];
* Since: 3.0
**/
int
-gnutls_store_pubkey(const char* db_name,
- gnutls_tdb_t tdb,
- const char* host,
- const char* service,
- gnutls_certificate_type_t cert_type,
- const gnutls_datum_t * cert,
- time_t expiration,
- unsigned int flags)
+gnutls_store_pubkey(const char *db_name,
+ gnutls_tdb_t tdb,
+ const char *host,
+ const char *service,
+ gnutls_certificate_type_t cert_type,
+ const gnutls_datum_t * cert,
+ time_t expiration, unsigned int flags)
{
-FILE* fd = NULL;
-gnutls_datum_t pubkey = { NULL, 0 };
-int ret;
-char local_file[MAX_FILENAME];
-
- if (cert_type != GNUTLS_CRT_X509 && cert_type != GNUTLS_CRT_OPENPGP)
- return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
-
- if (db_name == NULL && tdb == NULL)
- {
- ret = _gnutls_find_config_path(local_file, sizeof(local_file));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _gnutls_debug_log("Configuration path: %s\n", local_file);
- mkdir(local_file, 0700);
-
- ret = find_config_file(local_file, sizeof(local_file));
- if (ret < 0)
- return gnutls_assert_val(ret);
- db_name = local_file;
- }
-
- if (tdb == NULL)
- tdb = &default_tdb;
-
- if (cert_type == GNUTLS_CRT_X509)
- ret = x509_crt_to_raw_pubkey(cert, &pubkey);
- else
- ret = pgp_crt_to_raw_pubkey(cert, &pubkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- _gnutls_debug_log("Configuration file: %s\n", db_name);
-
- tdb->store(db_name, host, service, expiration, &pubkey);
-
- ret = 0;
-
-cleanup:
- gnutls_free(pubkey.data);
- if (fd != NULL) fclose(fd);
-
- return ret;
+ FILE *fd = NULL;
+ gnutls_datum_t pubkey = { NULL, 0 };
+ int ret;
+ char local_file[MAX_FILENAME];
+
+ if (cert_type != GNUTLS_CRT_X509
+ && cert_type != GNUTLS_CRT_OPENPGP)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
+
+ if (db_name == NULL && tdb == NULL) {
+ ret =
+ _gnutls_find_config_path(local_file,
+ sizeof(local_file));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_debug_log("Configuration path: %s\n", local_file);
+ mkdir(local_file, 0700);
+
+ ret = find_config_file(local_file, sizeof(local_file));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ db_name = local_file;
+ }
+
+ if (tdb == NULL)
+ tdb = &default_tdb;
+
+ if (cert_type == GNUTLS_CRT_X509)
+ ret = x509_crt_to_raw_pubkey(cert, &pubkey);
+ else
+ ret = pgp_crt_to_raw_pubkey(cert, &pubkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_debug_log("Configuration file: %s\n", db_name);
+
+ tdb->store(db_name, host, service, expiration, &pubkey);
+
+ ret = 0;
+
+ cleanup:
+ gnutls_free(pubkey.data);
+ if (fd != NULL)
+ fclose(fd);
+
+ return ret;
}
/**
@@ -686,72 +704,73 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_store_commitment(const char* db_name,
- gnutls_tdb_t tdb,
- const char* host,
- const char* service,
- gnutls_digest_algorithm_t hash_algo,
- const gnutls_datum_t* hash,
- time_t expiration,
- unsigned int flags)
+gnutls_store_commitment(const char *db_name,
+ gnutls_tdb_t tdb,
+ const char *host,
+ const char *service,
+ gnutls_digest_algorithm_t hash_algo,
+ const gnutls_datum_t * hash,
+ time_t expiration, unsigned int flags)
{
-FILE* fd = NULL;
-int ret;
-char local_file[MAX_FILENAME];
-const mac_entry_st* me = mac_to_entry(hash_algo);
-
- if (_gnutls_digest_is_secure(me) == 0)
- return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
-
- if (_gnutls_hash_get_algo_len(me) != hash->size)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (db_name == NULL && tdb == NULL)
- {
- ret = _gnutls_find_config_path(local_file, sizeof(local_file));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _gnutls_debug_log("Configuration path: %s\n", local_file);
- mkdir(local_file, 0700);
-
- ret = find_config_file(local_file, sizeof(local_file));
- if (ret < 0)
- return gnutls_assert_val(ret);
- db_name = local_file;
- }
-
- if (tdb == NULL)
- tdb = &default_tdb;
-
- _gnutls_debug_log("Configuration file: %s\n", db_name);
-
- tdb->cstore(db_name, host, service, expiration, me->id, hash);
-
- ret = 0;
-
- if (fd != NULL) fclose(fd);
-
- return ret;
+ FILE *fd = NULL;
+ int ret;
+ char local_file[MAX_FILENAME];
+ const mac_entry_st *me = mac_to_entry(hash_algo);
+
+ if (_gnutls_digest_is_secure(me) == 0)
+ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
+
+ if (_gnutls_hash_get_algo_len(me) != hash->size)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (db_name == NULL && tdb == NULL) {
+ ret =
+ _gnutls_find_config_path(local_file,
+ sizeof(local_file));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ _gnutls_debug_log("Configuration path: %s\n", local_file);
+ mkdir(local_file, 0700);
+
+ ret = find_config_file(local_file, sizeof(local_file));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ db_name = local_file;
+ }
+
+ if (tdb == NULL)
+ tdb = &default_tdb;
+
+ _gnutls_debug_log("Configuration file: %s\n", db_name);
+
+ tdb->cstore(db_name, host, service, expiration, me->id, hash);
+
+ ret = 0;
+
+ if (fd != NULL)
+ fclose(fd);
+
+ return ret;
}
#define CONFIG_FILE "known_hosts"
-static int find_config_file(char* file, size_t max_size)
+static int find_config_file(char *file, size_t max_size)
{
-char path[MAX_FILENAME];
-int ret;
-
- ret = _gnutls_find_config_path(path, sizeof(path));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (path[0] == 0)
- snprintf(file, max_size, "%s", CONFIG_FILE);
- else
- snprintf(file, max_size, "%s/%s", path, CONFIG_FILE);
-
- return 0;
+ char path[MAX_FILENAME];
+ int ret;
+
+ ret = _gnutls_find_config_path(path, sizeof(path));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (path[0] == 0)
+ snprintf(file, max_size, "%s", CONFIG_FILE);
+ else
+ snprintf(file, max_size, "%s/%s", path, CONFIG_FILE);
+
+ return 0;
}
/**
@@ -763,14 +782,14 @@ int ret;
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int gnutls_tdb_init(gnutls_tdb_t* tdb)
+int gnutls_tdb_init(gnutls_tdb_t * tdb)
{
- *tdb = gnutls_calloc (1, sizeof (struct gnutls_tdb_int));
+ *tdb = gnutls_calloc(1, sizeof(struct gnutls_tdb_int));
+
+ if (!*tdb)
+ return GNUTLS_E_MEMORY_ERROR;
- if (!*tdb)
- return GNUTLS_E_MEMORY_ERROR;
-
- return 0;
+ return 0;
}
/**
@@ -786,9 +805,10 @@ int gnutls_tdb_init(gnutls_tdb_t* tdb)
* const gnutls_datum_t* pubkey);
*
**/
-void gnutls_tdb_set_store_func(gnutls_tdb_t tdb, gnutls_tdb_store_func store)
+void gnutls_tdb_set_store_func(gnutls_tdb_t tdb,
+ gnutls_tdb_store_func store)
{
- tdb->store = store;
+ tdb->store = store;
}
/**
@@ -805,9 +825,10 @@ void gnutls_tdb_set_store_func(gnutls_tdb_t tdb, gnutls_tdb_store_func store)
*
**/
void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb,
- gnutls_tdb_store_commitment_func cstore)
+ gnutls_tdb_store_commitment_func
+ cstore)
{
- tdb->cstore = cstore;
+ tdb->cstore = cstore;
}
/**
@@ -822,9 +843,10 @@ void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb,
* const char* service, const gnutls_datum_t* pubkey);
*
**/
-void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb, gnutls_tdb_verify_func verify)
+void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb,
+ gnutls_tdb_verify_func verify)
{
- tdb->verify = verify;
+ tdb->verify = verify;
}
/**
@@ -835,7 +857,5 @@ void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb, gnutls_tdb_verify_func verify)
**/
void gnutls_tdb_deinit(gnutls_tdb_t tdb)
{
- gnutls_free(tdb);
+ gnutls_free(tdb);
}
-
-
diff --git a/lib/x509/common.c b/lib/x509/common.c
index ee8478dc99..53cae80c06 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -34,161 +34,172 @@
#include <c-ctype.h>
static int
-data2hex (const void * data, size_t data_size,
- void * _out, size_t * sizeof_out);
-
-struct oid_to_string
-{
- const char *oid;
- const char *ldap_desc;
- const char *asn_desc; /* description in the pkix file if complex type */
- unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID
- * if cannot be simply parsed */
+data2hex(const void *data, size_t data_size,
+ void *_out, size_t * sizeof_out);
+
+struct oid_to_string {
+ const char *oid;
+ const char *ldap_desc;
+ const char *asn_desc; /* description in the pkix file if complex type */
+ unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID
+ * if cannot be simply parsed */
};
/* This list contains all the OIDs that may be
* contained in a rdnSequence and are printable.
*/
static const struct oid_to_string _oid2str[] = {
- /* PKIX
- */
- {"1.3.6.1.5.5.7.9.2", "placeOfBirth", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"1.3.6.1.5.5.7.9.3", "gender", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"1.3.6.1.5.5.7.9.5", "countryOfResidence", NULL, ASN1_ETYPE_PRINTABLE_STRING},
-
- {"2.5.4.6", "C", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"2.5.4.9", "street", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.12", "title", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.10", "O", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.11", "OU", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.3", "CN", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.7", "L", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.8", "ST", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.13", "description", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
-
- {"2.5.4.5", "serialNumber", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"2.5.4.20", "telephoneNumber", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"2.5.4.4", "surName", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.43", "initials", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.44", "generationQualifier", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.42", "givenName", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.65", "pseudonym", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.46", "dnQualifier", NULL, ASN1_ETYPE_PRINTABLE_STRING},
- {"2.5.4.17", "postalCode", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.41", "name", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"2.5.4.15", "businessCategory", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
-
- {"0.9.2342.19200300.100.1.25", "DC", NULL, ASN1_ETYPE_IA5_STRING},
- {"0.9.2342.19200300.100.1.1", "UID", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
-
- /* Extended validation
- */
- {"1.3.6.1.4.1.311.60.2.1.1", "jurisdictionOfIncorporationLocalityName",
- "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"1.3.6.1.4.1.311.60.2.1.2",
- "jurisdictionOfIncorporationStateOrProvinceName",
- "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
- {"1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName",
- NULL, ASN1_ETYPE_PRINTABLE_STRING},
-
- /* PKCS #9
- */
- {"1.2.840.113549.1.9.1", "EMAIL", NULL, ASN1_ETYPE_IA5_STRING},
- {"1.2.840.113549.1.9.7", NULL, "PKIX1.pkcs-9-challengePassword", ASN1_ETYPE_INVALID},
-
- /* friendly name */
- {"1.2.840.113549.1.9.20", NULL, NULL, ASN1_ETYPE_BMP_STRING},
- /* local key id */
- {"1.2.840.113549.1.9.21", NULL, NULL, ASN1_ETYPE_OCTET_STRING},
-
- /* rfc3920 section 5.1.1 */
- {"1.3.6.1.5.5.7.8.5", "XmppAddr", NULL, ASN1_ETYPE_UTF8_STRING},
-
- {NULL, NULL, NULL, 0}
+ /* PKIX
+ */
+ {"1.3.6.1.5.5.7.9.2", "placeOfBirth", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"1.3.6.1.5.5.7.9.3", "gender", NULL, ASN1_ETYPE_PRINTABLE_STRING},
+ {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", NULL,
+ ASN1_ETYPE_PRINTABLE_STRING},
+ {"1.3.6.1.5.5.7.9.5", "countryOfResidence", NULL,
+ ASN1_ETYPE_PRINTABLE_STRING},
+
+ {"2.5.4.6", "C", NULL, ASN1_ETYPE_PRINTABLE_STRING},
+ {"2.5.4.9", "street", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.12", "title", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.10", "O", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.11", "OU", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.3", "CN", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.7", "L", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.8", "ST", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.13", "description", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+
+ {"2.5.4.5", "serialNumber", NULL, ASN1_ETYPE_PRINTABLE_STRING},
+ {"2.5.4.20", "telephoneNumber", NULL, ASN1_ETYPE_PRINTABLE_STRING},
+ {"2.5.4.4", "surName", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.43", "initials", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.44", "generationQualifier", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.42", "givenName", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.65", "pseudonym", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.46", "dnQualifier", NULL, ASN1_ETYPE_PRINTABLE_STRING},
+ {"2.5.4.17", "postalCode", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+ {"2.5.4.41", "name", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"2.5.4.15", "businessCategory", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+
+ {"0.9.2342.19200300.100.1.25", "DC", NULL, ASN1_ETYPE_IA5_STRING},
+ {"0.9.2342.19200300.100.1.1", "UID", "PKIX1.DirectoryString",
+ ASN1_ETYPE_INVALID},
+
+ /* Extended validation
+ */
+ {"1.3.6.1.4.1.311.60.2.1.1",
+ "jurisdictionOfIncorporationLocalityName",
+ "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"1.3.6.1.4.1.311.60.2.1.2",
+ "jurisdictionOfIncorporationStateOrProvinceName",
+ "PKIX1.DirectoryString", ASN1_ETYPE_INVALID},
+ {"1.3.6.1.4.1.311.60.2.1.3",
+ "jurisdictionOfIncorporationCountryName",
+ NULL, ASN1_ETYPE_PRINTABLE_STRING},
+
+ /* PKCS #9
+ */
+ {"1.2.840.113549.1.9.1", "EMAIL", NULL, ASN1_ETYPE_IA5_STRING},
+ {"1.2.840.113549.1.9.7", NULL, "PKIX1.pkcs-9-challengePassword",
+ ASN1_ETYPE_INVALID},
+
+ /* friendly name */
+ {"1.2.840.113549.1.9.20", NULL, NULL, ASN1_ETYPE_BMP_STRING},
+ /* local key id */
+ {"1.2.840.113549.1.9.21", NULL, NULL, ASN1_ETYPE_OCTET_STRING},
+
+ /* rfc3920 section 5.1.1 */
+ {"1.3.6.1.5.5.7.8.5", "XmppAddr", NULL, ASN1_ETYPE_UTF8_STRING},
+
+ {NULL, NULL, NULL, 0}
};
-static const struct oid_to_string* get_oid_entry (const char* oid)
+static const struct oid_to_string *get_oid_entry(const char *oid)
{
- unsigned int i = 0;
+ unsigned int i = 0;
- do
- {
- if (strcmp (_oid2str[i].oid, oid) == 0)
- return &_oid2str[i];
- i++;
- }
- while (_oid2str[i].oid != NULL);
+ do {
+ if (strcmp(_oid2str[i].oid, oid) == 0)
+ return &_oid2str[i];
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
- return NULL;
+ return NULL;
}
-const char* _gnutls_ldap_string_to_oid (const char* str, unsigned str_len)
+const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len)
{
- unsigned int i = 0;
-
- do
- {
- if ((_oid2str[i].ldap_desc != NULL) &&
- (str_len == strlen(_oid2str[i].ldap_desc)) &&
- (strncasecmp (_oid2str[i].ldap_desc, str, str_len) == 0))
- return _oid2str[i].oid;
- i++;
- }
- while (_oid2str[i].oid != NULL);
-
- return NULL;
+ unsigned int i = 0;
+
+ do {
+ if ((_oid2str[i].ldap_desc != NULL) &&
+ (str_len == strlen(_oid2str[i].ldap_desc)) &&
+ (strncasecmp(_oid2str[i].ldap_desc, str, str_len) ==
+ 0))
+ return _oid2str[i].oid;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
+
+ return NULL;
}
/* Escapes a string following the rules from RFC4514.
*/
-static int
-str_escape (const gnutls_datum_t* str, gnutls_datum_t * escaped)
+static int str_escape(const gnutls_datum_t * str, gnutls_datum_t * escaped)
{
- unsigned int j, i;
- uint8_t *buffer = NULL;
- int ret;
-
- if (str == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* the string will be at most twice the original */
- buffer = gnutls_malloc(str->size*2+2);
- if (buffer == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- for (i = j = 0; i < str->size; i++)
- {
- if (str->data[i] == 0)
- {
- /* this is handled earlier */
- ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
- goto cleanup;
- }
-
- if (str->data[i] == ',' || str->data[i] == '+' || str->data[i] == '"'
- || str->data[i] == '\\' || str->data[i] == '<' || str->data[i] == '>'
- || str->data[i] == ';' || str->data[i] == 0)
- buffer[j++] = '\\';
- else if (i==0 && str->data[i] == '#')
- buffer[j++] = '\\';
- else if (i==0 && str->data[i] == ' ')
- buffer[j++] = '\\';
- else if (i==(str->size-1) && str->data[i] == ' ')
- buffer[j++] = '\\';
-
- buffer[j++] = str->data[i];
- }
-
- /* null terminate the string */
- buffer[j] = 0;
- escaped->data = buffer;
- escaped->size = j;
-
- return 0;
-cleanup:
- gnutls_free(buffer);
- return ret;
+ unsigned int j, i;
+ uint8_t *buffer = NULL;
+ int ret;
+
+ if (str == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* the string will be at most twice the original */
+ buffer = gnutls_malloc(str->size * 2 + 2);
+ if (buffer == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ for (i = j = 0; i < str->size; i++) {
+ if (str->data[i] == 0) {
+ /* this is handled earlier */
+ ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
+ goto cleanup;
+ }
+
+ if (str->data[i] == ',' || str->data[i] == '+'
+ || str->data[i] == '"' || str->data[i] == '\\'
+ || str->data[i] == '<' || str->data[i] == '>'
+ || str->data[i] == ';' || str->data[i] == 0)
+ buffer[j++] = '\\';
+ else if (i == 0 && str->data[i] == '#')
+ buffer[j++] = '\\';
+ else if (i == 0 && str->data[i] == ' ')
+ buffer[j++] = '\\';
+ else if (i == (str->size - 1) && str->data[i] == ' ')
+ buffer[j++] = '\\';
+
+ buffer[j++] = str->data[i];
+ }
+
+ /* null terminate the string */
+ buffer[j] = 0;
+ escaped->data = buffer;
+ escaped->size = j;
+
+ return 0;
+ cleanup:
+ gnutls_free(buffer);
+ return ret;
}
/**
@@ -205,20 +216,18 @@ cleanup:
*
* Returns: 1 on known OIDs and 0 otherwise.
**/
-int
-gnutls_x509_dn_oid_known (const char *oid)
+int gnutls_x509_dn_oid_known(const char *oid)
{
- unsigned int i = 0;
+ unsigned int i = 0;
- do
- {
- if (strcmp (_oid2str[i].oid, oid) == 0)
- return 1;
- i++;
- }
- while (_oid2str[i].oid != NULL);
+ do {
+ if (strcmp(_oid2str[i].oid, oid) == 0)
+ return 1;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
- return 0;
+ return 0;
}
/**
@@ -235,182 +244,169 @@ gnutls_x509_dn_oid_known (const char *oid)
*
* Since: 3.0
**/
-const char*
-gnutls_x509_dn_oid_name (const char *oid, unsigned int flags)
+const char *gnutls_x509_dn_oid_name(const char *oid, unsigned int flags)
{
- unsigned int i = 0;
-
- do
- {
- if (strcmp (_oid2str[i].oid, oid) == 0)
- return _oid2str[i].ldap_desc;
- i++;
- }
- while (_oid2str[i].oid != NULL);
-
- if (flags & GNUTLS_X509_DN_OID_RETURN_OID) return oid;
- else return NULL;
+ unsigned int i = 0;
+
+ do {
+ if (strcmp(_oid2str[i].oid, oid) == 0)
+ return _oid2str[i].ldap_desc;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
+
+ if (flags & GNUTLS_X509_DN_OID_RETURN_OID)
+ return oid;
+ else
+ return NULL;
}
static int
-make_printable_string(unsigned etype, const gnutls_datum_t *input, gnutls_datum_t *out)
+make_printable_string(unsigned etype, const gnutls_datum_t * input,
+ gnutls_datum_t * out)
{
-int printable = 0;
-int ret;
-unsigned int i;
-size_t size;
-
- if (etype == ASN1_ETYPE_BMP_STRING)
- {
- ret = _gnutls_ucs2_to_utf8(input->data, input->size, out);
- if (ret < 0)
- {
- /* could not convert. Handle it as non-printable */
- printable = 0;
- }
- else
- printable = 1;
- }
- else if (etype == ASN1_ETYPE_TELETEX_STRING)
- {
- int ascii = 0;
- /* HACK: if the teletex string contains only ascii
- * characters then treat it as printable.
- */
- for (i = 0; i < input->size; i++)
- if (!c_isascii (input->data[i]))
- ascii = 1;
-
- if (ascii == 0)
- {
- out->data = gnutls_malloc(input->size+1);
- if (out->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- memcpy(out->data, input->data, input->size);
- out->size = input->size;
-
- out->data[out->size] = 0;
-
- printable = 1;
- }
- }
- else if (etype != ASN1_ETYPE_UNIVERSAL_STRING) /* supported but not printable */
- return GNUTLS_E_INVALID_REQUEST;
-
- if (printable == 0)
- { /* need to allocate out */
- out->size = input->size*2+2;
- out->data = gnutls_malloc(out->size);
- if (out->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- size = out->size;
- ret = data2hex (input->data, input->size, out->data, &size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- out->size = size;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum(out);
- return ret;
+ int printable = 0;
+ int ret;
+ unsigned int i;
+ size_t size;
+
+ if (etype == ASN1_ETYPE_BMP_STRING) {
+ ret = _gnutls_ucs2_to_utf8(input->data, input->size, out);
+ if (ret < 0) {
+ /* could not convert. Handle it as non-printable */
+ printable = 0;
+ } else
+ printable = 1;
+ } else if (etype == ASN1_ETYPE_TELETEX_STRING) {
+ int ascii = 0;
+ /* HACK: if the teletex string contains only ascii
+ * characters then treat it as printable.
+ */
+ for (i = 0; i < input->size; i++)
+ if (!c_isascii(input->data[i]))
+ ascii = 1;
+
+ if (ascii == 0) {
+ out->data = gnutls_malloc(input->size + 1);
+ if (out->data == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(out->data, input->data, input->size);
+ out->size = input->size;
+
+ out->data[out->size] = 0;
+
+ printable = 1;
+ }
+ } else if (etype != ASN1_ETYPE_UNIVERSAL_STRING) /* supported but not printable */
+ return GNUTLS_E_INVALID_REQUEST;
+
+ if (printable == 0) { /* need to allocate out */
+ out->size = input->size * 2 + 2;
+ out->data = gnutls_malloc(out->size);
+ if (out->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ size = out->size;
+ ret = data2hex(input->data, input->size, out->data, &size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ out->size = size;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(out);
+ return ret;
}
static int
-decode_complex_string (const struct oid_to_string* oentry, void *value,
- int value_size, gnutls_datum_t* out)
+decode_complex_string(const struct oid_to_string *oentry, void *value,
+ int value_size, gnutls_datum_t * out)
{
- char str[MAX_STRING_LEN], tmpname[128];
- int len = -1, result;
- ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
- char asn1_err[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = "";
- unsigned int etype;
- gnutls_datum_t td;
-
- if (oentry->asn_desc == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (), oentry->asn_desc,
- &tmpasn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if ((result =
- asn1_der_decoding (&tmpasn, value, value_size,
- asn1_err)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_debug_log ("asn1_der_decoding: %s\n", asn1_err);
- asn1_delete_structure (&tmpasn);
- return _gnutls_asn2err (result);
- }
-
- /* Read the type of choice.
- */
- len = sizeof (str) - 1;
- if ((result = asn1_read_value (tmpasn, "", str, &len)) != ASN1_SUCCESS)
- { /* CHOICE */
- gnutls_assert ();
- asn1_delete_structure (&tmpasn);
- return _gnutls_asn2err (result);
- }
-
- str[len] = 0;
-
- /* We set the etype on the strings that may need
- * some conversion to UTF-8. The INVALID flag indicates
- * no conversion needed */
- if (strcmp (str, "teletexString") == 0)
- etype = ASN1_ETYPE_TELETEX_STRING;
- else if (strcmp (str, "bmpString") == 0)
- etype = ASN1_ETYPE_BMP_STRING;
- else if (strcmp (str, "universalString") == 0)
- etype = ASN1_ETYPE_UNIVERSAL_STRING;
- else etype = ASN1_ETYPE_INVALID;
-
- _gnutls_str_cpy (tmpname, sizeof (tmpname), str);
-
- result = _gnutls_x509_read_value(tmpasn, tmpname, &td);
- asn1_delete_structure (&tmpasn);
- if (result < 0)
- return gnutls_assert_val(result);
-
- if (etype != ASN1_ETYPE_INVALID)
- {
- result = make_printable_string(etype, &td, out);
-
- _gnutls_free_datum(&td);
-
- if (result < 0)
- return gnutls_assert_val(result);
- }
- else
- {
- out->data = td.data;
- out->size = td.size;
- out->data[out->size] = 0;
- }
-
- /* Refuse to deal with strings containing NULs. */
- if (strlen ((void*)out->data) != (size_t)out->size)
- {
- _gnutls_free_datum(out);
- return gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
- }
-
- return 0;
+ char str[MAX_STRING_LEN], tmpname[128];
+ int len = -1, result;
+ ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
+ char asn1_err[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = "";
+ unsigned int etype;
+ gnutls_datum_t td;
+
+ if (oentry->asn_desc == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(), oentry->asn_desc,
+ &tmpasn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if ((result =
+ asn1_der_decoding(&tmpasn, value, value_size,
+ asn1_err)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_debug_log("asn1_der_decoding: %s\n", asn1_err);
+ asn1_delete_structure(&tmpasn);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Read the type of choice.
+ */
+ len = sizeof(str) - 1;
+ if ((result = asn1_read_value(tmpasn, "", str, &len)) != ASN1_SUCCESS) { /* CHOICE */
+ gnutls_assert();
+ asn1_delete_structure(&tmpasn);
+ return _gnutls_asn2err(result);
+ }
+
+ str[len] = 0;
+
+ /* We set the etype on the strings that may need
+ * some conversion to UTF-8. The INVALID flag indicates
+ * no conversion needed */
+ if (strcmp(str, "teletexString") == 0)
+ etype = ASN1_ETYPE_TELETEX_STRING;
+ else if (strcmp(str, "bmpString") == 0)
+ etype = ASN1_ETYPE_BMP_STRING;
+ else if (strcmp(str, "universalString") == 0)
+ etype = ASN1_ETYPE_UNIVERSAL_STRING;
+ else
+ etype = ASN1_ETYPE_INVALID;
+
+ _gnutls_str_cpy(tmpname, sizeof(tmpname), str);
+
+ result = _gnutls_x509_read_value(tmpasn, tmpname, &td);
+ asn1_delete_structure(&tmpasn);
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ if (etype != ASN1_ETYPE_INVALID) {
+ result = make_printable_string(etype, &td, out);
+
+ _gnutls_free_datum(&td);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+ } else {
+ out->data = td.data;
+ out->size = td.size;
+ out->data[out->size] = 0;
+ }
+
+ /* Refuse to deal with strings containing NULs. */
+ if (strlen((void *) out->data) != (size_t) out->size) {
+ _gnutls_free_datum(out);
+ return gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
+ }
+
+ return 0;
}
@@ -421,105 +417,99 @@ decode_complex_string (const struct oid_to_string* oentry, void *value,
* hold the string.
*/
int
-_gnutls_x509_dn_to_string (const char *oid, void *value,
- int value_size, gnutls_datum_t *str)
+_gnutls_x509_dn_to_string(const char *oid, void *value,
+ int value_size, gnutls_datum_t * str)
{
- const struct oid_to_string* oentry;
- int ret;
- gnutls_datum_t tmp;
- size_t size;
-
- if (value == NULL || value_size <= 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- oentry = get_oid_entry(oid);
- if (oentry == NULL)
- { /* unknown OID -> hex */
- str->size = value_size*2+2;
- str->data = gnutls_malloc(str->size);
- if (str->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- size = str->size;
- ret = data2hex (value, value_size, str->data, &size);
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_free(str->data);
- return ret;
- }
- str->size = size;
- return 0;
- }
-
- if (oentry->asn_desc != NULL)
- { /* complex */
- ret = decode_complex_string(oentry, value, value_size, &tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- {
- ret = _gnutls_x509_decode_string(oentry->etype, value, value_size,
- &tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- ret = str_escape(&tmp, str);
- _gnutls_free_datum (&tmp);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
+ const struct oid_to_string *oentry;
+ int ret;
+ gnutls_datum_t tmp;
+ size_t size;
+
+ if (value == NULL || value_size <= 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ oentry = get_oid_entry(oid);
+ if (oentry == NULL) { /* unknown OID -> hex */
+ str->size = value_size * 2 + 2;
+ str->data = gnutls_malloc(str->size);
+ if (str->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ size = str->size;
+ ret = data2hex(value, value_size, str->data, &size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(str->data);
+ return ret;
+ }
+ str->size = size;
+ return 0;
+ }
+
+ if (oentry->asn_desc != NULL) { /* complex */
+ ret =
+ decode_complex_string(oentry, value, value_size, &tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else {
+ ret =
+ _gnutls_x509_decode_string(oentry->etype, value,
+ value_size, &tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ ret = str_escape(&tmp, str);
+ _gnutls_free_datum(&tmp);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
/* Converts a data string to an LDAP rfc2253 hex string
* something like '#01020304'
*/
static int
-data2hex (const void * data, size_t data_size,
- void * _out, size_t * sizeof_out)
+data2hex(const void *data, size_t data_size,
+ void *_out, size_t * sizeof_out)
{
- char *res;
- char escaped[MAX_STRING_LEN];
- unsigned int size, res_size;
- char* out = _out;
-
- if (2 * data_size + 1 > MAX_STRING_LEN)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- res = _gnutls_bin2hex (data, data_size, escaped, sizeof (escaped), NULL);
- if (!res)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- res_size = strlen(res);
- size = res_size + 1; /* +1 for the '#' */
- if (size + 1 > *sizeof_out)
- {
- *sizeof_out = size + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *sizeof_out = size; /* -1 for the null +1 for the '#' */
-
- if (out)
- {
- out[0] = '#';
- memcpy(&out[1], res, res_size);
- out[size] = 0;
- }
-
- return 0;
+ char *res;
+ char escaped[MAX_STRING_LEN];
+ unsigned int size, res_size;
+ char *out = _out;
+
+ if (2 * data_size + 1 > MAX_STRING_LEN) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ res =
+ _gnutls_bin2hex(data, data_size, escaped, sizeof(escaped),
+ NULL);
+ if (!res) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ res_size = strlen(res);
+ size = res_size + 1; /* +1 for the '#' */
+ if (size + 1 > *sizeof_out) {
+ *sizeof_out = size + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *sizeof_out = size; /* -1 for the null +1 for the '#' */
+
+ if (out) {
+ out[0] = '#';
+ memcpy(&out[1], res, res_size);
+ out[size] = 0;
+ }
+
+ return 0;
}
@@ -532,14 +522,13 @@ data2hex (const void * data, size_t data_size,
* Since we do not use libc's functions, we don't need to
* depend on the libc structure.
*/
-typedef struct fake_tm
-{
- int tm_mon;
- int tm_year; /* FULL year - ie 1971 */
- int tm_mday;
- int tm_hour;
- int tm_min;
- int tm_sec;
+typedef struct fake_tm {
+ int tm_mon;
+ int tm_year; /* FULL year - ie 1971 */
+ int tm_mday;
+ int tm_hour;
+ int tm_min;
+ int tm_sec;
} fake_tm;
/* The mktime_utc function is due to Russ Allbery (rra@stanford.edu),
@@ -549,7 +538,7 @@ typedef struct fake_tm
/* The number of days in each month.
*/
static const int MONTHDAYS[] = {
- 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
};
/* Whether a given year is a leap year. */
@@ -562,32 +551,31 @@ static const int MONTHDAYS[] = {
** convertable. Note that this function does not canonicalize the provided
** struct tm, nor does it allow out of range values or years before 1970.
*/
-static time_t
-mktime_utc (const struct fake_tm *tm)
+static time_t mktime_utc(const struct fake_tm *tm)
{
- time_t result = 0;
- int i;
+ time_t result = 0;
+ int i;
/* We do allow some ill-formed dates, but we don't do anything special
* with them and our callers really shouldn't pass them to us. Do
* explicitly disallow the ones that would cause invalid array accesses
* or other algorithm problems.
*/
- if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
- return (time_t) - 1;
+ if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
+ return (time_t) - 1;
/* Convert to a time_t.
*/
- for (i = 1970; i < tm->tm_year; i++)
- result += 365 + ISLEAP (i);
- for (i = 0; i < tm->tm_mon; i++)
- result += MONTHDAYS[i];
- if (tm->tm_mon > 1 && ISLEAP (tm->tm_year))
- result++;
- result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour;
- result = 60 * result + tm->tm_min;
- result = 60 * result + tm->tm_sec;
- return result;
+ for (i = 1970; i < tm->tm_year; i++)
+ result += 365 + ISLEAP(i);
+ for (i = 0; i < tm->tm_mon; i++)
+ result += MONTHDAYS[i];
+ if (tm->tm_mon > 1 && ISLEAP(tm->tm_year))
+ result++;
+ result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour;
+ result = 60 * result + tm->tm_min;
+ result = 60 * result + tm->tm_sec;
+ return result;
}
@@ -595,64 +583,60 @@ mktime_utc (const struct fake_tm *tm)
* month|day|hour|minute|sec* (2 chars each)
* and year is given. Returns a time_t date.
*/
-static time_t
-time2gtime (const char *ttime, int year)
+static time_t time2gtime(const char *ttime, int year)
{
- char xx[4];
- struct fake_tm etime;
+ char xx[4];
+ struct fake_tm etime;
- if (strlen (ttime) < 8)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
+ if (strlen(ttime) < 8) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- etime.tm_year = year;
+ etime.tm_year = year;
- /* In order to work with 32 bit
- * time_t.
- */
- if (sizeof (time_t) <= 4 && etime.tm_year >= 2038)
- return (time_t) 2145914603; /* 2037-12-31 23:23:23 */
+ /* In order to work with 32 bit
+ * time_t.
+ */
+ if (sizeof(time_t) <= 4 && etime.tm_year >= 2038)
+ return (time_t) 2145914603; /* 2037-12-31 23:23:23 */
- if (etime.tm_year < 1970)
- return (time_t) 0;
+ if (etime.tm_year < 1970)
+ return (time_t) 0;
- xx[2] = 0;
+ xx[2] = 0;
/* get the month
*/
- memcpy (xx, ttime, 2); /* month */
- etime.tm_mon = atoi (xx) - 1;
- ttime += 2;
+ memcpy(xx, ttime, 2); /* month */
+ etime.tm_mon = atoi(xx) - 1;
+ ttime += 2;
/* get the day
*/
- memcpy (xx, ttime, 2); /* day */
- etime.tm_mday = atoi (xx);
- ttime += 2;
+ memcpy(xx, ttime, 2); /* day */
+ etime.tm_mday = atoi(xx);
+ ttime += 2;
/* get the hour
*/
- memcpy (xx, ttime, 2); /* hour */
- etime.tm_hour = atoi (xx);
- ttime += 2;
+ memcpy(xx, ttime, 2); /* hour */
+ etime.tm_hour = atoi(xx);
+ ttime += 2;
/* get the minutes
*/
- memcpy (xx, ttime, 2); /* minutes */
- etime.tm_min = atoi (xx);
- ttime += 2;
-
- if (strlen (ttime) >= 2)
- {
- memcpy (xx, ttime, 2);
- etime.tm_sec = atoi (xx);
- }
- else
- etime.tm_sec = 0;
-
- return mktime_utc (&etime);
+ memcpy(xx, ttime, 2); /* minutes */
+ etime.tm_min = atoi(xx);
+ ttime += 2;
+
+ if (strlen(ttime) >= 2) {
+ memcpy(xx, ttime, 2);
+ etime.tm_sec = atoi(xx);
+ } else
+ etime.tm_sec = 0;
+
+ return mktime_utc(&etime);
}
@@ -662,87 +646,80 @@ time2gtime (const char *ttime, int year)
*
* (seconds are optional)
*/
-static time_t
-utcTime2gtime (const char *ttime)
+static time_t utcTime2gtime(const char *ttime)
{
- char xx[3];
- int year;
-
- if (strlen (ttime) < 10)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
- xx[2] = 0;
+ char xx[3];
+ int year;
+
+ if (strlen(ttime) < 10) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+ xx[2] = 0;
/* get the year
*/
- memcpy (xx, ttime, 2); /* year */
- year = atoi (xx);
- ttime += 2;
+ memcpy(xx, ttime, 2); /* year */
+ year = atoi(xx);
+ ttime += 2;
- if (year > 49)
- year += 1900;
- else
- year += 2000;
+ if (year > 49)
+ year += 1900;
+ else
+ year += 2000;
- return time2gtime (ttime, year);
+ return time2gtime(ttime, year);
}
/* returns a time_t value that contains the given time.
* The given time is expressed as:
* YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
*/
-time_t
-_gnutls_x509_generalTime2gtime (const char *ttime)
+time_t _gnutls_x509_generalTime2gtime(const char *ttime)
{
- char xx[5];
- int year;
-
- if (strlen (ttime) < 12)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
-
- if (strchr (ttime, 'Z') == 0)
- {
- gnutls_assert ();
- /* sorry we don't support it yet
- */
- return (time_t) - 1;
- }
- xx[4] = 0;
+ char xx[5];
+ int year;
+
+ if (strlen(ttime) < 12) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+
+ if (strchr(ttime, 'Z') == 0) {
+ gnutls_assert();
+ /* sorry we don't support it yet
+ */
+ return (time_t) - 1;
+ }
+ xx[4] = 0;
/* get the year
*/
- memcpy (xx, ttime, 4); /* year */
- year = atoi (xx);
- ttime += 4;
+ memcpy(xx, ttime, 4); /* year */
+ year = atoi(xx);
+ ttime += 4;
- return time2gtime (ttime, year);
+ return time2gtime(ttime, year);
}
static int
-gtime2generalTime (time_t gtime, char *str_time, size_t str_time_size)
+gtime2generalTime(time_t gtime, char *str_time, size_t str_time_size)
{
- size_t ret;
- struct tm _tm;
+ size_t ret;
+ struct tm _tm;
- if (!gmtime_r (&gtime, &_tm))
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (!gmtime_r(&gtime, &_tm)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- ret = strftime (str_time, str_time_size, "%Y%m%d%H%M%SZ", &_tm);
- if (!ret)
- {
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ ret = strftime(str_time, str_time_size, "%Y%m%d%H%M%SZ", &_tm);
+ if (!ret) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- return 0;
+ return 0;
}
@@ -750,212 +727,199 @@ gtime2generalTime (time_t gtime, char *str_time, size_t str_time_size)
* be something like "tbsCertList.thisUpdate".
*/
#define MAX_TIME 64
-time_t
-_gnutls_x509_get_time (ASN1_TYPE c2, const char *when, int nochoice)
+time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when, int nochoice)
{
- char ttime[MAX_TIME];
- char name[128];
- time_t c_time = (time_t) - 1;
- int len, result;
-
- len = sizeof (ttime) - 1;
- result = asn1_read_value (c2, when, ttime, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return (time_t) (-1);
- }
-
- if (nochoice != 0)
- {
- c_time = _gnutls_x509_generalTime2gtime (ttime);
- }
- else
- {
- _gnutls_str_cpy (name, sizeof (name), when);
-
- /* choice */
- if (strcmp (ttime, "generalTime") == 0)
- {
- _gnutls_str_cat (name, sizeof (name), ".generalTime");
- len = sizeof (ttime) - 1;
- result = asn1_read_value (c2, name, ttime, &len);
- if (result == ASN1_SUCCESS)
- c_time = _gnutls_x509_generalTime2gtime (ttime);
- }
- else
- { /* UTCTIME */
- _gnutls_str_cat (name, sizeof (name), ".utcTime");
- len = sizeof (ttime) - 1;
- result = asn1_read_value (c2, name, ttime, &len);
- if (result == ASN1_SUCCESS)
- c_time = utcTime2gtime (ttime);
- }
-
- /* We cannot handle dates after 2031 in 32 bit machines.
- * a time_t of 64bits has to be used.
- */
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return (time_t) (-1);
- }
- }
-
- return c_time;
+ char ttime[MAX_TIME];
+ char name[128];
+ time_t c_time = (time_t) - 1;
+ int len, result;
+
+ len = sizeof(ttime) - 1;
+ result = asn1_read_value(c2, when, ttime, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return (time_t) (-1);
+ }
+
+ if (nochoice != 0) {
+ c_time = _gnutls_x509_generalTime2gtime(ttime);
+ } else {
+ _gnutls_str_cpy(name, sizeof(name), when);
+
+ /* choice */
+ if (strcmp(ttime, "generalTime") == 0) {
+ _gnutls_str_cat(name, sizeof(name),
+ ".generalTime");
+ len = sizeof(ttime) - 1;
+ result = asn1_read_value(c2, name, ttime, &len);
+ if (result == ASN1_SUCCESS)
+ c_time =
+ _gnutls_x509_generalTime2gtime(ttime);
+ } else { /* UTCTIME */
+ _gnutls_str_cat(name, sizeof(name), ".utcTime");
+ len = sizeof(ttime) - 1;
+ result = asn1_read_value(c2, name, ttime, &len);
+ if (result == ASN1_SUCCESS)
+ c_time = utcTime2gtime(ttime);
+ }
+
+ /* We cannot handle dates after 2031 in 32 bit machines.
+ * a time_t of 64bits has to be used.
+ */
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return (time_t) (-1);
+ }
+ }
+
+ return c_time;
}
/* Sets the time in time_t in the ASN1_TYPE given. Where should
* be something like "tbsCertList.thisUpdate".
*/
int
-_gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim, int nochoice)
+_gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim,
+ int nochoice)
{
- char str_time[MAX_TIME];
- char name[128];
- int result, len;
-
- if (nochoice != 0)
- {
- result = gtime2generalTime( tim, str_time, sizeof(str_time));
- if (result < 0)
- return gnutls_assert_val(result);
-
- len = strlen (str_time);
- result = asn1_write_value(c2, where, str_time, len);
- if (result != ASN1_SUCCESS)
- return gnutls_assert_val(_gnutls_asn2err (result));
-
- return 0;
- }
-
- _gnutls_str_cpy (name, sizeof (name), where);
-
- if ((result = asn1_write_value (c2, name, "generalTime", 1)) < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = gtime2generalTime (tim, str_time, sizeof (str_time));
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- _gnutls_str_cat (name, sizeof (name), ".generalTime");
-
- len = strlen (str_time);
- result = asn1_write_value (c2, name, str_time, len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ char str_time[MAX_TIME];
+ char name[128];
+ int result, len;
+
+ if (nochoice != 0) {
+ result =
+ gtime2generalTime(tim, str_time, sizeof(str_time));
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ len = strlen(str_time);
+ result = asn1_write_value(c2, where, str_time, len);
+ if (result != ASN1_SUCCESS)
+ return gnutls_assert_val(_gnutls_asn2err(result));
+
+ return 0;
+ }
+
+ _gnutls_str_cpy(name, sizeof(name), where);
+
+ if ((result = asn1_write_value(c2, name, "generalTime", 1)) < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = gtime2generalTime(tim, str_time, sizeof(str_time));
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ _gnutls_str_cat(name, sizeof(name), ".generalTime");
+
+ len = strlen(str_time);
+ result = asn1_write_value(c2, name, str_time, len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
-gnutls_x509_subject_alt_name_t
-_gnutls_x509_san_find_type (char *str_type)
+gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type)
{
- if (strcmp (str_type, "dNSName") == 0)
- return GNUTLS_SAN_DNSNAME;
- if (strcmp (str_type, "rfc822Name") == 0)
- return GNUTLS_SAN_RFC822NAME;
- if (strcmp (str_type, "uniformResourceIdentifier") == 0)
- return GNUTLS_SAN_URI;
- if (strcmp (str_type, "iPAddress") == 0)
- return GNUTLS_SAN_IPADDRESS;
- if (strcmp (str_type, "otherName") == 0)
- return GNUTLS_SAN_OTHERNAME;
- if (strcmp (str_type, "directoryName") == 0)
- return GNUTLS_SAN_DN;
- return (gnutls_x509_subject_alt_name_t) - 1;
+ if (strcmp(str_type, "dNSName") == 0)
+ return GNUTLS_SAN_DNSNAME;
+ if (strcmp(str_type, "rfc822Name") == 0)
+ return GNUTLS_SAN_RFC822NAME;
+ if (strcmp(str_type, "uniformResourceIdentifier") == 0)
+ return GNUTLS_SAN_URI;
+ if (strcmp(str_type, "iPAddress") == 0)
+ return GNUTLS_SAN_IPADDRESS;
+ if (strcmp(str_type, "otherName") == 0)
+ return GNUTLS_SAN_OTHERNAME;
+ if (strcmp(str_type, "directoryName") == 0)
+ return GNUTLS_SAN_DN;
+ return (gnutls_x509_subject_alt_name_t) - 1;
}
/* A generic export function. Will export the given ASN.1 encoded data
* to PEM or DER raw data.
*/
int
-_gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- unsigned char *output_data,
- size_t * output_data_size)
+_gnutls_x509_export_int_named(ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int ret;
- gnutls_datum_t out;
- size_t size;
-
- ret = _gnutls_x509_export_int_named2 (asn1_data, name,
- format, pem_header, &out);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (format == GNUTLS_X509_FMT_PEM)
- size = out.size+1;
- else
- size = out.size;
-
- if (*output_data_size < size)
- {
- *output_data_size = size;
- ret = gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- goto cleanup;
- }
-
- *output_data_size = (size_t)out.size;
- if (output_data)
- {
- memcpy (output_data, out.data, (size_t)out.size);
- if (format == GNUTLS_X509_FMT_PEM)
- output_data[out.size] = 0;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_free (out.data);
-
- return ret;
+ int ret;
+ gnutls_datum_t out;
+ size_t size;
+
+ ret = _gnutls_x509_export_int_named2(asn1_data, name,
+ format, pem_header, &out);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (format == GNUTLS_X509_FMT_PEM)
+ size = out.size + 1;
+ else
+ size = out.size;
+
+ if (*output_data_size < size) {
+ *output_data_size = size;
+ ret = gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ goto cleanup;
+ }
+
+ *output_data_size = (size_t) out.size;
+ if (output_data) {
+ memcpy(output_data, out.data, (size_t) out.size);
+ if (format == GNUTLS_X509_FMT_PEM)
+ output_data[out.size] = 0;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_free(out.data);
+
+ return ret;
}
/* A generic export function. Will export the given ASN.1 encoded data
* to PEM or DER raw data.
*/
int
-_gnutls_x509_export_int_named2 (ASN1_TYPE asn1_data, const char *name,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- gnutls_datum_t *out)
+_gnutls_x509_export_int_named2(ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ gnutls_datum_t * out)
{
- int ret;
-
- if (format == GNUTLS_X509_FMT_DER)
- {
- ret = _gnutls_x509_der_encode(asn1_data, name, out, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
- { /* PEM */
- gnutls_datum_t tmp;
-
- ret = _gnutls_x509_der_encode (asn1_data, name, &tmp, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = _gnutls_fbase64_encode (pem_header, tmp.data, tmp.size, out);
- _gnutls_free_datum (&tmp);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- return 0;
+ int ret;
+
+ if (format == GNUTLS_X509_FMT_DER) {
+ ret = _gnutls_x509_der_encode(asn1_data, name, out, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else { /* PEM */
+ gnutls_datum_t tmp;
+
+ ret = _gnutls_x509_der_encode(asn1_data, name, &tmp, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_fbase64_encode(pem_header, tmp.data, tmp.size,
+ out);
+ _gnutls_free_datum(&tmp);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ return 0;
}
/* Decodes an octet string. The etype specifies the string type.
@@ -963,59 +927,54 @@ _gnutls_x509_export_int_named2 (ASN1_TYPE asn1_data, const char *name,
* included in size).
*/
int
-_gnutls_x509_decode_string (unsigned int etype,
- const uint8_t * der, size_t der_size,
- gnutls_datum_t * output)
+_gnutls_x509_decode_string(unsigned int etype,
+ const uint8_t * der, size_t der_size,
+ gnutls_datum_t * output)
{
- int ret;
- const uint8_t *str;
- unsigned int str_size, len;
- gnutls_datum_t td;
-
- ret = asn1_decode_simple_der (etype, der, der_size, &str, &str_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- return ret;
- }
-
- td.size = str_size;
- td.data = gnutls_malloc(str_size+1);
- if (td.data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- memcpy(td.data, str, str_size);
- td.data[str_size] = 0;
-
- ret = make_printable_string(etype, &td, output);
- if (ret == GNUTLS_E_INVALID_REQUEST) /* unsupported etype */
- {
- output->data = td.data;
- output->size = td.size;
- ret = 0;
- }
- else if (ret <= 0)
- {
- _gnutls_free_datum(&td);
- }
-
- /* Refuse to deal with strings containing NULs. */
- if (etype != ASN1_ETYPE_OCTET_STRING)
- {
- if (output->data)
- len = strlen ((void*)output->data);
- else
- len = 0;
-
- if (len != (size_t)output->size)
- {
- _gnutls_free_datum(output);
- ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
- }
- }
-
- return ret;
+ int ret;
+ const uint8_t *str;
+ unsigned int str_size, len;
+ gnutls_datum_t td;
+
+ ret =
+ asn1_decode_simple_der(etype, der, der_size, &str, &str_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ return ret;
+ }
+
+ td.size = str_size;
+ td.data = gnutls_malloc(str_size + 1);
+ if (td.data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(td.data, str, str_size);
+ td.data[str_size] = 0;
+
+ ret = make_printable_string(etype, &td, output);
+ if (ret == GNUTLS_E_INVALID_REQUEST) { /* unsupported etype */
+ output->data = td.data;
+ output->size = td.size;
+ ret = 0;
+ } else if (ret <= 0) {
+ _gnutls_free_datum(&td);
+ }
+
+ /* Refuse to deal with strings containing NULs. */
+ if (etype != ASN1_ETYPE_OCTET_STRING) {
+ if (output->data)
+ len = strlen((void *) output->data);
+ else
+ len = 0;
+
+ if (len != (size_t) output->size) {
+ _gnutls_free_datum(output);
+ ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
+ }
+ }
+
+ return ret;
}
@@ -1026,58 +985,53 @@ _gnutls_x509_decode_string (unsigned int etype,
* the required data size (to allow for a null byte).
*/
int
-_gnutls_x509_read_value (ASN1_TYPE c, const char *root,
- gnutls_datum_t * ret)
+_gnutls_x509_read_value(ASN1_TYPE c, const char *root,
+ gnutls_datum_t * ret)
{
- int len = 0, result;
- uint8_t *tmp = NULL;
- unsigned int etype;
-
- result = asn1_read_value_type (c, root, NULL, &len, &etype);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- return result;
- }
-
- if (etype == ASN1_ETYPE_BIT_STRING)
- {
- len /= 8;
- len++;
- }
-
- tmp = gnutls_malloc ((size_t)len+1);
- if (tmp == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_read_value (c, root, tmp, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (etype == ASN1_ETYPE_BIT_STRING)
- {
- ret->size = len / 8;
- if (len % 8 > 0)
- ret->size++;
- }
- else ret->size = (unsigned)len;
-
- ret->data = tmp;
-
- return 0;
-
-cleanup:
- gnutls_free (tmp);
- return result;
+ int len = 0, result;
+ uint8_t *tmp = NULL;
+ unsigned int etype;
+
+ result = asn1_read_value_type(c, root, NULL, &len, &etype);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ return result;
+ }
+
+ if (etype == ASN1_ETYPE_BIT_STRING) {
+ len /= 8;
+ len++;
+ }
+
+ tmp = gnutls_malloc((size_t) len + 1);
+ if (tmp == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value(c, root, tmp, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (etype == ASN1_ETYPE_BIT_STRING) {
+ ret->size = len / 8;
+ if (len % 8 > 0)
+ ret->size++;
+ } else
+ ret->size = (unsigned) len;
+
+ ret->data = tmp;
+
+ return 0;
+
+ cleanup:
+ gnutls_free(tmp);
+ return result;
}
/* Reads a value from an ASN1 tree, then interprets it as the provided
@@ -1087,92 +1041,89 @@ cleanup:
* at the end of a readable string value (which is not accounted into size)
*/
int
-_gnutls_x509_read_string (ASN1_TYPE c, const char *root,
- gnutls_datum_t * ret, unsigned int etype)
+_gnutls_x509_read_string(ASN1_TYPE c, const char *root,
+ gnutls_datum_t * ret, unsigned int etype)
{
- int len = 0, result;
- size_t slen;
- uint8_t *tmp = NULL;
- unsigned rtype;
-
- result = asn1_read_value_type (c, root, NULL, &len, &rtype);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- return result;
- }
-
- if (rtype == ASN1_ETYPE_BIT_STRING)
- len /= 8;
-
- tmp = gnutls_malloc ((size_t)len+1);
- if (tmp == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_read_value (c, root, tmp, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (rtype == ASN1_ETYPE_BIT_STRING)
- len /= 8;
-
- /* Extract the STRING.
- */
- slen = (size_t)len;
-
- result = _gnutls_x509_decode_string (etype, tmp, slen, ret);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- gnutls_free(tmp);
-
- return 0;
-
-cleanup:
- gnutls_free (tmp);
- return result;
+ int len = 0, result;
+ size_t slen;
+ uint8_t *tmp = NULL;
+ unsigned rtype;
+
+ result = asn1_read_value_type(c, root, NULL, &len, &rtype);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ return result;
+ }
+
+ if (rtype == ASN1_ETYPE_BIT_STRING)
+ len /= 8;
+
+ tmp = gnutls_malloc((size_t) len + 1);
+ if (tmp == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value(c, root, tmp, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (rtype == ASN1_ETYPE_BIT_STRING)
+ len /= 8;
+
+ /* Extract the STRING.
+ */
+ slen = (size_t) len;
+
+ result = _gnutls_x509_decode_string(etype, tmp, slen, ret);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ gnutls_free(tmp);
+
+ return 0;
+
+ cleanup:
+ gnutls_free(tmp);
+ return result;
}
/* The string type should be IA5String, UTF8String etc. Leave
* null for octet string */
-int _gnutls_x509_encode_string(unsigned int etype,
- const void* input_data, size_t input_size,
- gnutls_datum_t* output)
+int _gnutls_x509_encode_string(unsigned int etype,
+ const void *input_data, size_t input_size,
+ gnutls_datum_t * output)
{
- uint8_t tl[ASN1_MAX_TL_SIZE];
- unsigned int tl_size;
- int ret;
-
- tl_size = sizeof(tl);
- ret = asn1_encode_simple_der (etype, input_data, input_size, tl, &tl_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- return ret;
- }
-
- output->data = gnutls_malloc(tl_size + input_size);
- if (output->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- memcpy(output->data, tl, tl_size);
- memcpy(output->data+tl_size, input_data, input_size);
-
- output->size = tl_size + input_size;
-
- return 0;
+ uint8_t tl[ASN1_MAX_TL_SIZE];
+ unsigned int tl_size;
+ int ret;
+
+ tl_size = sizeof(tl);
+ ret =
+ asn1_encode_simple_der(etype, input_data, input_size, tl,
+ &tl_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ return ret;
+ }
+
+ output->data = gnutls_malloc(tl_size + input_size);
+ if (output->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(output->data, tl, tl_size);
+ memcpy(output->data + tl_size, input_data, input_size);
+
+ output->size = tl_size + input_size;
+
+ return 0;
}
/* DER Encodes the src ASN1_TYPE and stores it to
@@ -1180,85 +1131,79 @@ int _gnutls_x509_encode_string(unsigned int etype,
* an OCTET STRING.
*/
int
-_gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * res, int str)
+_gnutls_x509_der_encode(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * res, int str)
{
- int size, result;
- int asize;
- uint8_t *data = NULL;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- size = 0;
- result = asn1_der_coding (src, src_name, NULL, &size, NULL);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* allocate data for the der
- */
-
- if (str)
- size += 16; /* for later to include the octet tags */
- asize = size;
-
- data = gnutls_malloc ((size_t)size);
- if (data == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_der_coding (src, src_name, data, &size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (str)
- {
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (c2, "", data, size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_coding (c2, "", data, &asize, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- size = asize;
-
- asn1_delete_structure (&c2);
- }
-
- res->data = data;
- res->size = (unsigned)size;
- return 0;
-
-cleanup:
- gnutls_free (data);
- asn1_delete_structure (&c2);
- return result;
+ int size, result;
+ int asize;
+ uint8_t *data = NULL;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ size = 0;
+ result = asn1_der_coding(src, src_name, NULL, &size, NULL);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* allocate data for the der
+ */
+
+ if (str)
+ size += 16; /* for later to include the octet tags */
+ asize = size;
+
+ data = gnutls_malloc((size_t) size);
+ if (data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_der_coding(src, src_name, data, &size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (str) {
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value(c2, "", data, size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_der_coding(c2, "", data, &asize, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ size = asize;
+
+ asn1_delete_structure(&c2);
+ }
+
+ res->data = data;
+ res->size = (unsigned) size;
+ return 0;
+
+ cleanup:
+ gnutls_free(data);
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -1268,97 +1213,96 @@ cleanup:
* an OCTET STRING.
*/
int
-_gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
- ASN1_TYPE dest, const char *dest_name,
- int str)
+_gnutls_x509_der_encode_and_copy(ASN1_TYPE src, const char *src_name,
+ ASN1_TYPE dest, const char *dest_name,
+ int str)
{
- int result;
- gnutls_datum_t encoded;
+ int result;
+ gnutls_datum_t encoded;
- result = _gnutls_x509_der_encode (src, src_name, &encoded, str);
+ result = _gnutls_x509_der_encode(src, src_name, &encoded, str);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Write the data.
- */
- result = asn1_write_value (dest, dest_name, encoded.data, (int)encoded.size);
+ /* Write the data.
+ */
+ result =
+ asn1_write_value(dest, dest_name, encoded.data,
+ (int) encoded.size);
- _gnutls_free_datum (&encoded);
+ _gnutls_free_datum(&encoded);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/* Writes the value of the datum in the given ASN1_TYPE.
*/
int
-_gnutls_x509_write_value (ASN1_TYPE c, const char *root,
- const gnutls_datum_t * data)
+_gnutls_x509_write_value(ASN1_TYPE c, const char *root,
+ const gnutls_datum_t * data)
{
- int ret;
-
- /* Write the data.
- */
- ret = asn1_write_value (c, root, data->data, data->size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return 0;
+ int ret;
+
+ /* Write the data.
+ */
+ ret = asn1_write_value(c, root, data->data, data->size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/* Writes the value of the datum in the given ASN1_TYPE as a string.
*/
int
-_gnutls_x509_write_string (ASN1_TYPE c, const char *root,
- const gnutls_datum_t * data, unsigned int etype)
+_gnutls_x509_write_string(ASN1_TYPE c, const char *root,
+ const gnutls_datum_t * data, unsigned int etype)
{
- int ret;
- gnutls_datum_t val = { NULL, 0 };
-
- ret = _gnutls_x509_encode_string(etype, data->data, data->size, &val);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Write the data.
- */
- ret = asn1_write_value (c, root, val.data, val.size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&val);
- return ret;
+ int ret;
+ gnutls_datum_t val = { NULL, 0 };
+
+ ret =
+ _gnutls_x509_encode_string(etype, data->data, data->size,
+ &val);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Write the data.
+ */
+ ret = asn1_write_value(c, root, val.data, val.size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&val);
+ return ret;
}
void
-_asnstr_append_name (char *name, size_t name_size, const char *part1,
- const char *part2)
+_asnstr_append_name(char *name, size_t name_size, const char *part1,
+ const char *part2)
{
- if (part1[0] != 0)
- {
- _gnutls_str_cpy (name, name_size, part1);
- _gnutls_str_cat (name, name_size, part2);
- }
- else
- _gnutls_str_cpy (name, name_size, part2 + 1 /* remove initial dot */ );
+ if (part1[0] != 0) {
+ _gnutls_str_cpy(name, name_size, part1);
+ _gnutls_str_cat(name, name_size, part2);
+ } else
+ _gnutls_str_cpy(name, name_size,
+ part2 + 1 /* remove initial dot */ );
}
@@ -1368,206 +1312,203 @@ _asnstr_append_name (char *name, size_t name_size, const char *part1,
*
*/
int
-_gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
- const char *dst_name,
- gnutls_pk_algorithm_t
- pk_algorithm, gnutls_pk_params_st * params)
+_gnutls_x509_encode_and_copy_PKI_params(ASN1_TYPE dst,
+ const char *dst_name,
+ gnutls_pk_algorithm_t
+ pk_algorithm,
+ gnutls_pk_params_st * params)
{
- const char *pk;
- gnutls_datum_t der = { NULL, 0 };
- int result;
- char name[128];
-
- pk = _gnutls_x509_pk_to_oid (pk_algorithm);
- if (pk == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- /* write the OID
- */
- _asnstr_append_name (name, sizeof (name), dst_name, ".algorithm.algorithm");
-
- result = asn1_write_value (dst, name, pk, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_pubkey_params (pk_algorithm, params, &der);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- _asnstr_append_name (name, sizeof (name), dst_name,
- ".algorithm.parameters");
-
- result = asn1_write_value (dst, name, der.data, der.size);
-
- _gnutls_free_datum (&der);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_pubkey (pk_algorithm, params, &der);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Write the DER parameters. (in bits)
- */
- _asnstr_append_name (name, sizeof (name), dst_name,
- ".subjectPublicKey");
- result = asn1_write_value (dst, name, der.data, der.size * 8);
- _gnutls_free_datum (&der);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ const char *pk;
+ gnutls_datum_t der = { NULL, 0 };
+ int result;
+ char name[128];
+
+ pk = _gnutls_x509_pk_to_oid(pk_algorithm);
+ if (pk == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ /* write the OID
+ */
+ _asnstr_append_name(name, sizeof(name), dst_name,
+ ".algorithm.algorithm");
+
+ result = asn1_write_value(dst, name, pk, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_write_pubkey_params(pk_algorithm, params, &der);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ _asnstr_append_name(name, sizeof(name), dst_name,
+ ".algorithm.parameters");
+
+ result = asn1_write_value(dst, name, der.data, der.size);
+
+ _gnutls_free_datum(&der);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_pubkey(pk_algorithm, params, &der);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Write the DER parameters. (in bits)
+ */
+ _asnstr_append_name(name, sizeof(name), dst_name,
+ ".subjectPublicKey");
+ result = asn1_write_value(dst, name, der.data, der.size * 8);
+ _gnutls_free_datum(&der);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/* Encodes and public key parameters into a
* subjectPublicKeyInfo structure and stores it in der.
*/
int
-_gnutls_x509_encode_PKI_params (gnutls_datum_t *der,
- gnutls_pk_algorithm_t
- pk_algorithm, gnutls_pk_params_st * params)
+_gnutls_x509_encode_PKI_params(gnutls_datum_t * der,
+ gnutls_pk_algorithm_t
+ pk_algorithm, gnutls_pk_params_st * params)
{
- int ret;
- ASN1_TYPE tmp;
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Certificate", &tmp);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret = _gnutls_x509_encode_and_copy_PKI_params (tmp,
- "tbsCertificate.subjectPublicKeyInfo",
- pk_algorithm, params);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_der_encode(tmp, "tbsCertificate.subjectPublicKeyInfo", der, 0);
-
-cleanup:
- asn1_delete_structure (&tmp);
-
- return ret;
+ int ret;
+ ASN1_TYPE tmp;
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Certificate", &tmp);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = _gnutls_x509_encode_and_copy_PKI_params(tmp,
+ "tbsCertificate.subjectPublicKeyInfo",
+ pk_algorithm,
+ params);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_der_encode(tmp,
+ "tbsCertificate.subjectPublicKeyInfo",
+ der, 0);
+
+ cleanup:
+ asn1_delete_structure(&tmp);
+
+ return ret;
}
/* Reads and returns the PK algorithm of the given certificate-like
* ASN.1 structure. src_name should be something like "tbsCertificate.subjectPublicKeyInfo".
*/
int
-_gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
- unsigned int *bits)
+_gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name,
+ unsigned int *bits)
{
- int result;
- int algo;
- char oid[64];
- int len;
- gnutls_pk_params_st params;
- char name[128];
-
- gnutls_pk_params_init(&params);
-
- _asnstr_append_name (name, sizeof (name), src_name, ".algorithm.algorithm");
- len = sizeof (oid);
- result = asn1_read_value (src, name, oid, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- algo = _gnutls_x509_oid2pk_algorithm (oid);
- if (algo == GNUTLS_PK_UNKNOWN)
- {
- _gnutls_debug_log
- ("%s: unknown public key algorithm: %s\n", __func__, oid);
- }
-
- if (bits == NULL)
- {
- return algo;
- }
-
- /* Now read the parameters' bits
- */
- result = _gnutls_get_asn_mpis(src, src_name, &params);
- if (result < 0)
- return gnutls_assert_val(result);
-
- bits[0] = pubkey_to_bits(algo, &params);
-
- gnutls_pk_params_release(&params);
- return algo;
+ int result;
+ int algo;
+ char oid[64];
+ int len;
+ gnutls_pk_params_st params;
+ char name[128];
+
+ gnutls_pk_params_init(&params);
+
+ _asnstr_append_name(name, sizeof(name), src_name,
+ ".algorithm.algorithm");
+ len = sizeof(oid);
+ result = asn1_read_value(src, name, oid, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ algo = _gnutls_x509_oid2pk_algorithm(oid);
+ if (algo == GNUTLS_PK_UNKNOWN) {
+ _gnutls_debug_log
+ ("%s: unknown public key algorithm: %s\n", __func__,
+ oid);
+ }
+
+ if (bits == NULL) {
+ return algo;
+ }
+
+ /* Now read the parameters' bits
+ */
+ result = _gnutls_get_asn_mpis(src, src_name, &params);
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ bits[0] = pubkey_to_bits(algo, &params);
+
+ gnutls_pk_params_release(&params);
+ return algo;
}
/* Reads the DER signed data from the certificate and allocates space and
* returns them into signed_data.
*/
int
-_gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signed_data)
+_gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signed_data)
{
- gnutls_datum_t der;
- int start, end, result;
-
- result = _gnutls_x509_der_encode (src, "", &der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Get the signed data
- */
- result = asn1_der_decoding_startEnd (src, der.data, der.size,
- src_name, &start, &end);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_set_datum (signed_data, &der.data[start], end - start + 1);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- _gnutls_free_datum (&der);
-
- return result;
+ gnutls_datum_t der;
+ int start, end, result;
+
+ result = _gnutls_x509_der_encode(src, "", &der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Get the signed data
+ */
+ result = asn1_der_decoding_startEnd(src, der.data, der.size,
+ src_name, &start, &end);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_set_datum(signed_data, &der.data[start],
+ end - start + 1);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ _gnutls_free_datum(&der);
+
+ return result;
}
/*-
@@ -1583,28 +1524,26 @@ cleanup:
* error.
-*/
int
-_gnutls_x509_get_signature_algorithm (ASN1_TYPE src, const char *src_name)
+_gnutls_x509_get_signature_algorithm(ASN1_TYPE src, const char *src_name)
{
- int result;
- gnutls_datum_t sa;
+ int result;
+ gnutls_datum_t sa;
- /* Read the signature algorithm. Note that parameters are not
- * read. They will be read from the issuer's certificate if needed.
- */
- result =
- _gnutls_x509_read_value (src, src_name, &sa);
+ /* Read the signature algorithm. Note that parameters are not
+ * read. They will be read from the issuer's certificate if needed.
+ */
+ result = _gnutls_x509_read_value(src, src_name, &sa);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_x509_oid2sign_algorithm ( (char*)sa.data);
+ result = _gnutls_x509_oid2sign_algorithm((char *) sa.data);
- _gnutls_free_datum (&sa);
+ _gnutls_free_datum(&sa);
- return result;
+ return result;
}
@@ -1612,143 +1551,136 @@ _gnutls_x509_get_signature_algorithm (ASN1_TYPE src, const char *src_name)
* returns them into signed_data.
*/
int
-_gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signature)
+_gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signature)
{
- int result, len;
- unsigned int bits;
-
- signature->data = NULL;
- signature->size = 0;
-
- /* Read the signature
- */
- len = 0;
- result = asn1_read_value (src, src_name, NULL, &len);
-
- if (result != ASN1_MEM_ERROR)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- bits = len;
- if (bits % 8 != 0)
- {
- gnutls_assert ();
- result = GNUTLS_E_CERTIFICATE_ERROR;
- goto cleanup;
- }
-
- len = bits / 8;
-
- signature->data = gnutls_malloc (len);
- if (signature->data == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- return result;
- }
-
- /* read the bit string of the signature
- */
- bits = len;
- result = asn1_read_value (src, src_name, signature->data, (int*)&bits);
-
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- signature->size = len;
-
- return 0;
-
-cleanup:
- return result;
+ int result, len;
+ unsigned int bits;
+
+ signature->data = NULL;
+ signature->size = 0;
+
+ /* Read the signature
+ */
+ len = 0;
+ result = asn1_read_value(src, src_name, NULL, &len);
+
+ if (result != ASN1_MEM_ERROR) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ bits = len;
+ if (bits % 8 != 0) {
+ gnutls_assert();
+ result = GNUTLS_E_CERTIFICATE_ERROR;
+ goto cleanup;
+ }
+
+ len = bits / 8;
+
+ signature->data = gnutls_malloc(len);
+ if (signature->data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ return result;
+ }
+
+ /* read the bit string of the signature
+ */
+ bits = len;
+ result =
+ asn1_read_value(src, src_name, signature->data, (int *) &bits);
+
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ signature->size = len;
+
+ return 0;
+
+ cleanup:
+ return result;
}
/* ASN.1 PrintableString rules */
static int is_printable(char p)
{
- if ((p >= 'a' && p <= 'z') || (p >= 'A' && p <= 'Z') ||
- (p >= '0' && p <= '9') || p == ' ' || p == '(' || p == ')' ||
- p == '+' || p == ',' || p == '-' || p == '.' || p == '/' ||
- p == ':' || p == '=' || p == '?')
- return 1;
-
- return 0;
+ if ((p >= 'a' && p <= 'z') || (p >= 'A' && p <= 'Z') ||
+ (p >= '0' && p <= '9') || p == ' ' || p == '(' || p == ')' ||
+ p == '+' || p == ',' || p == '-' || p == '.' || p == '/' ||
+ p == ':' || p == '=' || p == '?')
+ return 1;
+
+ return 0;
}
-static int write_complex_string(ASN1_TYPE asn_struct, const char* where,
- const struct oid_to_string* oentry, const uint8_t *data,
- size_t data_size)
+static int write_complex_string(ASN1_TYPE asn_struct, const char *where,
+ const struct oid_to_string *oentry,
+ const uint8_t * data, size_t data_size)
{
- char tmp[128];
- ASN1_TYPE c2;
- int result;
- const char *string_type;
- unsigned int i;
-
- result = asn1_create_element (_gnutls_get_pkix (), oentry->asn_desc, &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- tmp[0] = 0;
-
- string_type = "printableString";
-
- /* Check if the data is ASN.1 printable, and use
- * the UTF8 string type if not.
- */
- for (i = 0; i < data_size; i++)
- {
- if (!is_printable (data[i]))
- {
- string_type = "utf8String";
- break;
- }
- }
-
- /* if the type is a CHOICE then write the
- * type we'll use.
- */
- result = asn1_write_value (c2, "", string_type, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- _gnutls_str_cpy (tmp, sizeof (tmp), string_type);
-
- result = asn1_write_value (c2, tmp, data, data_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = _gnutls_x509_der_encode_and_copy (c2, "", asn_struct, where, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = 0;
-
-error:
- asn1_delete_structure (&c2);
- return result;
+ char tmp[128];
+ ASN1_TYPE c2;
+ int result;
+ const char *string_type;
+ unsigned int i;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), oentry->asn_desc, &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ tmp[0] = 0;
+
+ string_type = "printableString";
+
+ /* Check if the data is ASN.1 printable, and use
+ * the UTF8 string type if not.
+ */
+ for (i = 0; i < data_size; i++) {
+ if (!is_printable(data[i])) {
+ string_type = "utf8String";
+ break;
+ }
+ }
+
+ /* if the type is a CHOICE then write the
+ * type we'll use.
+ */
+ result = asn1_write_value(c2, "", string_type, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ _gnutls_str_cpy(tmp, sizeof(tmp), string_type);
+
+ result = asn1_write_value(c2, tmp, data, data_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", asn_struct, where, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = 0;
+
+ error:
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -1757,83 +1689,80 @@ error:
* In all cases only one value is written.
*/
int
-_gnutls_x509_encode_and_write_attribute (const char *given_oid,
- ASN1_TYPE asn1_struct,
- const char *where,
- const void *_data,
- int data_size, int multi)
+_gnutls_x509_encode_and_write_attribute(const char *given_oid,
+ ASN1_TYPE asn1_struct,
+ const char *where,
+ const void *_data,
+ int data_size, int multi)
{
- const uint8_t *data = _data;
- char tmp[128];
- int result;
- const struct oid_to_string* oentry;
-
- oentry = get_oid_entry(given_oid);
- if (oentry == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot find OID: %s\n", given_oid);
- return GNUTLS_E_X509_UNSUPPORTED_OID;
- }
-
- /* write the data (value)
- */
-
- _gnutls_str_cpy (tmp, sizeof (tmp), where);
- _gnutls_str_cat (tmp, sizeof (tmp), ".value");
-
- if (multi != 0)
- { /* if not writing an AttributeTypeAndValue, but an Attribute */
- _gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */
-
- result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
- }
-
- if (oentry->asn_desc != NULL) /* write a complex string API */
- {
- result = write_complex_string(asn1_struct, tmp, oentry, data, data_size);
- if (result < 0)
- return gnutls_assert_val(result);
- }
- else /* write a simple string */
- {
- gnutls_datum_t td;
-
- td.data = (void*)data;
- td.size = data_size;
- result = _gnutls_x509_write_string (asn1_struct, tmp, &td, oentry->etype);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- /* write the type
- */
- _gnutls_str_cpy (tmp, sizeof (tmp), where);
- _gnutls_str_cat (tmp, sizeof (tmp), ".type");
-
- result = asn1_write_value (asn1_struct, tmp, given_oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = 0;
-
-error:
- return result;
+ const uint8_t *data = _data;
+ char tmp[128];
+ int result;
+ const struct oid_to_string *oentry;
+
+ oentry = get_oid_entry(given_oid);
+ if (oentry == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("Cannot find OID: %s\n", given_oid);
+ return GNUTLS_E_X509_UNSUPPORTED_OID;
+ }
+
+ /* write the data (value)
+ */
+
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".value");
+
+ if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */
+ _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */
+
+ result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
+ }
+
+ if (oentry->asn_desc != NULL) { /* write a complex string API */
+ result =
+ write_complex_string(asn1_struct, tmp, oentry, data,
+ data_size);
+ if (result < 0)
+ return gnutls_assert_val(result);
+ } else { /* write a simple string */
+
+ gnutls_datum_t td;
+
+ td.data = (void *) data;
+ td.size = data_size;
+ result =
+ _gnutls_x509_write_string(asn1_struct, tmp, &td,
+ oentry->etype);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ /* write the type
+ */
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".type");
+
+ result = asn1_write_value(asn1_struct, tmp, given_oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = 0;
+
+ error:
+ return result;
}
/* copies a datum to a buffer. If it doesn't fit it returns
@@ -1842,57 +1771,55 @@ error:
*
* The buffer will always be null terminated.
*/
-int _gnutls_strdatum_to_buf (gnutls_datum_t * d, void* buf, size_t * buf_size)
+int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf,
+ size_t * buf_size)
{
-int ret;
-uint8_t *_buf = buf;
-
- if (buf == NULL || *buf_size < d->size+1)
- {
- *buf_size = d->size+1;
- ret = gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
- goto cleanup;
- }
- memcpy(buf, d->data, d->size);
- _buf[d->size] = 0;
-
- *buf_size = d->size;
- ret = 0;
-
-cleanup:
- _gnutls_free_datum(d);
-
- return ret;
+ int ret;
+ uint8_t *_buf = buf;
+
+ if (buf == NULL || *buf_size < d->size + 1) {
+ *buf_size = d->size + 1;
+ ret = gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ goto cleanup;
+ }
+ memcpy(buf, d->data, d->size);
+ _buf[d->size] = 0;
+
+ *buf_size = d->size;
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(d);
+
+ return ret;
}
int
-_gnutls_x509_get_raw_dn2 (ASN1_TYPE c2, gnutls_datum_t* raw,
- const char *whom, gnutls_datum_t * dn)
+_gnutls_x509_get_raw_dn2(ASN1_TYPE c2, gnutls_datum_t * raw,
+ const char *whom, gnutls_datum_t * dn)
{
- int result, len1;
- int start1, end1;
- result =
- asn1_der_decoding_startEnd (c2, raw->data, raw->size,
- whom, &start1, &end1);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- len1 = end1 - start1 + 1;
-
- result = _gnutls_set_datum (dn, &raw->data[start1], len1);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- return result;
+ int result, len1;
+ int start1, end1;
+ result =
+ asn1_der_decoding_startEnd(c2, raw->data, raw->size,
+ whom, &start1, &end1);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ len1 = end1 - start1 + 1;
+
+ result = _gnutls_set_datum(dn, &raw->data[start1], len1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ return result;
}
diff --git a/lib/x509/common.h b/lib/x509/common.h
index 8eec73054a..ade1c9bc7b 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -67,115 +67,121 @@
#define ASN1_NULL "\x05\x00"
#define ASN1_NULL_SIZE 2
-int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim, int general);
+int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim,
+ int general);
-int _gnutls_x509_decode_string (unsigned int etype,
- const uint8_t * der, size_t der_size,
- gnutls_datum_t *output);
+int _gnutls_x509_decode_string(unsigned int etype,
+ const uint8_t * der, size_t der_size,
+ gnutls_datum_t * output);
int _gnutls_x509_encode_string(unsigned int etype,
- const void* input_data, size_t input_size,
- gnutls_datum_t* output);
+ const void *input_data, size_t input_size,
+ gnutls_datum_t * output);
-int _gnutls_x509_dn_to_string (const char *OID, void *value,
- int value_size, gnutls_datum_t* out);
-const char* _gnutls_ldap_string_to_oid (const char* str, unsigned str_len);
+int _gnutls_x509_dn_to_string(const char *OID, void *value,
+ int value_size, gnutls_datum_t * out);
+const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len);
-time_t _gnutls_x509_get_time (ASN1_TYPE c2, const char *when, int general);
+time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when, int general);
-gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type);
+gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type);
-int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
- ASN1_TYPE dest, const char *dest_name,
- int str);
-int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * res, int str);
+int _gnutls_x509_der_encode_and_copy(ASN1_TYPE src, const char *src_name,
+ ASN1_TYPE dest, const char *dest_name,
+ int str);
+int _gnutls_x509_der_encode(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * res, int str);
#define _gnutls_x509_export_int(asn1, format, header, out, out_size) \
_gnutls_x509_export_int_named(asn1, "", format, header, out, out_size)
-int _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- unsigned char *output_data,
- size_t * output_data_size);
+int _gnutls_x509_export_int_named(ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size);
#define _gnutls_x509_export_int2(asn1, format, header, out) \
_gnutls_x509_export_int_named2(asn1, "", format, header, out)
-int _gnutls_x509_export_int_named2 (ASN1_TYPE asn1_data, const char *name,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- gnutls_datum_t * out);
-
-int _gnutls_x509_read_value (ASN1_TYPE c, const char *root,
- gnutls_datum_t * ret);
-int _gnutls_x509_read_string (ASN1_TYPE c, const char *root,
- gnutls_datum_t * ret, unsigned int etype);
-int _gnutls_x509_write_value (ASN1_TYPE c, const char *root,
- const gnutls_datum_t * data);
-
-int _gnutls_x509_write_string (ASN1_TYPE c, const char *root,
- const gnutls_datum_t * data, unsigned int etype);
-
-int _gnutls_x509_encode_and_write_attribute (const char *given_oid,
- ASN1_TYPE asn1_struct,
- const char *where,
- const void *data,
- int sizeof_data, int multi);
-int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
- const char *where, char *oid,
- int oid_size,
- gnutls_datum_t * value, int multi,
- int octet);
-
-int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
- unsigned int *bits);
+int _gnutls_x509_export_int_named2(ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ gnutls_datum_t * out);
+
+int _gnutls_x509_read_value(ASN1_TYPE c, const char *root,
+ gnutls_datum_t * ret);
+int _gnutls_x509_read_string(ASN1_TYPE c, const char *root,
+ gnutls_datum_t * ret, unsigned int etype);
+int _gnutls_x509_write_value(ASN1_TYPE c, const char *root,
+ const gnutls_datum_t * data);
+
+int _gnutls_x509_write_string(ASN1_TYPE c, const char *root,
+ const gnutls_datum_t * data,
+ unsigned int etype);
+
+int _gnutls_x509_encode_and_write_attribute(const char *given_oid,
+ ASN1_TYPE asn1_struct,
+ const char *where,
+ const void *data,
+ int sizeof_data, int multi);
+int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct,
+ const char *where, char *oid,
+ int oid_size,
+ gnutls_datum_t * value,
+ int multi, int octet);
+
+int _gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name,
+ unsigned int *bits);
int
-_gnutls_x509_get_signature_algorithm (ASN1_TYPE src, const char *src_name);
+_gnutls_x509_get_signature_algorithm(ASN1_TYPE src, const char *src_name);
-int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
- const char *dst_name,
- gnutls_pk_algorithm_t
- pk_algorithm, gnutls_pk_params_st * params);
-int _gnutls_x509_encode_PKI_params(gnutls_datum_t* der,
- gnutls_pk_algorithm_t, gnutls_pk_params_st* params);
-int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
- ASN1_TYPE src, const char *src_name);
+int _gnutls_x509_encode_and_copy_PKI_params(ASN1_TYPE dst,
+ const char *dst_name,
+ gnutls_pk_algorithm_t
+ pk_algorithm,
+ gnutls_pk_params_st * params);
+int _gnutls_x509_encode_PKI_params(gnutls_datum_t * der,
+ gnutls_pk_algorithm_t,
+ gnutls_pk_params_st * params);
+int _gnutls_asn1_copy_node(ASN1_TYPE * dst, const char *dst_name,
+ ASN1_TYPE src, const char *src_name);
-int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signed_data);
-int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
- gnutls_datum_t * signature);
+int _gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signed_data);
+int _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signature);
-int _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
- gnutls_pk_params_st * params);
+int _gnutls_get_asn_mpis(ASN1_TYPE asn, const char *root,
+ gnutls_pk_params_st * params);
-int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, gnutls_pk_params_st*,
- unsigned char *output_data,
- size_t * output_data_size);
+int _gnutls_get_key_id(gnutls_pk_algorithm_t pk, gnutls_pk_params_st *,
+ unsigned char *output_data,
+ size_t * output_data_size);
-void _asnstr_append_name (char *name, size_t name_size, const char *part1,
- const char *part2);
+void _asnstr_append_name(char *name, size_t name_size, const char *part1,
+ const char *part2);
int
-_gnutls_x509_get_raw_dn2 (ASN1_TYPE c2, gnutls_datum_t* raw,
- const char *whom, gnutls_datum_t * dn);
+_gnutls_x509_get_raw_dn2(ASN1_TYPE c2, gnutls_datum_t * raw,
+ const char *whom, gnutls_datum_t * dn);
int
-_gnutls_check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
+_gnutls_check_if_same_cert(gnutls_x509_crt_t cert1,
+ gnutls_x509_crt_t cert2);
-time_t _gnutls_x509_generalTime2gtime (const char *ttime);
+time_t _gnutls_x509_generalTime2gtime(const char *ttime);
-int get_extension (ASN1_TYPE asn, const char *root,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical);
+int get_extension(ASN1_TYPE asn, const char *root,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical);
-int set_extension (ASN1_TYPE asn, const char *root,
- const char *ext_id,
- const gnutls_datum_t * ext_data, unsigned int critical);
+int set_extension(ASN1_TYPE asn, const char *root,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data, unsigned int critical);
-int _gnutls_strdatum_to_buf (gnutls_datum_t * d, void* buf, size_t * sizeof_buf);
+int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf,
+ size_t * sizeof_buf);
#endif
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index 152ab33ba9..bd2560dc78 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -44,25 +44,22 @@
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crl_init (gnutls_x509_crl_t * crl)
+int gnutls_x509_crl_init(gnutls_x509_crl_t * crl)
{
- *crl = gnutls_calloc (1, sizeof (gnutls_x509_crl_int));
-
- if (*crl)
- {
- int result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.CertificateList",
- &(*crl)->crl);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*crl);
- return _gnutls_asn2err (result);
- }
- return 0; /* success */
- }
- return GNUTLS_E_MEMORY_ERROR;
+ *crl = gnutls_calloc(1, sizeof(gnutls_x509_crl_int));
+
+ if (*crl) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.CertificateList",
+ &(*crl)->crl);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*crl);
+ return _gnutls_asn2err(result);
+ }
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -71,17 +68,16 @@ gnutls_x509_crl_init (gnutls_x509_crl_t * crl)
*
* This function will deinitialize a CRL structure.
**/
-void
-gnutls_x509_crl_deinit (gnutls_x509_crl_t crl)
+void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl)
{
- if (!crl)
- return;
+ if (!crl)
+ return;
- if (crl->crl)
- asn1_delete_structure (&crl->crl);
- gnutls_free(crl->raw_issuer_dn.data);
+ if (crl->crl)
+ asn1_delete_structure(&crl->crl);
+ gnutls_free(crl->raw_issuer_dn.data);
- gnutls_free (crl);
+ gnutls_free(crl);
}
/**
@@ -99,64 +95,62 @@ gnutls_x509_crl_deinit (gnutls_x509_crl_t crl)
* negative error value.
**/
int
-gnutls_x509_crl_import (gnutls_x509_crl_t crl,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+gnutls_x509_crl_import(gnutls_x509_crl_t crl,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- _data.data = data->data;
- _data.size = data->size;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* If the CRL is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- result = _gnutls_fbase64_decode (PEM_CRL, data->data, data->size, &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- need_free = 1;
- }
-
- result = asn1_der_decoding (&crl->crl, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_raw_dn2 (crl->crl, &_data,
- "tbsCertList.issuer.rdnSequence",
- &crl->raw_issuer_dn);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (need_free)
- _gnutls_free_datum (&_data);
-
- return 0;
-
-cleanup:
- if (need_free)
- _gnutls_free_datum (&_data);
- _gnutls_free_datum (&crl->raw_issuer_dn);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* If the CRL is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ result =
+ _gnutls_fbase64_decode(PEM_CRL, data->data, data->size,
+ &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ need_free = 1;
+ }
+
+ result =
+ asn1_der_decoding(&crl->crl, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_get_raw_dn2(crl->crl, &_data,
+ "tbsCertList.issuer.rdnSequence",
+ &crl->raw_issuer_dn);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ _gnutls_free_datum(&crl->raw_issuer_dn);
+ return result;
}
@@ -179,18 +173,17 @@ cleanup:
*
**/
int
-gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf,
- size_t * sizeof_buf)
+gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, char *buf,
+ size_t * sizeof_buf)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_parse_dn (crl->crl,
- "tbsCertList.issuer.rdnSequence",
- buf, sizeof_buf);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn(crl->crl,
+ "tbsCertList.issuer.rdnSequence",
+ buf, sizeof_buf);
}
/**
@@ -220,27 +213,26 @@ gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf,
* with the required size, and 0 on success.
**/
int
-gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf)
+gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf)
{
-gnutls_datum_t td;
-int ret;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_parse_dn_oid (crl->crl,
- "tbsCertList.issuer.rdnSequence",
- oid, indx, raw_flag, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, buf, sizeof_buf);
+ gnutls_datum_t td;
+ int ret;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_parse_dn_oid(crl->crl,
+ "tbsCertList.issuer.rdnSequence",
+ oid, indx, raw_flag, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return _gnutls_strdatum_to_buf(&td, buf, sizeof_buf);
}
@@ -261,18 +253,17 @@ int ret;
* with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
- int indx, void *oid, size_t * sizeof_oid)
+gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl,
+ int indx, void *oid, size_t * sizeof_oid)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn_oid (crl->crl,
- "tbsCertList.issuer.rdnSequence", indx,
- oid, sizeof_oid);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid(crl->crl,
+ "tbsCertList.issuer.rdnSequence",
+ indx, oid, sizeof_oid);
}
/**
@@ -291,16 +282,15 @@ gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
* Since: 3.1.10
**/
int
-gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t * dn)
+gnutls_x509_crl_get_issuer_dn2(gnutls_x509_crl_t crl, gnutls_datum_t * dn)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn (crl->crl,
- "tbsCertList.issuer.rdnSequence", dn);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn(crl->crl,
+ "tbsCertList.issuer.rdnSequence", dn);
}
/**
@@ -313,37 +303,34 @@ gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t * dn)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl)
+int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl)
{
- int result;
- gnutls_datum_t sa;
+ int result;
+ gnutls_datum_t sa;
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* Read the signature algorithm. Note that parameters are not
- * read. They will be read from the issuer's certificate if needed.
- */
+ /* Read the signature algorithm. Note that parameters are not
+ * read. They will be read from the issuer's certificate if needed.
+ */
- result =
- _gnutls_x509_read_value (crl->crl, "signatureAlgorithm.algorithm",
- &sa);
+ result =
+ _gnutls_x509_read_value(crl->crl,
+ "signatureAlgorithm.algorithm", &sa);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_x509_oid2sign_algorithm ((const char *) sa.data);
+ result = _gnutls_x509_oid2sign_algorithm((const char *) sa.data);
- _gnutls_free_datum (&sa);
+ _gnutls_free_datum(&sa);
- return result;
+ return result;
}
/**
@@ -358,51 +345,46 @@ gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl)
* negative error value. and a negative error code on error.
**/
int
-gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
- char *sig, size_t * sizeof_sig)
+gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl,
+ char *sig, size_t * sizeof_sig)
{
- int result;
- unsigned int bits;
- int len;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = 0;
- result = asn1_read_value (crl->crl, "signature", NULL, &len);
-
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- bits = len;
- if (bits % 8 != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- len = bits / 8;
-
- if (*sizeof_sig < (unsigned)len)
- {
- *sizeof_sig = bits / 8;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- result = asn1_read_value (crl->crl, "signature", sig, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ unsigned int bits;
+ int len;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = 0;
+ result = asn1_read_value(crl->crl, "signature", NULL, &len);
+
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ bits = len;
+ if (bits % 8 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ len = bits / 8;
+
+ if (*sizeof_sig < (unsigned) len) {
+ *sizeof_sig = bits / 8;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ result = asn1_read_value(crl->crl, "signature", sig, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -413,28 +395,25 @@ gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
*
* Returns: The version number, or a negative error code on error.
**/
-int
-gnutls_x509_crl_get_version (gnutls_x509_crl_t crl)
+int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl)
{
- uint8_t version[8];
- int len, result;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (version);
- if ((result =
- asn1_read_value (crl->crl, "tbsCertList.version", version,
- &len)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return (int) version[0] + 1;
+ uint8_t version[8];
+ int len, result;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(version);
+ if ((result =
+ asn1_read_value(crl->crl, "tbsCertList.version", version,
+ &len)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return (int) version[0] + 1;
}
/**
@@ -445,16 +424,15 @@ gnutls_x509_crl_get_version (gnutls_x509_crl_t crl)
*
* Returns: when the CRL was issued, or (time_t)-1 on error.
**/
-time_t
-gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl)
+time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time (crl->crl, "tbsCertList.thisUpdate", 0);
+ return _gnutls_x509_get_time(crl->crl, "tbsCertList.thisUpdate",
+ 0);
}
/**
@@ -467,16 +445,15 @@ gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl)
*
* Returns: when the next CRL will be issued, or (time_t)-1 on error.
**/
-time_t
-gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl)
+time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time (crl->crl, "tbsCertList.nextUpdate", 0);
+ return _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate",
+ 0);
}
/**
@@ -488,29 +465,27 @@ gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl)
*
* Returns: number of certificates, a negative error code on failure.
**/
-int
-gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl)
+int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl)
{
- int count, result;
+ int count, result;
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result =
- asn1_number_of_elements (crl->crl,
- "tbsCertList.revokedCertificates", &count);
+ result =
+ asn1_number_of_elements(crl->crl,
+ "tbsCertList.revokedCertificates",
+ &count);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return 0; /* no certificates */
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return 0; /* no certificates */
+ }
- return count;
+ return count;
}
/**
@@ -528,44 +503,44 @@ gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl)
* negative error value. and a negative error code on error.
**/
int
-gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
- unsigned char *serial,
- size_t * serial_size, time_t * t)
+gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int indx,
+ unsigned char *serial,
+ size_t * serial_size, time_t * t)
{
- int result, _serial_size;
- char serial_name[ASN1_MAX_NAME_SIZE];
- char date_name[ASN1_MAX_NAME_SIZE];
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (serial_name, sizeof (serial_name),
- "tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1);
- snprintf (date_name, sizeof (date_name),
- "tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1);
-
- _serial_size = *serial_size;
- result = asn1_read_value (crl->crl, serial_name, serial, &_serial_size);
-
- *serial_size = _serial_size;
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- return _gnutls_asn2err (result);
- }
-
- if (t)
- {
- *t = _gnutls_x509_get_time (crl->crl, date_name, 0);
- }
-
- return 0;
+ int result, _serial_size;
+ char serial_name[ASN1_MAX_NAME_SIZE];
+ char date_name[ASN1_MAX_NAME_SIZE];
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(serial_name, sizeof(serial_name),
+ "tbsCertList.revokedCertificates.?%u.userCertificate",
+ indx + 1);
+ snprintf(date_name, sizeof(date_name),
+ "tbsCertList.revokedCertificates.?%u.revocationDate",
+ indx + 1);
+
+ _serial_size = *serial_size;
+ result =
+ asn1_read_value(crl->crl, serial_name, serial, &_serial_size);
+
+ *serial_size = _serial_size;
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return _gnutls_asn2err(result);
+ }
+
+ if (t) {
+ *t = _gnutls_x509_get_time(crl->crl, date_name, 0);
+ }
+
+ return 0;
}
/**
@@ -581,10 +556,11 @@ gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
* Since: 2.12.0
**/
int
-gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
- gnutls_datum_t * dn)
+gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn)
{
- return _gnutls_set_datum (dn, crl->raw_issuer_dn.data, crl->raw_issuer_dn.size);
+ return _gnutls_set_datum(dn, crl->raw_issuer_dn.data,
+ crl->raw_issuer_dn.size);
}
/**
@@ -607,18 +583,17 @@ gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
* negative error value. and a negative error code on failure.
**/
int
-gnutls_x509_crl_export (gnutls_x509_crl_t crl,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_x509_crl_export(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_export_int (crl->crl, format, PEM_CRL,
- output_data, output_data_size);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int(crl->crl, format, PEM_CRL,
+ output_data, output_data_size);
}
/**
@@ -640,16 +615,15 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl,
* Since 3.1.3
**/
int
-gnutls_x509_crl_export2 (gnutls_x509_crl_t crl,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+gnutls_x509_crl_export2(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int2 (crl->crl, format, PEM_CRL, out);
+ return _gnutls_x509_export_int2(crl->crl, format, PEM_CRL, out);
}
/*-
@@ -662,78 +636,71 @@ gnutls_x509_crl_export2 (gnutls_x509_crl_t crl,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
-*/
-int
-_gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src)
+int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src)
{
- int ret;
- gnutls_datum_t tmp;
+ int ret;
+ gnutls_datum_t tmp;
- ret = gnutls_x509_crl_export2 (src, GNUTLS_X509_FMT_DER, &tmp);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = gnutls_x509_crl_export2(src, GNUTLS_X509_FMT_DER, &tmp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = gnutls_x509_crl_import (dest, &tmp, GNUTLS_X509_FMT_DER);
+ ret = gnutls_x509_crl_import(dest, &tmp, GNUTLS_X509_FMT_DER);
- gnutls_free (tmp.data);
+ gnutls_free(tmp.data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
static int
-_get_authority_key_id (gnutls_x509_crl_t cert, ASN1_TYPE *c2,
- unsigned int *critical)
+_get_authority_key_id(gnutls_x509_crl_t cert, ASN1_TYPE * c2,
+ unsigned int *critical)
{
- int ret;
- gnutls_datum_t id;
-
- *c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((ret =
- _gnutls_x509_crl_get_extension (cert, "2.5.29.35", 0, &id,
- critical)) < 0)
- {
- return gnutls_assert_val(ret);
- }
-
- if (id.size == 0 || id.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- ret = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&id);
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_der_decoding (c2, id.data, id.size, NULL);
- _gnutls_free_datum (&id);
-
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (c2);
- return _gnutls_asn2err (ret);
- }
-
- return 0;
+ int ret;
+ gnutls_datum_t id;
+
+ *c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((ret =
+ _gnutls_x509_crl_get_extension(cert, "2.5.29.35", 0, &id,
+ critical)) < 0) {
+ return gnutls_assert_val(ret);
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ ret = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = asn1_der_decoding(c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(c2);
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/**
@@ -760,52 +727,51 @@ _get_authority_key_id (gnutls_x509_crl_t cert, ASN1_TYPE *c2,
* Since: 3.0
**/
int
-gnutls_x509_crl_get_authority_key_gn_serial (gnutls_x509_crl_t crl,
- unsigned int seq,
- void *alt,
- size_t * alt_size,
- unsigned int *alt_type,
- void* serial,
- size_t *serial_size,
- unsigned int *critical)
+gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t crl,
+ unsigned int seq,
+ void *alt,
+ size_t * alt_size,
+ unsigned int *alt_type,
+ void *serial,
+ size_t * serial_size,
+ unsigned int *critical)
{
- int ret, result, len;
- ASN1_TYPE c2;
-
- ret = _get_authority_key_id(crl, &c2, critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret =
- _gnutls_parse_general_name (c2, "authorityCertIssuer", seq, alt, alt_size, alt_type,
- 0);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto fail;
- }
-
- if (serial)
- {
- len = *serial_size;
- result = asn1_read_value (c2, "authorityCertSerialNumber", serial, &len);
-
- *serial_size = len;
-
- if (result < 0)
- {
- ret = _gnutls_asn2err(result);
- goto fail;
- }
-
- }
-
- ret = 0;
-
-fail:
- asn1_delete_structure (&c2);
-
- return ret;
+ int ret, result, len;
+ ASN1_TYPE c2;
+
+ ret = _get_authority_key_id(crl, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_parse_general_name(c2, "authorityCertIssuer", seq, alt,
+ alt_size, alt_type, 0);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto fail;
+ }
+
+ if (serial) {
+ len = *serial_size;
+ result =
+ asn1_read_value(c2, "authorityCertSerialNumber",
+ serial, &len);
+
+ *serial_size = len;
+
+ if (result < 0) {
+ ret = _gnutls_asn2err(result);
+ goto fail;
+ }
+
+ }
+
+ ret = 0;
+
+ fail:
+ asn1_delete_structure(&c2);
+
+ return ret;
}
@@ -831,33 +797,34 @@ fail:
* Since: 2.8.0
**/
int
-gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *id,
- size_t * id_size,
- unsigned int *critical)
+gnutls_x509_crl_get_authority_key_id(gnutls_x509_crl_t crl, void *id,
+ size_t * id_size,
+ unsigned int *critical)
{
- int result, len, ret;
- ASN1_TYPE c2;
+ int result, len, ret;
+ ASN1_TYPE c2;
- ret = _get_authority_key_id(crl, &c2, critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _get_authority_key_id(crl, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- len = *id_size;
- result = asn1_read_value (c2, "keyIdentifier", id, &len);
+ len = *id_size;
+ result = asn1_read_value(c2, "keyIdentifier", id, &len);
- *id_size = len;
- asn1_delete_structure (&c2);
+ *id_size = len;
+ asn1_delete_structure(&c2);
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- return gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION);
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND)
+ return
+ gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/**
@@ -877,48 +844,46 @@ gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *id,
* Since: 2.8.0
**/
int
-gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
- size_t * ret_size, unsigned int *critical)
+gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret,
+ size_t * ret_size, unsigned int *critical)
{
- int result;
- gnutls_datum_t id;
+ int result;
+ gnutls_datum_t id;
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
+ if (ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
- if ((result =
- _gnutls_x509_crl_get_extension (crl, "2.5.29.20", 0, &id,
- critical)) < 0)
- {
- return result;
- }
+ if ((result =
+ _gnutls_x509_crl_get_extension(crl, "2.5.29.20", 0, &id,
+ critical)) < 0) {
+ return result;
+ }
- if (id.size == 0 || id.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- result = _gnutls_x509_ext_extract_number (ret, ret_size, id.data, id.size);
+ result =
+ _gnutls_x509_ext_extract_number(ret, ret_size, id.data,
+ id.size);
- _gnutls_free_datum (&id);
+ _gnutls_free_datum(&id);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -940,24 +905,23 @@ gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
* Since: 2.8.0
**/
int
-gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid)
+gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid)
{
- int result;
+ int result;
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_crl_get_extension_oid (crl, indx, oid, sizeof_oid);
- if (result < 0)
- {
- return result;
- }
+ result =
+ _gnutls_x509_crl_get_extension_oid(crl, indx, oid, sizeof_oid);
+ if (result < 0) {
+ return result;
+ }
- return 0;
+ return 0;
}
@@ -987,55 +951,51 @@ gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
* Since: 2.8.0
**/
int
-gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical)
+gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid,
+ unsigned int *critical)
{
- int result;
- char str_critical[10];
- char name[ASN1_MAX_NAME_SIZE];
- int len;
-
- if (!crl)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnID",
- indx + 1);
-
- len = *sizeof_oid;
- result = asn1_read_value (crl->crl, name, oid, &len);
- *sizeof_oid = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.critical",
- indx + 1);
- len = sizeof (str_critical);
- result = asn1_read_value (crl->crl, name, str_critical, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- return 0;
+ int result;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!crl) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsCertList.crlExtensions.?%u.extnID", indx + 1);
+
+ len = *sizeof_oid;
+ result = asn1_read_value(crl->crl, name, oid, &len);
+ *sizeof_oid = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsCertList.crlExtensions.?%u.critical", indx + 1);
+ len = sizeof(str_critical);
+ result = asn1_read_value(crl->crl, name, str_critical, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (critical) {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ return 0;
}
@@ -1063,34 +1023,32 @@ gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
* Since: 2.8.0
**/
int
-gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
- void *data, size_t * sizeof_data)
+gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl, int indx,
+ void *data, size_t * sizeof_data)
{
- int result, len;
- char name[ASN1_MAX_NAME_SIZE];
-
- if (!crl)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnValue",
- indx + 1);
-
- len = *sizeof_data;
- result = asn1_read_value (crl->crl, name, data, &len);
- *sizeof_data = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ if (!crl) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsCertList.crlExtensions.?%u.extnValue", indx + 1);
+
+ len = *sizeof_data;
+ result = asn1_read_value(crl->crl, name, data, &len);
+ *sizeof_data = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -1113,43 +1071,46 @@ gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
* Since: 3.0
**/
int
-gnutls_x509_crl_list_import2 (gnutls_x509_crl_t ** crls,
- unsigned int * size,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** crls,
+ unsigned int *size,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
{
-unsigned int init = 1024;
-int ret;
-
- *crls = gnutls_malloc(sizeof(gnutls_x509_crl_t)*init);
- if (*crls == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crl_list_import(*crls, &init, data, format, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- *crls = gnutls_realloc_fast(*crls, sizeof(gnutls_x509_crl_t)*init);
- if (*crls == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crl_list_import(*crls, &init, data, format, flags);
- }
-
- if (ret < 0)
- {
- gnutls_free(*crls);
- *crls = NULL;
- return ret;
- }
-
- *size = init;
- return 0;
+ unsigned int init = 1024;
+ int ret;
+
+ *crls = gnutls_malloc(sizeof(gnutls_x509_crl_t) * init);
+ if (*crls == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crl_list_import(*crls, &init, data, format,
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ *crls =
+ gnutls_realloc_fast(*crls,
+ sizeof(gnutls_x509_crl_t) * init);
+ if (*crls == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crl_list_import(*crls, &init, data, format,
+ flags);
+ }
+
+ if (ret < 0) {
+ gnutls_free(*crls);
+ *crls = NULL;
+ return ret;
+ }
+
+ *size = init;
+ return 0;
}
/**
@@ -1171,116 +1132,110 @@ int ret;
* Since: 3.0
**/
int
-gnutls_x509_crl_list_import (gnutls_x509_crl_t * crls,
- unsigned int *crl_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls,
+ unsigned int *crl_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
{
- int size;
- const char *ptr;
- gnutls_datum_t tmp;
- int ret, nocopy = 0;
- unsigned int count = 0, j;
-
- if (format == GNUTLS_X509_FMT_DER)
- {
- if (*crl_max < 1)
- {
- *crl_max = 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- count = 1; /* import only the first one */
-
- ret = gnutls_x509_crl_init (&crls[0]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = gnutls_x509_crl_import (crls[0], data, format);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- *crl_max = 1;
- return 1;
- }
-
- /* move to the certificate
- */
- ptr = memmem (data->data, data->size,
- PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
- if (ptr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- count = 0;
-
- do
- {
- if (count >= *crl_max)
- {
- if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
- break;
- else
- nocopy = 1;
- }
-
- if (!nocopy)
- {
- ret = gnutls_x509_crl_init (&crls[count]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- tmp.data = (void *) ptr;
- tmp.size = data->size - (ptr - (char *) data->data);
-
- ret =
- gnutls_x509_crl_import (crls[count], &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- /* now we move ptr after the pem header
- */
- ptr++;
- /* find the next certificate (if any)
- */
- size = data->size - (ptr - (char *) data->data);
-
- if (size > 0)
- {
- ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
- }
- else
- ptr = NULL;
-
- count++;
- }
- while (ptr != NULL);
-
- *crl_max = count;
-
- if (nocopy == 0)
- return count;
- else
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
-error:
- for (j = 0; j < count; j++)
- gnutls_x509_crl_deinit (crls[j]);
- return ret;
+ int size;
+ const char *ptr;
+ gnutls_datum_t tmp;
+ int ret, nocopy = 0;
+ unsigned int count = 0, j;
+
+ if (format == GNUTLS_X509_FMT_DER) {
+ if (*crl_max < 1) {
+ *crl_max = 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ count = 1; /* import only the first one */
+
+ ret = gnutls_x509_crl_init(&crls[0]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = gnutls_x509_crl_import(crls[0], data, format);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ *crl_max = 1;
+ return 1;
+ }
+
+ /* move to the certificate
+ */
+ ptr = memmem(data->data, data->size,
+ PEM_CRL_SEP, sizeof(PEM_CRL_SEP) - 1);
+ if (ptr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ count = 0;
+
+ do {
+ if (count >= *crl_max) {
+ if (!
+ (flags &
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
+ break;
+ else
+ nocopy = 1;
+ }
+
+ if (!nocopy) {
+ ret = gnutls_x509_crl_init(&crls[count]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ tmp.data = (void *) ptr;
+ tmp.size =
+ data->size - (ptr - (char *) data->data);
+
+ ret =
+ gnutls_x509_crl_import(crls[count], &tmp,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+ size = data->size - (ptr - (char *) data->data);
+
+ if (size > 0) {
+ ptr =
+ memmem(ptr, size, PEM_CRL_SEP,
+ sizeof(PEM_CRL_SEP) - 1);
+ } else
+ ptr = NULL;
+
+ count++;
+ }
+ while (ptr != NULL);
+
+ *crl_max = count;
+
+ if (nocopy == 0)
+ return count;
+ else
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ error:
+ for (j = 0; j < count; j++)
+ gnutls_x509_crl_deinit(crls[j]);
+ return ret;
}
-
diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c
index 5b2210bf75..24d5bf029d 100644
--- a/lib/x509/crl_write.c
+++ b/lib/x509/crl_write.c
@@ -34,7 +34,7 @@
#include <x509_int.h>
#include <libtasn1.h>
-static void disable_optional_stuff (gnutls_x509_crl_t crl);
+static void disable_optional_stuff(gnutls_x509_crl_t crl);
/**
* gnutls_x509_crl_set_version:
@@ -49,28 +49,27 @@ static void disable_optional_stuff (gnutls_x509_crl_t crl);
* negative error value.
**/
int
-gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
+gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, unsigned int version)
{
- int result;
- uint8_t null = version & 0xFF;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (null > 0)
- null -= 1;
-
- result = asn1_write_value (crl->crl, "tbsCertList.version", &null, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ uint8_t null = version & 0xFF;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (null > 0)
+ null -= 1;
+
+ result =
+ asn1_write_value(crl->crl, "tbsCertList.version", &null, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -92,46 +91,43 @@ gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
*
**/
int
-gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
{
- int result;
- gnutls_privkey_t privkey;
-
- if (crl == NULL || issuer == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_privkey_init (&privkey);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_privkey_import_x509 (privkey, issuer_key, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = gnutls_x509_crl_privkey_sign (crl, issuer, privkey, dig, flags);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = 0;
-
-fail:
- gnutls_privkey_deinit (privkey);
-
- return result;
+ int result;
+ gnutls_privkey_t privkey;
+
+ if (crl == NULL || issuer == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_privkey_init(&privkey);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = gnutls_privkey_import_x509(privkey, issuer_key, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result =
+ gnutls_x509_crl_privkey_sign(crl, issuer, privkey, dig, flags);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result = 0;
+
+ fail:
+ gnutls_privkey_deinit(privkey);
+
+ return result;
}
/**
@@ -149,10 +145,11 @@ fail:
* Deprecated: Use gnutls_x509_crl_privkey_sign().
*/
int
-gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key)
+gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key)
{
- return gnutls_x509_crl_sign2 (crl, issuer, issuer_key, GNUTLS_DIG_SHA1, 0);
+ return gnutls_x509_crl_sign2(crl, issuer, issuer_key,
+ GNUTLS_DIG_SHA1, 0);
}
/**
@@ -165,16 +162,15 @@ gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time)
+int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, time_t act_time)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_set_time (crl->crl, "tbsCertList.thisUpdate", act_time, 0);
+ return _gnutls_x509_set_time(crl->crl, "tbsCertList.thisUpdate",
+ act_time, 0);
}
/**
@@ -187,15 +183,14 @@ gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
+int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, time_t exp_time)
{
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- return _gnutls_x509_set_time (crl->crl, "tbsCertList.nextUpdate", exp_time, 0);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ return _gnutls_x509_set_time(crl->crl, "tbsCertList.nextUpdate",
+ exp_time, 0);
}
/**
@@ -211,57 +206,53 @@ gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
* negative error value.
**/
int
-gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
- const void *serial, size_t serial_size,
- time_t revocation_time)
+gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl,
+ const void *serial, size_t serial_size,
+ time_t revocation_time)
{
- int ret;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- asn1_write_value (crl->crl, "tbsCertList.revokedCertificates", "NEW", 1);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret =
- asn1_write_value (crl->crl,
- "tbsCertList.revokedCertificates.?LAST.userCertificate",
- serial, serial_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret =
- _gnutls_x509_set_time (crl->crl,
- "tbsCertList.revokedCertificates.?LAST.revocationDate",
- revocation_time, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- asn1_write_value (crl->crl,
- "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
- NULL, 0);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return 0;
+ int ret;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ asn1_write_value(crl->crl, "tbsCertList.revokedCertificates",
+ "NEW", 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret =
+ asn1_write_value(crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.userCertificate",
+ serial, serial_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret =
+ _gnutls_x509_set_time(crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.revocationDate",
+ revocation_time, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ asn1_write_value(crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
+ NULL, 0);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/**
@@ -276,53 +267,49 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
* negative error value.
**/
int
-gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt,
- time_t revocation_time)
+gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, gnutls_x509_crt_t crt,
+ time_t revocation_time)
{
- int ret;
- uint8_t serial[128];
- size_t serial_size;
-
- if (crl == NULL || crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- serial_size = sizeof (serial);
- ret = gnutls_x509_crt_get_serial (crt, serial, &serial_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- gnutls_x509_crl_set_crt_serial (crl, serial, serial_size,
- revocation_time);
- if (ret < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return 0;
+ int ret;
+ uint8_t serial[128];
+ size_t serial_size;
+
+ if (crl == NULL || crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ serial_size = sizeof(serial);
+ ret = gnutls_x509_crt_get_serial(crt, serial, &serial_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crl_set_crt_serial(crl, serial, serial_size,
+ revocation_time);
+ if (ret < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/* If OPTIONAL fields have not been initialized then
* disable them.
*/
-static void
-disable_optional_stuff (gnutls_x509_crl_t crl)
+static void disable_optional_stuff(gnutls_x509_crl_t crl)
{
- if (crl->use_extensions == 0)
- {
- asn1_write_value (crl->crl, "tbsCertList.crlExtensions", NULL, 0);
- }
+ if (crl->use_extensions == 0) {
+ asn1_write_value(crl->crl, "tbsCertList.crlExtensions",
+ NULL, 0);
+ }
- return;
+ return;
}
/**
@@ -342,54 +329,52 @@ disable_optional_stuff (gnutls_x509_crl_t crl)
* Since: 2.8.0
**/
int
-gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
- const void *id, size_t id_size)
+gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl,
+ const void *id, size_t id_size)
{
- int result;
- gnutls_datum_t old_id, der_data;
- unsigned int critical;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crl_get_extension (crl, "2.5.29.35", 0, &old_id, &critical);
-
- if (result >= 0)
- _gnutls_free_datum (&old_id);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_auth_key_id (id, id_size, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crl_set_extension (crl, "2.5.29.35", &der_data, 0);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crl->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crl_get_extension(crl, "2.5.29.35", 0, &old_id,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_auth_key_id(id, id_size, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crl_set_extension(crl, "2.5.29.35", &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crl->use_extensions = 1;
+
+ return 0;
}
/**
@@ -408,54 +393,52 @@ gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
* Since: 2.8.0
**/
int
-gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
- const void *nr, size_t nr_size)
+gnutls_x509_crl_set_number(gnutls_x509_crl_t crl,
+ const void *nr, size_t nr_size)
{
- int result;
- gnutls_datum_t old_id, der_data;
- unsigned int critical;
-
- if (crl == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crl_get_extension (crl, "2.5.29.20", 0, &old_id, &critical);
-
- if (result >= 0)
- _gnutls_free_datum (&old_id);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_number (nr, nr_size, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crl_set_extension (crl, "2.5.29.20", &der_data, 0);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crl->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crl_get_extension(crl, "2.5.29.20", 0, &old_id,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_number(nr, nr_size, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crl_set_extension(crl, "2.5.29.20", &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crl->use_extensions = 1;
+
+ return 0;
}
/**
@@ -478,31 +461,29 @@ gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
* Since 2.12.0
**/
int
-gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags)
+gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
- int result;
-
- if (crl == NULL || issuer == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* disable all the unneeded OPTIONAL fields.
- */
- disable_optional_stuff (crl);
-
- result = _gnutls_x509_pkix_sign (crl->crl, "tbsCertList",
- dig, issuer, issuer_key);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
-}
+ int result;
+
+ if (crl == NULL || issuer == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* disable all the unneeded OPTIONAL fields.
+ */
+ disable_optional_stuff(crl);
+ result = _gnutls_x509_pkix_sign(crl->crl, "tbsCertList",
+ dig, issuer, issuer_key);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
+}
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 01803c56b4..4e28fedd7c 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -46,26 +46,24 @@
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crq_init (gnutls_x509_crq_t * crq)
+int gnutls_x509_crq_init(gnutls_x509_crq_t * crq)
{
- int result;
-
- *crq = gnutls_calloc (1, sizeof (gnutls_x509_crq_int));
- if (!*crq)
- return GNUTLS_E_MEMORY_ERROR;
-
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-10-CertificationRequest",
- &((*crq)->crq));
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*crq);
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+
+ *crq = gnutls_calloc(1, sizeof(gnutls_x509_crq_int));
+ if (!*crq)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-10-CertificationRequest",
+ &((*crq)->crq));
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*crq);
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -75,16 +73,15 @@ gnutls_x509_crq_init (gnutls_x509_crq_t * crq)
* This function will deinitialize a PKCS#10 certificate request
* structure.
**/
-void
-gnutls_x509_crq_deinit (gnutls_x509_crq_t crq)
+void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq)
{
- if (!crq)
- return;
+ if (!crq)
+ return;
- if (crq->crq)
- asn1_delete_structure (&crq->crq);
+ if (crq->crq)
+ asn1_delete_structure(&crq->crq);
- gnutls_free (crq);
+ gnutls_free(crq);
}
#define PEM_CRQ "NEW CERTIFICATE REQUEST"
@@ -107,56 +104,56 @@ gnutls_x509_crq_deinit (gnutls_x509_crq_t crq)
* negative error value.
**/
int
-gnutls_x509_crq_import (gnutls_x509_crq_t crq,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+gnutls_x509_crq_import(gnutls_x509_crq_t crq,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- /* Try the first header */
- result = _gnutls_fbase64_decode (PEM_CRQ, data->data, data->size, &_data);
-
- if (result < 0) /* Go for the second header */
- result =
- _gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- need_free = 1;
- }
-
- result = asn1_der_decoding (&crq->crq, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode(PEM_CRQ, data->data, data->size,
+ &_data);
+
+ if (result < 0) /* Go for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_CRQ2, data->data,
+ data->size, &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ need_free = 1;
+ }
+
+ result =
+ asn1_der_decoding(&crq->crq, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
/**
@@ -173,56 +170,54 @@ cleanup:
* if the extension is not present, otherwise a negative error value.
**/
int
-gnutls_x509_crq_get_private_key_usage_period (gnutls_x509_crq_t crq, time_t* activation, time_t* expiration,
- unsigned int *critical)
+gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t crq,
+ time_t * activation,
+ time_t * expiration,
+ unsigned int *critical)
{
- int result, ret;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- uint8_t buf[128];
- size_t buf_size = sizeof (buf);
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.16", 0,
- buf, &buf_size, critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.PrivateKeyUsagePeriod", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_decoding (&c2, buf, buf_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (activation)
- *activation = _gnutls_x509_get_time (c2,
- "notBefore", 1);
-
- if (expiration)
- *expiration = _gnutls_x509_get_time (c2,
- "notAfter", 1);
-
- ret = 0;
-
-cleanup:
- asn1_delete_structure (&c2);
-
- return ret;
+ int result, ret;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ uint8_t buf[128];
+ size_t buf_size = sizeof(buf);
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.16", 0,
+ buf, &buf_size,
+ critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.PrivateKeyUsagePeriod", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding(&c2, buf, buf_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (activation)
+ *activation = _gnutls_x509_get_time(c2, "notBefore", 1);
+
+ if (expiration)
+ *expiration = _gnutls_x509_get_time(c2, "notAfter", 1);
+
+ ret = 0;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+
+ return ret;
}
@@ -243,17 +238,16 @@ cleanup:
* the required size. On success 0 is returned.
**/
int
-gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * buf_size)
+gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, size_t * buf_size)
{
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_parse_dn (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- buf, buf_size);
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn(crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ buf, buf_size);
}
/**
@@ -271,17 +265,16 @@ gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * buf_size)
*
* Since: 3.1.10
**/
-int
-gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t * dn)
+int gnutls_x509_crq_get_dn2(gnutls_x509_crq_t crq, gnutls_datum_t * dn)
{
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn (crq->crq,
- "certificationRequestInfo.subject.rdnSequence", dn);
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn(crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ dn);
}
/**
@@ -310,27 +303,26 @@ gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t * dn)
* updated with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * buf_size)
+gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * buf_size)
{
-gnutls_datum_t td;
-int ret;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_parse_dn_oid
- (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- oid, indx, raw_flag, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, buf, buf_size);
+ gnutls_datum_t td;
+ int ret;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_parse_dn_oid
+ (crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ oid, indx, raw_flag, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
/**
@@ -348,18 +340,17 @@ int ret;
* updated with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq,
- int indx, void *oid, size_t * sizeof_oid)
+gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq,
+ int indx, void *oid, size_t * sizeof_oid)
{
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn_oid (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- indx, oid, sizeof_oid);
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid(crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ indx, oid, sizeof_oid);
}
/* Parses an Attribute list in the asn1_struct, and searches for the
@@ -373,116 +364,113 @@ gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq,
*
*/
static int
-parse_attribute (ASN1_TYPE asn1_struct,
- const char *attr_name, const char *given_oid, int indx,
- int raw, gnutls_datum_t * out)
+parse_attribute(ASN1_TYPE asn1_struct,
+ const char *attr_name, const char *given_oid, int indx,
+ int raw, gnutls_datum_t * out)
{
- int k1, result;
- char tmpbuffer1[ASN1_MAX_NAME_SIZE];
- char tmpbuffer3[ASN1_MAX_NAME_SIZE];
- char value[200];
- gnutls_datum_t td;
- char oid[MAX_OID_SIZE];
- int len;
-
- k1 = 0;
- do
- {
-
- k1++;
- /* create a string like "attribute.?1"
- */
- if (attr_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", attr_name, k1);
- else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
-
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Move to the attibute type and values
- */
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (strcmp (oid, given_oid) == 0)
- { /* Found the OID */
-
- /* Read the Value
- */
- snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u",
- tmpbuffer1, indx + 1);
-
- len = sizeof (value) - 1;
- result = _gnutls_x509_read_value (asn1_struct, tmpbuffer3, &td);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (raw == 0)
- {
- result =
- _gnutls_x509_dn_to_string
- (oid, td.data, td.size, out);
-
- _gnutls_free_datum(&td);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- return 0;
- }
- else
- { /* raw!=0 */
- out->data = td.data;
- out->size = td.size;
-
- return 0;
- }
- }
-
- }
- while (1);
-
- gnutls_assert ();
-
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
-cleanup:
- return result;
+ int k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ char value[200];
+ gnutls_datum_t td;
+ char oid[MAX_OID_SIZE];
+ int len;
+
+ k1 = 0;
+ do {
+
+ k1++;
+ /* create a string like "attribute.?1"
+ */
+ if (attr_name[0] != 0)
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "%s.?%u",
+ attr_name, k1);
+ else
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "?%u",
+ k1);
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Move to the attibute type and values
+ */
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
+ tmpbuffer1);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type");
+
+ len = sizeof(oid) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer3, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (strcmp(oid, given_oid) == 0) { /* Found the OID */
+
+ /* Read the Value
+ */
+ snprintf(tmpbuffer3, sizeof(tmpbuffer3),
+ "%s.values.?%u", tmpbuffer1, indx + 1);
+
+ len = sizeof(value) - 1;
+ result =
+ _gnutls_x509_read_value(asn1_struct,
+ tmpbuffer3, &td);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (raw == 0) {
+ result =
+ _gnutls_x509_dn_to_string
+ (oid, td.data, td.size, out);
+
+ _gnutls_free_datum(&td);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ return 0;
+ } else { /* raw!=0 */
+ out->data = td.data;
+ out->size = td.size;
+
+ return 0;
+ }
+ }
+
+ }
+ while (1);
+
+ gnutls_assert();
+
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ cleanup:
+ return result;
}
/**
@@ -499,24 +487,25 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
- char *pass, size_t * pass_size)
+gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq,
+ char *pass, size_t * pass_size)
{
-gnutls_datum_t td;
-int ret;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = parse_attribute (crq->crq, "certificationRequestInfo.attributes",
- "1.2.840.113549.1.9.7", 0, 0, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, pass, pass_size);
+ gnutls_datum_t td;
+ int ret;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ parse_attribute(crq->crq,
+ "certificationRequestInfo.attributes",
+ "1.2.840.113549.1.9.7", 0, 0, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return _gnutls_strdatum_to_buf(&td, pass, pass_size);
}
/* This function will attempt to set the requested attribute in
@@ -525,155 +514,141 @@ int ret;
* Critical will be either 0 or 1.
*/
static int
-add_attribute (ASN1_TYPE asn, const char *root, const char *attribute_id,
- const gnutls_datum_t * ext_data)
+add_attribute(ASN1_TYPE asn, const char *root, const char *attribute_id,
+ const gnutls_datum_t * ext_data)
{
- int result;
- char name[ASN1_MAX_NAME_SIZE];
-
- snprintf (name, sizeof (name), "%s", root);
-
- /* Add a new attribute in the list.
- */
- result = asn1_write_value (asn, name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "%s.?LAST.type", root);
-
- result = asn1_write_value (asn, name, attribute_id, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "%s.?LAST.values", root);
-
- result = asn1_write_value (asn, name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "%s.?LAST.values.?LAST", root);
-
- result = _gnutls_x509_write_value (asn, name, ext_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ snprintf(name, sizeof(name), "%s", root);
+
+ /* Add a new attribute in the list.
+ */
+ result = asn1_write_value(asn, name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name), "%s.?LAST.type", root);
+
+ result = asn1_write_value(asn, name, attribute_id, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name), "%s.?LAST.values", root);
+
+ result = asn1_write_value(asn, name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name), "%s.?LAST.values.?LAST", root);
+
+ result = _gnutls_x509_write_value(asn, name, ext_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* Overwrite the given attribute (using the index)
* index here starts from one.
*/
static int
-overwrite_attribute (ASN1_TYPE asn, const char *root, unsigned int indx,
- const gnutls_datum_t * ext_data)
+overwrite_attribute(ASN1_TYPE asn, const char *root, unsigned int indx,
+ const gnutls_datum_t * ext_data)
{
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- int result;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ int result;
- snprintf (name, sizeof (name), "%s.?%u", root, indx);
+ snprintf(name, sizeof(name), "%s.?%u", root, indx);
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".values.?LAST");
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".values.?LAST");
- result = _gnutls_x509_write_value (asn, name2, ext_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ result = _gnutls_x509_write_value(asn, name2, ext_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
static int
-set_attribute (ASN1_TYPE asn, const char *root,
- const char *ext_id, const gnutls_datum_t * ext_data)
+set_attribute(ASN1_TYPE asn, const char *root,
+ const char *ext_id, const gnutls_datum_t * ext_data)
{
- int result;
- int k, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char extnID[MAX_OID_SIZE];
-
- /* Find the index of the given attribute.
- */
- k = 0;
- do
- {
- k++;
-
- snprintf (name, sizeof (name), "%s.?%u", root, k);
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name, extnID, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".type");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, ext_id) == 0)
- {
- /* attribute was found
- */
- return overwrite_attribute (asn, root, k, ext_data);
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return add_attribute (asn, root, ext_id, ext_data);
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- return 0;
+ int result;
+ int k, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char extnID[MAX_OID_SIZE];
+
+ /* Find the index of the given attribute.
+ */
+ k = 0;
+ do {
+ k++;
+
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name, extnID, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".type");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp(extnID, ext_id) == 0) {
+ /* attribute was found
+ */
+ return overwrite_attribute(asn, root, k,
+ ext_data);
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return add_attribute(asn, root, ext_id, ext_data);
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ return 0;
}
/**
@@ -694,23 +669,23 @@ set_attribute (ASN1_TYPE asn, const char *root,
* negative error value.
**/
int
-gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, void *buf,
- size_t buf_size)
+gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, void *buf,
+ size_t buf_size)
{
- gnutls_datum_t data;
+ gnutls_datum_t data;
- data.data = buf;
- data.size = buf_size;
+ data.data = buf;
+ data.size = buf_size;
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return set_attribute (crq->crq, "certificationRequestInfo.attributes",
- oid, &data);
+ return set_attribute(crq->crq,
+ "certificationRequestInfo.attributes", oid,
+ &data);
}
/**
@@ -733,25 +708,26 @@ gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
* negative error value.
**/
int
-gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx, void *buf,
- size_t * buf_size)
+gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, int indx, void *buf,
+ size_t * buf_size)
{
-int ret;
-gnutls_datum_t td;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = parse_attribute (crq->crq, "certificationRequestInfo.attributes",
- oid, indx, 1, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, buf, buf_size);
+ int ret;
+ gnutls_datum_t td;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ parse_attribute(crq->crq,
+ "certificationRequestInfo.attributes", oid,
+ indx, 1, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
/**
@@ -776,18 +752,17 @@ gnutls_datum_t td;
* negative error value.
**/
int
-gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
- unsigned int raw_flag, const void *data,
- unsigned int sizeof_data)
+gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, const char *oid,
+ unsigned int raw_flag, const void *data,
+ unsigned int sizeof_data)
{
- if (sizeof_data == 0 || data == NULL || crq == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_set_dn_oid (crq->crq,
- "certificationRequestInfo.subject", oid,
- raw_flag, data, sizeof_data);
+ if (sizeof_data == 0 || data == NULL || crq == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_dn_oid(crq->crq,
+ "certificationRequestInfo.subject",
+ oid, raw_flag, data, sizeof_data);
}
/**
@@ -802,29 +777,28 @@ gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
* negative error value.
**/
int
-gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, unsigned int version)
+gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, unsigned int version)
{
- int result;
- unsigned char null = version;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (null > 0)
- null--;
-
- result =
- asn1_write_value (crq->crq, "certificationRequestInfo.version", &null, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ unsigned char null = version;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (null > 0)
+ null--;
+
+ result =
+ asn1_write_value(crq->crq, "certificationRequestInfo.version",
+ &null, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -837,31 +811,28 @@ gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, unsigned int version)
* Returns: version of certificate request, or a negative error code on
* error.
**/
-int
-gnutls_x509_crq_get_version (gnutls_x509_crq_t crq)
+int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq)
{
- uint8_t version[8];
- int len, result;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (version);
- if ((result =
- asn1_read_value (crq->crq, "certificationRequestInfo.version",
- version, &len)) != ASN1_SUCCESS)
- {
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return (int) version[0] + 1;
+ uint8_t version[8];
+ int len, result;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(version);
+ if ((result =
+ asn1_read_value(crq->crq, "certificationRequestInfo.version",
+ version, &len)) != ASN1_SUCCESS) {
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return (int) version[0] + 1;
}
/**
@@ -876,28 +847,26 @@ gnutls_x509_crq_get_version (gnutls_x509_crq_t crq)
* negative error value.
**/
int
-gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
+gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
{
- int result;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = _gnutls_x509_encode_and_copy_PKI_params
- (crq->crq,
- "certificationRequestInfo.subjectPKInfo",
- key->pk_algorithm, &key->params);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_encode_and_copy_PKI_params
+ (crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ key->pk_algorithm, &key->params);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -916,54 +885,49 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq,
- gnutls_datum_t * m, gnutls_datum_t * e)
+gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t crq,
+ gnutls_datum_t * m, gnutls_datum_t * e)
{
- int ret;
- gnutls_pk_params_st params;
-
- gnutls_pk_params_init(&params);
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crq_get_pk_algorithm (crq, NULL);
- if (ret != GNUTLS_PK_RSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_crq_get_mpis (crq, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint (params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint (params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_release(&params);
- return ret;
+ int ret;
+ gnutls_pk_params_st params;
+
+ gnutls_pk_params_init(&params);
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crq_get_pk_algorithm(crq, NULL);
+ if (ret != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crq_get_mpis(crq, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_release(&params);
+ return ret;
}
/**
@@ -981,59 +945,55 @@ cleanup:
* Since: 2.6.0
**/
int
-gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e)
+gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e)
{
- int result, ret;
- size_t siz = 0;
- gnutls_pk_params_st temp_params;
-
- gnutls_pk_params_init(&temp_params);
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- memset (&temp_params, 0, sizeof (temp_params));
-
- siz = m->size;
- if (_gnutls_mpi_scan_nz (&temp_params.params[0], m->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto error;
- }
-
- siz = e->size;
- if (_gnutls_mpi_scan_nz (&temp_params.params[1], e->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto error;
- }
-
- temp_params.params_nr = RSA_PUBLIC_PARAMS;
-
- result = _gnutls_x509_encode_and_copy_PKI_params
- (crq->crq,
- "certificationRequestInfo.subjectPKInfo",
- GNUTLS_PK_RSA, &temp_params);
-
- if (result < 0)
- {
- gnutls_assert ();
- ret = result;
- goto error;
- }
-
- ret = 0;
-
-error:
- gnutls_pk_params_release(&temp_params);
- return ret;
+ int result, ret;
+ size_t siz = 0;
+ gnutls_pk_params_st temp_params;
+
+ gnutls_pk_params_init(&temp_params);
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memset(&temp_params, 0, sizeof(temp_params));
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz(&temp_params.params[0], m->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto error;
+ }
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz(&temp_params.params[1], e->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto error;
+ }
+
+ temp_params.params_nr = RSA_PUBLIC_PARAMS;
+
+ result = _gnutls_x509_encode_and_copy_PKI_params
+ (crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ GNUTLS_PK_RSA, &temp_params);
+
+ if (result < 0) {
+ gnutls_assert();
+ ret = result;
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ gnutls_pk_params_release(&temp_params);
+ return ret;
}
/**
@@ -1048,37 +1008,37 @@ error:
* negative error value.
**/
int
-gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
- const char *pass)
+gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq,
+ const char *pass)
{
- int result;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Add the attribute.
- */
- result = asn1_write_value (crq->crq, "certificationRequestInfo.attributes",
- "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_encode_and_write_attribute
- ("1.2.840.113549.1.9.7", crq->crq,
- "certificationRequestInfo.attributes.?LAST", pass, strlen (pass), 1);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Add the attribute.
+ */
+ result =
+ asn1_write_value(crq->crq,
+ "certificationRequestInfo.attributes", "NEW",
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_encode_and_write_attribute
+ ("1.2.840.113549.1.9.7", crq->crq,
+ "certificationRequestInfo.attributes.?LAST", pass,
+ strlen(pass), 1);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -1103,45 +1063,41 @@ gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
*
**/
int
-gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
{
- int result;
- gnutls_privkey_t privkey;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_privkey_init (&privkey);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_privkey_import_x509 (privkey, key, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = gnutls_x509_crq_privkey_sign (crq, privkey, dig, flags);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = 0;
-
-fail:
- gnutls_privkey_deinit (privkey);
-
- return result;
+ int result;
+ gnutls_privkey_t privkey;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_privkey_init(&privkey);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = gnutls_privkey_import_x509(privkey, key, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result = gnutls_x509_crq_privkey_sign(crq, privkey, dig, flags);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result = 0;
+
+ fail:
+ gnutls_privkey_deinit(privkey);
+
+ return result;
}
/**
@@ -1157,10 +1113,9 @@ fail:
*
* Deprecated: Use gnutls_x509_crq_privkey_sign() instead.
*/
-int
-gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
+int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
{
- return gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0);
+ return gnutls_x509_crq_sign2(crq, key, GNUTLS_DIG_SHA1, 0);
}
/**
@@ -1185,18 +1140,17 @@ gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
* negative error value.
**/
int
-gnutls_x509_crq_export (gnutls_x509_crq_t crq,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_x509_crq_export(gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_export_int (crq->crq, format, PEM_CRQ,
- output_data, output_data_size);
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int(crq->crq, format, PEM_CRQ,
+ output_data, output_data_size);
}
/**
@@ -1219,16 +1173,15 @@ gnutls_x509_crq_export (gnutls_x509_crq_t crq,
* Since 3.1.3
**/
int
-gnutls_x509_crq_export2 (gnutls_x509_crq_t crq,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+gnutls_x509_crq_export2(gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int2 (crq->crq, format, PEM_CRQ, out);
+ return _gnutls_x509_export_int2(crq->crq, format, PEM_CRQ, out);
}
/**
@@ -1247,24 +1200,22 @@ gnutls_x509_crq_export2 (gnutls_x509_crq_t crq,
* success, or a negative error code on error.
**/
int
-gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, unsigned int *bits)
+gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, unsigned int *bits)
{
- int result;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = _gnutls_x509_get_pk_algorithm
- (crq->crq, "certificationRequestInfo.subjectPKInfo", bits);
- if (result < 0)
- {
- gnutls_assert ();
- }
-
- return result;
+ int result;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_get_pk_algorithm
+ (crq->crq, "certificationRequestInfo.subjectPKInfo", bits);
+ if (result < 0) {
+ gnutls_assert();
+ }
+
+ return result;
}
/**
@@ -1292,35 +1243,33 @@ gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, unsigned int *bits)
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid)
+gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid)
{
- int result;
- char name[ASN1_MAX_NAME_SIZE];
- int len;
+ int result;
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
- if (!crq)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!crq) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- snprintf (name, sizeof (name),
- "certificationRequestInfo.attributes.?%u.type", indx + 1);
+ snprintf(name, sizeof(name),
+ "certificationRequestInfo.attributes.?%u.type", indx + 1);
- len = *sizeof_oid;
- result = asn1_read_value (crq->crq, name, oid, &len);
- *sizeof_oid = len;
+ len = *sizeof_oid;
+ result = asn1_read_value(crq->crq, name, oid, &len);
+ *sizeof_oid = len;
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
@@ -1348,34 +1297,33 @@ gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data)
+gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq, int indx,
+ void *data, size_t * sizeof_data)
{
- int result, len;
- char name[ASN1_MAX_NAME_SIZE];
-
- if (!crq)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name),
- "certificationRequestInfo.attributes.?%u.values.?1", indx + 1);
-
- len = *sizeof_data;
- result = asn1_read_value (crq->crq, name, data, &len);
- *sizeof_data = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ if (!crq) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "certificationRequestInfo.attributes.?%u.values.?1",
+ indx + 1);
+
+ len = *sizeof_data;
+ result = asn1_read_value(crq->crq, name, data, &len);
+ *sizeof_data = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -1404,110 +1352,105 @@ gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
- void *oid, size_t * sizeof_oid,
- unsigned int *critical)
+gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid,
+ unsigned int *critical)
{
- int result;
- char str_critical[10];
- char name[ASN1_MAX_NAME_SIZE];
- char *extensions = NULL;
- size_t extensions_size = 0;
- ASN1_TYPE c2;
- int len;
-
- if (!crq)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* read extensionRequest */
- result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, NULL, &extensions_size);
- if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- extensions = gnutls_malloc (extensions_size);
- if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_attribute_by_oid (crq,
- "1.2.840.113549.1.9.14",
- 0, extensions,
- &extensions_size);
- }
- if (result < 0)
- {
- gnutls_assert ();
- goto out;
- }
-
- result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto out;
- }
-
- result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- result = _gnutls_asn2err (result);
- goto out;
- }
-
- snprintf (name, sizeof (name), "?%u.extnID", indx + 1);
-
- len = *sizeof_oid;
- result = asn1_read_value (c2, name, oid, &len);
- *sizeof_oid = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- asn1_delete_structure (&c2);
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto out;
- }
- else if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- result = _gnutls_asn2err (result);
- goto out;
- }
-
- snprintf (name, sizeof (name), "?%u.critical", indx + 1);
- len = sizeof (str_critical);
- result = asn1_read_value (c2, name, str_critical, &len);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto out;
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- result = 0;
-
-out:
- gnutls_free (extensions);
- return result;
+ int result;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ char *extensions = NULL;
+ size_t extensions_size = 0;
+ ASN1_TYPE c2;
+ int len;
+
+ if (!crq) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* read extensionRequest */
+ result =
+ gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0, NULL,
+ &extensions_size);
+ if (result == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ extensions = gnutls_malloc(extensions_size);
+ if (extensions == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0,
+ extensions,
+ &extensions_size);
+ }
+ if (result < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions",
+ &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto out;
+ }
+
+ result = asn1_der_decoding(&c2, extensions, extensions_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ result = _gnutls_asn2err(result);
+ goto out;
+ }
+
+ snprintf(name, sizeof(name), "?%u.extnID", indx + 1);
+
+ len = *sizeof_oid;
+ result = asn1_read_value(c2, name, oid, &len);
+ *sizeof_oid = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ asn1_delete_structure(&c2);
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto out;
+ } else if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ result = _gnutls_asn2err(result);
+ goto out;
+ }
+
+ snprintf(name, sizeof(name), "?%u.critical", indx + 1);
+ len = sizeof(str_critical);
+ result = asn1_read_value(c2, name, str_critical, &len);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto out;
+ }
+
+ if (critical) {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ result = 0;
+
+ out:
+ gnutls_free(extensions);
+ return result;
}
/**
@@ -1534,82 +1477,82 @@ out:
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
- void *data, size_t * sizeof_data)
+gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq, int indx,
+ void *data, size_t * sizeof_data)
{
- int result, len;
- char name[ASN1_MAX_NAME_SIZE];
- unsigned char *extensions;
- size_t extensions_size = 0;
- ASN1_TYPE c2;
-
- if (!crq)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* read extensionRequest */
- result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, NULL, &extensions_size);
- if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- if (result == 0)
- return GNUTLS_E_INTERNAL_ERROR;
- return result;
- }
-
- extensions = gnutls_malloc (extensions_size);
- if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, extensions,
- &extensions_size);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
- gnutls_free (extensions);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "?%u.extnValue", indx + 1);
-
- len = *sizeof_data;
- result = asn1_read_value (c2, name, data, &len);
- *sizeof_data = len;
-
- asn1_delete_structure (&c2);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
+ unsigned char *extensions;
+ size_t extensions_size = 0;
+ ASN1_TYPE c2;
+
+ if (!crq) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* read extensionRequest */
+ result =
+ gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0, NULL,
+ &extensions_size);
+ if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ if (result == 0)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return result;
+ }
+
+ extensions = gnutls_malloc(extensions_size);
+ if (extensions == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0, extensions,
+ &extensions_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions",
+ &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(extensions);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, extensions, extensions_size, NULL);
+ gnutls_free(extensions);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name), "?%u.extnValue", indx + 1);
+
+ len = *sizeof_data;
+ result = asn1_read_value(c2, name, data, &len);
+ *sizeof_data = len;
+
+ asn1_delete_structure(&c2);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -1634,40 +1577,38 @@ gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
- unsigned int *key_usage,
- unsigned int *critical)
+gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t crq,
+ unsigned int *key_usage,
+ unsigned int *critical)
{
- int result;
- uint16_t _usage;
- uint8_t buf[128];
- size_t buf_size = sizeof (buf);
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.15", 0,
- buf, &buf_size, critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_ext_extract_keyUsage (&_usage, buf, buf_size);
-
- *key_usage = _usage;
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ uint16_t _usage;
+ uint8_t buf[128];
+ size_t buf_size = sizeof(buf);
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.15", 0,
+ buf, &buf_size,
+ critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = _gnutls_x509_ext_extract_keyUsage(&_usage, buf, buf_size);
+
+ *key_usage = _usage;
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -1693,124 +1634,117 @@ gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int *critical,
- unsigned int *ca, int *pathlen)
+gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq,
+ unsigned int *critical,
+ unsigned int *ca, int *pathlen)
{
- int result;
- unsigned int tmp_ca;
- uint8_t buf[256];
- size_t buf_size = sizeof (buf);
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.19", 0,
- buf, &buf_size, critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- _gnutls_x509_ext_extract_basicConstraints (&tmp_ca,
- pathlen, buf, buf_size);
- if (ca)
- *ca = tmp_ca;
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return tmp_ca;
+ int result;
+ unsigned int tmp_ca;
+ uint8_t buf[256];
+ size_t buf_size = sizeof(buf);
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.19", 0,
+ buf, &buf_size,
+ critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_ext_extract_basicConstraints(&tmp_ca,
+ pathlen, buf,
+ buf_size);
+ if (ca)
+ *ca = tmp_ca;
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return tmp_ca;
}
static int
-get_subject_alt_name (gnutls_x509_crq_t crq,
- unsigned int seq, void *ret,
- size_t * ret_size, unsigned int *ret_type,
- unsigned int *critical, int othername_oid)
+get_subject_alt_name(gnutls_x509_crq_t crq,
+ unsigned int seq, void *ret,
+ size_t * ret_size, unsigned int *ret_type,
+ unsigned int *critical, int othername_oid)
{
- int result;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- gnutls_x509_subject_alt_name_t type;
- gnutls_datum_t dnsname = { NULL, 0 };
- size_t dns_size = 0;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
-
- /* Extract extension.
- */
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- NULL, &dns_size, critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- dnsname.size = dns_size;
- dnsname.data = gnutls_malloc (dnsname.size);
- if (dnsname.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- dnsname.data, &dns_size,
- critical);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (dnsname.data);
- return result;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.SubjectAltName", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (dnsname.data);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, dnsname.data, dnsname.size, NULL);
- gnutls_free (dnsname.data);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_parse_general_name (c2, "", seq, ret, ret_size,
- ret_type, othername_oid);
- asn1_delete_structure (&c2);
- if (result < 0)
- {
- return result;
- }
-
- type = result;
-
- return type;
+ int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_x509_subject_alt_name_t type;
+ gnutls_datum_t dnsname = { NULL, 0 };
+ size_t dns_size = 0;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ /* Extract extension.
+ */
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17", 0,
+ NULL, &dns_size,
+ critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ dnsname.size = dns_size;
+ dnsname.data = gnutls_malloc(dnsname.size);
+ if (dnsname.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17", 0,
+ dnsname.data,
+ &dns_size, critical);
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(dnsname.data);
+ return result;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectAltName", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(dnsname.data);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, dnsname.data, dnsname.size, NULL);
+ gnutls_free(dnsname.data);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_parse_general_name(c2, "", seq, ret, ret_size,
+ ret_type, othername_oid);
+ asn1_delete_structure(&c2);
+ if (result < 0) {
+ return result;
+ }
+
+ type = result;
+
+ return type;
}
/**
@@ -1842,14 +1776,14 @@ get_subject_alt_name (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical)
+gnutls_x509_crq_get_subject_alt_name(gnutls_x509_crq_t crq,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical)
{
- return get_subject_alt_name (crq, seq, ret, ret_size, ret_type, critical,
- 0);
+ return get_subject_alt_name(crq, seq, ret, ret_size, ret_type,
+ critical, 0);
}
/**
@@ -1881,11 +1815,12 @@ gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
- unsigned int seq,
- void *ret, size_t * ret_size)
+gnutls_x509_crq_get_subject_alt_othername_oid(gnutls_x509_crq_t crq,
+ unsigned int seq,
+ void *ret, size_t * ret_size)
{
- return get_subject_alt_name (crq, seq, ret, ret_size, NULL, NULL, 1);
+ return get_subject_alt_name(crq, seq, ret, ret_size, NULL, NULL,
+ 1);
}
/**
@@ -1910,40 +1845,41 @@ gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
- const char *oid, int indx,
- void *buf, size_t * buf_size,
- unsigned int *critical)
+gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ void *buf, size_t * buf_size,
+ unsigned int *critical)
{
- int result;
- unsigned int i;
- char _oid[MAX_OID_SIZE];
- size_t oid_size;
-
- for (i = 0;; i++)
- {
- oid_size = sizeof (_oid);
- result =
- gnutls_x509_crq_get_extension_info (crq, i, _oid, &oid_size,
- critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if (strcmp (oid, _oid) == 0)
- { /* found */
- if (indx == 0)
- return gnutls_x509_crq_get_extension_data (crq, i, buf,
- buf_size);
- else
- indx--;
- }
- }
-
-
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ int result;
+ unsigned int i;
+ char _oid[MAX_OID_SIZE];
+ size_t oid_size;
+
+ for (i = 0;; i++) {
+ oid_size = sizeof(_oid);
+ result =
+ gnutls_x509_crq_get_extension_info(crq, i, _oid,
+ &oid_size,
+ critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (strcmp(oid, _oid) == 0) { /* found */
+ if (indx == 0)
+ return
+ gnutls_x509_crq_get_extension_data(crq,
+ i,
+ buf,
+ buf_size);
+ else
+ indx--;
+ }
+ }
+
+
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
@@ -1975,91 +1911,93 @@ gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq,
- gnutls_x509_subject_alt_name_t nt,
- const void *data,
- unsigned int data_size,
- unsigned int flags)
+gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq,
+ gnutls_x509_subject_alt_name_t nt,
+ const void *data,
+ unsigned int data_size,
+ unsigned int flags)
{
- int result = 0;
- gnutls_datum_t der_data = { NULL, 0 };
- gnutls_datum_t prev_der_data = { NULL, 0 };
- unsigned int critical = 0;
- size_t prev_data_size = 0;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- if (flags == GNUTLS_FSAN_APPEND)
- {
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- NULL, &prev_data_size,
- &critical);
- prev_der_data.size = prev_data_size;
-
- switch (result)
- {
- case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
- /* Replacing non-existing data means the same as set data. */
- break;
-
- case GNUTLS_E_SUCCESS:
- prev_der_data.data = gnutls_malloc (prev_der_data.size);
- if (prev_der_data.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
- prev_der_data.data,
- &prev_data_size,
- &critical);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (prev_der_data.data);
- return result;
- }
- break;
-
- default:
- gnutls_assert ();
- return result;
- }
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_subject_alt_name (nt, data, data_size,
- &prev_der_data, &der_data);
- gnutls_free (prev_der_data.data);
- if (result < 0)
- {
- gnutls_assert ();
- goto finish;
- }
-
- result = _gnutls_x509_crq_set_extension (crq, "2.5.29.17", &der_data,
- critical);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
-
-finish:
- return result;
+ int result = 0;
+ gnutls_datum_t der_data = { NULL, 0 };
+ gnutls_datum_t prev_der_data = { NULL, 0 };
+ unsigned int critical = 0;
+ size_t prev_data_size = 0;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ if (flags == GNUTLS_FSAN_APPEND) {
+ result =
+ gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17",
+ 0, NULL,
+ &prev_data_size,
+ &critical);
+ prev_der_data.size = prev_data_size;
+
+ switch (result) {
+ case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
+ /* Replacing non-existing data means the same as set data. */
+ break;
+
+ case GNUTLS_E_SUCCESS:
+ prev_der_data.data =
+ gnutls_malloc(prev_der_data.size);
+ if (prev_der_data.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ gnutls_x509_crq_get_extension_by_oid(crq,
+ "2.5.29.17",
+ 0,
+ prev_der_data.
+ data,
+ &prev_data_size,
+ &critical);
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(prev_der_data.data);
+ return result;
+ }
+ break;
+
+ default:
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_subject_alt_name(nt, data, data_size,
+ &prev_der_data,
+ &der_data);
+ gnutls_free(prev_der_data.data);
+ if (result < 0) {
+ gnutls_assert();
+ goto finish;
+ }
+
+ result =
+ _gnutls_x509_crq_set_extension(crq, "2.5.29.17", &der_data,
+ critical);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
+
+ finish:
+ return result;
}
/**
@@ -2078,39 +2016,39 @@ finish:
* Since: 2.8.0
**/
int
-gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
- unsigned int ca, int pathLenConstraint)
+gnutls_x509_crq_set_basic_constraints(gnutls_x509_crq_t crq,
+ unsigned int ca,
+ int pathLenConstraint)
{
- int result;
- gnutls_datum_t der_data;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_basicConstraints (ca, pathLenConstraint,
- &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crq_set_extension (crq, "2.5.29.19", &der_data, 1);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_basicConstraints(ca, pathLenConstraint,
+ &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crq_set_extension(crq, "2.5.29.19", &der_data, 1);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -2126,37 +2064,36 @@ gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq, unsigned int usage)
+gnutls_x509_crq_set_key_usage(gnutls_x509_crq_t crq, unsigned int usage)
{
- int result;
- gnutls_datum_t der_data;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_keyUsage ((uint16_t) usage, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crq_set_extension (crq, "2.5.29.15", &der_data, 1);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_keyUsage((uint16_t) usage, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crq_set_extension(crq, "2.5.29.15", &der_data, 1);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -2179,92 +2116,89 @@ gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq, unsigned int usage)
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq,
- int indx, void *oid, size_t * sizeof_oid,
- unsigned int *critical)
+gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq,
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical)
{
- char tmpstr[ASN1_MAX_NAME_SIZE];
- int result, len;
- gnutls_datum_t prev = { NULL, 0 };
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- size_t prev_size = 0;
-
- if (oid)
- memset (oid, 0, *sizeof_oid);
- else
- *sizeof_oid = 0;
-
- /* Extract extension.
- */
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- NULL, &prev_size, critical);
- prev.size = prev_size;
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- prev.data = gnutls_malloc (prev.size);
- if (prev.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- prev.data, &prev_size,
- critical);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (prev.data);
- return result;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (prev.data);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, prev.data, prev.size, NULL);
- gnutls_free (prev.data);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- indx++;
- /* create a string like "?1"
- */
- snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
-
- len = *sizeof_oid;
- result = asn1_read_value (c2, tmpstr, oid, &len);
-
- *sizeof_oid = len;
- asn1_delete_structure (&c2);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- if (result != ASN1_MEM_ERROR)
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ char tmpstr[ASN1_MAX_NAME_SIZE];
+ int result, len;
+ gnutls_datum_t prev = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ size_t prev_size = 0;
+
+ if (oid)
+ memset(oid, 0, *sizeof_oid);
+ else
+ *sizeof_oid = 0;
+
+ /* Extract extension.
+ */
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0,
+ NULL, &prev_size,
+ critical);
+ prev.size = prev_size;
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ prev.data = gnutls_malloc(prev.size);
+ if (prev.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0,
+ prev.data,
+ &prev_size,
+ critical);
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(prev.data);
+ return result;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(prev.data);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, prev.data, prev.size, NULL);
+ gnutls_free(prev.data);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ indx++;
+ /* create a string like "?1"
+ */
+ snprintf(tmpstr, sizeof(tmpstr), "?%u", indx);
+
+ len = *sizeof_oid;
+ result = asn1_read_value(c2, tmpstr, oid, &len);
+
+ *sizeof_oid = len;
+ asn1_delete_structure(&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ if (result != ASN1_MEM_ERROR)
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -2285,114 +2219,108 @@ gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
- const void *oid, unsigned int critical)
+gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq,
+ const void *oid, unsigned int critical)
{
- int result;
- gnutls_datum_t prev = { NULL, 0 }, der_data;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- size_t prev_size = 0;
-
- /* Read existing extension, if there is one.
- */
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- NULL, &prev_size, &critical);
- prev.size = prev_size;
-
- switch (result)
- {
- case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
- /* No existing extension, that's fine. */
- break;
-
- case GNUTLS_E_SUCCESS:
- prev.data = gnutls_malloc (prev.size);
- if (prev.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
- prev.data, &prev_size,
- &critical);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (prev.data);
- return result;
- }
- break;
-
- default:
- gnutls_assert ();
- return result;
- }
-
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (prev.data);
- return _gnutls_asn2err (result);
- }
-
- if (prev.data)
- {
- /* decode it.
- */
- result = asn1_der_decoding (&c2, prev.data, prev.size, NULL);
- gnutls_free (prev.data);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
- }
-
- /* generate the extension.
- */
- /* 1. create a new element.
- */
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- /* 2. Add the OID.
- */
- result = asn1_write_value (c2, "?LAST", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- asn1_delete_structure (&c2);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_crq_set_extension (crq, "2.5.29.37",
- &der_data, critical);
- _gnutls_free_datum (&der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_datum_t prev = { NULL, 0 }, der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ size_t prev_size = 0;
+
+ /* Read existing extension, if there is one.
+ */
+ result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0,
+ NULL, &prev_size,
+ &critical);
+ prev.size = prev_size;
+
+ switch (result) {
+ case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
+ /* No existing extension, that's fine. */
+ break;
+
+ case GNUTLS_E_SUCCESS:
+ prev.data = gnutls_malloc(prev.size);
+ if (prev.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37",
+ 0, prev.data,
+ &prev_size,
+ &critical);
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(prev.data);
+ return result;
+ }
+ break;
+
+ default:
+ gnutls_assert();
+ return result;
+ }
+
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(prev.data);
+ return _gnutls_asn2err(result);
+ }
+
+ if (prev.data) {
+ /* decode it.
+ */
+ result =
+ asn1_der_decoding(&c2, prev.data, prev.size, NULL);
+ gnutls_free(prev.data);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ /* generate the extension.
+ */
+ /* 1. create a new element.
+ */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* 2. Add the OID.
+ */
+ result = asn1_write_value(c2, "?LAST", oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ asn1_delete_structure(&c2);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_crq_set_extension(crq, "2.5.29.37",
+ &der_data, critical);
+ _gnutls_free_datum(&der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -2418,38 +2346,36 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
* Since: 2.8.0
**/
int
-gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+gnutls_x509_crq_get_key_id(gnutls_x509_crq_t crq, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int pk, ret = 0;
- gnutls_pk_params_st params;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- pk = gnutls_x509_crq_get_pk_algorithm (crq, NULL);
- if (pk < 0)
- {
- gnutls_assert ();
- return pk;
- }
-
- ret = _gnutls_x509_crq_get_mpis (crq, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_get_key_id(pk, &params, output_data, output_data_size);
-
- gnutls_pk_params_release(&params);
-
- return ret;
+ int pk, ret = 0;
+ gnutls_pk_params_st params;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pk = gnutls_x509_crq_get_pk_algorithm(crq, NULL);
+ if (pk < 0) {
+ gnutls_assert();
+ return pk;
+ }
+
+ ret = _gnutls_x509_crq_get_mpis(crq, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_get_key_id(pk, &params, output_data, output_data_size);
+
+ gnutls_pk_params_release(&params);
+
+ return ret;
}
/**
@@ -2475,76 +2401,73 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
* Since: 2.12.0
**/
int
-gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags)
+gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
- int result;
- gnutls_datum_t signature;
- gnutls_datum_t tbs;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Make sure version field is set. */
- if (gnutls_x509_crq_get_version (crq) == GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- result = gnutls_x509_crq_set_version (crq, 1);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- /* Step 1. Self sign the request.
- */
- result = _gnutls_x509_get_tbs (crq->crq, "certificationRequestInfo", &tbs);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_privkey_sign_data (key, dig, 0, &tbs, &signature);
- gnutls_free (tbs.data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. write the signature (bits)
- */
- result =
- asn1_write_value (crq->crq, "signature", signature.data,
- signature.size * 8);
-
- _gnutls_free_datum (&signature);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Step 3. Write the signatureAlgorithm field.
- */
- result = _gnutls_x509_write_sig_params (crq->crq, "signatureAlgorithm",
- gnutls_privkey_get_pk_algorithm
- (key, NULL), dig);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_datum_t signature;
+ gnutls_datum_t tbs;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Make sure version field is set. */
+ if (gnutls_x509_crq_get_version(crq) ==
+ GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ result = gnutls_x509_crq_set_version(crq, 1);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* Step 1. Self sign the request.
+ */
+ result =
+ _gnutls_x509_get_tbs(crq->crq, "certificationRequestInfo",
+ &tbs);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = gnutls_privkey_sign_data(key, dig, 0, &tbs, &signature);
+ gnutls_free(tbs.data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. write the signature (bits)
+ */
+ result =
+ asn1_write_value(crq->crq, "signature", signature.data,
+ signature.size * 8);
+
+ _gnutls_free_datum(&signature);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Step 3. Write the signatureAlgorithm field.
+ */
+ result =
+ _gnutls_x509_write_sig_params(crq->crq, "signatureAlgorithm",
+ gnutls_privkey_get_pk_algorithm
+ (key, NULL), dig);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
@@ -2561,67 +2484,65 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key,
*
* Since 2.12.0
**/
-int
-gnutls_x509_crq_verify (gnutls_x509_crq_t crq,
- unsigned int flags)
+int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags)
{
-gnutls_datum data = { NULL, 0 };
-gnutls_datum signature = { NULL, 0 };
-gnutls_pk_params_st params;
-gnutls_digest_algorithm_t algo;
-int ret;
-
- gnutls_pk_params_init(&params);
-
- ret =
- _gnutls_x509_get_signed_data (crq->crq, "certificationRequestInfo", &data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_x509_get_signature_algorithm(crq->crq, "signatureAlgorithm.algorithm");
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- algo = gnutls_sign_get_hash_algorithm(ret);
-
- ret = _gnutls_x509_get_signature (crq->crq, "signature", &signature);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret =
- _gnutls_x509_crq_get_mpis(crq, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = pubkey_verify_data(gnutls_x509_crq_get_pk_algorithm (crq, NULL),
- mac_to_entry(algo),
- &data, &signature, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&data);
- _gnutls_free_datum (&signature);
- gnutls_pk_params_release(&params);
-
- return ret;
+ gnutls_datum data = { NULL, 0 };
+ gnutls_datum signature = { NULL, 0 };
+ gnutls_pk_params_st params;
+ gnutls_digest_algorithm_t algo;
+ int ret;
+
+ gnutls_pk_params_init(&params);
+
+ ret =
+ _gnutls_x509_get_signed_data(crq->crq,
+ "certificationRequestInfo",
+ &data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_get_signature_algorithm(crq->crq,
+ "signatureAlgorithm.algorithm");
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ algo = gnutls_sign_get_hash_algorithm(ret);
+
+ ret =
+ _gnutls_x509_get_signature(crq->crq, "signature", &signature);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_crq_get_mpis(crq, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ pubkey_verify_data(gnutls_x509_crq_get_pk_algorithm(crq, NULL),
+ mac_to_entry(algo), &data, &signature,
+ &params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&data);
+ _gnutls_free_datum(&signature);
+ gnutls_pk_params_release(&params);
+
+ return ret;
}
/**
@@ -2636,60 +2557,52 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_crq_set_private_key_usage_period (gnutls_x509_crq_t crq,
- time_t activation,
- time_t expiration)
+gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t crq,
+ time_t activation,
+ time_t expiration)
{
- int result;
- gnutls_datum_t der_data;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.PrivateKeyUsagePeriod", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_set_time (c2,
- "notBefore",
- activation, 1);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_set_time (c2,
- "notAfter",
- expiration, 1);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_crq_set_extension (crq, "2.5.29.16",
- &der_data, 0);
-
- _gnutls_free_datum(&der_data);
-
-cleanup:
- asn1_delete_structure (&c2);
-
- return result;
+ int result;
+ gnutls_datum_t der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.PrivateKeyUsagePeriod", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_set_time(c2, "notBefore", activation, 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_set_time(c2, "notAfter", expiration, 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_crq_set_extension(crq, "2.5.29.16",
+ &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ cleanup:
+ asn1_delete_structure(&c2);
+
+ return result;
}
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 811ef155e0..f16b440a8e 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -34,107 +34,114 @@
*/
int
-_gnutls_x509_get_dn (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, gnutls_datum_t * dn)
+_gnutls_x509_get_dn(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, gnutls_datum_t * dn)
{
- gnutls_buffer_st out_str;
- int k2, k1, result;
- char tmpbuffer1[ASN1_MAX_NAME_SIZE];
- char tmpbuffer2[ASN1_MAX_NAME_SIZE];
- char tmpbuffer3[ASN1_MAX_NAME_SIZE];
- uint8_t value[MAX_STRING_LEN];
- gnutls_datum_t td = {NULL, 0}, tvd = {NULL, 0};
- const char *ldap_desc;
- char oid[MAX_OID_SIZE];
- int len;
-
- _gnutls_buffer_init (&out_str);
-
- k1 = 0;
- do
- {
- k1++;
- /* create a string like "tbsCertList.issuer.rdnSequence.?1"
- */
- if (asn1_rdn_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
- k1);
- else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- k2 = 0;
-
- do
- { /* Move to the attibute type and values
- */
- k2++;
-
- if (tmpbuffer1[0] != 0)
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
- k2);
- else
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the Value
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
-
- len = 0;
-
- result = _gnutls_x509_read_value(asn1_struct, tmpbuffer3, &tvd);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ gnutls_buffer_st out_str;
+ int k2, k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer2[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ uint8_t value[MAX_STRING_LEN];
+ gnutls_datum_t td = { NULL, 0 }, tvd = {
+ NULL, 0};
+ const char *ldap_desc;
+ char oid[MAX_OID_SIZE];
+ int len;
+
+ _gnutls_buffer_init(&out_str);
+
+ k1 = 0;
+ do {
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ if (asn1_rdn_name[0] != 0)
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "%s.?%u",
+ asn1_rdn_name, k1);
+ else
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "?%u",
+ k1);
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ k2 = 0;
+
+ do { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "%s.?%u", tmpbuffer1, k2);
+ else
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer2, value,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
+ tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
+ ".type");
+
+ len = sizeof(oid) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer3, oid,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Read the Value
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
+ tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
+ ".value");
+
+ len = 0;
+
+ result =
+ _gnutls_x509_read_value(asn1_struct,
+ tmpbuffer3, &tvd);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
#define STR_APPEND(y) if ((result=_gnutls_buffer_append_str( &out_str, y)) < 0) { \
gnutls_assert(); \
goto cleanup; \
@@ -143,63 +150,65 @@ _gnutls_x509_get_dn (ASN1_TYPE asn1_struct,
gnutls_assert(); \
goto cleanup; \
}
- /* The encodings of adjoining RelativeDistinguishedNames are separated
- * by a comma character (',' ASCII 44).
- */
-
- /* Where there is a multi-valued RDN, the outputs from adjoining
- * AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
- * character.
- */
- if (k1 != 1)
- { /* the first time do not append a comma */
- if (k2 != 1)
- { /* adjoining multi-value RDN */
- STR_APPEND ("+");
- }
- else
- {
- STR_APPEND (",");
- }
- }
-
- ldap_desc = gnutls_x509_dn_oid_name (oid, GNUTLS_X509_DN_OID_RETURN_OID);
-
- STR_APPEND (ldap_desc);
- STR_APPEND ("=");
-
- result =
- _gnutls_x509_dn_to_string (oid, tvd.data, tvd.size, &td);
- if (result < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Cannot parse OID: '%s' with value '%s'\n",
- oid, _gnutls_bin2hex (tvd.data, tvd.size, tmpbuffer3, sizeof(tmpbuffer3),
- NULL));
- goto cleanup;
- }
-
- DATA_APPEND (td.data, td.size);
- _gnutls_free_datum (&td);
- _gnutls_free_datum (&tvd);
- }
- while (1);
- }
- while (1);
-
- result = _gnutls_buffer_to_datum (&out_str, dn);
- if (result < 0)
- gnutls_assert();
-
- goto cleanup1;
-
-cleanup:
- _gnutls_buffer_clear (&out_str);
-cleanup1:
- _gnutls_free_datum (&td);
- _gnutls_free_datum (&tvd);
- return result;
+ /* The encodings of adjoining RelativeDistinguishedNames are separated
+ * by a comma character (',' ASCII 44).
+ */
+
+ /* Where there is a multi-valued RDN, the outputs from adjoining
+ * AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
+ * character.
+ */
+ if (k1 != 1) { /* the first time do not append a comma */
+ if (k2 != 1) { /* adjoining multi-value RDN */
+ STR_APPEND("+");
+ } else {
+ STR_APPEND(",");
+ }
+ }
+
+ ldap_desc =
+ gnutls_x509_dn_oid_name(oid,
+ GNUTLS_X509_DN_OID_RETURN_OID);
+
+ STR_APPEND(ldap_desc);
+ STR_APPEND("=");
+
+ result =
+ _gnutls_x509_dn_to_string(oid, tvd.data,
+ tvd.size, &td);
+ if (result < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Cannot parse OID: '%s' with value '%s'\n",
+ oid, _gnutls_bin2hex(tvd.data,
+ tvd.size,
+ tmpbuffer3,
+ sizeof
+ (tmpbuffer3),
+ NULL));
+ goto cleanup;
+ }
+
+ DATA_APPEND(td.data, td.size);
+ _gnutls_free_datum(&td);
+ _gnutls_free_datum(&tvd);
+ }
+ while (1);
+ }
+ while (1);
+
+ result = _gnutls_buffer_to_datum(&out_str, dn);
+ if (result < 0)
+ gnutls_assert();
+
+ goto cleanup1;
+
+ cleanup:
+ _gnutls_buffer_clear(&out_str);
+ cleanup1:
+ _gnutls_free_datum(&td);
+ _gnutls_free_datum(&tvd);
+ return result;
}
@@ -211,50 +220,45 @@ cleanup1:
* That is to point in the rndSequence.
*/
int
-_gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, char *buf,
- size_t * buf_size)
+_gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, char *buf,
+ size_t * buf_size)
{
-int ret;
-gnutls_datum_t dn;
-
- if (buf_size == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (*buf_size > 0 && buf)
- buf[0] = 0;
- else
- *buf_size = 0;
-
- ret = _gnutls_x509_get_dn (asn1_struct, asn1_rdn_name,
- &dn);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (dn.size >= (unsigned int) *buf_size)
- {
- gnutls_assert ();
- *buf_size = dn.size + 1;
- ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
-
- if (buf)
- {
- memcpy(buf, dn.data, dn.size);
- buf[dn.size] = 0;
- *buf_size = dn.size;
- }
- else
- *buf_size = dn.size + 1;
-
- ret = 0;
-cleanup:
- _gnutls_free_datum (&dn);
- return ret;
+ int ret;
+ gnutls_datum_t dn;
+
+ if (buf_size == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*buf_size > 0 && buf)
+ buf[0] = 0;
+ else
+ *buf_size = 0;
+
+ ret = _gnutls_x509_get_dn(asn1_struct, asn1_rdn_name, &dn);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (dn.size >= (unsigned int) *buf_size) {
+ gnutls_assert();
+ *buf_size = dn.size + 1;
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+
+ if (buf) {
+ memcpy(buf, dn.data, dn.size);
+ buf[dn.size] = 0;
+ *buf_size = dn.size;
+ } else
+ *buf_size = dn.size + 1;
+
+ ret = 0;
+ cleanup:
+ _gnutls_free_datum(&dn);
+ return ret;
}
/* Parses an X509 DN in the asn1_struct, and searches for the
@@ -270,148 +274,155 @@ cleanup:
* OID found, 1 the second etc.
*/
int
-_gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- const char *given_oid, int indx,
- unsigned int raw_flag,
- gnutls_datum_t* out)
+_gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ const char *given_oid, int indx,
+ unsigned int raw_flag, gnutls_datum_t * out)
{
- int k2, k1, result;
- char tmpbuffer1[ASN1_MAX_NAME_SIZE];
- char tmpbuffer2[ASN1_MAX_NAME_SIZE];
- char tmpbuffer3[ASN1_MAX_NAME_SIZE];
- gnutls_datum_t td;
- uint8_t value[256];
- char oid[MAX_OID_SIZE];
- int len;
- int i = 0;
-
- k1 = 0;
- do
- {
-
- k1++;
- /* create a string like "tbsCertList.issuer.rdnSequence.?1"
- */
- if (asn1_rdn_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
- k1);
- else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
-
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- k2 = 0;
-
- do
- { /* Move to the attibute type and values
- */
- k2++;
-
- if (tmpbuffer1[0] != 0)
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
- k2);
- else
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (strcmp (oid, given_oid) == 0 && indx == i++)
- { /* Found the OID */
-
- /* Read the Value
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
-
- result = _gnutls_x509_read_value(asn1_struct, tmpbuffer3, &td);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (raw_flag != 0)
- {
- out->data = td.data;
- out->size = td.size;
- return 0;
-
- }
- else
- { /* parse data. raw_flag == 0 */
- result =
- _gnutls_x509_dn_to_string (oid, td.data, td.size, out);
-
- _gnutls_free_datum(&td);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
- } /* raw_flag == 0 */
- }
- }
- while (1);
-
- }
- while (1);
-
- gnutls_assert ();
-
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
-cleanup:
- return result;
+ int k2, k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer2[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ gnutls_datum_t td;
+ uint8_t value[256];
+ char oid[MAX_OID_SIZE];
+ int len;
+ int i = 0;
+
+ k1 = 0;
+ do {
+
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ if (asn1_rdn_name[0] != 0)
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "%s.?%u",
+ asn1_rdn_name, k1);
+ else
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "?%u",
+ k1);
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ k2 = 0;
+
+ do { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "%s.?%u", tmpbuffer1, k2);
+ else
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer2, value,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
+ tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
+ ".type");
+
+ len = sizeof(oid) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer3, oid,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (strcmp(oid, given_oid) == 0 && indx == i++) { /* Found the OID */
+
+ /* Read the Value
+ */
+ _gnutls_str_cpy(tmpbuffer3,
+ sizeof(tmpbuffer3),
+ tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3,
+ sizeof(tmpbuffer3),
+ ".value");
+
+ result =
+ _gnutls_x509_read_value(asn1_struct,
+ tmpbuffer3,
+ &td);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (raw_flag != 0) {
+ out->data = td.data;
+ out->size = td.size;
+ return 0;
+
+ } else { /* parse data. raw_flag == 0 */
+ result =
+ _gnutls_x509_dn_to_string(oid,
+ td.
+ data,
+ td.
+ size,
+ out);
+
+ _gnutls_free_datum(&td);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+ } /* raw_flag == 0 */
+ }
+ }
+ while (1);
+
+ }
+ while (1);
+
+ gnutls_assert();
+
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ cleanup:
+ return result;
}
@@ -425,124 +436,125 @@ cleanup:
* OID found, 1 the second etc.
*/
int
-_gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- int indx, void *_oid, size_t * sizeof_oid)
+_gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ int indx, void *_oid, size_t * sizeof_oid)
{
- int k2, k1, result;
- char tmpbuffer1[ASN1_MAX_NAME_SIZE];
- char tmpbuffer2[ASN1_MAX_NAME_SIZE];
- char tmpbuffer3[ASN1_MAX_NAME_SIZE];
- char value[256];
- char oid[MAX_OID_SIZE];
- int len;
- int i = 0;
-
- k1 = 0;
- do
- {
-
- k1++;
- /* create a string like "tbsCertList.issuer.rdnSequence.?1"
- */
- if (asn1_rdn_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
- k1);
- else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
-
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- k2 = 0;
-
- do
- { /* Move to the attibute type and values
- */
- k2++;
-
- if (tmpbuffer1[0] != 0)
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
- k2);
- else
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof (value) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (indx == i++)
- { /* Found the OID */
-
- len = strlen (oid) + 1;
-
- if (*sizeof_oid < (unsigned) len)
- {
- *sizeof_oid = len;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (_oid, oid, len);
- *sizeof_oid = len - 1;
-
- return 0;
- }
- }
- while (1);
-
- }
- while (1);
-
- gnutls_assert ();
-
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
-cleanup:
- return result;
+ int k2, k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer2[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ char value[256];
+ char oid[MAX_OID_SIZE];
+ int len;
+ int i = 0;
+
+ k1 = 0;
+ do {
+
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ if (asn1_rdn_name[0] != 0)
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "%s.?%u",
+ asn1_rdn_name, k1);
+ else
+ snprintf(tmpbuffer1, sizeof(tmpbuffer1), "?%u",
+ k1);
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ k2 = 0;
+
+ do { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "%s.?%u", tmpbuffer1, k2);
+ else
+ snprintf(tmpbuffer2, sizeof(tmpbuffer2),
+ "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof(value) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer2, value,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
+ tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
+ ".type");
+
+ len = sizeof(oid) - 1;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer3, oid,
+ &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (indx == i++) { /* Found the OID */
+
+ len = strlen(oid) + 1;
+
+ if (*sizeof_oid < (unsigned) len) {
+ *sizeof_oid = len;
+ gnutls_assert();
+ return
+ GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy(_oid, oid, len);
+ *sizeof_oid = len - 1;
+
+ return 0;
+ }
+ }
+ while (1);
+
+ }
+ while (1);
+
+ gnutls_assert();
+
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ cleanup:
+ return result;
}
/* This will write the AttributeTypeAndValue field. The data must be already DER encoded.
@@ -550,39 +562,37 @@ cleanup:
* In all cases only one value is written.
*/
static int
-_gnutls_x509_write_attribute (const char *given_oid,
- ASN1_TYPE asn1_struct, const char *where,
- const void *_data, int sizeof_data)
+_gnutls_x509_write_attribute(const char *given_oid,
+ ASN1_TYPE asn1_struct, const char *where,
+ const void *_data, int sizeof_data)
{
- char tmp[128];
- int result;
-
- /* write the data (value)
- */
-
- _gnutls_str_cpy (tmp, sizeof (tmp), where);
- _gnutls_str_cat (tmp, sizeof (tmp), ".value");
-
- result = asn1_write_value (asn1_struct, tmp, _data, sizeof_data);
- if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* write the type
- */
- _gnutls_str_cpy (tmp, sizeof (tmp), where);
- _gnutls_str_cat (tmp, sizeof (tmp), ".type");
-
- result = asn1_write_value (asn1_struct, tmp, given_oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ char tmp[128];
+ int result;
+
+ /* write the data (value)
+ */
+
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".value");
+
+ result = asn1_write_value(asn1_struct, tmp, _data, sizeof_data);
+ if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* write the type
+ */
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".type");
+
+ result = asn1_write_value(asn1_struct, tmp, given_oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
@@ -595,49 +605,51 @@ _gnutls_x509_write_attribute (const char *given_oid,
* The output is allocated and stored in value.
*/
int
-_gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
- const char *where, char *oid,
- int oid_size, gnutls_datum_t * value,
- int multi, int octet_string)
+_gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct,
+ const char *where, char *oid,
+ int oid_size,
+ gnutls_datum_t * value, int multi,
+ int octet_string)
{
- char tmpbuffer[128];
- int len, result;
-
- /* Read the OID
- */
- _gnutls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
- _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type");
-
- len = oid_size - 1;
- result = asn1_read_value (asn1_struct, tmpbuffer, oid, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- return result;
- }
-
- /* Read the Value
- */
-
- _gnutls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
- _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value");
-
- if (multi)
- _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */
-
- if (octet_string)
- result = _gnutls_x509_read_string (asn1_struct, tmpbuffer, value, ASN1_ETYPE_OCTET_STRING);
- else
- result = _gnutls_x509_read_value (asn1_struct, tmpbuffer, value);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ char tmpbuffer[128];
+ int len, result;
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where);
+ _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".type");
+
+ len = oid_size - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer, oid, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ return result;
+ }
+
+ /* Read the Value
+ */
+
+ _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where);
+ _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".value");
+
+ if (multi)
+ _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), "s.?1"); /* .values.?1 */
+
+ if (octet_string)
+ result =
+ _gnutls_x509_read_string(asn1_struct, tmpbuffer, value,
+ ASN1_ETYPE_OCTET_STRING);
+ else
+ result =
+ _gnutls_x509_read_value(asn1_struct, tmpbuffer, value);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
@@ -649,79 +661,75 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
*
*/
int
-_gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_name, const char *given_oid,
- int raw_flag, const char *name, int sizeof_name)
+_gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_name, const char *given_oid,
+ int raw_flag, const char *name, int sizeof_name)
{
- int result;
- char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE];
-
- if (sizeof_name == 0 || name == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* create the rdnSequence
- */
- result = asn1_write_value (asn1_struct, asn1_name, "rdnSequence", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name);
- _gnutls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence");
-
- /* create a new element
- */
- result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cpy (tmp, sizeof (tmp), asn1_rdn_name);
- _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
-
- /* create the set with only one element
- */
- result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- /* Encode and write the data
- */
- _gnutls_str_cpy (tmp, sizeof (tmp), asn1_rdn_name);
- _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST.?LAST");
-
- if (!raw_flag)
- {
- result =
- _gnutls_x509_encode_and_write_attribute (given_oid,
- asn1_struct,
- tmp, name, sizeof_name, 0);
- }
- else
- {
- result =
- _gnutls_x509_write_attribute (given_oid, asn1_struct,
- tmp, name, sizeof_name);
- }
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE];
+
+ if (sizeof_name == 0 || name == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* create the rdnSequence
+ */
+ result =
+ asn1_write_value(asn1_struct, asn1_name, "rdnSequence", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cpy(asn1_rdn_name, sizeof(asn1_rdn_name), asn1_name);
+ _gnutls_str_cat(asn1_rdn_name, sizeof(asn1_rdn_name),
+ ".rdnSequence");
+
+ /* create a new element
+ */
+ result = asn1_write_value(asn1_struct, asn1_rdn_name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
+
+ /* create the set with only one element
+ */
+ result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ /* Encode and write the data
+ */
+ _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST.?LAST");
+
+ if (!raw_flag) {
+ result =
+ _gnutls_x509_encode_and_write_attribute(given_oid,
+ asn1_struct,
+ tmp, name,
+ sizeof_name,
+ 0);
+ } else {
+ result =
+ _gnutls_x509_write_attribute(given_oid, asn1_struct,
+ tmp, name, sizeof_name);
+ }
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -738,23 +746,21 @@ _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
*
* Since: 2.4.0
**/
-int
-gnutls_x509_dn_init (gnutls_x509_dn_t * dn)
+int gnutls_x509_dn_init(gnutls_x509_dn_t * dn)
{
- int result;
- ASN1_TYPE tmpdn = ASN1_TYPE_EMPTY;
+ int result;
+ ASN1_TYPE tmpdn = ASN1_TYPE_EMPTY;
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- *dn = tmpdn;
+ *dn = tmpdn;
- return 0;
+ return 0;
}
/**
@@ -772,23 +778,21 @@ gnutls_x509_dn_init (gnutls_x509_dn_t * dn)
*
* Since: 2.4.0
**/
-int
-gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data)
+int gnutls_x509_dn_import(gnutls_x509_dn_t dn, const gnutls_datum_t * data)
{
- int result;
- char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
-
- result = asn1_der_decoding ((ASN1_TYPE *) & dn,
- data->data, data->size, err);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- _gnutls_debug_log ("ASN.1 Decoding error: %s\n", err);
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ result = asn1_der_decoding((ASN1_TYPE *) & dn,
+ data->data, data->size, err);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ _gnutls_debug_log("ASN.1 Decoding error: %s\n", err);
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -800,10 +804,9 @@ gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data)
*
* Since: 2.4.0
**/
-void
-gnutls_x509_dn_deinit (gnutls_x509_dn_t dn)
+void gnutls_x509_dn_deinit(gnutls_x509_dn_t dn)
{
- asn1_delete_structure ((ASN1_TYPE *) & dn);
+ asn1_delete_structure((ASN1_TYPE *) & dn);
}
/**
@@ -822,43 +825,40 @@ gnutls_x509_dn_deinit (gnutls_x509_dn_t dn)
* negative error value.
**/
int
-gnutls_x509_rdn_get (const gnutls_datum_t * idn,
- char *buf, size_t * buf_size)
+gnutls_x509_rdn_get(const gnutls_datum_t * idn,
+ char *buf, size_t * buf_size)
{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
- if (buf_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (buf_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (buf)
- buf[0] = 0;
+ if (buf)
+ buf[0] = 0;
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- gnutls_assert ();
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
+ result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
- result = _gnutls_x509_parse_dn (dn, "rdnSequence", buf, buf_size);
+ result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, buf_size);
- asn1_delete_structure (&dn);
- return result;
+ asn1_delete_structure(&dn);
+ return result;
}
@@ -882,45 +882,42 @@ gnutls_x509_rdn_get (const gnutls_datum_t * idn,
* negative error value.
**/
int
-gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * buf_size)
+gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * buf_size)
{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
- gnutls_datum_t td;
-
- if (buf_size == 0)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- gnutls_assert ();
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
-
- result =
- _gnutls_x509_parse_dn_oid (dn, "rdnSequence", oid, indx,
- raw_flag, &td);
-
- asn1_delete_structure (&dn);
- if (result < 0)
- return gnutls_assert_val(result);
-
- return _gnutls_strdatum_to_buf (&td, buf, buf_size);
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+ gnutls_datum_t td;
+
+ if (buf_size == 0) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_parse_dn_oid(dn, "rdnSequence", oid, indx,
+ raw_flag, &td);
+
+ asn1_delete_structure(&dn);
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
/**
@@ -941,38 +938,37 @@ gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid,
* Since: 2.4.0
**/
int
-gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
- int indx, void *buf, size_t * buf_size)
+gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn,
+ int indx, void *buf, size_t * buf_size)
{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
-
- if (buf_size == 0)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- gnutls_assert ();
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_get_dn_oid (dn, "rdnSequence", indx, buf, buf_size);
-
- asn1_delete_structure (&dn);
- return result;
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+
+ if (buf_size == 0) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_get_dn_oid(dn, "rdnSequence", indx, buf,
+ buf_size);
+
+ asn1_delete_structure(&dn);
+ return result;
}
/*
@@ -982,21 +978,19 @@ gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
* a negative error code is returned to indicate error.
*/
int
-_gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
- const gnutls_datum_t * dn2)
+_gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
+ const gnutls_datum_t * dn2)
{
- if (dn1->size != dn2->size)
- {
- gnutls_assert ();
- return 0;
- }
- if (memcmp (dn1->data, dn2->data, dn2->size) != 0)
- {
- gnutls_assert ();
- return 0;
- }
- return 1; /* they match */
+ if (dn1->size != dn2->size) {
+ gnutls_assert();
+ return 0;
+ }
+ if (memcmp(dn1->data, dn2->data, dn2->size) != 0) {
+ gnutls_assert();
+ return 0;
+ }
+ return 1; /* they match */
}
/**
@@ -1020,21 +1014,21 @@ _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
* negative error value.
**/
int
-gnutls_x509_dn_export (gnutls_x509_dn_t dn,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_x509_dn_export(gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- ASN1_TYPE asn1 = dn;
+ ASN1_TYPE asn1 = dn;
- if (asn1 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (asn1 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int_named (asn1, "rdnSequence",
- format, "NAME",
- output_data, output_data_size);
+ return _gnutls_x509_export_int_named(asn1, "rdnSequence",
+ format, "NAME",
+ output_data,
+ output_data_size);
}
/**
@@ -1056,17 +1050,16 @@ gnutls_x509_dn_export (gnutls_x509_dn_t dn,
* Since: 3.1.3
**/
int
-gnutls_x509_dn_export2 (gnutls_x509_dn_t dn,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+gnutls_x509_dn_export2(gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- ASN1_TYPE asn1 = dn;
+ ASN1_TYPE asn1 = dn;
- if (asn1 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (asn1 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int_named2 (asn1, "rdnSequence",
- format, "NAME", out);
+ return _gnutls_x509_export_int_named2(asn1, "rdnSequence",
+ format, "NAME", out);
}
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index 80ed7f2669..4777931802 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -32,127 +32,122 @@
#include <gnutls_datum.h>
int
-get_extension (ASN1_TYPE asn, const char *root,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+get_extension(ASN1_TYPE asn, const char *root,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical)
{
- int k, result, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char str[1024];
- char str_critical[10];
- int critical = 0;
- char extnID[128];
- gnutls_datum_t value;
- int indx_counter = 0;
-
- ret->data = NULL;
- ret->size = 0;
-
- k = 0;
- do
- {
- k++;
-
- snprintf (name, sizeof (name), "%s.?%u", root, k);
-
- len = sizeof (str) - 1;
- result = asn1_read_value (asn, name, str, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
- {
- /* extension was found
- */
-
- /* read the critical status.
- */
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".critical");
-
- len = sizeof (str_critical);
- result = asn1_read_value (asn, name2, str_critical, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (str_critical[0] == 'T')
- critical = 1;
- else
- critical = 0;
-
- /* read the value.
- */
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
-
- result = _gnutls_x509_read_value (asn, name2, &value);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- ret->data = value.data;
- ret->size = value.size;
-
- if (_critical)
- *_critical = critical;
-
- return 0;
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ int k, result, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char str[1024];
+ char str_critical[10];
+ int critical = 0;
+ char extnID[128];
+ gnutls_datum_t value;
+ int indx_counter = 0;
+
+ ret->data = NULL;
+ ret->size = 0;
+
+ k = 0;
+ do {
+ k++;
+
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+
+ len = sizeof(str) - 1;
+ result = asn1_read_value(asn, name, str, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp(extnID, extension_id) == 0
+ && indx == indx_counter++) {
+ /* extension was found
+ */
+
+ /* read the critical status.
+ */
+ _gnutls_str_cpy(name2, sizeof(name2),
+ name);
+ _gnutls_str_cat(name2, sizeof(name2),
+ ".critical");
+
+ len = sizeof(str_critical);
+ result =
+ asn1_read_value(asn, name2,
+ str_critical, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (str_critical[0] == 'T')
+ critical = 1;
+ else
+ critical = 0;
+
+ /* read the value.
+ */
+ _gnutls_str_cpy(name2, sizeof(name2),
+ name);
+ _gnutls_str_cat(name2, sizeof(name2),
+ ".extnValue");
+
+ result =
+ _gnutls_x509_read_value(asn, name2,
+ &value);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ ret->data = value.data;
+ ret->size = value.size;
+
+ if (_critical)
+ *_critical = critical;
+
+ return 0;
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
}
/* This function will attempt to return the requested extension found in
@@ -165,21 +160,23 @@ get_extension (ASN1_TYPE asn, const char *root,
* be returned.
*/
int
-_gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+_gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *_critical)
{
- return get_extension (cert->cert, "tbsCertificate.extensions", extension_id,
- indx, ret, _critical);
+ return get_extension(cert->cert, "tbsCertificate.extensions",
+ extension_id, indx, ret, _critical);
}
int
-_gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
- const char *extension_id, int indx,
- gnutls_datum_t * ret, unsigned int *_critical)
+_gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *_critical)
{
- return get_extension (crl->crl, "tbsCertList.crlExtensions", extension_id,
- indx, ret, _critical);
+ return get_extension(crl->crl, "tbsCertList.crlExtensions",
+ extension_id, indx, ret, _critical);
}
@@ -190,87 +187,77 @@ _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
* be returned.
*/
static int
-get_extension_oid (ASN1_TYPE asn, const char *root,
- int indx, void *oid, size_t * sizeof_oid)
+get_extension_oid(ASN1_TYPE asn, const char *root,
+ int indx, void *oid, size_t * sizeof_oid)
{
- int k, result, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char str[1024];
- char extnID[128];
- int indx_counter = 0;
-
- k = 0;
- do
- {
- k++;
-
- snprintf (name, sizeof (name), "%s.?%u", root, k);
-
- len = sizeof (str) - 1;
- result = asn1_read_value (asn, name, str, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (indx == indx_counter++)
- {
- len = strlen (extnID) + 1;
-
- if (*sizeof_oid < (unsigned) len)
- {
- *sizeof_oid = len;
- gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (oid, extnID, len);
- *sizeof_oid = len - 1;
-
- return 0;
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ int k, result, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char str[1024];
+ char extnID[128];
+ int indx_counter = 0;
+
+ k = 0;
+ do {
+ k++;
+
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+
+ len = sizeof(str) - 1;
+ result = asn1_read_value(asn, name, str, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (indx == indx_counter++) {
+ len = strlen(extnID) + 1;
+
+ if (*sizeof_oid < (unsigned) len) {
+ *sizeof_oid = len;
+ gnutls_assert();
+ return
+ GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy(oid, extnID, len);
+ *sizeof_oid = len - 1;
+
+ return 0;
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
}
/* This function will attempt to return the requested extension OID found in
@@ -280,19 +267,21 @@ get_extension_oid (ASN1_TYPE asn, const char *root,
* be returned.
*/
int
-_gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
+_gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * sizeof_oid)
{
- return get_extension_oid (cert->cert, "tbsCertificate.extensions", indx,
- oid, sizeof_oid);
+ return get_extension_oid(cert->cert, "tbsCertificate.extensions",
+ indx, oid, sizeof_oid);
}
int
-_gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
- int indx, void *oid, size_t * sizeof_oid)
+_gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl,
+ int indx, void *oid,
+ size_t * sizeof_oid)
{
- return get_extension_oid (crl->crl, "tbsCertList.crlExtensions", indx, oid,
- sizeof_oid);
+ return get_extension_oid(crl->crl, "tbsCertList.crlExtensions",
+ indx, oid, sizeof_oid);
}
/* This function will attempt to set the requested extension in
@@ -301,192 +290,179 @@ _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
* Critical will be either 0 or 1.
*/
static int
-add_extension (ASN1_TYPE asn, const char *root, const char *extension_id,
- const gnutls_datum_t * ext_data, unsigned int critical)
+add_extension(ASN1_TYPE asn, const char *root, const char *extension_id,
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
- int result;
- const char *str;
- char name[ASN1_MAX_NAME_SIZE];
-
- snprintf (name, sizeof (name), "%s", root);
-
- /* Add a new extension in the list.
- */
- result = asn1_write_value (asn, name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?LAST.extnID", root);
- else
- snprintf (name, sizeof (name), "?LAST.extnID");
-
- result = asn1_write_value (asn, name, extension_id, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (critical == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?LAST.critical", root);
- else
- snprintf (name, sizeof (name), "?LAST.critical");
-
- result = asn1_write_value (asn, name, str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?LAST.extnValue", root);
- else
- snprintf (name, sizeof (name), "?LAST.extnValue");
-
- result = _gnutls_x509_write_value (asn, name, ext_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ const char *str;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ snprintf(name, sizeof(name), "%s", root);
+
+ /* Add a new extension in the list.
+ */
+ result = asn1_write_value(asn, name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?LAST.extnID", root);
+ else
+ snprintf(name, sizeof(name), "?LAST.extnID");
+
+ result = asn1_write_value(asn, name, extension_id, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (critical == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?LAST.critical", root);
+ else
+ snprintf(name, sizeof(name), "?LAST.critical");
+
+ result = asn1_write_value(asn, name, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?LAST.extnValue", root);
+ else
+ snprintf(name, sizeof(name), "?LAST.extnValue");
+
+ result = _gnutls_x509_write_value(asn, name, ext_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* Overwrite the given extension (using the index)
* index here starts from one.
*/
static int
-overwrite_extension (ASN1_TYPE asn, const char *root, unsigned int indx,
- const gnutls_datum_t * ext_data, unsigned int critical)
+overwrite_extension(ASN1_TYPE asn, const char *root, unsigned int indx,
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- const char *str;
- int result;
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?%u", root, indx);
- else
- snprintf (name, sizeof (name), "?%u", indx);
-
- if (critical == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".critical");
-
- result = asn1_write_value (asn, name2, str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
-
- result = _gnutls_x509_write_value (asn, name2, ext_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ const char *str;
+ int result;
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?%u", root, indx);
+ else
+ snprintf(name, sizeof(name), "?%u", indx);
+
+ if (critical == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".critical");
+
+ result = asn1_write_value(asn, name2, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnValue");
+
+ result = _gnutls_x509_write_value(asn, name2, ext_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
int
-set_extension (ASN1_TYPE asn, const char *root,
- const char *ext_id,
- const gnutls_datum_t * ext_data, unsigned int critical)
+set_extension(ASN1_TYPE asn, const char *root,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data, unsigned int critical)
{
- int result;
- int k, len;
- char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
- char extnID[128];
-
- /* Find the index of the given extension.
- */
- k = 0;
- do
- {
- k++;
-
- if (root[0] != 0)
- snprintf (name, sizeof (name), "%s.?%u", root, k);
- else
- snprintf (name, sizeof (name), "?%u", k);
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name, extnID, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- _gnutls_str_cpy (name2, sizeof (name2), name);
- _gnutls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = asn1_read_value (asn, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, ext_id) == 0)
- {
- /* extension was found
- */
- return overwrite_extension (asn, root, k, ext_data, critical);
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return add_extension (asn, root, ext_id, ext_data, critical);
- }
- else
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- return 0;
+ int result;
+ int k, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char extnID[128];
+
+ /* Find the index of the given extension.
+ */
+ k = 0;
+ do {
+ k++;
+
+ if (root[0] != 0)
+ snprintf(name, sizeof(name), "%s.?%u", root, k);
+ else
+ snprintf(name, sizeof(name), "?%u", k);
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name, extnID, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
+ do {
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp(extnID, ext_id) == 0) {
+ /* extension was found
+ */
+ return overwrite_extension(asn, root, k,
+ ext_data,
+ critical);
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return add_extension(asn, root, ext_id, ext_data,
+ critical);
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ return 0;
}
/* This function will attempt to overwrite the requested extension with
@@ -495,217 +471,211 @@ set_extension (ASN1_TYPE asn, const char *root,
* Critical will be either 0 or 1.
*/
int
-_gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+_gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
- return set_extension (cert->cert, "tbsCertificate.extensions", ext_id,
- ext_data, critical);
+ return set_extension(cert->cert, "tbsCertificate.extensions",
+ ext_id, ext_data, critical);
}
int
-_gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+_gnutls_x509_crl_set_extension(gnutls_x509_crl_t crl,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
- return set_extension (crl->crl, "tbsCertList.crlExtensions", ext_id,
- ext_data, critical);
+ return set_extension(crl->crl, "tbsCertList.crlExtensions", ext_id,
+ ext_data, critical);
}
int
-_gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical)
+_gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
{
- unsigned char *extensions = NULL;
- size_t extensions_size = 0;
- gnutls_datum_t der;
- ASN1_TYPE c2;
- int result;
-
- result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- 0, NULL, &extensions_size);
- if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- extensions = gnutls_malloc (extensions_size);
- if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_attribute_by_oid (crq,
- "1.2.840.113549.1.9.14",
- 0, extensions,
- &extensions_size);
- }
- if (result < 0)
- {
- if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- extensions_size = 0;
- }
- else
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return result;
- }
- }
-
- result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return _gnutls_asn2err (result);
- }
-
- if (extensions_size > 0)
- {
- result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
- gnutls_free (extensions);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
- }
-
- result = set_extension (c2, "", ext_id, ext_data, critical);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return result;
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der, 0);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_x509_crq_set_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
- der.data, der.size);
- gnutls_free (der.data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
-
- return 0;
+ unsigned char *extensions = NULL;
+ size_t extensions_size = 0;
+ gnutls_datum_t der;
+ ASN1_TYPE c2;
+ int result;
+
+ result =
+ gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0, NULL,
+ &extensions_size);
+ if (result == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ extensions = gnutls_malloc(extensions_size);
+ if (extensions == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ 0,
+ extensions,
+ &extensions_size);
+ }
+ if (result < 0) {
+ if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ extensions_size = 0;
+ } else {
+ gnutls_assert();
+ gnutls_free(extensions);
+ return result;
+ }
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions",
+ &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(extensions);
+ return _gnutls_asn2err(result);
+ }
+
+ if (extensions_size > 0) {
+ result =
+ asn1_der_decoding(&c2, extensions, extensions_size,
+ NULL);
+ gnutls_free(extensions);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ result = set_extension(c2, "", ext_id, ext_data, critical);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der, 0);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ gnutls_x509_crq_set_attribute_by_oid(crq,
+ "1.2.840.113549.1.9.14",
+ der.data, der.size);
+ gnutls_free(der.data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+
+ return 0;
}
/* Here we only extract the KeyUsage field, from the DER encoded
* extension.
*/
int
-_gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
- uint8_t * extnValue, int extnValueLen)
+_gnutls_x509_ext_extract_keyUsage(uint16_t * keyUsage,
+ uint8_t * extnValue, int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int len, result;
- uint8_t str[2];
-
- str[0] = str[1] = 0;
- *keyUsage = 0;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- len = sizeof (str);
- result = asn1_read_value (ext, "", str, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return 0;
- }
-
- *keyUsage = str[0] | (str[1] << 8);
-
- asn1_delete_structure (&ext);
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int len, result;
+ uint8_t str[2];
+
+ str[0] = str[1] = 0;
+ *keyUsage = 0;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS)
+ {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ len = sizeof(str);
+ result = asn1_read_value(ext, "", str, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return 0;
+ }
+
+ *keyUsage = str[0] | (str[1] << 8);
+
+ asn1_delete_structure(&ext);
+
+ return 0;
}
/* extract the basicConstraints from the DER encoded extension
*/
int
-_gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
- int *pathLenConstraint,
- uint8_t * extnValue,
- int extnValueLen)
+_gnutls_x509_ext_extract_basicConstraints(unsigned int *CA,
+ int *pathLenConstraint,
+ uint8_t * extnValue,
+ int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- char str[128];
- int len, result;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint)
- {
- result = _gnutls_x509_read_uint (ext, "pathLenConstraint",
- (unsigned int*)pathLenConstraint);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- *pathLenConstraint = -1;
- else if (result != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
- }
-
- /* the default value of cA is false.
- */
- len = sizeof (str) - 1;
- result = asn1_read_value (ext, "cA", str, &len);
- if (result == ASN1_SUCCESS && strcmp (str, "TRUE") == 0)
- *CA = 1;
- else
- *CA = 0;
-
- asn1_delete_structure (&ext);
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ char str[128];
+ int len, result;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.BasicConstraints",
+ &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint) {
+ result = _gnutls_x509_read_uint(ext, "pathLenConstraint",
+ (unsigned int *)
+ pathLenConstraint);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ *pathLenConstraint = -1;
+ else if (result != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ /* the default value of cA is false.
+ */
+ len = sizeof(str) - 1;
+ result = asn1_read_value(ext, "cA", str, &len);
+ if (result == ASN1_SUCCESS && strcmp(str, "TRUE") == 0)
+ *CA = 1;
+ else
+ *CA = 0;
+
+ asn1_delete_structure(&ext);
+
+ return 0;
}
/* generate the basicConstraints in a DER encoded extension
@@ -714,391 +684,364 @@ _gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
* should not be present, >= 0 to indicate set values.
*/
int
-_gnutls_x509_ext_gen_basicConstraints (int CA,
- int pathLenConstraint,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_basicConstraints(int CA,
+ int pathLenConstraint,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- const char *str;
- int result;
-
- if (CA == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "cA", str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint < 0)
- {
- result = asn1_write_value (ext, "pathLenConstraint", NULL, 0);
- if (result < 0)
- result = _gnutls_asn2err (result);
- }
- else
- result = _gnutls_x509_write_uint32 (ext, "pathLenConstraint",
- pathLenConstraint);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ const char *str;
+ int result;
+
+ if (CA == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.BasicConstraints", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "cA", str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint < 0) {
+ result =
+ asn1_write_value(ext, "pathLenConstraint", NULL, 0);
+ if (result < 0)
+ result = _gnutls_asn2err(result);
+ } else
+ result =
+ _gnutls_x509_write_uint32(ext, "pathLenConstraint",
+ pathLenConstraint);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* extract an INTEGER from the DER encoded extension
*/
int
-_gnutls_x509_ext_extract_number (uint8_t * number,
- size_t * _nr_size,
- uint8_t * extnValue, int extnValueLen)
+_gnutls_x509_ext_extract_number(uint8_t * number,
+ size_t * _nr_size,
+ uint8_t * extnValue, int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- int nr_size = *_nr_size;
-
- /* here it doesn't matter so much that we use CertificateSerialNumber. It is equal
- * to using INTEGER.
- */
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
- &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- /* the default value of cA is false.
- */
- result = asn1_read_value (ext, "", number, &nr_size);
- if (result != ASN1_SUCCESS)
- result = _gnutls_asn2err (result);
- else
- result = 0;
-
- *_nr_size = nr_size;
-
- asn1_delete_structure (&ext);
-
- return result;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ int nr_size = *_nr_size;
+
+ /* here it doesn't matter so much that we use CertificateSerialNumber. It is equal
+ * to using INTEGER.
+ */
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.CertificateSerialNumber",
+ &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ /* the default value of cA is false.
+ */
+ result = asn1_read_value(ext, "", number, &nr_size);
+ if (result != ASN1_SUCCESS)
+ result = _gnutls_asn2err(result);
+ else
+ result = 0;
+
+ *_nr_size = nr_size;
+
+ asn1_delete_structure(&ext);
+
+ return result;
}
/* generate an INTEGER in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_number (const uint8_t * number, size_t nr_size,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
- &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "", number, nr_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.CertificateSerialNumber", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "", number, nr_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* generate the keyUsage in a DER encoded extension
* Use an ORed SEQUENCE of GNUTLS_KEY_* for usage.
*/
-int
-_gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext)
+int _gnutls_x509_ext_gen_keyUsage(uint16_t usage, gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- uint8_t str[2];
-
- result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.KeyUsage", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- str[0] = usage & 0xff;
- str[1] = usage >> 8;
-
- result = asn1_write_value (ext, "", str, 9);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ uint8_t str[2];
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.KeyUsage",
+ &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ str[0] = usage & 0xff;
+ str[1] = usage >> 8;
+
+ result = asn1_write_value(ext, "", str, 9);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
static int
-write_new_general_name (ASN1_TYPE ext, const char *ext_name,
- gnutls_x509_subject_alt_name_t type,
- const void *data, unsigned int data_size)
+write_new_general_name(ASN1_TYPE ext, const char *ext_name,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data, unsigned int data_size)
{
- const char *str;
- int result;
- char name[128];
-
- result = asn1_write_value (ext, ext_name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- switch (type)
- {
- case GNUTLS_SAN_DNSNAME:
- str = "dNSName";
- break;
- case GNUTLS_SAN_RFC822NAME:
- str = "rfc822Name";
- break;
- case GNUTLS_SAN_URI:
- str = "uniformResourceIdentifier";
- break;
- case GNUTLS_SAN_IPADDRESS:
- str = "iPAddress";
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (ext_name[0] == 0)
- { /* no dot */
- _gnutls_str_cpy (name, sizeof (name), "?LAST");
- }
- else
- {
- _gnutls_str_cpy (name, sizeof (name), ext_name);
- _gnutls_str_cat (name, sizeof (name), ".?LAST");
- }
-
- result = asn1_write_value (ext, name, str, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cat (name, sizeof (name), ".");
- _gnutls_str_cat (name, sizeof (name), str);
-
- result = asn1_write_value (ext, name, data, data_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ const char *str;
+ int result;
+ char name[128];
+
+ result = asn1_write_value(ext, ext_name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ switch (type) {
+ case GNUTLS_SAN_DNSNAME:
+ str = "dNSName";
+ break;
+ case GNUTLS_SAN_RFC822NAME:
+ str = "rfc822Name";
+ break;
+ case GNUTLS_SAN_URI:
+ str = "uniformResourceIdentifier";
+ break;
+ case GNUTLS_SAN_IPADDRESS:
+ str = "iPAddress";
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (ext_name[0] == 0) { /* no dot */
+ _gnutls_str_cpy(name, sizeof(name), "?LAST");
+ } else {
+ _gnutls_str_cpy(name, sizeof(name), ext_name);
+ _gnutls_str_cat(name, sizeof(name), ".?LAST");
+ }
+
+ result = asn1_write_value(ext, name, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cat(name, sizeof(name), ".");
+ _gnutls_str_cat(name, sizeof(name), str);
+
+ result = asn1_write_value(ext, name, data, data_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/* Convert the given name to GeneralNames in a DER encoded extension.
* This is the same as subject alternative name.
*/
int
-_gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- gnutls_datum_t * prev_der_ext,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ gnutls_datum_t * prev_der_ext,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.GeneralNames", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (prev_der_ext != NULL && prev_der_ext->data != NULL
- && prev_der_ext->size != 0)
- {
- result =
- asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size,
- NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
- }
-
- result = write_new_general_name (ext, "", type, data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.GeneralNames",
+ &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (prev_der_ext != NULL && prev_der_ext->data != NULL
+ && prev_der_ext->size != 0) {
+ result =
+ asn1_der_decoding(&ext, prev_der_ext->data,
+ prev_der_ext->size, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ result = write_new_general_name(ext, "", type, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* generate the SubjectKeyID in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_key_id(const void *id, size_t id_size,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.SubjectKeyIdentifier", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "", id, id_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.SubjectKeyIdentifier", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "", id, id_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* generate the AuthorityKeyID in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.AuthorityKeyIdentifier", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "keyIdentifier", id, id_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- asn1_write_value (ext, "authorityCertIssuer", NULL, 0);
- asn1_write_value (ext, "authorityCertSerialNumber", NULL, 0);
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.AuthorityKeyIdentifier", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "keyIdentifier", id, id_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ asn1_write_value(ext, "authorityCertIssuer", NULL, 0);
+ asn1_write_value(ext, "authorityCertSerialNumber", NULL, 0);
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
@@ -1108,253 +1051,233 @@ _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
*
*/
int
-_gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- unsigned int reason_flags,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- gnutls_datum_t gnames = { NULL, 0 };
- int result;
- uint8_t reasons[2];
-
- reasons[0] = reason_flags & 0xff;
- reasons[1] = reason_flags >> 8;
-
- result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.CRLDistributionPoints", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (ext, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (reason_flags)
- {
- result = asn1_write_value (ext, "?LAST.reasons", reasons, 9);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
- }
- else
- {
- result = asn1_write_value (ext, "?LAST.reasons", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
- }
-
- result = asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* When used as type CHOICE.
- */
- result = asn1_write_value (ext, "?LAST.distributionPoint", "fullName", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ gnutls_datum_t gnames = { NULL, 0 };
+ int result;
+ uint8_t reasons[2];
+
+ reasons[0] = reason_flags & 0xff;
+ reasons[1] = reason_flags >> 8;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.CRLDistributionPoints", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value(ext, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (reason_flags) {
+ result =
+ asn1_write_value(ext, "?LAST.reasons", reasons, 9);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ } else {
+ result = asn1_write_value(ext, "?LAST.reasons", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ }
+
+ result = asn1_write_value(ext, "?LAST.cRLIssuer", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* When used as type CHOICE.
+ */
+ result =
+ asn1_write_value(ext, "?LAST.distributionPoint", "fullName",
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
#if 0
- /* only needed in old code (where defined as SEQUENCE OF) */
- asn1_write_value (ext,
- "?LAST.distributionPoint.nameRelativeToCRLIssuer",
- NULL, 0);
+ /* only needed in old code (where defined as SEQUENCE OF) */
+ asn1_write_value(ext,
+ "?LAST.distributionPoint.nameRelativeToCRLIssuer",
+ NULL, 0);
#endif
- result =
- write_new_general_name (ext, "?LAST.distributionPoint.fullName",
- type, data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ result =
+ write_new_general_name(ext, "?LAST.distributionPoint.fullName",
+ type, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = 0;
+ result = 0;
-cleanup:
- _gnutls_free_datum (&gnames);
- asn1_delete_structure (&ext);
+ cleanup:
+ _gnutls_free_datum(&gnames);
+ asn1_delete_structure(&ext);
- return result;
+ return result;
}
/* extract the proxyCertInfo from the DER encoded extension
*/
int
-_gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
- char **policyLanguage,
- char **policy,
- size_t * sizeof_policy,
- uint8_t * extnValue, int extnValueLen)
+_gnutls_x509_ext_extract_proxyCertInfo(int *pathLenConstraint,
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy,
+ uint8_t * extnValue,
+ int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- gnutls_datum_t value;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.ProxyCertInfo", &ext)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint)
- {
- result = _gnutls_x509_read_uint (ext, "pCPathLenConstraint",
- (unsigned int*)pathLenConstraint);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- *pathLenConstraint = -1;
- else if (result != GNUTLS_E_SUCCESS)
- {
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
- }
-
- result = _gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage",
- &value);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- if (policyLanguage)
- *policyLanguage = gnutls_strdup ((char*)value.data);
-
- result = _gnutls_x509_read_value (ext, "proxyPolicy.policy", &value);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- {
- if (policy)
- *policy = NULL;
- if (sizeof_policy)
- *sizeof_policy = 0;
- }
- else if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
- else
- {
- if (policy)
- *policy = (char*)value.data;
- if (sizeof_policy)
- *sizeof_policy = value.size;
- }
-
- asn1_delete_structure (&ext);
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ gnutls_datum_t value;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ProxyCertInfo",
+ &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint) {
+ result = _gnutls_x509_read_uint(ext, "pCPathLenConstraint",
+ (unsigned int *)
+ pathLenConstraint);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ *pathLenConstraint = -1;
+ else if (result != GNUTLS_E_SUCCESS) {
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+ }
+
+ result = _gnutls_x509_read_value(ext, "proxyPolicy.policyLanguage",
+ &value);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ if (policyLanguage)
+ *policyLanguage = gnutls_strdup((char *) value.data);
+
+ result =
+ _gnutls_x509_read_value(ext, "proxyPolicy.policy", &value);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
+ if (policy)
+ *policy = NULL;
+ if (sizeof_policy)
+ *sizeof_policy = 0;
+ } else if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ } else {
+ if (policy)
+ *policy = (char *) value.data;
+ if (sizeof_policy)
+ *sizeof_policy = value.size;
+ }
+
+ asn1_delete_structure(&ext);
+
+ return 0;
}
/* generate the proxyCertInfo in a DER encoded extension
*/
int
-_gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
- const char *policyLanguage,
- const char *policy,
- size_t sizeof_policy,
- gnutls_datum_t * der_ext)
+_gnutls_x509_ext_gen_proxyCertInfo(int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy,
+ gnutls_datum_t * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.ProxyCertInfo", &ext);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (pathLenConstraint < 0)
- {
- result = asn1_write_value (ext, "pCPathLenConstraint", NULL, 0);
- if (result < 0)
- result = _gnutls_asn2err (result);
- }
- else
- result = _gnutls_x509_write_uint32 (ext, "pCPathLenConstraint",
- pathLenConstraint);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return result;
- }
-
- result = asn1_write_value (ext, "proxyPolicy.policyLanguage",
- policyLanguage, 1);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (ext, "proxyPolicy.policy",
- policy, sizeof_policy);
- if (result < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&ext);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.ProxyCertInfo", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (pathLenConstraint < 0) {
+ result =
+ asn1_write_value(ext, "pCPathLenConstraint", NULL, 0);
+ if (result < 0)
+ result = _gnutls_asn2err(result);
+ } else
+ result =
+ _gnutls_x509_write_uint32(ext, "pCPathLenConstraint",
+ pathLenConstraint);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
+
+ result = asn1_write_value(ext, "proxyPolicy.policyLanguage",
+ policyLanguage, 1);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "proxyPolicy.policy",
+ policy, sizeof_policy);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
+
+ asn1_delete_structure(&ext);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c
index b2267af5da..0a5e753eb8 100644
--- a/lib/x509/key_decode.c
+++ b/lib/x509/key_decode.c
@@ -30,15 +30,16 @@
#include <gnutls_num.h>
#include <gnutls_ecc.h>
-static int _gnutls_x509_read_rsa_pubkey (uint8_t * der, int dersize,
- gnutls_pk_params_st* params);
-static int _gnutls_x509_read_dsa_pubkey (uint8_t * der, int dersize,
- gnutls_pk_params_st * params);
-static int _gnutls_x509_read_ecc_pubkey (uint8_t * der, int dersize,
- gnutls_pk_params_st * params);
+static int _gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params);
+static int _gnutls_x509_read_dsa_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params);
+static int _gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params);
static int
-_gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st * params);
+_gnutls_x509_read_dsa_params(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params);
/*
* some x509 certificate parsing functions that relate to MPI parameter
@@ -46,48 +47,47 @@ _gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st *
* Returns 2 parameters (m,e). It does not set params_nr.
*/
int
-_gnutls_x509_read_rsa_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * params)
+_gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPublicKey", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&spk, der, dersize, NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return _gnutls_asn2err (result);
- }
-
-
- if ((result = _gnutls_x509_read_int (spk, "modulus", &params->params[0])) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- if ((result = _gnutls_x509_read_int (spk, "publicExponent",
- &params->params[1])) < 0)
- {
- gnutls_assert ();
- _gnutls_mpi_release (&params->params[0]);
- asn1_delete_structure (&spk);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- asn1_delete_structure (&spk);
-
- return 0;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&spk, der, dersize, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
+
+
+ if ((result =
+ _gnutls_x509_read_int(spk, "modulus",
+ &params->params[0])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ if ((result = _gnutls_x509_read_int(spk, "publicExponent",
+ &params->params[1])) < 0) {
+ gnutls_assert();
+ _gnutls_mpi_release(&params->params[0]);
+ asn1_delete_structure(&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ asn1_delete_structure(&spk);
+
+ return 0;
}
@@ -97,13 +97,15 @@ _gnutls_x509_read_rsa_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st *
* Returns 2 parameters (m,e). It does not set params_nr.
*/
int
-_gnutls_x509_read_ecc_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * params)
+_gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
/* Eventhough RFC5480 defines the public key to be an ECPoint (i.e. OCTET STRING),
* it is actually copied in raw there. Why do they use ASN.1 anyway?
*/
- return _gnutls_ecc_ansi_x963_import (der, dersize, &params->params[ECC_X],
- &params->params[ECC_Y]);
+ return _gnutls_ecc_ansi_x963_import(der, dersize,
+ &params->params[ECC_X],
+ &params->params[ECC_Y]);
}
@@ -112,65 +114,65 @@ _gnutls_x509_read_ecc_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st *
* params[0-2]. It does NOT set params_nr.
*/
static int
-_gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st * params)
+_gnutls_x509_read_dsa_params(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.Dss-Parms", &spk)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&spk, der, dersize, NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return _gnutls_asn2err (result);
- }
-
- /* FIXME: If the parameters are not included in the certificate
- * then the issuer's parameters should be used. This is not
- * done yet.
- */
-
- /* Read p */
-
- if ((result = _gnutls_x509_read_int (spk, "p", &params->params[0])) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- /* Read q */
-
- if ((result = _gnutls_x509_read_int (spk, "q", &params->params[1])) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- _gnutls_mpi_release (&params->params[0]);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- /* Read g */
-
- if ((result = _gnutls_x509_read_int (spk, "g", &params->params[2])) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- _gnutls_mpi_release (&params->params[0]);
- _gnutls_mpi_release (&params->params[1]);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- asn1_delete_structure (&spk);
-
- return 0;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.Dss-Parms",
+ &spk)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&spk, der, dersize, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
+
+ /* FIXME: If the parameters are not included in the certificate
+ * then the issuer's parameters should be used. This is not
+ * done yet.
+ */
+
+ /* Read p */
+
+ if ((result =
+ _gnutls_x509_read_int(spk, "p", &params->params[0])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ /* Read q */
+
+ if ((result =
+ _gnutls_x509_read_int(spk, "q", &params->params[1])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ _gnutls_mpi_release(&params->params[0]);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ /* Read g */
+
+ if ((result =
+ _gnutls_x509_read_int(spk, "g", &params->params[2])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ _gnutls_mpi_release(&params->params[0]);
+ _gnutls_mpi_release(&params->params[1]);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ asn1_delete_structure(&spk);
+
+ return 0;
}
@@ -178,99 +180,99 @@ _gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st *
* params[0-4]. It does NOT set params_nr.
*/
int
-_gnutls_x509_read_ecc_params (uint8_t * der, int dersize, gnutls_pk_params_st * params)
+_gnutls_x509_read_ecc_params(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
- int ret;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- char oid[MAX_OID_SIZE];
- int oid_size;
-
- if ((ret = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.ECParameters", &spk)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_der_decoding (&spk, der, dersize, NULL);
-
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- /* Read curve */
- /* read the curve */
- oid_size = sizeof(oid);
- ret = asn1_read_value(spk, "namedCurve", oid, &oid_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- params->flags = _gnutls_oid_to_ecc_curve(oid);
- if (params->flags == GNUTLS_ECC_CURVE_INVALID)
- {
- _gnutls_debug_log("Curve %s is not supported\n", oid);
- gnutls_assert();
- ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- asn1_delete_structure (&spk);
-
- return ret;
+ int ret;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+ char oid[MAX_OID_SIZE];
+ int oid_size;
+
+ if ((ret = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.ECParameters",
+ &spk)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = asn1_der_decoding(&spk, der, dersize, NULL);
+
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ /* Read curve */
+ /* read the curve */
+ oid_size = sizeof(oid);
+ ret = asn1_read_value(spk, "namedCurve", oid, &oid_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ params->flags = _gnutls_oid_to_ecc_curve(oid);
+ if (params->flags == GNUTLS_ECC_CURVE_INVALID) {
+ _gnutls_debug_log("Curve %s is not supported\n", oid);
+ gnutls_assert();
+ ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ asn1_delete_structure(&spk);
+
+ return ret;
}
-int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t algo, uint8_t * der, int dersize,
- gnutls_pk_params_st * params)
+int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der,
+ int dersize, gnutls_pk_params_st * params)
{
-int ret;
-
- switch(algo)
- {
- case GNUTLS_PK_RSA:
- ret = _gnutls_x509_read_rsa_pubkey(der, dersize, params);
- if (ret >= 0) params->params_nr = RSA_PUBLIC_PARAMS;
- break;
- case GNUTLS_PK_DSA:
- ret = _gnutls_x509_read_dsa_pubkey(der, dersize, params);
- if (ret >= 0) params->params_nr = DSA_PUBLIC_PARAMS;
- break;
- case GNUTLS_PK_EC:
- ret = _gnutls_x509_read_ecc_pubkey(der, dersize, params);
- if (ret >= 0) params->params_nr = ECC_PUBLIC_PARAMS;
- break;
- default:
- ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- break;
- }
- return ret;
+ int ret;
+
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_x509_read_rsa_pubkey(der, dersize, params);
+ if (ret >= 0)
+ params->params_nr = RSA_PUBLIC_PARAMS;
+ break;
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_x509_read_dsa_pubkey(der, dersize, params);
+ if (ret >= 0)
+ params->params_nr = DSA_PUBLIC_PARAMS;
+ break;
+ case GNUTLS_PK_EC:
+ ret = _gnutls_x509_read_ecc_pubkey(der, dersize, params);
+ if (ret >= 0)
+ params->params_nr = ECC_PUBLIC_PARAMS;
+ break;
+ default:
+ ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ break;
+ }
+ return ret;
}
-int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t algo, uint8_t * der, int dersize,
- gnutls_pk_params_st * params)
+int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo,
+ uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
- switch(algo)
- {
- case GNUTLS_PK_RSA:
- return 0;
- case GNUTLS_PK_DSA:
- return _gnutls_x509_read_dsa_params(der, dersize, params);
- case GNUTLS_PK_EC:
- return _gnutls_x509_read_ecc_params(der, dersize, params);
- default:
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- }
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ return 0;
+ case GNUTLS_PK_DSA:
+ return _gnutls_x509_read_dsa_params(der, dersize, params);
+ case GNUTLS_PK_EC:
+ return _gnutls_x509_read_ecc_params(der, dersize, params);
+ default:
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
}
/* reads DSA's Y
@@ -278,10 +280,10 @@ int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t algo, uint8_t * der,
* only sets params[3]
*/
int
-_gnutls_x509_read_dsa_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * params)
+_gnutls_x509_read_dsa_pubkey(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params)
{
- /* do not set a number */
- params->params_nr = 0;
- return _gnutls_x509_read_der_int (der, dersize, &params->params[3]);
+ /* do not set a number */
+ params->params_nr = 0;
+ return _gnutls_x509_read_der_int(der, dersize, &params->params[3]);
}
-
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index 47141093d5..b22c1b860a 100644
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -32,12 +32,12 @@
#include <gnutls_mpi.h>
#include <gnutls_ecc.h>
-static int _gnutls_x509_write_rsa_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der);
-static int _gnutls_x509_write_dsa_params (gnutls_pk_params_st * params,
- gnutls_datum_t * der);
-static int _gnutls_x509_write_dsa_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der);
+static int _gnutls_x509_write_rsa_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
+static int _gnutls_x509_write_dsa_params(gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
+static int _gnutls_x509_write_dsa_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
/*
* some x509 certificate functions that relate to MPI parameter
@@ -47,57 +47,55 @@ static int _gnutls_x509_write_dsa_pubkey (gnutls_pk_params_st * params,
* Allocates the space used to store the DER data.
*/
static int
-_gnutls_x509_write_rsa_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der)
+_gnutls_x509_write_rsa_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- der->data = NULL;
- der->size = 0;
-
- if (params->params_nr < RSA_PUBLIC_PARAMS)
- {
- gnutls_assert ();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPublicKey", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_int (spk, "modulus", params->params[0], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_int (spk, "publicExponent", params->params[1], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (spk, "", der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
-
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params->params_nr < RSA_PUBLIC_PARAMS) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_write_int(spk, "modulus", params->params[0], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_write_int(spk, "publicExponent",
+ params->params[1], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+
+ return result;
}
/*
@@ -107,64 +105,66 @@ cleanup:
* Allocates the space used to store the DER data.
*/
int
-_gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der)
+_gnutls_x509_write_ecc_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- int result;
+ int result;
- der->data = NULL;
- der->size = 0;
+ der->data = NULL;
+ der->size = 0;
- if (params->params_nr < ECC_PUBLIC_PARAMS)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (params->params_nr < ECC_PUBLIC_PARAMS)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- result = _gnutls_ecc_ansi_x963_export(params->flags, params->params[ECC_X], params->params[ECC_Y], /*&out*/der);
- if (result < 0)
- return gnutls_assert_val(result);
+ result =
+ _gnutls_ecc_ansi_x963_export(params->flags,
+ params->params[ECC_X],
+ params->params[ECC_Y], /*&out */
+ der);
+ if (result < 0)
+ return gnutls_assert_val(result);
- return 0;
+ return 0;
}
int
-_gnutls_x509_write_pubkey_params (gnutls_pk_algorithm_t algo,
- gnutls_pk_params_st* params,
- gnutls_datum_t * der)
+_gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo,
+ gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- switch(algo)
- {
- case GNUTLS_PK_DSA:
- return _gnutls_x509_write_dsa_params(params, der);
- case GNUTLS_PK_RSA:
- der->data = gnutls_malloc(ASN1_NULL_SIZE);
- if (der->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- memcpy(der->data, ASN1_NULL, ASN1_NULL_SIZE);
- der->size = ASN1_NULL_SIZE;
- return 0;
- case GNUTLS_PK_EC:
- return _gnutls_x509_write_ecc_params(params, der);
- default:
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- }
+ switch (algo) {
+ case GNUTLS_PK_DSA:
+ return _gnutls_x509_write_dsa_params(params, der);
+ case GNUTLS_PK_RSA:
+ der->data = gnutls_malloc(ASN1_NULL_SIZE);
+ if (der->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ memcpy(der->data, ASN1_NULL, ASN1_NULL_SIZE);
+ der->size = ASN1_NULL_SIZE;
+ return 0;
+ case GNUTLS_PK_EC:
+ return _gnutls_x509_write_ecc_params(params, der);
+ default:
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
}
int
-_gnutls_x509_write_pubkey (gnutls_pk_algorithm_t algo,
- gnutls_pk_params_st* params,
- gnutls_datum_t * der)
+_gnutls_x509_write_pubkey(gnutls_pk_algorithm_t algo,
+ gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- switch(algo)
- {
- case GNUTLS_PK_DSA:
- return _gnutls_x509_write_dsa_pubkey(params, der);
- case GNUTLS_PK_RSA:
- return _gnutls_x509_write_rsa_pubkey(params, der);
- case GNUTLS_PK_EC:
- return _gnutls_x509_write_ecc_pubkey(params, der);
- default:
- return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
- }
+ switch (algo) {
+ case GNUTLS_PK_DSA:
+ return _gnutls_x509_write_dsa_pubkey(params, der);
+ case GNUTLS_PK_RSA:
+ return _gnutls_x509_write_rsa_pubkey(params, der);
+ case GNUTLS_PK_EC:
+ return _gnutls_x509_write_ecc_pubkey(params, der);
+ default:
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
}
/*
@@ -174,63 +174,57 @@ _gnutls_x509_write_pubkey (gnutls_pk_algorithm_t algo,
* Allocates the space used to store the DER data.
*/
static int
-_gnutls_x509_write_dsa_params (gnutls_pk_params_st* params,
- gnutls_datum_t * der)
+_gnutls_x509_write_dsa_params(gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- der->data = NULL;
- der->size = 0;
-
- if (params->params_nr < DSA_PUBLIC_PARAMS-1)
- {
- gnutls_assert ();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAParameters", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_int (spk, "p", params->params[0], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_int (spk, "q", params->params[1], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_int (spk, "g", params->params[2], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (spk, "", der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params->params_nr < DSA_PUBLIC_PARAMS - 1) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAParameters", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_int(spk, "p", params->params[0], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_int(spk, "q", params->params[1], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_int(spk, "g", params->params[2], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+ return result;
}
/*
@@ -240,62 +234,60 @@ cleanup:
* Allocates the space used to store the DER data.
*/
int
-_gnutls_x509_write_ecc_params (gnutls_pk_params_st* params,
- gnutls_datum_t * der)
+_gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- const char* oid;
-
- der->data = NULL;
- der->size = 0;
-
- if (params->params_nr < ECC_PUBLIC_PARAMS)
- {
- gnutls_assert ();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- oid = _gnutls_ecc_curve_get_oid(params->flags);
- if (oid == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.ECParameters", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if ((result = asn1_write_value (spk, "", "namedCurve", 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (spk, "namedCurve", oid, 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (spk, "", der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+ const char *oid;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params->params_nr < ECC_PUBLIC_PARAMS) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ oid = _gnutls_ecc_curve_get_oid(params->flags);
+ if (oid == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.ECParameters", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if ((result =
+ asn1_write_value(spk, "", "namedCurve", 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result =
+ asn1_write_value(spk, "namedCurve", oid,
+ 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+ return result;
}
/*
@@ -305,484 +297,466 @@ cleanup:
* Allocates the space used to store the DER data.
*/
static int
-_gnutls_x509_write_dsa_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der)
+_gnutls_x509_write_dsa_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- der->data = NULL;
- der->size = 0;
-
- if (params->params_nr < DSA_PUBLIC_PARAMS)
- {
- gnutls_assert ();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_write_int (spk, "", params->params[3], 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (spk, "", der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- asn1_delete_structure (&spk);
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params->params_nr < DSA_PUBLIC_PARAMS) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_int(spk, "", params->params[3], 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+ return result;
}
/* Encodes the RSA parameters into an ASN.1 RSA private key structure.
*/
static int
-_gnutls_asn1_encode_rsa (ASN1_TYPE * c2, gnutls_pk_params_st * params)
+_gnutls_asn1_encode_rsa(ASN1_TYPE * c2, gnutls_pk_params_st * params)
{
- int result;
- uint8_t null = '\0';
- gnutls_pk_params_st pk_params;
- gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
-
- gnutls_pk_params_init(&pk_params);
-
- memset (&m, 0, sizeof (m));
- memset (&p, 0, sizeof (p));
- memset (&q, 0, sizeof (q));
- memset (&p, 0, sizeof (p));
- memset (&u, 0, sizeof (u));
- memset (&e, 0, sizeof (e));
- memset (&d, 0, sizeof (d));
- memset (&exp1, 0, sizeof (exp1));
- memset (&exp2, 0, sizeof (exp2));
-
- result = _gnutls_pk_params_copy (&pk_params, params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* retrieve as data */
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[0], &m);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[1], &e);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[2], &d);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[3], &p);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[4], &q);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[5], &u);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[6], &exp1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_mpi_dprint_lz (pk_params.params[7], &exp2);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- /* first make sure that no previously allocated data are leaked */
- if (*c2 != ASN1_TYPE_EMPTY)
- {
- asn1_delete_structure (c2);
- *c2 = ASN1_TYPE_EMPTY;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPrivateKey", c2))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Write PRIME
- */
- if ((result = asn1_write_value (*c2, "modulus",
- m.data, m.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "publicExponent",
- e.data, e.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "privateExponent",
- d.data, d.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "prime1",
- p.data, p.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "prime2",
- q.data, q.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "coefficient",
- u.data, u.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
-
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "exponent1",
- exp1.data, exp1.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "exponent2",
- exp2.data, exp2.size)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "otherPrimeInfos",
- NULL, 0)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- if (result != 0)
- asn1_delete_structure (c2);
-
- gnutls_pk_params_release (&pk_params);
-
- _gnutls_free_datum (&m);
- _gnutls_free_datum (&d);
- _gnutls_free_datum (&e);
- _gnutls_free_datum (&p);
- _gnutls_free_datum (&q);
- _gnutls_free_datum (&u);
- _gnutls_free_datum (&exp1);
- _gnutls_free_datum (&exp2);
-
- return result;
+ int result;
+ uint8_t null = '\0';
+ gnutls_pk_params_st pk_params;
+ gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
+
+ gnutls_pk_params_init(&pk_params);
+
+ memset(&m, 0, sizeof(m));
+ memset(&p, 0, sizeof(p));
+ memset(&q, 0, sizeof(q));
+ memset(&p, 0, sizeof(p));
+ memset(&u, 0, sizeof(u));
+ memset(&e, 0, sizeof(e));
+ memset(&d, 0, sizeof(d));
+ memset(&exp1, 0, sizeof(exp1));
+ memset(&exp2, 0, sizeof(exp2));
+
+ result = _gnutls_pk_params_copy(&pk_params, params);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* retrieve as data */
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[0], &m);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[1], &e);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[2], &d);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[3], &p);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[4], &q);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[5], &u);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[6], &exp1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz(pk_params.params[7], &exp2);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ /* first make sure that no previously allocated data are leaked */
+ if (*c2 != ASN1_TYPE_EMPTY) {
+ asn1_delete_structure(c2);
+ *c2 = ASN1_TYPE_EMPTY;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPrivateKey", c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value(*c2, "modulus",
+ m.data, m.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "publicExponent",
+ e.data, e.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "privateExponent",
+ d.data, d.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "prime1",
+ p.data, p.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "prime2",
+ q.data, q.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "coefficient",
+ u.data, u.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "exponent1",
+ exp1.data,
+ exp1.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "exponent2",
+ exp2.data,
+ exp2.size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "otherPrimeInfos",
+ NULL, 0)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result =
+ asn1_write_value(*c2, "version", &null, 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ if (result != 0)
+ asn1_delete_structure(c2);
+
+ gnutls_pk_params_release(&pk_params);
+
+ _gnutls_free_datum(&m);
+ _gnutls_free_datum(&d);
+ _gnutls_free_datum(&e);
+ _gnutls_free_datum(&p);
+ _gnutls_free_datum(&q);
+ _gnutls_free_datum(&u);
+ _gnutls_free_datum(&exp1);
+ _gnutls_free_datum(&exp2);
+
+ return result;
}
/* Encodes the ECC parameters into an ASN.1 ECPrivateKey structure.
*/
static int
-_gnutls_asn1_encode_ecc (ASN1_TYPE * c2, gnutls_pk_params_st * params)
+_gnutls_asn1_encode_ecc(ASN1_TYPE * c2, gnutls_pk_params_st * params)
{
- int ret;
- uint8_t one = '\x01';
- gnutls_datum pubkey = { NULL, 0 };
- const char *oid;
-
- oid = _gnutls_ecc_curve_get_oid(params->flags);
-
- if (params->params_nr != ECC_PRIVATE_PARAMS || oid == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = _gnutls_ecc_ansi_x963_export(params->flags, params->params[ECC_X], params->params[ECC_Y], &pubkey);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- /* first make sure that no previously allocated data are leaked */
- if (*c2 != ASN1_TYPE_EMPTY)
- {
- asn1_delete_structure (c2);
- *c2 = ASN1_TYPE_EMPTY;
- }
-
- if ((ret = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.ECPrivateKey", c2))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- if ((ret = asn1_write_value (*c2, "Version", &one, 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_write_int (*c2, "privateKey", params->params[ECC_K], 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((ret = asn1_write_value (*c2, "publicKey", pubkey.data, pubkey.size*8)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- /* write our choice */
- if ((ret = asn1_write_value (*c2, "parameters", "namedCurve", 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- if ((ret = asn1_write_value (*c2, "parameters.namedCurve", oid, 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- _gnutls_free_datum(&pubkey);
- return 0;
-
-cleanup:
- asn1_delete_structure (c2);
- _gnutls_free_datum(&pubkey);
-
- return ret;
+ int ret;
+ uint8_t one = '\x01';
+ gnutls_datum pubkey = { NULL, 0 };
+ const char *oid;
+
+ oid = _gnutls_ecc_curve_get_oid(params->flags);
+
+ if (params->params_nr != ECC_PRIVATE_PARAMS || oid == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret =
+ _gnutls_ecc_ansi_x963_export(params->flags,
+ params->params[ECC_X],
+ params->params[ECC_Y], &pubkey);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ /* first make sure that no previously allocated data are leaked */
+ if (*c2 != ASN1_TYPE_EMPTY) {
+ asn1_delete_structure(c2);
+ *c2 = ASN1_TYPE_EMPTY;
+ }
+
+ if ((ret = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.ECPrivateKey", c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ if ((ret =
+ asn1_write_value(*c2, "Version", &one, 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_write_int(*c2, "privateKey",
+ params->params[ECC_K], 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((ret =
+ asn1_write_value(*c2, "publicKey", pubkey.data,
+ pubkey.size * 8)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ /* write our choice */
+ if ((ret =
+ asn1_write_value(*c2, "parameters", "namedCurve",
+ 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ if ((ret =
+ asn1_write_value(*c2, "parameters.namedCurve", oid,
+ 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ _gnutls_free_datum(&pubkey);
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(c2);
+ _gnutls_free_datum(&pubkey);
+
+ return ret;
}
/* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure.
*/
static int
-_gnutls_asn1_encode_dsa (ASN1_TYPE * c2, gnutls_pk_params_st * params)
+_gnutls_asn1_encode_dsa(ASN1_TYPE * c2, gnutls_pk_params_st * params)
{
- int result, i;
- size_t size[DSA_PRIVATE_PARAMS], total;
- uint8_t *p_data, *q_data, *g_data, *x_data, *y_data;
- uint8_t *all_data = NULL, *p;
- uint8_t null = '\0';
-
- /* Read all the sizes */
- total = 0;
- for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
- {
- _gnutls_mpi_print_lz (params->params[i], NULL, &size[i]);
- total += size[i];
- }
-
- /* Encoding phase.
- * allocate data enough to hold everything
- */
- all_data = gnutls_malloc (total);
- if (all_data == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- p = all_data;
- p_data = p;
- p += size[0];
- q_data = p;
- p += size[1];
- g_data = p;
- p += size[2];
- y_data = p;
- p += size[3];
- x_data = p;
-
- _gnutls_mpi_print_lz (params->params[0], p_data, &size[0]);
- _gnutls_mpi_print_lz (params->params[1], q_data, &size[1]);
- _gnutls_mpi_print_lz (params->params[2], g_data, &size[2]);
- _gnutls_mpi_print_lz (params->params[3], y_data, &size[3]);
- _gnutls_mpi_print_lz (params->params[4], x_data, &size[4]);
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- /* first make sure that no previously allocated data are leaked */
- if (*c2 != ASN1_TYPE_EMPTY)
- {
- asn1_delete_structure (c2);
- *c2 = ASN1_TYPE_EMPTY;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPrivateKey", c2))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Write PRIME
- */
- if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "q", q_data, size[1])) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "g", g_data, size[2])) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "Y", y_data, size[3])) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value (*c2, "priv",
- x_data, size[4])) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- gnutls_free (all_data);
-
- if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- asn1_delete_structure (c2);
- gnutls_free (all_data);
-
- return result;
+ int result, i;
+ size_t size[DSA_PRIVATE_PARAMS], total;
+ uint8_t *p_data, *q_data, *g_data, *x_data, *y_data;
+ uint8_t *all_data = NULL, *p;
+ uint8_t null = '\0';
+
+ /* Read all the sizes */
+ total = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
+ _gnutls_mpi_print_lz(params->params[i], NULL, &size[i]);
+ total += size[i];
+ }
+
+ /* Encoding phase.
+ * allocate data enough to hold everything
+ */
+ all_data = gnutls_malloc(total);
+ if (all_data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ p = all_data;
+ p_data = p;
+ p += size[0];
+ q_data = p;
+ p += size[1];
+ g_data = p;
+ p += size[2];
+ y_data = p;
+ p += size[3];
+ x_data = p;
+
+ _gnutls_mpi_print_lz(params->params[0], p_data, &size[0]);
+ _gnutls_mpi_print_lz(params->params[1], q_data, &size[1]);
+ _gnutls_mpi_print_lz(params->params[2], g_data, &size[2]);
+ _gnutls_mpi_print_lz(params->params[3], y_data, &size[3]);
+ _gnutls_mpi_print_lz(params->params[4], x_data, &size[4]);
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ /* first make sure that no previously allocated data are leaked */
+ if (*c2 != ASN1_TYPE_EMPTY) {
+ asn1_delete_structure(c2);
+ *c2 = ASN1_TYPE_EMPTY;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPrivateKey", c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Write PRIME
+ */
+ if ((result =
+ asn1_write_value(*c2, "p", p_data,
+ size[0])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result =
+ asn1_write_value(*c2, "q", q_data,
+ size[1])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result =
+ asn1_write_value(*c2, "g", g_data,
+ size[2])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result =
+ asn1_write_value(*c2, "Y", y_data,
+ size[3])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "priv",
+ x_data, size[4])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ gnutls_free(all_data);
+
+ if ((result =
+ asn1_write_value(*c2, "version", &null, 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(c2);
+ gnutls_free(all_data);
+
+ return result;
}
-int _gnutls_asn1_encode_privkey (gnutls_pk_algorithm_t pk, ASN1_TYPE * c2, gnutls_pk_params_st * params)
+int _gnutls_asn1_encode_privkey(gnutls_pk_algorithm_t pk, ASN1_TYPE * c2,
+ gnutls_pk_params_st * params)
{
- switch(pk)
- {
- case GNUTLS_PK_RSA:
- return _gnutls_asn1_encode_rsa(c2, params);
- case GNUTLS_PK_DSA:
- return _gnutls_asn1_encode_dsa(c2, params);
- case GNUTLS_PK_EC:
- return _gnutls_asn1_encode_ecc(c2, params);
- default:
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ return _gnutls_asn1_encode_rsa(c2, params);
+ case GNUTLS_PK_DSA:
+ return _gnutls_asn1_encode_dsa(c2, params);
+ case GNUTLS_PK_EC:
+ return _gnutls_asn1_encode_ecc(c2, params);
+ default:
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
}
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index c737b10980..e5b9dddf8b 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -32,42 +32,38 @@
/* Reads an Integer from the DER encoded data
*/
-int
-_gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out)
+int _gnutls_x509_read_der_int(uint8_t * der, int dersize, bigint_t * out)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- /* == INTEGER */
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey",
- &spk)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ /* == INTEGER */
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey",
+ &spk)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_decoding (&spk, der, dersize, NULL);
+ result = asn1_der_decoding(&spk, der, dersize, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
- /* Read Y */
+ /* Read Y */
- if ((result = _gnutls_x509_read_int (spk, "", out)) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return _gnutls_asn2err (result);
- }
+ if ((result = _gnutls_x509_read_int(spk, "", out)) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
- asn1_delete_structure (&spk);
+ asn1_delete_structure(&spk);
- return 0;
+ return 0;
}
@@ -75,102 +71,100 @@ _gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out)
/* Extracts DSA and RSA parameters from a certificate.
*/
int
-_gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
- gnutls_pk_params_st * params)
+_gnutls_get_asn_mpis(ASN1_TYPE asn, const char *root,
+ gnutls_pk_params_st * params)
{
- int result;
- char name[256];
- gnutls_datum_t tmp = { NULL, 0 };
- gnutls_pk_algorithm_t pk_algorithm;
-
- gnutls_pk_params_init(params);
-
- result = _gnutls_x509_get_pk_algorithm (asn, root, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- pk_algorithm = result;
-
- /* Read the algorithm's parameters
- */
- _asnstr_append_name (name, sizeof (name), root, ".subjectPublicKey");
- result = _gnutls_x509_read_value (asn, name, &tmp);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if ((result =
- _gnutls_x509_read_pubkey (pk_algorithm, tmp.data, tmp.size, params)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* Now read the parameters
- */
- _gnutls_free_datum (&tmp);
-
- _asnstr_append_name (name, sizeof (name), root,
- ".algorithm.parameters");
-
- /* FIXME: If the parameters are not included in the certificate
- * then the issuer's parameters should be used. This is not
- * done yet.
- */
-
- if (pk_algorithm != GNUTLS_PK_RSA) /* RSA doesn't use parameters */
- {
- result = _gnutls_x509_read_value (asn, name, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- if ((result =
- _gnutls_x509_read_pubkey_params (pk_algorithm, tmp.data, tmp.size, params)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- result = 0;
-
-error:
- _gnutls_free_datum (&tmp);
- return result;
+ int result;
+ char name[256];
+ gnutls_datum_t tmp = { NULL, 0 };
+ gnutls_pk_algorithm_t pk_algorithm;
+
+ gnutls_pk_params_init(params);
+
+ result = _gnutls_x509_get_pk_algorithm(asn, root, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ pk_algorithm = result;
+
+ /* Read the algorithm's parameters
+ */
+ _asnstr_append_name(name, sizeof(name), root, ".subjectPublicKey");
+ result = _gnutls_x509_read_value(asn, name, &tmp);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if ((result =
+ _gnutls_x509_read_pubkey(pk_algorithm, tmp.data, tmp.size,
+ params)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Now read the parameters
+ */
+ _gnutls_free_datum(&tmp);
+
+ _asnstr_append_name(name, sizeof(name), root,
+ ".algorithm.parameters");
+
+ /* FIXME: If the parameters are not included in the certificate
+ * then the issuer's parameters should be used. This is not
+ * done yet.
+ */
+
+ if (pk_algorithm != GNUTLS_PK_RSA) { /* RSA doesn't use parameters */
+ result = _gnutls_x509_read_value(asn, name, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_pubkey_params(pk_algorithm,
+ tmp.data, tmp.size,
+ params)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ result = 0;
+
+ error:
+ _gnutls_free_datum(&tmp);
+ return result;
}
/* Extracts DSA and RSA parameters from a certificate.
*/
int
-_gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
- gnutls_pk_params_st * params)
+_gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert,
+ gnutls_pk_params_st * params)
{
- /* Read the algorithm's OID
- */
- return _gnutls_get_asn_mpis (cert->cert,
- "tbsCertificate.subjectPublicKeyInfo", params);
+ /* Read the algorithm's OID
+ */
+ return _gnutls_get_asn_mpis(cert->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ params);
}
/* Extracts DSA and RSA parameters from a certificate.
*/
int
-_gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
- gnutls_pk_params_st* params)
+_gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert,
+ gnutls_pk_params_st * params)
{
- /* Read the algorithm's OID
- */
- return _gnutls_get_asn_mpis (cert->crq,
- "certificationRequestInfo.subjectPKInfo",
- params);
+ /* Read the algorithm's OID
+ */
+ return _gnutls_get_asn_mpis(cert->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ params);
}
/*
@@ -178,55 +172,53 @@ _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
* This is the "signatureAlgorithm" fields.
*/
int
-_gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
- gnutls_pk_algorithm_t pk_algorithm,
- gnutls_digest_algorithm_t dig)
+_gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name,
+ gnutls_pk_algorithm_t pk_algorithm,
+ gnutls_digest_algorithm_t dig)
{
- int result;
- char name[128];
- const char *pk;
-
- _gnutls_str_cpy (name, sizeof (name), dst_name);
- _gnutls_str_cat (name, sizeof (name), ".algorithm");
-
- pk = _gnutls_x509_sign_to_oid (pk_algorithm, dig);
- if (pk == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Cannot find OID for sign algorithm pk: %d dig: %d\n",
- (int) pk_algorithm, (int) dig);
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* write the OID.
- */
- result = asn1_write_value (dst, name, pk, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- _gnutls_str_cpy (name, sizeof (name), dst_name);
- _gnutls_str_cat (name, sizeof (name), ".parameters");
-
- if (pk_algorithm == GNUTLS_PK_RSA)
- result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE);
- else
- result = asn1_write_value (dst, name, NULL, 0);
-
- if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
- {
- /* Here we ignore the element not found error, since this
- * may have been disabled before.
- */
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ char name[128];
+ const char *pk;
+
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".algorithm");
+
+ pk = _gnutls_x509_sign_to_oid(pk_algorithm, dig);
+ if (pk == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Cannot find OID for sign algorithm pk: %d dig: %d\n",
+ (int) pk_algorithm, (int) dig);
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* write the OID.
+ */
+ result = asn1_write_value(dst, name, pk, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".parameters");
+
+ if (pk_algorithm == GNUTLS_PK_RSA)
+ result =
+ asn1_write_value(dst, name, ASN1_NULL, ASN1_NULL_SIZE);
+ else
+ result = asn1_write_value(dst, name, NULL, 0);
+
+ if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) {
+ /* Here we ignore the element not found error, since this
+ * may have been disabled before.
+ */
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/* this function reads a (small) unsigned integer
@@ -234,72 +226,68 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
* steps.
*/
int
-_gnutls_x509_read_uint (ASN1_TYPE node, const char *value, unsigned int *ret)
+_gnutls_x509_read_uint(ASN1_TYPE node, const char *value,
+ unsigned int *ret)
{
- int len, result;
- uint8_t *tmpstr;
-
- len = 0;
- result = asn1_read_value (node, value, NULL, &len);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- tmpstr = gnutls_malloc (len);
- if (tmpstr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_read_value (node, value, tmpstr, &len);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmpstr);
- return _gnutls_asn2err (result);
- }
-
- if (len == 1)
- *ret = tmpstr[0];
- else if (len == 2)
- *ret = _gnutls_read_uint16 (tmpstr);
- else if (len == 3)
- *ret = _gnutls_read_uint24 (tmpstr);
- else if (len == 4)
- *ret = _gnutls_read_uint32 (tmpstr);
- else
- {
- gnutls_assert ();
- gnutls_free (tmpstr);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- gnutls_free (tmpstr);
-
- return 0;
+ int len, result;
+ uint8_t *tmpstr;
+
+ len = 0;
+ result = asn1_read_value(node, value, NULL, &len);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ tmpstr = gnutls_malloc(len);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value(node, value, tmpstr, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmpstr);
+ return _gnutls_asn2err(result);
+ }
+
+ if (len == 1)
+ *ret = tmpstr[0];
+ else if (len == 2)
+ *ret = _gnutls_read_uint16(tmpstr);
+ else if (len == 3)
+ *ret = _gnutls_read_uint24(tmpstr);
+ else if (len == 4)
+ *ret = _gnutls_read_uint32(tmpstr);
+ else {
+ gnutls_assert();
+ gnutls_free(tmpstr);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ gnutls_free(tmpstr);
+
+ return 0;
}
/* Writes the specified integer into the specified node.
*/
int
-_gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, uint32_t num)
+_gnutls_x509_write_uint32(ASN1_TYPE node, const char *value, uint32_t num)
{
- uint8_t tmpstr[4];
- int result;
+ uint8_t tmpstr[4];
+ int result;
- _gnutls_write_uint32 (num, tmpstr);
+ _gnutls_write_uint32(num, tmpstr);
- result = asn1_write_value (node, value, tmpstr, 4);
+ result = asn1_write_value(node, value, tmpstr, 4);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index d7186b475c..4e6adf850c 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -33,16 +33,14 @@
#include <gnutls/ocsp.h>
#include <auth/cert.h>
-typedef struct gnutls_ocsp_req_int
-{
- ASN1_TYPE req;
+typedef struct gnutls_ocsp_req_int {
+ ASN1_TYPE req;
} gnutls_ocsp_req_int;
-typedef struct gnutls_ocsp_resp_int
-{
- ASN1_TYPE resp;
- gnutls_datum_t response_type_oid;
- ASN1_TYPE basicresp;
+typedef struct gnutls_ocsp_resp_int {
+ ASN1_TYPE resp;
+ gnutls_datum_t response_type_oid;
+ ASN1_TYPE basicresp;
} gnutls_ocsp_resp_int;
#define MAX_TIME 64
@@ -56,27 +54,26 @@ typedef struct gnutls_ocsp_resp_int
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_ocsp_req_init (gnutls_ocsp_req_t * req)
+int gnutls_ocsp_req_init(gnutls_ocsp_req_t * req)
{
- gnutls_ocsp_req_t tmp = gnutls_calloc (1, sizeof (gnutls_ocsp_req_int));
- int ret;
-
- if (!tmp)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.OCSPRequest",
- &tmp->req);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmp);
- return _gnutls_asn2err (ret);
- }
+ gnutls_ocsp_req_t tmp =
+ gnutls_calloc(1, sizeof(gnutls_ocsp_req_int));
+ int ret;
+
+ if (!tmp)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = asn1_create_element(_gnutls_get_pkix(), "PKIX1.OCSPRequest",
+ &tmp->req);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmp);
+ return _gnutls_asn2err(ret);
+ }
- *req = tmp;
+ *req = tmp;
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -85,18 +82,17 @@ gnutls_ocsp_req_init (gnutls_ocsp_req_t * req)
*
* This function will deinitialize a OCSP request structure.
**/
-void
-gnutls_ocsp_req_deinit (gnutls_ocsp_req_t req)
+void gnutls_ocsp_req_deinit(gnutls_ocsp_req_t req)
{
- if (!req)
- return;
+ if (!req)
+ return;
- if (req->req)
- asn1_delete_structure (&req->req);
+ if (req->req)
+ asn1_delete_structure(&req->req);
- req->req = NULL;
+ req->req = NULL;
- gnutls_free (req);
+ gnutls_free(req);
}
/**
@@ -108,37 +104,36 @@ gnutls_ocsp_req_deinit (gnutls_ocsp_req_t req)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_ocsp_resp_init (gnutls_ocsp_resp_t * resp)
+int gnutls_ocsp_resp_init(gnutls_ocsp_resp_t * resp)
{
- gnutls_ocsp_resp_t tmp = gnutls_calloc (1, sizeof (gnutls_ocsp_resp_int));
- int ret;
-
- if (!tmp)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.OCSPResponse", &tmp->resp);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmp);
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.BasicOCSPResponse", &tmp->basicresp);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&tmp->resp);
- gnutls_free (tmp);
- return _gnutls_asn2err (ret);
- }
-
- *resp = tmp;
-
- return GNUTLS_E_SUCCESS;
+ gnutls_ocsp_resp_t tmp =
+ gnutls_calloc(1, sizeof(gnutls_ocsp_resp_int));
+ int ret;
+
+ if (!tmp)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.OCSPResponse", &tmp->resp);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmp);
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.BasicOCSPResponse",
+ &tmp->basicresp);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&tmp->resp);
+ gnutls_free(tmp);
+ return _gnutls_asn2err(ret);
+ }
+
+ *resp = tmp;
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -147,23 +142,22 @@ gnutls_ocsp_resp_init (gnutls_ocsp_resp_t * resp)
*
* This function will deinitialize a OCSP response structure.
**/
-void
-gnutls_ocsp_resp_deinit (gnutls_ocsp_resp_t resp)
+void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp)
{
- if (!resp)
- return;
+ if (!resp)
+ return;
- if (resp->resp)
- asn1_delete_structure (&resp->resp);
- gnutls_free (resp->response_type_oid.data);
- if (resp->basicresp)
- asn1_delete_structure (&resp->basicresp);
+ if (resp->resp)
+ asn1_delete_structure(&resp->resp);
+ gnutls_free(resp->response_type_oid.data);
+ if (resp->basicresp)
+ asn1_delete_structure(&resp->basicresp);
- resp->resp = NULL;
- resp->response_type_oid.data = NULL;
- resp->basicresp = NULL;
+ resp->resp = NULL;
+ resp->response_type_oid.data = NULL;
+ resp->basicresp = NULL;
- gnutls_free (resp);
+ gnutls_free(resp);
}
/**
@@ -179,41 +173,36 @@ gnutls_ocsp_resp_deinit (gnutls_ocsp_resp_t resp)
* negative error value.
**/
int
-gnutls_ocsp_req_import (gnutls_ocsp_req_t req,
- const gnutls_datum_t * data)
+gnutls_ocsp_req_import(gnutls_ocsp_req_t req, const gnutls_datum_t * data)
{
- int ret = 0;
-
- if (req == NULL || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (req->req)
- {
- /* Any earlier asn1_der_decoding will modify the ASN.1
- structure, so we need to replace it with a fresh
- structure. */
- asn1_delete_structure (&req->req);
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.OCSPRequest", &req->req);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
- }
-
- ret = asn1_der_decoding (&req->req, data->data, data->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret = 0;
+
+ if (req == NULL || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (req->req) {
+ /* Any earlier asn1_der_decoding will modify the ASN.1
+ structure, so we need to replace it with a fresh
+ structure. */
+ asn1_delete_structure(&req->req);
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.OCSPRequest", &req->req);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+ }
+
+ ret = asn1_der_decoding(&req->req, data->data, data->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -229,118 +218,111 @@ gnutls_ocsp_req_import (gnutls_ocsp_req_t req,
* negative error value.
**/
int
-gnutls_ocsp_resp_import (gnutls_ocsp_resp_t resp,
- const gnutls_datum_t * data)
+gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp,
+ const gnutls_datum_t * data)
{
- int ret = 0;
-
- if (resp == NULL || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (resp->resp)
- {
- /* Any earlier asn1_der_decoding will modify the ASN.1
- structure, so we need to replace it with a fresh
- structure. */
- asn1_delete_structure (&resp->resp);
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.OCSPResponse", &resp->resp);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
- }
-
- ret = asn1_der_decoding (&resp->resp, data->data, data->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- if (gnutls_ocsp_resp_get_status (resp) != GNUTLS_OCSP_RESP_SUCCESSFUL)
- return GNUTLS_E_SUCCESS;
-
- ret = _gnutls_x509_read_value (resp->resp, "responseBytes.responseType",
- &resp->response_type_oid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ int ret = 0;
+ if (resp == NULL || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (resp->resp) {
+ /* Any earlier asn1_der_decoding will modify the ASN.1
+ structure, so we need to replace it with a fresh
+ structure. */
+ asn1_delete_structure(&resp->resp);
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.OCSPResponse",
+ &resp->resp);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+ }
+
+ ret = asn1_der_decoding(&resp->resp, data->data, data->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ if (gnutls_ocsp_resp_get_status(resp) !=
+ GNUTLS_OCSP_RESP_SUCCESSFUL)
+ return GNUTLS_E_SUCCESS;
+
+ ret =
+ _gnutls_x509_read_value(resp->resp,
+ "responseBytes.responseType",
+ &resp->response_type_oid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
#define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"
- if (resp->response_type_oid.size == sizeof (OCSP_BASIC)
- && memcmp (resp->response_type_oid.data, OCSP_BASIC,
- resp->response_type_oid.size) == 0)
- {
- gnutls_datum_t d;
-
- if (resp->basicresp)
- {
- asn1_delete_structure (&resp->basicresp);
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.BasicOCSPResponse", &resp->basicresp);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
- }
-
- ret = _gnutls_x509_read_value (resp->resp, "responseBytes.response",
- &d);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = asn1_der_decoding (&resp->basicresp, d.data, d.size, NULL);
- gnutls_free (d.data);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
- }
- else
- resp->basicresp = NULL;
-
- return GNUTLS_E_SUCCESS;
+ if (resp->response_type_oid.size == sizeof(OCSP_BASIC)
+ && memcmp(resp->response_type_oid.data, OCSP_BASIC,
+ resp->response_type_oid.size) == 0) {
+ gnutls_datum_t d;
+
+ if (resp->basicresp) {
+ asn1_delete_structure(&resp->basicresp);
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.BasicOCSPResponse",
+ &resp->basicresp);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+ }
+
+ ret =
+ _gnutls_x509_read_value(resp->resp,
+ "responseBytes.response", &d);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ asn1_der_decoding(&resp->basicresp, d.data, d.size,
+ NULL);
+ gnutls_free(d.data);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+ } else
+ resp->basicresp = NULL;
+
+ return GNUTLS_E_SUCCESS;
}
-static int
-export (ASN1_TYPE node, const char *name, gnutls_datum_t * data)
+static int export(ASN1_TYPE node, const char *name, gnutls_datum_t * data)
{
- int ret;
- int len = 0;
-
- ret = asn1_der_coding (node, name, NULL, &len, NULL);
- if (ret != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
- data->size = len;
- data->data = gnutls_malloc (len);
- if (data->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
- ret = asn1_der_coding (node, name, data->data, &len, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ int len = 0;
+
+ ret = asn1_der_coding(node, name, NULL, &len, NULL);
+ if (ret != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+ data->size = len;
+ data->data = gnutls_malloc(len);
+ if (data->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+ ret = asn1_der_coding(node, name, data->data, &len, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -353,27 +335,26 @@ export (ASN1_TYPE node, const char *name, gnutls_datum_t * data)
* Returns: In case of failure a negative error code will be
* returned, and 0 on success.
**/
-int
-gnutls_ocsp_req_export (gnutls_ocsp_req_t req, gnutls_datum_t * data)
+int gnutls_ocsp_req_export(gnutls_ocsp_req_t req, gnutls_datum_t * data)
{
- int ret;
+ int ret;
- if (req == NULL || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (req == NULL || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* XXX remove when we support these fields */
- asn1_write_value (req->req, "tbsRequest.requestorName", NULL, 0);
- asn1_write_value (req->req, "optionalSignature", NULL, 0);
+ /* XXX remove when we support these fields */
+ asn1_write_value(req->req, "tbsRequest.requestorName", NULL, 0);
+ asn1_write_value(req->req, "optionalSignature", NULL, 0);
- /* prune extension field if we don't have any extension */
- ret = gnutls_ocsp_req_get_extension (req, 0, NULL, NULL, NULL);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- asn1_write_value (req->req, "tbsRequest.requestExtensions", NULL, 0);
+ /* prune extension field if we don't have any extension */
+ ret = gnutls_ocsp_req_get_extension(req, 0, NULL, NULL, NULL);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ asn1_write_value(req->req, "tbsRequest.requestExtensions",
+ NULL, 0);
- return export (req->req, "", data);
+ return export(req->req, "", data);
}
/**
@@ -386,16 +367,14 @@ gnutls_ocsp_req_export (gnutls_ocsp_req_t req, gnutls_datum_t * data)
* Returns: In case of failure a negative error code will be
* returned, and 0 on success.
**/
-int
-gnutls_ocsp_resp_export (gnutls_ocsp_resp_t resp, gnutls_datum_t * data)
+int gnutls_ocsp_resp_export(gnutls_ocsp_resp_t resp, gnutls_datum_t * data)
{
- if (resp == NULL || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (resp == NULL || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return export (resp->resp, "", data);
+ return export(resp->resp, "", data);
}
/**
@@ -407,29 +386,27 @@ gnutls_ocsp_resp_export (gnutls_ocsp_resp_t resp, gnutls_datum_t * data)
*
* Returns: version of OCSP request, or a negative error code on error.
**/
-int
-gnutls_ocsp_req_get_version (gnutls_ocsp_req_t req)
+int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req)
{
- uint8_t version[8];
- int len, ret;
-
- if (req == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (version);
- ret = asn1_read_value (req->req, "tbsRequest.version", version, &len);
- if (ret != ASN1_SUCCESS)
- {
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return (int) version[0] + 1;
+ uint8_t version[8];
+ int len, ret;
+
+ if (req == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(version);
+ ret =
+ asn1_read_value(req->req, "tbsRequest.version", version, &len);
+ if (ret != ASN1_SUCCESS) {
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return (int) version[0] + 1;
}
/**
@@ -462,89 +439,88 @@ gnutls_ocsp_req_get_version (gnutls_ocsp_req_t req)
* returned.
**/
int
-gnutls_ocsp_req_get_cert_id (gnutls_ocsp_req_t req,
- unsigned indx,
- gnutls_digest_algorithm_t *digest,
- gnutls_datum_t *issuer_name_hash,
- gnutls_datum_t *issuer_key_hash,
- gnutls_datum_t *serial_number)
+gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req,
+ unsigned indx,
+ gnutls_digest_algorithm_t * digest,
+ gnutls_datum_t * issuer_name_hash,
+ gnutls_datum_t * issuer_key_hash,
+ gnutls_datum_t * serial_number)
{
- gnutls_datum_t sa;
- char name[ASN1_MAX_NAME_SIZE];
- int ret;
-
- if (req == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name),
- "tbsRequest.requestList.?%u.reqCert.hashAlgorithm.algorithm",
- indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, &sa);
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_x509_oid_to_digest ((char*)sa.data);
- _gnutls_free_datum (&sa);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (digest)
- *digest = ret;
-
- if (issuer_name_hash)
- {
- snprintf (name, sizeof (name),
- "tbsRequest.requestList.?%u.reqCert.issuerNameHash", indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, issuer_name_hash);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- if (issuer_key_hash)
- {
- snprintf (name, sizeof (name),
- "tbsRequest.requestList.?%u.reqCert.issuerKeyHash", indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, issuer_key_hash);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (issuer_name_hash)
- gnutls_free (issuer_name_hash->data);
- return ret;
- }
- }
-
- if (serial_number)
- {
- snprintf (name, sizeof (name),
- "tbsRequest.requestList.?%u.reqCert.serialNumber", indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, serial_number);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (issuer_name_hash)
- gnutls_free (issuer_name_hash->data);
- if (issuer_key_hash)
- gnutls_free (issuer_key_hash->data);
- return ret;
- }
- }
-
- return GNUTLS_E_SUCCESS;
+ gnutls_datum_t sa;
+ char name[ASN1_MAX_NAME_SIZE];
+ int ret;
+
+ if (req == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestList.?%u.reqCert.hashAlgorithm.algorithm",
+ indx + 1);
+ ret = _gnutls_x509_read_value(req->req, name, &sa);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_x509_oid_to_digest((char *) sa.data);
+ _gnutls_free_datum(&sa);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (digest)
+ *digest = ret;
+
+ if (issuer_name_hash) {
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestList.?%u.reqCert.issuerNameHash",
+ indx + 1);
+ ret =
+ _gnutls_x509_read_value(req->req, name,
+ issuer_name_hash);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ if (issuer_key_hash) {
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestList.?%u.reqCert.issuerKeyHash",
+ indx + 1);
+ ret =
+ _gnutls_x509_read_value(req->req, name,
+ issuer_key_hash);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (issuer_name_hash)
+ gnutls_free(issuer_name_hash->data);
+ return ret;
+ }
+ }
+
+ if (serial_number) {
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestList.?%u.reqCert.serialNumber",
+ indx + 1);
+ ret =
+ _gnutls_x509_read_value(req->req, name, serial_number);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (issuer_name_hash)
+ gnutls_free(issuer_name_hash->data);
+ if (issuer_key_hash)
+ gnutls_free(issuer_key_hash->data);
+ return ret;
+ }
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -574,93 +550,90 @@ gnutls_ocsp_req_get_cert_id (gnutls_ocsp_req_t req,
* negative error code is returned.
**/
int
-gnutls_ocsp_req_add_cert_id (gnutls_ocsp_req_t req,
- gnutls_digest_algorithm_t digest,
- const gnutls_datum_t *issuer_name_hash,
- const gnutls_datum_t *issuer_key_hash,
- const gnutls_datum_t *serial_number)
+gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req,
+ gnutls_digest_algorithm_t digest,
+ const gnutls_datum_t * issuer_name_hash,
+ const gnutls_datum_t * issuer_key_hash,
+ const gnutls_datum_t * serial_number)
{
- int result;
- const char *oid;
-
- if (req == NULL || issuer_name_hash == NULL
- || issuer_key_hash == NULL || serial_number == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- oid = _gnutls_x509_digest_to_oid (mac_to_entry(digest));
- if (oid == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = asn1_write_value (req->req, "tbsRequest.requestList", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.algorithm",
- oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* XXX we don't support any algorithm with parameters */
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.parameters",
- ASN1_NULL, ASN1_NULL_SIZE);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.reqCert.issuerNameHash",
- issuer_name_hash->data, issuer_name_hash->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.reqCert.issuerKeyHash",
- issuer_key_hash->data, issuer_key_hash->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.reqCert.serialNumber",
- serial_number->data, serial_number->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* XXX add separate function that can add extensions too */
- result = asn1_write_value
- (req->req, "tbsRequest.requestList.?LAST.singleRequestExtensions",
- NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return GNUTLS_E_SUCCESS;
+ int result;
+ const char *oid;
+
+ if (req == NULL || issuer_name_hash == NULL
+ || issuer_key_hash == NULL || serial_number == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ oid = _gnutls_x509_digest_to_oid(mac_to_entry(digest));
+ if (oid == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ asn1_write_value(req->req, "tbsRequest.requestList", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value
+ (req->req,
+ "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.algorithm",
+ oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* XXX we don't support any algorithm with parameters */
+ result = asn1_write_value
+ (req->req,
+ "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.parameters",
+ ASN1_NULL, ASN1_NULL_SIZE);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value
+ (req->req,
+ "tbsRequest.requestList.?LAST.reqCert.issuerNameHash",
+ issuer_name_hash->data, issuer_name_hash->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value
+ (req->req,
+ "tbsRequest.requestList.?LAST.reqCert.issuerKeyHash",
+ issuer_key_hash->data, issuer_key_hash->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value
+ (req->req, "tbsRequest.requestList.?LAST.reqCert.serialNumber",
+ serial_number->data, serial_number->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* XXX add separate function that can add extensions too */
+ result = asn1_write_value
+ (req->req,
+ "tbsRequest.requestList.?LAST.singleRequestExtensions", NULL,
+ 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -681,79 +654,72 @@ gnutls_ocsp_req_add_cert_id (gnutls_ocsp_req_t req,
* negative error code is returned.
**/
int
-gnutls_ocsp_req_add_cert (gnutls_ocsp_req_t req,
- gnutls_digest_algorithm_t digest,
- gnutls_x509_crt_t issuer,
- gnutls_x509_crt_t cert)
+gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req,
+ gnutls_digest_algorithm_t digest,
+ gnutls_x509_crt_t issuer, gnutls_x509_crt_t cert)
{
- int ret;
- gnutls_datum_t sn, tmp, inh, ikh;
- uint8_t inh_buf[MAX_HASH_SIZE];
- uint8_t ikh_buf[MAX_HASH_SIZE];
- size_t inhlen = MAX_HASH_SIZE;
- size_t ikhlen = MAX_HASH_SIZE;
-
- if (req == NULL || issuer == NULL || cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_der_encode (cert->cert,
- "tbsCertificate.issuer.rdnSequence",
- &tmp, 0);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_fingerprint (digest, &tmp, inh_buf, &inhlen);
- gnutls_free (tmp.data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- inh.size = inhlen;
- inh.data = inh_buf;
-
- ret = _gnutls_x509_read_value
- (issuer->cert, "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey",
- &tmp);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_fingerprint (digest, &tmp, ikh_buf, &ikhlen);
- gnutls_free (tmp.data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- ikh.size = ikhlen;
- ikh.data = ikh_buf;
-
- ret = _gnutls_x509_read_value (cert->cert, "tbsCertificate.serialNumber",
- &sn);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_ocsp_req_add_cert_id (req, digest, &inh, &ikh, &sn);
- gnutls_free (sn.data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ gnutls_datum_t sn, tmp, inh, ikh;
+ uint8_t inh_buf[MAX_HASH_SIZE];
+ uint8_t ikh_buf[MAX_HASH_SIZE];
+ size_t inhlen = MAX_HASH_SIZE;
+ size_t ikhlen = MAX_HASH_SIZE;
+
+ if (req == NULL || issuer == NULL || cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_der_encode(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ &tmp, 0);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_fingerprint(digest, &tmp, inh_buf, &inhlen);
+ gnutls_free(tmp.data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ inh.size = inhlen;
+ inh.data = inh_buf;
+
+ ret = _gnutls_x509_read_value
+ (issuer->cert,
+ "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", &tmp);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_fingerprint(digest, &tmp, ikh_buf, &ikhlen);
+ gnutls_free(tmp.data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ ikh.size = ikhlen;
+ ikh.data = ikh_buf;
+
+ ret =
+ _gnutls_x509_read_value(cert->cert,
+ "tbsCertificate.serialNumber", &sn);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_ocsp_req_add_cert_id(req, digest, &inh, &ikh, &sn);
+ gnutls_free(sn.data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -780,70 +746,65 @@ gnutls_ocsp_req_add_cert (gnutls_ocsp_req_t req,
* be returned.
**/
int
-gnutls_ocsp_req_get_extension (gnutls_ocsp_req_t req,
- unsigned indx,
- gnutls_datum_t *oid,
- unsigned int *critical,
- gnutls_datum_t *data)
+gnutls_ocsp_req_get_extension(gnutls_ocsp_req_t req,
+ unsigned indx,
+ gnutls_datum_t * oid,
+ unsigned int *critical,
+ gnutls_datum_t * data)
{
- int ret;
- char str_critical[10];
- char name[ASN1_MAX_NAME_SIZE];
- int len;
-
- if (!req)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name), "tbsRequest.requestExtensions.?%u.critical",
- indx + 1);
- len = sizeof (str_critical);
- ret = asn1_read_value (req->req, name, str_critical, &len);
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- if (oid)
- {
- snprintf (name, sizeof (name),
- "tbsRequest.requestExtensions.?%u.extnID", indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, oid);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- if (data)
- {
- snprintf (name, sizeof (name),
- "tbsRequest.requestExtensions.?%u.extnValue", indx + 1);
- ret = _gnutls_x509_read_value (req->req, name, data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (oid)
- gnutls_free (oid->data);
- return ret;
- }
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!req) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestExtensions.?%u.critical", indx + 1);
+ len = sizeof(str_critical);
+ ret = asn1_read_value(req->req, name, str_critical, &len);
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ if (critical) {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ if (oid) {
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestExtensions.?%u.extnID",
+ indx + 1);
+ ret = _gnutls_x509_read_value(req->req, name, oid);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ if (data) {
+ snprintf(name, sizeof(name),
+ "tbsRequest.requestExtensions.?%u.extnValue",
+ indx + 1);
+ ret = _gnutls_x509_read_value(req->req, name, data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (oid)
+ gnutls_free(oid->data);
+ return ret;
+ }
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -861,19 +822,18 @@ gnutls_ocsp_req_get_extension (gnutls_ocsp_req_t req,
* negative error code is returned.
**/
int
-gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t req,
- const char *oid,
- unsigned int critical,
- const gnutls_datum_t *data)
+gnutls_ocsp_req_set_extension(gnutls_ocsp_req_t req,
+ const char *oid,
+ unsigned int critical,
+ const gnutls_datum_t * data)
{
- if (req == NULL || oid == NULL || data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return set_extension (req->req, "tbsRequest.requestExtensions", oid,
- data, critical);
+ if (req == NULL || oid == NULL || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return set_extension(req->req, "tbsRequest.requestExtensions", oid,
+ data, critical);
}
/**
@@ -891,40 +851,36 @@ gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t req,
* negative error code is returned.
**/
int
-gnutls_ocsp_req_get_nonce (gnutls_ocsp_req_t req,
- unsigned int *critical,
- gnutls_datum_t *nonce)
+gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_t req,
+ unsigned int *critical, gnutls_datum_t * nonce)
{
- int ret;
- gnutls_datum_t tmp;
-
- if (req == NULL || nonce == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = get_extension (req->req, "tbsRequest.requestExtensions",
- GNUTLS_OCSP_NONCE, 0,
- &tmp, critical);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_x509_decode_string (ASN1_ETYPE_OCTET_STRING, tmp.data, (size_t) tmp.size,
- nonce);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (tmp.data);
- return ret;
- }
-
- gnutls_free (tmp.data);
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ gnutls_datum_t tmp;
+
+ if (req == NULL || nonce == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = get_extension(req->req, "tbsRequest.requestExtensions",
+ GNUTLS_OCSP_NONCE, 0, &tmp, critical);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, tmp.data,
+ (size_t) tmp.size, nonce);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(tmp.data);
+ return ret;
+ }
+
+ gnutls_free(tmp.data);
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -941,45 +897,42 @@ gnutls_ocsp_req_get_nonce (gnutls_ocsp_req_t req,
* negative error code is returned.
**/
int
-gnutls_ocsp_req_set_nonce (gnutls_ocsp_req_t req,
- unsigned int critical,
- const gnutls_datum_t *nonce)
+gnutls_ocsp_req_set_nonce(gnutls_ocsp_req_t req,
+ unsigned int critical,
+ const gnutls_datum_t * nonce)
{
- int ret;
- gnutls_datum_t dernonce;
- unsigned char temp[SIZEOF_UNSIGNED_LONG_INT + 1];
- int len;
-
- if (req == NULL || nonce == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- asn1_length_der (nonce->size, temp, &len);
-
- dernonce.size = 1 + len + nonce->size;
- dernonce.data = gnutls_malloc (dernonce.size);
- if (dernonce.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- dernonce.data[0] = '\x04';
- memcpy (dernonce.data + 1, temp, len);
- memcpy (dernonce.data + 1 + len, nonce->data, nonce->size);
-
- ret = set_extension (req->req, "tbsRequest.requestExtensions",
- GNUTLS_OCSP_NONCE, &dernonce, critical);
- gnutls_free (dernonce.data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- return ret;
+ int ret;
+ gnutls_datum_t dernonce;
+ unsigned char temp[SIZEOF_UNSIGNED_LONG_INT + 1];
+ int len;
+
+ if (req == NULL || nonce == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ asn1_length_der(nonce->size, temp, &len);
+
+ dernonce.size = 1 + len + nonce->size;
+ dernonce.data = gnutls_malloc(dernonce.size);
+ if (dernonce.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ dernonce.data[0] = '\x04';
+ memcpy(dernonce.data + 1, temp, len);
+ memcpy(dernonce.data + 1 + len, nonce->data, nonce->size);
+
+ ret = set_extension(req->req, "tbsRequest.requestExtensions",
+ GNUTLS_OCSP_NONCE, &dernonce, critical);
+ gnutls_free(dernonce.data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return ret;
}
/**
@@ -992,34 +945,30 @@ gnutls_ocsp_req_set_nonce (gnutls_ocsp_req_t req,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error code is returned.
**/
-int
-gnutls_ocsp_req_randomize_nonce (gnutls_ocsp_req_t req)
+int gnutls_ocsp_req_randomize_nonce(gnutls_ocsp_req_t req)
{
- int ret;
- uint8_t rndbuf[23];
- gnutls_datum_t nonce = { rndbuf, sizeof (rndbuf) };
-
- if (req == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_rnd (GNUTLS_RND_NONCE, rndbuf, sizeof (rndbuf));
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_ocsp_req_set_nonce (req, 0, &nonce);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ uint8_t rndbuf[23];
+ gnutls_datum_t nonce = { rndbuf, sizeof(rndbuf) };
+
+ if (req == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_rnd(GNUTLS_RND_NONCE, rndbuf, sizeof(rndbuf));
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_ocsp_req_set_nonce(req, 0, &nonce);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1032,40 +981,36 @@ gnutls_ocsp_req_randomize_nonce (gnutls_ocsp_req_t req)
* Returns: status of OCSP request as a #gnutls_ocsp_resp_status_t, or
* a negative error code on error.
**/
-int
-gnutls_ocsp_resp_get_status (gnutls_ocsp_resp_t resp)
+int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp)
{
- uint8_t str[1];
- int len, ret;
-
- if (resp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (str);
- ret = asn1_read_value (resp->resp, "responseStatus", str, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- switch (str[0])
- {
- case GNUTLS_OCSP_RESP_SUCCESSFUL:
- case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
- case GNUTLS_OCSP_RESP_INTERNALERROR:
- case GNUTLS_OCSP_RESP_TRYLATER:
- case GNUTLS_OCSP_RESP_SIGREQUIRED:
- case GNUTLS_OCSP_RESP_UNAUTHORIZED:
- break;
- default:
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
-
- return (int) str[0];
+ uint8_t str[1];
+ int len, ret;
+
+ if (resp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(str);
+ ret = asn1_read_value(resp->resp, "responseStatus", str, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ switch (str[0]) {
+ case GNUTLS_OCSP_RESP_SUCCESSFUL:
+ case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
+ case GNUTLS_OCSP_RESP_INTERNALERROR:
+ case GNUTLS_OCSP_RESP_TRYLATER:
+ case GNUTLS_OCSP_RESP_SIGREQUIRED:
+ case GNUTLS_OCSP_RESP_UNAUTHORIZED:
+ break;
+ default:
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+
+ return (int) str[0];
}
/**
@@ -1089,41 +1034,40 @@ gnutls_ocsp_resp_get_status (gnutls_ocsp_resp_t resp)
* negative error value.
**/
int
-gnutls_ocsp_resp_get_response (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *response_type_oid,
- gnutls_datum_t *response)
+gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * response_type_oid,
+ gnutls_datum_t * response)
{
- int ret;
-
- if (resp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (response_type_oid != NULL)
- {
- ret = _gnutls_x509_read_value (resp->resp, "responseBytes.responseType",
- response_type_oid);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- if (response != NULL)
- {
- ret = _gnutls_x509_read_value (resp->resp, "responseBytes.response",
- response);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+
+ if (resp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (response_type_oid != NULL) {
+ ret =
+ _gnutls_x509_read_value(resp->resp,
+ "responseBytes.responseType",
+ response_type_oid);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ if (response != NULL) {
+ ret =
+ _gnutls_x509_read_value(resp->resp,
+ "responseBytes.response",
+ response);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1136,29 +1080,28 @@ gnutls_ocsp_resp_get_response (gnutls_ocsp_resp_t resp,
* Returns: version of Basic OCSP response, or a negative error code
* on error.
**/
-int
-gnutls_ocsp_resp_get_version (gnutls_ocsp_resp_t resp)
+int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp)
{
- uint8_t version[8];
- int len, ret;
-
- if (resp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (version);
- ret = asn1_read_value (resp->resp, "tbsResponseData.version", version, &len);
- if (ret != ASN1_SUCCESS)
- {
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- return (int) version[0] + 1;
+ uint8_t version[8];
+ int len, ret;
+
+ if (resp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(version);
+ ret =
+ asn1_read_value(resp->resp, "tbsResponseData.version", version,
+ &len);
+ if (ret != ASN1_SUCCESS) {
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return (int) version[0] + 1;
}
/**
@@ -1178,46 +1121,42 @@ gnutls_ocsp_resp_get_version (gnutls_ocsp_resp_t resp)
* negative error code is returned.
**/
int
-gnutls_ocsp_resp_get_responder (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *dn)
+gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * dn)
{
- int ret;
- size_t l = 0;
-
- if (resp == NULL || dn == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_parse_dn
- (resp->basicresp, "tbsResponseData.responderID.byName",
- NULL, &l);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- return ret;
- }
-
- dn->data = gnutls_malloc (l);
- if (dn->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_x509_parse_dn
- (resp->basicresp, "tbsResponseData.responderID.byName",
- (char*)dn->data, &l);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- dn->size = l;
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ size_t l = 0;
+
+ if (resp == NULL || dn == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_parse_dn
+ (resp->basicresp, "tbsResponseData.responderID.byName",
+ NULL, &l);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ return ret;
+ }
+
+ dn->data = gnutls_malloc(l);
+ if (dn->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_x509_parse_dn
+ (resp->basicresp, "tbsResponseData.responderID.byName",
+ (char *) dn->data, &l);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ dn->size = l;
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1229,31 +1168,29 @@ gnutls_ocsp_resp_get_responder (gnutls_ocsp_resp_t resp,
*
* Returns: signing time, or (time_t)-1 on error.
**/
-time_t
-gnutls_ocsp_resp_get_produced (gnutls_ocsp_resp_t resp)
+time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp)
{
- char ttime[MAX_TIME];
- int len, ret;
- time_t c_time;
-
- if (resp == NULL || resp->basicresp == NULL)
- {
- gnutls_assert ();
- return (time_t) (-1);
- }
-
- len = sizeof (ttime) - 1;
- ret = asn1_read_value (resp->basicresp, "tbsResponseData.producedAt",
- ttime, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return (time_t) (-1);
- }
-
- c_time = _gnutls_x509_generalTime2gtime (ttime);
-
- return c_time;
+ char ttime[MAX_TIME];
+ int len, ret;
+ time_t c_time;
+
+ if (resp == NULL || resp->basicresp == NULL) {
+ gnutls_assert();
+ return (time_t) (-1);
+ }
+
+ len = sizeof(ttime) - 1;
+ ret =
+ asn1_read_value(resp->basicresp, "tbsResponseData.producedAt",
+ ttime, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return (time_t) (-1);
+ }
+
+ c_time = _gnutls_x509_generalTime2gtime(ttime);
+
+ return c_time;
}
/**
@@ -1271,89 +1208,84 @@ gnutls_ocsp_resp_get_produced (gnutls_ocsp_resp_t resp)
* Since: 3.1.3
**/
int
-gnutls_ocsp_resp_check_crt (gnutls_ocsp_resp_t resp,
- unsigned int indx,
- gnutls_x509_crt_t crt)
+gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
+ unsigned int indx, gnutls_x509_crt_t crt)
{
-int ret;
-gnutls_digest_algorithm_t digest;
-gnutls_datum_t rdn_hash = {NULL, 0}, rserial = {NULL, 0};
-gnutls_datum_t cserial = {NULL, 0};
-gnutls_datum_t dn = {NULL, 0};
-uint8_t cdn_hash[MAX_HASH_SIZE];
-size_t t, hash_len;
-
- ret = gnutls_ocsp_resp_get_single (resp, indx, &digest, &rdn_hash, NULL,
- &rserial, NULL, NULL, NULL, NULL, NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (rserial.size == 0 || digest == GNUTLS_DIG_UNKNOWN)
- {
- ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR);
- goto cleanup;
- }
-
- hash_len = _gnutls_hash_get_algo_len(mac_to_entry(digest));
- if (hash_len != rdn_hash.size)
- {
- ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR);
- goto cleanup;
- }
-
- cserial.size = rserial.size;
- cserial.data = gnutls_malloc(cserial.size);
- if (cserial.data == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto cleanup;
- }
-
- t = cserial.size;
- ret = gnutls_x509_crt_get_serial(crt, cserial.data, &t);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if (rserial.size != cserial.size || memcmp(cserial.data, rserial.data, rserial.size) != 0)
- {
- ret = GNUTLS_E_OCSP_RESPONSE_ERROR;
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_get_raw_issuer_dn(crt, &dn);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_hash_fast( digest, dn.data, dn.size, cdn_hash);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- if (memcmp(cdn_hash, rdn_hash.data, hash_len) != 0)
- {
- ret = GNUTLS_E_OCSP_RESPONSE_ERROR;
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_free(rdn_hash.data);
- gnutls_free(rserial.data);
- gnutls_free(cserial.data);
- gnutls_free(dn.data);
-
- return ret;
+ int ret;
+ gnutls_digest_algorithm_t digest;
+ gnutls_datum_t rdn_hash = { NULL, 0 }, rserial = {
+ NULL, 0};
+ gnutls_datum_t cserial = { NULL, 0 };
+ gnutls_datum_t dn = { NULL, 0 };
+ uint8_t cdn_hash[MAX_HASH_SIZE];
+ size_t t, hash_len;
+
+ ret =
+ gnutls_ocsp_resp_get_single(resp, indx, &digest, &rdn_hash,
+ NULL, &rserial, NULL, NULL, NULL,
+ NULL, NULL);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (rserial.size == 0 || digest == GNUTLS_DIG_UNKNOWN) {
+ ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR);
+ goto cleanup;
+ }
+
+ hash_len = _gnutls_hash_get_algo_len(mac_to_entry(digest));
+ if (hash_len != rdn_hash.size) {
+ ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR);
+ goto cleanup;
+ }
+
+ cserial.size = rserial.size;
+ cserial.data = gnutls_malloc(cserial.size);
+ if (cserial.data == NULL) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto cleanup;
+ }
+
+ t = cserial.size;
+ ret = gnutls_x509_crt_get_serial(crt, cserial.data, &t);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (rserial.size != cserial.size
+ || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
+ ret = GNUTLS_E_OCSP_RESPONSE_ERROR;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_get_raw_issuer_dn(crt, &dn);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_hash_fast(digest, dn.data, dn.size, cdn_hash);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (memcmp(cdn_hash, rdn_hash.data, hash_len) != 0) {
+ ret = GNUTLS_E_OCSP_RESPONSE_ERROR;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_free(rdn_hash.data);
+ gnutls_free(rserial.data);
+ gnutls_free(cserial.data);
+ gnutls_free(dn.data);
+
+ return ret;
}
/**
@@ -1384,194 +1316,177 @@ cleanup:
* returned.
**/
int
-gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp,
- unsigned indx,
- gnutls_digest_algorithm_t *digest,
- gnutls_datum_t *issuer_name_hash,
- gnutls_datum_t *issuer_key_hash,
- gnutls_datum_t *serial_number,
- unsigned int *cert_status,
- time_t *this_update,
- time_t *next_update,
- time_t *revocation_time,
- unsigned int *revocation_reason)
+gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
+ unsigned indx,
+ gnutls_digest_algorithm_t * digest,
+ gnutls_datum_t * issuer_name_hash,
+ gnutls_datum_t * issuer_key_hash,
+ gnutls_datum_t * serial_number,
+ unsigned int *cert_status,
+ time_t * this_update,
+ time_t * next_update,
+ time_t * revocation_time,
+ unsigned int *revocation_reason)
{
- gnutls_datum_t sa;
- char name[ASN1_MAX_NAME_SIZE];
- int ret;
-
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certID.hashAlgorithm.algorithm",
- indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name, &sa);
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_x509_oid_to_digest ((char*)sa.data);
- _gnutls_free_datum (&sa);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (digest)
- *digest = ret;
-
- if (issuer_name_hash)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certID.issuerNameHash",
- indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name,
- issuer_name_hash);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- if (issuer_key_hash)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certID.issuerKeyHash",
- indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name,
- issuer_key_hash);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (issuer_name_hash)
- gnutls_free (issuer_name_hash->data);
- return ret;
- }
- }
-
- if (serial_number)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certID.serialNumber",
- indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name,
- serial_number);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (issuer_name_hash)
- gnutls_free (issuer_name_hash->data);
- if (issuer_key_hash)
- gnutls_free (issuer_key_hash->data);
- return ret;
- }
- }
-
- if (cert_status)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certStatus",
- indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name, &sa);
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- if (sa.size == 5 && memcmp (sa.data, "good", sa.size) == 0)
- *cert_status = GNUTLS_OCSP_CERT_GOOD;
- else if (sa.size == 8 && memcmp (sa.data, "revoked", sa.size) == 0)
- *cert_status = GNUTLS_OCSP_CERT_REVOKED;
- else if (sa.size == 8 && memcmp (sa.data, "unknown", sa.size) == 0)
- *cert_status = GNUTLS_OCSP_CERT_UNKNOWN;
- else
- {
- gnutls_assert ();
- gnutls_free (sa.data);
- return GNUTLS_E_ASN1_DER_ERROR;
- }
- gnutls_free (sa.data);
- }
-
- if (this_update)
- {
- char ttime[MAX_TIME];
- int len;
-
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.thisUpdate",
- indx + 1);
- len = sizeof (ttime) - 1;
- ret = asn1_read_value (resp->basicresp, name, ttime, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- *this_update = (time_t) (-1);
- }
- else
- *this_update = _gnutls_x509_generalTime2gtime (ttime);
- }
-
- if (next_update)
- {
- char ttime[MAX_TIME];
- int len;
-
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.nextUpdate",
- indx + 1);
- len = sizeof (ttime) - 1;
- ret = asn1_read_value (resp->basicresp, name, ttime, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- *next_update = (time_t) (-1);
- }
- else
- *next_update = _gnutls_x509_generalTime2gtime (ttime);
- }
-
- if (revocation_time)
- {
- char ttime[MAX_TIME];
- int len;
-
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certStatus."
- "revoked.revocationTime",
- indx + 1);
- len = sizeof (ttime) - 1;
- ret = asn1_read_value (resp->basicresp, name, ttime, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- *revocation_time = (time_t) (-1);
- }
- else
- *revocation_time = _gnutls_x509_generalTime2gtime (ttime);
- }
-
- /* revocation_reason */
- if (revocation_reason)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responses.?%u.certStatus."
- "revoked.revocationReason",
- indx + 1);
-
- ret = _gnutls_x509_read_uint (resp->basicresp, name,
- revocation_reason);
- if (ret < 0)
- *revocation_reason = GNUTLS_X509_CRLREASON_UNSPECIFIED;
- }
-
- return GNUTLS_E_SUCCESS;
+ gnutls_datum_t sa;
+ char name[ASN1_MAX_NAME_SIZE];
+ int ret;
+
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certID.hashAlgorithm.algorithm",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name, &sa);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_x509_oid_to_digest((char *) sa.data);
+ _gnutls_free_datum(&sa);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (digest)
+ *digest = ret;
+
+ if (issuer_name_hash) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certID.issuerNameHash",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name,
+ issuer_name_hash);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ if (issuer_key_hash) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certID.issuerKeyHash",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name,
+ issuer_key_hash);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (issuer_name_hash)
+ gnutls_free(issuer_name_hash->data);
+ return ret;
+ }
+ }
+
+ if (serial_number) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certID.serialNumber",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name,
+ serial_number);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (issuer_name_hash)
+ gnutls_free(issuer_name_hash->data);
+ if (issuer_key_hash)
+ gnutls_free(issuer_key_hash->data);
+ return ret;
+ }
+ }
+
+ if (cert_status) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certStatus",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name, &sa);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ if (sa.size == 5 && memcmp(sa.data, "good", sa.size) == 0)
+ *cert_status = GNUTLS_OCSP_CERT_GOOD;
+ else if (sa.size == 8
+ && memcmp(sa.data, "revoked", sa.size) == 0)
+ *cert_status = GNUTLS_OCSP_CERT_REVOKED;
+ else if (sa.size == 8
+ && memcmp(sa.data, "unknown", sa.size) == 0)
+ *cert_status = GNUTLS_OCSP_CERT_UNKNOWN;
+ else {
+ gnutls_assert();
+ gnutls_free(sa.data);
+ return GNUTLS_E_ASN1_DER_ERROR;
+ }
+ gnutls_free(sa.data);
+ }
+
+ if (this_update) {
+ char ttime[MAX_TIME];
+ int len;
+
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.thisUpdate",
+ indx + 1);
+ len = sizeof(ttime) - 1;
+ ret = asn1_read_value(resp->basicresp, name, ttime, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ *this_update = (time_t) (-1);
+ } else
+ *this_update =
+ _gnutls_x509_generalTime2gtime(ttime);
+ }
+
+ if (next_update) {
+ char ttime[MAX_TIME];
+ int len;
+
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.nextUpdate",
+ indx + 1);
+ len = sizeof(ttime) - 1;
+ ret = asn1_read_value(resp->basicresp, name, ttime, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ *next_update = (time_t) (-1);
+ } else
+ *next_update =
+ _gnutls_x509_generalTime2gtime(ttime);
+ }
+
+ if (revocation_time) {
+ char ttime[MAX_TIME];
+ int len;
+
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certStatus."
+ "revoked.revocationTime", indx + 1);
+ len = sizeof(ttime) - 1;
+ ret = asn1_read_value(resp->basicresp, name, ttime, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ *revocation_time = (time_t) (-1);
+ } else
+ *revocation_time =
+ _gnutls_x509_generalTime2gtime(ttime);
+ }
+
+ /* revocation_reason */
+ if (revocation_reason) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responses.?%u.certStatus."
+ "revoked.revocationReason", indx + 1);
+
+ ret = _gnutls_x509_read_uint(resp->basicresp, name,
+ revocation_reason);
+ if (ret < 0)
+ *revocation_reason =
+ GNUTLS_X509_CRLREASON_UNSPECIFIED;
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1598,71 +1513,66 @@ gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp,
* be returned.
**/
int
-gnutls_ocsp_resp_get_extension (gnutls_ocsp_resp_t resp,
- unsigned indx,
- gnutls_datum_t *oid,
- unsigned int *critical,
- gnutls_datum_t *data)
+gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_t resp,
+ unsigned indx,
+ gnutls_datum_t * oid,
+ unsigned int *critical,
+ gnutls_datum_t * data)
{
- int ret;
- char str_critical[10];
- char name[ASN1_MAX_NAME_SIZE];
- int len;
-
- if (!resp)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name),
- "tbsResponseData.responseExtensions.?%u.critical",
- indx + 1);
- len = sizeof (str_critical);
- ret = asn1_read_value (resp->basicresp, name, str_critical, &len);
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- if (oid)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responseExtensions.?%u.extnID", indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name, oid);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
- if (data)
- {
- snprintf (name, sizeof (name),
- "tbsResponseData.responseExtensions.?%u.extnValue", indx + 1);
- ret = _gnutls_x509_read_value (resp->basicresp, name, data);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- if (oid)
- gnutls_free (oid->data);
- return ret;
- }
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!resp) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responseExtensions.?%u.critical",
+ indx + 1);
+ len = sizeof(str_critical);
+ ret = asn1_read_value(resp->basicresp, name, str_critical, &len);
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ if (critical) {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ if (oid) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responseExtensions.?%u.extnID",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name, oid);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ if (data) {
+ snprintf(name, sizeof(name),
+ "tbsResponseData.responseExtensions.?%u.extnValue",
+ indx + 1);
+ ret = _gnutls_x509_read_value(resp->basicresp, name, data);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ if (oid)
+ gnutls_free(oid->data);
+ return ret;
+ }
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1681,34 +1591,33 @@ gnutls_ocsp_resp_get_extension (gnutls_ocsp_resp_t resp,
* negative error code is returned.
**/
int
-gnutls_ocsp_resp_get_nonce (gnutls_ocsp_resp_t resp,
- unsigned int *critical,
- gnutls_datum_t *nonce)
+gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_t resp,
+ unsigned int *critical, gnutls_datum_t * nonce)
{
- int ret;
- gnutls_datum_t tmp;
-
- ret = get_extension (resp->basicresp, "tbsResponseData.responseExtensions",
- GNUTLS_OCSP_NONCE, 0,
- &tmp, critical);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_x509_decode_string (ASN1_ETYPE_OCTET_STRING, tmp.data, (size_t) tmp.size,
- nonce);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (tmp.data);
- return ret;
- }
-
- gnutls_free (tmp.data);
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+ gnutls_datum_t tmp;
+
+ ret =
+ get_extension(resp->basicresp,
+ "tbsResponseData.responseExtensions",
+ GNUTLS_OCSP_NONCE, 0, &tmp, critical);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, tmp.data,
+ (size_t) tmp.size, nonce);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(tmp.data);
+ return ret;
+ }
+
+ gnutls_free(tmp.data);
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1722,25 +1631,23 @@ gnutls_ocsp_resp_get_nonce (gnutls_ocsp_resp_t resp,
* Returns: a #gnutls_sign_algorithm_t value, or a negative error code
* on error.
**/
-int
-gnutls_ocsp_resp_get_signature_algorithm (gnutls_ocsp_resp_t resp)
+int gnutls_ocsp_resp_get_signature_algorithm(gnutls_ocsp_resp_t resp)
{
- int ret;
- gnutls_datum_t sa;
-
- ret = _gnutls_x509_read_value (resp->basicresp,
- "signatureAlgorithm.algorithm", &sa);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ int ret;
+ gnutls_datum_t sa;
+
+ ret = _gnutls_x509_read_value(resp->basicresp,
+ "signatureAlgorithm.algorithm", &sa);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = _gnutls_x509_oid2sign_algorithm ((char*)sa.data);
+ ret = _gnutls_x509_oid2sign_algorithm((char *) sa.data);
- _gnutls_free_datum (&sa);
+ _gnutls_free_datum(&sa);
- return ret;
+ return ret;
}
/**
@@ -1754,25 +1661,23 @@ gnutls_ocsp_resp_get_signature_algorithm (gnutls_ocsp_resp_t resp)
* negative error value.
**/
int
-gnutls_ocsp_resp_get_signature (gnutls_ocsp_resp_t resp,
- gnutls_datum_t *sig)
+gnutls_ocsp_resp_get_signature(gnutls_ocsp_resp_t resp,
+ gnutls_datum_t * sig)
{
- int ret;
-
- if (resp == NULL || sig == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_read_value (resp->basicresp, "signature", sig);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return ret;
- }
-
- return GNUTLS_E_SUCCESS;
+ int ret;
+
+ if (resp == NULL || sig == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_read_value(resp->basicresp, "signature", sig);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return GNUTLS_E_SUCCESS;
}
/**
@@ -1798,302 +1703,271 @@ gnutls_ocsp_resp_get_signature (gnutls_ocsp_resp_t resp,
* negative error value.
**/
int
-gnutls_ocsp_resp_get_certs (gnutls_ocsp_resp_t resp,
- gnutls_x509_crt_t ** certs,
- size_t *ncerts)
+gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp,
+ gnutls_x509_crt_t ** certs, size_t * ncerts)
{
- int ret;
- size_t ctr = 0, i;
- gnutls_x509_crt_t *tmpcerts = NULL, *tmpcerts2;
- gnutls_datum_t c = { NULL, 0 };
-
- if (resp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- tmpcerts = gnutls_malloc (sizeof (*tmpcerts));
- if (tmpcerts == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (;;)
- {
- char name[ASN1_MAX_NAME_SIZE];
-
- snprintf (name, sizeof (name), "certs.?%u", (unsigned int)(ctr + 1));
- ret = _gnutls_x509_der_encode (resp->basicresp, name, &c, 0);
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- break;
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- tmpcerts2 = gnutls_realloc_fast (tmpcerts, (ctr + 2) * sizeof (*tmpcerts));
- if (tmpcerts2 == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
- tmpcerts = tmpcerts2;
-
- ret = gnutls_x509_crt_init (&tmpcerts[ctr]);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
- ctr++;
-
- ret = gnutls_x509_crt_import (tmpcerts[ctr - 1], &c,
- GNUTLS_X509_FMT_DER);
- if (ret != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- gnutls_free (c.data);
- c.data = NULL;
- }
-
- tmpcerts[ctr] = NULL;
-
- if (ncerts)
- *ncerts = ctr;
- if (certs)
- *certs = tmpcerts;
- else
- {
- /* clean up memory */
- ret = GNUTLS_E_SUCCESS;
- goto error;
- }
-
- return GNUTLS_E_SUCCESS;
-
- error:
- gnutls_free (c.data);
- for (i = 0; i < ctr; i++)
- gnutls_x509_crt_deinit (tmpcerts[i]);
- gnutls_free (tmpcerts);
- return ret;
+ int ret;
+ size_t ctr = 0, i;
+ gnutls_x509_crt_t *tmpcerts = NULL, *tmpcerts2;
+ gnutls_datum_t c = { NULL, 0 };
+
+ if (resp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ tmpcerts = gnutls_malloc(sizeof(*tmpcerts));
+ if (tmpcerts == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (;;) {
+ char name[ASN1_MAX_NAME_SIZE];
+
+ snprintf(name, sizeof(name), "certs.?%u",
+ (unsigned int) (ctr + 1));
+ ret =
+ _gnutls_x509_der_encode(resp->basicresp, name, &c, 0);
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ break;
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ tmpcerts2 =
+ gnutls_realloc_fast(tmpcerts,
+ (ctr + 2) * sizeof(*tmpcerts));
+ if (tmpcerts2 == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+ tmpcerts = tmpcerts2;
+
+ ret = gnutls_x509_crt_init(&tmpcerts[ctr]);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ ctr++;
+
+ ret = gnutls_x509_crt_import(tmpcerts[ctr - 1], &c,
+ GNUTLS_X509_FMT_DER);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ gnutls_free(c.data);
+ c.data = NULL;
+ }
+
+ tmpcerts[ctr] = NULL;
+
+ if (ncerts)
+ *ncerts = ctr;
+ if (certs)
+ *certs = tmpcerts;
+ else {
+ /* clean up memory */
+ ret = GNUTLS_E_SUCCESS;
+ goto error;
+ }
+
+ return GNUTLS_E_SUCCESS;
+
+ error:
+ gnutls_free(c.data);
+ for (i = 0; i < ctr; i++)
+ gnutls_x509_crt_deinit(tmpcerts[i]);
+ gnutls_free(tmpcerts);
+ return ret;
}
/* Search the OCSP response for a certificate matching the responderId
mentioned in the OCSP response. */
-static gnutls_x509_crt_t
-find_signercert (gnutls_ocsp_resp_t resp)
+static gnutls_x509_crt_t find_signercert(gnutls_ocsp_resp_t resp)
{
- int rc;
- gnutls_x509_crt_t * certs;
- size_t ncerts = 0, i;
- gnutls_datum_t riddn;
- gnutls_x509_crt_t signercert = NULL;
-
- rc = gnutls_ocsp_resp_get_responder (resp, &riddn);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return NULL;
- }
-
- rc = gnutls_ocsp_resp_get_certs (resp, &certs, &ncerts);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (riddn.data);
- return NULL;
- }
-
- for (i = 0; i < ncerts; i++)
- {
- char *crtdn;
- size_t crtdnsize = 0;
- int cmpok;
-
- rc = gnutls_x509_crt_get_dn (certs[i], NULL, &crtdnsize);
- if (rc != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- goto quit;
- }
-
- crtdn = gnutls_malloc (crtdnsize);
- if (crtdn == NULL)
- {
- gnutls_assert ();
- goto quit;
- }
-
- rc = gnutls_x509_crt_get_dn (certs[i], crtdn, &crtdnsize);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (crtdn);
- goto quit;
- }
-
- cmpok = (crtdnsize == riddn.size)
- && memcmp (riddn.data, crtdn, crtdnsize);
-
- gnutls_free (crtdn);
-
- if (cmpok == 0)
- {
- signercert = certs[i];
- goto quit;
- }
- }
-
- gnutls_assert ();
- signercert = NULL;
-
- quit:
- gnutls_free (riddn.data);
- for (i = 0; i < ncerts; i++)
- if (certs[i] != signercert)
- gnutls_x509_crt_deinit (certs[i]);
- gnutls_free (certs);
- return signercert;
+ int rc;
+ gnutls_x509_crt_t *certs;
+ size_t ncerts = 0, i;
+ gnutls_datum_t riddn;
+ gnutls_x509_crt_t signercert = NULL;
+
+ rc = gnutls_ocsp_resp_get_responder(resp, &riddn);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ rc = gnutls_ocsp_resp_get_certs(resp, &certs, &ncerts);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(riddn.data);
+ return NULL;
+ }
+
+ for (i = 0; i < ncerts; i++) {
+ char *crtdn;
+ size_t crtdnsize = 0;
+ int cmpok;
+
+ rc = gnutls_x509_crt_get_dn(certs[i], NULL, &crtdnsize);
+ if (rc != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto quit;
+ }
+
+ crtdn = gnutls_malloc(crtdnsize);
+ if (crtdn == NULL) {
+ gnutls_assert();
+ goto quit;
+ }
+
+ rc = gnutls_x509_crt_get_dn(certs[i], crtdn, &crtdnsize);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(crtdn);
+ goto quit;
+ }
+
+ cmpok = (crtdnsize == riddn.size)
+ && memcmp(riddn.data, crtdn, crtdnsize);
+
+ gnutls_free(crtdn);
+
+ if (cmpok == 0) {
+ signercert = certs[i];
+ goto quit;
+ }
+ }
+
+ gnutls_assert();
+ signercert = NULL;
+
+ quit:
+ gnutls_free(riddn.data);
+ for (i = 0; i < ncerts; i++)
+ if (certs[i] != signercert)
+ gnutls_x509_crt_deinit(certs[i]);
+ gnutls_free(certs);
+ return signercert;
}
static int
-_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
- gnutls_x509_crt_t signercert,
- unsigned int *verify,
- unsigned int flags)
+_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp,
+ gnutls_x509_crt_t signercert,
+ unsigned int *verify, unsigned int flags)
{
- gnutls_datum_t sig = { NULL };
- gnutls_datum_t data = { NULL };
- gnutls_pubkey_t pubkey = NULL;
- int sigalg;
- int rc;
-
- if (resp == NULL || signercert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- rc = gnutls_ocsp_resp_get_signature_algorithm (resp);
- if (rc < 0)
- {
- gnutls_assert ();
- goto done;
- }
- sigalg = rc;
-
- rc = export (resp->basicresp, "tbsResponseData", &data);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- rc = gnutls_pubkey_init (&pubkey);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- rc = gnutls_pubkey_import_x509 (pubkey, signercert, 0);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- rc = gnutls_ocsp_resp_get_signature (resp, &sig);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- rc = gnutls_pubkey_verify_data2 (pubkey, sigalg, 0, &data, &sig);
- if (rc == GNUTLS_E_PK_SIG_VERIFY_FAILED)
- {
- gnutls_assert ();
- *verify = GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE;
- }
- else if (rc < 0)
- {
- gnutls_assert ();
- goto done;
- }
- else
- *verify = 0;
-
- rc = GNUTLS_E_SUCCESS;
-
- done:
- gnutls_free (data.data);
- gnutls_free (sig.data);
- gnutls_pubkey_deinit (pubkey);
-
- return rc;
+ gnutls_datum_t sig = { NULL };
+ gnutls_datum_t data = { NULL };
+ gnutls_pubkey_t pubkey = NULL;
+ int sigalg;
+ int rc;
+
+ if (resp == NULL || signercert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ rc = gnutls_ocsp_resp_get_signature_algorithm(resp);
+ if (rc < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ sigalg = rc;
+
+ rc = export(resp->basicresp, "tbsResponseData", &data);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ rc = gnutls_pubkey_init(&pubkey);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ rc = gnutls_pubkey_import_x509(pubkey, signercert, 0);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ rc = gnutls_ocsp_resp_get_signature(resp, &sig);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ rc = gnutls_pubkey_verify_data2(pubkey, sigalg, 0, &data, &sig);
+ if (rc == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
+ gnutls_assert();
+ *verify = GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE;
+ } else if (rc < 0) {
+ gnutls_assert();
+ goto done;
+ } else
+ *verify = 0;
+
+ rc = GNUTLS_E_SUCCESS;
+
+ done:
+ gnutls_free(data.data);
+ gnutls_free(sig.data);
+ gnutls_pubkey_deinit(pubkey);
+
+ return rc;
}
static inline unsigned int vstatus_to_ocsp_status(unsigned int status)
{
-unsigned int ostatus;
-
- if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
- ostatus = GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM;
- else if (status & GNUTLS_CERT_NOT_ACTIVATED)
- ostatus = GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED;
- else if (status & GNUTLS_CERT_EXPIRED)
- ostatus = GNUTLS_OCSP_VERIFY_CERT_EXPIRED;
- else
- ostatus = GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER;
-
- return ostatus;
+ unsigned int ostatus;
+
+ if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+ ostatus = GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM;
+ else if (status & GNUTLS_CERT_NOT_ACTIVATED)
+ ostatus = GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED;
+ else if (status & GNUTLS_CERT_EXPIRED)
+ ostatus = GNUTLS_OCSP_VERIFY_CERT_EXPIRED;
+ else
+ ostatus = GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER;
+
+ return ostatus;
}
static int check_ocsp_purpose(gnutls_x509_crt_t signercert)
{
-char oidtmp[sizeof (GNUTLS_KP_OCSP_SIGNING)];
-size_t oidsize;
-int indx, rc;
-
- for (indx = 0; ; indx++)
- {
- oidsize = sizeof (oidtmp);
- rc = gnutls_x509_crt_get_key_purpose_oid (signercert, indx,
- oidtmp, &oidsize,
- NULL);
- if (rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert();
- return rc;
- }
- else if (rc == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- continue;
- }
- else if (rc != GNUTLS_E_SUCCESS)
- {
- return gnutls_assert_val(rc);
- }
-
- if (memcmp (oidtmp, GNUTLS_KP_OCSP_SIGNING, oidsize) != 0)
- {
- gnutls_assert ();
- continue;
- }
- break;
- }
-
- return 0;
+ char oidtmp[sizeof(GNUTLS_KP_OCSP_SIGNING)];
+ size_t oidsize;
+ int indx, rc;
+
+ for (indx = 0;; indx++) {
+ oidsize = sizeof(oidtmp);
+ rc = gnutls_x509_crt_get_key_purpose_oid(signercert, indx,
+ oidtmp, &oidsize,
+ NULL);
+ if (rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return rc;
+ } else if (rc == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ continue;
+ } else if (rc != GNUTLS_E_SUCCESS) {
+ return gnutls_assert_val(rc);
+ }
+
+ if (memcmp(oidtmp, GNUTLS_KP_OCSP_SIGNING, oidsize) != 0) {
+ gnutls_assert();
+ continue;
+ }
+ break;
+ }
+
+ return 0;
}
/**
@@ -2121,61 +1995,55 @@ int indx, rc;
* negative error value.
**/
int
-gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
- gnutls_x509_crt_t issuer,
- unsigned int *verify,
- unsigned int flags)
+gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp,
+ gnutls_x509_crt_t issuer,
+ unsigned int *verify, unsigned int flags)
{
- gnutls_x509_crt_t signercert;
- int rc;
-
- if (resp == NULL || issuer == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- signercert = find_signercert (resp);
- if (!signercert)
- {
- signercert = issuer;
- }
- else /* response contains a signer. Verify him */
- {
- unsigned int vtmp;
-
- rc = gnutls_x509_crt_verify (signercert, &issuer, 1, 0, &vtmp);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- if (vtmp != 0)
- {
- *verify = vstatus_to_ocsp_status(vtmp);
- gnutls_assert ();
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
-
- rc = check_ocsp_purpose(signercert);
- if (rc < 0)
- {
- gnutls_assert ();
- *verify = GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR;
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
- }
-
- rc = _ocsp_resp_verify_direct(resp, signercert, verify, flags);
-
- done:
- if (signercert != issuer)
- gnutls_x509_crt_deinit(signercert);
-
- return rc;
+ gnutls_x509_crt_t signercert;
+ int rc;
+
+ if (resp == NULL || issuer == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ signercert = find_signercert(resp);
+ if (!signercert) {
+ signercert = issuer;
+ } else { /* response contains a signer. Verify him */
+
+ unsigned int vtmp;
+
+ rc = gnutls_x509_crt_verify(signercert, &issuer, 1, 0,
+ &vtmp);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ if (vtmp != 0) {
+ *verify = vstatus_to_ocsp_status(vtmp);
+ gnutls_assert();
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+
+ rc = check_ocsp_purpose(signercert);
+ if (rc < 0) {
+ gnutls_assert();
+ *verify = GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR;
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+ }
+
+ rc = _ocsp_resp_verify_direct(resp, signercert, verify, flags);
+
+ done:
+ if (signercert != issuer)
+ gnutls_x509_crt_deinit(signercert);
+
+ return rc;
}
/**
@@ -2209,85 +2077,80 @@ gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
* negative error value.
**/
int
-gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
- gnutls_x509_trust_list_t trustlist,
- unsigned int *verify,
- unsigned int flags)
+gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t resp,
+ gnutls_x509_trust_list_t trustlist,
+ unsigned int *verify, unsigned int flags)
{
- gnutls_x509_crt_t signercert = NULL;
- int rc;
-
- /* Algorithm:
- 1. Find signer cert.
- 1a. Search in OCSP response Certificate field for responderID.
- 1b. Verify that signer cert is trusted.
- 2a. It is in trustlist?
- 2b. It has OCSP key usage and directly signed by a CA in trustlist?
- 3. Verify signature of Basic Response using public key from signer cert.
- */
-
- signercert = find_signercert (resp);
- if (!signercert)
- {
- /* XXX Search in trustlist for certificate matching
- responderId as well? */
- gnutls_assert ();
- *verify = GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND;
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
-
- /* Either the signer is directly trusted (i.e., in trustlist) or it
- is directly signed by something in trustlist and has proper OCSP
- extkeyusage. */
- rc = _gnutls_trustlist_inlist (trustlist, signercert);
- if (rc == 0)
- {
- /* not in trustlist, need to verify signature and bits */
- gnutls_x509_crt_t issuer;
- unsigned vtmp;
-
- gnutls_assert ();
-
- rc = gnutls_x509_trust_list_get_issuer (trustlist, signercert,
- &issuer, 0);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- *verify = GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER;
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
-
- rc = gnutls_x509_crt_verify (signercert, &issuer, 1, 0, &vtmp);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- goto done;
- }
-
- if (vtmp != 0)
- {
- *verify = vstatus_to_ocsp_status(vtmp);
- gnutls_assert ();
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
-
- rc = check_ocsp_purpose(signercert);
- if (rc < 0)
- {
- gnutls_assert ();
- *verify = GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR;
- rc = GNUTLS_E_SUCCESS;
- goto done;
- }
- }
-
- rc = _ocsp_resp_verify_direct (resp, signercert, verify, flags);
-
- done:
- gnutls_x509_crt_deinit (signercert);
-
- return rc;
+ gnutls_x509_crt_t signercert = NULL;
+ int rc;
+
+ /* Algorithm:
+ 1. Find signer cert.
+ 1a. Search in OCSP response Certificate field for responderID.
+ 1b. Verify that signer cert is trusted.
+ 2a. It is in trustlist?
+ 2b. It has OCSP key usage and directly signed by a CA in trustlist?
+ 3. Verify signature of Basic Response using public key from signer cert.
+ */
+
+ signercert = find_signercert(resp);
+ if (!signercert) {
+ /* XXX Search in trustlist for certificate matching
+ responderId as well? */
+ gnutls_assert();
+ *verify = GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND;
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+
+ /* Either the signer is directly trusted (i.e., in trustlist) or it
+ is directly signed by something in trustlist and has proper OCSP
+ extkeyusage. */
+ rc = _gnutls_trustlist_inlist(trustlist, signercert);
+ if (rc == 0) {
+ /* not in trustlist, need to verify signature and bits */
+ gnutls_x509_crt_t issuer;
+ unsigned vtmp;
+
+ gnutls_assert();
+
+ rc = gnutls_x509_trust_list_get_issuer(trustlist,
+ signercert, &issuer,
+ 0);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ *verify = GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER;
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+
+ rc = gnutls_x509_crt_verify(signercert, &issuer, 1, 0,
+ &vtmp);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ goto done;
+ }
+
+ if (vtmp != 0) {
+ *verify = vstatus_to_ocsp_status(vtmp);
+ gnutls_assert();
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+
+ rc = check_ocsp_purpose(signercert);
+ if (rc < 0) {
+ gnutls_assert();
+ *verify = GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR;
+ rc = GNUTLS_E_SUCCESS;
+ goto done;
+ }
+ }
+
+ rc = _ocsp_resp_verify_direct(resp, signercert, verify, flags);
+
+ done:
+ gnutls_x509_crt_deinit(signercert);
+
+ return rc;
}
diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c
index a2752dbe76..8a2e0e4797 100644
--- a/lib/x509/ocsp_output.c
+++ b/lib/x509/ocsp_output.c
@@ -38,118 +38,119 @@
#define addf _gnutls_buffer_append_printf
#define adds _gnutls_buffer_append_str
-static void
-print_req (gnutls_buffer_st * str, gnutls_ocsp_req_t req)
+static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_t req)
{
- int ret;
- unsigned indx;
-
- /* Version. */
- {
- int version = gnutls_ocsp_req_get_version (req);
- if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* XXX requestorName */
-
- /* requestList */
- addf (str, "\tRequest List:\n");
- for (indx = 0; ; indx++)
- {
- gnutls_digest_algorithm_t digest;
- gnutls_datum_t in, ik, sn;
-
- ret = gnutls_ocsp_req_get_cert_id (req, indx, &digest, &in, &ik, &sn);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "\t\tCertificate ID:\n");
- if (ret != GNUTLS_E_SUCCESS)
- {
- addf (str, "error: get_cert_id: %s\n",
- gnutls_strerror (ret));
- continue;
- }
- addf (str, "\t\t\tHash Algorithm: %s\n",
- _gnutls_digest_get_name (mac_to_entry(digest)));
-
- adds (str, "\t\t\tIssuer Name Hash: ");
- _gnutls_buffer_hexprint (str, in.data, in.size);
- adds (str, "\n");
-
- adds (str, "\t\t\tIssuer Key Hash: ");
- _gnutls_buffer_hexprint (str, ik.data, ik.size);
- adds (str, "\n");
-
- adds (str, "\t\t\tSerial Number: ");
- _gnutls_buffer_hexprint (str, sn.data, sn.size);
- adds (str, "\n");
-
- gnutls_free (in.data);
- gnutls_free (ik.data);
- gnutls_free (sn.data);
-
- /* XXX singleRequestExtensions */
- }
-
- for (indx = 0; ; indx++)
- {
- gnutls_datum_t oid;
- unsigned int critical;
- gnutls_datum_t data;
-
- ret = gnutls_ocsp_req_get_extension (req, indx, &oid, &critical, &data);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- else if (ret != GNUTLS_E_SUCCESS)
- {
- addf (str, "error: get_extension: %s\n",
- gnutls_strerror (ret));
- continue;
- }
- if (indx == 0)
- adds (str, "\tExtensions:\n");
+ int ret;
+ unsigned indx;
- if (memcmp (oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0)
+ /* Version. */
{
- gnutls_datum_t nonce;
- unsigned int critical;
-
- ret = gnutls_ocsp_req_get_nonce (req, &critical, &nonce);
- if (ret != GNUTLS_E_SUCCESS)
- {
- addf (str, "error: get_nonce: %s\n",
- gnutls_strerror (ret));
- }
- else
- {
- addf (str, "\t\tNonce%s: ", critical ? " (critical)" : "");
- _gnutls_buffer_hexprint (str, nonce.data, nonce.size);
- adds (str, "\n");
- gnutls_free (nonce.data);
- }
+ int version = gnutls_ocsp_req_get_version(req);
+ if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
}
- else
- {
- addf (str, "\t\tUnknown extension %s (%s):\n", oid.data,
- critical ? "critical" : "not critical");
-
- adds (str, _("\t\t\tASCII: "));
- _gnutls_buffer_asciiprint (str, (char*)data.data, data.size);
- addf (str, "\n");
- adds (str, _("\t\t\tHexdump: "));
- _gnutls_buffer_hexprint (str, (char*)data.data, data.size);
- adds (str, "\n");
+ /* XXX requestorName */
+
+ /* requestList */
+ addf(str, "\tRequest List:\n");
+ for (indx = 0;; indx++) {
+ gnutls_digest_algorithm_t digest;
+ gnutls_datum_t in, ik, sn;
+
+ ret =
+ gnutls_ocsp_req_get_cert_id(req, indx, &digest, &in,
+ &ik, &sn);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf(str, "\t\tCertificate ID:\n");
+ if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_cert_id: %s\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ addf(str, "\t\t\tHash Algorithm: %s\n",
+ _gnutls_digest_get_name(mac_to_entry(digest)));
+
+ adds(str, "\t\t\tIssuer Name Hash: ");
+ _gnutls_buffer_hexprint(str, in.data, in.size);
+ adds(str, "\n");
+
+ adds(str, "\t\t\tIssuer Key Hash: ");
+ _gnutls_buffer_hexprint(str, ik.data, ik.size);
+ adds(str, "\n");
+
+ adds(str, "\t\t\tSerial Number: ");
+ _gnutls_buffer_hexprint(str, sn.data, sn.size);
+ adds(str, "\n");
+
+ gnutls_free(in.data);
+ gnutls_free(ik.data);
+ gnutls_free(sn.data);
+
+ /* XXX singleRequestExtensions */
}
- gnutls_free (oid.data);
- gnutls_free (data.data);
- }
+ for (indx = 0;; indx++) {
+ gnutls_datum_t oid;
+ unsigned int critical;
+ gnutls_datum_t data;
+
+ ret =
+ gnutls_ocsp_req_get_extension(req, indx, &oid,
+ &critical, &data);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ else if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_extension: %s\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ if (indx == 0)
+ adds(str, "\tExtensions:\n");
+
+ if (memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
+ gnutls_datum_t nonce;
+ unsigned int critical;
+
+ ret =
+ gnutls_ocsp_req_get_nonce(req, &critical,
+ &nonce);
+ if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_nonce: %s\n",
+ gnutls_strerror(ret));
+ } else {
+ addf(str, "\t\tNonce%s: ",
+ critical ? " (critical)" : "");
+ _gnutls_buffer_hexprint(str, nonce.data,
+ nonce.size);
+ adds(str, "\n");
+ gnutls_free(nonce.data);
+ }
+ } else {
+ addf(str, "\t\tUnknown extension %s (%s):\n",
+ oid.data,
+ critical ? "critical" : "not critical");
+
+ adds(str, _("\t\t\tASCII: "));
+ _gnutls_buffer_asciiprint(str, (char *) data.data,
+ data.size);
+ addf(str, "\n");
+
+ adds(str, _("\t\t\tHexdump: "));
+ _gnutls_buffer_hexprint(str, (char *) data.data,
+ data.size);
+ adds(str, "\n");
+ }
+
+ gnutls_free(oid.data);
+ gnutls_free(data.data);
+ }
- /* XXX Signature */
+ /* XXX Signature */
}
/**
@@ -170,423 +171,444 @@ print_req (gnutls_buffer_st * str, gnutls_ocsp_req_t req)
* negative error value.
**/
int
-gnutls_ocsp_req_print (gnutls_ocsp_req_t req,
- gnutls_ocsp_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_ocsp_req_print(gnutls_ocsp_req_t req,
+ gnutls_ocsp_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int rc;
+ gnutls_buffer_st str;
+ int rc;
- if (format != GNUTLS_OCSP_PRINT_FULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (format != GNUTLS_OCSP_PRINT_FULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str (&str, _("OCSP Request Information:\n"));
+ _gnutls_buffer_append_str(&str, _("OCSP Request Information:\n"));
- print_req (&str, req);
+ print_req(&str, req);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- rc = _gnutls_buffer_to_datum (&str, out);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return rc;
- }
+ rc = _gnutls_buffer_to_datum(&str, out);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return rc;
+ }
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
static void
-print_resp (gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
- gnutls_ocsp_print_formats_t format)
+print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
+ gnutls_ocsp_print_formats_t format)
{
- int ret;
- unsigned indx;
-
- ret = gnutls_ocsp_resp_get_status (resp);
- if (ret < 0)
- {
- addf (str, "error: ocsp_resp_get_status: %s\n",
- gnutls_strerror (ret));
- return;
- }
-
- adds (str, "\tResponse Status: ");
- switch (ret)
- {
- case GNUTLS_OCSP_RESP_SUCCESSFUL:
- adds (str, "Successful\n");
- break;
-
- case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
- adds (str, "malformedRequest\n");
- return;
-
- case GNUTLS_OCSP_RESP_INTERNALERROR:
- adds (str, "internalError\n");
- return;
-
- case GNUTLS_OCSP_RESP_TRYLATER:
- adds (str, "tryLater\n");
- return;
-
- case GNUTLS_OCSP_RESP_SIGREQUIRED:
- adds (str, "sigRequired\n");
- return;
-
- case GNUTLS_OCSP_RESP_UNAUTHORIZED:
- adds (str, "unauthorized\n");
- return;
-
- default:
- adds (str, "unknown\n");
- return;
- }
-
- {
- gnutls_datum_t oid;
-
- ret = gnutls_ocsp_resp_get_response (resp, &oid, NULL);
- if (ret < 0)
- {
- addf (str, "error: get_response: %s\n", gnutls_strerror (ret));
- return;
- }
-
- adds (str, "\tResponse Type: ");
-#define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"
-
- if (oid.size == sizeof (OCSP_BASIC)
- && memcmp (oid.data, OCSP_BASIC, oid.size) == 0)
- {
- adds (str, "Basic OCSP Response\n");
- gnutls_free (oid.data);
- }
- else
- {
- addf (str, "Unknown response type (%.*s)\n", oid.size, oid.data);
- gnutls_free (oid.data);
- return;
- }
- }
-
- /* Version. */
- {
- int version = gnutls_ocsp_resp_get_version (resp);
- if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* responderID */
- {
- gnutls_datum_t dn;
-
- /* XXX byKey */
-
- ret = gnutls_ocsp_resp_get_responder (resp, &dn);
- if (ret < 0)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (ret));
- else
- {
- addf (str, _("\tResponder ID: %.*s\n"), dn.size, dn.data);
- gnutls_free (dn.data);
- }
- }
-
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
- time_t tim = gnutls_ocsp_resp_get_produced (resp);
-
- if (tim == (time_t) -1)
- addf (str, "error: ocsp_resp_get_produced\n");
- else if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\tProduced At: %s\n"), s);
- }
-
- addf (str, "\tResponses:\n");
- for (indx = 0; ; indx++)
- {
- gnutls_digest_algorithm_t digest;
- gnutls_datum_t in, ik, sn;
- unsigned int cert_status;
- time_t this_update;
- time_t next_update;
- time_t revocation_time;
- unsigned int revocation_reason;
-
- ret = gnutls_ocsp_resp_get_single (resp,
- indx,
- &digest, &in, &ik, &sn,
- &cert_status,
- &this_update,
- &next_update,
- &revocation_time,
- &revocation_reason);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "\t\tCertificate ID:\n");
- if (ret != GNUTLS_E_SUCCESS)
- {
- addf (str, "error: get_singleresponse: %s\n",
- gnutls_strerror (ret));
- continue;
+ int ret;
+ unsigned indx;
+
+ ret = gnutls_ocsp_resp_get_status(resp);
+ if (ret < 0) {
+ addf(str, "error: ocsp_resp_get_status: %s\n",
+ gnutls_strerror(ret));
+ return;
}
- addf (str, "\t\t\tHash Algorithm: %s\n",
- _gnutls_digest_get_name (mac_to_entry(digest)));
- adds (str, "\t\t\tIssuer Name Hash: ");
- _gnutls_buffer_hexprint (str, in.data, in.size);
- adds (str, "\n");
+ adds(str, "\tResponse Status: ");
+ switch (ret) {
+ case GNUTLS_OCSP_RESP_SUCCESSFUL:
+ adds(str, "Successful\n");
+ break;
- adds (str, "\t\t\tIssuer Key Hash: ");
- _gnutls_buffer_hexprint (str, ik.data, ik.size);
- adds (str, "\n");
+ case GNUTLS_OCSP_RESP_MALFORMEDREQUEST:
+ adds(str, "malformedRequest\n");
+ return;
- adds (str, "\t\t\tSerial Number: ");
- _gnutls_buffer_hexprint (str, sn.data, sn.size);
- adds (str, "\n");
+ case GNUTLS_OCSP_RESP_INTERNALERROR:
+ adds(str, "internalError\n");
+ return;
- gnutls_free (in.data);
- gnutls_free (ik.data);
- gnutls_free (sn.data);
+ case GNUTLS_OCSP_RESP_TRYLATER:
+ adds(str, "tryLater\n");
+ return;
- {
- const char *p = NULL;
+ case GNUTLS_OCSP_RESP_SIGREQUIRED:
+ adds(str, "sigRequired\n");
+ return;
- switch (cert_status)
- {
- case GNUTLS_OCSP_CERT_GOOD:
- p = "good";
- break;
+ case GNUTLS_OCSP_RESP_UNAUTHORIZED:
+ adds(str, "unauthorized\n");
+ return;
- case GNUTLS_OCSP_CERT_REVOKED:
- p = "revoked";
- break;
+ default:
+ adds(str, "unknown\n");
+ return;
+ }
- case GNUTLS_OCSP_CERT_UNKNOWN:
- p = "unknown";
- break;
+ {
+ gnutls_datum_t oid;
- default:
- addf (str, "\t\tCertificate Status: unexpected value %d\n",
- cert_status);
- break;
- }
+ ret = gnutls_ocsp_resp_get_response(resp, &oid, NULL);
+ if (ret < 0) {
+ addf(str, "error: get_response: %s\n",
+ gnutls_strerror(ret));
+ return;
+ }
- if (p)
- addf (str, "\t\tCertificate Status: %s\n", p);
- }
+ adds(str, "\tResponse Type: ");
+#define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"
- /* XXX revocation reason */
+ if (oid.size == sizeof(OCSP_BASIC)
+ && memcmp(oid.data, OCSP_BASIC, oid.size) == 0) {
+ adds(str, "Basic OCSP Response\n");
+ gnutls_free(oid.data);
+ } else {
+ addf(str, "Unknown response type (%.*s)\n",
+ oid.size, oid.data);
+ gnutls_free(oid.data);
+ return;
+ }
+ }
- if (cert_status == GNUTLS_OCSP_CERT_REVOKED)
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (revocation_time == (time_t) -1)
- addf (str, "error: revocation_time\n");
- else if (gmtime_r (&revocation_time, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n",
- (unsigned long) revocation_time);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n",
- (unsigned long) revocation_time);
- else
- addf (str, _("\t\tRevocation time: %s\n"), s);
- }
-
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (this_update == (time_t) -1)
- addf (str, "error: this_update\n");
- else if (gmtime_r (&this_update, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) this_update);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) this_update);
- else
- addf (str, _("\t\tThis Update: %s\n"), s);
- }
-
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (next_update == (time_t) -1)
- addf (str, "error: next_update\n");
- else if (gmtime_r (&next_update, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) next_update);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) next_update);
- else
- addf (str, _("\t\tNext Update: %s\n"), s);
- }
-
- /* XXX singleRequestExtensions */
- }
-
- adds (str, "\tExtensions:\n");
- for (indx = 0; ; indx++)
- {
- gnutls_datum_t oid;
- unsigned int critical;
- gnutls_datum_t data;
-
- ret = gnutls_ocsp_resp_get_extension (resp, indx, &oid, &critical, &data);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- else if (ret != GNUTLS_E_SUCCESS)
+ /* Version. */
{
- addf (str, "error: get_extension: %s\n",
- gnutls_strerror (ret));
- continue;
+ int version = gnutls_ocsp_resp_get_version(resp);
+ if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
}
- if (memcmp (oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0)
+ /* responderID */
{
- gnutls_datum_t nonce;
- unsigned int critical;
-
- ret = gnutls_ocsp_resp_get_nonce (resp, &critical, &nonce);
- if (ret != GNUTLS_E_SUCCESS)
- {
- addf (str, "error: get_nonce: %s\n",
- gnutls_strerror (ret));
- }
- else
- {
- addf (str, "\t\tNonce%s: ", critical ? " (critical)" : "");
- _gnutls_buffer_hexprint (str, nonce.data, nonce.size);
- adds (str, "\n");
- gnutls_free (nonce.data);
- }
+ gnutls_datum_t dn;
+
+ /* XXX byKey */
+
+ ret = gnutls_ocsp_resp_get_responder(resp, &dn);
+ if (ret < 0)
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(ret));
+ else {
+ addf(str, _("\tResponder ID: %.*s\n"), dn.size,
+ dn.data);
+ gnutls_free(dn.data);
+ }
}
- else
+
{
- addf (str, "\t\tUnknown extension %s (%s):\n", oid.data,
- critical ? "critical" : "not critical");
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+ time_t tim = gnutls_ocsp_resp_get_produced(resp);
+
+ if (tim == (time_t) - 1)
+ addf(str, "error: ocsp_resp_get_produced\n");
+ else if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t)
+ == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\tProduced At: %s\n"), s);
+ }
- adds (str, _("\t\t\tASCII: "));
- _gnutls_buffer_asciiprint (str, (char*)data.data, data.size);
- addf (str, "\n");
+ addf(str, "\tResponses:\n");
+ for (indx = 0;; indx++) {
+ gnutls_digest_algorithm_t digest;
+ gnutls_datum_t in, ik, sn;
+ unsigned int cert_status;
+ time_t this_update;
+ time_t next_update;
+ time_t revocation_time;
+ unsigned int revocation_reason;
+
+ ret = gnutls_ocsp_resp_get_single(resp,
+ indx,
+ &digest, &in, &ik, &sn,
+ &cert_status,
+ &this_update,
+ &next_update,
+ &revocation_time,
+ &revocation_reason);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf(str, "\t\tCertificate ID:\n");
+ if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_singleresponse: %s\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ addf(str, "\t\t\tHash Algorithm: %s\n",
+ _gnutls_digest_get_name(mac_to_entry(digest)));
+
+ adds(str, "\t\t\tIssuer Name Hash: ");
+ _gnutls_buffer_hexprint(str, in.data, in.size);
+ adds(str, "\n");
+
+ adds(str, "\t\t\tIssuer Key Hash: ");
+ _gnutls_buffer_hexprint(str, ik.data, ik.size);
+ adds(str, "\n");
+
+ adds(str, "\t\t\tSerial Number: ");
+ _gnutls_buffer_hexprint(str, sn.data, sn.size);
+ adds(str, "\n");
+
+ gnutls_free(in.data);
+ gnutls_free(ik.data);
+ gnutls_free(sn.data);
+
+ {
+ const char *p = NULL;
+
+ switch (cert_status) {
+ case GNUTLS_OCSP_CERT_GOOD:
+ p = "good";
+ break;
+
+ case GNUTLS_OCSP_CERT_REVOKED:
+ p = "revoked";
+ break;
+
+ case GNUTLS_OCSP_CERT_UNKNOWN:
+ p = "unknown";
+ break;
+
+ default:
+ addf(str,
+ "\t\tCertificate Status: unexpected value %d\n",
+ cert_status);
+ break;
+ }
+
+ if (p)
+ addf(str, "\t\tCertificate Status: %s\n",
+ p);
+ }
+
+ /* XXX revocation reason */
+
+ if (cert_status == GNUTLS_OCSP_CERT_REVOKED) {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (revocation_time == (time_t) - 1)
+ addf(str, "error: revocation_time\n");
+ else if (gmtime_r(&revocation_time, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) revocation_time);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) revocation_time);
+ else
+ addf(str, _("\t\tRevocation time: %s\n"),
+ s);
+ }
+
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (this_update == (time_t) - 1)
+ addf(str, "error: this_update\n");
+ else if (gmtime_r(&this_update, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) this_update);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) this_update);
+ else
+ addf(str, _("\t\tThis Update: %s\n"), s);
+ }
+
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (next_update == (time_t) - 1)
+ addf(str, "error: next_update\n");
+ else if (gmtime_r(&next_update, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) next_update);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) next_update);
+ else
+ addf(str, _("\t\tNext Update: %s\n"), s);
+ }
+
+ /* XXX singleRequestExtensions */
+ }
- adds (str, _("\t\t\tHexdump: "));
- _gnutls_buffer_hexprint (str, (char*)data.data, data.size);
- adds (str, "\n");
+ adds(str, "\tExtensions:\n");
+ for (indx = 0;; indx++) {
+ gnutls_datum_t oid;
+ unsigned int critical;
+ gnutls_datum_t data;
+
+ ret =
+ gnutls_ocsp_resp_get_extension(resp, indx, &oid,
+ &critical, &data);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ else if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_extension: %s\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+
+ if (memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
+ gnutls_datum_t nonce;
+ unsigned int critical;
+
+ ret =
+ gnutls_ocsp_resp_get_nonce(resp, &critical,
+ &nonce);
+ if (ret != GNUTLS_E_SUCCESS) {
+ addf(str, "error: get_nonce: %s\n",
+ gnutls_strerror(ret));
+ } else {
+ addf(str, "\t\tNonce%s: ",
+ critical ? " (critical)" : "");
+ _gnutls_buffer_hexprint(str, nonce.data,
+ nonce.size);
+ adds(str, "\n");
+ gnutls_free(nonce.data);
+ }
+ } else {
+ addf(str, "\t\tUnknown extension %s (%s):\n",
+ oid.data,
+ critical ? "critical" : "not critical");
+
+ adds(str, _("\t\t\tASCII: "));
+ _gnutls_buffer_asciiprint(str, (char *) data.data,
+ data.size);
+ addf(str, "\n");
+
+ adds(str, _("\t\t\tHexdump: "));
+ _gnutls_buffer_hexprint(str, (char *) data.data,
+ data.size);
+ adds(str, "\n");
+ }
+
+ gnutls_free(oid.data);
+ gnutls_free(data.data);
}
- gnutls_free (oid.data);
- gnutls_free (data.data);
- }
-
- /* Signature. */
- if (format == GNUTLS_OCSP_PRINT_FULL)
- {
- gnutls_datum_t sig;
-
- ret = gnutls_ocsp_resp_get_signature_algorithm (resp);
- if (ret < 0)
- addf (str, "error: get_signature_algorithm: %s\n",
- gnutls_strerror (ret));
- else
- {
- const char *name = gnutls_sign_algorithm_get_name (ret);
- if (name == NULL)
- name = _("unknown");
- addf (str, _("\tSignature Algorithm: %s\n"), name);
- }
- if (gnutls_sign_is_secure(ret) == 0)
- {
- adds (str, _("warning: signed using a broken signature "
- "algorithm that can be forged.\n"));
- }
-
- ret = gnutls_ocsp_resp_get_signature (resp, &sig);
- if (ret < 0)
- addf (str, "error: get_signature: %s\n", gnutls_strerror (ret));
- else
- {
- adds (str, _("\tSignature:\n"));
- _gnutls_buffer_hexdump (str, sig.data, sig.size, "\t\t");
-
- gnutls_free (sig.data);
- }
- }
-
- /* certs */
- if (format == GNUTLS_OCSP_PRINT_FULL)
- {
- gnutls_x509_crt_t *certs;
- size_t ncerts, i;
- gnutls_datum_t out;
-
- ret = gnutls_ocsp_resp_get_certs (resp, &certs, &ncerts);
- if (ret < 0)
- addf (str, "error: get_certs: %s\n", gnutls_strerror (ret));
- else
- {
- for (i = 0; i < ncerts; i++)
- {
- size_t s = 0;
-
- ret = gnutls_x509_crt_print (certs[i], GNUTLS_CRT_PRINT_FULL,
- &out);
- if (ret < 0)
- addf (str, "error: crt_print: %s\n", gnutls_strerror (ret));
- else
- {
- addf (str, "%.*s", out.size, out.data);
- gnutls_free (out.data);
- }
-
- ret = gnutls_x509_crt_export (certs[i], GNUTLS_X509_FMT_PEM,
- NULL, &s);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: crt_export: %s\n", gnutls_strerror (ret));
- else
- {
- out.data = gnutls_malloc (s);
- if (out.data == NULL)
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- ret = gnutls_x509_crt_export (certs[i], GNUTLS_X509_FMT_PEM,
- out.data, &s);
- if (ret < 0)
- addf (str, "error: crt_export: %s\n", gnutls_strerror (ret));
- else
- {
- out.size = s;
- addf (str, "%.*s", out.size, out.data);
- }
- gnutls_free (out.data);
- }
- }
-
- gnutls_x509_crt_deinit (certs[i]);
- }
- gnutls_free (certs);
- }
- }
+ /* Signature. */
+ if (format == GNUTLS_OCSP_PRINT_FULL) {
+ gnutls_datum_t sig;
+
+ ret = gnutls_ocsp_resp_get_signature_algorithm(resp);
+ if (ret < 0)
+ addf(str, "error: get_signature_algorithm: %s\n",
+ gnutls_strerror(ret));
+ else {
+ const char *name =
+ gnutls_sign_algorithm_get_name(ret);
+ if (name == NULL)
+ name = _("unknown");
+ addf(str, _("\tSignature Algorithm: %s\n"), name);
+ }
+ if (gnutls_sign_is_secure(ret) == 0) {
+ adds(str,
+ _("warning: signed using a broken signature "
+ "algorithm that can be forged.\n"));
+ }
+
+ ret = gnutls_ocsp_resp_get_signature(resp, &sig);
+ if (ret < 0)
+ addf(str, "error: get_signature: %s\n",
+ gnutls_strerror(ret));
+ else {
+ adds(str, _("\tSignature:\n"));
+ _gnutls_buffer_hexdump(str, sig.data, sig.size,
+ "\t\t");
+
+ gnutls_free(sig.data);
+ }
+ }
+
+ /* certs */
+ if (format == GNUTLS_OCSP_PRINT_FULL) {
+ gnutls_x509_crt_t *certs;
+ size_t ncerts, i;
+ gnutls_datum_t out;
+
+ ret = gnutls_ocsp_resp_get_certs(resp, &certs, &ncerts);
+ if (ret < 0)
+ addf(str, "error: get_certs: %s\n",
+ gnutls_strerror(ret));
+ else {
+ for (i = 0; i < ncerts; i++) {
+ size_t s = 0;
+
+ ret =
+ gnutls_x509_crt_print(certs[i],
+ GNUTLS_CRT_PRINT_FULL,
+ &out);
+ if (ret < 0)
+ addf(str, "error: crt_print: %s\n",
+ gnutls_strerror(ret));
+ else {
+ addf(str, "%.*s", out.size,
+ out.data);
+ gnutls_free(out.data);
+ }
+
+ ret =
+ gnutls_x509_crt_export(certs[i],
+ GNUTLS_X509_FMT_PEM,
+ NULL, &s);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str,
+ "error: crt_export: %s\n",
+ gnutls_strerror(ret));
+ else {
+ out.data = gnutls_malloc(s);
+ if (out.data == NULL)
+ addf(str,
+ "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ ret =
+ gnutls_x509_crt_export
+ (certs[i],
+ GNUTLS_X509_FMT_PEM,
+ out.data, &s);
+ if (ret < 0)
+ addf(str,
+ "error: crt_export: %s\n",
+ gnutls_strerror
+ (ret));
+ else {
+ out.size = s;
+ addf(str, "%.*s",
+ out.size,
+ out.data);
+ }
+ gnutls_free(out.data);
+ }
+ }
+
+ gnutls_x509_crt_deinit(certs[i]);
+ }
+ gnutls_free(certs);
+ }
+ }
}
/**
@@ -607,27 +629,26 @@ print_resp (gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
* negative error value.
**/
int
-gnutls_ocsp_resp_print (gnutls_ocsp_resp_t resp,
- gnutls_ocsp_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_ocsp_resp_print(gnutls_ocsp_resp_t resp,
+ gnutls_ocsp_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int rc;
+ gnutls_buffer_st str;
+ int rc;
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str (&str, _("OCSP Response Information:\n"));
+ _gnutls_buffer_append_str(&str, _("OCSP Response Information:\n"));
- print_resp (&str, resp, format);
+ print_resp(&str, resp, format);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- rc = _gnutls_buffer_to_datum (&str, out);
- if (rc != GNUTLS_E_SUCCESS)
- {
- gnutls_assert ();
- return rc;
- }
+ rc = _gnutls_buffer_to_datum(&str, out);
+ if (rc != GNUTLS_E_SUCCESS) {
+ gnutls_assert();
+ return rc;
+ }
- return GNUTLS_E_SUCCESS;
+ return GNUTLS_E_SUCCESS;
}
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 22cf6b02c1..048a307800 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -36,225 +36,222 @@
#define ERROR_STR (char*) "(error)"
-static char *
-ip_to_string (void *_ip, int ip_size, char *string, int string_size)
+static char *ip_to_string(void *_ip, int ip_size, char *string,
+ int string_size)
{
- uint8_t *ip;
-
- if (ip_size != 4 && ip_size != 16)
- {
- gnutls_assert ();
- return NULL;
- }
-
- if (ip_size == 4 && string_size < 16)
- {
- gnutls_assert ();
- return NULL;
- }
-
- if (ip_size == 16 && string_size < 48)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ip = _ip;
- switch (ip_size)
- {
- case 4:
- snprintf (string, string_size, "%u.%u.%u.%u", ip[0], ip[1], ip[2],
- ip[3]);
- break;
- case 16:
- snprintf (string, string_size, "%x:%x:%x:%x:%x:%x:%x:%x",
- (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3],
- (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7],
- (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11],
- (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]);
- break;
- }
-
- return string;
+ uint8_t *ip;
+
+ if (ip_size != 4 && ip_size != 16) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if (ip_size == 4 && string_size < 16) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if (ip_size == 16 && string_size < 48) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ip = _ip;
+ switch (ip_size) {
+ case 4:
+ snprintf(string, string_size, "%u.%u.%u.%u", ip[0], ip[1],
+ ip[2], ip[3]);
+ break;
+ case 16:
+ snprintf(string, string_size, "%x:%x:%x:%x:%x:%x:%x:%x",
+ (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3],
+ (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7],
+ (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11],
+ (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]);
+ break;
+ }
+
+ return string;
}
static void
-add_altname (gnutls_buffer_st * str, const char *prefix,
- unsigned int alt_type, char *name, size_t name_size)
+add_altname(gnutls_buffer_st * str, const char *prefix,
+ unsigned int alt_type, char *name, size_t name_size)
{
- char str_ip[64];
- char *p;
-
- if ((alt_type == GNUTLS_SAN_DNSNAME
- || alt_type == GNUTLS_SAN_RFC822NAME
- || alt_type == GNUTLS_SAN_URI) && strlen (name) != name_size)
- {
- adds (str, _("warning: altname contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (name) < name_size)
- name[strlen (name)] = '!';
- }
-
- switch (alt_type)
- {
- case GNUTLS_SAN_DNSNAME:
- addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) name_size, name);
- break;
-
- case GNUTLS_SAN_RFC822NAME:
- addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) name_size, name);
- break;
-
- case GNUTLS_SAN_URI:
- addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) name_size, name);
- break;
-
- case GNUTLS_SAN_IPADDRESS:
- p = ip_to_string (name, name_size, str_ip, sizeof (str_ip));
- if (p == NULL)
- p = ERROR_STR;
- addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
- break;
-
- case GNUTLS_SAN_DN:
- addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
- (int) name_size, name);
- break;
- default:
- addf (str, "error: unknown altname\n");
- break;
- }
+ char str_ip[64];
+ char *p;
+
+ if ((alt_type == GNUTLS_SAN_DNSNAME
+ || alt_type == GNUTLS_SAN_RFC822NAME
+ || alt_type == GNUTLS_SAN_URI) && strlen(name) != name_size) {
+ adds(str, _("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen(name) < name_size)
+ name[strlen(name)] = '!';
+ }
+
+ switch (alt_type) {
+ case GNUTLS_SAN_DNSNAME:
+ addf(str, "%s\t\t\tDNSname: %.*s\n", prefix,
+ (int) name_size, name);
+ break;
+
+ case GNUTLS_SAN_RFC822NAME:
+ addf(str, "%s\t\t\tRFC822name: %.*s\n", prefix,
+ (int) name_size, name);
+ break;
+
+ case GNUTLS_SAN_URI:
+ addf(str, "%s\t\t\tURI: %.*s\n", prefix, (int) name_size,
+ name);
+ break;
+
+ case GNUTLS_SAN_IPADDRESS:
+ p = ip_to_string(name, name_size, str_ip, sizeof(str_ip));
+ if (p == NULL)
+ p = ERROR_STR;
+ addf(str, "%s\t\t\tIPAddress: %s\n", prefix, p);
+ break;
+
+ case GNUTLS_SAN_DN:
+ addf(str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
+ (int) name_size, name);
+ break;
+ default:
+ addf(str, "error: unknown altname\n");
+ break;
+ }
}
-static void
-print_proxy (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_proxy(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- int pathlen;
- char *policyLanguage;
- char *policy;
- size_t npolicy;
- int err;
-
- err = gnutls_x509_crt_get_proxy (cert, NULL,
- &pathlen, &policyLanguage,
- &policy, &npolicy);
- if (err < 0)
- {
- addf (str, "error: get_proxy: %s\n", gnutls_strerror (err));
- return;
- }
-
- if (pathlen >= 0)
- addf (str, _("\t\t\tPath Length Constraint: %d\n"), pathlen);
- addf (str, _("\t\t\tPolicy Language: %s"), policyLanguage);
- if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
- adds (str, " (id-ppl-inheritALL)\n");
- else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
- adds (str, " (id-ppl-independent)\n");
- else
- adds (str, "\n");
- if (npolicy)
- {
- adds (str, _("\t\t\tPolicy:\n\t\t\t\tASCII: "));
- _gnutls_buffer_asciiprint (str, policy, npolicy);
- adds (str, _("\n\t\t\t\tHexdump: "));
- _gnutls_buffer_hexprint (str, policy, npolicy);
- adds (str, "\n");
- }
+ int pathlen;
+ char *policyLanguage;
+ char *policy;
+ size_t npolicy;
+ int err;
+
+ err = gnutls_x509_crt_get_proxy(cert, NULL,
+ &pathlen, &policyLanguage,
+ &policy, &npolicy);
+ if (err < 0) {
+ addf(str, "error: get_proxy: %s\n", gnutls_strerror(err));
+ return;
+ }
+
+ if (pathlen >= 0)
+ addf(str, _("\t\t\tPath Length Constraint: %d\n"),
+ pathlen);
+ addf(str, _("\t\t\tPolicy Language: %s"), policyLanguage);
+ if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
+ adds(str, " (id-ppl-inheritALL)\n");
+ else if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
+ adds(str, " (id-ppl-independent)\n");
+ else
+ adds(str, "\n");
+ if (npolicy) {
+ adds(str, _("\t\t\tPolicy:\n\t\t\t\tASCII: "));
+ _gnutls_buffer_asciiprint(str, policy, npolicy);
+ adds(str, _("\n\t\t\t\tHexdump: "));
+ _gnutls_buffer_hexprint(str, policy, npolicy);
+ adds(str, "\n");
+ }
}
-static void
-print_aia (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_aia(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- int err;
- int seq = 0;
- gnutls_datum_t data;
-
- for (;;)
- {
- err = gnutls_x509_crt_get_authority_info_access
- (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- return;
- if (err < 0)
- {
- addf (str, "error: get_aia: %s\n", gnutls_strerror (err));
- return;
- }
-
- addf (str, _("\t\t\tAccess Method: %.*s"), data.size, data.data);
- if (data.size == sizeof (GNUTLS_OID_AD_OCSP) &&
- memcmp (data.data, GNUTLS_OID_AD_OCSP, data.size) == 0)
- adds (str, " (id-ad-ocsp)\n");
- else if (data.size == sizeof (GNUTLS_OID_AD_CAISSUERS) &&
- memcmp (data.data, GNUTLS_OID_AD_CAISSUERS, data.size) == 0)
- adds (str, " (id-ad-caIssuers)\n");
- else
- adds (str, " (UNKNOWN)\n");
-
- err = gnutls_x509_crt_get_authority_info_access
- (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL);
- if (err < 0)
- {
- addf (str, "error: get_aia type: %s\n", gnutls_strerror (err));
- return;
- }
-
- if (data.size == sizeof ("uniformResourceIdentifier") &&
- memcmp (data.data, "uniformResourceIdentifier", data.size) == 0)
- {
- adds (str, "\t\t\tAccess Location URI: ");
- err = gnutls_x509_crt_get_authority_info_access
- (cert, seq, GNUTLS_IA_URI, &data, NULL);
- if (err < 0)
- {
- addf (str, "error: get_aia uri: %s\n", gnutls_strerror (err));
- return;
- }
- addf (str, "%.*s\n", data.size, data.data);
- }
- else
- adds (str, "\t\t\tUnsupported accessLocation type\n");
-
- seq++;
- }
+ int err;
+ int seq = 0;
+ gnutls_datum_t data;
+
+ for (;;) {
+ err = gnutls_x509_crt_get_authority_info_access
+ (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return;
+ if (err < 0) {
+ addf(str, "error: get_aia: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ addf(str, _("\t\t\tAccess Method: %.*s"), data.size,
+ data.data);
+ if (data.size == sizeof(GNUTLS_OID_AD_OCSP)
+ && memcmp(data.data, GNUTLS_OID_AD_OCSP,
+ data.size) == 0)
+ adds(str, " (id-ad-ocsp)\n");
+ else if (data.size == sizeof(GNUTLS_OID_AD_CAISSUERS) &&
+ memcmp(data.data, GNUTLS_OID_AD_CAISSUERS,
+ data.size) == 0)
+ adds(str, " (id-ad-caIssuers)\n");
+ else
+ adds(str, " (UNKNOWN)\n");
+
+ err = gnutls_x509_crt_get_authority_info_access
+ (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE,
+ &data, NULL);
+ if (err < 0) {
+ addf(str, "error: get_aia type: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (data.size == sizeof("uniformResourceIdentifier") &&
+ memcmp(data.data, "uniformResourceIdentifier",
+ data.size) == 0) {
+ adds(str, "\t\t\tAccess Location URI: ");
+ err = gnutls_x509_crt_get_authority_info_access
+ (cert, seq, GNUTLS_IA_URI, &data, NULL);
+ if (err < 0) {
+ addf(str, "error: get_aia uri: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+ addf(str, "%.*s\n", data.size, data.data);
+ } else
+ adds(str,
+ "\t\t\tUnsupported accessLocation type\n");
+
+ seq++;
+ }
}
-static void
-print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_ski(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- char *buffer = NULL;
- size_t size = 0;
- int err;
-
- err = gnutls_x509_crt_get_subject_key_id (cert, buffer, &size, NULL);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_subject_key_id: %s\n", gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- err = gnutls_x509_crt_get_subject_key_id (cert, buffer, &size, NULL);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_subject_key_id2: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, "\t\t\t");
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
-
- gnutls_free (buffer);
+ char *buffer = NULL;
+ size_t size = 0;
+ int err;
+
+ err =
+ gnutls_x509_crt_get_subject_key_id(cert, buffer, &size, NULL);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_subject_key_id: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err =
+ gnutls_x509_crt_get_subject_key_id(cert, buffer, &size, NULL);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_subject_key_id2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, "\t\t\t");
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
}
#define TYPE_CRL 1
@@ -266,1539 +263,1682 @@ print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
#define TYPE_CRQ_SAN TYPE_CRQ
#define TYPE_CRT_IAN 4
-typedef union
-{
- gnutls_x509_crt_t crt;
- gnutls_x509_crq_t crq;
- gnutls_x509_crl_t crl;
- gnutls_pubkey_t pubkey;
+typedef union {
+ gnutls_x509_crt_t crt;
+ gnutls_x509_crq_t crq;
+ gnutls_x509_crl_t crl;
+ gnutls_pubkey_t pubkey;
} cert_type_t;
static void
-print_aki_gn_serial (gnutls_buffer_st * str, int type, cert_type_t cert)
+print_aki_gn_serial(gnutls_buffer_st * str, int type, cert_type_t cert)
{
- char *buffer = NULL;
- char serial[128];
- size_t size = 0, serial_size = sizeof (serial);
- unsigned int alt_type;
- int err;
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_authority_key_gn_serial (cert.crt, 0, NULL, &size,
- &alt_type, serial,
- &serial_size, NULL);
- else if (type == TYPE_CRL)
- err =
- gnutls_x509_crl_get_authority_key_gn_serial (cert.crl, 0, NULL, &size,
- &alt_type, serial,
- &serial_size, NULL);
- else
- {
- gnutls_assert ();
- return;
- }
-
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_authority_key_gn_serial: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_authority_key_gn_serial (cert.crt, 0, buffer, &size,
- &alt_type, serial,
- &serial_size, NULL);
- else
- err =
- gnutls_x509_crl_get_authority_key_gn_serial (cert.crl, 0, buffer, &size,
- &alt_type, serial,
- &serial_size, NULL);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_authority_key_gn_serial2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- add_altname (str, "", alt_type, buffer, size);
- adds (str, "\t\t\tserial: ");
- _gnutls_buffer_hexprint (str, serial, serial_size);
- adds (str, "\n");
-
- gnutls_free (buffer);
+ char *buffer = NULL;
+ char serial[128];
+ size_t size = 0, serial_size = sizeof(serial);
+ unsigned int alt_type;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_gn_serial(cert.crt,
+ 0, NULL,
+ &size,
+ &alt_type,
+ serial,
+ &serial_size,
+ NULL);
+ else if (type == TYPE_CRL)
+ err =
+ gnutls_x509_crl_get_authority_key_gn_serial(cert.crl,
+ 0, NULL,
+ &size,
+ &alt_type,
+ serial,
+ &serial_size,
+ NULL);
+ else {
+ gnutls_assert();
+ return;
+ }
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_authority_key_gn_serial: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_gn_serial(cert.crt,
+ 0, buffer,
+ &size,
+ &alt_type,
+ serial,
+ &serial_size,
+ NULL);
+ else
+ err =
+ gnutls_x509_crl_get_authority_key_gn_serial(cert.crl,
+ 0, buffer,
+ &size,
+ &alt_type,
+ serial,
+ &serial_size,
+ NULL);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_authority_key_gn_serial2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ add_altname(str, "", alt_type, buffer, size);
+ adds(str, "\t\t\tserial: ");
+ _gnutls_buffer_hexprint(str, serial, serial_size);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
}
-static void
-print_aki (gnutls_buffer_st * str, int type, cert_type_t cert)
+static void print_aki(gnutls_buffer_st * str, int type, cert_type_t cert)
{
- char *buffer = NULL;
- size_t size = 0;
- int err;
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_authority_key_id (cert.crt, buffer, &size, NULL);
- else if (type == TYPE_CRL)
- err =
- gnutls_x509_crl_get_authority_key_id (cert.crl, buffer, &size, NULL);
- else
- {
- gnutls_assert ();
- return;
- }
-
- if (err == GNUTLS_E_X509_UNSUPPORTED_EXTENSION)
- {
- /* Check if an alternative name is there */
- print_aki_gn_serial (str, type, cert);
- return;
- }
-
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_authority_key_id: %s\n", gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_authority_key_id (cert.crt, buffer, &size, NULL);
- else
- err =
- gnutls_x509_crl_get_authority_key_id (cert.crl, buffer, &size, NULL);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_authority_key_id2: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, "\t\t\t");
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
-
- gnutls_free (buffer);
+ char *buffer = NULL;
+ size_t size = 0;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_id(cert.crt, buffer,
+ &size, NULL);
+ else if (type == TYPE_CRL)
+ err =
+ gnutls_x509_crl_get_authority_key_id(cert.crl, buffer,
+ &size, NULL);
+ else {
+ gnutls_assert();
+ return;
+ }
+
+ if (err == GNUTLS_E_X509_UNSUPPORTED_EXTENSION) {
+ /* Check if an alternative name is there */
+ print_aki_gn_serial(str, type, cert);
+ return;
+ }
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_authority_key_id: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_id(cert.crt, buffer,
+ &size, NULL);
+ else
+ err =
+ gnutls_x509_crl_get_authority_key_id(cert.crl, buffer,
+ &size, NULL);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_authority_key_id2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, "\t\t\t");
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
}
static void
-print_key_usage (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+print_key_usage(gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
{
- unsigned int key_usage;
- int err;
-
- if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_key_usage (cert.crt, &key_usage, NULL);
- else if (type == TYPE_CRQ)
- err = gnutls_x509_crq_get_key_usage (cert.crq, &key_usage, NULL);
- else if (type == TYPE_PUBKEY)
- err = gnutls_pubkey_get_key_usage (cert.pubkey, &key_usage);
- else
- return;
-
- if (err < 0)
- {
- addf (str, "error: get_key_usage: %s\n", gnutls_strerror (err));
- return;
- }
-
- if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
- addf (str, _("%sDigital signature.\n"), prefix);
- if (key_usage & GNUTLS_KEY_NON_REPUDIATION)
- addf (str, _("%sNon repudiation.\n"), prefix);
- if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
- addf (str, _("%sKey encipherment.\n"), prefix);
- if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
- addf (str, _("%sData encipherment.\n"), prefix);
- if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
- addf (str, _("%sKey agreement.\n"), prefix);
- if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
- addf (str, _("%sCertificate signing.\n"), prefix);
- if (key_usage & GNUTLS_KEY_CRL_SIGN)
- addf (str, _("%sCRL signing.\n"), prefix);
- if (key_usage & GNUTLS_KEY_ENCIPHER_ONLY)
- addf (str, _("%sKey encipher only.\n"), prefix);
- if (key_usage & GNUTLS_KEY_DECIPHER_ONLY)
- addf (str, _("%sKey decipher only.\n"), prefix);
+ unsigned int key_usage;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_key_usage(cert.crt, &key_usage,
+ NULL);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_key_usage(cert.crq, &key_usage,
+ NULL);
+ else if (type == TYPE_PUBKEY)
+ err = gnutls_pubkey_get_key_usage(cert.pubkey, &key_usage);
+ else
+ return;
+
+ if (err < 0) {
+ addf(str, "error: get_key_usage: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
+ addf(str, _("%sDigital signature.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_NON_REPUDIATION)
+ addf(str, _("%sNon repudiation.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
+ addf(str, _("%sKey encipherment.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
+ addf(str, _("%sData encipherment.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
+ addf(str, _("%sKey agreement.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
+ addf(str, _("%sCertificate signing.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_CRL_SIGN)
+ addf(str, _("%sCRL signing.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_ENCIPHER_ONLY)
+ addf(str, _("%sKey encipher only.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_DECIPHER_ONLY)
+ addf(str, _("%sKey decipher only.\n"), prefix);
}
static void
-print_private_key_usage_period (gnutls_buffer_st * str, const char *prefix,
- int type, cert_type_t cert)
+print_private_key_usage_period(gnutls_buffer_st * str, const char *prefix,
+ int type, cert_type_t cert)
{
- time_t activation, expiration;
- int err;
- char s[42];
- struct tm t;
- size_t max;
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_private_key_usage_period (cert.crt, &activation,
- &expiration, NULL);
- else if (type == TYPE_CRQ)
- err =
- gnutls_x509_crq_get_private_key_usage_period (cert.crq, &activation,
- &expiration, NULL);
- else
- return;
-
- if (err < 0)
- {
- addf (str, "error: get_private_key_usage_period: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- max = sizeof (s);
-
- if (gmtime_r (&activation, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) activation);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) activation);
- else
- addf (str, _("\t\t\tNot Before: %s\n"), s);
-
- if (gmtime_r (&expiration, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) expiration);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) expiration);
- else
- addf (str, _("\t\t\tNot After: %s\n"), s);
+ time_t activation, expiration;
+ int err;
+ char s[42];
+ struct tm t;
+ size_t max;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_private_key_usage_period(cert.crt,
+ &activation,
+ &expiration,
+ NULL);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_private_key_usage_period(cert.crq,
+ &activation,
+ &expiration,
+ NULL);
+ else
+ return;
+
+ if (err < 0) {
+ addf(str, "error: get_private_key_usage_period: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ max = sizeof(s);
+
+ if (gmtime_r(&activation, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) activation);
+ else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) activation);
+ else
+ addf(str, _("\t\t\tNot Before: %s\n"), s);
+
+ if (gmtime_r(&expiration, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) expiration);
+ else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) expiration);
+ else
+ addf(str, _("\t\t\tNot After: %s\n"), s);
}
-static void
-print_crldist (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_crldist(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- char *buffer = NULL;
- size_t size;
- char str_ip[64];
- char *p;
- int err;
- int indx;
-
- for (indx = 0;; indx++)
- {
- size = 0;
- err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
- NULL, NULL);
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- return;
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_crl_dist_points: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
- NULL, NULL);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_crl_dist_points2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- if ((err == GNUTLS_SAN_DNSNAME
- || err == GNUTLS_SAN_RFC822NAME
- || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
- {
- adds (str, _("warning: distributionPoint contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (buffer) < size)
- buffer[strlen (buffer)] = '!';
- }
-
- switch (err)
- {
- case GNUTLS_SAN_DNSNAME:
- addf (str, "\t\t\tDNSname: %.*s\n", (int) size, buffer);
- break;
-
- case GNUTLS_SAN_RFC822NAME:
- addf (str, "\t\t\tRFC822name: %.*s\n", (int) size, buffer);
- break;
-
- case GNUTLS_SAN_URI:
- addf (str, "\t\t\tURI: %.*s\n", (int) size, buffer);
- break;
-
- case GNUTLS_SAN_IPADDRESS:
- p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
- if (p == NULL)
- p = ERROR_STR;
- addf (str, "\t\t\tIPAddress: %s\n", p);
- break;
-
- case GNUTLS_SAN_DN:
- addf (str, "\t\t\tdirectoryName: %.*s\n", (int) size, buffer);
- break;
-
- default:
- addf (str, "error: unknown SAN\n");
- break;
- }
- gnutls_free (buffer);
- }
+ char *buffer = NULL;
+ size_t size;
+ char str_ip[64];
+ char *p;
+ int err;
+ int indx;
+
+ for (indx = 0;; indx++) {
+ size = 0;
+ err =
+ gnutls_x509_crt_get_crl_dist_points(cert, indx, buffer,
+ &size, NULL, NULL);
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return;
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_crl_dist_points: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err =
+ gnutls_x509_crt_get_crl_dist_points(cert, indx, buffer,
+ &size, NULL, NULL);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_crl_dist_points2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if ((err == GNUTLS_SAN_DNSNAME
+ || err == GNUTLS_SAN_RFC822NAME
+ || err == GNUTLS_SAN_URI) && strlen(buffer) != size) {
+ adds(str,
+ _
+ ("warning: distributionPoint contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen(buffer) < size)
+ buffer[strlen(buffer)] = '!';
+ }
+
+ switch (err) {
+ case GNUTLS_SAN_DNSNAME:
+ addf(str, "\t\t\tDNSname: %.*s\n", (int) size,
+ buffer);
+ break;
+
+ case GNUTLS_SAN_RFC822NAME:
+ addf(str, "\t\t\tRFC822name: %.*s\n", (int) size,
+ buffer);
+ break;
+
+ case GNUTLS_SAN_URI:
+ addf(str, "\t\t\tURI: %.*s\n", (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_IPADDRESS:
+ p = ip_to_string(buffer, size, str_ip,
+ sizeof(str_ip));
+ if (p == NULL)
+ p = ERROR_STR;
+ addf(str, "\t\t\tIPAddress: %s\n", p);
+ break;
+
+ case GNUTLS_SAN_DN:
+ addf(str, "\t\t\tdirectoryName: %.*s\n",
+ (int) size, buffer);
+ break;
+
+ default:
+ addf(str, "error: unknown SAN\n");
+ break;
+ }
+ gnutls_free(buffer);
+ }
}
static void
-print_key_purpose (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+print_key_purpose(gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
{
- int indx;
- char *buffer = NULL;
- size_t size;
- int err;
-
- for (indx = 0;; indx++)
- {
- size = 0;
- if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
- &size, NULL);
- else if (type == TYPE_CRQ)
- err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
- &size, NULL);
- else
- return;
-
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- return;
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_key_purpose_oid: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
- &size, NULL);
- else
- err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
- &size, NULL);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_key_purpose_oid2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- if (strcmp (buffer, GNUTLS_KP_TLS_WWW_SERVER) == 0)
- addf (str, _("%s\t\t\tTLS WWW Server.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_TLS_WWW_CLIENT) == 0)
- addf (str, _("%s\t\t\tTLS WWW Client.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_CODE_SIGNING) == 0)
- addf (str, _("%s\t\t\tCode signing.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_EMAIL_PROTECTION) == 0)
- addf (str, _("%s\t\t\tEmail protection.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_TIME_STAMPING) == 0)
- addf (str, _("%s\t\t\tTime stamping.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_OCSP_SIGNING) == 0)
- addf (str, _("%s\t\t\tOCSP signing.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_IPSEC_IKE) == 0)
- addf (str, _("%s\t\t\tIpsec IKE.\n"), prefix);
- else if (strcmp (buffer, GNUTLS_KP_ANY) == 0)
- addf (str, _("%s\t\t\tAny purpose.\n"), prefix);
- else
- addf (str, "%s\t\t\t%s\n", prefix, buffer);
-
- gnutls_free (buffer);
- }
+ int indx;
+ char *buffer = NULL;
+ size_t size;
+ int err;
+
+ for (indx = 0;; indx++) {
+ size = 0;
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_key_purpose_oid(cert.crt,
+ indx,
+ buffer,
+ &size,
+ NULL);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_key_purpose_oid(cert.crq,
+ indx,
+ buffer,
+ &size,
+ NULL);
+ else
+ return;
+
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return;
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_key_purpose_oid: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_key_purpose_oid(cert.crt,
+ indx,
+ buffer,
+ &size,
+ NULL);
+ else
+ err =
+ gnutls_x509_crq_get_key_purpose_oid(cert.crq,
+ indx,
+ buffer,
+ &size,
+ NULL);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_key_purpose_oid2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (strcmp(buffer, GNUTLS_KP_TLS_WWW_SERVER) == 0)
+ addf(str, _("%s\t\t\tTLS WWW Server.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_TLS_WWW_CLIENT) == 0)
+ addf(str, _("%s\t\t\tTLS WWW Client.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_CODE_SIGNING) == 0)
+ addf(str, _("%s\t\t\tCode signing.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_EMAIL_PROTECTION) == 0)
+ addf(str, _("%s\t\t\tEmail protection.\n"),
+ prefix);
+ else if (strcmp(buffer, GNUTLS_KP_TIME_STAMPING) == 0)
+ addf(str, _("%s\t\t\tTime stamping.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_OCSP_SIGNING) == 0)
+ addf(str, _("%s\t\t\tOCSP signing.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_IPSEC_IKE) == 0)
+ addf(str, _("%s\t\t\tIpsec IKE.\n"), prefix);
+ else if (strcmp(buffer, GNUTLS_KP_ANY) == 0)
+ addf(str, _("%s\t\t\tAny purpose.\n"), prefix);
+ else
+ addf(str, "%s\t\t\t%s\n", prefix, buffer);
+
+ gnutls_free(buffer);
+ }
}
static void
-print_basic (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+print_basic(gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
{
- int pathlen;
- int err;
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_basic_constraints (cert.crt, NULL, NULL, &pathlen);
- else if (type == TYPE_CRQ)
- err =
- gnutls_x509_crq_get_basic_constraints (cert.crq, NULL, NULL, &pathlen);
- else
- return;
-
- if (err < 0)
- {
- addf (str, "error: get_basic_constraints: %s\n", gnutls_strerror (err));
- return;
- }
-
- if (err == 0)
- addf (str, _("%s\t\t\tCertificate Authority (CA): FALSE\n"), prefix);
- else
- addf (str, _("%s\t\t\tCertificate Authority (CA): TRUE\n"), prefix);
-
- if (pathlen >= 0)
- addf (str, _("%s\t\t\tPath Length Constraint: %d\n"), prefix, pathlen);
+ int pathlen;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_basic_constraints(cert.crt, NULL,
+ NULL, &pathlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_basic_constraints(cert.crq, NULL,
+ NULL, &pathlen);
+ else
+ return;
+
+ if (err < 0) {
+ addf(str, "error: get_basic_constraints: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (err == 0)
+ addf(str, _("%s\t\t\tCertificate Authority (CA): FALSE\n"),
+ prefix);
+ else
+ addf(str, _("%s\t\t\tCertificate Authority (CA): TRUE\n"),
+ prefix);
+
+ if (pathlen >= 0)
+ addf(str, _("%s\t\t\tPath Length Constraint: %d\n"),
+ prefix, pathlen);
}
static void
-print_altname (gnutls_buffer_st * str, const char *prefix,
- unsigned int altname_type, cert_type_t cert)
+print_altname(gnutls_buffer_st * str, const char *prefix,
+ unsigned int altname_type, cert_type_t cert)
{
- unsigned int altname_idx;
-
- for (altname_idx = 0;; altname_idx++)
- {
- char *buffer = NULL;
- size_t size = 0;
- int err;
-
- if (altname_type == TYPE_CRT_SAN)
- err =
- gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
- &size, NULL);
- else if (altname_type == TYPE_CRQ_SAN)
- err =
- gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
- &size, NULL, NULL);
- else if (altname_type == TYPE_CRT_IAN)
- err =
- gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx, buffer,
- &size, NULL);
- else
- return;
-
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_subject/issuer_alt_name: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (altname_type == TYPE_CRT_SAN)
- err =
- gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
- &size, NULL);
- else if (altname_type == TYPE_CRQ_SAN)
- err =
- gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
- &size, NULL, NULL);
- else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx,
- buffer, &size, NULL);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_subject/issuer_alt_name2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
-
- if (err == GNUTLS_SAN_OTHERNAME)
- {
- char *oid = NULL;
- size_t oidsize;
-
- oidsize = 0;
- if (altname_type == TYPE_CRT_SAN)
- err = gnutls_x509_crt_get_subject_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRQ_SAN)
- err = gnutls_x509_crq_get_subject_alt_othername_oid
- (cert.crq, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
-
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_free (buffer);
- addf (str,
- "error: get_subject/issuer_alt_othername_oid: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- oid = gnutls_malloc (oidsize);
- if (!oid)
- {
- gnutls_free (buffer);
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- if (altname_type == TYPE_CRT_SAN)
- err = gnutls_x509_crt_get_subject_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRQ_SAN)
- err = gnutls_x509_crq_get_subject_alt_othername_oid
- (cert.crq, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- gnutls_free (oid);
- addf (str, "error: get_subject_alt_othername_oid2: %s\n",
- gnutls_strerror (err));
- return;
- }
-
- if (err == GNUTLS_SAN_OTHERNAME_XMPP)
- {
- if (strlen (buffer) != size)
- {
- adds (str, _("warning: altname contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (buffer) < size)
- buffer[strlen (buffer)] = '!';
- }
-
- addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix,
- (int) size, buffer);
- }
- else
- {
- addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix,
- (int) oidsize, oid);
- addf (str, _("%s\t\t\totherName DER: "), prefix);
- _gnutls_buffer_hexprint (str, buffer, size);
- addf (str, _("\n%s\t\t\totherName ASCII: "), prefix);
- _gnutls_buffer_asciiprint (str, buffer, size);
- addf (str, "\n");
- }
- gnutls_free (oid);
- }
- else
- add_altname (str, prefix, err, buffer, size);
-
- gnutls_free (buffer);
- }
+ unsigned int altname_idx;
+
+ for (altname_idx = 0;; altname_idx++) {
+ char *buffer = NULL;
+ size_t size = 0;
+ int err;
+
+ if (altname_type == TYPE_CRT_SAN)
+ err =
+ gnutls_x509_crt_get_subject_alt_name(cert.crt,
+ altname_idx,
+ buffer,
+ &size,
+ NULL);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err =
+ gnutls_x509_crq_get_subject_alt_name(cert.crq,
+ altname_idx,
+ buffer,
+ &size,
+ NULL,
+ NULL);
+ else if (altname_type == TYPE_CRT_IAN)
+ err =
+ gnutls_x509_crt_get_issuer_alt_name(cert.crt,
+ altname_idx,
+ buffer,
+ &size,
+ NULL);
+ else
+ return;
+
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str,
+ "error: get_subject/issuer_alt_name: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (altname_type == TYPE_CRT_SAN)
+ err =
+ gnutls_x509_crt_get_subject_alt_name(cert.crt,
+ altname_idx,
+ buffer,
+ &size,
+ NULL);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err =
+ gnutls_x509_crq_get_subject_alt_name(cert.crq,
+ altname_idx,
+ buffer,
+ &size,
+ NULL,
+ NULL);
+ else if (altname_type == TYPE_CRT_IAN)
+ err =
+ gnutls_x509_crt_get_issuer_alt_name(cert.crt,
+ altname_idx,
+ buffer,
+ &size,
+ NULL);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str,
+ "error: get_subject/issuer_alt_name2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+
+ if (err == GNUTLS_SAN_OTHERNAME) {
+ char *oid = NULL;
+ size_t oidsize;
+
+ oidsize = 0;
+ if (altname_type == TYPE_CRT_SAN)
+ err =
+ gnutls_x509_crt_get_subject_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err =
+ gnutls_x509_crq_get_subject_alt_othername_oid
+ (cert.crq, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRT_IAN)
+ err =
+ gnutls_x509_crt_get_issuer_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_free(buffer);
+ addf(str,
+ "error: get_subject/issuer_alt_othername_oid: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ oid = gnutls_malloc(oidsize);
+ if (!oid) {
+ gnutls_free(buffer);
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (altname_type == TYPE_CRT_SAN)
+ err =
+ gnutls_x509_crt_get_subject_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err =
+ gnutls_x509_crq_get_subject_alt_othername_oid
+ (cert.crq, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRT_IAN)
+ err =
+ gnutls_x509_crt_get_issuer_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ gnutls_free(oid);
+ addf(str,
+ "error: get_subject_alt_othername_oid2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (err == GNUTLS_SAN_OTHERNAME_XMPP) {
+ if (strlen(buffer) != size) {
+ adds(str,
+ _
+ ("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen(buffer) < size)
+ buffer[strlen(buffer)] =
+ '!';
+ }
+
+ addf(str,
+ _("%s\t\t\tXMPP Address: %.*s\n"),
+ prefix, (int) size, buffer);
+ } else {
+ addf(str,
+ _("%s\t\t\totherName OID: %.*s\n"),
+ prefix, (int) oidsize, oid);
+ addf(str, _("%s\t\t\totherName DER: "),
+ prefix);
+ _gnutls_buffer_hexprint(str, buffer, size);
+ addf(str, _("\n%s\t\t\totherName ASCII: "),
+ prefix);
+ _gnutls_buffer_asciiprint(str, buffer,
+ size);
+ addf(str, "\n");
+ }
+ gnutls_free(oid);
+ } else
+ add_altname(str, prefix, err, buffer, size);
+
+ gnutls_free(buffer);
+ }
}
static void
-guiddump (gnutls_buffer_st * str, const char *data, size_t len,
- const char *spc)
+guiddump(gnutls_buffer_st * str, const char *data, size_t len,
+ const char *spc)
{
- size_t j;
-
- if (spc)
- adds (str, spc);
- addf (str, "{");
- addf (str, "%.2X", (unsigned char) data[3]);
- addf (str, "%.2X", (unsigned char) data[2]);
- addf (str, "%.2X", (unsigned char) data[1]);
- addf (str, "%.2X", (unsigned char) data[0]);
- addf (str, "-");
- addf (str, "%.2X", (unsigned char) data[5]);
- addf (str, "%.2X", (unsigned char) data[4]);
- addf (str, "-");
- addf (str, "%.2X", (unsigned char) data[7]);
- addf (str, "%.2X", (unsigned char) data[6]);
- addf (str, "-");
- addf (str, "%.2X", (unsigned char) data[8]);
- addf (str, "%.2X", (unsigned char) data[9]);
- addf (str, "-");
- for (j = 10; j < 16; j++)
- {
- addf (str, "%.2X", (unsigned char) data[j]);
- }
- addf (str, "}\n");
+ size_t j;
+
+ if (spc)
+ adds(str, spc);
+ addf(str, "{");
+ addf(str, "%.2X", (unsigned char) data[3]);
+ addf(str, "%.2X", (unsigned char) data[2]);
+ addf(str, "%.2X", (unsigned char) data[1]);
+ addf(str, "%.2X", (unsigned char) data[0]);
+ addf(str, "-");
+ addf(str, "%.2X", (unsigned char) data[5]);
+ addf(str, "%.2X", (unsigned char) data[4]);
+ addf(str, "-");
+ addf(str, "%.2X", (unsigned char) data[7]);
+ addf(str, "%.2X", (unsigned char) data[6]);
+ addf(str, "-");
+ addf(str, "%.2X", (unsigned char) data[8]);
+ addf(str, "%.2X", (unsigned char) data[9]);
+ addf(str, "-");
+ for (j = 10; j < 16; j++) {
+ addf(str, "%.2X", (unsigned char) data[j]);
+ }
+ addf(str, "}\n");
}
static void
-print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
+print_unique_ids(gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
{
- int result;
- char buf[256]; /* if its longer, we won't bother to print it */
- size_t buf_size = 256;
-
- result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size);
- if (result >= 0)
- {
- addf (str, ("\t\tIssuer Unique ID:\n"));
- _gnutls_buffer_hexdump (str, buf, buf_size, "\t\t\t");
- if (buf_size == 16)
- { /* this could be a GUID */
- guiddump (str, buf, buf_size, "\t\t\t");
- }
- }
-
- buf_size = 256;
- result = gnutls_x509_crt_get_subject_unique_id (cert, buf, &buf_size);
- if (result >= 0)
- {
- addf (str, ("\t\tSubject Unique ID:\n"));
- _gnutls_buffer_hexdump (str, buf, buf_size, "\t\t\t");
- if (buf_size == 16)
- { /* this could be a GUID */
- guiddump (str, buf, buf_size, "\t\t\t");
- }
- }
+ int result;
+ char buf[256]; /* if its longer, we won't bother to print it */
+ size_t buf_size = 256;
+
+ result =
+ gnutls_x509_crt_get_issuer_unique_id(cert, buf, &buf_size);
+ if (result >= 0) {
+ addf(str, ("\t\tIssuer Unique ID:\n"));
+ _gnutls_buffer_hexdump(str, buf, buf_size, "\t\t\t");
+ if (buf_size == 16) { /* this could be a GUID */
+ guiddump(str, buf, buf_size, "\t\t\t");
+ }
+ }
+
+ buf_size = 256;
+ result =
+ gnutls_x509_crt_get_subject_unique_id(cert, buf, &buf_size);
+ if (result >= 0) {
+ addf(str, ("\t\tSubject Unique ID:\n"));
+ _gnutls_buffer_hexdump(str, buf, buf_size, "\t\t\t");
+ if (buf_size == 16) { /* this could be a GUID */
+ guiddump(str, buf, buf_size, "\t\t\t");
+ }
+ }
}
static void
-print_extensions (gnutls_buffer_st * str, const char *prefix, int type,
- cert_type_t cert)
+print_extensions(gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
{
- unsigned i, j;
- int err;
- int san_idx = 0;
- int ian_idx = 0;
- int proxy_idx = 0;
- int basic_idx = 0;
- int keyusage_idx = 0;
- int keypurpose_idx = 0;
- int ski_idx = 0;
- int aki_idx = 0;
- int crldist_idx = 0, pkey_usage_period_idx = 0;
- char pfx[16];
-
- for (i = 0;; i++)
- {
- char oid[MAX_OID_SIZE] = "";
- size_t sizeof_oid = sizeof (oid);
- unsigned int critical;
-
- if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_extension_info (cert.crt, i,
- oid, &sizeof_oid,
- &critical);
-
- else if (type == TYPE_CRQ)
- err = gnutls_x509_crq_get_extension_info (cert.crq, i,
- oid, &sizeof_oid,
- &critical);
- else
- {
- gnutls_assert ();
- return;
- }
-
- if (err < 0)
- {
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "error: get_extension_info: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- if (i == 0)
- addf (str, _("%s\tExtensions:\n"), prefix);
-
- if (strcmp (oid, "2.5.29.19") == 0)
- {
- if (basic_idx)
- {
- addf (str, "error: more than one basic constraint\n");
- continue;
- }
-
- addf (str, _("%s\t\tBasic Constraints (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- print_basic (str, prefix, type, cert);
-
- basic_idx++;
- }
- else if (strcmp (oid, "2.5.29.14") == 0)
- {
- if (ski_idx)
- {
- addf (str, "error: more than one SKI extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tSubject Key Identifier (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- print_ski (str, cert.crt);
-
- ski_idx++;
- }
- else if (strcmp (oid, "2.5.29.32") == 0)
- {
- struct gnutls_x509_policy_st policy;
- const char *name;
- int x;
-
- for (x = 0;; x++)
- {
- err =
- gnutls_x509_crt_get_policy (cert.crt, x, &policy, &critical);
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
-
- if (err < 0)
- {
- addf (str, "error: certificate policy: %s\n",
- gnutls_strerror (err));
- break;
- }
-
- if (x == 0)
- addf (str, "%s\t\tCertificate Policies (%s):\n", prefix,
- critical ? _("critical") : _("not critical"));
-
- addf (str, "%s\t\t\t%s\n", prefix, policy.oid);
- for (j = 0; j < policy.qualifiers; j++)
- {
- if (policy.qualifier[j].type == GNUTLS_X509_QUALIFIER_URI)
- name = "URI";
- else if (policy.qualifier[j].type ==
- GNUTLS_X509_QUALIFIER_NOTICE)
- name = "Note";
- else
- name = "Unknown qualifier";
- addf (str, "%s\t\t\t\t%s: %s\n", prefix, name,
- policy.qualifier[j].data);
- }
-
- gnutls_x509_policy_release (&policy);
- }
- }
- else if (strcmp (oid, "2.5.29.35") == 0)
- {
-
- if (aki_idx)
- {
- addf (str, "error: more than one AKI extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- print_aki (str, TYPE_CRT, cert);
-
- aki_idx++;
- }
- else if (strcmp (oid, "2.5.29.15") == 0)
- {
- if (keyusage_idx)
- {
- addf (str, "error: more than one key usage extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tKey Usage (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix);
- print_key_usage (str, pfx, type, cert);
-
- keyusage_idx++;
- }
- else if (strcmp (oid, "2.5.29.16") == 0)
- {
- if (pkey_usage_period_idx)
- {
- addf (str,
- "error: more than one private key usage period extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tPrivate Key Usage Period (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- print_private_key_usage_period (str, prefix, type, cert);
-
- pkey_usage_period_idx++;
- }
- else if (strcmp (oid, "2.5.29.37") == 0)
- {
- if (keypurpose_idx)
- {
- addf (str, "error: more than one key purpose extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tKey Purpose (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- print_key_purpose (str, prefix, type, cert);
- keypurpose_idx++;
- }
- else if (strcmp (oid, "2.5.29.17") == 0)
- {
- if (san_idx)
- {
- addf (str, "error: more than one SKI extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tSubject Alternative Name (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- print_altname (str, prefix, type, cert);
-
- san_idx++;
- }
- else if (strcmp (oid, "2.5.29.18") == 0)
- {
- if (ian_idx)
- {
- addf (str, "error: more than one Issuer AltName extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tIssuer Alternative Name (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- print_altname (str, prefix, TYPE_CRT_IAN, cert);
-
- ian_idx++;
- }
- else if (strcmp (oid, "2.5.29.31") == 0)
- {
- if (crldist_idx)
- {
- addf (str, "error: more than one CRL distribution point\n");
- continue;
- }
-
- addf (str, _("%s\t\tCRL Distribution points (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- print_crldist (str, cert.crt);
- crldist_idx++;
- }
- else if (strcmp (oid, "1.3.6.1.5.5.7.1.14") == 0)
- {
- if (proxy_idx)
- {
- addf (str, "error: more than one proxy extension\n");
- continue;
- }
-
- addf (str, _("%s\t\tProxy Certificate Information (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- print_proxy (str, cert.crt);
-
- proxy_idx++;
- }
- else if (strcmp (oid, "1.3.6.1.5.5.7.1.1") == 0)
- {
- addf (str, _("%s\t\tAuthority Information "
- "Access (%s):\n"), prefix,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- print_aia (str, cert.crt);
- }
- else
- {
- char *buffer;
- size_t extlen = 0;
-
- addf (str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid,
- critical ? _("critical") : _("not critical"));
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_extension_data (cert.crt, i, NULL, &extlen);
- else if (type == TYPE_CRQ)
- err =
- gnutls_x509_crq_get_extension_data (cert.crq, i, NULL, &extlen);
- else
- {
- gnutls_assert ();
- return;
- }
-
- if (err < 0)
- {
- addf (str, "error: get_extension_data: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- buffer = gnutls_malloc (extlen);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- if (type == TYPE_CRT)
- err =
- gnutls_x509_crt_get_extension_data (cert.crt, i, buffer,
- &extlen);
- else if (type == TYPE_CRQ)
- err =
- gnutls_x509_crq_get_extension_data (cert.crq, i, buffer,
- &extlen);
-
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_extension_data2: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- addf (str, _("%s\t\t\tASCII: "), prefix);
- _gnutls_buffer_asciiprint (str, buffer, extlen);
- addf (str, "\n");
-
- addf (str, _("%s\t\t\tHexdump: "), prefix);
- _gnutls_buffer_hexprint (str, buffer, extlen);
- adds (str, "\n");
-
- gnutls_free (buffer);
- }
- }
+ unsigned i, j;
+ int err;
+ int san_idx = 0;
+ int ian_idx = 0;
+ int proxy_idx = 0;
+ int basic_idx = 0;
+ int keyusage_idx = 0;
+ int keypurpose_idx = 0;
+ int ski_idx = 0;
+ int aki_idx = 0;
+ int crldist_idx = 0, pkey_usage_period_idx = 0;
+ char pfx[16];
+
+ for (i = 0;; i++) {
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof(oid);
+ unsigned int critical;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_extension_info(cert.crt, i,
+ oid,
+ &sizeof_oid,
+ &critical);
+
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_extension_info(cert.crq, i,
+ oid,
+ &sizeof_oid,
+ &critical);
+ else {
+ gnutls_assert();
+ return;
+ }
+
+ if (err < 0) {
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf(str, "error: get_extension_info: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ if (i == 0)
+ addf(str, _("%s\tExtensions:\n"), prefix);
+
+ if (strcmp(oid, "2.5.29.19") == 0) {
+ if (basic_idx) {
+ addf(str,
+ "error: more than one basic constraint\n");
+ continue;
+ }
+
+ addf(str, _("%s\t\tBasic Constraints (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_basic(str, prefix, type, cert);
+
+ basic_idx++;
+ } else if (strcmp(oid, "2.5.29.14") == 0) {
+ if (ski_idx) {
+ addf(str,
+ "error: more than one SKI extension\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tSubject Key Identifier (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_ski(str, cert.crt);
+
+ ski_idx++;
+ } else if (strcmp(oid, "2.5.29.32") == 0) {
+ struct gnutls_x509_policy_st policy;
+ const char *name;
+ int x;
+
+ for (x = 0;; x++) {
+ err =
+ gnutls_x509_crt_get_policy(cert.crt, x,
+ &policy,
+ &critical);
+ if (err ==
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+
+ if (err < 0) {
+ addf(str,
+ "error: certificate policy: %s\n",
+ gnutls_strerror(err));
+ break;
+ }
+
+ if (x == 0)
+ addf(str,
+ "%s\t\tCertificate Policies (%s):\n",
+ prefix,
+ critical ? _("critical") :
+ _("not critical"));
+
+ addf(str, "%s\t\t\t%s\n", prefix,
+ policy.oid);
+ for (j = 0; j < policy.qualifiers; j++) {
+ if (policy.qualifier[j].type ==
+ GNUTLS_X509_QUALIFIER_URI)
+ name = "URI";
+ else if (policy.qualifier[j].
+ type ==
+ GNUTLS_X509_QUALIFIER_NOTICE)
+ name = "Note";
+ else
+ name = "Unknown qualifier";
+ addf(str, "%s\t\t\t\t%s: %s\n",
+ prefix, name,
+ policy.qualifier[j].data);
+ }
+
+ gnutls_x509_policy_release(&policy);
+ }
+ } else if (strcmp(oid, "2.5.29.35") == 0) {
+
+ if (aki_idx) {
+ addf(str,
+ "error: more than one AKI extension\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tAuthority Key Identifier (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_aki(str, TYPE_CRT, cert);
+
+ aki_idx++;
+ } else if (strcmp(oid, "2.5.29.15") == 0) {
+ if (keyusage_idx) {
+ addf(str,
+ "error: more than one key usage extension\n");
+ continue;
+ }
+
+ addf(str, _("%s\t\tKey Usage (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix);
+ print_key_usage(str, pfx, type, cert);
+
+ keyusage_idx++;
+ } else if (strcmp(oid, "2.5.29.16") == 0) {
+ if (pkey_usage_period_idx) {
+ addf(str,
+ "error: more than one private key usage period extension\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tPrivate Key Usage Period (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_private_key_usage_period(str, prefix, type,
+ cert);
+
+ pkey_usage_period_idx++;
+ } else if (strcmp(oid, "2.5.29.37") == 0) {
+ if (keypurpose_idx) {
+ addf(str,
+ "error: more than one key purpose extension\n");
+ continue;
+ }
+
+ addf(str, _("%s\t\tKey Purpose (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_key_purpose(str, prefix, type, cert);
+ keypurpose_idx++;
+ } else if (strcmp(oid, "2.5.29.17") == 0) {
+ if (san_idx) {
+ addf(str,
+ "error: more than one SKI extension\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tSubject Alternative Name (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_altname(str, prefix, type, cert);
+
+ san_idx++;
+ } else if (strcmp(oid, "2.5.29.18") == 0) {
+ if (ian_idx) {
+ addf(str,
+ "error: more than one Issuer AltName extension\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tIssuer Alternative Name (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_altname(str, prefix, TYPE_CRT_IAN, cert);
+
+ ian_idx++;
+ } else if (strcmp(oid, "2.5.29.31") == 0) {
+ if (crldist_idx) {
+ addf(str,
+ "error: more than one CRL distribution point\n");
+ continue;
+ }
+
+ addf(str,
+ _("%s\t\tCRL Distribution points (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_crldist(str, cert.crt);
+ crldist_idx++;
+ } else if (strcmp(oid, "1.3.6.1.5.5.7.1.14") == 0) {
+ if (proxy_idx) {
+ addf(str,
+ "error: more than one proxy extension\n");
+ continue;
+ }
+
+ addf(str,
+ _
+ ("%s\t\tProxy Certificate Information (%s):\n"),
+ prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_proxy(str, cert.crt);
+
+ proxy_idx++;
+ } else if (strcmp(oid, "1.3.6.1.5.5.7.1.1") == 0) {
+ addf(str, _("%s\t\tAuthority Information "
+ "Access (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_aia(str, cert.crt);
+ } else {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf(str, _("%s\t\tUnknown extension %s (%s):\n"),
+ prefix, oid,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_extension_data
+ (cert.crt, i, NULL, &extlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_extension_data
+ (cert.crq, i, NULL, &extlen);
+ else {
+ gnutls_assert();
+ return;
+ }
+
+ if (err < 0) {
+ addf(str,
+ "error: get_extension_data: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ buffer = gnutls_malloc(extlen);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_extension_data
+ (cert.crt, i, buffer, &extlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_extension_data
+ (cert.crq, i, buffer, &extlen);
+
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str,
+ "error: get_extension_data2: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ addf(str, _("%s\t\t\tASCII: "), prefix);
+ _gnutls_buffer_asciiprint(str, buffer, extlen);
+ addf(str, "\n");
+
+ addf(str, _("%s\t\t\tHexdump: "), prefix);
+ _gnutls_buffer_hexprint(str, buffer, extlen);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
+ }
+ }
}
static void
-print_pubkey (gnutls_buffer_st * str, const char* key_name, gnutls_pubkey_t pubkey, gnutls_certificate_print_formats_t format)
+print_pubkey(gnutls_buffer_st * str, const char *key_name,
+ gnutls_pubkey_t pubkey,
+ gnutls_certificate_print_formats_t format)
{
- int err, pk;
- const char *name;
- unsigned bits;
-
- err = gnutls_pubkey_get_pk_algorithm (pubkey, &bits);
- if (err < 0)
- {
- addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
- return;
- }
-
- name = gnutls_pk_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
-
- pk = err;
-
- addf (str, _("\t%sPublic Key Algorithm: %s\n"), key_name, name);
- addf (str, _("\tAlgorithm Security Level: %s (%d bits)\n"),
- gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
- (err, bits)), bits);
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_datum_t m, e;
-
- err = gnutls_pubkey_get_pk_rsa_raw (pubkey, &m, &e);
- if (err < 0)
- addf (str, "error: get_pk_rsa_raw: %s\n", gnutls_strerror (err));
- else
- {
- if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS)
- {
- addf (str, _("\t\tModulus (bits %d): "), bits);
- _gnutls_buffer_hexprint (str, m.data, m.size);
- adds (str, "\n");
- addf (str, _("\t\tExponent (bits %d): "), e.size * 8);
- _gnutls_buffer_hexprint (str, e.data, e.size);
- adds (str, "\n");
- }
- else
- {
- addf (str, _("\t\tModulus (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t");
- addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8);
- _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t");
- }
-
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
-
- }
- break;
-
- case GNUTLS_PK_EC:
- {
- gnutls_datum_t x, y;
- gnutls_ecc_curve_t curve;
-
- err = gnutls_pubkey_get_pk_ecc_raw (pubkey, &curve, &x, &y);
- if (err < 0)
- addf (str, "error: get_pk_ecc_raw: %s\n", gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tCurve:\t%s\n"),
- gnutls_ecc_curve_get_name (curve));
- if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS)
- {
- adds (str, _("\t\tX: "));
- _gnutls_buffer_hexprint (str, x.data, x.size);
- adds (str, "\n");
- adds (str, _("\t\tY: "));
- _gnutls_buffer_hexprint (str, y.data, y.size);
- adds (str, "\n");
- }
- else
- {
- adds (str, _("\t\tX:\n"));
- _gnutls_buffer_hexdump (str, x.data, x.size, "\t\t\t");
- adds (str, _("\t\tY:\n"));
- _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
- }
-
- gnutls_free (x.data);
- gnutls_free (y.data);
-
- }
- }
- break;
- case GNUTLS_PK_DSA:
- {
- gnutls_datum_t p, q, g, y;
-
- err = gnutls_pubkey_get_pk_dsa_raw (pubkey, &p, &q, &g, &y);
- if (err < 0)
- addf (str, "error: get_pk_dsa_raw: %s\n", gnutls_strerror (err));
- else
- {
- if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS)
- {
- addf (str, _("\t\tPublic key (bits %d): "), bits);
- _gnutls_buffer_hexprint (str, y.data, y.size);
- adds (str, "\n");
- addf (str, _("\t\tP: "));
- _gnutls_buffer_hexprint (str, p.data, p.size);
- adds (str, "\n");
- addf (str, _("\t\tQ: "));
- _gnutls_buffer_hexprint (str, q.data, q.size);
- adds (str, "\n");
- addf (str, _("\t\tG: "));
- _gnutls_buffer_hexprint (str, g.data, g.size);
- adds (str, "\n");
- }
- else
- {
- addf (str, _("\t\tPublic key (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
- adds (str, _("\t\tP:\n"));
- _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t");
- adds (str, _("\t\tQ:\n"));
- _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t");
- adds (str, _("\t\tG:\n"));
- _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t");
- }
-
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
-
- }
- }
- break;
-
- default:
- break;
- }
+ int err, pk;
+ const char *name;
+ unsigned bits;
+
+ err = gnutls_pubkey_get_pk_algorithm(pubkey, &bits);
+ if (err < 0) {
+ addf(str, "error: get_pk_algorithm: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ name = gnutls_pk_algorithm_get_name(err);
+ if (name == NULL)
+ name = _("unknown");
+
+ pk = err;
+
+ addf(str, _("\t%sPublic Key Algorithm: %s\n"), key_name, name);
+ addf(str, _("\tAlgorithm Security Level: %s (%d bits)\n"),
+ gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param
+ (err, bits)), bits);
+ switch (pk) {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ err = gnutls_pubkey_get_pk_rsa_raw(pubkey, &m, &e);
+ if (err < 0)
+ addf(str, "error: get_pk_rsa_raw: %s\n",
+ gnutls_strerror(err));
+ else {
+ if (format ==
+ GNUTLS_CRT_PRINT_FULL_NUMBERS) {
+ addf(str,
+ _("\t\tModulus (bits %d): "),
+ bits);
+ _gnutls_buffer_hexprint(str,
+ m.data,
+ m.size);
+ adds(str, "\n");
+ addf(str,
+ _("\t\tExponent (bits %d): "),
+ e.size * 8);
+ _gnutls_buffer_hexprint(str,
+ e.data,
+ e.size);
+ adds(str, "\n");
+ } else {
+ addf(str,
+ _("\t\tModulus (bits %d):\n"),
+ bits);
+ _gnutls_buffer_hexdump(str, m.data,
+ m.size,
+ "\t\t\t");
+ addf(str,
+ _
+ ("\t\tExponent (bits %d):\n"),
+ e.size * 8);
+ _gnutls_buffer_hexdump(str, e.data,
+ e.size,
+ "\t\t\t");
+ }
+
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ }
+
+ }
+ break;
+
+ case GNUTLS_PK_EC:
+ {
+ gnutls_datum_t x, y;
+ gnutls_ecc_curve_t curve;
+
+ err =
+ gnutls_pubkey_get_pk_ecc_raw(pubkey, &curve,
+ &x, &y);
+ if (err < 0)
+ addf(str, "error: get_pk_ecc_raw: %s\n",
+ gnutls_strerror(err));
+ else {
+ addf(str, _("\t\tCurve:\t%s\n"),
+ gnutls_ecc_curve_get_name(curve));
+ if (format ==
+ GNUTLS_CRT_PRINT_FULL_NUMBERS) {
+ adds(str, _("\t\tX: "));
+ _gnutls_buffer_hexprint(str,
+ x.data,
+ x.size);
+ adds(str, "\n");
+ adds(str, _("\t\tY: "));
+ _gnutls_buffer_hexprint(str,
+ y.data,
+ y.size);
+ adds(str, "\n");
+ } else {
+ adds(str, _("\t\tX:\n"));
+ _gnutls_buffer_hexdump(str, x.data,
+ x.size,
+ "\t\t\t");
+ adds(str, _("\t\tY:\n"));
+ _gnutls_buffer_hexdump(str, y.data,
+ y.size,
+ "\t\t\t");
+ }
+
+ gnutls_free(x.data);
+ gnutls_free(y.data);
+
+ }
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ err =
+ gnutls_pubkey_get_pk_dsa_raw(pubkey, &p, &q,
+ &g, &y);
+ if (err < 0)
+ addf(str, "error: get_pk_dsa_raw: %s\n",
+ gnutls_strerror(err));
+ else {
+ if (format ==
+ GNUTLS_CRT_PRINT_FULL_NUMBERS) {
+ addf(str,
+ _
+ ("\t\tPublic key (bits %d): "),
+ bits);
+ _gnutls_buffer_hexprint(str,
+ y.data,
+ y.size);
+ adds(str, "\n");
+ addf(str, _("\t\tP: "));
+ _gnutls_buffer_hexprint(str,
+ p.data,
+ p.size);
+ adds(str, "\n");
+ addf(str, _("\t\tQ: "));
+ _gnutls_buffer_hexprint(str,
+ q.data,
+ q.size);
+ adds(str, "\n");
+ addf(str, _("\t\tG: "));
+ _gnutls_buffer_hexprint(str,
+ g.data,
+ g.size);
+ adds(str, "\n");
+ } else {
+ addf(str,
+ _
+ ("\t\tPublic key (bits %d):\n"),
+ bits);
+ _gnutls_buffer_hexdump(str, y.data,
+ y.size,
+ "\t\t\t");
+ adds(str, _("\t\tP:\n"));
+ _gnutls_buffer_hexdump(str, p.data,
+ p.size,
+ "\t\t\t");
+ adds(str, _("\t\tQ:\n"));
+ _gnutls_buffer_hexdump(str, q.data,
+ q.size,
+ "\t\t\t");
+ adds(str, _("\t\tG:\n"));
+ _gnutls_buffer_hexdump(str, g.data,
+ g.size,
+ "\t\t\t");
+ }
+
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(g.data);
+ gnutls_free(y.data);
+
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
}
static void
-print_crt_pubkey (gnutls_buffer_st * str, gnutls_x509_crt_t crt, gnutls_certificate_print_formats_t format)
+print_crt_pubkey(gnutls_buffer_st * str, gnutls_x509_crt_t crt,
+ gnutls_certificate_print_formats_t format)
{
- gnutls_pubkey_t pubkey;
- int ret;
+ gnutls_pubkey_t pubkey;
+ int ret;
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- return;
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0)
+ return;
- ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
- if (ret < 0)
- goto cleanup;
+ ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+ if (ret < 0)
+ goto cleanup;
- print_pubkey (str, _("Subject "), pubkey, format);
+ print_pubkey(str, _("Subject "), pubkey, format);
-cleanup:
- gnutls_pubkey_deinit (pubkey);
- return;
+ cleanup:
+ gnutls_pubkey_deinit(pubkey);
+ return;
}
static void
-print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format)
+print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t format)
{
- /* Version. */
- {
- int version = gnutls_x509_crt_get_version (cert);
- if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* Serial. */
- {
- char serial[128];
- size_t serial_size = sizeof (serial);
- int err;
-
- err = gnutls_x509_crt_get_serial (cert, serial, &serial_size);
- if (err < 0)
- addf (str, "error: get_serial: %s\n", gnutls_strerror (err));
- else
- {
- adds (str, _("\tSerial Number (hex): "));
- _gnutls_buffer_hexprint (str, serial, serial_size);
- adds (str, "\n");
- }
- }
-
- /* Issuer. */
- if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL)
- {
- char *dn;
- size_t dn_size = 0;
- int err;
-
- err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_issuer_dn: %s\n",
- gnutls_strerror (err));
- else
- addf (str, _("\tIssuer: %s\n"), dn);
- gnutls_free (dn);
- }
- }
- }
-
- /* Validity. */
- {
- time_t tim;
-
- adds (str, _("\tValidity:\n"));
-
- tim = gnutls_x509_crt_get_activation_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tNot Before: %s\n"), s);
- }
-
- tim = gnutls_x509_crt_get_expiration_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tNot After: %s\n"), s);
- }
- }
-
- /* Subject. */
- {
- char *dn;
- size_t dn_size = 0;
- int err;
-
- err = gnutls_x509_crt_get_dn (cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
- else
- addf (str, _("\tSubject: %s\n"), dn);
- gnutls_free (dn);
- }
- }
- }
-
- /* SubjectPublicKeyInfo. */
- print_crt_pubkey(str, cert, format);
-
- print_unique_ids (str, cert);
-
- /* Extensions. */
- if (gnutls_x509_crt_get_version (cert) >= 3)
- {
- cert_type_t ccert;
-
- ccert.crt = cert;
- print_extensions (str, "", TYPE_CRT, ccert);
- }
-
- /* Signature. */
- if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL)
- {
- int err;
- size_t size = 0;
- char *buffer = NULL;
-
- err = gnutls_x509_crt_get_signature_algorithm (cert);
- if (err < 0)
- addf (str, "error: get_signature_algorithm: %s\n",
- gnutls_strerror (err));
- else
- {
- const char *name = gnutls_sign_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
- addf (str, _("\tSignature Algorithm: %s\n"), name);
- }
- if (gnutls_sign_is_secure (err) == 0)
- {
- adds (str, _("warning: signed using a broken signature "
- "algorithm that can be forged.\n"));
- }
-
- err = gnutls_x509_crt_get_signature (cert, buffer, &size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- err = gnutls_x509_crt_get_signature (cert, buffer, &size);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, _("\tSignature:\n"));
- _gnutls_buffer_hexdump (str, buffer, size, "\t\t");
-
- gnutls_free (buffer);
- }
+ /* Version. */
+ {
+ int version = gnutls_x509_crt_get_version(cert);
+ if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
+ }
+
+ /* Serial. */
+ {
+ char serial[128];
+ size_t serial_size = sizeof(serial);
+ int err;
+
+ err =
+ gnutls_x509_crt_get_serial(cert, serial, &serial_size);
+ if (err < 0)
+ addf(str, "error: get_serial: %s\n",
+ gnutls_strerror(err));
+ else {
+ adds(str, _("\tSerial Number (hex): "));
+ _gnutls_buffer_hexprint(str, serial, serial_size);
+ adds(str, "\n");
+ }
+ }
+
+ /* Issuer. */
+ if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "error: get_issuer_dn: %s\n",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "error: malloc (%d): %s\n",
+ (int) dn_size,
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crt_get_issuer_dn(cert, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str,
+ "error: get_issuer_dn: %s\n",
+ gnutls_strerror(err));
+ else
+ addf(str, _("\tIssuer: %s\n"), dn);
+ gnutls_free(dn);
+ }
+ }
+ }
+
+ /* Validity. */
+ {
+ time_t tim;
+
+ adds(str, _("\tValidity:\n"));
+
+ tim = gnutls_x509_crt_get_activation_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tNot Before: %s\n"), s);
+ }
+
+ tim = gnutls_x509_crt_get_expiration_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tNot After: %s\n"), s);
+ }
+ }
+
+ /* Subject. */
+ {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crt_get_dn(cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "error: malloc (%d): %s\n",
+ (int) dn_size,
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crt_get_dn(cert, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(err));
+ else
+ addf(str, _("\tSubject: %s\n"),
+ dn);
+ gnutls_free(dn);
+ }
+ }
+ }
+
+ /* SubjectPublicKeyInfo. */
+ print_crt_pubkey(str, cert, format);
+
+ print_unique_ids(str, cert);
+
+ /* Extensions. */
+ if (gnutls_x509_crt_get_version(cert) >= 3) {
+ cert_type_t ccert;
+
+ ccert.crt = cert;
+ print_extensions(str, "", TYPE_CRT, ccert);
+ }
+
+ /* Signature. */
+ if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) {
+ int err;
+ size_t size = 0;
+ char *buffer = NULL;
+
+ err = gnutls_x509_crt_get_signature_algorithm(cert);
+ if (err < 0)
+ addf(str, "error: get_signature_algorithm: %s\n",
+ gnutls_strerror(err));
+ else {
+ const char *name =
+ gnutls_sign_algorithm_get_name(err);
+ if (name == NULL)
+ name = _("unknown");
+ addf(str, _("\tSignature Algorithm: %s\n"), name);
+ }
+ if (gnutls_sign_is_secure(err) == 0) {
+ adds(str,
+ _("warning: signed using a broken signature "
+ "algorithm that can be forged.\n"));
+ }
+
+ err = gnutls_x509_crt_get_signature(cert, buffer, &size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_signature: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crt_get_signature(cert, buffer, &size);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_signature2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, _("\tSignature:\n"));
+ _gnutls_buffer_hexdump(str, buffer, size, "\t\t");
+
+ gnutls_free(buffer);
+ }
}
static void
-print_fingerprint (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
- gnutls_digest_algorithm_t algo)
+print_fingerprint(gnutls_buffer_st * str, gnutls_x509_crt_t cert,
+ gnutls_digest_algorithm_t algo)
{
- int err;
- char buffer[MAX_HASH_SIZE];
- size_t size = sizeof (buffer);
-
- err = gnutls_x509_crt_get_fingerprint (cert, algo, buffer, &size);
- if (err < 0)
- {
- addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
- return;
- }
-
- if (algo == GNUTLS_DIG_MD5)
- adds (str, _("\tMD5 fingerprint:\n\t\t"));
- else
- adds (str, _("\tSHA-1 fingerprint:\n\t\t"));
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
+ int err;
+ char buffer[MAX_HASH_SIZE];
+ size_t size = sizeof(buffer);
+
+ err = gnutls_x509_crt_get_fingerprint(cert, algo, buffer, &size);
+ if (err < 0) {
+ addf(str, "error: get_fingerprint: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ if (algo == GNUTLS_DIG_MD5)
+ adds(str, _("\tMD5 fingerprint:\n\t\t"));
+ else
+ adds(str, _("\tSHA-1 fingerprint:\n\t\t"));
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
}
-static void
-print_keyid (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_keyid(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- int err;
- unsigned char buffer[32];
- size_t size = sizeof (buffer);
- const char *name;
- char *p;
- unsigned int bits;
-
- err = gnutls_x509_crt_get_key_id (cert, 0, buffer, &size);
- if (err < 0)
- {
- addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, _("\tPublic Key ID:\n\t\t"));
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
-
- err = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
- if (err < 0)
- return;
-
- name = gnutls_pk_get_name (err);
- if (name == NULL)
- return;
-
- p = _gnutls_key_fingerprint_randomart (buffer, size, name, bits, "\t\t");
- if (p == NULL)
- return;
-
- adds (str, _("\tPublic key's random art:\n"));
- adds (str, p);
- adds (str, "\n");
-
- gnutls_free (p);
+ int err;
+ unsigned char buffer[32];
+ size_t size = sizeof(buffer);
+ const char *name;
+ char *p;
+ unsigned int bits;
+
+ err = gnutls_x509_crt_get_key_id(cert, 0, buffer, &size);
+ if (err < 0) {
+ addf(str, "error: get_key_id: %s\n", gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, _("\tPublic Key ID:\n\t\t"));
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
+
+ err = gnutls_x509_crt_get_pk_algorithm(cert, &bits);
+ if (err < 0)
+ return;
+
+ name = gnutls_pk_get_name(err);
+ if (name == NULL)
+ return;
+
+ p = _gnutls_key_fingerprint_randomart(buffer, size, name, bits,
+ "\t\t");
+ if (p == NULL)
+ return;
+
+ adds(str, _("\tPublic key's random art:\n"));
+ adds(str, p);
+ adds(str, "\n");
+
+ gnutls_free(p);
}
static void
-print_other (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format)
+print_other(gnutls_buffer_st * str, gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t format)
{
- if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL)
- {
- print_fingerprint (str, cert, GNUTLS_DIG_SHA1);
- }
- print_keyid (str, cert);
+ if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) {
+ print_fingerprint(str, cert, GNUTLS_DIG_SHA1);
+ }
+ print_keyid(str, cert);
}
-static void
-print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
- int err;
-
- /* Subject. */
- {
- char *dn;
- size_t dn_size = 0;
-
- err = gnutls_x509_crt_get_dn (cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "unknown subject (%s), ", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "unknown subject (%s), ",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "unknown subject (%s), ", gnutls_strerror (err));
- else
- addf (str, "subject `%s', ", dn);
- gnutls_free (dn);
- }
- }
- }
-
- /* Issuer. */
- {
- char *dn;
- size_t dn_size = 0;
-
- err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "unknown issuer (%s), ",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
- else
- addf (str, "issuer `%s', ", dn);
- gnutls_free (dn);
- }
- }
- }
-
- /* Key algorithm and size. */
- {
- unsigned int bits;
- const char *name = gnutls_pk_algorithm_get_name
- (gnutls_x509_crt_get_pk_algorithm (cert, &bits));
- if (name == NULL)
- name = "Unknown";
- addf (str, "%s key %d bits, ", name, bits);
- }
-
- /* Signature Algorithm. */
- {
- err = gnutls_x509_crt_get_signature_algorithm (cert);
- if (err < 0)
- addf (str, "unknown signature algorithm (%s), ", gnutls_strerror (err));
- else
- {
- const char *name = gnutls_sign_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
- if (gnutls_sign_is_secure (err) == 0)
- addf (str, _("signed using %s (broken!), "), name);
- else
- addf (str, _("signed using %s, "), name);
- }
- }
-
- /* Validity. */
- {
- time_t tim;
-
- tim = gnutls_x509_crt_get_activation_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "unknown activation (%ld), ", (unsigned long) tim);
- else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "failed activation (%ld), ", (unsigned long) tim);
- else
- addf (str, "activated `%s', ", s);
- }
-
- tim = gnutls_x509_crt_get_expiration_time (cert);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "unknown expiry (%ld), ", (unsigned long) tim);
- else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
- addf (str, "failed expiry (%ld), ", (unsigned long) tim);
- else
- addf (str, "expires `%s', ", s);
- }
- }
-
- {
- int pathlen;
- char *policyLanguage;
-
- err = gnutls_x509_crt_get_proxy (cert, NULL,
- &pathlen, &policyLanguage, NULL, NULL);
- if (err == 0)
- {
- addf (str, "proxy certificate (policy=");
- if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
- addf (str, "id-ppl-inheritALL");
- else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
- addf (str, "id-ppl-independent");
- else
- addf (str, "%s", policyLanguage);
- if (pathlen >= 0)
- addf (str, ", pathlen=%d), ", pathlen);
- else
- addf (str, "), ");
- gnutls_free (policyLanguage);
- }
- }
-
- {
- char buffer[20];
- size_t size = sizeof (buffer);
-
- err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
- buffer, &size);
- if (err < 0)
- {
- addf (str, "unknown fingerprint (%s)", gnutls_strerror (err));
- }
- else
- {
- addf (str, "SHA-1 fingerprint `");
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "'");
- }
- }
+ int err;
+
+ /* Subject. */
+ {
+ char *dn;
+ size_t dn_size = 0;
+
+ err = gnutls_x509_crt_get_dn(cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "unknown subject (%s), ",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "unknown subject (%s), ",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crt_get_dn(cert, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str, "unknown subject (%s), ",
+ gnutls_strerror(err));
+ else
+ addf(str, "subject `%s', ", dn);
+ gnutls_free(dn);
+ }
+ }
+ }
+
+ /* Issuer. */
+ {
+ char *dn;
+ size_t dn_size = 0;
+
+ err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "unknown issuer (%s), ",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "unknown issuer (%s), ",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crt_get_issuer_dn(cert, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str, "unknown issuer (%s), ",
+ gnutls_strerror(err));
+ else
+ addf(str, "issuer `%s', ", dn);
+ gnutls_free(dn);
+ }
+ }
+ }
+
+ /* Key algorithm and size. */
+ {
+ unsigned int bits;
+ const char *name = gnutls_pk_algorithm_get_name
+ (gnutls_x509_crt_get_pk_algorithm(cert, &bits));
+ if (name == NULL)
+ name = "Unknown";
+ addf(str, "%s key %d bits, ", name, bits);
+ }
+
+ /* Signature Algorithm. */
+ {
+ err = gnutls_x509_crt_get_signature_algorithm(cert);
+ if (err < 0)
+ addf(str, "unknown signature algorithm (%s), ",
+ gnutls_strerror(err));
+ else {
+ const char *name =
+ gnutls_sign_algorithm_get_name(err);
+ if (name == NULL)
+ name = _("unknown");
+ if (gnutls_sign_is_secure(err) == 0)
+ addf(str, _("signed using %s (broken!), "),
+ name);
+ else
+ addf(str, _("signed using %s, "), name);
+ }
+ }
+
+ /* Validity. */
+ {
+ time_t tim;
+
+ tim = gnutls_x509_crt_get_activation_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "unknown activation (%ld), ",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%Y-%m-%d %H:%M:%S UTC",
+ &t) == 0)
+ addf(str, "failed activation (%ld), ",
+ (unsigned long) tim);
+ else
+ addf(str, "activated `%s', ", s);
+ }
+
+ tim = gnutls_x509_crt_get_expiration_time(cert);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "unknown expiry (%ld), ",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%Y-%m-%d %H:%M:%S UTC",
+ &t) == 0)
+ addf(str, "failed expiry (%ld), ",
+ (unsigned long) tim);
+ else
+ addf(str, "expires `%s', ", s);
+ }
+ }
+
+ {
+ int pathlen;
+ char *policyLanguage;
+
+ err = gnutls_x509_crt_get_proxy(cert, NULL,
+ &pathlen, &policyLanguage,
+ NULL, NULL);
+ if (err == 0) {
+ addf(str, "proxy certificate (policy=");
+ if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.1") ==
+ 0)
+ addf(str, "id-ppl-inheritALL");
+ else if (strcmp
+ (policyLanguage,
+ "1.3.6.1.5.5.7.21.2") == 0)
+ addf(str, "id-ppl-independent");
+ else
+ addf(str, "%s", policyLanguage);
+ if (pathlen >= 0)
+ addf(str, ", pathlen=%d), ", pathlen);
+ else
+ addf(str, "), ");
+ gnutls_free(policyLanguage);
+ }
+ }
+
+ {
+ char buffer[20];
+ size_t size = sizeof(buffer);
+
+ err =
+ gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1,
+ buffer, &size);
+ if (err < 0) {
+ addf(str, "unknown fingerprint (%s)",
+ gnutls_strerror(err));
+ } else {
+ addf(str, "SHA-1 fingerprint `");
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "'");
+ }
+ }
}
@@ -1822,361 +1962,394 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
* negative error value.
**/
int
-gnutls_x509_crt_print (gnutls_x509_crt_t cert,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_x509_crt_print(gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int ret;
+ gnutls_buffer_st str;
+ int ret;
- if (format == GNUTLS_CRT_PRINT_COMPACT)
- {
- _gnutls_buffer_init (&str);
+ if (format == GNUTLS_CRT_PRINT_COMPACT) {
+ _gnutls_buffer_init(&str);
- print_oneline (&str, cert);
+ print_oneline(&str, cert);
- _gnutls_buffer_append_data (&str, "\n", 1);
- print_keyid (&str, cert);
+ _gnutls_buffer_append_data(&str, "\n", 1);
+ print_keyid(&str, cert);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
- }
- else if (format == GNUTLS_CRT_PRINT_ONELINE)
- {
- _gnutls_buffer_init (&str);
+ return ret;
+ } else if (format == GNUTLS_CRT_PRINT_ONELINE) {
+ _gnutls_buffer_init(&str);
- print_oneline (&str, cert);
+ print_oneline(&str, cert);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
- }
- else
- {
- _gnutls_buffer_init (&str);
+ return ret;
+ } else {
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str (&str, _("X.509 Certificate Information:\n"));
+ _gnutls_buffer_append_str(&str,
+ _
+ ("X.509 Certificate Information:\n"));
- print_cert (&str, cert, format);
+ print_cert(&str, cert, format);
- _gnutls_buffer_append_str (&str, _("Other Information:\n"));
+ _gnutls_buffer_append_str(&str, _("Other Information:\n"));
- print_other (&str, cert, format);
+ print_other(&str, cert, format);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
- }
+ return ret;
+ }
}
static void
-print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned)
+print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned)
{
- /* Version. */
- {
- int version = gnutls_x509_crl_get_version (crl);
- if (version == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- adds (str, _("\tVersion: 1 (default)\n"));
- else if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* Issuer. */
- if (!notsigned)
- {
- char *dn;
- size_t dn_size = 0;
- int err;
-
- err = gnutls_x509_crl_get_issuer_dn (crl, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crl_get_issuer_dn (crl, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_issuer_dn: %s\n",
- gnutls_strerror (err));
- else
- addf (str, _("\tIssuer: %s\n"), dn);
- }
- gnutls_free (dn);
- }
- }
-
- /* Validity. */
- {
- time_t tim;
-
- adds (str, _("\tUpdate dates:\n"));
-
- tim = gnutls_x509_crl_get_this_update (crl);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tIssued: %s\n"), s);
- }
-
- tim = gnutls_x509_crl_get_next_update (crl);
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- if (tim == -1)
- addf (str, "\t\tNo next update time.\n");
- else if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tNext at: %s\n"), s);
- }
- }
-
- /* Extensions. */
- if (gnutls_x509_crl_get_version (crl) >= 2)
- {
- size_t i;
- int err = 0;
- int aki_idx = 0;
- int crl_nr = 0;
-
- for (i = 0;; i++)
- {
- char oid[MAX_OID_SIZE] = "";
- size_t sizeof_oid = sizeof (oid);
- unsigned int critical;
-
- err = gnutls_x509_crl_get_extension_info (crl, i,
- oid, &sizeof_oid,
- &critical);
- if (err < 0)
- {
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "error: get_extension_info: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- if (i == 0)
- adds (str, _("\tExtensions:\n"));
-
- if (strcmp (oid, "2.5.29.20") == 0)
- {
- char nr[128];
- size_t nr_size = sizeof (nr);
-
- if (crl_nr)
- {
- addf (str, "error: more than one CRL number\n");
- continue;
- }
-
- err = gnutls_x509_crl_get_number (crl, nr, &nr_size, &critical);
-
- addf (str, _("\t\tCRL Number (%s): "),
- critical ? _("critical") : _("not critical"));
-
- if (err < 0)
- addf (str, "error: get_number: %s\n", gnutls_strerror (err));
- else
- {
- _gnutls_buffer_hexprint (str, nr, nr_size);
- addf (str, "\n");
- }
-
- crl_nr++;
- }
- else if (strcmp (oid, "2.5.29.35") == 0)
- {
- cert_type_t ccert;
-
- if (aki_idx)
- {
- addf (str, "error: more than one AKI extension\n");
- continue;
- }
-
- addf (str, _("\t\tAuthority Key Identifier (%s):\n"),
- critical ? _("critical") : _("not critical"));
-
- ccert.crl = crl;
- print_aki (str, TYPE_CRL, ccert);
-
- aki_idx++;
- }
- else
- {
- char *buffer;
- size_t extlen = 0;
-
- addf (str, _("\t\tUnknown extension %s (%s):\n"), oid,
- critical ? _("critical") : _("not critical"));
-
- err = gnutls_x509_crl_get_extension_data (crl, i,
- NULL, &extlen);
- if (err < 0)
- {
- addf (str, "error: get_extension_data: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- buffer = gnutls_malloc (extlen);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- err = gnutls_x509_crl_get_extension_data (crl, i,
- buffer, &extlen);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_extension_data2: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- adds (str, _("\t\t\tASCII: "));
- _gnutls_buffer_asciiprint (str, buffer, extlen);
- adds (str, "\n");
-
- adds (str, _("\t\t\tHexdump: "));
- _gnutls_buffer_hexprint (str, buffer, extlen);
- adds (str, "\n");
-
- gnutls_free (buffer);
- }
- }
- }
-
-
- /* Revoked certificates. */
- {
- int num = gnutls_x509_crl_get_crt_count (crl);
- int j;
-
- if (num)
- addf (str, _("\tRevoked certificates (%d):\n"), num);
- else
- adds (str, _("\tNo revoked certificates.\n"));
-
- for (j = 0; j < num; j++)
- {
- unsigned char serial[128];
- size_t serial_size = sizeof (serial);
- int err;
- time_t tim;
-
- err = gnutls_x509_crl_get_crt_serial (crl, j, serial,
- &serial_size, &tim);
- if (err < 0)
- addf (str, "error: get_crt_serial: %s\n", gnutls_strerror (err));
- else
- {
- char s[42];
- size_t max = sizeof (s);
- struct tm t;
-
- adds (str, _("\t\tSerial Number (hex): "));
- _gnutls_buffer_hexprint (str, serial, serial_size);
- adds (str, "\n");
-
- if (gmtime_r (&tim, &t) == NULL)
- addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
- else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
- addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
- else
- addf (str, _("\t\tRevoked at: %s\n"), s);
- }
- }
- }
-
- /* Signature. */
- if (!notsigned)
- {
- int err;
- size_t size = 0;
- char *buffer = NULL;
-
- err = gnutls_x509_crl_get_signature_algorithm (crl);
- if (err < 0)
- addf (str, "error: get_signature_algorithm: %s\n",
- gnutls_strerror (err));
- else
- {
- const char *name = gnutls_sign_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
- addf (str, _("\tSignature Algorithm: %s\n"), name);
- }
- if (gnutls_sign_is_secure (err) == 0)
- {
- adds (str, _("warning: signed using a broken signature "
- "algorithm that can be forged.\n"));
- }
-
- err = gnutls_x509_crl_get_signature (crl, buffer, &size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- err = gnutls_x509_crl_get_signature (crl, buffer, &size);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, _("\tSignature:\n"));
- _gnutls_buffer_hexdump (str, buffer, size, "\t\t");
-
- gnutls_free (buffer);
- }
+ /* Version. */
+ {
+ int version = gnutls_x509_crl_get_version(crl);
+ if (version == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ adds(str, _("\tVersion: 1 (default)\n"));
+ else if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
+ }
+
+ /* Issuer. */
+ if (!notsigned) {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crl_get_issuer_dn(crl, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "error: get_issuer_dn: %s\n",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "error: malloc (%d): %s\n",
+ (int) dn_size,
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crl_get_issuer_dn(crl, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str,
+ "error: get_issuer_dn: %s\n",
+ gnutls_strerror(err));
+ else
+ addf(str, _("\tIssuer: %s\n"), dn);
+ }
+ gnutls_free(dn);
+ }
+ }
+
+ /* Validity. */
+ {
+ time_t tim;
+
+ adds(str, _("\tUpdate dates:\n"));
+
+ tim = gnutls_x509_crl_get_this_update(crl);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tIssued: %s\n"), s);
+ }
+
+ tim = gnutls_x509_crl_get_next_update(crl);
+ {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ if (tim == -1)
+ addf(str, "\t\tNo next update time.\n");
+ else if (gmtime_r(&tim, &t) == NULL)
+ addf(str, "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max, "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str, "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str, _("\t\tNext at: %s\n"), s);
+ }
+ }
+
+ /* Extensions. */
+ if (gnutls_x509_crl_get_version(crl) >= 2) {
+ size_t i;
+ int err = 0;
+ int aki_idx = 0;
+ int crl_nr = 0;
+
+ for (i = 0;; i++) {
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof(oid);
+ unsigned int critical;
+
+ err = gnutls_x509_crl_get_extension_info(crl, i,
+ oid,
+ &sizeof_oid,
+ &critical);
+ if (err < 0) {
+ if (err ==
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf(str,
+ "error: get_extension_info: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ if (i == 0)
+ adds(str, _("\tExtensions:\n"));
+
+ if (strcmp(oid, "2.5.29.20") == 0) {
+ char nr[128];
+ size_t nr_size = sizeof(nr);
+
+ if (crl_nr) {
+ addf(str,
+ "error: more than one CRL number\n");
+ continue;
+ }
+
+ err =
+ gnutls_x509_crl_get_number(crl, nr,
+ &nr_size,
+ &critical);
+
+ addf(str, _("\t\tCRL Number (%s): "),
+ critical ? _("critical") :
+ _("not critical"));
+
+ if (err < 0)
+ addf(str,
+ "error: get_number: %s\n",
+ gnutls_strerror(err));
+ else {
+ _gnutls_buffer_hexprint(str, nr,
+ nr_size);
+ addf(str, "\n");
+ }
+
+ crl_nr++;
+ } else if (strcmp(oid, "2.5.29.35") == 0) {
+ cert_type_t ccert;
+
+ if (aki_idx) {
+ addf(str,
+ "error: more than one AKI extension\n");
+ continue;
+ }
+
+ addf(str,
+ _
+ ("\t\tAuthority Key Identifier (%s):\n"),
+ critical ? _("critical") :
+ _("not critical"));
+
+ ccert.crl = crl;
+ print_aki(str, TYPE_CRL, ccert);
+
+ aki_idx++;
+ } else {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf(str,
+ _("\t\tUnknown extension %s (%s):\n"),
+ oid,
+ critical ? _("critical") :
+ _("not critical"));
+
+ err =
+ gnutls_x509_crl_get_extension_data(crl,
+ i,
+ NULL,
+ &extlen);
+ if (err < 0) {
+ addf(str,
+ "error: get_extension_data: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ buffer = gnutls_malloc(extlen);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err =
+ gnutls_x509_crl_get_extension_data(crl,
+ i,
+ buffer,
+ &extlen);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str,
+ "error: get_extension_data2: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ adds(str, _("\t\t\tASCII: "));
+ _gnutls_buffer_asciiprint(str, buffer,
+ extlen);
+ adds(str, "\n");
+
+ adds(str, _("\t\t\tHexdump: "));
+ _gnutls_buffer_hexprint(str, buffer,
+ extlen);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
+ }
+ }
+ }
+
+
+ /* Revoked certificates. */
+ {
+ int num = gnutls_x509_crl_get_crt_count(crl);
+ int j;
+
+ if (num)
+ addf(str, _("\tRevoked certificates (%d):\n"),
+ num);
+ else
+ adds(str, _("\tNo revoked certificates.\n"));
+
+ for (j = 0; j < num; j++) {
+ unsigned char serial[128];
+ size_t serial_size = sizeof(serial);
+ int err;
+ time_t tim;
+
+ err =
+ gnutls_x509_crl_get_crt_serial(crl, j, serial,
+ &serial_size,
+ &tim);
+ if (err < 0)
+ addf(str, "error: get_crt_serial: %s\n",
+ gnutls_strerror(err));
+ else {
+ char s[42];
+ size_t max = sizeof(s);
+ struct tm t;
+
+ adds(str, _("\t\tSerial Number (hex): "));
+ _gnutls_buffer_hexprint(str, serial,
+ serial_size);
+ adds(str, "\n");
+
+ if (gmtime_r(&tim, &t) == NULL)
+ addf(str,
+ "error: gmtime_r (%ld)\n",
+ (unsigned long) tim);
+ else if (strftime
+ (s, max,
+ "%a %b %d %H:%M:%S UTC %Y",
+ &t) == 0)
+ addf(str,
+ "error: strftime (%ld)\n",
+ (unsigned long) tim);
+ else
+ addf(str,
+ _("\t\tRevoked at: %s\n"), s);
+ }
+ }
+ }
+
+ /* Signature. */
+ if (!notsigned) {
+ int err;
+ size_t size = 0;
+ char *buffer = NULL;
+
+ err = gnutls_x509_crl_get_signature_algorithm(crl);
+ if (err < 0)
+ addf(str, "error: get_signature_algorithm: %s\n",
+ gnutls_strerror(err));
+ else {
+ const char *name =
+ gnutls_sign_algorithm_get_name(err);
+ if (name == NULL)
+ name = _("unknown");
+ addf(str, _("\tSignature Algorithm: %s\n"), name);
+ }
+ if (gnutls_sign_is_secure(err) == 0) {
+ adds(str,
+ _("warning: signed using a broken signature "
+ "algorithm that can be forged.\n"));
+ }
+
+ err = gnutls_x509_crl_get_signature(crl, buffer, &size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_signature: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crl_get_signature(crl, buffer, &size);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_signature2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, _("\tSignature:\n"));
+ _gnutls_buffer_hexdump(str, buffer, size, "\t\t");
+
+ gnutls_free(buffer);
+ }
}
/**
@@ -2194,264 +2367,285 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned)
* negative error value.
**/
int
-gnutls_x509_crl_print (gnutls_x509_crl_t crl,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_x509_crl_print(gnutls_x509_crl_t crl,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int ret;
+ gnutls_buffer_st str;
+ int ret;
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str
- (&str, _("X.509 Certificate Revocation List Information:\n"));
+ _gnutls_buffer_append_str
+ (&str, _("X.509 Certificate Revocation List Information:\n"));
- print_crl (&str, crl, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
+ print_crl(&str, crl, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
+ return ret;
}
static void
-print_crq_pubkey (gnutls_buffer_st * str, gnutls_x509_crq_t crq, gnutls_certificate_print_formats_t format)
+print_crq_pubkey(gnutls_buffer_st * str, gnutls_x509_crq_t crq,
+ gnutls_certificate_print_formats_t format)
{
- gnutls_pubkey_t pubkey;
- int ret;
+ gnutls_pubkey_t pubkey;
+ int ret;
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- return;
+ ret = gnutls_pubkey_init(&pubkey);
+ if (ret < 0)
+ return;
- ret = gnutls_pubkey_import_x509_crq (pubkey, crq, 0);
- if (ret < 0)
- goto cleanup;
+ ret = gnutls_pubkey_import_x509_crq(pubkey, crq, 0);
+ if (ret < 0)
+ goto cleanup;
- print_pubkey (str, _("Subject "), pubkey, format);
+ print_pubkey(str, _("Subject "), pubkey, format);
-cleanup:
- gnutls_pubkey_deinit (pubkey);
- return;
+ cleanup:
+ gnutls_pubkey_deinit(pubkey);
+ return;
}
static void
-print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert, gnutls_certificate_print_formats_t format)
+print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert,
+ gnutls_certificate_print_formats_t format)
{
- /* Version. */
- {
- int version = gnutls_x509_crq_get_version (cert);
- if (version < 0)
- addf (str, "error: get_version: %s\n", gnutls_strerror (version));
- else
- addf (str, _("\tVersion: %d\n"), version);
- }
-
- /* Subject */
- {
- char *dn;
- size_t dn_size = 0;
- int err;
-
- err = gnutls_x509_crq_get_dn (cert, NULL, &dn_size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
- else
- {
- dn = gnutls_malloc (dn_size);
- if (!dn)
- addf (str, "error: malloc (%d): %s\n", (int) dn_size,
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- else
- {
- err = gnutls_x509_crq_get_dn (cert, dn, &dn_size);
- if (err < 0)
- addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
- else
- addf (str, _("\tSubject: %s\n"), dn);
- gnutls_free (dn);
- }
- }
- }
-
- /* SubjectPublicKeyInfo. */
- {
- int err;
- unsigned int bits;
-
- err = gnutls_x509_crq_get_pk_algorithm (cert, &bits);
- if (err < 0)
- addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
- else
- print_crq_pubkey (str, cert, format);
- }
-
- /* parse attributes */
- {
- size_t i;
- int err = 0;
- int extensions = 0;
- int challenge = 0;
-
- for (i = 0;; i++)
- {
- char oid[MAX_OID_SIZE] = "";
- size_t sizeof_oid = sizeof (oid);
-
- err = gnutls_x509_crq_get_attribute_info (cert, i, oid, &sizeof_oid);
- if (err < 0)
- {
- if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- addf (str, "error: get_extension_info: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- if (i == 0)
- adds (str, _("\tAttributes:\n"));
-
- if (strcmp (oid, "1.2.840.113549.1.9.14") == 0)
- {
- cert_type_t ccert;
-
- if (extensions)
- {
- addf (str, "error: more than one extensionsRequest\n");
- continue;
- }
-
- ccert.crq = cert;
- print_extensions (str, "\t", TYPE_CRQ, ccert);
-
- extensions++;
- }
- else if (strcmp (oid, "1.2.840.113549.1.9.7") == 0)
- {
- char *pass;
- size_t size;
-
- if (challenge)
- {
- adds (str,
- "error: more than one Challenge password attribute\n");
- continue;
- }
-
- err = gnutls_x509_crq_get_challenge_password (cert, NULL, &size);
- if (err < 0 && err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_challenge_password: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- size++;
-
- pass = gnutls_malloc (size);
- if (!pass)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- err = gnutls_x509_crq_get_challenge_password (cert, pass, &size);
- if (err < 0)
- addf (str, "error: get_challenge_password: %s\n",
- gnutls_strerror (err));
- else
- addf (str, _("\t\tChallenge password: %s\n"), pass);
-
- gnutls_free (pass);
-
- challenge++;
- }
- else
- {
- char *buffer;
- size_t extlen = 0;
-
- addf (str, _("\t\tUnknown attribute %s:\n"), oid);
-
- err = gnutls_x509_crq_get_attribute_data (cert, i, NULL, &extlen);
- if (err < 0)
- {
- addf (str, "error: get_attribute_data: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- buffer = gnutls_malloc (extlen);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- continue;
- }
-
- err = gnutls_x509_crq_get_attribute_data (cert, i,
- buffer, &extlen);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_attribute_data2: %s\n",
- gnutls_strerror (err));
- continue;
- }
-
- adds (str, _("\t\t\tASCII: "));
- _gnutls_buffer_asciiprint (str, buffer, extlen);
- adds (str, "\n");
-
- adds (str, _("\t\t\tHexdump: "));
- _gnutls_buffer_hexprint (str, buffer, extlen);
- adds (str, "\n");
-
- gnutls_free (buffer);
- }
- }
- }
+ /* Version. */
+ {
+ int version = gnutls_x509_crq_get_version(cert);
+ if (version < 0)
+ addf(str, "error: get_version: %s\n",
+ gnutls_strerror(version));
+ else
+ addf(str, _("\tVersion: %d\n"), version);
+ }
+
+ /* Subject */
+ {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crq_get_dn(cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(err));
+ else {
+ dn = gnutls_malloc(dn_size);
+ if (!dn)
+ addf(str, "error: malloc (%d): %s\n",
+ (int) dn_size,
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ else {
+ err =
+ gnutls_x509_crq_get_dn(cert, dn,
+ &dn_size);
+ if (err < 0)
+ addf(str, "error: get_dn: %s\n",
+ gnutls_strerror(err));
+ else
+ addf(str, _("\tSubject: %s\n"),
+ dn);
+ gnutls_free(dn);
+ }
+ }
+ }
+
+ /* SubjectPublicKeyInfo. */
+ {
+ int err;
+ unsigned int bits;
+
+ err = gnutls_x509_crq_get_pk_algorithm(cert, &bits);
+ if (err < 0)
+ addf(str, "error: get_pk_algorithm: %s\n",
+ gnutls_strerror(err));
+ else
+ print_crq_pubkey(str, cert, format);
+ }
+
+ /* parse attributes */
+ {
+ size_t i;
+ int err = 0;
+ int extensions = 0;
+ int challenge = 0;
+
+ for (i = 0;; i++) {
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof(oid);
+
+ err =
+ gnutls_x509_crq_get_attribute_info(cert, i,
+ oid,
+ &sizeof_oid);
+ if (err < 0) {
+ if (err ==
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf(str,
+ "error: get_extension_info: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ if (i == 0)
+ adds(str, _("\tAttributes:\n"));
+
+ if (strcmp(oid, "1.2.840.113549.1.9.14") == 0) {
+ cert_type_t ccert;
+
+ if (extensions) {
+ addf(str,
+ "error: more than one extensionsRequest\n");
+ continue;
+ }
+
+ ccert.crq = cert;
+ print_extensions(str, "\t", TYPE_CRQ,
+ ccert);
+
+ extensions++;
+ } else if (strcmp(oid, "1.2.840.113549.1.9.7") ==
+ 0) {
+ char *pass;
+ size_t size;
+
+ if (challenge) {
+ adds(str,
+ "error: more than one Challenge password attribute\n");
+ continue;
+ }
+
+ err =
+ gnutls_x509_crq_get_challenge_password
+ (cert, NULL, &size);
+ if (err < 0
+ && err !=
+ GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str,
+ "error: get_challenge_password: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ size++;
+
+ pass = gnutls_malloc(size);
+ if (!pass) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err =
+ gnutls_x509_crq_get_challenge_password
+ (cert, pass, &size);
+ if (err < 0)
+ addf(str,
+ "error: get_challenge_password: %s\n",
+ gnutls_strerror(err));
+ else
+ addf(str,
+ _
+ ("\t\tChallenge password: %s\n"),
+ pass);
+
+ gnutls_free(pass);
+
+ challenge++;
+ } else {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf(str, _("\t\tUnknown attribute %s:\n"),
+ oid);
+
+ err =
+ gnutls_x509_crq_get_attribute_data
+ (cert, i, NULL, &extlen);
+ if (err < 0) {
+ addf(str,
+ "error: get_attribute_data: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ buffer = gnutls_malloc(extlen);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror
+ (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err =
+ gnutls_x509_crq_get_attribute_data
+ (cert, i, buffer, &extlen);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str,
+ "error: get_attribute_data2: %s\n",
+ gnutls_strerror(err));
+ continue;
+ }
+
+ adds(str, _("\t\t\tASCII: "));
+ _gnutls_buffer_asciiprint(str, buffer,
+ extlen);
+ adds(str, "\n");
+
+ adds(str, _("\t\t\tHexdump: "));
+ _gnutls_buffer_hexprint(str, buffer,
+ extlen);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
+ }
+ }
+ }
}
-static void
-print_crq_other (gnutls_buffer_st * str, gnutls_x509_crq_t crq)
+static void print_crq_other(gnutls_buffer_st * str, gnutls_x509_crq_t crq)
{
- int err;
- size_t size = 0;
- unsigned char *buffer = NULL;
-
- err = gnutls_x509_crq_get_key_id (crq, 0, buffer, &size);
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
- return;
- }
-
- buffer = gnutls_malloc (size);
- if (!buffer)
- {
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
-
- err = gnutls_x509_crq_get_key_id (crq, 0, buffer, &size);
- if (err < 0)
- {
- gnutls_free (buffer);
- addf (str, "error: get_key_id2: %s\n", gnutls_strerror (err));
- return;
- }
-
- adds (str, _("\tPublic Key ID:\n\t\t"));
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
-
- gnutls_free (buffer);
+ int err;
+ size_t size = 0;
+ unsigned char *buffer = NULL;
+
+ err = gnutls_x509_crq_get_key_id(crq, 0, buffer, &size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ addf(str, "error: get_key_id: %s\n", gnutls_strerror(err));
+ return;
+ }
+
+ buffer = gnutls_malloc(size);
+ if (!buffer) {
+ addf(str, "error: malloc: %s\n",
+ gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crq_get_key_id(crq, 0, buffer, &size);
+ if (err < 0) {
+ gnutls_free(buffer);
+ addf(str, "error: get_key_id2: %s\n",
+ gnutls_strerror(err));
+ return;
+ }
+
+ adds(str, _("\tPublic Key ID:\n\t\t"));
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
+
+ gnutls_free(buffer);
}
/**
@@ -2471,66 +2665,66 @@ print_crq_other (gnutls_buffer_st * str, gnutls_x509_crq_t crq)
* Since: 2.8.0
**/
int
-gnutls_x509_crq_print (gnutls_x509_crq_t crq,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_x509_crq_print(gnutls_x509_crq_t crq,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int ret;
+ gnutls_buffer_st str;
+ int ret;
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str
- (&str, _("PKCS #10 Certificate Request Information:\n"));
+ _gnutls_buffer_append_str
+ (&str, _("PKCS #10 Certificate Request Information:\n"));
- print_crq (&str, crq, format);
+ print_crq(&str, crq, format);
- _gnutls_buffer_append_str (&str, _("Other Information:\n"));
+ _gnutls_buffer_append_str(&str, _("Other Information:\n"));
- print_crq_other (&str, crq);
+ print_crq_other(&str, crq);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
+ return ret;
}
static void
-print_pubkey_other (gnutls_buffer_st * str, gnutls_pubkey_t pubkey, gnutls_certificate_print_formats_t format)
+print_pubkey_other(gnutls_buffer_st * str, gnutls_pubkey_t pubkey,
+ gnutls_certificate_print_formats_t format)
{
- uint8_t buffer[MAX_HASH_SIZE];
- size_t size = sizeof(buffer);
- int ret;
- unsigned int usage;
- cert_type_t ccert;
-
- ccert.pubkey = pubkey;
-
- ret = gnutls_pubkey_get_key_usage (pubkey, &usage);
- if (ret < 0)
- {
- addf (str, "error: get_key_usage: %s\n", gnutls_strerror (ret));
- return;
- }
-
- adds (str, "\n");
- adds (str, _("Public Key Usage:\n"));
- print_key_usage (str, "\t", TYPE_PUBKEY, ccert);
-
- ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size);
- if (ret < 0)
- {
- addf (str, "error: get_key_id: %s\n", gnutls_strerror (ret));
- return;
- }
-
- adds (str, "\n");
- adds (str, _("Public Key ID: "));
- _gnutls_buffer_hexprint (str, buffer, size);
- adds (str, "\n");
+ uint8_t buffer[MAX_HASH_SIZE];
+ size_t size = sizeof(buffer);
+ int ret;
+ unsigned int usage;
+ cert_type_t ccert;
+
+ ccert.pubkey = pubkey;
+
+ ret = gnutls_pubkey_get_key_usage(pubkey, &usage);
+ if (ret < 0) {
+ addf(str, "error: get_key_usage: %s\n",
+ gnutls_strerror(ret));
+ return;
+ }
+
+ adds(str, "\n");
+ adds(str, _("Public Key Usage:\n"));
+ print_key_usage(str, "\t", TYPE_PUBKEY, ccert);
+
+ ret = gnutls_pubkey_get_key_id(pubkey, 0, buffer, &size);
+ if (ret < 0) {
+ addf(str, "error: get_key_id: %s\n", gnutls_strerror(ret));
+ return;
+ }
+
+ adds(str, "\n");
+ adds(str, _("Public Key ID: "));
+ _gnutls_buffer_hexprint(str, buffer, size);
+ adds(str, "\n");
}
/**
@@ -2553,25 +2747,25 @@ print_pubkey_other (gnutls_buffer_st * str, gnutls_pubkey_t pubkey, gnutls_certi
* Since: 3.1.5
**/
int
-gnutls_pubkey_print (gnutls_pubkey_t pubkey,
- gnutls_certificate_print_formats_t format,
- gnutls_datum_t * out)
+gnutls_pubkey_print(gnutls_pubkey_t pubkey,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
{
- gnutls_buffer_st str;
- int ret;
+ gnutls_buffer_st str;
+ int ret;
- _gnutls_buffer_init (&str);
+ _gnutls_buffer_init(&str);
- _gnutls_buffer_append_str (&str, _("Public Key Information:\n"));
+ _gnutls_buffer_append_str(&str, _("Public Key Information:\n"));
- print_pubkey (&str, "", pubkey, format);
- print_pubkey_other (&str, pubkey, format);
+ print_pubkey(&str, "", pubkey, format);
+ print_pubkey_other(&str, pubkey, format);
- _gnutls_buffer_append_data (&str, "\0", 1);
+ _gnutls_buffer_append_data(&str, "\0", 1);
- ret = _gnutls_buffer_to_datum (&str, out);
- if (out->size > 0)
- out->size--;
+ ret = _gnutls_buffer_to_datum(&str, out);
+ if (out->size > 0)
+ out->size--;
- return ret;
+ return ret;
}
diff --git a/lib/x509/pbkdf2-sha1.c b/lib/x509/pbkdf2-sha1.c
index b43ce5963c..5cb1ea858f 100644
--- a/lib/x509/pbkdf2-sha1.c
+++ b/lib/x509/pbkdf2-sha1.c
@@ -52,146 +52,139 @@
*/
int
-_gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
- const unsigned char *S, size_t Slen,
- unsigned int c, unsigned char *DK, size_t dkLen)
+_gnutls_pbkdf2_sha1(const char *P, size_t Plen,
+ const unsigned char *S, size_t Slen,
+ unsigned int c, unsigned char *DK, size_t dkLen)
{
- unsigned int hLen = 20;
- char U[20];
- char T[20];
- unsigned int u;
- unsigned int l;
- unsigned int r;
- unsigned int i;
- unsigned int k;
- int rc;
- char *tmp;
- size_t tmplen = Slen + 4;
-
- if (c == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (dkLen == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- /*
- *
- * Steps:
- *
- * 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
- * stop.
- */
-
- if (dkLen > 4294967295U)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /*
- * 2. Let l be the number of hLen-octet blocks in the derived key,
- * rounding up, and let r be the number of octets in the last
- * block:
- *
- * l = CEIL (dkLen / hLen) ,
- * r = dkLen - (l - 1) * hLen .
- *
- * Here, CEIL (x) is the "ceiling" function, i.e. the smallest
- * integer greater than, or equal to, x.
- */
-
- l = ((dkLen - 1) / hLen) + 1;
- r = dkLen - (l - 1) * hLen;
-
- /*
- * 3. For each block of the derived key apply the function F defined
- * below to the password P, the salt S, the iteration count c, and
- * the block index to compute the block:
- *
- * T_1 = F (P, S, c, 1) ,
- * T_2 = F (P, S, c, 2) ,
- * ...
- * T_l = F (P, S, c, l) ,
- *
- * where the function F is defined as the exclusive-or sum of the
- * first c iterates of the underlying pseudorandom function PRF
- * applied to the password P and the concatenation of the salt S
- * and the block index i:
- *
- * F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
- *
- * where
- *
- * U_1 = PRF (P, S || INT (i)) ,
- * U_2 = PRF (P, U_1) ,
- * ...
- * U_c = PRF (P, U_{c-1}) .
- *
- * Here, INT (i) is a four-octet encoding of the integer i, most
- * significant octet first.
- *
- * 4. Concatenate the blocks and extract the first dkLen octets to
- * produce a derived key DK:
- *
- * DK = T_1 || T_2 || ... || T_l<0..r-1>
- *
- * 5. Output the derived key DK.
- *
- * Note. The construction of the function F follows a "belt-and-
- * suspenders" approach. The iterates U_i are computed recursively to
- * remove a degree of parallelism from an opponent; they are exclusive-
- * ored together to reduce concerns about the recursion degenerating
- * into a small set of values.
- *
- */
-
- tmp = gnutls_malloc (tmplen);
- if (tmp == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (tmp, S, Slen);
-
- for (i = 1; i <= l; i++)
- {
- memset (T, 0, hLen);
-
- for (u = 1; u <= c; u++)
- {
- if (u == 1)
- {
- tmp[Slen + 0] = (i & 0xff000000) >> 24;
- tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
- tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
- tmp[Slen + 3] = (i & 0x000000ff) >> 0;
-
- rc =
- _gnutls_mac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
- }
- else
- rc = _gnutls_mac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
-
- if (rc < 0)
- {
- gnutls_free (tmp);
- return rc;
- }
-
- for (k = 0; k < hLen; k++)
- T[k] ^= U[k];
- }
-
- memcpy (DK + (i - 1) * hLen, T, i == l ? r : hLen);
- }
-
- gnutls_free (tmp);
-
- return 0;
+ unsigned int hLen = 20;
+ char U[20];
+ char T[20];
+ unsigned int u;
+ unsigned int l;
+ unsigned int r;
+ unsigned int i;
+ unsigned int k;
+ int rc;
+ char *tmp;
+ size_t tmplen = Slen + 4;
+
+ if (c == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (dkLen == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ /*
+ *
+ * Steps:
+ *
+ * 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
+ * stop.
+ */
+
+ if (dkLen > 4294967295U) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /*
+ * 2. Let l be the number of hLen-octet blocks in the derived key,
+ * rounding up, and let r be the number of octets in the last
+ * block:
+ *
+ * l = CEIL (dkLen / hLen) ,
+ * r = dkLen - (l - 1) * hLen .
+ *
+ * Here, CEIL (x) is the "ceiling" function, i.e. the smallest
+ * integer greater than, or equal to, x.
+ */
+
+ l = ((dkLen - 1) / hLen) + 1;
+ r = dkLen - (l - 1) * hLen;
+
+ /*
+ * 3. For each block of the derived key apply the function F defined
+ * below to the password P, the salt S, the iteration count c, and
+ * the block index to compute the block:
+ *
+ * T_1 = F (P, S, c, 1) ,
+ * T_2 = F (P, S, c, 2) ,
+ * ...
+ * T_l = F (P, S, c, l) ,
+ *
+ * where the function F is defined as the exclusive-or sum of the
+ * first c iterates of the underlying pseudorandom function PRF
+ * applied to the password P and the concatenation of the salt S
+ * and the block index i:
+ *
+ * F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
+ *
+ * where
+ *
+ * U_1 = PRF (P, S || INT (i)) ,
+ * U_2 = PRF (P, U_1) ,
+ * ...
+ * U_c = PRF (P, U_{c-1}) .
+ *
+ * Here, INT (i) is a four-octet encoding of the integer i, most
+ * significant octet first.
+ *
+ * 4. Concatenate the blocks and extract the first dkLen octets to
+ * produce a derived key DK:
+ *
+ * DK = T_1 || T_2 || ... || T_l<0..r-1>
+ *
+ * 5. Output the derived key DK.
+ *
+ * Note. The construction of the function F follows a "belt-and-
+ * suspenders" approach. The iterates U_i are computed recursively to
+ * remove a degree of parallelism from an opponent; they are exclusive-
+ * ored together to reduce concerns about the recursion degenerating
+ * into a small set of values.
+ *
+ */
+
+ tmp = gnutls_malloc(tmplen);
+ if (tmp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(tmp, S, Slen);
+
+ for (i = 1; i <= l; i++) {
+ memset(T, 0, hLen);
+
+ for (u = 1; u <= c; u++) {
+ if (u == 1) {
+ tmp[Slen + 0] = (i & 0xff000000) >> 24;
+ tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
+ tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
+ tmp[Slen + 3] = (i & 0x000000ff) >> 0;
+
+ rc = _gnutls_mac_fast(GNUTLS_MAC_SHA1, P,
+ Plen, tmp, tmplen,
+ U);
+ } else
+ rc = _gnutls_mac_fast(GNUTLS_MAC_SHA1, P,
+ Plen, U, hLen, U);
+
+ if (rc < 0) {
+ gnutls_free(tmp);
+ return rc;
+ }
+
+ for (k = 0; k < hLen; k++)
+ T[k] ^= U[k];
+ }
+
+ memcpy(DK + (i - 1) * hLen, T, i == l ? r : hLen);
+ }
+
+ gnutls_free(tmp);
+
+ return 0;
}
diff --git a/lib/x509/pbkdf2-sha1.h b/lib/x509/pbkdf2-sha1.h
index 8ea3f18558..a874392f5f 100644
--- a/lib/x509/pbkdf2-sha1.h
+++ b/lib/x509/pbkdf2-sha1.h
@@ -16,6 +16,6 @@
*/
-int _gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
- const unsigned char *S, size_t Slen,
- unsigned int c, unsigned char *DK, size_t dkLen);
+int _gnutls_pbkdf2_sha1(const char *P, size_t Plen,
+ const unsigned char *S, size_t Slen,
+ unsigned int c, unsigned char *DK, size_t dkLen);
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index f169afeb81..7ccdcc23bc 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -41,84 +41,81 @@
* which holds them. Returns an ASN1_TYPE of authenticatedSafe.
*/
static int
-_decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe,
- gnutls_datum_t * raw)
+_decode_pkcs12_auth_safe(ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe,
+ gnutls_datum_t * raw)
{
- char oid[MAX_OID_SIZE];
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- gnutls_datum_t auth_safe = { NULL, 0 };
- int len, result;
- char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (pkcs12, "authSafe.contentType", oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (strcmp (oid, DATA_OID) != 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Unknown PKCS12 Content OID '%s'\n", oid);
- return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
- }
-
- /* Step 1. Read the content data
- */
-
- result =
- _gnutls_x509_read_string (pkcs12, "authSafe.content", &auth_safe, ASN1_ETYPE_OCTET_STRING);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Step 2. Extract the authenticatedSafe.
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_decoding (&c2, auth_safe.data, auth_safe.size, error_str);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_debug_log ("DER error: %s\n", error_str);
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (raw == NULL)
- {
- _gnutls_free_datum (&auth_safe);
- }
- else
- {
- raw->data = auth_safe.data;
- raw->size = auth_safe.size;
- }
-
- if (authen_safe)
- *authen_safe = c2;
- else
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- _gnutls_free_datum (&auth_safe);
- return result;
+ char oid[MAX_OID_SIZE];
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_datum_t auth_safe = { NULL, 0 };
+ int len, result;
+ char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ len = sizeof(oid) - 1;
+ result =
+ asn1_read_value(pkcs12, "authSafe.contentType", oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (strcmp(oid, DATA_OID) != 0) {
+ gnutls_assert();
+ _gnutls_debug_log("Unknown PKCS12 Content OID '%s'\n",
+ oid);
+ return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
+ }
+
+ /* Step 1. Read the content data
+ */
+
+ result =
+ _gnutls_x509_read_string(pkcs12, "authSafe.content",
+ &auth_safe, ASN1_ETYPE_OCTET_STRING);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Step 2. Extract the authenticatedSafe.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_der_decoding(&c2, auth_safe.data, auth_safe.size,
+ error_str);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_debug_log("DER error: %s\n", error_str);
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (raw == NULL) {
+ _gnutls_free_datum(&auth_safe);
+ } else {
+ raw->data = auth_safe.data;
+ raw->size = auth_safe.size;
+ }
+
+ if (authen_safe)
+ *authen_safe = c2;
+ else
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ _gnutls_free_datum(&auth_safe);
+ return result;
}
/**
@@ -132,25 +129,22 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12)
+int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12)
{
- *pkcs12 = gnutls_calloc (1, sizeof (gnutls_pkcs12_int));
-
- if (*pkcs12)
- {
- int result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-PFX",
- &(*pkcs12)->pkcs12);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*pkcs12);
- return _gnutls_asn2err (result);
- }
- return 0; /* success */
- }
- return GNUTLS_E_MEMORY_ERROR;
+ *pkcs12 = gnutls_calloc(1, sizeof(gnutls_pkcs12_int));
+
+ if (*pkcs12) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-PFX",
+ &(*pkcs12)->pkcs12);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*pkcs12);
+ return _gnutls_asn2err(result);
+ }
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -159,16 +153,15 @@ gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12)
*
* This function will deinitialize a PKCS12 structure.
**/
-void
-gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12)
+void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12)
{
- if (!pkcs12)
- return;
+ if (!pkcs12)
+ return;
- if (pkcs12->pkcs12)
- asn1_delete_structure (&pkcs12->pkcs12);
+ if (pkcs12->pkcs12)
+ asn1_delete_structure(&pkcs12->pkcs12);
- gnutls_free (pkcs12);
+ gnutls_free(pkcs12);
}
/**
@@ -187,58 +180,56 @@ gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12)
* negative error value.
**/
int
-gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
+gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format, unsigned int flags)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
- char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
-
- _data.data = data->data;
- _data.size = data->size;
-
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* If the PKCS12 is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- result = _gnutls_fbase64_decode (PEM_PKCS12, data->data, data->size,
- &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- need_free = 1;
- }
-
- result =
- asn1_der_decoding (&pkcs12->pkcs12, _data.data, _data.size, error_str);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- _gnutls_debug_log ("DER error: %s\n", error_str);
- gnutls_assert ();
- goto cleanup;
- }
-
- if (need_free)
- _gnutls_free_datum (&_data);
-
- return 0;
-
-cleanup:
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+ char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* If the PKCS12 is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ result =
+ _gnutls_fbase64_decode(PEM_PKCS12, data->data,
+ data->size, &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ need_free = 1;
+ }
+
+ result =
+ asn1_der_decoding(&pkcs12->pkcs12, _data.data, _data.size,
+ error_str);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ _gnutls_debug_log("DER error: %s\n", error_str);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
@@ -263,18 +254,17 @@ cleanup:
* returned, and 0 on success.
**/
int
-gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_export_int (pkcs12->pkcs12, format, PEM_PKCS12,
- output_data, output_data_size);
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int(pkcs12->pkcs12, format, PEM_PKCS12,
+ output_data, output_data_size);
}
/**
@@ -296,281 +286,276 @@ gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
* Since: 3.1.3
**/
int
-gnutls_pkcs12_export2 (gnutls_pkcs12_t pkcs12,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int2 (pkcs12->pkcs12, format, PEM_PKCS12, out);
+ return _gnutls_x509_export_int2(pkcs12->pkcs12, format, PEM_PKCS12,
+ out);
}
-static int
-oid2bag (const char *oid)
+static int oid2bag(const char *oid)
{
- if (strcmp (oid, BAG_PKCS8_KEY) == 0)
- return GNUTLS_BAG_PKCS8_KEY;
- if (strcmp (oid, BAG_PKCS8_ENCRYPTED_KEY) == 0)
- return GNUTLS_BAG_PKCS8_ENCRYPTED_KEY;
- if (strcmp (oid, BAG_CERTIFICATE) == 0)
- return GNUTLS_BAG_CERTIFICATE;
- if (strcmp (oid, BAG_CRL) == 0)
- return GNUTLS_BAG_CRL;
- if (strcmp (oid, BAG_SECRET) == 0)
- return GNUTLS_BAG_SECRET;
-
- return GNUTLS_BAG_UNKNOWN;
+ if (strcmp(oid, BAG_PKCS8_KEY) == 0)
+ return GNUTLS_BAG_PKCS8_KEY;
+ if (strcmp(oid, BAG_PKCS8_ENCRYPTED_KEY) == 0)
+ return GNUTLS_BAG_PKCS8_ENCRYPTED_KEY;
+ if (strcmp(oid, BAG_CERTIFICATE) == 0)
+ return GNUTLS_BAG_CERTIFICATE;
+ if (strcmp(oid, BAG_CRL) == 0)
+ return GNUTLS_BAG_CRL;
+ if (strcmp(oid, BAG_SECRET) == 0)
+ return GNUTLS_BAG_SECRET;
+
+ return GNUTLS_BAG_UNKNOWN;
}
-static const char *
-bag_to_oid (int bag)
+static const char *bag_to_oid(int bag)
{
- switch (bag)
- {
- case GNUTLS_BAG_PKCS8_KEY:
- return BAG_PKCS8_KEY;
- case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
- return BAG_PKCS8_ENCRYPTED_KEY;
- case GNUTLS_BAG_CERTIFICATE:
- return BAG_CERTIFICATE;
- case GNUTLS_BAG_CRL:
- return BAG_CRL;
- case GNUTLS_BAG_SECRET:
- return BAG_SECRET;
- }
- return NULL;
+ switch (bag) {
+ case GNUTLS_BAG_PKCS8_KEY:
+ return BAG_PKCS8_KEY;
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ return BAG_PKCS8_ENCRYPTED_KEY;
+ case GNUTLS_BAG_CERTIFICATE:
+ return BAG_CERTIFICATE;
+ case GNUTLS_BAG_CRL:
+ return BAG_CRL;
+ case GNUTLS_BAG_SECRET:
+ return BAG_SECRET;
+ }
+ return NULL;
}
/* Decodes the SafeContents, and puts the output in
* the given bag.
*/
int
-_pkcs12_decode_safe_contents (const gnutls_datum_t * content,
- gnutls_pkcs12_bag_t bag)
+_pkcs12_decode_safe_contents(const gnutls_datum_t * content,
+ gnutls_pkcs12_bag_t bag)
{
- char oid[MAX_OID_SIZE], root[ASN1_MAX_NAME_SIZE];
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int len, result;
- int bag_type;
- gnutls_datum_t attr_val;
- gnutls_datum_t t;
- int count = 0, i, attributes, j;
-
- /* Step 1. Extract the SEQUENCE.
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_decoding (&c2, content->data, content->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Count the number of bags
- */
- result = asn1_number_of_elements (c2, "", &count);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- bag->bag_elements = MIN (MAX_BAG_ELEMENTS, count);
-
- for (i = 0; i < bag->bag_elements; i++)
- {
-
- snprintf (root, sizeof (root), "?%u.bagId", i + 1);
-
- len = sizeof (oid);
- result = asn1_read_value (c2, root, oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the Bag type
- */
- bag_type = oid2bag (oid);
-
- if (bag_type < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Read the Bag Value
- */
-
- snprintf (root, sizeof (root), "?%u.bagValue", i + 1);
-
- result = _gnutls_x509_read_value (c2, root, &bag->element[i].data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL
- || bag_type == GNUTLS_BAG_SECRET)
- {
- gnutls_datum_t tmp = bag->element[i].data;
-
- result =
- _pkcs12_decode_crt_bag (bag_type, &tmp, &bag->element[i].data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- _gnutls_free_datum (&tmp);
- }
-
- /* read the bag attributes
- */
- snprintf (root, sizeof (root), "?%u.bagAttributes", i + 1);
-
- result = asn1_number_of_elements (c2, root, &attributes);
- if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (attributes < 0)
- attributes = 1;
-
- if (result != ASN1_ELEMENT_NOT_FOUND)
- for (j = 0; j < attributes; j++)
- {
-
- snprintf (root, sizeof (root), "?%u.bagAttributes.?%u", i + 1,
- j + 1);
-
- result =
- _gnutls_x509_decode_and_read_attribute (c2, root, oid,
- sizeof (oid), &attr_val,
- 1, 0);
-
- if (result < 0)
- {
- gnutls_assert ();
- continue; /* continue in case we find some known attributes */
- }
-
- if (strcmp (oid, KEY_ID_OID) == 0)
- {
- result =
- _gnutls_x509_decode_string (ASN1_ETYPE_OCTET_STRING, attr_val.data,
- attr_val.size, &t);
- _gnutls_free_datum (&attr_val);
- if (result < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
- continue;
- }
-
- attr_val.data = t.data;
- attr_val.size = t.size;
-
- bag->element[i].local_key_id = attr_val;
- }
- else if (strcmp (oid, FRIENDLY_NAME_OID) == 0)
- {
- result =
- _gnutls_x509_decode_string (ASN1_ETYPE_BMP_STRING,
- attr_val.data, attr_val.size, &t);
- _gnutls_free_datum (&attr_val);
- if (result < 0)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
- continue;
- }
-
- attr_val.data = t.data;
- attr_val.size = t.size;
-
- bag->element[i].friendly_name = (char*)t.data;
- }
- else
- {
- _gnutls_free_datum (&attr_val);
- _gnutls_debug_log
- ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid);
- }
- }
-
-
- bag->element[i].type = bag_type;
-
- }
-
- asn1_delete_structure (&c2);
-
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ char oid[MAX_OID_SIZE], root[ASN1_MAX_NAME_SIZE];
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int len, result;
+ int bag_type;
+ gnutls_datum_t attr_val;
+ gnutls_datum_t t;
+ int count = 0, i, attributes, j;
+
+ /* Step 1. Extract the SEQUENCE.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_der_decoding(&c2, content->data, content->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Count the number of bags
+ */
+ result = asn1_number_of_elements(c2, "", &count);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ bag->bag_elements = MIN(MAX_BAG_ELEMENTS, count);
+
+ for (i = 0; i < bag->bag_elements; i++) {
+
+ snprintf(root, sizeof(root), "?%u.bagId", i + 1);
+
+ len = sizeof(oid);
+ result = asn1_read_value(c2, root, oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Read the Bag type
+ */
+ bag_type = oid2bag(oid);
+
+ if (bag_type < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Read the Bag Value
+ */
+
+ snprintf(root, sizeof(root), "?%u.bagValue", i + 1);
+
+ result =
+ _gnutls_x509_read_value(c2, root,
+ &bag->element[i].data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (bag_type == GNUTLS_BAG_CERTIFICATE
+ || bag_type == GNUTLS_BAG_CRL
+ || bag_type == GNUTLS_BAG_SECRET) {
+ gnutls_datum_t tmp = bag->element[i].data;
+
+ result =
+ _pkcs12_decode_crt_bag(bag_type, &tmp,
+ &bag->element[i].data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_free_datum(&tmp);
+ }
+
+ /* read the bag attributes
+ */
+ snprintf(root, sizeof(root), "?%u.bagAttributes", i + 1);
+
+ result = asn1_number_of_elements(c2, root, &attributes);
+ if (result != ASN1_SUCCESS
+ && result != ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (attributes < 0)
+ attributes = 1;
+
+ if (result != ASN1_ELEMENT_NOT_FOUND)
+ for (j = 0; j < attributes; j++) {
+
+ snprintf(root, sizeof(root),
+ "?%u.bagAttributes.?%u", i + 1,
+ j + 1);
+
+ result =
+ _gnutls_x509_decode_and_read_attribute
+ (c2, root, oid, sizeof(oid), &attr_val,
+ 1, 0);
+
+ if (result < 0) {
+ gnutls_assert();
+ continue; /* continue in case we find some known attributes */
+ }
+
+ if (strcmp(oid, KEY_ID_OID) == 0) {
+ result =
+ _gnutls_x509_decode_string
+ (ASN1_ETYPE_OCTET_STRING,
+ attr_val.data, attr_val.size,
+ &t);
+ _gnutls_free_datum(&attr_val);
+ if (result < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Error decoding PKCS12 Bag Attribute OID '%s'\n",
+ oid);
+ continue;
+ }
+
+ attr_val.data = t.data;
+ attr_val.size = t.size;
+
+ bag->element[i].local_key_id =
+ attr_val;
+ } else if (strcmp(oid, FRIENDLY_NAME_OID)
+ == 0) {
+ result =
+ _gnutls_x509_decode_string
+ (ASN1_ETYPE_BMP_STRING,
+ attr_val.data, attr_val.size,
+ &t);
+ _gnutls_free_datum(&attr_val);
+ if (result < 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Error decoding PKCS12 Bag Attribute OID '%s'\n",
+ oid);
+ continue;
+ }
+
+ attr_val.data = t.data;
+ attr_val.size = t.size;
+
+ bag->element[i].friendly_name =
+ (char *) t.data;
+ } else {
+ _gnutls_free_datum(&attr_val);
+ _gnutls_debug_log
+ ("Unknown PKCS12 Bag Attribute OID '%s'\n",
+ oid);
+ }
+ }
+
+
+ bag->element[i].type = bag_type;
+
+ }
+
+ asn1_delete_structure(&c2);
+
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
static int
-_parse_safe_contents (ASN1_TYPE sc, const char *sc_name,
- gnutls_pkcs12_bag_t bag)
+_parse_safe_contents(ASN1_TYPE sc, const char *sc_name,
+ gnutls_pkcs12_bag_t bag)
{
- gnutls_datum_t content = { NULL, 0 };
- int result;
+ gnutls_datum_t content = { NULL, 0 };
+ int result;
- /* Step 1. Extract the content.
- */
+ /* Step 1. Extract the content.
+ */
- result = _gnutls_x509_read_string (sc, sc_name, &content, ASN1_ETYPE_OCTET_STRING);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ result =
+ _gnutls_x509_read_string(sc, sc_name, &content,
+ ASN1_ETYPE_OCTET_STRING);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = _pkcs12_decode_safe_contents (&content, bag);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ result = _pkcs12_decode_safe_contents(&content, bag);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- _gnutls_free_datum (&content);
+ _gnutls_free_datum(&content);
- return 0;
+ return 0;
-cleanup:
- _gnutls_free_datum (&content);
- return result;
+ cleanup:
+ _gnutls_free_datum(&content);
+ return result;
}
@@ -589,137 +574,128 @@ cleanup:
* negative error value.
**/
int
-gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
- int indx, gnutls_pkcs12_bag_t bag)
+gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12,
+ int indx, gnutls_pkcs12_bag_t bag)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len;
- char root2[ASN1_MAX_NAME_SIZE];
- char oid[MAX_OID_SIZE];
-
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Step 1. decode the data.
- */
- result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Parse the AuthenticatedSafe
- */
-
- snprintf (root2, sizeof (root2), "?%u.contentType", indx + 1);
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (c2, root2, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto cleanup;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Not encrypted Bag
- */
-
- snprintf (root2, sizeof (root2), "?%u.content", indx + 1);
-
- if (strcmp (oid, DATA_OID) == 0)
- {
- result = _parse_safe_contents (c2, root2, bag);
- goto cleanup;
- }
-
- /* ENC_DATA_OID needs decryption */
-
- bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
- bag->bag_elements = 1;
-
- result = _gnutls_x509_read_value (c2, root2, &bag->element[0].data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len;
+ char root2[ASN1_MAX_NAME_SIZE];
+ char oid[MAX_OID_SIZE];
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Step 1. decode the data.
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Parse the AuthenticatedSafe
+ */
+
+ snprintf(root2, sizeof(root2), "?%u.contentType", indx + 1);
+
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(c2, root2, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto cleanup;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Not encrypted Bag
+ */
+
+ snprintf(root2, sizeof(root2), "?%u.content", indx + 1);
+
+ if (strcmp(oid, DATA_OID) == 0) {
+ result = _parse_safe_contents(c2, root2, bag);
+ goto cleanup;
+ }
+
+ /* ENC_DATA_OID needs decryption */
+
+ bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
+ bag->bag_elements = 1;
+
+ result = _gnutls_x509_read_value(c2, root2, &bag->element[0].data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/* Creates an empty PFX structure for the PKCS12 structure.
*/
-static int
-create_empty_pfx (ASN1_TYPE pkcs12)
+static int create_empty_pfx(ASN1_TYPE pkcs12)
{
- uint8_t three = 3;
- int result;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- /* Use version 3
- */
- result = asn1_write_value (pkcs12, "version", &three, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Write the content type of the data
- */
- result = asn1_write_value (pkcs12, "authSafe.contentType", DATA_OID, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Check if the authenticatedSafe content is empty, and encode a
- * null one in that case.
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs12, "authSafe.content", 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- asn1_delete_structure (&c2);
- return result;
+ uint8_t three = 3;
+ int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ /* Use version 3
+ */
+ result = asn1_write_value(pkcs12, "version", &three, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Write the content type of the data
+ */
+ result =
+ asn1_write_value(pkcs12, "authSafe.contentType", DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Check if the authenticatedSafe content is empty, and encode a
+ * null one in that case.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs12,
+ "authSafe.content", 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -733,126 +709,117 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag)
+int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
- int result;
- int enc = 0, dum = 1;
- char null;
-
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Step 1. Check if the pkcs12 structure is empty. In that
- * case generate an empty PFX.
- */
- result = asn1_read_value (pkcs12->pkcs12, "authSafe.content", &null, &dum);
- if (result == ASN1_VALUE_NOT_FOUND)
- {
- result = create_empty_pfx (pkcs12->pkcs12);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- /* Step 2. decode the authenticatedSafe.
- */
- result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 3. Encode the bag elements into a SafeContents
- * structure.
- */
- result = _pkcs12_encode_safe_contents (bag, &safe_cont, &enc);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe
- * structure.
- */
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (enc)
- result = asn1_write_value (c2, "?LAST.contentType", ENC_DATA_OID, 1);
- else
- result = asn1_write_value (c2, "?LAST.contentType", DATA_OID, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (enc)
- {
- /* Encrypted packets are written directly.
- */
- result =
- asn1_write_value (c2, "?LAST.content",
- bag->element[0].data.data,
- bag->element[0].data.size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
- }
- else
- {
- result =
- _gnutls_x509_der_encode_and_copy (safe_cont, "", c2,
- "?LAST.content", 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- asn1_delete_structure (&safe_cont);
-
-
- /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
- * structure.
- */
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs12->pkcs12,
- "authSafe.content", 1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- asn1_delete_structure (&c2);
- asn1_delete_structure (&safe_cont);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
+ int result;
+ int enc = 0, dum = 1;
+ char null;
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Step 1. Check if the pkcs12 structure is empty. In that
+ * case generate an empty PFX.
+ */
+ result =
+ asn1_read_value(pkcs12->pkcs12, "authSafe.content", &null,
+ &dum);
+ if (result == ASN1_VALUE_NOT_FOUND) {
+ result = create_empty_pfx(pkcs12->pkcs12);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* Step 2. decode the authenticatedSafe.
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 3. Encode the bag elements into a SafeContents
+ * structure.
+ */
+ result = _pkcs12_encode_safe_contents(bag, &safe_cont, &enc);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe
+ * structure.
+ */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (enc)
+ result =
+ asn1_write_value(c2, "?LAST.contentType", ENC_DATA_OID,
+ 1);
+ else
+ result =
+ asn1_write_value(c2, "?LAST.contentType", DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (enc) {
+ /* Encrypted packets are written directly.
+ */
+ result =
+ asn1_write_value(c2, "?LAST.content",
+ bag->element[0].data.data,
+ bag->element[0].data.size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ } else {
+ result =
+ _gnutls_x509_der_encode_and_copy(safe_cont, "", c2,
+ "?LAST.content", 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ asn1_delete_structure(&safe_cont);
+
+
+ /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
+ * structure.
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs12->pkcs12,
+ "authSafe.content", 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+ asn1_delete_structure(&safe_cont);
+ return result;
}
/**
@@ -865,128 +832,119 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
+int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass)
{
- uint8_t salt[8], key[20];
- int result;
- const int iter = 1;
- mac_hd_st td1;
- gnutls_datum_t tmp = { NULL, 0 };
- uint8_t sha_mac[20];
-
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Generate the salt.
- */
- result = _gnutls_rnd (GNUTLS_RND_NONCE, salt, sizeof (salt));
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Write the salt into the structure.
- */
- result =
- asn1_write_value (pkcs12->pkcs12, "macData.macSalt", salt, sizeof (salt));
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* write the iterations
- */
-
- if (iter > 1)
- {
- result =
- _gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations",
- iter);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- /* Generate the key.
- */
- result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt, sizeof (salt),
- iter, pass, sizeof (key), key);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Get the data to be MACed
- */
- result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* MAC the data
- */
- result = _gnutls_mac_init (&td1, mac_to_entry(GNUTLS_MAC_SHA1),
- key, sizeof (key));
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- _gnutls_mac (&td1, tmp.data, tmp.size);
- _gnutls_free_datum (&tmp);
-
- _gnutls_mac_deinit (&td1, sha_mac);
-
-
- result =
- asn1_write_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac,
- sizeof (sha_mac));
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result =
- asn1_write_value (pkcs12->pkcs12,
- "macData.mac.digestAlgorithm.parameters", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result =
- asn1_write_value (pkcs12->pkcs12,
- "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1,
- 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum (&tmp);
- return result;
+ uint8_t salt[8], key[20];
+ int result;
+ const int iter = 1;
+ mac_hd_st td1;
+ gnutls_datum_t tmp = { NULL, 0 };
+ uint8_t sha_mac[20];
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Generate the salt.
+ */
+ result = _gnutls_rnd(GNUTLS_RND_NONCE, salt, sizeof(salt));
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Write the salt into the structure.
+ */
+ result =
+ asn1_write_value(pkcs12->pkcs12, "macData.macSalt", salt,
+ sizeof(salt));
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* write the iterations
+ */
+
+ if (iter > 1) {
+ result =
+ _gnutls_x509_write_uint32(pkcs12->pkcs12,
+ "macData.iterations", iter);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ /* Generate the key.
+ */
+ result =
+ _gnutls_pkcs12_string_to_key(3 /*MAC*/, salt, sizeof(salt),
+ iter, pass, sizeof(key), key);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Get the data to be MACed
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, NULL, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* MAC the data
+ */
+ result = _gnutls_mac_init(&td1, mac_to_entry(GNUTLS_MAC_SHA1),
+ key, sizeof(key));
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_mac(&td1, tmp.data, tmp.size);
+ _gnutls_free_datum(&tmp);
+
+ _gnutls_mac_deinit(&td1, sha_mac);
+
+
+ result =
+ asn1_write_value(pkcs12->pkcs12, "macData.mac.digest", sha_mac,
+ sizeof(sha_mac));
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(pkcs12->pkcs12,
+ "macData.mac.digestAlgorithm.parameters",
+ NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(pkcs12->pkcs12,
+ "macData.mac.digestAlgorithm.algorithm",
+ HASH_OID_SHA1, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ return result;
}
/**
@@ -999,216 +957,201 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass)
+int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass)
{
- uint8_t key[20];
- int result;
- unsigned int iter;
- int len;
- mac_hd_st td1;
- gnutls_datum_t tmp = { NULL, 0 }, salt =
- {
- NULL, 0};
- uint8_t sha_mac[20];
- uint8_t sha_mac_orig[20];
-
- if (pkcs12 == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* read the iterations
- */
-
- result =
- _gnutls_x509_read_uint (pkcs12->pkcs12, "macData.iterations", &iter);
- if (result < 0)
- {
- iter = 1; /* the default */
- }
-
-
- /* Read the salt from the structure.
- */
- result =
- _gnutls_x509_read_value (pkcs12->pkcs12, "macData.macSalt", &salt);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Generate the key.
- */
- result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt.data, salt.size,
- iter, pass, sizeof (key), key);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- _gnutls_free_datum (&salt);
-
- /* Get the data to be MACed
- */
- result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* MAC the data
- */
- result = _gnutls_mac_init (&td1, mac_to_entry(GNUTLS_MAC_SHA1),
- key, sizeof (key));
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- _gnutls_mac (&td1, tmp.data, tmp.size);
- _gnutls_free_datum (&tmp);
-
- _gnutls_mac_deinit (&td1, sha_mac);
-
- len = sizeof (sha_mac_orig);
- result =
- asn1_read_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac_orig,
- &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (memcmp (sha_mac_orig, sha_mac, sizeof (sha_mac)) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MAC_VERIFY_FAILED;
- }
-
- return 0;
-
-cleanup:
- _gnutls_free_datum (&tmp);
- _gnutls_free_datum (&salt);
- return result;
+ uint8_t key[20];
+ int result;
+ unsigned int iter;
+ int len;
+ mac_hd_st td1;
+ gnutls_datum_t tmp = { NULL, 0 }, salt = {
+ NULL, 0};
+ uint8_t sha_mac[20];
+ uint8_t sha_mac_orig[20];
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* read the iterations
+ */
+
+ result =
+ _gnutls_x509_read_uint(pkcs12->pkcs12, "macData.iterations",
+ &iter);
+ if (result < 0) {
+ iter = 1; /* the default */
+ }
+
+
+ /* Read the salt from the structure.
+ */
+ result =
+ _gnutls_x509_read_value(pkcs12->pkcs12, "macData.macSalt",
+ &salt);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Generate the key.
+ */
+ result =
+ _gnutls_pkcs12_string_to_key(3 /*MAC*/, salt.data, salt.size,
+ iter, pass, sizeof(key), key);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_free_datum(&salt);
+
+ /* Get the data to be MACed
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, NULL, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* MAC the data
+ */
+ result = _gnutls_mac_init(&td1, mac_to_entry(GNUTLS_MAC_SHA1),
+ key, sizeof(key));
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_mac(&td1, tmp.data, tmp.size);
+ _gnutls_free_datum(&tmp);
+
+ _gnutls_mac_deinit(&td1, sha_mac);
+
+ len = sizeof(sha_mac_orig);
+ result =
+ asn1_read_value(pkcs12->pkcs12, "macData.mac.digest",
+ sha_mac_orig, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (memcmp(sha_mac_orig, sha_mac, sizeof(sha_mac)) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MAC_VERIFY_FAILED;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ _gnutls_free_datum(&salt);
+ return result;
}
static int
-write_attributes (gnutls_pkcs12_bag_t bag, int elem,
- ASN1_TYPE c2, const char *where)
+write_attributes(gnutls_pkcs12_bag_t bag, int elem,
+ ASN1_TYPE c2, const char *where)
{
- int result;
- char root[128];
-
- /* If the bag attributes are empty, then write
- * nothing to the attribute field.
- */
- if (bag->element[elem].friendly_name == NULL &&
- bag->element[elem].local_key_id.data == NULL)
- {
- /* no attributes
- */
- result = asn1_write_value (c2, where, NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
- }
-
- if (bag->element[elem].local_key_id.data != NULL)
- {
-
- /* Add a new Attribute
- */
- result = asn1_write_value (c2, where, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- _gnutls_str_cpy (root, sizeof (root), where);
- _gnutls_str_cat (root, sizeof (root), ".?LAST");
-
- result =
- _gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root,
- bag->
- element[elem].local_key_id.
- data,
- bag->
- element[elem].local_key_id.
- size, 1);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- if (bag->element[elem].friendly_name != NULL)
- {
- uint8_t *name;
- int size, i;
- const char *p;
-
- /* Add a new Attribute
- */
- result = asn1_write_value (c2, where, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* convert name to BMPString
- */
- size = strlen (bag->element[elem].friendly_name) * 2;
- name = gnutls_malloc (size);
-
- if (name == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- p = bag->element[elem].friendly_name;
- for (i = 0; i < size; i += 2)
- {
- name[i] = 0;
- name[i + 1] = *p;
- p++;
- }
-
- _gnutls_str_cpy (root, sizeof (root), where);
- _gnutls_str_cat (root, sizeof (root), ".?LAST");
-
- result =
- _gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2,
- root, name, size, 1);
-
- gnutls_free (name);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- return 0;
+ int result;
+ char root[128];
+
+ /* If the bag attributes are empty, then write
+ * nothing to the attribute field.
+ */
+ if (bag->element[elem].friendly_name == NULL &&
+ bag->element[elem].local_key_id.data == NULL) {
+ /* no attributes
+ */
+ result = asn1_write_value(c2, where, NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
+ }
+
+ if (bag->element[elem].local_key_id.data != NULL) {
+
+ /* Add a new Attribute
+ */
+ result = asn1_write_value(c2, where, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cpy(root, sizeof(root), where);
+ _gnutls_str_cat(root, sizeof(root), ".?LAST");
+
+ result =
+ _gnutls_x509_encode_and_write_attribute(KEY_ID_OID, c2,
+ root,
+ bag->element
+ [elem].
+ local_key_id.data,
+ bag->element
+ [elem].
+ local_key_id.size,
+ 1);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ if (bag->element[elem].friendly_name != NULL) {
+ uint8_t *name;
+ int size, i;
+ const char *p;
+
+ /* Add a new Attribute
+ */
+ result = asn1_write_value(c2, where, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* convert name to BMPString
+ */
+ size = strlen(bag->element[elem].friendly_name) * 2;
+ name = gnutls_malloc(size);
+
+ if (name == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p = bag->element[elem].friendly_name;
+ for (i = 0; i < size; i += 2) {
+ name[i] = 0;
+ name[i + 1] = *p;
+ p++;
+ }
+
+ _gnutls_str_cpy(root, sizeof(root), where);
+ _gnutls_str_cat(root, sizeof(root), ".?LAST");
+
+ result =
+ _gnutls_x509_encode_and_write_attribute
+ (FRIENDLY_NAME_OID, c2, root, name, size, 1);
+
+ gnutls_free(name);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ return 0;
}
@@ -1216,125 +1159,118 @@ write_attributes (gnutls_pkcs12_bag_t bag, int elem,
* the given datum. Enc is set to non-zero if the data are encrypted;
*/
int
-_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents,
- int *enc)
+_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents,
+ int *enc)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- int i;
- const char *oid;
-
- if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc)
- {
- *enc = 1;
- return 0; /* ENCRYPTED BAG, do nothing. */
- }
- else if (enc)
- *enc = 0;
-
- /* Step 1. Create the SEQUENCE.
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- for (i = 0; i < bag->bag_elements; i++)
- {
-
- oid = bag_to_oid (bag->element[i].type);
- if (oid == NULL)
- {
- gnutls_assert ();
- continue;
- }
-
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Copy the bag type.
- */
- result = asn1_write_value (c2, "?LAST.bagId", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Set empty attributes
- */
- result = write_attributes (bag, i, c2, "?LAST.bagAttributes");
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
-
- /* Copy the Bag Value
- */
-
- if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE ||
- bag->element[i].type == GNUTLS_BAG_SECRET ||
- bag->element[i].type == GNUTLS_BAG_CRL)
- {
- gnutls_datum_t tmp;
-
- /* in that case encode it to a CertBag or
- * a CrlBag.
- */
-
- result =
- _pkcs12_encode_crt_bag (bag->element[i].type,
- &bag->element[i].data, &tmp);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_value (c2, "?LAST.bagValue", &tmp);
-
- _gnutls_free_datum (&tmp);
-
- }
- else
- {
-
- result = _gnutls_x509_write_value (c2, "?LAST.bagValue",
- &bag->element[i].data);
- }
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- }
-
- /* Encode the data and copy them into the datum
- */
- *contents = c2;
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ int i;
+ const char *oid;
+
+ if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc) {
+ *enc = 1;
+ return 0; /* ENCRYPTED BAG, do nothing. */
+ } else if (enc)
+ *enc = 0;
+
+ /* Step 1. Create the SEQUENCE.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ for (i = 0; i < bag->bag_elements; i++) {
+
+ oid = bag_to_oid(bag->element[i].type);
+ if (oid == NULL) {
+ gnutls_assert();
+ continue;
+ }
+
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Copy the bag type.
+ */
+ result = asn1_write_value(c2, "?LAST.bagId", oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Set empty attributes
+ */
+ result =
+ write_attributes(bag, i, c2, "?LAST.bagAttributes");
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+
+ /* Copy the Bag Value
+ */
+
+ if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE ||
+ bag->element[i].type == GNUTLS_BAG_SECRET ||
+ bag->element[i].type == GNUTLS_BAG_CRL) {
+ gnutls_datum_t tmp;
+
+ /* in that case encode it to a CertBag or
+ * a CrlBag.
+ */
+
+ result =
+ _pkcs12_encode_crt_bag(bag->element[i].type,
+ &bag->element[i].data,
+ &tmp);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_write_value(c2, "?LAST.bagValue",
+ &tmp);
+
+ _gnutls_free_datum(&tmp);
+
+ } else {
+
+ result =
+ _gnutls_x509_write_value(c2, "?LAST.bagValue",
+ &bag->element[i].
+ data);
+ }
+
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ }
+
+ /* Encode the data and copy them into the datum
+ */
+ *contents = c2;
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -1342,45 +1278,49 @@ cleanup:
* with the first certificate in chain (it is expected that chain_len==1)
* and appends those in the chain.
*/
-static int make_chain(gnutls_x509_crt_t **chain, unsigned int *chain_len,
- gnutls_x509_crt_t **extra_certs, unsigned int *extra_certs_len,
- unsigned int flags)
+static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len,
+ gnutls_x509_crt_t ** extra_certs,
+ unsigned int *extra_certs_len, unsigned int flags)
{
-unsigned int i;
-
- if (*chain_len != 1)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- i = 0;
- while(i<*extra_certs_len)
- {
- /* if it is an issuer but not a self-signed one */
- if (gnutls_x509_crt_check_issuer((*chain)[*chain_len - 1], (*extra_certs)[i]) != 0)
- {
- if (!(flags & GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED) &&
- gnutls_x509_crt_check_issuer((*extra_certs)[i], (*extra_certs)[i]) != 0)
- goto skip;
-
- *chain = gnutls_realloc_fast (*chain, sizeof((*chain)[0]) *
- ++(*chain_len));
- if (*chain == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- (*chain)[*chain_len - 1] = (*extra_certs)[i];
-
- (*extra_certs)[i] = (*extra_certs)[*extra_certs_len-1];
- (*extra_certs_len)--;
-
- i=0;
- continue;
- }
-
-skip:
- i++;
- }
- return 0;
+ unsigned int i;
+
+ if (*chain_len != 1)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ i = 0;
+ while (i < *extra_certs_len) {
+ /* if it is an issuer but not a self-signed one */
+ if (gnutls_x509_crt_check_issuer
+ ((*chain)[*chain_len - 1], (*extra_certs)[i]) != 0) {
+ if (!(flags & GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED)
+ &&
+ gnutls_x509_crt_check_issuer((*extra_certs)[i],
+ (*extra_certs)[i])
+ != 0)
+ goto skip;
+
+ *chain =
+ gnutls_realloc_fast(*chain,
+ sizeof((*chain)[0]) *
+ ++(*chain_len));
+ if (*chain == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ (*chain)[*chain_len - 1] = (*extra_certs)[i];
+
+ (*extra_certs)[i] =
+ (*extra_certs)[*extra_certs_len - 1];
+ (*extra_certs_len)--;
+
+ i = 0;
+ continue;
+ }
+
+ skip:
+ i++;
+ }
+ return 0;
}
/**
@@ -1433,413 +1373,385 @@ skip:
* Since: 3.1
**/
int
-gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
- const char *password,
- gnutls_x509_privkey_t * key,
- gnutls_x509_crt_t ** chain,
- unsigned int * chain_len,
- gnutls_x509_crt_t ** extra_certs,
- unsigned int * extra_certs_len,
- gnutls_x509_crl_t * crl,
- unsigned int flags)
+gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
+ const char *password,
+ gnutls_x509_privkey_t * key,
+ gnutls_x509_crt_t ** chain,
+ unsigned int *chain_len,
+ gnutls_x509_crt_t ** extra_certs,
+ unsigned int *extra_certs_len,
+ gnutls_x509_crl_t * crl, unsigned int flags)
{
- gnutls_pkcs12_bag_t bag = NULL;
- gnutls_x509_crt_t *_extra_certs = NULL;
- unsigned int _extra_certs_len = 0;
- gnutls_x509_crt_t *_chain = NULL;
- unsigned int _chain_len = 0;
- int idx = 0;
- int ret;
- size_t cert_id_size = 0;
- size_t key_id_size = 0;
- uint8_t cert_id[20];
- uint8_t key_id[20];
- int privkey_ok = 0;
- unsigned int i;
-
- *key = NULL;
-
- if (crl)
- *crl = NULL;
-
- /* find the first private key */
- for (;;)
- {
- int elements_in_bag;
- int i;
-
- ret = gnutls_pkcs12_bag_init (&bag);
- if (ret < 0)
- {
- bag = NULL;
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_get_bag (p12, idx, bag);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_get_type (bag, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- if (ret == GNUTLS_BAG_ENCRYPTED)
- {
- if (password == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_decrypt (bag, password);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
- }
-
- elements_in_bag = gnutls_pkcs12_bag_get_count (bag);
- if (elements_in_bag < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- for (i = 0; i < elements_in_bag; i++)
- {
- int type;
- gnutls_datum_t data;
-
- type = gnutls_pkcs12_bag_get_type (bag, i);
- if (type < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- switch (type)
- {
- case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
- if (password == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
- goto done;
- }
-
- case GNUTLS_BAG_PKCS8_KEY:
- if (*key != NULL) /* too simple to continue */
- {
- gnutls_assert ();
- break;
- }
-
- ret = gnutls_x509_privkey_init (key);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_x509_privkey_import_pkcs8
- (*key, &data, GNUTLS_X509_FMT_DER, password,
- type == GNUTLS_BAG_PKCS8_KEY ? GNUTLS_PKCS_PLAIN : 0);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_privkey_deinit (*key);
- goto done;
- }
-
- key_id_size = sizeof (key_id);
- ret =
- gnutls_x509_privkey_get_key_id (*key, 0, key_id,
- &key_id_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_privkey_deinit (*key);
- goto done;
- }
-
- privkey_ok = 1; /* break */
- break;
- default:
- break;
- }
- }
-
- idx++;
- gnutls_pkcs12_bag_deinit (bag);
-
- if (privkey_ok != 0) /* private key was found */
- break;
- }
-
- if (privkey_ok == 0) /* no private key */
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* now find the corresponding certificate
- */
- idx = 0;
- bag = NULL;
- for (;;)
- {
- int elements_in_bag;
- int i;
-
- ret = gnutls_pkcs12_bag_init (&bag);
- if (ret < 0)
- {
- bag = NULL;
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_get_bag (p12, idx, bag);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_get_type (bag, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- if (ret == GNUTLS_BAG_ENCRYPTED)
- {
- ret = gnutls_pkcs12_bag_decrypt (bag, password);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
- }
-
- elements_in_bag = gnutls_pkcs12_bag_get_count (bag);
- if (elements_in_bag < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- for (i = 0; i < elements_in_bag; i++)
- {
- int type;
- gnutls_datum_t data;
- gnutls_x509_crt_t this_cert;
-
- type = gnutls_pkcs12_bag_get_type (bag, i);
- if (type < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- switch (type)
- {
- case GNUTLS_BAG_CERTIFICATE:
- ret = gnutls_x509_crt_init (&this_cert);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret =
- gnutls_x509_crt_import (this_cert, &data, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (this_cert);
- goto done;
- }
-
- /* check if the key id match */
- cert_id_size = sizeof (cert_id);
- ret =
- gnutls_x509_crt_get_key_id (this_cert, 0, cert_id, &cert_id_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crt_deinit (this_cert);
- goto done;
- }
-
- if (memcmp (cert_id, key_id, cert_id_size) != 0)
- { /* they don't match - skip the certificate */
- if (extra_certs)
- {
- _extra_certs = gnutls_realloc_fast (_extra_certs,
- sizeof(_extra_certs[0]) *
- ++_extra_certs_len);
- if (!_extra_certs)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto done;
- }
- _extra_certs[_extra_certs_len - 1] = this_cert;
- this_cert = NULL;
- }
- else
- {
- gnutls_x509_crt_deinit (this_cert);
- }
- }
- else
- {
- if (chain && _chain_len == 0)
- {
- _chain = gnutls_malloc (sizeof(_chain[0]) * (++_chain_len));
- if (!_chain)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto done;
- }
- _chain[_chain_len - 1] = this_cert;
- this_cert = NULL;
- }
- else
- {
- gnutls_x509_crt_deinit (this_cert);
- }
- }
- break;
-
- case GNUTLS_BAG_CRL:
- if (crl == NULL || *crl != NULL)
- {
- gnutls_assert ();
- break;
- }
-
- ret = gnutls_x509_crl_init (crl);
- if (ret < 0)
- {
- gnutls_assert ();
- goto done;
- }
-
- ret = gnutls_x509_crl_import (*crl, &data, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_x509_crl_deinit (*crl);
- goto done;
- }
- break;
-
- case GNUTLS_BAG_ENCRYPTED:
- /* XXX Bother to recurse one level down? Unlikely to
- use the same password anyway. */
- case GNUTLS_BAG_EMPTY:
- default:
- break;
- }
- }
-
- idx++;
- gnutls_pkcs12_bag_deinit (bag);
- }
-
- if (chain != NULL)
- {
- if (_chain_len != 1)
- {
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto done;
- }
-
- ret = make_chain(&_chain, &_chain_len, &_extra_certs, &_extra_certs_len, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto done;
- }
- }
-
- ret = 0;
-
-done:
- if (bag)
- gnutls_pkcs12_bag_deinit (bag);
-
- if (ret < 0)
- {
- if (*key)
- gnutls_x509_privkey_deinit(*key);
- if (_extra_certs_len && _extra_certs != NULL)
- {
- for (i = 0; i < _extra_certs_len; i++)
- gnutls_x509_crt_deinit(_extra_certs[i]);
- gnutls_free(_extra_certs);
- }
- if (_chain_len && _chain != NULL)
- {
- for (i = 0; i < _chain_len; i++)
- gnutls_x509_crt_deinit(_chain[i]);
- gnutls_free(_chain);
- }
-
- return ret;
- }
-
- if (extra_certs && _extra_certs_len > 0)
- {
- *extra_certs = _extra_certs;
- *extra_certs_len = _extra_certs_len;
- }
- else
- {
- if (extra_certs)
- {
- *extra_certs = NULL;
- *extra_certs_len = 0;
- }
- for (i = 0; i < _extra_certs_len; i++)
- gnutls_x509_crt_deinit(_extra_certs[i]);
- gnutls_free(_extra_certs);
- }
-
- if (chain != NULL)
- {
- *chain = _chain;
- *chain_len = _chain_len;
- }
-
- return ret;
+ gnutls_pkcs12_bag_t bag = NULL;
+ gnutls_x509_crt_t *_extra_certs = NULL;
+ unsigned int _extra_certs_len = 0;
+ gnutls_x509_crt_t *_chain = NULL;
+ unsigned int _chain_len = 0;
+ int idx = 0;
+ int ret;
+ size_t cert_id_size = 0;
+ size_t key_id_size = 0;
+ uint8_t cert_id[20];
+ uint8_t key_id[20];
+ int privkey_ok = 0;
+ unsigned int i;
+
+ *key = NULL;
+
+ if (crl)
+ *crl = NULL;
+
+ /* find the first private key */
+ for (;;) {
+ int elements_in_bag;
+ int i;
+
+ ret = gnutls_pkcs12_bag_init(&bag);
+ if (ret < 0) {
+ bag = NULL;
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_get_bag(p12, idx, bag);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_type(bag, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ if (ret == GNUTLS_BAG_ENCRYPTED) {
+ if (password == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_DECRYPTION_FAILED);
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_decrypt(bag, password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ }
+
+ elements_in_bag = gnutls_pkcs12_bag_get_count(bag);
+ if (elements_in_bag < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ for (i = 0; i < elements_in_bag; i++) {
+ int type;
+ gnutls_datum_t data;
+
+ type = gnutls_pkcs12_bag_get_type(bag, i);
+ if (type < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_data(bag, i, &data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ switch (type) {
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ if (password == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_DECRYPTION_FAILED);
+ goto done;
+ }
+
+ case GNUTLS_BAG_PKCS8_KEY:
+ if (*key != NULL) { /* too simple to continue */
+ gnutls_assert();
+ break;
+ }
+
+ ret = gnutls_x509_privkey_init(key);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_x509_privkey_import_pkcs8
+ (*key, &data, GNUTLS_X509_FMT_DER,
+ password,
+ type ==
+ GNUTLS_BAG_PKCS8_KEY ?
+ GNUTLS_PKCS_PLAIN : 0);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_privkey_deinit(*key);
+ goto done;
+ }
+
+ key_id_size = sizeof(key_id);
+ ret =
+ gnutls_x509_privkey_get_key_id(*key, 0,
+ key_id,
+ &key_id_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_privkey_deinit(*key);
+ goto done;
+ }
+
+ privkey_ok = 1; /* break */
+ break;
+ default:
+ break;
+ }
+ }
+
+ idx++;
+ gnutls_pkcs12_bag_deinit(bag);
+
+ if (privkey_ok != 0) /* private key was found */
+ break;
+ }
+
+ if (privkey_ok == 0) { /* no private key */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* now find the corresponding certificate
+ */
+ idx = 0;
+ bag = NULL;
+ for (;;) {
+ int elements_in_bag;
+ int i;
+
+ ret = gnutls_pkcs12_bag_init(&bag);
+ if (ret < 0) {
+ bag = NULL;
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_get_bag(p12, idx, bag);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_type(bag, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ if (ret == GNUTLS_BAG_ENCRYPTED) {
+ ret = gnutls_pkcs12_bag_decrypt(bag, password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ }
+
+ elements_in_bag = gnutls_pkcs12_bag_get_count(bag);
+ if (elements_in_bag < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ for (i = 0; i < elements_in_bag; i++) {
+ int type;
+ gnutls_datum_t data;
+ gnutls_x509_crt_t this_cert;
+
+ type = gnutls_pkcs12_bag_get_type(bag, i);
+ if (type < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_data(bag, i, &data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ switch (type) {
+ case GNUTLS_BAG_CERTIFICATE:
+ ret = gnutls_x509_crt_init(&this_cert);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret =
+ gnutls_x509_crt_import(this_cert,
+ &data,
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(this_cert);
+ goto done;
+ }
+
+ /* check if the key id match */
+ cert_id_size = sizeof(cert_id);
+ ret =
+ gnutls_x509_crt_get_key_id(this_cert,
+ 0, cert_id,
+ &cert_id_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(this_cert);
+ goto done;
+ }
+
+ if (memcmp(cert_id, key_id, cert_id_size) != 0) { /* they don't match - skip the certificate */
+ if (extra_certs) {
+ _extra_certs =
+ gnutls_realloc_fast
+ (_extra_certs,
+ sizeof(_extra_certs
+ [0]) *
+ ++_extra_certs_len);
+ if (!_extra_certs) {
+ gnutls_assert();
+ ret =
+ GNUTLS_E_MEMORY_ERROR;
+ goto done;
+ }
+ _extra_certs
+ [_extra_certs_len -
+ 1] = this_cert;
+ this_cert = NULL;
+ } else {
+ gnutls_x509_crt_deinit
+ (this_cert);
+ }
+ } else {
+ if (chain && _chain_len == 0) {
+ _chain =
+ gnutls_malloc(sizeof
+ (_chain
+ [0]) *
+ (++_chain_len));
+ if (!_chain) {
+ gnutls_assert();
+ ret =
+ GNUTLS_E_MEMORY_ERROR;
+ goto done;
+ }
+ _chain[_chain_len - 1] =
+ this_cert;
+ this_cert = NULL;
+ } else {
+ gnutls_x509_crt_deinit
+ (this_cert);
+ }
+ }
+ break;
+
+ case GNUTLS_BAG_CRL:
+ if (crl == NULL || *crl != NULL) {
+ gnutls_assert();
+ break;
+ }
+
+ ret = gnutls_x509_crl_init(crl);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+
+ ret =
+ gnutls_x509_crl_import(*crl, &data,
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crl_deinit(*crl);
+ goto done;
+ }
+ break;
+
+ case GNUTLS_BAG_ENCRYPTED:
+ /* XXX Bother to recurse one level down? Unlikely to
+ use the same password anyway. */
+ case GNUTLS_BAG_EMPTY:
+ default:
+ break;
+ }
+ }
+
+ idx++;
+ gnutls_pkcs12_bag_deinit(bag);
+ }
+
+ if (chain != NULL) {
+ if (_chain_len != 1) {
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto done;
+ }
+
+ ret =
+ make_chain(&_chain, &_chain_len, &_extra_certs,
+ &_extra_certs_len, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto done;
+ }
+ }
+
+ ret = 0;
+
+ done:
+ if (bag)
+ gnutls_pkcs12_bag_deinit(bag);
+
+ if (ret < 0) {
+ if (*key)
+ gnutls_x509_privkey_deinit(*key);
+ if (_extra_certs_len && _extra_certs != NULL) {
+ for (i = 0; i < _extra_certs_len; i++)
+ gnutls_x509_crt_deinit(_extra_certs[i]);
+ gnutls_free(_extra_certs);
+ }
+ if (_chain_len && _chain != NULL) {
+ for (i = 0; i < _chain_len; i++)
+ gnutls_x509_crt_deinit(_chain[i]);
+ gnutls_free(_chain);
+ }
+
+ return ret;
+ }
+
+ if (extra_certs && _extra_certs_len > 0) {
+ *extra_certs = _extra_certs;
+ *extra_certs_len = _extra_certs_len;
+ } else {
+ if (extra_certs) {
+ *extra_certs = NULL;
+ *extra_certs_len = 0;
+ }
+ for (i = 0; i < _extra_certs_len; i++)
+ gnutls_x509_crt_deinit(_extra_certs[i]);
+ gnutls_free(_extra_certs);
+ }
+
+ if (chain != NULL) {
+ *chain = _chain;
+ *chain_len = _chain_len;
+ }
+
+ return ret;
}
diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c
index a3a5149364..b77ea46cf4 100644
--- a/lib/x509/pkcs12_bag.c
+++ b/lib/x509/pkcs12_bag.c
@@ -42,31 +42,27 @@
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag)
+int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag)
{
- *bag = gnutls_calloc (1, sizeof (gnutls_pkcs12_bag_int));
+ *bag = gnutls_calloc(1, sizeof(gnutls_pkcs12_bag_int));
- if (*bag)
- {
- return 0; /* success */
- }
- return GNUTLS_E_MEMORY_ERROR;
+ if (*bag) {
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
-static inline void
-_pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag)
+static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag)
{
- int i;
+ int i;
- for (i = 0; i < bag->bag_elements; i++)
- {
- _gnutls_free_datum (&bag->element[i].data);
- _gnutls_free_datum (&bag->element[i].local_key_id);
- gnutls_free (bag->element[i].friendly_name);
- bag->element[i].friendly_name = NULL;
- bag->element[i].type = 0;
- }
+ for (i = 0; i < bag->bag_elements; i++) {
+ _gnutls_free_datum(&bag->element[i].data);
+ _gnutls_free_datum(&bag->element[i].local_key_id);
+ gnutls_free(bag->element[i].friendly_name);
+ bag->element[i].friendly_name = NULL;
+ bag->element[i].type = 0;
+ }
}
@@ -77,15 +73,14 @@ _pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag)
*
* This function will deinitialize a PKCS12 Bag structure.
**/
-void
-gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag)
+void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag)
{
- if (!bag)
- return;
+ if (!bag)
+ return;
- _pkcs12_bag_free_data (bag);
+ _pkcs12_bag_free_data(bag);
- gnutls_free (bag);
+ gnutls_free(bag);
}
/**
@@ -98,17 +93,16 @@ gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag)
* Returns: One of the #gnutls_pkcs12_bag_type_t enumerations.
**/
gnutls_pkcs12_bag_type_t
-gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx)
+gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t bag, int indx)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (indx >= bag->bag_elements)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- return bag->element[indx].type;
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx >= bag->bag_elements)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return bag->element[indx].type;
}
/**
@@ -120,16 +114,14 @@ gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx)
* Returns: Number of elements in bag, or an negative error code on
* error.
**/
-int
-gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag)
+int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return bag->bag_elements;
+ return bag->bag_elements;
}
/**
@@ -146,22 +138,21 @@ gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag)
* negative error value.
**/
int
-gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * data)
+gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * data)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx >= bag->bag_elements)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ if (indx >= bag->bag_elements)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- data->data = bag->element[indx].data.data;
- data->size = bag->element[indx].data.size;
+ data->data = bag->element[indx].data.data;
+ data->size = bag->element[indx].data.size;
- return 0;
+ return 0;
}
#define X509_CERT_OID "1.2.840.113549.1.9.22.1"
@@ -169,220 +160,213 @@ gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
#define RANDOM_NONCE_OID "1.2.840.113549.1.9.25.3"
int
-_pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * in, gnutls_datum_t * out)
+_pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * in, gnutls_datum_t * out)
{
- int ret;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- switch (type)
- {
- case GNUTLS_BAG_CERTIFICATE:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CertBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_read_string (c2, "certValue", out, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- case GNUTLS_BAG_CRL:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CRLBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_read_string (c2, "crlValue", out, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- case GNUTLS_BAG_SECRET:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-SecretBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_read_string (c2, "secretValue", out, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- default:
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-
-cleanup:
-
- asn1_delete_structure (&c2);
- return ret;
+ int ret;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ switch (type) {
+ case GNUTLS_BAG_CERTIFICATE:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CertBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_read_string(c2, "certValue", out,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_CRL:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CRLBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_read_string(c2, "crlValue", out,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_SECRET:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-SecretBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_read_string(c2, "secretValue", out,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ default:
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+
+ cleanup:
+
+ asn1_delete_structure(&c2);
+ return ret;
}
int
-_pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * raw, gnutls_datum_t * out)
+_pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * raw, gnutls_datum_t * out)
{
- int ret;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- switch (type)
- {
- case GNUTLS_BAG_CERTIFICATE:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CertBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_write_value (c2, "certId", X509_CERT_OID, 1);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_write_string (c2, "certValue", raw, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- case GNUTLS_BAG_CRL:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-CRLBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_write_value (c2, "crlId", X509_CRL_OID, 1);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_write_string (c2, "crlValue", raw, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- case GNUTLS_BAG_SECRET:
- if ((ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-SecretBag",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_write_value (c2, "secretTypeId", RANDOM_NONCE_OID, 1);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_write_string (c2, "secretValue", raw, ASN1_ETYPE_OCTET_STRING);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- break;
-
- default:
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- ret = _gnutls_x509_der_encode (c2, "", out, 0);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-
-cleanup:
-
- asn1_delete_structure (&c2);
- return ret;
+ int ret;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ switch (type) {
+ case GNUTLS_BAG_CERTIFICATE:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CertBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_write_value(c2, "certId", X509_CERT_OID, 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_write_string(c2, "certValue", raw,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_CRL:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CRLBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_write_value(c2, "crlId", X509_CRL_OID, 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_write_string(c2, "crlValue", raw,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_SECRET:
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-SecretBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ asn1_write_value(c2, "secretTypeId", RANDOM_NONCE_OID,
+ 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_write_string(c2, "secretValue", raw,
+ ASN1_ETYPE_OCTET_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
+
+ default:
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ ret = _gnutls_x509_der_encode(c2, "", out, 0);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+
+ cleanup:
+
+ asn1_delete_structure(&c2);
+ return ret;
}
@@ -399,54 +383,49 @@ cleanup:
* value on error.
**/
int
-gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
- gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * data)
+gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag,
+ gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * data)
{
- int ret;
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bag->bag_elements == MAX_BAG_ELEMENTS - 1)
- {
- gnutls_assert ();
- /* bag is full */
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (bag->bag_elements == 1)
- {
- /* A bag with a key or an encrypted bag, must have
- * only one element.
- */
-
- if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY ||
- bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY ||
- bag->element[0].type == GNUTLS_BAG_ENCRYPTED)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- }
-
- ret =
- _gnutls_set_datum (&bag->element[bag->bag_elements].data,
- data->data, data->size);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- bag->element[bag->bag_elements].type = type;
-
- bag->bag_elements++;
-
- return bag->bag_elements - 1;
+ int ret;
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->bag_elements == MAX_BAG_ELEMENTS - 1) {
+ gnutls_assert();
+ /* bag is full */
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (bag->bag_elements == 1) {
+ /* A bag with a key or an encrypted bag, must have
+ * only one element.
+ */
+
+ if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY ||
+ bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY
+ || bag->element[0].type == GNUTLS_BAG_ENCRYPTED) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+
+ ret =
+ _gnutls_set_datum(&bag->element[bag->bag_elements].data,
+ data->data, data->size);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ bag->element[bag->bag_elements].type = type;
+
+ bag->bag_elements++;
+
+ return bag->bag_elements - 1;
}
/**
@@ -461,29 +440,28 @@ gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
* value on failure.
**/
int
-gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, gnutls_x509_crt_t crt)
+gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, gnutls_x509_crt_t crt)
{
- int ret;
- gnutls_datum_t data;
+ int ret;
+ gnutls_datum_t data;
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_x509_der_encode (crt->cert, "", &data, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_der_encode(crt->cert, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CERTIFICATE, &data);
+ ret =
+ gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CERTIFICATE, &data);
- _gnutls_free_datum (&data);
+ _gnutls_free_datum(&data);
- return ret;
+ return ret;
}
/**
@@ -498,30 +476,28 @@ gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, gnutls_x509_crt_t crt)
* on failure.
**/
int
-gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl)
+gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl)
{
- int ret;
- gnutls_datum_t data;
+ int ret;
+ gnutls_datum_t data;
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_x509_der_encode (crl->crl, "", &data, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_der_encode(crl->crl, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CRL, &data);
+ ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CRL, &data);
- _gnutls_free_datum (&data);
+ _gnutls_free_datum(&data);
- return ret;
+ return ret;
}
/**
@@ -539,34 +515,31 @@ gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl)
* negative error value. or a negative error code on error.
**/
int
-gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
- const gnutls_datum_t * id)
+gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx,
+ const gnutls_datum_t * id)
{
- int ret;
+ int ret;
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx > bag->bag_elements - 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_set_datum (&bag->element[indx].local_key_id,
- id->data, id->size);
+ ret = _gnutls_set_datum(&bag->element[indx].local_key_id,
+ id->data, id->size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -583,25 +556,23 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
* negative error value. or a negative error code on error.
**/
int
-gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
- gnutls_datum_t * id)
+gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * id)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (indx > bag->bag_elements - 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- id->data = bag->element[indx].local_key_id.data;
- id->size = bag->element[indx].local_key_id.size;
-
- return 0;
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ id->data = bag->element[indx].local_key_id.data;
+ id->size = bag->element[indx].local_key_id.size;
+
+ return 0;
}
/**
@@ -618,24 +589,22 @@ gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
* negative error value. or a negative error code on error.
**/
int
-gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- char **name)
+gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, int indx,
+ char **name)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx > bag->bag_elements - 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- *name = bag->element[indx].friendly_name;
+ *name = bag->element[indx].friendly_name;
- return 0;
+ return 0;
}
@@ -654,30 +623,27 @@ gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
* negative error value. or a negative error code on error.
**/
int
-gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
- const char *name)
+gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, int indx,
+ const char *name)
{
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (indx > bag->bag_elements - 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- bag->element[indx].friendly_name = gnutls_strdup (name);
-
- if (name == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ bag->element[indx].friendly_name = gnutls_strdup(name);
+
+ if (name == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
@@ -692,49 +658,45 @@ gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
-int
-gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass)
+int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass)
{
- int ret;
- gnutls_datum_t dec;
+ int ret;
+ gnutls_datum_t dec;
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_pkcs7_decrypt_data (&bag->element[0].data, pass, &dec);
+ ret =
+ _gnutls_pkcs7_decrypt_data(&bag->element[0].data, pass, &dec);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* decryption succeeded. Now decode the SafeContents
- * stuff, and parse it.
- */
+ /* decryption succeeded. Now decode the SafeContents
+ * stuff, and parse it.
+ */
- _gnutls_free_datum (&bag->element[0].data);
+ _gnutls_free_datum(&bag->element[0].data);
- ret = _pkcs12_decode_safe_contents (&dec, bag);
+ ret = _pkcs12_decode_safe_contents(&dec, bag);
- _gnutls_free_datum (&dec);
+ _gnutls_free_datum(&dec);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -749,79 +711,73 @@ gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass)
* otherwise a negative error code is returned.
**/
int
-gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
- unsigned int flags)
+gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, const char *pass,
+ unsigned int flags)
{
- int ret;
- ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
- gnutls_datum_t der = { NULL, 0 };
- gnutls_datum_t enc = { NULL, 0 };
- schema_id id;
-
- if (bag == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Encode the whole bag to a safe contents
- * structure.
- */
- ret = _pkcs12_encode_safe_contents (bag, &safe_cont, NULL);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* DER encode the SafeContents.
- */
- ret = _gnutls_x509_der_encode (safe_cont, "", &der, 0);
-
- asn1_delete_structure (&safe_cont);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (flags & GNUTLS_PKCS_PLAIN)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- id = _gnutls_pkcs_flags_to_schema (flags);
-
- /* Now encrypt them.
- */
- ret = _gnutls_pkcs7_encrypt_data (id, &der, pass, &enc);
-
- _gnutls_free_datum (&der);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* encryption succeeded.
- */
-
- _pkcs12_bag_free_data (bag);
-
- bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
- bag->element[0].data = enc;
-
- bag->bag_elements = 1;
-
-
- return 0;
+ int ret;
+ ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
+ gnutls_datum_t der = { NULL, 0 };
+ gnutls_datum_t enc = { NULL, 0 };
+ schema_id id;
+
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Encode the whole bag to a safe contents
+ * structure.
+ */
+ ret = _pkcs12_encode_safe_contents(bag, &safe_cont, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* DER encode the SafeContents.
+ */
+ ret = _gnutls_x509_der_encode(safe_cont, "", &der, 0);
+
+ asn1_delete_structure(&safe_cont);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (flags & GNUTLS_PKCS_PLAIN) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ id = _gnutls_pkcs_flags_to_schema(flags);
+
+ /* Now encrypt them.
+ */
+ ret = _gnutls_pkcs7_encrypt_data(id, &der, pass, &enc);
+
+ _gnutls_free_datum(&der);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* encryption succeeded.
+ */
+
+ _pkcs12_bag_free_data(bag);
+
+ bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
+ bag->element[0].data = enc;
+
+ bag->bag_elements = 1;
+
+
+ return 0;
}
diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c
index c90c8dd8d3..e194ca4884 100644
--- a/lib/x509/pkcs12_encr.c
+++ b/lib/x509/pkcs12_encr.c
@@ -30,19 +30,17 @@
/* Returns 0 if the password is ok, or a negative error
* code instead.
*/
-static int
-_pkcs12_check_pass (const char *pass, size_t plen)
+static int _pkcs12_check_pass(const char *pass, size_t plen)
{
- unsigned int i;
+ unsigned int i;
- for (i = 0; i < plen; i++)
- {
- if (c_isascii (pass[i]))
- continue;
- return GNUTLS_E_INVALID_PASSWORD;
- }
+ for (i = 0; i < plen; i++) {
+ if (c_isascii(pass[i]))
+ continue;
+ return GNUTLS_E_INVALID_PASSWORD;
+ }
- return 0;
+ return 0;
}
#define MAX_PASS_LEN 128
@@ -56,152 +54,138 @@ _pkcs12_check_pass (const char *pass, size_t plen)
* NULL password, and for the password with zero length.
*/
int
-_gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt,
- unsigned int salt_size, unsigned int iter,
- const char *pw, unsigned int req_keylen,
- uint8_t * keybuf)
+_gnutls_pkcs12_string_to_key(unsigned int id, const uint8_t * salt,
+ unsigned int salt_size, unsigned int iter,
+ const char *pw, unsigned int req_keylen,
+ uint8_t * keybuf)
{
- int rc;
- unsigned int i, j;
- digest_hd_st md;
- bigint_t num_b1 = NULL, num_ij = NULL;
- bigint_t mpi512 = NULL;
- unsigned int pwlen;
- uint8_t hash[20], buf_b[64], buf_i[MAX_PASS_LEN*2+64], *p;
- uint8_t d[64];
- size_t cur_keylen;
- size_t n, m, p_size, i_size;
- const uint8_t buf_512[] = /* 2^64 */
- { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00
- };
-
- cur_keylen = 0;
-
- if (pw == NULL)
- pwlen = 0;
- else
- pwlen = strlen (pw);
-
- if (pwlen > MAX_PASS_LEN)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((rc = _pkcs12_check_pass (pw, pwlen)) < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- rc = _gnutls_mpi_scan (&mpi512, buf_512, sizeof (buf_512));
- if (rc < 0)
- {
- gnutls_assert ();
- return rc;
- }
-
- /* Store salt and password in BUF_I */
- p_size = ((pwlen/64)*64) + 64;
-
- if (p_size > sizeof(buf_i)-64)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- p = buf_i;
- for (i = 0; i < 64; i++)
- *p++ = salt[i % salt_size];
- if (pw)
- {
- for (i = j = 0; i < p_size; i += 2)
- {
- *p++ = 0;
- *p++ = pw[j];
- if (++j > pwlen) /* Note, that we include the trailing (0) */
- j = 0;
- }
- }
- else
- memset (p, 0, p_size);
-
- i_size = 64+p_size;
-
- for (;;)
- {
- rc = _gnutls_hash_init (&md, mac_to_entry(GNUTLS_MAC_SHA1));
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- memset(d, id & 0xff, 64);
- _gnutls_hash (&md, d, 64);
- _gnutls_hash (&md, buf_i, pw ? i_size : 64);
- _gnutls_hash_deinit (&md, hash);
- for (i = 1; i < iter; i++)
- {
- rc = _gnutls_hash_fast (GNUTLS_MAC_SHA1, hash, 20, hash);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
- keybuf[cur_keylen++] = hash[i];
- if (cur_keylen == req_keylen)
- {
- rc = 0; /* ready */
- goto cleanup;
- }
-
- /* need more bytes. */
- for (i = 0; i < 64; i++)
- buf_b[i] = hash[i % 20];
- n = 64;
- rc = _gnutls_mpi_scan (&num_b1, buf_b, n);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- _gnutls_mpi_add_ui (num_b1, num_b1, 1);
- for (i = 0; i < 128; i += 64)
- {
- n = 64;
- rc = _gnutls_mpi_scan (&num_ij, buf_i + i, n);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- _gnutls_mpi_addm (num_ij, num_ij, num_b1, mpi512);
- n = 64;
+ int rc;
+ unsigned int i, j;
+ digest_hd_st md;
+ bigint_t num_b1 = NULL, num_ij = NULL;
+ bigint_t mpi512 = NULL;
+ unsigned int pwlen;
+ uint8_t hash[20], buf_b[64], buf_i[MAX_PASS_LEN * 2 + 64], *p;
+ uint8_t d[64];
+ size_t cur_keylen;
+ size_t n, m, p_size, i_size;
+ const uint8_t buf_512[] = /* 2^64 */
+ { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+
+ cur_keylen = 0;
+
+ if (pw == NULL)
+ pwlen = 0;
+ else
+ pwlen = strlen(pw);
+
+ if (pwlen > MAX_PASS_LEN) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((rc = _pkcs12_check_pass(pw, pwlen)) < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ rc = _gnutls_mpi_scan(&mpi512, buf_512, sizeof(buf_512));
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+
+ /* Store salt and password in BUF_I */
+ p_size = ((pwlen / 64) * 64) + 64;
+
+ if (p_size > sizeof(buf_i) - 64)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ p = buf_i;
+ for (i = 0; i < 64; i++)
+ *p++ = salt[i % salt_size];
+ if (pw) {
+ for (i = j = 0; i < p_size; i += 2) {
+ *p++ = 0;
+ *p++ = pw[j];
+ if (++j > pwlen) /* Note, that we include the trailing (0) */
+ j = 0;
+ }
+ } else
+ memset(p, 0, p_size);
+
+ i_size = 64 + p_size;
+
+ for (;;) {
+ rc = _gnutls_hash_init(&md, mac_to_entry(GNUTLS_MAC_SHA1));
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ memset(d, id & 0xff, 64);
+ _gnutls_hash(&md, d, 64);
+ _gnutls_hash(&md, buf_i, pw ? i_size : 64);
+ _gnutls_hash_deinit(&md, hash);
+ for (i = 1; i < iter; i++) {
+ rc = _gnutls_hash_fast(GNUTLS_MAC_SHA1, hash, 20,
+ hash);
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
+ keybuf[cur_keylen++] = hash[i];
+ if (cur_keylen == req_keylen) {
+ rc = 0; /* ready */
+ goto cleanup;
+ }
+
+ /* need more bytes. */
+ for (i = 0; i < 64; i++)
+ buf_b[i] = hash[i % 20];
+ n = 64;
+ rc = _gnutls_mpi_scan(&num_b1, buf_b, n);
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ _gnutls_mpi_add_ui(num_b1, num_b1, 1);
+ for (i = 0; i < 128; i += 64) {
+ n = 64;
+ rc = _gnutls_mpi_scan(&num_ij, buf_i + i, n);
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ _gnutls_mpi_addm(num_ij, num_ij, num_b1, mpi512);
+ n = 64;
#ifndef PKCS12_BROKEN_KEYGEN
- m = (_gnutls_mpi_get_nbits (num_ij) + 7) / 8;
+ m = (_gnutls_mpi_get_nbits(num_ij) + 7) / 8;
#else
- m = n;
+ m = n;
#endif
- memset (buf_i + i, 0, n - m);
- rc = _gnutls_mpi_print (num_ij, buf_i + i + n - m, &n);
- if (rc < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- _gnutls_mpi_release (&num_ij);
- }
- }
-cleanup:
- _gnutls_mpi_release (&num_ij);
- _gnutls_mpi_release (&num_b1);
- _gnutls_mpi_release (&mpi512);
-
- return rc;
+ memset(buf_i + i, 0, n - m);
+ rc = _gnutls_mpi_print(num_ij, buf_i + i + n - m,
+ &n);
+ if (rc < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ _gnutls_mpi_release(&num_ij);
+ }
+ }
+ cleanup:
+ _gnutls_mpi_release(&num_ij);
+ _gnutls_mpi_release(&num_b1);
+ _gnutls_mpi_release(&mpi512);
+
+ return rc;
}
-
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index a02b4f3999..50b384f46e 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -39,98 +39,89 @@
* data are copied (they are locally allocated) there.
*/
static int
-_decode_pkcs7_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata,
- gnutls_datum_t * raw)
+_decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata,
+ gnutls_datum_t * raw)
{
- char oid[MAX_OID_SIZE];
- ASN1_TYPE c2;
- uint8_t *tmp = NULL;
- int tmp_size, len, result;
-
- len = sizeof (oid) - 1;
- result = asn1_read_value (pkcs7, "contentType", oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (strcmp (oid, SIGNED_DATA_OID) != 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Unknown PKCS7 Content OID '%s'\n", oid);
- return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
- }
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-7-SignedData", &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* the Signed-data has been created, so
- * decode them.
- */
- tmp_size = 0;
- result = asn1_read_value (pkcs7, "content", NULL, &tmp_size);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- tmp = gnutls_malloc (tmp_size);
- if (tmp == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_read_value (pkcs7, "content", tmp, &tmp_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* tmp, tmp_size hold the data and the size of the CertificateSet structure
- * actually the ANY stuff.
- */
-
- /* Step 1. In case of a signed structure extract certificate set.
- */
-
- result = asn1_der_decoding (&c2, tmp, tmp_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (raw == NULL)
- {
- gnutls_free (tmp);
- }
- else
- {
- raw->data = tmp;
- raw->size = tmp_size;
- }
-
- *sdata = c2;
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- gnutls_free (tmp);
- return result;
+ char oid[MAX_OID_SIZE];
+ ASN1_TYPE c2;
+ uint8_t *tmp = NULL;
+ int tmp_size, len, result;
+
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(pkcs7, "contentType", oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (strcmp(oid, SIGNED_DATA_OID) != 0) {
+ gnutls_assert();
+ _gnutls_debug_log("Unknown PKCS7 Content OID '%s'\n", oid);
+ return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* the Signed-data has been created, so
+ * decode them.
+ */
+ tmp_size = 0;
+ result = asn1_read_value(pkcs7, "content", NULL, &tmp_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ tmp = gnutls_malloc(tmp_size);
+ if (tmp == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value(pkcs7, "content", tmp, &tmp_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* tmp, tmp_size hold the data and the size of the CertificateSet structure
+ * actually the ANY stuff.
+ */
+
+ /* Step 1. In case of a signed structure extract certificate set.
+ */
+
+ result = asn1_der_decoding(&c2, tmp, tmp_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (raw == NULL) {
+ gnutls_free(tmp);
+ } else {
+ raw->data = tmp;
+ raw->size = tmp_size;
+ }
+
+ *sdata = c2;
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ gnutls_free(tmp);
+ return result;
}
/**
@@ -144,25 +135,22 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7)
+int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7)
{
- *pkcs7 = gnutls_calloc (1, sizeof (gnutls_pkcs7_int));
-
- if (*pkcs7)
- {
- int result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-7-ContentInfo",
- &(*pkcs7)->pkcs7);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (*pkcs7);
- return _gnutls_asn2err (result);
- }
- return 0; /* success */
- }
- return GNUTLS_E_MEMORY_ERROR;
+ *pkcs7 = gnutls_calloc(1, sizeof(gnutls_pkcs7_int));
+
+ if (*pkcs7) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-ContentInfo",
+ &(*pkcs7)->pkcs7);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*pkcs7);
+ return _gnutls_asn2err(result);
+ }
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -171,16 +159,15 @@ gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7)
*
* This function will deinitialize a PKCS7 structure.
**/
-void
-gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7)
+void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7)
{
- if (!pkcs7)
- return;
+ if (!pkcs7)
+ return;
- if (pkcs7->pkcs7)
- asn1_delete_structure (&pkcs7->pkcs7);
+ if (pkcs7->pkcs7)
+ asn1_delete_structure(&pkcs7->pkcs7);
- gnutls_free (pkcs7);
+ gnutls_free(pkcs7);
}
/**
@@ -199,52 +186,51 @@ gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7)
* negative error value.
**/
int
-gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- _data.data = data->data;
- _data.size = data->size;
+ _data.data = data->data;
+ _data.size = data->size;
- /* If the PKCS7 is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- result = _gnutls_fbase64_decode (PEM_PKCS7, data->data, data->size,
- &_data);
+ /* If the PKCS7 is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ result =
+ _gnutls_fbase64_decode(PEM_PKCS7, data->data,
+ data->size, &_data);
- if (result <= 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result <= 0) {
+ gnutls_assert();
+ return result;
+ }
- need_free = 1;
- }
+ need_free = 1;
+ }
- result = asn1_der_decoding (&pkcs7->pkcs7, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
+ result =
+ asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
- if (need_free)
- _gnutls_free_datum (&_data);
+ if (need_free)
+ _gnutls_free_datum(&_data);
- return 0;
+ return 0;
-cleanup:
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
/**
@@ -267,93 +253,85 @@ cleanup:
* %GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
**/
int
-gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
- int indx, void *certificate,
- size_t * certificate_size)
+gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7,
+ int indx, void *certificate,
+ size_t * certificate_size)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len;
- char root2[ASN1_MAX_NAME_SIZE];
- char oid[MAX_OID_SIZE];
- gnutls_datum_t tmp = { NULL, 0 };
-
- if (certificate_size == NULL || pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Parse the CertificateSet
- */
-
- snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
-
- len = sizeof (oid) - 1;
-
- result = asn1_read_value (c2, root2, oid, &len);
-
- if (result == ASN1_VALUE_NOT_FOUND)
- {
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto cleanup;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* if 'Certificate' is the choice found:
- */
- if (strcmp (oid, "certificate") == 0)
- {
- int start, end;
-
- result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
- root2, &start, &end);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- end = end - start + 1;
-
- if ((unsigned) end > *certificate_size)
- {
- *certificate_size = end;
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
-
- if (certificate)
- memcpy (certificate, &tmp.data[start], end);
-
- *certificate_size = end;
-
- result = 0;
-
- }
- else
- {
- result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
-cleanup:
- _gnutls_free_datum (&tmp);
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len;
+ char root2[ASN1_MAX_NAME_SIZE];
+ char oid[MAX_OID_SIZE];
+ gnutls_datum_t tmp = { NULL, 0 };
+
+ if (certificate_size == NULL || pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Parse the CertificateSet
+ */
+
+ snprintf(root2, sizeof(root2), "certificates.?%u", indx + 1);
+
+ len = sizeof(oid) - 1;
+
+ result = asn1_read_value(c2, root2, oid, &len);
+
+ if (result == ASN1_VALUE_NOT_FOUND) {
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto cleanup;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* if 'Certificate' is the choice found:
+ */
+ if (strcmp(oid, "certificate") == 0) {
+ int start, end;
+
+ result = asn1_der_decoding_startEnd(c2, tmp.data, tmp.size,
+ root2, &start, &end);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ end = end - start + 1;
+
+ if ((unsigned) end > *certificate_size) {
+ *certificate_size = end;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+
+ if (certificate)
+ memcpy(certificate, &tmp.data[start], end);
+
+ *certificate_size = end;
+
+ result = 0;
+
+ } else {
+ result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/**
@@ -366,37 +344,34 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7)
+int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, count;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, count;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Step 2. Count the CertificateSet */
+ /* Step 2. Count the CertificateSet */
- result = asn1_number_of_elements (c2, "certificates", &count);
+ result = asn1_number_of_elements(c2, "certificates", &count);
- asn1_delete_structure (&c2);
+ asn1_delete_structure(&c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return 0; /* no certificates */
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return 0; /* no certificates */
+ }
- return count;
+ return count;
}
@@ -421,15 +396,15 @@ gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7)
* negative error value.
**/
int
-gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- return _gnutls_x509_export_int (pkcs7->pkcs7, format, PEM_PKCS7,
- output_data, output_data_size);
+ return _gnutls_x509_export_int(pkcs7->pkcs7, format, PEM_PKCS7,
+ output_data, output_data_size);
}
/**
@@ -451,91 +426,88 @@ gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
* Since: 3.1.3
**/
int
-gnutls_pkcs7_export2 (gnutls_pkcs7_t pkcs7,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- return _gnutls_x509_export_int2 (pkcs7->pkcs7, format, PEM_PKCS7, out);
+ return _gnutls_x509_export_int2(pkcs7->pkcs7, format, PEM_PKCS7,
+ out);
}
/* Creates an empty signed data structure in the pkcs7
* structure and returns a handle to the signed data.
*/
-static int
-create_empty_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
+static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
{
- uint8_t one = 1;
- int result;
-
- *sdata = ASN1_TYPE_EMPTY;
-
- if ((result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.pkcs-7-SignedData",
- sdata)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Use version 1
- */
- result = asn1_write_value (*sdata, "version", &one, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Use no digest algorithms
- */
-
- /* id-data */
- result =
- asn1_write_value (*sdata, "encapContentInfo.eContentType",
- "1.2.840.113549.1.7.5", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (*sdata, "encapContentInfo.eContent", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Add no certificates.
- */
-
- /* Add no crls.
- */
-
- /* Add no signerInfos.
- */
-
- /* Write the content type of the signed data
- */
- result = asn1_write_value (pkcs7, "contentType", SIGNED_DATA_OID, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- asn1_delete_structure (sdata);
- return result;
+ uint8_t one = 1;
+ int result;
+
+ *sdata = ASN1_TYPE_EMPTY;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData",
+ sdata)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Use version 1
+ */
+ result = asn1_write_value(*sdata, "version", &one, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Use no digest algorithms
+ */
+
+ /* id-data */
+ result =
+ asn1_write_value(*sdata, "encapContentInfo.eContentType",
+ "1.2.840.113549.1.7.5", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Add no certificates.
+ */
+
+ /* Add no crls.
+ */
+
+ /* Add no signerInfos.
+ */
+
+ /* Write the content type of the signed data
+ */
+ result =
+ asn1_write_value(pkcs7, "contentType", SIGNED_DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(sdata);
+ return result;
}
@@ -551,86 +523,81 @@ cleanup:
* negative error value.
**/
int
-gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
+gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- return result;
- }
-
- /* If the signed data are uninitialized
- * then create them.
- */
- if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- /* The pkcs7 structure is new, so create the
- * signedData.
- */
- result = create_empty_signed_data (pkcs7->pkcs7, &c2);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- /* Step 2. Append the new certificate.
- */
-
- result = asn1_write_value (c2, "certificates", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (c2, "certificates.?LAST", "certificate", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result =
- asn1_write_value (c2, "certificates.?LAST.certificate", crt->data,
- crt->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Step 3. Replace the old content with the new
- */
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* If the signed data are uninitialized
+ * then create them.
+ */
+ if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ /* The pkcs7 structure is new, so create the
+ * signedData.
+ */
+ result = create_empty_signed_data(pkcs7->pkcs7, &c2);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* Step 2. Append the new certificate.
+ */
+
+ result = asn1_write_value(c2, "certificates", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(c2, "certificates.?LAST", "certificate", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(c2, "certificates.?LAST.certificate",
+ crt->data, crt->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7,
+ "content", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/**
@@ -645,33 +612,30 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt)
+int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt)
{
- int ret;
- gnutls_datum_t data;
+ int ret;
+ gnutls_datum_t data;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- ret = _gnutls_x509_der_encode (crt->cert, "", &data, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_der_encode(crt->cert, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs7_set_crt_raw (pkcs7, &data);
+ ret = gnutls_pkcs7_set_crt_raw(pkcs7, &data);
- _gnutls_free_datum (&data);
+ _gnutls_free_datum(&data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -686,56 +650,53 @@ gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx)
+int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- char root2[ASN1_MAX_NAME_SIZE];
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. Decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Delete the certificate.
- */
-
- snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
-
- result = asn1_write_value (c2, root2, NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Step 3. Replace the old content with the new
- */
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char root2[ASN1_MAX_NAME_SIZE];
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. Decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Delete the certificate.
+ */
+
+ snprintf(root2, sizeof(root2), "certificates.?%u", indx + 1);
+
+ result = asn1_write_value(c2, root2, NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7,
+ "content", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/* Read and write CRLs
@@ -757,65 +718,62 @@ cleanup:
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
**/
int
-gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
- int indx, void *crl, size_t * crl_size)
+gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
+ int indx, void *crl, size_t * crl_size)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- char root2[ASN1_MAX_NAME_SIZE];
- gnutls_datum_t tmp = { NULL, 0 };
- int start, end;
-
- if (pkcs7 == NULL || crl_size == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Parse the CertificateSet
- */
-
- snprintf (root2, sizeof (root2), "crls.?%u", indx + 1);
-
- /* Get the raw CRL
- */
- result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
- root2, &start, &end);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- end = end - start + 1;
-
- if ((unsigned) end > *crl_size)
- {
- *crl_size = end;
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
-
- if (crl)
- memcpy (crl, &tmp.data[start], end);
-
- *crl_size = end;
-
- result = 0;
-
-cleanup:
- _gnutls_free_datum (&tmp);
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char root2[ASN1_MAX_NAME_SIZE];
+ gnutls_datum_t tmp = { NULL, 0 };
+ int start, end;
+
+ if (pkcs7 == NULL || crl_size == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Parse the CertificateSet
+ */
+
+ snprintf(root2, sizeof(root2), "crls.?%u", indx + 1);
+
+ /* Get the raw CRL
+ */
+ result = asn1_der_decoding_startEnd(c2, tmp.data, tmp.size,
+ root2, &start, &end);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ end = end - start + 1;
+
+ if ((unsigned) end > *crl_size) {
+ *crl_size = end;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+
+ if (crl)
+ memcpy(crl, &tmp.data[start], end);
+
+ *crl_size = end;
+
+ result = 0;
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/**
@@ -828,37 +786,34 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7)
+int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, count;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, count;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Step 2. Count the CertificateSet */
+ /* Step 2. Count the CertificateSet */
- result = asn1_number_of_elements (c2, "crls", &count);
+ result = asn1_number_of_elements(c2, "crls", &count);
- asn1_delete_structure (&c2);
+ asn1_delete_structure(&c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return 0; /* no crls */
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return 0; /* no crls */
+ }
- return count;
+ return count;
}
@@ -873,76 +828,71 @@ gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7)
* negative error value.
**/
int
-gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
+gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- gnutls_assert ();
- return result;
- }
-
- /* If the signed data are uninitialized
- * then create them.
- */
- if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND)
- {
- /* The pkcs7 structure is new, so create the
- * signedData.
- */
- result = create_empty_signed_data (pkcs7->pkcs7, &c2);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- /* Step 2. Append the new crl.
- */
-
- result = asn1_write_value (c2, "crls", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (c2, "crls.?LAST", crl->data, crl->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Step 3. Replace the old content with the new
- */
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* If the signed data are uninitialized
+ * then create them.
+ */
+ if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ /* The pkcs7 structure is new, so create the
+ * signedData.
+ */
+ result = create_empty_signed_data(pkcs7->pkcs7, &c2);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* Step 2. Append the new crl.
+ */
+
+ result = asn1_write_value(c2, "crls", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value(c2, "crls.?LAST", crl->data, crl->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7,
+ "content", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/**
@@ -956,33 +906,30 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl)
+int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl)
{
- int ret;
- gnutls_datum_t data;
+ int ret;
+ gnutls_datum_t data;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- ret = _gnutls_x509_der_encode (crl->crl, "", &data, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_der_encode(crl->crl, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs7_set_crl_raw (pkcs7, &data);
+ ret = gnutls_pkcs7_set_crl_raw(pkcs7, &data);
- _gnutls_free_datum (&data);
+ _gnutls_free_datum(&data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -996,54 +943,51 @@ gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx)
+int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- char root2[ASN1_MAX_NAME_SIZE];
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. Decode the signed data.
- */
- result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Delete the crl.
- */
-
- snprintf (root2, sizeof (root2), "crls.?%u", indx + 1);
-
- result = asn1_write_value (c2, root2, NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* Step 3. Replace the old content with the new
- */
- result =
- _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- asn1_delete_structure (&c2);
-
- return 0;
-
-cleanup:
- if (c2)
- asn1_delete_structure (&c2);
- return result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char root2[ASN1_MAX_NAME_SIZE];
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. Decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Delete the crl.
+ */
+
+ snprintf(root2, sizeof(root2), "crls.?%u", indx + 1);
+
+ result = asn1_write_value(c2, root2, NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7,
+ "content", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index af55d907e7..1a779772bc 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -42,19 +42,17 @@
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_privkey_init (gnutls_x509_privkey_t * key)
+int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key)
{
- *key = gnutls_calloc (1, sizeof (gnutls_x509_privkey_int));
+ *key = gnutls_calloc(1, sizeof(gnutls_x509_privkey_int));
- if (*key)
- {
- (*key)->key = ASN1_TYPE_EMPTY;
- (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
- return 0; /* success */
- }
+ if (*key) {
+ (*key)->key = ASN1_TYPE_EMPTY;
+ (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ return 0; /* success */
+ }
- return GNUTLS_E_MEMORY_ERROR;
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -63,16 +61,15 @@ gnutls_x509_privkey_init (gnutls_x509_privkey_t * key)
*
* This function will deinitialize a private key structure.
**/
-void
-gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key)
+void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key)
{
- if (!key)
- return;
+ if (!key)
+ return;
- gnutls_pk_params_clear(&key->params);
- gnutls_pk_params_release(&key->params);
- asn1_delete_structure (&key->key);
- gnutls_free (key);
+ gnutls_pk_params_clear(&key->params);
+ gnutls_pk_params_release(&key->params);
+ asn1_delete_structure(&key->key);
+ gnutls_free(key);
}
/**
@@ -87,146 +84,146 @@ gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key)
* negative error value.
**/
int
-gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src)
+gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst,
+ gnutls_x509_privkey_t src)
{
- unsigned int i;
- int ret;
+ unsigned int i;
+ int ret;
- if (!src || !dst)
- return GNUTLS_E_INVALID_REQUEST;
+ if (!src || !dst)
+ return GNUTLS_E_INVALID_REQUEST;
- for (i = 0; i < src->params.params_nr; i++)
- {
- dst->params.params[i] = _gnutls_mpi_copy (src->params.params[i]);
- if (dst->params.params[i] == NULL)
- return GNUTLS_E_MEMORY_ERROR;
- }
+ for (i = 0; i < src->params.params_nr; i++) {
+ dst->params.params[i] =
+ _gnutls_mpi_copy(src->params.params[i]);
+ if (dst->params.params[i] == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- dst->params.params_nr = src->params.params_nr;
- dst->params.flags = src->params.flags;
+ dst->params.params_nr = src->params.params_nr;
+ dst->params.flags = src->params.flags;
- dst->pk_algorithm = src->pk_algorithm;
+ dst->pk_algorithm = src->pk_algorithm;
- ret = _gnutls_asn1_encode_privkey (dst->pk_algorithm, &dst->key, &dst->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret =
+ _gnutls_asn1_encode_privkey(dst->pk_algorithm, &dst->key,
+ &dst->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/* Converts an RSA PKCS#1 key to
* an internal structure (gnutls_private_key)
*/
ASN1_TYPE
-_gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key,
- gnutls_x509_privkey_t pkey)
+_gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key,
+ gnutls_x509_privkey_t pkey)
{
- int result;
- ASN1_TYPE pkey_asn;
-
- gnutls_pk_params_init(&pkey->params);
-
- if ((result =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.RSAPrivateKey",
- &pkey_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return NULL;
- }
-
- result = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "modulus",
- &pkey->params.params[0])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result =
- _gnutls_x509_read_int (pkey_asn, "publicExponent",
- &pkey->params.params[1])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result =
- _gnutls_x509_read_int (pkey_asn, "privateExponent",
- &pkey->params.params[2])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "prime1",
- &pkey->params.params[3])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "prime2",
- &pkey->params.params[4])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient",
- &pkey->params.params[5])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "exponent1",
- &pkey->params.params[6])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (pkey_asn, "exponent2",
- &pkey->params.params[7])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &pkey->params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- pkey->params.params_nr = RSA_PRIVATE_PARAMS;
-
- return pkey_asn;
-
-error:
- asn1_delete_structure (&pkey_asn);
- gnutls_pk_params_clear (&pkey->params);
- gnutls_pk_params_release (&pkey->params);
- return NULL;
+ int result;
+ ASN1_TYPE pkey_asn;
+
+ gnutls_pk_params_init(&pkey->params);
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.RSAPrivateKey",
+ &pkey_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ result =
+ asn1_der_decoding(&pkey_asn, raw_key->data, raw_key->size,
+ NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "modulus",
+ &pkey->params.params[0])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result =
+ _gnutls_x509_read_int(pkey_asn, "publicExponent",
+ &pkey->params.params[1])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result =
+ _gnutls_x509_read_int(pkey_asn, "privateExponent",
+ &pkey->params.params[2])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "prime1",
+ &pkey->params.params[3])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "prime2",
+ &pkey->params.params[4])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "coefficient",
+ &pkey->params.params[5])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "exponent1",
+ &pkey->params.params[6])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "exponent2",
+ &pkey->params.params[7])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ result =
+ _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_IMPORT, &pkey->params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ pkey->params.params_nr = RSA_PRIVATE_PARAMS;
+
+ return pkey_asn;
+
+ error:
+ asn1_delete_structure(&pkey_asn);
+ gnutls_pk_params_clear(&pkey->params);
+ gnutls_pk_params_release(&pkey->params);
+ return NULL;
}
@@ -234,171 +231,176 @@ error:
* an internal structure (gnutls_private_key)
*/
ASN1_TYPE
-_gnutls_privkey_decode_ecc_key (const gnutls_datum_t * raw_key,
- gnutls_x509_privkey_t pkey)
+_gnutls_privkey_decode_ecc_key(const gnutls_datum_t * raw_key,
+ gnutls_x509_privkey_t pkey)
{
- int ret;
- ASN1_TYPE pkey_asn;
- unsigned int version;
- char oid[MAX_OID_SIZE];
- int oid_size;
- gnutls_datum out;
-
- gnutls_pk_params_init(&pkey->params);
-
- if ((ret =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.ECPrivateKey",
- &pkey_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_x509_read_uint (pkey_asn, "Version", &version);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
-
- if (version != 1)
- {
- _gnutls_debug_log("ECC private key version %u is not supported\n", version);
- gnutls_assert();
- goto error;
- }
-
- /* read the curve */
- oid_size = sizeof(oid);
- ret = asn1_read_value(pkey_asn, "parameters.namedCurve", oid, &oid_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- pkey->params.flags = _gnutls_oid_to_ecc_curve(oid);
- if (pkey->params.flags == GNUTLS_ECC_CURVE_INVALID)
- {
- _gnutls_debug_log("Curve %s is not supported\n", oid);
- gnutls_assert();
- goto error;
- }
-
- /* read the public key */
- ret = _gnutls_x509_read_value (pkey_asn, "publicKey", &out);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
-
- ret = _gnutls_ecc_ansi_x963_import (out.data, out.size, &pkey->params.params[ECC_X],
- &pkey->params.params[ECC_Y]);
-
- _gnutls_free_datum(&out);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
- pkey->params.params_nr += 2;
-
- /* read the private key */
- ret = _gnutls_x509_read_int (pkey_asn, "privateKey", &pkey->params.params[ECC_K]);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
- pkey->params.params_nr ++;
-
- return pkey_asn;
-
-error:
- asn1_delete_structure (&pkey_asn);
- gnutls_pk_params_clear (&pkey->params);
- gnutls_pk_params_release (&pkey->params);
- return NULL;
+ int ret;
+ ASN1_TYPE pkey_asn;
+ unsigned int version;
+ char oid[MAX_OID_SIZE];
+ int oid_size;
+ gnutls_datum out;
+
+ gnutls_pk_params_init(&pkey->params);
+
+ if ((ret =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.ECPrivateKey",
+ &pkey_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret =
+ asn1_der_decoding(&pkey_asn, raw_key->data, raw_key->size,
+ NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = _gnutls_x509_read_uint(pkey_asn, "Version", &version);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if (version != 1) {
+ _gnutls_debug_log
+ ("ECC private key version %u is not supported\n",
+ version);
+ gnutls_assert();
+ goto error;
+ }
+
+ /* read the curve */
+ oid_size = sizeof(oid);
+ ret =
+ asn1_read_value(pkey_asn, "parameters.namedCurve", oid,
+ &oid_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ pkey->params.flags = _gnutls_oid_to_ecc_curve(oid);
+ if (pkey->params.flags == GNUTLS_ECC_CURVE_INVALID) {
+ _gnutls_debug_log("Curve %s is not supported\n", oid);
+ gnutls_assert();
+ goto error;
+ }
+
+ /* read the public key */
+ ret = _gnutls_x509_read_value(pkey_asn, "publicKey", &out);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret =
+ _gnutls_ecc_ansi_x963_import(out.data, out.size,
+ &pkey->params.params[ECC_X],
+ &pkey->params.params[ECC_Y]);
+
+ _gnutls_free_datum(&out);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr += 2;
+
+ /* read the private key */
+ ret =
+ _gnutls_x509_read_int(pkey_asn, "privateKey",
+ &pkey->params.params[ECC_K]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ return pkey_asn;
+
+ error:
+ asn1_delete_structure(&pkey_asn);
+ gnutls_pk_params_clear(&pkey->params);
+ gnutls_pk_params_release(&pkey->params);
+ return NULL;
}
static ASN1_TYPE
-decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey)
+decode_dsa_key(const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey)
{
- int result;
- ASN1_TYPE dsa_asn;
-
- if ((result =
- asn1_create_element (_gnutls_get_gnutls_asn (),
- "GNUTLS.DSAPrivateKey",
- &dsa_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return NULL;
- }
-
- pkey->params.params_nr = 0;
-
- result = asn1_der_decoding (&dsa_asn, raw_key->data, raw_key->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int (dsa_asn, "p", &pkey->params.params[0])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (dsa_asn, "q", &pkey->params.params[1])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (dsa_asn, "g", &pkey->params.params[2])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (dsa_asn, "Y", &pkey->params.params[3])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- if ((result = _gnutls_x509_read_int (dsa_asn, "priv",
- &pkey->params.params[4])) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pkey->params.params_nr++;
-
- return dsa_asn;
-
-error:
- asn1_delete_structure (&dsa_asn);
- gnutls_pk_params_clear(&pkey->params);
- gnutls_pk_params_release(&pkey->params);
- return NULL;
+ int result;
+ ASN1_TYPE dsa_asn;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSAPrivateKey",
+ &dsa_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ pkey->params.params_nr = 0;
+
+ result =
+ asn1_der_decoding(&dsa_asn, raw_key->data, raw_key->size,
+ NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_int(dsa_asn, "p",
+ &pkey->params.params[0])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result =
+ _gnutls_x509_read_int(dsa_asn, "q",
+ &pkey->params.params[1])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result =
+ _gnutls_x509_read_int(dsa_asn, "g",
+ &pkey->params.params[2])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result =
+ _gnutls_x509_read_int(dsa_asn, "Y",
+ &pkey->params.params[3])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ if ((result = _gnutls_x509_read_int(dsa_asn, "priv",
+ &pkey->params.params[4])) < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params.params_nr++;
+
+ return dsa_asn;
+
+ error:
+ asn1_delete_structure(&dsa_asn);
+ gnutls_pk_params_clear(&pkey->params);
+ gnutls_pk_params_release(&pkey->params);
+ return NULL;
}
@@ -425,176 +427,170 @@ error:
* negative error value.
**/
int
-gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
+gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- /* Try the first header */
- result =
- _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &_data);
-
- if (result >= 0)
- key->pk_algorithm = GNUTLS_PK_RSA;
-
- if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- /* try for the second header */
- result =
- _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
- &_data);
-
- if (result >= 0)
- key->pk_algorithm = GNUTLS_PK_DSA;
-
- if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- /* try for the second header */
- result =
- _gnutls_fbase64_decode (PEM_KEY_ECC, data->data, data->size,
- &_data);
- if (result >= 0)
- key->pk_algorithm = GNUTLS_PK_EC;
- }
- }
-
- if (result < 0)
- {
- gnutls_assert ();
- goto failover;
- }
-
- need_free = 1;
- }
-
- if (key->pk_algorithm == GNUTLS_PK_RSA)
- {
- key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
- if (key->key == NULL)
- gnutls_assert ();
- }
- else if (key->pk_algorithm == GNUTLS_PK_DSA)
- {
- key->key = decode_dsa_key (&_data, key);
- if (key->key == NULL)
- gnutls_assert ();
- }
- else if (key->pk_algorithm == GNUTLS_PK_EC)
- {
- key->key = _gnutls_privkey_decode_ecc_key (&_data, key);
- if (key->key == NULL)
- gnutls_assert ();
- }
- else
- {
- /* Try decoding with both, and accept the one that
- * succeeds.
- */
- key->pk_algorithm = GNUTLS_PK_RSA;
- key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
-
- if (key->key == NULL)
- {
- key->pk_algorithm = GNUTLS_PK_DSA;
- key->key = decode_dsa_key (&_data, key);
- if (key->key == NULL)
- {
- key->pk_algorithm = GNUTLS_PK_EC;
- key->key = _gnutls_privkey_decode_ecc_key (&_data, key);
- if (key->key == NULL)
- gnutls_assert ();
- }
- }
- }
-
- if (key->key == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_ASN1_DER_ERROR;
- goto failover;
- }
-
- if (need_free)
- _gnutls_free_datum (&_data);
-
- /* The key has now been decoded.
- */
-
- return 0;
-
-failover:
- /* Try PKCS #8 */
- if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- _gnutls_debug_log ("Falling back to PKCS #8 key decoding\n");
- result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
- NULL, GNUTLS_PKCS_PLAIN);
- }
-
- if (need_free)
- _gnutls_free_datum (&_data);
-
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode(PEM_KEY_RSA, data->data,
+ data->size, &_data);
+
+ if (result >= 0)
+ key->pk_algorithm = GNUTLS_PK_RSA;
+
+ if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_KEY_DSA, data->data,
+ data->size, &_data);
+
+ if (result >= 0)
+ key->pk_algorithm = GNUTLS_PK_DSA;
+
+ if (result ==
+ GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_KEY_ECC,
+ data->data,
+ data->size,
+ &_data);
+ if (result >= 0)
+ key->pk_algorithm = GNUTLS_PK_EC;
+ }
+ }
+
+ if (result < 0) {
+ gnutls_assert();
+ goto failover;
+ }
+
+ need_free = 1;
+ }
+
+ if (key->pk_algorithm == GNUTLS_PK_RSA) {
+ key->key =
+ _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key);
+ if (key->key == NULL)
+ gnutls_assert();
+ } else if (key->pk_algorithm == GNUTLS_PK_DSA) {
+ key->key = decode_dsa_key(&_data, key);
+ if (key->key == NULL)
+ gnutls_assert();
+ } else if (key->pk_algorithm == GNUTLS_PK_EC) {
+ key->key = _gnutls_privkey_decode_ecc_key(&_data, key);
+ if (key->key == NULL)
+ gnutls_assert();
+ } else {
+ /* Try decoding with both, and accept the one that
+ * succeeds.
+ */
+ key->pk_algorithm = GNUTLS_PK_RSA;
+ key->key =
+ _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key);
+
+ if (key->key == NULL) {
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ key->key = decode_dsa_key(&_data, key);
+ if (key->key == NULL) {
+ key->pk_algorithm = GNUTLS_PK_EC;
+ key->key =
+ _gnutls_privkey_decode_ecc_key(&_data,
+ key);
+ if (key->key == NULL)
+ gnutls_assert();
+ }
+ }
+ }
+
+ if (key->key == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_ASN1_DER_ERROR;
+ goto failover;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ /* The key has now been decoded.
+ */
+
+ return 0;
+
+ failover:
+ /* Try PKCS #8 */
+ if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
+ _gnutls_debug_log
+ ("Falling back to PKCS #8 key decoding\n");
+ result =
+ gnutls_x509_privkey_import_pkcs8(key, data, format,
+ NULL,
+ GNUTLS_PKCS_PLAIN);
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return result;
}
-static int import_pkcs12_privkey (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char* password, unsigned int flags)
+static int import_pkcs12_privkey(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password, unsigned int flags)
{
-int ret;
-gnutls_pkcs12_t p12;
-gnutls_x509_privkey_t newkey;
-
- ret = gnutls_pkcs12_init(&p12);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_pkcs12_import(p12, data, format, flags);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail;
- }
-
- ret = gnutls_pkcs12_simple_parse (p12, password, &newkey, NULL, NULL, NULL, NULL, NULL, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail;
- }
-
- ret = gnutls_x509_privkey_cpy (key, newkey);
- gnutls_x509_privkey_deinit (newkey);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail;
- }
-
- ret = 0;
-fail:
-
- gnutls_pkcs12_deinit(p12);
-
- return ret;
+ int ret;
+ gnutls_pkcs12_t p12;
+ gnutls_x509_privkey_t newkey;
+
+ ret = gnutls_pkcs12_init(&p12);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_pkcs12_import(p12, data, format, flags);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ ret =
+ gnutls_pkcs12_simple_parse(p12, password, &newkey, NULL, NULL,
+ NULL, NULL, NULL, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ ret = gnutls_x509_privkey_cpy(key, newkey);
+ gnutls_x509_privkey_deinit(newkey);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ ret = 0;
+ fail:
+
+ gnutls_pkcs12_deinit(p12);
+
+ return ret;
}
/**
@@ -619,52 +615,54 @@ fail:
* negative error value.
**/
int
-gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char* password, unsigned int flags)
+gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password, unsigned int flags)
{
- int ret = 0;
-
- if (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD))
- {
- ret = gnutls_x509_privkey_import(key, data, format);
- if (ret < 0)
- {
- gnutls_assert();
- }
- }
-
- if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) || ret < 0)
- {
- ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, flags);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_DECRYPTION_FAILED) goto cleanup;
- ret = import_pkcs12_privkey(key, data, format, password, flags);
- if (ret < 0 && format == GNUTLS_X509_FMT_PEM)
- {
- if (ret == GNUTLS_E_DECRYPTION_FAILED) goto cleanup;
-
- ret = gnutls_x509_privkey_import_openssl(key, data, password);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- else
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- }
-
- ret = 0;
-
-cleanup:
- return ret;
+ int ret = 0;
+
+ if (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) {
+ ret = gnutls_x509_privkey_import(key, data, format);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+ }
+
+ if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD))
+ || ret < 0) {
+ ret =
+ gnutls_x509_privkey_import_pkcs8(key, data, format,
+ password, flags);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_DECRYPTION_FAILED)
+ goto cleanup;
+ ret =
+ import_pkcs12_privkey(key, data, format,
+ password, flags);
+ if (ret < 0 && format == GNUTLS_X509_FMT_PEM) {
+ if (ret == GNUTLS_E_DECRYPTION_FAILED)
+ goto cleanup;
+
+ ret =
+ gnutls_x509_privkey_import_openssl(key,
+ data,
+ password);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ }
+
+ ret = 0;
+
+ cleanup:
+ return ret;
}
@@ -686,16 +684,16 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u)
+gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u)
{
- return gnutls_x509_privkey_import_rsa_raw2 (key, m, e, d, p, q, u, NULL,
- NULL);
+ return gnutls_x509_privkey_import_rsa_raw2(key, m, e, d, p, q, u,
+ NULL, NULL);
}
/**
@@ -718,125 +716,117 @@ gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
* negative error value.
**/
int
-gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * m,
- const gnutls_datum_t * e,
- const gnutls_datum_t * d,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * u,
- const gnutls_datum_t * e1,
- const gnutls_datum_t * e2)
+gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u,
+ const gnutls_datum_t * e1,
+ const gnutls_datum_t * e2)
{
- int ret;
- size_t siz = 0;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- gnutls_pk_params_init(&key->params);
-
- siz = m->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[0], m->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = e->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[1], e->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = d->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[2], d->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = p->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[3], p->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = q->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[4], q->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = u->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[5], u->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- if (e1 && e2)
- {
- siz = e1->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[6], e1->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- siz = e2->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[7], e2->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
- }
-
- ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_RSA, &key->key, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- key->params.params_nr = RSA_PRIVATE_PARAMS;
- key->pk_algorithm = GNUTLS_PK_RSA;
-
- return 0;
-
-cleanup:
- gnutls_pk_params_clear(&key->params);
- gnutls_pk_params_release(&key->params);
- return ret;
+ int ret;
+ size_t siz = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ gnutls_pk_params_init(&key->params);
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[0], m->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[1], e->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = d->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[2], d->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[3], p->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[4], q->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = u->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[5], u->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ if (e1 && e2) {
+ siz = e1->size;
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[6], e1->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ siz = e2->size;
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[7], e2->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+ }
+
+ ret = _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_IMPORT, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_asn1_encode_privkey(GNUTLS_PK_RSA, &key->key,
+ &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ key->params.params_nr = RSA_PRIVATE_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_RSA;
+
+ return 0;
+
+ cleanup:
+ gnutls_pk_params_clear(&key->params);
+ gnutls_pk_params_release(&key->params);
+ return ret;
}
@@ -857,78 +847,73 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g,
- const gnutls_datum_t * y,
- const gnutls_datum_t * x)
+gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * x)
{
- int ret;
- size_t siz = 0;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- siz = p->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[0], p->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- siz = q->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[1], q->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- siz = g->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[2], g->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- siz = y->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[3], y->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- siz = x->size;
- if (_gnutls_mpi_scan_nz (&key->params.params[4], x->data, siz))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
-
- ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA, &key->key, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- key->params.params_nr = DSA_PRIVATE_PARAMS;
- key->pk_algorithm = GNUTLS_PK_DSA;
-
- return 0;
-
-cleanup:
- gnutls_pk_params_clear(&key->params);
- gnutls_pk_params_release(&key->params);
- return ret;
+ int ret;
+ size_t siz = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[0], p->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[1], q->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ siz = g->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[2], g->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ siz = y->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[3], y->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ siz = x->size;
+ if (_gnutls_mpi_scan_nz(&key->params.params[4], x->data, siz)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_asn1_encode_privkey(GNUTLS_PK_DSA, &key->key,
+ &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ key->params.params_nr = DSA_PRIVATE_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_DSA;
+
+ return 0;
+
+ cleanup:
+ gnutls_pk_params_clear(&key->params);
+ gnutls_pk_params_release(&key->params);
+ return ret;
}
@@ -950,54 +935,53 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_x509_privkey_import_ecc_raw (gnutls_x509_privkey_t key,
- gnutls_ecc_curve_t curve,
- const gnutls_datum_t * x,
- const gnutls_datum_t * y,
- const gnutls_datum_t * k)
+gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key,
+ gnutls_ecc_curve_t curve,
+ const gnutls_datum_t * x,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * k)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- key->params.flags = curve;
-
- if (_gnutls_mpi_scan_nz (&key->params.params[ECC_X], x->data, x->size))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- if (_gnutls_mpi_scan_nz (&key->params.params[ECC_Y], y->data, y->size))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- if (_gnutls_mpi_scan_nz (&key->params.params[ECC_K], k->data, k->size))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MPI_SCAN_FAILED;
- goto cleanup;
- }
- key->params.params_nr++;
-
- key->pk_algorithm = GNUTLS_PK_EC;
-
- return 0;
-
-cleanup:
- gnutls_pk_params_clear(&key->params);
- gnutls_pk_params_release(&key->params);
- return ret;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ key->params.flags = curve;
+
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[ECC_X], x->data, x->size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[ECC_Y], y->data, y->size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ if (_gnutls_mpi_scan_nz
+ (&key->params.params[ECC_K], k->data, k->size)) {
+ gnutls_assert();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto cleanup;
+ }
+ key->params.params_nr++;
+
+ key->pk_algorithm = GNUTLS_PK_EC;
+
+ return 0;
+
+ cleanup:
+ gnutls_pk_params_clear(&key->params);
+ gnutls_pk_params_release(&key->params);
+ return ret;
}
@@ -1012,16 +996,14 @@ cleanup:
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
* success, or a negative error code on error.
**/
-int
-gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key)
+int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key)
{
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return key->pk_algorithm;
+ return key->pk_algorithm;
}
/**
@@ -1036,36 +1018,36 @@ gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key)
* success, or a negative error code on error.
**/
int
-gnutls_x509_privkey_get_pk_algorithm2 (gnutls_x509_privkey_t key, unsigned int *bits)
+gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t key,
+ unsigned int *bits)
{
-int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bits)
- {
- ret = pubkey_to_bits(key->pk_algorithm, &key->params);
- if (ret < 0) ret = 0;
- *bits = ret;
- }
-
- return key->pk_algorithm;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bits) {
+ ret = pubkey_to_bits(key->pk_algorithm, &key->params);
+ if (ret < 0)
+ ret = 0;
+ *bits = ret;
+ }
+
+ return key->pk_algorithm;
}
-static const char* set_msg(gnutls_x509_privkey_t key)
+static const char *set_msg(gnutls_x509_privkey_t key)
{
- if (key->pk_algorithm == GNUTLS_PK_RSA)
- return PEM_KEY_RSA;
- else if (key->pk_algorithm == GNUTLS_PK_DSA)
- return PEM_KEY_DSA;
- else if (key->pk_algorithm == GNUTLS_PK_EC)
- return PEM_KEY_ECC;
- else
- return "UNKNOWN";
+ if (key->pk_algorithm == GNUTLS_PK_RSA)
+ return PEM_KEY_RSA;
+ else if (key->pk_algorithm == GNUTLS_PK_DSA)
+ return PEM_KEY_DSA;
+ else if (key->pk_algorithm == GNUTLS_PK_EC)
+ return PEM_KEY_ECC;
+ else
+ return "UNKNOWN";
}
/**
@@ -1091,22 +1073,21 @@ static const char* set_msg(gnutls_x509_privkey_t key)
* negative error value.
**/
int
-gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_x509_privkey_export(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- const char *msg;
+ const char *msg;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- msg = set_msg(key);
+ msg = set_msg(key);
- return _gnutls_x509_export_int (key->key, format, msg,
- output_data, output_data_size);
+ return _gnutls_x509_export_int(key->key, format, msg,
+ output_data, output_data_size);
}
/**
@@ -1130,21 +1111,20 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
* Since 3.1.3
**/
int
-gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- gnutls_datum_t * out)
+gnutls_x509_privkey_export2(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out)
{
- const char *msg;
+ const char *msg;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- msg = set_msg(key);
+ msg = set_msg(key);
- return _gnutls_x509_export_int2 (key->key, format, msg, out);
+ return _gnutls_x509_export_int2(key->key, format, msg, out);
}
/**
@@ -1159,16 +1139,15 @@ gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key,
*
* Since: 2.12.0
**/
-gnutls_sec_param_t
-gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key)
+gnutls_sec_param_t gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key)
{
- int bits;
+ int bits;
- bits = pubkey_to_bits(key->pk_algorithm, &key->params);
- if (bits <= 0)
- return GNUTLS_SEC_PARAM_UNKNOWN;
-
- return gnutls_pk_bits_to_sec_param(key->pk_algorithm, bits);
+ bits = pubkey_to_bits(key->pk_algorithm, &key->params);
+ if (bits <= 0)
+ return GNUTLS_SEC_PARAM_UNKNOWN;
+
+ return gnutls_pk_bits_to_sec_param(key->pk_algorithm, bits);
}
/**
@@ -1188,50 +1167,47 @@ gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key)
*
* Since: 3.0
**/
-int gnutls_x509_privkey_export_ecc_raw (gnutls_x509_privkey_t key,
- gnutls_ecc_curve_t *curve,
- gnutls_datum_t * x, gnutls_datum_t * y,
- gnutls_datum_t* k)
+int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key,
+ gnutls_ecc_curve_t * curve,
+ gnutls_datum_t * x,
+ gnutls_datum_t * y,
+ gnutls_datum_t * k)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- *curve = key->params.flags;
-
- /* X */
- ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_X], x);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Y */
- ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_Y], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (x);
- return ret;
- }
-
-
- /* K */
- ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_K], k);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (x);
- _gnutls_free_datum (y);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *curve = key->params.flags;
+
+ /* X */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_X], x);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_Y], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(x);
+ return ret;
+ }
+
+
+ /* K */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_K], k);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(x);
+ _gnutls_free_datum(y);
+ return ret;
+ }
+
+ return 0;
}
@@ -1253,14 +1229,14 @@ int gnutls_x509_privkey_export_ecc_raw (gnutls_x509_privkey_t key,
* negative error value.
**/
int
-gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u)
+gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
{
- return gnutls_x509_privkey_export_rsa_raw2 (key, m, e, d, p, q, u, NULL,
- NULL);
+ return gnutls_x509_privkey_export_rsa_raw2(key, m, e, d, p, q, u,
+ NULL, NULL);
}
/**
@@ -1285,124 +1261,112 @@ gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
* Since: 2.12.0
**/
int
-gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e,
- gnutls_datum_t * d, gnutls_datum_t * p,
- gnutls_datum_t * q, gnutls_datum_t * u,
- gnutls_datum_t * e1, gnutls_datum_t * e2)
+gnutls_x509_privkey_export_rsa_raw2(gnutls_x509_privkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ gnutls_datum_t * e1,
+ gnutls_datum_t * e2)
{
- int ret;
- gnutls_pk_params_st pk_params;
-
- gnutls_pk_params_init(&pk_params);
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- m->data = e->data = d->data = p->data = q->data = u->data = NULL;
- m->size = e->size = d->size = p->size = q->size = u->size = 0;
-
- ret = _gnutls_pk_params_copy (&pk_params, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_mpi_dprint_lz (pk_params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* E */
- ret = _gnutls_mpi_dprint_lz (pk_params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* D */
- ret = _gnutls_mpi_dprint_lz (pk_params.params[2], d);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint_lz (pk_params.params[3], p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint_lz (pk_params.params[4], q);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* U */
- ret = _gnutls_mpi_dprint_lz (key->params.params[5], u);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* E1 */
- if (e1)
- {
- ret = _gnutls_mpi_dprint_lz (key->params.params[6], e1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- /* E2 */
- if (e2)
- {
- ret = _gnutls_mpi_dprint_lz (key->params.params[7], e2);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- gnutls_pk_params_clear(&pk_params);
- gnutls_pk_params_release (&pk_params);
-
- return 0;
-
-error:
- _gnutls_free_datum (m);
- _gnutls_free_datum (d);
- _gnutls_free_datum (e);
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- gnutls_pk_params_clear(&pk_params);
- gnutls_pk_params_release (&pk_params);
-
- return ret;
+ int ret;
+ gnutls_pk_params_st pk_params;
+
+ gnutls_pk_params_init(&pk_params);
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ m->data = e->data = d->data = p->data = q->data = u->data = NULL;
+ m->size = e->size = d->size = p->size = q->size = u->size = 0;
+
+ ret = _gnutls_pk_params_copy(&pk_params, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = _gnutls_mpi_dprint_lz(pk_params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* E */
+ ret = _gnutls_mpi_dprint_lz(pk_params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* D */
+ ret = _gnutls_mpi_dprint_lz(pk_params.params[2], d);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz(pk_params.params[3], p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz(pk_params.params[4], q);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* U */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[5], u);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* E1 */
+ if (e1) {
+ ret = _gnutls_mpi_dprint_lz(key->params.params[6], e1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ /* E2 */
+ if (e2) {
+ ret = _gnutls_mpi_dprint_lz(key->params.params[7], e2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ gnutls_pk_params_clear(&pk_params);
+ gnutls_pk_params_release(&pk_params);
+
+ return 0;
+
+ error:
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(d);
+ _gnutls_free_datum(e);
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ gnutls_pk_params_clear(&pk_params);
+ gnutls_pk_params_release(&pk_params);
+
+ return ret;
}
/**
@@ -1422,72 +1386,66 @@ error:
* negative error value.
**/
int
-gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y,
- gnutls_datum_t * x)
+gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint_lz (key->params.params[0], p);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint_lz (key->params.params[1], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- return ret;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint_lz (key->params.params[2], g);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- return ret;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint_lz (key->params.params[3], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- return ret;
- }
-
- /* X */
- ret = _gnutls_mpi_dprint_lz (key->params.params[4], x);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (y);
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[0], p);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[1], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ return ret;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[2], g);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[3], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+ /* X */
+ ret = _gnutls_mpi_dprint_lz(key->params.params[4], x);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(y);
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -1510,51 +1468,47 @@ gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
* negative error value.
**/
int
-gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
- gnutls_pk_algorithm_t algo, unsigned int bits,
- unsigned int flags)
+gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,
+ gnutls_pk_algorithm_t algo, unsigned int bits,
+ unsigned int flags)
{
- int ret;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- gnutls_pk_params_init(&key->params);
-
- if (algo == GNUTLS_PK_EC)
- {
- if (GNUTLS_BITS_ARE_CURVE(bits))
- bits = GNUTLS_BITS_TO_CURVE(bits);
- else
- bits = _gnutls_ecc_bits_to_curve(bits);
- }
-
- ret = _gnutls_pk_generate (algo, bits, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_asn1_encode_privkey (algo, &key->key, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- key->pk_algorithm = algo;
-
- return 0;
-
-cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
- gnutls_pk_params_clear(&key->params);
- gnutls_pk_params_release(&key->params);
-
- return ret;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ gnutls_pk_params_init(&key->params);
+
+ if (algo == GNUTLS_PK_EC) {
+ if (GNUTLS_BITS_ARE_CURVE(bits))
+ bits = GNUTLS_BITS_TO_CURVE(bits);
+ else
+ bits = _gnutls_ecc_bits_to_curve(bits);
+ }
+
+ ret = _gnutls_pk_generate(algo, bits, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_asn1_encode_privkey(algo, &key->key, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ key->pk_algorithm = algo;
+
+ return 0;
+
+ cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ gnutls_pk_params_clear(&key->params);
+ gnutls_pk_params_release(&key->params);
+
+ return ret;
}
/**
@@ -1566,19 +1520,17 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_privkey_verify_params (gnutls_x509_privkey_t key)
+int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t key)
{
- int ret;
+ int ret;
- ret = _gnutls_pk_verify_params (key->pk_algorithm, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_pk_verify_params(key->pk_algorithm, &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -1602,26 +1554,26 @@ gnutls_x509_privkey_verify_params (gnutls_x509_privkey_t key)
* negative error value.
**/
int
-gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int ret;
+ int ret;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_get_key_id(key->pk_algorithm, &key->params, output_data, output_data_size);
- if (ret < 0)
- {
- gnutls_assert ();
- }
+ ret =
+ _gnutls_get_key_id(key->pk_algorithm, &key->params,
+ output_data, output_data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ }
- return ret;
+ return ret;
}
@@ -1648,44 +1600,43 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
* negative error value.
-*/
static int
-_gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer,
- const mac_entry_st *me,
- unsigned int flags,
- const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature)
+_gnutls_x509_privkey_sign_hash2(gnutls_x509_privkey_t signer,
+ const mac_entry_st * me,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
{
- int ret;
- gnutls_datum_t digest;
-
- digest.data = gnutls_malloc (hash_data->size);
- if (digest.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- digest.size = hash_data->size;
- memcpy (digest.data, hash_data->data, digest.size);
-
- ret = pk_prepare_hash (signer->pk_algorithm, me, &digest);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_pk_sign (signer->pk_algorithm, signature, &digest, &signer->params);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum (&digest);
- return ret;
+ int ret;
+ gnutls_datum_t digest;
+
+ digest.data = gnutls_malloc(hash_data->size);
+ if (digest.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ digest.size = hash_data->size;
+ memcpy(digest.data, hash_data->data, digest.size);
+
+ ret = pk_prepare_hash(signer->pk_algorithm, me, &digest);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_pk_sign(signer->pk_algorithm, signature, &digest,
+ &signer->params);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&digest);
+ return ret;
}
/**
@@ -1705,27 +1656,27 @@ cleanup:
* Deprecated in: 2.12.0
*/
int
-gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
- int result;
+ int result;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_pk_sign (key->pk_algorithm, signature, hash, &key->params);
+ result =
+ _gnutls_pk_sign(key->pk_algorithm, signature, hash,
+ &key->params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -1756,55 +1707,51 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
* Deprecated: Use gnutls_privkey_sign_data().
*/
int
-gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t digest,
- unsigned int flags,
- const gnutls_datum_t * data,
- void *signature, size_t * signature_size)
+gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ void *signature, size_t * signature_size)
{
- int result;
- gnutls_datum_t sig = { NULL, 0 };
- gnutls_datum_t hash;
- const mac_entry_st *me = mac_to_entry(digest);
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result =
- pk_hash_data (key->pk_algorithm, me, &key->params, data, &hash);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- _gnutls_x509_privkey_sign_hash2 (key, me, flags, &hash, &sig);
-
- _gnutls_free_datum(&hash);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if (*signature_size < sig.size)
- {
- *signature_size = sig.size;
- _gnutls_free_datum (&sig);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *signature_size = sig.size;
- memcpy (signature, sig.data, sig.size);
-
- _gnutls_free_datum (&sig);
-
- return 0;
+ int result;
+ gnutls_datum_t sig = { NULL, 0 };
+ gnutls_datum_t hash;
+ const mac_entry_st *me = mac_to_entry(digest);
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ pk_hash_data(key->pk_algorithm, me, &key->params, data, &hash);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_privkey_sign_hash2(key, me, flags, &hash, &sig);
+
+ _gnutls_free_datum(&hash);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (*signature_size < sig.size) {
+ *signature_size = sig.size;
+ _gnutls_free_datum(&sig);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *signature_size = sig.size;
+ memcpy(signature, sig.data, sig.size);
+
+ _gnutls_free_datum(&sig);
+
+ return 0;
}
@@ -1818,26 +1765,24 @@ gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_privkey_fix (gnutls_x509_privkey_t key)
+int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key)
{
- int ret;
+ int ret;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- asn1_delete_structure (&key->key);
+ asn1_delete_structure(&key->key);
- ret = _gnutls_asn1_encode_privkey (key->pk_algorithm, &key->key, &key->params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret =
+ _gnutls_asn1_encode_privkey(key->pk_algorithm, &key->key,
+ &key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
-
diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c
index 396020e1af..9c0db45a55 100644
--- a/lib/x509/privkey_openssl.c
+++ b/lib/x509/privkey_openssl.c
@@ -35,76 +35,69 @@
#include <pbkdf2-sha1.h>
static int
-openssl_hash_password (const char *pass, gnutls_datum_t * key, gnutls_datum_t * salt)
+openssl_hash_password(const char *pass, gnutls_datum_t * key,
+ gnutls_datum_t * salt)
{
- unsigned char md5[16];
- gnutls_hash_hd_t hash;
- unsigned int count = 0;
- int err;
-
- while (count < key->size)
- {
- err = gnutls_hash_init (&hash, GNUTLS_DIG_MD5);
- if (err)
- {
- gnutls_assert ();
- return err;
- }
- if (count)
- {
- err = gnutls_hash (hash, md5, sizeof (md5));
- if (err)
- {
- hash_err:
- gnutls_hash_deinit (hash, NULL);
- gnutls_assert();
- return err;
- }
- }
- if (pass)
- {
- err = gnutls_hash (hash, pass, strlen (pass));
- if (err)
- {
- gnutls_assert();
- goto hash_err;
- }
- }
- err = gnutls_hash (hash, salt->data, 8);
- if (err)
- {
- gnutls_assert();
- goto hash_err;
- }
-
- gnutls_hash_deinit (hash, md5);
-
- if (key->size - count <= sizeof (md5))
- {
- memcpy (&key->data[count], md5, key->size - count);
- break;
- }
-
- memcpy (&key->data[count], md5, sizeof (md5));
- count += sizeof (md5);
- }
-
- return 0;
+ unsigned char md5[16];
+ gnutls_hash_hd_t hash;
+ unsigned int count = 0;
+ int err;
+
+ while (count < key->size) {
+ err = gnutls_hash_init(&hash, GNUTLS_DIG_MD5);
+ if (err) {
+ gnutls_assert();
+ return err;
+ }
+ if (count) {
+ err = gnutls_hash(hash, md5, sizeof(md5));
+ if (err) {
+ hash_err:
+ gnutls_hash_deinit(hash, NULL);
+ gnutls_assert();
+ return err;
+ }
+ }
+ if (pass) {
+ err = gnutls_hash(hash, pass, strlen(pass));
+ if (err) {
+ gnutls_assert();
+ goto hash_err;
+ }
+ }
+ err = gnutls_hash(hash, salt->data, 8);
+ if (err) {
+ gnutls_assert();
+ goto hash_err;
+ }
+
+ gnutls_hash_deinit(hash, md5);
+
+ if (key->size - count <= sizeof(md5)) {
+ memcpy(&key->data[count], md5, key->size - count);
+ break;
+ }
+
+ memcpy(&key->data[count], md5, sizeof(md5));
+ count += sizeof(md5);
+ }
+
+ return 0;
}
static const struct pem_cipher {
- const char *name;
- gnutls_cipher_algorithm_t cipher;
+ const char *name;
+ gnutls_cipher_algorithm_t cipher;
} pem_ciphers[] = {
- { "DES-CBC", GNUTLS_CIPHER_DES_CBC },
- { "DES-EDE3-CBC", GNUTLS_CIPHER_3DES_CBC },
- { "AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC },
- { "AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC },
- { "AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC },
- { "CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC },
- { "CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC },
- { "CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC },
-};
+ {
+ "DES-CBC", GNUTLS_CIPHER_DES_CBC}, {
+ "DES-EDE3-CBC", GNUTLS_CIPHER_3DES_CBC}, {
+ "AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC}, {
+ "AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC}, {
+ "AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC}, {
+ "CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC}, {
+ "CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC}, {
+"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC},};
/**
* gnutls_x509_privkey_import_openssl:
@@ -126,224 +119,211 @@ static const struct pem_cipher {
* negative error value.
**/
int
-gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key,
- const gnutls_datum_t *data, const char* password)
+gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ const char *password)
{
- gnutls_cipher_hd_t handle;
- gnutls_cipher_algorithm_t cipher = GNUTLS_CIPHER_UNKNOWN;
- gnutls_datum_t b64_data;
- gnutls_datum_t salt, enc_key;
- unsigned char *key_data;
- const char *pem_header = (void*)data->data;
- const char *pem_header_start = (void*)data->data;
- ssize_t pem_header_size;
- int ret;
- unsigned int i, iv_size, l;
-
- pem_header_size = data->size;
-
- pem_header = memmem(pem_header, pem_header_size, "PRIVATE KEY---", 14);
- if (pem_header == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_PARSING_ERROR;
- }
-
- pem_header_size -= (ptrdiff_t)(pem_header-pem_header_start);
-
- pem_header = memmem(pem_header, pem_header_size, "DEK-Info: ", 10);
- if (pem_header == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_PARSING_ERROR;
- }
-
- pem_header_size = data->size - (ptrdiff_t)(pem_header-pem_header_start) - 10;
- pem_header += 10;
-
- for (i = 0; i < sizeof(pem_ciphers)/sizeof(pem_ciphers[0]); i++)
- {
- l = strlen(pem_ciphers[i].name);
- if (!strncmp(pem_header, pem_ciphers[i].name, l) &&
- pem_header[l] == ',')
- {
- pem_header += l + 1;
- cipher = pem_ciphers[i].cipher;
- break;
- }
- }
-
- if (cipher == GNUTLS_CIPHER_UNKNOWN)
- {
- _gnutls_debug_log ("Unsupported PEM encryption type: %.10s\n", pem_header);
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- iv_size = gnutls_cipher_get_iv_size(cipher);
- salt.size = iv_size;
- salt.data = gnutls_malloc (salt.size);
- if (!salt.data)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- for (i = 0; i < salt.size * 2; i++)
- {
- unsigned char x;
- const char *c = &pem_header[i];
-
- if (*c >= '0' && *c <= '9')
- x = (*c) - '0';
- else if (*c >= 'A' && *c <= 'F')
- x = (*c) - 'A' + 10;
- else
- {
- gnutls_assert();
- /* Invalid salt in encrypted PEM file */
- ret = GNUTLS_E_INVALID_REQUEST;
- goto out_salt;
- }
- if (i & 1)
- salt.data[i / 2] |= x;
- else
- salt.data[i / 2] = x << 4;
- }
-
- pem_header += salt.size * 2;
- if (*pem_header != '\r' && *pem_header != '\n')
- {
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto out_salt;
- }
- while (*pem_header == '\n' || *pem_header == '\r')
- pem_header++;
-
- ret = _gnutls_base64_decode((const void*)pem_header, pem_header_size, &b64_data);
- if (ret < 0)
- {
- gnutls_assert();
- goto out_salt;
- }
-
- if (b64_data.size < 16)
- {
- /* Just to be sure our parsing is OK */
- gnutls_assert();
- ret = GNUTLS_E_PARSING_ERROR;
- goto out_b64;
- }
-
- ret = GNUTLS_E_MEMORY_ERROR;
- enc_key.size = gnutls_cipher_get_key_size (cipher);
- enc_key.data = gnutls_malloc (enc_key.size);
- if (!enc_key.data)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto out_b64;
- }
-
- key_data = gnutls_malloc (b64_data.size);
- if (!key_data)
- {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto out_enc_key;
- }
-
- while (1)
- {
- memcpy (key_data, b64_data.data, b64_data.size);
-
- ret = openssl_hash_password (password, &enc_key, &salt);
- if (ret < 0)
- {
- gnutls_assert();
- goto out;
- }
-
- ret = gnutls_cipher_init (&handle, cipher, &enc_key, &salt);
- if (ret < 0)
- {
- gnutls_assert();
- gnutls_cipher_deinit (handle);
- goto out;
- }
-
- ret = gnutls_cipher_decrypt (handle, key_data, b64_data.size);
- gnutls_cipher_deinit (handle);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto out;
- }
-
- /* We have to strip any padding to accept it.
- So a bit more ASN.1 parsing for us.*/
- if (key_data[0] == 0x30)
- {
- gnutls_datum_t key_datum;
- unsigned int blocksize = gnutls_cipher_get_block_size (cipher);
- unsigned int keylen = key_data[1];
- unsigned int ofs = 2;
-
- if (keylen & 0x80)
- {
- int lenlen = keylen & 0x7f;
- keylen = 0;
-
- if (lenlen > 3)
- {
- gnutls_assert();
- goto fail;
- }
-
- while (lenlen)
- {
- keylen <<= 8;
- keylen |= key_data[ofs++];
- lenlen--;
- }
- }
- keylen += ofs;
-
- /* If there appears to be more padding than required, fail */
- if (b64_data.size - keylen > blocksize)
- {
- gnutls_assert();
- goto fail;
- }
-
- /* If the padding bytes aren't all equal to the amount of padding, fail */
- ofs = keylen;
- while (ofs < b64_data.size)
- {
- if (key_data[ofs] != b64_data.size - keylen)
- {
- gnutls_assert();
- goto fail;
- }
- ofs++;
- }
-
- key_datum.data = key_data;
- key_datum.size = keylen;
- ret =
- gnutls_x509_privkey_import (key, &key_datum,
- GNUTLS_X509_FMT_DER);
- if (ret == 0)
- goto out;
- }
- fail:
- ret = GNUTLS_E_DECRYPTION_FAILED;
- goto out;
- }
-out:
- gnutls_free (key_data);
-out_enc_key:
- gnutls_free (enc_key.data);
-out_b64:
- gnutls_free (b64_data.data);
-out_salt:
- gnutls_free (salt.data);
- return ret;
+ gnutls_cipher_hd_t handle;
+ gnutls_cipher_algorithm_t cipher = GNUTLS_CIPHER_UNKNOWN;
+ gnutls_datum_t b64_data;
+ gnutls_datum_t salt, enc_key;
+ unsigned char *key_data;
+ const char *pem_header = (void *) data->data;
+ const char *pem_header_start = (void *) data->data;
+ ssize_t pem_header_size;
+ int ret;
+ unsigned int i, iv_size, l;
+
+ pem_header_size = data->size;
+
+ pem_header =
+ memmem(pem_header, pem_header_size, "PRIVATE KEY---", 14);
+ if (pem_header == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ pem_header_size -= (ptrdiff_t) (pem_header - pem_header_start);
+
+ pem_header = memmem(pem_header, pem_header_size, "DEK-Info: ", 10);
+ if (pem_header == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ pem_header_size =
+ data->size - (ptrdiff_t) (pem_header - pem_header_start) - 10;
+ pem_header += 10;
+
+ for (i = 0; i < sizeof(pem_ciphers) / sizeof(pem_ciphers[0]); i++) {
+ l = strlen(pem_ciphers[i].name);
+ if (!strncmp(pem_header, pem_ciphers[i].name, l) &&
+ pem_header[l] == ',') {
+ pem_header += l + 1;
+ cipher = pem_ciphers[i].cipher;
+ break;
+ }
+ }
+
+ if (cipher == GNUTLS_CIPHER_UNKNOWN) {
+ _gnutls_debug_log
+ ("Unsupported PEM encryption type: %.10s\n",
+ pem_header);
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ iv_size = gnutls_cipher_get_iv_size(cipher);
+ salt.size = iv_size;
+ salt.data = gnutls_malloc(salt.size);
+ if (!salt.data)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ for (i = 0; i < salt.size * 2; i++) {
+ unsigned char x;
+ const char *c = &pem_header[i];
+
+ if (*c >= '0' && *c <= '9')
+ x = (*c) - '0';
+ else if (*c >= 'A' && *c <= 'F')
+ x = (*c) - 'A' + 10;
+ else {
+ gnutls_assert();
+ /* Invalid salt in encrypted PEM file */
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto out_salt;
+ }
+ if (i & 1)
+ salt.data[i / 2] |= x;
+ else
+ salt.data[i / 2] = x << 4;
+ }
+
+ pem_header += salt.size * 2;
+ if (*pem_header != '\r' && *pem_header != '\n') {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto out_salt;
+ }
+ while (*pem_header == '\n' || *pem_header == '\r')
+ pem_header++;
+
+ ret =
+ _gnutls_base64_decode((const void *) pem_header,
+ pem_header_size, &b64_data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out_salt;
+ }
+
+ if (b64_data.size < 16) {
+ /* Just to be sure our parsing is OK */
+ gnutls_assert();
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto out_b64;
+ }
+
+ ret = GNUTLS_E_MEMORY_ERROR;
+ enc_key.size = gnutls_cipher_get_key_size(cipher);
+ enc_key.data = gnutls_malloc(enc_key.size);
+ if (!enc_key.data) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto out_b64;
+ }
+
+ key_data = gnutls_malloc(b64_data.size);
+ if (!key_data) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto out_enc_key;
+ }
+
+ while (1) {
+ memcpy(key_data, b64_data.data, b64_data.size);
+
+ ret = openssl_hash_password(password, &enc_key, &salt);
+ if (ret < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ ret = gnutls_cipher_init(&handle, cipher, &enc_key, &salt);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_cipher_deinit(handle);
+ goto out;
+ }
+
+ ret =
+ gnutls_cipher_decrypt(handle, key_data, b64_data.size);
+ gnutls_cipher_deinit(handle);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ /* We have to strip any padding to accept it.
+ So a bit more ASN.1 parsing for us. */
+ if (key_data[0] == 0x30) {
+ gnutls_datum_t key_datum;
+ unsigned int blocksize =
+ gnutls_cipher_get_block_size(cipher);
+ unsigned int keylen = key_data[1];
+ unsigned int ofs = 2;
+
+ if (keylen & 0x80) {
+ int lenlen = keylen & 0x7f;
+ keylen = 0;
+
+ if (lenlen > 3) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ while (lenlen) {
+ keylen <<= 8;
+ keylen |= key_data[ofs++];
+ lenlen--;
+ }
+ }
+ keylen += ofs;
+
+ /* If there appears to be more padding than required, fail */
+ if (b64_data.size - keylen > blocksize) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ /* If the padding bytes aren't all equal to the amount of padding, fail */
+ ofs = keylen;
+ while (ofs < b64_data.size) {
+ if (key_data[ofs] !=
+ b64_data.size - keylen) {
+ gnutls_assert();
+ goto fail;
+ }
+ ofs++;
+ }
+
+ key_datum.data = key_data;
+ key_datum.size = keylen;
+ ret =
+ gnutls_x509_privkey_import(key, &key_datum,
+ GNUTLS_X509_FMT_DER);
+ if (ret == 0)
+ goto out;
+ }
+ fail:
+ ret = GNUTLS_E_DECRYPTION_FAILED;
+ goto out;
+ }
+ out:
+ gnutls_free(key_data);
+ out_enc_key:
+ gnutls_free(enc_key.data);
+ out_b64:
+ gnutls_free(b64_data.data);
+ out_salt:
+ gnutls_free(salt.data);
+ return ret;
}
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index c861264721..252742ea2e 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -34,7 +34,8 @@
#include <random.h>
#include <pbkdf2-sha1.h>
-static int _decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey);
+static int _decode_pkcs8_ecc_key(ASN1_TYPE pkcs8_asn,
+ gnutls_x509_privkey_t pkey);
#define PBES2_OID "1.2.840.113549.1.5.13"
#define PBKDF2_OID "1.2.840.113549.1.5.12"
@@ -49,50 +50,48 @@ static int _decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pke
#define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
#define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
-struct pbkdf2_params
-{
- uint8_t salt[32];
- int salt_size;
- unsigned int iter_count;
- unsigned int key_size;
+struct pbkdf2_params {
+ uint8_t salt[32];
+ int salt_size;
+ unsigned int iter_count;
+ unsigned int key_size;
};
-struct pbe_enc_params
-{
- gnutls_cipher_algorithm_t cipher;
- uint8_t iv[MAX_CIPHER_BLOCK_SIZE];
- int iv_size;
+struct pbe_enc_params {
+ gnutls_cipher_algorithm_t cipher;
+ uint8_t iv[MAX_CIPHER_BLOCK_SIZE];
+ int iv_size;
};
-static int generate_key (schema_id schema, const char *password,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params,
- gnutls_datum_t * key);
-static int read_pbkdf2_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der,
- struct pbkdf2_params *params);
-static int read_pbe_enc_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der,
- struct pbe_enc_params *params);
-static int decrypt_data (schema_id, ASN1_TYPE pkcs8_asn, const char *root,
- const char *password,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * decrypted_data);
-static int decode_private_key_info (const gnutls_datum_t * der,
- gnutls_x509_privkey_t pkey);
-static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params);
-static int encrypt_data (const gnutls_datum_t * plain,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * key, gnutls_datum_t * encrypted);
-
-static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
- struct pbkdf2_params *params);
-static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *params);
+static int generate_key(schema_id schema, const char *password,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key);
+static int read_pbkdf2_params(ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbkdf2_params *params);
+static int read_pbe_enc_params(ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbe_enc_params *params);
+static int decrypt_data(schema_id, ASN1_TYPE pkcs8_asn, const char *root,
+ const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data);
+static int decode_private_key_info(const gnutls_datum_t * der,
+ gnutls_x509_privkey_t pkey);
+static int write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params);
+static int encrypt_data(const gnutls_datum_t * plain,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted);
+
+static int read_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
+ struct pbkdf2_params *params);
+static int write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
+ const struct pbkdf2_params *params);
#define PEM_PKCS8 "ENCRYPTED PRIVATE KEY"
#define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY"
@@ -100,25 +99,25 @@ static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
/* Returns a negative error code if the encryption schema in
* the OID is not supported. The schema ID is returned.
*/
-static int
-check_schema (const char *oid)
+static int check_schema(const char *oid)
{
- if (strcmp (oid, PBES2_OID) == 0)
- return PBES2_GENERIC; /* ok */
+ if (strcmp(oid, PBES2_OID) == 0)
+ return PBES2_GENERIC; /* ok */
- if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
- return PKCS12_3DES_SHA1;
+ if (strcmp(oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
+ return PKCS12_3DES_SHA1;
- if (strcmp (oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0)
- return PKCS12_ARCFOUR_SHA1;
+ if (strcmp(oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0)
+ return PKCS12_ARCFOUR_SHA1;
- if (strcmp (oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0)
- return PKCS12_RC2_40_SHA1;
+ if (strcmp(oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0)
+ return PKCS12_RC2_40_SHA1;
- _gnutls_debug_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid);
+ _gnutls_debug_log
+ ("PKCS encryption schema OID '%s' is unsupported.\n", oid);
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
/* Encodes a private key to the raw format PKCS #8 needs.
@@ -126,82 +125,80 @@ check_schema (const char *oid)
* an ASN.1 INTEGER of the x value.
*/
inline static int
-_encode_privkey (gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
+_encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
{
- size_t size = 0;
- uint8_t *data = NULL;
- int ret;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- switch (pkey->pk_algorithm)
- {
- case GNUTLS_PK_RSA:
- case GNUTLS_PK_EC:
- ret =
- gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- goto error;
- }
-
- data = gnutls_malloc (size);
- if (data == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
-
- ret =
- gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- raw->data = data;
- raw->size = size;
- break;
- case GNUTLS_PK_DSA:
- /* DSAPublicKey == INTEGER */
- if ((ret = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret = _gnutls_x509_write_int (spk, "", pkey->params.params[4], 1);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- ret = _gnutls_x509_der_encode (spk, "", raw, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- asn1_delete_structure (&spk);
- break;
-
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
-
-error:
- gnutls_free (data);
- asn1_delete_structure (&spk);
- return ret;
+ size_t size = 0;
+ uint8_t *data = NULL;
+ int ret;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ switch (pkey->pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ case GNUTLS_PK_EC:
+ ret =
+ gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER,
+ NULL, &size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto error;
+ }
+
+ data = gnutls_malloc(size);
+ if (data == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+
+ ret =
+ gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER,
+ data, &size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ raw->data = data;
+ raw->size = size;
+ break;
+ case GNUTLS_PK_DSA:
+ /* DSAPublicKey == INTEGER */
+ if ((ret = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey",
+ &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret =
+ _gnutls_x509_write_int(spk, "", pkey->params.params[4],
+ 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ ret = _gnutls_x509_der_encode(spk, "", raw, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ asn1_delete_structure(&spk);
+ break;
+
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+
+ error:
+ gnutls_free(data);
+ asn1_delete_structure(&spk);
+ return ret;
}
@@ -211,357 +208,336 @@ error:
* the ASN1_TYPE of private key info will be returned.
*/
static int
-encode_to_private_key_info (gnutls_x509_privkey_t pkey,
- gnutls_datum_t * der, ASN1_TYPE * pkey_info)
+encode_to_private_key_info(gnutls_x509_privkey_t pkey,
+ gnutls_datum_t * der, ASN1_TYPE * pkey_info)
{
- int result, len;
- uint8_t null = 0;
- const char *oid;
- gnutls_datum_t algo_params = { NULL, 0 };
- gnutls_datum_t algo_privkey = { NULL, 0 };
-
- oid = _gnutls_x509_pk_to_oid(pkey->pk_algorithm);
- if (oid == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- result =
- _gnutls_x509_write_pubkey_params (pkey->pk_algorithm, &pkey->params, &algo_params);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-PrivateKeyInfo",
- pkey_info)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Write the version.
- */
- result = asn1_write_value (*pkey_info, "version", &null, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* write the privateKeyAlgorithm
- * fields. (OID+NULL data)
- */
- result =
- asn1_write_value (*pkey_info, "privateKeyAlgorithm.algorithm", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result =
- asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters",
- algo_params.data, algo_params.size);
- _gnutls_free_datum (&algo_params);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
-
- /* Write the raw private key
- */
- result = _encode_privkey (pkey, &algo_privkey);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result =
- asn1_write_value (*pkey_info, "privateKey", algo_privkey.data,
- algo_privkey.size);
- _gnutls_free_datum (&algo_privkey);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Append an empty Attributes field.
- */
- result = asn1_write_value (*pkey_info, "attributes", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* DER Encode the generated private key info.
- */
- len = 0;
- result = asn1_der_coding (*pkey_info, "", NULL, &len, NULL);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* allocate data for the der
- */
- der->size = len;
- der->data = gnutls_malloc (len);
- if (der->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_der_coding (*pkey_info, "", der->data, &len, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- return 0;
-
-error:
- asn1_delete_structure (pkey_info);
- _gnutls_free_datum (&algo_params);
- _gnutls_free_datum (&algo_privkey);
- return result;
+ int result, len;
+ uint8_t null = 0;
+ const char *oid;
+ gnutls_datum_t algo_params = { NULL, 0 };
+ gnutls_datum_t algo_privkey = { NULL, 0 };
+
+ oid = _gnutls_x509_pk_to_oid(pkey->pk_algorithm);
+ if (oid == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ result =
+ _gnutls_x509_write_pubkey_params(pkey->pk_algorithm,
+ &pkey->params, &algo_params);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-PrivateKeyInfo",
+ pkey_info)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Write the version.
+ */
+ result = asn1_write_value(*pkey_info, "version", &null, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* write the privateKeyAlgorithm
+ * fields. (OID+NULL data)
+ */
+ result =
+ asn1_write_value(*pkey_info, "privateKeyAlgorithm.algorithm",
+ oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ asn1_write_value(*pkey_info, "privateKeyAlgorithm.parameters",
+ algo_params.data, algo_params.size);
+ _gnutls_free_datum(&algo_params);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+
+ /* Write the raw private key
+ */
+ result = _encode_privkey(pkey, &algo_privkey);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ asn1_write_value(*pkey_info, "privateKey", algo_privkey.data,
+ algo_privkey.size);
+ _gnutls_free_datum(&algo_privkey);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Append an empty Attributes field.
+ */
+ result = asn1_write_value(*pkey_info, "attributes", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* DER Encode the generated private key info.
+ */
+ len = 0;
+ result = asn1_der_coding(*pkey_info, "", NULL, &len, NULL);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* allocate data for the der
+ */
+ der->size = len;
+ der->data = gnutls_malloc(len);
+ if (der->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_der_coding(*pkey_info, "", der->data, &len, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(pkey_info);
+ _gnutls_free_datum(&algo_params);
+ _gnutls_free_datum(&algo_privkey);
+ return result;
}
-static const char *
-cipher_to_pkcs_params (int cipher, const char **oid)
+static const char *cipher_to_pkcs_params(int cipher, const char **oid)
{
- switch (cipher)
- {
- case GNUTLS_CIPHER_AES_128_CBC:
- if (oid)
- *oid = AES_128_CBC_OID;
- return "PKIX1.pkcs-5-aes128-CBC-params";
- break;
- case GNUTLS_CIPHER_AES_192_CBC:
- if (oid)
- *oid = AES_192_CBC_OID;
- return "PKIX1.pkcs-5-aes192-CBC-params";
- break;
- case GNUTLS_CIPHER_AES_256_CBC:
- if (oid)
- *oid = AES_256_CBC_OID;
- return "PKIX1.pkcs-5-aes256-CBC-params";
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- if (oid)
- *oid = DES_EDE3_CBC_OID;
- return "PKIX1.pkcs-5-des-EDE3-CBC-params";
- break;
- default:
- return NULL;
- break;
- }
+ switch (cipher) {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ if (oid)
+ *oid = AES_128_CBC_OID;
+ return "PKIX1.pkcs-5-aes128-CBC-params";
+ break;
+ case GNUTLS_CIPHER_AES_192_CBC:
+ if (oid)
+ *oid = AES_192_CBC_OID;
+ return "PKIX1.pkcs-5-aes192-CBC-params";
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ if (oid)
+ *oid = AES_256_CBC_OID;
+ return "PKIX1.pkcs-5-aes256-CBC-params";
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ if (oid)
+ *oid = DES_EDE3_CBC_OID;
+ return "PKIX1.pkcs-5-des-EDE3-CBC-params";
+ break;
+ default:
+ return NULL;
+ break;
+ }
}
-static int
-cipher_to_schema (int cipher)
+static int cipher_to_schema(int cipher)
{
- switch (cipher)
- {
- case GNUTLS_CIPHER_AES_128_CBC:
- return PBES2_AES_128;
- break;
- case GNUTLS_CIPHER_AES_192_CBC:
- return PBES2_AES_192;
- break;
- case GNUTLS_CIPHER_AES_256_CBC:
- return PBES2_AES_256;
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- return PBES2_3DES;
- break;
- default:
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
- break;
- }
+ switch (cipher) {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ return PBES2_AES_128;
+ break;
+ case GNUTLS_CIPHER_AES_192_CBC:
+ return PBES2_AES_192;
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ return PBES2_AES_256;
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ return PBES2_3DES;
+ break;
+ default:
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ break;
+ }
}
-int
-_gnutls_pkcs_flags_to_schema (unsigned int flags)
+int _gnutls_pkcs_flags_to_schema(unsigned int flags)
{
- int schema;
-
- if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
- schema = PKCS12_ARCFOUR_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
- schema = PKCS12_RC2_40_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
- schema = PBES2_3DES;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
- schema = PBES2_AES_128;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
- schema = PBES2_AES_192;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
- schema = PBES2_AES_256;
- else
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
- flags);
- schema = PKCS12_3DES_SHA1;
- }
-
- return schema;
+ int schema;
+
+ if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
+ schema = PKCS12_ARCFOUR_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
+ schema = PKCS12_RC2_40_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
+ schema = PBES2_3DES;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
+ schema = PBES2_AES_128;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
+ schema = PBES2_AES_192;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
+ schema = PBES2_AES_256;
+ else {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
+ flags);
+ schema = PKCS12_3DES_SHA1;
+ }
+
+ return schema;
}
/* returns the OID corresponding to given schema
*/
-static int
-schema_to_oid (schema_id schema, const char **str_oid)
+static int schema_to_oid(schema_id schema, const char **str_oid)
{
- int result = 0;
-
- switch (schema)
- {
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
- *str_oid = PBES2_OID;
- break;
- case PKCS12_3DES_SHA1:
- *str_oid = PKCS12_PBE_3DES_SHA1_OID;
- break;
- case PKCS12_ARCFOUR_SHA1:
- *str_oid = PKCS12_PBE_ARCFOUR_SHA1_OID;
- break;
- case PKCS12_RC2_40_SHA1:
- *str_oid = PKCS12_PBE_RC2_40_SHA1_OID;
- break;
- default:
- gnutls_assert ();
- result = GNUTLS_E_INTERNAL_ERROR;
- }
-
- return result;
+ int result = 0;
+
+ switch (schema) {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+ *str_oid = PBES2_OID;
+ break;
+ case PKCS12_3DES_SHA1:
+ *str_oid = PKCS12_PBE_3DES_SHA1_OID;
+ break;
+ case PKCS12_ARCFOUR_SHA1:
+ *str_oid = PKCS12_PBE_ARCFOUR_SHA1_OID;
+ break;
+ case PKCS12_RC2_40_SHA1:
+ *str_oid = PKCS12_PBE_RC2_40_SHA1_OID;
+ break;
+ default:
+ gnutls_assert();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return result;
}
/* Converts a PKCS #8 private key info to
* a PKCS #8 EncryptedPrivateKeyInfo.
*/
static int
-encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key,
- const char *password, ASN1_TYPE * out)
+encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key,
+ const char *password, ASN1_TYPE * out)
{
- int result;
- gnutls_datum_t key = { NULL, 0 };
- gnutls_datum_t tmp = { NULL, 0 };
- ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
- const char *str_oid;
-
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Write the encryption schema OID
- */
- result = schema_to_oid (schema, &str_oid);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", str_oid, 1);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Generate a symmetric key.
- */
-
- result = generate_key (schema, password, &kdf_params, &enc_params, &key);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result =
- write_schema_params (schema, pkcs8_asn,
- "encryptionAlgorithm.parameters", &kdf_params,
- &enc_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* Parameters have been encoded. Now
- * encrypt the Data.
- */
- result = encrypt_data (der_key, &enc_params, &key, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* write the encrypted data.
- */
- result = asn1_write_value (pkcs8_asn, "encryptedData", tmp.data, tmp.size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- _gnutls_free_datum (&tmp);
- _gnutls_free_datum (&key);
-
- *out = pkcs8_asn;
-
- return 0;
-
-error:
- _gnutls_free_datum (&key);
- _gnutls_free_datum (&tmp);
- asn1_delete_structure (&pkcs8_asn);
- return result;
+ int result;
+ gnutls_datum_t key = { NULL, 0 };
+ gnutls_datum_t tmp = { NULL, 0 };
+ ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ const char *str_oid;
+
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Write the encryption schema OID
+ */
+ result = schema_to_oid(schema, &str_oid);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
+ str_oid, 1);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Generate a symmetric key.
+ */
+
+ result =
+ generate_key(schema, password, &kdf_params, &enc_params, &key);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ write_schema_params(schema, pkcs8_asn,
+ "encryptionAlgorithm.parameters",
+ &kdf_params, &enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Parameters have been encoded. Now
+ * encrypt the Data.
+ */
+ result = encrypt_data(der_key, &enc_params, &key, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* write the encrypted data.
+ */
+ result =
+ asn1_write_value(pkcs8_asn, "encryptedData", tmp.data,
+ tmp.size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ _gnutls_free_datum(&tmp);
+ _gnutls_free_datum(&key);
+
+ *out = pkcs8_asn;
+
+ return 0;
+
+ error:
+ _gnutls_free_datum(&key);
+ _gnutls_free_datum(&tmp);
+ asn1_delete_structure(&pkcs8_asn);
+ return result;
}
@@ -595,68 +571,65 @@ error:
* returned, and 0 on success.
**/
int
-gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- void *output_data,
- size_t * output_data_size)
+gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size)
{
- ASN1_TYPE pkcs8_asn, pkey_info;
- int ret;
- gnutls_datum_t tmp;
- schema_id schema;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Get the private key info
- * tmp holds the DER encoding.
- */
- ret = encode_to_private_key_info (key, &tmp, &pkey_info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- schema = _gnutls_pkcs_flags_to_schema (flags);
-
- if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags & GNUTLS_PKCS_NULL_PASSWORD))
- {
- _gnutls_free_datum (&tmp);
-
- ret =
- _gnutls_x509_export_int (pkey_info, format,
- PEM_UNENCRYPTED_PKCS8,
- output_data, output_data_size);
-
- asn1_delete_structure (&pkey_info);
- }
- else
- {
- asn1_delete_structure (&pkey_info); /* we don't need it */
-
- ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
- _gnutls_free_datum (&tmp);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8,
- output_data, output_data_size);
-
- asn1_delete_structure (&pkcs8_asn);
- }
-
- return ret;
+ ASN1_TYPE pkcs8_asn, pkey_info;
+ int ret;
+ gnutls_datum_t tmp;
+ schema_id schema;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Get the private key info
+ * tmp holds the DER encoding.
+ */
+ ret = encode_to_private_key_info(key, &tmp, &pkey_info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ schema = _gnutls_pkcs_flags_to_schema(flags);
+
+ if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
+ && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) {
+ _gnutls_free_datum(&tmp);
+
+ ret =
+ _gnutls_x509_export_int(pkey_info, format,
+ PEM_UNENCRYPTED_PKCS8,
+ output_data, output_data_size);
+
+ asn1_delete_structure(&pkey_info);
+ } else {
+ asn1_delete_structure(&pkey_info); /* we don't need it */
+
+ ret =
+ encode_to_pkcs8_key(schema, &tmp, password,
+ &pkcs8_asn);
+ _gnutls_free_datum(&tmp);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_export_int(pkcs8_asn, format, PEM_PKCS8,
+ output_data, output_data_size);
+
+ asn1_delete_structure(&pkcs8_asn);
+ }
+
+ return ret;
}
/**
@@ -687,65 +660,62 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
* Since 3.1.3
**/
int
-gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format,
- const char *password,
- unsigned int flags,
- gnutls_datum_t *out)
+gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags, gnutls_datum_t * out)
{
- ASN1_TYPE pkcs8_asn, pkey_info;
- int ret;
- gnutls_datum_t tmp;
- schema_id schema;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Get the private key info
- * tmp holds the DER encoding.
- */
- ret = encode_to_private_key_info (key, &tmp, &pkey_info);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- schema = _gnutls_pkcs_flags_to_schema (flags);
-
- if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags & GNUTLS_PKCS_NULL_PASSWORD))
- {
- _gnutls_free_datum (&tmp);
-
- ret =
- _gnutls_x509_export_int2 (pkey_info, format,
- PEM_UNENCRYPTED_PKCS8, out);
-
- asn1_delete_structure (&pkey_info);
- }
- else
- {
- asn1_delete_structure (&pkey_info); /* we don't need it */
-
- ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
- _gnutls_free_datum (&tmp);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- _gnutls_x509_export_int2 (pkcs8_asn, format, PEM_PKCS8, out);
-
- asn1_delete_structure (&pkcs8_asn);
- }
-
- return ret;
+ ASN1_TYPE pkcs8_asn, pkey_info;
+ int ret;
+ gnutls_datum_t tmp;
+ schema_id schema;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Get the private key info
+ * tmp holds the DER encoding.
+ */
+ ret = encode_to_private_key_info(key, &tmp, &pkey_info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ schema = _gnutls_pkcs_flags_to_schema(flags);
+
+ if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
+ && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) {
+ _gnutls_free_datum(&tmp);
+
+ ret =
+ _gnutls_x509_export_int2(pkey_info, format,
+ PEM_UNENCRYPTED_PKCS8, out);
+
+ asn1_delete_structure(&pkey_info);
+ } else {
+ asn1_delete_structure(&pkey_info); /* we don't need it */
+
+ ret =
+ encode_to_pkcs8_key(schema, &tmp, password,
+ &pkcs8_asn);
+ _gnutls_free_datum(&tmp);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_export_int2(pkcs8_asn, format, PEM_PKCS8,
+ out);
+
+ asn1_delete_structure(&pkcs8_asn);
+ }
+
+ return ret;
}
@@ -753,256 +723,240 @@ gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,
* schema ID.
*/
static int
-read_pkcs_schema_params (schema_id * schema, const char *password,
- const uint8_t * data, int data_size,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params)
+read_pkcs_schema_params(schema_id * schema, const char *password,
+ const uint8_t * data, int data_size,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params)
{
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
- int result;
- gnutls_datum_t tmp;
-
- switch (*schema)
- {
-
- case PBES2_GENERIC:
-
- /* Now check the key derivation and the encryption
- * functions.
- */
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBES2-params",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Decode the parameters.
- */
- result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- tmp.data = (uint8_t *) data;
- tmp.size = data_size;
-
- result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params);
- if (result < 0)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params);
- if (result < 0)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- asn1_delete_structure (&pbes2_asn);
-
- result = cipher_to_schema (enc_params->cipher);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- *schema = result;
- return 0;
-
- case PKCS12_3DES_SHA1:
- case PKCS12_ARCFOUR_SHA1:
- case PKCS12_RC2_40_SHA1:
-
- if ((*schema) == PKCS12_3DES_SHA1)
- {
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- enc_params->iv_size = 8;
- }
- else if ((*schema) == PKCS12_ARCFOUR_SHA1)
- {
- enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
- enc_params->iv_size = 0;
- }
- else if ((*schema) == PKCS12_RC2_40_SHA1)
- {
- enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
- enc_params->iv_size = 8;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-PbeParams",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Decode the parameters.
- */
- result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = read_pkcs12_kdf_params (pbes2_asn, kdf_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- if (enc_params->iv_size)
- {
- result =
- _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- enc_params->iv_size,
- enc_params->iv);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- }
-
- asn1_delete_structure (&pbes2_asn);
-
- return 0;
-
- default:
- gnutls_assert ();
- } /* switch */
-
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
-
-error:
- asn1_delete_structure (&pbes2_asn);
- return result;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
+ int result;
+ gnutls_datum_t tmp;
+
+ switch (*schema) {
+
+ case PBES2_GENERIC:
+
+ /* Now check the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-PBES2-params",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Decode the parameters.
+ */
+ result =
+ asn1_der_decoding(&pbes2_asn, data, data_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ tmp.data = (uint8_t *) data;
+ tmp.size = data_size;
+
+ result = read_pbkdf2_params(pbes2_asn, &tmp, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = read_pbe_enc_params(pbes2_asn, &tmp, enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ asn1_delete_structure(&pbes2_asn);
+
+ result = cipher_to_schema(enc_params->cipher);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ *schema = result;
+ return 0;
+
+ case PKCS12_3DES_SHA1:
+ case PKCS12_ARCFOUR_SHA1:
+ case PKCS12_RC2_40_SHA1:
+
+ if ((*schema) == PKCS12_3DES_SHA1) {
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ enc_params->iv_size = 8;
+ } else if ((*schema) == PKCS12_ARCFOUR_SHA1) {
+ enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
+ enc_params->iv_size = 0;
+ } else if ((*schema) == PKCS12_RC2_40_SHA1) {
+ enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
+ enc_params->iv_size = 8;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-PbeParams",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Decode the parameters.
+ */
+ result =
+ asn1_der_decoding(&pbes2_asn, data, data_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = read_pkcs12_kdf_params(pbes2_asn, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if (enc_params->iv_size) {
+ result =
+ _gnutls_pkcs12_string_to_key(2 /*IV*/,
+ kdf_params->salt,
+ kdf_params->
+ salt_size,
+ kdf_params->
+ iter_count,
+ password,
+ enc_params->
+ iv_size,
+ enc_params->iv);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ }
+
+ asn1_delete_structure(&pbes2_asn);
+
+ return 0;
+
+ default:
+ gnutls_assert();
+ } /* switch */
+
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ return result;
}
static int decrypt_pkcs8_key(const gnutls_datum_t * raw_key,
- ASN1_TYPE pkcs8_asn, const char *password,
- gnutls_x509_privkey_t pkey)
+ ASN1_TYPE pkcs8_asn, const char *password,
+ gnutls_x509_privkey_t pkey)
{
- int result, len;
- char enc_oid[64];
- gnutls_datum_t tmp;
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
- int params_start, params_end, params_len;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
- schema_id schema;
-
- /* Check the encryption schema OID
- */
- len = sizeof (enc_oid);
- result =
- asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
- enc_oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
-
- if ((result = check_schema (enc_oid)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- schema = result;
-
- /* Get the DER encoding of the parameters.
- */
- result =
- asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data,
- raw_key->size,
- "encryptionAlgorithm.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- params_len = params_end - params_start + 1;
-
- result =
- read_pkcs_schema_params (&schema, password,
- &raw_key->data[params_start],
- params_len, &kdf_params, &enc_params);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* Parameters have been decoded. Now
- * decrypt the EncryptedData.
- */
- result =
- decrypt_data (schema, pkcs8_asn, "encryptedData", password,
- &kdf_params, &enc_params, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = decode_private_key_info (&tmp, pkey);
- _gnutls_free_datum (&tmp);
-
- if (result < 0)
- {
- /* We've gotten this far. In the real world it's almost certain
- * that we're dealing with a good file, but wrong password.
- * Sadly like 90% of random data is somehow valid DER for the
- * a first small number of bytes, so no easy way to guarantee. */
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
- result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
- result == GNUTLS_E_ASN1_DER_ERROR ||
- result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
- result == GNUTLS_E_ASN1_GENERIC_ERROR ||
- result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
- result == GNUTLS_E_ASN1_TAG_ERROR ||
- result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
- result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
- result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
- result == GNUTLS_E_ASN1_DER_OVERFLOW)
- {
- result = GNUTLS_E_DECRYPTION_FAILED;
- }
-
- gnutls_assert ();
- goto error;
- }
-
- return 0;
-
-error:
- asn1_delete_structure (&pbes2_asn);
- return result;
+ int result, len;
+ char enc_oid[64];
+ gnutls_datum_t tmp;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
+ int params_start, params_end, params_len;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ schema_id schema;
+
+ /* Check the encryption schema OID
+ */
+ len = sizeof(enc_oid);
+ result =
+ asn1_read_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
+ enc_oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = check_schema(enc_oid)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ schema = result;
+
+ /* Get the DER encoding of the parameters.
+ */
+ result =
+ asn1_der_decoding_startEnd(pkcs8_asn, raw_key->data,
+ raw_key->size,
+ "encryptionAlgorithm.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ params_len = params_end - params_start + 1;
+
+ result =
+ read_pkcs_schema_params(&schema, password,
+ &raw_key->data[params_start],
+ params_len, &kdf_params, &enc_params);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Parameters have been decoded. Now
+ * decrypt the EncryptedData.
+ */
+ result =
+ decrypt_data(schema, pkcs8_asn, "encryptedData", password,
+ &kdf_params, &enc_params, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = decode_private_key_info(&tmp, pkey);
+ _gnutls_free_datum(&tmp);
+
+ if (result < 0) {
+ /* We've gotten this far. In the real world it's almost certain
+ * that we're dealing with a good file, but wrong password.
+ * Sadly like 90% of random data is somehow valid DER for the
+ * a first small number of bytes, so no easy way to guarantee. */
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_DER_ERROR ||
+ result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_GENERIC_ERROR ||
+ result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
+ result == GNUTLS_E_ASN1_TAG_ERROR ||
+ result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
+ result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
+ result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
+ result == GNUTLS_E_ASN1_DER_OVERFLOW) {
+ result = GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ gnutls_assert();
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ return result;
}
/* Converts a PKCS #8 key to
@@ -1010,244 +964,241 @@ error:
* (normally a PKCS #1 encoded RSA key)
*/
static int
-decode_pkcs8_key (const gnutls_datum_t * raw_key,
- const char *password, gnutls_x509_privkey_t pkey,
- unsigned int decrypt)
+decode_pkcs8_key(const gnutls_datum_t * raw_key,
+ const char *password, gnutls_x509_privkey_t pkey,
+ unsigned int decrypt)
{
- int result;
- ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = asn1_der_decoding (&pkcs8_asn, raw_key->data, raw_key->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- if (decrypt)
- result = decrypt_pkcs8_key(raw_key, pkcs8_asn, password, pkey);
- else
- result = 0;
-
-error:
- asn1_delete_structure (&pkcs8_asn);
- return result;
+ int result;
+ ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ asn1_der_decoding(&pkcs8_asn, raw_key->data, raw_key->size,
+ NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ if (decrypt)
+ result =
+ decrypt_pkcs8_key(raw_key, pkcs8_asn, password, pkey);
+ else
+ result = 0;
+
+ error:
+ asn1_delete_structure(&pkcs8_asn);
+ return result;
}
/* Decodes an RSA privateKey from a PKCS8 structure.
*/
static int
-_decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
+_decode_pkcs8_rsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
{
- int ret;
- gnutls_datum_t tmp;
-
- ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key (&tmp, pkey);
- _gnutls_free_datum (&tmp);
- if (pkey->key == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = 0;
-
-error:
- return ret;
+ int ret;
+ gnutls_datum_t tmp;
+
+ ret = _gnutls_x509_read_value(pkcs8_asn, "privateKey", &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key(&tmp, pkey);
+ _gnutls_free_datum(&tmp);
+ if (pkey->key == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ return ret;
}
/* Decodes an ECC privateKey from a PKCS8 structure.
*/
static int
-_decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
+_decode_pkcs8_ecc_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
{
- int ret;
- gnutls_datum_t tmp;
-
- ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- pkey->key = _gnutls_privkey_decode_ecc_key (&tmp, pkey);
- _gnutls_free_datum (&tmp);
- if (pkey->key == NULL)
- {
- ret = GNUTLS_E_PARSING_ERROR;
- gnutls_assert ();
- goto error;
- }
-
- ret = 0;
-
-error:
- return ret;
+ int ret;
+ gnutls_datum_t tmp;
+
+ ret = _gnutls_x509_read_value(pkcs8_asn, "privateKey", &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ pkey->key = _gnutls_privkey_decode_ecc_key(&tmp, pkey);
+ _gnutls_free_datum(&tmp);
+ if (pkey->key == NULL) {
+ ret = GNUTLS_E_PARSING_ERROR;
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = 0;
+
+ error:
+ return ret;
}
/* Decodes an DSA privateKey and params from a PKCS8 structure.
*/
static int
-_decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
+_decode_pkcs8_dsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
{
- int ret;
- gnutls_datum_t tmp;
-
- ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_x509_read_der_int (tmp.data, tmp.size, &pkey->params.params[4]);
- _gnutls_free_datum (&tmp);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret =
- _gnutls_x509_read_value (pkcs8_asn, "privateKeyAlgorithm.parameters",
- &tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = _gnutls_x509_read_pubkey_params (GNUTLS_PK_DSA, tmp.data, tmp.size, &pkey->params);
- _gnutls_free_datum (&tmp);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* the public key can be generated as g^x mod p */
- pkey->params.params[3] = _gnutls_mpi_alloc_like (pkey->params.params[0]);
- if (pkey->params.params[3] == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- _gnutls_mpi_powm (pkey->params.params[3], pkey->params.params[2], pkey->params.params[4],
- pkey->params.params[0]);
-
- ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA, &pkey->key, &pkey->params);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- pkey->params.params_nr = DSA_PRIVATE_PARAMS;
-
- ret = 0;
-
-error:
- return ret;
+ int ret;
+ gnutls_datum_t tmp;
+
+ ret = _gnutls_x509_read_value(pkcs8_asn, "privateKey", &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret =
+ _gnutls_x509_read_der_int(tmp.data, tmp.size,
+ &pkey->params.params[4]);
+ _gnutls_free_datum(&tmp);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret =
+ _gnutls_x509_read_value(pkcs8_asn,
+ "privateKeyAlgorithm.parameters",
+ &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret =
+ _gnutls_x509_read_pubkey_params(GNUTLS_PK_DSA, tmp.data,
+ tmp.size, &pkey->params);
+ _gnutls_free_datum(&tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* the public key can be generated as g^x mod p */
+ pkey->params.params[3] =
+ _gnutls_mpi_alloc_like(pkey->params.params[0]);
+ if (pkey->params.params[3] == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ _gnutls_mpi_powm(pkey->params.params[3], pkey->params.params[2],
+ pkey->params.params[4], pkey->params.params[0]);
+
+ ret =
+ _gnutls_asn1_encode_privkey(GNUTLS_PK_DSA, &pkey->key,
+ &pkey->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ pkey->params.params_nr = DSA_PRIVATE_PARAMS;
+
+ ret = 0;
+
+ error:
+ return ret;
}
static int
-decode_private_key_info (const gnutls_datum_t * der,
- gnutls_x509_privkey_t pkey)
+decode_private_key_info(const gnutls_datum_t * der,
+ gnutls_x509_privkey_t pkey)
{
- int result, len;
- char oid[64];
- ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
-
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-8-PrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = asn1_der_decoding (&pkcs8_asn, der->data, der->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Check the private key algorithm OID
- */
- len = sizeof (oid);
- result =
- asn1_read_value (pkcs8_asn, "privateKeyAlgorithm.algorithm", oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* we only support RSA and DSA private keys.
- */
-
- pkey->pk_algorithm = _gnutls_x509_oid2pk_algorithm(oid);
- if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("PKCS #8 private key OID '%s' is unsupported.\n", oid);
- result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- goto error;
- }
-
- /* Get the DER encoding of the actual private key.
- */
-
- if (pkey->pk_algorithm == GNUTLS_PK_RSA)
- result = _decode_pkcs8_rsa_key (pkcs8_asn, pkey);
- else if (pkey->pk_algorithm == GNUTLS_PK_DSA)
- result = _decode_pkcs8_dsa_key (pkcs8_asn, pkey);
- else if (pkey->pk_algorithm == GNUTLS_PK_EC)
- result = _decode_pkcs8_ecc_key (pkcs8_asn, pkey);
- else return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = 0;
-
-error:
- asn1_delete_structure (&pkcs8_asn);
-
- return result;
+ int result, len;
+ char oid[64];
+ ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
+
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-PrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = asn1_der_decoding(&pkcs8_asn, der->data, der->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Check the private key algorithm OID
+ */
+ len = sizeof(oid);
+ result =
+ asn1_read_value(pkcs8_asn, "privateKeyAlgorithm.algorithm",
+ oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* we only support RSA and DSA private keys.
+ */
+
+ pkey->pk_algorithm = _gnutls_x509_oid2pk_algorithm(oid);
+ if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("PKCS #8 private key OID '%s' is unsupported.\n",
+ oid);
+ result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ goto error;
+ }
+
+ /* Get the DER encoding of the actual private key.
+ */
+
+ if (pkey->pk_algorithm == GNUTLS_PK_RSA)
+ result = _decode_pkcs8_rsa_key(pkcs8_asn, pkey);
+ else if (pkey->pk_algorithm == GNUTLS_PK_DSA)
+ result = _decode_pkcs8_dsa_key(pkcs8_asn, pkey);
+ else if (pkey->pk_algorithm == GNUTLS_PK_EC)
+ result = _decode_pkcs8_ecc_key(pkcs8_asn, pkey);
+ else
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = 0;
+
+ error:
+ asn1_delete_structure(&pkcs8_asn);
+
+ return result;
}
@@ -1280,282 +1231,267 @@ error:
* negative error value.
**/
int
-gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format,
- const char *password, unsigned int flags)
+gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password, unsigned int flags)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- /* Try the first header
- */
- result =
- _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8,
- data->data, data->size, &_data);
-
- if (result < 0)
- { /* Try the encrypted header
- */
- result =
- _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
- else if (flags == 0)
- flags |= GNUTLS_PKCS_PLAIN;
-
- need_free = 1;
- }
-
- /* Here we don't check for password == NULL to maintain a backwards
- * compatibility behavior, with old versions that were encrypting using
- * a NULL password.
- */
- if (flags & GNUTLS_PKCS_PLAIN)
- {
- result = decode_private_key_info (&_data, key);
- if (result < 0)
- { /* check if it is encrypted */
- if (decode_pkcs8_key(&_data, "", key, 0) == 0)
- result = GNUTLS_E_DECRYPTION_FAILED;
- }
- }
- else
- { /* encrypted. */
- result = decode_pkcs8_key (&_data, password, key, 1);
- }
-
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (need_free)
- _gnutls_free_datum (&_data);
-
- /* The key has now been decoded.
- */
-
- return 0;
-
-cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ /* Try the first header
+ */
+ result =
+ _gnutls_fbase64_decode(PEM_UNENCRYPTED_PKCS8,
+ data->data, data->size, &_data);
+
+ if (result < 0) { /* Try the encrypted header
+ */
+ result =
+ _gnutls_fbase64_decode(PEM_PKCS8, data->data,
+ data->size, &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ } else if (flags == 0)
+ flags |= GNUTLS_PKCS_PLAIN;
+
+ need_free = 1;
+ }
+
+ /* Here we don't check for password == NULL to maintain a backwards
+ * compatibility behavior, with old versions that were encrypting using
+ * a NULL password.
+ */
+ if (flags & GNUTLS_PKCS_PLAIN) {
+ result = decode_private_key_info(&_data, key);
+ if (result < 0) { /* check if it is encrypted */
+ if (decode_pkcs8_key(&_data, "", key, 0) == 0)
+ result = GNUTLS_E_DECRYPTION_FAILED;
+ }
+ } else { /* encrypted. */
+ result = decode_pkcs8_key(&_data, password, key, 1);
+ }
+
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ /* The key has now been decoded.
+ */
+
+ return 0;
+
+ cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
/* Reads the PBKDF2 parameters.
*/
static int
-read_pbkdf2_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der, struct pbkdf2_params *params)
+read_pbkdf2_params(ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbkdf2_params *params)
{
- int params_start, params_end;
- int params_len, len, result;
- ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
- char oid[64];
-
- memset (params, 0, sizeof (*params));
-
- /* Check the key derivation algorithm
- */
- len = sizeof (oid);
- result =
- asn1_read_value (pbes2_asn, "keyDerivationFunc.algorithm", oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
- _gnutls_hard_log ("keyDerivationFunc.algorithm: %s\n", oid);
-
- if (strcmp (oid, PBKDF2_OID) != 0)
- {
- gnutls_assert ();
- _gnutls_debug_log
- ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
- return _gnutls_asn2err (result);
- }
-
- result =
- asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
- "keyDerivationFunc.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
- params_len = params_end - params_start + 1;
-
- /* Now check the key derivation and the encryption
- * functions.
- */
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBKDF2-params",
- &pbkdf2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result =
- asn1_der_decoding (&pbkdf2_asn, &der->data[params_start],
- params_len, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* read the salt */
- params->salt_size = sizeof (params->salt);
- result =
- asn1_read_value (pbkdf2_asn, "salt.specified", params->salt,
- &params->salt_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("salt.specified.size: %d\n", params->salt_size);
-
- /* read the iteration count
- */
- result =
- _gnutls_x509_read_uint (pbkdf2_asn, "iterationCount",
- &params->iter_count);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
- _gnutls_hard_log ("iterationCount: %d\n", params->iter_count);
-
- /* read the keylength, if it is set.
- */
- result =
- _gnutls_x509_read_uint (pbkdf2_asn, "keyLength", &params->key_size);
- if (result < 0)
- {
- params->key_size = 0;
- }
- _gnutls_hard_log ("keyLength: %d\n", params->key_size);
-
- /* We don't read the PRF. We only use the default.
- */
-
- result = 0;
-
-error:
- asn1_delete_structure (&pbkdf2_asn);
- return result;
+ int params_start, params_end;
+ int params_len, len, result;
+ ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
+ char oid[64];
+
+ memset(params, 0, sizeof(*params));
+
+ /* Check the key derivation algorithm
+ */
+ len = sizeof(oid);
+ result =
+ asn1_read_value(pbes2_asn, "keyDerivationFunc.algorithm", oid,
+ &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ _gnutls_hard_log("keyDerivationFunc.algorithm: %s\n", oid);
+
+ if (strcmp(oid, PBKDF2_OID) != 0) {
+ gnutls_assert();
+ _gnutls_debug_log
+ ("PKCS #8 key derivation OID '%s' is unsupported.\n",
+ oid);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding_startEnd(pbes2_asn, der->data, der->size,
+ "keyDerivationFunc.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ params_len = params_end - params_start + 1;
+
+ /* Now check the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-PBKDF2-params",
+ &pbkdf2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&pbkdf2_asn, &der->data[params_start],
+ params_len, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* read the salt */
+ params->salt_size = sizeof(params->salt);
+ result =
+ asn1_read_value(pbkdf2_asn, "salt.specified", params->salt,
+ &params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.specified.size: %d\n", params->salt_size);
+
+ /* read the iteration count
+ */
+ result =
+ _gnutls_x509_read_uint(pbkdf2_asn, "iterationCount",
+ &params->iter_count);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", params->iter_count);
+
+ /* read the keylength, if it is set.
+ */
+ result =
+ _gnutls_x509_read_uint(pbkdf2_asn, "keyLength",
+ &params->key_size);
+ if (result < 0) {
+ params->key_size = 0;
+ }
+ _gnutls_hard_log("keyLength: %d\n", params->key_size);
+
+ /* We don't read the PRF. We only use the default.
+ */
+
+ result = 0;
+
+ error:
+ asn1_delete_structure(&pbkdf2_asn);
+ return result;
}
/* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA).
*/
static int
-read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, struct pbkdf2_params *params)
+read_pkcs12_kdf_params(ASN1_TYPE pbes2_asn, struct pbkdf2_params *params)
{
- int result;
-
- memset (params, 0, sizeof (*params));
-
- /* read the salt */
- params->salt_size = sizeof (params->salt);
- result =
- asn1_read_value (pbes2_asn, "salt", params->salt, &params->salt_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("salt.size: %d\n", params->salt_size);
-
- /* read the iteration count
- */
- result =
- _gnutls_x509_read_uint (pbes2_asn, "iterations", &params->iter_count);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
- _gnutls_hard_log ("iterationCount: %d\n", params->iter_count);
-
- params->key_size = 0;
-
- return 0;
-
-error:
- return result;
+ int result;
+
+ memset(params, 0, sizeof(*params));
+
+ /* read the salt */
+ params->salt_size = sizeof(params->salt);
+ result =
+ asn1_read_value(pbes2_asn, "salt", params->salt,
+ &params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.size: %d\n", params->salt_size);
+
+ /* read the iteration count
+ */
+ result =
+ _gnutls_x509_read_uint(pbes2_asn, "iterations",
+ &params->iter_count);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", params->iter_count);
+
+ params->key_size = 0;
+
+ return 0;
+
+ error:
+ return result;
}
/* Writes the PBE parameters for PKCS-12 schemas.
*/
static int
-write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *kdf_params)
+write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
+ const struct pbkdf2_params *kdf_params)
{
- int result;
-
- /* write the salt
- */
- result =
- asn1_write_value (pbes2_asn, "salt",
- kdf_params->salt, kdf_params->salt_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("salt.size: %d\n", kdf_params->salt_size);
-
- /* write the iteration count
- */
- result =
- _gnutls_x509_write_uint32 (pbes2_asn, "iterations",
- kdf_params->iter_count);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count);
-
- return 0;
-
-error:
- return result;
+ int result;
+
+ /* write the salt
+ */
+ result =
+ asn1_write_value(pbes2_asn, "salt",
+ kdf_params->salt, kdf_params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.size: %d\n", kdf_params->salt_size);
+
+ /* write the iteration count
+ */
+ result =
+ _gnutls_x509_write_uint32(pbes2_asn, "iterations",
+ kdf_params->iter_count);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", kdf_params->iter_count);
+
+ return 0;
+
+ error:
+ return result;
}
@@ -1563,584 +1499,557 @@ error:
/* Converts an OID to a gnutls cipher type.
*/
inline static int
-oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo)
+oid2cipher(const char *oid, gnutls_cipher_algorithm_t * algo)
{
- *algo = 0;
-
- if (strcmp (oid, DES_EDE3_CBC_OID) == 0)
- {
- *algo = GNUTLS_CIPHER_3DES_CBC;
- return 0;
- }
- else if (strcmp (oid, DES_CBC_OID) == 0)
- {
- *algo = GNUTLS_CIPHER_DES_CBC;
- return 0;
- }
- else if (strcmp (oid, AES_128_CBC_OID) == 0)
- {
- *algo = GNUTLS_CIPHER_AES_128_CBC;
- return 0;
- }
- else if (strcmp (oid, AES_192_CBC_OID) == 0)
- {
- *algo = GNUTLS_CIPHER_AES_192_CBC;
- return 0;
- }
- else if (strcmp (oid, AES_256_CBC_OID) == 0)
- {
- *algo = GNUTLS_CIPHER_AES_256_CBC;
- return 0;
- }
-
- _gnutls_debug_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ *algo = 0;
+
+ if (strcmp(oid, DES_EDE3_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_3DES_CBC;
+ return 0;
+ } else if (strcmp(oid, DES_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_DES_CBC;
+ return 0;
+ } else if (strcmp(oid, AES_128_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_AES_128_CBC;
+ return 0;
+ } else if (strcmp(oid, AES_192_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_AES_192_CBC;
+ return 0;
+ } else if (strcmp(oid, AES_256_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_AES_256_CBC;
+ return 0;
+ }
+
+ _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n",
+ oid);
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
static int
-read_pbe_enc_params (ASN1_TYPE pbes2_asn,
- const gnutls_datum_t * der,
- struct pbe_enc_params *params)
+read_pbe_enc_params(ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbe_enc_params *params)
{
- int params_start, params_end;
- int params_len, len, result;
- ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
- char oid[64];
- const char *eparams;
-
- memset (params, 0, sizeof (*params));
-
- /* Check the encryption algorithm
- */
- len = sizeof (oid);
- result =
- asn1_read_value (pbes2_asn, "encryptionScheme.algorithm", oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
- _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid);
-
- if ((result = oid2cipher (oid, &params->cipher)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result =
- asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
- "encryptionScheme.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
- params_len = params_end - params_start + 1;
-
- /* Now check the encryption parameters.
- */
- eparams = cipher_to_pkcs_params (params->cipher, NULL);
- if (eparams == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- eparams, &pbe_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result =
- asn1_der_decoding (&pbe_asn, &der->data[params_start], params_len, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* read the IV */
- params->iv_size = sizeof (params->iv);
- result = asn1_read_value (pbe_asn, "", params->iv, &params->iv_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("IV.size: %d\n", params->iv_size);
-
- result = 0;
-
-error:
- asn1_delete_structure (&pbe_asn);
- return result;
+ int params_start, params_end;
+ int params_len, len, result;
+ ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
+ char oid[64];
+ const char *eparams;
+
+ memset(params, 0, sizeof(*params));
+
+ /* Check the encryption algorithm
+ */
+ len = sizeof(oid);
+ result =
+ asn1_read_value(pbes2_asn, "encryptionScheme.algorithm", oid,
+ &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("encryptionScheme.algorithm: %s\n", oid);
+
+ if ((result = oid2cipher(oid, &params->cipher)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ asn1_der_decoding_startEnd(pbes2_asn, der->data, der->size,
+ "encryptionScheme.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ params_len = params_end - params_start + 1;
+
+ /* Now check the encryption parameters.
+ */
+ eparams = cipher_to_pkcs_params(params->cipher, NULL);
+ if (eparams == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ eparams, &pbe_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&pbe_asn, &der->data[params_start],
+ params_len, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* read the IV */
+ params->iv_size = sizeof(params->iv);
+ result =
+ asn1_read_value(pbe_asn, "", params->iv, &params->iv_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("IV.size: %d\n", params->iv_size);
+
+ result = 0;
+
+ error:
+ asn1_delete_structure(&pbe_asn);
+ return result;
}
static int
-decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *root, const char *password,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * decrypted_data)
+decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *root, const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data)
{
- int result;
- int data_size;
- uint8_t *data = NULL, *key = NULL;
- gnutls_datum_t dkey, d_iv;
- cipher_hd_st ch;
- int ch_init = 0;
- int key_size;
- unsigned int pass_len = 0;
-
- if (password)
- pass_len = strlen(password);
-
- data_size = 0;
- result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- data = gnutls_malloc (data_size);
- if (data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_read_value (pkcs8_asn, root, data, &data_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- if (kdf_params->key_size == 0)
- {
- key_size = gnutls_cipher_get_key_size (enc_params->cipher);
- }
- else
- key_size = kdf_params->key_size;
-
- key = gnutls_malloc (key_size);
- if (key == NULL)
- {
- gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* generate the key
- */
- switch (schema)
- {
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
-
- result = _gnutls_pbkdf2_sha1 (password, pass_len,
- kdf_params->salt, kdf_params->salt_size,
- kdf_params->iter_count, key, key_size);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- break;
- default:
- result =
- _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- key_size, key);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- /* do the decryption.
- */
- dkey.data = key;
- dkey.size = key_size;
-
- d_iv.data = (uint8_t *) enc_params->iv;
- d_iv.size = enc_params->iv_size;
- result = _gnutls_cipher_init (&ch, cipher_to_entry(enc_params->cipher), &dkey, &d_iv, 0);
-
- gnutls_free (key);
- key = NULL;
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ch_init = 1;
-
- result = _gnutls_cipher_decrypt (&ch, data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- decrypted_data->data = data;
-
- if (gnutls_cipher_get_block_size (enc_params->cipher) != 1)
- decrypted_data->size = data_size - data[data_size - 1];
- else
- decrypted_data->size = data_size;
-
- _gnutls_cipher_deinit (&ch);
-
- return 0;
-
-error:
- gnutls_free (data);
- gnutls_free (key);
- if (ch_init != 0)
- _gnutls_cipher_deinit (&ch);
- return result;
+ int result;
+ int data_size;
+ uint8_t *data = NULL, *key = NULL;
+ gnutls_datum_t dkey, d_iv;
+ cipher_hd_st ch;
+ int ch_init = 0;
+ int key_size;
+ unsigned int pass_len = 0;
+
+ if (password)
+ pass_len = strlen(password);
+
+ data_size = 0;
+ result = asn1_read_value(pkcs8_asn, root, NULL, &data_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ data = gnutls_malloc(data_size);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value(pkcs8_asn, root, data, &data_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ if (kdf_params->key_size == 0) {
+ key_size = gnutls_cipher_get_key_size(enc_params->cipher);
+ } else
+ key_size = kdf_params->key_size;
+
+ key = gnutls_malloc(key_size);
+ if (key == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* generate the key
+ */
+ switch (schema) {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+ result = _gnutls_pbkdf2_sha1(password, pass_len,
+ kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, key,
+ key_size);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ break;
+ default:
+ result =
+ _gnutls_pkcs12_string_to_key(1 /*KEY*/,
+ kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
+ password, key_size, key);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ /* do the decryption.
+ */
+ dkey.data = key;
+ dkey.size = key_size;
+
+ d_iv.data = (uint8_t *) enc_params->iv;
+ d_iv.size = enc_params->iv_size;
+ result =
+ _gnutls_cipher_init(&ch, cipher_to_entry(enc_params->cipher),
+ &dkey, &d_iv, 0);
+
+ gnutls_free(key);
+ key = NULL;
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ch_init = 1;
+
+ result = _gnutls_cipher_decrypt(&ch, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ decrypted_data->data = data;
+
+ if (gnutls_cipher_get_block_size(enc_params->cipher) != 1)
+ decrypted_data->size = data_size - data[data_size - 1];
+ else
+ decrypted_data->size = data_size;
+
+ _gnutls_cipher_deinit(&ch);
+
+ return 0;
+
+ error:
+ gnutls_free(data);
+ gnutls_free(key);
+ if (ch_init != 0)
+ _gnutls_cipher_deinit(&ch);
+ return result;
}
/* Writes the PBKDF2 parameters.
*/
static int
-write_pbkdf2_params (ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *kdf_params)
+write_pbkdf2_params(ASN1_TYPE pbes2_asn,
+ const struct pbkdf2_params *kdf_params)
{
- int result;
- ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
- uint8_t tmp[64];
-
- /* Write the key derivation algorithm
- */
- result =
- asn1_write_value (pbes2_asn, "keyDerivationFunc.algorithm",
- PBKDF2_OID, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Now write the key derivation and the encryption
- * functions.
- */
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBKDF2-params",
- &pbkdf2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = asn1_write_value (pbkdf2_asn, "salt", "specified", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* write the salt
- */
- result =
- asn1_write_value (pbkdf2_asn, "salt.specified",
- kdf_params->salt, kdf_params->salt_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("salt.specified.size: %d\n", kdf_params->salt_size);
-
- /* write the iteration count
- */
- _gnutls_write_uint32 (kdf_params->iter_count, tmp);
-
- result = asn1_write_value (pbkdf2_asn, "iterationCount", tmp, 4);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count);
-
- /* write the keylength, if it is set.
- */
- result = asn1_write_value (pbkdf2_asn, "keyLength", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* We write an emptry prf.
- */
- result = asn1_write_value (pbkdf2_asn, "prf", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* now encode them an put the DER output
- * in the keyDerivationFunc.parameters
- */
- result = _gnutls_x509_der_encode_and_copy (pbkdf2_asn, "",
- pbes2_asn,
- "keyDerivationFunc.parameters",
- 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- return 0;
-
-error:
- asn1_delete_structure (&pbkdf2_asn);
- return result;
+ int result;
+ ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
+ uint8_t tmp[64];
+
+ /* Write the key derivation algorithm
+ */
+ result =
+ asn1_write_value(pbes2_asn, "keyDerivationFunc.algorithm",
+ PBKDF2_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Now write the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-PBKDF2-params",
+ &pbkdf2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(pbkdf2_asn, "salt", "specified", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* write the salt
+ */
+ result =
+ asn1_write_value(pbkdf2_asn, "salt.specified",
+ kdf_params->salt, kdf_params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.specified.size: %d\n",
+ kdf_params->salt_size);
+
+ /* write the iteration count
+ */
+ _gnutls_write_uint32(kdf_params->iter_count, tmp);
+
+ result = asn1_write_value(pbkdf2_asn, "iterationCount", tmp, 4);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", kdf_params->iter_count);
+
+ /* write the keylength, if it is set.
+ */
+ result = asn1_write_value(pbkdf2_asn, "keyLength", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* We write an emptry prf.
+ */
+ result = asn1_write_value(pbkdf2_asn, "prf", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* now encode them an put the DER output
+ * in the keyDerivationFunc.parameters
+ */
+ result = _gnutls_x509_der_encode_and_copy(pbkdf2_asn, "",
+ pbes2_asn,
+ "keyDerivationFunc.parameters",
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbkdf2_asn);
+ return result;
}
static int
-write_pbe_enc_params (ASN1_TYPE pbes2_asn,
- const struct pbe_enc_params *params)
+write_pbe_enc_params(ASN1_TYPE pbes2_asn,
+ const struct pbe_enc_params *params)
{
- int result;
- ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
- const char *oid, *eparams;
-
- /* Write the encryption algorithm
- */
- eparams = cipher_to_pkcs_params (params->cipher, &oid);
- if (eparams == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- goto error;
- }
- _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid);
-
- /* Now check the encryption parameters.
- */
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- eparams, &pbe_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* read the salt */
- result = asn1_write_value (pbe_asn, "", params->iv, params->iv_size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- _gnutls_hard_log ("IV.size: %d\n", params->iv_size);
-
- /* now encode them an put the DER output
- * in the encryptionScheme.parameters
- */
- result = _gnutls_x509_der_encode_and_copy (pbe_asn, "",
- pbes2_asn,
- "encryptionScheme.parameters",
- 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- return 0;
-
-error:
- asn1_delete_structure (&pbe_asn);
- return result;
+ int result;
+ ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
+ const char *oid, *eparams;
+
+ /* Write the encryption algorithm
+ */
+ eparams = cipher_to_pkcs_params(params->cipher, &oid);
+ if (eparams == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ asn1_write_value(pbes2_asn, "encryptionScheme.algorithm", oid,
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("encryptionScheme.algorithm: %s\n", oid);
+
+ /* Now check the encryption parameters.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ eparams, &pbe_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* read the salt */
+ result =
+ asn1_write_value(pbe_asn, "", params->iv, params->iv_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("IV.size: %d\n", params->iv_size);
+
+ /* now encode them an put the DER output
+ * in the encryptionScheme.parameters
+ */
+ result = _gnutls_x509_der_encode_and_copy(pbe_asn, "",
+ pbes2_asn,
+ "encryptionScheme.parameters",
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbe_asn);
+ return result;
}
/* Generates a key and also stores the key parameters.
*/
static int
-generate_key (schema_id schema,
- const char *password,
- struct pbkdf2_params *kdf_params,
- struct pbe_enc_params *enc_params, gnutls_datum_t * key)
+generate_key(schema_id schema,
+ const char *password,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params, gnutls_datum_t * key)
{
- unsigned char rnd[2];
- unsigned int pass_len = 0;
- int ret;
-
- if (password)
- pass_len = strlen(password);
-
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* generate salt */
- kdf_params->salt_size =
- MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10)));
-
- switch (schema)
- {
- case PBES2_3DES:
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- break;
- case PBES2_AES_128:
- enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC;
- break;
- case PBES2_AES_192:
- enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC;
- break;
- case PBES2_AES_256:
- enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC;
- break;
- /* non PBES2 algorithms */
- case PKCS12_ARCFOUR_SHA1:
- enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
- kdf_params->salt_size = 8;
- break;
- case PKCS12_3DES_SHA1:
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- kdf_params->salt_size = 8;
- break;
- case PKCS12_RC2_40_SHA1:
- enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
- kdf_params->salt_size = 8;
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt,
- kdf_params->salt_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_RANDOM_FAILED;
- }
-
- kdf_params->iter_count = 256 + rnd[0];
- key->size = kdf_params->key_size =
- gnutls_cipher_get_key_size (enc_params->cipher);
-
- enc_params->iv_size = gnutls_cipher_get_iv_size (enc_params->cipher);
- key->data = gnutls_malloc (key->size);
- if (key->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* now generate the key.
- */
-
- switch (schema)
- {
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
-
- ret = _gnutls_pbkdf2_sha1 (password, pass_len,
- kdf_params->salt, kdf_params->salt_size,
- kdf_params->iter_count,
- key->data, kdf_params->key_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (enc_params->iv_size)
- {
- ret = _gnutls_rnd (GNUTLS_RND_NONCE,
- enc_params->iv, enc_params->iv_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- break;
-
- default:
- ret =
- _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- kdf_params->key_size, key->data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Now generate the IV
- */
- if (enc_params->iv_size)
- {
- ret =
- _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, password,
- enc_params->iv_size,
- enc_params->iv);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- }
-
-
- return 0;
+ unsigned char rnd[2];
+ unsigned int pass_len = 0;
+ int ret;
+
+ if (password)
+ pass_len = strlen(password);
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, rnd, 2);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* generate salt */
+ kdf_params->salt_size =
+ MIN(sizeof(kdf_params->salt), (unsigned) (10 + (rnd[1] % 10)));
+
+ switch (schema) {
+ case PBES2_3DES:
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ break;
+ case PBES2_AES_128:
+ enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC;
+ break;
+ case PBES2_AES_192:
+ enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC;
+ break;
+ case PBES2_AES_256:
+ enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC;
+ break;
+ /* non PBES2 algorithms */
+ case PKCS12_ARCFOUR_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
+ kdf_params->salt_size = 8;
+ break;
+ case PKCS12_3DES_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ kdf_params->salt_size = 8;
+ break;
+ case PKCS12_RC2_40_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
+ kdf_params->salt_size = 8;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_rnd(GNUTLS_RND_RANDOM, kdf_params->salt,
+ kdf_params->salt_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
+ }
+
+ kdf_params->iter_count = 256 + rnd[0];
+ key->size = kdf_params->key_size =
+ gnutls_cipher_get_key_size(enc_params->cipher);
+
+ enc_params->iv_size =
+ gnutls_cipher_get_iv_size(enc_params->cipher);
+ key->data = gnutls_malloc(key->size);
+ if (key->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* now generate the key.
+ */
+
+ switch (schema) {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+ ret = _gnutls_pbkdf2_sha1(password, pass_len,
+ kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
+ key->data, kdf_params->key_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (enc_params->iv_size) {
+ ret = _gnutls_rnd(GNUTLS_RND_NONCE,
+ enc_params->iv,
+ enc_params->iv_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ break;
+
+ default:
+ ret =
+ _gnutls_pkcs12_string_to_key(1 /*KEY*/,
+ kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count,
+ password,
+ kdf_params->key_size,
+ key->data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Now generate the IV
+ */
+ if (enc_params->iv_size) {
+ ret =
+ _gnutls_pkcs12_string_to_key(2 /*IV*/,
+ kdf_params->salt,
+ kdf_params->
+ salt_size,
+ kdf_params->
+ iter_count,
+ password,
+ enc_params->
+ iv_size,
+ enc_params->iv);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ }
+
+
+ return 0;
}
@@ -2148,408 +2057,382 @@ generate_key (schema_id schema,
* part.
*/
static int
-write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
- const char *where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params)
+write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params)
{
- int result;
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
-
- switch (schema)
- {
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-5-PBES2-params",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = write_pbkdf2_params (pbes2_asn, kdf_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = write_pbe_enc_params (pbes2_asn, enc_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
- pkcs8_asn, where, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- asn1_delete_structure (&pbes2_asn);
- break;
-
- default:
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-12-PbeParams",
- &pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = write_pkcs12_kdf_params (pbes2_asn, kdf_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
- pkcs8_asn, where, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- asn1_delete_structure (&pbes2_asn);
-
- }
-
- return 0;
-
-error:
- asn1_delete_structure (&pbes2_asn);
- return result;
+ int result;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
+
+ switch (schema) {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-PBES2-params",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = write_pbkdf2_params(pbes2_asn, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = write_pbe_enc_params(pbes2_asn, enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = _gnutls_x509_der_encode_and_copy(pbes2_asn, "",
+ pkcs8_asn, where,
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ asn1_delete_structure(&pbes2_asn);
+ break;
+
+ default:
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-PbeParams",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = write_pkcs12_kdf_params(pbes2_asn, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = _gnutls_x509_der_encode_and_copy(pbes2_asn, "",
+ pkcs8_asn, where,
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ asn1_delete_structure(&pbes2_asn);
+
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ return result;
}
static int
-encrypt_data (const gnutls_datum_t * plain,
- const struct pbe_enc_params *enc_params,
- gnutls_datum_t * key, gnutls_datum_t * encrypted)
+encrypt_data(const gnutls_datum_t * plain,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted)
{
- int result;
- int data_size;
- uint8_t *data = NULL;
- gnutls_datum_t d_iv;
- cipher_hd_st ch;
- int ch_init = 0;
- uint8_t pad, pad_size;
-
- pad_size = gnutls_cipher_get_block_size (enc_params->cipher);
-
- if (pad_size == 1) /* stream */
- pad_size = 0;
-
- data = gnutls_malloc (plain->size + pad_size);
- if (data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (data, plain->data, plain->size);
-
- if (pad_size > 0)
- {
- pad = pad_size - (plain->size % pad_size);
- if (pad == 0)
- pad = pad_size;
- memset (&data[plain->size], pad, pad);
- }
- else
- pad = 0;
-
- data_size = plain->size + pad;
-
- d_iv.data = (uint8_t *) enc_params->iv;
- d_iv.size = enc_params->iv_size;
- result = _gnutls_cipher_init (&ch, cipher_to_entry(enc_params->cipher), key, &d_iv, 1);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ch_init = 1;
-
- result = _gnutls_cipher_encrypt (&ch, data, data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- encrypted->data = data;
- encrypted->size = data_size;
-
- _gnutls_cipher_deinit (&ch);
-
- return 0;
-
-error:
- gnutls_free (data);
- if (ch_init != 0)
- _gnutls_cipher_deinit (&ch);
- return result;
+ int result;
+ int data_size;
+ uint8_t *data = NULL;
+ gnutls_datum_t d_iv;
+ cipher_hd_st ch;
+ int ch_init = 0;
+ uint8_t pad, pad_size;
+
+ pad_size = gnutls_cipher_get_block_size(enc_params->cipher);
+
+ if (pad_size == 1) /* stream */
+ pad_size = 0;
+
+ data = gnutls_malloc(plain->size + pad_size);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(data, plain->data, plain->size);
+
+ if (pad_size > 0) {
+ pad = pad_size - (plain->size % pad_size);
+ if (pad == 0)
+ pad = pad_size;
+ memset(&data[plain->size], pad, pad);
+ } else
+ pad = 0;
+
+ data_size = plain->size + pad;
+
+ d_iv.data = (uint8_t *) enc_params->iv;
+ d_iv.size = enc_params->iv_size;
+ result =
+ _gnutls_cipher_init(&ch, cipher_to_entry(enc_params->cipher),
+ key, &d_iv, 1);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ch_init = 1;
+
+ result = _gnutls_cipher_encrypt(&ch, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ encrypted->data = data;
+ encrypted->size = data_size;
+
+ _gnutls_cipher_deinit(&ch);
+
+ return 0;
+
+ error:
+ gnutls_free(data);
+ if (ch_init != 0)
+ _gnutls_cipher_deinit(&ch);
+ return result;
}
/* Decrypts a PKCS #7 encryptedData. The output is allocated
* and stored in dec.
*/
int
-_gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * dec)
+_gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * dec)
{
- int result, len;
- char enc_oid[64];
- gnutls_datum_t tmp;
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY;
- int params_start, params_end, params_len;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
- schema_id schema;
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-7-EncryptedData",
- &pkcs7_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = asn1_der_decoding (&pkcs7_asn, data->data, data->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Check the encryption schema OID
- */
- len = sizeof (enc_oid);
- result =
- asn1_read_value (pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- enc_oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- if ((result = check_schema (enc_oid)) < 0)
- {
- gnutls_assert ();
- goto error;
- }
- schema = result;
-
- /* Get the DER encoding of the parameters.
- */
- result =
- asn1_der_decoding_startEnd (pkcs7_asn, data->data, data->size,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
- params_len = params_end - params_start + 1;
-
- result =
- read_pkcs_schema_params (&schema, password,
- &data->data[params_start],
- params_len, &kdf_params, &enc_params);
- if (result < ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Parameters have been decoded. Now
- * decrypt the EncryptedData.
- */
-
- result =
- decrypt_data (schema, pkcs7_asn,
- "encryptedContentInfo.encryptedContent", password,
- &kdf_params, &enc_params, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- asn1_delete_structure (&pkcs7_asn);
-
- *dec = tmp;
-
- return 0;
-
-error:
- asn1_delete_structure (&pbes2_asn);
- asn1_delete_structure (&pkcs7_asn);
- return result;
+ int result, len;
+ char enc_oid[64];
+ gnutls_datum_t tmp;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY;
+ int params_start, params_end, params_len;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ schema_id schema;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-EncryptedData",
+ &pkcs7_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Check the encryption schema OID
+ */
+ len = sizeof(enc_oid);
+ result =
+ asn1_read_value(pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ enc_oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ if ((result = check_schema(enc_oid)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ schema = result;
+
+ /* Get the DER encoding of the parameters.
+ */
+ result =
+ asn1_der_decoding_startEnd(pkcs7_asn, data->data, data->size,
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ params_len = params_end - params_start + 1;
+
+ result =
+ read_pkcs_schema_params(&schema, password,
+ &data->data[params_start],
+ params_len, &kdf_params, &enc_params);
+ if (result < ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Parameters have been decoded. Now
+ * decrypt the EncryptedData.
+ */
+
+ result =
+ decrypt_data(schema, pkcs7_asn,
+ "encryptedContentInfo.encryptedContent", password,
+ &kdf_params, &enc_params, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ asn1_delete_structure(&pkcs7_asn);
+
+ *dec = tmp;
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ asn1_delete_structure(&pkcs7_asn);
+ return result;
}
/* Encrypts to a PKCS #7 encryptedData. The output is allocated
* and stored in enc.
*/
int
-_gnutls_pkcs7_encrypt_data (schema_id schema,
- const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * enc)
+_gnutls_pkcs7_encrypt_data(schema_id schema,
+ const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * enc)
{
- int result;
- gnutls_datum_t key = { NULL, 0 };
- gnutls_datum_t tmp = { NULL, 0 };
- ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
- const char *str_oid;
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.pkcs-7-EncryptedData",
- &pkcs7_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Write the encryption schema OID
- */
- result = schema_to_oid (schema, &str_oid);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- asn1_write_value (pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- str_oid, 1);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Generate a symmetric key.
- */
-
- result = generate_key (schema, password, &kdf_params, &enc_params, &key);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = write_schema_params (schema, pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- &kdf_params, &enc_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* Parameters have been encoded. Now
- * encrypt the Data.
- */
- result = encrypt_data (data, &enc_params, &key, &tmp);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- /* write the encrypted data.
- */
- result =
- asn1_write_value (pkcs7_asn,
- "encryptedContentInfo.encryptedContent", tmp.data,
- tmp.size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- _gnutls_free_datum (&tmp);
- _gnutls_free_datum (&key);
-
- /* Now write the rest of the pkcs-7 stuff.
- */
-
- result = _gnutls_x509_write_uint32 (pkcs7_asn, "version", 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result =
- asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType",
- DATA_OID, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = asn1_write_value (pkcs7_asn, "unprotectedAttrs", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* Now encode and copy the DER stuff.
- */
- result = _gnutls_x509_der_encode (pkcs7_asn, "", enc, 0);
-
- asn1_delete_structure (&pkcs7_asn);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
-
-error:
- _gnutls_free_datum (&key);
- _gnutls_free_datum (&tmp);
- asn1_delete_structure (&pkcs7_asn);
- return result;
+ int result;
+ gnutls_datum_t key = { NULL, 0 };
+ gnutls_datum_t tmp = { NULL, 0 };
+ ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ const char *str_oid;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-EncryptedData",
+ &pkcs7_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Write the encryption schema OID
+ */
+ result = schema_to_oid(schema, &str_oid);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ asn1_write_value(pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ str_oid, 1);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Generate a symmetric key.
+ */
+
+ result =
+ generate_key(schema, password, &kdf_params, &enc_params, &key);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = write_schema_params(schema, pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &kdf_params, &enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Parameters have been encoded. Now
+ * encrypt the Data.
+ */
+ result = encrypt_data(data, &enc_params, &key, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* write the encrypted data.
+ */
+ result =
+ asn1_write_value(pkcs7_asn,
+ "encryptedContentInfo.encryptedContent",
+ tmp.data, tmp.size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ _gnutls_free_datum(&tmp);
+ _gnutls_free_datum(&key);
+
+ /* Now write the rest of the pkcs-7 stuff.
+ */
+
+ result = _gnutls_x509_write_uint32(pkcs7_asn, "version", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentType",
+ DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = asn1_write_value(pkcs7_asn, "unprotectedAttrs", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Now encode and copy the DER stuff.
+ */
+ result = _gnutls_x509_der_encode(pkcs7_asn, "", enc, 0);
+
+ asn1_delete_structure(&pkcs7_asn);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+
+ error:
+ _gnutls_free_datum(&key);
+ _gnutls_free_datum(&tmp);
+ asn1_delete_structure(&pkcs7_asn);
+ return result;
}
-
diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c
index 52fd1db35b..6876d1ef53 100644
--- a/lib/x509/rfc2818_hostname.c
+++ b/lib/x509/rfc2818_hostname.c
@@ -38,67 +38,66 @@
* Returns: non-zero for a successful match, and zero on failure.
**/
int
-gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const char *hostname)
+gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert,
+ const char *hostname)
{
- char dnsname[MAX_CN];
- size_t dnsnamesize;
- int found_dnsname = 0;
- int ret = 0;
- int i = 0;
+ char dnsname[MAX_CN];
+ size_t dnsnamesize;
+ int found_dnsname = 0;
+ int ret = 0;
+ int i = 0;
- /* try matching against:
- * 1) a DNS name as an alternative name (subjectAltName) extension
- * in the certificate
- * 2) the common name (CN) in the certificate
- *
- * either of these may be of the form: *.domain.tld
- *
- * only try (2) if there is no subjectAltName extension of
- * type dNSName
- */
+ /* try matching against:
+ * 1) a DNS name as an alternative name (subjectAltName) extension
+ * in the certificate
+ * 2) the common name (CN) in the certificate
+ *
+ * either of these may be of the form: *.domain.tld
+ *
+ * only try (2) if there is no subjectAltName extension of
+ * type dNSName
+ */
- /* Check through all included subjectAltName extensions, comparing
- * against all those of type dNSName.
- */
- for (i = 0; !(ret < 0); i++)
- {
+ /* Check through all included subjectAltName extensions, comparing
+ * against all those of type dNSName.
+ */
+ for (i = 0; !(ret < 0); i++) {
- dnsnamesize = sizeof (dnsname);
- ret = gnutls_x509_crt_get_subject_alt_name (cert, i,
- dnsname, &dnsnamesize,
- NULL);
+ dnsnamesize = sizeof(dnsname);
+ ret = gnutls_x509_crt_get_subject_alt_name(cert, i,
+ dnsname,
+ &dnsnamesize,
+ NULL);
- if (ret == GNUTLS_SAN_DNSNAME)
- {
- found_dnsname = 1;
- if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname, 0))
- {
- return 1;
- }
- }
- }
+ if (ret == GNUTLS_SAN_DNSNAME) {
+ found_dnsname = 1;
+ if (_gnutls_hostname_compare
+ (dnsname, dnsnamesize, hostname, 0)) {
+ return 1;
+ }
+ }
+ }
- if (!found_dnsname)
- {
- /* not got the necessary extension, use CN instead
- */
- dnsnamesize = sizeof (dnsname);
- if (gnutls_x509_crt_get_dn_by_oid (cert, OID_X520_COMMON_NAME, 0,
- 0, dnsname, &dnsnamesize) < 0)
- {
- /* got an error, can't find a name
- */
- return 0;
- }
+ if (!found_dnsname) {
+ /* not got the necessary extension, use CN instead
+ */
+ dnsnamesize = sizeof(dnsname);
+ if (gnutls_x509_crt_get_dn_by_oid
+ (cert, OID_X520_COMMON_NAME, 0, 0, dnsname,
+ &dnsnamesize) < 0) {
+ /* got an error, can't find a name
+ */
+ return 0;
+ }
- if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname, 0))
- {
- return 1;
- }
- }
+ if (_gnutls_hostname_compare
+ (dnsname, dnsnamesize, hostname, 0)) {
+ return 1;
+ }
+ }
- /* not found a matching name
- */
- return 0;
+ /* not found a matching name
+ */
+ return 0;
}
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 4bc092dbe4..d924ad4209 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -29,7 +29,7 @@
#include <gnutls_errors.h>
#include <libtasn1.h>
#include <gnutls_global.h>
-#include <gnutls_num.h> /* MAX */
+#include <gnutls_num.h> /* MAX */
#include <gnutls_sig.h>
#include <gnutls_str.h>
#include <gnutls_datum.h>
@@ -42,36 +42,34 @@
* of the TBS and sign it on the fly.
*/
int
-_gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
- gnutls_datum_t * tbs)
+_gnutls_x509_get_tbs(ASN1_TYPE cert, const char *tbs_name,
+ gnutls_datum_t * tbs)
{
- int result;
- uint8_t *buf;
- int buf_size;
+ int result;
+ uint8_t *buf;
+ int buf_size;
- buf_size = 0;
- asn1_der_coding (cert, tbs_name, NULL, &buf_size, NULL);
+ buf_size = 0;
+ asn1_der_coding(cert, tbs_name, NULL, &buf_size, NULL);
- buf = gnutls_malloc (buf_size);
- if (buf == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ buf = gnutls_malloc(buf_size);
+ if (buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- result = asn1_der_coding (cert, tbs_name, buf, &buf_size, NULL);
+ result = asn1_der_coding(cert, tbs_name, buf, &buf_size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (buf);
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(buf);
+ return _gnutls_asn2err(result);
+ }
- tbs->data = buf;
- tbs->size = buf_size;
+ tbs->data = buf;
+ tbs->size = buf_size;
- return 0;
+ return 0;
}
/*-
@@ -87,86 +85,84 @@ _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
* negative error value.
-*/
int
-_gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
- gnutls_digest_algorithm_t dig,
- gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key)
+_gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
+ gnutls_digest_algorithm_t dig,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key)
{
- int result;
- gnutls_datum_t signature;
- gnutls_datum_t tbs;
- char name[128];
-
- /* Step 1. Copy the issuer's name into the certificate.
- */
- _gnutls_str_cpy (name, sizeof (name), src_name);
- _gnutls_str_cat (name, sizeof (name), ".issuer");
-
- result = asn1_copy_node (src, name, issuer->cert, "tbsCertificate.subject");
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Step 1.5. Write the signature stuff in the tbsCertificate.
- */
- _gnutls_str_cpy (name, sizeof (name), src_name);
- _gnutls_str_cat (name, sizeof (name), ".signature");
-
- result = _gnutls_x509_write_sig_params (src, name,
- gnutls_privkey_get_pk_algorithm
- (issuer_key, NULL), dig);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* Step 2. Sign the certificate.
- */
- result = _gnutls_x509_get_tbs (src, src_name, &tbs);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_privkey_sign_data (issuer_key, dig, 0, &tbs, &signature);
- gnutls_free (tbs.data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- /* write the signature (bits)
- */
- result =
- asn1_write_value (src, "signature", signature.data, signature.size * 8);
-
- _gnutls_free_datum (&signature);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Step 3. Move up and write the AlgorithmIdentifier, which is also
- * the same.
- */
-
- result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm",
- gnutls_privkey_get_pk_algorithm
- (issuer_key, NULL), dig);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+ gnutls_datum_t signature;
+ gnutls_datum_t tbs;
+ char name[128];
+
+ /* Step 1. Copy the issuer's name into the certificate.
+ */
+ _gnutls_str_cpy(name, sizeof(name), src_name);
+ _gnutls_str_cat(name, sizeof(name), ".issuer");
+
+ result =
+ asn1_copy_node(src, name, issuer->cert,
+ "tbsCertificate.subject");
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Step 1.5. Write the signature stuff in the tbsCertificate.
+ */
+ _gnutls_str_cpy(name, sizeof(name), src_name);
+ _gnutls_str_cat(name, sizeof(name), ".signature");
+
+ result = _gnutls_x509_write_sig_params(src, name,
+ gnutls_privkey_get_pk_algorithm
+ (issuer_key, NULL), dig);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Sign the certificate.
+ */
+ result = _gnutls_x509_get_tbs(src, src_name, &tbs);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ gnutls_privkey_sign_data(issuer_key, dig, 0, &tbs, &signature);
+ gnutls_free(tbs.data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* write the signature (bits)
+ */
+ result =
+ asn1_write_value(src, "signature", signature.data,
+ signature.size * 8);
+
+ _gnutls_free_datum(&signature);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Step 3. Move up and write the AlgorithmIdentifier, which is also
+ * the same.
+ */
+
+ result = _gnutls_x509_write_sig_params(src, "signatureAlgorithm",
+ gnutls_privkey_get_pk_algorithm
+ (issuer_key, NULL), dig);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
-
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 71abe45d11..72e6656519 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -24,7 +24,7 @@
#include <gnutls_errors.h>
#include <libtasn1.h>
#include <gnutls_global.h>
-#include <gnutls_num.h> /* MAX */
+#include <gnutls_num.h> /* MAX */
#include <gnutls_sig.h>
#include <gnutls_str.h>
#include <gnutls_datum.h>
@@ -34,27 +34,27 @@
#include "verify-high.h"
struct named_cert_st {
- gnutls_x509_crt_t cert;
- uint8_t name[MAX_SERVER_NAME_SIZE];
- unsigned int name_size;
+ gnutls_x509_crt_t cert;
+ uint8_t name[MAX_SERVER_NAME_SIZE];
+ unsigned int name_size;
};
struct node_st {
- /* The trusted certificates */
- gnutls_x509_crt_t *trusted_cas;
- unsigned int trusted_ca_size;
+ /* The trusted certificates */
+ gnutls_x509_crt_t *trusted_cas;
+ unsigned int trusted_ca_size;
- struct named_cert_st *named_certs;
- unsigned int named_cert_size;
+ struct named_cert_st *named_certs;
+ unsigned int named_cert_size;
- /* The trusted CRLs */
- gnutls_x509_crl_t *crls;
- unsigned int crl_size;
+ /* The trusted CRLs */
+ gnutls_x509_crl_t *crls;
+ unsigned int crl_size;
};
struct gnutls_x509_trust_list_st {
- unsigned int size;
- struct node_st *node;
+ unsigned int size;
+ struct node_st *node;
};
#define DEFAULT_SIZE 127
@@ -73,28 +73,28 @@ struct gnutls_x509_trust_list_st {
**/
int
gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list,
- unsigned int size)
+ unsigned int size)
{
- gnutls_x509_trust_list_t tmp =
- gnutls_calloc(1, sizeof(struct gnutls_x509_trust_list_st));
+ gnutls_x509_trust_list_t tmp =
+ gnutls_calloc(1, sizeof(struct gnutls_x509_trust_list_st));
- if (!tmp)
- return GNUTLS_E_MEMORY_ERROR;
+ if (!tmp)
+ return GNUTLS_E_MEMORY_ERROR;
- if (size == 0)
- size = DEFAULT_SIZE;
- tmp->size = size;
+ if (size == 0)
+ size = DEFAULT_SIZE;
+ tmp->size = size;
- tmp->node = gnutls_calloc(1, tmp->size * sizeof(tmp->node[0]));
- if (tmp->node == NULL) {
- gnutls_assert();
- gnutls_free(tmp);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ tmp->node = gnutls_calloc(1, tmp->size * sizeof(tmp->node[0]));
+ if (tmp->node == NULL) {
+ gnutls_assert();
+ gnutls_free(tmp);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- *list = tmp;
+ *list = tmp;
- return 0; /* success */
+ return 0; /* success */
}
/**
@@ -108,35 +108,39 @@ gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list,
**/
void
gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list,
- unsigned int all)
+ unsigned int all)
{
- unsigned int i, j;
-
- if (!list)
- return;
-
- for (i = 0; i < list->size; i++) {
- if (all)
- for (j = 0; j < list->node[i].trusted_ca_size; j++) {
- gnutls_x509_crt_deinit(list->node[i].trusted_cas[j]);
- }
- gnutls_free(list->node[i].trusted_cas);
-
- if (all)
- for (j = 0; j < list->node[i].crl_size; j++) {
- gnutls_x509_crl_deinit(list->node[i].crls[j]);
- }
- gnutls_free(list->node[i].crls);
-
- if (all)
- for (j = 0; j < list->node[i].named_cert_size; j++) {
- gnutls_x509_crt_deinit(list->node[i].named_certs[j].cert);
- }
- gnutls_free(list->node[i].named_certs);
- }
-
- gnutls_free(list->node);
- gnutls_free(list);
+ unsigned int i, j;
+
+ if (!list)
+ return;
+
+ for (i = 0; i < list->size; i++) {
+ if (all)
+ for (j = 0; j < list->node[i].trusted_ca_size; j++) {
+ gnutls_x509_crt_deinit(list->node[i].
+ trusted_cas[j]);
+ }
+ gnutls_free(list->node[i].trusted_cas);
+
+ if (all)
+ for (j = 0; j < list->node[i].crl_size; j++) {
+ gnutls_x509_crl_deinit(list->node[i].
+ crls[j]);
+ }
+ gnutls_free(list->node[i].crls);
+
+ if (all)
+ for (j = 0; j < list->node[i].named_cert_size; j++) {
+ gnutls_x509_crt_deinit(list->node[i].
+ named_certs[j].
+ cert);
+ }
+ gnutls_free(list->node[i].named_certs);
+ }
+
+ gnutls_free(list->node);
+ gnutls_free(list);
}
/**
@@ -156,32 +160,35 @@ gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
- const gnutls_x509_crt_t * clist,
- int clist_size, unsigned int flags)
+ const gnutls_x509_crt_t * clist,
+ int clist_size, unsigned int flags)
{
- int i;
- uint32_t hash;
-
- for (i = 0; i < clist_size; i++) {
- hash = hash_pjw_bare(clist[i]->raw_dn.data, clist[i]->raw_dn.size);
- hash %= list->size;
-
- list->node[hash].trusted_cas =
- gnutls_realloc_fast(list->node[hash].trusted_cas,
- (list->node[hash].trusted_ca_size +
- 1) *
- sizeof(list->node[hash].trusted_cas[0]));
- if (list->node[hash].trusted_cas == NULL) {
- gnutls_assert();
- return i;
- }
-
- list->node[hash].trusted_cas[list->node[hash].trusted_ca_size] =
- clist[i];
- list->node[hash].trusted_ca_size++;
- }
-
- return i;
+ int i;
+ uint32_t hash;
+
+ for (i = 0; i < clist_size; i++) {
+ hash =
+ hash_pjw_bare(clist[i]->raw_dn.data,
+ clist[i]->raw_dn.size);
+ hash %= list->size;
+
+ list->node[hash].trusted_cas =
+ gnutls_realloc_fast(list->node[hash].trusted_cas,
+ (list->node[hash].trusted_ca_size +
+ 1) *
+ sizeof(list->node[hash].
+ trusted_cas[0]));
+ if (list->node[hash].trusted_cas == NULL) {
+ gnutls_assert();
+ return i;
+ }
+
+ list->node[hash].trusted_cas[list->node[hash].
+ trusted_ca_size] = clist[i];
+ list->node[hash].trusted_ca_size++;
+ }
+
+ return i;
}
/**
@@ -199,32 +206,38 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list,
- const gnutls_x509_crt_t * clist,
- int clist_size)
+ const gnutls_x509_crt_t * clist,
+ int clist_size)
{
- int i, r = 0;
- unsigned j;
- uint32_t hash;
-
- for (i = 0; i < clist_size; i++)
- {
- hash = hash_pjw_bare(clist[i]->raw_dn.data, clist[i]->raw_dn.size);
- hash %= list->size;
-
- for (j=0;j<list->node[hash].trusted_ca_size;j++)
- {
- if (_gnutls_check_if_same_cert(clist[i], list->node[hash].trusted_cas[j]) != 0)
- {
- gnutls_x509_crt_deinit(list->node[hash].trusted_cas[j]);
- list->node[hash].trusted_cas[j] =
- list->node[hash].trusted_cas[list->node[hash].trusted_ca_size-1];
- list->node[hash].trusted_ca_size--;
- r++;
- }
- }
- }
-
- return r;
+ int i, r = 0;
+ unsigned j;
+ uint32_t hash;
+
+ for (i = 0; i < clist_size; i++) {
+ hash =
+ hash_pjw_bare(clist[i]->raw_dn.data,
+ clist[i]->raw_dn.size);
+ hash %= list->size;
+
+ for (j = 0; j < list->node[hash].trusted_ca_size; j++) {
+ if (_gnutls_check_if_same_cert
+ (clist[i],
+ list->node[hash].trusted_cas[j]) != 0) {
+ gnutls_x509_crt_deinit(list->node[hash].
+ trusted_cas[j]);
+ list->node[hash].trusted_cas[j] =
+ list->node[hash].trusted_cas[list->
+ node
+ [hash].
+ trusted_ca_size
+ - 1];
+ list->node[hash].trusted_ca_size--;
+ r++;
+ }
+ }
+ }
+
+ return r;
}
/**
@@ -254,35 +267,40 @@ gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert,
- const void *name, size_t name_size,
- unsigned int flags)
+ gnutls_x509_crt_t cert,
+ const void *name, size_t name_size,
+ unsigned int flags)
{
- uint32_t hash;
-
- if (name_size >= MAX_SERVER_NAME_SIZE)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- hash = hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size);
- hash %= list->size;
-
- list->node[hash].named_certs =
- gnutls_realloc_fast(list->node[hash].named_certs,
- (list->node[hash].named_cert_size +
- 1) * sizeof(list->node[hash].named_certs[0]));
- if (list->node[hash].named_certs == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- list->node[hash].named_certs[list->node[hash].named_cert_size].cert =
- cert;
- memcpy(list->node[hash].named_certs[list->node[hash].named_cert_size].
- name, name, name_size);
- list->node[hash].named_certs[list->node[hash].named_cert_size].
- name_size = name_size;
-
- list->node[hash].named_cert_size++;
-
- return 0;
+ uint32_t hash;
+
+ if (name_size >= MAX_SERVER_NAME_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ hash =
+ hash_pjw_bare(cert->raw_issuer_dn.data,
+ cert->raw_issuer_dn.size);
+ hash %= list->size;
+
+ list->node[hash].named_certs =
+ gnutls_realloc_fast(list->node[hash].named_certs,
+ (list->node[hash].named_cert_size +
+ 1) *
+ sizeof(list->node[hash].named_certs[0]));
+ if (list->node[hash].named_certs == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ list->node[hash].named_certs[list->node[hash].named_cert_size].
+ cert = cert;
+ memcpy(list->node[hash].
+ named_certs[list->node[hash].named_cert_size].name, name,
+ name_size);
+ list->node[hash].named_certs[list->node[hash].
+ named_cert_size].name_size =
+ name_size;
+
+ list->node[hash].named_cert_size++;
+
+ return 0;
}
/**
@@ -306,51 +324,58 @@ gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
- const gnutls_x509_crl_t * crl_list,
- int crl_size, unsigned int flags,
- unsigned int verification_flags)
+ const gnutls_x509_crl_t * crl_list,
+ int crl_size, unsigned int flags,
+ unsigned int verification_flags)
{
- int ret, i, j = 0;
- unsigned int vret = 0;
- uint32_t hash;
-
- /* Probably we can optimize things such as removing duplicates
- * etc.
- */
- if (crl_size == 0 || crl_list == NULL)
- return 0;
-
- for (i = 0; i < crl_size; i++) {
- hash = hash_pjw_bare(crl_list[i]->raw_issuer_dn.data, crl_list[i]->raw_issuer_dn.size);
- hash %= list->size;
-
- if (flags & GNUTLS_TL_VERIFY_CRL) {
-
- ret =
- gnutls_x509_crl_verify(crl_list[i],
- list->node[hash].trusted_cas,
- list->node[hash].trusted_ca_size,
- verification_flags, &vret);
- if (ret < 0 || vret != 0)
- continue;
- }
-
- list->node[hash].crls =
- gnutls_realloc_fast(list->node[hash].crls,
- (list->node[hash].crl_size +
- 1) *
- sizeof(list->node[hash].trusted_cas[0]));
- if (list->node[hash].crls == NULL) {
- gnutls_assert();
- return i;
- }
-
- list->node[hash].crls[list->node[hash].crl_size] = crl_list[i];
- list->node[hash].crl_size++;
- j++;
- }
-
- return j;
+ int ret, i, j = 0;
+ unsigned int vret = 0;
+ uint32_t hash;
+
+ /* Probably we can optimize things such as removing duplicates
+ * etc.
+ */
+ if (crl_size == 0 || crl_list == NULL)
+ return 0;
+
+ for (i = 0; i < crl_size; i++) {
+ hash =
+ hash_pjw_bare(crl_list[i]->raw_issuer_dn.data,
+ crl_list[i]->raw_issuer_dn.size);
+ hash %= list->size;
+
+ if (flags & GNUTLS_TL_VERIFY_CRL) {
+
+ ret =
+ gnutls_x509_crl_verify(crl_list[i],
+ list->node[hash].
+ trusted_cas,
+ list->node[hash].
+ trusted_ca_size,
+ verification_flags,
+ &vret);
+ if (ret < 0 || vret != 0)
+ continue;
+ }
+
+ list->node[hash].crls =
+ gnutls_realloc_fast(list->node[hash].crls,
+ (list->node[hash].crl_size +
+ 1) *
+ sizeof(list->node[hash].
+ trusted_cas[0]));
+ if (list->node[hash].crls == NULL) {
+ gnutls_assert();
+ return i;
+ }
+
+ list->node[hash].crls[list->node[hash].crl_size] =
+ crl_list[i];
+ list->node[hash].crl_size++;
+ j++;
+ }
+
+ return j;
}
/* Takes a certificate list and shortens it if there are
@@ -361,51 +386,53 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
* Returns the new size of the list or a negative number on error.
*/
static int shorten_clist(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t * certificate_list,
- unsigned int clist_size)
+ gnutls_x509_crt_t * certificate_list,
+ unsigned int clist_size)
{
- unsigned int j, i;
- uint32_t hash;
-
- if (clist_size > 1) {
- /* Check if the last certificate in the path is self signed.
- * In that case ignore it (a certificate is trusted only if it
- * leads to a trusted party by us, not the server's).
- *
- * This prevents from verifying self signed certificates against
- * themselves. This (although not bad) caused verification
- * failures on some root self signed certificates that use the
- * MD2 algorithm.
- */
- if (gnutls_x509_crt_check_issuer(certificate_list[clist_size - 1],
- certificate_list[clist_size -
- 1]) != 0) {
- clist_size--;
- }
- }
-
- /* We want to shorten the chain by removing the cert that matches
- * one of the certs we trust and all the certs after that i.e. if
- * cert chain is A signed-by B signed-by C signed-by D (signed-by
- * self-signed E but already removed above), and we trust B, remove
- * B, C and D. */
- for (i = 1; i < clist_size; i++) {
- hash = hash_pjw_bare(certificate_list[i]->raw_issuer_dn.data, certificate_list[i]->raw_issuer_dn.size);
- hash %= list->size;
-
- for (j = 0; j < list->node[hash].trusted_ca_size; j++) {
- if (_gnutls_check_if_same_cert
- (certificate_list[i],
- list->node[hash].trusted_cas[j]) != 0) {
- /* cut the list at the point of first the trusted certificate */
- clist_size = i + 1;
- break;
- }
- }
- /* clist_size may have been changed which gets out of loop */
- }
-
- return clist_size;
+ unsigned int j, i;
+ uint32_t hash;
+
+ if (clist_size > 1) {
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ *
+ * This prevents from verifying self signed certificates against
+ * themselves. This (although not bad) caused verification
+ * failures on some root self signed certificates that use the
+ * MD2 algorithm.
+ */
+ if (gnutls_x509_crt_check_issuer
+ (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) != 0) {
+ clist_size--;
+ }
+ }
+
+ /* We want to shorten the chain by removing the cert that matches
+ * one of the certs we trust and all the certs after that i.e. if
+ * cert chain is A signed-by B signed-by C signed-by D (signed-by
+ * self-signed E but already removed above), and we trust B, remove
+ * B, C and D. */
+ for (i = 1; i < clist_size; i++) {
+ hash =
+ hash_pjw_bare(certificate_list[i]->raw_issuer_dn.data,
+ certificate_list[i]->raw_issuer_dn.size);
+ hash %= list->size;
+
+ for (j = 0; j < list->node[hash].trusted_ca_size; j++) {
+ if (_gnutls_check_if_same_cert
+ (certificate_list[i],
+ list->node[hash].trusted_cas[j]) != 0) {
+ /* cut the list at the point of first the trusted certificate */
+ clist_size = i + 1;
+ break;
+ }
+ }
+ /* clist_size may have been changed which gets out of loop */
+ }
+
+ return clist_size;
}
/* Takes a certificate list and orders it with subject, issuer order.
@@ -415,61 +442,57 @@ static int shorten_clist(gnutls_x509_trust_list_t list,
*
* Returns the sorted list which may be the original clist.
*/
-static gnutls_x509_crt_t* sort_clist(gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH],
- gnutls_x509_crt_t * clist,
- unsigned int *clist_size)
+static gnutls_x509_crt_t *sort_clist(gnutls_x509_crt_t
+ sorted[DEFAULT_MAX_VERIFY_DEPTH],
+ gnutls_x509_crt_t * clist,
+ unsigned int *clist_size)
{
- int prev;
- unsigned int j, i;
- int issuer[DEFAULT_MAX_VERIFY_DEPTH]; /* contain the index of the issuers */
-
- /* Do not bother sorting if too many certificates are given.
- * Prevent any DoS attacks.
- */
- if (*clist_size > DEFAULT_MAX_VERIFY_DEPTH)
- return clist;
-
- for (i=0;i<DEFAULT_MAX_VERIFY_DEPTH;i++)
- issuer[i] = -1;
-
- /* Find the issuer of each certificate and store it
- * in issuer array.
- */
- for(i=0;i<*clist_size;i++)
- {
- for (j=1;j<*clist_size;j++)
- {
- if (i==j) continue;
-
- if (gnutls_x509_crt_check_issuer(clist[i],
- clist[j]) != 0)
- {
- issuer[i] = j;
- break;
- }
- }
- }
-
- if (issuer[0] == -1)
- {
- *clist_size = 1;
- return clist;
- }
-
- prev = 0;
- sorted[0] = clist[0];
- for (i=1;i<*clist_size;i++)
- {
- prev = issuer[prev];
- if (prev == -1) /* no issuer */
- {
- *clist_size = i;
- break;
- }
- sorted[i] = clist[prev];
- }
-
- return sorted;
+ int prev;
+ unsigned int j, i;
+ int issuer[DEFAULT_MAX_VERIFY_DEPTH]; /* contain the index of the issuers */
+
+ /* Do not bother sorting if too many certificates are given.
+ * Prevent any DoS attacks.
+ */
+ if (*clist_size > DEFAULT_MAX_VERIFY_DEPTH)
+ return clist;
+
+ for (i = 0; i < DEFAULT_MAX_VERIFY_DEPTH; i++)
+ issuer[i] = -1;
+
+ /* Find the issuer of each certificate and store it
+ * in issuer array.
+ */
+ for (i = 0; i < *clist_size; i++) {
+ for (j = 1; j < *clist_size; j++) {
+ if (i == j)
+ continue;
+
+ if (gnutls_x509_crt_check_issuer(clist[i],
+ clist[j]) != 0) {
+ issuer[i] = j;
+ break;
+ }
+ }
+ }
+
+ if (issuer[0] == -1) {
+ *clist_size = 1;
+ return clist;
+ }
+
+ prev = 0;
+ sorted[0] = clist[0];
+ for (i = 1; i < *clist_size; i++) {
+ prev = issuer[prev];
+ if (prev == -1) { /* no issuer */
+ *clist_size = i;
+ break;
+ }
+ sorted[i] = clist[prev];
+ }
+
+ return sorted;
}
/**
@@ -488,28 +511,31 @@ static gnutls_x509_crt_t* sort_clist(gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY
* Since: 3.0
**/
int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert,
- gnutls_x509_crt_t * issuer,
- unsigned int flags)
+ gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t * issuer,
+ unsigned int flags)
{
- int ret;
- unsigned int i;
- uint32_t hash;
-
- hash = hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size);
- hash %= list->size;
-
- for (i = 0; i < list->node[hash].trusted_ca_size; i++) {
- ret =
- gnutls_x509_crt_check_issuer(cert,
- list->node[hash].trusted_cas[i]);
- if (ret != 0) {
- *issuer = list->node[hash].trusted_cas[i];
- return 0;
- }
- }
-
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ int ret;
+ unsigned int i;
+ uint32_t hash;
+
+ hash =
+ hash_pjw_bare(cert->raw_issuer_dn.data,
+ cert->raw_issuer_dn.size);
+ hash %= list->size;
+
+ for (i = 0; i < list->node[hash].trusted_ca_size; i++) {
+ ret =
+ gnutls_x509_crt_check_issuer(cert,
+ list->node[hash].
+ trusted_cas[i]);
+ if (ret != 0) {
+ *issuer = list->node[hash].trusted_cas[i];
+ return 0;
+ }
+ }
+
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
/**
@@ -532,69 +558,78 @@ int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t * cert_list,
- unsigned int cert_list_size,
- unsigned int flags,
- unsigned int *verify,
- gnutls_verify_output_function func)
+ gnutls_x509_crt_t * cert_list,
+ unsigned int cert_list_size,
+ unsigned int flags,
+ unsigned int *verify,
+ gnutls_verify_output_function func)
{
- int ret;
- unsigned int i;
- uint32_t hash;
- gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
-
- if (cert_list == NULL || cert_list_size < 1)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN))
- cert_list = sort_clist(sorted, cert_list, &cert_list_size);
-
- cert_list_size = shorten_clist(list, cert_list, cert_list_size);
- if (cert_list_size <= 0)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- hash = hash_pjw_bare(cert_list[cert_list_size - 1]->raw_issuer_dn.data,
- cert_list[cert_list_size - 1]->raw_issuer_dn.size);
- hash %= list->size;
-
- *verify = _gnutls_x509_verify_certificate(cert_list, cert_list_size,
- list->node[hash].trusted_cas,
- list->node[hash].
- trusted_ca_size, flags,
- func);
-
- if (*verify != 0 || (flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS))
- return 0;
-
- /* Check revocation of individual certificates.
- * start with the last one that we already have its hash
- */
- ret = _gnutls_x509_crt_check_revocation(cert_list[cert_list_size - 1],
- list->node[hash].crls,
- list->node[hash].crl_size,
- func);
- if (ret == 1) { /* revoked */
- *verify |= GNUTLS_CERT_REVOKED;
- *verify |= GNUTLS_CERT_INVALID;
- return 0;
- }
-
- for (i = 0; i < cert_list_size - 1; i++) {
- hash = hash_pjw_bare(cert_list[i]->raw_issuer_dn.data, cert_list[i]->raw_issuer_dn.size);
- hash %= list->size;
-
- ret = _gnutls_x509_crt_check_revocation(cert_list[i],
- list->node[hash].crls,
- list->node[hash].crl_size,
- func);
- if (ret == 1) { /* revoked */
- *verify |= GNUTLS_CERT_REVOKED;
- *verify |= GNUTLS_CERT_INVALID;
- return 0;
- }
- }
-
- return 0;
+ int ret;
+ unsigned int i;
+ uint32_t hash;
+ gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
+
+ if (cert_list == NULL || cert_list_size < 1)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN))
+ cert_list = sort_clist(sorted, cert_list, &cert_list_size);
+
+ cert_list_size = shorten_clist(list, cert_list, cert_list_size);
+ if (cert_list_size <= 0)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ hash =
+ hash_pjw_bare(cert_list[cert_list_size - 1]->raw_issuer_dn.
+ data,
+ cert_list[cert_list_size -
+ 1]->raw_issuer_dn.size);
+ hash %= list->size;
+
+ *verify =
+ _gnutls_x509_verify_certificate(cert_list, cert_list_size,
+ list->node[hash].trusted_cas,
+ list->
+ node[hash].trusted_ca_size,
+ flags, func);
+
+ if (*verify != 0 || (flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS))
+ return 0;
+
+ /* Check revocation of individual certificates.
+ * start with the last one that we already have its hash
+ */
+ ret =
+ _gnutls_x509_crt_check_revocation(cert_list
+ [cert_list_size - 1],
+ list->node[hash].crls,
+ list->node[hash].crl_size,
+ func);
+ if (ret == 1) { /* revoked */
+ *verify |= GNUTLS_CERT_REVOKED;
+ *verify |= GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ for (i = 0; i < cert_list_size - 1; i++) {
+ hash =
+ hash_pjw_bare(cert_list[i]->raw_issuer_dn.data,
+ cert_list[i]->raw_issuer_dn.size);
+ hash %= list->size;
+
+ ret = _gnutls_x509_crt_check_revocation(cert_list[i],
+ list->node[hash].
+ crls,
+ list->node[hash].
+ crl_size, func);
+ if (ret == 1) { /* revoked */
+ *verify |= GNUTLS_CERT_REVOKED;
+ *verify |= GNUTLS_CERT_INVALID;
+ return 0;
+ }
+ }
+
+ return 0;
}
/**
@@ -619,70 +654,75 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert,
- const void *name,
- size_t name_size,
- unsigned int flags,
- unsigned int *verify,
- gnutls_verify_output_function func)
+ gnutls_x509_crt_t cert,
+ const void *name,
+ size_t name_size,
+ unsigned int flags,
+ unsigned int *verify,
+ gnutls_verify_output_function func)
{
- int ret;
- unsigned int i;
- uint32_t hash;
-
- hash = hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size);
- hash %= list->size;
-
- *verify = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND;
-
- for (i = 0; i < list->node[hash].named_cert_size; i++) {
- if (_gnutls_check_if_same_cert(cert, list->node[hash].named_certs[i].cert) != 0) { /* check if name matches */
- if (list->node[hash].named_certs[i].name_size == name_size &&
- memcmp(list->node[hash].named_certs[i].name, name,
- name_size) == 0) {
- *verify = 0;
- break;
- }
- }
- }
-
- if (*verify != 0 || (flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS))
- return 0;
-
- /* Check revocation of individual certificates.
- * start with the last one that we already have its hash
- */
- ret = _gnutls_x509_crt_check_revocation(cert,
- list->node[hash].crls,
- list->node[hash].crl_size,
- func);
- if (ret == 1) { /* revoked */
- *verify |= GNUTLS_CERT_REVOKED;
- *verify |= GNUTLS_CERT_INVALID;
- return 0;
- }
-
- return 0;
+ int ret;
+ unsigned int i;
+ uint32_t hash;
+
+ hash =
+ hash_pjw_bare(cert->raw_issuer_dn.data,
+ cert->raw_issuer_dn.size);
+ hash %= list->size;
+
+ *verify = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND;
+
+ for (i = 0; i < list->node[hash].named_cert_size; i++) {
+ if (_gnutls_check_if_same_cert(cert, list->node[hash].named_certs[i].cert) != 0) { /* check if name matches */
+ if (list->node[hash].named_certs[i].name_size ==
+ name_size
+ && memcmp(list->node[hash].named_certs[i].name,
+ name, name_size) == 0) {
+ *verify = 0;
+ break;
+ }
+ }
+ }
+
+ if (*verify != 0 || (flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS))
+ return 0;
+
+ /* Check revocation of individual certificates.
+ * start with the last one that we already have its hash
+ */
+ ret = _gnutls_x509_crt_check_revocation(cert,
+ list->node[hash].crls,
+ list->node[hash].crl_size,
+ func);
+ if (ret == 1) { /* revoked */
+ *verify |= GNUTLS_CERT_REVOKED;
+ *verify |= GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ return 0;
}
/* return 1 if @cert is in @list, 0 if not */
int
-_gnutls_trustlist_inlist (gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert)
+_gnutls_trustlist_inlist(gnutls_x509_trust_list_t list,
+ gnutls_x509_crt_t cert)
{
- int ret;
- unsigned int i;
- uint32_t hash;
-
- hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size);
- hash %= list->size;
-
- for (i = 0; i < list->node[hash].trusted_ca_size; i++)
- {
- ret = _gnutls_check_if_same_cert (cert, list->node[hash].trusted_cas[i]);
- if (ret != 0)
- return 1;
- }
-
- return 0;
+ int ret;
+ unsigned int i;
+ uint32_t hash;
+
+ hash = hash_pjw_bare(cert->raw_dn.data, cert->raw_dn.size);
+ hash %= list->size;
+
+ for (i = 0; i < list->node[hash].trusted_ca_size; i++) {
+ ret =
+ _gnutls_check_if_same_cert(cert,
+ list->node[hash].
+ trusted_cas[i]);
+ if (ret != 0)
+ return 1;
+ }
+
+ return 0;
}
diff --git a/lib/x509/verify-high.h b/lib/x509/verify-high.h
index 3315a871f3..ba45f6ee55 100644
--- a/lib/x509/verify-high.h
+++ b/lib/x509/verify-high.h
@@ -20,5 +20,5 @@
*
*/
-int _gnutls_trustlist_inlist (gnutls_x509_trust_list_t list,
- gnutls_x509_crt_t cert);
+int _gnutls_trustlist_inlist(gnutls_x509_trust_list_t list,
+ gnutls_x509_crt_t cert);
diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c
index 7408e54f39..5af5e67cdc 100644
--- a/lib/x509/verify-high2.c
+++ b/lib/x509/verify-high2.c
@@ -54,49 +54,57 @@
**/
int
gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list,
- const gnutls_datum_t * cas,
- const gnutls_datum_t * crls,
- gnutls_x509_crt_fmt_t type,
- unsigned int tl_flags,
- unsigned int tl_vflags)
+ const gnutls_datum_t * cas,
+ const gnutls_datum_t * crls,
+ gnutls_x509_crt_fmt_t type,
+ unsigned int tl_flags,
+ unsigned int tl_vflags)
{
- int ret;
- gnutls_x509_crt_t *x509_ca_list = NULL;
- gnutls_x509_crl_t *x509_crl_list = NULL;
- unsigned int x509_ncas, x509_ncrls;
- unsigned int r = 0;
-
- if (cas != NULL && cas->data != NULL)
- {
- ret = gnutls_x509_crt_list_import2( &x509_ca_list, &x509_ncas, cas, type, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_trust_list_add_cas(list, x509_ca_list, x509_ncas, tl_flags);
- gnutls_free(x509_ca_list);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
- else
- r += ret;
- }
-
- if (crls != NULL && crls->data != NULL)
- {
- ret = gnutls_x509_crl_list_import2( &x509_crl_list, &x509_ncrls, crls, type, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_trust_list_add_crls(list, x509_crl_list, x509_ncrls, tl_flags, tl_vflags);
- gnutls_free(x509_crl_list);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
- else
- r += ret;
- }
-
- return r;
+ int ret;
+ gnutls_x509_crt_t *x509_ca_list = NULL;
+ gnutls_x509_crl_t *x509_crl_list = NULL;
+ unsigned int x509_ncas, x509_ncrls;
+ unsigned int r = 0;
+
+ if (cas != NULL && cas->data != NULL) {
+ ret =
+ gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas,
+ cas, type, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_x509_trust_list_add_cas(list, x509_ca_list,
+ x509_ncas, tl_flags);
+ gnutls_free(x509_ca_list);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ else
+ r += ret;
+ }
+
+ if (crls != NULL && crls->data != NULL) {
+ ret =
+ gnutls_x509_crl_list_import2(&x509_crl_list,
+ &x509_ncrls, crls, type,
+ 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_x509_trust_list_add_crls(list, x509_crl_list,
+ x509_ncrls, tl_flags,
+ tl_vflags);
+ gnutls_free(x509_crl_list);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ else
+ r += ret;
+ }
+
+ return r;
}
/**
@@ -114,125 +122,139 @@ gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list,
- const gnutls_datum_t * cas,
- gnutls_x509_crt_fmt_t type)
+ const gnutls_datum_t * cas,
+ gnutls_x509_crt_fmt_t type)
{
- int ret;
- gnutls_x509_crt_t *x509_ca_list = NULL;
- unsigned int x509_ncas;
- unsigned int r = 0, i;
-
- if (cas != NULL && cas->data != NULL)
- {
- ret = gnutls_x509_crt_list_import2( &x509_ca_list, &x509_ncas, cas, type, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret = gnutls_x509_trust_list_remove_cas(list, x509_ca_list, x509_ncas);
-
- for (i=0;i<x509_ncas;i++)
- gnutls_x509_crt_deinit(x509_ca_list[i]);
- gnutls_free(x509_ca_list);
-
- if (ret < 0)
- return gnutls_assert_val(ret);
- else
- r += ret;
- }
-
- return r;
+ int ret;
+ gnutls_x509_crt_t *x509_ca_list = NULL;
+ unsigned int x509_ncas;
+ unsigned int r = 0, i;
+
+ if (cas != NULL && cas->data != NULL) {
+ ret =
+ gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas,
+ cas, type, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ gnutls_x509_trust_list_remove_cas(list, x509_ca_list,
+ x509_ncas);
+
+ for (i = 0; i < x509_ncas; i++)
+ gnutls_x509_crt_deinit(x509_ca_list[i]);
+ gnutls_free(x509_ca_list);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ else
+ r += ret;
+ }
+
+ return r;
}
#ifdef ENABLE_PKCS11
-static
-int import_pkcs11_url(gnutls_x509_trust_list_t list, const char* ca_file, unsigned int flags)
+static
+int import_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file,
+ unsigned int flags)
{
-gnutls_x509_crt_t *xcrt_list = NULL;
-gnutls_pkcs11_obj_t *pcrt_list = NULL;
-unsigned int pcrt_list_size = 0, i;
-int ret;
-
- ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, ca_file,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (pcrt_list_size == 0)
- {
- ret = 0;
- goto cleanup;
- }
-
- xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t)*pcrt_list_size);
- if (xcrt_list == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_list_import_pkcs11( xcrt_list, pcrt_list_size, pcrt_list, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_add_cas(list, xcrt_list, pcrt_list_size, flags);
-
-cleanup:
- for (i=0;i<pcrt_list_size;i++)
- gnutls_pkcs11_obj_deinit(pcrt_list[i]);
- gnutls_free(pcrt_list);
- gnutls_free(xcrt_list);
-
- return ret;
+ gnutls_x509_crt_t *xcrt_list = NULL;
+ gnutls_pkcs11_obj_t *pcrt_list = NULL;
+ unsigned int pcrt_list_size = 0, i;
+ int ret;
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size,
+ ca_file,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA,
+ 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (pcrt_list_size == 0) {
+ ret = 0;
+ goto cleanup;
+ }
+
+ xcrt_list =
+ gnutls_malloc(sizeof(gnutls_x509_crt_t) * pcrt_list_size);
+ if (xcrt_list == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size,
+ pcrt_list, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_cas(list, xcrt_list, pcrt_list_size,
+ flags);
+
+ cleanup:
+ for (i = 0; i < pcrt_list_size; i++)
+ gnutls_pkcs11_obj_deinit(pcrt_list[i]);
+ gnutls_free(pcrt_list);
+ gnutls_free(xcrt_list);
+
+ return ret;
}
-static
-int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char* ca_file)
+static
+int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file)
{
-gnutls_x509_crt_t *xcrt_list = NULL;
-gnutls_pkcs11_obj_t *pcrt_list = NULL;
-unsigned int pcrt_list_size = 0, i;
-int ret;
-
- ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, ca_file,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (pcrt_list_size == 0)
- {
- ret = 0;
- goto cleanup;
- }
-
- xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t)*pcrt_list_size);
- if (xcrt_list == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_x509_crt_list_import_pkcs11( xcrt_list, pcrt_list_size, pcrt_list, 0);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = gnutls_x509_trust_list_remove_cas(list, xcrt_list, pcrt_list_size);
-
-cleanup:
- for (i=0;i<pcrt_list_size;i++)
- {
- gnutls_pkcs11_obj_deinit(pcrt_list[i]);
- if (xcrt_list) gnutls_x509_crt_deinit(xcrt_list[i]);
- }
- gnutls_free(pcrt_list);
- gnutls_free(xcrt_list);
-
- return ret;
+ gnutls_x509_crt_t *xcrt_list = NULL;
+ gnutls_pkcs11_obj_t *pcrt_list = NULL;
+ unsigned int pcrt_list_size = 0, i;
+ int ret;
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size,
+ ca_file,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA,
+ 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (pcrt_list_size == 0) {
+ ret = 0;
+ goto cleanup;
+ }
+
+ xcrt_list =
+ gnutls_malloc(sizeof(gnutls_x509_crt_t) * pcrt_list_size);
+ if (xcrt_list == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size,
+ pcrt_list, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_trust_list_remove_cas(list, xcrt_list,
+ pcrt_list_size);
+
+ cleanup:
+ for (i = 0; i < pcrt_list_size; i++) {
+ gnutls_pkcs11_obj_deinit(pcrt_list[i]);
+ if (xcrt_list)
+ gnutls_x509_crt_deinit(xcrt_list[i]);
+ }
+ gnutls_free(pcrt_list);
+ gnutls_free(xcrt_list);
+
+ return ret;
}
#endif
@@ -256,52 +278,49 @@ cleanup:
**/
int
gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
- const char* ca_file,
- const char* crl_file,
- gnutls_x509_crt_fmt_t type,
- unsigned int tl_flags,
- unsigned int tl_vflags)
+ const char *ca_file,
+ const char *crl_file,
+ gnutls_x509_crt_fmt_t type,
+ unsigned int tl_flags,
+ unsigned int tl_vflags)
{
- gnutls_datum_t cas = { NULL, 0 };
- gnutls_datum_t crls = { NULL, 0 };
- size_t size;
- int ret;
+ gnutls_datum_t cas = { NULL, 0 };
+ gnutls_datum_t crls = { NULL, 0 };
+ size_t size;
+ int ret;
#ifdef ENABLE_PKCS11
- if (strncmp (ca_file, "pkcs11:", 7) == 0)
- {
- ret = import_pkcs11_url(list, ca_file, tl_flags);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
+ if (strncmp(ca_file, "pkcs11:", 7) == 0) {
+ ret = import_pkcs11_url(list, ca_file, tl_flags);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else
#endif
- {
- cas.data = (void*)read_binary_file (ca_file, &size);
- if (cas.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
- cas.size = size;
- }
-
- if (crl_file)
- {
- crls.data = (void*)read_binary_file (crl_file, &size);
- if (crls.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
- crls.size = size;
- }
-
- ret = gnutls_x509_trust_list_add_trust_mem(list, &cas, &crls, type, tl_flags, tl_vflags);
- free(crls.data);
- free(cas.data);
-
- return ret;
+ {
+ cas.data = (void *) read_binary_file(ca_file, &size);
+ if (cas.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+ cas.size = size;
+ }
+
+ if (crl_file) {
+ crls.data = (void *) read_binary_file(crl_file, &size);
+ if (crls.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+ crls.size = size;
+ }
+
+ ret =
+ gnutls_x509_trust_list_add_trust_mem(list, &cas, &crls, type,
+ tl_flags, tl_vflags);
+ free(crls.data);
+ free(cas.data);
+
+ return ret;
}
/**
@@ -320,35 +339,31 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
**/
int
gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list,
- const char* ca_file,
- gnutls_x509_crt_fmt_t type)
+ const char *ca_file,
+ gnutls_x509_crt_fmt_t type)
{
- gnutls_datum_t cas = { NULL, 0 };
- size_t size;
- int ret;
+ gnutls_datum_t cas = { NULL, 0 };
+ size_t size;
+ int ret;
#ifdef ENABLE_PKCS11
- if (strncmp (ca_file, "pkcs11:", 7) == 0)
- {
- ret = remove_pkcs11_url(list, ca_file);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
- else
+ if (strncmp(ca_file, "pkcs11:", 7) == 0) {
+ ret = remove_pkcs11_url(list, ca_file);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ } else
#endif
- {
- cas.data = (void*)read_binary_file (ca_file, &size);
- if (cas.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_FILE_ERROR;
- }
- cas.size = size;
- }
-
- ret = gnutls_x509_trust_list_remove_trust_mem(list, &cas, type);
- free(cas.data);
-
- return ret;
-}
+ {
+ cas.data = (void *) read_binary_file(ca_file, &size);
+ if (cas.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+ cas.size = size;
+ }
+ ret = gnutls_x509_trust_list_remove_trust_mem(list, &cas, type);
+ free(cas.data);
+
+ return ret;
+}
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 30758f88f8..f7390dcccc 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -28,7 +28,7 @@
#include <gnutls_errors.h>
#include <libtasn1.h>
#include <gnutls_global.h>
-#include <gnutls_num.h> /* MAX */
+#include <gnutls_num.h> /* MAX */
#include <gnutls_sig.h>
#include <gnutls_str.h>
#include <gnutls_datum.h>
@@ -38,42 +38,41 @@
/* Checks if two certs are identical. Return 1 on match. */
int
-_gnutls_check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
+_gnutls_check_if_same_cert(gnutls_x509_crt_t cert1,
+ gnutls_x509_crt_t cert2)
{
- gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin =
- { NULL, 0};
- int result;
-
- result = _gnutls_is_same_dn (cert1, cert2);
- if (result == 0)
- return 0;
-
- result = _gnutls_x509_der_encode (cert1->cert, "", &cert1bin, 0);
- if (result < 0)
- {
- result = 0;
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (cert2->cert, "", &cert2bin, 0);
- if (result < 0)
- {
- result = 0;
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((cert1bin.size == cert2bin.size) &&
- (memcmp (cert1bin.data, cert2bin.data, cert1bin.size) == 0))
- result = 1;
- else
- result = 0;
-
-cleanup:
- _gnutls_free_datum (&cert1bin);
- _gnutls_free_datum (&cert2bin);
- return result;
+ gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin = {
+ NULL, 0};
+ int result;
+
+ result = _gnutls_is_same_dn(cert1, cert2);
+ if (result == 0)
+ return 0;
+
+ result = _gnutls_x509_der_encode(cert1->cert, "", &cert1bin, 0);
+ if (result < 0) {
+ result = 0;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(cert2->cert, "", &cert2bin, 0);
+ if (result < 0) {
+ result = 0;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((cert1bin.size == cert2bin.size) &&
+ (memcmp(cert1bin.data, cert2bin.data, cert1bin.size) == 0))
+ result = 1;
+ else
+ result = 0;
+
+ cleanup:
+ _gnutls_free_datum(&cert1bin);
+ _gnutls_free_datum(&cert2bin);
+ return result;
}
/* Checks if the issuer of a certificate is a
@@ -84,113 +83,110 @@ cleanup:
* or not.
*/
static int
-check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- unsigned int *max_path,
- unsigned int flags)
+check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ unsigned int *max_path, unsigned int flags)
{
- gnutls_datum_t cert_signed_data = { NULL, 0 };
- gnutls_datum_t issuer_signed_data = { NULL, 0 };
- gnutls_datum_t cert_signature = { NULL, 0 };
- gnutls_datum_t issuer_signature = { NULL, 0 };
- int pathlen, result;
- unsigned int ca_status;
-
- /* Check if the issuer is the same with the
- * certificate. This is added in order for trusted
- * certificates to be able to verify themselves.
- */
-
- result =
- _gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate",
- &issuer_signed_data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result =
- _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
- &cert_signed_data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result =
- _gnutls_x509_get_signature (issuer->cert, "signature", &issuer_signature);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result =
- _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* If the subject certificate is the same as the issuer
- * return true.
- */
- if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
- if (cert_signed_data.size == issuer_signed_data.size)
- {
- if ((memcmp (cert_signed_data.data, issuer_signed_data.data,
- cert_signed_data.size) == 0) &&
- (cert_signature.size == issuer_signature.size) &&
- (memcmp (cert_signature.data, issuer_signature.data,
- cert_signature.size) == 0))
- {
- result = 1;
- goto cleanup;
- }
- }
-
- result = gnutls_x509_crt_get_basic_constraints( issuer, NULL, &ca_status, &pathlen);
- if (result < 0)
- {
- ca_status = 0;
- pathlen = -1;
- }
-
- if (ca_status != 0 && pathlen != -1)
- {
- if ((unsigned)pathlen < *max_path)
- *max_path = pathlen;
- }
-
- if (ca_status != 0)
- {
- result = 1;
- goto cleanup;
- }
- /* Handle V1 CAs that do not have a basicConstraint, but accept
- these certs only if the appropriate flags are set. */
- else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) &&
- ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||
- (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&
- (gnutls_x509_crt_check_issuer (issuer, issuer) != 0))))
- {
- gnutls_assert ();
- result = 1;
- goto cleanup;
- }
- else
- gnutls_assert ();
-
- result = 0;
-
-cleanup:
- _gnutls_free_datum (&cert_signed_data);
- _gnutls_free_datum (&issuer_signed_data);
- _gnutls_free_datum (&cert_signature);
- _gnutls_free_datum (&issuer_signature);
- return result;
+ gnutls_datum_t cert_signed_data = { NULL, 0 };
+ gnutls_datum_t issuer_signed_data = { NULL, 0 };
+ gnutls_datum_t cert_signature = { NULL, 0 };
+ gnutls_datum_t issuer_signature = { NULL, 0 };
+ int pathlen, result;
+ unsigned int ca_status;
+
+ /* Check if the issuer is the same with the
+ * certificate. This is added in order for trusted
+ * certificates to be able to verify themselves.
+ */
+
+ result =
+ _gnutls_x509_get_signed_data(issuer->cert, "tbsCertificate",
+ &issuer_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate",
+ &cert_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature(issuer->cert, "signature",
+ &issuer_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature(cert->cert, "signature",
+ &cert_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* If the subject certificate is the same as the issuer
+ * return true.
+ */
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
+ if (cert_signed_data.size == issuer_signed_data.size) {
+ if ((memcmp
+ (cert_signed_data.data,
+ issuer_signed_data.data,
+ cert_signed_data.size) == 0)
+ && (cert_signature.size ==
+ issuer_signature.size)
+ &&
+ (memcmp
+ (cert_signature.data, issuer_signature.data,
+ cert_signature.size) == 0)) {
+ result = 1;
+ goto cleanup;
+ }
+ }
+
+ result =
+ gnutls_x509_crt_get_basic_constraints(issuer, NULL, &ca_status,
+ &pathlen);
+ if (result < 0) {
+ ca_status = 0;
+ pathlen = -1;
+ }
+
+ if (ca_status != 0 && pathlen != -1) {
+ if ((unsigned) pathlen < *max_path)
+ *max_path = pathlen;
+ }
+
+ if (ca_status != 0) {
+ result = 1;
+ goto cleanup;
+ }
+ /* Handle V1 CAs that do not have a basicConstraint, but accept
+ these certs only if the appropriate flags are set. */
+ else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) &&
+ ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||
+ (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&
+ (gnutls_x509_crt_check_issuer(issuer, issuer) != 0)))) {
+ gnutls_assert();
+ result = 1;
+ goto cleanup;
+ } else
+ gnutls_assert();
+
+ result = 0;
+
+ cleanup:
+ _gnutls_free_datum(&cert_signed_data);
+ _gnutls_free_datum(&issuer_signed_data);
+ _gnutls_free_datum(&cert_signature);
+ _gnutls_free_datum(&issuer_signature);
+ return result;
}
@@ -200,147 +196,146 @@ cleanup:
*
* Returns 1 if they match and (0) if they don't match.
*/
-static int
-is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)
+static int is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)
{
- uint8_t id1[512];
- uint8_t id2[512];
- size_t id1_size;
- size_t id2_size;
- int ret;
-
- if (_gnutls_x509_compare_raw_dn(&cert->raw_issuer_dn, &issuer->raw_dn) != 0)
- ret = 1;
- else
- ret = 0;
-
- if (ret != 0)
- {
- /* check if the authority key identifier matches the subject key identifier
- * of the issuer */
- id1_size = sizeof(id1);
-
- ret = gnutls_x509_crt_get_authority_key_id(cert, id1, &id1_size, NULL);
- if (ret < 0)
- {
- ret = 1;
- goto cleanup;
- }
-
- id2_size = sizeof(id2);
- ret = gnutls_x509_crt_get_subject_key_id(issuer, id2, &id2_size, NULL);
- if (ret < 0)
- {
- ret = 1;
- gnutls_assert();
- goto cleanup;
- }
-
- if (id1_size == id2_size && memcmp(id1, id2, id1_size) == 0)
- ret = 1;
- else
- ret = 0;
- }
-
-cleanup:
- return ret;
+ uint8_t id1[512];
+ uint8_t id2[512];
+ size_t id1_size;
+ size_t id2_size;
+ int ret;
+
+ if (_gnutls_x509_compare_raw_dn
+ (&cert->raw_issuer_dn, &issuer->raw_dn) != 0)
+ ret = 1;
+ else
+ ret = 0;
+
+ if (ret != 0) {
+ /* check if the authority key identifier matches the subject key identifier
+ * of the issuer */
+ id1_size = sizeof(id1);
+
+ ret =
+ gnutls_x509_crt_get_authority_key_id(cert, id1,
+ &id1_size, NULL);
+ if (ret < 0) {
+ ret = 1;
+ goto cleanup;
+ }
+
+ id2_size = sizeof(id2);
+ ret =
+ gnutls_x509_crt_get_subject_key_id(issuer, id2,
+ &id2_size, NULL);
+ if (ret < 0) {
+ ret = 1;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (id1_size == id2_size
+ && memcmp(id1, id2, id1_size) == 0)
+ ret = 1;
+ else
+ ret = 0;
+ }
+
+ cleanup:
+ return ret;
}
/* Check if the given certificate is the issuer of the CRL.
* Returns 1 on success and 0 otherwise.
*/
-static int
-is_crl_issuer (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer)
+static int is_crl_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer)
{
- if (_gnutls_x509_compare_raw_dn(&crl->raw_issuer_dn, &issuer->raw_dn) != 0)
- return 1;
- else
- return 0;
+ if (_gnutls_x509_compare_raw_dn
+ (&crl->raw_issuer_dn, &issuer->raw_dn) != 0)
+ return 1;
+ else
+ return 0;
}
/* Checks if the DN of two certificates is the same.
* Returns 1 if they match and (0) if they don't match. Otherwise
* a negative error code is returned to indicate error.
*/
-int
-_gnutls_is_same_dn (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
+int _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
{
- if (_gnutls_x509_compare_raw_dn(&cert1->raw_dn, &cert2->raw_dn) != 0)
- return 1;
- else
- return 0;
+ if (_gnutls_x509_compare_raw_dn(&cert1->raw_dn, &cert2->raw_dn) !=
+ 0)
+ return 1;
+ else
+ return 0;
}
/* Finds an issuer of the certificate. If multiple issuers
* are present, returns one that is activated and not expired.
*/
static inline gnutls_x509_crt_t
-find_issuer (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * trusted_cas, int tcas_size)
+find_issuer(gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * trusted_cas, int tcas_size)
{
-int i;
-gnutls_x509_crt_t issuer = NULL;
-
- /* this is serial search.
- */
-
- for (i = 0; i < tcas_size; i++)
- {
- if (is_issuer (cert, trusted_cas[i]) != 0)
- {
- if (issuer == NULL)
- {
- issuer = trusted_cas[i];
- }
- else
- {
- time_t now = gnutls_time(0);
-
- if (now < gnutls_x509_crt_get_expiration_time(trusted_cas[i]) &&
- now >= gnutls_x509_crt_get_activation_time(trusted_cas[i]))
- {
- issuer = trusted_cas[i];
- }
- }
- }
- }
-
- return issuer;
+ int i;
+ gnutls_x509_crt_t issuer = NULL;
+
+ /* this is serial search.
+ */
+
+ for (i = 0; i < tcas_size; i++) {
+ if (is_issuer(cert, trusted_cas[i]) != 0) {
+ if (issuer == NULL) {
+ issuer = trusted_cas[i];
+ } else {
+ time_t now = gnutls_time(0);
+
+ if (now <
+ gnutls_x509_crt_get_expiration_time
+ (trusted_cas[i])
+ && now >=
+ gnutls_x509_crt_get_activation_time
+ (trusted_cas[i])) {
+ issuer = trusted_cas[i];
+ }
+ }
+ }
+ }
+
+ return issuer;
}
-static unsigned int
-check_time (gnutls_x509_crt_t crt, time_t now)
+static unsigned int check_time(gnutls_x509_crt_t crt, time_t now)
{
- int status = 0;
- time_t t;
-
- t = gnutls_x509_crt_get_activation_time (crt);
- if (t == (time_t) - 1 || now < t)
- {
- status |= GNUTLS_CERT_NOT_ACTIVATED;
- status |= GNUTLS_CERT_INVALID;
- return status;
- }
-
- t = gnutls_x509_crt_get_expiration_time (crt);
- if (t == (time_t) - 1 || now > t)
- {
- status |= GNUTLS_CERT_EXPIRED;
- status |= GNUTLS_CERT_INVALID;
- return status;
- }
-
- return 0;
+ int status = 0;
+ time_t t;
+
+ t = gnutls_x509_crt_get_activation_time(crt);
+ if (t == (time_t) - 1 || now < t) {
+ status |= GNUTLS_CERT_NOT_ACTIVATED;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+
+ t = gnutls_x509_crt_get_expiration_time(crt);
+ if (t == (time_t) - 1 || now > t) {
+ status |= GNUTLS_CERT_EXPIRED;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+
+ return 0;
}
static
-int is_broken_allowed( gnutls_sign_algorithm_t sig, unsigned int flags)
+int is_broken_allowed(gnutls_sign_algorithm_t sig, unsigned int flags)
{
- if ((sig == GNUTLS_SIGN_RSA_MD2) && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2))
- return 1;
- if ((sig == GNUTLS_SIGN_RSA_MD5) && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))
- return 1;
- return 0;
+ if ((sig == GNUTLS_SIGN_RSA_MD2)
+ && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2))
+ return 1;
+ if ((sig == GNUTLS_SIGN_RSA_MD5)
+ && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))
+ return 1;
+ return 0;
}
/*
@@ -356,182 +351,180 @@ int is_broken_allowed( gnutls_sign_algorithm_t sig, unsigned int flags)
* procedure. Issuer will hold the actual issuer from the trusted list.
*/
static int
-_gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size, unsigned int flags,
- unsigned int *output,
- gnutls_x509_crt_t * _issuer,
- time_t now,
- unsigned int *max_path,
- gnutls_verify_output_function func)
+_gnutls_verify_certificate2(gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output,
+ gnutls_x509_crt_t * _issuer,
+ time_t now,
+ unsigned int *max_path,
+ gnutls_verify_output_function func)
{
- gnutls_datum_t cert_signed_data = { NULL, 0 };
- gnutls_datum_t cert_signature = { NULL, 0 };
- gnutls_x509_crt_t issuer = NULL;
- int issuer_version, result, hash_algo;
- unsigned int out = 0, usage;
-
- if (output)
- *output = 0;
-
- if (*max_path == 0)
- {
- out = GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE | GNUTLS_CERT_INVALID;
- if (output)
- *output |= out;
- gnutls_assert ();
- result = 0;
- goto cleanup;
- }
- (*max_path)--;
-
- if (tcas_size >= 1)
- issuer = find_issuer (cert, trusted_cas, tcas_size);
-
- /* issuer is not in trusted certificate
- * authorities.
- */
- if (issuer == NULL)
- {
- out = GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
- if (output)
- *output |= out;
- gnutls_assert ();
- result = 0;
- goto cleanup;
- }
-
- if (_issuer != NULL)
- *_issuer = issuer;
-
- issuer_version = gnutls_x509_crt_get_version (issuer);
- if (issuer_version < 0)
- {
- gnutls_assert ();
- return issuer_version;
- }
-
- if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
- ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
- || issuer_version != 1))
- {
- if (check_if_ca (cert, issuer, max_path, flags) == 0)
- {
- gnutls_assert ();
- out = GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
- if (output)
- *output |= out;
- result = 0;
- goto cleanup;
- }
-
- result = gnutls_x509_crt_get_key_usage(issuer, &usage, NULL);
- if (result >= 0)
- {
- if (!(usage & GNUTLS_KEY_KEY_CERT_SIGN))
- {
- gnutls_assert();
- out = GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE | GNUTLS_CERT_INVALID;
- if (output)
- *output |= out;
- result = 0;
- goto cleanup;
- }
- }
- }
-
- result =
- _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
- &cert_signed_data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result =
- _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_signature_algorithm(cert->cert, "signatureAlgorithm.algorithm");
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- hash_algo = gnutls_sign_get_hash_algorithm(result);
-
- result =
- _gnutls_x509_verify_data (mac_to_entry(hash_algo), &cert_signed_data, &cert_signature,
- issuer);
- if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
- {
- gnutls_assert ();
- out |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
- /* error. ignore it */
- if (output)
- *output |= out;
- result = 0;
- }
- else if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- /* If the certificate is not self signed check if the algorithms
- * used are secure. If the certificate is self signed it doesn't
- * really matter.
- */
- if (is_issuer (cert, cert) == 0)
- {
- int sigalg;
-
- sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
-
- if (gnutls_sign_is_secure(sigalg) == 0 && is_broken_allowed(sigalg, flags) == 0)
- {
- out = GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
- if (output)
- *output |= out;
- result = 0;
- }
- }
-
- /* Check activation/expiration times
- */
- if (!(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
- {
- /* check the time of the issuer first */
- if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS))
- {
- out |= check_time (issuer, now);
- if (out != 0)
- {
- result = 0;
- if (output) *output |= out;
- }
- }
-
- out |= check_time (cert, now);
- if (out != 0)
- {
- result = 0;
- if (output) *output |= out;
- }
- }
-
-cleanup:
- if (result >= 0 && func) func(cert, issuer, NULL, out);
- _gnutls_free_datum (&cert_signed_data);
- _gnutls_free_datum (&cert_signature);
-
- return result;
+ gnutls_datum_t cert_signed_data = { NULL, 0 };
+ gnutls_datum_t cert_signature = { NULL, 0 };
+ gnutls_x509_crt_t issuer = NULL;
+ int issuer_version, result, hash_algo;
+ unsigned int out = 0, usage;
+
+ if (output)
+ *output = 0;
+
+ if (*max_path == 0) {
+ out =
+ GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE |
+ GNUTLS_CERT_INVALID;
+ if (output)
+ *output |= out;
+ gnutls_assert();
+ result = 0;
+ goto cleanup;
+ }
+ (*max_path)--;
+
+ if (tcas_size >= 1)
+ issuer = find_issuer(cert, trusted_cas, tcas_size);
+
+ /* issuer is not in trusted certificate
+ * authorities.
+ */
+ if (issuer == NULL) {
+ out = GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ if (output)
+ *output |= out;
+ gnutls_assert();
+ result = 0;
+ goto cleanup;
+ }
+
+ if (_issuer != NULL)
+ *_issuer = issuer;
+
+ issuer_version = gnutls_x509_crt_get_version(issuer);
+ if (issuer_version < 0) {
+ gnutls_assert();
+ return issuer_version;
+ }
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
+ ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
+ || issuer_version != 1)) {
+ if (check_if_ca(cert, issuer, max_path, flags) == 0) {
+ gnutls_assert();
+ out =
+ GNUTLS_CERT_SIGNER_NOT_CA |
+ GNUTLS_CERT_INVALID;
+ if (output)
+ *output |= out;
+ result = 0;
+ goto cleanup;
+ }
+
+ result =
+ gnutls_x509_crt_get_key_usage(issuer, &usage, NULL);
+ if (result >= 0) {
+ if (!(usage & GNUTLS_KEY_KEY_CERT_SIGN)) {
+ gnutls_assert();
+ out =
+ GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE
+ | GNUTLS_CERT_INVALID;
+ if (output)
+ *output |= out;
+ result = 0;
+ goto cleanup;
+ }
+ }
+ }
+
+ result =
+ _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate",
+ &cert_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature(cert->cert, "signature",
+ &cert_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature_algorithm(cert->cert,
+ "signatureAlgorithm.algorithm");
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ hash_algo = gnutls_sign_get_hash_algorithm(result);
+
+ result =
+ _gnutls_x509_verify_data(mac_to_entry(hash_algo),
+ &cert_signed_data, &cert_signature,
+ issuer);
+ if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
+ gnutls_assert();
+ out |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
+ /* error. ignore it */
+ if (output)
+ *output |= out;
+ result = 0;
+ } else if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* If the certificate is not self signed check if the algorithms
+ * used are secure. If the certificate is self signed it doesn't
+ * really matter.
+ */
+ if (is_issuer(cert, cert) == 0) {
+ int sigalg;
+
+ sigalg = gnutls_x509_crt_get_signature_algorithm(cert);
+
+ if (gnutls_sign_is_secure(sigalg) == 0
+ && is_broken_allowed(sigalg, flags) == 0) {
+ out =
+ GNUTLS_CERT_INSECURE_ALGORITHM |
+ GNUTLS_CERT_INVALID;
+ if (output)
+ *output |= out;
+ result = 0;
+ }
+ }
+
+ /* Check activation/expiration times
+ */
+ if (!(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) {
+ /* check the time of the issuer first */
+ if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)) {
+ out |= check_time(issuer, now);
+ if (out != 0) {
+ result = 0;
+ if (output)
+ *output |= out;
+ }
+ }
+
+ out |= check_time(cert, now);
+ if (out != 0) {
+ result = 0;
+ if (output)
+ *output |= out;
+ }
+ }
+
+ cleanup:
+ if (result >= 0 && func)
+ func(cert, issuer, NULL, out);
+ _gnutls_free_datum(&cert_signed_data);
+ _gnutls_free_datum(&cert_signature);
+
+ return result;
}
/**
@@ -547,10 +540,10 @@ cleanup:
* by the given issuer, and false (0) if not.
**/
int
-gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer)
+gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer)
{
- return is_issuer (cert, issuer);
+ return is_issuer(cert, issuer);
}
/* Verify X.509 certificate chain.
@@ -561,132 +554,132 @@ gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
* list should lead to a trusted certificate in order to be trusted.
*/
unsigned int
-_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
- int clist_size,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size,
- unsigned int flags,
- gnutls_verify_output_function func)
+_gnutls_x509_verify_certificate(const gnutls_x509_crt_t * certificate_list,
+ int clist_size,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size,
+ unsigned int flags,
+ gnutls_verify_output_function func)
{
- int i = 0, ret;
- unsigned int status = 0, output;
- time_t now = gnutls_time (0);
- gnutls_x509_crt_t issuer = NULL;
- unsigned int max_path;
-
- if (clist_size > 1)
- {
- /* Check if the last certificate in the path is self signed.
- * In that case ignore it (a certificate is trusted only if it
- * leads to a trusted party by us, not the server's).
- *
- * This prevents from verifying self signed certificates against
- * themselves. This (although not bad) caused verification
- * failures on some root self signed certificates that use the
- * MD2 algorithm.
- */
- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
- certificate_list[clist_size - 1]) != 0)
- {
- clist_size--;
- }
- }
-
- /* We want to shorten the chain by removing the cert that matches
- * one of the certs we trust and all the certs after that i.e. if
- * cert chain is A signed-by B signed-by C signed-by D (signed-by
- * self-signed E but already removed above), and we trust B, remove
- * B, C and D. */
- if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
- i = 0; /* also replace the first one */
- else
- i = 1; /* do not replace the first one */
-
- for (; i < clist_size; i++)
- {
- int j;
-
- for (j = 0; j < tcas_size; j++)
- {
- if (_gnutls_check_if_same_cert (certificate_list[i], trusted_cas[j]) != 0)
- {
- /* explicity time check for trusted CA that we remove from
- * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
- */
- if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
- && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
- {
- status |= check_time (trusted_cas[j], now);
- if (status != 0)
- {
- if (func) func(certificate_list[i], trusted_cas[j], NULL, status);
- return status;
- }
- }
-
- if (func) func(certificate_list[i], trusted_cas[j], NULL, status);
- clist_size = i;
- break;
- }
- }
- /* clist_size may have been changed which gets out of loop */
- }
-
- if (clist_size == 0)
- {
- /* The certificate is already present in the trusted certificate list.
- * Nothing to verify. */
- return status;
- }
-
- /* Verify the last certificate in the certificate path
- * against the trusted CA certificate list.
- *
- * If no CAs are present returns CERT_INVALID. Thus works
- * in self signed etc certificates.
- */
- output = 0;
- max_path = MAX_VERIFY_DEPTH;
- ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
- trusted_cas, tcas_size, flags, &output,
- &issuer, now, &max_path, func);
- if (ret == 0)
- {
- /* if the last certificate in the certificate
- * list is invalid, then the certificate is not
- * trusted.
- */
- gnutls_assert ();
- status |= output;
- status |= GNUTLS_CERT_INVALID;
- return status;
- }
-
- /* Verify the certificate path (chain)
- */
- for (i = clist_size - 1; i > 0; i--)
- {
- output = 0;
- if (i - 1 < 0)
- break;
-
- /* note that here we disable this V1 CA flag. So that no version 1
- * certificates can exist in a supplied chain.
- */
- if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
- flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
- if ((ret =
- _gnutls_verify_certificate2 (certificate_list[i - 1],
- &certificate_list[i], 1, flags,
- &output, NULL, now, &max_path, func)) == 0)
- {
- status |= output;
- status |= GNUTLS_CERT_INVALID;
- return status;
- }
- }
-
- return 0;
+ int i = 0, ret;
+ unsigned int status = 0, output;
+ time_t now = gnutls_time(0);
+ gnutls_x509_crt_t issuer = NULL;
+ unsigned int max_path;
+
+ if (clist_size > 1) {
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ *
+ * This prevents from verifying self signed certificates against
+ * themselves. This (although not bad) caused verification
+ * failures on some root self signed certificates that use the
+ * MD2 algorithm.
+ */
+ if (gnutls_x509_crt_check_issuer
+ (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) != 0) {
+ clist_size--;
+ }
+ }
+
+ /* We want to shorten the chain by removing the cert that matches
+ * one of the certs we trust and all the certs after that i.e. if
+ * cert chain is A signed-by B signed-by C signed-by D (signed-by
+ * self-signed E but already removed above), and we trust B, remove
+ * B, C and D. */
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
+ i = 0; /* also replace the first one */
+ else
+ i = 1; /* do not replace the first one */
+
+ for (; i < clist_size; i++) {
+ int j;
+
+ for (j = 0; j < tcas_size; j++) {
+ if (_gnutls_check_if_same_cert
+ (certificate_list[i], trusted_cas[j]) != 0) {
+ /* explicity time check for trusted CA that we remove from
+ * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
+ */
+ if (!
+ (flags &
+ GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
+&& !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) {
+ status |=
+ check_time(trusted_cas[j],
+ now);
+ if (status != 0) {
+ if (func)
+ func(certificate_list[i], trusted_cas[j], NULL, status);
+ return status;
+ }
+ }
+
+ if (func)
+ func(certificate_list[i],
+ trusted_cas[j], NULL, status);
+ clist_size = i;
+ break;
+ }
+ }
+ /* clist_size may have been changed which gets out of loop */
+ }
+
+ if (clist_size == 0) {
+ /* The certificate is already present in the trusted certificate list.
+ * Nothing to verify. */
+ return status;
+ }
+
+ /* Verify the last certificate in the certificate path
+ * against the trusted CA certificate list.
+ *
+ * If no CAs are present returns CERT_INVALID. Thus works
+ * in self signed etc certificates.
+ */
+ output = 0;
+ max_path = MAX_VERIFY_DEPTH;
+ ret = _gnutls_verify_certificate2(certificate_list[clist_size - 1],
+ trusted_cas, tcas_size, flags,
+ &output, &issuer, now, &max_path,
+ func);
+ if (ret == 0) {
+ /* if the last certificate in the certificate
+ * list is invalid, then the certificate is not
+ * trusted.
+ */
+ gnutls_assert();
+ status |= output;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+
+ /* Verify the certificate path (chain)
+ */
+ for (i = clist_size - 1; i > 0; i--) {
+ output = 0;
+ if (i - 1 < 0)
+ break;
+
+ /* note that here we disable this V1 CA flag. So that no version 1
+ * certificates can exist in a supplied chain.
+ */
+ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
+ flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+ if ((ret =
+ _gnutls_verify_certificate2(certificate_list[i - 1],
+ &certificate_list[i], 1,
+ flags, &output, NULL, now,
+ &max_path, func)) == 0) {
+ status |= output;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+ }
+
+ return 0;
}
/* This will return the appropriate hash to verify the given signature.
@@ -694,12 +687,13 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
* the given parameters.
*/
int
-_gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm_t pk,
- gnutls_pk_params_st * issuer_params)
+_gnutls_x509_verify_algorithm(gnutls_digest_algorithm_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk,
+ gnutls_pk_params_st * issuer_params)
{
- return _gnutls_pk_hash_algorithm(pk, signature, issuer_params, hash);
+ return _gnutls_pk_hash_algorithm(pk, signature, issuer_params,
+ hash);
}
/* verifies if the certificate is properly signed.
@@ -709,37 +703,35 @@ _gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
* 'signature' is the signature!
*/
int
-_gnutls_x509_verify_data (const mac_entry_st* me,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_x509_crt_t issuer)
+_gnutls_x509_verify_data(const mac_entry_st * me,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ gnutls_x509_crt_t issuer)
{
- gnutls_pk_params_st issuer_params;
- int ret;
-
- /* Read the MPI parameters from the issuer's certificate.
- */
- ret =
- _gnutls_x509_crt_get_mpis (issuer, &issuer_params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pubkey_verify_data (gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
- me, data, signature, &issuer_params);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- /* release all allocated MPIs
- */
- gnutls_pk_params_release(&issuer_params);
-
- return ret;
+ gnutls_pk_params_st issuer_params;
+ int ret;
+
+ /* Read the MPI parameters from the issuer's certificate.
+ */
+ ret = _gnutls_x509_crt_get_mpis(issuer, &issuer_params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pubkey_verify_data(gnutls_x509_crt_get_pk_algorithm
+ (issuer, NULL), me, data, signature,
+ &issuer_params);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ /* release all allocated MPIs
+ */
+ gnutls_pk_params_release(&issuer_params);
+
+ return ret;
}
/**
@@ -771,40 +763,39 @@ _gnutls_x509_verify_data (const mac_entry_st* me,
* negative error value.
**/
int
-gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
- int cert_list_length,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length,
- const gnutls_x509_crl_t * CRL_list,
- int CRL_list_length, unsigned int flags,
- unsigned int *verify)
+gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list,
+ int cert_list_length,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length,
+ const gnutls_x509_crl_t * CRL_list,
+ int CRL_list_length, unsigned int flags,
+ unsigned int *verify)
{
-int i, ret;
-
- if (cert_list == NULL || cert_list_length == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- /* Verify certificate
- */
- *verify =
- _gnutls_x509_verify_certificate (cert_list, cert_list_length,
- CA_list, CA_list_length,
- flags, NULL);
-
- /* Check for revoked certificates in the chain.
- */
- for (i = 0; i < cert_list_length; i++)
- {
- ret = gnutls_x509_crt_check_revocation (cert_list[i],
- CRL_list, CRL_list_length);
- if (ret == 1)
- { /* revoked */
- *verify |= GNUTLS_CERT_REVOKED;
- *verify |= GNUTLS_CERT_INVALID;
- }
- }
-
- return 0;
+ int i, ret;
+
+ if (cert_list == NULL || cert_list_length == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ /* Verify certificate
+ */
+ *verify =
+ _gnutls_x509_verify_certificate(cert_list, cert_list_length,
+ CA_list, CA_list_length,
+ flags, NULL);
+
+ /* Check for revoked certificates in the chain.
+ */
+ for (i = 0; i < cert_list_length; i++) {
+ ret = gnutls_x509_crt_check_revocation(cert_list[i],
+ CRL_list,
+ CRL_list_length);
+ if (ret == 1) { /* revoked */
+ *verify |= GNUTLS_CERT_REVOKED;
+ *verify |= GNUTLS_CERT_INVALID;
+ }
+ }
+
+ return 0;
}
/**
@@ -823,18 +814,18 @@ int i, ret;
* negative error value.
**/
int
-gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
- const gnutls_x509_crt_t * CA_list,
- int CA_list_length, unsigned int flags,
- unsigned int *verify)
+gnutls_x509_crt_verify(gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify)
{
- /* Verify certificate
- */
- *verify =
- _gnutls_x509_verify_certificate (&cert, 1,
- CA_list, CA_list_length,
- flags, NULL);
- return 0;
+ /* Verify certificate
+ */
+ *verify =
+ _gnutls_x509_verify_certificate(&cert, 1,
+ CA_list, CA_list_length,
+ flags, NULL);
+ return 0;
}
/**
@@ -849,29 +840,28 @@ gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
* and false (0) if not.
**/
int
-gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,
- gnutls_x509_crt_t issuer)
+gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer)
{
- return is_crl_issuer (crl, issuer);
+ return is_crl_issuer(crl, issuer);
}
static inline gnutls_x509_crt_t
-find_crl_issuer (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * trusted_cas, int tcas_size)
+find_crl_issuer(gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * trusted_cas, int tcas_size)
{
- int i;
+ int i;
- /* this is serial search.
- */
+ /* this is serial search.
+ */
- for (i = 0; i < tcas_size; i++)
- {
- if (is_crl_issuer (crl, trusted_cas[i]) != 0)
- return trusted_cas[i];
- }
+ for (i = 0; i < tcas_size; i++) {
+ if (is_crl_issuer(crl, trusted_cas[i]) != 0)
+ return trusted_cas[i];
+ }
- gnutls_assert ();
- return NULL;
+ gnutls_assert();
+ return NULL;
}
/**
@@ -895,127 +885,130 @@ find_crl_issuer (gnutls_x509_crl_t crl,
* negative error value.
**/
int
-gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size, unsigned int flags, unsigned int *verify)
+gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *verify)
{
/* CRL is ignored for now */
- gnutls_datum_t crl_signed_data = { NULL, 0 };
- gnutls_datum_t crl_signature = { NULL, 0 };
- gnutls_x509_crt_t issuer = NULL;
- int result, hash_algo;
- time_t now = gnutls_time(0);
- unsigned int usage;
-
- if (verify)
- *verify = 0;
-
- if (tcas_size >= 1)
- issuer = find_crl_issuer (crl, trusted_cas, tcas_size);
-
- /* issuer is not in trusted certificate
- * authorities.
- */
- if (issuer == NULL)
- {
- gnutls_assert ();
- if (verify)
- *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
- return 0;
- }
-
- if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN))
- {
- if (gnutls_x509_crt_get_ca_status (issuer, NULL) != 1)
- {
- gnutls_assert ();
- if (verify)
- *verify |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
- return 0;
- }
-
- result = gnutls_x509_crt_get_key_usage(issuer, &usage, NULL);
- if (result >= 0)
- {
- if (!(usage & GNUTLS_KEY_CRL_SIGN))
- {
- gnutls_assert();
- if (verify)
- *verify |= GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE | GNUTLS_CERT_INVALID;
- return 0;
- }
- }
- }
-
- result =
- _gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_signature (crl->crl, "signature", &crl_signature);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_signature_algorithm(crl->crl, "signatureAlgorithm.algorithm");
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- hash_algo = gnutls_sign_get_hash_algorithm(result);
-
- result =
- _gnutls_x509_verify_data (mac_to_entry(hash_algo), &crl_signed_data, &crl_signature,
- issuer);
- if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
- {
- gnutls_assert ();
- /* error. ignore it */
- if (verify)
- *verify |= GNUTLS_CERT_SIGNATURE_FAILURE;
- result = 0;
- }
- else if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- {
- int sigalg;
-
- sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
-
- if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
- ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
- {
- if (verify)
- *verify |= GNUTLS_CERT_INSECURE_ALGORITHM;
- result = 0;
- }
- }
-
- if (gnutls_x509_crl_get_this_update (crl) > now && verify)
- *verify |= GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE;
-
- if (gnutls_x509_crl_get_next_update (crl) < now && verify)
- *verify |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED;
-
-
-cleanup:
- if (verify) *verify |= GNUTLS_CERT_INVALID;
-
- _gnutls_free_datum (&crl_signed_data);
- _gnutls_free_datum (&crl_signature);
-
- return result;
+ gnutls_datum_t crl_signed_data = { NULL, 0 };
+ gnutls_datum_t crl_signature = { NULL, 0 };
+ gnutls_x509_crt_t issuer = NULL;
+ int result, hash_algo;
+ time_t now = gnutls_time(0);
+ unsigned int usage;
+
+ if (verify)
+ *verify = 0;
+
+ if (tcas_size >= 1)
+ issuer = find_crl_issuer(crl, trusted_cas, tcas_size);
+
+ /* issuer is not in trusted certificate
+ * authorities.
+ */
+ if (issuer == NULL) {
+ gnutls_assert();
+ if (verify)
+ *verify |=
+ GNUTLS_CERT_SIGNER_NOT_FOUND |
+ GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN)) {
+ if (gnutls_x509_crt_get_ca_status(issuer, NULL) != 1) {
+ gnutls_assert();
+ if (verify)
+ *verify |=
+ GNUTLS_CERT_SIGNER_NOT_CA |
+ GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ result =
+ gnutls_x509_crt_get_key_usage(issuer, &usage, NULL);
+ if (result >= 0) {
+ if (!(usage & GNUTLS_KEY_CRL_SIGN)) {
+ gnutls_assert();
+ if (verify)
+ *verify |=
+ GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE
+ | GNUTLS_CERT_INVALID;
+ return 0;
+ }
+ }
+ }
+
+ result =
+ _gnutls_x509_get_signed_data(crl->crl, "tbsCertList",
+ &crl_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature(crl->crl, "signature",
+ &crl_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature_algorithm(crl->crl,
+ "signatureAlgorithm.algorithm");
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ hash_algo = gnutls_sign_get_hash_algorithm(result);
+
+ result =
+ _gnutls_x509_verify_data(mac_to_entry(hash_algo),
+ &crl_signed_data, &crl_signature,
+ issuer);
+ if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
+ gnutls_assert();
+ /* error. ignore it */
+ if (verify)
+ *verify |= GNUTLS_CERT_SIGNATURE_FAILURE;
+ result = 0;
+ } else if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ {
+ int sigalg;
+
+ sigalg = gnutls_x509_crl_get_signature_algorithm(crl);
+
+ if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
+ ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))) {
+ if (verify)
+ *verify |= GNUTLS_CERT_INSECURE_ALGORITHM;
+ result = 0;
+ }
+ }
+
+ if (gnutls_x509_crl_get_this_update(crl) > now && verify)
+ *verify |= GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE;
+
+ if (gnutls_x509_crl_get_next_update(crl) < now && verify)
+ *verify |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED;
+
+
+ cleanup:
+ if (verify)
+ *verify |= GNUTLS_CERT_INVALID;
+
+ _gnutls_free_datum(&crl_signed_data);
+ _gnutls_free_datum(&crl_signature);
+
+ return result;
}
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index a0ec602c2e..164864b668 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -42,30 +42,29 @@
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crt_init (gnutls_x509_crt_t * cert)
+int gnutls_x509_crt_init(gnutls_x509_crt_t * cert)
{
- gnutls_x509_crt_t tmp = gnutls_calloc (1, sizeof (gnutls_x509_crt_int));
- int result;
+ gnutls_x509_crt_t tmp =
+ gnutls_calloc(1, sizeof(gnutls_x509_crt_int));
+ int result;
- if (!tmp)
- return GNUTLS_E_MEMORY_ERROR;
+ if (!tmp)
+ return GNUTLS_E_MEMORY_ERROR;
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Certificate", &tmp->cert);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmp);
- return _gnutls_asn2err (result);
- }
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Certificate", &tmp->cert);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmp);
+ return _gnutls_asn2err(result);
+ }
- /* If you add anything here, be sure to check if it has to be added
- to gnutls_x509_crt_import as well. */
+ /* If you add anything here, be sure to check if it has to be added
+ to gnutls_x509_crt_import as well. */
- *cert = tmp;
+ *cert = tmp;
- return 0; /* success */
+ return 0; /* success */
}
/*-
@@ -78,49 +77,48 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
-*/
-int
-_gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
-{
- int ret;
- size_t der_size=0;
- uint8_t *der;
- gnutls_datum_t tmp;
-
- ret = gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- return ret;
- }
-
- der = gnutls_malloc (der_size);
- if (der == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (der);
- return ret;
- }
-
- tmp.data = der;
- tmp.size = der_size;
- ret = gnutls_x509_crt_import (dest, &tmp, GNUTLS_X509_FMT_DER);
-
- gnutls_free (der);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
+int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
+{
+ int ret;
+ size_t der_size = 0;
+ uint8_t *der;
+ gnutls_datum_t tmp;
+
+ ret =
+ gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, NULL,
+ &der_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ return ret;
+ }
+
+ der = gnutls_malloc(der_size);
+ if (der == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, der,
+ &der_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(der);
+ return ret;
+ }
+
+ tmp.data = der;
+ tmp.size = der_size;
+ ret = gnutls_x509_crt_import(dest, &tmp, GNUTLS_X509_FMT_DER);
+
+ gnutls_free(der);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -129,17 +127,16 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
*
* This function will deinitialize a certificate structure.
**/
-void
-gnutls_x509_crt_deinit (gnutls_x509_crt_t cert)
+void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert)
{
- if (!cert)
- return;
+ if (!cert)
+ return;
- if (cert->cert)
- asn1_delete_structure (&cert->cert);
- gnutls_free(cert->raw_dn.data);
- gnutls_free(cert->raw_issuer_dn.data);
- gnutls_free (cert);
+ if (cert->cert)
+ asn1_delete_structure(&cert->cert);
+ gnutls_free(cert->raw_dn.data);
+ gnutls_free(cert->raw_issuer_dn.data);
+ gnutls_free(cert);
}
/**
@@ -159,108 +156,103 @@ gnutls_x509_crt_deinit (gnutls_x509_crt_t cert)
* negative error value.
**/
int
-gnutls_x509_crt_import (gnutls_x509_crt_t cert,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format)
-{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- /* Try the first header */
- result =
- _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &_data);
-
- if (result <= 0)
- {
- /* try for the second header */
- result =
- _gnutls_fbase64_decode (PEM_X509_CERT, data->data,
- data->size, &_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- need_free = 1;
- }
-
- if (cert->expanded)
- {
- /* Any earlier asn1_der_decoding will modify the ASN.1
- structure, so we need to replace it with a fresh
- structure. */
- asn1_delete_structure (&cert->cert);
- _gnutls_free_datum(&cert->raw_dn);
- _gnutls_free_datum(&cert->raw_issuer_dn);
-
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Certificate", &cert->cert);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- result = asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- result = _gnutls_asn2err (result);
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_raw_dn2 (cert->cert, &_data,
- "tbsCertificate.issuer.rdnSequence",
- &cert->raw_issuer_dn);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_raw_dn2 (cert->cert, &_data,
- "tbsCertificate.subject.rdnSequence",
- &cert->raw_dn);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- cert->expanded = 1;
-
- /* Since we do not want to disable any extension
- */
- cert->use_extensions = 1;
- if (need_free)
- _gnutls_free_datum (&_data);
-
- return 0;
-
-cleanup:
- if (need_free)
- _gnutls_free_datum (&_data);
- _gnutls_free_datum (&cert->raw_dn);
- _gnutls_free_datum (&cert->raw_issuer_dn);
- return result;
+gnutls_x509_crt_import(gnutls_x509_crt_t cert,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
+{
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode(PEM_X509_CERT2, data->data,
+ data->size, &_data);
+
+ if (result <= 0) {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_X509_CERT,
+ data->data, data->size,
+ &_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ need_free = 1;
+ }
+
+ if (cert->expanded) {
+ /* Any earlier asn1_der_decoding will modify the ASN.1
+ structure, so we need to replace it with a fresh
+ structure. */
+ asn1_delete_structure(&cert->cert);
+ _gnutls_free_datum(&cert->raw_dn);
+ _gnutls_free_datum(&cert->raw_issuer_dn);
+
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Certificate",
+ &cert->cert);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ result =
+ asn1_der_decoding(&cert->cert, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_get_raw_dn2(cert->cert, &_data,
+ "tbsCertificate.issuer.rdnSequence",
+ &cert->raw_issuer_dn);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_get_raw_dn2(cert->cert, &_data,
+ "tbsCertificate.subject.rdnSequence",
+ &cert->raw_dn);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ cert->expanded = 1;
+
+ /* Since we do not want to disable any extension
+ */
+ cert->use_extensions = 1;
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ _gnutls_free_datum(&cert->raw_dn);
+ _gnutls_free_datum(&cert->raw_issuer_dn);
+ return result;
}
@@ -282,18 +274,17 @@ cleanup:
* the required size. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * buf_size)
+gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf,
+ size_t * buf_size)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_parse_dn (cert->cert,
- "tbsCertificate.issuer.rdnSequence", buf,
- buf_size);
+ return _gnutls_x509_parse_dn(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ buf, buf_size);
}
/**
@@ -312,16 +303,16 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
* Since: 3.1.10
**/
int
-gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
+gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_get_dn (cert->cert,
- "tbsCertificate.issuer.rdnSequence", dn);
+ return _gnutls_x509_get_dn(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ dn);
}
/**
@@ -354,27 +345,26 @@ gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
* are no data in the current index. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * buf_size)
+gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * buf_size)
{
-gnutls_datum_t td;
-int ret;
+ gnutls_datum_t td;
+ int ret;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ ret = _gnutls_x509_parse_dn_oid(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ oid, indx, raw_flag, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_x509_parse_dn_oid (cert->cert,
- "tbsCertificate.issuer.rdnSequence",
- oid, indx, raw_flag, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, buf, buf_size);
+ return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
/**
@@ -397,18 +387,17 @@ int ret;
* are no data in the current index. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * oid_size)
+gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid, size_t * oid_size)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_get_dn_oid (cert->cert,
- "tbsCertificate.issuer.rdnSequence",
- indx, oid, oid_size);
+ return _gnutls_x509_get_dn_oid(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ indx, oid, oid_size);
}
/**
@@ -429,18 +418,17 @@ gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
* with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * buf_size)
+gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf,
+ size_t * buf_size)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_parse_dn (cert->cert,
- "tbsCertificate.subject.rdnSequence", buf,
- buf_size);
+ return _gnutls_x509_parse_dn(cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ buf, buf_size);
}
/**
@@ -458,17 +446,16 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
*
* Since: 3.1.10
**/
-int
-gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
+int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_get_dn (cert->cert,
- "tbsCertificate.subject.rdnSequence", dn);
+ return _gnutls_x509_get_dn(cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ dn);
}
/**
@@ -501,26 +488,25 @@ gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
* are no data in the current index. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * buf_size)
+gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * buf_size)
{
-gnutls_datum_t td;
-int ret;
+ gnutls_datum_t td;
+ int ret;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ ret = _gnutls_x509_parse_dn_oid(cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ oid, indx, raw_flag, &td);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_x509_parse_dn_oid (cert->cert,
- "tbsCertificate.subject.rdnSequence",
- oid, indx, raw_flag, &td);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return _gnutls_strdatum_to_buf (&td, buf, buf_size);
+ return _gnutls_strdatum_to_buf(&td, buf, buf_size);
}
/**
@@ -543,18 +529,17 @@ int ret;
* are no data in the current index. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * oid_size)
+gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid, size_t * oid_size)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_get_dn_oid (cert->cert,
- "tbsCertificate.subject.rdnSequence",
- indx, oid, oid_size);
+ return _gnutls_x509_get_dn_oid(cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ indx, oid, oid_size);
}
/**
@@ -568,10 +553,10 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
* Returns: a #gnutls_sign_algorithm_t value, or a negative error code on
* error.
**/
-int
-gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert)
+int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert)
{
- return _gnutls_x509_get_signature_algorithm(cert->cert, "signatureAlgorithm.algorithm");
+ return _gnutls_x509_get_signature_algorithm(cert->cert,
+ "signatureAlgorithm.algorithm");
}
/**
@@ -586,50 +571,45 @@ gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert)
* negative error value. and a negative error code on error.
**/
int
-gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
- char *sig, size_t * sizeof_sig)
-{
- int result;
- unsigned int bits;
- int len;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = 0;
- result = asn1_read_value (cert->cert, "signature", NULL, &len);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- bits = len;
- if (bits % 8 != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- len = bits / 8;
-
- if (*sizeof_sig < (unsigned int) len)
- {
- *sizeof_sig = len;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- result = asn1_read_value (cert->cert, "signature", sig, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
+ char *sig, size_t * sizeof_sig)
+{
+ int result;
+ unsigned int bits;
+ int len;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = 0;
+ result = asn1_read_value(cert->cert, "signature", NULL, &len);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ bits = len;
+ if (bits % 8 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ len = bits / 8;
+
+ if (*sizeof_sig < (unsigned int) len) {
+ *sizeof_sig = len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ result = asn1_read_value(cert->cert, "signature", sig, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -640,31 +620,28 @@ gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
*
* Returns: version of certificate, or a negative error code on error.
**/
-int
-gnutls_x509_crt_get_version (gnutls_x509_crt_t cert)
+int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert)
{
- uint8_t version[8];
- int len, result;
+ uint8_t version[8];
+ int len, result;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- len = sizeof (version);
- if ((result =
- asn1_read_value (cert->cert, "tbsCertificate.version", version,
- &len)) != ASN1_SUCCESS)
- {
+ len = sizeof(version);
+ if ((result =
+ asn1_read_value(cert->cert, "tbsCertificate.version", version,
+ &len)) != ASN1_SUCCESS) {
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return (int) version[0] + 1;
+ return (int) version[0] + 1;
}
/**
@@ -676,17 +653,16 @@ gnutls_x509_crt_get_version (gnutls_x509_crt_t cert)
*
* Returns: activation time, or (time_t)-1 on error.
**/
-time_t
-gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert)
+time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time (cert->cert,
- "tbsCertificate.validity.notBefore", 0);
+ return _gnutls_x509_get_time(cert->cert,
+ "tbsCertificate.validity.notBefore",
+ 0);
}
/**
@@ -698,17 +674,16 @@ gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert)
*
* Returns: expiration time, or (time_t)-1 on error.
**/
-time_t
-gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert)
+time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return (time_t) - 1;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time (cert->cert,
- "tbsCertificate.validity.notAfter", 0);
+ return _gnutls_x509_get_time(cert->cert,
+ "tbsCertificate.validity.notAfter",
+ 0);
}
/**
@@ -726,60 +701,59 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert)
* if the extension is not present, otherwise a negative error value.
**/
int
-gnutls_x509_crt_get_private_key_usage_period (gnutls_x509_crt_t cert, time_t* activation, time_t* expiration,
- unsigned int *critical)
-{
- int result, ret;
- gnutls_datum_t der = {NULL, 0};
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.16", 0, &der,
- critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (der.size == 0 || der.data == NULL)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.PrivateKeyUsagePeriod", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_der_decoding (&c2, der.data, der.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (activation)
- *activation = _gnutls_x509_get_time (c2,
- "notBefore", 1);
-
- if (expiration)
- *expiration = _gnutls_x509_get_time (c2,
- "notAfter", 1);
-
- ret = 0;
-
-cleanup:
- _gnutls_free_datum(&der);
- asn1_delete_structure (&c2);
-
- return ret;
+gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t cert,
+ time_t * activation,
+ time_t * expiration,
+ unsigned int *critical)
+{
+ int result, ret;
+ gnutls_datum_t der = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.16", 0, &der,
+ critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (der.size == 0 || der.data == NULL)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.PrivateKeyUsagePeriod", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding(&c2, der.data, der.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (activation)
+ *activation = _gnutls_x509_get_time(c2, "notBefore", 1);
+
+ if (expiration)
+ *expiration = _gnutls_x509_get_time(c2, "notAfter", 1);
+
+ ret = 0;
+
+ cleanup:
+ _gnutls_free_datum(&der);
+ asn1_delete_structure(&c2);
+
+ return ret;
}
@@ -798,29 +772,28 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
- size_t * result_size)
+gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result,
+ size_t * result_size)
{
- int ret, len;
+ int ret, len;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- len = *result_size;
- ret =
- asn1_read_value (cert->cert, "tbsCertificate.serialNumber", result, &len);
- *result_size = len;
+ len = *result_size;
+ ret =
+ asn1_read_value(cert->cert, "tbsCertificate.serialNumber",
+ result, &len);
+ *result_size = len;
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
- return 0;
+ return 0;
}
/**
@@ -838,126 +811,116 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
* if the extension is not present, otherwise a negative error value.
**/
int
-gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret,
- size_t * ret_size, unsigned int *critical)
-{
- int result, len;
- gnutls_datum_t id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
-
- if (ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
-
- if ((result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id,
- critical)) < 0)
- {
- return result;
- }
-
- if (id.size == 0 || id.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.SubjectKeyIdentifier", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&id);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, id.data, id.size, NULL);
- _gnutls_free_datum (&id);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- len = *ret_size;
- result = asn1_read_value (c2, "", ret, &len);
-
- *ret_size = len;
- asn1_delete_structure (&c2);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- if (result != ASN1_MEM_ERROR)
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
+{
+ int result, len;
+ gnutls_datum_t id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+
+ if (ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &id,
+ critical)) < 0) {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectKeyIdentifier", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ len = *ret_size;
+ result = asn1_read_value(c2, "", ret, &len);
+
+ *ret_size = len;
+ asn1_delete_structure(&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ if (result != ASN1_MEM_ERROR)
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
static int
-_get_authority_key_id (gnutls_x509_crt_t cert, ASN1_TYPE *c2,
- unsigned int *critical)
-{
- int ret;
- gnutls_datum_t id;
-
- *c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((ret =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id,
- critical)) < 0)
- {
- return gnutls_assert_val(ret);
- }
-
- if (id.size == 0 || id.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- ret = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&id);
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_der_decoding (c2, id.data, id.size, NULL);
- _gnutls_free_datum (&id);
-
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (c2);
- return _gnutls_asn2err (ret);
- }
-
- return 0;
+_get_authority_key_id(gnutls_x509_crt_t cert, ASN1_TYPE * c2,
+ unsigned int *critical)
+{
+ int ret;
+ gnutls_datum_t id;
+
+ *c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((ret =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &id,
+ critical)) < 0) {
+ return gnutls_assert_val(ret);
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ ret = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = asn1_der_decoding(c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(c2);
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/**
@@ -985,48 +948,50 @@ _get_authority_key_id (gnutls_x509_crt_t cert, ASN1_TYPE *c2,
* Since: 3.0
**/
int
-gnutls_x509_crt_get_authority_key_gn_serial (gnutls_x509_crt_t cert, unsigned int seq, void *alt,
- size_t * alt_size, unsigned int *alt_type,
- void* serial, size_t *serial_size,
- unsigned int *critical)
-{
-int ret, result, len;
-ASN1_TYPE c2;
-
- ret = _get_authority_key_id(cert, &c2, critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret =
- _gnutls_parse_general_name (c2, "authorityCertIssuer", seq, alt, alt_size, alt_type,
- 0);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto fail;
- }
-
- if (serial)
- {
- len = *serial_size;
- result = asn1_read_value (c2, "authorityCertSerialNumber", serial, &len);
-
- *serial_size = len;
-
- if (result < 0)
- {
- ret = _gnutls_asn2err(result);
- goto fail;
- }
-
- }
-
- ret = 0;
-
-fail:
- asn1_delete_structure (&c2);
-
- return ret;
+gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert,
+ unsigned int seq, void *alt,
+ size_t * alt_size,
+ unsigned int *alt_type,
+ void *serial,
+ size_t * serial_size,
+ unsigned int *critical)
+{
+ int ret, result, len;
+ ASN1_TYPE c2;
+
+ ret = _get_authority_key_id(cert, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_parse_general_name(c2, "authorityCertIssuer", seq, alt,
+ alt_size, alt_type, 0);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto fail;
+ }
+
+ if (serial) {
+ len = *serial_size;
+ result =
+ asn1_read_value(c2, "authorityCertSerialNumber",
+ serial, &len);
+
+ *serial_size = len;
+
+ if (result < 0) {
+ ret = _gnutls_asn2err(result);
+ goto fail;
+ }
+
+ }
+
+ ret = 0;
+
+ fail:
+ asn1_delete_structure(&c2);
+
+ return ret;
}
/**
@@ -1048,34 +1013,35 @@ fail:
* if the extension is not present, otherwise a negative error value.
**/
int
-gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *id,
- size_t * id_size,
- unsigned int *critical)
+gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id,
+ size_t * id_size,
+ unsigned int *critical)
{
- int ret, result, len;
- ASN1_TYPE c2;
+ int ret, result, len;
+ ASN1_TYPE c2;
- ret = _get_authority_key_id(cert, &c2, critical);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _get_authority_key_id(cert, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- len = *id_size;
- result = asn1_read_value (c2, "keyIdentifier", id, &len);
+ len = *id_size;
+ result = asn1_read_value(c2, "keyIdentifier", id, &len);
- *id_size = len;
- asn1_delete_structure (&c2);
+ *id_size = len;
+ asn1_delete_structure(&c2);
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- return gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION);
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND)
+ return
+ gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION);
- if (result != ASN1_SUCCESS)
- {
- if (result != ASN1_MEM_ERROR)
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ if (result != ASN1_MEM_ERROR)
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/**
@@ -1095,42 +1061,40 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *id,
* success, or a negative error code on error.
**/
int
-gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, unsigned int *bits)
+gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert,
+ unsigned int *bits)
{
- int result;
+ int result;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bits)
- *bits = 0;
+ if (bits)
+ *bits = 0;
- result =
- _gnutls_x509_get_pk_algorithm (cert->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- bits);
+ result =
+ _gnutls_x509_get_pk_algorithm(cert->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ bits);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return result;
+ return result;
}
-inline static int
-is_type_printable (int type)
+inline static int is_type_printable(int type)
{
- if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME ||
- type == GNUTLS_SAN_URI)
- return 1;
- else
- return 0;
+ if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME ||
+ type == GNUTLS_SAN_URI)
+ return 1;
+ else
+ return 0;
}
#define XMPP_OID "1.3.6.1.5.5.7.8.5"
@@ -1139,251 +1103,233 @@ is_type_printable (int type)
* Type is also returned as a parameter in case of an error.
*/
int
-_gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
- int seq, void *name, size_t * name_size,
- unsigned int *ret_type, int othername_oid)
-{
- int len;
- char nptr[ASN1_MAX_NAME_SIZE];
- int result;
- char choice_type[128];
- gnutls_x509_subject_alt_name_t type;
-
- seq++; /* 0->1, 1->2 etc */
-
- if (src_name[0] != 0)
- snprintf (nptr, sizeof (nptr), "%s.?%u", src_name, seq);
- else
- snprintf (nptr, sizeof (nptr), "?%u", seq);
-
- len = sizeof (choice_type);
- result = asn1_read_value (src, nptr, choice_type, &len);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
-
- type = _gnutls_x509_san_find_type (choice_type);
- if (type == (gnutls_x509_subject_alt_name_t) - 1)
- {
- gnutls_assert ();
- return GNUTLS_E_X509_UNKNOWN_SAN;
- }
-
- if (ret_type)
- *ret_type = type;
-
- if (type == GNUTLS_SAN_OTHERNAME)
- {
- if (othername_oid)
- _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.type-id");
- else
- _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.value");
-
- len = *name_size;
- result = asn1_read_value (src, nptr, name, &len);
- *name_size = len;
-
- if (result == ASN1_MEM_ERROR)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (othername_oid)
- {
- if ((unsigned)len > strlen (XMPP_OID) && strcmp (name, XMPP_OID) == 0)
- type = GNUTLS_SAN_OTHERNAME_XMPP;
- }
- else
- {
- char oid[42];
-
- if (src_name[0] != 0)
- snprintf (nptr, sizeof (nptr), "%s.?%u.otherName.type-id",
- src_name, seq);
- else
- snprintf (nptr, sizeof (nptr), "?%u.otherName.type-id", seq);
-
- len = sizeof (oid);
- result = asn1_read_value (src, nptr, oid, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if ((unsigned)len > strlen (XMPP_OID) && strcmp (oid, XMPP_OID) == 0)
- {
- gnutls_datum_t out;
-
- result = _gnutls_x509_decode_string(ASN1_ETYPE_UTF8_STRING,
- name, *name_size, &out);
- if (result < 0)
- {
- gnutls_assert();
- return result;
- }
-
- if (*name_size <= out.size)
- {
- gnutls_assert ();
- gnutls_free(out.data);
- *name_size = len + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *name_size = out.size;
- memcpy(name, out.data, out.size);
- /* null terminate it */
- ((char *) name)[*name_size] = 0;
- gnutls_free(out.data);
- }
- }
- }
- else if (type == GNUTLS_SAN_DN)
- {
- _gnutls_str_cat (nptr, sizeof (nptr), ".directoryName");
- result = _gnutls_x509_parse_dn (src, nptr, name, name_size);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
- else if (othername_oid)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else
- {
- size_t orig_name_size = *name_size;
-
- _gnutls_str_cat (nptr, sizeof (nptr), ".");
- _gnutls_str_cat (nptr, sizeof (nptr), choice_type);
-
- len = *name_size;
- result = asn1_read_value (src, nptr, name, &len);
- *name_size = len;
-
- if (result == ASN1_MEM_ERROR)
- {
- if (is_type_printable (type))
- (*name_size)++;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (is_type_printable (type))
- {
-
- if ((unsigned)len + 1 > orig_name_size)
- {
- gnutls_assert ();
- (*name_size)++;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- /* null terminate it */
- if (name)
- ((char *) name)[*name_size] = 0;
- }
-
- }
-
- return type;
+_gnutls_parse_general_name(ASN1_TYPE src, const char *src_name,
+ int seq, void *name, size_t * name_size,
+ unsigned int *ret_type, int othername_oid)
+{
+ int len;
+ char nptr[ASN1_MAX_NAME_SIZE];
+ int result;
+ char choice_type[128];
+ gnutls_x509_subject_alt_name_t type;
+
+ seq++; /* 0->1, 1->2 etc */
+
+ if (src_name[0] != 0)
+ snprintf(nptr, sizeof(nptr), "%s.?%u", src_name, seq);
+ else
+ snprintf(nptr, sizeof(nptr), "?%u", seq);
+
+ len = sizeof(choice_type);
+ result = asn1_read_value(src, nptr, choice_type, &len);
+
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ type = _gnutls_x509_san_find_type(choice_type);
+ if (type == (gnutls_x509_subject_alt_name_t) - 1) {
+ gnutls_assert();
+ return GNUTLS_E_X509_UNKNOWN_SAN;
+ }
+
+ if (ret_type)
+ *ret_type = type;
+
+ if (type == GNUTLS_SAN_OTHERNAME) {
+ if (othername_oid)
+ _gnutls_str_cat(nptr, sizeof(nptr),
+ ".otherName.type-id");
+ else
+ _gnutls_str_cat(nptr, sizeof(nptr),
+ ".otherName.value");
+
+ len = *name_size;
+ result = asn1_read_value(src, nptr, name, &len);
+ *name_size = len;
+
+ if (result == ASN1_MEM_ERROR)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (othername_oid) {
+ if ((unsigned) len > strlen(XMPP_OID)
+ && strcmp(name, XMPP_OID) == 0)
+ type = GNUTLS_SAN_OTHERNAME_XMPP;
+ } else {
+ char oid[42];
+
+ if (src_name[0] != 0)
+ snprintf(nptr, sizeof(nptr),
+ "%s.?%u.otherName.type-id",
+ src_name, seq);
+ else
+ snprintf(nptr, sizeof(nptr),
+ "?%u.otherName.type-id", seq);
+
+ len = sizeof(oid);
+ result = asn1_read_value(src, nptr, oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if ((unsigned) len > strlen(XMPP_OID)
+ && strcmp(oid, XMPP_OID) == 0) {
+ gnutls_datum_t out;
+
+ result =
+ _gnutls_x509_decode_string
+ (ASN1_ETYPE_UTF8_STRING, name,
+ *name_size, &out);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (*name_size <= out.size) {
+ gnutls_assert();
+ gnutls_free(out.data);
+ *name_size = len + 1;
+ return
+ GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *name_size = out.size;
+ memcpy(name, out.data, out.size);
+ /* null terminate it */
+ ((char *) name)[*name_size] = 0;
+ gnutls_free(out.data);
+ }
+ }
+ } else if (type == GNUTLS_SAN_DN) {
+ _gnutls_str_cat(nptr, sizeof(nptr), ".directoryName");
+ result = _gnutls_x509_parse_dn(src, nptr, name, name_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ } else if (othername_oid)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else {
+ size_t orig_name_size = *name_size;
+
+ _gnutls_str_cat(nptr, sizeof(nptr), ".");
+ _gnutls_str_cat(nptr, sizeof(nptr), choice_type);
+
+ len = *name_size;
+ result = asn1_read_value(src, nptr, name, &len);
+ *name_size = len;
+
+ if (result == ASN1_MEM_ERROR) {
+ if (is_type_printable(type))
+ (*name_size)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (is_type_printable(type)) {
+
+ if ((unsigned) len + 1 > orig_name_size) {
+ gnutls_assert();
+ (*name_size)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ /* null terminate it */
+ if (name)
+ ((char *) name)[*name_size] = 0;
+ }
+
+ }
+
+ return type;
}
static int
-get_alt_name (gnutls_x509_crt_t cert, const char *extension_id,
- unsigned int seq, void *alt,
- size_t * alt_size, unsigned int *alt_type,
- unsigned int *critical, int othername_oid)
-{
- int result;
- gnutls_datum_t dnsname;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (alt)
- memset (alt, 0, *alt_size);
- else
- *alt_size = 0;
-
- if ((result =
- _gnutls_x509_crt_get_extension (cert, extension_id, 0, &dnsname,
- critical)) < 0)
- {
- return result;
- }
-
- if (dnsname.size == 0 || dnsname.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (strcmp ("2.5.29.17", extension_id) == 0)
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.SubjectAltName", &c2);
- else if (strcmp ("2.5.29.18", extension_id) == 0)
- result = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.IssuerAltName", &c2);
- else
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&dnsname);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, dnsname.data, dnsname.size, NULL);
- _gnutls_free_datum (&dnsname);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- result =
- _gnutls_parse_general_name (c2, "", seq, alt, alt_size, alt_type,
- othername_oid);
-
- asn1_delete_structure (&c2);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return result;
+get_alt_name(gnutls_x509_crt_t cert, const char *extension_id,
+ unsigned int seq, void *alt,
+ size_t * alt_size, unsigned int *alt_type,
+ unsigned int *critical, int othername_oid)
+{
+ int result;
+ gnutls_datum_t dnsname;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (alt)
+ memset(alt, 0, *alt_size);
+ else
+ *alt_size = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, extension_id, 0,
+ &dnsname, critical)) < 0) {
+ return result;
+ }
+
+ if (dnsname.size == 0 || dnsname.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (strcmp("2.5.29.17", extension_id) == 0)
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.SubjectAltName", &c2);
+ else if (strcmp("2.5.29.18", extension_id) == 0)
+ result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.IssuerAltName", &c2);
+ else {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&dnsname);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, dnsname.data, dnsname.size, NULL);
+ _gnutls_free_datum(&dnsname);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_parse_general_name(c2, "", seq, alt, alt_size,
+ alt_type, othername_oid);
+
+ asn1_delete_structure(&c2);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return result;
}
/**
@@ -1417,13 +1363,13 @@ get_alt_name (gnutls_x509_crt_t cert, const char *extension_id,
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
**/
int
-gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *san,
- size_t * san_size,
- unsigned int *critical)
+gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert,
+ unsigned int seq, void *san,
+ size_t * san_size,
+ unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.17", seq, san, san_size, NULL, critical,
- 0);
+ return get_alt_name(cert, "2.5.29.17", seq, san, san_size, NULL,
+ critical, 0);
}
/**
@@ -1460,13 +1406,13 @@ gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
* Since: 2.10.0
**/
int
-gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *ian,
- size_t * ian_size,
- unsigned int *critical)
+gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert,
+ unsigned int seq, void *ian,
+ size_t * ian_size,
+ unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.18", seq, ian, ian_size, NULL, critical,
- 0);
+ return get_alt_name(cert, "2.5.29.18", seq, ian, ian_size, NULL,
+ critical, 0);
}
/**
@@ -1494,14 +1440,14 @@ gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
**/
int
-gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *san,
- size_t * san_size,
- unsigned int *san_type,
- unsigned int *critical)
+gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert,
+ unsigned int seq, void *san,
+ size_t * san_size,
+ unsigned int *san_type,
+ unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.17", seq, san, san_size, san_type,
- critical, 0);
+ return get_alt_name(cert, "2.5.29.17", seq, san, san_size,
+ san_type, critical, 0);
}
/**
@@ -1532,14 +1478,14 @@ gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
*
**/
int
-gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *ian,
- size_t * ian_size,
- unsigned int *ian_type,
- unsigned int *critical)
+gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t cert,
+ unsigned int seq, void *ian,
+ size_t * ian_size,
+ unsigned int *ian_type,
+ unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.18", seq, ian, ian_size, ian_type,
- critical, 0);
+ return get_alt_name(cert, "2.5.29.18", seq, ian, ian_size,
+ ian_type, critical, 0);
}
/**
@@ -1573,11 +1519,12 @@ gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
**/
int
-gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *oid, size_t * oid_size)
+gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *oid, size_t * oid_size)
{
- return get_alt_name (cert, "2.5.29.17", seq, oid, oid_size, NULL, NULL, 1);
+ return get_alt_name(cert, "2.5.29.17", seq, oid, oid_size, NULL,
+ NULL, 1);
}
/**
@@ -1613,11 +1560,12 @@ gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
* Since: 2.10.0
**/
int
-gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret, size_t * ret_size)
+gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ret, size_t * ret_size)
{
- return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, NULL, NULL, 1);
+ return get_alt_name(cert, "2.5.29.18", seq, ret, ret_size, NULL,
+ NULL, 1);
}
/**
@@ -1641,49 +1589,48 @@ gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
* GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
**/
int
-gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
- unsigned int *critical,
- unsigned int *ca, int *pathlen)
-{
- int result;
- gnutls_datum_t basicConstraints;
- unsigned int tmp_ca;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.19", 0,
- &basicConstraints, critical)) < 0)
- {
- return result;
- }
-
- if (basicConstraints.size == 0 || basicConstraints.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result =
- _gnutls_x509_ext_extract_basicConstraints (&tmp_ca,
- pathlen,
- basicConstraints.data,
- basicConstraints.size);
- if (ca)
- *ca = tmp_ca;
- _gnutls_free_datum (&basicConstraints);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return tmp_ca;
+gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ unsigned int *ca, int *pathlen)
+{
+ int result;
+ gnutls_datum_t basicConstraints;
+ unsigned int tmp_ca;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.19", 0,
+ &basicConstraints,
+ critical)) < 0) {
+ return result;
+ }
+
+ if (basicConstraints.size == 0 || basicConstraints.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result =
+ _gnutls_x509_ext_extract_basicConstraints(&tmp_ca,
+ pathlen,
+ basicConstraints.
+ data,
+ basicConstraints.
+ size);
+ if (ca)
+ *ca = tmp_ca;
+ _gnutls_free_datum(&basicConstraints);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return tmp_ca;
}
/**
@@ -1704,12 +1651,13 @@ gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
**/
int
-gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical)
+gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert,
+ unsigned int *critical)
{
- int pathlen;
- unsigned int ca;
- return gnutls_x509_crt_get_basic_constraints (cert, critical, &ca,
- &pathlen);
+ int pathlen;
+ unsigned int ca;
+ return gnutls_x509_crt_get_basic_constraints(cert, critical, &ca,
+ &pathlen);
}
/**
@@ -1732,46 +1680,42 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical)
* returned.
**/
int
-gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
- unsigned int *key_usage,
- unsigned int *critical)
+gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert,
+ unsigned int *key_usage,
+ unsigned int *critical)
{
- int result;
- gnutls_datum_t keyUsage;
- uint16_t _usage;
+ int result;
+ gnutls_datum_t keyUsage;
+ uint16_t _usage;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if ((result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.15", 0, &keyUsage,
- critical)) < 0)
- {
- return result;
- }
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.15", 0,
+ &keyUsage, critical)) < 0) {
+ return result;
+ }
- if (keyUsage.size == 0 || keyUsage.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (keyUsage.size == 0 || keyUsage.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- result = _gnutls_x509_ext_extract_keyUsage (&_usage, keyUsage.data,
- keyUsage.size);
- _gnutls_free_datum (&keyUsage);
+ result = _gnutls_x509_ext_extract_keyUsage(&_usage, keyUsage.data,
+ keyUsage.size);
+ _gnutls_free_datum(&keyUsage);
- *key_usage = _usage;
+ *key_usage = _usage;
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -1792,48 +1736,46 @@ gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
* otherwise a negative error code is returned.
**/
int
-gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *pathlen,
- char **policyLanguage,
- char **policy, size_t * sizeof_policy)
-{
- int result;
- gnutls_datum_t proxyCertInfo;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- _gnutls_x509_crt_get_extension (cert, "1.3.6.1.5.5.7.1.14", 0,
- &proxyCertInfo, critical)) < 0)
- {
- return result;
- }
-
- if (proxyCertInfo.size == 0 || proxyCertInfo.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result = _gnutls_x509_ext_extract_proxyCertInfo (pathlen,
- policyLanguage,
- policy,
- sizeof_policy,
- proxyCertInfo.data,
- proxyCertInfo.size);
- _gnutls_free_datum (&proxyCertInfo);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ int *pathlen,
+ char **policyLanguage,
+ char **policy, size_t * sizeof_policy)
+{
+ int result;
+ gnutls_datum_t proxyCertInfo;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "1.3.6.1.5.5.7.1.14", 0,
+ &proxyCertInfo, critical)) < 0)
+ {
+ return result;
+ }
+
+ if (proxyCertInfo.size == 0 || proxyCertInfo.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = _gnutls_x509_ext_extract_proxyCertInfo(pathlen,
+ policyLanguage,
+ policy,
+ sizeof_policy,
+ proxyCertInfo.data,
+ proxyCertInfo.
+ size);
+ _gnutls_free_datum(&proxyCertInfo);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -1845,92 +1787,86 @@ gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
*
* Since: 3.1.5
**/
-void gnutls_x509_policy_release(struct gnutls_x509_policy_st* policy)
-{
-unsigned i;
-
- gnutls_free(policy->oid);
- for (i=0;i<policy->qualifiers;i++)
- gnutls_free(policy->qualifier[i].data);
-}
-
-static int decode_user_notice(const void* data, size_t size, gnutls_datum_t *txt)
-{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int ret, len;
- char choice_type[64];
- char name[128];
- gnutls_datum_t td, utd;
-
- ret = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.UserNotice", &c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
-
- ret = asn1_der_decoding (&c2, data, size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
-
- len = sizeof(choice_type);
- ret = asn1_read_value(c2, "explicitText", choice_type, &len);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
-
- if (strcmp(choice_type, "utf8String") != 0 && strcmp(choice_type, "IA5String") != 0 &&
- strcmp(choice_type, "bmpString") != 0 && strcmp(choice_type, "visibleString") != 0)
- {
- gnutls_assert();
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
-
- snprintf (name, sizeof (name), "explicitText.%s", choice_type);
-
- ret = _gnutls_x509_read_value(c2, name, &td);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if (strcmp(choice_type, "bmpString") == 0)
- { /* convert to UTF-8 */
- ret = _gnutls_ucs2_to_utf8(td.data, td.size, &utd);
- _gnutls_free_datum(&td);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- td.data = utd.data;
- td.size = utd.size;
- }
- else
- {
- /* _gnutls_x509_read_value allows that */
- td.data[td.size] = 0;
- }
-
- txt->data = (void*)td.data;
- txt->size = td.size;
- ret = 0;
-
-cleanup:
- asn1_delete_structure (&c2);
- return ret;
+void gnutls_x509_policy_release(struct gnutls_x509_policy_st *policy)
+{
+ unsigned i;
+
+ gnutls_free(policy->oid);
+ for (i = 0; i < policy->qualifiers; i++)
+ gnutls_free(policy->qualifier[i].data);
+}
+
+static int decode_user_notice(const void *data, size_t size,
+ gnutls_datum_t * txt)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int ret, len;
+ char choice_type[64];
+ char name[128];
+ gnutls_datum_t td, utd;
+
+ ret = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.UserNotice", &c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding(&c2, data, size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+
+ len = sizeof(choice_type);
+ ret = asn1_read_value(c2, "explicitText", choice_type, &len);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+
+ if (strcmp(choice_type, "utf8String") != 0
+ && strcmp(choice_type, "IA5String") != 0
+ && strcmp(choice_type, "bmpString") != 0
+ && strcmp(choice_type, "visibleString") != 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+
+ snprintf(name, sizeof(name), "explicitText.%s", choice_type);
+
+ ret = _gnutls_x509_read_value(c2, name, &td);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (strcmp(choice_type, "bmpString") == 0) { /* convert to UTF-8 */
+ ret = _gnutls_ucs2_to_utf8(td.data, td.size, &utd);
+ _gnutls_free_datum(&td);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ td.data = utd.data;
+ td.size = utd.size;
+ } else {
+ /* _gnutls_x509_read_value allows that */
+ td.data[td.size] = 0;
+ }
+
+ txt->data = (void *) td.data;
+ txt->size = td.size;
+ ret = 0;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+ return ret;
}
@@ -1953,153 +1889,149 @@ cleanup:
* Since: 3.1.5
**/
int
-gnutls_x509_crt_get_policy (gnutls_x509_crt_t crt, int indx,
- struct gnutls_x509_policy_st* policy,
- unsigned int *critical)
-{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- char tmpstr[128];
- char tmpoid[MAX_OID_SIZE];
- gnutls_datum_t tmpd = {NULL, 0};
- int ret, len;
- unsigned i;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- memset(policy, 0, sizeof(*policy));
-
- if ((ret =
- _gnutls_x509_crt_get_extension (crt, "2.5.29.32", 0, &tmpd,
- critical)) < 0)
- {
- return ret;
- }
-
- if (tmpd.size == 0 || tmpd .data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- ret = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.certificatePolicies", &c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- ret = asn1_der_decoding (&c2, tmpd.data, tmpd.size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
- _gnutls_free_datum (&tmpd);
-
- indx++;
- /* create a string like "?1"
- */
- snprintf (tmpstr, sizeof (tmpstr), "?%u.policyIdentifier", indx);
-
- ret = _gnutls_x509_read_value(c2, tmpstr, &tmpd);
-
- if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- policy->oid = (void*)tmpd.data;
- tmpd.data = NULL;
-
- for (i=0;i<GNUTLS_MAX_QUALIFIERS;i++)
- {
- gnutls_datum_t td;
-
- snprintf (tmpstr, sizeof (tmpstr), "?%u.policyQualifiers.?%u.policyQualifierId", indx, i+1);
-
- len = sizeof(tmpoid);
- ret = asn1_read_value(c2, tmpstr, tmpoid, &len);
-
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- break; /* finished */
-
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
-
- if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.1") == 0)
- {
- snprintf (tmpstr, sizeof (tmpstr), "?%u.policyQualifiers.?%u.qualifier", indx, i+1);
-
- ret = _gnutls_x509_read_string(c2, tmpstr, &td, ASN1_ETYPE_IA5_STRING);
- if (ret < 0)
- {
- gnutls_assert();
- goto full_cleanup;
- }
-
- policy->qualifier[i].data = (void*)td.data;
- policy->qualifier[i].size = td.size;
- td.data = NULL;
- policy->qualifier[i].type = GNUTLS_X509_QUALIFIER_URI;
- }
- else if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.2") == 0)
- {
- gnutls_datum_t txt;
-
- snprintf (tmpstr, sizeof (tmpstr), "?%u.policyQualifiers.?%u.qualifier", indx, i+1);
-
- ret = _gnutls_x509_read_value(c2, tmpstr, &td);
- if (ret < 0)
- {
- gnutls_assert();
- goto full_cleanup;
- }
-
- ret = decode_user_notice(td.data, td.size, &txt);
- gnutls_free(td.data);
- td.data = NULL;
-
- if (ret < 0)
- {
- gnutls_assert();
- goto full_cleanup;
- }
-
- policy->qualifier[i].data = (void*)txt.data;
- policy->qualifier[i].size = txt.size;
- policy->qualifier[i].type = GNUTLS_X509_QUALIFIER_NOTICE;
- }
- else
- policy->qualifier[i].type = GNUTLS_X509_QUALIFIER_UNKNOWN;
-
- policy->qualifiers++;
-
- }
-
- ret = 0;
- goto cleanup;
-
-full_cleanup:
- gnutls_x509_policy_release(policy);
-
-cleanup:
- _gnutls_free_datum (&tmpd);
- asn1_delete_structure (&c2);
- return ret;
+gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, int indx,
+ struct gnutls_x509_policy_st *policy,
+ unsigned int *critical)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ char tmpstr[128];
+ char tmpoid[MAX_OID_SIZE];
+ gnutls_datum_t tmpd = { NULL, 0 };
+ int ret, len;
+ unsigned i;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memset(policy, 0, sizeof(*policy));
+
+ if ((ret =
+ _gnutls_x509_crt_get_extension(crt, "2.5.29.32", 0, &tmpd,
+ critical)) < 0) {
+ return ret;
+ }
+
+ if (tmpd.size == 0 || tmpd.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ ret = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.certificatePolicies", &c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding(&c2, tmpd.data, tmpd.size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+ _gnutls_free_datum(&tmpd);
+
+ indx++;
+ /* create a string like "?1"
+ */
+ snprintf(tmpstr, sizeof(tmpstr), "?%u.policyIdentifier", indx);
+
+ ret = _gnutls_x509_read_value(c2, tmpstr, &tmpd);
+
+ if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ policy->oid = (void *) tmpd.data;
+ tmpd.data = NULL;
+
+ for (i = 0; i < GNUTLS_MAX_QUALIFIERS; i++) {
+ gnutls_datum_t td;
+
+ snprintf(tmpstr, sizeof(tmpstr),
+ "?%u.policyQualifiers.?%u.policyQualifierId",
+ indx, i + 1);
+
+ len = sizeof(tmpoid);
+ ret = asn1_read_value(c2, tmpstr, tmpoid, &len);
+
+ if (ret == ASN1_ELEMENT_NOT_FOUND)
+ break; /* finished */
+
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.1") == 0) {
+ snprintf(tmpstr, sizeof(tmpstr),
+ "?%u.policyQualifiers.?%u.qualifier",
+ indx, i + 1);
+
+ ret =
+ _gnutls_x509_read_string(c2, tmpstr, &td,
+ ASN1_ETYPE_IA5_STRING);
+ if (ret < 0) {
+ gnutls_assert();
+ goto full_cleanup;
+ }
+
+ policy->qualifier[i].data = (void *) td.data;
+ policy->qualifier[i].size = td.size;
+ td.data = NULL;
+ policy->qualifier[i].type =
+ GNUTLS_X509_QUALIFIER_URI;
+ } else if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.2") == 0) {
+ gnutls_datum_t txt;
+
+ snprintf(tmpstr, sizeof(tmpstr),
+ "?%u.policyQualifiers.?%u.qualifier",
+ indx, i + 1);
+
+ ret = _gnutls_x509_read_value(c2, tmpstr, &td);
+ if (ret < 0) {
+ gnutls_assert();
+ goto full_cleanup;
+ }
+
+ ret = decode_user_notice(td.data, td.size, &txt);
+ gnutls_free(td.data);
+ td.data = NULL;
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto full_cleanup;
+ }
+
+ policy->qualifier[i].data = (void *) txt.data;
+ policy->qualifier[i].size = txt.size;
+ policy->qualifier[i].type =
+ GNUTLS_X509_QUALIFIER_NOTICE;
+ } else
+ policy->qualifier[i].type =
+ GNUTLS_X509_QUALIFIER_UNKNOWN;
+
+ policy->qualifiers++;
+
+ }
+
+ ret = 0;
+ goto cleanup;
+
+ full_cleanup:
+ gnutls_x509_policy_release(policy);
+
+ cleanup:
+ _gnutls_free_datum(&tmpd);
+ asn1_delete_structure(&c2);
+ return ret;
}
@@ -2122,49 +2054,45 @@ cleanup:
* GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
**/
int
-gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
- const char *oid, int indx,
- void *buf, size_t * buf_size,
- unsigned int *critical)
+gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ void *buf, size_t * buf_size,
+ unsigned int *critical)
{
- int result;
- gnutls_datum_t output;
+ int result;
+ gnutls_datum_t output;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if ((result =
- _gnutls_x509_crt_get_extension (cert, oid, indx, &output,
- critical)) < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, oid, indx, &output,
+ critical)) < 0) {
+ gnutls_assert();
+ return result;
+ }
- if (output.size == 0 || output.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (output.size == 0 || output.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (output.size > (unsigned int) *buf_size)
- {
- *buf_size = output.size;
- _gnutls_free_datum (&output);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (output.size > (unsigned int) *buf_size) {
+ *buf_size = output.size;
+ _gnutls_free_datum(&output);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- *buf_size = output.size;
+ *buf_size = output.size;
- if (buf)
- memcpy (buf, output.data, output.size);
+ if (buf)
+ memcpy(buf, output.data, output.size);
- _gnutls_free_datum (&output);
+ _gnutls_free_datum(&output);
- return 0;
+ return 0;
}
@@ -2187,24 +2115,23 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
* will be returned.
**/
int
-gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size)
+gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * oid_size)
{
- int result;
+ int result;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_crt_get_extension_oid (cert, indx, oid, oid_size);
- if (result < 0)
- {
- return result;
- }
+ result =
+ _gnutls_x509_crt_get_extension_oid(cert, indx, oid, oid_size);
+ if (result < 0) {
+ return result;
+ }
- return 0;
+ return 0;
}
@@ -2233,55 +2160,51 @@ gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
* will be returned.
**/
int
-gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * oid_size,
- unsigned int *critical)
-{
- int result;
- char str_critical[10];
- char name[ASN1_MAX_NAME_SIZE];
- int len;
-
- if (!cert)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID",
- indx + 1);
-
- len = *oid_size;
- result = asn1_read_value (cert->cert, name, oid, &len);
- *oid_size = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.critical",
- indx + 1);
- len = sizeof (str_critical);
- result = asn1_read_value (cert->cert, name, str_critical, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- return 0;
+gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * oid_size,
+ unsigned int *critical)
+{
+ int result;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!cert) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsCertificate.extensions.?%u.extnID", indx + 1);
+
+ len = *oid_size;
+ result = asn1_read_value(cert->cert, name, oid, &len);
+ *oid_size = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ snprintf(name, sizeof(name),
+ "tbsCertificate.extensions.?%u.critical", indx + 1);
+ len = sizeof(str_critical);
+ result = asn1_read_value(cert->cert, name, str_critical, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (critical) {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ return 0;
}
@@ -2307,34 +2230,32 @@ gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
* will be returned.
**/
int
-gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
- void *data, size_t * sizeof_data)
+gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, int indx,
+ void *data, size_t * sizeof_data)
{
- int result, len;
- char name[ASN1_MAX_NAME_SIZE];
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
- if (!cert)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (!cert) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnValue",
- indx + 1);
+ snprintf(name, sizeof(name),
+ "tbsCertificate.extensions.?%u.extnValue", indx + 1);
- len = *sizeof_data;
- result = asn1_read_value (cert->cert, name, data, &len);
- *sizeof_data = len;
+ len = *sizeof_data;
+ result = asn1_read_value(cert->cert, name, data, &len);
+ *sizeof_data = len;
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/**
@@ -2350,10 +2271,11 @@ gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
*
**/
int
-gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
- gnutls_datum_t * dn)
+gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert,
+ gnutls_datum_t * dn)
{
- return _gnutls_set_datum (dn, cert->raw_issuer_dn.data, cert->raw_issuer_dn.size);
+ return _gnutls_set_datum(dn, cert->raw_issuer_dn.data,
+ cert->raw_issuer_dn.size);
}
/**
@@ -2368,19 +2290,18 @@ gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
* negative error value. or a negative error code on error.
*
**/
-int
-gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
+int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, gnutls_datum_t * dn)
{
- return _gnutls_set_datum (dn, cert->raw_dn.data, cert->raw_dn.size);
+ return _gnutls_set_datum(dn, cert->raw_dn.data, cert->raw_dn.size);
}
static int
-get_dn (gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn)
+get_dn(gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn)
{
- *dn = asn1_find_node (cert->cert, whom);
- if (!*dn)
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- return 0;
+ *dn = asn1_find_node(cert->cert, whom);
+ if (!*dn)
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ return 0;
}
/**
@@ -2398,9 +2319,9 @@ get_dn (gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn)
* Returns: Returns 0 on success, or an error code.
**/
int
-gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
+gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
{
- return get_dn (cert, "tbsCertificate.subject.rdnSequence", dn);
+ return get_dn(cert, "tbsCertificate.subject.rdnSequence", dn);
}
/**
@@ -2418,9 +2339,9 @@ gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
* Returns: Returns 0 on success, or an error code.
**/
int
-gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
+gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
{
- return get_dn (cert, "tbsCertificate.issuer.rdnSequence", dn);
+ return get_dn(cert, "tbsCertificate.issuer.rdnSequence", dn);
}
/**
@@ -2452,99 +2373,92 @@ gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
* Returns: Returns 0 on success, or an error code.
**/
int
-gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
- int irdn, int iava, gnutls_x509_ava_st * ava)
-{
- ASN1_TYPE rdn, elem;
- ASN1_DATA_NODE vnode;
- long len;
- int lenlen, remlen, ret;
- char rbuf[ASN1_MAX_NAME_SIZE];
- unsigned char cls;
- const unsigned char *ptr;
-
- iava++;
- irdn++; /* 0->1, 1->2 etc */
-
- snprintf (rbuf, sizeof (rbuf), "rdnSequence.?%d.?%d", irdn, iava);
- rdn = asn1_find_node (dn, rbuf);
- if (!rdn)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- snprintf (rbuf, sizeof (rbuf), "?%d.type", iava);
- elem = asn1_find_node (rdn, rbuf);
- if (!elem)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- ret = asn1_read_node_value(elem, &vnode);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- ava->oid.data = (void*)vnode.value;
- ava->oid.size = vnode.value_len;
-
- snprintf (rbuf, sizeof (rbuf), "?%d.value", iava);
- elem = asn1_find_node (rdn, rbuf);
- if (!elem)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- ret = asn1_read_node_value(elem, &vnode);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
- /* The value still has the previous tag's length bytes, plus the
- * current value's tag and length bytes. Decode them.
- */
-
- ptr = vnode.value;
- remlen = vnode.value_len;
- len = asn1_get_length_der (ptr, remlen, &lenlen);
- if (len < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_DER_ERROR;
- }
-
- ptr += lenlen;
- remlen -= lenlen;
- ret = asn1_get_tag_der (ptr, remlen, &cls, &lenlen, &ava->value_tag);
- if (ret)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ptr += lenlen;
- remlen -= lenlen;
-
- {
- signed long tmp;
-
- tmp = asn1_get_length_der (ptr, remlen, &lenlen);
- if (tmp < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_ASN1_DER_ERROR;
- }
- ava->value.size = tmp;
- }
- ava->value.data = (void*)(ptr + lenlen);
-
- return 0;
+gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn,
+ int irdn, int iava, gnutls_x509_ava_st * ava)
+{
+ ASN1_TYPE rdn, elem;
+ ASN1_DATA_NODE vnode;
+ long len;
+ int lenlen, remlen, ret;
+ char rbuf[ASN1_MAX_NAME_SIZE];
+ unsigned char cls;
+ const unsigned char *ptr;
+
+ iava++;
+ irdn++; /* 0->1, 1->2 etc */
+
+ snprintf(rbuf, sizeof(rbuf), "rdnSequence.?%d.?%d", irdn, iava);
+ rdn = asn1_find_node(dn, rbuf);
+ if (!rdn) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ snprintf(rbuf, sizeof(rbuf), "?%d.type", iava);
+ elem = asn1_find_node(rdn, rbuf);
+ if (!elem) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ ret = asn1_read_node_value(elem, &vnode);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ ava->oid.data = (void *) vnode.value;
+ ava->oid.size = vnode.value_len;
+
+ snprintf(rbuf, sizeof(rbuf), "?%d.value", iava);
+ elem = asn1_find_node(rdn, rbuf);
+ if (!elem) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ ret = asn1_read_node_value(elem, &vnode);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+ /* The value still has the previous tag's length bytes, plus the
+ * current value's tag and length bytes. Decode them.
+ */
+
+ ptr = vnode.value;
+ remlen = vnode.value_len;
+ len = asn1_get_length_der(ptr, remlen, &lenlen);
+ if (len < 0) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_DER_ERROR;
+ }
+
+ ptr += lenlen;
+ remlen -= lenlen;
+ ret =
+ asn1_get_tag_der(ptr, remlen, &cls, &lenlen, &ava->value_tag);
+ if (ret) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ptr += lenlen;
+ remlen -= lenlen;
+
+ {
+ signed long tmp;
+
+ tmp = asn1_get_length_der(ptr, remlen, &lenlen);
+ if (tmp < 0) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_DER_ERROR;
+ }
+ ava->value.size = tmp;
+ }
+ ava->value.data = (void *) (ptr + lenlen);
+
+ return 0;
}
/**
@@ -2564,46 +2478,45 @@ gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
* with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
- gnutls_digest_algorithm_t algo,
- void *buf, size_t * buf_size)
+gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert,
+ gnutls_digest_algorithm_t algo,
+ void *buf, size_t * buf_size)
{
- uint8_t *cert_buf;
- int cert_buf_size;
- int result;
- gnutls_datum_t tmp;
+ uint8_t *cert_buf;
+ int cert_buf_size;
+ int result;
+ gnutls_datum_t tmp;
- if (buf_size == 0 || cert == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (buf_size == 0 || cert == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- cert_buf_size = 0;
- asn1_der_coding (cert->cert, "", NULL, &cert_buf_size, NULL);
+ cert_buf_size = 0;
+ asn1_der_coding(cert->cert, "", NULL, &cert_buf_size, NULL);
- cert_buf = gnutls_malloc (cert_buf_size);
- if (cert_buf == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ cert_buf = gnutls_malloc(cert_buf_size);
+ if (cert_buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- result = asn1_der_coding (cert->cert, "", cert_buf, &cert_buf_size, NULL);
+ result =
+ asn1_der_coding(cert->cert, "", cert_buf, &cert_buf_size,
+ NULL);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (cert_buf);
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(cert_buf);
+ return _gnutls_asn2err(result);
+ }
- tmp.data = cert_buf;
- tmp.size = cert_buf_size;
+ tmp.data = cert_buf;
+ tmp.size = cert_buf_size;
- result = gnutls_fingerprint (algo, &tmp, buf, buf_size);
- gnutls_free (cert_buf);
+ result = gnutls_fingerprint(algo, &tmp, buf, buf_size);
+ gnutls_free(cert_buf);
- return result;
+ return result;
}
/**
@@ -2627,18 +2540,17 @@ gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
* returned, and 0 on success.
**/
int
-gnutls_x509_crt_export (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t * output_data_size)
+gnutls_x509_crt_export(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int (cert->cert, format, "CERTIFICATE",
- output_data, output_data_size);
+ return _gnutls_x509_export_int(cert->cert, format, "CERTIFICATE",
+ output_data, output_data_size);
}
/**
@@ -2659,53 +2571,51 @@ gnutls_x509_crt_export (gnutls_x509_crt_t cert,
* Since: 3.1.3
**/
int
-gnutls_x509_crt_export2 (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
+gnutls_x509_crt_export2(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int2 (cert->cert, format, "CERTIFICATE", out);
+ return _gnutls_x509_export_int2(cert->cert, format, "CERTIFICATE",
+ out);
}
int
-_gnutls_get_key_id (gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params,
- unsigned char *output_data,
- size_t * output_data_size)
+_gnutls_get_key_id(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params,
+ unsigned char *output_data, size_t * output_data_size)
{
- int ret = 0;
- gnutls_datum_t der = { NULL, 0 };
- const gnutls_digest_algorithm_t hash = GNUTLS_DIG_SHA1;
- unsigned int digest_len = _gnutls_hash_get_algo_len(mac_to_entry(hash));
+ int ret = 0;
+ gnutls_datum_t der = { NULL, 0 };
+ const gnutls_digest_algorithm_t hash = GNUTLS_DIG_SHA1;
+ unsigned int digest_len =
+ _gnutls_hash_get_algo_len(mac_to_entry(hash));
- if (output_data == NULL || *output_data_size < digest_len)
- {
- gnutls_assert ();
- *output_data_size = digest_len;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (output_data == NULL || *output_data_size < digest_len) {
+ gnutls_assert();
+ *output_data_size = digest_len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- ret = _gnutls_x509_encode_PKI_params(&der, pk, params);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_x509_encode_PKI_params(&der, pk, params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_hash_fast(hash, der.data, der.size, output_data);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- *output_data_size = digest_len;
+ ret = _gnutls_hash_fast(hash, der.data, der.size, output_data);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ *output_data_size = digest_len;
- ret = 0;
+ ret = 0;
-cleanup:
+ cleanup:
- _gnutls_free_datum (&der);
- return ret;
+ _gnutls_free_datum(&der);
+ return ret;
}
/**
@@ -2729,132 +2639,133 @@ cleanup:
* returned, and 0 on success.
**/
int
-gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int pk, ret = 0;
- gnutls_pk_params_st params;
+ int pk, ret = 0;
+ gnutls_pk_params_st params;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ pk = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
+ if (pk < 0) {
+ gnutls_assert();
+ return pk;
+ }
- pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
- if (pk < 0)
- {
- gnutls_assert ();
- return pk;
- }
+ ret = _gnutls_x509_crt_get_mpis(crt, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = _gnutls_x509_crt_get_mpis (crt, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_get_key_id(pk, &params, output_data, output_data_size);
+ ret =
+ _gnutls_get_key_id(pk, &params, output_data, output_data_size);
- gnutls_pk_params_release(&params);
+ gnutls_pk_params_release(&params);
- return ret;
+ return ret;
}
static int
-crl_issuer_matches (gnutls_x509_crl_t crl, gnutls_x509_crt_t cert)
+crl_issuer_matches(gnutls_x509_crl_t crl, gnutls_x509_crt_t cert)
{
- if (_gnutls_x509_compare_raw_dn(&crl->raw_issuer_dn, &cert->raw_issuer_dn) != 0)
- return 1;
- else
- return 0;
+ if (_gnutls_x509_compare_raw_dn
+ (&crl->raw_issuer_dn, &cert->raw_issuer_dn) != 0)
+ return 1;
+ else
+ return 0;
}
/* This is exactly as gnutls_x509_crt_check_revocation() except that
* it calls func.
*/
int
-_gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
- const gnutls_x509_crl_t * crl_list,
- int crl_list_length,
- gnutls_verify_output_function func)
-{
- uint8_t serial[128];
- uint8_t cert_serial[128];
- size_t serial_size, cert_serial_size;
- int ncerts, ret, i, j;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- for (j = 0; j < crl_list_length; j++)
- { /* do for all the crls */
-
- /* Step 1. check if issuer's DN match
- */
- ret = crl_issuer_matches(crl_list[j], cert);
- if (ret == 0)
- {
- /* issuers do not match so don't even
- * bother checking.
- */
- gnutls_assert();
- continue;
- }
-
- /* Step 2. Read the certificate's serial number
- */
- cert_serial_size = sizeof (cert_serial);
- ret = gnutls_x509_crt_get_serial (cert, cert_serial, &cert_serial_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Step 3. cycle through the CRL serials and compare with
- * certificate serial we have.
- */
-
- ncerts = gnutls_x509_crl_get_crt_count (crl_list[j]);
- if (ncerts < 0)
- {
- gnutls_assert ();
- return ncerts;
- }
-
- for (i = 0; i < ncerts; i++)
- {
- serial_size = sizeof (serial);
- ret =
- gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial,
- &serial_size, NULL);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (serial_size == cert_serial_size)
- {
- if (memcmp (serial, cert_serial, serial_size) == 0)
- {
- /* serials match */
- if (func) func(cert, NULL, crl_list[j], GNUTLS_CERT_REVOKED|GNUTLS_CERT_INVALID);
- return 1; /* revoked! */
- }
- }
- }
- if (func) func(cert, NULL, crl_list[j], 0);
-
- }
- return 0; /* not revoked. */
+_gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
+ const gnutls_x509_crl_t * crl_list,
+ int crl_list_length,
+ gnutls_verify_output_function func)
+{
+ uint8_t serial[128];
+ uint8_t cert_serial[128];
+ size_t serial_size, cert_serial_size;
+ int ncerts, ret, i, j;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (j = 0; j < crl_list_length; j++) { /* do for all the crls */
+
+ /* Step 1. check if issuer's DN match
+ */
+ ret = crl_issuer_matches(crl_list[j], cert);
+ if (ret == 0) {
+ /* issuers do not match so don't even
+ * bother checking.
+ */
+ gnutls_assert();
+ continue;
+ }
+
+ /* Step 2. Read the certificate's serial number
+ */
+ cert_serial_size = sizeof(cert_serial);
+ ret =
+ gnutls_x509_crt_get_serial(cert, cert_serial,
+ &cert_serial_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Step 3. cycle through the CRL serials and compare with
+ * certificate serial we have.
+ */
+
+ ncerts = gnutls_x509_crl_get_crt_count(crl_list[j]);
+ if (ncerts < 0) {
+ gnutls_assert();
+ return ncerts;
+ }
+
+ for (i = 0; i < ncerts; i++) {
+ serial_size = sizeof(serial);
+ ret =
+ gnutls_x509_crl_get_crt_serial(crl_list[j], i,
+ serial,
+ &serial_size,
+ NULL);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (serial_size == cert_serial_size) {
+ if (memcmp
+ (serial, cert_serial,
+ serial_size) == 0) {
+ /* serials match */
+ if (func)
+ func(cert, NULL,
+ crl_list[j],
+ GNUTLS_CERT_REVOKED |
+ GNUTLS_CERT_INVALID);
+ return 1; /* revoked! */
+ }
+ }
+ }
+ if (func)
+ func(cert, NULL, crl_list[j], 0);
+
+ }
+ return 0; /* not revoked. */
}
@@ -2871,11 +2782,12 @@ _gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
* negative error code is returned on error.
**/
int
-gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
- const gnutls_x509_crl_t * crl_list,
- int crl_list_length)
+gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
+ const gnutls_x509_crl_t * crl_list,
+ int crl_list_length)
{
- return _gnutls_x509_crt_check_revocation(cert, crl_list, crl_list_length, NULL);
+ return _gnutls_x509_crt_check_revocation(cert, crl_list,
+ crl_list_length, NULL);
}
/**
@@ -2895,36 +2807,33 @@ gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
* Since: 2.8.0
**/
int
-gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
+gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t crt,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
{
- gnutls_pk_params_st issuer_params;
- int ret;
+ gnutls_pk_params_st issuer_params;
+ int ret;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_x509_crt_get_mpis (crt, &issuer_params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_crt_get_mpis(crt, &issuer_params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = _gnutls_x509_verify_algorithm (hash,
- signature,
- gnutls_x509_crt_get_pk_algorithm (crt,
- NULL),
- &issuer_params);
+ ret = _gnutls_x509_verify_algorithm(hash,
+ signature,
+ gnutls_x509_crt_get_pk_algorithm
+ (crt, NULL), &issuer_params);
- /* release allocated mpis */
- gnutls_pk_params_release(&issuer_params);
+ /* release allocated mpis */
+ gnutls_pk_params_release(&issuer_params);
- return ret;
+ return ret;
}
@@ -2947,35 +2856,33 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
* Since: 2.12.0
**/
int
-gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand)
+gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
- gnutls_pk_params_st issuer_params;
- int ret;
+ gnutls_pk_params_st issuer_params;
+ int ret;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_x509_crt_get_mpis (crt, &issuer_params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
+ ret = _gnutls_x509_crt_get_mpis(crt, &issuer_params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret =
- _gnutls_pk_get_hash_algorithm (gnutls_x509_crt_get_pk_algorithm
- (crt, NULL), &issuer_params,
- hash, mand);
+ ret =
+ _gnutls_pk_get_hash_algorithm(gnutls_x509_crt_get_pk_algorithm
+ (crt, NULL), &issuer_params,
+ hash, mand);
- /* release allocated mpis */
- gnutls_pk_params_release(&issuer_params);
+ /* release allocated mpis */
+ gnutls_pk_params_release(&issuer_params);
- return ret;
+ return ret;
}
/**
@@ -2995,26 +2902,26 @@ gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
* is returned, and zero or positive code on success.
**/
int
-gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
+gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
{
- int result;
+ int result;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_verify_data (GNUTLS_DIG_UNKNOWN, data, signature, crt);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ result =
+ _gnutls_x509_verify_data(GNUTLS_DIG_UNKNOWN, data, signature,
+ crt);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return result;
+ return result;
}
/**
@@ -3034,48 +2941,44 @@ gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags,
* is returned, and zero or positive code on success.
**/
int
-gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
-{
- gnutls_pk_params_st params;
- gnutls_digest_algorithm_t algo;
- int ret;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crt_get_verify_algorithm (crt, signature, &algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Read the MPI parameters from the issuer's certificate.
- */
- ret =
- _gnutls_x509_crt_get_mpis (crt, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret =
- pubkey_verify_hashed_data (gnutls_x509_crt_get_pk_algorithm (crt, NULL),
- mac_to_entry(algo),
- hash, signature, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- }
-
- /* release all allocated MPIs
- */
- gnutls_pk_params_release(&params);
-
- return ret;
+gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
+{
+ gnutls_pk_params_st params;
+ gnutls_digest_algorithm_t algo;
+ int ret;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crt_get_verify_algorithm(crt, signature, &algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* Read the MPI parameters from the issuer's certificate.
+ */
+ ret = _gnutls_x509_crt_get_mpis(crt, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ pubkey_verify_hashed_data(gnutls_x509_crt_get_pk_algorithm
+ (crt, NULL), mac_to_entry(algo),
+ hash, signature, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ /* release all allocated MPIs
+ */
+ gnutls_pk_params_release(&params);
+
+ return ret;
}
/**
@@ -3100,106 +3003,104 @@ gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags,
* returned.
**/
int
-gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *reason_flags,
- unsigned int *critical)
-{
- int result;
- gnutls_datum_t dist_points = { NULL, 0 };
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- char name[ASN1_MAX_NAME_SIZE];
- int len;
- gnutls_x509_subject_alt_name_t type;
- uint8_t reasons[2];
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (*ret_size > 0 && ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
-
- if (reason_flags)
- *reason_flags = 0;
-
- result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points,
- critical);
- if (result < 0)
- {
- return result;
- }
-
- if (dist_points.size == 0 || dist_points.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.CRLDistributionPoints", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&dist_points);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, dist_points.data, dist_points.size, NULL);
- _gnutls_free_datum (&dist_points);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- /* Return the different names from the first CRLDistr. point.
- * The whole thing is a mess.
- */
- _gnutls_str_cpy (name, sizeof (name), "?1.distributionPoint.fullName");
-
- result = _gnutls_parse_general_name (c2, name, seq, ret, ret_size, NULL, 0);
- if (result < 0)
- {
- asn1_delete_structure (&c2);
- return result;
- }
-
- type = result;
-
-
- /* Read the CRL reasons.
- */
- if (reason_flags)
- {
- _gnutls_str_cpy (name, sizeof (name), "?1.reasons");
-
- reasons[0] = reasons[1] = 0;
-
- len = sizeof (reasons);
- result = asn1_read_value (c2, name, reasons, &len);
-
- if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- *reason_flags = reasons[0] | (reasons[1] << 8);
- }
-
- asn1_delete_structure (&c2);
-
- return type;
+gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *reason_flags,
+ unsigned int *critical)
+{
+ int result;
+ gnutls_datum_t dist_points = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+ gnutls_x509_subject_alt_name_t type;
+ uint8_t reasons[2];
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*ret_size > 0 && ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if (reason_flags)
+ *reason_flags = 0;
+
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.31", 0,
+ &dist_points, critical);
+ if (result < 0) {
+ return result;
+ }
+
+ if (dist_points.size == 0 || dist_points.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.CRLDistributionPoints", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&dist_points);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&c2, dist_points.data, dist_points.size,
+ NULL);
+ _gnutls_free_datum(&dist_points);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Return the different names from the first CRLDistr. point.
+ * The whole thing is a mess.
+ */
+ _gnutls_str_cpy(name, sizeof(name),
+ "?1.distributionPoint.fullName");
+
+ result =
+ _gnutls_parse_general_name(c2, name, seq, ret, ret_size, NULL,
+ 0);
+ if (result < 0) {
+ asn1_delete_structure(&c2);
+ return result;
+ }
+
+ type = result;
+
+
+ /* Read the CRL reasons.
+ */
+ if (reason_flags) {
+ _gnutls_str_cpy(name, sizeof(name), "?1.reasons");
+
+ reasons[0] = reasons[1] = 0;
+
+ len = sizeof(reasons);
+ result = asn1_read_value(c2, name, reasons, &len);
+
+ if (result != ASN1_VALUE_NOT_FOUND
+ && result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ *reason_flags = reasons[0] | (reasons[1] << 8);
+ }
+
+ asn1_delete_structure(&c2);
+
+ return type;
}
/**
@@ -3224,81 +3125,75 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
* with the required size. On success 0 is returned.
**/
int
-gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * oid_size,
- unsigned int *critical)
-{
- char tmpstr[ASN1_MAX_NAME_SIZE];
- int result, len;
- gnutls_datum_t id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (oid)
- memset (oid, 0, *oid_size);
- else
- *oid_size = 0;
-
- if ((result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id,
- critical)) < 0)
- {
- return result;
- }
-
- if (id.size == 0 || id.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&id);
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&c2, id.data, id.size, NULL);
- _gnutls_free_datum (&id);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- indx++;
- /* create a string like "?1"
- */
- snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
-
- len = *oid_size;
- result = asn1_read_value (c2, tmpstr, oid, &len);
-
- *oid_size = len;
- asn1_delete_structure (&c2);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert,
+ int indx, void *oid, size_t * oid_size,
+ unsigned int *critical)
+{
+ char tmpstr[ASN1_MAX_NAME_SIZE];
+ int result, len;
+ gnutls_datum_t id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (oid)
+ memset(oid, 0, *oid_size);
+ else
+ *oid_size = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &id,
+ critical)) < 0) {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ indx++;
+ /* create a string like "?1"
+ */
+ snprintf(tmpstr, sizeof(tmpstr), "?%u", indx);
+
+ len = *oid_size;
+ result = asn1_read_value(c2, tmpstr, oid, &len);
+
+ *oid_size = len;
+ asn1_delete_structure(&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
@@ -3315,52 +3210,47 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
int
-gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * m, gnutls_datum_t * e)
-{
- int ret;
- gnutls_pk_params_st params;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
- if (ret != GNUTLS_PK_RSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_crt_get_mpis (crt, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint_lz (params.params[0], m);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint_lz (params.params[1], e);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (m);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_release(&params);
- return ret;
+gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt,
+ gnutls_datum_t * m, gnutls_datum_t * e)
+{
+ int ret;
+ gnutls_pk_params_st params;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
+ if (ret != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crt_get_mpis(crt, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint_lz(params.params[0], m);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint_lz(params.params[1], e);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_release(&params);
+ return ret;
}
/**
@@ -3378,79 +3268,72 @@ cleanup:
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
int
-gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
-{
- int ret;
- gnutls_pk_params_st params;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
- if (ret != GNUTLS_PK_DSA)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_crt_get_mpis (crt, &params);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
-
- /* P */
- ret = _gnutls_mpi_dprint_lz (params.params[0], p);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint_lz (params.params[1], q);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- goto cleanup;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint_lz (params.params[2], g);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint_lz (params.params[3], y);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (p);
- _gnutls_free_datum (g);
- _gnutls_free_datum (q);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- gnutls_pk_params_release(&params);
- return ret;
+gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
+{
+ int ret;
+ gnutls_pk_params_st params;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
+ if (ret != GNUTLS_PK_DSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crt_get_mpis(crt, &params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz(params.params[0], p);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz(params.params[1], q);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint_lz(params.params[2], g);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz(params.params[3], y);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ gnutls_pk_params_release(&params);
+ return ret;
}
@@ -3474,89 +3357,93 @@ cleanup:
* Since: 3.0
**/
int
-gnutls_x509_crt_list_import2 (gnutls_x509_crt_t ** certs,
- unsigned int * size,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
-{
-unsigned int init = 1024;
-int ret;
-
- *certs = gnutls_malloc(sizeof(gnutls_x509_crt_t)*init);
- if (*certs == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_list_import(*certs, &init, data, format, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- *certs = gnutls_realloc_fast(*certs, sizeof(gnutls_x509_crt_t)*init);
- if (*certs == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_list_import(*certs, &init, data, format, flags);
- }
-
- if (ret < 0)
- {
- gnutls_free(*certs);
- *certs = NULL;
- return ret;
- }
-
- *size = init;
- return 0;
+gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs,
+ unsigned int *size,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
+{
+ unsigned int init = 1024;
+ int ret;
+
+ *certs = gnutls_malloc(sizeof(gnutls_x509_crt_t) * init);
+ if (*certs == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import(*certs, &init, data, format,
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ *certs =
+ gnutls_realloc_fast(*certs,
+ sizeof(gnutls_x509_crt_t) * init);
+ if (*certs == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import(*certs, &init, data,
+ format, flags);
+ }
+
+ if (ret < 0) {
+ gnutls_free(*certs);
+ *certs = NULL;
+ return ret;
+ }
+
+ *size = init;
+ return 0;
}
static int check_if_sorted(gnutls_x509_crt_t * crt, int nr)
{
-char prev_dn[MAX_DN];
-char dn[MAX_DN];
-size_t prev_dn_size, dn_size;
-int i, ret;
-
- /* check if the X.509 list is ordered */
- if (nr > 1)
- {
-
- for (i=0;i<nr;i++)
- {
- if (i>0)
- {
- dn_size = sizeof(dn);
- ret = gnutls_x509_crt_get_dn(crt[i], dn, &dn_size);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
-
- if (dn_size != prev_dn_size || memcmp(dn, prev_dn, dn_size) != 0)
- {
- ret = gnutls_assert_val(GNUTLS_E_CERTIFICATE_LIST_UNSORTED);
- goto cleanup;
- }
- }
-
- prev_dn_size = sizeof(prev_dn);
- ret = gnutls_x509_crt_get_issuer_dn(crt[i], prev_dn, &prev_dn_size);
- if (ret < 0)
- {
- ret = gnutls_assert_val(ret);
- goto cleanup;
- }
- }
- }
-
- ret = 0;
-
-cleanup:
- return ret;
+ char prev_dn[MAX_DN];
+ char dn[MAX_DN];
+ size_t prev_dn_size, dn_size;
+ int i, ret;
+
+ /* check if the X.509 list is ordered */
+ if (nr > 1) {
+
+ for (i = 0; i < nr; i++) {
+ if (i > 0) {
+ dn_size = sizeof(dn);
+ ret =
+ gnutls_x509_crt_get_dn(crt[i], dn,
+ &dn_size);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ if (dn_size != prev_dn_size
+ || memcmp(dn, prev_dn, dn_size) != 0) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_CERTIFICATE_LIST_UNSORTED);
+ goto cleanup;
+ }
+ }
+
+ prev_dn_size = sizeof(prev_dn);
+ ret =
+ gnutls_x509_crt_get_issuer_dn(crt[i], prev_dn,
+ &prev_dn_size);
+ if (ret < 0) {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+ }
+ }
+
+ ret = 0;
+
+ cleanup:
+ return ret;
}
@@ -3584,135 +3471,129 @@ cleanup:
* Returns: the number of certificates read or a negative error value.
**/
int
-gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
- unsigned int *cert_max,
- const gnutls_datum_t * data,
- gnutls_x509_crt_fmt_t format, unsigned int flags)
-{
- int size;
- const char *ptr;
- gnutls_datum_t tmp;
- int ret, nocopy = 0;
- unsigned int count = 0, j;
-
- if (format == GNUTLS_X509_FMT_DER)
- {
- if (*cert_max < 1)
- {
- *cert_max = 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- count = 1; /* import only the first one */
-
- ret = gnutls_x509_crt_init (&certs[0]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- ret = gnutls_x509_crt_import (certs[0], data, format);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- *cert_max = 1;
- return 1;
- }
-
- /* move to the certificate
- */
- ptr = memmem (data->data, data->size,
- PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr == NULL)
- ptr = memmem (data->data, data->size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
-
- if (ptr == NULL)
- return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
-
- count = 0;
-
- do
- {
- if (count >= *cert_max)
- {
- if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
- break;
- else
- nocopy = 1;
- }
-
- if (!nocopy)
- {
- ret = gnutls_x509_crt_init (&certs[count]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- tmp.data = (void *) ptr;
- tmp.size = data->size - (ptr - (char *) data->data);
-
- ret =
- gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- }
-
- /* now we move ptr after the pem header
- */
- ptr++;
- /* find the next certificate (if any)
- */
- size = data->size - (ptr - (char *) data->data);
-
- if (size > 0)
- {
- char *ptr2;
-
- ptr2 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr2 == NULL)
- ptr2 = memmem (ptr, size, PEM_CERT_SEP2,
- sizeof (PEM_CERT_SEP2) - 1);
-
- ptr = ptr2;
- }
- else
- ptr = NULL;
-
- count++;
- }
- while (ptr != NULL);
-
- *cert_max = count;
-
- if (flags & GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED)
- {
- ret = check_if_sorted(certs, *cert_max);
- if (ret < 0)
- {
- gnutls_assert();
- goto error;
- }
- }
-
- if (nocopy == 0)
- return count;
- else
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
-error:
- for (j = 0; j < count; j++)
- gnutls_x509_crt_deinit (certs[j]);
- return ret;
+gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs,
+ unsigned int *cert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags)
+{
+ int size;
+ const char *ptr;
+ gnutls_datum_t tmp;
+ int ret, nocopy = 0;
+ unsigned int count = 0, j;
+
+ if (format == GNUTLS_X509_FMT_DER) {
+ if (*cert_max < 1) {
+ *cert_max = 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ count = 1; /* import only the first one */
+
+ ret = gnutls_x509_crt_init(&certs[0]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ ret = gnutls_x509_crt_import(certs[0], data, format);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ *cert_max = 1;
+ return 1;
+ }
+
+ /* move to the certificate
+ */
+ ptr = memmem(data->data, data->size,
+ PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1);
+ if (ptr == NULL)
+ ptr = memmem(data->data, data->size,
+ PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1);
+
+ if (ptr == NULL)
+ return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
+
+ count = 0;
+
+ do {
+ if (count >= *cert_max) {
+ if (!
+ (flags &
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
+ break;
+ else
+ nocopy = 1;
+ }
+
+ if (!nocopy) {
+ ret = gnutls_x509_crt_init(&certs[count]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ tmp.data = (void *) ptr;
+ tmp.size =
+ data->size - (ptr - (char *) data->data);
+
+ ret =
+ gnutls_x509_crt_import(certs[count], &tmp,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+ size = data->size - (ptr - (char *) data->data);
+
+ if (size > 0) {
+ char *ptr2;
+
+ ptr2 =
+ memmem(ptr, size, PEM_CERT_SEP,
+ sizeof(PEM_CERT_SEP) - 1);
+ if (ptr2 == NULL)
+ ptr2 = memmem(ptr, size, PEM_CERT_SEP2,
+ sizeof(PEM_CERT_SEP2) - 1);
+
+ ptr = ptr2;
+ } else
+ ptr = NULL;
+
+ count++;
+ }
+ while (ptr != NULL);
+
+ *cert_max = count;
+
+ if (flags & GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED) {
+ ret = check_if_sorted(certs, *cert_max);
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
+ if (nocopy == 0)
+ return count;
+ else
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ error:
+ for (j = 0; j < count; j++)
+ gnutls_x509_crt_deinit(certs[j]);
+ return ret;
}
/**
@@ -3732,31 +3613,29 @@ error:
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
int
-gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * buf_size)
+gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t crt, char *buf,
+ size_t * buf_size)
{
- int result;
- gnutls_datum_t datum = { NULL, 0 };
+ int result;
+ gnutls_datum_t datum = { NULL, 0 };
- result =
- _gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID",
- &datum);
+ result =
+ _gnutls_x509_read_value(crt->cert,
+ "tbsCertificate.subjectUniqueID",
+ &datum);
- if (datum.size > *buf_size)
- { /* then we're not going to fit */
- *buf_size = datum.size;
- buf[0] = '\0';
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- *buf_size = datum.size;
- memcpy (buf, datum.data, datum.size);
- }
+ if (datum.size > *buf_size) { /* then we're not going to fit */
+ *buf_size = datum.size;
+ buf[0] = '\0';
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ *buf_size = datum.size;
+ memcpy(buf, datum.data, datum.size);
+ }
- _gnutls_free_datum (&datum);
+ _gnutls_free_datum(&datum);
- return result;
+ return result;
}
/**
@@ -3778,125 +3657,126 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
* Since: 2.12.0
**/
int
-gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * buf_size)
+gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t crt, char *buf,
+ size_t * buf_size)
{
- int result;
- gnutls_datum_t datum = { NULL, 0 };
+ int result;
+ gnutls_datum_t datum = { NULL, 0 };
- result =
- _gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID",
- &datum);
+ result =
+ _gnutls_x509_read_value(crt->cert,
+ "tbsCertificate.issuerUniqueID",
+ &datum);
- if (datum.size > *buf_size)
- { /* then we're not going to fit */
- *buf_size = datum.size;
- buf[0] = '\0';
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- *buf_size = datum.size;
- memcpy (buf, datum.data, datum.size);
- }
+ if (datum.size > *buf_size) { /* then we're not going to fit */
+ *buf_size = datum.size;
+ buf[0] = '\0';
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ *buf_size = datum.size;
+ memcpy(buf, datum.data, datum.size);
+ }
- _gnutls_free_datum (&datum);
+ _gnutls_free_datum(&datum);
- return result;
+ return result;
}
static int
-_gnutls_parse_aia (ASN1_TYPE src,
- unsigned int seq,
- int what,
- gnutls_datum_t * data)
-{
- int len;
- char nptr[ASN1_MAX_NAME_SIZE];
- int result;
- gnutls_datum_t d;
- const char *oid = NULL;
-
- seq++; /* 0->1, 1->2 etc */
- switch (what)
- {
- case GNUTLS_IA_ACCESSMETHOD_OID:
- snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq);
- break;
-
- case GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE:
- snprintf (nptr, sizeof (nptr), "?%u.accessLocation", seq);
- break;
-
- case GNUTLS_IA_CAISSUERS_URI:
- oid = GNUTLS_OID_AD_CAISSUERS;
- /* fall through */
-
- case GNUTLS_IA_OCSP_URI:
- if (oid == NULL)
- oid = GNUTLS_OID_AD_OCSP;
- {
- char tmpoid[20];
- snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq);
- len = sizeof (tmpoid);
- result = asn1_read_value (src, nptr, tmpoid, &len);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
- if ((unsigned)len != strlen (oid) + 1 || memcmp (tmpoid, oid, len) != 0)
- return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
- }
- /* fall through */
-
- case GNUTLS_IA_URI:
- snprintf (nptr, sizeof (nptr),
- "?%u.accessLocation.uniformResourceIdentifier", seq);
- break;
-
- default:
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- }
-
- len = 0;
- result = asn1_read_value (src, nptr, NULL, &len);
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
-
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- d.size = len;
-
- d.data = gnutls_malloc (d.size);
- if (d.data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- result = asn1_read_value (src, nptr, d.data, &len);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (d.data);
- return _gnutls_asn2err (result);
- }
-
- if (data)
- {
- data->data = d.data;
- data->size = d.size;
- }
- else
- gnutls_free (d.data);
-
- return 0;
+_gnutls_parse_aia(ASN1_TYPE src,
+ unsigned int seq, int what, gnutls_datum_t * data)
+{
+ int len;
+ char nptr[ASN1_MAX_NAME_SIZE];
+ int result;
+ gnutls_datum_t d;
+ const char *oid = NULL;
+
+ seq++; /* 0->1, 1->2 etc */
+ switch (what) {
+ case GNUTLS_IA_ACCESSMETHOD_OID:
+ snprintf(nptr, sizeof(nptr), "?%u.accessMethod", seq);
+ break;
+
+ case GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE:
+ snprintf(nptr, sizeof(nptr), "?%u.accessLocation", seq);
+ break;
+
+ case GNUTLS_IA_CAISSUERS_URI:
+ oid = GNUTLS_OID_AD_CAISSUERS;
+ /* fall through */
+
+ case GNUTLS_IA_OCSP_URI:
+ if (oid == NULL)
+ oid = GNUTLS_OID_AD_OCSP;
+ {
+ char tmpoid[20];
+ snprintf(nptr, sizeof(nptr), "?%u.accessMethod",
+ seq);
+ len = sizeof(tmpoid);
+ result = asn1_read_value(src, nptr, tmpoid, &len);
+
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ if ((unsigned) len != strlen(oid) + 1
+ || memcmp(tmpoid, oid, len) != 0)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNKNOWN_ALGORITHM);
+ }
+ /* fall through */
+
+ case GNUTLS_IA_URI:
+ snprintf(nptr, sizeof(nptr),
+ "?%u.accessLocation.uniformResourceIdentifier",
+ seq);
+ break;
+
+ default:
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ len = 0;
+ result = asn1_read_value(src, nptr, NULL, &len);
+ if (result == ASN1_VALUE_NOT_FOUND
+ || result == ASN1_ELEMENT_NOT_FOUND)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ d.size = len;
+
+ d.data = gnutls_malloc(d.size);
+ if (d.data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ result = asn1_read_value(src, nptr, d.data, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(d.data);
+ return _gnutls_asn2err(result);
+ }
+
+ if (data) {
+ data->data = d.data;
+ data->size = d.size;
+ } else
+ gnutls_free(d.data);
+
+ return 0;
}
/**
@@ -3969,61 +3849,58 @@ _gnutls_parse_aia (ASN1_TYPE src,
* Since: 3.0
**/
int
-gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,
- unsigned int seq,
- int what,
- gnutls_datum_t * data,
- unsigned int *critical)
-{
- int ret;
- gnutls_datum_t aia;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((ret = _gnutls_x509_crt_get_extension (crt, GNUTLS_OID_AIA, 0, &aia,
- critical)) < 0)
- return ret;
-
- if (aia.size == 0 || aia.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (critical && *critical)
- return GNUTLS_E_CONSTRAINT_ERROR;
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.AuthorityInfoAccessSyntax", &c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- _gnutls_free_datum (&aia);
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_der_decoding (&c2, aia.data, aia.size, NULL);
- /* asn1_print_structure (stdout, c2, "", ASN1_PRINT_ALL); */
- _gnutls_free_datum (&aia);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (ret);
- }
-
- ret = _gnutls_parse_aia (c2, seq, what, data);
-
- asn1_delete_structure (&c2);
- if (ret < 0)
- gnutls_assert ();
-
- return ret;
+gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t crt,
+ unsigned int seq,
+ int what,
+ gnutls_datum_t * data,
+ unsigned int *critical)
+{
+ int ret;
+ gnutls_datum_t aia;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((ret =
+ _gnutls_x509_crt_get_extension(crt, GNUTLS_OID_AIA, 0, &aia,
+ critical)) < 0)
+ return ret;
+
+ if (aia.size == 0 || aia.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (critical && *critical)
+ return GNUTLS_E_CONSTRAINT_ERROR;
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.AuthorityInfoAccessSyntax", &c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&aia);
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = asn1_der_decoding(&c2, aia.data, aia.size, NULL);
+ /* asn1_print_structure (stdout, c2, "", ASN1_PRINT_ALL); */
+ _gnutls_free_datum(&aia);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = _gnutls_parse_aia(c2, seq, what, data);
+
+ asn1_delete_structure(&c2);
+ if (ret < 0)
+ gnutls_assert();
+
+ return ret;
}
/**
@@ -4042,9 +3919,10 @@ gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,
* Since: 3.1.0
*
**/
-void gnutls_x509_crt_set_pin_function (gnutls_x509_crt_t crt,
- gnutls_pin_callback_t fn, void *userdata)
+void gnutls_x509_crt_set_pin_function(gnutls_x509_crt_t crt,
+ gnutls_pin_callback_t fn,
+ void *userdata)
{
- crt->pin.cb = fn;
- crt->pin.data = userdata;
+ crt->pin.cb = fn;
+ crt->pin.data = userdata;
}
diff --git a/lib/x509/x509_dn.c b/lib/x509/x509_dn.c
index 384ad87422..0131de04ad 100644
--- a/lib/x509/x509_dn.c
+++ b/lib/x509/x509_dn.c
@@ -31,136 +31,135 @@
#include <x509_b64.h>
#include <c-ctype.h>
-typedef int (*set_dn_func) (void*, const char *oid, unsigned int raw_flag, const void *name, unsigned int name_size);
-
+typedef int (*set_dn_func) (void *, const char *oid, unsigned int raw_flag,
+ const void *name, unsigned int name_size);
+
static
-int dn_attr_crt_set( set_dn_func f, void* crt, const gnutls_datum_t * name,
- const gnutls_datum_t * val)
+int dn_attr_crt_set(set_dn_func f, void *crt, const gnutls_datum_t * name,
+ const gnutls_datum_t * val)
{
- char _oid[MAX_OID_SIZE];
- const char *oid;
- int ret;
-
- if (name->size == 0 || val->size == 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- if (c_isdigit(name->data[0]) != 0)
- {
- if (name->size >= sizeof(_oid))
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- memcpy(_oid, name->data, name->size);
- _oid[name->size] = 0;
-
- oid = _oid;
-
- if (gnutls_x509_dn_oid_known(oid) == 0)
- {
- _gnutls_debug_log("Unknown OID: '%s'\n", oid);
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- }
- }
- else
- {
- oid = _gnutls_ldap_string_to_oid((char*)name->data, name->size);
- }
-
- if (oid == NULL)
- {
- _gnutls_debug_log("Unknown DN attribute: '%.*s'\n", (int)name->size, name->data);
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- }
-
- if (val->data[0] == '#')
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- ret = f(crt, oid, 0, val->data, val->size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
+ char _oid[MAX_OID_SIZE];
+ const char *oid;
+ int ret;
+
+ if (name->size == 0 || val->size == 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ if (c_isdigit(name->data[0]) != 0) {
+ if (name->size >= sizeof(_oid))
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ memcpy(_oid, name->data, name->size);
+ _oid[name->size] = 0;
+
+ oid = _oid;
+
+ if (gnutls_x509_dn_oid_known(oid) == 0) {
+ _gnutls_debug_log("Unknown OID: '%s'\n", oid);
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+ } else {
+ oid =
+ _gnutls_ldap_string_to_oid((char *) name->data,
+ name->size);
+ }
+
+ if (oid == NULL) {
+ _gnutls_debug_log("Unknown DN attribute: '%.*s'\n",
+ (int) name->size, name->data);
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ }
+
+ if (val->data[0] == '#')
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ ret = f(crt, oid, 0, val->data, val->size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
}
-static int read_attr_and_val(const char** ptr,
- gnutls_datum_t * name,
- gnutls_datum_t * val)
+static int read_attr_and_val(const char **ptr,
+ gnutls_datum_t * name, gnutls_datum_t * val)
{
-const unsigned char* p = (void*)*ptr;
-
- /* skip any space */
- while (c_isspace(*p))
- p++;
-
- /* Read the name */
- name->data = (void*)p;
- while (*p != '=' && *p != 0 && !c_isspace(*p))
- p++;
-
- name->size = p - name->data;
-
- /* skip any space */
- while (c_isspace(*p))
- p++;
-
- if (*p != '=')
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- p++;
-
- while (c_isspace(*p))
- p++;
-
- /* Read value */
- val->data = (void*)p;
- while (*p != 0 && !c_isspace(*p) && (*p != ',' || (*p == ',' && *(p-1) == '\\')) && *p != '\n')
- p++;
- val->size = p - (val->data);
-
- if (val->size == 0 || name->size == 0)
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
-
- *ptr = (void*)p;
-
- return 0;
+ const unsigned char *p = (void *) *ptr;
+
+ /* skip any space */
+ while (c_isspace(*p))
+ p++;
+
+ /* Read the name */
+ name->data = (void *) p;
+ while (*p != '=' && *p != 0 && !c_isspace(*p))
+ p++;
+
+ name->size = p - name->data;
+
+ /* skip any space */
+ while (c_isspace(*p))
+ p++;
+
+ if (*p != '=')
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ p++;
+
+ while (c_isspace(*p))
+ p++;
+
+ /* Read value */
+ val->data = (void *) p;
+ while (*p != 0 && !c_isspace(*p)
+ && (*p != ',' || (*p == ',' && *(p - 1) == '\\'))
+ && *p != '\n')
+ p++;
+ val->size = p - (val->data);
+
+ if (val->size == 0 || name->size == 0)
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+
+ *ptr = (void *) p;
+
+ return 0;
}
static int
-crt_set_dn (set_dn_func f, void* crt, const char *dn, const char** err)
+crt_set_dn(set_dn_func f, void *crt, const char *dn, const char **err)
{
-const char *p = dn;
-int ret;
-gnutls_datum_t name, val;
-
- if (crt == NULL || dn == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- /* For each element */
- while (*p != 0 && *p != '\n')
- {
- if (err)
- *err = p;
-
- ret = read_attr_and_val(&p, &name, &val);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* skip spaces and look for comma */
- while (c_isspace(*p))
- p++;
-
- ret = dn_attr_crt_set(f, crt, &name, &val);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (err)
- *err = p;
-
- if (*p != ',' && *p != 0 && *p != '\n')
- return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- if (*p == ',')
- p++;
- }
-
- return 0;
+ const char *p = dn;
+ int ret;
+ gnutls_datum_t name, val;
+
+ if (crt == NULL || dn == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ /* For each element */
+ while (*p != 0 && *p != '\n') {
+ if (err)
+ *err = p;
+
+ ret = read_attr_and_val(&p, &name, &val);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* skip spaces and look for comma */
+ while (c_isspace(*p))
+ p++;
+
+ ret = dn_attr_crt_set(f, crt, &name, &val);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (err)
+ *err = p;
+
+ if (*p != ',' && *p != 0 && *p != '\n')
+ return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
+ if (*p == ',')
+ p++;
+ }
+
+ return 0;
}
@@ -177,9 +176,11 @@ gnutls_datum_t name, val;
* negative error value.
**/
int
-gnutls_x509_crt_set_dn (gnutls_x509_crt_t crt, const char *dn, const char** err)
+gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn,
+ const char **err)
{
- return crt_set_dn( (set_dn_func)gnutls_x509_crt_set_dn_by_oid, crt, dn, err);
+ return crt_set_dn((set_dn_func) gnutls_x509_crt_set_dn_by_oid, crt,
+ dn, err);
}
/**
@@ -195,9 +196,12 @@ gnutls_x509_crt_set_dn (gnutls_x509_crt_t crt, const char *dn, const char** err)
* negative error value.
**/
int
-gnutls_x509_crt_set_issuer_dn (gnutls_x509_crt_t crt, const char *dn, const char** err)
+gnutls_x509_crt_set_issuer_dn(gnutls_x509_crt_t crt, const char *dn,
+ const char **err)
{
- return crt_set_dn( (set_dn_func)gnutls_x509_crt_set_issuer_dn_by_oid, crt, dn, err);
+ return crt_set_dn((set_dn_func)
+ gnutls_x509_crt_set_issuer_dn_by_oid, crt, dn,
+ err);
}
/**
@@ -213,7 +217,9 @@ gnutls_x509_crt_set_issuer_dn (gnutls_x509_crt_t crt, const char *dn, const char
* negative error value.
**/
int
-gnutls_x509_crq_set_dn (gnutls_x509_crq_t crq, const char *dn, const char** err)
+gnutls_x509_crq_set_dn(gnutls_x509_crq_t crq, const char *dn,
+ const char **err)
{
- return crt_set_dn( (set_dn_func)gnutls_x509_crq_set_dn_by_oid, crq, dn, err);
+ return crt_set_dn((set_dn_func) gnutls_x509_crq_set_dn_by_oid, crq,
+ dn, err);
}
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 10cf0c5c57..8fa86e705c 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -40,65 +40,60 @@
#define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
#define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
-typedef struct gnutls_x509_crl_int
-{
- ASN1_TYPE crl;
- int use_extensions;
- gnutls_datum_t raw_issuer_dn;
+typedef struct gnutls_x509_crl_int {
+ ASN1_TYPE crl;
+ int use_extensions;
+ gnutls_datum_t raw_issuer_dn;
} gnutls_x509_crl_int;
-typedef struct gnutls_x509_crt_int
-{
- ASN1_TYPE cert;
- int use_extensions;
- int expanded; /* a certificate has been expanded */
-
- /* These two cached values allow fast calls to
- * get_raw_*_dn(). */
- gnutls_datum_t raw_dn;
- gnutls_datum_t raw_issuer_dn;
-
- struct pin_info_st pin;
+typedef struct gnutls_x509_crt_int {
+ ASN1_TYPE cert;
+ int use_extensions;
+ int expanded; /* a certificate has been expanded */
+
+ /* These two cached values allow fast calls to
+ * get_raw_*_dn(). */
+ gnutls_datum_t raw_dn;
+ gnutls_datum_t raw_issuer_dn;
+
+ struct pin_info_st pin;
} gnutls_x509_crt_int;
-typedef struct gnutls_x509_crq_int
-{
- ASN1_TYPE crq;
+typedef struct gnutls_x509_crq_int {
+ ASN1_TYPE crq;
} gnutls_x509_crq_int;
-typedef struct gnutls_pkcs7_int
-{
- ASN1_TYPE pkcs7;
+typedef struct gnutls_pkcs7_int {
+ ASN1_TYPE pkcs7;
} gnutls_pkcs7_int;
-typedef struct gnutls_x509_privkey_int
-{
- /* the size of params depends on the public
- * key algorithm
- */
- gnutls_pk_params_st params;
+typedef struct gnutls_x509_privkey_int {
+ /* the size of params depends on the public
+ * key algorithm
+ */
+ gnutls_pk_params_st params;
- gnutls_pk_algorithm_t pk_algorithm;
+ gnutls_pk_algorithm_t pk_algorithm;
- ASN1_TYPE key;
+ ASN1_TYPE key;
} gnutls_x509_privkey_int;
-int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
+int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
-int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
- const gnutls_datum_t * dn2);
+int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
+ const gnutls_datum_t * dn2);
-int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
-int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
- gnutls_datum_t * dn);
+int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
+int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn);
/* sign.c */
-int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
- gnutls_datum_t * tbs);
-int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
- gnutls_digest_algorithm_t,
- gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key);
+int _gnutls_x509_get_tbs(ASN1_TYPE cert, const char *tbs_name,
+ gnutls_datum_t * tbs);
+int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
+ gnutls_digest_algorithm_t,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key);
/* dn.c */
#define OID_X520_COUNTRY_NAME "2.5.4.6"
@@ -111,198 +106,201 @@ int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
#define OID_LDAP_UID "0.9.2342.19200300.100.1.1"
#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
-int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, char *buf,
- size_t * sizeof_buf);
+int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, char *buf,
+ size_t * sizeof_buf);
int
-_gnutls_x509_get_dn (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, gnutls_datum_t * dn);
+_gnutls_x509_get_dn(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, gnutls_datum_t * dn);
int
-_gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- const char *given_oid, int indx,
- unsigned int raw_flag,
- gnutls_datum_t* out);
+_gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ const char *given_oid, int indx,
+ unsigned int raw_flag, gnutls_datum_t * out);
-int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name, const char *oid,
- int raw_flag, const char *name, int sizeof_name);
+int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, const char *oid,
+ int raw_flag, const char *name,
+ int sizeof_name);
-int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- int indx, void *_oid, size_t * sizeof_oid);
+int _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ int indx, void *_oid, size_t * sizeof_oid);
-int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
- int seq, void *name, size_t * name_size,
- unsigned int *ret_type, int othername_oid);
+int _gnutls_parse_general_name(ASN1_TYPE src, const char *src_name,
+ int seq, void *name, size_t * name_size,
+ unsigned int *ret_type, int othername_oid);
/* dsa.c */
/* verify.c */
-int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer);
+int gnutls_x509_crt_is_issuer(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer);
int
-_gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm_t pk,
- gnutls_pk_params_st * issuer_params);
+_gnutls_x509_verify_algorithm(gnutls_digest_algorithm_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk,
+ gnutls_pk_params_st * issuer_params);
-int _gnutls_x509_verify_data (const mac_entry_st* me,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_x509_crt_t issuer);
+int _gnutls_x509_verify_data(const mac_entry_st * me,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ gnutls_x509_crt_t issuer);
/* privkey.h */
-ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
- raw_key,
- gnutls_x509_privkey_t pkey);
-ASN1_TYPE _gnutls_privkey_decode_ecc_key (const gnutls_datum_t *
- raw_key,
- gnutls_x509_privkey_t pkey);
+ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t *
+ raw_key,
+ gnutls_x509_privkey_t pkey);
+ASN1_TYPE _gnutls_privkey_decode_ecc_key(const gnutls_datum_t *
+ raw_key,
+ gnutls_x509_privkey_t pkey);
int
-_gnutls_x509_read_ecc_params (uint8_t * der, int dersize, gnutls_pk_params_st * params);
+_gnutls_x509_read_ecc_params(uint8_t * der, int dersize,
+ gnutls_pk_params_st * params);
-int _gnutls_asn1_encode_privkey (gnutls_pk_algorithm_t pk, ASN1_TYPE * c2, gnutls_pk_params_st * params);
+int _gnutls_asn1_encode_privkey(gnutls_pk_algorithm_t pk, ASN1_TYPE * c2,
+ gnutls_pk_params_st * params);
/* extensions.c */
-int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
- const char *extension_id, int indx,
- gnutls_datum_t * ret,
- unsigned int *_critical);
-
-int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
- int indx, void *oid,
- size_t * sizeof_oid);
-
-int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical);
-
-int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
- const char *extension_id, int indx,
- gnutls_datum_t * ret,
- unsigned int *critical);
-int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
- int indx, void *ret,
- size_t * ret_size);
-int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
- uint8_t * extnValue, int extnValueLen);
-int _gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
- int *pathLenConstraint,
- uint8_t * extnValue,
- int extnValueLen);
-int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
- const char *extension_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical);
+int _gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *_critical);
+
+int _gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl,
+ int indx, void *oid,
+ size_t * sizeof_oid);
+
+int _gnutls_x509_crl_set_extension(gnutls_x509_crl_t crl,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
+
+int _gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *critical);
+int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
+ int indx, void *ret,
+ size_t * ret_size);
+int _gnutls_x509_ext_extract_keyUsage(uint16_t * keyUsage,
+ uint8_t * extnValue,
+ int extnValueLen);
+int _gnutls_x509_ext_extract_basicConstraints(unsigned int *CA,
+ int *pathLenConstraint,
+ uint8_t * extnValue,
+ int extnValueLen);
+int _gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert,
+ const char *extension_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
int
-_gnutls_x509_ext_extract_number (uint8_t * number,
- size_t * nr_size,
- uint8_t * extnValue, int extnValueLen);
+_gnutls_x509_ext_extract_number(uint8_t * number,
+ size_t * nr_size,
+ uint8_t * extnValue, int extnValueLen);
int
-_gnutls_x509_ext_gen_number (const uint8_t * nuber, size_t nr_size,
- gnutls_datum_t * der_ext);
-
-
-int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
- gnutls_datum_t * der_ext);
-int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
-int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
- type, const void *data,
- unsigned int data_size,
- gnutls_datum_t * prev_der_ext,
- gnutls_datum_t * der_ext);
-int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type,
- const void *data,
- unsigned int data_size,
- unsigned int reason_flags,
- gnutls_datum_t * der_ext);
-int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_data);
-int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
- gnutls_datum_t * der_data);
-int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
- char **policyLanguage,
- char **policy,
- size_t * sizeof_policy,
- uint8_t * extnValue,
- int extnValueLen);
-int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
- const char *policyLanguage,
- const char *policy,
- size_t sizeof_policy,
- gnutls_datum_t * der_ext);
+_gnutls_x509_ext_gen_number(const uint8_t * nuber, size_t nr_size,
+ gnutls_datum_t * der_ext);
+
+
+int _gnutls_x509_ext_gen_basicConstraints(int CA, int pathLenConstraint,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_keyUsage(uint16_t usage,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ gnutls_datum_t * prev_der_ext,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_key_id(const void *id, size_t id_size,
+ gnutls_datum_t * der_data);
+int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size,
+ gnutls_datum_t * der_data);
+int _gnutls_x509_ext_extract_proxyCertInfo(int *pathLenConstraint,
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy,
+ uint8_t * extnValue,
+ int extnValueLen);
+int _gnutls_x509_ext_gen_proxyCertInfo(int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy,
+ gnutls_datum_t * der_ext);
/* mpi.c */
-int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
- gnutls_pk_params_st*);
+int _gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert,
+ gnutls_pk_params_st *);
-int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
- gnutls_pk_params_st * params);
+int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert,
+ gnutls_pk_params_st * params);
-int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t, uint8_t * der, int dersize,
- gnutls_pk_params_st * params);
+int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t, uint8_t * der,
+ int dersize,
+ gnutls_pk_params_st * params);
-int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t, uint8_t * der, int dersize,
- gnutls_pk_params_st * params);
+int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t, uint8_t * der,
+ int dersize, gnutls_pk_params_st * params);
-int _gnutls_x509_write_ecc_params (gnutls_pk_params_st * params,
- gnutls_datum_t * der);
-int _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * params,
- gnutls_datum_t * der);
+int _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
+int _gnutls_x509_write_ecc_pubkey(gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
int
-_gnutls_x509_write_pubkey_params (gnutls_pk_algorithm_t algo,
- gnutls_pk_params_st* params,
- gnutls_datum_t * der);
-int _gnutls_x509_write_pubkey (gnutls_pk_algorithm_t, gnutls_pk_params_st * params,
- gnutls_datum_t * der);
+_gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo,
+ gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
+int _gnutls_x509_write_pubkey(gnutls_pk_algorithm_t,
+ gnutls_pk_params_st * params,
+ gnutls_datum_t * der);
-int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
- unsigned int *ret);
+int _gnutls_x509_read_uint(ASN1_TYPE node, const char *value,
+ unsigned int *ret);
-int _gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out);
+int _gnutls_x509_read_der_int(uint8_t * der, int dersize, bigint_t * out);
-int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
- bigint_t * ret_mpi);
-int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
- int lz);
-int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
- uint32_t num);
+int _gnutls_x509_read_int(ASN1_TYPE node, const char *value,
+ bigint_t * ret_mpi);
+int _gnutls_x509_write_int(ASN1_TYPE node, const char *value, bigint_t mpi,
+ int lz);
+int _gnutls_x509_write_uint32(ASN1_TYPE node, const char *value,
+ uint32_t num);
-int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
- gnutls_pk_algorithm_t pk_algorithm,
- gnutls_digest_algorithm_t);
+int _gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name,
+ gnutls_pk_algorithm_t pk_algorithm,
+ gnutls_digest_algorithm_t);
/* pkcs12.h */
#include <gnutls/pkcs12.h>
-typedef struct gnutls_pkcs12_int
-{
- ASN1_TYPE pkcs12;
+typedef struct gnutls_pkcs12_int {
+ ASN1_TYPE pkcs12;
} gnutls_pkcs12_int;
#define MAX_BAG_ELEMENTS 32
-struct bag_element
-{
- gnutls_datum_t data;
- gnutls_pkcs12_bag_type_t type;
- gnutls_datum_t local_key_id;
- char *friendly_name;
+struct bag_element {
+ gnutls_datum_t data;
+ gnutls_pkcs12_bag_type_t type;
+ gnutls_datum_t local_key_id;
+ char *friendly_name;
};
-typedef struct gnutls_pkcs12_bag_int
-{
- struct bag_element element[MAX_BAG_ELEMENTS];
- int bag_elements;
+typedef struct gnutls_pkcs12_bag_int {
+ struct bag_element element[MAX_BAG_ELEMENTS];
+ int bag_elements;
} gnutls_pkcs12_bag_int;
#define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1"
@@ -322,63 +320,63 @@ typedef struct gnutls_pkcs12_bag_int
#define KEY_ID_OID "1.2.840.113549.1.9.21"
int
-_gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt,
- unsigned int salt_size, unsigned int iter,
- const char *pw, unsigned int req_keylen,
- uint8_t * keybuf);
-
-int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * dec);
-
-typedef enum schema_id
-{
- PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
- PBES2_3DES, /* the stuff in PKCS #5 */
- PBES2_AES_128,
- PBES2_AES_192,
- PBES2_AES_256,
- PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
- PKCS12_ARCFOUR_SHA1,
- PKCS12_RC2_40_SHA1
+_gnutls_pkcs12_string_to_key(unsigned int id, const uint8_t * salt,
+ unsigned int salt_size, unsigned int iter,
+ const char *pw, unsigned int req_keylen,
+ uint8_t * keybuf);
+
+int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * dec);
+
+typedef enum schema_id {
+ PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
+ PBES2_3DES, /* the stuff in PKCS #5 */
+ PBES2_AES_128,
+ PBES2_AES_192,
+ PBES2_AES_256,
+ PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
+ PKCS12_ARCFOUR_SHA1,
+ PKCS12_RC2_40_SHA1
} schema_id;
-int _gnutls_pkcs_flags_to_schema (unsigned int flags);
-int _gnutls_pkcs7_encrypt_data (schema_id schema,
- const gnutls_datum_t * data,
- const char *password, gnutls_datum_t * enc);
-int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
- gnutls_pkcs12_bag_t bag);
+int _gnutls_pkcs_flags_to_schema(unsigned int flags);
+int _gnutls_pkcs7_encrypt_data(schema_id schema,
+ const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * enc);
+int _pkcs12_decode_safe_contents(const gnutls_datum_t * content,
+ gnutls_pkcs12_bag_t bag);
int
-_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
- int *enc);
+_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
+ int *enc);
-int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * in, gnutls_datum_t * out);
-int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
- const gnutls_datum_t * raw, gnutls_datum_t * out);
+int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * in,
+ gnutls_datum_t * out);
+int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * raw,
+ gnutls_datum_t * out);
/* crq */
-int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical);
+int _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
unsigned int
-_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
- int clist_size,
- const gnutls_x509_crt_t * trusted_cas,
- int tcas_size,
- unsigned int flags,
- gnutls_verify_output_function func);
+_gnutls_x509_verify_certificate(const gnutls_x509_crt_t * certificate_list,
+ int clist_size,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size,
+ unsigned int flags,
+ gnutls_verify_output_function func);
-int
-_gnutls_is_same_dn (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
+int _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
int
-_gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
- const gnutls_x509_crl_t * crl_list,
- int crl_list_length,
- gnutls_verify_output_function func);
+_gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
+ const gnutls_x509_crl_t * crl_list,
+ int crl_list_length,
+ gnutls_verify_output_function func);
#endif
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index c5e854e71c..71f5a5d0d4 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -34,7 +34,7 @@
#include "x509_int.h"
#include <libtasn1.h>
-static void disable_optional_stuff (gnutls_x509_crt_t cert);
+static void disable_optional_stuff(gnutls_x509_crt_t cert);
/**
* gnutls_x509_crt_set_dn_by_oid:
@@ -58,17 +58,16 @@ static void disable_optional_stuff (gnutls_x509_crt_t cert);
* negative error value.
**/
int
-gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid,
- unsigned int raw_flag, const void *name,
- unsigned int sizeof_name)
+gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, const char *oid,
+ unsigned int raw_flag, const void *name,
+ unsigned int sizeof_name)
{
- if (sizeof_name == 0 || name == NULL || crt == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (sizeof_name == 0 || name == NULL || crt == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject",
- oid, raw_flag, name, sizeof_name);
+ return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.subject",
+ oid, raw_flag, name, sizeof_name);
}
/**
@@ -97,19 +96,18 @@ gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid,
* negative error value.
**/
int
-gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
- const char *oid,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name)
+gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name)
{
- if (sizeof_name == 0 || name == NULL || crt == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (sizeof_name == 0 || name == NULL || crt == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.issuer", oid,
- raw_flag, name, sizeof_name);
+ return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.issuer",
+ oid, raw_flag, name, sizeof_name);
}
/**
@@ -130,33 +128,33 @@ gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
* negative error value.
**/
int
-gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt,
- unsigned int raw_flag, const void *name,
- unsigned int sizeof_name)
+gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t eecrt,
+ unsigned int raw_flag, const void *name,
+ unsigned int sizeof_name)
{
- int result;
-
- if (crt == NULL || eecrt == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = asn1_copy_node (crt->cert, "tbsCertificate.subject",
- eecrt->cert, "tbsCertificate.subject");
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- if (name && sizeof_name)
- {
- return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject",
- GNUTLS_OID_X520_COMMON_NAME,
- raw_flag, name, sizeof_name);
- }
-
- return 0;
+ int result;
+
+ if (crt == NULL || eecrt == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = asn1_copy_node(crt->cert, "tbsCertificate.subject",
+ eecrt->cert, "tbsCertificate.subject");
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (name && sizeof_name) {
+ return _gnutls_x509_set_dn_oid(crt->cert,
+ "tbsCertificate.subject",
+ GNUTLS_OID_X520_COMMON_NAME,
+ raw_flag, name,
+ sizeof_name);
+ }
+
+ return 0;
}
/**
@@ -177,28 +175,28 @@ gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt,
* negative error value.
**/
int
-gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, unsigned int version)
+gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, unsigned int version)
{
- int result;
- unsigned char null = version;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (null > 0)
- null--;
-
- result = asn1_write_value (crt->cert, "tbsCertificate.version", &null, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+ unsigned char null = version;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (null > 0)
+ null--;
+
+ result =
+ asn1_write_value(crt->cert, "tbsCertificate.version", &null,
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -215,28 +213,26 @@ gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, unsigned int version)
*
**/
int
-gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, gnutls_x509_privkey_t key)
+gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, gnutls_x509_privkey_t key)
{
- int result;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- key->pk_algorithm,
- &key->params);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ key->pk_algorithm,
+ &key->params);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -251,39 +247,37 @@ gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, gnutls_x509_privkey_t key)
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq)
+int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq)
{
- int result;
-
- if (crt == NULL || crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_x509_crq_verify(crq, 0);
- if (result < 0)
- return gnutls_assert_val(result);
-
- result = asn1_copy_node (crt->cert, "tbsCertificate.subject",
- crq->crq, "certificationRequestInfo.subject");
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result =
- asn1_copy_node (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- crq->crq, "certificationRequestInfo.subjectPKInfo");
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- return 0;
+ int result;
+
+ if (crt == NULL || crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_x509_crq_verify(crq, 0);
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ result = asn1_copy_node(crt->cert, "tbsCertificate.subject",
+ crq->crq,
+ "certificationRequestInfo.subject");
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_copy_node(crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo", crq->crq,
+ "certificationRequestInfo.subjectPKInfo");
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/**
@@ -300,80 +294,78 @@ gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq)
* Since: 2.8.0
**/
int
-gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
- gnutls_x509_crq_t crq)
+gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
+ gnutls_x509_crq_t crq)
{
- size_t i;
-
- if (crt == NULL || crq == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- for (i = 0;; i++)
- {
- int result;
- char oid[MAX_OID_SIZE];
- size_t oid_size;
- uint8_t *extensions;
- size_t extensions_size;
- unsigned int critical;
- gnutls_datum_t ext;
-
- oid_size = sizeof (oid);
- result = gnutls_x509_crq_get_extension_info (crq, i, oid,
- &oid_size, &critical);
- if (result < 0)
- {
- if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- break;
-
- gnutls_assert ();
- return result;
- }
-
- extensions_size = 0;
- result = gnutls_x509_crq_get_extension_data (crq, i, NULL,
- &extensions_size);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- extensions = gnutls_malloc (extensions_size);
- if (extensions == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = gnutls_x509_crq_get_extension_data (crq, i, extensions,
- &extensions_size);
- if (result < 0)
- {
- gnutls_assert ();
- gnutls_free (extensions);
- return result;
- }
-
- ext.data = extensions;
- ext.size = extensions_size;
-
- result = _gnutls_x509_crt_set_extension (crt, oid, &ext, critical);
- gnutls_free (extensions);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- if (i > 0)
- crt->use_extensions = 1;
-
- return 0;
+ size_t i;
+
+ if (crt == NULL || crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (i = 0;; i++) {
+ int result;
+ char oid[MAX_OID_SIZE];
+ size_t oid_size;
+ uint8_t *extensions;
+ size_t extensions_size;
+ unsigned int critical;
+ gnutls_datum_t ext;
+
+ oid_size = sizeof(oid);
+ result = gnutls_x509_crq_get_extension_info(crq, i, oid,
+ &oid_size,
+ &critical);
+ if (result < 0) {
+ if (result ==
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+
+ gnutls_assert();
+ return result;
+ }
+
+ extensions_size = 0;
+ result = gnutls_x509_crq_get_extension_data(crq, i, NULL,
+ &extensions_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ extensions = gnutls_malloc(extensions_size);
+ if (extensions == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ gnutls_x509_crq_get_extension_data(crq, i, extensions,
+ &extensions_size);
+ if (result < 0) {
+ gnutls_assert();
+ gnutls_free(extensions);
+ return result;
+ }
+
+ ext.data = extensions;
+ ext.size = extensions_size;
+
+ result =
+ _gnutls_x509_crt_set_extension(crt, oid, &ext,
+ critical);
+ gnutls_free(extensions);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ if (i > 0)
+ crt->use_extensions = 1;
+
+ return 0;
}
/**
@@ -392,33 +384,32 @@ gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
* negative error value.
**/
int
-gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
- const char *oid, const void *buf,
- size_t sizeof_buf,
- unsigned int critical)
+gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt,
+ const char *oid, const void *buf,
+ size_t sizeof_buf,
+ unsigned int critical)
{
- int result;
- gnutls_datum_t der_data;
+ int result;
+ gnutls_datum_t der_data;
- der_data.data = (void *) buf;
- der_data.size = sizeof_buf;
+ der_data.data = (void *) buf;
+ der_data.size = sizeof_buf;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_crt_set_extension (crt, oid, &der_data, critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ result =
+ _gnutls_x509_crt_set_extension(crt, oid, &der_data, critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- crt->use_extensions = 1;
+ crt->use_extensions = 1;
- return 0;
+ return 0;
}
@@ -436,41 +427,41 @@ gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
* negative error value.
**/
int
-gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
- unsigned int ca, int pathLenConstraint)
+gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt,
+ unsigned int ca,
+ int pathLenConstraint)
{
- int result;
- gnutls_datum_t der_data;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_basicConstraints (ca, pathLenConstraint,
- &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.19", &der_data, 1);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crt->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_basicConstraints(ca, pathLenConstraint,
+ &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.19", &der_data, 1);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
}
/**
@@ -485,10 +476,9 @@ gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
-int
-gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca)
+int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, unsigned int ca)
{
- return gnutls_x509_crt_set_basic_constraints (crt, ca, -1);
+ return gnutls_x509_crt_set_basic_constraints(crt, ca, -1);
}
/**
@@ -502,39 +492,38 @@ gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca)
* negative error value.
**/
int
-gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage)
+gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, unsigned int usage)
{
- int result;
- gnutls_datum_t der_data;
+ int result;
+ gnutls_datum_t der_data;
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_keyUsage ((uint16_t) usage, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_keyUsage((uint16_t) usage, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.15", &der_data, 1);
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.15", &der_data, 1);
- _gnutls_free_datum (&der_data);
+ _gnutls_free_datum(&der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- crt->use_extensions = 1;
+ crt->use_extensions = 1;
- return 0;
+ return 0;
}
/**
@@ -554,27 +543,25 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage)
* negative error value.
**/
int
-gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t
- type, const char *data_string)
+gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type, const char *data_string)
{
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* only handle text extensions */
- if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
- type != GNUTLS_SAN_URI)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return gnutls_x509_crt_set_subject_alt_name (crt, type, data_string,
- strlen (data_string),
- GNUTLS_FSAN_SET);
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* only handle text extensions */
+ if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
+ type != GNUTLS_SAN_URI) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return gnutls_x509_crt_set_subject_alt_name(crt, type, data_string,
+ strlen(data_string),
+ GNUTLS_FSAN_SET);
}
/**
@@ -604,69 +591,70 @@ gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
* Since: 2.6.0
**/
int
-gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t type,
- const void *data,
- unsigned int data_size,
- unsigned int flags)
+gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data,
+ unsigned int data_size,
+ unsigned int flags)
{
- int result;
- gnutls_datum_t der_data = { NULL, 0 };
- gnutls_datum_t prev_der_data = { NULL, 0 };
- unsigned int critical = 0;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
-
- if (flags == GNUTLS_FSAN_APPEND)
- {
- result = _gnutls_x509_crt_get_extension (crt, "2.5.29.17", 0,
- &prev_der_data, &critical);
- if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return result;
- }
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_subject_alt_name (type, data, data_size,
- &prev_der_data, &der_data);
-
- if (flags == GNUTLS_FSAN_APPEND)
- _gnutls_free_datum (&prev_der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- goto finish;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.17", &der_data,
- critical);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crt->use_extensions = 1;
-
- return 0;
-
-finish:
- _gnutls_free_datum (&prev_der_data);
- return result;
+ int result;
+ gnutls_datum_t der_data = { NULL, 0 };
+ gnutls_datum_t prev_der_data = { NULL, 0 };
+ unsigned int critical = 0;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+
+ if (flags == GNUTLS_FSAN_APPEND) {
+ result =
+ _gnutls_x509_crt_get_extension(crt, "2.5.29.17", 0,
+ &prev_der_data,
+ &critical);
+ if (result < 0
+ && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_subject_alt_name(type, data, data_size,
+ &prev_der_data,
+ &der_data);
+
+ if (flags == GNUTLS_FSAN_APPEND)
+ _gnutls_free_datum(&prev_der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto finish;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.17", &der_data,
+ critical);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
+
+ finish:
+ _gnutls_free_datum(&prev_der_data);
+ return result;
}
/**
@@ -685,46 +673,43 @@ finish:
* negative error value.
**/
int
-gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
- int pathLenConstraint,
- const char *policyLanguage,
- const char *policy, size_t sizeof_policy)
+gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt,
+ int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy, size_t sizeof_policy)
{
- int result;
- gnutls_datum_t der_data;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_proxyCertInfo (pathLenConstraint,
- policyLanguage,
- policy, sizeof_policy,
- &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "1.3.6.1.5.5.7.1.14",
- &der_data, 1);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crt->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_proxyCertInfo(pathLenConstraint,
+ policyLanguage,
+ policy, sizeof_policy,
+ &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = _gnutls_x509_crt_set_extension(crt, "1.3.6.1.5.5.7.1.14",
+ &der_data, 1);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
}
/**
@@ -739,64 +724,56 @@ gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
* negative error value.
**/
int
-gnutls_x509_crt_set_private_key_usage_period (gnutls_x509_crt_t crt,
- time_t activation,
- time_t expiration)
+gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt,
+ time_t activation,
+ time_t expiration)
{
- int result;
- gnutls_datum_t der_data;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.PrivateKeyUsagePeriod", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_set_time (c2,
- "notBefore",
- activation, 1);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_set_time (c2,
- "notAfter",
- expiration, 1);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.16",
- &der_data, 0);
-
- _gnutls_free_datum(&der_data);
-
- crt->use_extensions = 1;
-
-cleanup:
- asn1_delete_structure (&c2);
-
- return result;
+ int result;
+ gnutls_datum_t der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.PrivateKeyUsagePeriod", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_set_time(c2, "notBefore", activation, 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_set_time(c2, "notAfter", expiration, 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_crt_set_extension(crt, "2.5.29.16",
+ &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ crt->use_extensions = 1;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+
+ return result;
}
/**
@@ -817,46 +794,43 @@ cleanup:
* negative error value.
**/
int
-gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig, unsigned int flags)
+gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
{
- int result;
- gnutls_privkey_t privkey;
-
- if (crt == NULL || issuer == NULL || issuer_key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = gnutls_privkey_init (&privkey);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = gnutls_privkey_import_x509 (privkey, issuer_key, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = gnutls_x509_crt_privkey_sign (crt, issuer, privkey, dig, flags);
- if (result < 0)
- {
- gnutls_assert ();
- goto fail;
- }
-
- result = 0;
-
-fail:
- gnutls_privkey_deinit (privkey);
-
- return result;
+ int result;
+ gnutls_privkey_t privkey;
+
+ if (crt == NULL || issuer == NULL || issuer_key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_privkey_init(&privkey);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result = gnutls_privkey_import_x509(privkey, issuer_key, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result =
+ gnutls_x509_crt_privkey_sign(crt, issuer, privkey, dig, flags);
+ if (result < 0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ result = 0;
+
+ fail:
+ gnutls_privkey_deinit(privkey);
+
+ return result;
}
/**
@@ -872,10 +846,11 @@ fail:
* negative error value.
**/
int
-gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_x509_privkey_t issuer_key)
+gnutls_x509_crt_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key)
{
- return gnutls_x509_crt_sign2 (crt, issuer, issuer_key, GNUTLS_DIG_SHA1, 0);
+ return gnutls_x509_crt_sign2(crt, issuer, issuer_key,
+ GNUTLS_DIG_SHA1, 0);
}
/**
@@ -890,17 +865,17 @@ gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
* negative error value.
**/
int
-gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, time_t act_time)
+gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert,
+ time_t act_time)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_set_time (cert->cert,
- "tbsCertificate.validity.notBefore",
- act_time, 0);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_time(cert->cert,
+ "tbsCertificate.validity.notBefore",
+ act_time, 0);
}
/**
@@ -914,15 +889,16 @@ gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, time_t act_time)
* negative error value.
**/
int
-gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time)
+gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert,
+ time_t exp_time)
{
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
- return _gnutls_x509_set_time (cert->cert,
- "tbsCertificate.validity.notAfter", exp_time, 0);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ return _gnutls_x509_set_time(cert->cert,
+ "tbsCertificate.validity.notAfter",
+ exp_time, 0);
}
/**
@@ -942,48 +918,47 @@ gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time)
* negative error value.
**/
int
-gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial,
- size_t serial_size)
+gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void *serial,
+ size_t serial_size)
{
- int ret;
+ int ret;
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret =
- asn1_write_value (cert->cert, "tbsCertificate.serialNumber", serial,
- serial_size);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
+ ret =
+ asn1_write_value(cert->cert, "tbsCertificate.serialNumber",
+ serial, serial_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
- return 0;
+ return 0;
}
/* If OPTIONAL fields have not been initialized then
* disable them.
*/
-static void
-disable_optional_stuff (gnutls_x509_crt_t cert)
+static void disable_optional_stuff(gnutls_x509_crt_t cert)
{
- asn1_write_value (cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0);
+ asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL,
+ 0);
- asn1_write_value (cert->cert, "tbsCertificate.subjectUniqueID", NULL, 0);
+ asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID",
+ NULL, 0);
- if (cert->use_extensions == 0)
- {
- _gnutls_debug_log ("Disabling X.509 extensions.\n");
- asn1_write_value (cert->cert, "tbsCertificate.extensions", NULL, 0);
- }
+ if (cert->use_extensions == 0) {
+ _gnutls_debug_log("Disabling X.509 extensions.\n");
+ asn1_write_value(cert->cert, "tbsCertificate.extensions",
+ NULL, 0);
+ }
- return;
+ return;
}
/**
@@ -999,14 +974,14 @@ disable_optional_stuff (gnutls_x509_crt_t cert)
* negative error value.
**/
int
-gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t type,
- const void *data_string,
- unsigned int reason_flags)
+gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data_string,
+ unsigned int reason_flags)
{
- return gnutls_x509_crt_set_crl_dist_points2 (crt, type, data_string,
- strlen (data_string),
- reason_flags);
+ return gnutls_x509_crt_set_crl_dist_points2(crt, type, data_string,
+ strlen(data_string),
+ reason_flags);
}
/**
@@ -1025,60 +1000,58 @@ gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
* Since: 2.6.0
**/
int
-gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
- gnutls_x509_subject_alt_name_t type,
- const void *data,
- unsigned int data_size,
- unsigned int reason_flags)
+gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags)
{
- int result;
- gnutls_datum_t der_data = { NULL, 0 };
- gnutls_datum_t oldname = { NULL, 0 };
- unsigned int critical;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crt_get_extension (crt, "2.5.29.31", 0, &oldname, &critical);
-
- _gnutls_free_datum (&oldname);
-
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result =
- _gnutls_x509_ext_gen_crl_dist_points (type, data, data_size,
- reason_flags, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.31", &der_data, 0);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- crt->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t der_data = { NULL, 0 };
+ gnutls_datum_t oldname = { NULL, 0 };
+ unsigned int critical;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(crt, "2.5.29.31", 0, &oldname,
+ &critical);
+
+ _gnutls_free_datum(&oldname);
+
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_crl_dist_points(type, data, data_size,
+ reason_flags, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.31", &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
}
@@ -1095,43 +1068,41 @@ gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
* negative error value.
**/
int
-gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
- gnutls_x509_crt_t src)
+gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst,
+ gnutls_x509_crt_t src)
{
- int result;
- gnutls_datum_t der_data;
- unsigned int critical;
-
- if (dst == NULL || src == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crt_get_extension (src, "2.5.29.31", 0, &der_data,
- &critical);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- _gnutls_x509_crt_set_extension (dst, "2.5.29.31", &der_data, critical);
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- dst->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t der_data;
+ unsigned int critical;
+
+ if (dst == NULL || src == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(src, "2.5.29.31", 0, &der_data,
+ &critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(dst, "2.5.29.31", &der_data,
+ critical);
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ dst->use_extensions = 1;
+
+ return 0;
}
/**
@@ -1147,54 +1118,53 @@ gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
* negative error value.
**/
int
-gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size)
+gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert,
+ const void *id, size_t id_size)
{
- int result;
- gnutls_datum_t old_id, der_data;
- unsigned int critical;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &old_id, &critical);
-
- if (result >= 0)
- _gnutls_free_datum (&old_id);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_key_id (id, id_size, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension (cert, "2.5.29.14", &der_data, 0);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- cert->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &old_id,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_key_id(id, id_size, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(cert, "2.5.29.14", &der_data,
+ 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
}
/**
@@ -1210,54 +1180,53 @@ gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
* negative error value.
**/
int
-gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
- const void *id, size_t id_size)
+gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert,
+ const void *id, size_t id_size)
{
- int result;
- gnutls_datum_t old_id, der_data;
- unsigned int critical;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &old_id, &critical);
-
- if (result >= 0)
- _gnutls_free_datum (&old_id);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_auth_key_id (id, id_size, &der_data);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension (cert, "2.5.29.35", &der_data, 0);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- cert->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &old_id,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_auth_key_id(id, id_size, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(cert, "2.5.29.35", &der_data,
+ 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
}
/**
@@ -1276,93 +1245,87 @@ gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
* otherwise a negative error code is returned.
**/
int
-gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
- const void *oid, unsigned int critical)
+gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert,
+ const void *oid, unsigned int critical)
{
- int result;
- gnutls_datum_t old_id, der_data;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- /* Check if the extension already exists.
- */
- result =
- _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &old_id, NULL);
-
- if (result >= 0)
- {
- /* decode it.
- */
- result = asn1_der_decoding (&c2, old_id.data, old_id.size, NULL);
- _gnutls_free_datum (&old_id);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- }
-
- /* generate the extension.
- */
- /* 1. create a new element.
- */
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- /* 2. Add the OID.
- */
- result = asn1_write_value (c2, "?LAST", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- asn1_delete_structure (&c2);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = _gnutls_x509_crt_set_extension (cert, "2.5.29.37",
- &der_data, critical);
-
- _gnutls_free_datum (&der_data);
-
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- cert->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum_t old_id, der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &old_id,
+ NULL);
+
+ if (result >= 0) {
+ /* decode it.
+ */
+ result =
+ asn1_der_decoding(&c2, old_id.data, old_id.size, NULL);
+ _gnutls_free_datum(&old_id);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ }
+
+ /* generate the extension.
+ */
+ /* 1. create a new element.
+ */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* 2. Add the OID.
+ */
+ result = asn1_write_value(c2, "?LAST", oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ asn1_delete_structure(&c2);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_crt_set_extension(cert, "2.5.29.37",
+ &der_data, critical);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
}
@@ -1384,45 +1347,43 @@ gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
* negative error value.
**/
int
-gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
- gnutls_privkey_t issuer_key,
- gnutls_digest_algorithm_t dig,
- unsigned int flags)
+gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
{
- int result;
-
- if (crt == NULL || issuer == NULL || issuer_key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* disable all the unneeded OPTIONAL fields.
- */
- disable_optional_stuff (crt);
-
- result = _gnutls_x509_pkix_sign (crt->cert, "tbsCertificate",
- dig, issuer, issuer_key);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- return 0;
+ int result;
+
+ if (crt == NULL || issuer == NULL || issuer_key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* disable all the unneeded OPTIONAL fields.
+ */
+ disable_optional_stuff(crt);
+
+ result = _gnutls_x509_pkix_sign(crt->cert, "tbsCertificate",
+ dig, issuer, issuer_key);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
-static const char* what_to_oid(int what)
+static const char *what_to_oid(int what)
{
- switch(what)
- {
- case GNUTLS_IA_OCSP_URI:
- return GNUTLS_OID_AD_OCSP;
- case GNUTLS_IA_CAISSUERS_URI:
- return GNUTLS_OID_AD_CAISSUERS;
- default:
- return NULL;
- }
+ switch (what) {
+ case GNUTLS_IA_OCSP_URI:
+ return GNUTLS_OID_AD_OCSP;
+ case GNUTLS_IA_CAISSUERS_URI:
+ return GNUTLS_OID_AD_CAISSUERS;
+ default:
+ return NULL;
+ }
}
/**
@@ -1447,161 +1408,152 @@ static const char* what_to_oid(int what)
* Since: 3.0
**/
int
-gnutls_x509_crt_set_authority_info_access (gnutls_x509_crt_t crt,
- int what,
- gnutls_datum_t * data)
+gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt,
+ int what, gnutls_datum_t * data)
{
- int ret, result;
- gnutls_datum_t aia = { NULL, 0 };
- gnutls_datum_t der_data = { NULL, 0 };
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- const char* oid;
- unsigned int c;
-
- if (crt == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- oid = what_to_oid(what);
- if (oid == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- ret = asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.AuthorityInfoAccessSyntax", &c2);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret = _gnutls_x509_crt_get_extension (crt, GNUTLS_OID_AIA, 0, &aia,
- &c);
- if (ret >= 0) /* decode it */
- {
- ret = asn1_der_decoding (&c2, aia.data, aia.size, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (ret);
- goto cleanup;
- }
- }
-
- /* generate the extension.
- */
- /* 1. create a new element.
- */
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* 2. Add the OID.
- */
- result = asn1_write_value (c2, "?LAST.accessMethod", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* accessLocation is a choice */
- result = asn1_write_value (c2, "?LAST.accessLocation", "uniformResourceIdentifier", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (c2, "?LAST.accessLocation.uniformResourceIdentifier", data->data, data->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- ret = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- ret = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = _gnutls_x509_crt_set_extension (crt, GNUTLS_OID_AIA,
- &der_data, 0);
- if (ret < 0)
- gnutls_assert ();
-
- crt->use_extensions = 1;
-
-cleanup:
- _gnutls_free_datum (&der_data);
- _gnutls_free_datum(&aia);
- asn1_delete_structure (&c2);
-
- return ret;
+ int ret, result;
+ gnutls_datum_t aia = { NULL, 0 };
+ gnutls_datum_t der_data = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ const char *oid;
+ unsigned int c;
+
+ if (crt == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ oid = what_to_oid(what);
+ if (oid == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.AuthorityInfoAccessSyntax", &c2);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret = _gnutls_x509_crt_get_extension(crt, GNUTLS_OID_AIA, 0, &aia,
+ &c);
+ if (ret >= 0) { /* decode it */
+ ret = asn1_der_decoding(&c2, aia.data, aia.size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+ }
+
+ /* generate the extension.
+ */
+ /* 1. create a new element.
+ */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* 2. Add the OID.
+ */
+ result = asn1_write_value(c2, "?LAST.accessMethod", oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* accessLocation is a choice */
+ result =
+ asn1_write_value(c2, "?LAST.accessLocation",
+ "uniformResourceIdentifier", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(c2,
+ "?LAST.accessLocation.uniformResourceIdentifier",
+ data->data, data->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_crt_set_extension(crt, GNUTLS_OID_AIA,
+ &der_data, 0);
+ if (ret < 0)
+ gnutls_assert();
+
+ crt->use_extensions = 1;
+
+ cleanup:
+ _gnutls_free_datum(&der_data);
+ _gnutls_free_datum(&aia);
+ asn1_delete_structure(&c2);
+
+ return ret;
}
-static int encode_user_notice(const gnutls_datum_t* txt, gnutls_datum_t *der_data)
+static int encode_user_notice(const gnutls_datum_t * txt,
+ gnutls_datum_t * der_data)
{
- int result;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.UserNotice",
- &c2)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- /* delete noticeRef */
- result =
- asn1_write_value (c2, "noticeRef", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result =
- asn1_write_value (c2, "explicitText", "utf8String", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result =
- asn1_write_value (c2, "explicitText.utf8String", txt->data, txt->size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = _gnutls_x509_der_encode(c2, "", der_data, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = 0;
-
-error:
- asn1_delete_structure (&c2);
- return result;
+ int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.UserNotice",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* delete noticeRef */
+ result = asn1_write_value(c2, "noticeRef", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = asn1_write_value(c2, "explicitText", "utf8String", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ asn1_write_value(c2, "explicitText.utf8String", txt->data,
+ txt->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", der_data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = 0;
+
+ error:
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -1624,159 +1576,157 @@ error:
* Since: 3.1.5
**/
int
-gnutls_x509_crt_set_policy (gnutls_x509_crt_t crt, struct gnutls_x509_policy_st* policy,
- unsigned int critical)
+gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt,
+ struct gnutls_x509_policy_st *policy,
+ unsigned int critical)
{
- int result;
- unsigned i;
- gnutls_datum_t der_data, tmpd, prev_der_data = {NULL, 0};
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- const char* oid;
-
- if (crt == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = _gnutls_x509_crt_get_extension (crt, "2.5.29.32", 0,
- &prev_der_data, NULL);
- if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- asn1_create_element (_gnutls_get_pkix (), "PKIX1.certificatePolicies", &c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (prev_der_data.data != NULL)
- {
- result =
- asn1_der_decoding (&c2, prev_der_data.data, prev_der_data.size,
- NULL);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
- }
-
- /* 1. write a new policy */
- result = asn1_write_value (c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- /* 2. Add the OID.
- */
- result = asn1_write_value (c2, "?LAST.policyIdentifier", policy->oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- for (i=0;i<MIN(policy->qualifiers,GNUTLS_MAX_QUALIFIERS);i++)
- {
- result = asn1_write_value (c2, "?LAST.policyQualifiers", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_URI)
- oid = "1.3.6.1.5.5.7.2.1";
- else if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_NOTICE)
- oid = "1.3.6.1.5.5.7.2.2";
- else
- {
- result = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- goto cleanup;
- }
-
- result = asn1_write_value (c2, "?LAST.policyQualifiers.?LAST.policyQualifierId", oid, 1);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_URI)
- {
- tmpd.data = (void*)policy->qualifier[i].data;
- tmpd.size = policy->qualifier[i].size;
-
- result = _gnutls_x509_write_string(c2, "?LAST.policyQualifiers.?LAST.qualifier",
- &tmpd, ASN1_ETYPE_IA5_STRING);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- else if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_NOTICE)
- {
- tmpd.data = (void*)policy->qualifier[i].data;
- tmpd.size = policy->qualifier[i].size;
-
- if (tmpd.size > 200)
- {
- gnutls_assert();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- result = encode_user_notice(&tmpd, &der_data);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_value(c2, "?LAST.policyQualifiers.?LAST.qualifier",
- &der_data);
- _gnutls_free_datum(&der_data);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
- }
- }
-
- result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
- if (result < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_crt_set_extension (crt, "2.5.29.32",
- &der_data, 0);
-
- _gnutls_free_datum(&der_data);
-
- crt->use_extensions = 1;
-
-cleanup:
- asn1_delete_structure (&c2);
- _gnutls_free_datum(&prev_der_data);
-
- return result;
+ int result;
+ unsigned i;
+ gnutls_datum_t der_data, tmpd, prev_der_data = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ const char *oid;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_crt_get_extension(crt, "2.5.29.32", 0,
+ &prev_der_data, NULL);
+ if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.certificatePolicies", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (prev_der_data.data != NULL) {
+ result =
+ asn1_der_decoding(&c2, prev_der_data.data,
+ prev_der_data.size, NULL);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ }
+
+ /* 1. write a new policy */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* 2. Add the OID.
+ */
+ result =
+ asn1_write_value(c2, "?LAST.policyIdentifier", policy->oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ for (i = 0; i < MIN(policy->qualifiers, GNUTLS_MAX_QUALIFIERS);
+ i++) {
+ result =
+ asn1_write_value(c2, "?LAST.policyQualifiers", "NEW",
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_URI)
+ oid = "1.3.6.1.5.5.7.2.1";
+ else if (policy->qualifier[i].type ==
+ GNUTLS_X509_QUALIFIER_NOTICE)
+ oid = "1.3.6.1.5.5.7.2.2";
+ else {
+ result =
+ gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(c2,
+ "?LAST.policyQualifiers.?LAST.policyQualifierId",
+ oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (policy->qualifier[i].type == GNUTLS_X509_QUALIFIER_URI) {
+ tmpd.data = (void *) policy->qualifier[i].data;
+ tmpd.size = policy->qualifier[i].size;
+
+ result =
+ _gnutls_x509_write_string(c2,
+ "?LAST.policyQualifiers.?LAST.qualifier",
+ &tmpd,
+ ASN1_ETYPE_IA5_STRING);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else if (policy->qualifier[i].type ==
+ GNUTLS_X509_QUALIFIER_NOTICE) {
+ tmpd.data = (void *) policy->qualifier[i].data;
+ tmpd.size = policy->qualifier[i].size;
+
+ if (tmpd.size > 200) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ result = encode_user_notice(&tmpd, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_write_value(c2,
+ "?LAST.policyQualifiers.?LAST.qualifier",
+ &der_data);
+ _gnutls_free_datum(&der_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ }
+
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_crt_set_extension(crt, "2.5.29.32",
+ &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ crt->use_extensions = 1;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+ _gnutls_free_datum(&prev_der_data);
+
+ return result;
}
diff --git a/lib/x509_b64.c b/lib/x509_b64.c
index 9e727b5f51..7702916ca6 100644
--- a/lib/x509_b64.c
+++ b/lib/x509_b64.c
@@ -43,77 +43,75 @@
* The result_size (including the null terminator) is the return value.
*/
int
-_gnutls_fbase64_encode (const char *msg, const uint8_t * data,
- size_t data_size, gnutls_datum_t * result)
+_gnutls_fbase64_encode(const char *msg, const uint8_t * data,
+ size_t data_size, gnutls_datum_t * result)
{
- int tmp;
- unsigned int i;
- char tmpres[66];
- uint8_t *ptr;
- char top[80];
- char bottom[80];
- size_t size, max, bytes;
- int pos, top_len, bottom_len;
-
- if (msg == NULL || strlen(msg) > 50)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_ENCODING_ERROR;
- }
-
- _gnutls_str_cpy (top, sizeof(top), "-----BEGIN ");
- _gnutls_str_cat (top, sizeof(top), msg);
- _gnutls_str_cat (top, sizeof(top), "-----\n");
-
- _gnutls_str_cpy (bottom, sizeof(bottom), "-----END ");
- _gnutls_str_cat (bottom, sizeof(bottom), msg);
- _gnutls_str_cat (bottom, sizeof(bottom), "-----\n");
-
- top_len = strlen (top);
- bottom_len = strlen (bottom);
-
- max = B64FSIZE (top_len+bottom_len, data_size);
-
- result->data = gnutls_malloc (max + 1);
- if (result->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- bytes = pos = 0;
- INCR (bytes, top_len, max);
- pos = top_len;
-
- memcpy (result->data, top, top_len);
-
- for (i = 0; i < data_size; i += 48)
- {
- if (data_size - i < 48)
- tmp = data_size - i;
- else
- tmp = 48;
-
- base64_encode ((void*)&data[i], tmp, tmpres, sizeof(tmpres));
- size = strlen(tmpres);
-
- INCR (bytes, size+1, max);
- ptr = &result->data[pos];
-
- memcpy(ptr, tmpres, size);
- ptr += size;
- *ptr++ = '\n';
-
- pos += size + 1;
- }
-
- INCR (bytes, bottom_len, max);
-
- memcpy (&result->data[bytes - bottom_len], bottom, bottom_len);
- result->data[bytes] = 0;
- result->size = bytes;
-
- return max + 1;
+ int tmp;
+ unsigned int i;
+ char tmpres[66];
+ uint8_t *ptr;
+ char top[80];
+ char bottom[80];
+ size_t size, max, bytes;
+ int pos, top_len, bottom_len;
+
+ if (msg == NULL || strlen(msg) > 50) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_ENCODING_ERROR;
+ }
+
+ _gnutls_str_cpy(top, sizeof(top), "-----BEGIN ");
+ _gnutls_str_cat(top, sizeof(top), msg);
+ _gnutls_str_cat(top, sizeof(top), "-----\n");
+
+ _gnutls_str_cpy(bottom, sizeof(bottom), "-----END ");
+ _gnutls_str_cat(bottom, sizeof(bottom), msg);
+ _gnutls_str_cat(bottom, sizeof(bottom), "-----\n");
+
+ top_len = strlen(top);
+ bottom_len = strlen(bottom);
+
+ max = B64FSIZE(top_len + bottom_len, data_size);
+
+ result->data = gnutls_malloc(max + 1);
+ if (result->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ bytes = pos = 0;
+ INCR(bytes, top_len, max);
+ pos = top_len;
+
+ memcpy(result->data, top, top_len);
+
+ for (i = 0; i < data_size; i += 48) {
+ if (data_size - i < 48)
+ tmp = data_size - i;
+ else
+ tmp = 48;
+
+ base64_encode((void *) &data[i], tmp, tmpres,
+ sizeof(tmpres));
+ size = strlen(tmpres);
+
+ INCR(bytes, size + 1, max);
+ ptr = &result->data[pos];
+
+ memcpy(ptr, tmpres, size);
+ ptr += size;
+ *ptr++ = '\n';
+
+ pos += size + 1;
+ }
+
+ INCR(bytes, bottom_len, max);
+
+ memcpy(&result->data[bytes - bottom_len], bottom, bottom_len);
+ result->data[bytes] = 0;
+ result->size = bytes;
+
+ return max + 1;
}
/**
@@ -134,30 +132,27 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data,
* not long enough, or 0 on success.
**/
int
-gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
- char *result, size_t * result_size)
+gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data,
+ char *result, size_t * result_size)
{
- gnutls_datum_t res;
- int ret;
-
- ret = _gnutls_fbase64_encode (msg, data->data, data->size, &res);
- if (ret < 0)
- return ret;
-
- if (result == NULL || *result_size < (unsigned) res.size)
- {
- gnutls_free (res.data);
- *result_size = res.size + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- memcpy (result, res.data, res.size);
- gnutls_free (res.data);
- *result_size = res.size;
- }
-
- return 0;
+ gnutls_datum_t res;
+ int ret;
+
+ ret = _gnutls_fbase64_encode(msg, data->data, data->size, &res);
+ if (ret < 0)
+ return ret;
+
+ if (result == NULL || *result_size < (unsigned) res.size) {
+ gnutls_free(res.data);
+ *result_size = res.size + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ memcpy(result, res.data, res.size);
+ gnutls_free(res.data);
+ *result_size = res.size;
+ }
+
+ return 0;
}
/**
@@ -177,104 +172,103 @@ gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
* an error code is returned.
**/
int
-gnutls_pem_base64_encode_alloc (const char *msg,
- const gnutls_datum_t * data,
- gnutls_datum_t * result)
+gnutls_pem_base64_encode_alloc(const char *msg,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * result)
{
- int ret;
+ int ret;
- if (result == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (result == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- ret = _gnutls_fbase64_encode (msg, data->data, data->size, result);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_fbase64_encode(msg, data->data, data->size, result);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- return 0;
+ return 0;
}
/* copies data to result but removes newlines and <CR>
* returns the size of the data copied.
*/
inline static int
-cpydata (const uint8_t * data, int data_size, gnutls_datum_t *result)
+cpydata(const uint8_t * data, int data_size, gnutls_datum_t * result)
{
- int i, j;
-
- result->data = gnutls_malloc (data_size+1);
- if (result->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- for (j = i = 0; i < data_size; i++)
- {
- if (data[i] == '\n' || data[i] == '\r' || data[i] == ' '
- || data[i] == '\t')
- continue;
- else if (data[i] == '-') break;
- result->data[j] = data[i];
- j++;
- }
-
- result->size = j;
- result->data[j] = 0;
- return j;
+ int i, j;
+
+ result->data = gnutls_malloc(data_size + 1);
+ if (result->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ for (j = i = 0; i < data_size; i++) {
+ if (data[i] == '\n' || data[i] == '\r' || data[i] == ' '
+ || data[i] == '\t')
+ continue;
+ else if (data[i] == '-')
+ break;
+ result->data[j] = data[i];
+ j++;
+ }
+
+ result->size = j;
+ result->data[j] = 0;
+ return j;
}
/* decodes data and puts the result into result (locally allocated)
* The result_size is the return value
*/
int
-_gnutls_base64_decode (const uint8_t * data, size_t data_size,
- gnutls_datum_t * result)
+_gnutls_base64_decode(const uint8_t * data, size_t data_size,
+ gnutls_datum_t * result)
{
- unsigned int i;
- int pos, tmp, est, ret;
- uint8_t tmpres[48];
- size_t tmpres_size, decode_size;
- gnutls_datum_t pdata;
-
- ret = cpydata(data, data_size, &pdata);
- if (ret < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- est = ((data_size * 3) / 4) + 1;
-
- result->data = gnutls_malloc (est);
- if (result->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- pos = 0;
- for (i = 0; i < pdata.size; i += 64)
- {
- if (pdata.size - i < 64)
- decode_size = pdata.size - i;
- else
- decode_size = 64;
-
- tmpres_size = sizeof(tmpres);
- tmp = base64_decode ((void*)&pdata.data[i], decode_size, (void*)tmpres, &tmpres_size);
- if (tmp == 0)
- {
- gnutls_assert();
- gnutls_free (result->data);
- result->data = NULL;
- ret = GNUTLS_E_PARSING_ERROR;
- goto cleanup;
- }
- memcpy (&result->data[pos], tmpres, tmpres_size);
- pos += tmpres_size;
- }
-
- result->size = pos;
-
- ret = pos;
-
-cleanup:
- gnutls_free (pdata.data);
- return ret;
+ unsigned int i;
+ int pos, tmp, est, ret;
+ uint8_t tmpres[48];
+ size_t tmpres_size, decode_size;
+ gnutls_datum_t pdata;
+
+ ret = cpydata(data, data_size, &pdata);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ est = ((data_size * 3) / 4) + 1;
+
+ result->data = gnutls_malloc(est);
+ if (result->data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ pos = 0;
+ for (i = 0; i < pdata.size; i += 64) {
+ if (pdata.size - i < 64)
+ decode_size = pdata.size - i;
+ else
+ decode_size = 64;
+
+ tmpres_size = sizeof(tmpres);
+ tmp =
+ base64_decode((void *) &pdata.data[i], decode_size,
+ (void *) tmpres, &tmpres_size);
+ if (tmp == 0) {
+ gnutls_assert();
+ gnutls_free(result->data);
+ result->data = NULL;
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+ memcpy(&result->data[pos], tmpres, tmpres_size);
+ pos += tmpres_size;
+ }
+
+ result->size = pos;
+
+ ret = pos;
+
+ cleanup:
+ gnutls_free(pdata.data);
+ return ret;
}
@@ -285,77 +279,72 @@ cleanup:
*/
#define ENDSTR "-----"
int
-_gnutls_fbase64_decode (const char *header, const uint8_t * data,
- size_t data_size, gnutls_datum_t* result)
+_gnutls_fbase64_decode(const char *header, const uint8_t * data,
+ size_t data_size, gnutls_datum_t * result)
{
- int ret;
- static const char top[] = "-----BEGIN ";
- static const char bottom[] = "-----END ";
- uint8_t *rdata, *kdata;
- int rdata_size;
- char pem_header[128];
-
- _gnutls_str_cpy (pem_header, sizeof (pem_header), top);
- if (header != NULL)
- _gnutls_str_cat (pem_header, sizeof (pem_header), header);
-
- rdata = memmem (data, data_size, pem_header, strlen (pem_header));
-
- if (rdata == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Could not find '%s'\n", pem_header);
- return GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR;
- }
-
- data_size -= (unsigned long int) rdata - (unsigned long int) data;
-
- if (data_size < 4 + strlen (bottom))
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- kdata = memmem (rdata + 1, data_size - 1, ENDSTR, sizeof (ENDSTR) - 1);
- /* allow CR as well.
- */
- if (kdata == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Could not find '%s'\n", ENDSTR);
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
- data_size -= strlen (ENDSTR);
- data_size -= (unsigned long int) kdata - (unsigned long int) rdata;
-
- rdata = kdata + strlen (ENDSTR);
-
- /* position is now after the ---BEGIN--- headers */
-
- kdata = memmem (rdata, data_size, bottom, strlen (bottom));
- if (kdata == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- /* position of kdata is before the ----END--- footer
- */
- rdata_size = (unsigned long int) kdata - (unsigned long int) rdata;
-
- if (rdata_size < 4)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- if ((ret = _gnutls_base64_decode (rdata, rdata_size, result)) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- return ret;
+ int ret;
+ static const char top[] = "-----BEGIN ";
+ static const char bottom[] = "-----END ";
+ uint8_t *rdata, *kdata;
+ int rdata_size;
+ char pem_header[128];
+
+ _gnutls_str_cpy(pem_header, sizeof(pem_header), top);
+ if (header != NULL)
+ _gnutls_str_cat(pem_header, sizeof(pem_header), header);
+
+ rdata = memmem(data, data_size, pem_header, strlen(pem_header));
+
+ if (rdata == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("Could not find '%s'\n", pem_header);
+ return GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR;
+ }
+
+ data_size -= (unsigned long int) rdata - (unsigned long int) data;
+
+ if (data_size < 4 + strlen(bottom)) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ kdata =
+ memmem(rdata + 1, data_size - 1, ENDSTR, sizeof(ENDSTR) - 1);
+ /* allow CR as well.
+ */
+ if (kdata == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("Could not find '%s'\n", ENDSTR);
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ data_size -= strlen(ENDSTR);
+ data_size -= (unsigned long int) kdata - (unsigned long int) rdata;
+
+ rdata = kdata + strlen(ENDSTR);
+
+ /* position is now after the ---BEGIN--- headers */
+
+ kdata = memmem(rdata, data_size, bottom, strlen(bottom));
+ if (kdata == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ /* position of kdata is before the ----END--- footer
+ */
+ rdata_size = (unsigned long int) kdata - (unsigned long int) rdata;
+
+ if (rdata_size < 4) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ if ((ret = _gnutls_base64_decode(rdata, rdata_size, result)) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ return ret;
}
/**
@@ -375,32 +364,30 @@ _gnutls_fbase64_decode (const char *header, const uint8_t * data,
* not long enough, or 0 on success.
**/
int
-gnutls_pem_base64_decode (const char *header,
- const gnutls_datum_t * b64_data,
- unsigned char *result, size_t * result_size)
+gnutls_pem_base64_decode(const char *header,
+ const gnutls_datum_t * b64_data,
+ unsigned char *result, size_t * result_size)
{
- gnutls_datum_t res;
- int ret;
-
- ret =
- _gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &res);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (result == NULL || *result_size < (unsigned) res.size)
- {
- gnutls_free (res.data);
- *result_size = res.size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- else
- {
- memcpy (result, res.data, res.size);
- gnutls_free (res.data);
- *result_size = res.size;
- }
-
- return 0;
+ gnutls_datum_t res;
+ int ret;
+
+ ret =
+ _gnutls_fbase64_decode(header, b64_data->data, b64_data->size,
+ &res);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (result == NULL || *result_size < (unsigned) res.size) {
+ gnutls_free(res.data);
+ *result_size = res.size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ memcpy(result, res.data, res.size);
+ gnutls_free(res.data);
+ *result_size = res.size;
+ }
+
+ return 0;
}
/**
@@ -421,19 +408,20 @@ gnutls_pem_base64_decode (const char *header,
* an error code is returned.
**/
int
-gnutls_pem_base64_decode_alloc (const char *header,
- const gnutls_datum_t * b64_data,
- gnutls_datum_t * result)
+gnutls_pem_base64_decode_alloc(const char *header,
+ const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result)
{
- int ret;
+ int ret;
- if (result == NULL)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ if (result == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- ret =
- _gnutls_fbase64_decode (header, b64_data->data, b64_data->size, result);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _gnutls_fbase64_decode(header, b64_data->data, b64_data->size,
+ result);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- return 0;
+ return 0;
}
diff --git a/lib/x509_b64.h b/lib/x509_b64.h
index c9c2f80ed1..be3482934e 100644
--- a/lib/x509_b64.h
+++ b/lib/x509_b64.h
@@ -20,14 +20,14 @@
*
*/
-int _gnutls_fbase64_encode (const char *msg, const uint8_t * data,
- size_t data_size, gnutls_datum_t* result);
-int _gnutls_fbase64_decode (const char *header, const uint8_t * data,
- size_t data_size, gnutls_datum_t* result);
+int _gnutls_fbase64_encode(const char *msg, const uint8_t * data,
+ size_t data_size, gnutls_datum_t * result);
+int _gnutls_fbase64_decode(const char *header, const uint8_t * data,
+ size_t data_size, gnutls_datum_t * result);
int
-_gnutls_base64_decode (const uint8_t * data, size_t data_size,
- gnutls_datum_t * result);
+_gnutls_base64_decode(const uint8_t * data, size_t data_size,
+ gnutls_datum_t * result);
#define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4)))
diff --git a/lib/xssl.c b/lib/xssl.c
index ca2f2530be..7b9e198d94 100644
--- a/lib/xssl.c
+++ b/lib/xssl.c
@@ -39,94 +39,93 @@
*
* Since: 3.1.7
**/
-void xssl_cred_deinit (xssl_cred_t cred)
+void xssl_cred_deinit(xssl_cred_t cred)
{
- if (cred->xcred)
- gnutls_certificate_free_credentials(cred->xcred);
- gnutls_free(cred);
+ if (cred->xcred)
+ gnutls_certificate_free_credentials(cred->xcred);
+ gnutls_free(cred);
}
-static int
-_verify_certificate_callback (gnutls_session_t session)
+static int _verify_certificate_callback(gnutls_session_t session)
{
- unsigned int status;
- xssl_t sb;
- int ret, type;
- const char *hostname = NULL;
- const char *service = NULL;
- const char *tofu_file = NULL;
-
- sb = gnutls_session_get_ptr(session);
- if (sb == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (sb->cred == NULL)
- return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- if (sb->server_name[0] != 0)
- hostname = sb->server_name;
-
- if (sb->service_name[0] != 0)
- service = sb->service_name;
-
- if (sb->cred->tofu_file[0] != 0)
- tofu_file = sb->cred->tofu_file;
-
- /* This verification function uses the trusted CAs in the credentials
- * structure. So you must have installed one or more CA certificates.
- */
- sb->vstatus = 0;
- if (sb->cred->vflags & GNUTLS_VMETHOD_SYSTEM_CAS || sb->cred->vflags & GNUTLS_VMETHOD_GIVEN_CAS)
- {
- ret = gnutls_certificate_verify_peers3 (session, hostname, &status);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
-
- sb->vstatus = status;
-
- if (status != 0) /* Certificate is not trusted */
- return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
- }
-
- if (hostname && sb->cred->vflags & GNUTLS_VMETHOD_TOFU)
- {
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size;
-
- type = gnutls_certificate_type_get (session);
-
- /* Do SSH verification */
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list == NULL)
- {
- sb->vstatus |= GNUTLS_CERT_INVALID;
- return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
- }
-
- /* service may be obtained alternatively using getservbyport() */
- ret = gnutls_verify_stored_pubkey(tofu_file, NULL, hostname, service,
- type, &cert_list[0], 0);
- if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- /* host was not seen before. Store the key */
- gnutls_store_pubkey(tofu_file, NULL, hostname, service,
- type, &cert_list[0], 0, 0);
- }
- else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
- {
- sb->vstatus |= GNUTLS_CERT_MISMATCH;
- return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
- }
- else if (ret < 0)
- {
- sb->vstatus |= GNUTLS_CERT_INVALID;
- return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
- }
- }
-
- /* notify gnutls to continue handshake normally */
- return 0;
+ unsigned int status;
+ xssl_t sb;
+ int ret, type;
+ const char *hostname = NULL;
+ const char *service = NULL;
+ const char *tofu_file = NULL;
+
+ sb = gnutls_session_get_ptr(session);
+ if (sb == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+
+ if (sb->cred == NULL)
+ return
+ gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ if (sb->server_name[0] != 0)
+ hostname = sb->server_name;
+
+ if (sb->service_name[0] != 0)
+ service = sb->service_name;
+
+ if (sb->cred->tofu_file[0] != 0)
+ tofu_file = sb->cred->tofu_file;
+
+ /* This verification function uses the trusted CAs in the credentials
+ * structure. So you must have installed one or more CA certificates.
+ */
+ sb->vstatus = 0;
+ if (sb->cred->vflags & GNUTLS_VMETHOD_SYSTEM_CAS
+ || sb->cred->vflags & GNUTLS_VMETHOD_GIVEN_CAS) {
+ ret =
+ gnutls_certificate_verify_peers3(session, hostname,
+ &status);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
+
+ sb->vstatus = status;
+
+ if (status != 0) /* Certificate is not trusted */
+ return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
+ }
+
+ if (hostname && sb->cred->vflags & GNUTLS_VMETHOD_TOFU) {
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size;
+
+ type = gnutls_certificate_type_get(session);
+
+ /* Do SSH verification */
+ cert_list =
+ gnutls_certificate_get_peers(session, &cert_list_size);
+ if (cert_list == NULL) {
+ sb->vstatus |= GNUTLS_CERT_INVALID;
+ return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
+ }
+
+ /* service may be obtained alternatively using getservbyport() */
+ ret =
+ gnutls_verify_stored_pubkey(tofu_file, NULL, hostname,
+ service, type,
+ &cert_list[0], 0);
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) {
+ /* host was not seen before. Store the key */
+ gnutls_store_pubkey(tofu_file, NULL, hostname,
+ service, type, &cert_list[0],
+ 0, 0);
+ } else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
+ sb->vstatus |= GNUTLS_CERT_MISMATCH;
+ return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
+ } else if (ret < 0) {
+ sb->vstatus |= GNUTLS_CERT_INVALID;
+ return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
+ }
+ }
+
+ /* notify gnutls to continue handshake normally */
+ return 0;
}
/**
@@ -147,122 +146,141 @@ _verify_certificate_callback (gnutls_session_t session)
*
* Since: 3.1.7
**/
-int xssl_cred_init (xssl_cred_t *c, unsigned vflags,
- gnutls_cinput_st* aux,
- unsigned aux_size)
+int xssl_cred_init(xssl_cred_t * c, unsigned vflags,
+ gnutls_cinput_st * aux, unsigned aux_size)
{
-int ret;
-unsigned len, i;
-xssl_cred_t cred;
-
- *c = gnutls_calloc(1, sizeof(*cred));
- if (*c == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- cred = *c;
- cred->vflags = vflags;
-
- if (cred->xcred == NULL)
- {
- ret = gnutls_certificate_allocate_credentials(&cred->xcred);
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
-
- if (vflags & GNUTLS_VMETHOD_SYSTEM_CAS)
- {
- ret = gnutls_certificate_set_x509_system_trust(cred->xcred);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- for (i=0;i<aux_size;i++)
- {
- if (aux[i].contents == GNUTLS_CINPUT_KEYPAIR)
- {
- if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
- ret = gnutls_certificate_set_x509_key_file(cred->xcred, aux[i].i1.file, aux[i].i2.file, aux[i].fmt);
- else if (aux[i].type == GNUTLS_CINPUT_TYPE_MEM)
- ret = gnutls_certificate_set_x509_key_mem(cred->xcred, &aux[i].i1.mem, &aux[i].i2.mem, aux[i].fmt);
- else if (aux[i].type == GNUTLS_CINPUT_TYPE_PIN_FUNC)
- {
- ret = 0;
- gnutls_certificate_set_pin_function(cred->xcred, aux[i].i1.pin_fn,
- aux[i].i2.udata);
- }
- else ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- if (aux[i].contents == GNUTLS_CINPUT_CAS && (vflags & GNUTLS_VMETHOD_GIVEN_CAS))
- {
- if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
- ret = gnutls_certificate_set_x509_trust_file(cred->xcred, aux[i].i1.file, aux[i].fmt);
- else
- ret = gnutls_certificate_set_x509_trust_mem(cred->xcred, &aux[i].i1.mem, aux[i].fmt);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- if (aux[i].contents == GNUTLS_CINPUT_CRLS && (vflags & GNUTLS_VMETHOD_GIVEN_CAS))
- {
- if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
- ret = gnutls_certificate_set_x509_crl_file(cred->xcred, aux[i].i1.file, aux[i].fmt);
- else
- ret = gnutls_certificate_set_x509_crl_mem(cred->xcred, &aux[i].i1.mem, aux[i].fmt);
-
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- if (aux[i].contents == GNUTLS_CINPUT_TOFU_DB && (vflags & GNUTLS_VMETHOD_TOFU))
- {
- if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
- {
- len = strlen(aux[i].i1.file);
- if (len >= sizeof(cred->tofu_file))
- {
- ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- goto fail1;
- }
- memcpy(cred->tofu_file, aux[i].i1.file, len+1);
- ret = 0;
- }
- else
- ret = GNUTLS_E_INVALID_REQUEST;
-
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
- }
-
- gnutls_certificate_set_verify_function (cred->xcred, _verify_certificate_callback);
-
- return 0;
-fail1:
- gnutls_certificate_free_credentials(cred->xcred);
- cred->xcred = NULL;
- gnutls_free(*c);
-
- return ret;
+ int ret;
+ unsigned len, i;
+ xssl_cred_t cred;
+
+ *c = gnutls_calloc(1, sizeof(*cred));
+ if (*c == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ cred = *c;
+ cred->vflags = vflags;
+
+ if (cred->xcred == NULL) {
+ ret =
+ gnutls_certificate_allocate_credentials(&cred->xcred);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ if (vflags & GNUTLS_VMETHOD_SYSTEM_CAS) {
+ ret =
+ gnutls_certificate_set_x509_system_trust(cred->xcred);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ for (i = 0; i < aux_size; i++) {
+ if (aux[i].contents == GNUTLS_CINPUT_KEYPAIR) {
+ if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
+ ret =
+ gnutls_certificate_set_x509_key_file
+ (cred->xcred, aux[i].i1.file,
+ aux[i].i2.file, aux[i].fmt);
+ else if (aux[i].type == GNUTLS_CINPUT_TYPE_MEM)
+ ret =
+ gnutls_certificate_set_x509_key_mem
+ (cred->xcred, &aux[i].i1.mem,
+ &aux[i].i2.mem, aux[i].fmt);
+ else if (aux[i].type ==
+ GNUTLS_CINPUT_TYPE_PIN_FUNC) {
+ ret = 0;
+ gnutls_certificate_set_pin_function(cred->
+ xcred,
+ aux[i].
+ i1.
+ pin_fn,
+ aux[i].
+ i2.
+ udata);
+ } else
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ if (aux[i].contents == GNUTLS_CINPUT_CAS
+ && (vflags & GNUTLS_VMETHOD_GIVEN_CAS)) {
+ if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
+ ret =
+ gnutls_certificate_set_x509_trust_file
+ (cred->xcred, aux[i].i1.file,
+ aux[i].fmt);
+ else
+ ret =
+ gnutls_certificate_set_x509_trust_mem
+ (cred->xcred, &aux[i].i1.mem,
+ aux[i].fmt);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ if (aux[i].contents == GNUTLS_CINPUT_CRLS
+ && (vflags & GNUTLS_VMETHOD_GIVEN_CAS)) {
+ if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
+ ret =
+ gnutls_certificate_set_x509_crl_file
+ (cred->xcred, aux[i].i1.file,
+ aux[i].fmt);
+ else
+ ret =
+ gnutls_certificate_set_x509_crl_mem
+ (cred->xcred, &aux[i].i1.mem,
+ aux[i].fmt);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ if (aux[i].contents == GNUTLS_CINPUT_TOFU_DB
+ && (vflags & GNUTLS_VMETHOD_TOFU)) {
+ if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE) {
+ len = strlen(aux[i].i1.file);
+ if (len >= sizeof(cred->tofu_file)) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_INVALID_REQUEST);
+ goto fail1;
+ }
+ memcpy(cred->tofu_file, aux[i].i1.file,
+ len + 1);
+ ret = 0;
+ } else
+ ret = GNUTLS_E_INVALID_REQUEST;
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+ }
+
+ gnutls_certificate_set_verify_function(cred->xcred,
+ _verify_certificate_callback);
+
+ return 0;
+ fail1:
+ gnutls_certificate_free_credentials(cred->xcred);
+ cred->xcred = NULL;
+ gnutls_free(*c);
+
+ return ret;
}
/**
@@ -280,22 +298,21 @@ fail1:
*
* Since: 3.1.7
**/
-int xssl_sinit (xssl_t * isb, gnutls_session_t session,
- unsigned int flags)
+int xssl_sinit(xssl_t * isb, gnutls_session_t session, unsigned int flags)
{
-struct xssl_st* sb;
-
- sb = gnutls_calloc(1, sizeof(*sb));
- if (sb == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- _gnutls_buffer_init(&sb->buf);
- sb->session = session;
- sb->flags = flags;
-
- *isb = sb;
-
- return 0;
+ struct xssl_st *sb;
+
+ sb = gnutls_calloc(1, sizeof(*sb));
+ if (sb == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_buffer_init(&sb->buf);
+ sb->session = session;
+ sb->flags = flags;
+
+ *isb = sb;
+
+ return 0;
}
/**
@@ -320,115 +337,113 @@ struct xssl_st* sb;
*
* Since: 3.1.7
**/
-int xssl_client_init (xssl_t * isb, const char* hostname,
- const char* service,
- gnutls_transport_ptr fd,
- const char* priority, xssl_cred_t cred,
- unsigned int *status,
- unsigned int flags)
+int xssl_client_init(xssl_t * isb, const char *hostname,
+ const char *service,
+ gnutls_transport_ptr fd,
+ const char *priority, xssl_cred_t cred,
+ unsigned int *status, unsigned int flags)
{
-struct xssl_st* sb;
-gnutls_session_t session;
-int ret;
-unsigned len;
-
- ret = gnutls_init(&session, GNUTLS_CLIENT);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- sb = gnutls_calloc(1, sizeof(*sb));
- if (sb == NULL)
- {
- gnutls_deinit(session);
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail1;
- }
- _gnutls_buffer_init(&sb->buf);
- sb->session = session;
- sb->flags = flags;
- sb->cred = cred;
-
- /* set session/handshake info
- */
- gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- if (priority == NULL) priority = "NORMAL:%COMPAT";
- ret = gnutls_priority_set_direct(session, priority, NULL);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
-
- if (cred->xcred)
- {
- ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred->xcred);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- if (hostname)
- {
- len = strlen(hostname);
-
- if (len >= sizeof(sb->server_name))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- memcpy(sb->server_name, hostname, len+1);
-
- ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname, len);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
- }
-
- if (service)
- {
- len = strlen(service);
-
- if (len >= sizeof(sb->service_name))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- memcpy(sb->service_name, service, len+1);
- }
-
- gnutls_transport_set_ptr (session, fd);
- gnutls_session_set_ptr( session, sb);
-
- do
- {
- ret = gnutls_handshake(session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
- if (status) *status = sb->vstatus;
-
- if (ret < 0)
- {
- int ret2;
- do
- {
- ret2 = gnutls_alert_send_appropriate(sb->session, ret);
- }
- while (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0);
-
- return gnutls_assert_val(ret);
-
- gnutls_assert();
- goto fail1;
- }
-
- *isb = sb;
-
- return 0;
-
-fail1:
- if (sb)
- xssl_deinit(sb);
-
- return ret;
+ struct xssl_st *sb;
+ gnutls_session_t session;
+ int ret;
+ unsigned len;
+
+ ret = gnutls_init(&session, GNUTLS_CLIENT);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ sb = gnutls_calloc(1, sizeof(*sb));
+ if (sb == NULL) {
+ gnutls_deinit(session);
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail1;
+ }
+ _gnutls_buffer_init(&sb->buf);
+ sb->session = session;
+ sb->flags = flags;
+ sb->cred = cred;
+
+ /* set session/handshake info
+ */
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ if (priority == NULL)
+ priority = "NORMAL:%COMPAT";
+ ret = gnutls_priority_set_direct(session, priority, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+
+ if (cred->xcred) {
+ ret =
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cred->xcred);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ if (hostname) {
+ len = strlen(hostname);
+
+ if (len >= sizeof(sb->server_name))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ memcpy(sb->server_name, hostname, len + 1);
+
+ ret =
+ gnutls_server_name_set(session, GNUTLS_NAME_DNS,
+ hostname, len);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+ }
+
+ if (service) {
+ len = strlen(service);
+
+ if (len >= sizeof(sb->service_name))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ memcpy(sb->service_name, service, len + 1);
+ }
+
+ gnutls_transport_set_ptr(session, fd);
+ gnutls_session_set_ptr(session, sb);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (status)
+ *status = sb->vstatus;
+
+ if (ret < 0) {
+ int ret2;
+ do {
+ ret2 =
+ gnutls_alert_send_appropriate(sb->session,
+ ret);
+ }
+ while (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0);
+
+ return gnutls_assert_val(ret);
+
+ gnutls_assert();
+ goto fail1;
+ }
+
+ *isb = sb;
+
+ return 0;
+
+ fail1:
+ if (sb)
+ xssl_deinit(sb);
+
+ return ret;
}
/**
@@ -449,98 +464,100 @@ fail1:
*
* Since: 3.1.7
**/
-int xssl_server_init (xssl_t * isb,
- gnutls_transport_ptr fd,
- const char* priority, xssl_cred_t cred,
- unsigned int *status,
- unsigned int flags)
+int xssl_server_init(xssl_t * isb,
+ gnutls_transport_ptr fd,
+ const char *priority, xssl_cred_t cred,
+ unsigned int *status, unsigned int flags)
{
-struct xssl_st* sb;
-gnutls_session_t session;
-int ret;
-
- ret = gnutls_init(&session, GNUTLS_SERVER);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- sb = gnutls_calloc(1, sizeof(*sb));
- if (sb == NULL)
- {
- gnutls_deinit(session);
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail1;
- }
- _gnutls_buffer_init(&sb->buf);
- sb->session = session;
- sb->flags = flags;
- sb->cred = cred;
-
- /* set session/handshake info
- */
- gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- if (priority == NULL) priority = "NORMAL:%COMPAT";
- ret = gnutls_priority_set_direct(session, priority, NULL);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
-
- if (cred->xcred)
- {
- if (cred->xcred->ncerts == 0 && cred->xcred->get_cert_callback2 == NULL)
- {
- ret = gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
- goto fail1;
- }
-
- ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred->xcred);
- if (ret < 0)
- {
- gnutls_assert();
- goto fail1;
- }
-
- }
-
- if (cred->vflags & GNUTLS_VMETHOD_GIVEN_CAS)
- gnutls_certificate_server_set_request( session, GNUTLS_CERT_REQUIRE);
-
- gnutls_transport_set_ptr( session, fd);
- gnutls_session_set_ptr( session, sb);
-
- do
- {
- ret = gnutls_handshake(session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
- if (status) *status = sb->vstatus;
-
- if (ret < 0)
- {
- int ret2;
- do
- {
- ret2 = gnutls_alert_send_appropriate(sb->session, ret);
- }
- while (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0);
-
- return gnutls_assert_val(ret);
-
- gnutls_assert();
- goto fail1;
- }
-
- *isb = sb;
-
- return 0;
-
-fail1:
- if (sb)
- xssl_deinit(sb);
-
- return ret;
+ struct xssl_st *sb;
+ gnutls_session_t session;
+ int ret;
+
+ ret = gnutls_init(&session, GNUTLS_SERVER);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ sb = gnutls_calloc(1, sizeof(*sb));
+ if (sb == NULL) {
+ gnutls_deinit(session);
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail1;
+ }
+ _gnutls_buffer_init(&sb->buf);
+ sb->session = session;
+ sb->flags = flags;
+ sb->cred = cred;
+
+ /* set session/handshake info
+ */
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ if (priority == NULL)
+ priority = "NORMAL:%COMPAT";
+ ret = gnutls_priority_set_direct(session, priority, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+
+ if (cred->xcred) {
+ if (cred->xcred->ncerts == 0
+ && cred->xcred->get_cert_callback2 == NULL) {
+ ret =
+ gnutls_assert_val
+ (GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+ goto fail1;
+ }
+
+ ret =
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cred->xcred);
+ if (ret < 0) {
+ gnutls_assert();
+ goto fail1;
+ }
+
+ }
+
+ if (cred->vflags & GNUTLS_VMETHOD_GIVEN_CAS)
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUIRE);
+
+ gnutls_transport_set_ptr(session, fd);
+ gnutls_session_set_ptr(session, sb);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (status)
+ *status = sb->vstatus;
+
+ if (ret < 0) {
+ int ret2;
+ do {
+ ret2 =
+ gnutls_alert_send_appropriate(sb->session,
+ ret);
+ }
+ while (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0);
+
+ return gnutls_assert_val(ret);
+
+ gnutls_assert();
+ goto fail1;
+ }
+
+ *isb = sb;
+
+ return 0;
+
+ fail1:
+ if (sb)
+ xssl_deinit(sb);
+
+ return ret;
}
/**
@@ -555,13 +572,12 @@ fail1:
**/
void xssl_deinit(xssl_t sb)
{
- if (sb->session)
- {
- gnutls_bye(sb->session, GNUTLS_SHUT_WR);
- gnutls_deinit(sb->session);
- }
- _gnutls_buffer_clear(&sb->buf);
- gnutls_free(sb);
+ if (sb->session) {
+ gnutls_bye(sb->session, GNUTLS_SHUT_WR);
+ gnutls_deinit(sb->session);
+ }
+ _gnutls_buffer_clear(&sb->buf);
+ gnutls_free(sb);
}
/**
@@ -582,31 +598,30 @@ void xssl_deinit(xssl_t sb)
*
* Since: 3.1.7
**/
-ssize_t xssl_write (xssl_t sb, const void *data,
- size_t data_size)
+ssize_t xssl_write(xssl_t sb, const void *data, size_t data_size)
{
-int ret;
-
- ret = _gnutls_buffer_append_data(&sb->buf, data, data_size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- while ((sb->flags & GNUTLS_SBUF_WRITE_FLUSHES) &&
- sb->buf.length >= MAX_RECORD_SEND_SIZE(sb->session))
- {
- do
- {
- ret = gnutls_record_send(sb->session, sb->buf.data, sb->buf.length);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- sb->buf.data += ret;
- sb->buf.length -= ret;
- }
-
- return data_size;
+ int ret;
+
+ ret = _gnutls_buffer_append_data(&sb->buf, data, data_size);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ while ((sb->flags & GNUTLS_SBUF_WRITE_FLUSHES) &&
+ sb->buf.length >= MAX_RECORD_SEND_SIZE(sb->session)) {
+ do {
+ ret =
+ gnutls_record_send(sb->session, sb->buf.data,
+ sb->buf.length);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ sb->buf.data += ret;
+ sb->buf.length -= ret;
+ }
+
+ return data_size;
}
/**
@@ -624,25 +639,25 @@ int ret;
*
* Since: 3.1.7
**/
-ssize_t xssl_printf (xssl_t sb, const char *fmt, ...)
+ssize_t xssl_printf(xssl_t sb, const char *fmt, ...)
{
-int ret;
-va_list args;
-int len;
-char* str;
-
- va_start(args, fmt);
- len = vasprintf(&str, fmt, args);
- va_end(args);
-
- if (len < 0 || !str)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret = xssl_write (sb, str, len);
-
- gnutls_free(str);
-
- return ret;
+ int ret;
+ va_list args;
+ int len;
+ char *str;
+
+ va_start(args, fmt);
+ len = vasprintf(&str, fmt, args);
+ va_end(args);
+
+ if (len < 0 || !str)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret = xssl_write(sb, str, len);
+
+ gnutls_free(str);
+
+ return ret;
}
/**
@@ -657,27 +672,27 @@ char* str;
*
* Since: 3.1.7
**/
-ssize_t xssl_flush (xssl_t sb)
+ssize_t xssl_flush(xssl_t sb)
{
-int ret;
-ssize_t total = 0;
-
- while(sb->buf.length > 0)
- {
- do
- {
- ret = gnutls_record_send(sb->session, sb->buf.data, sb->buf.length);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- sb->buf.data += ret;
- sb->buf.length -= ret;
- total += ret;
- }
-
- return total;
+ int ret;
+ ssize_t total = 0;
+
+ while (sb->buf.length > 0) {
+ do {
+ ret =
+ gnutls_record_send(sb->session, sb->buf.data,
+ sb->buf.length);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ sb->buf.data += ret;
+ sb->buf.length -= ret;
+ total += ret;
+ }
+
+ return total;
}
/**
@@ -694,20 +709,19 @@ ssize_t total = 0;
*
* Since: 3.1.7
**/
-ssize_t xssl_read(xssl_t sb, void* data, size_t data_size)
+ssize_t xssl_read(xssl_t sb, void *data, size_t data_size)
{
-int ret;
+ int ret;
- do
- {
- ret = gnutls_record_recv(sb->session, data, data_size);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ do {
+ ret = gnutls_record_recv(sb->session, data, data_size);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- return 0;
+ return 0;
}
/**
@@ -720,5 +734,5 @@ int ret;
**/
gnutls_session_t xssl_get_session(xssl_t sb)
{
- return sb->session;
+ return sb->session;
}
diff --git a/lib/xssl.h b/lib/xssl.h
index 416c36992f..aac26a9755 100644
--- a/lib/xssl.h
+++ b/lib/xssl.h
@@ -1,26 +1,26 @@
#ifndef SBUF_H
-# define SBUF_H
+#define SBUF_H
#include <gnutls_str.h>
#include <gnutls/gnutls.h>
struct xssl_cred_st {
- gnutls_certificate_credentials_t xcred;
- char tofu_file[MAX_FILENAME];
- unsigned vflags;
+ gnutls_certificate_credentials_t xcred;
+ char tofu_file[MAX_FILENAME];
+ unsigned vflags;
};
struct xssl_st {
- gnutls_session_t session;
- gnutls_buffer_st buf;
+ gnutls_session_t session;
+ gnutls_buffer_st buf;
- char server_name[MAX_SERVER_NAME_SIZE];
- char service_name[MAX_SERVER_NAME_SIZE];
+ char server_name[MAX_SERVER_NAME_SIZE];
+ char service_name[MAX_SERVER_NAME_SIZE];
- xssl_cred_t cred;
+ xssl_cred_t cred;
- unsigned int vstatus; /* the verification status reason */
- unsigned int flags;
+ unsigned int vstatus; /* the verification status reason */
+ unsigned int flags;
};
#endif
diff --git a/lib/xssl_getline.c b/lib/xssl_getline.c
index 0a9f19605c..aa5677f7fd 100644
--- a/lib/xssl_getline.c
+++ b/lib/xssl_getline.c
@@ -26,7 +26,7 @@
#include <xssl.h>
#ifndef SSIZE_MAX
-# define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2))
+#define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2))
#endif
/**
@@ -49,79 +49,77 @@
* Since: 3.1.7
**/
ssize_t
-xssl_getdelim (xssl_t sbuf, char **lineptr, size_t *n, int delimiter)
+xssl_getdelim(xssl_t sbuf, char **lineptr, size_t * n, int delimiter)
{
- ssize_t result;
- size_t cur_len = 0;
-
- if (lineptr == NULL || n == NULL || sbuf == NULL)
- {
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- }
-
- if (*lineptr == NULL || *n == 0)
- {
- char *new_lineptr;
- *n = 120;
- new_lineptr = (char *) gnutls_realloc_fast (*lineptr, *n);
- if (new_lineptr == NULL)
- {
- result = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail;
- }
- *lineptr = new_lineptr;
- }
-
- for (;;)
- {
- char c;
-
- result = xssl_read(sbuf, &c, 1);
- if (result < 0)
- {
- gnutls_assert();
- break;
- }
-
- /* Make enough space for len+1 (for final NUL) bytes. */
- if (cur_len + 1 >= *n)
- {
- size_t needed_max =
- SSIZE_MAX < SIZE_MAX ? (size_t) SSIZE_MAX + 1 : SIZE_MAX;
- size_t needed = 2 * *n + 1; /* Be generous. */
- char *new_lineptr;
-
- if (needed_max < needed)
- needed = needed_max;
- if (cur_len + 1 >= needed)
- {
- result = gnutls_assert_val(GNUTLS_E_LARGE_PACKET);
- goto fail;
- }
-
- new_lineptr = (char *) gnutls_realloc_fast (*lineptr, needed);
- if (new_lineptr == NULL)
- {
- result = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail;
- }
-
- *lineptr = new_lineptr;
- *n = needed;
- }
-
- (*lineptr)[cur_len] = c;
- cur_len++;
-
- if (c == delimiter)
- break;
- }
- (*lineptr)[cur_len] = '\0';
-
- if (cur_len != 0)
- result = cur_len;
-
-fail:
-
- return result;
+ ssize_t result;
+ size_t cur_len = 0;
+
+ if (lineptr == NULL || n == NULL || sbuf == NULL) {
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ }
+
+ if (*lineptr == NULL || *n == 0) {
+ char *new_lineptr;
+ *n = 120;
+ new_lineptr = (char *) gnutls_realloc_fast(*lineptr, *n);
+ if (new_lineptr == NULL) {
+ result = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail;
+ }
+ *lineptr = new_lineptr;
+ }
+
+ for (;;) {
+ char c;
+
+ result = xssl_read(sbuf, &c, 1);
+ if (result < 0) {
+ gnutls_assert();
+ break;
+ }
+
+ /* Make enough space for len+1 (for final NUL) bytes. */
+ if (cur_len + 1 >= *n) {
+ size_t needed_max =
+ SSIZE_MAX <
+ SIZE_MAX ? (size_t) SSIZE_MAX + 1 : SIZE_MAX;
+ size_t needed = 2 * *n + 1; /* Be generous. */
+ char *new_lineptr;
+
+ if (needed_max < needed)
+ needed = needed_max;
+ if (cur_len + 1 >= needed) {
+ result =
+ gnutls_assert_val
+ (GNUTLS_E_LARGE_PACKET);
+ goto fail;
+ }
+
+ new_lineptr =
+ (char *) gnutls_realloc_fast(*lineptr, needed);
+ if (new_lineptr == NULL) {
+ result =
+ gnutls_assert_val
+ (GNUTLS_E_MEMORY_ERROR);
+ goto fail;
+ }
+
+ *lineptr = new_lineptr;
+ *n = needed;
+ }
+
+ (*lineptr)[cur_len] = c;
+ cur_len++;
+
+ if (c == delimiter)
+ break;
+ }
+ (*lineptr)[cur_len] = '\0';
+
+ if (cur_len != 0)
+ result = cur_len;
+
+ fail:
+
+ return result;
}
View Lorry Controller Status