summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2004-06-07 10:05:43 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2004-06-07 10:05:43 +0000
commit802e1ede038010ddab31225f4b8a7e8d74f3b987 (patch)
treef9f07d2fb57da9843ac6b79e06e9266301b7e8b7 /lib
parente0781d87ea58ff1ac1b6439d60510a8a26ea9f54 (diff)
downloadgnutls-802e1ede038010ddab31225f4b8a7e8d74f3b987.tar.gz
changed indentation to 4 spaces instead of tabs.
Diffstat (limited to 'lib')
-rw-r--r--lib/auth_anon.c197
-rw-r--r--lib/auth_anon.h17
-rw-r--r--lib/auth_cert.c2262
-rw-r--r--lib/auth_cert.h222
-rw-r--r--lib/auth_dh_common.c413
-rw-r--r--lib/auth_dh_common.h24
-rw-r--r--lib/auth_dhe.c342
-rw-r--r--lib/auth_rsa.c472
-rw-r--r--lib/auth_rsa_export.c422
-rw-r--r--lib/debug.c135
-rw-r--r--lib/debug.h6
-rw-r--r--lib/defines.h5
-rw-r--r--lib/ext_cert_type.c288
-rw-r--r--lib/ext_cert_type.h6
-rw-r--r--lib/ext_max_record.c211
-rw-r--r--lib/ext_max_record.h10
-rw-r--r--lib/ext_server_name.c405
-rw-r--r--lib/ext_server_name.h15
-rw-r--r--lib/gnutls.h.in.in178
-rw-r--r--lib/gnutls_alert.c304
-rw-r--r--lib/gnutls_alert.h42
-rw-r--r--lib/gnutls_algorithms.c1445
-rw-r--r--lib/gnutls_algorithms.h108
-rw-r--r--lib/gnutls_anon_cred.c67
-rw-r--r--lib/gnutls_asn1_tab.c112
-rw-r--r--lib/gnutls_auth.c359
-rw-r--r--lib/gnutls_auth.h33
-rw-r--r--lib/gnutls_auth_int.h19
-rw-r--r--lib/gnutls_buffer.h1
-rw-r--r--lib/gnutls_buffers.c1342
-rw-r--r--lib/gnutls_buffers.h49
-rw-r--r--lib/gnutls_cert.c741
-rw-r--r--lib/gnutls_cert.h128
-rw-r--r--lib/gnutls_cipher.c782
-rw-r--r--lib/gnutls_cipher.h21
-rw-r--r--lib/gnutls_cipher_int.c126
-rw-r--r--lib/gnutls_cipher_int.h12
-rw-r--r--lib/gnutls_compress.c60
-rw-r--r--lib/gnutls_compress.h8
-rw-r--r--lib/gnutls_compress_int.c521
-rw-r--r--lib/gnutls_compress_int.h13
-rw-r--r--lib/gnutls_constate.c1395
-rw-r--r--lib/gnutls_constate.h18
-rw-r--r--lib/gnutls_datum.c92
-rw-r--r--lib/gnutls_datum.h19
-rw-r--r--lib/gnutls_db.c329
-rw-r--r--lib/gnutls_db.h24
-rw-r--r--lib/gnutls_dh.c109
-rw-r--r--lib/gnutls_dh.h8
-rw-r--r--lib/gnutls_dh_primes.c697
-rw-r--r--lib/gnutls_errors.c442
-rw-r--r--lib/gnutls_errors.h19
-rw-r--r--lib/gnutls_errors_int.h28
-rw-r--r--lib/gnutls_extensions.c325
-rw-r--r--lib/gnutls_extensions.h17
-rw-r--r--lib/gnutls_global.c267
-rw-r--r--lib/gnutls_global.h4
-rw-r--r--lib/gnutls_handshake.c3652
-rw-r--r--lib/gnutls_handshake.h44
-rw-r--r--lib/gnutls_hash_int.c581
-rw-r--r--lib/gnutls_hash_int.h38
-rw-r--r--lib/gnutls_int.h873
-rw-r--r--lib/gnutls_int_compat.c4
-rw-r--r--lib/gnutls_kx.c860
-rw-r--r--lib/gnutls_kx.h29
-rw-r--r--lib/gnutls_mem.c70
-rw-r--r--lib/gnutls_mem.h26
-rw-r--r--lib/gnutls_mpi.c294
-rw-r--r--lib/gnutls_mpi.h18
-rw-r--r--lib/gnutls_num.c162
-rw-r--r--lib/gnutls_num.h24
-rw-r--r--lib/gnutls_pk.c1289
-rw-r--r--lib/gnutls_pk.h27
-rw-r--r--lib/gnutls_priority.c213
-rw-r--r--lib/gnutls_priority.h13
-rw-r--r--lib/gnutls_random.c6
-rw-r--r--lib/gnutls_random.h2
-rw-r--r--lib/gnutls_record.c1189
-rw-r--r--lib/gnutls_record.h11
-rw-r--r--lib/gnutls_rsa_export.c280
-rw-r--r--lib/gnutls_rsa_export.h7
-rw-r--r--lib/gnutls_session.c109
-rw-r--r--lib/gnutls_session.h7
-rw-r--r--lib/gnutls_session_pack.c627
-rw-r--r--lib/gnutls_session_pack.h6
-rw-r--r--lib/gnutls_sig.c580
-rw-r--r--lib/gnutls_sig.h23
-rw-r--r--lib/gnutls_state.c961
-rw-r--r--lib/gnutls_state.h39
-rw-r--r--lib/gnutls_str.c264
-rw-r--r--lib/gnutls_str.h37
-rw-r--r--lib/gnutls_ui.c467
-rw-r--r--lib/gnutls_ui.h121
-rw-r--r--lib/gnutls_v2_compat.c322
-rw-r--r--lib/gnutls_v2_compat.h3
-rw-r--r--lib/gnutls_x509.c2094
-rw-r--r--lib/gnutls_x509.h17
-rw-r--r--lib/io_debug.h16
-rw-r--r--lib/pkix_asn1_tab.c2190
-rw-r--r--lib/strfile.h10
-rw-r--r--lib/strnstr.c28
-rw-r--r--lib/x509/common.c1823
-rw-r--r--lib/x509/compat.c73
-rw-r--r--lib/x509/crl.c560
-rw-r--r--lib/x509/crl_write.c234
-rw-r--r--lib/x509/crq.c674
-rw-r--r--lib/x509/dn.c1501
-rw-r--r--lib/x509/dsa.c167
-rw-r--r--lib/x509/extensions.c1199
-rw-r--r--lib/x509/mpi.c820
-rw-r--r--lib/x509/pkcs12.c1687
-rw-r--r--lib/x509/pkcs12_bag.c743
-rw-r--r--lib/x509/pkcs12_encr.c190
-rw-r--r--lib/x509/pkcs5.c282
-rw-r--r--lib/x509/pkcs7.c1242
-rw-r--r--lib/x509/privkey.c2031
-rw-r--r--lib/x509/privkey_pkcs8.c3040
-rw-r--r--lib/x509/rfc2818_hostname.c156
-rw-r--r--lib/x509/sign.c473
-rw-r--r--lib/x509/verify.c1053
-rw-r--r--lib/x509/x509.c2034
-rw-r--r--lib/x509/x509_write.c900
-rw-r--r--lib/x509/xml.c1010
-rw-r--r--lib/x509_b64.c744
-rw-r--r--lib/x509_b64.h17
125 files changed, 28709 insertions, 27293 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index 4eb120307f..6d2feecd5b 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -38,118 +38,125 @@
#include <gnutls_state.h>
#include <auth_dh_common.h>
-static int gen_anon_server_kx( gnutls_session, opaque**);
-static int proc_anon_client_kx( gnutls_session, opaque*, size_t);
-static int proc_anon_server_kx( gnutls_session, opaque*, size_t);
+static int gen_anon_server_kx(gnutls_session, opaque **);
+static int proc_anon_client_kx(gnutls_session, opaque *, size_t);
+static int proc_anon_server_kx(gnutls_session, opaque *, size_t);
const mod_auth_st anon_auth_struct = {
- "ANON",
- NULL,
- NULL,
- gen_anon_server_kx,
- _gnutls_gen_dh_common_client_kx, /* this can be shared */
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- proc_anon_server_kx,
- proc_anon_client_kx,
- NULL,
- NULL
+ "ANON",
+ NULL,
+ NULL,
+ gen_anon_server_kx,
+ _gnutls_gen_dh_common_client_kx, /* this can be shared */
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_anon_server_kx,
+ proc_anon_client_kx,
+ NULL,
+ NULL
};
-static int gen_anon_server_kx( gnutls_session session, opaque** data) {
- mpi_t g, p;
- const mpi_t *mpis;
- int ret;
- gnutls_dh_params dh_params;
- const gnutls_anon_server_credentials cred;
-
- cred = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params = _gnutls_anon_get_dh_params( cred, session);
- mpis = _gnutls_get_dh_params( dh_params);
- if (mpis == NULL) {
- gnutls_assert();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_ANON, sizeof( anon_server_auth_info_st), 1)) < 0)
- {
- gnutls_assert();
- return ret;
- }
-
- _gnutls_dh_set_group( session, g, p);
-
- ret = _gnutls_dh_common_print_server_kx( session, g, p, data);
- if (ret < 0) {
- gnutls_assert();
- }
-
+static int gen_anon_server_kx(gnutls_session session, opaque ** data)
+{
+ mpi_t g, p;
+ const mpi_t *mpis;
+ int ret;
+ gnutls_dh_params dh_params;
+ const gnutls_anon_server_credentials cred;
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params = _gnutls_anon_get_dh_params(cred, session);
+ mpis = _gnutls_get_dh_params(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_server_auth_info_st), 1)) < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ _gnutls_dh_set_group(session, g, p);
+
+ ret = _gnutls_dh_common_print_server_kx(session, g, p, data);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
-static int proc_anon_client_kx( gnutls_session session, opaque* data, size_t _data_size)
+static int proc_anon_client_kx(gnutls_session session, opaque * data,
+ size_t _data_size)
{
-const gnutls_anon_server_credentials cred;
-int bits;
-int ret;
-mpi_t p, g;
-gnutls_dh_params dh_params;
-const mpi_t *mpis;
-
- bits = _gnutls_dh_get_allowed_prime_bits( session);
-
- cred = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params = _gnutls_anon_get_dh_params( cred, session);
- mpis = _gnutls_get_dh_params( dh_params);
- if (mpis == NULL) {
- gnutls_assert();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- ret = _gnutls_proc_dh_common_client_kx( session, data, _data_size, g, p);
+ const gnutls_anon_server_credentials cred;
+ int bits;
+ int ret;
+ mpi_t p, g;
+ gnutls_dh_params dh_params;
+ const mpi_t *mpis;
- return ret;
+ bits = _gnutls_dh_get_allowed_prime_bits(session);
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params = _gnutls_anon_get_dh_params(cred, session);
+ mpis = _gnutls_get_dh_params(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ ret =
+ _gnutls_proc_dh_common_client_kx(session, data, _data_size, g, p);
+
+ return ret;
}
-int proc_anon_server_kx( gnutls_session session, opaque* data, size_t _data_size)
+int proc_anon_server_kx(gnutls_session session, opaque * data,
+ size_t _data_size)
{
-int ret;
+ int ret;
- /* set auth_info */
- if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_ANON, sizeof( anon_client_auth_info_st), 1)) < 0) {
- gnutls_assert();
- return ret;
- }
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_ANON,
+ sizeof(anon_client_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = _gnutls_proc_dh_common_server_kx( session, data, _data_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
-#endif /* ENABLE_ANON */
+#endif /* ENABLE_ANON */
diff --git a/lib/auth_anon.h b/lib/auth_anon.h
index 8173814be4..c722826663 100644
--- a/lib/auth_anon.h
+++ b/lib/auth_anon.h
@@ -3,18 +3,18 @@
#include <auth_dh_common.h>
typedef struct {
- gnutls_dh_params dh_params;
- /* this callback is used to retrieve the DH or RSA
- * parameters.
- */
- gnutls_params_function * params_func;
+ gnutls_dh_params dh_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
} anon_server_credentials_st;
#define gnutls_anon_server_credentials anon_server_credentials_st*
#define gnutls_anon_client_credentials void*
typedef struct anon_client_auth_info_st {
- dh_info_t dh;
+ dh_info_t dh;
} *anon_client_auth_info_t;
typedef anon_client_auth_info_t anon_server_auth_info_t;
@@ -22,5 +22,6 @@ typedef anon_client_auth_info_t anon_server_auth_info_t;
typedef struct anon_client_auth_info_st anon_client_auth_info_st;
typedef anon_client_auth_info_st anon_server_auth_info_st;
-gnutls_dh_params _gnutls_anon_get_dh_params(const gnutls_anon_server_credentials sc,
- gnutls_session session);
+gnutls_dh_params _gnutls_anon_get_dh_params(const
+ gnutls_anon_server_credentials
+ sc, gnutls_session session);
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 9e67b1a791..57cfc4c62f 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -45,10 +45,12 @@
#include <gnutls_extra.h>
#include "debug.h"
-static gnutls_cert *alloc_and_load_x509_certs(gnutls_x509_crt * certs, uint);
+static gnutls_cert *alloc_and_load_x509_certs(gnutls_x509_crt * certs,
+ uint);
static gnutls_privkey *alloc_and_load_x509_key(gnutls_x509_privkey key);
static gnutls_cert *alloc_and_load_pgp_certs(gnutls_openpgp_key cert);
-static gnutls_privkey *alloc_and_load_pgp_key(const gnutls_openpgp_privkey key);
+static gnutls_privkey *alloc_and_load_pgp_key(const gnutls_openpgp_privkey
+ key);
/* Copies data from a internal certificate struct (gnutls_cert) to
@@ -58,49 +60,48 @@ static
int _gnutls_copy_certificate_auth_info(cert_auth_info_t info,
gnutls_cert * cert, int ncerts)
{
- /* Copy peer's information to auth_info_t
- */
- int ret, i, j;
-
- if (ncerts == 0) {
- info->raw_certificate_list = NULL;
- info->ncerts = 0;
- return 0;
- }
+ /* Copy peer's information to auth_info_t
+ */
+ int ret, i, j;
- info->raw_certificate_list =
- gnutls_calloc(1, sizeof(gnutls_datum) * ncerts);
- if (info->raw_certificate_list == NULL) {
+ if (ncerts == 0) {
+ info->raw_certificate_list = NULL;
+ info->ncerts = 0;
+ return 0;
+ }
+
+ info->raw_certificate_list =
+ gnutls_calloc(1, sizeof(gnutls_datum) * ncerts);
+ if (info->raw_certificate_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < ncerts; i++) {
+ if (cert->raw.size > 0) {
+ ret =
+ _gnutls_set_datum(&info->
+ raw_certificate_list[i],
+ cert[i].raw.data, cert[i].raw.size);
+ if (ret < 0) {
gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ goto clear;
+ }
}
+ }
+ info->ncerts = ncerts;
- for (i = 0; i < ncerts; i++) {
- if (cert->raw.size > 0) {
- ret =
- _gnutls_set_datum(&info->
- raw_certificate_list[i],
- cert[i].raw.data,
- cert[i].raw.size);
- if (ret < 0) {
- gnutls_assert();
- goto clear;
- }
- }
- }
- info->ncerts = ncerts;
+ return 0;
- return 0;
+ clear:
- clear:
+ for (j = 0; j < i; j++)
+ _gnutls_free_datum(&info->raw_certificate_list[j]);
- for (j = 0; j < i; j++)
- _gnutls_free_datum(&info->raw_certificate_list[j]);
-
- gnutls_free(info->raw_certificate_list);
- info->raw_certificate_list = NULL;
+ gnutls_free(info->raw_certificate_list);
+ info->raw_certificate_list = NULL;
- return ret;
+ return ret;
}
@@ -110,60 +111,63 @@ int _gnutls_copy_certificate_auth_info(cert_auth_info_t info,
* -1 otherwise.
*/
inline
-static int _gnutls_check_pk_algo_in_list(const gnutls_pk_algorithm *pk_algos,
- int pk_algos_length, gnutls_pk_algorithm algo_to_check)
+ static int _gnutls_check_pk_algo_in_list(const gnutls_pk_algorithm *
+ pk_algos, int pk_algos_length,
+ gnutls_pk_algorithm
+ algo_to_check)
{
- int i;
- for (i = 0; i < pk_algos_length; i++) {
- if (algo_to_check == pk_algos[i]) {
- return 0;
- }
+ int i;
+ for (i = 0; i < pk_algos_length; i++) {
+ if (algo_to_check == pk_algos[i]) {
+ return 0;
}
- return -1;
+ }
+ return -1;
}
/* Returns the issuer's Distinguished name in odn, of the certificate
* specified in cert.
*/
-static int _gnutls_cert_get_issuer_dn(gnutls_cert * cert, gnutls_datum * odn)
+static int _gnutls_cert_get_issuer_dn(gnutls_cert * cert,
+ gnutls_datum * odn)
{
- ASN1_TYPE dn;
- int len, result;
- int start, end;
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = asn1_der_decoding(&dn, cert->raw.data, cert->raw.size, NULL);
- if (result != ASN1_SUCCESS) {
- /* couldn't decode DER */
- gnutls_assert();
- asn1_delete_structure(&dn);
- return _gnutls_asn2err(result);
- }
+ ASN1_TYPE dn;
+ int len, result;
+ int start, end;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&dn, cert->raw.data, cert->raw.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_decoding_startEnd(dn, cert->raw.data, cert->raw.size,
+ result = asn1_der_decoding_startEnd(dn, cert->raw.data, cert->raw.size,
"tbsCertificate.issuer", &start,
&end);
- if (result != ASN1_SUCCESS) {
- /* couldn't decode DER */
- gnutls_assert();
- asn1_delete_structure(&dn);
- return _gnutls_asn2err(result);
- }
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
+ asn1_delete_structure(&dn);
- len = end - start + 1;
+ len = end - start + 1;
- odn->size = len;
- odn->data = &cert->raw.data[start];
+ odn->size = len;
+ odn->data = &cert->raw.data[start];
- return 0;
+ return 0;
}
@@ -178,64 +182,61 @@ static int _find_x509_cert(const gnutls_certificate_credentials cred,
const gnutls_pk_algorithm * pk_algos,
int pk_algos_length, int *indx)
{
- uint size;
- gnutls_datum odn;
- opaque *data = _data;
- ssize_t data_size = _data_size;
- uint i, j;
- int result, cert_pk;
+ uint size;
+ gnutls_datum odn;
+ opaque *data = _data;
+ ssize_t data_size = _data_size;
+ uint i, j;
+ int result, cert_pk;
- *indx = -1;
+ *indx = -1;
- do {
+ do {
- DECR_LENGTH_RET(data_size, 2, 0);
- size = _gnutls_read_uint16(data);
- DECR_LENGTH_RET(data_size, size, 0);
- data += 2;
-
- for (i = 0; i < cred->ncerts; i++) {
- for (j = 0; j < cred->cert_list_length[i]; j++) {
- if ((result =
- _gnutls_cert_get_issuer_dn(&cred->
- cert_list[i][j],
- &odn)) < 0) {
- gnutls_assert();
- return result;
- }
-
- if (odn.size != size)
- continue;
-
- /* If the DN matches and
- * the *_SIGN algorithm matches
- * the cert is our cert!
- */
- cert_pk =
- cred->cert_list[i][0].
- subject_pk_algorithm;
-
- if ((memcmp(odn.data, data, size) == 0) &&
- (_gnutls_check_pk_algo_in_list
- (pk_algos, pk_algos_length,
- cert_pk) == 0)) {
- *indx = i;
- break;
- }
- }
- if (*indx != -1)
- break;
+ DECR_LENGTH_RET(data_size, 2, 0);
+ size = _gnutls_read_uint16(data);
+ DECR_LENGTH_RET(data_size, size, 0);
+ data += 2;
+
+ for (i = 0; i < cred->ncerts; i++) {
+ for (j = 0; j < cred->cert_list_length[i]; j++) {
+ if ((result =
+ _gnutls_cert_get_issuer_dn(&cred->
+ cert_list[i][j],
+ &odn)) < 0) {
+ gnutls_assert();
+ return result;
}
- if (*indx != -1)
- break;
+ if (odn.size != size)
+ continue;
- /* move to next record */
- data += size;
+ /* If the DN matches and
+ * the *_SIGN algorithm matches
+ * the cert is our cert!
+ */
+ cert_pk = cred->cert_list[i][0].subject_pk_algorithm;
- } while (1);
+ if ((memcmp(odn.data, data, size) == 0) &&
+ (_gnutls_check_pk_algo_in_list
+ (pk_algos, pk_algos_length, cert_pk) == 0)) {
+ *indx = i;
+ break;
+ }
+ }
+ if (*indx != -1)
+ break;
+ }
- return 0;
+ if (*indx != -1)
+ break;
+
+ /* move to next record */
+ data += size;
+
+ } while (1);
+
+ return 0;
}
@@ -245,114 +246,114 @@ static int _find_openpgp_cert(const gnutls_certificate_credentials cred,
gnutls_pk_algorithm * pk_algos,
int pk_algos_length, int *indx)
{
- uint i, j;
+ uint i, j;
- *indx = -1;
+ *indx = -1;
- for (i = 0; i < cred->ncerts; i++) {
- for (j = 0; j < cred->cert_list_length[i]; j++) {
-
- /* If the *_SIGN algorithm matches
- * the cert is our cert!
- */
- if ((_gnutls_check_pk_algo_in_list
- (pk_algos, pk_algos_length,
- cred->cert_list[i][0].
- subject_pk_algorithm) == 0)
- && (cred->cert_list[i][0].cert_type ==
- GNUTLS_CRT_OPENPGP)) {
- *indx = i;
- break;
- }
- }
- if (*indx != -1)
- break;
+ for (i = 0; i < cred->ncerts; i++) {
+ for (j = 0; j < cred->cert_list_length[i]; j++) {
+
+ /* If the *_SIGN algorithm matches
+ * the cert is our cert!
+ */
+ if ((_gnutls_check_pk_algo_in_list
+ (pk_algos, pk_algos_length,
+ cred->cert_list[i][0].subject_pk_algorithm) == 0)
+ && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP)) {
+ *indx = i;
+ break;
+ }
}
+ if (*indx != -1)
+ break;
+ }
- return 0;
+ return 0;
}
/* Returns the number of issuers in the server's
* certificate request packet.
*/
-static int get_issuers_num( gnutls_session session, opaque * data, ssize_t data_size)
+static int get_issuers_num(gnutls_session session, opaque * data,
+ ssize_t data_size)
{
-int issuers_dn_len = 0, result;
-uint size;
+ int issuers_dn_len = 0, result;
+ uint size;
- /* Count the number of the given issuers;
- * This is used to allocate the issuers_dn without
- * using realloc().
- */
+ /* Count the number of the given issuers;
+ * This is used to allocate the issuers_dn without
+ * using realloc().
+ */
- if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
- return 0;
+ if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+ return 0;
- if (data_size > 0) do {
- /* This works like DECR_LEN()
- */
- result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- DECR_LENGTH_COM(data_size, 2, goto error);
- size = _gnutls_read_uint16(data);
+ if (data_size > 0)
+ do {
+ /* This works like DECR_LEN()
+ */
+ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ DECR_LENGTH_COM(data_size, 2, goto error);
+ size = _gnutls_read_uint16(data);
- result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- DECR_LENGTH_COM(data_size, size, goto error);
+ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ DECR_LENGTH_COM(data_size, size, goto error);
- data += 2;
+ data += 2;
- if (size > 0) {
- issuers_dn_len++;
- data += size;
- }
+ if (size > 0) {
+ issuers_dn_len++;
+ data += size;
+ }
- if (data_size == 0)
- break;
+ if (data_size == 0)
+ break;
} while (1);
- return issuers_dn_len;
-
- error:
- return result;
+ return issuers_dn_len;
+
+ error:
+ return result;
}
/* Returns the issuers in the server's certificate request
* packet.
*/
-static int get_issuers( gnutls_session session,
- gnutls_datum* issuers_dn, int issuers_len,
- opaque * data, size_t data_size)
+static int get_issuers(gnutls_session session,
+ gnutls_datum * issuers_dn, int issuers_len,
+ opaque * data, size_t data_size)
{
-int i;
-uint size;
+ int i;
+ uint size;
- if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
- return 0;
+ if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+ return 0;
- /* put the requested DNs to req_dn, only in case
- * of X509 certificates.
- */
- if (issuers_len > 0) {
+ /* put the requested DNs to req_dn, only in case
+ * of X509 certificates.
+ */
+ if (issuers_len > 0) {
- for (i = 0; i < issuers_len; i++) {
- /* The checks here for the buffer boundaries
- * are not needed since the buffer has been
- * parsed above.
- */
- data_size -= 2;
+ for (i = 0; i < issuers_len; i++) {
+ /* The checks here for the buffer boundaries
+ * are not needed since the buffer has been
+ * parsed above.
+ */
+ data_size -= 2;
- size = _gnutls_read_uint16(data);
+ size = _gnutls_read_uint16(data);
- data += 2;
+ data += 2;
- issuers_dn[i].data = data;
- issuers_dn[i].size = size;
+ issuers_dn[i].data = data;
+ issuers_dn[i].size = size;
- data += size;
- }
+ data += size;
}
+ }
- return 0;
+ return 0;
}
@@ -361,100 +362,99 @@ OPENPGP_PRIVKEY_DEINIT _E_gnutls_openpgp_privkey_deinit;
/* Calls the client get callback.
*/
-static int call_get_cert_callback( gnutls_session session,
- gnutls_datum* issuers_dn, int issuers_dn_length,
- gnutls_pk_algorithm* pk_algos, int pk_algos_length)
+static int call_get_cert_callback(gnutls_session session,
+ gnutls_datum * issuers_dn,
+ int issuers_dn_length,
+ gnutls_pk_algorithm * pk_algos,
+ int pk_algos_length)
{
-uint i;
-gnutls_cert *local_certs = NULL;
-gnutls_privkey *local_key = NULL;
-gnutls_retr_st st;
-int ret;
-gnutls_certificate_type type =
- gnutls_certificate_type_get(session);
-const gnutls_certificate_credentials cred;
-
- cred =
- _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- memset( &st, 0, sizeof(st));
-
- if (session->security_parameters.entity == GNUTLS_SERVER) {
- ret =
- cred->server_get_cert_callback(session, &st);
- } else { /* CLIENT */
- ret =
- cred->client_get_cert_callback(session,
- issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length,
- &st);
- }
-
- if (ret < 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (st.ncerts == 0)
- return 0; /* no certificate was selected */
-
- if (type != st.type) {
+ uint i;
+ gnutls_cert *local_certs = NULL;
+ gnutls_privkey *local_key = NULL;
+ gnutls_retr_st st;
+ int ret;
+ gnutls_certificate_type type = gnutls_certificate_type_get(session);
+ const gnutls_certificate_credentials cred;
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ memset(&st, 0, sizeof(st));
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ ret = cred->server_get_cert_callback(session, &st);
+ } else { /* CLIENT */
+ ret =
+ cred->client_get_cert_callback(session,
+ issuers_dn, issuers_dn_length,
+ pk_algos, pk_algos_length, &st);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (st.ncerts == 0)
+ return 0; /* no certificate was selected */
+
+ if (type != st.type) {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if (type == GNUTLS_CRT_X509) {
+ local_certs = alloc_and_load_x509_certs(st.cert.x509, st.ncerts);
+ if (local_certs != NULL)
+ local_key = alloc_and_load_x509_key(st.key.x509);
+
+ } else { /* PGP */
+ if (st.ncerts > 1) {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ local_certs = alloc_and_load_pgp_certs(st.cert.pgp);
+ if (local_certs != NULL)
+ local_key = alloc_and_load_pgp_key(st.key.pgp);
+
+ }
+
+ _gnutls_selected_certs_set(session, local_certs,
+ (local_certs != NULL) ? st.ncerts : 0,
+ local_key, 1);
+
+ ret = 0;
+
+ cleanup:
+
+ if (st.type == GNUTLS_CRT_X509) {
+ if (st.deinit_all) {
+ for (i = 0; i < st.ncerts; i++) {
+ gnutls_x509_crt_deinit(st.cert.x509[i]);
+ }
+ gnutls_free(st.cert.x509);
+ gnutls_x509_privkey_deinit(st.key.x509);
+ }
+ } else {
+ if (st.deinit_all) {
+ if (_E_gnutls_openpgp_key_deinit == NULL ||
+ _E_gnutls_openpgp_privkey_deinit == NULL) {
gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- if (type == GNUTLS_CRT_X509) {
- local_certs = alloc_and_load_x509_certs(st.cert.x509, st.ncerts);
- if (local_certs != NULL)
- local_key = alloc_and_load_x509_key(st.key.x509);
-
- } else { /* PGP */
- if (st.ncerts > 1) {
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- local_certs = alloc_and_load_pgp_certs(st.cert.pgp);
- if (local_certs != NULL)
- local_key = alloc_and_load_pgp_key(st.key.pgp);
-
- }
-
- _gnutls_selected_certs_set(session, local_certs, (local_certs!=NULL)?st.ncerts:0,
- local_key, 1);
-
- ret = 0;
-
-cleanup:
+ return GNUTLS_E_INIT_LIBEXTRA;
+ }
- if (st.type == GNUTLS_CRT_X509) {
- if (st.deinit_all) {
- for (i = 0; i < st.ncerts; i++) {
- gnutls_x509_crt_deinit(st.cert.x509[i]);
- }
- gnutls_free( st.cert.x509);
- gnutls_x509_privkey_deinit(st.key.x509);
- }
- } else {
- if (st.deinit_all) {
- if (_E_gnutls_openpgp_key_deinit == NULL ||
- _E_gnutls_openpgp_privkey_deinit == NULL) {
- gnutls_assert();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
-
- _E_gnutls_openpgp_key_deinit(st.cert.pgp);
- _E_gnutls_openpgp_privkey_deinit(st.key.pgp);
- }
+ _E_gnutls_openpgp_key_deinit(st.cert.pgp);
+ _E_gnutls_openpgp_privkey_deinit(st.key.pgp);
}
+ }
- return ret;
+ return ret;
}
/* Finds the appropriate certificate depending on the cA Distinguished name
@@ -469,92 +469,92 @@ static int _select_client_cert(gnutls_session session,
gnutls_pk_algorithm * pk_algos,
int pk_algos_length)
{
- int result;
- int indx = -1;
- const gnutls_certificate_credentials cred;
- opaque *data = _data;
- ssize_t data_size = _data_size;
- int issuers_dn_length;
- gnutls_datum * issuers_dn = NULL;
-
- cred =
- _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
+ int result;
+ int indx = -1;
+ const gnutls_certificate_credentials cred;
+ opaque *data = _data;
+ ssize_t data_size = _data_size;
+ int issuers_dn_length;
+ gnutls_datum *issuers_dn = NULL;
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (cred->client_get_cert_callback != NULL) {
+
+ /* use a callback to get certificate
+ */
+ if (session->security_parameters.cert_type != GNUTLS_CRT_X509)
+ issuers_dn_length = 0;
+ else {
+ issuers_dn_length = get_issuers_num(session, data, data_size);
+ if (issuers_dn_length < 0) {
gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (cred->client_get_cert_callback != NULL) {
+ return issuers_dn_length;
+ }
+
+ if (issuers_dn_length > 0) {
+ issuers_dn =
+ gnutls_malloc(sizeof(gnutls_datum) *
+ issuers_dn_length);
+ if (issuers_dn == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- /* use a callback to get certificate
- */
- if (session->security_parameters.cert_type != GNUTLS_CRT_X509)
- issuers_dn_length = 0;
- else {
- issuers_dn_length = get_issuers_num( session, data, data_size);
- if (issuers_dn_length < 0) {
- gnutls_assert();
- return issuers_dn_length;
- }
-
- if (issuers_dn_length > 0) {
- issuers_dn = gnutls_malloc( sizeof(gnutls_datum)*issuers_dn_length);
- if (issuers_dn == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = get_issuers( session, issuers_dn, issuers_dn_length, data, data_size);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
- }
+ result =
+ get_issuers(session, issuers_dn, issuers_dn_length,
+ data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
}
+ }
+ }
- result = call_get_cert_callback( session, issuers_dn, issuers_dn_length,
- pk_algos, pk_algos_length);
- goto cleanup;
+ result =
+ call_get_cert_callback(session, issuers_dn, issuers_dn_length,
+ pk_algos, pk_algos_length);
+ goto cleanup;
- } else {
- /* If we have no callbacks, try to guess.
- */
- result = 0;
-
- if (session->security_parameters.cert_type ==
- GNUTLS_CRT_X509)
- result =
- _find_x509_cert(cred, _data, _data_size,
- pk_algos, pk_algos_length,
- &indx);
+ } else {
+ /* If we have no callbacks, try to guess.
+ */
+ result = 0;
- if (session->security_parameters.cert_type ==
- GNUTLS_CRT_OPENPGP)
- result =
- _find_openpgp_cert(cred, pk_algos,
- pk_algos_length, &indx);
+ if (session->security_parameters.cert_type == GNUTLS_CRT_X509)
+ result =
+ _find_x509_cert(cred, _data, _data_size,
+ pk_algos, pk_algos_length, &indx);
+ if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP)
+ result =
+ _find_openpgp_cert(cred, pk_algos, pk_algos_length, &indx);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
- if (indx >= 0) {
- _gnutls_selected_certs_set(session,
- &cred->cert_list[indx][0],
- cred->cert_list_length[indx],
- &cred->pkey[indx], 0);
- } else {
- _gnutls_selected_certs_set(session, NULL, 0, NULL, 0);
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = 0;
+ if (indx >= 0) {
+ _gnutls_selected_certs_set(session,
+ &cred->cert_list[indx][0],
+ cred->cert_list_length[indx],
+ &cred->pkey[indx], 0);
+ } else {
+ _gnutls_selected_certs_set(session, NULL, 0, NULL, 0);
}
-cleanup:
- gnutls_free( issuers_dn);
- return result;
+ result = 0;
+ }
+
+ cleanup:
+ gnutls_free(issuers_dn);
+ return result;
}
@@ -563,100 +563,100 @@ cleanup:
int _gnutls_gen_x509_crt(gnutls_session session, opaque ** data)
{
- int ret, i;
- opaque *pdata;
- gnutls_cert *apr_cert_list;
- gnutls_privkey *apr_pkey;
- int apr_cert_list_length;
-
- /* find the appropriate certificate
- */
- if ((ret =
- _gnutls_get_selected_cert(session, &apr_cert_list,
- &apr_cert_list_length,
- &apr_pkey)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = 3;
- for (i = 0; i < apr_cert_list_length; i++) {
- ret += apr_cert_list[i].raw.size + 3;
- /* hold size
- * for uint24 */
- }
-
- /* if no certificates were found then send:
- * 0B 00 00 03 00 00 00 // Certificate with no certs
- * instead of:
- * 0B 00 00 00 // empty certificate handshake
- *
- * ( the above is the whole handshake message, not
- * the one produced here )
- */
-
- (*data) = gnutls_malloc(ret);
- pdata = (*data);
-
- if (pdata == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- _gnutls_write_uint24(ret - 3, pdata);
- pdata += 3;
- for (i = 0; i < apr_cert_list_length; i++) {
- _gnutls_write_datum24(pdata, apr_cert_list[i].raw);
- pdata += (3 + apr_cert_list[i].raw.size);
- }
-
+ int ret, i;
+ opaque *pdata;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey *apr_pkey;
+ int apr_cert_list_length;
+
+ /* find the appropriate certificate
+ */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ ret = 3;
+ for (i = 0; i < apr_cert_list_length; i++) {
+ ret += apr_cert_list[i].raw.size + 3;
+ /* hold size
+ * for uint24 */
+ }
+
+ /* if no certificates were found then send:
+ * 0B 00 00 03 00 00 00 // Certificate with no certs
+ * instead of:
+ * 0B 00 00 00 // empty certificate handshake
+ *
+ * ( the above is the whole handshake message, not
+ * the one produced here )
+ */
+
+ (*data) = gnutls_malloc(ret);
+ pdata = (*data);
+
+ if (pdata == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ _gnutls_write_uint24(ret - 3, pdata);
+ pdata += 3;
+ for (i = 0; i < apr_cert_list_length; i++) {
+ _gnutls_write_datum24(pdata, apr_cert_list[i].raw);
+ pdata += (3 + apr_cert_list[i].raw.size);
+ }
+
+ return ret;
}
enum PGPKeyDescriptorType { PGP_KEY_FINGERPRINT, PGP_KEY };
int _gnutls_gen_openpgp_certificate(gnutls_session session, opaque ** data)
{
- int ret;
- opaque *pdata;
- gnutls_cert *apr_cert_list;
- gnutls_privkey *apr_pkey;
- int apr_cert_list_length;
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert(session, &apr_cert_list,
- &apr_cert_list_length,
- &apr_pkey)) < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret;
+ opaque *pdata;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey *apr_pkey;
+ int apr_cert_list_length;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = 3 + 1 + 3;
+ ret = 3 + 1 + 3;
- if (apr_cert_list_length > 0)
- ret += apr_cert_list[0].raw.size;
+ if (apr_cert_list_length > 0)
+ ret += apr_cert_list[0].raw.size;
- (*data) = gnutls_malloc(ret);
- pdata = (*data);
+ (*data) = gnutls_malloc(ret);
+ pdata = (*data);
- if (pdata == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (pdata == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- _gnutls_write_uint24(ret - 3, pdata);
- pdata += 3;
+ _gnutls_write_uint24(ret - 3, pdata);
+ pdata += 3;
- *pdata = PGP_KEY; /* whole key */
- pdata++;
+ *pdata = PGP_KEY; /* whole key */
+ pdata++;
- if (apr_cert_list_length > 0) {
- _gnutls_write_datum24(pdata, apr_cert_list[0].raw);
- pdata += (3 + apr_cert_list[0].raw.size);
- } else /* empty - no certificate */
- _gnutls_write_uint24(0, pdata);
+ if (apr_cert_list_length > 0) {
+ _gnutls_write_datum24(pdata, apr_cert_list[0].raw);
+ pdata += (3 + apr_cert_list[0].raw.size);
+ } else /* empty - no certificate */
+ _gnutls_write_uint24(0, pdata);
- return ret;
+ return ret;
}
OPENPGP_FINGERPRINT _E_gnutls_openpgp_fingerprint = NULL;
@@ -666,63 +666,63 @@ extern OPENPGP_RAW_KEY_TO_GCERT _E_gnutls_openpgp_raw_key_to_gcert;
int _gnutls_gen_openpgp_certificate_fpr(gnutls_session session,
opaque ** data)
{
- int ret, packet_size;
- size_t fpr_size;
- opaque *pdata;
- gnutls_cert *apr_cert_list;
- gnutls_privkey *apr_pkey;
- int apr_cert_list_length;
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert(session, &apr_cert_list,
- &apr_cert_list_length,
- &apr_pkey)) < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret, packet_size;
+ size_t fpr_size;
+ opaque *pdata;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey *apr_pkey;
+ int apr_cert_list_length;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- packet_size = 3 + 1;
+ packet_size = 3 + 1;
- /* Only v4 fingerprints are sent
- */
- if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4)
- packet_size += 20 + 1;
- else /* empty certificate case */
- return _gnutls_gen_openpgp_certificate(session, data);
+ /* Only v4 fingerprints are sent
+ */
+ if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4)
+ packet_size += 20 + 1;
+ else /* empty certificate case */
+ return _gnutls_gen_openpgp_certificate(session, data);
- (*data) = gnutls_malloc(packet_size);
- pdata = (*data);
+ (*data) = gnutls_malloc(packet_size);
+ pdata = (*data);
- if (pdata == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (pdata == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- _gnutls_write_uint24(packet_size - 3, pdata);
- pdata += 3;
+ _gnutls_write_uint24(packet_size - 3, pdata);
+ pdata += 3;
- *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */
- pdata++;
+ *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */
+ pdata++;
- *pdata = 20;
- pdata++;
+ *pdata = 20;
+ pdata++;
- fpr_size = 20;
+ fpr_size = 20;
- if (_E_gnutls_openpgp_fingerprint == NULL) {
- gnutls_assert();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
+ if (_E_gnutls_openpgp_fingerprint == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INIT_LIBEXTRA;
+ }
- if ((ret =
- _E_gnutls_openpgp_fingerprint(&apr_cert_list[0].raw, pdata,
- &fpr_size)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if ((ret =
+ _E_gnutls_openpgp_fingerprint(&apr_cert_list[0].raw, pdata,
+ &fpr_size)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return packet_size;
+ return packet_size;
}
@@ -730,37 +730,34 @@ int _gnutls_gen_openpgp_certificate_fpr(gnutls_session session,
int _gnutls_gen_cert_client_certificate(gnutls_session session,
opaque ** data)
{
- switch (session->security_parameters.cert_type) {
- case GNUTLS_CRT_OPENPGP:
- if (_gnutls_openpgp_send_fingerprint(session) == 0)
- return
- _gnutls_gen_openpgp_certificate(session, data);
- else
- return
- _gnutls_gen_openpgp_certificate_fpr
- (session, data);
-
- case GNUTLS_CRT_X509:
- return _gnutls_gen_x509_crt(session, data);
-
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ switch (session->security_parameters.cert_type) {
+ case GNUTLS_CRT_OPENPGP:
+ if (_gnutls_openpgp_send_fingerprint(session) == 0)
+ return _gnutls_gen_openpgp_certificate(session, data);
+ else
+ return _gnutls_gen_openpgp_certificate_fpr(session, data);
+
+ case GNUTLS_CRT_X509:
+ return _gnutls_gen_x509_crt(session, data);
+
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
int _gnutls_gen_cert_server_certificate(gnutls_session session,
opaque ** data)
{
- switch (session->security_parameters.cert_type) {
- case GNUTLS_CRT_OPENPGP:
- return _gnutls_gen_openpgp_certificate(session, data);
- case GNUTLS_CRT_X509:
- return _gnutls_gen_x509_crt(session, data);
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ switch (session->security_parameters.cert_type) {
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_gen_openpgp_certificate(session, data);
+ case GNUTLS_CRT_X509:
+ return _gnutls_gen_x509_crt(session, data);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
/* Process server certificate
@@ -770,130 +767,126 @@ int _gnutls_gen_cert_server_certificate(gnutls_session session,
int _gnutls_proc_x509_server_certificate(gnutls_session session,
opaque * data, size_t data_size)
{
- int size, len, ret;
- opaque *p = data;
- cert_auth_info_t info;
- const gnutls_certificate_credentials cred;
- ssize_t dsize = data_size;
- int i, j, x;
- gnutls_cert *peer_certificate_list;
- int peer_certificate_list_size = 0;
- gnutls_datum tmp;
-
- cred =
- _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ int size, len, ret;
+ opaque *p = data;
+ cert_auth_info_t info;
+ const gnutls_certificate_credentials cred;
+ ssize_t dsize = data_size;
+ int i, j, x;
+ gnutls_cert *peer_certificate_list;
+ int peer_certificate_list_size = 0;
+ gnutls_datum tmp;
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ info = _gnutls_get_auth_info(session);
- if ((ret =
- _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
- sizeof(cert_auth_info_st), 1)) <
- 0) {
- gnutls_assert();
- return ret;
- }
+ if (data == NULL || data_size == 0) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
- info = _gnutls_get_auth_info(session);
+ DECR_LEN(dsize, 3);
+ size = _gnutls_read_uint24(p);
+ p += 3;
- if (data == NULL || data_size == 0) {
- gnutls_assert();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
+ if (size == 0) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+ i = dsize;
+ while (i > 0) {
DECR_LEN(dsize, 3);
- size = _gnutls_read_uint24(p);
+ len = _gnutls_read_uint24(p);
+ p += 3;
+ DECR_LEN(dsize, len);
+ peer_certificate_list_size++;
+ p += len;
+ i -= len + 3;
+ }
+
+ if (peer_certificate_list_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* Ok we now allocate the memory to hold the
+ * certificate list
+ */
+
+ peer_certificate_list =
+ gnutls_malloc(sizeof(gnutls_cert) * (peer_certificate_list_size));
+
+ if (peer_certificate_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memset(peer_certificate_list, 0, sizeof(gnutls_cert) *
+ peer_certificate_list_size);
+
+ p = data + 3;
+
+ /* Now we start parsing the list (again).
+ * We don't use DECR_LEN since the list has
+ * been parsed before.
+ */
+
+ for (j = 0; j < peer_certificate_list_size; j++) {
+ len = _gnutls_read_uint24(p);
p += 3;
- if (size == 0) {
- gnutls_assert();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- i = dsize;
- while (i > 0) {
- DECR_LEN(dsize, 3);
- len = _gnutls_read_uint24(p);
- p += 3;
- DECR_LEN(dsize, len);
- peer_certificate_list_size++;
- p += len;
- i -= len + 3;
- }
+ tmp.size = len;
+ tmp.data = p;
- if (peer_certificate_list_size == 0) {
- gnutls_assert();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ if ((ret =
+ _gnutls_x509_raw_cert_to_gcert(&peer_certificate_list
+ [j], &tmp,
+ CERT_ONLY_EXTENSIONS)) < 0) {
+ gnutls_assert();
+ goto cleanup;
}
- /* Ok we now allocate the memory to hold the
- * certificate list
- */
+ p += len;
+ }
- peer_certificate_list =
- gnutls_malloc(sizeof(gnutls_cert) *
- (peer_certificate_list_size));
- if (peer_certificate_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- memset(peer_certificate_list, 0, sizeof(gnutls_cert) *
- peer_certificate_list_size);
+ if ((ret =
+ _gnutls_copy_certificate_auth_info(info,
+ peer_certificate_list,
+ peer_certificate_list_size))
+ < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- p = data + 3;
+ if ((ret =
+ _gnutls_check_key_usage(&peer_certificate_list[0],
+ gnutls_kx_get(session))) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- /* Now we start parsing the list (again).
- * We don't use DECR_LEN since the list has
- * been parsed before.
- */
+ ret = 0;
- for (j = 0; j < peer_certificate_list_size; j++) {
- len = _gnutls_read_uint24(p);
- p += 3;
-
- tmp.size = len;
- tmp.data = p;
-
- if ((ret =
- _gnutls_x509_raw_cert_to_gcert(&peer_certificate_list
- [j], &tmp,
- CERT_ONLY_EXTENSIONS)) <
- 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- p += len;
- }
-
-
- if ((ret =
- _gnutls_copy_certificate_auth_info(info,
- peer_certificate_list,
- peer_certificate_list_size))
- < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- if ((ret =
- _gnutls_check_key_usage(&peer_certificate_list[0],
- gnutls_kx_get(session))) < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = 0;
-
- cleanup:
- CLEAR_CERTS;
- gnutls_free(peer_certificate_list);
- return ret;
+ cleanup:
+ CLEAR_CERTS;
+ gnutls_free(peer_certificate_list);
+ return ret;
}
@@ -902,181 +895,177 @@ int _gnutls_proc_openpgp_server_certificate(gnutls_session session,
opaque * data,
size_t data_size)
{
- int size, ret, len;
- opaque *p = data;
- cert_auth_info_t info;
- const gnutls_certificate_credentials cred;
- ssize_t dsize = data_size;
- int i, x;
- gnutls_cert *peer_certificate_list = NULL;
- int peer_certificate_list_size = 0;
- gnutls_datum tmp, akey = { NULL, 0 };
-
- cred =
- _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ int size, ret, len;
+ opaque *p = data;
+ cert_auth_info_t info;
+ const gnutls_certificate_credentials cred;
+ ssize_t dsize = data_size;
+ int i, x;
+ gnutls_cert *peer_certificate_list = NULL;
+ int peer_certificate_list_size = 0;
+ gnutls_datum tmp, akey = { NULL, 0 };
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 1)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if ((ret =
- _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
- sizeof(cert_auth_info_st), 1)) <
- 0) {
- gnutls_assert();
- return ret;
- }
+ info = _gnutls_get_auth_info(session);
- info = _gnutls_get_auth_info(session);
+ if (data == NULL || data_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
- if (data == NULL || data_size == 0) {
- gnutls_assert();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
+ DECR_LEN(dsize, 3);
+ size = _gnutls_read_uint24(p);
+ p += 3;
- DECR_LEN(dsize, 3);
- size = _gnutls_read_uint24(p);
- p += 3;
+ if (size == 0) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+ i = dsize;
- if (size == 0) {
- gnutls_assert();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
- i = dsize;
+ /* Read PGPKeyDescriptor */
+ DECR_LEN(dsize, 1);
+ if (*p == PGP_KEY_FINGERPRINT) { /* the fingerprint */
+ p++;
- /* Read PGPKeyDescriptor */
DECR_LEN(dsize, 1);
- if (*p == PGP_KEY_FINGERPRINT) { /* the fingerprint */
- p++;
-
- DECR_LEN(dsize, 1);
- len = (uint8) * p;
- p++;
-
- if (len != 20) {
- gnutls_assert();
- return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
- }
-
- DECR_LEN(dsize, 20);
-
- /* request the actual key from our database, or
- * a key server or anything.
- */
- if (_E_gnutls_openpgp_request_key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
- if ((ret =
- _E_gnutls_openpgp_request_key(session, &akey, cred, p,
- 20)) < 0) {
- gnutls_assert();
- return ret;
- }
- tmp = akey;
- peer_certificate_list_size++;
-
- } else if (*p == PGP_KEY) { /* the whole key */
-
- p++;
-
- /* Read the actual certificate */
- DECR_LEN(dsize, 3);
- len = _gnutls_read_uint24(p);
- p += 3;
-
- if (len == 0) {
- gnutls_assert();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- DECR_LEN(dsize, len);
- peer_certificate_list_size++;
-
- tmp.size = len;
- tmp.data = p;
-
- } else {
- gnutls_assert();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
- /* ok we now have the peer's key in tmp datum
- */
-
- if (peer_certificate_list_size == 0) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ len = (uint8) * p;
+ p++;
- peer_certificate_list =
- gnutls_alloca(sizeof(gnutls_cert) *
- (peer_certificate_list_size));
- if (peer_certificate_list == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
+ if (len != 20) {
+ gnutls_assert();
+ return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
}
- memset(peer_certificate_list, 0, sizeof(gnutls_cert) *
- peer_certificate_list_size);
- if (_E_gnutls_openpgp_raw_key_to_gcert == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_INIT_LIBEXTRA;
- goto cleanup;
- }
+ DECR_LEN(dsize, 20);
- if ((ret =
- _E_gnutls_openpgp_raw_key_to_gcert(&peer_certificate_list[0],
- &tmp)) < 0) {
- gnutls_assert();
- goto cleanup;
+ /* request the actual key from our database, or
+ * a key server or anything.
+ */
+ if (_E_gnutls_openpgp_request_key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INIT_LIBEXTRA;
}
-
if ((ret =
- _gnutls_copy_certificate_auth_info(info,
- peer_certificate_list,
- peer_certificate_list_size))
- < 0) {
- gnutls_assert();
- goto cleanup;
+ _E_gnutls_openpgp_request_key(session, &akey, cred, p,
+ 20)) < 0) {
+ gnutls_assert();
+ return ret;
}
+ tmp = akey;
+ peer_certificate_list_size++;
- if ((ret =
- _gnutls_check_key_usage(&peer_certificate_list[0],
- gnutls_kx_get(session))) < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ } else if (*p == PGP_KEY) { /* the whole key */
- ret = 0;
+ p++;
- cleanup:
+ /* Read the actual certificate */
+ DECR_LEN(dsize, 3);
+ len = _gnutls_read_uint24(p);
+ p += 3;
- _gnutls_free_datum(&akey);
- CLEAR_CERTS;
- gnutls_afree(peer_certificate_list);
- return ret;
+ if (len == 0) {
+ gnutls_assert();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ DECR_LEN(dsize, len);
+ peer_certificate_list_size++;
+
+ tmp.size = len;
+ tmp.data = p;
+
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ /* ok we now have the peer's key in tmp datum
+ */
+
+ if (peer_certificate_list_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ peer_certificate_list =
+ gnutls_alloca(sizeof(gnutls_cert) * (peer_certificate_list_size));
+ if (peer_certificate_list == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+ memset(peer_certificate_list, 0, sizeof(gnutls_cert) *
+ peer_certificate_list_size);
+
+ if (_E_gnutls_openpgp_raw_key_to_gcert == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_INIT_LIBEXTRA;
+ goto cleanup;
+ }
+
+ if ((ret =
+ _E_gnutls_openpgp_raw_key_to_gcert(&peer_certificate_list[0],
+ &tmp)) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_copy_certificate_auth_info(info,
+ peer_certificate_list,
+ peer_certificate_list_size))
+ < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_check_key_usage(&peer_certificate_list[0],
+ gnutls_kx_get(session))) < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+
+ _gnutls_free_datum(&akey);
+ CLEAR_CERTS;
+ gnutls_afree(peer_certificate_list);
+ return ret;
}
int _gnutls_proc_cert_server_certificate(gnutls_session session,
opaque * data, size_t data_size)
{
- switch (session->security_parameters.cert_type) {
- case GNUTLS_CRT_OPENPGP:
- return _gnutls_proc_openpgp_server_certificate(session,
- data,
- data_size);
- case GNUTLS_CRT_X509:
- return _gnutls_proc_x509_server_certificate(session, data,
- data_size);
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ switch (session->security_parameters.cert_type) {
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_proc_openpgp_server_certificate(session,
+ data, data_size);
+ case GNUTLS_CRT_X509:
+ return _gnutls_proc_x509_server_certificate(session, data,
+ data_size);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
#define MAX_SIGN_ALGOS 2
@@ -1090,238 +1079,235 @@ typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN
inline static
int _gnutls_check_supported_sign_algo(CertificateSigType algo)
{
- switch (algo) {
- case RSA_SIGN:
- return GNUTLS_PK_RSA;
- case DSA_SIGN:
- return GNUTLS_PK_DSA;
- }
-
- return -1;
+ switch (algo) {
+ case RSA_SIGN:
+ return GNUTLS_PK_RSA;
+ case DSA_SIGN:
+ return GNUTLS_PK_DSA;
+ }
+
+ return -1;
}
int _gnutls_proc_cert_cert_req(gnutls_session session, opaque * data,
size_t data_size)
{
- int size, ret;
- opaque *p;
- const gnutls_certificate_credentials cred;
- cert_auth_info_t info;
- ssize_t dsize;
- int i, j;
- gnutls_pk_algorithm pk_algos[MAX_SIGN_ALGOS];
- int pk_algos_length;
-
- cred =
- _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
- sizeof(cert_auth_info_st), 0)) <
- 0) {
- gnutls_assert();
- return ret;
- }
+ int size, ret;
+ opaque *p;
+ const gnutls_certificate_credentials cred;
+ cert_auth_info_t info;
+ ssize_t dsize;
+ int i, j;
+ gnutls_pk_algorithm pk_algos[MAX_SIGN_ALGOS];
+ int pk_algos_length;
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- info = _gnutls_get_auth_info(session);
+ info = _gnutls_get_auth_info(session);
- p = data;
- dsize = data_size;
+ p = data;
+ dsize = data_size;
+ DECR_LEN(dsize, 1);
+ size = p[0];
+ p++;
+ /* check if the sign algorithm is supported.
+ */
+ pk_algos_length = j = 0;
+ for (i = 0; i < size; i++, p++) {
DECR_LEN(dsize, 1);
- size = p[0];
- p++;
- /* check if the sign algorithm is supported.
- */
- pk_algos_length = j = 0;
- for (i = 0; i < size; i++, p++) {
- DECR_LEN(dsize, 1);
- if ((ret = _gnutls_check_supported_sign_algo(*p)) > 0) {
- if (j < MAX_SIGN_ALGOS) {
- pk_algos[j++] = ret;
- pk_algos_length++;
- }
- }
- }
-
- if (pk_algos_length == 0) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- if (session->security_parameters.cert_type == GNUTLS_CRT_X509) {
- DECR_LEN(dsize, 2);
- size = _gnutls_read_uint16(p);
- p += 2;
- } else {
- p = NULL;
- size = 0;
+ if ((ret = _gnutls_check_supported_sign_algo(*p)) > 0) {
+ if (j < MAX_SIGN_ALGOS) {
+ pk_algos[j++] = ret;
+ pk_algos_length++;
+ }
}
+ }
- DECR_LEN(dsize, size);
+ if (pk_algos_length == 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
- /* now we ask the user to tell which one
- * he wants to use.
- */
- if ((ret =
- _select_client_cert(session, p, size,
- pk_algos, pk_algos_length)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if (session->security_parameters.cert_type == GNUTLS_CRT_X509) {
+ DECR_LEN(dsize, 2);
+ size = _gnutls_read_uint16(p);
+ p += 2;
+ } else {
+ p = NULL;
+ size = 0;
+ }
+
+ DECR_LEN(dsize, size);
+
+ /* now we ask the user to tell which one
+ * he wants to use.
+ */
+ if ((ret =
+ _select_client_cert(session, p, size,
+ pk_algos, pk_algos_length)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* We should reply with a certificate message,
- * even if we have no certificate to send.
- */
- session->key->certificate_requested = 1;
+ /* We should reply with a certificate message,
+ * even if we have no certificate to send.
+ */
+ session->key->certificate_requested = 1;
- return 0;
+ return 0;
}
int _gnutls_gen_cert_client_cert_vrfy(gnutls_session session,
opaque ** data)
{
- int ret;
- gnutls_cert *apr_cert_list;
- gnutls_privkey *apr_pkey;
- int apr_cert_list_length, size;
- gnutls_datum signature;
-
- *data = NULL;
+ int ret;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey *apr_pkey;
+ int apr_cert_list_length, size;
+ gnutls_datum signature;
+
+ *data = NULL;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
+ &apr_cert_list_length,
+ &apr_pkey)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* find the appropriate certificate */
+ if (apr_pkey != NULL) {
if ((ret =
- _gnutls_get_selected_cert(session, &apr_cert_list,
- &apr_cert_list_length,
- &apr_pkey)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- if (apr_pkey != NULL) {
- if ((ret =
- _gnutls_tls_sign_hdata(session,
- &apr_cert_list[0],
- apr_pkey, &signature)) < 0) {
- gnutls_assert();
- return ret;
- }
- } else {
- return 0;
+ _gnutls_tls_sign_hdata(session,
+ &apr_cert_list[0],
+ apr_pkey, &signature)) < 0) {
+ gnutls_assert();
+ return ret;
}
+ } else {
+ return 0;
+ }
- *data = gnutls_malloc(signature.size + 2);
- if (*data == NULL) {
- _gnutls_free_datum(&signature);
- return GNUTLS_E_MEMORY_ERROR;
- }
- size = signature.size;
- _gnutls_write_uint16(size, *data);
+ *data = gnutls_malloc(signature.size + 2);
+ if (*data == NULL) {
+ _gnutls_free_datum(&signature);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ size = signature.size;
+ _gnutls_write_uint16(size, *data);
- memcpy(&(*data)[2], signature.data, size);
+ memcpy(&(*data)[2], signature.data, size);
- _gnutls_free_datum(&signature);
+ _gnutls_free_datum(&signature);
- return size + 2;
+ return size + 2;
}
int _gnutls_proc_cert_client_cert_vrfy(gnutls_session session,
opaque * data, size_t data_size)
{
- int size, ret;
- ssize_t dsize = data_size;
- opaque *pdata = data;
- gnutls_datum sig;
- cert_auth_info_t info = _gnutls_get_auth_info(session);
- gnutls_cert peer_cert;
-
- if (info == NULL || info->ncerts == 0) {
- gnutls_assert();
- /* we need this in order to get peer's certificate */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- DECR_LEN(dsize, 2);
- size = _gnutls_read_uint16(pdata);
- pdata += 2;
-
- DECR_LEN(dsize, size);
-
- sig.data = pdata;
- sig.size = size;
-
- ret = _gnutls_raw_cert_to_gcert( &peer_cert,
- session->security_parameters.cert_type,
- &info->raw_certificate_list[0], CERT_NO_COPY);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int size, ret;
+ ssize_t dsize = data_size;
+ opaque *pdata = data;
+ gnutls_datum sig;
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+ gnutls_cert peer_cert;
+
+ if (info == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ DECR_LEN(dsize, 2);
+ size = _gnutls_read_uint16(pdata);
+ pdata += 2;
+
+ DECR_LEN(dsize, size);
+
+ sig.data = pdata;
+ sig.size = size;
+
+ ret = _gnutls_raw_cert_to_gcert(&peer_cert,
+ session->security_parameters.cert_type,
+ &info->raw_certificate_list[0],
+ CERT_NO_COPY);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if ((ret =
- _gnutls_verify_sig_hdata(session, &peer_cert, &sig)) < 0) {
- gnutls_assert();
- _gnutls_gcert_deinit(&peer_cert);
- return ret;
- }
+ if ((ret = _gnutls_verify_sig_hdata(session, &peer_cert, &sig)) < 0) {
+ gnutls_assert();
_gnutls_gcert_deinit(&peer_cert);
+ return ret;
+ }
+ _gnutls_gcert_deinit(&peer_cert);
- return 0;
+ return 0;
}
#define CERTTYPE_SIZE 3
int _gnutls_gen_cert_server_cert_req(gnutls_session session,
opaque ** data)
{
- const gnutls_certificate_credentials cred;
- int size;
- opaque *pdata;
-
- /* Now we need to generate the RDN sequence. This is
- * already in the CERTIFICATE_CRED structure, to improve
- * performance.
- */
-
- cred =
- _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type + 2 for size of rdn_seq
- */
+ const gnutls_certificate_credentials cred;
+ int size;
+ opaque *pdata;
+
+ /* Now we need to generate the RDN sequence. This is
+ * already in the CERTIFICATE_CRED structure, to improve
+ * performance.
+ */
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type + 2 for size of rdn_seq
+ */
- if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
- session->internals.ignore_rdn_sequence == 0)
- size += cred->x509_rdn_sequence.size;
+ if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
+ session->internals.ignore_rdn_sequence == 0)
+ size += cred->x509_rdn_sequence.size;
- (*data) = gnutls_malloc(size);
- pdata = (*data);
+ (*data) = gnutls_malloc(size);
+ pdata = (*data);
- if (pdata == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (pdata == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- pdata[0] = CERTTYPE_SIZE - 1;
+ pdata[0] = CERTTYPE_SIZE - 1;
- pdata[1] = RSA_SIGN;
- pdata[2] = DSA_SIGN; /* only these for now */
- pdata += CERTTYPE_SIZE;
+ pdata[1] = RSA_SIGN;
+ pdata[2] = DSA_SIGN; /* only these for now */
+ pdata += CERTTYPE_SIZE;
- if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
- session->internals.ignore_rdn_sequence == 0) {
- _gnutls_write_datum16(pdata, cred->x509_rdn_sequence);
- /* pdata += cred->x509_rdn_sequence.size + 2; */
- }
+ if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
+ session->internals.ignore_rdn_sequence == 0) {
+ _gnutls_write_datum16(pdata, cred->x509_rdn_sequence);
+ /* pdata += cred->x509_rdn_sequence.size + 2; */
+ }
- return size;
+ return size;
}
@@ -1337,73 +1323,73 @@ int _gnutls_get_selected_cert(gnutls_session session,
int *apr_cert_list_length,
gnutls_privkey ** apr_pkey)
{
- if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
- /* select_client_cert() has been called before.
- */
+ /* select_client_cert() has been called before.
+ */
- *apr_cert_list = session->internals.selected_cert_list;
- *apr_pkey = session->internals.selected_key;
- *apr_cert_list_length =
- session->internals.selected_cert_list_length;
+ *apr_cert_list = session->internals.selected_cert_list;
+ *apr_pkey = session->internals.selected_key;
+ *apr_cert_list_length =
+ session->internals.selected_cert_list_length;
- if (apr_cert_list_length == 0 || apr_pkey == NULL ||
- apr_cert_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ if (apr_cert_list_length == 0 || apr_pkey == NULL ||
+ apr_cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- } else { /* CLIENT SIDE
+ } else { /* CLIENT SIDE
*/
- /* we have already decided which certificate
- * to send.
- */
- *apr_cert_list = session->internals.selected_cert_list;
- *apr_cert_list_length =
- session->internals.selected_cert_list_length;
- *apr_pkey = session->internals.selected_key;
+ /* we have already decided which certificate
+ * to send.
+ */
+ *apr_cert_list = session->internals.selected_cert_list;
+ *apr_cert_list_length =
+ session->internals.selected_cert_list_length;
+ *apr_pkey = session->internals.selected_key;
- }
+ }
- return 0;
+ return 0;
}
/* converts the given x509 certificate to gnutls_cert* and allocates
* space for them.
*/
static gnutls_cert *alloc_and_load_x509_certs(gnutls_x509_crt * certs,
- uint ncerts)
+ uint ncerts)
{
- gnutls_cert *local_certs;
- int ret = 0;
- uint i, j;
-
- if (certs == NULL) return NULL;
-
- local_certs = gnutls_malloc(sizeof(gnutls_cert) * ncerts);
- if (local_certs == NULL) {
- gnutls_assert();
- return NULL;
- }
-
- for (i = 0; i < ncerts; i++) {
- ret = _gnutls_x509_crt_to_gcert(&local_certs[i],
- certs[i], 0);
- if (ret < 0)
- break;
- }
-
- if (ret < 0) {
- gnutls_assert();
- for (j = 0; j < i; j++) {
- _gnutls_gcert_deinit(&local_certs[j]);
- }
- gnutls_free(local_certs);
- return NULL;
- }
-
- return local_certs;
+ gnutls_cert *local_certs;
+ int ret = 0;
+ uint i, j;
+
+ if (certs == NULL)
+ return NULL;
+
+ local_certs = gnutls_malloc(sizeof(gnutls_cert) * ncerts);
+ if (local_certs == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ for (i = 0; i < ncerts; i++) {
+ ret = _gnutls_x509_crt_to_gcert(&local_certs[i], certs[i], 0);
+ if (ret < 0)
+ break;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ for (j = 0; j < i; j++) {
+ _gnutls_gcert_deinit(&local_certs[j]);
+ }
+ gnutls_free(local_certs);
+ return NULL;
+ }
+
+ return local_certs;
}
/* converts the given x509 key to gnutls_privkey* and allocates
@@ -1411,25 +1397,25 @@ static gnutls_cert *alloc_and_load_x509_certs(gnutls_x509_crt * certs,
*/
static gnutls_privkey *alloc_and_load_x509_key(gnutls_x509_privkey key)
{
- gnutls_privkey *local_key;
- int ret = 0;
+ gnutls_privkey *local_key;
+ int ret = 0;
- if (key == NULL) return NULL;
+ if (key == NULL)
+ return NULL;
- local_key = gnutls_malloc(sizeof(gnutls_privkey));
- if (local_key == NULL) {
- gnutls_assert();
- return NULL;
- }
+ local_key = gnutls_malloc(sizeof(gnutls_privkey));
+ if (local_key == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
- ret =
- _gnutls_x509_privkey_to_gkey(local_key, key);
- if (ret < 0) {
- gnutls_assert();
- return NULL;
- }
+ ret = _gnutls_x509_privkey_to_gkey(local_key, key);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
- return local_key;
+ return local_key;
}
@@ -1441,100 +1427,100 @@ OPENPGP_PRIVKEY_TO_GKEY _E_gnutls_openpgp_privkey_to_gkey;
*/
static gnutls_cert *alloc_and_load_pgp_certs(gnutls_openpgp_key cert)
{
- gnutls_cert *local_certs;
- int ret = 0;
-
- if (cert == NULL) return NULL;
-
- local_certs = gnutls_malloc(sizeof(gnutls_cert));
- if (local_certs == NULL) {
- gnutls_assert();
- return NULL;
- }
-
- if (_E_gnutls_openpgp_key_to_gcert==NULL) {
- gnutls_assert();
- return NULL;
- }
-
- ret = _E_gnutls_openpgp_key_to_gcert(local_certs, cert);
- if (ret < 0) {
- gnutls_assert();
- return NULL;
- }
-
- if (ret < 0) {
- gnutls_assert();
- _gnutls_gcert_deinit(local_certs);
- gnutls_free(local_certs);
- return NULL;
- }
-
- return local_certs;
+ gnutls_cert *local_certs;
+ int ret = 0;
+
+ if (cert == NULL)
+ return NULL;
+
+ local_certs = gnutls_malloc(sizeof(gnutls_cert));
+ if (local_certs == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if (_E_gnutls_openpgp_key_to_gcert == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret = _E_gnutls_openpgp_key_to_gcert(local_certs, cert);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_gcert_deinit(local_certs);
+ gnutls_free(local_certs);
+ return NULL;
+ }
+
+ return local_certs;
}
/* converts the given raw key to gnutls_privkey* and allocates
* space for it.
*/
-static gnutls_privkey *alloc_and_load_pgp_key(const gnutls_openpgp_privkey key)
+static gnutls_privkey *alloc_and_load_pgp_key(const gnutls_openpgp_privkey
+ key)
{
- gnutls_privkey *local_key;
- int ret = 0;
-
- if (key == NULL) return NULL;
-
- local_key = gnutls_malloc(sizeof(gnutls_privkey));
- if (local_key == NULL) {
- gnutls_assert();
- return NULL;
- }
-
- if (_E_gnutls_openpgp_privkey_to_gkey==NULL) {
- gnutls_assert();
- return NULL;
- }
-
- ret =
- _E_gnutls_openpgp_privkey_to_gkey(local_key, key);
- if (ret < 0) {
- gnutls_assert();
- return NULL;
- }
-
- return local_key;
+ gnutls_privkey *local_key;
+ int ret = 0;
+
+ if (key == NULL)
+ return NULL;
+
+ local_key = gnutls_malloc(sizeof(gnutls_privkey));
+ if (local_key == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if (_E_gnutls_openpgp_privkey_to_gkey == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret = _E_gnutls_openpgp_privkey_to_gkey(local_key, key);
+ if (ret < 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ return local_key;
}
void _gnutls_selected_certs_deinit(gnutls_session session)
{
- if (session->internals.selected_need_free != 0) {
- int i;
-
- for (i = 0;
- i < session->internals.selected_cert_list_length;
- i++) {
- _gnutls_gcert_deinit(&session->internals.
- selected_cert_list[i]);
- }
- session->internals.selected_cert_list = NULL;
- session->internals.selected_cert_list_length = 0;
+ if (session->internals.selected_need_free != 0) {
+ int i;
- _gnutls_gkey_deinit(session->internals.selected_key);
+ for (i = 0; i < session->internals.selected_cert_list_length; i++) {
+ _gnutls_gcert_deinit(&session->internals.
+ selected_cert_list[i]);
}
+ session->internals.selected_cert_list = NULL;
+ session->internals.selected_cert_list_length = 0;
- return;
+ _gnutls_gkey_deinit(session->internals.selected_key);
+ }
+
+ return;
}
void _gnutls_selected_certs_set(gnutls_session session,
gnutls_cert * certs, int ncerts,
gnutls_privkey * key, int need_free)
{
- _gnutls_selected_certs_deinit(session);
+ _gnutls_selected_certs_deinit(session);
- session->internals.selected_cert_list = certs;
- session->internals.selected_cert_list_length = ncerts;
- session->internals.selected_key = key;
- session->internals.selected_need_free = need_free;
+ session->internals.selected_cert_list = certs;
+ session->internals.selected_cert_list_length = ncerts;
+ session->internals.selected_key = key;
+ session->internals.selected_need_free = need_free;
}
@@ -1552,54 +1538,52 @@ void _gnutls_selected_certs_set(gnutls_session session,
int _gnutls_server_select_cert(gnutls_session session,
gnutls_pk_algorithm requested_algo)
{
- uint i;
- int index, ret;
- const gnutls_certificate_credentials cred;
+ uint i;
+ int index, ret;
+ const gnutls_certificate_credentials cred;
- cred =
- _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- /* If the callback which retrieves certificate has been set,
- * use it and leave.
- */
- if (cred->server_get_cert_callback != NULL)
- return call_get_cert_callback( session, NULL, 0, NULL, 0);
+ /* If the callback which retrieves certificate has been set,
+ * use it and leave.
+ */
+ if (cred->server_get_cert_callback != NULL)
+ return call_get_cert_callback(session, NULL, 0, NULL, 0);
- /* Otherwise... */
+ /* Otherwise... */
- ret = 0;
- index = -1; /* default is use no certificate */
-
+ ret = 0;
+ index = -1; /* default is use no certificate */
- for (i = 0; i < cred->ncerts; i++) {
- /* find one compatible certificate
- */
- if (requested_algo == GNUTLS_PK_ANY ||
- requested_algo ==
- cred->cert_list[i][0].subject_pk_algorithm) {
- /* if cert type matches
- */
- if (session->security_parameters.cert_type ==
- cred->cert_list[i][0].cert_type) {
- index = i;
- break;
- }
- }
- }
-
- /* store the certificate pointer for future use, in the handshake.
- * (This will allow not calling this callback again.)
- */
- if (index >= 0 && ret == 0) {
- _gnutls_selected_certs_set(session,
- &cred->cert_list[index][0],
- cred->cert_list_length[index],
- &cred->pkey[index], 0);
- }
- return ret;
+ for (i = 0; i < cred->ncerts; i++) {
+ /* find one compatible certificate
+ */
+ if (requested_algo == GNUTLS_PK_ANY ||
+ requested_algo == cred->cert_list[i][0].subject_pk_algorithm) {
+ /* if cert type matches
+ */
+ if (session->security_parameters.cert_type ==
+ cred->cert_list[i][0].cert_type) {
+ index = i;
+ break;
+ }
+ }
+ }
+
+ /* store the certificate pointer for future use, in the handshake.
+ * (This will allow not calling this callback again.)
+ */
+ if (index >= 0 && ret == 0) {
+ _gnutls_selected_certs_set(session,
+ &cred->cert_list[index][0],
+ cred->cert_list_length[index],
+ &cred->pkey[index], 0);
+ }
+
+ return ret;
}
diff --git a/lib/auth_cert.h b/lib/auth_cert.h
index d024f16e4f..d7a0ebcb33 100644
--- a/lib/auth_cert.h
+++ b/lib/auth_cert.h
@@ -7,113 +7,121 @@
#include "../libextra/openpgp/openpgp.h"
typedef struct retr_st {
- gnutls_certificate_type type;
- union cert {
- gnutls_x509_crt* x509;
- gnutls_openpgp_key pgp;
- } cert;
- uint ncerts;
-
- union key {
- gnutls_x509_privkey x509;
- gnutls_openpgp_privkey pgp;
- } key;
-
- uint deinit_all;
+ gnutls_certificate_type type;
+ union cert {
+ gnutls_x509_crt *x509;
+ gnutls_openpgp_key pgp;
+ } cert;
+ uint ncerts;
+
+ union key {
+ gnutls_x509_privkey x509;
+ gnutls_openpgp_privkey pgp;
+ } key;
+
+ uint deinit_all;
} gnutls_retr_st;
typedef int gnutls_certificate_client_retrieve_function(gnutls_session,
- const gnutls_datum* req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm* pk_algos, int pk_algos_length,
- gnutls_retr_st *);
-
-typedef int gnutls_certificate_server_retrieve_function(
- struct gnutls_session_int*, gnutls_retr_st*);
+ const gnutls_datum
+ * req_ca_rdn,
+ int nreqs,
+ const
+ gnutls_pk_algorithm
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_retr_st *);
+
+typedef int gnutls_certificate_server_retrieve_function(struct
+ gnutls_session_int
+ *,
+ gnutls_retr_st *);
/* This structure may be complex, but it's the only way to
* support a server that has multiple certificates
*/
typedef struct {
- gnutls_dh_params dh_params;
- gnutls_rsa_params rsa_params;
- /* this callback is used to retrieve the DH or RSA
- * parameters.
- */
- gnutls_params_function * params_func;
-
- gnutls_cert ** cert_list;
- /* contains a list of a list of certificates.
- * eg (X509): [0] certificate1, certificate11, certificate111
- * (if more than one, one certificate certifies the one before)
- * [1] certificate2, certificate22, ...
- */
- uint * cert_list_length;
- /* contains the number of the certificates in a
- * row (should be 1 for OpenPGP keys).
- */
- uint ncerts;/* contains the number of columns in cert_list.
- * This is the same with the number of pkeys.
- */
-
- gnutls_privkey * pkey;
- /* private keys. It contains ncerts private
- * keys. pkey[i] corresponds to certificate in
- * cert_list[i][0].
- */
-
- /* OpenPGP specific stuff */
-
- gnutls_datum keyring;
- char * pgp_key_server;
- int pgp_key_server_port;
-
- char * pgp_trustdb;
-
- /* X509 specific stuff */
-
- gnutls_x509_crt * x509_ca_list;
- uint x509_ncas; /* number of CAs in the ca_list
- */
-
- gnutls_x509_crl * x509_crl_list;
- uint x509_ncrls;/* number of CRLs in the crl_list
- */
-
- unsigned int verify_flags; /* flags to be used at
- * certificate verification.
- */
-
- /* holds a sequence of the
- * RDNs of the CAs above.
- * This is better than
- * generating on every handshake.
- */
- gnutls_datum x509_rdn_sequence;
-
- gnutls_certificate_client_retrieve_function* client_get_cert_callback;
- gnutls_certificate_server_retrieve_function* server_get_cert_callback;
+ gnutls_dh_params dh_params;
+ gnutls_rsa_params rsa_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
+
+ gnutls_cert **cert_list;
+ /* contains a list of a list of certificates.
+ * eg (X509): [0] certificate1, certificate11, certificate111
+ * (if more than one, one certificate certifies the one before)
+ * [1] certificate2, certificate22, ...
+ */
+ uint *cert_list_length;
+ /* contains the number of the certificates in a
+ * row (should be 1 for OpenPGP keys).
+ */
+ uint ncerts; /* contains the number of columns in cert_list.
+ * This is the same with the number of pkeys.
+ */
+
+ gnutls_privkey *pkey;
+ /* private keys. It contains ncerts private
+ * keys. pkey[i] corresponds to certificate in
+ * cert_list[i][0].
+ */
+
+ /* OpenPGP specific stuff */
+
+ gnutls_datum keyring;
+ char *pgp_key_server;
+ int pgp_key_server_port;
+
+ char *pgp_trustdb;
+
+ /* X509 specific stuff */
+
+ gnutls_x509_crt *x509_ca_list;
+ uint x509_ncas; /* number of CAs in the ca_list
+ */
+
+ gnutls_x509_crl *x509_crl_list;
+ uint x509_ncrls; /* number of CRLs in the crl_list
+ */
+
+ unsigned int verify_flags; /* flags to be used at
+ * certificate verification.
+ */
+
+ /* holds a sequence of the
+ * RDNs of the CAs above.
+ * This is better than
+ * generating on every handshake.
+ */
+ gnutls_datum x509_rdn_sequence;
+
+ gnutls_certificate_client_retrieve_function *client_get_cert_callback;
+ gnutls_certificate_server_retrieve_function *server_get_cert_callback;
} certificate_credentials_st;
#define gnutls_certificate_credentials certificate_credentials_st*
typedef struct rsa_info_st {
- opaque modulus[65];
- size_t modulus_size;
- opaque exponent[65];
- size_t exponent_size;
+ opaque modulus[65];
+ size_t modulus_size;
+ opaque exponent[65];
+ size_t exponent_size;
} rsa_info_t;
typedef struct cert_auth_info_st {
- int certificate_requested; /* if the peer requested certificate
- * this is non zero;
- */
- dh_info_t dh;
-
- rsa_info_t rsa_export;
- gnutls_datum* raw_certificate_list; /* holds the raw certificate of the
- * peer.
- */
- unsigned int ncerts; /* holds the size of the list above */
+ int certificate_requested; /* if the peer requested certificate
+ * this is non zero;
+ */
+ dh_info_t dh;
+
+ rsa_info_t rsa_export;
+ gnutls_datum *raw_certificate_list; /* holds the raw certificate of the
+ * peer.
+ */
+ unsigned int ncerts; /* holds the size of the list above */
} *cert_auth_info_t;
typedef struct cert_auth_info_st cert_auth_info_st;
@@ -126,20 +134,28 @@ int _gnutls_gen_cert_server_cert_req(gnutls_session, opaque **);
int _gnutls_proc_cert_cert_req(gnutls_session, opaque *, size_t);
int _gnutls_proc_cert_client_cert_vrfy(gnutls_session, opaque *, size_t);
int _gnutls_proc_cert_server_certificate(gnutls_session, opaque *, size_t);
-int _gnutls_get_selected_cert( gnutls_session session, gnutls_cert** apr_cert_list, int *apr_cert_list_length, gnutls_privkey** apr_pkey);
-
-int _gnutls_server_select_cert( struct gnutls_session_int*, gnutls_pk_algorithm);
-void _gnutls_selected_certs_deinit( gnutls_session session);
-void _gnutls_selected_certs_set( gnutls_session session,
- gnutls_cert* certs, int ncerts, gnutls_privkey* key,
- int need_free);
+int _gnutls_get_selected_cert(gnutls_session session,
+ gnutls_cert ** apr_cert_list,
+ int *apr_cert_list_length,
+ gnutls_privkey ** apr_pkey);
+
+int _gnutls_server_select_cert(struct gnutls_session_int *,
+ gnutls_pk_algorithm);
+void _gnutls_selected_certs_deinit(gnutls_session session);
+void _gnutls_selected_certs_set(gnutls_session session,
+ gnutls_cert * certs, int ncerts,
+ gnutls_privkey * key, int need_free);
#define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate
-gnutls_rsa_params _gnutls_certificate_get_rsa_params(const gnutls_certificate_credentials sc,
- gnutls_session session);
-gnutls_dh_params _gnutls_certificate_get_dh_params(const gnutls_certificate_credentials sc,
- gnutls_session session);
+gnutls_rsa_params _gnutls_certificate_get_rsa_params(const
+ gnutls_certificate_credentials
+ sc,
+ gnutls_session
+ session);
+gnutls_dh_params _gnutls_certificate_get_dh_params(const
+ gnutls_certificate_credentials
+ sc,
+ gnutls_session session);
#endif
-
diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c
index a4842710f3..3114435eeb 100644
--- a/lib/auth_dh_common.c
+++ b/lib/auth_dh_common.c
@@ -38,234 +38,237 @@
#include <auth_dh_common.h>
int _gnutls_proc_dh_common_client_kx(gnutls_session session, opaque * data,
- size_t _data_size, mpi_t g, mpi_t p)
+ size_t _data_size, mpi_t g, mpi_t p)
{
- uint16 n_Y;
- size_t _n_Y;
- int ret;
- ssize_t data_size = _data_size;
+ uint16 n_Y;
+ size_t _n_Y;
+ int ret;
+ ssize_t data_size = _data_size;
- DECR_LEN( data_size, 2);
- n_Y = _gnutls_read_uint16(&data[0]);
- _n_Y = n_Y;
+ DECR_LEN(data_size, 2);
+ n_Y = _gnutls_read_uint16(&data[0]);
+ _n_Y = n_Y;
- DECR_LEN( data_size, n_Y);
- if (_gnutls_mpi_scan(&session->key->client_Y, &data[2], &_n_Y)) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ DECR_LEN(data_size, n_Y);
+ if (_gnutls_mpi_scan(&session->key->client_Y, &data[2], &_n_Y)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- _gnutls_dh_set_peer_public( session, session->key->client_Y);
+ _gnutls_dh_set_peer_public(session, session->key->client_Y);
- session->key->KEY =
- gnutls_calc_dh_key(session->key->client_Y,
- session->key->dh_secret, p);
+ session->key->KEY =
+ gnutls_calc_dh_key(session->key->client_Y,
+ session->key->dh_secret, p);
- if (session->key->KEY == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (session->key->KEY == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- _gnutls_mpi_release(&session->key->client_Y);
- _gnutls_mpi_release(&session->key->dh_secret);
+ _gnutls_mpi_release(&session->key->client_Y);
+ _gnutls_mpi_release(&session->key->dh_secret);
- ret = _gnutls_generate_session_key(session->key);
- _gnutls_mpi_release(&session->key->KEY);
+ ret = _gnutls_generate_session_key(session->key);
+ _gnutls_mpi_release(&session->key->KEY);
- if (ret < 0) {
- return ret;
- }
+ if (ret < 0) {
+ return ret;
+ }
- return 0;
+ return 0;
}
int _gnutls_gen_dh_common_client_kx(gnutls_session session, opaque ** data)
{
- mpi_t x = NULL, X = NULL;
- size_t n_X;
- int ret;
-
- *data = NULL;
-
- X = gnutls_calc_dh_secret(&x, session->key->client_g,
- session->key->client_p);
- if (X == NULL || x == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- _gnutls_dh_set_secret_bits( session, _gnutls_mpi_get_nbits(x));
-
- _gnutls_mpi_print( NULL, &n_X, X);
- (*data) = gnutls_malloc(n_X + 2);
- if (*data == NULL) {
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- _gnutls_mpi_print( &(*data)[2], &n_X, X);
- _gnutls_mpi_release(&X);
-
- _gnutls_write_uint16(n_X, &(*data)[0]);
-
- /* calculate the key after calculating the message */
- session->key->KEY =
- gnutls_calc_dh_key(session->key->client_Y, x,
- session->key->client_p);
-
- _gnutls_mpi_release(&x);
- if (session->key->KEY == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- _gnutls_dh_set_peer_public( session, session->key->client_Y);
-
- /* THESE SHOULD BE DISCARDED */
- _gnutls_mpi_release(&session->key->client_Y);
- _gnutls_mpi_release(&session->key->client_p);
- _gnutls_mpi_release(&session->key->client_g);
-
- ret = _gnutls_generate_session_key(session->key);
- _gnutls_mpi_release(&session->key->KEY);
-
- if (ret < 0) {
- gnutls_assert();
- goto error;
- }
-
- return n_X + 2;
-
-error:
- _gnutls_mpi_release(&x);
- _gnutls_mpi_release(&X);
- gnutls_free(*data); *data = NULL;
- return ret;
+ mpi_t x = NULL, X = NULL;
+ size_t n_X;
+ int ret;
+
+ *data = NULL;
+
+ X = gnutls_calc_dh_secret(&x, session->key->client_g,
+ session->key->client_p);
+ if (X == NULL || x == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(x));
+
+ _gnutls_mpi_print(NULL, &n_X, X);
+ (*data) = gnutls_malloc(n_X + 2);
+ if (*data == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ _gnutls_mpi_print(&(*data)[2], &n_X, X);
+ _gnutls_mpi_release(&X);
+
+ _gnutls_write_uint16(n_X, &(*data)[0]);
+
+ /* calculate the key after calculating the message */
+ session->key->KEY =
+ gnutls_calc_dh_key(session->key->client_Y, x,
+ session->key->client_p);
+
+ _gnutls_mpi_release(&x);
+ if (session->key->KEY == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ _gnutls_dh_set_peer_public(session, session->key->client_Y);
+
+ /* THESE SHOULD BE DISCARDED */
+ _gnutls_mpi_release(&session->key->client_Y);
+ _gnutls_mpi_release(&session->key->client_p);
+ _gnutls_mpi_release(&session->key->client_g);
+
+ ret = _gnutls_generate_session_key(session->key);
+ _gnutls_mpi_release(&session->key->KEY);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ return n_X + 2;
+
+ error:
+ _gnutls_mpi_release(&x);
+ _gnutls_mpi_release(&X);
+ gnutls_free(*data);
+ *data = NULL;
+ return ret;
}
-int _gnutls_proc_dh_common_server_kx( gnutls_session session, opaque* data, size_t _data_size)
+int _gnutls_proc_dh_common_server_kx(gnutls_session session, opaque * data,
+ size_t _data_size)
{
- uint16 n_Y, n_g, n_p;
- size_t _n_Y, _n_g, _n_p;
- uint8 *data_p;
- uint8 *data_g;
- uint8 *data_Y;
- int i, bits;
- ssize_t data_size = _data_size;
-
- i = 0;
- DECR_LEN( data_size, 2);
- n_p = _gnutls_read_uint16( &data[i]);
- i += 2;
-
- DECR_LEN( data_size, n_p);
- data_p = &data[i];
- i += n_p;
- if (i > data_size) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- DECR_LEN( data_size, 2);
- n_g = _gnutls_read_uint16( &data[i]);
- i += 2;
-
- DECR_LEN( data_size, n_g);
- data_g = &data[i];
- i += n_g;
-
- DECR_LEN( data_size, 2);
- n_Y = _gnutls_read_uint16( &data[i]);
- i += 2;
-
- DECR_LEN( data_size, n_Y);
- data_Y = &data[i];
- i += n_Y;
-
- _n_Y = n_Y;
- _n_g = n_g;
- _n_p = n_p;
-
- if (_gnutls_mpi_scan(&session->key->client_Y, data_Y, &_n_Y) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (_gnutls_mpi_scan(&session->key->client_g, data_g, &_n_g) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
- if (_gnutls_mpi_scan(&session->key->client_p, data_p, &_n_p) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- bits = _gnutls_dh_get_allowed_prime_bits( session);
- if (bits < 0) {
- gnutls_assert();
- return bits;
- }
-
- if ( _gnutls_mpi_get_nbits( session->key->client_p) < (size_t)bits) {
- /* the prime used by the peer is not acceptable
- */
- gnutls_assert();
- return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
- }
-
- _gnutls_dh_set_group( session, session->key->client_g, session->key->client_p);
- _gnutls_dh_set_peer_public( session, session->key->client_Y);
-
- return n_Y + n_p + n_g + 6;
+ uint16 n_Y, n_g, n_p;
+ size_t _n_Y, _n_g, _n_p;
+ uint8 *data_p;
+ uint8 *data_g;
+ uint8 *data_Y;
+ int i, bits;
+ ssize_t data_size = _data_size;
+
+ i = 0;
+ DECR_LEN(data_size, 2);
+ n_p = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_p);
+ data_p = &data[i];
+ i += n_p;
+ if (i > data_size) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ DECR_LEN(data_size, 2);
+ n_g = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_g);
+ data_g = &data[i];
+ i += n_g;
+
+ DECR_LEN(data_size, 2);
+ n_Y = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_Y);
+ data_Y = &data[i];
+ i += n_Y;
+
+ _n_Y = n_Y;
+ _n_g = n_g;
+ _n_p = n_p;
+
+ if (_gnutls_mpi_scan(&session->key->client_Y, data_Y, &_n_Y) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan(&session->key->client_g, data_g, &_n_g) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ if (_gnutls_mpi_scan(&session->key->client_p, data_p, &_n_p) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ bits = _gnutls_dh_get_allowed_prime_bits(session);
+ if (bits < 0) {
+ gnutls_assert();
+ return bits;
+ }
+
+ if (_gnutls_mpi_get_nbits(session->key->client_p) < (size_t) bits) {
+ /* the prime used by the peer is not acceptable
+ */
+ gnutls_assert();
+ return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
+ }
+
+ _gnutls_dh_set_group(session, session->key->client_g,
+ session->key->client_p);
+ _gnutls_dh_set_peer_public(session, session->key->client_Y);
+
+ return n_Y + n_p + n_g + 6;
}
-int _gnutls_dh_common_print_server_kx( gnutls_session session,
- mpi_t g, mpi_t p, opaque** data)
+int _gnutls_dh_common_print_server_kx(gnutls_session session,
+ mpi_t g, mpi_t p, opaque ** data)
{
- mpi_t x, X;
- size_t n_X, n_g, n_p;
- int ret;
- uint8 *data_p;
- uint8 *data_g;
- uint8 *data_X;
-
- X = gnutls_calc_dh_secret(&x, g, p);
- if (X == NULL || x == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- session->key->dh_secret = x;
- _gnutls_dh_set_secret_bits( session, _gnutls_mpi_get_nbits(x));
-
- _gnutls_mpi_print( NULL, &n_g, g);
- _gnutls_mpi_print( NULL, &n_p, p);
- _gnutls_mpi_print( NULL, &n_X, X);
- (*data) = gnutls_malloc(n_g + n_p + n_X + 6);
- if (*data == NULL) {
- _gnutls_mpi_release(&X);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- data_p = &(*data)[0];
- _gnutls_mpi_print( &data_p[2], &n_p, p);
-
- _gnutls_write_uint16(n_p, data_p);
-
- data_g = &data_p[2 + n_p];
- _gnutls_mpi_print( &data_g[2], &n_g, g);
-
- _gnutls_write_uint16(n_g, data_g);
-
- data_X = &data_g[2 + n_g];
- _gnutls_mpi_print( &data_X[2], &n_X, X);
+ mpi_t x, X;
+ size_t n_X, n_g, n_p;
+ int ret;
+ uint8 *data_p;
+ uint8 *data_g;
+ uint8 *data_X;
+
+ X = gnutls_calc_dh_secret(&x, g, p);
+ if (X == NULL || x == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ session->key->dh_secret = x;
+ _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(x));
+
+ _gnutls_mpi_print(NULL, &n_g, g);
+ _gnutls_mpi_print(NULL, &n_p, p);
+ _gnutls_mpi_print(NULL, &n_X, X);
+ (*data) = gnutls_malloc(n_g + n_p + n_X + 6);
+ if (*data == NULL) {
_gnutls_mpi_release(&X);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- _gnutls_write_uint16(n_X, data_X);
+ data_p = &(*data)[0];
+ _gnutls_mpi_print(&data_p[2], &n_p, p);
- ret = n_p + n_g + n_X + 6;
+ _gnutls_write_uint16(n_p, data_p);
- return ret;
+ data_g = &data_p[2 + n_p];
+ _gnutls_mpi_print(&data_g[2], &n_g, g);
+
+ _gnutls_write_uint16(n_g, data_g);
+
+ data_X = &data_g[2 + n_g];
+ _gnutls_mpi_print(&data_X[2], &n_X, X);
+ _gnutls_mpi_release(&X);
+
+ _gnutls_write_uint16(n_X, data_X);
+
+ ret = n_p + n_g + n_X + 6;
+
+ return ret;
}
diff --git a/lib/auth_dh_common.h b/lib/auth_dh_common.h
index 0da5c59f92..a1400cac2c 100644
--- a/lib/auth_dh_common.h
+++ b/lib/auth_dh_common.h
@@ -2,22 +2,22 @@
# define AUTH_DH_COMMON
typedef struct dh_info_st {
- int secret_bits;
+ int secret_bits;
- opaque prime[1025];
- size_t prime_size;
- opaque generator[16];
- size_t generator_size;
- opaque public_key[1025];
- size_t public_key_size;
+ opaque prime[1025];
+ size_t prime_size;
+ opaque generator[16];
+ size_t generator_size;
+ opaque public_key[1025];
+ size_t public_key_size;
} dh_info_t;
int _gnutls_gen_dh_common_client_kx(gnutls_session, opaque **);
int _gnutls_proc_dh_common_client_kx(gnutls_session session, opaque * data,
- size_t _data_size, mpi_t p, mpi_t g);
-int _gnutls_dh_common_print_server_kx( gnutls_session, mpi_t g,
- mpi_t p, opaque** data);
-int _gnutls_proc_dh_common_server_kx( gnutls_session session, opaque* data,
- size_t _data_size);
+ size_t _data_size, mpi_t p, mpi_t g);
+int _gnutls_dh_common_print_server_kx(gnutls_session, mpi_t g,
+ mpi_t p, opaque ** data);
+int _gnutls_proc_dh_common_server_kx(gnutls_session session, opaque * data,
+ size_t _data_size);
#endif
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index 8025801a2e..386545eb13 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -43,214 +43,214 @@ static int proc_dhe_server_kx(gnutls_session, opaque *, size_t);
static int proc_dhe_client_kx(gnutls_session, opaque *, size_t);
const mod_auth_st dhe_rsa_auth_struct = {
- "DHE_RSA",
- _gnutls_gen_cert_server_certificate,
- _gnutls_gen_cert_client_certificate,
- gen_dhe_server_kx,
- _gnutls_gen_dh_common_client_kx,
- _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
-
- _gnutls_proc_cert_server_certificate,
- _gnutls_proc_cert_client_certificate,
- proc_dhe_server_kx,
- proc_dhe_client_kx,
- _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ "DHE_RSA",
+ _gnutls_gen_cert_server_certificate,
+ _gnutls_gen_cert_client_certificate,
+ gen_dhe_server_kx,
+ _gnutls_gen_dh_common_client_kx,
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_cert_server_certificate,
+ _gnutls_proc_cert_client_certificate,
+ proc_dhe_server_kx,
+ proc_dhe_client_kx,
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
const mod_auth_st dhe_dss_auth_struct = {
- "DHE_DSS",
- _gnutls_gen_cert_server_certificate,
- _gnutls_gen_cert_client_certificate,
- gen_dhe_server_kx,
- _gnutls_gen_dh_common_client_kx,
- _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
-
- _gnutls_proc_cert_server_certificate,
- _gnutls_proc_cert_client_certificate,
- proc_dhe_server_kx,
- proc_dhe_client_kx,
- _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ "DHE_DSS",
+ _gnutls_gen_cert_server_certificate,
+ _gnutls_gen_cert_client_certificate,
+ gen_dhe_server_kx,
+ _gnutls_gen_dh_common_client_kx,
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_cert_server_certificate,
+ _gnutls_proc_cert_client_certificate,
+ proc_dhe_server_kx,
+ proc_dhe_client_kx,
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
static int gen_dhe_server_kx(gnutls_session session, opaque ** data)
{
- mpi_t g, p;
- const mpi_t *mpis;
- int ret = 0, data_size;
- int bits;
- gnutls_cert *apr_cert_list;
- gnutls_privkey* apr_pkey;
- int apr_cert_list_length;
- gnutls_datum signature, ddata;
- const gnutls_certificate_credentials cred;
- gnutls_dh_params dh_params;
-
- cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- bits = _gnutls_dh_get_allowed_prime_bits( session);
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert(session, &apr_cert_list,
+ mpi_t g, p;
+ const mpi_t *mpis;
+ int ret = 0, data_size;
+ int bits;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey *apr_pkey;
+ int apr_cert_list_length;
+ gnutls_datum signature, ddata;
+ const gnutls_certificate_credentials cred;
+ gnutls_dh_params dh_params;
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ bits = _gnutls_dh_get_allowed_prime_bits(session);
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
&apr_cert_list_length,
&apr_pkey)) < 0) {
- gnutls_assert();
- return ret;
- }
+ gnutls_assert();
+ return ret;
+ }
- dh_params = _gnutls_certificate_get_dh_params( cred, session);
- mpis = _gnutls_get_dh_params( dh_params);
- if (mpis == NULL) {
- gnutls_assert();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
+ dh_params = _gnutls_certificate_get_dh_params(cred, session);
+ mpis = _gnutls_get_dh_params(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
- p = mpis[0];
- g = mpis[1];
+ p = mpis[0];
+ g = mpis[1];
- if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_CERTIFICATE,
- sizeof( cert_auth_info_st), 0)) < 0)
- {
- gnutls_assert();
- return ret;
- }
+ if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- _gnutls_dh_set_group( session, g, p);
+ _gnutls_dh_set_group(session, g, p);
- ret = _gnutls_dh_common_print_server_kx( session, g, p, data);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- data_size = ret;
-
- /* Generate the signature. */
-
- ddata.data = *data;
- ddata.size = data_size;
-
- if (apr_pkey != NULL) {
- if ((ret =
- _gnutls_tls_sign_params(session, &apr_cert_list[0],
- apr_pkey, &ddata,
- &signature)) < 0) {
- gnutls_assert();
- gnutls_free(*data);
- return ret;
- }
- } else {
- gnutls_assert();
- return data_size; /* do not put a signature - ILLEGAL! */
- }
+ ret = _gnutls_dh_common_print_server_kx(session, g, p, data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ data_size = ret;
- *data = gnutls_realloc_fast(*data, data_size + signature.size + 2);
- if (*data == NULL) {
- _gnutls_free_datum(&signature);
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ /* Generate the signature. */
- _gnutls_write_datum16(&(*data)[data_size], signature);
- data_size += signature.size + 2;
+ ddata.data = *data;
+ ddata.size = data_size;
+ if (apr_pkey != NULL) {
+ if ((ret =
+ _gnutls_tls_sign_params(session, &apr_cert_list[0],
+ apr_pkey, &ddata, &signature)) < 0) {
+ gnutls_assert();
+ gnutls_free(*data);
+ return ret;
+ }
+ } else {
+ gnutls_assert();
+ return data_size; /* do not put a signature - ILLEGAL! */
+ }
+
+ *data = gnutls_realloc_fast(*data, data_size + signature.size + 2);
+ if (*data == NULL) {
_gnutls_free_datum(&signature);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_write_datum16(&(*data)[data_size], signature);
+ data_size += signature.size + 2;
- return data_size;
+ _gnutls_free_datum(&signature);
+
+ return data_size;
}
static int proc_dhe_server_kx(gnutls_session session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
- int sigsize;
- gnutls_datum vparams, signature;
- int ret;
- cert_auth_info_t info = _gnutls_get_auth_info( session);
- ssize_t data_size = _data_size;
- gnutls_cert peer_cert;
-
- if (info == NULL || info->ncerts==0) {
- gnutls_assert();
- /* we need this in order to get peer's certificate */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret = _gnutls_proc_dh_common_server_kx( session, data, _data_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int sigsize;
+ gnutls_datum vparams, signature;
+ int ret;
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+ ssize_t data_size = _data_size;
+ gnutls_cert peer_cert;
+
+ if (info == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* VERIFY SIGNATURE */
+ /* VERIFY SIGNATURE */
- vparams.size = ret;
- vparams.data = data;
+ vparams.size = ret;
+ vparams.data = data;
- DECR_LEN( data_size, 2);
- sigsize = _gnutls_read_uint16(&data[vparams.size]);
+ DECR_LEN(data_size, 2);
+ sigsize = _gnutls_read_uint16(&data[vparams.size]);
- DECR_LEN( data_size, sigsize);
- signature.data = &data[vparams.size + 2];
- signature.size = sigsize;
+ DECR_LEN(data_size, sigsize);
+ signature.data = &data[vparams.size + 2];
+ signature.size = sigsize;
- if ((ret =
- _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type,
- &info->raw_certificate_list[0], CERT_NO_COPY)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if ((ret =
+ _gnutls_raw_cert_to_gcert(&peer_cert,
+ session->security_parameters.cert_type,
+ &info->raw_certificate_list[0],
+ CERT_NO_COPY)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret =
- _gnutls_verify_sig_params(session,
- &peer_cert,
- &vparams, &signature);
-
- _gnutls_gcert_deinit( &peer_cert);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret =
+ _gnutls_verify_sig_params(session,
+ &peer_cert, &vparams, &signature);
+ _gnutls_gcert_deinit(&peer_cert);
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ return ret;
}
static int proc_dhe_client_kx(gnutls_session session, opaque * data,
- size_t _data_size)
+ size_t _data_size)
{
-const gnutls_certificate_credentials cred;
-int ret;
-mpi_t p, g;
-const mpi_t *mpis;
-gnutls_dh_params dh_params;
-
- cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params = _gnutls_certificate_get_dh_params( cred, session);
- mpis = _gnutls_get_dh_params( dh_params);
- if (mpis == NULL) {
- gnutls_assert();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- ret = _gnutls_proc_dh_common_client_kx( session, data, _data_size, g, p);
-
- return ret;
+ const gnutls_certificate_credentials cred;
+ int ret;
+ mpi_t p, g;
+ const mpi_t *mpis;
+ gnutls_dh_params dh_params;
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params = _gnutls_certificate_get_dh_params(cred, session);
+ mpis = _gnutls_get_dh_params(dh_params);
+ if (mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ ret =
+ _gnutls_proc_dh_common_client_kx(session, data, _data_size, g, p);
+
+ return ret;
}
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index 5e6f412b92..f62c7e5684 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -45,140 +45,146 @@ int _gnutls_gen_rsa_client_kx(gnutls_session, opaque **);
int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, size_t);
const mod_auth_st rsa_auth_struct = {
- "RSA",
- _gnutls_gen_cert_server_certificate,
- _gnutls_gen_cert_client_certificate,
- NULL, /* gen server kx */
- _gnutls_gen_rsa_client_kx,
- _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
-
- _gnutls_proc_cert_server_certificate,
- _gnutls_proc_cert_client_certificate,
- NULL, /* proc server kx */
- _gnutls_proc_rsa_client_kx, /* proc client kx */
- _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ "RSA",
+ _gnutls_gen_cert_server_certificate,
+ _gnutls_gen_cert_client_certificate,
+ NULL, /* gen server kx */
+ _gnutls_gen_rsa_client_kx,
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_cert_server_certificate,
+ _gnutls_proc_cert_client_certificate,
+ NULL, /* proc server kx */
+ _gnutls_proc_rsa_client_kx, /* proc client kx */
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
/* This function reads the RSA parameters from peer's certificate;
*/
-int _gnutls_get_public_rsa_params(gnutls_session session,
- mpi_t params[MAX_PUBLIC_PARAMS_SIZE], int* params_len)
+int _gnutls_get_public_rsa_params(gnutls_session session,
+ mpi_t params[MAX_PUBLIC_PARAMS_SIZE],
+ int *params_len)
{
-int ret;
-cert_auth_info_t info;
-gnutls_cert peer_cert;
-int i;
+ int ret;
+ cert_auth_info_t info;
+ gnutls_cert peer_cert;
+ int i;
- /* normal non export case */
+ /* normal non export case */
- info = _gnutls_get_auth_info( session);
+ info = _gnutls_get_auth_info(session);
- if (info==NULL || info->ncerts==0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret =
- _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type,
- &info->raw_certificate_list[0], CERT_ONLY_PUBKEY|CERT_NO_COPY);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (info == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret =
+ _gnutls_raw_cert_to_gcert(&peer_cert,
+ session->security_parameters.cert_type,
+ &info->raw_certificate_list[0],
+ CERT_ONLY_PUBKEY | CERT_NO_COPY);
- /* EXPORT case: */
- if ( _gnutls_cipher_suite_get_kx_algo(&session->security_parameters.current_cipher_suite)
- == GNUTLS_KX_RSA_EXPORT &&
- _gnutls_mpi_get_nbits(peer_cert.params[0]) > 512) {
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- _gnutls_gcert_deinit( &peer_cert);
- if (session->key->rsa[0] == NULL ||
- session->key->rsa[1] == NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ /* EXPORT case: */
+ if (_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.current_cipher_suite)
+ == GNUTLS_KX_RSA_EXPORT
+ && _gnutls_mpi_get_nbits(peer_cert.params[0]) > 512) {
- if (*params_len < 2) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- *params_len = 2;
- for (i=0;i<*params_len;i++) {
- params[i] = _gnutls_mpi_copy(session->key->rsa[i]);
- }
+ _gnutls_gcert_deinit(&peer_cert);
- return 0;
+ if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- /* end of export case */
-
- if (*params_len < peer_cert.params_size) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ if (*params_len < 2) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- *params_len = peer_cert.params_size;
-
- for (i=0;i<*params_len;i++) {
- params[i] = _gnutls_mpi_copy(peer_cert.params[i]);
+ *params_len = 2;
+ for (i = 0; i < *params_len; i++) {
+ params[i] = _gnutls_mpi_copy(session->key->rsa[i]);
}
- _gnutls_gcert_deinit( &peer_cert);
return 0;
+ }
+
+ /* end of export case */
+
+ if (*params_len < peer_cert.params_size) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ *params_len = peer_cert.params_size;
+
+ for (i = 0; i < *params_len; i++) {
+ params[i] = _gnutls_mpi_copy(peer_cert.params[i]);
+ }
+ _gnutls_gcert_deinit(&peer_cert);
+
+ return 0;
}
/* This function reads the RSA parameters from the private key
*/
-int _gnutls_get_private_rsa_params(gnutls_session session, mpi_t **params, int* params_size)
+int _gnutls_get_private_rsa_params(gnutls_session session, mpi_t ** params,
+ int *params_size)
{
-int bits;
-const gnutls_certificate_credentials cred;
-gnutls_rsa_params rsa_params;
-
- cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (session->internals.selected_cert_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ int bits;
+ const gnutls_certificate_credentials cred;
+ gnutls_rsa_params rsa_params;
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (session->internals.selected_cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ bits =
+ _gnutls_mpi_get_nbits(session->internals.selected_cert_list[0].
+ params[0]);
+
+ if (_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.current_cipher_suite)
+ == GNUTLS_KX_RSA_EXPORT && bits > 512) {
+
+ rsa_params = _gnutls_certificate_get_rsa_params(cred, session);
+ /* EXPORT case: */
+ if (rsa_params == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
}
- bits = _gnutls_mpi_get_nbits(session->internals.selected_cert_list[0].params[0]);
+ /* In the export case, we do use temporary RSA params
+ * of 512 bits size. The params in the certificate are
+ * used to sign this temporary stuff.
+ */
+ *params_size = RSA_PRIVATE_PARAMS;
+ *params = rsa_params->params;
- if ( _gnutls_cipher_suite_get_kx_algo(&session->security_parameters.current_cipher_suite)
- == GNUTLS_KX_RSA_EXPORT &&
- bits > 512) {
+ return 0;
+ }
- rsa_params = _gnutls_certificate_get_rsa_params( cred, session);
- /* EXPORT case: */
- if (rsa_params == NULL) {
- gnutls_assert();
- return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
- }
-
- /* In the export case, we do use temporary RSA params
- * of 512 bits size. The params in the certificate are
- * used to sign this temporary stuff.
- */
- *params_size = RSA_PRIVATE_PARAMS;
- *params = rsa_params->params;
-
- return 0;
- }
+ /* non export cipher suites. */
- /* non export cipher suites. */
-
- *params_size = session->internals.selected_key->params_size;
- *params = session->internals.selected_key->params;
+ *params_size = session->internals.selected_key->params_size;
+ *params = session->internals.selected_key->params;
- return 0;
+ return 0;
}
@@ -190,88 +196,88 @@ gnutls_rsa_params rsa_params;
return GNUTLS_E_MEMORY_ERROR; \
}
-int _gnutls_proc_rsa_client_kx(gnutls_session session, opaque * data, size_t _data_size)
+int _gnutls_proc_rsa_client_kx(gnutls_session session, opaque * data,
+ size_t _data_size)
{
- gnutls_datum plaintext;
- gnutls_datum ciphertext;
- int ret, dsize;
- mpi_t *params;
- int params_len;
- int randomize_key = 0;
- ssize_t data_size = _data_size;
-
- if (gnutls_protocol_get_version(session) == GNUTLS_SSL3) {
- /* SSL 3.0
- */
- ciphertext.data = data;
- ciphertext.size = data_size;
- } else {
- /* TLS 1.0
- */
- DECR_LEN( data_size, 2);
- ciphertext.data = &data[2];
- dsize = _gnutls_read_uint16(data);
-
- if (dsize != data_size) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- ciphertext.size = dsize;
- }
+ gnutls_datum plaintext;
+ gnutls_datum ciphertext;
+ int ret, dsize;
+ mpi_t *params;
+ int params_len;
+ int randomize_key = 0;
+ ssize_t data_size = _data_size;
+
+ if (gnutls_protocol_get_version(session) == GNUTLS_SSL3) {
+ /* SSL 3.0
+ */
+ ciphertext.data = data;
+ ciphertext.size = data_size;
+ } else {
+ /* TLS 1.0
+ */
+ DECR_LEN(data_size, 2);
+ ciphertext.data = &data[2];
+ dsize = _gnutls_read_uint16(data);
- ret = _gnutls_get_private_rsa_params(session, &params, &params_len);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ if (dsize != data_size) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
+ ciphertext.size = dsize;
+ }
- ret = _gnutls_pkcs1_rsa_decrypt(&plaintext, &ciphertext, params,
- params_len, 2); /* btype==2 */
-
- if (ret < 0 || plaintext.size != TLS_MASTER_SIZE) {
- /* In case decryption fails then don't inform
- * the peer. Just use a random key. (in order to avoid
- * attack against pkcs-1 formating).
- */
- gnutls_assert();
- _gnutls_x509_log("auth_rsa: Possible PKCS #1 format attack\n");
- randomize_key = 1;
- } else {
- /* If the secret was properly formatted, then
- * check the version number.
- */
- if (_gnutls_get_adv_version_major(session) != plaintext.data[0]
- || _gnutls_get_adv_version_minor(session) != plaintext.data[1])
- {
- /* No error is returned here, if the version number check
- * fails. We proceed normally.
- * That is to defend against the attack described in the paper
- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
- * Ondej Pokorny and Tomas Rosa.
- */
- gnutls_assert();
- _gnutls_x509_log("auth_rsa: Possible PKCS #1 version check format attack\n");
- }
- }
+ ret = _gnutls_get_private_rsa_params(session, &params, &params_len);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (randomize_key != 0) {
- /* we do not need strong random numbers here.
- */
- RANDOMIZE_KEY(session->key->key,
- gnutls_malloc, GNUTLS_WEAK_RANDOM);
+ ret = _gnutls_pkcs1_rsa_decrypt(&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */
- } else {
- session->key->key.data = plaintext.data;
- session->key->key.size = plaintext.size;
+ if (ret < 0 || plaintext.size != TLS_MASTER_SIZE) {
+ /* In case decryption fails then don't inform
+ * the peer. Just use a random key. (in order to avoid
+ * attack against pkcs-1 formating).
+ */
+ gnutls_assert();
+ _gnutls_x509_log("auth_rsa: Possible PKCS #1 format attack\n");
+ randomize_key = 1;
+ } else {
+ /* If the secret was properly formatted, then
+ * check the version number.
+ */
+ if (_gnutls_get_adv_version_major(session) != plaintext.data[0]
+ || _gnutls_get_adv_version_minor(session) != plaintext.data[1]) {
+ /* No error is returned here, if the version number check
+ * fails. We proceed normally.
+ * That is to defend against the attack described in the paper
+ * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
+ * Ondej Pokorny and Tomas Rosa.
+ */
+ gnutls_assert();
+ _gnutls_x509_log
+ ("auth_rsa: Possible PKCS #1 version check format attack\n");
}
+ }
- /* This is here to avoid the version check attack
- * discussed above.
+ if (randomize_key != 0) {
+ /* we do not need strong random numbers here.
*/
- session->key->key.data[0] = _gnutls_get_adv_version_major(session);
- session->key->key.data[1] = _gnutls_get_adv_version_minor(session);
+ RANDOMIZE_KEY(session->key->key,
+ gnutls_malloc, GNUTLS_WEAK_RANDOM);
- return 0;
+ } else {
+ session->key->key.data = plaintext.data;
+ session->key->key.size = plaintext.size;
+ }
+
+ /* This is here to avoid the version check attack
+ * discussed above.
+ */
+ session->key->key.data[0] = _gnutls_get_adv_version_major(session);
+ session->key->key.data[1] = _gnutls_get_adv_version_minor(session);
+
+ return 0;
}
@@ -280,64 +286,66 @@ int _gnutls_proc_rsa_client_kx(gnutls_session session, opaque * data, size_t _da
*/
int _gnutls_gen_rsa_client_kx(gnutls_session session, opaque ** data)
{
- cert_auth_info_t auth = session->key->auth_info;
- gnutls_datum sdata; /* data to send */
- mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
- int params_len = MAX_PUBLIC_PARAMS_SIZE;
- int ret, i;
- gnutls_protocol_version ver;
-
- if (auth == NULL) {
- /* this shouldn't have happened. The proc_certificate
- * function should have detected that.
- */
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
- RANDOMIZE_KEY(session->key->key, gnutls_secure_malloc, GNUTLS_STRONG_RANDOM);
-
- ver = _gnutls_get_adv_version(session);
-
- if (session->internals.rsa_pms_version[0] == 0) {
- session->key->key.data[0] = _gnutls_version_get_major(ver);
- session->key->key.data[1] = _gnutls_version_get_minor(ver);
- } else { /* use the version provided */
- session->key->key.data[0] = session->internals.rsa_pms_version[0];
- session->key->key.data[1] = session->internals.rsa_pms_version[1];
- }
-
- /* move RSA parameters to key (session).
+ cert_auth_info_t auth = session->key->auth_info;
+ gnutls_datum sdata; /* data to send */
+ mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_len = MAX_PUBLIC_PARAMS_SIZE;
+ int ret, i;
+ gnutls_protocol_version ver;
+
+ if (auth == NULL) {
+ /* this shouldn't have happened. The proc_certificate
+ * function should have detected that.
*/
- if ((ret =
- _gnutls_get_public_rsa_params(session, params, &params_len)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- if ((ret =
- _gnutls_pkcs1_rsa_encrypt(&sdata, &session->key->key,
- params, params_len, 2)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- for (i=0;i<params_len;i++)
- _gnutls_mpi_release( &params[i]);
-
- if (gnutls_protocol_get_version( session) == GNUTLS_SSL3) {
- /* SSL 3.0 */
- *data = sdata.data;
- return sdata.size;
- } else { /* TLS 1 */
- *data = gnutls_malloc(sdata.size + 2);
- if (*data == NULL) {
- _gnutls_free_datum(&sdata);
- return GNUTLS_E_MEMORY_ERROR;
- }
- _gnutls_write_datum16( *data, sdata);
- ret = sdata.size + 2;
- _gnutls_free_datum(&sdata);
- return ret;
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+ RANDOMIZE_KEY(session->key->key, gnutls_secure_malloc,
+ GNUTLS_STRONG_RANDOM);
+
+ ver = _gnutls_get_adv_version(session);
+
+ if (session->internals.rsa_pms_version[0] == 0) {
+ session->key->key.data[0] = _gnutls_version_get_major(ver);
+ session->key->key.data[1] = _gnutls_version_get_minor(ver);
+ } else { /* use the version provided */
+ session->key->key.data[0] = session->internals.rsa_pms_version[0];
+ session->key->key.data[1] = session->internals.rsa_pms_version[1];
+ }
+
+ /* move RSA parameters to key (session).
+ */
+ if ((ret =
+ _gnutls_get_public_rsa_params(session, params,
+ &params_len)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if ((ret =
+ _gnutls_pkcs1_rsa_encrypt(&sdata, &session->key->key,
+ params, params_len, 2)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ for (i = 0; i < params_len; i++)
+ _gnutls_mpi_release(&params[i]);
+
+ if (gnutls_protocol_get_version(session) == GNUTLS_SSL3) {
+ /* SSL 3.0 */
+ *data = sdata.data;
+ return sdata.size;
+ } else { /* TLS 1 */
+ *data = gnutls_malloc(sdata.size + 2);
+ if (*data == NULL) {
+ _gnutls_free_datum(&sdata);
+ return GNUTLS_E_MEMORY_ERROR;
}
+ _gnutls_write_datum16(*data, sdata);
+ ret = sdata.size + 2;
+ _gnutls_free_datum(&sdata);
+ return ret;
+ }
}
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c
index fe952d8d40..3246eacb77 100644
--- a/lib/auth_rsa_export.c
+++ b/lib/auth_rsa_export.c
@@ -49,251 +49,255 @@ static int gen_rsa_export_server_kx(gnutls_session, opaque **);
static int proc_rsa_export_server_kx(gnutls_session, opaque *, size_t);
const mod_auth_st rsa_export_auth_struct = {
- "RSA EXPORT",
- _gnutls_gen_cert_server_certificate,
- _gnutls_gen_cert_client_certificate,
- gen_rsa_export_server_kx,
- _gnutls_gen_rsa_client_kx,
- _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
- _gnutls_gen_cert_server_cert_req, /* server cert request */
-
- _gnutls_proc_cert_server_certificate,
- _gnutls_proc_cert_client_certificate,
- proc_rsa_export_server_kx,
- _gnutls_proc_rsa_client_kx, /* proc client kx */
- _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
- _gnutls_proc_cert_cert_req /* proc server cert request */
+ "RSA EXPORT",
+ _gnutls_gen_cert_server_certificate,
+ _gnutls_gen_cert_client_certificate,
+ gen_rsa_export_server_kx,
+ _gnutls_gen_rsa_client_kx,
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_cert_server_certificate,
+ _gnutls_proc_cert_client_certificate,
+ proc_rsa_export_server_kx,
+ _gnutls_proc_rsa_client_kx, /* proc client kx */
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
};
static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data)
{
- gnutls_rsa_params rsa_params;
- const mpi_t *rsa_mpis;
- size_t n_e, n_m;
- uint8 *data_e, *data_m;
- int ret = 0, data_size;
- gnutls_cert *apr_cert_list;
- gnutls_privkey* apr_pkey;
- int apr_cert_list_length;
- gnutls_datum signature, ddata;
- cert_auth_info_t info;
- const gnutls_certificate_credentials cred;
-
- cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- /* find the appropriate certificate */
- if ((ret =
- _gnutls_get_selected_cert(session, &apr_cert_list,
+ gnutls_rsa_params rsa_params;
+ const mpi_t *rsa_mpis;
+ size_t n_e, n_m;
+ uint8 *data_e, *data_m;
+ int ret = 0, data_size;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey *apr_pkey;
+ int apr_cert_list_length;
+ gnutls_datum signature, ddata;
+ cert_auth_info_t info;
+ const gnutls_certificate_credentials cred;
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert(session, &apr_cert_list,
&apr_cert_list_length,
&apr_pkey)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* abort sending this message if we have a certificate
- * of 512 bits or less.
- */
- if ( _gnutls_mpi_get_nbits( apr_pkey->params[0]) <= 512) {
- gnutls_assert();
- return GNUTLS_E_INT_RET_0;
- }
-
- rsa_params = _gnutls_certificate_get_rsa_params( cred, session);
- rsa_mpis = _gnutls_get_rsa_params( rsa_params);
- if (rsa_mpis == NULL) {
- gnutls_assert();
- return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
- }
-
- if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_CERTIFICATE,
- sizeof( cert_auth_info_st), 0)) < 0) {
- gnutls_assert();
- return ret;
- }
+ gnutls_assert();
+ return ret;
+ }
+
+ /* abort sending this message if we have a certificate
+ * of 512 bits or less.
+ */
+ if (_gnutls_mpi_get_nbits(apr_pkey->params[0]) <= 512) {
+ gnutls_assert();
+ return GNUTLS_E_INT_RET_0;
+ }
+
+ rsa_params = _gnutls_certificate_get_rsa_params(cred, session);
+ rsa_mpis = _gnutls_get_rsa_params(rsa_params);
+ if (rsa_mpis == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
+ }
+
+ if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
+ sizeof(cert_auth_info_st), 0)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- info = _gnutls_get_auth_info( session);
- _gnutls_rsa_export_set_pubkey( session, rsa_mpis[1], rsa_mpis[0]);
+ info = _gnutls_get_auth_info(session);
+ _gnutls_rsa_export_set_pubkey(session, rsa_mpis[1], rsa_mpis[0]);
- _gnutls_mpi_print( NULL, &n_m, rsa_mpis[0]);
- _gnutls_mpi_print( NULL, &n_e, rsa_mpis[1]);
+ _gnutls_mpi_print(NULL, &n_m, rsa_mpis[0]);
+ _gnutls_mpi_print(NULL, &n_e, rsa_mpis[1]);
- (*data) = gnutls_malloc(n_e + n_m + 4);
- if (*data == NULL) {
- return GNUTLS_E_MEMORY_ERROR;
- }
+ (*data) = gnutls_malloc(n_e + n_m + 4);
+ if (*data == NULL) {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- data_m = &(*data)[0];
- _gnutls_mpi_print( &data_m[2], &n_m, rsa_mpis[0]);
+ data_m = &(*data)[0];
+ _gnutls_mpi_print(&data_m[2], &n_m, rsa_mpis[0]);
- _gnutls_write_uint16(n_m, data_m);
+ _gnutls_write_uint16(n_m, data_m);
- data_e = &data_m[2 + n_m];
- _gnutls_mpi_print( &data_e[2], &n_e, rsa_mpis[1]);
+ data_e = &data_m[2 + n_m];
+ _gnutls_mpi_print(&data_e[2], &n_e, rsa_mpis[1]);
- _gnutls_write_uint16(n_e, data_e);
+ _gnutls_write_uint16(n_e, data_e);
- data_size = n_m + n_e + 4;
+ data_size = n_m + n_e + 4;
- /* Generate the signature. */
+ /* Generate the signature. */
- ddata.data = *data;
- ddata.size = data_size;
+ ddata.data = *data;
+ ddata.size = data_size;
- if (apr_pkey != NULL) {
- if ((ret =
- _gnutls_tls_sign_params(session, &apr_cert_list[0],
- apr_pkey, &ddata,
- &signature)) < 0) {
- gnutls_assert();
- gnutls_free(*data); *data = NULL;
- return ret;
- }
- } else {
- gnutls_assert();
- return data_size; /* do not put a signature - ILLEGAL! */
+ if (apr_pkey != NULL) {
+ if ((ret =
+ _gnutls_tls_sign_params(session, &apr_cert_list[0],
+ apr_pkey, &ddata, &signature)) < 0) {
+ gnutls_assert();
+ gnutls_free(*data);
+ *data = NULL;
+ return ret;
}
+ } else {
+ gnutls_assert();
+ return data_size; /* do not put a signature - ILLEGAL! */
+ }
- *data = gnutls_realloc_fast(*data, data_size + signature.size + 2);
- if (*data == NULL) {
- _gnutls_free_datum(&signature);
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ *data = gnutls_realloc_fast(*data, data_size + signature.size + 2);
+ if (*data == NULL) {
+ _gnutls_free_datum(&signature);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- _gnutls_write_datum16(&((*data)[data_size]), signature);
- data_size += signature.size + 2;
+ _gnutls_write_datum16(&((*data)[data_size]), signature);
+ data_size += signature.size + 2;
- _gnutls_free_datum(&signature);
+ _gnutls_free_datum(&signature);
- return data_size;
+ return data_size;
}
/* if the peer's certificate is of 512 bits or less, returns non zero.
*/
-int _gnutls_peers_cert_less_512( gnutls_session session)
+int _gnutls_peers_cert_less_512(gnutls_session session)
{
-gnutls_cert peer_cert;
-int ret;
-cert_auth_info_t info = _gnutls_get_auth_info( session);
-
- if (info == NULL || info->ncerts==0) {
- gnutls_assert();
- /* we need this in order to get peer's certificate */
- return 0;
- }
-
- if ((ret =
- _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type,
- &info->raw_certificate_list[0], CERT_NO_COPY)) < 0) {
- gnutls_assert();
- return 0;
- }
-
- if (peer_cert.subject_pk_algorithm != GNUTLS_PK_RSA) {
- gnutls_assert();
- _gnutls_gcert_deinit( &peer_cert);
- return 0;
- }
+ gnutls_cert peer_cert;
+ int ret;
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
- if ( _gnutls_mpi_get_nbits( peer_cert.params[0])
- <= 512) {
- _gnutls_gcert_deinit( &peer_cert);
- return 1;
- }
-
- _gnutls_gcert_deinit( &peer_cert);
-
+ if (info == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ /* we need this in order to get peer's certificate */
return 0;
-}
-
-static int proc_rsa_export_server_kx(gnutls_session session, opaque * data,
- size_t _data_size)
-{
- uint16 n_m, n_e;
- size_t _n_m, _n_e;
- uint8 *data_m;
- uint8 *data_e;
- int i, sigsize;
- gnutls_datum vparams, signature;
- int ret;
- ssize_t data_size = _data_size;
- cert_auth_info_t info;
- gnutls_cert peer_cert;
-
- info = _gnutls_get_auth_info( session);
- if (info == NULL || info->ncerts==0) {
- gnutls_assert();
- /* we need this in order to get peer's certificate */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
-
- i = 0;
-
- DECR_LEN( data_size, 2);
- n_m = _gnutls_read_uint16(&data[i]);
- i += 2;
-
- DECR_LEN( data_size, n_m);
- data_m = &data[i];
- i += n_m;
-
- DECR_LEN( data_size, 2);
- n_e = _gnutls_read_uint16(&data[i]);
- i += 2;
-
- DECR_LEN( data_size, n_e);
- data_e = &data[i];
- i += n_e;
-
- _n_e = n_e;
- _n_m = n_m;
-
- if (_gnutls_mpi_scan(&session->key->rsa[0], data_m, &_n_m) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (_gnutls_mpi_scan(&session->key->rsa[1], data_e, &_n_e) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ }
+
+ if ((ret =
+ _gnutls_raw_cert_to_gcert(&peer_cert,
+ session->security_parameters.cert_type,
+ &info->raw_certificate_list[0],
+ CERT_NO_COPY)) < 0) {
+ gnutls_assert();
+ return 0;
+ }
- _gnutls_rsa_export_set_pubkey( session, session->key->rsa[1], session->key->rsa[0]);
+ if (peer_cert.subject_pk_algorithm != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ _gnutls_gcert_deinit(&peer_cert);
+ return 0;
+ }
- /* VERIFY SIGNATURE */
+ if (_gnutls_mpi_get_nbits(peer_cert.params[0])
+ <= 512) {
+ _gnutls_gcert_deinit(&peer_cert);
+ return 1;
+ }
- vparams.size = n_m + n_e + 4;
- vparams.data = data;
+ _gnutls_gcert_deinit(&peer_cert);
- DECR_LEN( data_size, 2);
- sigsize = _gnutls_read_uint16(&data[vparams.size]);
+ return 0;
+}
- DECR_LEN( data_size, sigsize);
- signature.data = &data[vparams.size + 2];
- signature.size = sigsize;
+static int proc_rsa_export_server_kx(gnutls_session session, opaque * data,
+ size_t _data_size)
+{
+ uint16 n_m, n_e;
+ size_t _n_m, _n_e;
+ uint8 *data_m;
+ uint8 *data_e;
+ int i, sigsize;
+ gnutls_datum vparams, signature;
+ int ret;
+ ssize_t data_size = _data_size;
+ cert_auth_info_t info;
+ gnutls_cert peer_cert;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+
+ i = 0;
+
+ DECR_LEN(data_size, 2);
+ n_m = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_m);
+ data_m = &data[i];
+ i += n_m;
+
+ DECR_LEN(data_size, 2);
+ n_e = _gnutls_read_uint16(&data[i]);
+ i += 2;
+
+ DECR_LEN(data_size, n_e);
+ data_e = &data[i];
+ i += n_e;
+
+ _n_e = n_e;
+ _n_m = n_m;
+
+ if (_gnutls_mpi_scan(&session->key->rsa[0], data_m, &_n_m) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan(&session->key->rsa[1], data_e, &_n_e) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ _gnutls_rsa_export_set_pubkey(session, session->key->rsa[1],
+ session->key->rsa[0]);
+
+ /* VERIFY SIGNATURE */
+
+ vparams.size = n_m + n_e + 4;
+ vparams.data = data;
+
+ DECR_LEN(data_size, 2);
+ sigsize = _gnutls_read_uint16(&data[vparams.size]);
+
+ DECR_LEN(data_size, sigsize);
+ signature.data = &data[vparams.size + 2];
+ signature.size = sigsize;
+
+ if ((ret =
+ _gnutls_raw_cert_to_gcert(&peer_cert,
+ session->security_parameters.cert_type,
+ &info->raw_certificate_list[0],
+ CERT_NO_COPY)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if ((ret =
- _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type,
- &info->raw_certificate_list[0], CERT_NO_COPY)) < 0) {
- gnutls_assert();
- return ret;
- }
+ ret =
+ _gnutls_verify_sig_params(session,
+ &peer_cert, &vparams, &signature);
- ret =
- _gnutls_verify_sig_params(session,
- &peer_cert,
- &vparams, &signature);
-
- _gnutls_gcert_deinit( &peer_cert);
- if (ret < 0) {
- gnutls_assert();
- }
+ _gnutls_gcert_deinit(&peer_cert);
+ if (ret < 0) {
+ gnutls_assert();
+ }
- return ret;
+ return ret;
}
diff --git a/lib/debug.c b/lib/debug.c
index bc02df8cec..1a9d519586 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -31,84 +31,87 @@
void _gnutls_print_state(gnutls_session session)
{
- _gnutls_debug_log( "GNUTLS State:\n");
- _gnutls_debug_log( "Connection End: %d\n",
- session->security_parameters.entity);
- _gnutls_debug_log( "Cipher Algorithm: %d\n",
- session->security_parameters.read_bulk_cipher_algorithm);
- _gnutls_debug_log( "MAC algorithm: %d\n",
- session->security_parameters.read_mac_algorithm);
- _gnutls_debug_log( "Compression Algorithm: %d\n",
- session->security_parameters.read_compression_algorithm);
- _gnutls_debug_log( "\n");
+ _gnutls_debug_log("GNUTLS State:\n");
+ _gnutls_debug_log("Connection End: %d\n",
+ session->security_parameters.entity);
+ _gnutls_debug_log("Cipher Algorithm: %d\n",
+ session->security_parameters.
+ read_bulk_cipher_algorithm);
+ _gnutls_debug_log("MAC algorithm: %d\n",
+ session->security_parameters.read_mac_algorithm);
+ _gnutls_debug_log("Compression Algorithm: %d\n",
+ session->security_parameters.
+ read_compression_algorithm);
+ _gnutls_debug_log("\n");
}
#endif
-const char* _gnutls_packet2str( content_type_t packet)
+const char *_gnutls_packet2str(content_type_t packet)
{
- switch(packet) {
- case GNUTLS_CHANGE_CIPHER_SPEC:
- return "Change Cipher Spec";
- case GNUTLS_ALERT:
- return "Alert";
- case GNUTLS_HANDSHAKE:
- return "Handshake";
- case GNUTLS_APPLICATION_DATA:
- return "Application Data";
+ switch (packet) {
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ return "Change Cipher Spec";
+ case GNUTLS_ALERT:
+ return "Alert";
+ case GNUTLS_HANDSHAKE:
+ return "Handshake";
+ case GNUTLS_APPLICATION_DATA:
+ return "Application Data";
- default:
- return "Unknown Packet";
- }
+ default:
+ return "Unknown Packet";
+ }
}
-const char* _gnutls_handshake2str( HandshakeType handshake)
+const char *_gnutls_handshake2str(HandshakeType handshake)
{
- switch(handshake) {
- case GNUTLS_HELLO_REQUEST:
- return "HELLO REQUEST";
- break;
- case GNUTLS_CLIENT_HELLO:
- return "CLIENT HELLO";
- break;
- case GNUTLS_SERVER_HELLO:
- return "SERVER HELLO";
- break;
- case GNUTLS_CERTIFICATE_PKT:
- return "CERTIFICATE";
- break;
- case GNUTLS_SERVER_KEY_EXCHANGE:
- return "SERVER KEY EXCHANGE";
- break;
- case GNUTLS_CERTIFICATE_REQUEST:
- return "CERTIFICATE REQUEST";
- break;
- case GNUTLS_SERVER_HELLO_DONE:
- return "SERVER HELLO DONE";
- break;
- case GNUTLS_CERTIFICATE_VERIFY:
- return "CERTIFICATE VERIFY";
- break;
- case GNUTLS_CLIENT_KEY_EXCHANGE:
- return "CLIENT KEY EXCHANGE";
- break;
- case GNUTLS_FINISHED:
- return "FINISHED";
- break;
- default:
- return "Unknown Handshake packet";
-
- }
+ switch (handshake) {
+ case GNUTLS_HELLO_REQUEST:
+ return "HELLO REQUEST";
+ break;
+ case GNUTLS_CLIENT_HELLO:
+ return "CLIENT HELLO";
+ break;
+ case GNUTLS_SERVER_HELLO:
+ return "SERVER HELLO";
+ break;
+ case GNUTLS_CERTIFICATE_PKT:
+ return "CERTIFICATE";
+ break;
+ case GNUTLS_SERVER_KEY_EXCHANGE:
+ return "SERVER KEY EXCHANGE";
+ break;
+ case GNUTLS_CERTIFICATE_REQUEST:
+ return "CERTIFICATE REQUEST";
+ break;
+ case GNUTLS_SERVER_HELLO_DONE:
+ return "SERVER HELLO DONE";
+ break;
+ case GNUTLS_CERTIFICATE_VERIFY:
+ return "CERTIFICATE VERIFY";
+ break;
+ case GNUTLS_CLIENT_KEY_EXCHANGE:
+ return "CLIENT KEY EXCHANGE";
+ break;
+ case GNUTLS_FINISHED:
+ return "FINISHED";
+ break;
+ default:
+ return "Unknown Handshake packet";
+
+ }
}
-void _gnutls_dump_mpi(const char* prefix, mpi_t a)
+void _gnutls_dump_mpi(const char *prefix, mpi_t a)
{
- opaque buf[1024];
- size_t n = sizeof buf;
-
- if (gcry_mpi_print(GCRYMPI_FMT_HEX, buf, n, &n, a))
- strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */
- _gnutls_hard_log( "MPI: length: %d\n\t%s%s\n", (n-1)/2, prefix, buf);
+ opaque buf[1024];
+ size_t n = sizeof buf;
+
+ if (gcry_mpi_print(GCRYMPI_FMT_HEX, buf, n, &n, a))
+ strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */
+ _gnutls_hard_log("MPI: length: %d\n\t%s%s\n", (n - 1) / 2, prefix,
+ buf);
}
diff --git a/lib/debug.h b/lib/debug.h
index c874abf4f3..e49190af01 100644
--- a/lib/debug.h
+++ b/lib/debug.h
@@ -21,6 +21,6 @@
#ifdef DEBUG
void _gnutls_print_state(gnutls_session session);
#endif
-const char* _gnutls_packet2str( content_type_t packet);
-const char* _gnutls_handshake2str( HandshakeType handshake);
-void _gnutls_dump_mpi(const char* prefix, mpi_t a);
+const char *_gnutls_packet2str(content_type_t packet);
+const char *_gnutls_handshake2str(HandshakeType handshake);
+void _gnutls_dump_mpi(const char *prefix, mpi_t a);
diff --git a/lib/defines.h b/lib/defines.h
index d5079c22e9..b87f0fe3c2 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -54,7 +54,8 @@ typedef long ptrdiff_t;
#endif
#ifndef HAVE_STRNSTR
-char *strnstr(const char *haystack, const char *needle, size_t haystacklen);
+char *strnstr(const char *haystack, const char *needle,
+ size_t haystacklen);
#endif
#ifdef HAVE_STDDEF_H
@@ -99,7 +100,7 @@ typedef signed int sint;
* it is not used.
*/
typedef struct {
- unsigned char i[8];
+ unsigned char i[8];
} uint64;
#ifndef HAVE_ISASCII
diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c
index 97e769d0e7..1f927654f3 100644
--- a/lib/ext_cert_type.c
+++ b/lib/ext_cert_type.c
@@ -31,8 +31,8 @@
#include <gnutls_state.h>
#include <gnutls_num.h>
-inline static int _gnutls_num2cert_type( int num);
-inline static int _gnutls_cert_type2num( int record_size);
+inline static int _gnutls_num2cert_type(int num);
+inline static int _gnutls_cert_type2num(int record_size);
/*
* In case of a server: if a CERT_TYPE extension type is received then it stores
@@ -43,160 +43,174 @@ inline static int _gnutls_cert_type2num( int record_size);
*
*/
-int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, size_t _data_size)
+int _gnutls_cert_type_recv_params(gnutls_session session,
+ const opaque * data, size_t _data_size)
{
- int new_type = -1, ret, i;
- ssize_t data_size = _data_size;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
- if (data_size > 0) {
- if ( data_size != 1) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- new_type = _gnutls_num2cert_type(data[0]);
-
- if (new_type < 0) {
- gnutls_assert();
- return new_type;
- }
-
- /* Check if we support this cert_type */
- if ( (ret=_gnutls_session_cert_type_supported( session, new_type)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- _gnutls_session_cert_type_set( session, new_type);
- }
- } else { /* SERVER SIDE - we must check if the sent cert type is the right one
- */
- if (data_size > 1) {
- uint8 len;
-
- len = data[0];
- DECR_LEN( data_size, len);
-
- for (i=0;i<len;i++) {
- new_type = _gnutls_num2cert_type(data[i+1]);
-
- if (new_type < 0) continue;
-
- /* Check if we support this cert_type */
- if ( (ret=_gnutls_session_cert_type_supported( session, new_type)) < 0) {
- gnutls_assert();
- continue;
- } else break;
- /* new_type is ok */
- }
-
- if (new_type < 0) {
- gnutls_assert();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- if ( (ret=_gnutls_session_cert_type_supported( session, new_type)) < 0) {
- gnutls_assert();
- /* The peer has requested unsupported certificate
- * types. Instead of failing, procceed normally.
- * (the ciphersuite selection would fail, or a
- * non certificate ciphersuite will be selected).
+ int new_type = -1, ret, i;
+ ssize_t data_size = _data_size;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (data_size > 0) {
+ if (data_size != 1) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ new_type = _gnutls_num2cert_type(data[0]);
+
+ if (new_type < 0) {
+ gnutls_assert();
+ return new_type;
+ }
+
+ /* Check if we support this cert_type */
+ if ((ret =
+ _gnutls_session_cert_type_supported(session,
+ new_type)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_session_cert_type_set(session, new_type);
+ }
+ } else { /* SERVER SIDE - we must check if the sent cert type is the right one
*/
- return 0;
- }
+ if (data_size > 1) {
+ uint8 len;
+
+ len = data[0];
+ DECR_LEN(data_size, len);
+
+ for (i = 0; i < len; i++) {
+ new_type = _gnutls_num2cert_type(data[i + 1]);
+
+ if (new_type < 0)
+ continue;
+
+ /* Check if we support this cert_type */
+ if ((ret =
+ _gnutls_session_cert_type_supported(session,
+ new_type)) < 0) {
+ gnutls_assert();
+ continue;
+ } else
+ break;
+ /* new_type is ok */
+ }
+
+ if (new_type < 0) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ if ((ret =
+ _gnutls_session_cert_type_supported(session,
+ new_type)) < 0) {
+ gnutls_assert();
+ /* The peer has requested unsupported certificate
+ * types. Instead of failing, procceed normally.
+ * (the ciphersuite selection would fail, or a
+ * non certificate ciphersuite will be selected).
+ */
+ return 0;
+ }
- _gnutls_session_cert_type_set( session, new_type);
- }
-
-
+ _gnutls_session_cert_type_set(session, new_type);
}
-
- return 0;
+
+
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
-int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, size_t data_size) {
- uint len, i;
-
- /* this function sends the client extension data (dnsname) */
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
-
- if (session->internals.cert_type_priority.algorithms > 0) {
-
- len = session->internals.cert_type_priority.algorithms;
-
- if (len==1 &&
- session->internals.cert_type_priority.priority[0]==GNUTLS_CRT_X509)
- {
- /* We don't use this extension if X.509 certificates
- * are used.
- */
- return 0;
- }
-
- if (data_size < len + 1) {
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- /* this is a vector!
- */
- data[0] = (uint8) len;
-
- for (i=0;i<len;i++) {
- data[i+1] = _gnutls_cert_type2num( session->internals.
- cert_type_priority.priority[i]);
- }
- return len + 1;
- }
-
- } else { /* server side */
- if ( session->security_parameters.cert_type != DEFAULT_CERT_TYPE) {
- len = 1;
- if (data_size < len) {
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- data[0] = _gnutls_cert_type2num( session->security_parameters.cert_type);
- return len;
- }
-
-
+int _gnutls_cert_type_send_params(gnutls_session session, opaque * data,
+ size_t data_size)
+{
+ uint len, i;
+
+ /* this function sends the client extension data (dnsname) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+
+ if (session->internals.cert_type_priority.algorithms > 0) {
+
+ len = session->internals.cert_type_priority.algorithms;
+
+ if (len == 1 &&
+ session->internals.cert_type_priority.priority[0] ==
+ GNUTLS_CRT_X509) {
+ /* We don't use this extension if X.509 certificates
+ * are used.
+ */
+ return 0;
+ }
+
+ if (data_size < len + 1) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ /* this is a vector!
+ */
+ data[0] = (uint8) len;
+
+ for (i = 0; i < len; i++) {
+ data[i + 1] = _gnutls_cert_type2num(session->internals.
+ cert_type_priority.
+ priority[i]);
+ }
+ return len + 1;
}
- return 0;
+ } else { /* server side */
+ if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE) {
+ len = 1;
+ if (data_size < len) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] =
+ _gnutls_cert_type2num(session->security_parameters.
+ cert_type);
+ return len;
+ }
+
+
+ }
+
+ return 0;
}
/* Maps numbers to record sizes according to the
* extensions draft.
*/
-inline
-static int _gnutls_num2cert_type( int num) {
- switch( num) {
- case 0:
- return GNUTLS_CRT_X509;
- case 1:
- return GNUTLS_CRT_OPENPGP;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+inline static int _gnutls_num2cert_type(int num)
+{
+ switch (num) {
+ case 0:
+ return GNUTLS_CRT_X509;
+ case 1:
+ return GNUTLS_CRT_OPENPGP;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
/* Maps record size to numbers according to the
* extensions draft.
*/
-inline
-static int _gnutls_cert_type2num( int cert_type) {
- switch(cert_type) {
- case GNUTLS_CRT_X509:
- return 0;
- case GNUTLS_CRT_OPENPGP:
- return 1;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+inline static int _gnutls_cert_type2num(int cert_type)
+{
+ switch (cert_type) {
+ case GNUTLS_CRT_X509:
+ return 0;
+ case GNUTLS_CRT_OPENPGP:
+ return 1;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
diff --git a/lib/ext_cert_type.h b/lib/ext_cert_type.h
index c011befc19..287125da3f 100644
--- a/lib/ext_cert_type.h
+++ b/lib/ext_cert_type.h
@@ -1,5 +1,7 @@
/* Maps record size to numbers according to the
* extensions draft.
*/
-int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, size_t data_size);
-int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, size_t);
+int _gnutls_cert_type_recv_params(gnutls_session session,
+ const opaque * data, size_t data_size);
+int _gnutls_cert_type_send_params(gnutls_session session, opaque * data,
+ size_t);
diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c
index c0ccff7f58..52e9a72876 100644
--- a/lib/ext_max_record.c
+++ b/lib/ext_max_record.c
@@ -38,124 +38,135 @@
*
*/
-int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data,
- size_t _data_size)
+int _gnutls_max_record_recv_params(gnutls_session session,
+ const opaque * data, size_t _data_size)
{
- ssize_t new_size;
- ssize_t data_size = _data_size;
-
- if (session->security_parameters.entity == GNUTLS_SERVER) {
- if (data_size > 0) {
- DECR_LEN( data_size, 1);
-
- new_size = _gnutls_mre_num2record(data[0]);
-
- if (new_size < 0) {
- gnutls_assert();
- return new_size;
- }
-
- session->security_parameters.max_record_send_size = new_size;
- session->security_parameters.max_record_recv_size = new_size;
- }
- } else { /* CLIENT SIDE - we must check if the sent record size is the right one
- */
- if (data_size > 0) {
-
- if ( data_size != 1) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- new_size = _gnutls_mre_num2record(data[0]);
-
- if (new_size < 0 || new_size != session->internals.proposed_record_size) {
- gnutls_assert();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- } else {
- session->security_parameters.max_record_recv_size = session->internals.proposed_record_size;
- }
-
- }
-
-
+ ssize_t new_size;
+ ssize_t data_size = _data_size;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ if (data_size > 0) {
+ DECR_LEN(data_size, 1);
+
+ new_size = _gnutls_mre_num2record(data[0]);
+
+ if (new_size < 0) {
+ gnutls_assert();
+ return new_size;
+ }
+
+ session->security_parameters.max_record_send_size = new_size;
+ session->security_parameters.max_record_recv_size = new_size;
+ }
+ } else { /* CLIENT SIDE - we must check if the sent record size is the right one
+ */
+ if (data_size > 0) {
+
+ if (data_size != 1) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ new_size = _gnutls_mre_num2record(data[0]);
+
+ if (new_size < 0
+ || new_size != session->internals.proposed_record_size) {
+ gnutls_assert();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ } else {
+ session->security_parameters.max_record_recv_size =
+ session->internals.proposed_record_size;
+ }
+
}
-
- return 0;
+
+
+ }
+
+ return 0;
}
/* returns data_size or a negative number on failure
*/
-int _gnutls_max_record_send_params( gnutls_session session, opaque* data,
- size_t data_size)
+int _gnutls_max_record_send_params(gnutls_session session, opaque * data,
+ size_t data_size)
{
- uint16 len;
- /* this function sends the client extension data (dnsname) */
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
-
- if (session->internals.proposed_record_size != DEFAULT_MAX_RECORD_SIZE) {
- len = 1;
- if (data_size < len) {
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- data[0] = (uint8) _gnutls_mre_record2num( session->internals.proposed_record_size);
- return len;
- }
-
- } else { /* server side */
-
- if (session->security_parameters.max_record_recv_size != DEFAULT_MAX_RECORD_SIZE) {
- len = 1;
- if (data_size < len) {
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- data[0] = (uint8) _gnutls_mre_record2num( session->security_parameters.max_record_recv_size);
- return len;
- }
-
-
+ uint16 len;
+ /* this function sends the client extension data (dnsname) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+
+ if (session->internals.proposed_record_size !=
+ DEFAULT_MAX_RECORD_SIZE) {
+ len = 1;
+ if (data_size < len) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] =
+ (uint8) _gnutls_mre_record2num(session->internals.
+ proposed_record_size);
+ return len;
+ }
+
+ } else { /* server side */
+
+ if (session->security_parameters.max_record_recv_size !=
+ DEFAULT_MAX_RECORD_SIZE) {
+ len = 1;
+ if (data_size < len) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] =
+ (uint8) _gnutls_mre_record2num(session->
+ security_parameters.
+ max_record_recv_size);
+ return len;
}
- return 0;
+
+ }
+
+ return 0;
}
/* Maps numbers to record sizes according to the
* extensions draft.
*/
-int _gnutls_mre_num2record( int num) {
- switch( num) {
- case 1:
- return 512;
- case 2:
- return 1024;
- case 3:
- return 2048;
- case 4:
- return 4096;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+int _gnutls_mre_num2record(int num)
+{
+ switch (num) {
+ case 1:
+ return 512;
+ case 2:
+ return 1024;
+ case 3:
+ return 2048;
+ case 4:
+ return 4096;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
/* Maps record size to numbers according to the
* extensions draft.
*/
-int _gnutls_mre_record2num( uint16 record_size) {
- switch(record_size) {
- case 512:
- return 1;
- case 1024:
- return 2;
- case 2048:
- return 3;
- case 4096:
- return 4;
- default:
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
+int _gnutls_mre_record2num(uint16 record_size)
+{
+ switch (record_size) {
+ case 512:
+ return 1;
+ case 1024:
+ return 2;
+ case 2048:
+ return 3;
+ case 4096:
+ return 4;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
}
diff --git a/lib/ext_max_record.h b/lib/ext_max_record.h
index f804915ab3..b6f158f353 100644
--- a/lib/ext_max_record.h
+++ b/lib/ext_max_record.h
@@ -1,7 +1,9 @@
/* Maps record size to numbers according to the
* extensions draft.
*/
-int _gnutls_mre_num2record( int num);
-int _gnutls_mre_record2num( uint16 record_size);
-int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, size_t data_size);
-int _gnutls_max_record_send_params( gnutls_session session, opaque* data, size_t);
+int _gnutls_mre_num2record(int num);
+int _gnutls_mre_record2num(uint16 record_size);
+int _gnutls_max_record_recv_params(gnutls_session session,
+ const opaque * data, size_t data_size);
+int _gnutls_max_record_send_params(gnutls_session session, opaque * data,
+ size_t);
diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c
index e0cd9d5ccb..7b83240f0e 100644
--- a/lib/ext_server_name.c
+++ b/lib/ext_server_name.c
@@ -38,77 +38,77 @@
int _gnutls_server_name_recv_params(gnutls_session session,
const opaque * data, size_t _data_size)
{
- int i;
- const unsigned char *p;
- uint16 len, type;
- ssize_t data_size = _data_size;
- int server_names = 0;
-
- if (session->security_parameters.entity == GNUTLS_SERVER) {
- DECR_LENGTH_RET(data_size, 2, 0);
- len = _gnutls_read_uint16(data);
-
- if ( len != data_size) {
- /* This is unexpected packet length, but
- * just ignore it, for now.
- */
- gnutls_assert();
- return 0;
- }
-
- p = data + 2;
-
- /* Count all server_names in the packet. */
- while (data_size > 0) {
- DECR_LENGTH_RET(data_size, 1, 0);
- p++;
-
- DECR_LEN(data_size, 2);
- len = _gnutls_read_uint16(p);
- p += 2;
-
- DECR_LENGTH_RET(data_size, len, 0);
- server_names++;
-
- p += len;
- }
-
- session->security_parameters.extensions.server_names_size =
- server_names;
- if (server_names == 0)
- return 0; /* no names found */
-
- /* we cannot accept more server names.
- */
- if ( server_names > MAX_SERVER_NAME_EXTENSIONS)
- server_names = MAX_SERVER_NAME_EXTENSIONS;
-
- p = data + 2;
- for (i = 0; i < server_names; i++) {
- type = *p;
- p++;
-
- len = _gnutls_read_uint16(p);
- p += 2;
-
- switch (type) {
- case 0: /* NAME_DNS */
- if (len <= MAX_SERVER_NAME_SIZE) {
- memcpy(session->security_parameters.extensions.
- server_names[i].name, p, len);
- session->security_parameters.extensions.server_names[i].
- name_length = len;
- session->security_parameters.extensions.server_names[i].
- type = GNUTLS_NAME_DNS;
- break;
+ int i;
+ const unsigned char *p;
+ uint16 len, type;
+ ssize_t data_size = _data_size;
+ int server_names = 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ DECR_LENGTH_RET(data_size, 2, 0);
+ len = _gnutls_read_uint16(data);
+
+ if (len != data_size) {
+ /* This is unexpected packet length, but
+ * just ignore it, for now.
+ */
+ gnutls_assert();
+ return 0;
+ }
+
+ p = data + 2;
+
+ /* Count all server_names in the packet. */
+ while (data_size > 0) {
+ DECR_LENGTH_RET(data_size, 1, 0);
+ p++;
+
+ DECR_LEN(data_size, 2);
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ DECR_LENGTH_RET(data_size, len, 0);
+ server_names++;
+
+ p += len;
+ }
+
+ session->security_parameters.extensions.server_names_size =
+ server_names;
+ if (server_names == 0)
+ return 0; /* no names found */
+
+ /* we cannot accept more server names.
+ */
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS)
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
+
+ p = data + 2;
+ for (i = 0; i < server_names; i++) {
+ type = *p;
+ p++;
+
+ len = _gnutls_read_uint16(p);
+ p += 2;
+
+ switch (type) {
+ case 0: /* NAME_DNS */
+ if (len <= MAX_SERVER_NAME_SIZE) {
+ memcpy(session->security_parameters.extensions.
+ server_names[i].name, p, len);
+ session->security_parameters.extensions.
+ server_names[i].name_length = len;
+ session->security_parameters.extensions.
+ server_names[i].type = GNUTLS_NAME_DNS;
+ break;
+ }
}
- }
- /* move to next record */
- p += len;
- }
- }
- return 0;
+ /* move to next record */
+ p += len;
+ }
+ }
+ return 0;
}
/* returns data_size or a negative number on failure
@@ -116,80 +116,84 @@ int _gnutls_server_name_recv_params(gnutls_session session,
int _gnutls_server_name_send_params(gnutls_session session, opaque * data,
size_t _data_size)
{
- uint16 len;
- opaque *p;
- uint i;
- ssize_t data_size = _data_size;
- int total_size = 0;
-
- /* this function sends the client extension data (dnsname)
- */
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
-
- if (session->security_parameters.extensions.server_names_size == 0)
- return 0;
-
- /* uint16
- */
- total_size = 2;
- for (i = 0;
- i < session->security_parameters.extensions.server_names_size;
- i++)
- {
- /* count the total size
- */
- len = session->security_parameters.extensions.server_names[i].name_length;
-
- /* uint8 + uint16 + size
- */
- total_size += 1 + 2 + len;
- }
-
- p = data;
-
- /* UINT16: write total size of all names
- */
- DECR_LENGTH_RET( data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
- _gnutls_write_uint16(total_size-2, p);
- p += 2;
-
- for (i = 0;
- i < session->security_parameters.extensions.server_names_size;
- i++)
- {
-
- switch (session->security_parameters.extensions.server_names[i].
- type) {
- case GNUTLS_NAME_DNS:
-
- len = session->security_parameters.extensions.server_names[i].name_length;
- if (len == 0) break;
-
- /* UINT8: type of this extension
- * UINT16: size of the first name
- * LEN: the actual server name.
- */
- DECR_LENGTH_RET( data_size, len + 3, GNUTLS_E_SHORT_MEMORY_BUFFER);
-
- *p = 0; /* NAME_DNS type */
- p++;
-
- _gnutls_write_uint16(len, p);
- p += 2;
-
- memcpy(p,
- session->security_parameters.extensions.
- server_names[0].name, len);
- p += len;
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- }
- }
+ uint16 len;
+ opaque *p;
+ uint i;
+ ssize_t data_size = _data_size;
+ int total_size = 0;
+
+ /* this function sends the client extension data (dnsname)
+ */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+
+ if (session->security_parameters.extensions.server_names_size == 0)
+ return 0;
+
+ /* uint16
+ */
+ total_size = 2;
+ for (i = 0;
+ i < session->security_parameters.extensions.server_names_size;
+ i++) {
+ /* count the total size
+ */
+ len =
+ session->security_parameters.extensions.server_names[i].
+ name_length;
+
+ /* uint8 + uint16 + size
+ */
+ total_size += 1 + 2 + len;
+ }
+
+ p = data;
+
+ /* UINT16: write total size of all names
+ */
+ DECR_LENGTH_RET(data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
+ _gnutls_write_uint16(total_size - 2, p);
+ p += 2;
+
+ for (i = 0;
+ i < session->security_parameters.extensions.server_names_size;
+ i++) {
+
+ switch (session->security_parameters.extensions.
+ server_names[i].type) {
+ case GNUTLS_NAME_DNS:
+
+ len =
+ session->security_parameters.extensions.
+ server_names[i].name_length;
+ if (len == 0)
+ break;
+
+ /* UINT8: type of this extension
+ * UINT16: size of the first name
+ * LEN: the actual server name.
+ */
+ DECR_LENGTH_RET(data_size, len + 3,
+ GNUTLS_E_SHORT_MEMORY_BUFFER);
+
+ *p = 0; /* NAME_DNS type */
+ p++;
+
+ _gnutls_write_uint16(len, p);
+ p += 2;
+
+ memcpy(p,
+ session->security_parameters.extensions.
+ server_names[0].name, len);
+ p += len;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+ }
- return total_size;
+ return total_size;
}
/**
@@ -216,46 +220,45 @@ int _gnutls_server_name_send_params(gnutls_session session, opaque * data,
*
**/
int gnutls_server_name_get(gnutls_session session, void *data,
- size_t *data_length,
- unsigned int * type,
- unsigned int indx)
+ size_t * data_length,
+ unsigned int *type, unsigned int indx)
{
- char *_data = data;
-
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (indx+1 >
- session->security_parameters.extensions.server_names_size) {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- *type =
- session->security_parameters.extensions.server_names[indx].type;
-
- if (*data_length > /* greater since we need one extra byte for the null */
- session->security_parameters.extensions.server_names[indx].
- name_length) {
- *data_length =
- session->security_parameters.extensions.server_names[indx].
- name_length;
- memcpy(data,
- session->security_parameters.extensions.server_names[indx].
- name, *data_length);
-
- if (*type == GNUTLS_NAME_DNS) /* null terminate */
- _data[(*data_length)] = 0;
-
- } else {
- *data_length =
- session->security_parameters.extensions.server_names[indx].
- name_length;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- return 0;
+ char *_data = data;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx + 1 >
+ session->security_parameters.extensions.server_names_size) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ *type =
+ session->security_parameters.extensions.server_names[indx].type;
+
+ if (*data_length > /* greater since we need one extra byte for the null */
+ session->security_parameters.extensions.server_names[indx].
+ name_length) {
+ *data_length =
+ session->security_parameters.extensions.server_names[indx].
+ name_length;
+ memcpy(data,
+ session->security_parameters.extensions.server_names[indx].
+ name, *data_length);
+
+ if (*type == GNUTLS_NAME_DNS) /* null terminate */
+ _data[(*data_length)] = 0;
+
+ } else {
+ *data_length =
+ session->security_parameters.extensions.server_names[indx].
+ name_length;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ return 0;
}
/**
@@ -279,31 +282,31 @@ int gnutls_server_name_set(gnutls_session session,
gnutls_server_name_type type,
const void *name, size_t name_length)
{
- int server_names;
+ int server_names;
- if (session->security_parameters.entity == GNUTLS_SERVER) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (name_length > MAX_SERVER_NAME_SIZE)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ if (name_length > MAX_SERVER_NAME_SIZE)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
- server_names =
- session->security_parameters.extensions.server_names_size + 1;
+ server_names =
+ session->security_parameters.extensions.server_names_size + 1;
- if (server_names > MAX_SERVER_NAME_EXTENSIONS)
- server_names = MAX_SERVER_NAME_EXTENSIONS;
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS)
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
- session->security_parameters.extensions.server_names[server_names -
- 1].type = type;
- memcpy(session->security_parameters.extensions.
- server_names[server_names - 1].name, name, name_length);
- session->security_parameters.extensions.server_names[server_names -
- 1].name_length =
- name_length;
+ session->security_parameters.extensions.server_names[server_names -
+ 1].type = type;
+ memcpy(session->security_parameters.extensions.
+ server_names[server_names - 1].name, name, name_length);
+ session->security_parameters.extensions.server_names[server_names -
+ 1].name_length =
+ name_length;
- session->security_parameters.extensions.server_names_size++;
+ session->security_parameters.extensions.server_names_size++;
- return 0;
+ return 0;
}
diff --git a/lib/ext_server_name.h b/lib/ext_server_name.h
index 69a62ba9bf..a6eb92d94d 100644
--- a/lib/ext_server_name.h
+++ b/lib/ext_server_name.h
@@ -1,10 +1,11 @@
-int _gnutls_server_name_recv_params( gnutls_session session, const opaque* data, size_t data_size);
-int _gnutls_server_name_send_params( gnutls_session session, opaque* data, size_t);
+int _gnutls_server_name_recv_params(gnutls_session session,
+ const opaque * data, size_t data_size);
+int _gnutls_server_name_send_params(gnutls_session session, opaque * data,
+ size_t);
-int gnutls_get_server_name(gnutls_session session, void* data, int* data_length,
- int *type, int indx);
+int gnutls_get_server_name(gnutls_session session, void *data,
+ int *data_length, int *type, int indx);
int gnutls_set_server_name(gnutls_session session,
- gnutls_server_name_type type,
- const void *name, int name_length);
-
+ gnutls_server_name_type type,
+ const void *name, int name_length);
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index c83067fc8e..883c80f865 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -61,29 +61,29 @@ extern "C" {
#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_NULL=1,
- GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_ARCFOUR_40
+ GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_ARCFOUR_40
} gnutls_cipher_algorithm;
typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS,
- GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP,
- GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS
+ GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP,
+ GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS
} gnutls_kx_algorithm;
typedef enum gnutls_params_type { GNUTLS_PARAMS_RSA_EXPORT=1,
- GNUTLS_PARAMS_DH
+ GNUTLS_PARAMS_DH
} gnutls_params_type;
typedef enum gnutls_credentials_type { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } gnutls_credentials_type;
typedef enum gnutls_mac_algorithm { GNUTLS_MAC_NULL=1,
- GNUTLS_MAC_MD5, GNUTLS_MAC_SHA, GNUTLS_MAC_RMD160
+ GNUTLS_MAC_MD5, GNUTLS_MAC_SHA, GNUTLS_MAC_RMD160
} gnutls_mac_algorithm;
/* The enumerations here should have the same value with gnutls_mac_algorithm.
*/
typedef enum gnutls_digest_algorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5,
- GNUTLS_DIG_SHA, GNUTLS_DIG_RIPEMD160
+ GNUTLS_DIG_SHA, GNUTLS_DIG_RIPEMD160
} gnutls_digest_algorithm;
/* exported for other gnutls headers. This is the maximum number
@@ -93,8 +93,8 @@ typedef enum gnutls_digest_algorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5,
#define GNUTLS_COMP_ZLIB GNUTLS_COMP_DEFLATE
typedef enum gnutls_compression_method { GNUTLS_COMP_NULL=1,
- GNUTLS_COMP_DEFLATE,
- GNUTLS_COMP_LZO /* only available if gnutls-extra has been initialized
+ GNUTLS_COMP_DEFLATE,
+ GNUTLS_COMP_LZO /* only available if gnutls-extra has been initialized
*/
} gnutls_compression_method;
@@ -103,72 +103,72 @@ typedef enum gnutls_connection_end { GNUTLS_SERVER=1, GNUTLS_CLIENT } gnutls_con
typedef enum gnutls_alert_level { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL } gnutls_alert_level;
typedef enum gnutls_alert_description { GNUTLS_A_CLOSE_NOTIFY,
- GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20,
- GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30,
- GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_SSL3_NO_CERTIFICATE=41,
- GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE,
- GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED, GNUTLS_A_CERTIFICATE_UNKNOWN,
- GNUTLS_A_ILLEGAL_PARAMETER, GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR=50,
- GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70,
- GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90,
- GNUTLS_A_NO_RENEGOTIATION=100, GNUTLS_A_UNSUPPORTED_EXTENSION=110,
- GNUTLS_A_CERTIFICATE_UNOBTAINABLE=111, GNUTLS_A_UNRECOGNIZED_NAME=112,
- GNUTLS_A_UNKNOWN_SRP_USERNAME=120, GNUTLS_A_MISSING_SRP_USERNAME=121
+ GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20,
+ GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30,
+ GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_SSL3_NO_CERTIFICATE=41,
+ GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE,
+ GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED, GNUTLS_A_CERTIFICATE_UNKNOWN,
+ GNUTLS_A_ILLEGAL_PARAMETER, GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR=50,
+ GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70,
+ GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90,
+ GNUTLS_A_NO_RENEGOTIATION=100, GNUTLS_A_UNSUPPORTED_EXTENSION=110,
+ GNUTLS_A_CERTIFICATE_UNOBTAINABLE=111, GNUTLS_A_UNRECOGNIZED_NAME=112,
+ GNUTLS_A_UNKNOWN_SRP_USERNAME=120, GNUTLS_A_MISSING_SRP_USERNAME=121
} gnutls_alert_description;
typedef enum gnutls_handshake_description { GNUTLS_HANDSHAKE_HELLO_REQUEST,
- GNUTLS_HANDSHAKE_CLIENT_HELLO, GNUTLS_HANDSHAKE_SERVER_HELLO,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT=11, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
- GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
- GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
- GNUTLS_HANDSHAKE_FINISHED=20
+ GNUTLS_HANDSHAKE_CLIENT_HELLO, GNUTLS_HANDSHAKE_SERVER_HELLO,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT=11, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
+ GNUTLS_HANDSHAKE_FINISHED=20
} gnutls_handshake_description;
/* Note that the status bits have different meanings
* in openpgp keys and x.509 certificate verification.
*/
typedef enum gnutls_certificate_status {
- GNUTLS_CERT_INVALID=2, /* will be set if the certificate
- * was not verified.
- */
- GNUTLS_CERT_REVOKED=32, /* in X.509 this will be set only if CRLs are checked
- */
-
- /* Those are extra information about the verification
- * process. Will be set only if the certificate was
- * not verified.
- */
- GNUTLS_CERT_SIGNER_NOT_FOUND=64,
- GNUTLS_CERT_SIGNER_NOT_CA=128
+ GNUTLS_CERT_INVALID=2, /* will be set if the certificate
+ * was not verified.
+ */
+ GNUTLS_CERT_REVOKED=32, /* in X.509 this will be set only if CRLs are checked
+ */
+
+ /* Those are extra information about the verification
+ * process. Will be set only if the certificate was
+ * not verified.
+ */
+ GNUTLS_CERT_SIGNER_NOT_FOUND=64,
+ GNUTLS_CERT_SIGNER_NOT_CA=128
} gnutls_certificate_status;
typedef enum gnutls_certificate_request { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } gnutls_certificate_request;
typedef enum gnutls_openpgp_key_status { GNUTLS_OPENPGP_KEY,
- GNUTLS_OPENPGP_KEY_FINGERPRINT
+ GNUTLS_OPENPGP_KEY_FINGERPRINT
} gnutls_openpgp_key_status;
typedef enum gnutls_close_request { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } gnutls_close_request;
#define GNUTLS_TLS1 GNUTLS_TLS1_0
typedef enum gnutls_protocol_version { GNUTLS_SSL3=1, GNUTLS_TLS1_0,
- GNUTLS_TLS1_1 } gnutls_protocol_version;
+ GNUTLS_TLS1_1 } gnutls_protocol_version;
typedef enum gnutls_certificate_type { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP
} gnutls_certificate_type;
typedef enum gnutls_x509_crt_fmt { GNUTLS_X509_FMT_DER,
- GNUTLS_X509_FMT_PEM } gnutls_x509_crt_fmt;
+ GNUTLS_X509_FMT_PEM } gnutls_x509_crt_fmt;
typedef enum gnutls_pk_algorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA,
- GNUTLS_PK_UNKNOWN = 0xff
+ GNUTLS_PK_UNKNOWN = 0xff
} gnutls_pk_algorithm;
const char *gnutls_pk_algorithm_get_name( gnutls_pk_algorithm algorithm);
typedef enum gnutls_sign_algorithm { GNUTLS_SIGN_RSA_SHA = 1, GNUTLS_SIGN_DSA_SHA,
- GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2,
- GNUTLS_SIGN_UNKNOWN = 0xff
+ GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2,
+ GNUTLS_SIGN_UNKNOWN = 0xff
} gnutls_sign_algorithm;
const char *gnutls_sign_algorithm_get_name( gnutls_sign_algorithm algorithm);
@@ -188,8 +188,8 @@ struct gnutls_rsa_params_int;
typedef struct gnutls_rsa_params_int* gnutls_rsa_params;
typedef struct {
- unsigned char * data;
- unsigned int size;
+ unsigned char * data;
+ unsigned int size;
} gnutls_datum;
@@ -205,16 +205,16 @@ int gnutls_handshake( gnutls_session session);
int gnutls_rehandshake( gnutls_session session);
gnutls_alert_description gnutls_alert_get( gnutls_session session);
-int gnutls_alert_send( gnutls_session, gnutls_alert_level, gnutls_alert_description);
-int gnutls_alert_send_appropriate( gnutls_session session, int err);
-const char* gnutls_alert_get_name( gnutls_alert_description alert);
+int gnutls_alert_send( gnutls_session, gnutls_alert_level, gnutls_alert_description);
+int gnutls_alert_send_appropriate( gnutls_session session, int err);
+const char* gnutls_alert_get_name( gnutls_alert_description alert);
/* get information on the current session */
-gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session);
-gnutls_kx_algorithm gnutls_kx_get( gnutls_session session);
-gnutls_mac_algorithm gnutls_mac_get( gnutls_session session);
-gnutls_compression_method gnutls_compression_get( gnutls_session session);
-gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session);
+gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session);
+gnutls_kx_algorithm gnutls_kx_get( gnutls_session session);
+gnutls_mac_algorithm gnutls_mac_get( gnutls_session session);
+gnutls_compression_method gnutls_compression_get( gnutls_session session);
+gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session);
size_t gnutls_cipher_get_key_size( gnutls_cipher_algorithm algorithm);
@@ -259,12 +259,12 @@ typedef enum gnutls_server_name_type { GNUTLS_NAME_DNS=1
} gnutls_server_name_type;
int gnutls_server_name_set(gnutls_session session,
- gnutls_server_name_type type,
- const void *name, size_t name_length);
+ gnutls_server_name_type type,
+ const void *name, size_t name_length);
int gnutls_server_name_get(gnutls_session session,
- void *data, size_t *data_length,
- unsigned int * type, int unsigned indx);
+ void *data, size_t *data_length,
+ unsigned int * type, int unsigned indx);
/* functions to set priority of cipher suites
*/
@@ -282,7 +282,7 @@ int gnutls_set_default_export_priority(gnutls_session session);
/* Returns the name of a cipher suite */
const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm kx_algorithm,
- gnutls_cipher_algorithm cipher_algorithm, gnutls_mac_algorithm mac_algorithm);
+ gnutls_cipher_algorithm cipher_algorithm, gnutls_mac_algorithm mac_algorithm);
/* get the currently used protocol version */
gnutls_protocol_version gnutls_protocol_get_version(gnutls_session session);
@@ -366,20 +366,20 @@ void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials res, uns
int gnutls_certificate_set_x509_trust_file( gnutls_certificate_credentials res, const char* CAFILE,
- gnutls_x509_crt_fmt);
+ gnutls_x509_crt_fmt);
int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials res,
- const gnutls_datum *CA, gnutls_x509_crt_fmt);
+ const gnutls_datum *CA, gnutls_x509_crt_fmt);
int gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials res,
- const char *crlfile, gnutls_x509_crt_fmt type);
+ const char *crlfile, gnutls_x509_crt_fmt type);
int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials res,
- const gnutls_datum *CRL, gnutls_x509_crt_fmt type);
+ const gnutls_datum *CRL, gnutls_x509_crt_fmt type);
int gnutls_certificate_set_x509_key_file( gnutls_certificate_credentials res,
- const char *CERTFILE, const char* KEYFILE, gnutls_x509_crt_fmt);
+ const char *CERTFILE, const char* KEYFILE, gnutls_x509_crt_fmt);
int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials res,
- const gnutls_datum* CERT, const gnutls_datum* KEY,
- gnutls_x509_crt_fmt);
+ const gnutls_datum* CERT, const gnutls_datum* KEY,
+ gnutls_x509_crt_fmt);
/* New functions to allow setting already parsed X.509 stuff.
@@ -394,12 +394,12 @@ struct gnutls_x509_crt_int;
typedef struct gnutls_x509_crt_int* gnutls_x509_crt;
int gnutls_certificate_set_x509_key(gnutls_certificate_credentials res,
- gnutls_x509_crt *cert_list, int cert_list_size,
- gnutls_x509_privkey key);
+ gnutls_x509_crt *cert_list, int cert_list_size,
+ gnutls_x509_privkey key);
int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials res,
- gnutls_x509_crt * ca_list, int ca_list_size);
+ gnutls_x509_crt * ca_list, int ca_list_size);
int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials res,
- gnutls_x509_crl* crl_list, int crl_list_size);
+ gnutls_x509_crl* crl_list, int crl_list_size);
/* global state functions
@@ -413,9 +413,9 @@ typedef void (*gnutls_free_function)(void*);
typedef void* (*gnutls_realloc_function)(void*, size_t);
void gnutls_global_set_mem_functions(
- gnutls_alloc_function, gnutls_alloc_function,
- int (*gnutls_is_secure_func)(const void*), gnutls_realloc_function,
- gnutls_free_function);
+ gnutls_alloc_function, gnutls_alloc_function,
+ int (*gnutls_is_secure_func)(const void*), gnutls_realloc_function,
+ gnutls_free_function);
/* For use in callbacks */
extern gnutls_alloc_function gnutls_malloc;
@@ -432,14 +432,14 @@ void gnutls_global_set_log_level( int level);
int gnutls_dh_params_init( gnutls_dh_params*);
void gnutls_dh_params_deinit( gnutls_dh_params);
int gnutls_dh_params_import_raw(gnutls_dh_params dh_params, const gnutls_datum *prime,
- const gnutls_datum* generator);
+ const gnutls_datum* generator);
int gnutls_dh_params_import_pkcs3(gnutls_dh_params params,
- const gnutls_datum * pkcs3_params, gnutls_x509_crt_fmt format);
+ const gnutls_datum * pkcs3_params, gnutls_x509_crt_fmt format);
int gnutls_dh_params_generate2(gnutls_dh_params params, int bits);
int gnutls_dh_params_export_pkcs3( gnutls_dh_params params,
- gnutls_x509_crt_fmt format, unsigned char* params_data, size_t* params_data_size);
+ gnutls_x509_crt_fmt format, unsigned char* params_data, size_t* params_data_size);
int gnutls_dh_params_export_raw(gnutls_dh_params params,
- gnutls_datum * prime, gnutls_datum * generator, unsigned int *bits);
+ gnutls_datum * prime, gnutls_datum * generator, unsigned int *bits);
int gnutls_dh_params_cpy(gnutls_dh_params dst, gnutls_dh_params src);
@@ -449,19 +449,19 @@ int gnutls_rsa_params_init(gnutls_rsa_params * rsa_params);
void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params);
int gnutls_rsa_params_cpy(gnutls_rsa_params dst, gnutls_rsa_params src);
int gnutls_rsa_params_import_raw(gnutls_rsa_params rsa_params,
- const gnutls_datum *m, const gnutls_datum *e,
- const gnutls_datum *d, const gnutls_datum *p,
- const gnutls_datum *q, const gnutls_datum *u);
+ const gnutls_datum *m, const gnutls_datum *e,
+ const gnutls_datum *d, const gnutls_datum *p,
+ const gnutls_datum *q, const gnutls_datum *u);
int gnutls_rsa_params_generate2(gnutls_rsa_params params, int bits);
int gnutls_rsa_params_export_raw(gnutls_rsa_params params,
- gnutls_datum * m, gnutls_datum *e,
- gnutls_datum *d, gnutls_datum *p, gnutls_datum* q,
- gnutls_datum* u, unsigned int *bits);
+ gnutls_datum * m, gnutls_datum *e,
+ gnutls_datum *d, gnutls_datum *p, gnutls_datum* q,
+ gnutls_datum* u, unsigned int *bits);
int gnutls_rsa_params_export_pkcs1( gnutls_rsa_params params,
- gnutls_x509_crt_fmt format, unsigned char* params_data,
- size_t* params_data_size);
+ gnutls_x509_crt_fmt format, unsigned char* params_data,
+ size_t* params_data_size);
int gnutls_rsa_params_import_pkcs1(gnutls_rsa_params params,
- const gnutls_datum * pkcs1_params, gnutls_x509_crt_fmt format);
+ const gnutls_datum * pkcs1_params, gnutls_x509_crt_fmt format);
/* Session stuff
*/
@@ -469,12 +469,12 @@ typedef ssize_t (*gnutls_pull_func)(gnutls_transport_ptr, void*, size_t);
typedef ssize_t (*gnutls_push_func)(gnutls_transport_ptr, const void*, size_t);
void gnutls_transport_set_ptr(gnutls_session session, gnutls_transport_ptr ptr);
void gnutls_transport_set_ptr2(gnutls_session session, gnutls_transport_ptr recv_ptr,
- gnutls_transport_ptr send_ptr);
+ gnutls_transport_ptr send_ptr);
gnutls_transport_ptr gnutls_transport_get_ptr(gnutls_session session);
void gnutls_transport_get_ptr2(gnutls_session session,
- gnutls_transport_ptr *recv_ptr,
- gnutls_transport_ptr *send_ptr);
+ gnutls_transport_ptr *recv_ptr,
+ gnutls_transport_ptr *send_ptr);
void gnutls_transport_set_lowat( gnutls_session session, int num);
@@ -493,5 +493,5 @@ void gnutls_openpgp_send_key(gnutls_session session, gnutls_openpgp_key_status s
* Actually this function returns the hash of the given data.
*/
int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data,
- void* result, size_t* result_size);
+ void* result, size_t* result_size);
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index 462bb795b6..3e70b46027 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -27,40 +27,42 @@
#include <debug.h>
typedef struct {
- gnutls_alert_description alert;
- const char *desc;
+ gnutls_alert_description alert;
+ const char *desc;
} gnutls_alert_entry;
static const gnutls_alert_entry sup_alerts[] = {
- { GNUTLS_A_CLOSE_NOTIFY, "Close notify" },
- { GNUTLS_A_UNEXPECTED_MESSAGE, "Unexpected message" },
- { GNUTLS_A_BAD_RECORD_MAC, "Bad record MAC" },
- { GNUTLS_A_DECRYPTION_FAILED, "Decryption failed" },
- { GNUTLS_A_RECORD_OVERFLOW, "Record overflow" },
- { GNUTLS_A_DECOMPRESSION_FAILURE, "Decompression failed" },
- { GNUTLS_A_HANDSHAKE_FAILURE, "Handshake failed" },
- { GNUTLS_A_BAD_CERTIFICATE, "Certificate is bad" },
- { GNUTLS_A_UNSUPPORTED_CERTIFICATE, "Certificate is not supported" },
- { GNUTLS_A_CERTIFICATE_REVOKED, "Certificate was revoked" },
- { GNUTLS_A_CERTIFICATE_EXPIRED, "Certificate is expired" },
- { GNUTLS_A_CERTIFICATE_UNKNOWN, "Unknown certificate" },
- { GNUTLS_A_ILLEGAL_PARAMETER, "Illegal parameter" },
- { GNUTLS_A_UNKNOWN_CA, "CA is unknown" },
- { GNUTLS_A_ACCESS_DENIED, "Access was denied" },
- { GNUTLS_A_DECODE_ERROR, "Decode error" },
- { GNUTLS_A_DECRYPT_ERROR, "Decrypt error" },
- { GNUTLS_A_EXPORT_RESTRICTION, "Export restriction" },
- { GNUTLS_A_PROTOCOL_VERSION, "Error in protocol version" },
- { GNUTLS_A_INSUFFICIENT_SECURITY,"Insufficient security" },
- { GNUTLS_A_USER_CANCELED, "User canceled" },
- { GNUTLS_A_INTERNAL_ERROR, "Internal error" },
- { GNUTLS_A_NO_RENEGOTIATION, "No renegotiation is allowed" },
- { GNUTLS_A_CERTIFICATE_UNOBTAINABLE, "Could not retrieve the specified certificate" },
- { GNUTLS_A_UNSUPPORTED_EXTENSION, "An unsupported extension was sent" },
- { GNUTLS_A_UNRECOGNIZED_NAME, "The server name sent was not recognized" },
- { GNUTLS_A_UNKNOWN_SRP_USERNAME, "The SRP username is not known" },
- { GNUTLS_A_MISSING_SRP_USERNAME, "The SRP username was not sent" },
- {0, NULL}
+ {GNUTLS_A_CLOSE_NOTIFY, "Close notify"},
+ {GNUTLS_A_UNEXPECTED_MESSAGE, "Unexpected message"},
+ {GNUTLS_A_BAD_RECORD_MAC, "Bad record MAC"},
+ {GNUTLS_A_DECRYPTION_FAILED, "Decryption failed"},
+ {GNUTLS_A_RECORD_OVERFLOW, "Record overflow"},
+ {GNUTLS_A_DECOMPRESSION_FAILURE, "Decompression failed"},
+ {GNUTLS_A_HANDSHAKE_FAILURE, "Handshake failed"},
+ {GNUTLS_A_BAD_CERTIFICATE, "Certificate is bad"},
+ {GNUTLS_A_UNSUPPORTED_CERTIFICATE, "Certificate is not supported"},
+ {GNUTLS_A_CERTIFICATE_REVOKED, "Certificate was revoked"},
+ {GNUTLS_A_CERTIFICATE_EXPIRED, "Certificate is expired"},
+ {GNUTLS_A_CERTIFICATE_UNKNOWN, "Unknown certificate"},
+ {GNUTLS_A_ILLEGAL_PARAMETER, "Illegal parameter"},
+ {GNUTLS_A_UNKNOWN_CA, "CA is unknown"},
+ {GNUTLS_A_ACCESS_DENIED, "Access was denied"},
+ {GNUTLS_A_DECODE_ERROR, "Decode error"},
+ {GNUTLS_A_DECRYPT_ERROR, "Decrypt error"},
+ {GNUTLS_A_EXPORT_RESTRICTION, "Export restriction"},
+ {GNUTLS_A_PROTOCOL_VERSION, "Error in protocol version"},
+ {GNUTLS_A_INSUFFICIENT_SECURITY, "Insufficient security"},
+ {GNUTLS_A_USER_CANCELED, "User canceled"},
+ {GNUTLS_A_INTERNAL_ERROR, "Internal error"},
+ {GNUTLS_A_NO_RENEGOTIATION, "No renegotiation is allowed"},
+ {GNUTLS_A_CERTIFICATE_UNOBTAINABLE,
+ "Could not retrieve the specified certificate"},
+ {GNUTLS_A_UNSUPPORTED_EXTENSION, "An unsupported extension was sent"},
+ {GNUTLS_A_UNRECOGNIZED_NAME,
+ "The server name sent was not recognized"},
+ {GNUTLS_A_UNKNOWN_SRP_USERNAME, "The SRP username is not known"},
+ {GNUTLS_A_MISSING_SRP_USERNAME, "The SRP username was not sent"},
+ {0, NULL}
};
#define GNUTLS_ALERT_LOOP(b) \
@@ -79,13 +81,13 @@ static const gnutls_alert_entry sup_alerts[] = {
* See gnutls_alert_get().
*
**/
-const char* gnutls_alert_get_name( gnutls_alert_level alert)
+const char *gnutls_alert_get_name(gnutls_alert_level alert)
{
-const char* ret = NULL;
+ const char *ret = NULL;
- GNUTLS_ALERT_ID_LOOP( ret = p->desc);
+ GNUTLS_ALERT_ID_LOOP(ret = p->desc);
- return ret;
+ return ret;
}
/**
@@ -105,23 +107,26 @@ const char* ret = NULL;
* Returns 0 on success.
*
**/
-int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_alert_description desc)
+int gnutls_alert_send(gnutls_session session, gnutls_alert_level level,
+ gnutls_alert_description desc)
{
- uint8 data[2];
- int ret;
- const char *name;
+ uint8 data[2];
+ int ret;
+ const char *name;
- data[0] = (uint8) level;
- data[1] = (uint8) desc;
+ data[0] = (uint8) level;
+ data[1] = (uint8) desc;
- name = gnutls_alert_get_name((int)data[1]);
- if (name == NULL) name = "(unknown)";
- _gnutls_record_log( "REC: Sending Alert[%d|%d] - %s\n", data[0], data[1], name);
+ name = gnutls_alert_get_name((int) data[1]);
+ if (name == NULL)
+ name = "(unknown)";
+ _gnutls_record_log("REC: Sending Alert[%d|%d] - %s\n", data[0],
+ data[1], name);
- if ( (ret = _gnutls_send_int( session, GNUTLS_ALERT, -1, data, 2)) >= 0)
- return 0;
- else
- return ret;
+ if ((ret = _gnutls_send_int(session, GNUTLS_ALERT, -1, data, 2)) >= 0)
+ return 0;
+ else
+ return ret;
}
/**
@@ -139,100 +144,101 @@ int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_
* mapping to an alert.
*
**/
-int gnutls_error_to_alert( int err, int* level)
+int gnutls_error_to_alert(int err, int *level)
{
-int ret = GNUTLS_E_INVALID_REQUEST;
-int _level = -1;
+ int ret = GNUTLS_E_INVALID_REQUEST;
+ int _level = -1;
- switch (err) { /* send appropriate alert */
- case GNUTLS_E_DECRYPTION_FAILED:
- /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
- * it is not defined in SSL3. Note that we must
- * not distinguish Decryption failures from mac
- * check failures, due to the possibility of some
- * attacks.
- */
- ret = GNUTLS_A_BAD_RECORD_MAC;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_DECOMPRESSION_FAILED:
- ret = GNUTLS_A_DECOMPRESSION_FAILURE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
- case GNUTLS_E_ILLEGAL_SRP_USERNAME:
- ret = GNUTLS_A_ILLEGAL_PARAMETER;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
- case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
- case GNUTLS_E_ASN1_DER_ERROR:
- case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
- case GNUTLS_E_ASN1_GENERIC_ERROR:
- case GNUTLS_E_ASN1_VALUE_NOT_VALID:
- case GNUTLS_E_ASN1_TAG_ERROR:
- case GNUTLS_E_ASN1_TAG_IMPLICIT:
- case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
- case GNUTLS_E_ASN1_SYNTAX_ERROR:
- case GNUTLS_E_ASN1_DER_OVERFLOW:
- case GNUTLS_E_NO_CERTIFICATE_FOUND:
- ret = GNUTLS_A_BAD_CERTIFICATE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
- case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
- case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
- case GNUTLS_E_NO_CIPHER_SUITES:
- case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
- ret = GNUTLS_A_HANDSHAKE_FAILURE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
- ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNEXPECTED_PACKET:
- ret = GNUTLS_A_UNEXPECTED_MESSAGE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_REHANDSHAKE:
- ret = GNUTLS_A_NO_RENEGOTIATION;
- _level = GNUTLS_AL_WARNING;
- break;
- case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
- ret = GNUTLS_A_PROTOCOL_VERSION;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
- ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
- ret = GNUTLS_A_RECORD_OVERFLOW;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_INTERNAL_ERROR:
- case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
- case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
- ret = GNUTLS_A_INTERNAL_ERROR;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_OPENPGP_GETKEY_FAILED:
- ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
- ret = GNUTLS_A_INSUFFICIENT_SECURITY;
- _level = GNUTLS_AL_FATAL;
- break;
- }
-
- if (level != NULL) *level = _level;
+ switch (err) { /* send appropriate alert */
+ case GNUTLS_E_DECRYPTION_FAILED:
+ /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
+ * it is not defined in SSL3. Note that we must
+ * not distinguish Decryption failures from mac
+ * check failures, due to the possibility of some
+ * attacks.
+ */
+ ret = GNUTLS_A_BAD_RECORD_MAC;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_DECOMPRESSION_FAILED:
+ ret = GNUTLS_A_DECOMPRESSION_FAILURE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
+ case GNUTLS_E_ILLEGAL_SRP_USERNAME:
+ ret = GNUTLS_A_ILLEGAL_PARAMETER;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
+ case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
+ case GNUTLS_E_ASN1_DER_ERROR:
+ case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
+ case GNUTLS_E_ASN1_GENERIC_ERROR:
+ case GNUTLS_E_ASN1_VALUE_NOT_VALID:
+ case GNUTLS_E_ASN1_TAG_ERROR:
+ case GNUTLS_E_ASN1_TAG_IMPLICIT:
+ case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
+ case GNUTLS_E_ASN1_SYNTAX_ERROR:
+ case GNUTLS_E_ASN1_DER_OVERFLOW:
+ case GNUTLS_E_NO_CERTIFICATE_FOUND:
+ ret = GNUTLS_A_BAD_CERTIFICATE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
+ case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
+ case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
+ case GNUTLS_E_NO_CIPHER_SUITES:
+ case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
+ ret = GNUTLS_A_HANDSHAKE_FAILURE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
+ ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNEXPECTED_PACKET:
+ ret = GNUTLS_A_UNEXPECTED_MESSAGE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_REHANDSHAKE:
+ ret = GNUTLS_A_NO_RENEGOTIATION;
+ _level = GNUTLS_AL_WARNING;
+ break;
+ case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
+ ret = GNUTLS_A_PROTOCOL_VERSION;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
+ ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+ ret = GNUTLS_A_RECORD_OVERFLOW;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_INTERNAL_ERROR:
+ case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
+ case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
+ ret = GNUTLS_A_INTERNAL_ERROR;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_OPENPGP_GETKEY_FAILED:
+ ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
+ ret = GNUTLS_A_INSUFFICIENT_SECURITY;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ }
- return ret;
+ if (level != NULL)
+ *level = _level;
+
+ return ret;
}
-
+
/* Sends the appropriate alert, depending
* on the error message. Deprecated. May be removed.
*/
@@ -251,16 +257,17 @@ int _level = -1;
* been sent to the peer.
*
-*/
-int gnutls_alert_send_appropriate( gnutls_session session, int err) {
-int alert;
-int level;
+int gnutls_alert_send_appropriate(gnutls_session session, int err)
+{
+ int alert;
+ int level;
- alert = gnutls_error_to_alert( err, &level);
- if (alert < 0) {
- return alert;
- }
-
- return gnutls_alert_send( session, level, alert);
+ alert = gnutls_error_to_alert(err, &level);
+ if (alert < 0) {
+ return alert;
+ }
+
+ return gnutls_alert_send(session, level, alert);
}
/**
@@ -273,6 +280,7 @@ int level;
* The peer may send alerts if he thinks some things were not
* right. Check gnutls.h for the available alert descriptions.
**/
-gnutls_alert_description gnutls_alert_get( gnutls_session session) {
- return session->internals.last_alert;
+gnutls_alert_description gnutls_alert_get(gnutls_session session)
+{
+ return session->internals.last_alert;
}
diff --git a/lib/gnutls_alert.h b/lib/gnutls_alert.h
index e877c9ab57..b042c5a85a 100644
--- a/lib/gnutls_alert.h
+++ b/lib/gnutls_alert.h
@@ -1,23 +1,27 @@
-typedef enum gnutls_alert_level { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL
+typedef enum gnutls_alert_level { GNUTLS_AL_WARNING = 1, GNUTLS_AL_FATAL
} gnutls_alert_level;
-typedef enum AlertDescription {
- GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10,
- GNUTLS_A_BAD_RECORD_MAC=20, GNUTLS_A_DECRYPTION_FAILED,
- GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30,
- GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_SSL3_NO_CERTIFICATE=41,
- GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE,
- GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED,
- GNUTLS_A_CERTIFICATE_UNKNOWN, GNUTLS_A_ILLEGAL_PARAMETER,
- GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR=50,
- GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60,
- GNUTLS_A_PROTOCOL_VERSION=70, GNUTLS_A_INSUFFICIENT_SECURITY,
- GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90,
- GNUTLS_A_NO_RENEGOTIATION=100, GNUTLS_A_UNSUPPORTED_EXTENSION=110,
- GNUTLS_A_CERTIFICATE_UNOBTAINABLE=111, GNUTLS_A_UNRECOGNIZED_NAME=112,
- GNUTLS_A_UNKNOWN_SRP_USERNAME=120, GNUTLS_A_MISSING_SRP_USERNAME=121
+typedef enum AlertDescription {
+ GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE = 10,
+ GNUTLS_A_BAD_RECORD_MAC = 20, GNUTLS_A_DECRYPTION_FAILED,
+ GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE = 30,
+ GNUTLS_A_HANDSHAKE_FAILURE = 40, GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
+ GNUTLS_A_BAD_CERTIFICATE = 42, GNUTLS_A_UNSUPPORTED_CERTIFICATE,
+ GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED,
+ GNUTLS_A_CERTIFICATE_UNKNOWN, GNUTLS_A_ILLEGAL_PARAMETER,
+ GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR =
+ 50,
+ GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION = 60,
+ GNUTLS_A_PROTOCOL_VERSION = 70, GNUTLS_A_INSUFFICIENT_SECURITY,
+ GNUTLS_A_INTERNAL_ERROR = 80, GNUTLS_A_USER_CANCELED = 90,
+ GNUTLS_A_NO_RENEGOTIATION = 100, GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
+ GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111, GNUTLS_A_UNRECOGNIZED_NAME =
+ 112,
+ GNUTLS_A_UNKNOWN_SRP_USERNAME = 120, GNUTLS_A_MISSING_SRP_USERNAME =
+ 121
} gnutls_alert_description;
-gnutls_alert_description gnutls_alert_get( gnutls_session session);
-int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_alert_description desc);
-const char* gnutls_alert_get_name( gnutls_alert_level alert);
+gnutls_alert_description gnutls_alert_get(gnutls_session session);
+int gnutls_alert_send(gnutls_session session, gnutls_alert_level level,
+ gnutls_alert_description desc);
+const char *gnutls_alert_get_name(gnutls_alert_level alert);
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index c79acf683c..d0d3d8384e 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -31,22 +31,22 @@
* more than one credentials type.
*/
typedef struct {
- gnutls_kx_algorithm algorithm;
- gnutls_credentials_type client_type;
- gnutls_credentials_type server_type; /* The type of credentials a server
- * needs to set */
+ gnutls_kx_algorithm algorithm;
+ gnutls_credentials_type client_type;
+ gnutls_credentials_type server_type; /* The type of credentials a server
+ * needs to set */
} gnutls_cred_map;
static const gnutls_cred_map cred_mappings[] = {
- { GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON },
- { GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE },
- { GNUTLS_KX_RSA_EXPORT, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE },
- { GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE },
- { GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE },
- { GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP },
- { GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE },
- { GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE },
- { 0, 0, 0}
+ {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
+ {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_RSA_EXPORT, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
+ {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+ {0, 0, 0}
};
#define GNUTLS_KX_MAP_LOOP(b) \
@@ -61,15 +61,15 @@ static const gnutls_cred_map cred_mappings[] = {
/* KX mappings to PK algorithms */
typedef struct {
- gnutls_kx_algorithm kx_algorithm;
- gnutls_pk_algorithm pk_algorithm;
- enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
- * for encryption, CIPHER_SIGN if signature only,
- * CIPHER_IGN if this does not apply at all.
- *
- * This is useful to certificate cipher suites, which check
- * against the certificate key usage bits.
- */
+ gnutls_kx_algorithm kx_algorithm;
+ gnutls_pk_algorithm pk_algorithm;
+ enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
+ * for encryption, CIPHER_SIGN if signature only,
+ * CIPHER_IGN if this does not apply at all.
+ *
+ * This is useful to certificate cipher suites, which check
+ * against the certificate key usage bits.
+ */
} gnutls_pk_map;
/* This table maps the Key exchange algorithms to
@@ -78,13 +78,13 @@ typedef struct {
* use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
*/
static const gnutls_pk_map pk_mappings[] = {
- {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
- {GNUTLS_KX_RSA_EXPORT, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
- {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
- {0, 0, 0}
+ {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
+ {GNUTLS_KX_RSA_EXPORT, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+ {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+ {0, 0, 0}
};
#define GNUTLS_PK_MAP_LOOP(b) \
@@ -99,18 +99,18 @@ static const gnutls_pk_map pk_mappings[] = {
/* TLS Versions */
typedef struct {
- const char *name;
- gnutls_protocol_version id; /* gnutls internal version number */
- int major; /* defined by the protocol */
- int minor; /* defined by the protocol */
- int supported; /* 0 not supported, > 0 is supported */
+ const char *name;
+ gnutls_protocol_version id; /* gnutls internal version number */
+ int major; /* defined by the protocol */
+ int minor; /* defined by the protocol */
+ int supported; /* 0 not supported, > 0 is supported */
} gnutls_version_entry;
static const gnutls_version_entry sup_versions[] = {
- {"SSL 3.0", GNUTLS_SSL3, 3, 0, 1},
- {"TLS 1.0", GNUTLS_TLS1, 3, 1, 1},
- {"TLS 1.1", GNUTLS_TLS1_1, 3, 2, 1},
- {0, 0, 0, 0, 0}
+ {"SSL 3.0", GNUTLS_SSL3, 3, 0, 1},
+ {"TLS 1.0", GNUTLS_TLS1, 3, 1, 1},
+ {"TLS 1.1", GNUTLS_TLS1_1, 3, 2, 1},
+ {0, 0, 0, 0, 0}
};
#define GNUTLS_VERSION_LOOP(b) \
@@ -122,13 +122,13 @@ static const gnutls_version_entry sup_versions[] = {
struct gnutls_cipher_entry {
- const char *name;
- gnutls_cipher_algorithm id;
- uint16 blocksize;
- uint16 keysize;
- cipher_type_t block;
- uint16 iv;
- int export_flag; /* 0 non export */
+ const char *name;
+ gnutls_cipher_algorithm id;
+ uint16 blocksize;
+ uint16 keysize;
+ cipher_type_t block;
+ uint16 iv;
+ int export_flag; /* 0 non export */
};
typedef struct gnutls_cipher_entry gnutls_cipher_entry;
@@ -138,15 +138,17 @@ typedef struct gnutls_cipher_entry gnutls_cipher_entry;
* protecting communications" by Hugo Krawczyk - CRYPTO 2001
*/
static const gnutls_cipher_entry algorithms[] = {
- {"3DES 168 CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0 },
- {"AES 128 CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0 },
- {"AES 256 CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0 },
- {"ARCFOUR 128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0 },
- {"ARCFOUR 40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1 },
- {"RC2 40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1 },
- {"DES CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0 },
- {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0 },
- {0, 0, 0, 0, 0, 0, 0}
+ {"3DES 168 CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0},
+ {"AES 128 CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16,
+ 0},
+ {"AES 256 CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16,
+ 0},
+ {"ARCFOUR 128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0},
+ {"ARCFOUR 40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1},
+ {"RC2 40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1},
+ {"DES CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0},
+ {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0}
};
#define GNUTLS_LOOP(b) \
@@ -158,17 +160,17 @@ static const gnutls_cipher_entry algorithms[] = {
struct gnutls_hash_entry {
- const char *name;
- gnutls_mac_algorithm id;
+ const char *name;
+ gnutls_mac_algorithm id;
};
typedef struct gnutls_hash_entry gnutls_hash_entry;
static const gnutls_hash_entry hash_algorithms[] = {
- {"SHA", GNUTLS_MAC_SHA},
- {"MD5", GNUTLS_MAC_MD5},
- {"RIPEMD160", GNUTLS_MAC_RMD160},
- {"NULL", GNUTLS_MAC_NULL},
- {0, 0}
+ {"SHA", GNUTLS_MAC_SHA},
+ {"MD5", GNUTLS_MAC_MD5},
+ {"RIPEMD160", GNUTLS_MAC_RMD160},
+ {"NULL", GNUTLS_MAC_NULL},
+ {0, 0}
};
#define GNUTLS_HASH_LOOP(b) \
@@ -189,14 +191,13 @@ const int _gnutls_comp_algorithms_size = MAX_COMP_METHODS;
/* the compression entry is defined in gnutls_algorithms.h */
-gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] =
-{
- GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
+gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] = {
+ GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
#ifdef HAVE_LIBZ
- /* draft-ietf-tls-compression-02 */
- GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3),
+ /* draft-ietf-tls-compression-02 */
+ GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3),
#endif
- {0, 0, 0, 0, 0, 0}
+ {0, 0, 0, 0, 0, 0}
};
#define GNUTLS_COMPRESSION_LOOP(b) \
@@ -223,16 +224,16 @@ const int _gnutls_kx_algorithms_size = MAX_KX_ALGOS;
gnutls_kx_algo_entry _gnutls_kx_algorithms[MAX_KX_ALGOS] = {
#ifdef ENABLE_ANON
- { "Anon DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0 },
+ {"Anon DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0},
#endif
- { "RSA", GNUTLS_KX_RSA, &rsa_auth_struct, 0, 0 },
- { "RSA EXPORT", GNUTLS_KX_RSA_EXPORT, &rsa_export_auth_struct, 0, 1 },
- { "DHE RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1, 0 },
- { "DHE DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1, 0 },
- /* other algorithms are appended here by gnutls-extra
- * initialization function.
- */
- {0, 0, 0, 0, 0}
+ {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct, 0, 0},
+ {"RSA EXPORT", GNUTLS_KX_RSA_EXPORT, &rsa_export_auth_struct, 0, 1},
+ {"DHE RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1, 0},
+ {"DHE DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1, 0},
+ /* other algorithms are appended here by gnutls-extra
+ * initialization function.
+ */
+ {0, 0, 0, 0, 0}
};
#define GNUTLS_KX_LOOP(b) \
@@ -249,14 +250,14 @@ gnutls_kx_algo_entry _gnutls_kx_algorithms[MAX_KX_ALGOS] = {
{ #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version }
typedef struct {
- const char *name;
- cipher_suite_st id;
- gnutls_cipher_algorithm block_algorithm;
- gnutls_kx_algorithm kx_algorithm;
- gnutls_mac_algorithm mac_algorithm;
- gnutls_protocol_version version; /* this cipher suite is supported
- * from 'version' and above;
- */
+ const char *name;
+ cipher_suite_st id;
+ gnutls_cipher_algorithm block_algorithm;
+ gnutls_kx_algorithm kx_algorithm;
+ gnutls_mac_algorithm mac_algorithm;
+ gnutls_protocol_version version; /* this cipher suite is supported
+ * from 'version' and above;
+ */
} gnutls_cipher_suite_entry;
/** RSA with NULL cipher and MD5 MAC
@@ -345,129 +346,132 @@ typedef struct {
#define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
static const gnutls_cipher_suite_entry cs_algorithms[] = {
- /* ANON_DH */
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_ARCFOUR_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_3DES_EDE_CBC_SHA,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_AES_128_CBC_SHA,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_AES_256_CBC_SHA,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- /* SRP */
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
-
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
-
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
-
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
-
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
-
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
-
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
-
- /* DHE_DSS */
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_ARCFOUR_SHA,
- GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_RMD,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_RMD160, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_RMD,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_RMD160, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_RMD,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_RMD160, GNUTLS_TLS1),
- /* DHE_RSA */
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_RMD,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_RMD160, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_RMD,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_RMD160, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_RMD,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_RMD160, GNUTLS_TLS1),
- /* RSA */
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_NULL_MD5,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
-
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
- GNUTLS_CIPHER_ARCFOUR_40,
- GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5, GNUTLS_SSL3),
-
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_ARCFOUR_SHA,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_ARCFOUR_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_128_CBC_SHA,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_256_CBC_SHA,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA, GNUTLS_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_3DES_EDE_CBC_RMD,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_KX_RSA, GNUTLS_MAC_RMD160, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_128_CBC_RMD,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_RMD160, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_256_CBC_RMD,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_RMD160, GNUTLS_TLS1),
- {0, {{0,0}}, 0, 0, 0, 0}
+ /* ANON_DH */
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_ARCFOUR_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_3DES_EDE_CBC_SHA,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_AES_128_CBC_SHA,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_AES_256_CBC_SHA,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ /* SRP */
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA, GNUTLS_TLS1),
+
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA, GNUTLS_TLS1),
+
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA, GNUTLS_TLS1),
+
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA, GNUTLS_TLS1),
+
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA, GNUTLS_TLS1),
+
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA, GNUTLS_TLS1),
+
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA, GNUTLS_TLS1),
+
+ /* DHE_DSS */
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_ARCFOUR_SHA,
+ GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_RMD,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_RMD160, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_RMD,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_RMD160, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_RMD,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_RMD160, GNUTLS_TLS1),
+ /* DHE_RSA */
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_RMD,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_RMD160, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_RMD,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_RMD160, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_RMD,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_RMD160, GNUTLS_TLS1),
+ /* RSA */
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_NULL_MD5,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
+
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
+ GNUTLS_CIPHER_ARCFOUR_40,
+ GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3),
+
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_ARCFOUR_SHA,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_ARCFOUR_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_128_CBC_SHA,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_256_CBC_SHA,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA, GNUTLS_SSL3),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_3DES_EDE_CBC_RMD,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_KX_RSA, GNUTLS_MAC_RMD160,
+ GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_128_CBC_RMD,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_RMD160, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_256_CBC_RMD,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_RMD160, GNUTLS_TLS1),
+ {0, {{0, 0}}, 0, 0, 0, 0}
};
#define GNUTLS_CIPHER_SUITE_LOOP(b) \
@@ -481,18 +485,17 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
/* Generic Functions */
-inline int _gnutls_mac_priority(gnutls_session session, gnutls_mac_algorithm algorithm)
+inline int _gnutls_mac_priority(gnutls_session session,
+ gnutls_mac_algorithm algorithm)
{ /* actually returns the priority */
- unsigned int i;
- for (i = 0;
- i < session->internals.mac_algorithm_priority.algorithms;
- i++) {
- if (session->internals.
- mac_algorithm_priority.priority[i] ==
- algorithm)
- return i;
- }
- return -1;
+ unsigned int i;
+ for (i = 0;
+ i < session->internals.mac_algorithm_priority.algorithms; i++) {
+ if (session->internals.
+ mac_algorithm_priority.priority[i] == algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -502,26 +505,25 @@ inline int _gnutls_mac_priority(gnutls_session session, gnutls_mac_algorithm alg
* Returns a string that contains the name
* of the specified MAC algorithm or NULL.
**/
-const char *gnutls_mac_get_name( gnutls_mac_algorithm algorithm)
+const char *gnutls_mac_get_name(gnutls_mac_algorithm algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP(ret =
- p->name);
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
int _gnutls_mac_is_ok(gnutls_mac_algorithm algorithm)
{
- ssize_t ret = -1;
- GNUTLS_HASH_ALG_LOOP(ret = p->id);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
+ ssize_t ret = -1;
+ GNUTLS_HASH_ALG_LOOP(ret = p->id);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
/* Compression Functions */
@@ -529,17 +531,15 @@ inline
int _gnutls_compression_priority(gnutls_session session,
gnutls_compression_method algorithm)
{ /* actually returns the priority */
- unsigned int i;
- for (i = 0;
- i <
- session->internals.compression_method_priority.algorithms;
- i++) {
- if (session->internals.
- compression_method_priority.priority[i] ==
- algorithm)
- return i;
- }
- return -1;
+ unsigned int i;
+ for (i = 0;
+ i <
+ session->internals.compression_method_priority.algorithms; i++) {
+ if (session->internals.
+ compression_method_priority.priority[i] == algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -549,51 +549,51 @@ inline
* Returns a pointer to a string that contains the name
* of the specified compression algorithm or NULL.
**/
-const char *gnutls_compression_get_name( gnutls_compression_method algorithm)
+const char *gnutls_compression_get_name(gnutls_compression_method
+ algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP(ret =
- p->name + sizeof("GNUTLS_COMP_") -
- 1);
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret =
+ p->name + sizeof("GNUTLS_COMP_") - 1);
- return ret;
+ return ret;
}
/* return the tls number of the specified algorithm */
int _gnutls_compression_get_num(gnutls_compression_method algorithm)
{
- int ret = -1;
+ int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP(ret = p->num);
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->num);
- return ret;
+ return ret;
}
int _gnutls_compression_get_wbits(gnutls_compression_method algorithm)
{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP(ret = p->window_bits);
- return ret;
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->window_bits);
+ return ret;
}
int _gnutls_compression_get_mem_level(gnutls_compression_method algorithm)
{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP(ret = p->mem_level);
- return ret;
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->mem_level);
+ return ret;
}
int _gnutls_compression_get_comp_level(gnutls_compression_method algorithm)
{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP(ret = p->comp_level);
- return ret;
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->comp_level);
+ return ret;
}
/* returns the gnutls internal ID of the TLS compression
@@ -601,23 +601,23 @@ int _gnutls_compression_get_comp_level(gnutls_compression_method algorithm)
*/
gnutls_compression_method _gnutls_compression_get_id(int num)
{
- gnutls_compression_method ret = -1;
+ gnutls_compression_method ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP_NUM(ret = p->id);
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP_NUM(ret = p->id);
- return ret;
+ return ret;
}
int _gnutls_compression_is_ok(gnutls_compression_method algorithm)
{
- ssize_t ret = -1;
- GNUTLS_COMPRESSION_ALG_LOOP(ret = p->id);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
+ ssize_t ret = -1;
+ GNUTLS_COMPRESSION_ALG_LOOP(ret = p->id);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
@@ -625,37 +625,36 @@ int _gnutls_compression_is_ok(gnutls_compression_method algorithm)
/* CIPHER functions */
int _gnutls_cipher_get_block_size(gnutls_cipher_algorithm algorithm)
{
- size_t ret = 0;
- GNUTLS_ALG_LOOP(ret = p->blocksize);
- return ret;
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->blocksize);
+ return ret;
}
/* returns the priority */
inline
int
-_gnutls_cipher_priority(gnutls_session session, gnutls_cipher_algorithm algorithm)
+_gnutls_cipher_priority(gnutls_session session,
+ gnutls_cipher_algorithm algorithm)
{
- unsigned int i;
- for (i = 0;
- i <
- session->internals.
- cipher_algorithm_priority.algorithms; i++) {
- if (session->internals.
- cipher_algorithm_priority.priority[i] ==
- algorithm)
- return i;
- }
- return -1;
+ unsigned int i;
+ for (i = 0;
+ i <
+ session->internals.cipher_algorithm_priority.algorithms; i++) {
+ if (session->internals.
+ cipher_algorithm_priority.priority[i] == algorithm)
+ return i;
+ }
+ return -1;
}
int _gnutls_cipher_is_block(gnutls_cipher_algorithm algorithm)
{
- size_t ret = 0;
+ size_t ret = 0;
- GNUTLS_ALG_LOOP(ret = p->block);
- return ret;
+ GNUTLS_ALG_LOOP(ret = p->block);
+ return ret;
}
@@ -667,27 +666,27 @@ int _gnutls_cipher_is_block(gnutls_cipher_algorithm algorithm)
* Returns 0 if the given cipher is invalid.
*
**/
-size_t gnutls_cipher_get_key_size( gnutls_cipher_algorithm algorithm)
+size_t gnutls_cipher_get_key_size(gnutls_cipher_algorithm algorithm)
{ /* In bytes */
- size_t ret = 0;
- GNUTLS_ALG_LOOP(ret = p->keysize);
- return ret;
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->keysize);
+ return ret;
}
int _gnutls_cipher_get_iv_size(gnutls_cipher_algorithm algorithm)
{ /* In bytes */
- size_t ret = 0;
- GNUTLS_ALG_LOOP(ret = p->iv);
- return ret;
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->iv);
+ return ret;
}
int _gnutls_cipher_get_export_flag(gnutls_cipher_algorithm algorithm)
{ /* In bytes */
- size_t ret = 0;
- GNUTLS_ALG_LOOP(ret = p->export_flag);
- return ret;
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->export_flag);
+ return ret;
}
@@ -698,49 +697,49 @@ int _gnutls_cipher_get_export_flag(gnutls_cipher_algorithm algorithm)
* Returns a pointer to a string that contains the name
* of the specified cipher or NULL.
**/
-const char *gnutls_cipher_get_name( gnutls_cipher_algorithm algorithm)
+const char *gnutls_cipher_get_name(gnutls_cipher_algorithm algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_ALG_LOOP(ret = p->name);
+ /* avoid prefix */
+ GNUTLS_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
int _gnutls_cipher_is_ok(gnutls_cipher_algorithm algorithm)
{
- ssize_t ret = -1;
- GNUTLS_ALG_LOOP(ret = p->id);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
+ ssize_t ret = -1;
+ GNUTLS_ALG_LOOP(ret = p->id);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
/* Key EXCHANGE functions */
mod_auth_st *_gnutls_kx_auth_struct(gnutls_kx_algorithm algorithm)
{
- mod_auth_st *ret = NULL;
- GNUTLS_KX_ALG_LOOP(ret = p->auth_struct);
- return ret;
+ mod_auth_st *ret = NULL;
+ GNUTLS_KX_ALG_LOOP(ret = p->auth_struct);
+ return ret;
}
-inline int _gnutls_kx_priority(gnutls_session session, gnutls_kx_algorithm algorithm)
+inline int _gnutls_kx_priority(gnutls_session session,
+ gnutls_kx_algorithm algorithm)
{
- unsigned int i;
- for (i = 0;
- i < session->internals.kx_algorithm_priority.algorithms;
- i++) {
- if (session->internals.
- kx_algorithm_priority.priority[i] == algorithm)
- return i;
- }
- return -1;
+ unsigned int i;
+ for (i = 0;
+ i < session->internals.kx_algorithm_priority.algorithms; i++) {
+ if (session->internals.
+ kx_algorithm_priority.priority[i] == algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -750,97 +749,96 @@ inline int _gnutls_kx_priority(gnutls_session session, gnutls_kx_algorithm algor
* Returns a pointer to a string that contains the name
* of the specified key exchange algorithm or NULL.
**/
-const char *gnutls_kx_get_name( gnutls_kx_algorithm algorithm)
+const char *gnutls_kx_get_name(gnutls_kx_algorithm algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_KX_ALG_LOOP(ret = p->name);
+ /* avoid prefix */
+ GNUTLS_KX_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
int _gnutls_kx_is_ok(gnutls_kx_algorithm algorithm)
{
- ssize_t ret = -1;
- GNUTLS_KX_ALG_LOOP(ret = p->algorithm);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
+ ssize_t ret = -1;
+ GNUTLS_KX_ALG_LOOP(ret = p->algorithm);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
int _gnutls_kx_needs_rsa_params(gnutls_kx_algorithm algorithm)
{
- ssize_t ret = 0;
- GNUTLS_KX_ALG_LOOP(ret = p->needs_rsa_params);
- return ret;
+ ssize_t ret = 0;
+ GNUTLS_KX_ALG_LOOP(ret = p->needs_rsa_params);
+ return ret;
}
int _gnutls_kx_needs_dh_params(gnutls_kx_algorithm algorithm)
{
- ssize_t ret = 0;
- GNUTLS_KX_ALG_LOOP(ret = p->needs_dh_params);
- return ret;
+ ssize_t ret = 0;
+ GNUTLS_KX_ALG_LOOP(ret = p->needs_dh_params);
+ return ret;
}
/* Version */
int _gnutls_version_priority(gnutls_session session,
- gnutls_protocol_version version)
+ gnutls_protocol_version version)
{ /* actually returns the priority */
- unsigned int i;
+ unsigned int i;
- if (session->internals.protocol_priority.priority==NULL) {
- gnutls_assert();
- return -1;
- }
-
- for (i = 0;
- i <
- session->internals.protocol_priority.algorithms;
- i++) {
- if (session->internals.
- protocol_priority.priority[i] ==
- version)
- return i;
- }
+ if (session->internals.protocol_priority.priority == NULL) {
+ gnutls_assert();
return -1;
+ }
+
+ for (i = 0; i < session->internals.protocol_priority.algorithms; i++) {
+ if (session->internals.protocol_priority.priority[i] == version)
+ return i;
+ }
+ return -1;
}
gnutls_protocol_version _gnutls_version_lowest(gnutls_session session)
{ /* returns the lowest version supported */
- unsigned int i, min = 0xff;
-
- if (session->internals.protocol_priority.priority==NULL) {
- return GNUTLS_VERSION_UNKNOWN;
- } else
- for (i=0;i<session->internals.protocol_priority.algorithms;i++) {
- if (session->internals.protocol_priority.priority[i] < min)
- min = session->internals.protocol_priority.priority[i];
- }
-
- if (min==0xff) return GNUTLS_VERSION_UNKNOWN; /* unknown version */
-
- return min;
+ unsigned int i, min = 0xff;
+
+ if (session->internals.protocol_priority.priority == NULL) {
+ return GNUTLS_VERSION_UNKNOWN;
+ } else
+ for (i = 0; i < session->internals.protocol_priority.algorithms;
+ i++) {
+ if (session->internals.protocol_priority.priority[i] < min)
+ min = session->internals.protocol_priority.priority[i];
+ }
+
+ if (min == 0xff)
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+
+ return min;
}
gnutls_protocol_version _gnutls_version_max(gnutls_session session)
{ /* returns the maximum version supported */
- unsigned int i, max=0x00;
-
- if (session->internals.protocol_priority.priority==NULL) {
- return GNUTLS_VERSION_UNKNOWN;
- } else
- for (i=0;i<session->internals.protocol_priority.algorithms;i++) {
- if (session->internals.protocol_priority.priority[i] > max)
- max = session->internals.protocol_priority.priority[i];
- }
-
- if (max==0x00) return GNUTLS_VERSION_UNKNOWN; /* unknown version */
-
- return max;
+ unsigned int i, max = 0x00;
+
+ if (session->internals.protocol_priority.priority == NULL) {
+ return GNUTLS_VERSION_UNKNOWN;
+ } else
+ for (i = 0; i < session->internals.protocol_priority.algorithms;
+ i++) {
+ if (session->internals.protocol_priority.priority[i] > max)
+ max = session->internals.protocol_priority.priority[i];
+ }
+
+ if (max == 0x00)
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+
+ return max;
}
@@ -851,39 +849,38 @@ gnutls_protocol_version _gnutls_version_max(gnutls_session session)
* Returns a string that contains the name
* of the specified TLS version or NULL.
**/
-const char *gnutls_protocol_get_name( gnutls_protocol_version version)
+const char *gnutls_protocol_get_name(gnutls_protocol_version version)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_VERSION_ALG_LOOP(ret =
- p->name);
- return ret;
+ /* avoid prefix */
+ GNUTLS_VERSION_ALG_LOOP(ret = p->name);
+ return ret;
}
int _gnutls_version_get_minor(gnutls_protocol_version version)
{
- int ret = -1;
+ int ret = -1;
- GNUTLS_VERSION_ALG_LOOP(ret = p->minor);
- return ret;
+ GNUTLS_VERSION_ALG_LOOP(ret = p->minor);
+ return ret;
}
gnutls_protocol_version _gnutls_version_get(int major, int minor)
{
- int ret = -1;
+ int ret = -1;
- GNUTLS_VERSION_LOOP(if ((p->major == major) && (p->minor == minor))
- ret = p->id);
- return ret;
+ GNUTLS_VERSION_LOOP(if ((p->major == major) && (p->minor == minor))
+ ret = p->id);
+ return ret;
}
int _gnutls_version_get_major(gnutls_protocol_version version)
{
- int ret = -1;
+ int ret = -1;
- GNUTLS_VERSION_ALG_LOOP(ret = p->major);
- return ret;
+ GNUTLS_VERSION_ALG_LOOP(ret = p->major);
+ return ret;
}
/* Version Functions */
@@ -892,89 +889,92 @@ int
_gnutls_version_is_supported(gnutls_session session,
const gnutls_protocol_version version)
{
-int ret=0;
+ int ret = 0;
- GNUTLS_VERSION_ALG_LOOP(ret = p->supported);
- if (ret == 0) return 0;
+ GNUTLS_VERSION_ALG_LOOP(ret = p->supported);
+ if (ret == 0)
+ return 0;
- if (_gnutls_version_priority( session, version) < 0)
- return 0; /* disabled by the user */
- else
- return 1;
+ if (_gnutls_version_priority(session, version) < 0)
+ return 0; /* disabled by the user */
+ else
+ return 1;
}
/* Type to KX mappings */
-gnutls_kx_algorithm _gnutls_map_kx_get_kx(gnutls_credentials_type type, int server)
+gnutls_kx_algorithm _gnutls_map_kx_get_kx(gnutls_credentials_type type,
+ int server)
{
- gnutls_kx_algorithm ret = -1;
-
- if (server) {
- GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm);
- } else {
- GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm);
- }
- return ret;
+ gnutls_kx_algorithm ret = -1;
+
+ if (server) {
+ GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm);
+ } else {
+ GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm);
+ }
+ return ret;
}
-gnutls_credentials_type _gnutls_map_kx_get_cred(gnutls_kx_algorithm algorithm, int server)
+gnutls_credentials_type _gnutls_map_kx_get_cred(gnutls_kx_algorithm
+ algorithm, int server)
{
- gnutls_credentials_type ret = -1;
- if (server) {
- GNUTLS_KX_MAP_LOOP(if (p->algorithm==algorithm) ret = p->server_type);
- } else {
- GNUTLS_KX_MAP_LOOP(if (p->algorithm==algorithm) ret = p->client_type);
- }
-
- return ret;
+ gnutls_credentials_type ret = -1;
+ if (server) {
+ GNUTLS_KX_MAP_LOOP(if (p->algorithm == algorithm) ret =
+ p->server_type);
+ } else {
+ GNUTLS_KX_MAP_LOOP(if (p->algorithm == algorithm) ret =
+ p->client_type);
+ }
+
+ return ret;
}
/* Cipher Suite's functions */
gnutls_cipher_algorithm
-_gnutls_cipher_suite_get_cipher_algo(const cipher_suite_st* suite)
+_gnutls_cipher_suite_get_cipher_algo(const cipher_suite_st * suite)
{
- int ret = 0;
- GNUTLS_CIPHER_SUITE_ALG_LOOP(ret = p->block_algorithm);
- return ret;
+ int ret = 0;
+ GNUTLS_CIPHER_SUITE_ALG_LOOP(ret = p->block_algorithm);
+ return ret;
}
gnutls_protocol_version
-_gnutls_cipher_suite_get_version(const cipher_suite_st* suite)
+_gnutls_cipher_suite_get_version(const cipher_suite_st * suite)
{
- int ret = 0;
- GNUTLS_CIPHER_SUITE_ALG_LOOP(ret = p->version);
- return ret;
+ int ret = 0;
+ GNUTLS_CIPHER_SUITE_ALG_LOOP(ret = p->version);
+ return ret;
}
-gnutls_kx_algorithm _gnutls_cipher_suite_get_kx_algo(const cipher_suite_st*
- suite)
+gnutls_kx_algorithm _gnutls_cipher_suite_get_kx_algo(const cipher_suite_st
+ * suite)
{
- int ret = 0;
+ int ret = 0;
- GNUTLS_CIPHER_SUITE_ALG_LOOP(ret = p->kx_algorithm);
- return ret;
+ GNUTLS_CIPHER_SUITE_ALG_LOOP(ret = p->kx_algorithm);
+ return ret;
}
gnutls_mac_algorithm
-_gnutls_cipher_suite_get_mac_algo(const cipher_suite_st *suite)
+_gnutls_cipher_suite_get_mac_algo(const cipher_suite_st * suite)
{ /* In bytes */
- int ret = 0;
- GNUTLS_CIPHER_SUITE_ALG_LOOP(ret = p->mac_algorithm);
- return ret;
+ int ret = 0;
+ GNUTLS_CIPHER_SUITE_ALG_LOOP(ret = p->mac_algorithm);
+ return ret;
}
-const char *_gnutls_cipher_suite_get_name(cipher_suite_st* suite)
+const char *_gnutls_cipher_suite_get_name(cipher_suite_st * suite)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_CIPHER_SUITE_ALG_LOOP(ret =
- p->name + sizeof("GNUTLS_") -
- 1);
+ /* avoid prefix */
+ GNUTLS_CIPHER_SUITE_ALG_LOOP(ret = p->name + sizeof("GNUTLS_") - 1);
- return ret;
+ return ret;
}
/**
@@ -991,32 +991,33 @@ const char *_gnutls_cipher_suite_get_name(cipher_suite_st* suite)
*
**/
const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm kx_algorithm,
- gnutls_cipher_algorithm cipher_algorithm, gnutls_mac_algorithm mac_algorithm)
+ gnutls_cipher_algorithm
+ cipher_algorithm,
+ gnutls_mac_algorithm
+ mac_algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_CIPHER_SUITE_LOOP(
- if (kx_algorithm == p->kx_algorithm &&
- cipher_algorithm == p->block_algorithm &&
- mac_algorithm == p->mac_algorithm)
- ret = p->name + sizeof("GNUTLS_") - 1);
+ /* avoid prefix */
+ GNUTLS_CIPHER_SUITE_LOOP(if (kx_algorithm == p->kx_algorithm &&
+ cipher_algorithm == p->block_algorithm &&
+ mac_algorithm == p->mac_algorithm)
+ ret = p->name + sizeof("GNUTLS_") - 1);
- return ret;
+ return ret;
}
-inline
-static int _gnutls_cipher_suite_is_ok(cipher_suite_st *suite)
+inline static int _gnutls_cipher_suite_is_ok(cipher_suite_st * suite)
{
- size_t ret;
- const char *name = NULL;
-
- GNUTLS_CIPHER_SUITE_ALG_LOOP(name = p->name);
- if (name != NULL)
- ret = 0;
- else
- ret = 1;
- return ret;
+ size_t ret;
+ const char *name = NULL;
+
+ GNUTLS_CIPHER_SUITE_ALG_LOOP(name = p->name);
+ if (name != NULL)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
@@ -1028,67 +1029,69 @@ static int _gnutls_cipher_suite_is_ok(cipher_suite_st *suite)
inline
static int _gnutls_partition(gnutls_session session, void *_base,
size_t nmemb, size_t size,
- int (*compar) (gnutls_session, const void *,
+ int (*compar) (gnutls_session,
+ const void *,
const void *))
{
- uint8 *base = _base;
- uint8 tmp[MAX_ELEM_SIZE];
- uint8 ptmp[MAX_ELEM_SIZE];
- unsigned int pivot;
- unsigned int i, j;
- unsigned int full;
-
- i = pivot = 0;
- j = full = (nmemb - 1) * size;
-
- memcpy(ptmp, &base[0], size); /* set pivot item */
-
- while (i < j) {
- while ((compar(session, &base[i], ptmp) <= 0) && (i < full)) {
- i += size;
- }
- while ((compar(session, &base[j], ptmp) >= 0) && (j > 0))
- j -= size;
-
- if (i < j) {
- SWAP(&base[j], &base[i]);
- }
+ uint8 *base = _base;
+ uint8 tmp[MAX_ELEM_SIZE];
+ uint8 ptmp[MAX_ELEM_SIZE];
+ unsigned int pivot;
+ unsigned int i, j;
+ unsigned int full;
+
+ i = pivot = 0;
+ j = full = (nmemb - 1) * size;
+
+ memcpy(ptmp, &base[0], size); /* set pivot item */
+
+ while (i < j) {
+ while ((compar(session, &base[i], ptmp) <= 0) && (i < full)) {
+ i += size;
}
+ while ((compar(session, &base[j], ptmp) >= 0) && (j > 0))
+ j -= size;
- if (j > pivot) {
- SWAP(&base[pivot], &base[j]);
- pivot = j;
- } else if (i < pivot) {
- SWAP(&base[pivot], &base[i]);
- pivot = i;
+ if (i < j) {
+ SWAP(&base[j], &base[i]);
}
- return pivot / size;
+ }
+
+ if (j > pivot) {
+ SWAP(&base[pivot], &base[j]);
+ pivot = j;
+ } else if (i < pivot) {
+ SWAP(&base[pivot], &base[i]);
+ pivot = i;
+ }
+ return pivot / size;
}
static void
-_gnutls_qsort(gnutls_session session, void *_base, size_t nmemb, size_t size,
- int (*compar) (gnutls_session, const void *, const void *))
+_gnutls_qsort(gnutls_session session, void *_base, size_t nmemb,
+ size_t size, int (*compar) (gnutls_session, const void *,
+ const void *))
{
- unsigned int pivot;
- char *base = _base;
- size_t snmemb = nmemb;
+ unsigned int pivot;
+ char *base = _base;
+ size_t snmemb = nmemb;
#ifdef DEBUG
- if (size > MAX_ELEM_SIZE) {
- gnutls_assert();
- _gnutls_debug_log( "QSORT BUG\n");
- exit(1);
- }
+ if (size > MAX_ELEM_SIZE) {
+ gnutls_assert();
+ _gnutls_debug_log("QSORT BUG\n");
+ exit(1);
+ }
#endif
- if (snmemb <= 1)
- return;
- pivot = _gnutls_partition(session, _base, nmemb, size, compar);
+ if (snmemb <= 1)
+ return;
+ pivot = _gnutls_partition(session, _base, nmemb, size, compar);
- _gnutls_qsort(session, base, pivot < nmemb ? pivot + 1 : pivot, size,
- compar);
- _gnutls_qsort(session, &base[(pivot + 1) * size], nmemb - pivot - 1,
- size, compar);
+ _gnutls_qsort(session, base, pivot < nmemb ? pivot + 1 : pivot, size,
+ compar);
+ _gnutls_qsort(session, &base[(pivot + 1) * size], nmemb - pivot - 1,
+ size, compar);
}
@@ -1099,38 +1102,38 @@ static int
_gnutls_compare_algo(gnutls_session session, const void *i_A1,
const void *i_A2)
{
- gnutls_kx_algorithm kA1 =
- _gnutls_cipher_suite_get_kx_algo((const cipher_suite_st *) i_A1);
- gnutls_kx_algorithm kA2 =
- _gnutls_cipher_suite_get_kx_algo((const cipher_suite_st *) i_A2);
- gnutls_cipher_algorithm cA1 =
- _gnutls_cipher_suite_get_cipher_algo((const cipher_suite_st *)
- i_A1);
- gnutls_cipher_algorithm cA2 =
- _gnutls_cipher_suite_get_cipher_algo((const cipher_suite_st *)
- i_A2);
- gnutls_mac_algorithm mA1 =
- _gnutls_cipher_suite_get_mac_algo((const cipher_suite_st *)
- i_A1);
- gnutls_mac_algorithm mA2 =
- _gnutls_cipher_suite_get_mac_algo((const cipher_suite_st *)
- i_A2);
-
- int p1 = (_gnutls_kx_priority(session, kA1) + 1) * 64;
- int p2 = (_gnutls_kx_priority(session, kA2) + 1) * 64;
- p1 += (_gnutls_cipher_priority(session, cA1) + 1) * 8;
- p2 += (_gnutls_cipher_priority(session, cA2) + 1) * 8;
- p1 += _gnutls_mac_priority(session, mA1);
- p2 += _gnutls_mac_priority(session, mA2);
-
- if (p1 > p2) {
- return 1;
- } else {
- if (p1 == p2) {
- return 0;
- }
- return -1;
+ gnutls_kx_algorithm kA1 =
+ _gnutls_cipher_suite_get_kx_algo((const cipher_suite_st *) i_A1);
+ gnutls_kx_algorithm kA2 =
+ _gnutls_cipher_suite_get_kx_algo((const cipher_suite_st *) i_A2);
+ gnutls_cipher_algorithm cA1 =
+ _gnutls_cipher_suite_get_cipher_algo((const cipher_suite_st *)
+ i_A1);
+ gnutls_cipher_algorithm cA2 =
+ _gnutls_cipher_suite_get_cipher_algo((const cipher_suite_st *)
+ i_A2);
+ gnutls_mac_algorithm mA1 =
+ _gnutls_cipher_suite_get_mac_algo((const cipher_suite_st *)
+ i_A1);
+ gnutls_mac_algorithm mA2 =
+ _gnutls_cipher_suite_get_mac_algo((const cipher_suite_st *)
+ i_A2);
+
+ int p1 = (_gnutls_kx_priority(session, kA1) + 1) * 64;
+ int p2 = (_gnutls_kx_priority(session, kA2) + 1) * 64;
+ p1 += (_gnutls_cipher_priority(session, cA1) + 1) * 8;
+ p2 += (_gnutls_cipher_priority(session, cA2) + 1) * 8;
+ p1 += _gnutls_mac_priority(session, mA1);
+ p2 += _gnutls_mac_priority(session, mA2);
+
+ if (p1 > p2) {
+ return 1;
+ } else {
+ if (p1 == p2) {
+ return 0;
}
+ return -1;
+ }
}
#ifdef SORT_DEBUG
@@ -1139,18 +1142,18 @@ _gnutls_bsort(gnutls_session session, void *_base, size_t nmemb,
size_t size, int (*compar) (gnutls_session, const void *,
const void *))
{
- unsigned int i, j;
- int full = nmemb * size;
- char *base = _base;
- char tmp[MAX_ELEM_SIZE];
-
- for (i = 0; i < full; i += size) {
- for (j = 0; j < full; j += size) {
- if (compar(session, &base[i], &base[j]) < 0) {
- SWAP(&base[j], &base[i]);
- }
- }
+ unsigned int i, j;
+ int full = nmemb * size;
+ char *base = _base;
+ char tmp[MAX_ELEM_SIZE];
+
+ for (i = 0; i < full; i += size) {
+ for (j = 0; j < full; j += size) {
+ if (compar(session, &base[i], &base[j]) < 0) {
+ SWAP(&base[j], &base[i]);
+ }
}
+ }
}
#endif
@@ -1161,34 +1164,33 @@ _gnutls_supported_ciphersuites_sorted(gnutls_session session,
{
#ifdef SORT_DEBUG
- unsigned int i;
+ unsigned int i;
#endif
- int count;
-
- count = _gnutls_supported_ciphersuites( session, ciphers);
- if (count<=0) {
- gnutls_assert();
- return count;
- }
+ int count;
+ count = _gnutls_supported_ciphersuites(session, ciphers);
+ if (count <= 0) {
+ gnutls_assert();
+ return count;
+ }
#ifdef SORT_DEBUG
- _gnutls_debug_log( "Unsorted: \n");
- for (i = 0; i < count; i++)
- _gnutls_debug_log( "\t%d: %s\n", i,
- _gnutls_cipher_suite_get_name((*ciphers)[i]));
+ _gnutls_debug_log("Unsorted: \n");
+ for (i = 0; i < count; i++)
+ _gnutls_debug_log("\t%d: %s\n", i,
+ _gnutls_cipher_suite_get_name((*ciphers)[i]));
#endif
- _gnutls_qsort(session, *ciphers, count,
- sizeof(cipher_suite_st), _gnutls_compare_algo);
+ _gnutls_qsort(session, *ciphers, count,
+ sizeof(cipher_suite_st), _gnutls_compare_algo);
#ifdef SORT_DEBUG
- _gnutls_debug_log( "Sorted: \n");
- for (i = 0; i < count; i++)
- _gnutls_debug_log( "\t%d: %s\n", i,
- _gnutls_cipher_suite_get_name((*ciphers)[i]));
+ _gnutls_debug_log("Sorted: \n");
+ for (i = 0; i < count; i++)
+ _gnutls_debug_log("\t%d: %s\n", i,
+ _gnutls_cipher_suite_get_name((*ciphers)[i]));
#endif
- return count;
+ return count;
}
int
@@ -1196,91 +1198,91 @@ _gnutls_supported_ciphersuites(gnutls_session session,
cipher_suite_st ** _ciphers)
{
- unsigned int i, ret_count, j;
- unsigned int count = CIPHER_SUITES_COUNT;
- cipher_suite_st *tmp_ciphers;
- cipher_suite_st* ciphers;
- gnutls_protocol_version version;
-
- if (count == 0) {
- return 0;
- }
+ unsigned int i, ret_count, j;
+ unsigned int count = CIPHER_SUITES_COUNT;
+ cipher_suite_st *tmp_ciphers;
+ cipher_suite_st *ciphers;
+ gnutls_protocol_version version;
- tmp_ciphers = gnutls_alloca(count * sizeof(cipher_suite_st));
- if ( tmp_ciphers==NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (count == 0) {
+ return 0;
+ }
- ciphers = gnutls_malloc(count * sizeof(cipher_suite_st));
- if ( ciphers==NULL) {
- gnutls_afree( tmp_ciphers);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- version = gnutls_protocol_get_version( session);
+ tmp_ciphers = gnutls_alloca(count * sizeof(cipher_suite_st));
+ if (tmp_ciphers == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- for (i = 0; i < count; i++) {
- memcpy( &tmp_ciphers[i], &cs_algorithms[i].id, sizeof( cipher_suite_st));
- }
+ ciphers = gnutls_malloc(count * sizeof(cipher_suite_st));
+ if (ciphers == NULL) {
+ gnutls_afree(tmp_ciphers);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- for (i = j = 0; i < count; i++) {
- /* remove private cipher suites, if requested.
- */
- if ( tmp_ciphers[i].suite[0] == 0xFF &&
- session->internals.enable_private == 0)
- continue;
-
- /* remove cipher suites which do not support the
- * protocol version used.
- */
- if ( _gnutls_cipher_suite_get_version(&tmp_ciphers[i]) > version)
- continue;
-
- if (_gnutls_kx_priority
- (session,
- _gnutls_cipher_suite_get_kx_algo(&tmp_ciphers[i])) < 0)
- continue;
- if (_gnutls_mac_priority
- (session,
- _gnutls_cipher_suite_get_mac_algo(&tmp_ciphers[i])) <
- 0)
- continue;
- if (_gnutls_cipher_priority
- (session,
- _gnutls_cipher_suite_get_cipher_algo(&tmp_ciphers[i]))
- < 0)
- continue;
-
- memcpy( &ciphers[j], &tmp_ciphers[i], sizeof( cipher_suite_st));
- j++;
- }
+ version = gnutls_protocol_get_version(session);
- ret_count = j;
-
-#if 0 /* expensive */
- if (ret_count > 0 && ret_count != count) {
- ciphers =
- gnutls_realloc_fast(ciphers,
- ret_count * sizeof(cipher_suite_st));
- } else {
- if (ret_count != count) {
- gnutls_free(ciphers);
- ciphers = NULL;
- }
- }
-#endif
+ for (i = 0; i < count; i++) {
+ memcpy(&tmp_ciphers[i], &cs_algorithms[i].id,
+ sizeof(cipher_suite_st));
+ }
- gnutls_afree(tmp_ciphers);
+ for (i = j = 0; i < count; i++) {
+ /* remove private cipher suites, if requested.
+ */
+ if (tmp_ciphers[i].suite[0] == 0xFF &&
+ session->internals.enable_private == 0)
+ continue;
- /* This function can no longer return 0 cipher suites.
- * It returns an error code instead.
+ /* remove cipher suites which do not support the
+ * protocol version used.
*/
- if (ret_count == 0) {
- gnutls_assert();
- gnutls_free(ciphers);
- return GNUTLS_E_NO_CIPHER_SUITES;
+ if (_gnutls_cipher_suite_get_version(&tmp_ciphers[i]) > version)
+ continue;
+
+ if (_gnutls_kx_priority
+ (session,
+ _gnutls_cipher_suite_get_kx_algo(&tmp_ciphers[i])) < 0)
+ continue;
+ if (_gnutls_mac_priority
+ (session,
+ _gnutls_cipher_suite_get_mac_algo(&tmp_ciphers[i])) < 0)
+ continue;
+ if (_gnutls_cipher_priority
+ (session,
+ _gnutls_cipher_suite_get_cipher_algo(&tmp_ciphers[i]))
+ < 0)
+ continue;
+
+ memcpy(&ciphers[j], &tmp_ciphers[i], sizeof(cipher_suite_st));
+ j++;
+ }
+
+ ret_count = j;
+
+#if 0 /* expensive */
+ if (ret_count > 0 && ret_count != count) {
+ ciphers =
+ gnutls_realloc_fast(ciphers,
+ ret_count * sizeof(cipher_suite_st));
+ } else {
+ if (ret_count != count) {
+ gnutls_free(ciphers);
+ ciphers = NULL;
}
- *_ciphers = ciphers;
- return ret_count;
+ }
+#endif
+
+ gnutls_afree(tmp_ciphers);
+
+ /* This function can no longer return 0 cipher suites.
+ * It returns an error code instead.
+ */
+ if (ret_count == 0) {
+ gnutls_assert();
+ gnutls_free(ciphers);
+ return GNUTLS_E_NO_CIPHER_SUITES;
+ }
+ *_ciphers = ciphers;
+ return ret_count;
}
@@ -1292,37 +1294,39 @@ _gnutls_supported_ciphersuites(gnutls_session session,
*/
#define SUPPORTED_COMPRESSION_METHODS session->internals.compression_method_priority.algorithms
int
-_gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp)
+_gnutls_supported_compression_methods(gnutls_session session,
+ uint8 ** comp)
{
- unsigned int i, j;
-
- *comp = gnutls_malloc( sizeof(uint8) * SUPPORTED_COMPRESSION_METHODS);
- if (*comp == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) {
- int tmp = _gnutls_compression_get_num(session->internals.
- compression_method_priority.
- priority[i]);
-
- /* remove private compression algorithms, if requested.
- */
- if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO &&
- session->internals.enable_private == 0)) {
- gnutls_assert();
- continue;
- }
-
- (*comp)[j] = (uint8) tmp;
- j++;
- }
+ unsigned int i, j;
+
+ *comp = gnutls_malloc(sizeof(uint8) * SUPPORTED_COMPRESSION_METHODS);
+ if (*comp == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- if (j==0) {
- gnutls_assert();
- gnutls_free( *comp); *comp = NULL;
- return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
+ for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) {
+ int tmp = _gnutls_compression_get_num(session->internals.
+ compression_method_priority.
+ priority[i]);
+
+ /* remove private compression algorithms, if requested.
+ */
+ if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO &&
+ session->internals.enable_private == 0)) {
+ gnutls_assert();
+ continue;
}
- return j;
+
+ (*comp)[j] = (uint8) tmp;
+ j++;
+ }
+
+ if (j == 0) {
+ gnutls_assert();
+ gnutls_free(*comp);
+ *comp = NULL;
+ return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
+ }
+ return j;
}
/**
@@ -1332,14 +1336,16 @@ _gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp)
* Returns a string (or NULL) that contains the name
* of the specified certificate type.
**/
-const char *gnutls_certificate_type_get_name( gnutls_certificate_type type)
+const char *gnutls_certificate_type_get_name(gnutls_certificate_type type)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- if (type==GNUTLS_CRT_X509) ret = "X.509";
- if (type==GNUTLS_CRT_OPENPGP) ret = "OPENPGP";
+ if (type == GNUTLS_CRT_X509)
+ ret = "X.509";
+ if (type == GNUTLS_CRT_OPENPGP)
+ ret = "OPENPGP";
- return ret;
+ return ret;
}
/* returns the gnutls_pk_algorithm which is compatible with
@@ -1347,9 +1353,9 @@ const char *gnutls_certificate_type_get_name( gnutls_certificate_type type)
*/
gnutls_pk_algorithm _gnutls_map_pk_get_pk(gnutls_kx_algorithm kx_algorithm)
{
- gnutls_pk_algorithm ret = -1;
+ gnutls_pk_algorithm ret = -1;
- GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm)
+ GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm)
return ret;
}
@@ -1358,10 +1364,11 @@ gnutls_pk_algorithm _gnutls_map_pk_get_pk(gnutls_kx_algorithm kx_algorithm)
*
* ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
*/
-enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm kx_algorithm)
+enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm
+ kx_algorithm)
{
- int ret = CIPHER_IGN;
- GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type)
+ int ret = CIPHER_IGN;
+ GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type)
return ret;
}
@@ -1369,17 +1376,17 @@ enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm kx_algorithm)
/* signature algorithms;
*/
struct gnutls_sign_entry {
- const char *name;
- gnutls_sign_algorithm id;
+ const char *name;
+ gnutls_sign_algorithm id;
};
typedef struct gnutls_sign_entry gnutls_sign_entry;
static const gnutls_sign_entry sign_algorithms[] = {
- {"RSA-SHA", GNUTLS_SIGN_RSA_SHA},
- {"DSA-SHA", GNUTLS_SIGN_DSA_SHA},
- {"RSA-MD5", GNUTLS_SIGN_RSA_MD5},
- {"RSA-MD2", GNUTLS_SIGN_RSA_MD2},
- {0, 0}
+ {"RSA-SHA", GNUTLS_SIGN_RSA_SHA},
+ {"DSA-SHA", GNUTLS_SIGN_DSA_SHA},
+ {"RSA-MD5", GNUTLS_SIGN_RSA_MD5},
+ {"RSA-MD2", GNUTLS_SIGN_RSA_MD2},
+ {0, 0}
};
#define GNUTLS_SIGN_LOOP(b) \
@@ -1398,29 +1405,28 @@ static const gnutls_sign_entry sign_algorithms[] = {
* Returns a string that contains the name
* of the specified sign algorithm or NULL.
**/
-const char *gnutls_sign_algorithm_get_name( gnutls_sign_algorithm algorithm)
+const char *gnutls_sign_algorithm_get_name(gnutls_sign_algorithm algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_SIGN_ALG_LOOP(ret =
- p->name);
+ /* avoid prefix */
+ GNUTLS_SIGN_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/* pk algorithms;
*/
struct gnutls_pk_entry {
- const char *name;
- gnutls_pk_algorithm id;
+ const char *name;
+ gnutls_pk_algorithm id;
};
typedef struct gnutls_pk_entry gnutls_pk_entry;
static const gnutls_pk_entry pk_algorithms[] = {
- {"RSA", GNUTLS_PK_RSA},
- {"DSA", GNUTLS_PK_DSA},
- {0, 0}
+ {"RSA", GNUTLS_PK_RSA},
+ {"DSA", GNUTLS_PK_DSA},
+ {0, 0}
};
#define GNUTLS_PK_LOOP(b) \
@@ -1439,13 +1445,12 @@ static const gnutls_pk_entry pk_algorithms[] = {
* Returns a string that contains the name
* of the specified public key algorithm or NULL.
**/
-const char *gnutls_pk_algorithm_get_name( gnutls_pk_algorithm algorithm)
+const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_PK_ALG_LOOP(ret =
- p->name);
+ /* avoid prefix */
+ GNUTLS_PK_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index 9962eb8a0d..b43398a10d 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -22,33 +22,48 @@
/* functions for version */
-gnutls_protocol_version _gnutls_version_lowest( gnutls_session session);
-gnutls_protocol_version _gnutls_version_max( gnutls_session session);
-int _gnutls_version_priority(gnutls_session session, gnutls_protocol_version version);
-int _gnutls_version_is_supported(gnutls_session session, const gnutls_protocol_version version);
-int _gnutls_version_get_major( gnutls_protocol_version ver);
-int _gnutls_version_get_minor( gnutls_protocol_version ver);
-gnutls_protocol_version _gnutls_version_get( int major, int minor);
+gnutls_protocol_version _gnutls_version_lowest(gnutls_session session);
+gnutls_protocol_version _gnutls_version_max(gnutls_session session);
+int _gnutls_version_priority(gnutls_session session,
+ gnutls_protocol_version version);
+int _gnutls_version_is_supported(gnutls_session session,
+ const gnutls_protocol_version version);
+int _gnutls_version_get_major(gnutls_protocol_version ver);
+int _gnutls_version_get_minor(gnutls_protocol_version ver);
+gnutls_protocol_version _gnutls_version_get(int major, int minor);
/* functions for macs */
-const char* gnutls_mac_get_name(gnutls_mac_algorithm algorithm);
-int _gnutls_mac_is_ok(gnutls_mac_algorithm algorithm);
-int _gnutls_mac_priority(gnutls_session session, gnutls_mac_algorithm algorithm);
+const char *gnutls_mac_get_name(gnutls_mac_algorithm algorithm);
+int _gnutls_mac_is_ok(gnutls_mac_algorithm algorithm);
+int _gnutls_mac_priority(gnutls_session session,
+ gnutls_mac_algorithm algorithm);
/* functions for cipher suites */
-int _gnutls_supported_ciphersuites(gnutls_session session, cipher_suite_st **ciphers);
-int _gnutls_supported_ciphersuites_sorted(gnutls_session session, cipher_suite_st **ciphers);
-int _gnutls_supported_compression_methods(gnutls_session session, uint8 **comp);
-
-const char* _gnutls_cipher_suite_get_name(cipher_suite_st *algorithm);
-gnutls_cipher_algorithm _gnutls_cipher_suite_get_cipher_algo(const cipher_suite_st *algorithm);
-gnutls_kx_algorithm _gnutls_cipher_suite_get_kx_algo(const cipher_suite_st *algorithm);
-gnutls_mac_algorithm _gnutls_cipher_suite_get_mac_algo(const cipher_suite_st *algorithm);
-gnutls_protocol_version _gnutls_cipher_suite_get_version(const cipher_suite_st *algorithm);
-cipher_suite_st _gnutls_cipher_suite_get_suite_name(cipher_suite_st *algorithm);
+int _gnutls_supported_ciphersuites(gnutls_session session,
+ cipher_suite_st ** ciphers);
+int _gnutls_supported_ciphersuites_sorted(gnutls_session session,
+ cipher_suite_st ** ciphers);
+int _gnutls_supported_compression_methods(gnutls_session session,
+ uint8 ** comp);
+
+const char *_gnutls_cipher_suite_get_name(cipher_suite_st * algorithm);
+gnutls_cipher_algorithm _gnutls_cipher_suite_get_cipher_algo(const
+ cipher_suite_st
+ * algorithm);
+gnutls_kx_algorithm _gnutls_cipher_suite_get_kx_algo(const cipher_suite_st
+ * algorithm);
+gnutls_mac_algorithm _gnutls_cipher_suite_get_mac_algo(const
+ cipher_suite_st *
+ algorithm);
+gnutls_protocol_version _gnutls_cipher_suite_get_version(const
+ cipher_suite_st *
+ algorithm);
+cipher_suite_st _gnutls_cipher_suite_get_suite_name(cipher_suite_st *
+ algorithm);
/* functions for ciphers */
-int _gnutls_cipher_priority(gnutls_session session, gnutls_cipher_algorithm algorithm);
+int _gnutls_cipher_priority(gnutls_session session,
+ gnutls_cipher_algorithm algorithm);
int _gnutls_cipher_get_block_size(gnutls_cipher_algorithm algorithm);
int _gnutls_cipher_is_block(gnutls_cipher_algorithm algorithm);
int _gnutls_cipher_is_ok(gnutls_cipher_algorithm algorithm);
@@ -58,54 +73,61 @@ int _gnutls_cipher_get_export_flag(gnutls_cipher_algorithm algorithm);
const char *gnutls_cipher_get_name(gnutls_cipher_algorithm algorithm);
/* functions for key exchange */
-int _gnutls_kx_priority(gnutls_session session, gnutls_kx_algorithm algorithm);
+int _gnutls_kx_priority(gnutls_session session,
+ gnutls_kx_algorithm algorithm);
int _gnutls_kx_needs_dh_params(gnutls_kx_algorithm algorithm);
int _gnutls_kx_needs_rsa_params(gnutls_kx_algorithm algorithm);
-mod_auth_st * _gnutls_kx_auth_struct(gnutls_kx_algorithm algorithm);
+mod_auth_st *_gnutls_kx_auth_struct(gnutls_kx_algorithm algorithm);
const char *gnutls_kx_get_name(gnutls_kx_algorithm algorithm);
int _gnutls_kx_is_ok(gnutls_kx_algorithm algorithm);
/* functions for compression */
-int _gnutls_compression_priority(gnutls_session session, gnutls_compression_method algorithm);
+int _gnutls_compression_priority(gnutls_session session,
+ gnutls_compression_method algorithm);
int _gnutls_compression_is_ok(gnutls_compression_method algorithm);
int _gnutls_compression_get_num(gnutls_compression_method algorithm);
gnutls_compression_method _gnutls_compression_get_id(int num);
-const char *gnutls_compression_get_name(gnutls_compression_method algorithm);
+const char *gnutls_compression_get_name(gnutls_compression_method
+ algorithm);
int _gnutls_compression_get_mem_level(gnutls_compression_method algorithm);
-int _gnutls_compression_get_comp_level(gnutls_compression_method algorithm);
+int _gnutls_compression_get_comp_level(gnutls_compression_method
+ algorithm);
int _gnutls_compression_get_wbits(gnutls_compression_method algorithm);
/* Type to KX mappings */
-gnutls_kx_algorithm _gnutls_map_kx_get_kx(gnutls_credentials_type type, int server);
-gnutls_credentials_type _gnutls_map_kx_get_cred(gnutls_kx_algorithm algorithm, int server);
+gnutls_kx_algorithm _gnutls_map_kx_get_kx(gnutls_credentials_type type,
+ int server);
+gnutls_credentials_type _gnutls_map_kx_get_cred(gnutls_kx_algorithm
+ algorithm, int server);
/* KX to PK mapping */
-gnutls_pk_algorithm _gnutls_map_pk_get_pk(gnutls_kx_algorithm kx_algorithm);
+gnutls_pk_algorithm _gnutls_map_pk_get_pk(gnutls_kx_algorithm
+ kx_algorithm);
-enum encipher_type { CIPHER_ENCRYPT=0, CIPHER_SIGN=1, CIPHER_IGN };
+enum encipher_type { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm algorithm);
struct gnutls_kx_algo_entry {
- const char *name;
- gnutls_kx_algorithm algorithm;
- mod_auth_st *auth_struct;
- int needs_dh_params;
- int needs_rsa_params;
+ const char *name;
+ gnutls_kx_algorithm algorithm;
+ mod_auth_st *auth_struct;
+ int needs_dh_params;
+ int needs_rsa_params;
};
typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry;
struct gnutls_compression_entry {
- const char *name;
- gnutls_compression_method id;
- int num; /* the number reserved in TLS for the specific compression method */
-
- /* used in zlib compressor */
- int window_bits;
- int mem_level;
- int comp_level;
+ const char *name;
+ gnutls_compression_method id;
+ int num; /* the number reserved in TLS for the specific compression method */
+
+ /* used in zlib compressor */
+ int window_bits;
+ int mem_level;
+ int comp_level;
};
typedef struct gnutls_compression_entry gnutls_compression_entry;
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index 50da169d3d..55e088c06e 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -40,10 +40,10 @@ static const int anon_dummy;
* This structure is complex enough to manipulate directly thus
* this helper function is provided in order to free (deallocate) it.
**/
-void gnutls_anon_free_server_credentials( gnutls_anon_server_credentials sc)
+void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials sc)
{
- gnutls_free( sc);
+ gnutls_free(sc);
}
/*-
@@ -53,26 +53,27 @@ void gnutls_anon_free_server_credentials( gnutls_anon_server_credentials sc)
* This function will return the dh parameters pointer.
*
-*/
-gnutls_dh_params _gnutls_anon_get_dh_params(const gnutls_anon_server_credentials sc,
- gnutls_session session)
+gnutls_dh_params _gnutls_anon_get_dh_params(const
+ gnutls_anon_server_credentials
+ sc, gnutls_session session)
{
-gnutls_params_st params;
-int ret;
-
- if (session->internals.params.anon_dh_params)
- return session->internals.params.anon_dh_params;
-
- if (sc->dh_params) {
- session->internals.params.anon_dh_params = sc->dh_params;
- } else if (sc->params_func) {
- ret = sc->params_func( session, GNUTLS_PARAMS_DH, &params);
- if (ret == 0 && params.type == GNUTLS_PARAMS_DH) {
- session->internals.params.anon_dh_params = params.params.dh;
- session->internals.params.free_anon_dh_params = params.deinit;
- }
- }
-
+ gnutls_params_st params;
+ int ret;
+
+ if (session->internals.params.anon_dh_params)
return session->internals.params.anon_dh_params;
+
+ if (sc->dh_params) {
+ session->internals.params.anon_dh_params = sc->dh_params;
+ } else if (sc->params_func) {
+ ret = sc->params_func(session, GNUTLS_PARAMS_DH, &params);
+ if (ret == 0 && params.type == GNUTLS_PARAMS_DH) {
+ session->internals.params.anon_dh_params = params.params.dh;
+ session->internals.params.free_anon_dh_params = params.deinit;
+ }
+ }
+
+ return session->internals.params.anon_dh_params;
}
/**
@@ -82,11 +83,13 @@ int ret;
* This structure is complex enough to manipulate directly thus
* this helper function is provided in order to allocate it.
**/
-int gnutls_anon_allocate_server_credentials( gnutls_anon_server_credentials *sc) {
+int gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials
+ * sc)
+{
- *sc = gnutls_calloc( 1, sizeof(anon_server_credentials_st));
+ *sc = gnutls_calloc(1, sizeof(anon_server_credentials_st));
- return 0;
+ return 0;
}
@@ -97,7 +100,8 @@ int gnutls_anon_allocate_server_credentials( gnutls_anon_server_credentials *sc)
* This structure is complex enough to manipulate directly thus
* this helper function is provided in order to free (deallocate) it.
**/
-void gnutls_anon_free_client_credentials( gnutls_anon_client_credentials sc) {
+void gnutls_anon_free_client_credentials(gnutls_anon_client_credentials sc)
+{
}
/**
@@ -107,14 +111,15 @@ void gnutls_anon_free_client_credentials( gnutls_anon_client_credentials sc) {
* This structure is complex enough to manipulate directly thus
* this helper function is provided in order to allocate it.
**/
-int gnutls_anon_allocate_client_credentials( gnutls_anon_client_credentials *sc)
+int gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials
+ * sc)
{
- /* anon_dummy is only there for *sc not to be null.
- * it is not used at all;
- */
- *sc = (void*) &anon_dummy;
-
- return 0;
+ /* anon_dummy is only there for *sc not to be null.
+ * it is not used at all;
+ */
+ *sc = (void *) &anon_dummy;
+
+ return 0;
}
#endif
diff --git a/lib/gnutls_asn1_tab.c b/lib/gnutls_asn1_tab.c
index b7bfa2e03d..39c056c875 100644
--- a/lib/gnutls_asn1_tab.c
+++ b/lib/gnutls_asn1_tab.c
@@ -1,60 +1,60 @@
#include "libtasn1.h"
-const ASN1_ARRAY_TYPE gnutls_asn1_tab[]={
- {"GNUTLS",536872976,0},
- {0,1073741836,0},
- {"RSAPublicKey",1610612741,0},
- {"modulus",1073741827,0},
- {"publicExponent",3,0},
- {"RSAPrivateKey",1610612741,0},
- {"version",1073741826,"Version"},
- {"modulus",1073741827,0},
- {"publicExponent",1073741827,0},
- {"privateExponent",1073741827,0},
- {"prime1",1073741827,0},
- {"prime2",1073741827,0},
- {"exponent1",1073741827,0},
- {"exponent2",1073741827,0},
- {"coefficient",1073741827,0},
- {"otherPrimeInfos",16386,"OtherPrimeInfos"},
- {"Version",1610874883,0},
- {"two-prime",1073741825,"0"},
- {"multi",1,"1"},
- {"OtherPrimeInfos",1612709899,0},
- {"MAX",1074266122,"1"},
- {0,2,"OtherPrimeInfo"},
- {"OtherPrimeInfo",1610612741,0},
- {"prime",1073741827,0},
- {"exponent",1073741827,0},
- {"coefficient",3,0},
- {"AlgorithmIdentifier",1610612741,0},
- {"algorithm",1073741836,0},
- {"parameters",541081613,0},
- {"algorithm",1,0},
- {"DigestInfo",1610612741,0},
- {"digestAlgorithm",1073741826,"DigestAlgorithmIdentifier"},
- {"digest",2,"Digest"},
- {"DigestAlgorithmIdentifier",1073741826,"AlgorithmIdentifier"},
- {"Digest",1073741831,0},
- {"DSAPublicKey",1073741827,0},
- {"DSAParameters",1610612741,0},
- {"p",1073741827,0},
- {"q",1073741827,0},
- {"g",3,0},
- {"DSASignatureValue",1610612741,0},
- {"r",1073741827,0},
- {"s",3,0},
- {"DSAPrivateKey",1610612741,0},
- {"version",1073741827,0},
- {"p",1073741827,0},
- {"q",1073741827,0},
- {"g",1073741827,0},
- {"Y",1073741827,0},
- {"priv",3,0},
- {"DHParameter",536870917,0},
- {"prime",1073741827,0},
- {"base",1073741827,0},
- {"privateValueLength",16387,0},
- {0,0,0}
+const ASN1_ARRAY_TYPE gnutls_asn1_tab[] = {
+ {"GNUTLS", 536872976, 0},
+ {0, 1073741836, 0},
+ {"RSAPublicKey", 1610612741, 0},
+ {"modulus", 1073741827, 0},
+ {"publicExponent", 3, 0},
+ {"RSAPrivateKey", 1610612741, 0},
+ {"version", 1073741826, "Version"},
+ {"modulus", 1073741827, 0},
+ {"publicExponent", 1073741827, 0},
+ {"privateExponent", 1073741827, 0},
+ {"prime1", 1073741827, 0},
+ {"prime2", 1073741827, 0},
+ {"exponent1", 1073741827, 0},
+ {"exponent2", 1073741827, 0},
+ {"coefficient", 1073741827, 0},
+ {"otherPrimeInfos", 16386, "OtherPrimeInfos"},
+ {"Version", 1610874883, 0},
+ {"two-prime", 1073741825, "0"},
+ {"multi", 1, "1"},
+ {"OtherPrimeInfos", 1612709899, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "OtherPrimeInfo"},
+ {"OtherPrimeInfo", 1610612741, 0},
+ {"prime", 1073741827, 0},
+ {"exponent", 1073741827, 0},
+ {"coefficient", 3, 0},
+ {"AlgorithmIdentifier", 1610612741, 0},
+ {"algorithm", 1073741836, 0},
+ {"parameters", 541081613, 0},
+ {"algorithm", 1, 0},
+ {"DigestInfo", 1610612741, 0},
+ {"digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"},
+ {"digest", 2, "Digest"},
+ {"DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
+ {"Digest", 1073741831, 0},
+ {"DSAPublicKey", 1073741827, 0},
+ {"DSAParameters", 1610612741, 0},
+ {"p", 1073741827, 0},
+ {"q", 1073741827, 0},
+ {"g", 3, 0},
+ {"DSASignatureValue", 1610612741, 0},
+ {"r", 1073741827, 0},
+ {"s", 3, 0},
+ {"DSAPrivateKey", 1610612741, 0},
+ {"version", 1073741827, 0},
+ {"p", 1073741827, 0},
+ {"q", 1073741827, 0},
+ {"g", 1073741827, 0},
+ {"Y", 1073741827, 0},
+ {"priv", 3, 0},
+ {"DHParameter", 536870917, 0},
+ {"prime", 1073741827, 0},
+ {"base", 1073741827, 0},
+ {"privateValueLength", 16387, 0},
+ {0, 0, 0}
};
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index a383ff1eaa..1819a6ab76 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -41,17 +41,18 @@
* Clears all the credentials previously set in this session.
*
**/
-void gnutls_credentials_clear( gnutls_session session) {
- if (session->key && session->key->cred) { /* beginning of the list */
- auth_cred_st * ccred, *ncred;
- ccred = session->key->cred;
- while(ccred!=NULL) {
- ncred = ccred->next;
- gnutls_free(ccred);
- ccred = ncred;
- }
- session->key->cred = NULL;
+void gnutls_credentials_clear(gnutls_session session)
+{
+ if (session->key && session->key->cred) { /* beginning of the list */
+ auth_cred_st *ccred, *ncred;
+ ccred = session->key->cred;
+ while (ccred != NULL) {
+ ncred = ccred->next;
+ gnutls_free(ccred);
+ ccred = ncred;
}
+ session->key->cred = NULL;
+ }
}
/*
@@ -83,51 +84,55 @@ void gnutls_credentials_clear( gnutls_session session) {
* For GNUTLS_CRD_CERTIFICATE cred should be gnutls_certificate_credentials.
*
**/
-int gnutls_credentials_set( gnutls_session session, gnutls_credentials_type type, void* cred) {
- auth_cred_st * ccred=NULL, *pcred=NULL;
- int exists=0;
-
- if (session->key->cred==NULL) { /* beginning of the list */
-
- session->key->cred = gnutls_malloc(sizeof(auth_cred_st));
- if (session->key->cred == NULL) return GNUTLS_E_MEMORY_ERROR;
-
- /* copy credentials locally */
- session->key->cred->credentials = cred;
-
- session->key->cred->next = NULL;
- session->key->cred->algorithm = type;
- } else {
- ccred = session->key->cred;
- while(ccred!=NULL) {
- if (ccred->algorithm==type) {
- exists=1;
- break;
- }
- pcred = ccred;
- ccred = ccred->next;
- }
- /* After this, pcred is not null.
- */
-
- if (exists==0) { /* new entry */
- pcred->next = gnutls_malloc(sizeof(auth_cred_st));
- if (pcred->next == NULL) return GNUTLS_E_MEMORY_ERROR;
-
- ccred = pcred->next;
-
- /* copy credentials locally */
- ccred->credentials = cred;
-
- ccred->next = NULL;
- ccred->algorithm = type;
- } else { /* modify existing entry */
- gnutls_free(ccred->credentials);
- ccred->credentials = cred;
- }
+int gnutls_credentials_set(gnutls_session session,
+ gnutls_credentials_type type, void *cred)
+{
+ auth_cred_st *ccred = NULL, *pcred = NULL;
+ int exists = 0;
+
+ if (session->key->cred == NULL) { /* beginning of the list */
+
+ session->key->cred = gnutls_malloc(sizeof(auth_cred_st));
+ if (session->key->cred == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ /* copy credentials locally */
+ session->key->cred->credentials = cred;
+
+ session->key->cred->next = NULL;
+ session->key->cred->algorithm = type;
+ } else {
+ ccred = session->key->cred;
+ while (ccred != NULL) {
+ if (ccred->algorithm == type) {
+ exists = 1;
+ break;
+ }
+ pcred = ccred;
+ ccred = ccred->next;
}
+ /* After this, pcred is not null.
+ */
+
+ if (exists == 0) { /* new entry */
+ pcred->next = gnutls_malloc(sizeof(auth_cred_st));
+ if (pcred->next == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ccred = pcred->next;
+
+ /* copy credentials locally */
+ ccred->credentials = cred;
- return 0;
+ ccred->next = NULL;
+ ccred->algorithm = type;
+ } else { /* modify existing entry */
+ gnutls_free(ccred->credentials);
+ ccred->credentials = cred;
+ }
+ }
+
+ return 0;
}
/**
@@ -141,16 +146,18 @@ int gnutls_credentials_set( gnutls_session session, gnutls_credentials_type type
* Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA),
* the same function are to be used to access the authentication data.
**/
-gnutls_credentials_type gnutls_auth_get_type( gnutls_session session)
+gnutls_credentials_type gnutls_auth_get_type(gnutls_session session)
{
/* This is not the credentials we must set, but the authentication data
* we get by the peer, so it should be reversed.
*/
-int server = session->security_parameters.entity==GNUTLS_SERVER?0:1;
+ int server =
+ session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1;
- return _gnutls_map_kx_get_cred(
- _gnutls_cipher_suite_get_kx_algo(
- &session->security_parameters.current_cipher_suite), server);
+ return
+ _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.
+ current_cipher_suite), server);
}
/**
@@ -162,11 +169,12 @@ int server = session->security_parameters.entity==GNUTLS_SERVER?0:1;
* to access authentication data.
*
**/
-gnutls_credentials_type gnutls_auth_server_get_type( gnutls_session session)
+gnutls_credentials_type gnutls_auth_server_get_type(gnutls_session session)
{
- return _gnutls_map_kx_get_cred(
- _gnutls_cipher_suite_get_kx_algo(
- &session->security_parameters.current_cipher_suite), 1);
+ return
+ _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.
+ current_cipher_suite), 1);
}
/**
@@ -178,11 +186,12 @@ gnutls_credentials_type gnutls_auth_server_get_type( gnutls_session session)
* to access authentication data.
*
**/
-gnutls_credentials_type gnutls_auth_client_get_type( gnutls_session session)
+gnutls_credentials_type gnutls_auth_client_get_type(gnutls_session session)
{
- return _gnutls_map_kx_get_cred(
- _gnutls_cipher_suite_get_kx_algo(
- &session->security_parameters.current_cipher_suite), 0);
+ return
+ _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.
+ current_cipher_suite), 0);
}
@@ -190,35 +199,43 @@ gnutls_credentials_type gnutls_auth_client_get_type( gnutls_session session)
* This returns a pointer to the linked list. Don't
* free that!!!
*/
-const void *_gnutls_get_kx_cred( gnutls_session session, gnutls_kx_algorithm algo, int *err)
+const void *_gnutls_get_kx_cred(gnutls_session session,
+ gnutls_kx_algorithm algo, int *err)
{
-int server = session->security_parameters.entity==GNUTLS_SERVER?1:0;
+ int server =
+ session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
- return _gnutls_get_cred( session->key, _gnutls_map_kx_get_cred(algo, server), err);
+ return _gnutls_get_cred(session->key,
+ _gnutls_map_kx_get_cred(algo, server), err);
}
-const void *_gnutls_get_cred( gnutls_key_st key, gnutls_credentials_type type, int *err) {
- const void *retval = NULL;
- int _err = -1;
- auth_cred_st * ccred;
+const void *_gnutls_get_cred(gnutls_key_st key,
+ gnutls_credentials_type type, int *err)
+{
+ const void *retval = NULL;
+ int _err = -1;
+ auth_cred_st *ccred;
- if (key == NULL) goto out;
+ if (key == NULL)
+ goto out;
- ccred = key->cred;
- while(ccred!=NULL) {
- if (ccred->algorithm==type) {
- break;
- }
- ccred = ccred->next;
+ ccred = key->cred;
+ while (ccred != NULL) {
+ if (ccred->algorithm == type) {
+ break;
}
- if (ccred==NULL) goto out;
+ ccred = ccred->next;
+ }
+ if (ccred == NULL)
+ goto out;
- _err = 0;
- retval = ccred->credentials;
+ _err = 0;
+ retval = ccred->credentials;
- out:
- if (err!=NULL) *err=_err;
- return retval;
+ out:
+ if (err != NULL)
+ *err = _err;
+ return retval;
}
/*-
@@ -234,8 +251,9 @@ const void *_gnutls_get_cred( gnutls_key_st key, gnutls_credentials_type type, i
* In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
* In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
-*/
-void* _gnutls_get_auth_info( gnutls_session session) {
- return session->key->auth_info;
+void *_gnutls_get_auth_info(gnutls_session session)
+{
+ return session->key->auth_info;
}
/*-
@@ -246,43 +264,44 @@ void* _gnutls_get_auth_info( gnutls_session session) {
* null. It must be called since some structures contain malloced
* elements.
-*/
-void _gnutls_free_auth_info( gnutls_session session) {
- if (session==NULL || session->key==NULL) {
- gnutls_assert();
- return;
- }
-
- switch ( session->key->auth_info_type) {
- case GNUTLS_CRD_SRP:
- case GNUTLS_CRD_ANON:
-
- break;
- case GNUTLS_CRD_CERTIFICATE: {
- unsigned int i;
- cert_auth_info_t info =
- _gnutls_get_auth_info(session);
-
- if (info==NULL) break;
- for (i=0;i<info->ncerts;i++) {
- _gnutls_free_datum( &info->raw_certificate_list[i]);
- }
-
- gnutls_free( info->raw_certificate_list);
- info->raw_certificate_list = NULL;
- info->ncerts = 0;
- }
+void _gnutls_free_auth_info(gnutls_session session)
+{
+ if (session == NULL || session->key == NULL) {
+ gnutls_assert();
+ return;
+ }
+
+ switch (session->key->auth_info_type) {
+ case GNUTLS_CRD_SRP:
+ case GNUTLS_CRD_ANON:
+ break;
+ case GNUTLS_CRD_CERTIFICATE:{
+ unsigned int i;
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+ if (info == NULL)
break;
- default:
- return;
+ for (i = 0; i < info->ncerts; i++) {
+ _gnutls_free_datum(&info->raw_certificate_list[i]);
+ }
+ gnutls_free(info->raw_certificate_list);
+ info->raw_certificate_list = NULL;
+ info->ncerts = 0;
}
- gnutls_free( session->key->auth_info);
- session->key->auth_info = NULL;
- session->key->auth_info_size = 0;
- session->key->auth_info_type = 0;
+
+ break;
+ default:
+ return;
+
+ }
+
+ gnutls_free(session->key->auth_info);
+ session->key->auth_info = NULL;
+ session->key->auth_info_size = 0;
+ session->key->auth_info_type = 0;
}
@@ -291,65 +310,69 @@ void _gnutls_free_auth_info( gnutls_session session) {
* If allow change is !=0 then this will allow changing the auth
* info structure to a different type.
*/
-int _gnutls_auth_info_set( gnutls_session session,
- gnutls_credentials_type type, int size, int allow_change)
+int _gnutls_auth_info_set(gnutls_session session,
+ gnutls_credentials_type type, int size,
+ int allow_change)
{
- if ( session->key->auth_info == NULL) {
- session->key->auth_info = gnutls_calloc( 1, size);
+ if (session->key->auth_info == NULL) {
+ session->key->auth_info = gnutls_calloc(1, size);
+ if (session->key->auth_info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ session->key->auth_info_type = type;
+ session->key->auth_info_size = size;
+ } else {
+ if (allow_change == 0) {
+ /* If the credentials for the current authentication scheme,
+ * are not the one we want to set, then it's an error.
+ * This may happen if a rehandshake is performed an the
+ * ciphersuite which is negotiated has different authentication
+ * schema.
+ */
+ if (gnutls_auth_get_type(session) !=
+ session->key->auth_info_type) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ } else {
+ /* The new behaviour: Here we reallocate the auth info structure
+ * in order to be able to negotiate different authentication
+ * types. Ie. perform an auth_anon and then authenticate again using a
+ * certificate (in order to prevent revealing the certificate's contents,
+ * to passive eavesdropers.
+ */
+ if (gnutls_auth_get_type(session) !=
+ session->key->auth_info_type) {
+ session->key->auth_info =
+ gnutls_realloc_fast(session->key->auth_info, size);
if (session->key->auth_info == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
+ memset(session->key->auth_info, 0, size);
session->key->auth_info_type = type;
session->key->auth_info_size = size;
- } else {
- if (allow_change==0) {
- /* If the credentials for the current authentication scheme,
- * are not the one we want to set, then it's an error.
- * This may happen if a rehandshake is performed an the
- * ciphersuite which is negotiated has different authentication
- * schema.
- */
- if ( gnutls_auth_get_type( session) != session->key->auth_info_type) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
- } else {
- /* The new behaviour: Here we reallocate the auth info structure
- * in order to be able to negotiate different authentication
- * types. Ie. perform an auth_anon and then authenticate again using a
- * certificate (in order to prevent revealing the certificate's contents,
- * to passive eavesdropers.
- */
- if ( gnutls_auth_get_type( session) != session->key->auth_info_type) {
- session->key->auth_info = gnutls_realloc_fast(
- session->key->auth_info, size);
- if (session->key->auth_info == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- memset( session->key->auth_info, 0, size);
- session->key->auth_info_type = type;
- session->key->auth_info_size = size;
- }
- }
+ }
}
- return 0;
+ }
+ return 0;
}
/* this function will copy an mpi_t key to
* opaque data.
*/
-int _gnutls_generate_session_key(gnutls_key_st key) {
-size_t tmp;
+int _gnutls_generate_session_key(gnutls_key_st key)
+{
+ size_t tmp;
- _gnutls_mpi_print( NULL, &tmp, key->KEY);
- key->key.data = gnutls_secure_malloc( tmp);
- if ( key->key.data==NULL) {
- return GNUTLS_E_MEMORY_ERROR;
- }
- _gnutls_mpi_print( key->key.data, &tmp, key->KEY);
-
- key->key.size = tmp;
- return 0;
+ _gnutls_mpi_print(NULL, &tmp, key->KEY);
+ key->key.data = gnutls_secure_malloc(tmp);
+ if (key->key.data == NULL) {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ _gnutls_mpi_print(key->key.data, &tmp, key->KEY);
+
+ key->key.size = tmp;
+ return 0;
}
diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h
index 23cb6d742e..1012ad0b0d 100644
--- a/lib/gnutls_auth.h
+++ b/lib/gnutls_auth.h
@@ -2,20 +2,25 @@
# define GNUTLS_AUTH_H
typedef struct mod_auth_st_int {
- const char* name; /* null terminated */
- int (*gnutls_generate_server_certificate)( gnutls_session, opaque**);
- int (*gnutls_generate_client_certificate)( gnutls_session, opaque**);
- int (*gnutls_generate_server_kx)( gnutls_session, opaque**);
- int (*gnutls_generate_client_kx)( gnutls_session, opaque**); /* used in SRP */
- int (*gnutls_generate_client_cert_vrfy) ( gnutls_session, opaque**);
- int (*gnutls_generate_server_certificate_request) ( gnutls_session, opaque**);
-
- int (*gnutls_process_server_certificate)( gnutls_session, opaque*, size_t);
- int (*gnutls_process_client_certificate)( gnutls_session, opaque*, size_t);
- int (*gnutls_process_server_kx)( gnutls_session, opaque*, size_t);
- int (*gnutls_process_client_kx)( gnutls_session, opaque*, size_t);
- int (*gnutls_process_client_cert_vrfy) ( gnutls_session, opaque*, size_t);
- int (*gnutls_process_server_certificate_request) ( gnutls_session, opaque*, size_t);
+ const char *name; /* null terminated */
+ int (*gnutls_generate_server_certificate) (gnutls_session, opaque **);
+ int (*gnutls_generate_client_certificate) (gnutls_session, opaque **);
+ int (*gnutls_generate_server_kx) (gnutls_session, opaque **);
+ int (*gnutls_generate_client_kx) (gnutls_session, opaque **); /* used in SRP */
+ int (*gnutls_generate_client_cert_vrfy) (gnutls_session, opaque **);
+ int (*gnutls_generate_server_certificate_request) (gnutls_session,
+ opaque **);
+
+ int (*gnutls_process_server_certificate) (gnutls_session, opaque *,
+ size_t);
+ int (*gnutls_process_client_certificate) (gnutls_session, opaque *,
+ size_t);
+ int (*gnutls_process_server_kx) (gnutls_session, opaque *, size_t);
+ int (*gnutls_process_client_kx) (gnutls_session, opaque *, size_t);
+ int (*gnutls_process_client_cert_vrfy) (gnutls_session, opaque *,
+ size_t);
+ int (*gnutls_process_server_certificate_request) (gnutls_session,
+ opaque *, size_t);
} mod_auth_st;
#endif
diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h
index c8ee82e373..e0de2f440a 100644
--- a/lib/gnutls_auth_int.h
+++ b/lib/gnutls_auth_int.h
@@ -1,8 +1,13 @@
-void gnutls_credentials_clear( gnutls_session session);
-int gnutls_credentials_set( gnutls_session session, gnutls_credentials_type type, void* cred);
-const void *_gnutls_get_cred( gnutls_key_st key, gnutls_credentials_type kx, int* err);
-const void *_gnutls_get_kx_cred( gnutls_session session, gnutls_kx_algorithm algo, int *err);
+void gnutls_credentials_clear(gnutls_session session);
+int gnutls_credentials_set(gnutls_session session,
+ gnutls_credentials_type type, void *cred);
+const void *_gnutls_get_cred(gnutls_key_st key, gnutls_credentials_type kx,
+ int *err);
+const void *_gnutls_get_kx_cred(gnutls_session session,
+ gnutls_kx_algorithm algo, int *err);
int _gnutls_generate_session_key(gnutls_key_st key);
-gnutls_credentials_type gnutls_auth_get_type( gnutls_session session);
-void* _gnutls_get_auth_info( gnutls_session session);
-int _gnutls_auth_info_set( gnutls_session session, gnutls_credentials_type type, int size, int allow_change);
+gnutls_credentials_type gnutls_auth_get_type(gnutls_session session);
+void *_gnutls_get_auth_info(gnutls_session session);
+int _gnutls_auth_info_set(gnutls_session session,
+ gnutls_credentials_type type, int size,
+ int allow_change);
diff --git a/lib/gnutls_buffer.h b/lib/gnutls_buffer.h
index 58531d9383..8670d85ed8 100644
--- a/lib/gnutls_buffer.h
+++ b/lib/gnutls_buffer.h
@@ -5,4 +5,3 @@ typedef gnutls_string gnutls_buffer;
#define _gnutls_buffer_init(buf) _gnutls_string_init(buf, gnutls_malloc, gnutls_realloc, gnutls_free);
#define _gnutls_buffer_clear _gnutls_string_clear
#define _gnutls_buffer_append _gnutls_string_append_data
-
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index aa31d7a70a..13fb79035f 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -63,10 +63,11 @@
# define EAGAIN EWOULDBLOCK
#endif
-inline
-static int RET( int err) {
- if (err==EAGAIN) return GNUTLS_E_AGAIN;
- return GNUTLS_E_INTERRUPTED;
+inline static int RET(int err)
+{
+ if (err == EAGAIN)
+ return GNUTLS_E_AGAIN;
+ return GNUTLS_E_INTERRUPTED;
}
#ifdef IO_DEBUG
@@ -76,52 +77,59 @@ static int RET( int err) {
/* Buffers received packets of type APPLICATION DATA and
* HANDSHAKE DATA.
*/
-int _gnutls_record_buffer_put(content_type_t type, gnutls_session session, opaque *data, size_t length)
+int _gnutls_record_buffer_put(content_type_t type, gnutls_session session,
+ opaque * data, size_t length)
{
- if (length==0) return 0;
- switch( type) {
- case GNUTLS_APPLICATION_DATA:
-
- if ( _gnutls_buffer_append( &session->internals.application_data_buffer,
- data, length) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- _gnutls_buffers_log( "BUF[REC]: Inserted %d bytes of Data(%d)\n", length, type);
+ if (length == 0)
+ return 0;
+ switch (type) {
+ case GNUTLS_APPLICATION_DATA:
+
+ if (_gnutls_buffer_append
+ (&session->internals.application_data_buffer, data,
+ length) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ _gnutls_buffers_log("BUF[REC]: Inserted %d bytes of Data(%d)\n",
+ length, type);
+
+ break;
+ case GNUTLS_HANDSHAKE:
+ if (_gnutls_buffer_append
+ (&session->internals.handshake_data_buffer, data,
+ length) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- break;
- case GNUTLS_HANDSHAKE:
- if ( _gnutls_buffer_append( &session->internals.handshake_data_buffer,
- data, length) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ _gnutls_buffers_log("BUF[HSK]: Inserted %d bytes of Data(%d)\n",
+ length, type);
- _gnutls_buffers_log( "BUF[HSK]: Inserted %d bytes of Data(%d)\n", length, type);
+ break;
- break;
-
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return 0;
+ return 0;
}
-int _gnutls_record_buffer_get_size(content_type_t type, gnutls_session session)
+int _gnutls_record_buffer_get_size(content_type_t type,
+ gnutls_session session)
{
- switch( type) {
- case GNUTLS_APPLICATION_DATA:
- return session->internals.application_data_buffer.length;
-
- case GNUTLS_HANDSHAKE:
- return session->internals.handshake_data_buffer.length;
-
- default:
- return GNUTLS_E_INVALID_REQUEST;
- }
+ switch (type) {
+ case GNUTLS_APPLICATION_DATA:
+ return session->internals.application_data_buffer.length;
+
+ case GNUTLS_HANDSHAKE:
+ return session->internals.handshake_data_buffer.length;
+
+ default:
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -135,63 +143,70 @@ int _gnutls_record_buffer_get_size(content_type_t type, gnutls_session session)
* (gnutls leaves some data in the tcp buffer in order for select
* to work).
**/
-size_t gnutls_record_check_pending(gnutls_session session) {
- return _gnutls_record_buffer_get_size(GNUTLS_APPLICATION_DATA, session);
+size_t gnutls_record_check_pending(gnutls_session session)
+{
+ return _gnutls_record_buffer_get_size(GNUTLS_APPLICATION_DATA,
+ session);
}
-int _gnutls_record_buffer_get(content_type_t type, gnutls_session session, opaque *data, size_t length)
+int _gnutls_record_buffer_get(content_type_t type, gnutls_session session,
+ opaque * data, size_t length)
{
- if (length==0 || data==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (length == 0 || data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ switch (type) {
+ case GNUTLS_APPLICATION_DATA:
+
+ if (length > session->internals.application_data_buffer.length) {
+ length = session->internals.application_data_buffer.length;
}
-
- switch(type) {
- case GNUTLS_APPLICATION_DATA:
- if (length > session->internals.application_data_buffer.length) {
- length = session->internals.application_data_buffer.length;
- }
+ _gnutls_buffers_log("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n",
+ length, type);
- _gnutls_buffers_log( "BUFFER[REC][AD]: Read %d bytes of Data(%d)\n", length, type);
+ session->internals.application_data_buffer.length -= length;
+ memcpy(data, session->internals.application_data_buffer.data,
+ length);
- session->internals.application_data_buffer.length -= length;
- memcpy(data, session->internals.application_data_buffer.data, length);
+ /* overwrite buffer */
+ memmove(session->internals.application_data_buffer.data,
+ &session->internals.application_data_buffer.data[length],
+ session->internals.application_data_buffer.length);
- /* overwrite buffer */
- memmove(session->internals.application_data_buffer.data,
- &session->internals.application_data_buffer.data[length],
- session->internals.application_data_buffer.length);
+ /* we do no longer realloc the application_data_buffer.data,
+ * since it serves no practical reason. It also decreases
+ * performance.
+ */
+ break;
- /* we do no longer realloc the application_data_buffer.data,
- * since it serves no practical reason. It also decreases
- * performance.
- */
- break;
-
- case GNUTLS_HANDSHAKE:
- if (length > session->internals.handshake_data_buffer.length) {
- length = session->internals.handshake_data_buffer.length;
- }
+ case GNUTLS_HANDSHAKE:
+ if (length > session->internals.handshake_data_buffer.length) {
+ length = session->internals.handshake_data_buffer.length;
+ }
- _gnutls_buffers_log( "BUF[REC][HD]: Read %d bytes of Data(%d)\n", length, type);
+ _gnutls_buffers_log("BUF[REC][HD]: Read %d bytes of Data(%d)\n",
+ length, type);
- session->internals.handshake_data_buffer.length -= length;
- memcpy(data, session->internals.handshake_data_buffer.data, length);
+ session->internals.handshake_data_buffer.length -= length;
+ memcpy(data, session->internals.handshake_data_buffer.data,
+ length);
- /* overwrite buffer */
- memmove(session->internals.handshake_data_buffer.data,
- &session->internals.handshake_data_buffer.data[length],
- session->internals.handshake_data_buffer.length);
+ /* overwrite buffer */
+ memmove(session->internals.handshake_data_buffer.data,
+ &session->internals.handshake_data_buffer.data[length],
+ session->internals.handshake_data_buffer.length);
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return length;
+ return length;
}
@@ -200,124 +215,134 @@ int _gnutls_record_buffer_get(content_type_t type, gnutls_session session, opaqu
*
* Flags are only used if the default recv() function is being used.
*/
-static ssize_t _gnutls_read( gnutls_session session, void *iptr, size_t sizeOfPtr, int flags)
+static ssize_t _gnutls_read(gnutls_session session, void *iptr,
+ size_t sizeOfPtr, int flags)
{
- size_t left;
- ssize_t i=0;
- char *ptr = iptr;
- uint j,x, sum=0;
- gnutls_transport_ptr fd = session->internals.transport_recv_ptr;
-
- session->internals.direction = 0;
-
- left = sizeOfPtr;
- while (left > 0) {
-
- if (session->internals._gnutls_pull_func==NULL)
- i = recv( (int)fd, &ptr[sizeOfPtr-left], left, flags);
- else
- i = session->internals._gnutls_pull_func(fd, &ptr[sizeOfPtr-left], left);
-
- if (i < 0) {
- _gnutls_read_log( "READ: %d returned from %d, errno=%d\n", i, fd, errno);
-
- if (errno == EAGAIN || errno == EINTR) {
- if (sizeOfPtr-left > 0) {
-
- _gnutls_read_log( "READ: returning %d bytes from %d\n", sizeOfPtr-left, fd);
-
- goto finish;
- }
- gnutls_assert();
-
- return RET(errno);
- } else {
- gnutls_assert();
- return GNUTLS_E_PULL_ERROR;
- }
- } else {
-
- _gnutls_read_log( "READ: Got %d bytes from %d\n", i, fd);
-
- if (i == 0)
- break; /* EOF */
+ size_t left;
+ ssize_t i = 0;
+ char *ptr = iptr;
+ uint j, x, sum = 0;
+ gnutls_transport_ptr fd = session->internals.transport_recv_ptr;
+
+ session->internals.direction = 0;
+
+ left = sizeOfPtr;
+ while (left > 0) {
+
+ if (session->internals._gnutls_pull_func == NULL)
+ i = recv((int) fd, &ptr[sizeOfPtr - left], left, flags);
+ else
+ i = session->internals._gnutls_pull_func(fd,
+ &ptr[sizeOfPtr -
+ left], left);
+
+ if (i < 0) {
+ _gnutls_read_log("READ: %d returned from %d, errno=%d\n", i,
+ fd, errno);
+
+ if (errno == EAGAIN || errno == EINTR) {
+ if (sizeOfPtr - left > 0) {
+
+ _gnutls_read_log("READ: returning %d bytes from %d\n",
+ sizeOfPtr - left, fd);
+
+ goto finish;
}
+ gnutls_assert();
+
+ return RET(errno);
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_PULL_ERROR;
+ }
+ } else {
- left -= i;
+ _gnutls_read_log("READ: Got %d bytes from %d\n", i, fd);
+ if (i == 0)
+ break; /* EOF */
}
- finish:
+ left -= i;
- if (_gnutls_log_level >= 7) {
- char line[128];
- char tmp[16];
-
-
- _gnutls_read_log( "READ: read %d bytes from %d\n", (sizeOfPtr-left), fd);
-
- for (x=0;x<((sizeOfPtr-left)/16)+1;x++) {
- line[0] = 0;
-
- sprintf( tmp, "%.4x - ",x);
- _gnutls_str_cat( line, sizeof(line), tmp);
-
- for (j=0;j<16;j++) {
- if (sum<(sizeOfPtr-left)) {
- sprintf( tmp, "%.2x ", ((unsigned char*)ptr)[sum++]);
- _gnutls_str_cat( line, sizeof(line), tmp);
- }
- }
- _gnutls_read_log( "%s\n", line);
+ }
+
+ finish:
+
+ if (_gnutls_log_level >= 7) {
+ char line[128];
+ char tmp[16];
+
+
+ _gnutls_read_log("READ: read %d bytes from %d\n",
+ (sizeOfPtr - left), fd);
+
+ for (x = 0; x < ((sizeOfPtr - left) / 16) + 1; x++) {
+ line[0] = 0;
+
+ sprintf(tmp, "%.4x - ", x);
+ _gnutls_str_cat(line, sizeof(line), tmp);
+
+ for (j = 0; j < 16; j++) {
+ if (sum < (sizeOfPtr - left)) {
+ sprintf(tmp, "%.2x ", ((unsigned char *) ptr)[sum++]);
+ _gnutls_str_cat(line, sizeof(line), tmp);
}
+ }
+ _gnutls_read_log("%s\n", line);
}
+ }
- return (sizeOfPtr - left);
+ return (sizeOfPtr - left);
}
-#define RCVLOWAT session->internals.lowat
+#define RCVLOWAT session->internals.lowat
/* This function is only used with berkeley style sockets.
* Clears the peeked data (read with MSG_PEEK).
*/
-int _gnutls_io_clear_peeked_data( gnutls_session session) {
-char *peekdata;
-int ret, sum;
-
- if (session->internals.have_peeked_data==0 || RCVLOWAT==0)
- return 0;
-
- peekdata = gnutls_alloca( RCVLOWAT);
- if (peekdata==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* this was already read by using MSG_PEEK - so it shouldn't fail */
- sum = 0;
- do { /* we need this to finish now */
- ret = _gnutls_read( session, peekdata, RCVLOWAT-sum, 0);
- if (ret > 0) sum+=ret;
- } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN || sum < RCVLOWAT);
-
- gnutls_afree(peekdata);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+int _gnutls_io_clear_peeked_data(gnutls_session session)
+{
+ char *peekdata;
+ int ret, sum;
+
+ if (session->internals.have_peeked_data == 0 || RCVLOWAT == 0)
+ return 0;
+
+ peekdata = gnutls_alloca(RCVLOWAT);
+ if (peekdata == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* this was already read by using MSG_PEEK - so it shouldn't fail */
+ sum = 0;
+ do { /* we need this to finish now */
+ ret = _gnutls_read(session, peekdata, RCVLOWAT - sum, 0);
+ if (ret > 0)
+ sum += ret;
+ } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN
+ || sum < RCVLOWAT);
- session->internals.have_peeked_data=0;
+ gnutls_afree(peekdata);
- return 0;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ session->internals.have_peeked_data = 0;
+
+ return 0;
}
-void _gnutls_io_clear_read_buffer( gnutls_session session) {
- session->internals.record_recv_buffer.length = 0;
+void _gnutls_io_clear_read_buffer(gnutls_session session)
+{
+ session->internals.record_recv_buffer.length = 0;
}
-
+
/* This function is like recv(with MSG_PEEK). But it does not return -1 on error.
* It does return gnutls_errno instead.
* This function reads data from the socket and keeps them in a buffer, of up to
@@ -327,152 +352,163 @@ void _gnutls_io_clear_read_buffer( gnutls_session session) {
* which are stored in a local (in the session) buffer. A pointer (iptr) to this buffer is returned.
*
*/
-ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t sizeOfPtr, content_type_t recv_type)
+ssize_t _gnutls_io_read_buffered(gnutls_session session, opaque ** iptr,
+ size_t sizeOfPtr,
+ content_type_t recv_type)
{
- ssize_t ret=0, ret2=0;
- size_t min;
- int buf_pos;
- opaque *buf;
- int recvlowat;
- int recvdata, alloc_size;
-
- *iptr = session->internals.record_recv_buffer.data;
-
- if ( sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0) {
- gnutls_assert(); /* internal error */
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* If an external pull function is used, then do not leave
- * any data into the kernel buffer.
- */
- if (session->internals._gnutls_pull_func != NULL) {
- recvlowat = 0;
- } else {
- /* leave peeked data to the kernel space only if application data
- * is received and we don't have any peeked
- * data in gnutls session.
- */
- if ( recv_type != GNUTLS_APPLICATION_DATA
- && session->internals.have_peeked_data==0)
- recvlowat = 0;
- else recvlowat = RCVLOWAT;
- }
-
+ ssize_t ret = 0, ret2 = 0;
+ size_t min;
+ int buf_pos;
+ opaque *buf;
+ int recvlowat;
+ int recvdata, alloc_size;
+
+ *iptr = session->internals.record_recv_buffer.data;
+
+ if (sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0) {
+ gnutls_assert(); /* internal error */
+ return GNUTLS_E_INVALID_REQUEST;
+ }
-
- /* calculate the actual size, ie. get the minimum of the
- * buffered data and the requested data.
+ /* If an external pull function is used, then do not leave
+ * any data into the kernel buffer.
+ */
+ if (session->internals._gnutls_pull_func != NULL) {
+ recvlowat = 0;
+ } else {
+ /* leave peeked data to the kernel space only if application data
+ * is received and we don't have any peeked
+ * data in gnutls session.
*/
- min = GMIN( session->internals.record_recv_buffer.length, sizeOfPtr);
- if ( min > 0) {
- /* if we have enough buffered data
- * then just return them.
- */
- if ( min == sizeOfPtr) {
- return min;
- }
- }
+ if (recv_type != GNUTLS_APPLICATION_DATA
+ && session->internals.have_peeked_data == 0)
+ recvlowat = 0;
+ else
+ recvlowat = RCVLOWAT;
+ }
- /* min is over zero. recvdata is the data we must
- * receive in order to return the requested data.
- */
- recvdata = sizeOfPtr - min;
- /* Check if the previously read data plus the new data to
- * receive are longer than the maximum receive buffer size.
- */
- if ((session->internals.record_recv_buffer.length + recvdata) > MAX_RECV_SIZE)
- {
- gnutls_assert(); /* internal error */
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Allocate the data required to store the new packet.
+
+ /* calculate the actual size, ie. get the minimum of the
+ * buffered data and the requested data.
+ */
+ min = GMIN(session->internals.record_recv_buffer.length, sizeOfPtr);
+ if (min > 0) {
+ /* if we have enough buffered data
+ * then just return them.
*/
- alloc_size = recvdata+session->internals.record_recv_buffer.length;
- session->internals.record_recv_buffer.data = gnutls_realloc_fast(
- session->internals.record_recv_buffer.data, alloc_size);
- if ( session->internals.record_recv_buffer.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (min == sizeOfPtr) {
+ return min;
}
+ }
- buf_pos = session->internals.record_recv_buffer.length;
- buf = session->internals.record_recv_buffer.data;
- *iptr = buf;
+ /* min is over zero. recvdata is the data we must
+ * receive in order to return the requested data.
+ */
+ recvdata = sizeOfPtr - min;
+
+ /* Check if the previously read data plus the new data to
+ * receive are longer than the maximum receive buffer size.
+ */
+ if ((session->internals.record_recv_buffer.length + recvdata) >
+ MAX_RECV_SIZE) {
+ gnutls_assert(); /* internal error */
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer.
- */
- if ( recvdata - recvlowat > 0) {
- ret = _gnutls_read( session, &buf[buf_pos], recvdata - recvlowat, 0);
-
- /* return immediately if we got an interrupt or eagain
- * error.
- */
- if (ret < 0 && gnutls_error_is_fatal(ret)==0) {
- return ret;
- }
- }
+ /* Allocate the data required to store the new packet.
+ */
+ alloc_size = recvdata + session->internals.record_recv_buffer.length;
+ session->internals.record_recv_buffer.data =
+ gnutls_realloc_fast(session->internals.record_recv_buffer.data,
+ alloc_size);
+ if (session->internals.record_recv_buffer.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ buf_pos = session->internals.record_recv_buffer.length;
+ buf = session->internals.record_recv_buffer.data;
+ *iptr = buf;
+
+ /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer.
+ */
+ if (recvdata - recvlowat > 0) {
+ ret =
+ _gnutls_read(session, &buf[buf_pos], recvdata - recvlowat, 0);
- /* copy fresh data to our buffer.
+ /* return immediately if we got an interrupt or eagain
+ * error.
*/
- if (ret > 0) {
- _gnutls_read_log("RB: Have %d bytes into buffer. Adding %d bytes.\n", session->internals.record_recv_buffer.length, ret);
- _gnutls_read_log("RB: Requested %d bytes\n", sizeOfPtr);
- session->internals.record_recv_buffer.length += ret;
+ if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ return ret;
}
+ }
- buf_pos = session->internals.record_recv_buffer.length;
-
- /* This is hack in order for select to work. Just leave recvlowat data,
- * into the kernel buffer (using a read with MSG_PEEK), thus making
- * select think, that the socket is ready for reading.
- * MSG_PEEK is only used with berkeley style sockets.
- */
- if (ret == (recvdata - recvlowat) && recvlowat > 0) {
- ret2 = _gnutls_read( session, &buf[buf_pos], recvlowat, MSG_PEEK);
+ /* copy fresh data to our buffer.
+ */
+ if (ret > 0) {
+ _gnutls_read_log
+ ("RB: Have %d bytes into buffer. Adding %d bytes.\n",
+ session->internals.record_recv_buffer.length, ret);
+ _gnutls_read_log("RB: Requested %d bytes\n", sizeOfPtr);
+ session->internals.record_recv_buffer.length += ret;
+ }
- if (ret2 < 0 && gnutls_error_is_fatal(ret2)==0) {
- return ret2;
- }
+ buf_pos = session->internals.record_recv_buffer.length;
- if (ret2 > 0) {
- _gnutls_read_log("RB-PEEK: Read %d bytes in PEEK MODE.\n", ret2);
- _gnutls_read_log("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", session->internals.record_recv_buffer.length, ret2, sizeOfPtr);
- session->internals.have_peeked_data = 1;
- session->internals.record_recv_buffer.length += ret2;
+ /* This is hack in order for select to work. Just leave recvlowat data,
+ * into the kernel buffer (using a read with MSG_PEEK), thus making
+ * select think, that the socket is ready for reading.
+ * MSG_PEEK is only used with berkeley style sockets.
+ */
+ if (ret == (recvdata - recvlowat) && recvlowat > 0) {
+ ret2 = _gnutls_read(session, &buf[buf_pos], recvlowat, MSG_PEEK);
- }
+ if (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0) {
+ return ret2;
}
- if (ret < 0 || ret2 < 0) {
- gnutls_assert();
- /* that's because they are initialized to 0 */
- return GMIN(ret, ret2);
+ if (ret2 > 0) {
+ _gnutls_read_log("RB-PEEK: Read %d bytes in PEEK MODE.\n",
+ ret2);
+ _gnutls_read_log
+ ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n",
+ session->internals.record_recv_buffer.length, ret2,
+ sizeOfPtr);
+ session->internals.have_peeked_data = 1;
+ session->internals.record_recv_buffer.length += ret2;
+
}
+ }
- ret += ret2;
+ if (ret < 0 || ret2 < 0) {
+ gnutls_assert();
+ /* that's because they are initialized to 0 */
+ return GMIN(ret, ret2);
+ }
- if (ret > 0 && ret < recvlowat) {
- gnutls_assert();
- return GNUTLS_E_AGAIN;
- }
-
- if (ret==0) { /* EOF */
- gnutls_assert();
- return 0;
- }
+ ret += ret2;
- ret = session->internals.record_recv_buffer.length;
+ if (ret > 0 && ret < recvlowat) {
+ gnutls_assert();
+ return GNUTLS_E_AGAIN;
+ }
- if ((ret > 0) && ((size_t)ret < sizeOfPtr)) {
- /* Short Read */
- gnutls_assert();
- return GNUTLS_E_AGAIN;
- } else {
- return ret;
- }
+ if (ret == 0) { /* EOF */
+ gnutls_assert();
+ return 0;
+ }
+
+ ret = session->internals.record_recv_buffer.length;
+
+ if ((ret > 0) && ((size_t) ret < sizeOfPtr)) {
+ /* Short Read */
+ gnutls_assert();
+ return GNUTLS_E_AGAIN;
+ } else {
+ return ret;
+ }
}
@@ -480,48 +516,53 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t
* record protocol. The send buffer is kept if a send is interrupted and we need to keep
* the data left to sent, in order to send them later.
*/
-
+
#define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
inline
-static int _gnutls_buffer_insert( gnutls_buffer * buffer, const opaque* _data, size_t data_size)
+ static int _gnutls_buffer_insert(gnutls_buffer * buffer,
+ const opaque * _data,
+ size_t data_size)
{
- if ( ( MEMSUB(_data, buffer->data) >= 0) && (MEMSUB(_data, buffer->data) < (ssize_t)buffer->length) ) {
- /* the given _data is part of the buffer.
- */
- if (data_size > buffer->length) {
- gnutls_assert();
- /* this shouldn't have happened */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (_data==buffer->data) { /* then don't even memmove */
- buffer->length = data_size;
- return 0;
- }
-
- memmove( buffer->data, _data, data_size);
- buffer->length = data_size;
-
- return 0;
-
+ if ((MEMSUB(_data, buffer->data) >= 0)
+ && (MEMSUB(_data, buffer->data) < (ssize_t) buffer->length)) {
+ /* the given _data is part of the buffer.
+ */
+ if (data_size > buffer->length) {
+ gnutls_assert();
+ /* this shouldn't have happened */
+ return GNUTLS_E_INTERNAL_ERROR;
}
- if (_gnutls_buffer_append( buffer, _data, data_size) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (_data == buffer->data) { /* then don't even memmove */
+ buffer->length = data_size;
+ return 0;
}
+ memmove(buffer->data, _data, data_size);
+ buffer->length = data_size;
+
return 0;
+
+ }
+
+ if (_gnutls_buffer_append(buffer, _data, data_size) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
inline
-static int _gnutls_buffer_get( gnutls_buffer * buffer, const opaque ** ptr, size_t *ptr_size) {
- *ptr_size = buffer->length;
- *ptr = buffer->data;
-
- return 0;
+ static int _gnutls_buffer_get(gnutls_buffer * buffer,
+ const opaque ** ptr, size_t * ptr_size)
+{
+ *ptr_size = buffer->length;
+ *ptr = buffer->data;
+
+ return 0;
}
@@ -536,138 +577,155 @@ static int _gnutls_buffer_get( gnutls_buffer * buffer, const opaque ** ptr, size
* to decrypt and verify the integrity.
*
*/
-ssize_t _gnutls_io_write_buffered( gnutls_session session, const void *iptr, size_t n)
+ssize_t _gnutls_io_write_buffered(gnutls_session session, const void *iptr,
+ size_t n)
{
- size_t left;
- uint j,x, sum=0;
- ssize_t retval, i;
- const opaque * ptr;
- int ret;
- gnutls_transport_ptr fd = session->internals.transport_send_ptr;
-
- /* to know where the procedure was interrupted.
- */
- session->internals.direction = 1;
-
- ptr = iptr;
+ size_t left;
+ uint j, x, sum = 0;
+ ssize_t retval, i;
+ const opaque *ptr;
+ int ret;
+ gnutls_transport_ptr fd = session->internals.transport_send_ptr;
+
+ /* to know where the procedure was interrupted.
+ */
+ session->internals.direction = 1;
+
+ ptr = iptr;
+
+ /* In case the previous write was interrupted, check if the
+ * iptr != NULL and we have data in the buffer.
+ * If this is true then return an error.
+ */
+ if (session->internals.record_send_buffer.length > 0 && iptr != NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* In case the previous write was interrupted, check if the
- * iptr != NULL and we have data in the buffer.
- * If this is true then return an error.
- */
- if (session->internals.record_send_buffer.length > 0 && iptr != NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ /* If data in the buffer exist
+ */
+ if (iptr == NULL) {
+ /* checking is handled above */
+ ret =
+ _gnutls_buffer_get(&session->internals.record_send_buffer,
+ &ptr, &n);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- /* If data in the buffer exist
- */
- if (iptr == NULL) {
- /* checking is handled above */
- ret = _gnutls_buffer_get( &session->internals.record_send_buffer, &ptr, &n);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ _gnutls_write_log
+ ("WRITE: Restoring old write. (%d bytes to send)\n", n);
+ }
+
+ _gnutls_write_log("WRITE: Will write %d bytes to %d.\n", n, fd);
+
+ i = 0;
+ left = n;
+ while (left > 0) {
+
+ if (session->internals._gnutls_push_func == NULL)
+ i = send((int) fd, &ptr[n - left], left, 0);
+ else
+ i = session->internals._gnutls_push_func(fd, &ptr[n - left],
+ left);
+
+ if (i == -1) {
+ if (errno == EAGAIN || errno == EINTR) {
+ session->internals.record_send_buffer_prev_size +=
+ n - left;
+
+ retval =
+ _gnutls_buffer_insert(&session->internals.
+ record_send_buffer,
+ &ptr[n - left], left);
+ if (retval < 0) {
+ gnutls_assert();
+ return retval;
}
- _gnutls_write_log( "WRITE: Restoring old write. (%d bytes to send)\n", n);
+ _gnutls_write_log
+ ("WRITE: Interrupted. Stored %d bytes to buffer. Already sent %d bytes.\n",
+ left, n - left);
+
+ retval = RET(errno);
+
+ return retval;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_PUSH_ERROR;
+ }
}
+ left -= i;
- _gnutls_write_log( "WRITE: Will write %d bytes to %d.\n", n, fd);
- i = 0;
- left = n;
- while (left > 0) {
-
- if (session->internals._gnutls_push_func==NULL)
- i = send( (int)fd, &ptr[n-left], left, 0);
- else
- i = session->internals._gnutls_push_func(fd, &ptr[n-left], left);
+ if (_gnutls_log_level >= 7) {
+ char line[128];
+ char tmp[16];
- if (i == -1) {
- if (errno == EAGAIN || errno == EINTR) {
- session->internals.record_send_buffer_prev_size += n - left;
- retval = _gnutls_buffer_insert( &session->internals.record_send_buffer, &ptr[n-left], left);
- if (retval < 0) {
- gnutls_assert();
- return retval;
- }
+ _gnutls_write_log
+ ("WRITE: wrote %d bytes to %d. Left %d bytes. Total %d bytes.\n",
+ i, fd, left, n);
+ for (x = 0; x < (uint) ((i) / 16) + 1; x++) {
+ line[0] = 0;
- _gnutls_write_log( "WRITE: Interrupted. Stored %d bytes to buffer. Already sent %d bytes.\n", left, n-left);
+ if (sum > n - left)
+ break;
- retval = RET(errno);
+ sprintf(tmp, "%.4x - ", x);
+ _gnutls_str_cat(line, sizeof(line), tmp);
- return retval;
- } else {
- gnutls_assert();
- return GNUTLS_E_PUSH_ERROR;
- }
- }
- left -= i;
-
-
- if (_gnutls_log_level >= 7) {
- char line[128];
- char tmp[16];
-
-
- _gnutls_write_log( "WRITE: wrote %d bytes to %d. Left %d bytes. Total %d bytes.\n", i, fd, left, n);
- for (x=0;x<(uint)((i)/16)+1;x++) {
- line[0] = 0;
-
- if (sum>n-left)
- break;
-
- sprintf( tmp, "%.4x - ",x);
- _gnutls_str_cat( line, sizeof(line), tmp);
-
- for (j=0;j<16;j++) {
- if (sum<n-left) {
- sprintf( tmp, "%.2x ", ((unsigned char*)ptr)[sum++]);
- _gnutls_str_cat( line, sizeof(line), tmp);
- } else break;
- }
- _gnutls_write_log( "%s\n", line);
- }
+ for (j = 0; j < 16; j++) {
+ if (sum < n - left) {
+ sprintf(tmp, "%.2x ",
+ ((unsigned char *) ptr)[sum++]);
+ _gnutls_str_cat(line, sizeof(line), tmp);
+ } else
+ break;
}
+ _gnutls_write_log("%s\n", line);
+ }
}
+ }
- retval = n + session->internals.record_send_buffer_prev_size;
+ retval = n + session->internals.record_send_buffer_prev_size;
- session->internals.record_send_buffer.length = 0;
- session->internals.record_send_buffer_prev_size = 0;
+ session->internals.record_send_buffer.length = 0;
+ session->internals.record_send_buffer_prev_size = 0;
- return retval;
+ return retval;
}
/* This is exactly like write_buffered, but will use two buffers to read
* from.
*/
-ssize_t _gnutls_io_write_buffered2( gnutls_session session, const void *iptr, size_t n, const void* iptr2, size_t n2)
+ssize_t _gnutls_io_write_buffered2(gnutls_session session,
+ const void *iptr, size_t n,
+ const void *iptr2, size_t n2)
{
- if (n==0) {
- return _gnutls_io_write_buffered( session, iptr2, n2);
- } else {
- opaque* sptr;
- ssize_t ret;
+ if (n == 0) {
+ return _gnutls_io_write_buffered(session, iptr2, n2);
+ } else {
+ opaque *sptr;
+ ssize_t ret;
- sptr = gnutls_alloca( n+n2);
- if (sptr==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy( sptr, iptr, n);
- memcpy( &sptr[n], iptr2, n2);
+ sptr = gnutls_alloca(n + n2);
+ if (sptr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ret = _gnutls_io_write_buffered( session, sptr, n+n2);
- gnutls_afree( sptr);
+ memcpy(sptr, iptr, n);
+ memcpy(&sptr[n], iptr2, n2);
- return ret;
- }
+ ret = _gnutls_io_write_buffered(session, sptr, n + n2);
+ gnutls_afree(sptr);
+
+ return ret;
+ }
}
@@ -675,15 +733,16 @@ ssize_t _gnutls_io_write_buffered2( gnutls_session session, const void *iptr, si
* TLS write buffer (ie. because the previous write was
* interrupted.
*/
-ssize_t _gnutls_io_write_flush( gnutls_session session)
+ssize_t _gnutls_io_write_flush(gnutls_session session)
{
ssize_t ret;
if (session->internals.record_send_buffer.length == 0)
- return 0; /* done */
+ return 0; /* done */
- ret = _gnutls_io_write_buffered( session, NULL, 0);
- _gnutls_write_log("WRITE FLUSH: %d [buffer: %d]\n", ret, session->internals.record_send_buffer.length);
+ ret = _gnutls_io_write_buffered(session, NULL, 0);
+ _gnutls_write_log("WRITE FLUSH: %d [buffer: %d]\n", ret,
+ session->internals.record_send_buffer.length);
return ret;
}
@@ -692,19 +751,19 @@ ssize_t _gnutls_io_write_flush( gnutls_session session)
* Handshake write buffer (ie. because the previous write was
* interrupted.
*/
-ssize_t _gnutls_handshake_io_write_flush( gnutls_session session)
+ssize_t _gnutls_handshake_io_write_flush(gnutls_session session)
{
ssize_t ret;
- ret = _gnutls_handshake_io_send_int( session, 0, 0, NULL, 0);
+ ret = _gnutls_handshake_io_send_int(session, 0, 0, NULL, 0);
if (ret < 0) {
gnutls_assert();
- return ret;
+ return ret;
}
_gnutls_write_log("HANDSHAKE_FLUSH: written[1] %d bytes\n", ret);
if (session->internals.handshake_send_buffer.length == 0) {
- ret = session->internals.handshake_send_buffer_prev_size; /* done */
+ ret = session->internals.handshake_send_buffer_prev_size; /* done */
session->internals.handshake_send_buffer_prev_size = 0;
}
@@ -715,276 +774,303 @@ ssize_t _gnutls_handshake_io_write_flush( gnutls_session session)
/* This is a send function for the gnutls handshake
* protocol. Just makes sure that all data have been sent.
*/
-ssize_t _gnutls_handshake_io_send_int( gnutls_session session, content_type_t type, HandshakeType htype, const void *iptr, size_t n)
+ssize_t _gnutls_handshake_io_send_int(gnutls_session session,
+ content_type_t type,
+ HandshakeType htype,
+ const void *iptr, size_t n)
{
- size_t left;
- ssize_t ret=0;
- const opaque *ptr;
- ssize_t retval = 0;
-
- ptr = iptr;
-
- if (session->internals.handshake_send_buffer.length > 0 && ptr==NULL && n == 0) {
- /* resuming previously interrupted write
- */
- gnutls_assert();
- ret = _gnutls_buffer_get( &session->internals.handshake_send_buffer, &ptr, &n);
- if (ret < 0) {
- gnutls_assert();
- return retval;
- }
+ size_t left;
+ ssize_t ret = 0;
+ const opaque *ptr;
+ ssize_t retval = 0;
- type = session->internals.handshake_send_buffer_type;
- htype = session->internals.handshake_send_buffer_htype;
+ ptr = iptr;
- } else if (session->internals.handshake_send_buffer.length > 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ if (session->internals.handshake_send_buffer.length > 0 && ptr == NULL
+ && n == 0) {
+ /* resuming previously interrupted write
+ */
+ gnutls_assert();
+ ret =
+ _gnutls_buffer_get(&session->internals.handshake_send_buffer,
+ &ptr, &n);
+ if (ret < 0) {
+ gnutls_assert();
+ return retval;
}
+
+ type = session->internals.handshake_send_buffer_type;
+ htype = session->internals.handshake_send_buffer_htype;
+
+ } else if (session->internals.handshake_send_buffer.length > 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
#ifdef WRITE_DEBUG
- else {
- size_t sum=0, x, j;
-
- _gnutls_write_log( "HWRITE: will write %d bytes to %d.\n", n, gnutls_transport_get_ptr(session));
- for (x=0;x<((n)/16)+1;x++) {
- if (sum>n)
- break;
-
- _gnutls_write_log( "%.4x - ",x);
- for (j=0;j<16;j++) {
- if (sum<n) {
- _gnutls_write_log( "%.2x ", ((unsigned char*)ptr)[sum++]);
- } else break;
- }
- _gnutls_write_log( "\n");
- }
- _gnutls_write_log( "\n");
+ else {
+ size_t sum = 0, x, j;
+
+ _gnutls_write_log("HWRITE: will write %d bytes to %d.\n", n,
+ gnutls_transport_get_ptr(session));
+ for (x = 0; x < ((n) / 16) + 1; x++) {
+ if (sum > n)
+ break;
+
+ _gnutls_write_log("%.4x - ", x);
+ for (j = 0; j < 16; j++) {
+ if (sum < n) {
+ _gnutls_write_log("%.2x ",
+ ((unsigned char *) ptr)[sum++]);
+ } else
+ break;
+ }
+ _gnutls_write_log("\n");
}
+ _gnutls_write_log("\n");
+ }
#endif
- if (n==0) { /* if we have no data to send */
- gnutls_assert();
- return 0;
- } else if (ptr==NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
+ if (n == 0) { /* if we have no data to send */
+ gnutls_assert();
+ return 0;
+ } else if (ptr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- left = n;
- while (left > 0) {
- ret = _gnutls_send_int( session, type, htype, &ptr[n-left], left);
- if (ret <= 0) {
- if (ret==0) {
- gnutls_assert();
- ret = GNUTLS_E_INTERNAL_ERROR;
- }
+ left = n;
+ while (left > 0) {
+ ret = _gnutls_send_int(session, type, htype, &ptr[n - left], left);
- if ( left > 0 && (ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN)) {
- gnutls_assert();
+ if (ret <= 0) {
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
- retval = _gnutls_buffer_insert( &session->internals.handshake_send_buffer, &ptr[n-left], left);
- if (retval < 0) {
- gnutls_assert();
- return retval;
- }
+ if (left > 0
+ && (ret == GNUTLS_E_INTERRUPTED
+ || ret == GNUTLS_E_AGAIN)) {
+ gnutls_assert();
- session->internals.handshake_send_buffer_prev_size += n-left;
+ retval =
+ _gnutls_buffer_insert(&session->internals.
+ handshake_send_buffer,
+ &ptr[n - left], left);
+ if (retval < 0) {
+ gnutls_assert();
+ return retval;
+ }
- session->internals.handshake_send_buffer_type = type;
- session->internals.handshake_send_buffer_htype = htype;
+ session->internals.handshake_send_buffer_prev_size +=
+ n - left;
- } else {
- session->internals.handshake_send_buffer_prev_size = 0;
- session->internals.handshake_send_buffer.length = 0;
- }
+ session->internals.handshake_send_buffer_type = type;
+ session->internals.handshake_send_buffer_htype = htype;
- gnutls_assert();
- return ret;
- }
- left -= ret;
+ } else {
+ session->internals.handshake_send_buffer_prev_size = 0;
+ session->internals.handshake_send_buffer.length = 0;
+ }
+
+ gnutls_assert();
+ return ret;
}
+ left -= ret;
+ }
- retval = n + session->internals.handshake_send_buffer_prev_size;
+ retval = n + session->internals.handshake_send_buffer_prev_size;
- session->internals.handshake_send_buffer.length = 0;
- session->internals.handshake_send_buffer_prev_size = 0;
+ session->internals.handshake_send_buffer.length = 0;
+ session->internals.handshake_send_buffer_prev_size = 0;
- return retval;
+ return retval;
}
/* This is a receive function for the gnutls handshake
* protocol. Makes sure that we have received all data.
*/
-ssize_t _gnutls_handshake_io_recv_int( gnutls_session session,
- content_type_t type, HandshakeType htype, void *iptr, size_t sizeOfPtr)
+ssize_t _gnutls_handshake_io_recv_int(gnutls_session session,
+ content_type_t type,
+ HandshakeType htype, void *iptr,
+ size_t sizeOfPtr)
{
- size_t left;
- ssize_t i;
- opaque *ptr;
- size_t dsize;
-
- ptr = iptr;
- left = sizeOfPtr;
-
- if (sizeOfPtr == 0 || iptr == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ size_t left;
+ ssize_t i;
+ opaque *ptr;
+ size_t dsize;
+
+ ptr = iptr;
+ left = sizeOfPtr;
+
+ if (sizeOfPtr == 0 || iptr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (session->internals.handshake_recv_buffer.length > 0) {
+ /* if we have already received some data */
+ if (sizeOfPtr <= session->internals.handshake_recv_buffer.length) {
+ /* if requested less data then return it.
+ */
+ gnutls_assert();
+ memcpy(iptr, session->internals.handshake_recv_buffer.data,
+ sizeOfPtr);
+
+ session->internals.handshake_recv_buffer.length -= sizeOfPtr;
+
+ memmove(session->internals.handshake_recv_buffer.data,
+ &session->internals.handshake_recv_buffer.
+ data[sizeOfPtr],
+ session->internals.handshake_recv_buffer.length);
+
+ return sizeOfPtr;
}
+ gnutls_assert();
+ memcpy(iptr, session->internals.handshake_recv_buffer.data,
+ session->internals.handshake_recv_buffer.length);
- if (session->internals.handshake_recv_buffer.length > 0) {
- /* if we have already received some data */
- if (sizeOfPtr <= session->internals.handshake_recv_buffer.length) {
- /* if requested less data then return it.
- */
- gnutls_assert();
- memcpy( iptr, session->internals.handshake_recv_buffer.data, sizeOfPtr);
-
- session->internals.handshake_recv_buffer.length -= sizeOfPtr;
-
- memmove( session->internals.handshake_recv_buffer.data,
- &session->internals.handshake_recv_buffer.data[sizeOfPtr],
- session->internals.handshake_recv_buffer.length);
-
- return sizeOfPtr;
- }
+ htype = session->internals.handshake_recv_buffer_htype;
+ type = session->internals.handshake_recv_buffer_type;
+
+ left -= session->internals.handshake_recv_buffer.length;
+
+ session->internals.handshake_recv_buffer.length = 0;
+ }
+
+ while (left > 0) {
+ dsize = sizeOfPtr - left;
+ i = _gnutls_recv_int(session, type, htype, &ptr[dsize], left);
+ if (i < 0) {
+
+ if (dsize > 0
+ && (i == GNUTLS_E_INTERRUPTED || i == GNUTLS_E_AGAIN)) {
gnutls_assert();
- memcpy( iptr, session->internals.handshake_recv_buffer.data, session->internals.handshake_recv_buffer.length);
- htype = session->internals.handshake_recv_buffer_htype;
- type = session->internals.handshake_recv_buffer_type;
+ session->internals.handshake_recv_buffer.data =
+ gnutls_realloc_fast(session->internals.
+ handshake_recv_buffer.data, dsize);
+ if (session->internals.handshake_recv_buffer.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(session->internals.handshake_recv_buffer.data, iptr,
+ dsize);
- left -= session->internals.handshake_recv_buffer.length;
+ session->internals.handshake_recv_buffer_htype = htype;
+ session->internals.handshake_recv_buffer_type = type;
+ session->internals.handshake_recv_buffer.length = dsize;
+ } else
session->internals.handshake_recv_buffer.length = 0;
- }
-
- while (left > 0) {
- dsize = sizeOfPtr - left;
- i = _gnutls_recv_int( session, type, htype, &ptr[dsize], left);
- if (i < 0) {
-
- if (dsize > 0 && (i==GNUTLS_E_INTERRUPTED || i==GNUTLS_E_AGAIN)) {
- gnutls_assert();
-
- session->internals.handshake_recv_buffer.data = gnutls_realloc_fast(
- session->internals.handshake_recv_buffer.data, dsize);
- if (session->internals.handshake_recv_buffer.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy( session->internals.handshake_recv_buffer.data, iptr, dsize);
-
- session->internals.handshake_recv_buffer_htype = htype;
- session->internals.handshake_recv_buffer_type = type;
-
- session->internals.handshake_recv_buffer.length = dsize;
- } else
- session->internals.handshake_recv_buffer.length = 0;
-
- gnutls_assert();
-
- return i;
- } else {
- if (i == 0)
- break; /* EOF */
- }
- left -= i;
+ gnutls_assert();
+ return i;
+ } else {
+ if (i == 0)
+ break; /* EOF */
}
- session->internals.handshake_recv_buffer.length = 0;
+ left -= i;
+
+ }
+
+ session->internals.handshake_recv_buffer.length = 0;
- return sizeOfPtr - left;
+ return sizeOfPtr - left;
}
/* Buffer for handshake packets. Keeps the packets in order
* for finished messages to use them. Used in HMAC calculation
* and finished messages.
*/
-int _gnutls_handshake_buffer_put( gnutls_session session, opaque *data, size_t length)
+int _gnutls_handshake_buffer_put(gnutls_session session, opaque * data,
+ size_t length)
{
- if (length==0) return 0;
+ if (length == 0)
+ return 0;
- if ( (session->internals.max_handshake_data_buffer_size > 0) &&
- ((length+session->internals.handshake_hash_buffer.length) >
- session->internals.max_handshake_data_buffer_size)) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _gnutls_buffers_log( "BUF[HSK]: Inserted %d bytes of Data\n", length);
+ if ((session->internals.max_handshake_data_buffer_size > 0) &&
+ ((length + session->internals.handshake_hash_buffer.length) >
+ session->internals.max_handshake_data_buffer_size)) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- if ( _gnutls_buffer_append( &session->internals.handshake_hash_buffer,
- data, length) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ _gnutls_buffers_log("BUF[HSK]: Inserted %d bytes of Data\n", length);
- return 0;
+ if (_gnutls_buffer_append(&session->internals.handshake_hash_buffer,
+ data, length) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
-int _gnutls_handshake_buffer_get_size( gnutls_session session)
+int _gnutls_handshake_buffer_get_size(gnutls_session session)
{
- return session->internals.handshake_hash_buffer.length;
+ return session->internals.handshake_hash_buffer.length;
}
/* this function does not touch the buffer
* and returns data from it (peek mode!)
*/
-int _gnutls_handshake_buffer_peek( gnutls_session session, opaque *data, size_t length)
+int _gnutls_handshake_buffer_peek(gnutls_session session, opaque * data,
+ size_t length)
{
- if (length > session->internals.handshake_hash_buffer.length) {
- length = session->internals.handshake_hash_buffer.length;
- }
+ if (length > session->internals.handshake_hash_buffer.length) {
+ length = session->internals.handshake_hash_buffer.length;
+ }
- _gnutls_buffers_log( "BUF[HSK]: Peeked %d bytes of Data\n", length);
+ _gnutls_buffers_log("BUF[HSK]: Peeked %d bytes of Data\n", length);
- memcpy(data, session->internals.handshake_hash_buffer.data, length);
- return length;
+ memcpy(data, session->internals.handshake_hash_buffer.data, length);
+ return length;
}
/* this function does not touch the buffer
* and returns data from it (peek mode!)
*/
-int _gnutls_handshake_buffer_get_ptr( gnutls_session session, opaque **data_ptr, size_t *length)
+int _gnutls_handshake_buffer_get_ptr(gnutls_session session,
+ opaque ** data_ptr, size_t * length)
{
- if (length!=NULL)
- *length = session->internals.handshake_hash_buffer.length;
+ if (length != NULL)
+ *length = session->internals.handshake_hash_buffer.length;
- _gnutls_buffers_log( "BUF[HSK]: Peeked %d bytes of Data\n", *length);
+ _gnutls_buffers_log("BUF[HSK]: Peeked %d bytes of Data\n", *length);
- if (data_ptr!=NULL)
- *data_ptr = session->internals.handshake_hash_buffer.data;
+ if (data_ptr != NULL)
+ *data_ptr = session->internals.handshake_hash_buffer.data;
- return 0;
+ return 0;
}
/* Does not free the buffer
*/
-int _gnutls_handshake_buffer_empty( gnutls_session session)
+int _gnutls_handshake_buffer_empty(gnutls_session session)
{
- _gnutls_buffers_log( "BUF[HSK]: Emptied buffer\n");
+ _gnutls_buffers_log("BUF[HSK]: Emptied buffer\n");
- session->internals.handshake_hash_buffer.length = 0;
-
- return 0;
+ session->internals.handshake_hash_buffer.length = 0;
+
+ return 0;
}
-int _gnutls_handshake_buffer_clear( gnutls_session session)
+int _gnutls_handshake_buffer_clear(gnutls_session session)
{
- _gnutls_buffers_log( "BUF[HSK]: Cleared Data from buffer\n");
+ _gnutls_buffers_log("BUF[HSK]: Cleared Data from buffer\n");
- _gnutls_buffer_clear( &session->internals.handshake_hash_buffer);
-
- return 0;
+ _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
+
+ return 0;
}
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index 8552377971..b858d10860 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -18,33 +18,42 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-int _gnutls_record_buffer_put(content_type_t type, gnutls_session session, opaque *data, size_t length);
-int _gnutls_record_buffer_get_size(content_type_t type, gnutls_session session);
-int _gnutls_record_buffer_get(content_type_t type, gnutls_session session, opaque *data, size_t length);
-ssize_t _gnutls_io_read_buffered( gnutls_session, opaque **iptr, size_t n, content_type_t);
-void _gnutls_io_clear_read_buffer( gnutls_session);
-int _gnutls_io_clear_peeked_data( gnutls_session session);
+int _gnutls_record_buffer_put(content_type_t type, gnutls_session session,
+ opaque * data, size_t length);
+int _gnutls_record_buffer_get_size(content_type_t type,
+ gnutls_session session);
+int _gnutls_record_buffer_get(content_type_t type, gnutls_session session,
+ opaque * data, size_t length);
+ssize_t _gnutls_io_read_buffered(gnutls_session, opaque ** iptr, size_t n,
+ content_type_t);
+void _gnutls_io_clear_read_buffer(gnutls_session);
+int _gnutls_io_clear_peeked_data(gnutls_session session);
-ssize_t _gnutls_io_write_buffered( gnutls_session, const void *iptr, size_t n );
-ssize_t _gnutls_io_write_buffered2( gnutls_session, const void *iptr, size_t n,
- const void* iptr2, size_t n2);
+ssize_t _gnutls_io_write_buffered(gnutls_session, const void *iptr,
+ size_t n);
+ssize_t _gnutls_io_write_buffered2(gnutls_session, const void *iptr,
+ size_t n, const void *iptr2, size_t n2);
-int _gnutls_handshake_buffer_get_size( gnutls_session session);
-int _gnutls_handshake_buffer_peek( gnutls_session session, opaque *data, size_t length);
-int _gnutls_handshake_buffer_put( gnutls_session session, opaque *data, size_t length);
-int _gnutls_handshake_buffer_clear( gnutls_session session);
-int _gnutls_handshake_buffer_empty( gnutls_session session);
-int _gnutls_handshake_buffer_get_ptr( gnutls_session session, opaque **data_ptr, size_t *length);
+int _gnutls_handshake_buffer_get_size(gnutls_session session);
+int _gnutls_handshake_buffer_peek(gnutls_session session, opaque * data,
+ size_t length);
+int _gnutls_handshake_buffer_put(gnutls_session session, opaque * data,
+ size_t length);
+int _gnutls_handshake_buffer_clear(gnutls_session session);
+int _gnutls_handshake_buffer_empty(gnutls_session session);
+int _gnutls_handshake_buffer_get_ptr(gnutls_session session,
+ opaque ** data_ptr, size_t * length);
#define _gnutls_handshake_io_buffer_clear( session) \
_gnutls_buffer_clear( &session->internals.handshake_send_buffer); \
_gnutls_buffer_clear( &session->internals.handshake_recv_buffer); \
session->internals.handshake_send_buffer_prev_size = 0
-ssize_t _gnutls_handshake_io_recv_int( gnutls_session, content_type_t, HandshakeType, void *, size_t);
-ssize_t _gnutls_handshake_io_send_int( gnutls_session, content_type_t, HandshakeType, const void *, size_t);
-ssize_t _gnutls_io_write_flush( gnutls_session session);
-ssize_t _gnutls_handshake_io_write_flush( gnutls_session session);
+ssize_t _gnutls_handshake_io_recv_int(gnutls_session, content_type_t,
+ HandshakeType, void *, size_t);
+ssize_t _gnutls_handshake_io_send_int(gnutls_session, content_type_t,
+ HandshakeType, const void *, size_t);
+ssize_t _gnutls_io_write_flush(gnutls_session session);
+ssize_t _gnutls_handshake_io_write_flush(gnutls_session session);
size_t gnutls_record_check_pending(gnutls_session session);
-
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index ead9d09363..b2a9a942fe 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -56,29 +56,29 @@ void gnutls_certificate_free_crls(gnutls_certificate_credentials sc);
**/
void gnutls_certificate_free_keys(gnutls_certificate_credentials sc)
{
- uint i, j;
+ uint i, j;
- for (i = 0; i < sc->ncerts; i++) {
- for (j = 0; j < sc->cert_list_length[i]; j++) {
- _gnutls_gcert_deinit( &sc->cert_list[i][j]);
- }
- gnutls_free( sc->cert_list[i]);
+ for (i = 0; i < sc->ncerts; i++) {
+ for (j = 0; j < sc->cert_list_length[i]; j++) {
+ _gnutls_gcert_deinit(&sc->cert_list[i][j]);
}
+ gnutls_free(sc->cert_list[i]);
+ }
- gnutls_free(sc->cert_list_length);
- sc->cert_list_length = NULL;
+ gnutls_free(sc->cert_list_length);
+ sc->cert_list_length = NULL;
- gnutls_free(sc->cert_list);
- sc->cert_list = NULL;
+ gnutls_free(sc->cert_list);
+ sc->cert_list = NULL;
- for (i = 0; i < sc->ncerts; i++) {
- _gnutls_gkey_deinit( &sc->pkey[i]);
- }
+ for (i = 0; i < sc->ncerts; i++) {
+ _gnutls_gkey_deinit(&sc->pkey[i]);
+ }
+
+ gnutls_free(sc->pkey);
+ sc->pkey = NULL;
- gnutls_free( sc->pkey);
- sc->pkey = NULL;
-
- sc->ncerts = 0;
+ sc->ncerts = 0;
}
@@ -94,16 +94,16 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials sc)
**/
void gnutls_certificate_free_cas(gnutls_certificate_credentials sc)
{
- uint j;
+ uint j;
+
+ for (j = 0; j < sc->x509_ncas; j++) {
+ gnutls_x509_crt_deinit(sc->x509_ca_list[j]);
+ }
- for (j = 0; j < sc->x509_ncas; j++) {
- gnutls_x509_crt_deinit( sc->x509_ca_list[j]);
- }
-
- sc->x509_ncas = 0;
+ sc->x509_ncas = 0;
- gnutls_free( sc->x509_ca_list);
- sc->x509_ca_list = NULL;
+ gnutls_free(sc->x509_ca_list);
+ sc->x509_ca_list = NULL;
}
@@ -121,7 +121,7 @@ void gnutls_certificate_free_cas(gnutls_certificate_credentials sc)
**/
void gnutls_certificate_free_ca_names(gnutls_certificate_credentials sc)
{
- _gnutls_free_datum( &sc->x509_rdn_sequence);
+ _gnutls_free_datum(&sc->x509_rdn_sequence);
}
/*-
@@ -133,27 +133,29 @@ void gnutls_certificate_free_ca_names(gnutls_certificate_credentials sc)
* calls would not examine the credentials (or call a callback).
*
-*/
-gnutls_dh_params _gnutls_certificate_get_dh_params(const gnutls_certificate_credentials sc,
- gnutls_session session)
+gnutls_dh_params _gnutls_certificate_get_dh_params(const
+ gnutls_certificate_credentials
+ sc,
+ gnutls_session session)
{
-gnutls_params_st params;
-int ret;
+ gnutls_params_st params;
+ int ret;
- if (session->internals.params.cert_dh_params) {
- return session->internals.params.cert_dh_params;
+ if (session->internals.params.cert_dh_params) {
+ return session->internals.params.cert_dh_params;
+ }
+
+ if (sc->dh_params) {
+ session->internals.params.cert_dh_params = sc->dh_params;
+ } else if (sc->params_func) {
+ ret = sc->params_func(session, GNUTLS_PARAMS_DH, &params);
+ if (ret == 0 && params.type == GNUTLS_PARAMS_DH) {
+ session->internals.params.cert_dh_params = params.params.dh;
+ session->internals.params.free_cert_dh_params = params.deinit;
}
+ }
- if (sc->dh_params) {
- session->internals.params.cert_dh_params = sc->dh_params;
- } else if (sc->params_func) {
- ret = sc->params_func( session, GNUTLS_PARAMS_DH, &params);
- if (ret == 0 && params.type == GNUTLS_PARAMS_DH) {
- session->internals.params.cert_dh_params = params.params.dh;
- session->internals.params.free_cert_dh_params = params.deinit;
- }
- }
-
- return session->internals.params.cert_dh_params;
+ return session->internals.params.cert_dh_params;
}
/*-
@@ -163,27 +165,31 @@ int ret;
* This function will return the rsa parameters pointer.
*
-*/
-gnutls_rsa_params _gnutls_certificate_get_rsa_params(const gnutls_certificate_credentials sc,
- gnutls_session session)
+gnutls_rsa_params _gnutls_certificate_get_rsa_params(const
+ gnutls_certificate_credentials
+ sc,
+ gnutls_session
+ session)
{
-gnutls_params_st params;
-int ret;
+ gnutls_params_st params;
+ int ret;
- if (session->internals.params.rsa_params) {
- return session->internals.params.rsa_params;
+ if (session->internals.params.rsa_params) {
+ return session->internals.params.rsa_params;
+ }
+
+ if (sc->rsa_params) {
+ session->internals.params.rsa_params = sc->rsa_params;
+ } else if (sc->params_func) {
+ ret = sc->params_func(session, GNUTLS_PARAMS_RSA_EXPORT, &params);
+ if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT) {
+ session->internals.params.rsa_params =
+ params.params.rsa_export;
+ session->internals.params.free_rsa_params = params.deinit;
}
+ }
- if (sc->rsa_params) {
- session->internals.params.rsa_params = sc->rsa_params;
- } else if (sc->params_func) {
- ret = sc->params_func( session, GNUTLS_PARAMS_RSA_EXPORT, &params);
- if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT) {
- session->internals.params.rsa_params = params.params.rsa_export;
- session->internals.params.free_rsa_params = params.deinit;
- }
- }
-
- return session->internals.params.rsa_params;
+ return session->internals.params.rsa_params;
}
@@ -200,15 +206,15 @@ int ret;
**/
void gnutls_certificate_free_credentials(gnutls_certificate_credentials sc)
{
- gnutls_certificate_free_keys( sc);
- gnutls_certificate_free_cas( sc);
+ gnutls_certificate_free_keys(sc);
+ gnutls_certificate_free_cas(sc);
#ifdef ENABLE_PKI
- gnutls_certificate_free_crls( sc);
+ gnutls_certificate_free_crls(sc);
#endif
- _gnutls_free_datum( &sc->keyring);
+ _gnutls_free_datum(&sc->keyring);
- gnutls_free( sc);
+ gnutls_free(sc);
}
@@ -221,14 +227,15 @@ void gnutls_certificate_free_credentials(gnutls_certificate_credentials sc)
*
* Returns 0 on success.
**/
-int gnutls_certificate_allocate_credentials(gnutls_certificate_credentials * res)
+int gnutls_certificate_allocate_credentials(gnutls_certificate_credentials
+ * res)
{
- *res = gnutls_calloc(1, sizeof(certificate_credentials_st));
+ *res = gnutls_calloc(1, sizeof(certificate_credentials_st));
- if (*res == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (*res == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
@@ -238,49 +245,50 @@ int gnutls_certificate_allocate_credentials(gnutls_certificate_credentials * res
* This function also uses the KeyUsage field of the certificate
* extensions in order to disable unneded algorithms.
*/
-int _gnutls_selected_cert_supported_kx( gnutls_session session, gnutls_kx_algorithm ** alg,
- int *alg_size)
+int _gnutls_selected_cert_supported_kx(gnutls_session session,
+ gnutls_kx_algorithm ** alg,
+ int *alg_size)
{
- gnutls_kx_algorithm kx;
- gnutls_pk_algorithm pk;
- gnutls_kx_algorithm kxlist[MAX_ALGOS];
- gnutls_cert * cert;
- int i;
-
- if (session->internals.selected_cert_list_length == 0) {
- *alg_size = 0;
- *alg = NULL;
- return 0;
- }
-
- cert = &session->internals.selected_cert_list[0];
- i = 0;
-
- for (kx = 0; kx < MAX_ALGOS; kx++) {
- pk = _gnutls_map_pk_get_pk(kx);
- if (pk == cert->subject_pk_algorithm) {
- /* then check key usage */
- if (_gnutls_check_key_usage(cert, kx) == 0) {
- kxlist[i] = kx;
- i++;
- }
- }
+ gnutls_kx_algorithm kx;
+ gnutls_pk_algorithm pk;
+ gnutls_kx_algorithm kxlist[MAX_ALGOS];
+ gnutls_cert *cert;
+ int i;
+
+ if (session->internals.selected_cert_list_length == 0) {
+ *alg_size = 0;
+ *alg = NULL;
+ return 0;
+ }
+
+ cert = &session->internals.selected_cert_list[0];
+ i = 0;
+
+ for (kx = 0; kx < MAX_ALGOS; kx++) {
+ pk = _gnutls_map_pk_get_pk(kx);
+ if (pk == cert->subject_pk_algorithm) {
+ /* then check key usage */
+ if (_gnutls_check_key_usage(cert, kx) == 0) {
+ kxlist[i] = kx;
+ i++;
+ }
}
+ }
- if (i==0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (i == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- *alg = gnutls_calloc(1, sizeof(gnutls_kx_algorithm) * i);
- if (*alg == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ *alg = gnutls_calloc(1, sizeof(gnutls_kx_algorithm) * i);
+ if (*alg == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- *alg_size = i;
+ *alg_size = i;
- memcpy(*alg, kxlist, i * sizeof(gnutls_kx_algorithm));
+ memcpy(*alg, kxlist, i * sizeof(gnutls_kx_algorithm));
- return 0;
+ return 0;
}
@@ -297,9 +305,9 @@ int _gnutls_selected_cert_supported_kx( gnutls_session session, gnutls_kx_algori
* send a certificate.
**/
void gnutls_certificate_server_set_request(gnutls_session session,
- gnutls_certificate_request req)
+ gnutls_certificate_request req)
{
- session->internals.send_cert_req = req;
+ session->internals.send_cert_req = req;
}
/**
@@ -332,10 +340,10 @@ void gnutls_certificate_server_set_request(gnutls_session session,
* should be set to zero. The value (-1) indicates error and the handshake
* will be terminated.
**/
-void gnutls_certificate_client_set_retrieve_function(gnutls_certificate_credentials cred,
- gnutls_certificate_client_retrieve_function * func)
-{
- cred->client_get_cert_callback = func;
+void gnutls_certificate_client_set_retrieve_function
+ (gnutls_certificate_credentials cred,
+ gnutls_certificate_client_retrieve_function * func) {
+ cred->client_get_cert_callback = func;
}
/**
@@ -358,18 +366,20 @@ void gnutls_certificate_client_set_retrieve_function(gnutls_certificate_credenti
* return 0 on success. The value (-1) indicates error and the handshake
* will be terminated.
**/
-void gnutls_certificate_server_set_retrieve_function(gnutls_certificate_credentials cred,
- gnutls_certificate_server_retrieve_function * func)
-{
- cred->server_get_cert_callback = func;
+void gnutls_certificate_server_set_retrieve_function
+ (gnutls_certificate_credentials cred,
+ gnutls_certificate_server_retrieve_function * func) {
+ cred->server_get_cert_callback = func;
}
/* These are set by the gnutls_extra library's initialization function.
*/
-OPENPGP_KEY_CREATION_TIME_FUNC _E_gnutls_openpgp_get_raw_key_creation_time = NULL;
-OPENPGP_KEY_EXPIRATION_TIME_FUNC _E_gnutls_openpgp_get_raw_key_expiration_time = NULL;
+OPENPGP_KEY_CREATION_TIME_FUNC _E_gnutls_openpgp_get_raw_key_creation_time
+ = NULL;
+OPENPGP_KEY_EXPIRATION_TIME_FUNC
+ _E_gnutls_openpgp_get_raw_key_expiration_time = NULL;
OPENPGP_VERIFY_KEY_FUNC _E_gnutls_openpgp_verify_key = NULL;
/*-
@@ -382,52 +392,54 @@ OPENPGP_VERIFY_KEY_FUNC _E_gnutls_openpgp_verify_key = NULL;
-*/
int _gnutls_openpgp_cert_verify_peers(gnutls_session session)
{
- cert_auth_info_t info;
- const gnutls_certificate_credentials cred;
- int verify;
- int peer_certificate_list_size;
-
- CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0) {
- gnutls_assert();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- /* generate a list of gnutls_certs based on the auth info
- * raw certs.
- */
- peer_certificate_list_size = info->ncerts;
-
- if (peer_certificate_list_size != 1) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* Verify certificate
- */
- if (_E_gnutls_openpgp_verify_key==NULL) {
- gnutls_assert();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
- verify = _E_gnutls_openpgp_verify_key( cred->pgp_trustdb, &cred->keyring, &info->raw_certificate_list[0],
- peer_certificate_list_size);
-
- if (verify < 0) {
- gnutls_assert();
- }
-
- return verify;
+ cert_auth_info_t info;
+ const gnutls_certificate_credentials cred;
+ int verify;
+ int peer_certificate_list_size;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* generate a list of gnutls_certs based on the auth info
+ * raw certs.
+ */
+ peer_certificate_list_size = info->ncerts;
+
+ if (peer_certificate_list_size != 1) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* Verify certificate
+ */
+ if (_E_gnutls_openpgp_verify_key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INIT_LIBEXTRA;
+ }
+ verify =
+ _E_gnutls_openpgp_verify_key(cred->pgp_trustdb, &cred->keyring,
+ &info->raw_certificate_list[0],
+ peer_certificate_list_size);
+
+ if (verify < 0) {
+ gnutls_assert();
+ }
+
+ return verify;
}
/**
@@ -446,26 +458,26 @@ int _gnutls_openpgp_cert_verify_peers(gnutls_session session)
**/
int gnutls_certificate_verify_peers(gnutls_session session)
{
- cert_auth_info_t info;
-
- CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL) {
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- switch( gnutls_certificate_type_get( session)) {
- case GNUTLS_CRT_X509:
- return _gnutls_x509_cert_verify_peers( session);
- case GNUTLS_CRT_OPENPGP:
- return _gnutls_openpgp_cert_verify_peers( session);
- default:
- return GNUTLS_E_INVALID_REQUEST;
- }
+ cert_auth_info_t info;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_cert_verify_peers(session);
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_openpgp_cert_verify_peers(session);
+ default:
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
/**
@@ -479,32 +491,34 @@ int gnutls_certificate_verify_peers(gnutls_session session)
**/
time_t gnutls_certificate_expiration_time_peers(gnutls_session session)
{
- cert_auth_info_t info;
-
- CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL) {
- return (time_t) -1;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0) {
- gnutls_assert();
- return (time_t) -1;
- }
-
- switch( gnutls_certificate_type_get( session)) {
- case GNUTLS_CRT_X509:
- return _gnutls_x509_get_raw_crt_expiration_time(
- &info->raw_certificate_list[0]);
- case GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_get_raw_key_expiration_time==NULL)
- return (time_t)-1;
- return _E_gnutls_openpgp_get_raw_key_expiration_time(
- &info->raw_certificate_list[0]);
- default:
- return (time_t)-1;
- }
+ cert_auth_info_t info;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return (time_t) - 1;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_get_raw_crt_expiration_time(&info->
+ raw_certificate_list
+ [0]);
+ case GNUTLS_CRT_OPENPGP:
+ if (_E_gnutls_openpgp_get_raw_key_expiration_time == NULL)
+ return (time_t) - 1;
+ return _E_gnutls_openpgp_get_raw_key_expiration_time(&info->
+ raw_certificate_list
+ [0]);
+ default:
+ return (time_t) - 1;
+ }
}
/**
@@ -519,76 +533,77 @@ time_t gnutls_certificate_expiration_time_peers(gnutls_session session)
**/
time_t gnutls_certificate_activation_time_peers(gnutls_session session)
{
- cert_auth_info_t info;
-
- CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL) {
- return (time_t) -1;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0) {
- gnutls_assert();
- return (time_t) -1;
- }
-
- switch( gnutls_certificate_type_get( session)) {
- case GNUTLS_CRT_X509:
- return _gnutls_x509_get_raw_crt_activation_time(
- &info->raw_certificate_list[0]);
- case GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_get_raw_key_creation_time==NULL)
- return (time_t)-1;
- return _E_gnutls_openpgp_get_raw_key_creation_time(
- &info->raw_certificate_list[0]);
- default:
- return (time_t)-1;
- }
+ cert_auth_info_t info;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ return (time_t) - 1;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+
+ switch (gnutls_certificate_type_get(session)) {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_get_raw_crt_activation_time(&info->
+ raw_certificate_list
+ [0]);
+ case GNUTLS_CRT_OPENPGP:
+ if (_E_gnutls_openpgp_get_raw_key_creation_time == NULL)
+ return (time_t) - 1;
+ return _E_gnutls_openpgp_get_raw_key_creation_time(&info->
+ raw_certificate_list
+ [0]);
+ default:
+ return (time_t) - 1;
+ }
}
OPENPGP_RAW_KEY_TO_GCERT _E_gnutls_openpgp_raw_key_to_gcert;
OPENPGP_RAW_PRIVKEY_TO_GKEY _E_gnutls_openpgp_raw_privkey_to_gkey;
-int _gnutls_raw_cert_to_gcert(gnutls_cert * gcert, gnutls_certificate_type type,
- const gnutls_datum *raw_cert, int flags /* OR of ConvFlags */)
+int _gnutls_raw_cert_to_gcert(gnutls_cert * gcert,
+ gnutls_certificate_type type,
+ const gnutls_datum * raw_cert,
+ int flags /* OR of ConvFlags */ )
{
- switch( type) {
- case GNUTLS_CRT_X509:
- return _gnutls_x509_raw_cert_to_gcert( gcert,
- raw_cert, flags);
- case GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_raw_key_to_gcert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
- return
- _E_gnutls_openpgp_raw_key_to_gcert( gcert,
- raw_cert);
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ switch (type) {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_raw_cert_to_gcert(gcert, raw_cert, flags);
+ case GNUTLS_CRT_OPENPGP:
+ if (_E_gnutls_openpgp_raw_key_to_gcert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INIT_LIBEXTRA;
}
+ return _E_gnutls_openpgp_raw_key_to_gcert(gcert, raw_cert);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
-int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key, gnutls_certificate_type type,
- const gnutls_datum *raw_key, int key_enc /* DER or PEM */)
+int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key,
+ gnutls_certificate_type type,
+ const gnutls_datum * raw_key,
+ int key_enc /* DER or PEM */ )
{
- switch( type) {
- case GNUTLS_CRT_X509:
- return _gnutls_x509_raw_privkey_to_gkey( key,
- raw_key, key_enc);
- case GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_raw_privkey_to_gkey==NULL) {
- gnutls_assert();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
- return
- _E_gnutls_openpgp_raw_privkey_to_gkey( key, raw_key);
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ switch (type) {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_raw_privkey_to_gkey(key, raw_key, key_enc);
+ case GNUTLS_CRT_OPENPGP:
+ if (_E_gnutls_openpgp_raw_privkey_to_gkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INIT_LIBEXTRA;
}
+ return _E_gnutls_openpgp_raw_privkey_to_gkey(key, raw_key);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
}
@@ -601,113 +616,121 @@ int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key, gnutls_certificate_type ty
* extensions found in the certificate are unsupported and critical.
* The critical extensions will be catched by the verification functions.
*/
-int _gnutls_x509_raw_cert_to_gcert(gnutls_cert * gcert, const gnutls_datum *derCert,
- int flags /* OR of ConvFlags */)
+int _gnutls_x509_raw_cert_to_gcert(gnutls_cert * gcert,
+ const gnutls_datum * derCert,
+ int flags /* OR of ConvFlags */ )
{
- int ret;
- gnutls_x509_crt cert;
-
- ret = gnutls_x509_crt_init( &cert);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret;
+ gnutls_x509_crt cert;
- ret = gnutls_x509_crt_import( cert, derCert, GNUTLS_X509_FMT_DER);
- if ( ret < 0) {
- gnutls_assert();
- gnutls_x509_crt_deinit( cert);
- return ret;
- }
-
- ret = _gnutls_x509_crt_to_gcert( gcert, cert, flags);
- gnutls_x509_crt_deinit( cert);
-
+ ret = gnutls_x509_crt_init(&cert);
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ ret = gnutls_x509_crt_import(cert, derCert, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(cert);
+ return ret;
+ }
+
+ ret = _gnutls_x509_crt_to_gcert(gcert, cert, flags);
+ gnutls_x509_crt_deinit(cert);
+
+ return ret;
}
/* Like above but it accepts a parsed certificate instead.
*/
int _gnutls_x509_crt_to_gcert(gnutls_cert * gcert, gnutls_x509_crt cert,
- unsigned int flags)
+ unsigned int flags)
{
- int ret = 0;
-
- memset(gcert, 0, sizeof(gnutls_cert));
- gcert->cert_type = GNUTLS_CRT_X509;
-
- if ( !(flags & CERT_NO_COPY)) {
- #define SMALL_DER 512
- opaque* der;
- size_t der_size = SMALL_DER;
-
- /* initially allocate a bogus size, just in case the certificate
- * fits in it. That way we minimize the DER encodings performed.
- */
- der = gnutls_malloc( SMALL_DER);
- if (der == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_export( cert, GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
- gnutls_assert();
- gnutls_free(der);
- return ret;
- }
-
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
- der = gnutls_realloc( der, der_size);
- if (der == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crt_export( cert, GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0) {
- gnutls_assert();
- gnutls_free(der);
- return ret;
- }
- }
-
- gcert->raw.data = der;
- gcert->raw.size = der_size;
- } else
- /* now we have 0 or a bitwise or of things to decode */
- flags ^= CERT_NO_COPY;
-
-
- if (flags & CERT_ONLY_EXTENSIONS || flags == 0) {
- gnutls_x509_crt_get_key_usage( cert, &gcert->keyUsage, NULL);
- gcert->version = gnutls_x509_crt_get_version( cert);
+ int ret = 0;
+
+ memset(gcert, 0, sizeof(gnutls_cert));
+ gcert->cert_type = GNUTLS_CRT_X509;
+
+ if (!(flags & CERT_NO_COPY)) {
+#define SMALL_DER 512
+ opaque *der;
+ size_t der_size = SMALL_DER;
+
+ /* initially allocate a bogus size, just in case the certificate
+ * fits in it. That way we minimize the DER encodings performed.
+ */
+ der = gnutls_malloc(SMALL_DER);
+ if (der == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- gcert->subject_pk_algorithm = gnutls_x509_crt_get_pk_algorithm( cert, NULL);
-
- if (flags & CERT_ONLY_PUBKEY || flags == 0) {
- gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
- ret = _gnutls_x509_crt_get_mpis( cert, gcert->params, &gcert->params_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+
+ ret =
+ gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, der,
+ &der_size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ gnutls_free(der);
+ return ret;
}
- return 0;
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ der = gnutls_realloc(der, der_size);
+ if (der == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, der,
+ &der_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(der);
+ return ret;
+ }
+ }
+
+ gcert->raw.data = der;
+ gcert->raw.size = der_size;
+ } else
+ /* now we have 0 or a bitwise or of things to decode */
+ flags ^= CERT_NO_COPY;
+
+
+ if (flags & CERT_ONLY_EXTENSIONS || flags == 0) {
+ gnutls_x509_crt_get_key_usage(cert, &gcert->keyUsage, NULL);
+ gcert->version = gnutls_x509_crt_get_version(cert);
+ }
+ gcert->subject_pk_algorithm =
+ gnutls_x509_crt_get_pk_algorithm(cert, NULL);
+
+ if (flags & CERT_ONLY_PUBKEY || flags == 0) {
+ gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
+ ret =
+ _gnutls_x509_crt_get_mpis(cert, gcert->params,
+ &gcert->params_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ return 0;
}
-void _gnutls_gcert_deinit(gnutls_cert *cert)
+void _gnutls_gcert_deinit(gnutls_cert * cert)
{
- int i;
+ int i;
- if (cert == NULL) return;
+ if (cert == NULL)
+ return;
- for (i = 0; i < cert->params_size; i++) {
- _gnutls_mpi_release( &cert->params[i]);
- }
+ for (i = 0; i < cert->params_size; i++) {
+ _gnutls_mpi_release(&cert->params[i]);
+ }
- _gnutls_free_datum(&cert->raw);
+ _gnutls_free_datum(&cert->raw);
}
-
diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h
index 66c66a829f..37e1a821f6 100644
--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -6,7 +6,7 @@
#include <gnutls_ui.h>
#include "x509/x509.h"
-#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
+#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
/* parameters should not be larger than this limit */
#define DSA_PUBLIC_PARAMS 4
@@ -26,75 +26,81 @@
#define KEY_DECIPHER_ONLY 32768
typedef struct gnutls_cert {
- mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public
- * key algorithm
- * RSA: [0] is modulus
- * [1] is public exponent
- * DSA: [0] is p
- * [1] is q
- * [2] is g
- * [3] is public key
+ mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public
+ * key algorithm
+ * RSA: [0] is modulus
+ * [1] is public exponent
+ * DSA: [0] is p
+ * [1] is q
+ * [2] is g
+ * [3] is public key
+ */
+ int params_size; /* holds the size of MPI params */
+
+ gnutls_pk_algorithm subject_pk_algorithm;
+
+ unsigned int keyUsage; /* bits from KEY_*
*/
- int params_size; /* holds the size of MPI params */
-
- gnutls_pk_algorithm subject_pk_algorithm;
-
- unsigned int keyUsage; /* bits from KEY_*
- */
-
- unsigned int version;
- /* holds the type (PGP, X509)
- */
- gnutls_certificate_type cert_type;
-
- gnutls_datum raw;
-
+
+ unsigned int version;
+ /* holds the type (PGP, X509)
+ */
+ gnutls_certificate_type cert_type;
+
+ gnutls_datum raw;
+
} gnutls_cert;
typedef struct gnutls_privkey_int {
- mpi_t params[MAX_PRIV_PARAMS_SIZE];/* the size of params depends on the public
- * key algorithm
- */
- /*
- * RSA: [0] is modulus
- * [1] is public exponent
- * [2] is private exponent
- * [3] is prime1 (p)
- * [4] is prime2 (q)
- * [5] is coefficient (u == inverse of p mod q)
- * DSA: [0] is p
- * [1] is q
- * [2] is g
- * [3] is y (public key)
- * [4] is x (private key)
- */
- int params_size; /* holds the number of params */
-
- gnutls_pk_algorithm pk_algorithm;
+ mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public
+ * key algorithm
+ */
+ /*
+ * RSA: [0] is modulus
+ * [1] is public exponent
+ * [2] is private exponent
+ * [3] is prime1 (p)
+ * [4] is prime2 (q)
+ * [5] is coefficient (u == inverse of p mod q)
+ * DSA: [0] is p
+ * [1] is q
+ * [2] is g
+ * [3] is y (public key)
+ * [4] is x (private key)
+ */
+ int params_size; /* holds the number of params */
+
+ gnutls_pk_algorithm pk_algorithm;
} gnutls_privkey;
-struct gnutls_session_int; /* because gnutls_session is not defined when this file is included */
+struct gnutls_session_int; /* because gnutls_session is not defined when this file is included */
-typedef enum ConvFlags {
- CERT_NO_COPY=2,
- CERT_ONLY_PUBKEY=4,
- CERT_ONLY_EXTENSIONS=16
+typedef enum ConvFlags {
+ CERT_NO_COPY = 2,
+ CERT_ONLY_PUBKEY = 4,
+ CERT_ONLY_EXTENSIONS = 16
} ConvFlags;
-int _gnutls_x509_raw_cert_to_gcert(gnutls_cert * gcert, const gnutls_datum *derCert,
- int flags);
+int _gnutls_x509_raw_cert_to_gcert(gnutls_cert * gcert,
+ const gnutls_datum * derCert,
+ int flags);
int _gnutls_x509_crt_to_gcert(gnutls_cert * gcert, gnutls_x509_crt cert,
- unsigned int flags);
-
-void _gnutls_gkey_deinit(gnutls_privkey *key);
-void _gnutls_gcert_deinit(gnutls_cert *cert);
-
-int _gnutls_selected_cert_supported_kx(struct gnutls_session_int* session,
- gnutls_kx_algorithm ** alg, int *alg_size);
-
-int _gnutls_raw_cert_to_gcert(gnutls_cert * gcert, gnutls_certificate_type type,
- const gnutls_datum *raw_cert, int flags /* OR of ConvFlags */);
-int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key, gnutls_certificate_type type,
- const gnutls_datum *raw_key, int key_enc /* DER or PEM */);
+ unsigned int flags);
+
+void _gnutls_gkey_deinit(gnutls_privkey * key);
+void _gnutls_gcert_deinit(gnutls_cert * cert);
+
+int _gnutls_selected_cert_supported_kx(struct gnutls_session_int *session,
+ gnutls_kx_algorithm ** alg,
+ int *alg_size);
+
+int _gnutls_raw_cert_to_gcert(gnutls_cert * gcert,
+ gnutls_certificate_type type,
+ const gnutls_datum * raw_cert,
+ int flags /* OR of ConvFlags */ );
+int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key,
+ gnutls_certificate_type type,
+ const gnutls_datum * raw_key,
+ int key_enc /* DER or PEM */ );
#endif
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index c892624880..259a752abc 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -39,20 +39,22 @@
#include "gnutls_record.h"
#include "gnutls_constate.h"
-inline static int
-is_write_comp_null( gnutls_session session) {
- if (session->security_parameters.write_compression_algorithm == GNUTLS_COMP_NULL)
- return 0;
-
- return 1;
+inline static int is_write_comp_null(gnutls_session session)
+{
+ if (session->security_parameters.write_compression_algorithm ==
+ GNUTLS_COMP_NULL)
+ return 0;
+
+ return 1;
}
-inline static int
-is_read_comp_null( gnutls_session session) {
- if (session->security_parameters.read_compression_algorithm == GNUTLS_COMP_NULL)
- return 0;
-
- return 1;
+inline static int is_read_comp_null(gnutls_session session)
+{
+ if (session->security_parameters.read_compression_algorithm ==
+ GNUTLS_COMP_NULL)
+ return 0;
+
+ return 1;
}
@@ -61,188 +63,189 @@ is_read_comp_null( gnutls_session session) {
*
* If random pad != 0 then the random pad data will be appended.
*/
-int _gnutls_encrypt(gnutls_session session, const opaque* headers, size_t headers_size,
- const opaque *data, size_t data_size,
- opaque * ciphertext, size_t ciphertext_size, content_type_t type, int random_pad)
+int _gnutls_encrypt(gnutls_session session, const opaque * headers,
+ size_t headers_size, const opaque * data,
+ size_t data_size, opaque * ciphertext,
+ size_t ciphertext_size, content_type_t type,
+ int random_pad)
{
- gnutls_datum plain;
- gnutls_datum comp;
- int ret;
- int free_comp = 1;
-
- plain.data = (opaque*)data;
- plain.size = data_size;
-
- if (plain.size == 0 || is_write_comp_null( session)==0) {
- comp = plain;
- free_comp = 0;
- } else {
- /* Here comp is allocated and must be
- * freed.
- */
- ret = _gnutls_m_plaintext2compressed(session, &comp, plain);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ gnutls_datum plain;
+ gnutls_datum comp;
+ int ret;
+ int free_comp = 1;
+
+ plain.data = (opaque *) data;
+ plain.size = data_size;
+
+ if (plain.size == 0 || is_write_comp_null(session) == 0) {
+ comp = plain;
+ free_comp = 0;
+ } else {
+ /* Here comp is allocated and must be
+ * freed.
+ */
+ ret = _gnutls_m_plaintext2compressed(session, &comp, plain);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
+ }
- ret = _gnutls_compressed2ciphertext(session, &ciphertext[headers_size],
- ciphertext_size - headers_size, comp, type, random_pad);
+ ret = _gnutls_compressed2ciphertext(session, &ciphertext[headers_size],
+ ciphertext_size - headers_size,
+ comp, type, random_pad);
- if (free_comp)
- _gnutls_free_datum(&comp);
+ if (free_comp)
+ _gnutls_free_datum(&comp);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* copy the headers */
- memcpy( ciphertext, headers, headers_size);
- _gnutls_write_uint16( ret, &ciphertext[3]);
+ /* copy the headers */
+ memcpy(ciphertext, headers, headers_size);
+ _gnutls_write_uint16(ret, &ciphertext[3]);
- return ret+headers_size;
+ return ret + headers_size;
}
/* Decrypts the given data.
* Returns the decrypted data length.
*/
-int _gnutls_decrypt(gnutls_session session, opaque *ciphertext,
- size_t ciphertext_size, uint8 * data, size_t max_data_size,
- content_type_t type)
+int _gnutls_decrypt(gnutls_session session, opaque * ciphertext,
+ size_t ciphertext_size, uint8 * data,
+ size_t max_data_size, content_type_t type)
{
- gnutls_datum gtxt;
- gnutls_datum gcipher;
- int ret;
+ gnutls_datum gtxt;
+ gnutls_datum gcipher;
+ int ret;
+
+ if (ciphertext_size == 0)
+ return 0;
+
+ gcipher.size = ciphertext_size;
+ gcipher.data = ciphertext;
+
+ ret =
+ _gnutls_ciphertext2compressed(session, data, max_data_size,
+ gcipher, type);
+ if (ret < 0) {
+ return ret;
+ }
- if (ciphertext_size == 0)
- return 0;
+ if (ret == 0 || is_read_comp_null(session) == 0) {
+ /* ret == ret */
- gcipher.size = ciphertext_size;
- gcipher.data = ciphertext;
+ } else {
+ gnutls_datum gcomp;
- ret = _gnutls_ciphertext2compressed(session, data, max_data_size, gcipher, type);
+ /* compression has this malloc overhead.
+ */
+
+ gcomp.data = data;
+ gcomp.size = ret;
+ ret = _gnutls_m_compressed2plaintext(session, &gtxt, gcomp);
if (ret < 0) {
- return ret;
+ return ret;
}
- if (ret==0 || is_read_comp_null( session)==0) {
- /* ret == ret */
-
- } else {
- gnutls_datum gcomp;
-
- /* compression has this malloc overhead.
- */
-
- gcomp.data = data;
- gcomp.size = ret;
- ret = _gnutls_m_compressed2plaintext(session, &gtxt, gcomp);
- if (ret < 0) {
- return ret;
- }
-
- if (gtxt.size > max_data_size) {
- gnutls_assert();
- _gnutls_free_datum( &gtxt);
- /* This shouldn't have happen and
- * is a TLS fatal error.
- */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- memcpy( data, gtxt.data, gtxt.size);
- ret = gtxt.size;
-
- _gnutls_free_datum( &gtxt);
+ if (gtxt.size > max_data_size) {
+ gnutls_assert();
+ _gnutls_free_datum(&gtxt);
+ /* This shouldn't have happen and
+ * is a TLS fatal error.
+ */
+ return GNUTLS_E_INTERNAL_ERROR;
}
-
- return ret;
+
+ memcpy(data, gtxt.data, gtxt.size);
+ ret = gtxt.size;
+
+ _gnutls_free_datum(&gtxt);
+ }
+
+ return ret;
}
inline
-static mac_hd_t
-mac_init( gnutls_mac_algorithm mac, opaque* secret, int secret_size, int ver)
+ static mac_hd_t
+mac_init(gnutls_mac_algorithm mac, opaque * secret, int secret_size,
+ int ver)
{
-mac_hd_t td;
+ mac_hd_t td;
- if (mac == GNUTLS_MAC_NULL) return GNUTLS_MAC_FAILED;
+ if (mac == GNUTLS_MAC_NULL)
+ return GNUTLS_MAC_FAILED;
- if ( ver == GNUTLS_SSL3) { /* SSL 3.0 */
- td =
- _gnutls_mac_init_ssl3( mac, secret,
- secret_size);
- } else { /* TLS 1.x */
- td =
- _gnutls_hmac_init( mac, secret, secret_size);
- }
-
- return td;
+ if (ver == GNUTLS_SSL3) { /* SSL 3.0 */
+ td = _gnutls_mac_init_ssl3(mac, secret, secret_size);
+ } else { /* TLS 1.x */
+ td = _gnutls_hmac_init(mac, secret, secret_size);
+ }
+
+ return td;
}
-inline
-static void mac_deinit( mac_hd_t td, opaque* res, int ver)
+inline static void mac_deinit(mac_hd_t td, opaque * res, int ver)
{
- if ( ver == GNUTLS_SSL3) { /* SSL 3.0 */
- _gnutls_mac_deinit_ssl3(td, res);
- } else {
- _gnutls_hmac_deinit(td, res);
- }
+ if (ver == GNUTLS_SSL3) { /* SSL 3.0 */
+ _gnutls_mac_deinit_ssl3(td, res);
+ } else {
+ _gnutls_hmac_deinit(td, res);
+ }
}
inline
-static int calc_enc_length(
- gnutls_session session, int data_size, int hash_size, uint8* pad,
- int random_pad, cipher_type_t block_algo, uint16 blocksize)
+ static int calc_enc_length(gnutls_session session, int data_size,
+ int hash_size, uint8 * pad, int random_pad,
+ cipher_type_t block_algo, uint16 blocksize)
{
-uint8 rand;
-int length;
-
- *pad = 0;
-
- switch ( block_algo) {
- case CIPHER_STREAM:
- length =
- data_size + hash_size;
-
- break;
- case CIPHER_BLOCK:
- if (_gnutls_get_random(&rand, 1, GNUTLS_WEAK_RANDOM) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* make rand a multiple of blocksize */
- if ( session->security_parameters.version == GNUTLS_SSL3 ||
- random_pad==0) {
- rand = 0;
- } else {
- rand = (rand / blocksize) * blocksize;
- /* added to avoid the case of pad calculated 0
- * seen below for pad calculation.
- */
- if (rand > blocksize) rand-=blocksize;
- }
-
- length =
- data_size +
- hash_size;
-
- *pad = (uint8) (blocksize - (length % blocksize)) + rand;
-
- length += *pad;
- if ( session->security_parameters.version >= GNUTLS_TLS1_1)
- length += blocksize; /* for the IV */
-
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ uint8 rand;
+ int length;
+
+ *pad = 0;
+
+ switch (block_algo) {
+ case CIPHER_STREAM:
+ length = data_size + hash_size;
+
+ break;
+ case CIPHER_BLOCK:
+ if (_gnutls_get_random(&rand, 1, GNUTLS_WEAK_RANDOM) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- return length;
+ /* make rand a multiple of blocksize */
+ if (session->security_parameters.version == GNUTLS_SSL3 ||
+ random_pad == 0) {
+ rand = 0;
+ } else {
+ rand = (rand / blocksize) * blocksize;
+ /* added to avoid the case of pad calculated 0
+ * seen below for pad calculation.
+ */
+ if (rand > blocksize)
+ rand -= blocksize;
+ }
+
+ length = data_size + hash_size;
+
+ *pad = (uint8) (blocksize - (length % blocksize)) + rand;
+
+ length += *pad;
+ if (session->security_parameters.version >= GNUTLS_TLS1_1)
+ length += blocksize; /* for the IV */
+
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return length;
}
/* This is the actual encryption
@@ -251,261 +254,276 @@ int length;
* return the actual encrypted data length.
*/
int _gnutls_compressed2ciphertext(gnutls_session session,
- opaque* cipher_data, int cipher_size,
- gnutls_datum compressed, content_type_t _type,
- int random_pad)
+ opaque * cipher_data, int cipher_size,
+ gnutls_datum compressed,
+ content_type_t _type, int random_pad)
{
- uint8 MAC[MAX_HASH_SIZE];
- uint16 c_length;
- uint8 pad;
- int length,ret;
- mac_hd_t td;
- uint8 type = _type;
- uint8 major, minor;
- int hash_size = _gnutls_hash_get_algo_len(session->security_parameters.write_mac_algorithm);
- gnutls_protocol_version ver;
- int blocksize =
- _gnutls_cipher_get_block_size(session->security_parameters.
- write_bulk_cipher_algorithm);
- cipher_type_t block_algo = _gnutls_cipher_is_block(session->security_parameters.write_bulk_cipher_algorithm);
- opaque* data_ptr;
-
-
- ver = gnutls_protocol_get_version( session);
- minor = _gnutls_version_get_minor( ver);
- major = _gnutls_version_get_major( ver);
-
-
- /* Initialize MAC */
- td = mac_init(session->security_parameters.write_mac_algorithm,
+ uint8 MAC[MAX_HASH_SIZE];
+ uint16 c_length;
+ uint8 pad;
+ int length, ret;
+ mac_hd_t td;
+ uint8 type = _type;
+ uint8 major, minor;
+ int hash_size =
+ _gnutls_hash_get_algo_len(session->security_parameters.
+ write_mac_algorithm);
+ gnutls_protocol_version ver;
+ int blocksize =
+ _gnutls_cipher_get_block_size(session->security_parameters.
+ write_bulk_cipher_algorithm);
+ cipher_type_t block_algo =
+ _gnutls_cipher_is_block(session->security_parameters.
+ write_bulk_cipher_algorithm);
+ opaque *data_ptr;
+
+
+ ver = gnutls_protocol_get_version(session);
+ minor = _gnutls_version_get_minor(ver);
+ major = _gnutls_version_get_major(ver);
+
+
+ /* Initialize MAC */
+ td = mac_init(session->security_parameters.write_mac_algorithm,
session->connection_state.write_mac_secret.data,
session->connection_state.write_mac_secret.size, ver);
- if (td == GNUTLS_MAC_FAILED
- && session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- c_length = _gnutls_conv_uint16(compressed.size);
-
- if (td != GNUTLS_MAC_FAILED) { /* actually when the algorithm in not the NULL one */
- _gnutls_hmac(td, UINT64DATA(session->connection_state.write_sequence_number), 8);
-
- _gnutls_hmac(td, &type, 1);
- if ( ver >= GNUTLS_TLS1) { /* TLS 1.0 or higher */
- _gnutls_hmac(td, &major, 1);
- _gnutls_hmac(td, &minor, 1);
- }
- _gnutls_hmac(td, &c_length, 2);
- _gnutls_hmac(td, compressed.data, compressed.size);
- mac_deinit( td, MAC, ver);
- }
+ if (td == GNUTLS_MAC_FAILED
+ && session->security_parameters.write_mac_algorithm !=
+ GNUTLS_MAC_NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ c_length = _gnutls_conv_uint16(compressed.size);
- /* Calculate the encrypted length (padding etc.)
- */
- length = calc_enc_length( session, compressed.size, hash_size, &pad, random_pad, block_algo,
- blocksize);
- if (length < 0) {
- gnutls_assert();
- return length;
- }
+ if (td != GNUTLS_MAC_FAILED) { /* actually when the algorithm in not the NULL one */
+ _gnutls_hmac(td,
+ UINT64DATA(session->connection_state.
+ write_sequence_number), 8);
- /* copy the encrypted data to cipher_data.
- */
- if (cipher_size < length) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ _gnutls_hmac(td, &type, 1);
+ if (ver >= GNUTLS_TLS1) { /* TLS 1.0 or higher */
+ _gnutls_hmac(td, &major, 1);
+ _gnutls_hmac(td, &minor, 1);
}
-
- data_ptr = cipher_data;
- if ( block_algo==CIPHER_BLOCK &&
- session->security_parameters.version >= GNUTLS_TLS1_1)
- {
- /* copy the random IV.
- */
- if (_gnutls_get_random(data_ptr, blocksize, GNUTLS_WEAK_RANDOM) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- data_ptr += blocksize;
- }
-
- memcpy(data_ptr, compressed.data, compressed.size);
- data_ptr += compressed.size;
-
- if (hash_size > 0) {
- memcpy(data_ptr, MAC, hash_size);
- data_ptr += hash_size;
- }
- if (block_algo==CIPHER_BLOCK && pad > 0) {
- memset(data_ptr, pad - 1, pad);
- }
-
-
- /* Actual encryption (inplace).
+ _gnutls_hmac(td, &c_length, 2);
+ _gnutls_hmac(td, compressed.data, compressed.size);
+ mac_deinit(td, MAC, ver);
+ }
+
+
+ /* Calculate the encrypted length (padding etc.)
+ */
+ length =
+ calc_enc_length(session, compressed.size, hash_size, &pad,
+ random_pad, block_algo, blocksize);
+ if (length < 0) {
+ gnutls_assert();
+ return length;
+ }
+
+ /* copy the encrypted data to cipher_data.
+ */
+ if (cipher_size < length) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ data_ptr = cipher_data;
+ if (block_algo == CIPHER_BLOCK &&
+ session->security_parameters.version >= GNUTLS_TLS1_1) {
+ /* copy the random IV.
*/
- ret = _gnutls_cipher_encrypt(session->connection_state.
- write_cipher_state, cipher_data,
- length);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ if (_gnutls_get_random(data_ptr, blocksize, GNUTLS_WEAK_RANDOM) <
+ 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
+ data_ptr += blocksize;
+ }
+
+ memcpy(data_ptr, compressed.data, compressed.size);
+ data_ptr += compressed.size;
+
+ if (hash_size > 0) {
+ memcpy(data_ptr, MAC, hash_size);
+ data_ptr += hash_size;
+ }
+ if (block_algo == CIPHER_BLOCK && pad > 0) {
+ memset(data_ptr, pad - 1, pad);
+ }
+
+
+ /* Actual encryption (inplace).
+ */
+ ret = _gnutls_cipher_encrypt(session->connection_state.
+ write_cipher_state, cipher_data, length);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return length;
+ return length;
}
/* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size.
* Returns the actual compressed packet size.
*/
int _gnutls_ciphertext2compressed(gnutls_session session,
- opaque* compress_data, int compress_size,
- gnutls_datum ciphertext, uint8 type)
+ opaque * compress_data,
+ int compress_size,
+ gnutls_datum ciphertext, uint8 type)
{
- uint8 MAC[MAX_HASH_SIZE];
- uint16 c_length;
- uint8 pad;
- int length;
- mac_hd_t td;
- uint16 blocksize;
- int ret, i, pad_failed = 0;
- uint8 major, minor;
- gnutls_protocol_version ver;
- int hash_size = _gnutls_hash_get_algo_len(session->security_parameters.read_mac_algorithm);
-
- ver = gnutls_protocol_get_version( session);
- minor = _gnutls_version_get_minor(ver);
- major = _gnutls_version_get_major(ver);
-
- blocksize = _gnutls_cipher_get_block_size(session->security_parameters.
- read_bulk_cipher_algorithm);
-
- /* initialize MAC
- */
- td = mac_init( session->security_parameters.read_mac_algorithm,
- session->connection_state.read_mac_secret.data,
- session->connection_state.read_mac_secret.size, ver);
-
- if (td == GNUTLS_MAC_FAILED
- && session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ uint8 MAC[MAX_HASH_SIZE];
+ uint16 c_length;
+ uint8 pad;
+ int length;
+ mac_hd_t td;
+ uint16 blocksize;
+ int ret, i, pad_failed = 0;
+ uint8 major, minor;
+ gnutls_protocol_version ver;
+ int hash_size =
+ _gnutls_hash_get_algo_len(session->security_parameters.
+ read_mac_algorithm);
+
+ ver = gnutls_protocol_get_version(session);
+ minor = _gnutls_version_get_minor(ver);
+ major = _gnutls_version_get_major(ver);
+
+ blocksize = _gnutls_cipher_get_block_size(session->security_parameters.
+ read_bulk_cipher_algorithm);
+
+ /* initialize MAC
+ */
+ td = mac_init(session->security_parameters.read_mac_algorithm,
+ session->connection_state.read_mac_secret.data,
+ session->connection_state.read_mac_secret.size, ver);
+
+ if (td == GNUTLS_MAC_FAILED
+ && session->security_parameters.read_mac_algorithm !=
+ GNUTLS_MAC_NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+
+ /* actual decryption (inplace)
+ */
+ switch (_gnutls_cipher_is_block
+ (session->security_parameters.read_bulk_cipher_algorithm)) {
+ case CIPHER_STREAM:
+ if ((ret = _gnutls_cipher_decrypt(session->connection_state.
+ read_cipher_state,
+ ciphertext.data,
+ ciphertext.size)) < 0) {
+ gnutls_assert();
+ return ret;
}
+ length = ciphertext.size - hash_size;
- /* actual decryption (inplace)
- */
- switch (_gnutls_cipher_is_block(session->security_parameters.read_bulk_cipher_algorithm)) {
- case CIPHER_STREAM:
- if ( (ret = _gnutls_cipher_decrypt(session->connection_state.
- read_cipher_state, ciphertext.data,
- ciphertext.size)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- length =
- ciphertext.size - hash_size;
-
- break;
- case CIPHER_BLOCK:
- if ((ciphertext.size < blocksize)
- || (ciphertext.size % blocksize != 0)) {
- gnutls_assert();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
-
- if ( (ret = _gnutls_cipher_decrypt(session->connection_state.
- read_cipher_state, ciphertext.data,
- ciphertext.size)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* ignore the IV in TLS 1.1.
- */
- if (session->security_parameters.version >= GNUTLS_TLS1_1) {
- ciphertext.size -= blocksize;
- ciphertext.data += blocksize;
-
- if (ciphertext.size == 0) {
- gnutls_assert();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
- }
-
- pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
-
- length =
- ciphertext.size - hash_size - pad;
-
- if (pad > ciphertext.size - hash_size) {
- gnutls_assert();
- /* We do not fail here. We check below for the
- * the pad_failed. If zero means success.
- */
- pad_failed = GNUTLS_E_DECRYPTION_FAILED;
- }
-
- /* Check the pading bytes (TLS 1.x)
- */
- if ( ver >= GNUTLS_TLS1)
- for (i=2;i<pad;i++) {
- if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1])
- pad_failed = GNUTLS_E_DECRYPTION_FAILED;
- }
-
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ break;
+ case CIPHER_BLOCK:
+ if ((ciphertext.size < blocksize)
+ || (ciphertext.size % blocksize != 0)) {
+ gnutls_assert();
+ return GNUTLS_E_DECRYPTION_FAILED;
}
- if (length < 0) length = 0;
- c_length = _gnutls_conv_uint16((uint16) length);
-
- /* Pass the type, version, length and compressed through
- * MAC.
- */
- if (td != GNUTLS_MAC_FAILED) {
- _gnutls_hmac(td, UINT64DATA(session->connection_state.read_sequence_number), 8);
-
- _gnutls_hmac(td, &type, 1);
- if ( ver >= GNUTLS_TLS1) { /* TLS 1.x */
- _gnutls_hmac(td, &major, 1);
- _gnutls_hmac(td, &minor, 1);
- }
- _gnutls_hmac(td, &c_length, 2);
-
- if (length > 0)
- _gnutls_hmac(td, ciphertext.data, length);
-
- mac_deinit( td, MAC, ver);
+ if ((ret = _gnutls_cipher_decrypt(session->connection_state.
+ read_cipher_state,
+ ciphertext.data,
+ ciphertext.size)) < 0) {
+ gnutls_assert();
+ return ret;
}
- /* This one was introduced to avoid a timing attack against the TLS
- * 1.0 protocol.
+ /* ignore the IV in TLS 1.1.
*/
- if (pad_failed != 0) return pad_failed;
+ if (session->security_parameters.version >= GNUTLS_TLS1_1) {
+ ciphertext.size -= blocksize;
+ ciphertext.data += blocksize;
- /* HMAC was not the same.
- */
- if (memcmp
- (MAC, &ciphertext.data[length], hash_size) != 0) {
+ if (ciphertext.size == 0) {
gnutls_assert();
return GNUTLS_E_DECRYPTION_FAILED;
+ }
}
- /* copy the decrypted stuff to compress_data.
- */
- if (compress_size < length) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
+
+ length = ciphertext.size - hash_size - pad;
+
+ if (pad > ciphertext.size - hash_size) {
+ gnutls_assert();
+ /* We do not fail here. We check below for the
+ * the pad_failed. If zero means success.
+ */
+ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
}
- memcpy( compress_data, ciphertext.data, length);
- return length;
+ /* Check the pading bytes (TLS 1.x)
+ */
+ if (ver >= GNUTLS_TLS1)
+ for (i = 2; i < pad; i++) {
+ if (ciphertext.data[ciphertext.size - i] !=
+ ciphertext.data[ciphertext.size - 1])
+ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (length < 0)
+ length = 0;
+ c_length = _gnutls_conv_uint16((uint16) length);
+
+ /* Pass the type, version, length and compressed through
+ * MAC.
+ */
+ if (td != GNUTLS_MAC_FAILED) {
+ _gnutls_hmac(td,
+ UINT64DATA(session->connection_state.
+ read_sequence_number), 8);
+
+ _gnutls_hmac(td, &type, 1);
+ if (ver >= GNUTLS_TLS1) { /* TLS 1.x */
+ _gnutls_hmac(td, &major, 1);
+ _gnutls_hmac(td, &minor, 1);
+ }
+ _gnutls_hmac(td, &c_length, 2);
+
+ if (length > 0)
+ _gnutls_hmac(td, ciphertext.data, length);
+
+ mac_deinit(td, MAC, ver);
+ }
+
+ /* This one was introduced to avoid a timing attack against the TLS
+ * 1.0 protocol.
+ */
+ if (pad_failed != 0)
+ return pad_failed;
+
+ /* HMAC was not the same.
+ */
+ if (memcmp(MAC, &ciphertext.data[length], hash_size) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ /* copy the decrypted stuff to compress_data.
+ */
+ if (compress_size < length) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ memcpy(compress_data, ciphertext.data, length);
+
+ return length;
}
-
diff --git a/lib/gnutls_cipher.h b/lib/gnutls_cipher.h
index bc89aad4ab..972c01cf87 100644
--- a/lib/gnutls_cipher.h
+++ b/lib/gnutls_cipher.h
@@ -18,13 +18,20 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-int _gnutls_encrypt( gnutls_session session, const opaque* headers, size_t headers_size, const opaque* data, size_t data_size,
- opaque* ciphertext, size_t ciphertext_size, content_type_t type, int random_pad);
+int _gnutls_encrypt(gnutls_session session, const opaque * headers,
+ size_t headers_size, const opaque * data,
+ size_t data_size, opaque * ciphertext,
+ size_t ciphertext_size, content_type_t type,
+ int random_pad);
-int _gnutls_decrypt(gnutls_session session, opaque *ciphertext,
+int _gnutls_decrypt(gnutls_session session, opaque * ciphertext,
size_t ciphertext_size, uint8 * data, size_t data_size,
content_type_t type);
-int _gnutls_compressed2ciphertext(gnutls_session session, opaque* cipher_data, int cipher_size, gnutls_datum compressed,
- content_type_t _type, int random_pad);
-int _gnutls_ciphertext2compressed(gnutls_session session, opaque * compress_data, int compress_size,
- gnutls_datum ciphertext, uint8 type);
+int _gnutls_compressed2ciphertext(gnutls_session session,
+ opaque * cipher_data, int cipher_size,
+ gnutls_datum compressed,
+ content_type_t _type, int random_pad);
+int _gnutls_ciphertext2compressed(gnutls_session session,
+ opaque * compress_data,
+ int compress_size,
+ gnutls_datum ciphertext, uint8 type);
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index c68a243736..24ff0370ee 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -25,75 +25,91 @@
#include <gnutls_cipher_int.h>
#include <gnutls_datum.h>
-cipher_hd_t _gnutls_cipher_init( gnutls_cipher_algorithm cipher,
- const gnutls_datum *key, const gnutls_datum *iv)
+cipher_hd_t _gnutls_cipher_init(gnutls_cipher_algorithm cipher,
+ const gnutls_datum * key,
+ const gnutls_datum * iv)
{
-cipher_hd_t ret = NULL;
-gcry_error_t err = GPG_ERR_GENERAL; /* doesn't matter */
+ cipher_hd_t ret = NULL;
+ gcry_error_t err = GPG_ERR_GENERAL; /* doesn't matter */
- switch (cipher) {
- case GNUTLS_CIPHER_AES_128_CBC:
- err = gcry_cipher_open(&ret, GCRY_CIPHER_RIJNDAEL, GCRY_CIPHER_MODE_CBC, 0);
- break;
- case GNUTLS_CIPHER_AES_256_CBC:
- err = gcry_cipher_open(&ret, GCRY_CIPHER_RIJNDAEL256, GCRY_CIPHER_MODE_CBC, 0);
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- err = gcry_cipher_open(&ret, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
- break;
- case GNUTLS_CIPHER_DES_CBC:
- err = gcry_cipher_open(&ret, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0);
- break;
- case GNUTLS_CIPHER_ARCFOUR_128:
- case GNUTLS_CIPHER_ARCFOUR_40:
- err = gcry_cipher_open(&ret, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM, 0);
- break;
- case GNUTLS_CIPHER_RC2_40_CBC:
- err = gcry_cipher_open(&ret, GCRY_CIPHER_RFC2268_40, GCRY_CIPHER_MODE_CBC, 0);
- break;
- default:
- return NULL;
- }
+ switch (cipher) {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ err =
+ gcry_cipher_open(&ret, GCRY_CIPHER_RIJNDAEL,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ err =
+ gcry_cipher_open(&ret, GCRY_CIPHER_RIJNDAEL256,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ err =
+ gcry_cipher_open(&ret, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC,
+ 0);
+ break;
+ case GNUTLS_CIPHER_DES_CBC:
+ err =
+ gcry_cipher_open(&ret, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC,
+ 0);
+ break;
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ err =
+ gcry_cipher_open(&ret, GCRY_CIPHER_ARCFOUR,
+ GCRY_CIPHER_MODE_STREAM, 0);
+ break;
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ err =
+ gcry_cipher_open(&ret, GCRY_CIPHER_RFC2268_40,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+ default:
+ return NULL;
+ }
- if (err == 0) {
- gcry_cipher_setkey(ret, key->data, key->size);
- if (iv->data!=NULL && iv->size>0) gcry_cipher_setiv(ret, iv->data, iv->size);
- } else if (cipher != GNUTLS_CIPHER_NULL) {
- gnutls_assert();
- _gnutls_x509_log("Gcrypt cipher[%d] error: %s\n", cipher, gcry_strerror(err));
- }
+ if (err == 0) {
+ gcry_cipher_setkey(ret, key->data, key->size);
+ if (iv->data != NULL && iv->size > 0)
+ gcry_cipher_setiv(ret, iv->data, iv->size);
+ } else if (cipher != GNUTLS_CIPHER_NULL) {
+ gnutls_assert();
+ _gnutls_x509_log("Gcrypt cipher[%d] error: %s\n", cipher,
+ gcry_strerror(err));
+ }
- return ret;
+ return ret;
}
-int _gnutls_cipher_encrypt(cipher_hd_t handle, void* text,
- int textlen)
+int _gnutls_cipher_encrypt(cipher_hd_t handle, void *text, int textlen)
{
- if (handle!=GNUTLS_CIPHER_FAILED) {
- if (gcry_cipher_encrypt( handle, text, textlen, NULL, textlen)!=0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (handle != GNUTLS_CIPHER_FAILED) {
+ if (gcry_cipher_encrypt(handle, text, textlen, NULL, textlen) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- return 0;
+ }
+ return 0;
}
-int _gnutls_cipher_decrypt(cipher_hd_t handle, void* ciphertext,
- int ciphertextlen)
+int _gnutls_cipher_decrypt(cipher_hd_t handle, void *ciphertext,
+ int ciphertextlen)
{
- if (handle!=GNUTLS_CIPHER_FAILED) {
- if (gcry_cipher_decrypt( handle, ciphertext, ciphertextlen, NULL, ciphertextlen)!=0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (handle != GNUTLS_CIPHER_FAILED) {
+ if (gcry_cipher_decrypt
+ (handle, ciphertext, ciphertextlen, NULL,
+ ciphertextlen) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- return 0;
+ }
+ return 0;
}
-void _gnutls_cipher_deinit(cipher_hd_t handle)
+void _gnutls_cipher_deinit(cipher_hd_t handle)
{
- if (handle!=GNUTLS_CIPHER_FAILED) {
- gcry_cipher_close(handle);
- }
+ if (handle != GNUTLS_CIPHER_FAILED) {
+ gcry_cipher_close(handle);
+ }
}
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index b1dc79569d..c27631a319 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -24,10 +24,12 @@
#define cipher_hd_t gcry_cipher_hd_t
#define GNUTLS_CIPHER_FAILED NULL
-cipher_hd_t _gnutls_cipher_init( gnutls_cipher_algorithm cipher,
- const gnutls_datum *key, const gnutls_datum *iv);
-int _gnutls_cipher_encrypt(cipher_hd_t handle, void* text, int textlen);
-int _gnutls_cipher_decrypt(cipher_hd_t handle, void* ciphertext, int ciphertextlen);
+cipher_hd_t _gnutls_cipher_init(gnutls_cipher_algorithm cipher,
+ const gnutls_datum * key,
+ const gnutls_datum * iv);
+int _gnutls_cipher_encrypt(cipher_hd_t handle, void *text, int textlen);
+int _gnutls_cipher_decrypt(cipher_hd_t handle, void *ciphertext,
+ int ciphertextlen);
void _gnutls_cipher_deinit(cipher_hd_t handle);
-#endif /* GNUTLS_CIPHER_INT */
+#endif /* GNUTLS_CIPHER_INT */
diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c
index 06d5ccdef9..80b3036110 100644
--- a/lib/gnutls_compress.c
+++ b/lib/gnutls_compress.c
@@ -32,41 +32,43 @@
/* These functions allocate the return value internally
*/
int _gnutls_m_plaintext2compressed(gnutls_session session,
- gnutls_datum*
- compress,
- gnutls_datum plaintext)
+ gnutls_datum *
+ compress, gnutls_datum plaintext)
{
- int size;
- opaque *data;
-
- size = _gnutls_compress( session->connection_state.write_compression_state,
- plaintext.data, plaintext.size, &data, MAX_RECORD_SEND_SIZE+1024);
- if (size < 0) {
- gnutls_assert();
- return GNUTLS_E_COMPRESSION_FAILED;
- }
- compress->data = data;
- compress->size = size;
+ int size;
+ opaque *data;
- return 0;
+ size =
+ _gnutls_compress(session->connection_state.write_compression_state,
+ plaintext.data, plaintext.size, &data,
+ MAX_RECORD_SEND_SIZE + 1024);
+ if (size < 0) {
+ gnutls_assert();
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+ compress->data = data;
+ compress->size = size;
+
+ return 0;
}
int _gnutls_m_compressed2plaintext(gnutls_session session,
- gnutls_datum* plain,
- gnutls_datum
- compressed)
+ gnutls_datum * plain,
+ gnutls_datum compressed)
{
- int size;
- opaque* data;
+ int size;
+ opaque *data;
- size = _gnutls_decompress( session->connection_state.read_compression_state,
- compressed.data, compressed.size, &data, MAX_RECORD_RECV_SIZE);
- if (size < 0) {
- gnutls_assert();
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
- plain->data = data;
- plain->size = size;
+ size =
+ _gnutls_decompress(session->connection_state.
+ read_compression_state, compressed.data,
+ compressed.size, &data, MAX_RECORD_RECV_SIZE);
+ if (size < 0) {
+ gnutls_assert();
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+ plain->data = data;
+ plain->size = size;
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h
index 47ba103804..865344b982 100644
--- a/lib/gnutls_compress.h
+++ b/lib/gnutls_compress.h
@@ -18,5 +18,9 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-int _gnutls_m_plaintext2compressed(gnutls_session session, gnutls_datum* compress, gnutls_datum plaintext);
-int _gnutls_m_compressed2plaintext(gnutls_session session, gnutls_datum* plain, gnutls_datum compressed);
+int _gnutls_m_plaintext2compressed(gnutls_session session,
+ gnutls_datum * compress,
+ gnutls_datum plaintext);
+int _gnutls_m_compressed2plaintext(gnutls_session session,
+ gnutls_datum * plain,
+ gnutls_datum compressed);
diff --git a/lib/gnutls_compress_int.c b/lib/gnutls_compress_int.c
index b0c63ee551..bee6454f79 100644
--- a/lib/gnutls_compress_int.c
+++ b/lib/gnutls_compress_int.c
@@ -27,15 +27,15 @@
#ifdef USE_LZO
# ifdef USE_MINILZO
-# include "../libextra/minilzo.h" /* get the prototypes only.
- * Since LZO is a GPLed library, the gnutls_global_init_extra() has
- * to be called, before LZO compression can be used.
- */
+# include "../libextra/minilzo.h" /* get the prototypes only.
+ * Since LZO is a GPLed library, the gnutls_global_init_extra() has
+ * to be called, before LZO compression can be used.
+ */
# else
# include <lzo1x.h>
# endif
-typedef int (*LZO_FUNC)();
+typedef int (*LZO_FUNC) ();
LZO_FUNC _gnutls_lzo1x_decompress_safe = NULL;
LZO_FUNC _gnutls_lzo1x_1_compress = NULL;
@@ -45,299 +45,314 @@ LZO_FUNC _gnutls_lzo1x_1_compress = NULL;
/* The flag d is the direction (compress, decompress). Non zero is
* decompress.
*/
-comp_hd_t _gnutls_comp_init( gnutls_compression_method method, int d)
+comp_hd_t _gnutls_comp_init(gnutls_compression_method method, int d)
{
-comp_hd_t ret;
-int err;
+ comp_hd_t ret;
+ int err;
- ret = gnutls_malloc( sizeof( struct comp_hd_t_STRUCT));
- if (ret==NULL) {
- gnutls_assert();
- return NULL;
- }
+ ret = gnutls_malloc(sizeof(struct comp_hd_t_STRUCT));
+ if (ret == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
- ret->algo = method;
- ret->handle = NULL;
+ ret->algo = method;
+ ret->handle = NULL;
- switch( method) {
+ switch (method) {
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE: {
- int window_bits, mem_level;
- int comp_level;
- z_stream* zhandle;
-
- window_bits = _gnutls_compression_get_wbits( method);
- mem_level = _gnutls_compression_get_mem_level( method);
- comp_level = _gnutls_compression_get_comp_level( method);
-
- ret->handle = gnutls_malloc( sizeof( z_stream));
- if (ret->handle==NULL) {
- gnutls_assert();
- goto cleanup_ret;
- }
-
- zhandle = ret->handle;
-
- zhandle->zalloc = (alloc_func)0;
- zhandle->zfree = (free_func)0;
- zhandle->opaque = (voidpf)0;
-
- if (d)
- err = inflateInit2(zhandle, window_bits);
- else {
- err = deflateInit2(zhandle,
- comp_level, Z_DEFLATED,
- window_bits, mem_level, Z_DEFAULT_STRATEGY);
- }
- if (err!=Z_OK) {
- gnutls_assert();
- gnutls_free( ret->handle);
- goto cleanup_ret;
- }
- break;
+ case GNUTLS_COMP_DEFLATE:{
+ int window_bits, mem_level;
+ int comp_level;
+ z_stream *zhandle;
+
+ window_bits = _gnutls_compression_get_wbits(method);
+ mem_level = _gnutls_compression_get_mem_level(method);
+ comp_level = _gnutls_compression_get_comp_level(method);
+
+ ret->handle = gnutls_malloc(sizeof(z_stream));
+ if (ret->handle == NULL) {
+ gnutls_assert();
+ goto cleanup_ret;
+ }
+
+ zhandle = ret->handle;
+
+ zhandle->zalloc = (alloc_func) 0;
+ zhandle->zfree = (free_func) 0;
+ zhandle->opaque = (voidpf) 0;
+
+ if (d)
+ err = inflateInit2(zhandle, window_bits);
+ else {
+ err = deflateInit2(zhandle,
+ comp_level, Z_DEFLATED,
+ window_bits, mem_level,
+ Z_DEFAULT_STRATEGY);
+ }
+ if (err != Z_OK) {
+ gnutls_assert();
+ gnutls_free(ret->handle);
+ goto cleanup_ret;
}
+ break;
+ }
#endif
#ifdef USE_LZO
- case GNUTLS_COMP_LZO:
- if (d) /* LZO does not use memory on decompressor */
- { /* ret->handle = NULL; */ }
- else {
- ret->handle = gnutls_malloc( LZO1X_1_MEM_COMPRESS);
-
- if (ret->handle==NULL) {
- gnutls_assert();
- cleanup_ret:
- gnutls_free(ret);
- return NULL;
- }
- }
-
- break;
-#endif
- case GNUTLS_COMP_NULL:
- break;
+ case GNUTLS_COMP_LZO:
+ if (d) { /* LZO does not use memory on decompressor *//* ret->handle = NULL; */
+ } else {
+ ret->handle = gnutls_malloc(LZO1X_1_MEM_COMPRESS);
+
+ if (ret->handle == NULL) {
+ gnutls_assert();
+ cleanup_ret:
+ gnutls_free(ret);
+ return NULL;
+ }
}
- return ret;
+
+ break;
+#endif
+ case GNUTLS_COMP_NULL:
+ break;
+ }
+ return ret;
}
-void _gnutls_comp_deinit(comp_hd_t handle, int d) {
-int err;
+void _gnutls_comp_deinit(comp_hd_t handle, int d)
+{
+ int err;
- if (handle!=NULL) {
- switch( handle->algo) {
+ if (handle != NULL) {
+ switch (handle->algo) {
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- if (d)
- err = inflateEnd( handle->handle);
- else
- err = deflateEnd( handle->handle);
- break;
+ case GNUTLS_COMP_DEFLATE:
+ if (d)
+ err = inflateEnd(handle->handle);
+ else
+ err = deflateEnd(handle->handle);
+ break;
#endif
- default:
- break;
- }
- gnutls_free( handle->handle);
- gnutls_free( handle);
-
+ default:
+ break;
}
+ gnutls_free(handle->handle);
+ gnutls_free(handle);
+
+ }
}
/* These functions are memory consuming
*/
-int _gnutls_compress( comp_hd_t handle, const opaque* plain, size_t plain_size,
- opaque** compressed, size_t max_comp_size)
+int _gnutls_compress(comp_hd_t handle, const opaque * plain,
+ size_t plain_size, opaque ** compressed,
+ size_t max_comp_size)
{
-int compressed_size=GNUTLS_E_COMPRESSION_FAILED;
-int err;
+ int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
+ int err;
- /* NULL compression is not handled here
- */
-
- switch( handle->algo) {
+ /* NULL compression is not handled here
+ */
+
+ switch (handle->algo) {
#ifdef USE_LZO
- case GNUTLS_COMP_LZO: {
- lzo_uint out_len;
- size_t size;
-
- if ( _gnutls_lzo1x_1_compress == NULL)
- return GNUTLS_E_COMPRESSION_FAILED;
-
- size = plain_size + plain_size / 64 + 16 + 3;
- *compressed = gnutls_malloc(size);
- if (*compressed==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- err = _gnutls_lzo1x_1_compress( plain, plain_size, *compressed,
- &out_len, handle->handle);
-
- if (err!=LZO_E_OK) {
- gnutls_assert();
- gnutls_free( *compressed); *compressed = NULL;
- return GNUTLS_E_COMPRESSION_FAILED;
- }
-
- compressed_size = out_len;
- break;
- }
+ case GNUTLS_COMP_LZO:{
+ lzo_uint out_len;
+ size_t size;
+
+ if (_gnutls_lzo1x_1_compress == NULL)
+ return GNUTLS_E_COMPRESSION_FAILED;
+
+ size = plain_size + plain_size / 64 + 16 + 3;
+ *compressed = gnutls_malloc(size);
+ if (*compressed == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ err = _gnutls_lzo1x_1_compress(plain, plain_size, *compressed,
+ &out_len, handle->handle);
+
+ if (err != LZO_E_OK) {
+ gnutls_assert();
+ gnutls_free(*compressed);
+ *compressed = NULL;
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+
+ compressed_size = out_len;
+ break;
+ }
#endif
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE: {
- uLongf size;
- z_stream *zhandle;
-
- size = (plain_size+plain_size)+10;
- *compressed = gnutls_malloc(size);
- if (*compressed==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- zhandle = handle->handle;
-
- zhandle->next_in = (Bytef*) plain;
- zhandle->avail_in = plain_size;
- zhandle->next_out = (Bytef*) *compressed;
- zhandle->avail_out = size;
-
- err = deflate( zhandle, Z_SYNC_FLUSH);
-
- if (err!=Z_OK || zhandle->avail_in != 0) {
- gnutls_assert();
- gnutls_free( *compressed); *compressed = NULL;
- return GNUTLS_E_COMPRESSION_FAILED;
- }
-
- compressed_size = size - zhandle->avail_out;
- break;
- }
+ case GNUTLS_COMP_DEFLATE:{
+ uLongf size;
+ z_stream *zhandle;
+
+ size = (plain_size + plain_size) + 10;
+ *compressed = gnutls_malloc(size);
+ if (*compressed == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ zhandle = handle->handle;
+
+ zhandle->next_in = (Bytef *) plain;
+ zhandle->avail_in = plain_size;
+ zhandle->next_out = (Bytef *) * compressed;
+ zhandle->avail_out = size;
+
+ err = deflate(zhandle, Z_SYNC_FLUSH);
+
+ if (err != Z_OK || zhandle->avail_in != 0) {
+ gnutls_assert();
+ gnutls_free(*compressed);
+ *compressed = NULL;
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+
+ compressed_size = size - zhandle->avail_out;
+ break;
+ }
#endif
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ } /* switch */
#ifdef COMPRESSION_DEBUG
- _gnutls_debug_log("Compression ratio: %f\n", (float)((float)compressed_size / (float)plain_size));
+ _gnutls_debug_log("Compression ratio: %f\n",
+ (float) ((float) compressed_size /
+ (float) plain_size));
#endif
- if ((size_t)compressed_size > max_comp_size) {
- gnutls_free(*compressed); *compressed = NULL;
- return GNUTLS_E_COMPRESSION_FAILED;
- }
+ if ((size_t) compressed_size > max_comp_size) {
+ gnutls_free(*compressed);
+ *compressed = NULL;
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
- return compressed_size;
+ return compressed_size;
}
-int _gnutls_decompress( comp_hd_t handle, opaque* compressed, size_t compressed_size,
- opaque** plain, size_t max_record_size)
+int _gnutls_decompress(comp_hd_t handle, opaque * compressed,
+ size_t compressed_size, opaque ** plain,
+ size_t max_record_size)
{
-int plain_size=GNUTLS_E_DECOMPRESSION_FAILED, err;
-int cur_pos;
+ int plain_size = GNUTLS_E_DECOMPRESSION_FAILED, err;
+ int cur_pos;
- if (compressed_size > max_record_size+EXTRA_COMP_SIZE) {
- gnutls_assert();
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
+ if (compressed_size > max_record_size + EXTRA_COMP_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+
+ /* NULL compression is not handled here
+ */
- /* NULL compression is not handled here
- */
-
- switch(handle->algo) {
+ switch (handle->algo) {
#ifdef USE_LZO
- case GNUTLS_COMP_LZO: {
- lzo_uint out_size;
- lzo_uint new_size;
-
- if (_gnutls_lzo1x_decompress_safe == NULL)
- return GNUTLS_E_DECOMPRESSION_FAILED;
-
- *plain = NULL;
- out_size = compressed_size + compressed_size;
- plain_size = 0;
-
- do {
- out_size += 512;
- *plain = gnutls_realloc_fast( *plain, out_size);
- if (*plain==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- new_size = out_size;
- err = _gnutls_lzo1x_decompress_safe(compressed,compressed_size,
- *plain, &new_size,NULL);
-
- } while( (err==LZO_E_OUTPUT_OVERRUN && out_size < max_record_size));
-
- if (err!=LZO_E_OK) {
- gnutls_assert();
- gnutls_free( *plain); *plain = NULL;
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
-
- plain_size = new_size;
- break;
+ case GNUTLS_COMP_LZO:{
+ lzo_uint out_size;
+ lzo_uint new_size;
+
+ if (_gnutls_lzo1x_decompress_safe == NULL)
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+
+ *plain = NULL;
+ out_size = compressed_size + compressed_size;
+ plain_size = 0;
+
+ do {
+ out_size += 512;
+ *plain = gnutls_realloc_fast(*plain, out_size);
+ if (*plain == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
+
+ new_size = out_size;
+ err =
+ _gnutls_lzo1x_decompress_safe(compressed,
+ compressed_size, *plain,
+ &new_size, NULL);
+
+ } while ((err == LZO_E_OUTPUT_OVERRUN
+ && out_size < max_record_size));
+
+ if (err != LZO_E_OK) {
+ gnutls_assert();
+ gnutls_free(*plain);
+ *plain = NULL;
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+
+ plain_size = new_size;
+ break;
+ }
#endif
#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE: {
- uLongf out_size;
- z_stream* zhandle;
-
- *plain = NULL;
- out_size = compressed_size + compressed_size;
- plain_size = 0;
-
- zhandle = handle->handle;
-
- zhandle->next_in = (Bytef*) compressed;
- zhandle->avail_in = compressed_size;
-
- cur_pos = 0;
-
- do {
- out_size += 512;
- *plain = gnutls_realloc_fast( *plain, out_size);
- if (*plain==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- zhandle->next_out = (Bytef*) (*plain + cur_pos);
- zhandle->avail_out = out_size - cur_pos;
-
- err = inflate( zhandle, Z_SYNC_FLUSH);
-
- cur_pos = out_size - zhandle->avail_out;
-
- } while( (err==Z_BUF_ERROR && zhandle->avail_out==0 && out_size < max_record_size)
- || ( err==Z_OK && zhandle->avail_in != 0));
-
- if (err!=Z_OK) {
- gnutls_assert();
- gnutls_free( *plain); *plain = NULL;
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
-
- plain_size = out_size - zhandle->avail_out;
- break;
+ case GNUTLS_COMP_DEFLATE:{
+ uLongf out_size;
+ z_stream *zhandle;
+
+ *plain = NULL;
+ out_size = compressed_size + compressed_size;
+ plain_size = 0;
+
+ zhandle = handle->handle;
+
+ zhandle->next_in = (Bytef *) compressed;
+ zhandle->avail_in = compressed_size;
+
+ cur_pos = 0;
+
+ do {
+ out_size += 512;
+ *plain = gnutls_realloc_fast(*plain, out_size);
+ if (*plain == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
-#endif
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
- if ((size_t)plain_size > max_record_size) {
+ zhandle->next_out = (Bytef *) (*plain + cur_pos);
+ zhandle->avail_out = out_size - cur_pos;
+
+ err = inflate(zhandle, Z_SYNC_FLUSH);
+
+ cur_pos = out_size - zhandle->avail_out;
+
+ } while ((err == Z_BUF_ERROR && zhandle->avail_out == 0
+ && out_size < max_record_size)
+ || (err == Z_OK && zhandle->avail_in != 0));
+
+ if (err != Z_OK) {
gnutls_assert();
- gnutls_free( *plain); *plain = NULL;
+ gnutls_free(*plain);
+ *plain = NULL;
return GNUTLS_E_DECOMPRESSION_FAILED;
- }
+ }
- return plain_size;
+ plain_size = out_size - zhandle->avail_out;
+ break;
+ }
+#endif
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ } /* switch */
+
+ if ((size_t) plain_size > max_record_size) {
+ gnutls_assert();
+ gnutls_free(*plain);
+ *plain = NULL;
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+
+ return plain_size;
}
diff --git a/lib/gnutls_compress_int.h b/lib/gnutls_compress_int.h
index 7c1bfd404a..f285ce828f 100644
--- a/lib/gnutls_compress_int.h
+++ b/lib/gnutls_compress_int.h
@@ -28,14 +28,17 @@
#define GNUTLS_COMP_FAILED NULL
typedef struct comp_hd_t_STRUCT {
- void* handle;
- gnutls_compression_method algo;
+ void *handle;
+ gnutls_compression_method algo;
} *comp_hd_t;
-comp_hd_t _gnutls_comp_init( gnutls_compression_method, int d);
+comp_hd_t _gnutls_comp_init(gnutls_compression_method, int d);
void _gnutls_comp_deinit(comp_hd_t handle, int d);
-int _gnutls_decompress( comp_hd_t handle, opaque* compressed, size_t compressed_size, opaque** plain, size_t max_record_size);
-int _gnutls_compress( comp_hd_t, const opaque* plain, size_t plain_size, opaque** compressed, size_t max_comp_size);
+int _gnutls_decompress(comp_hd_t handle, opaque * compressed,
+ size_t compressed_size, opaque ** plain,
+ size_t max_record_size);
+int _gnutls_compress(comp_hd_t, const opaque * plain, size_t plain_size,
+ opaque ** compressed, size_t max_comp_size);
#endif
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 768a0b6c4d..78fee15e2b 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -58,337 +58,335 @@ int _gnutls_set_keys(gnutls_session session, int hash_size, int IV_size,
/* FIXME: This function is too long
*/
- opaque *key_block;
- opaque random[2 * TLS_RANDOM_SIZE];
- opaque rrandom[2 * TLS_RANDOM_SIZE];
- int pos, ret;
- int block_size;
- char buf[64];
-
- if (session->cipher_specs.generated_keys != 0) {
- /* keys have already been generated.
- * reset generated_keys and exit normally.
- */
- session->cipher_specs.generated_keys = 0;
- return 0;
+ opaque *key_block;
+ opaque random[2 * TLS_RANDOM_SIZE];
+ opaque rrandom[2 * TLS_RANDOM_SIZE];
+ int pos, ret;
+ int block_size;
+ char buf[64];
+
+ if (session->cipher_specs.generated_keys != 0) {
+ /* keys have already been generated.
+ * reset generated_keys and exit normally.
+ */
+ session->cipher_specs.generated_keys = 0;
+ return 0;
+ }
+
+ block_size = 2 * hash_size + 2 * key_size;
+ if (export_flag == 0)
+ block_size += 2 * IV_size;
+
+ key_block = gnutls_secure_malloc(block_size);
+ if (key_block == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(random, session->security_parameters.server_random,
+ TLS_RANDOM_SIZE);
+ memcpy(&random[TLS_RANDOM_SIZE],
+ session->security_parameters.client_random, TLS_RANDOM_SIZE);
+
+ memcpy(rrandom, session->security_parameters.client_random,
+ TLS_RANDOM_SIZE);
+ memcpy(&rrandom[TLS_RANDOM_SIZE],
+ session->security_parameters.server_random, TLS_RANDOM_SIZE);
+
+ if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_generate_random(session->
+ security_parameters.
+ master_secret,
+ TLS_MASTER_SIZE, random,
+ 2 * TLS_RANDOM_SIZE,
+ block_size, key_block);
+ } else { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF(session->security_parameters.master_secret,
+ TLS_MASTER_SIZE, keyexp, keyexp_length,
+ random, 2 * TLS_RANDOM_SIZE, block_size,
+ key_block);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(key_block);
+ return ret;
+ }
+
+ _gnutls_hard_log("INT: KEY BLOCK[%d]: %s\n", block_size,
+ _gnutls_bin2hex(key_block, block_size, buf,
+ sizeof(buf)));
+
+ pos = 0;
+ if (hash_size > 0) {
+ if (_gnutls_sset_datum
+ (&session->cipher_specs.client_write_mac_secret,
+ &key_block[pos], hash_size) < 0) {
+ gnutls_free(key_block);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ pos += hash_size;
+
+ if (_gnutls_sset_datum
+ (&session->cipher_specs.server_write_mac_secret,
+ &key_block[pos], hash_size) < 0) {
+ gnutls_free(key_block);
+ return GNUTLS_E_MEMORY_ERROR;
}
+ pos += hash_size;
+ }
+
+ if (key_size > 0) {
+ opaque *client_write_key, *server_write_key;
+ int client_write_key_size, server_write_key_size;
+ int free_keys = 0;
+
+ if (export_flag == 0) {
+ client_write_key = &key_block[pos];
+ client_write_key_size = key_size;
+
+ pos += key_size;
- block_size = 2 * hash_size + 2 * key_size;
- if (export_flag == 0)
- block_size += 2 * IV_size;
+ server_write_key = &key_block[pos];
+ server_write_key_size = key_size;
- key_block = gnutls_secure_malloc(block_size);
- if (key_block == NULL) {
+ pos += key_size;
+
+ } else { /* export */
+ free_keys = 1;
+
+ client_write_key = gnutls_secure_malloc(EXPORT_FINAL_KEY_SIZE);
+ if (client_write_key == NULL) {
gnutls_assert();
+ gnutls_free(key_block);
return GNUTLS_E_MEMORY_ERROR;
- }
+ }
- memcpy(random, session->security_parameters.server_random,
- TLS_RANDOM_SIZE);
- memcpy(&random[TLS_RANDOM_SIZE],
- session->security_parameters.client_random, TLS_RANDOM_SIZE);
+ server_write_key = gnutls_secure_malloc(EXPORT_FINAL_KEY_SIZE);
+ if (server_write_key == NULL) {
+ gnutls_assert();
+ gnutls_free(key_block);
+ gnutls_free(client_write_key);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- memcpy(rrandom, session->security_parameters.client_random,
- TLS_RANDOM_SIZE);
- memcpy(&rrandom[TLS_RANDOM_SIZE],
- session->security_parameters.server_random, TLS_RANDOM_SIZE);
+ /* generate the final keys */
- if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */
+ if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */
ret =
- _gnutls_ssl3_generate_random(session->
- security_parameters.
- master_secret,
- TLS_MASTER_SIZE, random,
- 2 * TLS_RANDOM_SIZE,
- block_size, key_block);
- } else { /* TLS 1.0 */
+ _gnutls_ssl3_hash_md5(&key_block[pos],
+ key_size, rrandom,
+ 2 * TLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE,
+ client_write_key);
+
+ } else { /* TLS 1.0 */
ret =
- _gnutls_PRF(session->security_parameters.master_secret,
- TLS_MASTER_SIZE, keyexp, keyexp_length,
- random, 2 * TLS_RANDOM_SIZE, block_size,
- key_block);
- }
+ _gnutls_PRF(&key_block[pos], key_size,
+ cliwrite, cliwrite_length,
+ rrandom,
+ 2 * TLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE, client_write_key);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(key_block);
+ gnutls_free(server_write_key);
+ gnutls_free(client_write_key);
+ return ret;
+ }
- if (ret < 0) {
+ client_write_key_size = EXPORT_FINAL_KEY_SIZE;
+ pos += key_size;
+
+ if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_hash_md5(&key_block[pos], key_size,
+ random, 2 * TLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE,
+ server_write_key);
+ } else { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF(&key_block[pos], key_size,
+ servwrite, servwrite_length,
+ rrandom, 2 * TLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE, server_write_key);
+ }
+
+ if (ret < 0) {
gnutls_assert();
gnutls_free(key_block);
+ gnutls_free(server_write_key);
+ gnutls_free(client_write_key);
return ret;
+ }
+
+ server_write_key_size = EXPORT_FINAL_KEY_SIZE;
+ pos += key_size;
}
- _gnutls_hard_log("INT: KEY BLOCK[%d]: %s\n", block_size,
- _gnutls_bin2hex(key_block, block_size, buf, sizeof(buf)));
-
- pos = 0;
- if (hash_size > 0) {
- if (_gnutls_sset_datum
- (&session->cipher_specs.client_write_mac_secret,
- &key_block[pos], hash_size) < 0) {
- gnutls_free(key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
- pos += hash_size;
-
- if (_gnutls_sset_datum
- (&session->cipher_specs.server_write_mac_secret,
- &key_block[pos], hash_size) < 0) {
- gnutls_free(key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
- pos += hash_size;
+ if (_gnutls_sset_datum
+ (&session->cipher_specs.client_write_key,
+ client_write_key, client_write_key_size) < 0) {
+ gnutls_free(key_block);
+ gnutls_free(server_write_key);
+ gnutls_free(client_write_key);
+ return GNUTLS_E_MEMORY_ERROR;
}
+ _gnutls_hard_log("INT: CLIENT WRITE KEY [%d]: %s\n",
+ client_write_key_size,
+ _gnutls_bin2hex(client_write_key,
+ client_write_key_size, buf,
+ sizeof(buf)));
+
+ if (_gnutls_sset_datum
+ (&session->cipher_specs.server_write_key,
+ server_write_key, server_write_key_size) < 0) {
+ gnutls_free(key_block);
+ gnutls_free(server_write_key);
+ gnutls_free(client_write_key);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_hard_log("INT: SERVER WRITE KEY [%d]: %s\n",
+ server_write_key_size,
+ _gnutls_bin2hex(server_write_key,
+ server_write_key_size, buf,
+ sizeof(buf)));
- if (key_size > 0) {
- opaque *client_write_key, *server_write_key;
- int client_write_key_size, server_write_key_size;
- int free_keys = 0;
-
- if (export_flag == 0) {
- client_write_key = &key_block[pos];
- client_write_key_size = key_size;
-
- pos += key_size;
-
- server_write_key = &key_block[pos];
- server_write_key_size = key_size;
-
- pos += key_size;
-
- } else { /* export */
- free_keys = 1;
-
- client_write_key =
- gnutls_secure_malloc(EXPORT_FINAL_KEY_SIZE);
- if (client_write_key == NULL) {
- gnutls_assert();
- gnutls_free(key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- server_write_key =
- gnutls_secure_malloc(EXPORT_FINAL_KEY_SIZE);
- if (server_write_key == NULL) {
- gnutls_assert();
- gnutls_free(key_block);
- gnutls_free(client_write_key);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* generate the final keys */
-
- if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */
- ret =
- _gnutls_ssl3_hash_md5(&key_block[pos],
- key_size, rrandom,
- 2 * TLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE,
- client_write_key);
-
- } else { /* TLS 1.0 */
- ret =
- _gnutls_PRF(&key_block[pos], key_size,
- cliwrite, cliwrite_length,
- rrandom,
- 2 * TLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE,
- client_write_key);
- }
-
- if (ret < 0) {
- gnutls_assert();
- gnutls_free(key_block);
- gnutls_free(server_write_key);
- gnutls_free(client_write_key);
- return ret;
- }
-
- client_write_key_size = EXPORT_FINAL_KEY_SIZE;
- pos += key_size;
-
- if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */
- ret =
- _gnutls_ssl3_hash_md5(&key_block[pos], key_size,
- random, 2 * TLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE,
- server_write_key);
- } else { /* TLS 1.0 */
- ret =
- _gnutls_PRF(&key_block[pos], key_size,
- servwrite, servwrite_length,
- rrandom, 2 * TLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE,
- server_write_key);
- }
-
- if (ret < 0) {
- gnutls_assert();
- gnutls_free(key_block);
- gnutls_free(server_write_key);
- gnutls_free(client_write_key);
- return ret;
- }
-
- server_write_key_size = EXPORT_FINAL_KEY_SIZE;
- pos += key_size;
- }
-
- if (_gnutls_sset_datum
- (&session->cipher_specs.client_write_key,
- client_write_key, client_write_key_size) < 0) {
- gnutls_free(key_block);
- gnutls_free(server_write_key);
- gnutls_free(client_write_key);
- return GNUTLS_E_MEMORY_ERROR;
- }
- _gnutls_hard_log("INT: CLIENT WRITE KEY [%d]: %s\n",
- client_write_key_size,
- _gnutls_bin2hex(client_write_key,
- client_write_key_size, buf, sizeof(buf)));
-
- if (_gnutls_sset_datum
- (&session->cipher_specs.server_write_key,
- server_write_key, server_write_key_size) < 0) {
- gnutls_free(key_block);
- gnutls_free(server_write_key);
- gnutls_free(client_write_key);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _gnutls_hard_log("INT: SERVER WRITE KEY [%d]: %s\n",
- server_write_key_size,
- _gnutls_bin2hex(server_write_key,
- server_write_key_size, buf, sizeof(buf)));
-
- if (free_keys != 0) {
- gnutls_free(server_write_key);
- gnutls_free(client_write_key);
- }
+ if (free_keys != 0) {
+ gnutls_free(server_write_key);
+ gnutls_free(client_write_key);
}
+ }
- /* IV generation in export and non export ciphers.
- */
- if (IV_size > 0 && export_flag == 0) {
- if (_gnutls_sset_datum
- (&session->cipher_specs.client_write_IV, &key_block[pos],
- IV_size) < 0) {
- gnutls_free(key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
- pos += IV_size;
-
- if (_gnutls_sset_datum
- (&session->cipher_specs.server_write_IV, &key_block[pos],
- IV_size) < 0) {
- gnutls_free(key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
- pos += IV_size;
-
- } else if (IV_size > 0 && export_flag != 0) {
- opaque *iv_block = gnutls_alloca(IV_size * 2);
- if (iv_block == NULL) {
- gnutls_assert();
- gnutls_free(key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */
- ret =
- _gnutls_ssl3_hash_md5( "", 0,
- rrandom, TLS_RANDOM_SIZE*2,
- IV_size, iv_block);
-
- if (ret < 0) {
- gnutls_assert();
- gnutls_free(key_block);
- gnutls_afree(iv_block);
- return ret;
- }
-
- ret =
- _gnutls_ssl3_hash_md5( "", 0, random,
- TLS_RANDOM_SIZE*2,
- IV_size, &iv_block[IV_size]);
-
- } else { /* TLS 1.0 */
- ret =
- _gnutls_PRF( "", 0,
- ivblock, ivblock_length, rrandom,
- 2 * TLS_RANDOM_SIZE, IV_size * 2,
- iv_block);
- }
-
- if (ret < 0) {
- gnutls_assert();
- gnutls_afree(iv_block);
- gnutls_free(key_block);
- return ret;
- }
-
- if (_gnutls_sset_datum
- (&session->cipher_specs.client_write_IV, iv_block,
- IV_size) < 0) {
- gnutls_afree(iv_block);
- gnutls_free(key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (_gnutls_sset_datum
- (&session->cipher_specs.server_write_IV,
- &iv_block[IV_size], IV_size) < 0) {
- gnutls_afree(iv_block);
- gnutls_free(key_block);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ /* IV generation in export and non export ciphers.
+ */
+ if (IV_size > 0 && export_flag == 0) {
+ if (_gnutls_sset_datum
+ (&session->cipher_specs.client_write_IV, &key_block[pos],
+ IV_size) < 0) {
+ gnutls_free(key_block);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ pos += IV_size;
+
+ if (_gnutls_sset_datum
+ (&session->cipher_specs.server_write_IV, &key_block[pos],
+ IV_size) < 0) {
+ gnutls_free(key_block);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ pos += IV_size;
+
+ } else if (IV_size > 0 && export_flag != 0) {
+ opaque *iv_block = gnutls_alloca(IV_size * 2);
+ if (iv_block == NULL) {
+ gnutls_assert();
+ gnutls_free(key_block);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_hash_md5("", 0,
+ rrandom, TLS_RANDOM_SIZE * 2,
+ IV_size, iv_block);
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(key_block);
gnutls_afree(iv_block);
+ return ret;
+ }
+
+ ret =
+ _gnutls_ssl3_hash_md5("", 0, random,
+ TLS_RANDOM_SIZE * 2,
+ IV_size, &iv_block[IV_size]);
+
+ } else { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF("", 0,
+ ivblock, ivblock_length, rrandom,
+ 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block);
}
- gnutls_free(key_block);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_afree(iv_block);
+ gnutls_free(key_block);
+ return ret;
+ }
- session->cipher_specs.generated_keys = 1;
+ if (_gnutls_sset_datum
+ (&session->cipher_specs.client_write_IV, iv_block,
+ IV_size) < 0) {
+ gnutls_afree(iv_block);
+ gnutls_free(key_block);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ if (_gnutls_sset_datum
+ (&session->cipher_specs.server_write_IV,
+ &iv_block[IV_size], IV_size) < 0) {
+ gnutls_afree(iv_block);
+ gnutls_free(key_block);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ gnutls_afree(iv_block);
+ }
+
+ gnutls_free(key_block);
+
+ session->cipher_specs.generated_keys = 1;
+
+ return 0;
}
int _gnutls_set_read_keys(gnutls_session session)
{
- int hash_size;
- int IV_size;
- int key_size, export_flag;
- gnutls_cipher_algorithm algo;
- gnutls_mac_algorithm mac_algo;
-
- mac_algo = session->security_parameters.read_mac_algorithm;
- algo = session->security_parameters.read_bulk_cipher_algorithm;
-
- hash_size = _gnutls_hash_get_algo_len(mac_algo);
- IV_size = _gnutls_cipher_get_iv_size(algo);
- key_size = gnutls_cipher_get_key_size(algo);
- export_flag = _gnutls_cipher_get_export_flag(algo);
-
- return _gnutls_set_keys(session, hash_size, IV_size, key_size,
- export_flag);
+ int hash_size;
+ int IV_size;
+ int key_size, export_flag;
+ gnutls_cipher_algorithm algo;
+ gnutls_mac_algorithm mac_algo;
+
+ mac_algo = session->security_parameters.read_mac_algorithm;
+ algo = session->security_parameters.read_bulk_cipher_algorithm;
+
+ hash_size = _gnutls_hash_get_algo_len(mac_algo);
+ IV_size = _gnutls_cipher_get_iv_size(algo);
+ key_size = gnutls_cipher_get_key_size(algo);
+ export_flag = _gnutls_cipher_get_export_flag(algo);
+
+ return _gnutls_set_keys(session, hash_size, IV_size, key_size,
+ export_flag);
}
int _gnutls_set_write_keys(gnutls_session session)
{
- int hash_size;
- int IV_size;
- int key_size, export_flag;
- gnutls_cipher_algorithm algo;
- gnutls_mac_algorithm mac_algo;
-
- mac_algo = session->security_parameters.write_mac_algorithm;
- algo = session->security_parameters.write_bulk_cipher_algorithm;
-
- hash_size = _gnutls_hash_get_algo_len(mac_algo);
- IV_size = _gnutls_cipher_get_iv_size(algo);
- key_size = gnutls_cipher_get_key_size(algo);
- export_flag = _gnutls_cipher_get_export_flag(algo);
-
- return _gnutls_set_keys(session, hash_size, IV_size, key_size,
- export_flag);
+ int hash_size;
+ int IV_size;
+ int key_size, export_flag;
+ gnutls_cipher_algorithm algo;
+ gnutls_mac_algorithm mac_algo;
+
+ mac_algo = session->security_parameters.write_mac_algorithm;
+ algo = session->security_parameters.write_bulk_cipher_algorithm;
+
+ hash_size = _gnutls_hash_get_algo_len(mac_algo);
+ IV_size = _gnutls_cipher_get_iv_size(algo);
+ key_size = gnutls_cipher_get_key_size(algo);
+ export_flag = _gnutls_cipher_get_export_flag(algo);
+
+ return _gnutls_set_keys(session, hash_size, IV_size, key_size,
+ export_flag);
}
#define CPY_COMMON dst->entity = src->entity; \
@@ -406,26 +404,28 @@ int _gnutls_set_write_keys(gnutls_session session)
dst->version = src->version; \
memcpy( &dst->extensions, &src->extensions, sizeof(tls_ext_st));
-static void _gnutls_cpy_read_security_parameters(security_parameters_st * dst,
- security_parameters_st * src)
+static void _gnutls_cpy_read_security_parameters(security_parameters_st *
+ dst,
+ security_parameters_st *
+ src)
{
- CPY_COMMON;
+ CPY_COMMON;
- dst->read_bulk_cipher_algorithm = src->read_bulk_cipher_algorithm;
- dst->read_mac_algorithm = src->read_mac_algorithm;
- dst->read_compression_algorithm = src->read_compression_algorithm;
+ dst->read_bulk_cipher_algorithm = src->read_bulk_cipher_algorithm;
+ dst->read_mac_algorithm = src->read_mac_algorithm;
+ dst->read_compression_algorithm = src->read_compression_algorithm;
}
-static void _gnutls_cpy_write_security_parameters(security_parameters_st * dst,
- security_parameters_st * src)
+static void _gnutls_cpy_write_security_parameters(security_parameters_st *
+ dst,
+ security_parameters_st *
+ src)
{
- CPY_COMMON;
+ CPY_COMMON;
- dst->write_bulk_cipher_algorithm =
- src->write_bulk_cipher_algorithm;
- dst->write_mac_algorithm = src->write_mac_algorithm;
- dst->write_compression_algorithm =
- src->write_compression_algorithm;
+ dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm;
+ dst->write_mac_algorithm = src->write_mac_algorithm;
+ dst->write_compression_algorithm = src->write_compression_algorithm;
}
/* Sets the current connection session to conform with the
@@ -436,17 +436,17 @@ static void _gnutls_cpy_write_security_parameters(security_parameters_st * dst,
*/
int _gnutls_connection_state_init(gnutls_session session)
{
- int ret;
+ int ret;
/* Setup the master secret
*/
- if ((ret = _gnutls_generate_master(session, 0), 0) < 0) {
- gnutls_assert();
- return ret;
- }
+ if ((ret = _gnutls_generate_master(session, 0), 0) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -455,179 +455,176 @@ int _gnutls_connection_state_init(gnutls_session session)
*/
int _gnutls_read_connection_state_init(gnutls_session session)
{
- int mac_size;
- int rc;
+ int mac_size;
+ int rc;
- _gnutls_uint64zero(session->connection_state.read_sequence_number);
+ _gnutls_uint64zero(session->connection_state.read_sequence_number);
/* Update internals from CipherSuite selected.
* If we are resuming just copy the connection session
*/
- if (session->internals.resumed == RESUME_FALSE) {
- rc = _gnutls_set_read_cipher(session,
- _gnutls_cipher_suite_get_cipher_algo
- (&session->security_parameters.
- current_cipher_suite));
- if (rc < 0)
- return rc;
- rc = _gnutls_set_read_mac(session,
- _gnutls_cipher_suite_get_mac_algo
- (&session->security_parameters.
- current_cipher_suite));
- if (rc < 0)
- return rc;
-
- rc = _gnutls_set_kx(session,
- _gnutls_cipher_suite_get_kx_algo
- (&session->security_parameters.
- current_cipher_suite));
- if (rc < 0)
- return rc;
-
- rc = _gnutls_set_read_compression(session,
- session->internals.
- compression_method);
- if (rc < 0)
- return rc;
- } else { /* RESUME_TRUE */
- _gnutls_cpy_read_security_parameters(&session->
- security_parameters,
- &session->
- internals.
- resumed_security_parameters);
- }
-
+ if (session->internals.resumed == RESUME_FALSE) {
+ rc = _gnutls_set_read_cipher(session,
+ _gnutls_cipher_suite_get_cipher_algo
+ (&session->security_parameters.
+ current_cipher_suite));
+ if (rc < 0)
+ return rc;
+ rc = _gnutls_set_read_mac(session,
+ _gnutls_cipher_suite_get_mac_algo
+ (&session->security_parameters.
+ current_cipher_suite));
+ if (rc < 0)
+ return rc;
- rc = _gnutls_set_read_keys(session);
+ rc = _gnutls_set_kx(session,
+ _gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.
+ current_cipher_suite));
if (rc < 0)
- return rc;
+ return rc;
- _gnutls_handshake_log("HSK[%x]: Cipher Suite: %s\n",
- session, _gnutls_cipher_suite_get_name(&session->
- security_parameters.
- current_cipher_suite));
+ rc = _gnutls_set_read_compression(session,
+ session->internals.
+ compression_method);
+ if (rc < 0)
+ return rc;
+ } else { /* RESUME_TRUE */
+ _gnutls_cpy_read_security_parameters(&session->
+ security_parameters,
+ &session->
+ internals.
+ resumed_security_parameters);
+ }
+
+
+ rc = _gnutls_set_read_keys(session);
+ if (rc < 0)
+ return rc;
+
+ _gnutls_handshake_log("HSK[%x]: Cipher Suite: %s\n",
+ session, _gnutls_cipher_suite_get_name(&session->
+ security_parameters.
+ current_cipher_suite));
+
+ if (_gnutls_compression_is_ok
+ (session->security_parameters.read_compression_algorithm) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ if (_gnutls_mac_is_ok
+ (session->security_parameters.read_mac_algorithm) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* Free all the previous keys/ sessions etc.
+ */
+ if (session->connection_state.read_mac_secret.data != NULL)
+ _gnutls_free_datum(&session->connection_state.read_mac_secret);
+
+ if (session->connection_state.read_cipher_state != NULL)
+ _gnutls_cipher_deinit(session->connection_state.read_cipher_state);
+
+ if (session->connection_state.read_compression_state != NULL)
+ _gnutls_comp_deinit(session->connection_state.
+ read_compression_state, 1);
+
+
+ mac_size =
+ _gnutls_hash_get_algo_len(session->security_parameters.
+ read_mac_algorithm);
+
+ _gnutls_handshake_log
+ ("HSK[%x]: Initializing internal [read] cipher sessions\n",
+ session);
+
+ switch (session->security_parameters.entity) {
+ case GNUTLS_SERVER:
+ /* initialize cipher session
+ */
+ session->connection_state.read_cipher_state =
+ _gnutls_cipher_init(session->security_parameters.
+ read_bulk_cipher_algorithm,
+ &session->cipher_specs.
+ client_write_key,
+ &session->cipher_specs.client_write_IV);
+ if (session->connection_state.read_cipher_state ==
+ GNUTLS_CIPHER_FAILED
+ && session->security_parameters.
+ read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (_gnutls_compression_is_ok
- (session->security_parameters.read_compression_algorithm) != 0) {
+ /* copy mac secrets from cipherspecs, to connection
+ * session.
+ */
+ if (mac_size > 0) {
+ if (_gnutls_sset_datum(&session->connection_state.
+ read_mac_secret,
+ session->cipher_specs.
+ client_write_mac_secret.data,
+ session->cipher_specs.
+ client_write_mac_secret.size) < 0) {
gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
}
- if (_gnutls_mac_is_ok
- (session->security_parameters.read_mac_algorithm) != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ break;
+
+ case GNUTLS_CLIENT:
+ session->connection_state.read_cipher_state =
+ _gnutls_cipher_init(session->security_parameters.
+ read_bulk_cipher_algorithm,
+ &session->cipher_specs.
+ server_write_key,
+ &session->cipher_specs.server_write_IV);
+
+ if (session->connection_state.read_cipher_state ==
+ GNUTLS_CIPHER_FAILED
+ && session->security_parameters.
+ read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- /* Free all the previous keys/ sessions etc.
+
+ /* copy mac secret to connection session
*/
- if (session->connection_state.read_mac_secret.data != NULL)
- _gnutls_free_datum(&session->connection_state.
- read_mac_secret);
-
- if (session->connection_state.read_cipher_state != NULL)
- _gnutls_cipher_deinit(session->connection_state.
- read_cipher_state);
-
- if (session->connection_state.read_compression_state != NULL)
- _gnutls_comp_deinit(session->connection_state.
- read_compression_state, 1);
-
-
- mac_size =
- _gnutls_hash_get_algo_len(session->security_parameters.
- read_mac_algorithm);
-
- _gnutls_handshake_log
- ("HSK[%x]: Initializing internal [read] cipher sessions\n", session);
-
- switch (session->security_parameters.entity) {
- case GNUTLS_SERVER:
- /* initialize cipher session
- */
- session->connection_state.read_cipher_state =
- _gnutls_cipher_init(session->security_parameters.
- read_bulk_cipher_algorithm,
- &session->cipher_specs.
- client_write_key,
- &session->cipher_specs.
- client_write_IV);
- if (session->connection_state.read_cipher_state ==
- GNUTLS_CIPHER_FAILED
- && session->security_parameters.
- read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* copy mac secrets from cipherspecs, to connection
- * session.
- */
- if (mac_size > 0) {
- if (_gnutls_sset_datum(&session->connection_state.
- read_mac_secret,
- session->cipher_specs.
- client_write_mac_secret.data,
- session->cipher_specs.
- client_write_mac_secret.size) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- }
-
- break;
-
- case GNUTLS_CLIENT:
- session->connection_state.read_cipher_state =
- _gnutls_cipher_init(session->security_parameters.
- read_bulk_cipher_algorithm,
- &session->cipher_specs.
- server_write_key,
- &session->cipher_specs.
- server_write_IV);
-
- if (session->connection_state.read_cipher_state ==
- GNUTLS_CIPHER_FAILED
- && session->security_parameters.
- read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
-
- /* copy mac secret to connection session
- */
- if (mac_size > 0) {
- if (_gnutls_sset_datum(&session->connection_state.
- read_mac_secret,
- session->cipher_specs.
- server_write_mac_secret.data,
- session->cipher_specs.
- server_write_mac_secret.size) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
-
- break;
-
- default: /* this check is useless */
+ if (mac_size > 0) {
+ if (_gnutls_sset_datum(&session->connection_state.
+ read_mac_secret,
+ session->cipher_specs.
+ server_write_mac_secret.data,
+ session->cipher_specs.
+ server_write_mac_secret.size) < 0) {
gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
}
- session->connection_state.read_compression_state =
- _gnutls_comp_init(session->security_parameters.
- read_compression_algorithm, 1);
+ break;
- if (session->connection_state.read_compression_state ==
- GNUTLS_COMP_FAILED) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
+ default: /* this check is useless */
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- return 0;
+ session->connection_state.read_compression_state =
+ _gnutls_comp_init(session->security_parameters.
+ read_compression_algorithm, 1);
+
+ if (session->connection_state.read_compression_state ==
+ GNUTLS_COMP_FAILED) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ return 0;
}
@@ -637,226 +634,223 @@ int _gnutls_read_connection_state_init(gnutls_session session)
*/
int _gnutls_write_connection_state_init(gnutls_session session)
{
- int mac_size;
- int rc;
+ int mac_size;
+ int rc;
- _gnutls_uint64zero(session->connection_state.write_sequence_number);
+ _gnutls_uint64zero(session->connection_state.write_sequence_number);
/* Update internals from CipherSuite selected.
* If we are resuming just copy the connection session
*/
- if (session->internals.resumed == RESUME_FALSE) {
- rc = _gnutls_set_write_cipher(session,
- _gnutls_cipher_suite_get_cipher_algo
- (&session->security_parameters.
- current_cipher_suite));
- if (rc < 0)
- return rc;
- rc = _gnutls_set_write_mac(session,
- _gnutls_cipher_suite_get_mac_algo
- (&session->security_parameters.
- current_cipher_suite));
- if (rc < 0)
- return rc;
-
- rc = _gnutls_set_kx(session,
- _gnutls_cipher_suite_get_kx_algo
- (&session->security_parameters.
- current_cipher_suite));
- if (rc < 0)
- return rc;
-
- rc = _gnutls_set_write_compression(session,
- session->internals.
- compression_method);
- if (rc < 0)
- return rc;
- } else { /* RESUME_TRUE */
- _gnutls_cpy_write_security_parameters(&session->
- security_parameters,
- &session->
- internals.
- resumed_security_parameters);
- }
-
- rc = _gnutls_set_write_keys(session);
+ if (session->internals.resumed == RESUME_FALSE) {
+ rc = _gnutls_set_write_cipher(session,
+ _gnutls_cipher_suite_get_cipher_algo
+ (&session->security_parameters.
+ current_cipher_suite));
+ if (rc < 0)
+ return rc;
+ rc = _gnutls_set_write_mac(session,
+ _gnutls_cipher_suite_get_mac_algo
+ (&session->security_parameters.
+ current_cipher_suite));
if (rc < 0)
- return rc;
+ return rc;
- _gnutls_handshake_log("HSK[%x]: Cipher Suite: %s\n", session,
- _gnutls_cipher_suite_get_name(&session->
- security_parameters.
- current_cipher_suite));
+ rc = _gnutls_set_kx(session,
+ _gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.
+ current_cipher_suite));
+ if (rc < 0)
+ return rc;
- if (_gnutls_compression_is_ok
- (session->security_parameters.write_compression_algorithm) !=
- 0) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ rc = _gnutls_set_write_compression(session,
+ session->internals.
+ compression_method);
+ if (rc < 0)
+ return rc;
+ } else { /* RESUME_TRUE */
+ _gnutls_cpy_write_security_parameters(&session->
+ security_parameters,
+ &session->
+ internals.
+ resumed_security_parameters);
+ }
+
+ rc = _gnutls_set_write_keys(session);
+ if (rc < 0)
+ return rc;
+
+ _gnutls_handshake_log("HSK[%x]: Cipher Suite: %s\n", session,
+ _gnutls_cipher_suite_get_name(&session->
+ security_parameters.
+ current_cipher_suite));
+
+ if (_gnutls_compression_is_ok
+ (session->security_parameters.write_compression_algorithm) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ if (_gnutls_mac_is_ok
+ (session->security_parameters.write_mac_algorithm) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+
+
+ /* Free all the previous keys/ sessions etc.
+ */
+ if (session->connection_state.write_mac_secret.data != NULL)
+ _gnutls_free_datum(&session->connection_state.write_mac_secret);
+
+ if (session->connection_state.write_cipher_state != NULL)
+ _gnutls_cipher_deinit(session->connection_state.
+ write_cipher_state);
+
+ if (session->connection_state.write_compression_state != NULL)
+ _gnutls_comp_deinit(session->connection_state.
+ write_compression_state, 0);
+
+ mac_size =
+ _gnutls_hash_get_algo_len(session->security_parameters.
+ write_mac_algorithm);
+
+ _gnutls_handshake_log
+ ("HSK[%x]: Initializing internal [write] cipher sessions\n",
+ session);
+
+ switch (session->security_parameters.entity) {
+ case GNUTLS_SERVER:
+ /* initialize cipher session
+ */
+ session->connection_state.write_cipher_state =
+ _gnutls_cipher_init(session->security_parameters.
+ write_bulk_cipher_algorithm,
+ &session->cipher_specs.
+ server_write_key,
+ &session->cipher_specs.server_write_IV);
+
+ if (session->connection_state.write_cipher_state ==
+ GNUTLS_CIPHER_FAILED
+ && session->security_parameters.
+ write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- if (_gnutls_mac_is_ok
- (session->security_parameters.write_mac_algorithm) != 0) {
+
+ /* copy mac secrets from cipherspecs, to connection
+ * session.
+ */
+ if (mac_size > 0) {
+ if (_gnutls_sset_datum(&session->connection_state.
+ write_mac_secret,
+ session->cipher_specs.
+ server_write_mac_secret.data,
+ session->cipher_specs.
+ server_write_mac_secret.size) < 0) {
gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
}
+ break;
- /* Free all the previous keys/ sessions etc.
+ case GNUTLS_CLIENT:
+ session->connection_state.write_cipher_state =
+ _gnutls_cipher_init(session->security_parameters.
+ write_bulk_cipher_algorithm,
+ &session->cipher_specs.
+ client_write_key,
+ &session->cipher_specs.client_write_IV);
+
+ if (session->connection_state.write_cipher_state ==
+ GNUTLS_CIPHER_FAILED
+ && session->security_parameters.
+ write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* copy mac secret to connection session
*/
- if (session->connection_state.write_mac_secret.data != NULL)
- _gnutls_free_datum(&session->connection_state.
- write_mac_secret);
-
- if (session->connection_state.write_cipher_state != NULL)
- _gnutls_cipher_deinit(session->connection_state.
- write_cipher_state);
-
- if (session->connection_state.write_compression_state != NULL)
- _gnutls_comp_deinit(session->connection_state.
- write_compression_state, 0);
-
- mac_size =
- _gnutls_hash_get_algo_len(session->security_parameters.
- write_mac_algorithm);
-
- _gnutls_handshake_log
- ("HSK[%x]: Initializing internal [write] cipher sessions\n", session);
-
- switch (session->security_parameters.entity) {
- case GNUTLS_SERVER:
- /* initialize cipher session
- */
- session->connection_state.write_cipher_state =
- _gnutls_cipher_init(session->security_parameters.
- write_bulk_cipher_algorithm,
- &session->cipher_specs.
- server_write_key,
- &session->cipher_specs.
- server_write_IV);
-
- if (session->connection_state.write_cipher_state ==
- GNUTLS_CIPHER_FAILED
- && session->security_parameters.
- write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
-
- /* copy mac secrets from cipherspecs, to connection
- * session.
- */
- if (mac_size > 0) {
- if (_gnutls_sset_datum(&session->connection_state.
- write_mac_secret,
- session->cipher_specs.
- server_write_mac_secret.data,
- session->cipher_specs.
- server_write_mac_secret.size) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- }
-
-
- break;
-
- case GNUTLS_CLIENT:
- session->connection_state.write_cipher_state =
- _gnutls_cipher_init(session->security_parameters.
- write_bulk_cipher_algorithm,
- &session->cipher_specs.
- client_write_key,
- &session->cipher_specs.
- client_write_IV);
-
- if (session->connection_state.write_cipher_state ==
- GNUTLS_CIPHER_FAILED
- && session->security_parameters.
- write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* copy mac secret to connection session
- */
- if (mac_size > 0) {
- if (_gnutls_sset_datum(&session->connection_state.
- write_mac_secret,
- session->cipher_specs.
- client_write_mac_secret.data,
- session->cipher_specs.
- client_write_mac_secret.size) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
-
- break;
-
- default:
+ if (mac_size > 0) {
+ if (_gnutls_sset_datum(&session->connection_state.
+ write_mac_secret,
+ session->cipher_specs.
+ client_write_mac_secret.data,
+ session->cipher_specs.
+ client_write_mac_secret.size) < 0) {
gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
}
+ break;
- session->connection_state.write_compression_state =
- _gnutls_comp_init(session->security_parameters.
- write_compression_algorithm, 0);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (session->connection_state.write_compression_state ==
- GNUTLS_COMP_FAILED) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
- return 0;
+ session->connection_state.write_compression_state =
+ _gnutls_comp_init(session->security_parameters.
+ write_compression_algorithm, 0);
+
+ if (session->connection_state.write_compression_state ==
+ GNUTLS_COMP_FAILED) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ return 0;
}
/* Sets the specified cipher into the pending session
*/
-int _gnutls_set_read_cipher(gnutls_session session, gnutls_cipher_algorithm algo)
+int _gnutls_set_read_cipher(gnutls_session session,
+ gnutls_cipher_algorithm algo)
{
- if (_gnutls_cipher_is_ok(algo) == 0) {
- if (_gnutls_cipher_priority(session, algo) < 0) {
- gnutls_assert();
- return GNUTLS_E_UNWANTED_ALGORITHM;
- }
+ if (_gnutls_cipher_is_ok(algo) == 0) {
+ if (_gnutls_cipher_priority(session, algo) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNWANTED_ALGORITHM;
+ }
- session->security_parameters.read_bulk_cipher_algorithm =
- algo;
+ session->security_parameters.read_bulk_cipher_algorithm = algo;
- } else {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- return 0;
+ return 0;
}
-int _gnutls_set_write_cipher(gnutls_session session, gnutls_cipher_algorithm algo)
+int _gnutls_set_write_cipher(gnutls_session session,
+ gnutls_cipher_algorithm algo)
{
- if (_gnutls_cipher_is_ok(algo) == 0) {
- if (_gnutls_cipher_priority(session, algo) < 0) {
- gnutls_assert();
- return GNUTLS_E_UNWANTED_ALGORITHM;
- }
+ if (_gnutls_cipher_is_ok(algo) == 0) {
+ if (_gnutls_cipher_priority(session, algo) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNWANTED_ALGORITHM;
+ }
- session->security_parameters.write_bulk_cipher_algorithm =
- algo;
+ session->security_parameters.write_bulk_cipher_algorithm = algo;
- } else {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- return 0;
+ return 0;
}
@@ -867,14 +861,13 @@ int _gnutls_set_read_compression(gnutls_session session,
gnutls_compression_method algo)
{
- if (_gnutls_compression_is_ok(algo) == 0) {
- session->security_parameters.read_compression_algorithm =
- algo;
- } else {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
- return 0;
+ if (_gnutls_compression_is_ok(algo) == 0) {
+ session->security_parameters.read_compression_algorithm = algo;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+ return 0;
}
@@ -882,14 +875,13 @@ int _gnutls_set_write_compression(gnutls_session session,
gnutls_compression_method algo)
{
- if (_gnutls_compression_is_ok(algo) == 0) {
- session->security_parameters.write_compression_algorithm =
- algo;
- } else {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
- return 0;
+ if (_gnutls_compression_is_ok(algo) == 0) {
+ session->security_parameters.write_compression_algorithm = algo;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+ return 0;
}
@@ -898,19 +890,19 @@ int _gnutls_set_write_compression(gnutls_session session,
int _gnutls_set_kx(gnutls_session session, gnutls_kx_algorithm algo)
{
- if (_gnutls_kx_is_ok(algo) == 0) {
- session->security_parameters.kx_algorithm = algo;
- } else {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- if (_gnutls_kx_priority(session, algo) < 0) {
- gnutls_assert();
- /* we shouldn't get here */
- return GNUTLS_E_UNWANTED_ALGORITHM;
- }
+ if (_gnutls_kx_is_ok(algo) == 0) {
+ session->security_parameters.kx_algorithm = algo;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ if (_gnutls_kx_priority(session, algo) < 0) {
+ gnutls_assert();
+ /* we shouldn't get here */
+ return GNUTLS_E_UNWANTED_ALGORITHM;
+ }
- return 0;
+ return 0;
}
@@ -918,37 +910,38 @@ int _gnutls_set_kx(gnutls_session session, gnutls_kx_algorithm algo)
int _gnutls_set_read_mac(gnutls_session session, gnutls_mac_algorithm algo)
{
- if (_gnutls_mac_is_ok(algo) == 0) {
- session->security_parameters.read_mac_algorithm = algo;
- } else {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- if (_gnutls_mac_priority(session, algo) < 0) {
- gnutls_assert();
- return GNUTLS_E_UNWANTED_ALGORITHM;
- }
+ if (_gnutls_mac_is_ok(algo) == 0) {
+ session->security_parameters.read_mac_algorithm = algo;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ if (_gnutls_mac_priority(session, algo) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNWANTED_ALGORITHM;
+ }
- return 0;
+ return 0;
}
-int _gnutls_set_write_mac(gnutls_session session, gnutls_mac_algorithm algo)
+int _gnutls_set_write_mac(gnutls_session session,
+ gnutls_mac_algorithm algo)
{
- if (_gnutls_mac_is_ok(algo) == 0) {
- session->security_parameters.write_mac_algorithm = algo;
- } else {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- if (_gnutls_mac_priority(session, algo) < 0) {
- gnutls_assert();
- return GNUTLS_E_UNWANTED_ALGORITHM;
- }
+ if (_gnutls_mac_is_ok(algo) == 0) {
+ session->security_parameters.write_mac_algorithm = algo;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ if (_gnutls_mac_priority(session, algo) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNWANTED_ALGORITHM;
+ }
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h
index a78afcd4ef..8a0e3deb70 100644
--- a/lib/gnutls_constate.h
+++ b/lib/gnutls_constate.h
@@ -1,10 +1,16 @@
int _gnutls_connection_state_init(gnutls_session session);
int _gnutls_read_connection_state_init(gnutls_session session);
int _gnutls_write_connection_state_init(gnutls_session session);
-int _gnutls_set_write_cipher( gnutls_session session, gnutls_cipher_algorithm algo);
-int _gnutls_set_write_mac( gnutls_session session, gnutls_mac_algorithm algo);
-int _gnutls_set_read_cipher( gnutls_session session, gnutls_cipher_algorithm algo);
-int _gnutls_set_read_mac( gnutls_session session, gnutls_mac_algorithm algo);
-int _gnutls_set_read_compression( gnutls_session session, gnutls_compression_method algo);
-int _gnutls_set_write_compression( gnutls_session session, gnutls_compression_method algo);
+int _gnutls_set_write_cipher(gnutls_session session,
+ gnutls_cipher_algorithm algo);
+int _gnutls_set_write_mac(gnutls_session session,
+ gnutls_mac_algorithm algo);
+int _gnutls_set_read_cipher(gnutls_session session,
+ gnutls_cipher_algorithm algo);
+int _gnutls_set_read_mac(gnutls_session session,
+ gnutls_mac_algorithm algo);
+int _gnutls_set_read_compression(gnutls_session session,
+ gnutls_compression_method algo);
+int _gnutls_set_write_compression(gnutls_session session,
+ gnutls_compression_method algo);
int _gnutls_set_kx(gnutls_session session, gnutls_kx_algorithm algo);
diff --git a/lib/gnutls_datum.c b/lib/gnutls_datum.c
index edd71b2a47..667e88fbf4 100644
--- a/lib/gnutls_datum.c
+++ b/lib/gnutls_datum.c
@@ -31,59 +31,71 @@
#include <gnutls_errors.h>
-void _gnutls_write_datum16( opaque* dest, gnutls_datum dat) {
- _gnutls_write_uint16( dat.size, dest);
- memcpy( &dest[2], dat.data, dat.size);
+void _gnutls_write_datum16(opaque * dest, gnutls_datum dat)
+{
+ _gnutls_write_uint16(dat.size, dest);
+ memcpy(&dest[2], dat.data, dat.size);
}
-void _gnutls_write_datum24( opaque* dest, gnutls_datum dat) {
- _gnutls_write_uint24( dat.size, dest);
- memcpy( &dest[3], dat.data, dat.size);
+
+void _gnutls_write_datum24(opaque * dest, gnutls_datum dat)
+{
+ _gnutls_write_uint24(dat.size, dest);
+ memcpy(&dest[3], dat.data, dat.size);
}
-void _gnutls_write_datum32( opaque* dest, gnutls_datum dat) {
- _gnutls_write_uint32( dat.size, dest);
- memcpy( &dest[4], dat.data, dat.size);
+
+void _gnutls_write_datum32(opaque * dest, gnutls_datum dat)
+{
+ _gnutls_write_uint32(dat.size, dest);
+ memcpy(&dest[4], dat.data, dat.size);
}
-void _gnutls_write_datum8( opaque* dest, gnutls_datum dat) {
- dest[0] = (uint8) dat.size;
- memcpy( &dest[1], dat.data, dat.size);
+
+void _gnutls_write_datum8(opaque * dest, gnutls_datum dat)
+{
+ dest[0] = (uint8) dat.size;
+ memcpy(&dest[1], dat.data, dat.size);
}
-int _gnutls_set_datum_m( gnutls_datum* dat, const void* data, int data_size,
- gnutls_alloc_function galloc_func)
+int _gnutls_set_datum_m(gnutls_datum * dat, const void *data,
+ int data_size, gnutls_alloc_function galloc_func)
{
- if (data_size == 0) {
- dat->data = NULL;
- dat->size = 0;
- return 0;
- }
-
- dat->data = galloc_func(data_size);
- if (dat->data==NULL) return GNUTLS_E_MEMORY_ERROR;
-
- dat->size = data_size;
- memcpy( dat->data, data, data_size);
-
+ if (data_size == 0) {
+ dat->data = NULL;
+ dat->size = 0;
return 0;
-}
+ }
-int _gnutls_datum_append_m( gnutls_datum* dst, const void* data, int data_size,
- gnutls_realloc_function grealloc_func) {
+ dat->data = galloc_func(data_size);
+ if (dat->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- dst->data = grealloc_func(dst->data, data_size+dst->size);
- if (dst->data==NULL) return GNUTLS_E_MEMORY_ERROR;
-
- memcpy( &dst->data[dst->size], data, data_size);
- dst->size += data_size;
+ dat->size = data_size;
+ memcpy(dat->data, data, data_size);
- return 0;
+ return 0;
}
-void _gnutls_free_datum_m( gnutls_datum* dat, gnutls_free_function gfree_func) {
- if (dat->data!=NULL && dat->size!=0)
- gfree_func( dat->data);
+int _gnutls_datum_append_m(gnutls_datum * dst, const void *data,
+ int data_size,
+ gnutls_realloc_function grealloc_func)
+{
- dat->data = NULL;
- dat->size = 0;
+ dst->data = grealloc_func(dst->data, data_size + dst->size);
+ if (dst->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ memcpy(&dst->data[dst->size], data, data_size);
+ dst->size += data_size;
+
+ return 0;
}
+void _gnutls_free_datum_m(gnutls_datum * dat,
+ gnutls_free_function gfree_func)
+{
+ if (dat->data != NULL && dat->size != 0)
+ gfree_func(dat->data);
+
+ dat->data = NULL;
+ dat->size = 0;
+}
diff --git a/lib/gnutls_datum.h b/lib/gnutls_datum.h
index f10026ffd7..8c6ee283de 100644
--- a/lib/gnutls_datum.h
+++ b/lib/gnutls_datum.h
@@ -1,17 +1,16 @@
-void _gnutls_write_datum16( opaque* dest, gnutls_datum dat);
-void _gnutls_write_datum24( opaque* dest, gnutls_datum dat);
-void _gnutls_write_datum32( opaque* dest, gnutls_datum dat);
-void _gnutls_write_datum8( opaque* dest, gnutls_datum dat);
+void _gnutls_write_datum16(opaque * dest, gnutls_datum dat);
+void _gnutls_write_datum24(opaque * dest, gnutls_datum dat);
+void _gnutls_write_datum32(opaque * dest, gnutls_datum dat);
+void _gnutls_write_datum8(opaque * dest, gnutls_datum dat);
-int _gnutls_set_datum_m( gnutls_datum* dat, const void* data, int data_size,
- gnutls_alloc_function);
+int _gnutls_set_datum_m(gnutls_datum * dat, const void *data,
+ int data_size, gnutls_alloc_function);
#define _gnutls_set_datum( x, y, z) _gnutls_set_datum_m(x,y,z, gnutls_malloc)
#define _gnutls_sset_datum( x, y, z) _gnutls_set_datum_m(x,y,z, gnutls_secure_malloc)
-int _gnutls_datum_append_m( gnutls_datum* dat, const void* data, int data_size,
- gnutls_realloc_function);
+int _gnutls_datum_append_m(gnutls_datum * dat, const void *data,
+ int data_size, gnutls_realloc_function);
#define _gnutls_datum_append(x,y,z) _gnutls_datum_append_m(x,y,z, gnutls_realloc)
-void _gnutls_free_datum_m( gnutls_datum* dat,
- gnutls_free_function);
+void _gnutls_free_datum_m(gnutls_datum * dat, gnutls_free_function);
#define _gnutls_free_datum(x) _gnutls_free_datum_m(x, gnutls_free)
diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c
index a58c17b52e..ee90096491 100644
--- a/lib/gnutls_db.c
+++ b/lib/gnutls_db.c
@@ -47,8 +47,10 @@
* has been called.
*
**/
-void gnutls_db_set_retrieve_function( gnutls_session session, gnutls_db_retr_func retr_func) {
- session->internals.db_retrieve_func = retr_func;
+void gnutls_db_set_retrieve_function(gnutls_session session,
+ gnutls_db_retr_func retr_func)
+{
+ session->internals.db_retrieve_func = retr_func;
}
/**
@@ -63,8 +65,10 @@ void gnutls_db_set_retrieve_function( gnutls_session session, gnutls_db_retr_fun
* has been called.
*
**/
-void gnutls_db_set_remove_function( gnutls_session session, gnutls_db_remove_func rem_func) {
- session->internals.db_remove_func = rem_func;
+void gnutls_db_set_remove_function(gnutls_session session,
+ gnutls_db_remove_func rem_func)
+{
+ session->internals.db_remove_func = rem_func;
}
/**
@@ -79,8 +83,10 @@ void gnutls_db_set_remove_function( gnutls_session session, gnutls_db_remove_fun
* has been called.
*
**/
-void gnutls_db_set_store_function( gnutls_session session, gnutls_db_store_func store_func) {
- session->internals.db_store_func = store_func;
+void gnutls_db_set_store_function(gnutls_session session,
+ gnutls_db_store_func store_func)
+{
+ session->internals.db_store_func = store_func;
}
/**
@@ -92,8 +98,9 @@ void gnutls_db_set_store_function( gnutls_session session, gnutls_db_store_func
* the first argument.
*
**/
-void gnutls_db_set_ptr( gnutls_session session, void* ptr) {
- session->internals.db_ptr = ptr;
+void gnutls_db_set_ptr(gnutls_session session, void *ptr)
+{
+ session->internals.db_ptr = ptr;
}
/**
@@ -104,8 +111,9 @@ void gnutls_db_set_ptr( gnutls_session session, void* ptr) {
* the first argument.
*
**/
-void* gnutls_db_get_ptr( gnutls_session session) {
- return session->internals.db_ptr;
+void *gnutls_db_get_ptr(gnutls_session session)
+{
+ return session->internals.db_ptr;
}
/**
@@ -116,8 +124,9 @@ void* gnutls_db_get_ptr( gnutls_session session) {
* Sets the expiration time for resumed sessions. The default is 3600 (one hour)
* at the time writing this.
**/
-void gnutls_db_set_cache_expiration( gnutls_session session, int seconds) {
- session->internals.expire_time = seconds;
+void gnutls_db_set_cache_expiration(gnutls_session session, int seconds)
+{
+ session->internals.expire_time = seconds;
}
/**
@@ -131,193 +140,215 @@ void gnutls_db_set_cache_expiration( gnutls_session session, int seconds) {
* backend.
*
**/
-int gnutls_db_check_entry( gnutls_session session, gnutls_datum session_entry) {
-time_t timestamp;
+int gnutls_db_check_entry(gnutls_session session,
+ gnutls_datum session_entry)
+{
+ time_t timestamp;
- timestamp = time(0);
+ timestamp = time(0);
- if (session_entry.data != NULL)
- if ( timestamp - ((security_parameters_st*)(session_entry.data))->timestamp <= session->internals.expire_time || ((security_parameters_st*)(session_entry.data))->timestamp > timestamp|| ((security_parameters_st*)(session_entry.data))->timestamp == 0)
- return GNUTLS_E_EXPIRED;
-
- return 0;
+ if (session_entry.data != NULL)
+ if (timestamp -
+ ((security_parameters_st *) (session_entry.data))->timestamp <=
+ session->internals.expire_time
+ || ((security_parameters_st *) (session_entry.data))->
+ timestamp > timestamp
+ || ((security_parameters_st *) (session_entry.data))->
+ timestamp == 0)
+ return GNUTLS_E_EXPIRED;
+
+ return 0;
}
/* The format of storing data is:
* (forget it). Check gnutls_session_pack.c
*/
-int _gnutls_server_register_current_session( gnutls_session session)
+int _gnutls_server_register_current_session(gnutls_session session)
{
-gnutls_datum key;
-gnutls_datum content;
-int ret = 0;
-
- key.data = session->security_parameters.session_id;
- key.size = session->security_parameters.session_id_size;
-
- if (session->internals.resumable==RESUME_FALSE) {
- gnutls_assert();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- if (session->security_parameters.session_id==NULL || session->security_parameters.session_id_size==0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_SESSION;
- }
-
+ gnutls_datum key;
+ gnutls_datum content;
+ int ret = 0;
+
+ key.data = session->security_parameters.session_id;
+ key.size = session->security_parameters.session_id_size;
+
+ if (session->internals.resumable == RESUME_FALSE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ if (session->security_parameters.session_id == NULL
+ || session->security_parameters.session_id_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
/* allocate space for data */
- ret = _gnutls_session_size( session);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- content.size = ret;
-
- content.data = gnutls_malloc( content.size);
- if (content.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
+ ret = _gnutls_session_size(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ content.size = ret;
+
+ content.data = gnutls_malloc(content.size);
+ if (content.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
/* copy data */
- ret = _gnutls_session_pack( session, &content);
- if (ret < 0) {
- gnutls_free( content.data);
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_session_pack(session, &content);
+ if (ret < 0) {
+ gnutls_free(content.data);
+ gnutls_assert();
+ return ret;
+ }
- ret = _gnutls_store_session( session, key, content);
+ ret = _gnutls_store_session(session, key, content);
- gnutls_free( content.data);
+ gnutls_free(content.data);
- return ret;
+ return ret;
}
/* Checks if both db_store and db_retrieve functions have
* been set up.
*/
-static int _gnutls_db_func_is_ok( gnutls_session session) {
- if (session->internals.db_store_func!=NULL &&
- session->internals.db_retrieve_func!=NULL &&
- session->internals.db_remove_func!=NULL) return 0;
- else return GNUTLS_E_DB_ERROR;
+static int _gnutls_db_func_is_ok(gnutls_session session)
+{
+ if (session->internals.db_store_func != NULL &&
+ session->internals.db_retrieve_func != NULL &&
+ session->internals.db_remove_func != NULL)
+ return 0;
+ else
+ return GNUTLS_E_DB_ERROR;
}
-int _gnutls_server_restore_session( gnutls_session session, uint8* session_id, int session_id_size)
+int _gnutls_server_restore_session(gnutls_session session,
+ uint8 * session_id, int session_id_size)
{
-gnutls_datum data;
-gnutls_datum key;
-int ret;
+ gnutls_datum data;
+ gnutls_datum key;
+ int ret;
- key.data = session_id;
- key.size = session_id_size;
+ key.data = session_id;
+ key.size = session_id_size;
- if (_gnutls_db_func_is_ok(session)!=0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_SESSION;
- }
+ if (_gnutls_db_func_is_ok(session) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
- data = _gnutls_retrieve_session( session, key);
+ data = _gnutls_retrieve_session(session, key);
- if (data.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_SESSION;
- }
+ if (data.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
- /* expiration check is performed inside */
- ret = gnutls_session_set_data( session, data.data, data.size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ /* expiration check is performed inside */
+ ret = gnutls_session_set_data(session, data.data, data.size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- gnutls_free(data.data);
+ gnutls_free(data.data);
- return 0;
+ return 0;
}
-int _gnutls_db_remove_session( gnutls_session session, uint8* session_id, int session_id_size)
+int _gnutls_db_remove_session(gnutls_session session, uint8 * session_id,
+ int session_id_size)
{
-gnutls_datum key;
+ gnutls_datum key;
- key.data = session_id;
- key.size = session_id_size;
+ key.data = session_id;
+ key.size = session_id_size;
- return _gnutls_remove_session( session, key);
+ return _gnutls_remove_session(session, key);
}
/* Stores session data to the db backend.
*/
-int _gnutls_store_session( gnutls_session session, gnutls_datum session_id, gnutls_datum session_data)
+int _gnutls_store_session(gnutls_session session, gnutls_datum session_id,
+ gnutls_datum session_data)
{
-int ret = 0;
-
- if (session->internals.resumable==RESUME_FALSE) {
- gnutls_assert();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- if (_gnutls_db_func_is_ok(session)!=0) {
- return GNUTLS_E_DB_ERROR;
- }
-
- if (session_id.data==NULL || session_id.size==0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- if (session_data.data==NULL || session_data.size==0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_SESSION;
- }
- /* if we can't read why bother writing? */
-
- if (session->internals.db_store_func!=NULL)
- ret = session->internals.db_store_func( session->internals.db_ptr, session_id, session_data);
-
- return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
+ int ret = 0;
+
+ if (session->internals.resumable == RESUME_FALSE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ if (_gnutls_db_func_is_ok(session) != 0) {
+ return GNUTLS_E_DB_ERROR;
+ }
+
+ if (session_id.data == NULL || session_id.size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ if (session_data.data == NULL || session_data.size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+ /* if we can't read why bother writing? */
+
+ if (session->internals.db_store_func != NULL)
+ ret =
+ session->internals.db_store_func(session->internals.db_ptr,
+ session_id, session_data);
+
+ return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
}
/* Retrieves session data from the db backend.
*/
-gnutls_datum _gnutls_retrieve_session( gnutls_session session, gnutls_datum session_id)
+gnutls_datum _gnutls_retrieve_session(gnutls_session session,
+ gnutls_datum session_id)
{
-gnutls_datum ret = { NULL, 0 };
-
- if (session_id.data==NULL || session_id.size==0) {
- gnutls_assert();
- return ret;
- }
-
- if (session->internals.db_retrieve_func!=NULL)
- ret = session->internals.db_retrieve_func( session->internals.db_ptr, session_id);
+ gnutls_datum ret = { NULL, 0 };
+ if (session_id.data == NULL || session_id.size == 0) {
+ gnutls_assert();
return ret;
+ }
+
+ if (session->internals.db_retrieve_func != NULL)
+ ret =
+ session->internals.db_retrieve_func(session->internals.db_ptr,
+ session_id);
+
+ return ret;
}
/* Removes session data from the db backend.
*/
-int _gnutls_remove_session( gnutls_session session, gnutls_datum session_id)
+int _gnutls_remove_session(gnutls_session session, gnutls_datum session_id)
{
-int ret = 0;
+ int ret = 0;
- if (_gnutls_db_func_is_ok(session)!=0) {
- return GNUTLS_E_DB_ERROR;
- }
-
- if (session_id.data==NULL || session_id.size==0)
- return GNUTLS_E_INVALID_SESSION;
+ if (_gnutls_db_func_is_ok(session) != 0) {
+ return GNUTLS_E_DB_ERROR;
+ }
- /* if we can't read why bother writing? */
- if (session->internals.db_remove_func!=NULL)
- ret = session->internals.db_remove_func( session->internals.db_ptr, session_id);
+ if (session_id.data == NULL || session_id.size == 0)
+ return GNUTLS_E_INVALID_SESSION;
- return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
+ /* if we can't read why bother writing? */
+ if (session->internals.db_remove_func != NULL)
+ ret =
+ session->internals.db_remove_func(session->internals.db_ptr,
+ session_id);
+
+ return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
}
@@ -333,9 +364,13 @@ int ret = 0;
* Normally gnutls_deinit() will remove abnormally terminated sessions.
*
**/
-void gnutls_db_remove_session(gnutls_session session) {
- /* if the session has failed abnormally it has
- * to be removed from the db
- */
- _gnutls_db_remove_session( session, session->security_parameters.session_id, session->security_parameters.session_id_size);
+void gnutls_db_remove_session(gnutls_session session)
+{
+ /* if the session has failed abnormally it has
+ * to be removed from the db
+ */
+ _gnutls_db_remove_session(session,
+ session->security_parameters.session_id,
+ session->security_parameters.
+ session_id_size);
}
diff --git a/lib/gnutls_db.h b/lib/gnutls_db.h
index a5cac00bd9..1d0f4a717c 100644
--- a/lib/gnutls_db.h
+++ b/lib/gnutls_db.h
@@ -18,13 +18,19 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-void gnutls_set_cache_expiration( gnutls_session session, int seconds);
-int gnutls_db_set_name( gnutls_session session, const char* filename);
-int _gnutls_server_register_current_session( gnutls_session session);
-int _gnutls_server_restore_session( gnutls_session session, uint8* session_id, int session_id_size);
-int gnutls_db_clean( gnutls_session session);
-int _gnutls_db_remove_session( gnutls_session session, uint8* session_id, int session_id_size);
+void gnutls_set_cache_expiration(gnutls_session session, int seconds);
+int gnutls_db_set_name(gnutls_session session, const char *filename);
+int _gnutls_server_register_current_session(gnutls_session session);
+int _gnutls_server_restore_session(gnutls_session session,
+ uint8 * session_id,
+ int session_id_size);
+int gnutls_db_clean(gnutls_session session);
+int _gnutls_db_remove_session(gnutls_session session, uint8 * session_id,
+ int session_id_size);
void gnutls_db_remove_session(gnutls_session session);
-int _gnutls_store_session( gnutls_session session, gnutls_datum session_id, gnutls_datum session_data);
-gnutls_datum _gnutls_retrieve_session( gnutls_session session, gnutls_datum session_id);
-int _gnutls_remove_session( gnutls_session session, gnutls_datum session_id);
+int _gnutls_store_session(gnutls_session session, gnutls_datum session_id,
+ gnutls_datum session_data);
+gnutls_datum _gnutls_retrieve_session(gnutls_session session,
+ gnutls_datum session_id);
+int _gnutls_remove_session(gnutls_session session,
+ gnutls_datum session_id);
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index 1358f0ddda..8980a4cf0f 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -47,66 +47,65 @@
*/
mpi_t gnutls_calc_dh_secret(mpi_t * ret_x, mpi_t g, mpi_t prime)
{
- mpi_t e, x;
- int x_size = _gnutls_mpi_get_nbits(prime) - 1;
- /* The size of the secret key is less than
- * prime/2
- */
-
- if (x_size > MAX_BITS || x_size <= 0) {
- gnutls_assert();
- return NULL;
- }
-
- x = _gnutls_mpi_new(x_size);
- if (x == NULL) {
- gnutls_assert();
- if (ret_x)
- *ret_x = NULL;
-
- return NULL;
- }
-
- /* (x_size/8)*8 is there to overcome a bug in libgcrypt
- * which does not really check the bits given but the bytes.
- */
- _gnutls_mpi_randomize(x, (x_size/8)*8, GCRY_STRONG_RANDOM);
-
- e = _gnutls_mpi_alloc_like(prime);
- if (e == NULL) {
- gnutls_assert();
- if (ret_x)
- *ret_x = NULL;
-
- _gnutls_mpi_release( &x);
- return NULL;
- }
-
- _gnutls_mpi_powm(e, g, x, prime);
+ mpi_t e, x;
+ int x_size = _gnutls_mpi_get_nbits(prime) - 1;
+ /* The size of the secret key is less than
+ * prime/2
+ */
+
+ if (x_size > MAX_BITS || x_size <= 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ x = _gnutls_mpi_new(x_size);
+ if (x == NULL) {
+ gnutls_assert();
+ if (ret_x)
+ *ret_x = NULL;
+
+ return NULL;
+ }
+ /* (x_size/8)*8 is there to overcome a bug in libgcrypt
+ * which does not really check the bits given but the bytes.
+ */
+ _gnutls_mpi_randomize(x, (x_size / 8) * 8, GCRY_STRONG_RANDOM);
+
+ e = _gnutls_mpi_alloc_like(prime);
+ if (e == NULL) {
+ gnutls_assert();
if (ret_x)
- *ret_x = x;
- else
- _gnutls_mpi_release(&x);
- return e;
+ *ret_x = NULL;
+
+ _gnutls_mpi_release(&x);
+ return NULL;
+ }
+
+ _gnutls_mpi_powm(e, g, x, prime);
+
+ if (ret_x)
+ *ret_x = x;
+ else
+ _gnutls_mpi_release(&x);
+ return e;
}
mpi_t gnutls_calc_dh_key(mpi_t f, mpi_t x, mpi_t prime)
{
- mpi_t k;
- int bits;
-
- bits = _gnutls_mpi_get_nbits(prime);
- if (bits <= 0 || bits > MAX_BITS) {
- gnutls_assert();
- return NULL;
- }
-
- k = _gnutls_mpi_alloc_like(prime);
- if (k == NULL)
- return NULL;
- _gnutls_mpi_powm(k, f, x, prime);
- return k;
+ mpi_t k;
+ int bits;
+
+ bits = _gnutls_mpi_get_nbits(prime);
+ if (bits <= 0 || bits > MAX_BITS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ k = _gnutls_mpi_alloc_like(prime);
+ if (k == NULL)
+ return NULL;
+ _gnutls_mpi_powm(k, f, x, prime);
+ return k;
}
-
diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h
index 6b449ec72e..9336a31230 100644
--- a/lib/gnutls_dh.h
+++ b/lib/gnutls_dh.h
@@ -18,8 +18,8 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-const mpi_t* _gnutls_get_dh_params(gnutls_dh_params);
-mpi_t gnutls_calc_dh_secret( mpi_t *ret_x, mpi_t g, mpi_t prime );
-mpi_t gnutls_calc_dh_key( mpi_t f, mpi_t x, mpi_t prime );
-int _gnutls_dh_generate_prime(mpi_t *ret_g, mpi_t* ret_n, uint bits);
+const mpi_t *_gnutls_get_dh_params(gnutls_dh_params);
+mpi_t gnutls_calc_dh_secret(mpi_t * ret_x, mpi_t g, mpi_t prime);
+mpi_t gnutls_calc_dh_key(mpi_t f, mpi_t x, mpi_t prime);
+int _gnutls_dh_generate_prime(mpi_t * ret_g, mpi_t * ret_n, uint bits);
void gnutls_dh_params_deinit(gnutls_dh_params dh_params);
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index 061868093a..e6da92c4ae 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -23,7 +23,7 @@
#include <gnutls_int.h>
#include <gnutls_errors.h>
#include <gnutls_datum.h>
-#include <x509_b64.h> /* for PKCS3 PEM decoding */
+#include <x509_b64.h> /* for PKCS3 PEM decoding */
#include <gnutls_global.h>
#include <gnutls_dh.h>
#include <x509/mpi.h>
@@ -32,95 +32,96 @@
/* returns the prime and the generator of DH params.
*/
-const mpi_t* _gnutls_get_dh_params(gnutls_dh_params dh_primes)
+const mpi_t *_gnutls_get_dh_params(gnutls_dh_params dh_primes)
{
- if (dh_primes == NULL || dh_primes->params[1] == NULL ||
- dh_primes->params[0] == NULL)
- {
- return NULL;
- }
+ if (dh_primes == NULL || dh_primes->params[1] == NULL ||
+ dh_primes->params[0] == NULL) {
+ return NULL;
+ }
- return dh_primes->params;
+ return dh_primes->params;
}
int _gnutls_dh_generate_prime(mpi_t * ret_g, mpi_t * ret_n,
unsigned int bits)
{
- mpi_t g=NULL, prime=NULL;
- gcry_error_t err;
- int result, times = 0, qbits;
- mpi_t *factors = NULL;
-
- /* Calculate the size of a prime factor of (prime-1)/2.
- * This is a bad emulation of Michael Wiener's table
- */
- if (bits < 256) qbits = bits/2;
- else {
- qbits = 120 + (((bits / 256) - 1) * 20);
+ mpi_t g = NULL, prime = NULL;
+ gcry_error_t err;
+ int result, times = 0, qbits;
+ mpi_t *factors = NULL;
+
+ /* Calculate the size of a prime factor of (prime-1)/2.
+ * This is a bad emulation of Michael Wiener's table
+ */
+ if (bits < 256)
+ qbits = bits / 2;
+ else {
+ qbits = 120 + (((bits / 256) - 1) * 20);
+ }
+
+ if (qbits & 1) /* better have an even number */
+ qbits++;
+
+ /* find a prime number of size bits.
+ */
+ do {
+
+ if (times) {
+ _gnutls_mpi_release(&prime);
+ gcry_prime_release_factors(factors);
}
- if (qbits & 1) /* better have an even number */
- qbits++;
-
- /* find a prime number of size bits.
- */
- do {
-
- if (times) {
- _gnutls_mpi_release(&prime);
- gcry_prime_release_factors (factors);
- }
-
- err = gcry_prime_generate( &prime, bits, qbits,
- &factors, NULL, NULL, GCRY_STRONG_RANDOM,
- GCRY_PRIME_FLAG_SPECIAL_FACTOR);
-
- if (err != 0) {
- gnutls_assert();
- result = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- err = gcry_prime_check( prime, 0);
-
- times++;
- } while( err != 0 && times < 10);
+ err = gcry_prime_generate(&prime, bits, qbits,
+ &factors, NULL, NULL, GCRY_STRONG_RANDOM,
+ GCRY_PRIME_FLAG_SPECIAL_FACTOR);
if (err != 0) {
- gnutls_assert();
- result = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
+ gnutls_assert();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
}
- /* generate the group generator.
- */
- err = gcry_prime_group_generator (&g, prime, factors, NULL);
- if (err != 0) {
- gnutls_assert();
- result = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
+ err = gcry_prime_check(prime, 0);
+
+ times++;
+ } while (err != 0 && times < 10);
+
+ if (err != 0) {
+ gnutls_assert();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ /* generate the group generator.
+ */
+ err = gcry_prime_group_generator(&g, prime, factors, NULL);
+ if (err != 0) {
+ gnutls_assert();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ gcry_prime_release_factors(factors);
+ factors = NULL;
+
+ if (ret_g)
+ *ret_g = g;
+ else
+ _gnutls_mpi_release(&g);
+ if (ret_n)
+ *ret_n = prime;
+ else
+ _gnutls_mpi_release(&prime);
+
+ return 0;
+
+ cleanup:
+ gcry_prime_release_factors(factors);
+ _gnutls_mpi_release(&g);
+ _gnutls_mpi_release(&prime);
+
+ return result;
- gcry_prime_release_factors (factors); factors = NULL;
-
- if (ret_g)
- *ret_g = g;
- else
- _gnutls_mpi_release(&g);
- if (ret_n)
- *ret_n = prime;
- else
- _gnutls_mpi_release(&prime);
-
- return 0;
-
- cleanup:
- gcry_prime_release_factors (factors);
- _gnutls_mpi_release(&g);
- _gnutls_mpi_release(&prime);
-
- return result;
-
}
/* Replaces the prime in the static DH parameters, with a randomly
@@ -137,31 +138,32 @@ int _gnutls_dh_generate_prime(mpi_t * ret_g, mpi_t * ret_n,
* appropriate gnutls_datum.
*
**/
-int gnutls_dh_params_import_raw(gnutls_dh_params dh_params, const gnutls_datum *prime,
- const gnutls_datum* generator)
+int gnutls_dh_params_import_raw(gnutls_dh_params dh_params,
+ const gnutls_datum * prime,
+ const gnutls_datum * generator)
{
- mpi_t tmp_prime, tmp_g;
- size_t siz;
+ mpi_t tmp_prime, tmp_g;
+ size_t siz;
- siz = prime->size;
- if (_gnutls_mpi_scan(&tmp_prime, prime->data, &siz)) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ siz = prime->size;
+ if (_gnutls_mpi_scan(&tmp_prime, prime->data, &siz)) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- siz = generator->size;
- if (_gnutls_mpi_scan(&tmp_g, generator->data, &siz)) {
- _gnutls_mpi_release(&tmp_prime);
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ siz = generator->size;
+ if (_gnutls_mpi_scan(&tmp_g, generator->data, &siz)) {
+ _gnutls_mpi_release(&tmp_prime);
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- /* store the generated values
- */
- dh_params->params[0] = tmp_prime;
- dh_params->params[1] = tmp_g;
+ /* store the generated values
+ */
+ dh_params->params[0] = tmp_prime;
+ dh_params->params[1] = tmp_g;
- return 0;
+ return 0;
}
@@ -175,13 +177,13 @@ int gnutls_dh_params_import_raw(gnutls_dh_params dh_params, const gnutls_datum *
int gnutls_dh_params_init(gnutls_dh_params * dh_params)
{
- (*dh_params) = gnutls_calloc(1, sizeof(dh_params_st));
- if (*dh_params == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ (*dh_params) = gnutls_calloc(1, sizeof(dh_params_st));
+ if (*dh_params == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
@@ -194,13 +196,13 @@ int gnutls_dh_params_init(gnutls_dh_params * dh_params)
**/
void gnutls_dh_params_deinit(gnutls_dh_params dh_params)
{
- if (dh_params == NULL)
- return;
+ if (dh_params == NULL)
+ return;
- _gnutls_mpi_release(&dh_params->params[0]);
- _gnutls_mpi_release(&dh_params->params[1]);
+ _gnutls_mpi_release(&dh_params->params[0]);
+ _gnutls_mpi_release(&dh_params->params[1]);
- gnutls_free(dh_params);
+ gnutls_free(dh_params);
}
@@ -215,16 +217,16 @@ void gnutls_dh_params_deinit(gnutls_dh_params dh_params)
**/
int gnutls_dh_params_cpy(gnutls_dh_params dst, gnutls_dh_params src)
{
- if (src == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (src == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- dst->params[0] = _gnutls_mpi_copy(src->params[0]);
- dst->params[1] = _gnutls_mpi_copy(src->params[1]);
+ dst->params[0] = _gnutls_mpi_copy(src->params[0]);
+ dst->params[1] = _gnutls_mpi_copy(src->params[1]);
- if (dst->params[0]==NULL || dst->params[1] == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ if (dst->params[0] == NULL || dst->params[1] == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- return 0;
+ return 0;
}
@@ -246,16 +248,16 @@ int gnutls_dh_params_cpy(gnutls_dh_params dst, gnutls_dh_params src)
**/
int gnutls_dh_params_generate2(gnutls_dh_params params, unsigned int bits)
{
-int ret;
+ int ret;
- ret = _gnutls_dh_generate_prime(&params->params[1],
- &params->params[0], bits);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_dh_generate_prime(&params->params[1],
+ &params->params[0], bits);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -274,84 +276,87 @@ int ret;
* 0 on success.
*
**/
-int gnutls_dh_params_import_pkcs3(gnutls_dh_params params,
- const gnutls_datum * pkcs3_params, gnutls_x509_crt_fmt format)
+int gnutls_dh_params_import_pkcs3(gnutls_dh_params params,
+ const gnutls_datum * pkcs3_params,
+ gnutls_x509_crt_fmt format)
{
- ASN1_TYPE c2;
- int result, need_free = 0;
- gnutls_datum _params;
-
- if (format == GNUTLS_X509_FMT_PEM) {
- opaque *out;
-
- result = _gnutls_fbase64_decode("DH PARAMETERS",
- pkcs3_params->data, pkcs3_params->size,
- &out);
-
- if (result <= 0) {
- if (result==0) result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert();
- return result;
- }
-
- _params.data = out;
- _params.size = result;
-
- need_free = 1;
-
- } else {
- _params.data = pkcs3_params->data;
- _params.size = pkcs3_params->size;
- }
+ ASN1_TYPE c2;
+ int result, need_free = 0;
+ gnutls_datum _params;
+
+ if (format == GNUTLS_X509_FMT_PEM) {
+ opaque *out;
+
+ result = _gnutls_fbase64_decode("DH PARAMETERS",
+ pkcs3_params->data,
+ pkcs3_params->size, &out);
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2))
- != ASN1_SUCCESS) {
- gnutls_assert();
- if (need_free != 0) {
- gnutls_free( _params.data); _params.data = NULL;
- }
- return _gnutls_asn2err(result);
+ if (result <= 0) {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert();
+ return result;
}
- result =
- asn1_der_decoding(&c2, _params.data, _params.size, NULL);
-
+ _params.data = out;
+ _params.size = result;
+
+ need_free = 1;
+
+ } else {
+ _params.data = pkcs3_params->data;
+ _params.size = pkcs3_params->size;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
if (need_free != 0) {
- gnutls_free( _params.data); _params.data = NULL;
+ gnutls_free(_params.data);
+ _params.data = NULL;
}
+ return _gnutls_asn2err(result);
+ }
- if (result != ASN1_SUCCESS) {
- /* couldn't decode DER */
+ result = asn1_der_decoding(&c2, _params.data, _params.size, NULL);
- _gnutls_x509_log("DHParams: Decoding error %d\n", result);
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
+ if (need_free != 0) {
+ gnutls_free(_params.data);
+ _params.data = NULL;
+ }
- /* Read PRIME
- */
- result = _gnutls_x509_read_int( c2, "prime", &params->params[0]);
- if ( result < 0) {
- asn1_delete_structure(&c2);
- gnutls_assert();
- return result;
- }
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
- /* read the generator
- */
- result = _gnutls_x509_read_int( c2, "base", &params->params[1]);
- if ( result < 0) {
- asn1_delete_structure(&c2);
- _gnutls_mpi_release( &params->params[0]);
- gnutls_assert();
- return result;
- }
+ _gnutls_x509_log("DHParams: Decoding error %d\n", result);
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+ /* Read PRIME
+ */
+ result = _gnutls_x509_read_int(c2, "prime", &params->params[0]);
+ if (result < 0) {
asn1_delete_structure(&c2);
+ gnutls_assert();
+ return result;
+ }
+
+ /* read the generator
+ */
+ result = _gnutls_x509_read_int(c2, "base", &params->params[1]);
+ if (result < 0) {
+ asn1_delete_structure(&c2);
+ _gnutls_mpi_release(&params->params[0]);
+ gnutls_assert();
+ return result;
+ }
+
+ asn1_delete_structure(&c2);
- return 0;
+ return 0;
}
/**
@@ -373,147 +378,148 @@ int gnutls_dh_params_import_pkcs3(gnutls_dh_params params,
* 0 on success.
*
**/
-int gnutls_dh_params_export_pkcs3( gnutls_dh_params params,
- gnutls_x509_crt_fmt format, unsigned char* params_data,
- size_t* params_data_size)
+int gnutls_dh_params_export_pkcs3(gnutls_dh_params params,
+ gnutls_x509_crt_fmt format,
+ unsigned char *params_data,
+ size_t * params_data_size)
{
- ASN1_TYPE c2;
- int result, _params_data_size;
- size_t g_size, p_size;
- opaque * p_data, *g_data;
- opaque * all_data;
-
- _gnutls_mpi_print( NULL, &g_size, params->params[1]);
- _gnutls_mpi_print( NULL, &p_size, params->params[0]);
-
- all_data = gnutls_malloc( g_size + p_size);
- if (all_data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ ASN1_TYPE c2;
+ int result, _params_data_size;
+ size_t g_size, p_size;
+ opaque *p_data, *g_data;
+ opaque *all_data;
+
+ _gnutls_mpi_print(NULL, &g_size, params->params[1]);
+ _gnutls_mpi_print(NULL, &p_size, params->params[0]);
+
+ all_data = gnutls_malloc(g_size + p_size);
+ if (all_data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p_data = &all_data[0];
+ g_data = &all_data[p_size];
+
+ _gnutls_mpi_print(p_data, &p_size, params->params[0]);
+ _gnutls_mpi_print(g_data, &g_size, params->params[1]);
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value(c2, "prime",
+ p_data, p_size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* Write the GENERATOR
+ */
+ if ((result = asn1_write_value(c2, "base",
+ g_data, g_size)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(all_data);
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ gnutls_free(all_data);
+
+ if ((result = asn1_write_value(c2, "privateValueLength",
+ NULL, 0)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ if (format == GNUTLS_X509_FMT_DER) {
+ if (params_data == NULL)
+ *params_data_size = 0;
+
+ _params_data_size = *params_data_size;
+ result =
+ asn1_der_coding(c2, "", params_data, &_params_data_size, NULL);
+ *params_data_size = _params_data_size;
+ asn1_delete_structure(&c2);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ if (result == ASN1_MEM_ERROR)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ return _gnutls_asn2err(result);
}
-
- p_data = &all_data[0];
- g_data = &all_data[p_size];
-
- _gnutls_mpi_print( p_data, &p_size, params->params[0]);
- _gnutls_mpi_print( g_data, &g_size, params->params[1]);
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2))
- != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_free(all_data);
- return _gnutls_asn2err(result);
+
+ } else { /* PEM */
+ opaque *tmp;
+ opaque *out;
+ int len;
+
+ len = 0;
+ asn1_der_coding(c2, "", NULL, &len, NULL);
+
+ tmp = gnutls_malloc(len);
+ if (tmp == NULL) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return GNUTLS_E_MEMORY_ERROR;
}
- /* Write PRIME
- */
- if ((result = asn1_write_value(c2, "prime",
- p_data, p_size)) != ASN1_SUCCESS)
- {
- gnutls_assert();
- gnutls_free(all_data);
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
+ if ((result =
+ asn1_der_coding(c2, "", tmp, &len, NULL)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(tmp);
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
}
- /* Write the GENERATOR
- */
- if ((result = asn1_write_value(c2, "base",
- g_data, g_size)) != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_free(all_data);
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
+ asn1_delete_structure(&c2);
+
+ result = _gnutls_fbase64_encode("DH PARAMETERS", tmp, len, &out);
+
+ gnutls_free(tmp);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
}
- gnutls_free(all_data);
+ if (result == 0) { /* oooops */
+ gnutls_assert();
+ gnutls_free(out);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if ((result = asn1_write_value(c2, "privateValueLength",
- NULL, 0)) != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
+ if ((uint) result + 1 > *params_data_size) {
+ gnutls_assert();
+ gnutls_free(out);
+ *params_data_size = result + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- if (format == GNUTLS_X509_FMT_DER) {
- if (params_data == NULL) *params_data_size = 0;
-
- _params_data_size = *params_data_size;
- result=asn1_der_coding( c2, "", params_data, &_params_data_size, NULL);
- *params_data_size = _params_data_size;
- asn1_delete_structure(&c2);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- if (result == ASN1_MEM_ERROR)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- return _gnutls_asn2err(result);
- }
-
- } else { /* PEM */
- opaque *tmp;
- opaque *out;
- int len;
-
- len = 0;
- asn1_der_coding( c2, "", NULL, &len, NULL);
-
- tmp = gnutls_malloc( len);
- if (tmp == NULL) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if ((result=asn1_der_coding( c2, "", tmp, &len, NULL)) != ASN1_SUCCESS)
- {
- gnutls_assert();
- gnutls_free( tmp);
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
-
- asn1_delete_structure(&c2);
-
- result = _gnutls_fbase64_encode("DH PARAMETERS",
- tmp, len, &out);
-
- gnutls_free( tmp);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- if (result == 0) { /* oooops */
- gnutls_assert();
- gnutls_free(out);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if ((uint)result + 1 > *params_data_size) {
- gnutls_assert();
- gnutls_free(out);
- *params_data_size = result + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *params_data_size = result;
-
- if (params_data) {
- memcpy( params_data, out, result);
- params_data[result] = 0;
- }
- gnutls_free( out);
-
+ *params_data_size = result;
+
+ if (params_data) {
+ memcpy(params_data, out, result);
+ params_data[result] = 0;
}
+ gnutls_free(out);
+
+ }
- return 0;
+ return 0;
}
/**
@@ -529,44 +535,45 @@ int gnutls_dh_params_export_pkcs3( gnutls_dh_params params,
*
**/
int gnutls_dh_params_export_raw(gnutls_dh_params params,
- gnutls_datum * prime, gnutls_datum * generator, unsigned int *bits)
+ gnutls_datum * prime,
+ gnutls_datum * generator,
+ unsigned int *bits)
{
- size_t size;
+ size_t size;
- if (params->params[1] == NULL ||
- params->params[0] == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- size = 0;
- _gnutls_mpi_print(NULL, &size, params->params[1]);
+ if (params->params[1] == NULL || params->params[0] == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- generator->data = gnutls_malloc(size);
- if (generator->data == NULL) {
- return GNUTLS_E_MEMORY_ERROR;
- }
+ size = 0;
+ _gnutls_mpi_print(NULL, &size, params->params[1]);
- generator->size = size;
- _gnutls_mpi_print(generator->data, &size, params->params[1]);
+ generator->data = gnutls_malloc(size);
+ if (generator->data == NULL) {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ generator->size = size;
+ _gnutls_mpi_print(generator->data, &size, params->params[1]);
- size = 0;
- _gnutls_mpi_print(NULL, &size, params->params[0]);
- prime->data = gnutls_malloc(size);
- if (prime->data == NULL) {
- gnutls_free(generator->data); generator->data = NULL;
- return GNUTLS_E_MEMORY_ERROR;
- }
- prime->size = size;
- _gnutls_mpi_print(prime->data, &size, params->params[0]);
-
- if (bits)
- *bits = _gnutls_mpi_get_nbits( params->params[0]);
+ size = 0;
+ _gnutls_mpi_print(NULL, &size, params->params[0]);
+
+ prime->data = gnutls_malloc(size);
+ if (prime->data == NULL) {
+ gnutls_free(generator->data);
+ generator->data = NULL;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ prime->size = size;
+ _gnutls_mpi_print(prime->data, &size, params->params[0]);
+
+ if (bits)
+ *bits = _gnutls_mpi_get_nbits(params->params[0]);
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index c68239e28c..46e8cc3084 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -33,122 +33,201 @@ extern LOG_FUNC _gnutls_log_func;
{ desc, #name, name, fatal}
struct gnutls_error_entry {
- const char *desc;
- const char *_name;
- int number;
- int fatal;
+ const char *desc;
+ const char *_name;
+ int number;
+ int fatal;
};
typedef struct gnutls_error_entry gnutls_error_entry;
static gnutls_error_entry error_algorithms[] = {
- /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
- ERROR_ENTRY("Success.", GNUTLS_E_SUCCESS, 0 ),
- ERROR_ENTRY("Could not negotiate a supported cipher suite.", GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1 ),
- ERROR_ENTRY("The cipher type is unsupported.", GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1 ),
- ERROR_ENTRY("The certificate and the given key do not match.", GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1 ),
- ERROR_ENTRY("Could not negotiate a supported compression method.", GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1 ),
- ERROR_ENTRY("An unknown public key algorithm was encountered.", GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1 ),
-
- ERROR_ENTRY("An algorithm that is not enabled was negotiated.", GNUTLS_E_UNWANTED_ALGORITHM, 1 ),
- ERROR_ENTRY("A large TLS record packet was received.", GNUTLS_E_LARGE_PACKET, 1 ),
- ERROR_ENTRY("A record packet with illegal version was received.", GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1 ),
- ERROR_ENTRY("The Diffie Hellman prime sent by the server is not acceptable (not long enough).", GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1 ),
- ERROR_ENTRY("A TLS packet with unexpected length was received.", GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1 ),
- ERROR_ENTRY("The specified session has been invalidated for some reason.", GNUTLS_E_INVALID_SESSION, 1 ),
-
- ERROR_ENTRY("GnuTLS internal error.", GNUTLS_E_INTERNAL_ERROR, 1 ),
- ERROR_ENTRY("An illegal TLS extension was received.", GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1 ),
- ERROR_ENTRY("A TLS fatal alert has been received.", GNUTLS_E_FATAL_ALERT_RECEIVED ,1 ),
- ERROR_ENTRY("An unexpected TLS packet was received.", GNUTLS_E_UNEXPECTED_PACKET, 1 ),
- ERROR_ENTRY("A TLS warning alert has been received.", GNUTLS_E_WARNING_ALERT_RECEIVED, 0 ),
- ERROR_ENTRY("An error was encountered at the TLS Finished packet calculation.", GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1 ),
- ERROR_ENTRY("The peer did not send any certificate.", GNUTLS_E_NO_CERTIFICATE_FOUND, 1 ),
-
- ERROR_ENTRY("No temporary RSA parameters were found.", GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1 ),
- ERROR_ENTRY("No temporary DH parameters were found.", GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1 ),
- ERROR_ENTRY("An unexpected TLS handshake packet was received.", GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1 ),
- ERROR_ENTRY("The scanning of a large integer has failed.", GNUTLS_E_MPI_SCAN_FAILED, 1 ),
- ERROR_ENTRY("Could not export a large integer.", GNUTLS_E_MPI_PRINT_FAILED, 1 ),
- ERROR_ENTRY("Decryption has failed.", GNUTLS_E_DECRYPTION_FAILED, 1 ),
- ERROR_ENTRY("Encryption has failed.", GNUTLS_E_ENCRYPTION_FAILED, 1 ),
- ERROR_ENTRY("Public key decryption has failed.", GNUTLS_E_PK_DECRYPTION_FAILED, 1 ),
- ERROR_ENTRY("Public key encryption has failed.", GNUTLS_E_PK_ENCRYPTION_FAILED, 1 ),
- ERROR_ENTRY("Public key signing has failed.", GNUTLS_E_PK_SIGN_FAILED, 1 ),
- ERROR_ENTRY("Public key signature verification has failed.", GNUTLS_E_PK_SIG_VERIFY_FAILED, 1 ),
- ERROR_ENTRY("Decompression of the TLS record packet has failed.", GNUTLS_E_DECOMPRESSION_FAILED, 1 ),
- ERROR_ENTRY("Compression of the TLS record packet has failed.", GNUTLS_E_COMPRESSION_FAILED, 1 ),
-
- ERROR_ENTRY("Internal error in memory allocation.", GNUTLS_E_MEMORY_ERROR, 1 ),
- ERROR_ENTRY("An unimplemented or disabled feature has been requested.", GNUTLS_E_UNIMPLEMENTED_FEATURE, 1 ),
- ERROR_ENTRY("Insufficient credentials for that request.", GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1 ),
- ERROR_ENTRY("Error in SRP password file.", GNUTLS_E_SRP_PWD_ERROR, 1 ),
- ERROR_ENTRY("Wrong padding in PKCS1 packet.", GNUTLS_E_PKCS1_WRONG_PAD, 1 ),
- ERROR_ENTRY("The requested session has expired.", GNUTLS_E_EXPIRED, 1 ),
- ERROR_ENTRY("Hashing has failed.", GNUTLS_E_HASH_FAILED, 1 ),
- ERROR_ENTRY("Base64 decoding error.", GNUTLS_E_BASE64_DECODING_ERROR, 1 ),
- ERROR_ENTRY("Base64 encoding error.", GNUTLS_E_BASE64_ENCODING_ERROR, 1 ),
- ERROR_ENTRY("Parsing error in SRP password file.", GNUTLS_E_SRP_PWD_PARSING_ERROR, 1 ),
- ERROR_ENTRY("The requested data were not available.", GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0 ),
- ERROR_ENTRY("Error in the pull function.", GNUTLS_E_PULL_ERROR, 1 ),
- ERROR_ENTRY("Error in the push function.", GNUTLS_E_PUSH_ERROR, 1 ),
- ERROR_ENTRY("The upper limit of record packet sequence numbers has been reached. Wow!", GNUTLS_E_RECORD_LIMIT_REACHED, 1 ),
- ERROR_ENTRY("Error in the certificate.", GNUTLS_E_CERTIFICATE_ERROR, 1 ),
- ERROR_ENTRY("Unknown Subject Alternative name in X.509 certificate.", GNUTLS_E_X509_UNKNOWN_SAN, 1 ),
-
- ERROR_ENTRY("Unsupported critical extension in X.509 certificate.", GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1 ),
- ERROR_ENTRY("Key usage violation in certificate has been detected.", GNUTLS_E_KEY_USAGE_VIOLATION, 1 ),
- ERROR_ENTRY("Function was interrupted.", GNUTLS_E_AGAIN, 0 ),
- ERROR_ENTRY("Function was interrupted.", GNUTLS_E_INTERRUPTED, 0 ),
- ERROR_ENTRY("Rehandshake was requested by the peer.", GNUTLS_E_REHANDSHAKE, 0 ),
- ERROR_ENTRY("TLS Application data were received, while expecting handshake data.", GNUTLS_E_GOT_APPLICATION_DATA, 1 ),
- ERROR_ENTRY("Error in Database backend.", GNUTLS_E_DB_ERROR, 1 ),
- ERROR_ENTRY("The certificate type is not supported.", GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1 ),
- ERROR_ENTRY("The given memory buffer is too short to hold parameters.", GNUTLS_E_SHORT_MEMORY_BUFFER, 1 ),
- ERROR_ENTRY("The request is invalid.", GNUTLS_E_INVALID_REQUEST, 1 ),
- ERROR_ENTRY("An illegal parameter has been received.", GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1 ),
- ERROR_ENTRY("Error while reading file.", GNUTLS_E_FILE_ERROR, 1 ),
-
- ERROR_ENTRY("ASN1 parser: Element was not found.", GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1 ),
- ERROR_ENTRY("ASN1 parser: Identifier was not found", GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1 ),
- ERROR_ENTRY("ASN1 parser: Error in DER parsing.", GNUTLS_E_ASN1_DER_ERROR, 1 ),
- ERROR_ENTRY("ASN1 parser: Value was not found.", GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1 ),
- ERROR_ENTRY("ASN1 parser: Generic parsing error.", GNUTLS_E_ASN1_GENERIC_ERROR, 1 ),
- ERROR_ENTRY("ASN1 parser: Value is not valid.", GNUTLS_E_ASN1_VALUE_NOT_VALID, 1 ),
- ERROR_ENTRY("ASN1 parser: Error in TAG.", GNUTLS_E_ASN1_TAG_ERROR, 1 ),
- ERROR_ENTRY("ASN1 parser: error in implicit tag", GNUTLS_E_ASN1_TAG_IMPLICIT, 1 ),
- ERROR_ENTRY("ASN1 parser: Error in type 'ANY'.", GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1 ),
- ERROR_ENTRY("ASN1 parser: Syntax error.", GNUTLS_E_ASN1_SYNTAX_ERROR, 1 ),
- ERROR_ENTRY("ASN1 parser: Overflow in DER parsing.", GNUTLS_E_ASN1_DER_OVERFLOW, 1 ),
-
- ERROR_ENTRY("Too many empty record packets have been received.", GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1 ),
- ERROR_ENTRY("The initialization of GnuTLS-extra has failed.", GNUTLS_E_INIT_LIBEXTRA, 1 ),
- ERROR_ENTRY("The GnuTLS library version does not match the GnuTLS-extra library version.",
- GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1 ),
- ERROR_ENTRY("The gcrypt library version is too old.",
- GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1 ),
-
- ERROR_ENTRY("The tasn1 library version is too old.",
- GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1 ),
- ERROR_ENTRY("The specified GnuPG TrustDB version is not supported. TrustDB v4 is supported.",
- GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED, 1 ),
-
- ERROR_ENTRY("Error loading the keyring.", GNUTLS_E_OPENPGP_KEYRING_ERROR, 1 ),
- ERROR_ENTRY("The initialization of LZO has failed.", GNUTLS_E_LZO_INIT_FAILED, 1 ),
- ERROR_ENTRY("No supported compression algorithms have been found.", GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1 ),
- ERROR_ENTRY("No supported cipher suites have been found.", GNUTLS_E_NO_CIPHER_SUITES, 1 ),
- ERROR_ENTRY("Could not get OpenPGP key.", GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
-
- ERROR_ENTRY("The SRP username supplied is illegal.", GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
-
- ERROR_ENTRY("The OpenPGP fingerprint is not supported.", GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
- ERROR_ENTRY("The certificate has unsupported attributes.", GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
- ERROR_ENTRY("The OID is not supported.", GNUTLS_E_X509_UNSUPPORTED_OID, 1),
- ERROR_ENTRY("The hash algorithm is unknown.", GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
- ERROR_ENTRY("The PKCS structure's content type is unknown.", GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
- ERROR_ENTRY("The PKCS structure's bag type is unknown.", GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
- ERROR_ENTRY("The given password contains invalid characters.", GNUTLS_E_INVALID_PASSWORD, 1),
- ERROR_ENTRY("The Message Authentication Code verification failed.", GNUTLS_E_MAC_VERIFY_FAILED, 1),
- {NULL, NULL, 0, 0}
+ /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
+ ERROR_ENTRY("Success.", GNUTLS_E_SUCCESS, 0),
+ ERROR_ENTRY("Could not negotiate a supported cipher suite.",
+ GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
+ ERROR_ENTRY("The cipher type is unsupported.",
+ GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
+ ERROR_ENTRY("The certificate and the given key do not match.",
+ GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
+ ERROR_ENTRY("Could not negotiate a supported compression method.",
+ GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
+ ERROR_ENTRY("An unknown public key algorithm was encountered.",
+ GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
+
+ ERROR_ENTRY("An algorithm that is not enabled was negotiated.",
+ GNUTLS_E_UNWANTED_ALGORITHM, 1),
+ ERROR_ENTRY("A large TLS record packet was received.",
+ GNUTLS_E_LARGE_PACKET, 1),
+ ERROR_ENTRY("A record packet with illegal version was received.",
+ GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
+ ERROR_ENTRY
+ ("The Diffie Hellman prime sent by the server is not acceptable (not long enough).",
+ GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
+ ERROR_ENTRY("A TLS packet with unexpected length was received.",
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
+ ERROR_ENTRY
+ ("The specified session has been invalidated for some reason.",
+ GNUTLS_E_INVALID_SESSION, 1),
+
+ ERROR_ENTRY("GnuTLS internal error.", GNUTLS_E_INTERNAL_ERROR, 1),
+ ERROR_ENTRY("An illegal TLS extension was received.",
+ GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
+ ERROR_ENTRY("A TLS fatal alert has been received.",
+ GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
+ ERROR_ENTRY("An unexpected TLS packet was received.",
+ GNUTLS_E_UNEXPECTED_PACKET, 1),
+ ERROR_ENTRY("A TLS warning alert has been received.",
+ GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
+ ERROR_ENTRY
+ ("An error was encountered at the TLS Finished packet calculation.",
+ GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
+ ERROR_ENTRY("The peer did not send any certificate.",
+ GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
+
+ ERROR_ENTRY("No temporary RSA parameters were found.",
+ GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
+ ERROR_ENTRY("No temporary DH parameters were found.",
+ GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
+ ERROR_ENTRY("An unexpected TLS handshake packet was received.",
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
+ ERROR_ENTRY("The scanning of a large integer has failed.",
+ GNUTLS_E_MPI_SCAN_FAILED, 1),
+ ERROR_ENTRY("Could not export a large integer.",
+ GNUTLS_E_MPI_PRINT_FAILED, 1),
+ ERROR_ENTRY("Decryption has failed.", GNUTLS_E_DECRYPTION_FAILED, 1),
+ ERROR_ENTRY("Encryption has failed.", GNUTLS_E_ENCRYPTION_FAILED, 1),
+ ERROR_ENTRY("Public key decryption has failed.",
+ GNUTLS_E_PK_DECRYPTION_FAILED, 1),
+ ERROR_ENTRY("Public key encryption has failed.",
+ GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
+ ERROR_ENTRY("Public key signing has failed.", GNUTLS_E_PK_SIGN_FAILED,
+ 1),
+ ERROR_ENTRY("Public key signature verification has failed.",
+ GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
+ ERROR_ENTRY("Decompression of the TLS record packet has failed.",
+ GNUTLS_E_DECOMPRESSION_FAILED, 1),
+ ERROR_ENTRY("Compression of the TLS record packet has failed.",
+ GNUTLS_E_COMPRESSION_FAILED, 1),
+
+ ERROR_ENTRY("Internal error in memory allocation.",
+ GNUTLS_E_MEMORY_ERROR, 1),
+ ERROR_ENTRY("An unimplemented or disabled feature has been requested.",
+ GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
+ ERROR_ENTRY("Insufficient credentials for that request.",
+ GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
+ ERROR_ENTRY("Error in SRP password file.", GNUTLS_E_SRP_PWD_ERROR, 1),
+ ERROR_ENTRY("Wrong padding in PKCS1 packet.", GNUTLS_E_PKCS1_WRONG_PAD,
+ 1),
+ ERROR_ENTRY("The requested session has expired.", GNUTLS_E_EXPIRED, 1),
+ ERROR_ENTRY("Hashing has failed.", GNUTLS_E_HASH_FAILED, 1),
+ ERROR_ENTRY("Base64 decoding error.", GNUTLS_E_BASE64_DECODING_ERROR,
+ 1),
+ ERROR_ENTRY("Base64 encoding error.", GNUTLS_E_BASE64_ENCODING_ERROR,
+ 1),
+ ERROR_ENTRY("Parsing error in SRP password file.",
+ GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
+ ERROR_ENTRY("The requested data were not available.",
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0),
+ ERROR_ENTRY("Error in the pull function.", GNUTLS_E_PULL_ERROR, 1),
+ ERROR_ENTRY("Error in the push function.", GNUTLS_E_PUSH_ERROR, 1),
+ ERROR_ENTRY
+ ("The upper limit of record packet sequence numbers has been reached. Wow!",
+ GNUTLS_E_RECORD_LIMIT_REACHED, 1),
+ ERROR_ENTRY("Error in the certificate.", GNUTLS_E_CERTIFICATE_ERROR,
+ 1),
+ ERROR_ENTRY("Unknown Subject Alternative name in X.509 certificate.",
+ GNUTLS_E_X509_UNKNOWN_SAN, 1),
+
+ ERROR_ENTRY("Unsupported critical extension in X.509 certificate.",
+ GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
+ ERROR_ENTRY("Key usage violation in certificate has been detected.",
+ GNUTLS_E_KEY_USAGE_VIOLATION, 1),
+ ERROR_ENTRY("Function was interrupted.", GNUTLS_E_AGAIN, 0),
+ ERROR_ENTRY("Function was interrupted.", GNUTLS_E_INTERRUPTED, 0),
+ ERROR_ENTRY("Rehandshake was requested by the peer.",
+ GNUTLS_E_REHANDSHAKE, 0),
+ ERROR_ENTRY
+ ("TLS Application data were received, while expecting handshake data.",
+ GNUTLS_E_GOT_APPLICATION_DATA, 1),
+ ERROR_ENTRY("Error in Database backend.", GNUTLS_E_DB_ERROR, 1),
+ ERROR_ENTRY("The certificate type is not supported.",
+ GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
+ ERROR_ENTRY("The given memory buffer is too short to hold parameters.",
+ GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
+ ERROR_ENTRY("The request is invalid.", GNUTLS_E_INVALID_REQUEST, 1),
+ ERROR_ENTRY("An illegal parameter has been received.",
+ GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
+ ERROR_ENTRY("Error while reading file.", GNUTLS_E_FILE_ERROR, 1),
+
+ ERROR_ENTRY("ASN1 parser: Element was not found.",
+ GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
+ ERROR_ENTRY("ASN1 parser: Identifier was not found",
+ GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
+ ERROR_ENTRY("ASN1 parser: Error in DER parsing.",
+ GNUTLS_E_ASN1_DER_ERROR, 1),
+ ERROR_ENTRY("ASN1 parser: Value was not found.",
+ GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
+ ERROR_ENTRY("ASN1 parser: Generic parsing error.",
+ GNUTLS_E_ASN1_GENERIC_ERROR, 1),
+ ERROR_ENTRY("ASN1 parser: Value is not valid.",
+ GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
+ ERROR_ENTRY("ASN1 parser: Error in TAG.", GNUTLS_E_ASN1_TAG_ERROR, 1),
+ ERROR_ENTRY("ASN1 parser: error in implicit tag",
+ GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
+ ERROR_ENTRY("ASN1 parser: Error in type 'ANY'.",
+ GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
+ ERROR_ENTRY("ASN1 parser: Syntax error.", GNUTLS_E_ASN1_SYNTAX_ERROR,
+ 1),
+ ERROR_ENTRY("ASN1 parser: Overflow in DER parsing.",
+ GNUTLS_E_ASN1_DER_OVERFLOW, 1),
+
+ ERROR_ENTRY("Too many empty record packets have been received.",
+ GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
+ ERROR_ENTRY("The initialization of GnuTLS-extra has failed.",
+ GNUTLS_E_INIT_LIBEXTRA, 1),
+ ERROR_ENTRY
+ ("The GnuTLS library version does not match the GnuTLS-extra library version.",
+ GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1),
+ ERROR_ENTRY("The gcrypt library version is too old.",
+ GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
+
+ ERROR_ENTRY("The tasn1 library version is too old.",
+ GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
+ ERROR_ENTRY
+ ("The specified GnuPG TrustDB version is not supported. TrustDB v4 is supported.",
+ GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED, 1),
+
+ ERROR_ENTRY("Error loading the keyring.",
+ GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
+ ERROR_ENTRY("The initialization of LZO has failed.",
+ GNUTLS_E_LZO_INIT_FAILED, 1),
+ ERROR_ENTRY("No supported compression algorithms have been found.",
+ GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
+ ERROR_ENTRY("No supported cipher suites have been found.",
+ GNUTLS_E_NO_CIPHER_SUITES, 1),
+ ERROR_ENTRY("Could not get OpenPGP key.",
+ GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
+
+ ERROR_ENTRY("The SRP username supplied is illegal.",
+ GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
+
+ ERROR_ENTRY("The OpenPGP fingerprint is not supported.",
+ GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
+ ERROR_ENTRY("The certificate has unsupported attributes.",
+ GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
+ ERROR_ENTRY("The OID is not supported.", GNUTLS_E_X509_UNSUPPORTED_OID,
+ 1),
+ ERROR_ENTRY("The hash algorithm is unknown.",
+ GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
+ ERROR_ENTRY("The PKCS structure's content type is unknown.",
+ GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
+ ERROR_ENTRY("The PKCS structure's bag type is unknown.",
+ GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
+ ERROR_ENTRY("The given password contains invalid characters.",
+ GNUTLS_E_INVALID_PASSWORD, 1),
+ ERROR_ENTRY("The Message Authentication Code verification failed.",
+ GNUTLS_E_MAC_VERIFY_FAILED, 1),
+ {NULL, NULL, 0, 0}
};
#define GNUTLS_ERROR_LOOP(b) \
@@ -176,10 +255,10 @@ static gnutls_error_entry error_algorithms[] = {
**/
int gnutls_error_is_fatal(int error)
{
- int ret = 0;
+ int ret = 0;
- GNUTLS_ERROR_ALG_LOOP(ret = p->fatal);
- return ret;
+ GNUTLS_ERROR_ALG_LOOP(ret = p->fatal);
+ return ret;
}
/**
@@ -191,12 +270,13 @@ int gnutls_error_is_fatal(int error)
**/
void gnutls_perror(int error)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_ERROR_ALG_LOOP(ret = p->desc);
- if (ret == NULL) ret = "(unknown)";
- fprintf(stderr, "GNUTLS ERROR: %s\n", ret);
+ /* avoid prefix */
+ GNUTLS_ERROR_ALG_LOOP(ret = p->desc);
+ if (ret == NULL)
+ ret = "(unknown)";
+ fprintf(stderr, "GNUTLS ERROR: %s\n", ret);
}
@@ -208,90 +288,96 @@ void gnutls_perror(int error)
* number returned by a gnutls function; In case of an unknown error
* a descriptive string is sent instead of NULL.
**/
-const char* gnutls_strerror(int error)
+const char *gnutls_strerror(int error)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_ERROR_ALG_LOOP(ret =
- p->desc);
- if (ret == NULL) return "(unknown error code)";
- return ret;
+ /* avoid prefix */
+ GNUTLS_ERROR_ALG_LOOP(ret = p->desc);
+ if (ret == NULL)
+ return "(unknown error code)";
+ return ret;
}
/* This will print the actual define of the
* given error code.
*/
-const char* _gnutls_strerror(int error)
+const char *_gnutls_strerror(int error)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_ERROR_ALG_LOOP(ret =
- p->_name);
+ /* avoid prefix */
+ GNUTLS_ERROR_ALG_LOOP(ret = p->_name);
- return ret;
+ return ret;
}
-int _gnutls_asn2err( int asn_err) {
- switch( asn_err) {
- case ASN1_FILE_NOT_FOUND:
- return GNUTLS_E_FILE_ERROR;
- case ASN1_ELEMENT_NOT_FOUND:
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- case ASN1_IDENTIFIER_NOT_FOUND:
- return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
- case ASN1_DER_ERROR:
- return GNUTLS_E_ASN1_DER_ERROR;
- case ASN1_VALUE_NOT_FOUND:
- return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
- case ASN1_GENERIC_ERROR:
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- case ASN1_VALUE_NOT_VALID:
- return GNUTLS_E_ASN1_VALUE_NOT_VALID;
- case ASN1_TAG_ERROR:
- return GNUTLS_E_ASN1_TAG_ERROR;
- case ASN1_TAG_IMPLICIT:
- return GNUTLS_E_ASN1_TAG_IMPLICIT;
- case ASN1_ERROR_TYPE_ANY:
- return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
- case ASN1_SYNTAX_ERROR:
- return GNUTLS_E_ASN1_SYNTAX_ERROR;
- case ASN1_MEM_ERROR:
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- case ASN1_MEM_ALLOC_ERROR:
- return GNUTLS_E_MEMORY_ERROR;
- case ASN1_DER_OVERFLOW:
- return GNUTLS_E_ASN1_DER_OVERFLOW;
- default:
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
+int _gnutls_asn2err(int asn_err)
+{
+ switch (asn_err) {
+ case ASN1_FILE_NOT_FOUND:
+ return GNUTLS_E_FILE_ERROR;
+ case ASN1_ELEMENT_NOT_FOUND:
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ case ASN1_IDENTIFIER_NOT_FOUND:
+ return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
+ case ASN1_DER_ERROR:
+ return GNUTLS_E_ASN1_DER_ERROR;
+ case ASN1_VALUE_NOT_FOUND:
+ return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
+ case ASN1_GENERIC_ERROR:
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ case ASN1_VALUE_NOT_VALID:
+ return GNUTLS_E_ASN1_VALUE_NOT_VALID;
+ case ASN1_TAG_ERROR:
+ return GNUTLS_E_ASN1_TAG_ERROR;
+ case ASN1_TAG_IMPLICIT:
+ return GNUTLS_E_ASN1_TAG_IMPLICIT;
+ case ASN1_ERROR_TYPE_ANY:
+ return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
+ case ASN1_SYNTAX_ERROR:
+ return GNUTLS_E_ASN1_SYNTAX_ERROR;
+ case ASN1_MEM_ERROR:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ case ASN1_MEM_ALLOC_ERROR:
+ return GNUTLS_E_MEMORY_ERROR;
+ case ASN1_DER_OVERFLOW:
+ return GNUTLS_E_ASN1_DER_OVERFLOW;
+ default:
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
}
/* this function will output a message using the
* caller provided function
*/
-void _gnutls_log( int level, const char *fmt, ...) {
- va_list args;
- char str[MAX_LOG_SIZE];
- void (*log_func)(int, const char*) = _gnutls_log_func;
+void _gnutls_log(int level, const char *fmt, ...)
+{
+ va_list args;
+ char str[MAX_LOG_SIZE];
+ void (*log_func) (int, const char *) = _gnutls_log_func;
- if (_gnutls_log_func==NULL) return;
+ if (_gnutls_log_func == NULL)
+ return;
- va_start(args,fmt);
- vsnprintf( str, MAX_LOG_SIZE - 1, fmt, args); /* Flawfinder: ignore */
- va_end(args);
+ va_start(args, fmt);
+ vsnprintf(str, MAX_LOG_SIZE - 1, fmt, args); /* Flawfinder: ignore */
+ va_end(args);
- log_func( level, str);
+ log_func(level, str);
}
+
#ifndef DEBUG
# ifndef C99_MACROS
/* Without C99 macros these functions have to
* be called. This may affect performance.
*/
-void _gnutls_null_log( void* x, ...) { return; }
+void _gnutls_null_log(void *x, ...)
+{
+ return;
+}
-# endif /* C99_MACROS */
-#endif /* DEBUG */
+# endif /* C99_MACROS */
+#endif /* DEBUG */
diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h
index 922447cfc1..a673852e39 100644
--- a/lib/gnutls_errors.h
+++ b/lib/gnutls_errors.h
@@ -25,18 +25,18 @@
# ifdef __LINE__
# define gnutls_assert() _gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__);
# else
-# define gnutls_assert()
+# define gnutls_assert()
# endif
-#else /* __FILE__ not defined */
-# define gnutls_assert()
+#else /* __FILE__ not defined */
+# define gnutls_assert()
#endif
-int _gnutls_asn2err( int asn_err);
-const char* gnutls_strerror(int error);
+int _gnutls_asn2err(int asn_err);
+const char *gnutls_strerror(int error);
void gnutls_perror(int error);
-int gnutls_error_is_fatal( int error);
+int gnutls_error_is_fatal(int error);
-void _gnutls_log( int, const char *fmt, ...);
+void _gnutls_log(int, const char *fmt, ...);
extern int _gnutls_log_level;
@@ -67,7 +67,6 @@ extern int _gnutls_log_level;
# define _gnutls_write_log _gnutls_null_log
# define _gnutls_x509_log _gnutls_null_log
-void _gnutls_null_log( void*, ...);
-
-#endif /* C99_MACROS */
+void _gnutls_null_log(void *, ...);
+#endif /* C99_MACROS */
diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h
index 3f64c626d7..19a0227f0d 100644
--- a/lib/gnutls_errors_int.h
+++ b/lib/gnutls_errors_int.h
@@ -10,35 +10,35 @@
#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
#define GNUTLS_E_LARGE_PACKET -7
-#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
-#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
+#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
+#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
#define GNUTLS_E_INVALID_SESSION -10
#define GNUTLS_E_FATAL_ALERT_RECEIVED -12
-#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
+#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
#define GNUTLS_E_WARNING_ALERT_RECEIVED -16
#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
-#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
+#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
#define GNUTLS_E_UNWANTED_ALGORITHM -22
#define GNUTLS_E_MPI_SCAN_FAILED -23
-#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
+#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
#define GNUTLS_E_MEMORY_ERROR -25
-#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
+#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
#define GNUTLS_E_COMPRESSION_FAILED -27
#define GNUTLS_E_AGAIN -28
#define GNUTLS_E_EXPIRED -29
#define GNUTLS_E_DB_ERROR -30
#define GNUTLS_E_SRP_PWD_ERROR -31
#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
-#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
+#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
-#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
+#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
#define GNUTLS_E_HASH_FAILED -33
#define GNUTLS_E_BASE64_DECODING_ERROR -34
#define GNUTLS_E_MPI_PRINT_FAILED -35
-#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
+#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
#define GNUTLS_E_GOT_APPLICATION_DATA -38
#define GNUTLS_E_RECORD_LIMIT_REACHED -39
#define GNUTLS_E_ENCRYPTION_FAILED -40
@@ -48,13 +48,13 @@
#define GNUTLS_E_PK_SIGN_FAILED -46
#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
#define GNUTLS_E_KEY_USAGE_VIOLATION -48
-#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
+#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
#define GNUTLS_E_INVALID_REQUEST -50
#define GNUTLS_E_SHORT_MEMORY_BUFFER -51
#define GNUTLS_E_INTERRUPTED -52
#define GNUTLS_E_PUSH_ERROR -53
#define GNUTLS_E_PULL_ERROR -54
-#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
+#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
#define GNUTLS_E_PKCS1_WRONG_PAD -57
#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
@@ -106,7 +106,7 @@
#define GNUTLS_E_CERTIFICATE_ERROR -43
#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
-#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
+#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
#define GNUTLS_E_X509_UNKNOWN_SAN -62
#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
@@ -114,7 +114,7 @@
#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
#define GNUTLS_E_INVALID_PASSWORD -99
-#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
+#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
#define GNUTLS_E_BASE64_ENCODING_ERROR -201
#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202
@@ -130,4 +130,4 @@
#define GNUTLS_E_INT_RET_0 -1251
#define GNUTLS_E_INT_HANDSHAKE_AGAIN -1252
-#endif /* GNUTLS_ERRORS_IH */
+#endif /* GNUTLS_ERRORS_IH */
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index 515ecb7032..868cd9ca7c 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -42,10 +42,16 @@
const int _gnutls_extensions_size = MAX_EXT_SIZE;
gnutls_extension_entry _gnutls_extensions[MAX_EXT_SIZE] = {
- GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_MAX_RECORD_SIZE, _gnutls_max_record_recv_params, _gnutls_max_record_send_params),
- GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_CERT_TYPE, _gnutls_cert_type_recv_params, _gnutls_cert_type_send_params),
- GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_SERVER_NAME, _gnutls_server_name_recv_params, _gnutls_server_name_send_params),
- {0, 0, 0, 0}
+ GNUTLS_EXTENSION_ENTRY(GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ _gnutls_max_record_recv_params,
+ _gnutls_max_record_send_params),
+ GNUTLS_EXTENSION_ENTRY(GNUTLS_EXTENSION_CERT_TYPE,
+ _gnutls_cert_type_recv_params,
+ _gnutls_cert_type_send_params),
+ GNUTLS_EXTENSION_ENTRY(GNUTLS_EXTENSION_SERVER_NAME,
+ _gnutls_server_name_recv_params,
+ _gnutls_server_name_send_params),
+ {0, 0, 0, 0}
};
#define GNUTLS_EXTENSION_LOOP2(b) \
@@ -60,101 +66,110 @@ gnutls_extension_entry _gnutls_extensions[MAX_EXT_SIZE] = {
ext_recv_func _gnutls_ext_func_recv(uint16 type)
{
- ext_recv_func ret = NULL;
- GNUTLS_EXTENSION_LOOP(ret = p->gnutls_ext_func_recv);
- return ret;
+ ext_recv_func ret = NULL;
+ GNUTLS_EXTENSION_LOOP(ret = p->gnutls_ext_func_recv);
+ return ret;
}
ext_send_func _gnutls_ext_func_send(uint16 type)
{
- ext_send_func ret = NULL;
- GNUTLS_EXTENSION_LOOP(ret = p->gnutls_ext_func_send);
- return ret;
+ ext_send_func ret = NULL;
+ GNUTLS_EXTENSION_LOOP(ret = p->gnutls_ext_func_send);
+ return ret;
}
-const char* _gnutls_extension_get_name(uint16 type)
+const char *_gnutls_extension_get_name(uint16 type)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_EXTENSION_LOOP(ret = p->name + sizeof("GNUTLS_EXTENSION_") - 1);
+ /* avoid prefix */
+ GNUTLS_EXTENSION_LOOP(ret = p->name + sizeof("GNUTLS_EXTENSION_") - 1);
- return ret;
+ return ret;
}
/* Checks if the extension we just received is one of the
* requested ones. Otherwise it's a fatal error.
*/
-static int _gnutls_extension_list_check( gnutls_session session, uint16 type) {
- if (session->security_parameters.entity==GNUTLS_CLIENT) {
- int i;
- for(i=0;i<session->internals.extensions_sent_size;i++) {
- if (type==session->internals.extensions_sent[i])
- return 0; /* ok found */
- }
- return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
+static int _gnutls_extension_list_check(gnutls_session session,
+ uint16 type)
+{
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ int i;
+ for (i = 0; i < session->internals.extensions_sent_size; i++) {
+ if (type == session->internals.extensions_sent[i])
+ return 0; /* ok found */
}
+ return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
+ }
- return 0;
+ return 0;
}
-int _gnutls_parse_extensions( gnutls_session session, const opaque* data, int data_size) {
-int next, ret;
-int pos=0;
-uint16 type;
-const opaque* sdata;
-ext_recv_func ext_recv;
-uint16 size;
+int _gnutls_parse_extensions(gnutls_session session, const opaque * data,
+ int data_size)
+{
+ int next, ret;
+ int pos = 0;
+ uint16 type;
+ const opaque *sdata;
+ ext_recv_func ext_recv;
+ uint16 size;
#ifdef DEBUG
-int i;
-
- if (session->security_parameters.entity==GNUTLS_CLIENT)
- for (i=0;i<session->internals.extensions_sent_size;i++) {
- _gnutls_debug_log("EXT[%d]: expecting extension '%s'\n", session,
- _gnutls_extension_get_name(session->internals.extensions_sent[i]));
- }
+ int i;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ for (i = 0; i < session->internals.extensions_sent_size; i++) {
+ _gnutls_debug_log("EXT[%d]: expecting extension '%s'\n",
+ session,
+ _gnutls_extension_get_name(session->
+ internals.
+ extensions_sent
+ [i]));
+ }
#endif
- DECR_LENGTH_RET( data_size, 2, 0);
- next = _gnutls_read_uint16( data);
- pos+=2;
-
- DECR_LENGTH_RET( data_size, next, 0);
-
- do {
- DECR_LENGTH_RET( next, 2, 0);
- type = _gnutls_read_uint16( &data[pos]);
- pos+=2;
-
- _gnutls_debug_log("EXT[%x]: Received extension '%s'\n", session,
- _gnutls_extension_get_name(type));
-
- if ( (ret=_gnutls_extension_list_check( session, type)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- DECR_LENGTH_RET( next, 2, 0);
- size = _gnutls_read_uint16(&data[pos]);
- pos+=2;
-
- DECR_LENGTH_RET( next, size, 0);
- sdata = &data[pos];
- pos+=size;
-
- ext_recv = _gnutls_ext_func_recv(type);
- if (ext_recv == NULL) continue;
- if ( (ret=ext_recv( session, sdata, size)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- } while(next > 2);
-
- return 0;
+ DECR_LENGTH_RET(data_size, 2, 0);
+ next = _gnutls_read_uint16(data);
+ pos += 2;
+
+ DECR_LENGTH_RET(data_size, next, 0);
+
+ do {
+ DECR_LENGTH_RET(next, 2, 0);
+ type = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ _gnutls_debug_log("EXT[%x]: Received extension '%s'\n", session,
+ _gnutls_extension_get_name(type));
+
+ if ((ret = _gnutls_extension_list_check(session, type)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ DECR_LENGTH_RET(next, 2, 0);
+ size = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ DECR_LENGTH_RET(next, size, 0);
+ sdata = &data[pos];
+ pos += size;
+
+ ext_recv = _gnutls_ext_func_recv(type);
+ if (ext_recv == NULL)
+ continue;
+ if ((ret = ext_recv(session, sdata, size)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ } while (next > 2);
+
+ return 0;
}
@@ -162,91 +177,95 @@ int i;
* This list is used to check whether the (later) received
* extensions are the ones we requested.
*/
-static void _gnutls_extension_list_add( gnutls_session session, uint16 type) {
-
- if (session->security_parameters.entity==GNUTLS_CLIENT) {
- if (session->internals.extensions_sent_size < MAX_EXT_TYPES) {
- session->internals.extensions_sent[session->internals.extensions_sent_size] = type;
- session->internals.extensions_sent_size++;
- } else {
- _gnutls_debug_log("extensions: Increase MAX_EXT_TYPES\n");
- }
+static void _gnutls_extension_list_add(gnutls_session session, uint16 type)
+{
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (session->internals.extensions_sent_size < MAX_EXT_TYPES) {
+ session->internals.extensions_sent[session->internals.
+ extensions_sent_size] =
+ type;
+ session->internals.extensions_sent_size++;
+ } else {
+ _gnutls_debug_log("extensions: Increase MAX_EXT_TYPES\n");
}
+ }
}
-int _gnutls_gen_extensions( gnutls_session session, opaque* data, size_t data_size)
+int _gnutls_gen_extensions(gnutls_session session, opaque * data,
+ size_t data_size)
{
-int next, size;
-uint16 pos=0;
-opaque *sdata;
-int sdata_size;
-ext_send_func ext_send;
-
-
- if (data_size < 2) {
+ int next, size;
+ uint16 pos = 0;
+ opaque *sdata;
+ int sdata_size;
+ ext_send_func ext_send;
+
+
+ if (data_size < 2) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* allocate enough data for each extension.
+ */
+ sdata_size = data_size;
+ sdata = gnutls_malloc(sdata_size);
+ if (sdata == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ pos += 2;
+ next = MAX_EXT_TYPES; /* maximum supported extensions */
+ do {
+ next--;
+ ext_send = _gnutls_ext_func_send(next);
+ if (ext_send == NULL)
+ continue;
+ size = ext_send(session, sdata, sdata_size);
+ if (size > 0) {
+ if (data_size < pos + (size_t) size + 4) {
gnutls_assert();
+ gnutls_free(sdata);
return GNUTLS_E_INTERNAL_ERROR;
- }
+ }
- /* allocate enough data for each extension.
- */
- sdata_size = data_size;
- sdata = gnutls_malloc( sdata_size);
- if (sdata == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- pos+=2;
- next = MAX_EXT_TYPES; /* maximum supported extensions */
- do {
- next--;
- ext_send = _gnutls_ext_func_send(next);
- if (ext_send == NULL) continue;
- size = ext_send( session, sdata, sdata_size);
- if (size > 0) {
- if (data_size < pos+(size_t)size+4) {
- gnutls_assert();
- gnutls_free(sdata);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* write extension type */
- _gnutls_write_uint16( next, &data[pos]);
- pos+=2;
-
- /* write size */
- _gnutls_write_uint16( size, &data[pos]);
- pos+=2;
-
- memcpy( &data[pos], sdata, size);
- pos+=size;
-
- /* add this extension to the extension list
- */
- _gnutls_extension_list_add( session, next);
-
- _gnutls_debug_log("EXT[%x]: Sending extension %s\n", session,
- _gnutls_extension_get_name(next));
- } else if (size < 0) {
- gnutls_assert();
- gnutls_free(sdata);
- return size;
- }
-
- } while(next >= 0);
-
- size = pos;
- pos-=2; /* remove the size of the size header! */
-
- _gnutls_write_uint16( pos, data);
-
- if (size==2) { /* empty */
- size = 0;
+ /* write extension type */
+ _gnutls_write_uint16(next, &data[pos]);
+ pos += 2;
+
+ /* write size */
+ _gnutls_write_uint16(size, &data[pos]);
+ pos += 2;
+
+ memcpy(&data[pos], sdata, size);
+ pos += size;
+
+ /* add this extension to the extension list
+ */
+ _gnutls_extension_list_add(session, next);
+
+ _gnutls_debug_log("EXT[%x]: Sending extension %s\n", session,
+ _gnutls_extension_get_name(next));
+ } else if (size < 0) {
+ gnutls_assert();
+ gnutls_free(sdata);
+ return size;
}
-
- gnutls_free( sdata);
- return size;
-}
+ } while (next >= 0);
+
+ size = pos;
+ pos -= 2; /* remove the size of the size header! */
+ _gnutls_write_uint16(pos, data);
+
+ if (size == 2) { /* empty */
+ size = 0;
+ }
+
+ gnutls_free(sdata);
+ return size;
+
+}
diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h
index f87bc80cbd..288ec183be 100644
--- a/lib/gnutls_extensions.h
+++ b/lib/gnutls_extensions.h
@@ -21,18 +21,19 @@
#include <gnutls_int.h>
const char *_gnutls_extension_get_name(uint16 type);
-int _gnutls_parse_extensions( gnutls_session, const opaque*, int);
-int _gnutls_gen_extensions( gnutls_session session, opaque* data, size_t data_size);
+int _gnutls_parse_extensions(gnutls_session, const opaque *, int);
+int _gnutls_gen_extensions(gnutls_session session, opaque * data,
+ size_t data_size);
-typedef int (*ext_recv_func)( gnutls_session, const opaque*, size_t); /* recv data */
-typedef int (*ext_send_func)( gnutls_session, opaque*, size_t); /* send data */
+typedef int (*ext_recv_func) (gnutls_session, const opaque *, size_t); /* recv data */
+typedef int (*ext_send_func) (gnutls_session, opaque *, size_t); /* send data */
ext_send_func _gnutls_ext_func_send(uint16 type);
ext_recv_func _gnutls_ext_func_recv(uint16 type);
typedef struct {
- const char *name;
- uint16 type;
- ext_recv_func gnutls_ext_func_recv;
- ext_send_func gnutls_ext_func_send;
+ const char *name;
+ uint16 type;
+ ext_recv_func gnutls_ext_func_recv;
+ ext_send_func gnutls_ext_func_send;
} gnutls_extension_entry;
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index ccb37bafc1..c3bf7d334e 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -32,7 +32,7 @@ extern const ASN1_ARRAY_TYPE gnutls_asn1_tab[];
extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
LOG_FUNC _gnutls_log_func;
-int _gnutls_log_level = 0; /* default log level */
+int _gnutls_log_level = 0; /* default log level */
ASN1_TYPE _gnutls_pkix1_asn;
ASN1_TYPE _gnutls_gnutls_asn;
@@ -49,9 +49,9 @@ ASN1_TYPE _gnutls_gnutls_asn;
* gnutls_log_func is of the form,
* void (*gnutls_log_func)( int level, const char*);
**/
-void gnutls_global_set_log_function( gnutls_log_func log_func)
+void gnutls_global_set_log_function(gnutls_log_func log_func)
{
- _gnutls_log_func = log_func;
+ _gnutls_log_func = log_func;
}
/**
@@ -66,28 +66,29 @@ void gnutls_global_set_log_function( gnutls_log_func log_func)
* Use a log level over 10 to enable all debugging options.
*
**/
-void gnutls_global_set_log_level( int level)
+void gnutls_global_set_log_level(int level)
{
- _gnutls_log_level = level;
+ _gnutls_log_level = level;
}
#ifdef DEBUG
/* default logging function */
-static void dlog( int level, const char* str) {
- fputs( str, stderr);
+static void dlog(int level, const char *str)
+{
+ fputs(str, stderr);
}
#endif
extern gnutls_alloc_function gnutls_secure_malloc;
extern gnutls_alloc_function gnutls_malloc;
extern gnutls_free_function gnutls_free;
-extern int (*_gnutls_is_secure_memory)(const void*);
+extern int (*_gnutls_is_secure_memory) (const void *);
extern gnutls_realloc_function gnutls_realloc;
-extern char* (*gnutls_strdup)(const char*);
-extern void* (*gnutls_calloc)(size_t, size_t);
+extern char *(*gnutls_strdup) (const char *);
+extern void *(*gnutls_calloc) (size_t, size_t);
-int _gnutls_is_secure_mem_null( const void*);
+int _gnutls_is_secure_mem_null(const void *);
/**
* gnutls_global_set_mem_functions - This function sets the memory allocation functions
@@ -106,38 +107,41 @@ int _gnutls_is_secure_mem_null( const void*);
* This function must be called before gnutls_global_init() is called.
*
**/
-void gnutls_global_set_mem_functions(
- void *(*gnutls_alloc_func)(size_t), void* (*gnutls_secure_alloc_func)(size_t),
- int (*gnutls_is_secure_func)(const void*), void *(*gnutls_realloc_func)(void *, size_t),
- void (*gnutls_free_func)(void*))
+void gnutls_global_set_mem_functions(void *(*gnutls_alloc_func) (size_t), void
+ *(*gnutls_secure_alloc_func) (size_t),
+ int (*gnutls_is_secure_func) (const
+ void *),
+ void *(*gnutls_realloc_func) (void *,
+ size_t),
+ void (*gnutls_free_func) (void *))
{
- gnutls_secure_malloc = gnutls_secure_alloc_func;
- gnutls_malloc = gnutls_alloc_func;
- gnutls_realloc = gnutls_realloc_func;
- gnutls_free = gnutls_free_func;
-
- if (gnutls_is_secure_func!=NULL)
- _gnutls_is_secure_memory = gnutls_is_secure_func;
- else
- _gnutls_is_secure_memory = _gnutls_is_secure_mem_null;
-
- /* if using the libc's default malloc
- * use libc's calloc as well.
- */
- if ( gnutls_malloc == malloc) {
- gnutls_calloc = calloc;
- } else { /* use the included ones */
- gnutls_calloc = _gnutls_calloc;
- }
- gnutls_strdup = _gnutls_strdup;
+ gnutls_secure_malloc = gnutls_secure_alloc_func;
+ gnutls_malloc = gnutls_alloc_func;
+ gnutls_realloc = gnutls_realloc_func;
+ gnutls_free = gnutls_free_func;
+
+ if (gnutls_is_secure_func != NULL)
+ _gnutls_is_secure_memory = gnutls_is_secure_func;
+ else
+ _gnutls_is_secure_memory = _gnutls_is_secure_mem_null;
+
+ /* if using the libc's default malloc
+ * use libc's calloc as well.
+ */
+ if (gnutls_malloc == malloc) {
+ gnutls_calloc = calloc;
+ } else { /* use the included ones */
+ gnutls_calloc = _gnutls_calloc;
+ }
+ gnutls_strdup = _gnutls_strdup;
}
#ifdef DEBUG
-static void _gnutls_gcry_log_handler( void* dummy, int level, const char* fmt,
- va_list list)
+static void _gnutls_gcry_log_handler(void *dummy, int level,
+ const char *fmt, va_list list)
{
- _gnutls_log( fmt, list);
+ _gnutls_log(fmt, list);
}
#endif
@@ -158,70 +162,74 @@ static int _gnutls_init = 0;
* want to disable libgcrypt's internal lockings etc.
*
**/
-int gnutls_global_init( void)
+int gnutls_global_init(void)
{
- int result = 0;
- int res;
-
- if (_gnutls_init) goto out;
- _gnutls_init++;
+ int result = 0;
+ int res;
+
+ if (_gnutls_init)
+ goto out;
+ _gnutls_init++;
+
+ if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0) {
+ const char *p;
+ p = strchr(GNUTLS_GCRYPT_VERSION, ':');
+ if (p == NULL)
+ p = GNUTLS_GCRYPT_VERSION;
+ else
+ p++;
- if (gcry_control( GCRYCTL_ANY_INITIALIZATION_P) == 0) {
- const char* p;
- p = strchr( GNUTLS_GCRYPT_VERSION, ':');
- if (p==NULL) p = GNUTLS_GCRYPT_VERSION;
- else p++;
+ if (gcry_check_version(p) == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("Checking for libgcrypt failed '%s'\n", p);
+ return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
+ }
- if (gcry_check_version(p)==NULL) {
- gnutls_assert();
- _gnutls_debug_log("Checking for libgcrypt failed '%s'\n", p);
- return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
- }
+ /* for gcrypt in order to be able to allocate memory */
+ gcry_set_allocation_handler(gnutls_malloc, gnutls_secure_malloc,
+ _gnutls_is_secure_memory,
+ gnutls_realloc, gnutls_free);
- /* for gcrypt in order to be able to allocate memory */
- gcry_set_allocation_handler(gnutls_malloc, gnutls_secure_malloc, _gnutls_is_secure_memory, gnutls_realloc, gnutls_free);
-
- /* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */
+ /* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */
- gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL,0);
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
#ifdef DEBUG
- /* applications may want to override that, so we only use
- * it in debugging mode.
- */
- gcry_set_log_handler( _gnutls_gcry_log_handler, NULL);
+ /* applications may want to override that, so we only use
+ * it in debugging mode.
+ */
+ gcry_set_log_handler(_gnutls_gcry_log_handler, NULL);
#endif
- }
-
+ }
#ifdef DEBUG
- gnutls_global_set_log_function( dlog);
+ gnutls_global_set_log_function(dlog);
#endif
- /* initialize parser
- * This should not deal with files in the final
- * version.
- */
+ /* initialize parser
+ * This should not deal with files in the final
+ * version.
+ */
- if (asn1_check_version(GNUTLS_LIBTASN1_VERSION)==NULL) {
- gnutls_assert();
- return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
- }
-
- res=asn1_array2tree( pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
- if (res != ASN1_SUCCESS) {
- result = _gnutls_asn2err(res);
- goto out;
- }
+ if (asn1_check_version(GNUTLS_LIBTASN1_VERSION) == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
+ }
- res=asn1_array2tree( gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
- if (res != ASN1_SUCCESS) {
- asn1_delete_structure(&_gnutls_pkix1_asn);
- result = _gnutls_asn2err(res);
- goto out;
- }
-
- out:
- return result;
+ res = asn1_array2tree(pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
+ if (res != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(res);
+ goto out;
+ }
+
+ res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
+ if (res != ASN1_SUCCESS) {
+ asn1_delete_structure(&_gnutls_pkix1_asn);
+ result = _gnutls_asn2err(res);
+ goto out;
+ }
+
+ out:
+ return result;
}
/**
@@ -232,14 +240,15 @@ int gnutls_global_init( void)
*
**/
-void gnutls_global_deinit( void) {
+void gnutls_global_deinit(void)
+{
+
+ if (_gnutls_init == 1) {
+ _gnutls_init--;
+ asn1_delete_structure(&_gnutls_gnutls_asn);
+ asn1_delete_structure(&_gnutls_pkix1_asn);
+ }
- if (_gnutls_init==1) {
- _gnutls_init--;
- asn1_delete_structure(&_gnutls_gnutls_asn);
- asn1_delete_structure(&_gnutls_pkix1_asn);
- }
-
}
@@ -260,8 +269,10 @@ void gnutls_global_deinit( void) {
* PULL_FUNC is of the form,
* ssize_t (*gnutls_pull_func)(gnutls_transport_ptr, const void*, size_t);
**/
-void gnutls_transport_set_pull_function( gnutls_session session, gnutls_pull_func pull_func) {
- session->internals._gnutls_pull_func = pull_func;
+void gnutls_transport_set_pull_function(gnutls_session session,
+ gnutls_pull_func pull_func)
+{
+ session->internals._gnutls_pull_func = pull_func;
}
/**
@@ -279,46 +290,47 @@ void gnutls_transport_set_pull_function( gnutls_session session, gnutls_pull_fun
* PUSH_FUNC is of the form,
* ssize_t (*gnutls_push_func)(gnutls_transport_ptr, const void*, size_t);
**/
-void gnutls_transport_set_push_function( gnutls_session session, gnutls_push_func push_func) {
- session->internals._gnutls_push_func = push_func;
+void gnutls_transport_set_push_function(gnutls_session session,
+ gnutls_push_func push_func)
+{
+ session->internals._gnutls_push_func = push_func;
}
/* Taken from libgcrypt. Needed to configure scripts.
*/
-static const char*
-parse_version_number( const char *s, int *number )
+static const char *parse_version_number(const char *s, int *number)
{
int val = 0;
- if( *s == '0' && isdigit(s[1]) )
- return NULL; /* leading zeros are not allowed */
- for ( ; isdigit(*s); s++ ) {
+ if (*s == '0' && isdigit(s[1]))
+ return NULL; /* leading zeros are not allowed */
+ for (; isdigit(*s); s++) {
val *= 10;
val += *s - '0';
}
*number = val;
- return val < 0? NULL : s;
+ return val < 0 ? NULL : s;
}
/* The parse version functions were copied from libgcrypt.
*/
-static const char *
-parse_version_string( const char *s, int *major, int *minor, int *micro )
+static const char *parse_version_string(const char *s, int *major,
+ int *minor, int *micro)
{
- s = parse_version_number( s, major );
- if( !s || *s != '.' )
+ s = parse_version_number(s, major);
+ if (!s || *s != '.')
return NULL;
s++;
- s = parse_version_number( s, minor );
- if( !s || *s != '.' )
+ s = parse_version_number(s, minor);
+ if (!s || *s != '.')
return NULL;
s++;
- s = parse_version_number( s, micro );
- if( !s )
+ s = parse_version_number(s, micro);
+ if (!s)
return NULL;
- return s; /* patchlevel */
+ return s; /* patchlevel */
}
/**
@@ -331,34 +343,31 @@ parse_version_string( const char *s, int *major, int *minor, int *micro )
* but the version string is simply returned.
*
**/
-const char *
-gnutls_check_version( const char *req_version )
+const char *gnutls_check_version(const char *req_version)
{
const char *ver = GNUTLS_VERSION;
int my_major, my_minor, my_micro;
int rq_major, rq_minor, rq_micro;
const char *my_plvl, *rq_plvl;
- if ( !req_version )
+ if (!req_version)
return ver;
- my_plvl = parse_version_string( ver, &my_major, &my_minor, &my_micro );
- if ( !my_plvl )
- return NULL; /* very strange our own version is bogus */
- rq_plvl = parse_version_string( req_version, &rq_major, &rq_minor,
- &rq_micro );
- if ( !rq_plvl )
- return NULL; /* req version string is invalid */
+ my_plvl = parse_version_string(ver, &my_major, &my_minor, &my_micro);
+ if (!my_plvl)
+ return NULL; /* very strange our own version is bogus */
+ rq_plvl = parse_version_string(req_version, &rq_major, &rq_minor,
+ &rq_micro);
+ if (!rq_plvl)
+ return NULL; /* req version string is invalid */
- if ( my_major > rq_major
+ if (my_major > rq_major
|| (my_major == rq_major && my_minor > rq_minor)
|| (my_major == rq_major && my_minor == rq_minor
- && my_micro > rq_micro)
+ && my_micro > rq_micro)
|| (my_major == rq_major && my_minor == rq_minor
- && my_micro == rq_micro
- && strcmp( my_plvl, rq_plvl ) >= 0) ) {
+ && my_micro == rq_micro && strcmp(my_plvl, rq_plvl) >= 0)) {
return ver;
}
return NULL;
}
-
diff --git a/lib/gnutls_global.h b/lib/gnutls_global.h
index 55c0713872..f59fd3c7bf 100644
--- a/lib/gnutls_global.h
+++ b/lib/gnutls_global.h
@@ -3,8 +3,8 @@
#include <libtasn1.h>
-int gnutls_global_init( void);
-int gnutls_is_secure_memory(const void* mem);
+int gnutls_global_init(void);
+int gnutls_is_secure_memory(const void *mem);
extern ASN1_TYPE _gnutls_pkix1_asn;
extern ASN1_TYPE _gnutls_gnutls_asn;
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 150e1864d6..9dc66a99dd 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -47,8 +47,8 @@
#include <gnutls_alert.h>
#include <gnutls_state.h>
#include <ext_srp.h>
-#include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */
-#include <auth_anon.h> /* for gnutls_anon_server_credentials */
+#include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */
+#include <auth_anon.h> /* for gnutls_anon_server_credentials */
#ifdef HANDSHAKE_DEBUG
#define ERR(x, y) _gnutls_handshake_log( "HSK[%x]: %s (%d)\n", session, x,y)
@@ -60,19 +60,19 @@
#define FALSE 0
int _gnutls_server_select_comp_method(gnutls_session session,
- opaque * data, int datalen);
+ opaque * data, int datalen);
/* Clears the handshake hash buffers and handles.
*/
inline static
-void _gnutls_handshake_hash_buffers_clear( gnutls_session session)
+void _gnutls_handshake_hash_buffers_clear(gnutls_session session)
{
- _gnutls_hash_deinit( session->internals.handshake_mac_handle_md5, NULL);
- _gnutls_hash_deinit( session->internals.handshake_mac_handle_sha, NULL);
- session->internals.handshake_mac_handle_md5 = NULL;
- session->internals.handshake_mac_handle_sha = NULL;
- _gnutls_handshake_buffer_clear( session);
+ _gnutls_hash_deinit(session->internals.handshake_mac_handle_md5, NULL);
+ _gnutls_hash_deinit(session->internals.handshake_mac_handle_sha, NULL);
+ session->internals.handshake_mac_handle_md5 = NULL;
+ session->internals.handshake_mac_handle_sha = NULL;
+ _gnutls_handshake_buffer_clear(session);
}
/* this will copy the required values for resuming to
@@ -81,55 +81,57 @@ void _gnutls_handshake_hash_buffers_clear( gnutls_session session)
*/
static void resume_copy_required_values(gnutls_session session)
{
- /* get the new random values */
- memcpy(session->internals.resumed_security_parameters.
- server_random,
- session->security_parameters.server_random, TLS_RANDOM_SIZE);
- memcpy(session->internals.resumed_security_parameters.
- client_random,
- session->security_parameters.client_random, TLS_RANDOM_SIZE);
-
- /* keep the ciphersuite and compression
- * That is because the client must see these in our
- * hello message.
- */
- memcpy(session->security_parameters.current_cipher_suite.
- suite,
- session->internals.resumed_security_parameters.
- current_cipher_suite.suite, 2);
-
- session->internals.compression_method =
- session->internals.resumed_security_parameters.read_compression_algorithm;
- /* or write_compression_algorithm
- * they are the same
- */
-
- session->security_parameters.entity =
- session->internals.resumed_security_parameters.entity;
-
- _gnutls_set_current_version( session, session->internals.resumed_security_parameters.version);
-
- session->security_parameters.cert_type =
- session->internals.resumed_security_parameters.cert_type;
-
- memcpy(session->security_parameters.session_id,
- session->internals.resumed_security_parameters.
- session_id, sizeof(session->security_parameters.session_id));
- session->security_parameters.session_id_size =
- session->internals.resumed_security_parameters.
- session_id_size;
+ /* get the new random values */
+ memcpy(session->internals.resumed_security_parameters.
+ server_random,
+ session->security_parameters.server_random, TLS_RANDOM_SIZE);
+ memcpy(session->internals.resumed_security_parameters.
+ client_random,
+ session->security_parameters.client_random, TLS_RANDOM_SIZE);
+
+ /* keep the ciphersuite and compression
+ * That is because the client must see these in our
+ * hello message.
+ */
+ memcpy(session->security_parameters.current_cipher_suite.
+ suite,
+ session->internals.resumed_security_parameters.
+ current_cipher_suite.suite, 2);
+
+ session->internals.compression_method =
+ session->internals.resumed_security_parameters.
+ read_compression_algorithm;
+ /* or write_compression_algorithm
+ * they are the same
+ */
+
+ session->security_parameters.entity =
+ session->internals.resumed_security_parameters.entity;
+
+ _gnutls_set_current_version(session,
+ session->internals.
+ resumed_security_parameters.version);
+
+ session->security_parameters.cert_type =
+ session->internals.resumed_security_parameters.cert_type;
+
+ memcpy(session->security_parameters.session_id,
+ session->internals.resumed_security_parameters.
+ session_id, sizeof(session->security_parameters.session_id));
+ session->security_parameters.session_id_size =
+ session->internals.resumed_security_parameters.session_id_size;
}
void _gnutls_set_server_random(gnutls_session session, uint8 * random)
{
- memcpy(session->security_parameters.server_random, random,
- TLS_RANDOM_SIZE);
+ memcpy(session->security_parameters.server_random, random,
+ TLS_RANDOM_SIZE);
}
void _gnutls_set_client_random(gnutls_session session, uint8 * random)
{
- memcpy(session->security_parameters.client_random, random,
- TLS_RANDOM_SIZE);
+ memcpy(session->security_parameters.client_random, random,
+ TLS_RANDOM_SIZE);
}
/* Calculate The SSL3 Finished message
@@ -137,39 +139,46 @@ void _gnutls_set_client_random(gnutls_session session, uint8 * random)
#define SSL3_CLIENT_MSG "CLNT"
#define SSL3_SERVER_MSG "SRVR"
#define SSL_MSG_LEN 4
-static int _gnutls_ssl3_finished(gnutls_session session, int type, opaque * ret)
+static int _gnutls_ssl3_finished(gnutls_session session, int type,
+ opaque * ret)
{
- const int siz = SSL_MSG_LEN;
- mac_hd_t td_md5;
- mac_hd_t td_sha;
- const char *mesg;
-
- td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5);
- if (td_md5 == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
-
- td_sha = _gnutls_hash_copy( session->internals.handshake_mac_handle_sha);
- if (td_sha == NULL) {
- gnutls_assert();
- _gnutls_hash_deinit( td_md5, NULL);
- return GNUTLS_E_HASH_FAILED;
- }
-
- if (type == GNUTLS_SERVER) {
- mesg = SSL3_SERVER_MSG;
- } else {
- mesg = SSL3_CLIENT_MSG;
- }
-
- _gnutls_hash(td_md5, mesg, siz);
- _gnutls_hash(td_sha, mesg, siz);
-
- _gnutls_mac_deinit_ssl3_handshake(td_md5, ret, session->security_parameters.master_secret, TLS_MASTER_SIZE);
- _gnutls_mac_deinit_ssl3_handshake(td_sha, &ret[16], session->security_parameters.master_secret, TLS_MASTER_SIZE);
+ const int siz = SSL_MSG_LEN;
+ mac_hd_t td_md5;
+ mac_hd_t td_sha;
+ const char *mesg;
+
+ td_md5 =
+ _gnutls_hash_copy(session->internals.handshake_mac_handle_md5);
+ if (td_md5 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
- return 0;
+ td_sha =
+ _gnutls_hash_copy(session->internals.handshake_mac_handle_sha);
+ if (td_sha == NULL) {
+ gnutls_assert();
+ _gnutls_hash_deinit(td_md5, NULL);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ if (type == GNUTLS_SERVER) {
+ mesg = SSL3_SERVER_MSG;
+ } else {
+ mesg = SSL3_CLIENT_MSG;
+ }
+
+ _gnutls_hash(td_md5, mesg, siz);
+ _gnutls_hash(td_sha, mesg, siz);
+
+ _gnutls_mac_deinit_ssl3_handshake(td_md5, ret,
+ session->security_parameters.
+ master_secret, TLS_MASTER_SIZE);
+ _gnutls_mac_deinit_ssl3_handshake(td_sha, &ret[16],
+ session->security_parameters.
+ master_secret, TLS_MASTER_SIZE);
+
+ return 0;
}
/* Hash the handshake messages as required by TLS 1.0
@@ -179,39 +188,40 @@ static int _gnutls_ssl3_finished(gnutls_session session, int type, opaque * ret)
#define TLS_MSG_LEN 15
int _gnutls_finished(gnutls_session session, int type, void *ret)
{
- const int siz = TLS_MSG_LEN;
- opaque concat[36];
- const char *mesg;
- mac_hd_t td_md5;
- mac_hd_t td_sha;
+ const int siz = TLS_MSG_LEN;
+ opaque concat[36];
+ const char *mesg;
+ mac_hd_t td_md5;
+ mac_hd_t td_sha;
- td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5);
- if (td_md5 == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
+ td_md5 =
+ _gnutls_hash_copy(session->internals.handshake_mac_handle_md5);
+ if (td_md5 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
- td_sha = _gnutls_hash_copy( session->internals.handshake_mac_handle_sha);
- if (td_sha == NULL) {
- gnutls_assert();
- _gnutls_hash_deinit( td_md5, NULL);
- return GNUTLS_E_HASH_FAILED;
- }
+ td_sha =
+ _gnutls_hash_copy(session->internals.handshake_mac_handle_sha);
+ if (td_sha == NULL) {
+ gnutls_assert();
+ _gnutls_hash_deinit(td_md5, NULL);
+ return GNUTLS_E_HASH_FAILED;
+ }
- _gnutls_hash_deinit(td_md5, concat);
- _gnutls_hash_deinit(td_sha, &concat[16]);
+ _gnutls_hash_deinit(td_md5, concat);
+ _gnutls_hash_deinit(td_sha, &concat[16]);
- if (type == GNUTLS_SERVER) {
- mesg = SERVER_MSG;
- } else {
- mesg = CLIENT_MSG;
- }
+ if (type == GNUTLS_SERVER) {
+ mesg = SERVER_MSG;
+ } else {
+ mesg = CLIENT_MSG;
+ }
- return _gnutls_PRF(session->security_parameters.master_secret,
- TLS_MASTER_SIZE, mesg, siz, concat, 36,
- 12, ret);
+ return _gnutls_PRF(session->security_parameters.master_secret,
+ TLS_MASTER_SIZE, mesg, siz, concat, 36, 12, ret);
}
/* this function will produce TLS_RANDOM_SIZE==32 bytes of random data
@@ -219,24 +229,24 @@ int _gnutls_finished(gnutls_session session, int type, void *ret)
*/
int _gnutls_tls_create_random(opaque * dst)
{
- uint32 tim;
+ uint32 tim;
- /* Use weak random numbers for the most of the
- * buffer except for the first 4 that are the
- * system's time.
- */
+ /* Use weak random numbers for the most of the
+ * buffer except for the first 4 that are the
+ * system's time.
+ */
- tim = time(NULL);
- /* generate server random value */
- _gnutls_write_uint32(tim, dst);
+ tim = time(NULL);
+ /* generate server random value */
+ _gnutls_write_uint32(tim, dst);
- if (_gnutls_get_random
- (&dst[4], TLS_RANDOM_SIZE - 4, GNUTLS_WEAK_RANDOM) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (_gnutls_get_random
+ (&dst[4], TLS_RANDOM_SIZE - 4, GNUTLS_WEAK_RANDOM) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
@@ -248,154 +258,159 @@ int _gnutls_tls_create_random(opaque * dst)
int _gnutls_read_client_hello(gnutls_session session, opaque * data,
int datalen)
{
- uint8 session_id_len, z;
- int pos = 0, ret;
- uint16 suite_size;
- gnutls_protocol_version version;
- int len = datalen;
- opaque random[TLS_RANDOM_SIZE], *suite_ptr;
- gnutls_protocol_version ver;
-
- if (session->internals.v2_hello != 0) { /* version 2.0 */
- return _gnutls_read_client_hello_v2(session, data, datalen);
- }
- DECR_LEN(len, 2);
-
- _gnutls_handshake_log("HSK[%x]: Client's version: %d.%d\n", session, data[pos], data[pos + 1]);
-
- version = _gnutls_version_get(data[pos], data[pos + 1]);
- set_adv_version(session, data[pos], data[pos + 1]);
- pos += 2;
-
- /* if we do not support that version */
- if (_gnutls_version_is_supported(session, version) == 0) {
- /* If he requested something we do not support
- * then we send him the highest we support.
- */
- ver = _gnutls_version_max(session);
- if (ver==GNUTLS_VERSION_UNKNOWN) {
- /* this check is not really needed.
- */
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
- }
- } else {
- ver = version;
- }
-
- _gnutls_set_current_version(session, ver);
-
- /* Read client random value.
- */
- DECR_LEN(len, TLS_RANDOM_SIZE);
- _gnutls_set_client_random(session, &data[pos]);
- pos += TLS_RANDOM_SIZE;
-
- _gnutls_tls_create_random(random);
- _gnutls_set_server_random(session, random);
-
- session->security_parameters.timestamp = time(NULL);
-
- DECR_LEN(len, 1);
- session_id_len = data[pos++];
-
- /* RESUME SESSION
+ uint8 session_id_len, z;
+ int pos = 0, ret;
+ uint16 suite_size;
+ gnutls_protocol_version version;
+ int len = datalen;
+ opaque random[TLS_RANDOM_SIZE], *suite_ptr;
+ gnutls_protocol_version ver;
+
+ if (session->internals.v2_hello != 0) { /* version 2.0 */
+ return _gnutls_read_client_hello_v2(session, data, datalen);
+ }
+ DECR_LEN(len, 2);
+
+ _gnutls_handshake_log("HSK[%x]: Client's version: %d.%d\n", session,
+ data[pos], data[pos + 1]);
+
+ version = _gnutls_version_get(data[pos], data[pos + 1]);
+ set_adv_version(session, data[pos], data[pos + 1]);
+ pos += 2;
+
+ /* if we do not support that version */
+ if (_gnutls_version_is_supported(session, version) == 0) {
+ /* If he requested something we do not support
+ * then we send him the highest we support.
*/
- if (session_id_len > TLS_MAX_SESSION_ID_SIZE) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ ver = _gnutls_version_max(session);
+ if (ver == GNUTLS_VERSION_UNKNOWN) {
+ /* this check is not really needed.
+ */
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
}
- DECR_LEN(len, session_id_len);
- ret = _gnutls_server_restore_session(session, &data[pos], session_id_len);
- pos += session_id_len;
+ } else {
+ ver = version;
+ }
- if (ret == 0) { /* resumed! */
- resume_copy_required_values(session);
- session->internals.resumed = RESUME_TRUE;
- return 0;
- } else {
- _gnutls_generate_session_id(session->security_parameters.
- session_id,
- &session->security_parameters.
- session_id_size);
+ _gnutls_set_current_version(session, ver);
- session->internals.resumed = RESUME_FALSE;
- }
+ /* Read client random value.
+ */
+ DECR_LEN(len, TLS_RANDOM_SIZE);
+ _gnutls_set_client_random(session, &data[pos]);
+ pos += TLS_RANDOM_SIZE;
- /* Remember ciphersuites for later
- */
- DECR_LEN(len, 2);
- suite_size = _gnutls_read_uint16(&data[pos]);
- pos += 2;
+ _gnutls_tls_create_random(random);
+ _gnutls_set_server_random(session, random);
- DECR_LEN(len, suite_size);
- suite_ptr = &data[pos];
- pos += suite_size;
+ session->security_parameters.timestamp = time(NULL);
- /* Select an appropriate compression method
- */
- DECR_LEN(len, 1);
- z = data[pos++]; /* z is the number of compression methods */
+ DECR_LEN(len, 1);
+ session_id_len = data[pos++];
- DECR_LEN(len, z);
- ret = _gnutls_server_select_comp_method(session, &data[pos], z);
- pos += z;
+ /* RESUME SESSION
+ */
+ if (session_id_len > TLS_MAX_SESSION_ID_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ DECR_LEN(len, session_id_len);
+ ret =
+ _gnutls_server_restore_session(session, &data[pos],
+ session_id_len);
+ pos += session_id_len;
+
+ if (ret == 0) { /* resumed! */
+ resume_copy_required_values(session);
+ session->internals.resumed = RESUME_TRUE;
+ return 0;
+ } else {
+ _gnutls_generate_session_id(session->security_parameters.
+ session_id,
+ &session->security_parameters.
+ session_id_size);
+
+ session->internals.resumed = RESUME_FALSE;
+ }
+
+ /* Remember ciphersuites for later
+ */
+ DECR_LEN(len, 2);
+ suite_size = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ DECR_LEN(len, suite_size);
+ suite_ptr = &data[pos];
+ pos += suite_size;
+
+ /* Select an appropriate compression method
+ */
+ DECR_LEN(len, 1);
+ z = data[pos++]; /* z is the number of compression methods */
+
+ DECR_LEN(len, z);
+ ret = _gnutls_server_select_comp_method(session, &data[pos], z);
+ pos += z;
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ /* Parse the extensions (if any)
+ */
+ if (ver >= GNUTLS_TLS1) {
+ ret = _gnutls_parse_extensions(session, &data[pos], len); /* len is the rest of the parsed length */
if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* Parse the extensions (if any)
- */
- if (ver >= GNUTLS_TLS1) {
- ret = _gnutls_parse_extensions(session, &data[pos], len); /* len is the rest of the parsed length */
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- }
-
- /* select an appropriate cipher suite
- */
- ret = _gnutls_server_select_suite(session, suite_ptr, suite_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ gnutls_assert();
+ return ret;
}
+ }
- return 0;
+ /* select an appropriate cipher suite
+ */
+ ret = _gnutls_server_select_suite(session, suite_ptr, suite_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/* here we hash all pending data.
*/
-inline static int
-_gnutls_handshake_hash_pending( gnutls_session session) {
-size_t siz;
-int ret;
-opaque * data;
-
- if (session->internals.handshake_mac_handle_sha==NULL ||
- session->internals.handshake_mac_handle_md5==NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+inline static int _gnutls_handshake_hash_pending(gnutls_session session)
+{
+ size_t siz;
+ int ret;
+ opaque *data;
- /* We check if there are pending data to hash.
- */
- if ((ret=_gnutls_handshake_buffer_get_ptr(session, &data, &siz)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if (session->internals.handshake_mac_handle_sha == NULL ||
+ session->internals.handshake_mac_handle_md5 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (siz > 0) {
- _gnutls_hash( session->internals.handshake_mac_handle_sha, data, siz);
- _gnutls_hash( session->internals.handshake_mac_handle_md5, data, siz);
- }
-
- _gnutls_handshake_buffer_empty( session);
-
- return 0;
+ /* We check if there are pending data to hash.
+ */
+ if ((ret = _gnutls_handshake_buffer_get_ptr(session, &data, &siz)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (siz > 0) {
+ _gnutls_hash(session->internals.handshake_mac_handle_sha, data,
+ siz);
+ _gnutls_hash(session->internals.handshake_mac_handle_md5, data,
+ siz);
+ }
+
+ _gnutls_handshake_buffer_empty(session);
+
+ return 0;
}
@@ -405,48 +420,46 @@ opaque * data;
*/
int _gnutls_send_finished(gnutls_session session, int again)
{
- uint8 data[36];
- int ret;
- int data_size = 0;
+ uint8 data[36];
+ int ret;
+ int data_size = 0;
- if (again == 0) {
-
- /* This is needed in order to hash all the required
- * messages.
- */
- if ((ret=_gnutls_handshake_hash_pending(session)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if (again == 0) {
- if (gnutls_protocol_get_version( session) == GNUTLS_SSL3) {
- ret =
- _gnutls_ssl3_finished(session,
- session->
- security_parameters.
- entity, data);
- data_size = 36;
- } else { /* TLS 1.0 */
- ret =
- _gnutls_finished(session,
- session->security_parameters.
- entity, data);
- data_size = 12;
- }
+ /* This is needed in order to hash all the required
+ * messages.
+ */
+ if ((ret = _gnutls_handshake_hash_pending(session)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (gnutls_protocol_get_version(session) == GNUTLS_SSL3) {
+ ret =
+ _gnutls_ssl3_finished(session,
+ session->
+ security_parameters.entity, data);
+ data_size = 36;
+ } else { /* TLS 1.0 */
+ ret =
+ _gnutls_finished(session,
+ session->security_parameters.
+ entity, data);
+ data_size = 12;
+ }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- ret =
- _gnutls_send_handshake(session, data, data_size,
- GNUTLS_FINISHED);
+ }
- return ret;
+ ret =
+ _gnutls_send_handshake(session, data, data_size, GNUTLS_FINISHED);
+
+ return ret;
}
/* This is to be called after sending our finished message. If everything
@@ -454,245 +467,256 @@ int _gnutls_send_finished(gnutls_session session, int again)
*/
int _gnutls_recv_finished(gnutls_session session)
{
- uint8 data[36], *vrfy;
- int data_size;
- int ret;
- int vrfysize;
-
- ret =
- _gnutls_recv_handshake(session, &vrfy, &vrfysize,
- GNUTLS_FINISHED, MANDATORY_PACKET);
- if (ret < 0) {
- ERR("recv finished int", ret);
- gnutls_assert();
- return ret;
- }
+ uint8 data[36], *vrfy;
+ int data_size;
+ int ret;
+ int vrfysize;
+
+ ret =
+ _gnutls_recv_handshake(session, &vrfy, &vrfysize,
+ GNUTLS_FINISHED, MANDATORY_PACKET);
+ if (ret < 0) {
+ ERR("recv finished int", ret);
+ gnutls_assert();
+ return ret;
+ }
- if ( gnutls_protocol_get_version( session) == GNUTLS_SSL3) {
- data_size = 36;
- } else {
- data_size = 12;
- }
+ if (gnutls_protocol_get_version(session) == GNUTLS_SSL3) {
+ data_size = 36;
+ } else {
+ data_size = 12;
+ }
- if (vrfysize != data_size) {
- gnutls_assert();
- gnutls_free(vrfy);
- return GNUTLS_E_ERROR_IN_FINISHED_PACKET;
- }
-
- if (gnutls_protocol_get_version( session) == GNUTLS_SSL3) {
- ret =
- _gnutls_ssl3_finished(session,
- (session->security_parameters.
- entity + 1) % 2, data);
- } else { /* TLS 1.0 */
- ret =
- _gnutls_finished(session,
- (session->security_parameters.entity +
- 1) % 2, data);
- }
+ if (vrfysize != data_size) {
+ gnutls_assert();
+ gnutls_free(vrfy);
+ return GNUTLS_E_ERROR_IN_FINISHED_PACKET;
+ }
- if (ret < 0) {
- gnutls_assert();
- gnutls_free(vrfy);
- return ret;
- }
+ if (gnutls_protocol_get_version(session) == GNUTLS_SSL3) {
+ ret =
+ _gnutls_ssl3_finished(session,
+ (session->security_parameters.
+ entity + 1) % 2, data);
+ } else { /* TLS 1.0 */
+ ret =
+ _gnutls_finished(session,
+ (session->security_parameters.entity +
+ 1) % 2, data);
+ }
- if (memcmp(vrfy, data, data_size) != 0) {
- gnutls_assert();
- ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
- }
+ if (ret < 0) {
+ gnutls_assert();
gnutls_free(vrfy);
-
return ret;
+ }
+
+ if (memcmp(vrfy, data, data_size) != 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
+ }
+ gnutls_free(vrfy);
+
+ return ret;
}
/* returns PK_RSA if the given cipher suite list only supports,
* RSA algorithms, PK_DSA if DSS, and PK_ANY for both or PK_NONE for none.
*/
-static int _gnutls_server_find_pk_algos_in_ciphersuites( const opaque* data, int datalen)
+static int _gnutls_server_find_pk_algos_in_ciphersuites(const opaque *
+ data, int datalen)
{
-int j;
-gnutls_pk_algorithm algo=GNUTLS_PK_NONE, prev_algo = 0;
-gnutls_kx_algorithm kx;
-cipher_suite_st cs;
+ int j;
+ gnutls_pk_algorithm algo = GNUTLS_PK_NONE, prev_algo = 0;
+ gnutls_kx_algorithm kx;
+ cipher_suite_st cs;
- if (datalen % 2 != 0) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ if (datalen % 2 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
- for (j = 0; j < datalen; j += 2) {
- memcpy( &cs.suite, &data[j], 2);
- kx = _gnutls_cipher_suite_get_kx_algo( &cs);
-
- if ( _gnutls_map_kx_get_cred( kx, 1) == GNUTLS_CRD_CERTIFICATE) {
- algo = _gnutls_map_pk_get_pk( kx);
-
- if (algo!=prev_algo && prev_algo!=0) return GNUTLS_PK_ANY;
- prev_algo = algo;
- }
+ for (j = 0; j < datalen; j += 2) {
+ memcpy(&cs.suite, &data[j], 2);
+ kx = _gnutls_cipher_suite_get_kx_algo(&cs);
+
+ if (_gnutls_map_kx_get_cred(kx, 1) == GNUTLS_CRD_CERTIFICATE) {
+ algo = _gnutls_map_pk_get_pk(kx);
+
+ if (algo != prev_algo && prev_algo != 0)
+ return GNUTLS_PK_ANY;
+ prev_algo = algo;
}
+ }
- return algo;
+ return algo;
}
/* This selects the best supported ciphersuite from the given ones. Then
* it adds the suite to the session and performs some checks.
*/
-int _gnutls_server_select_suite(gnutls_session session, opaque *data, int datalen)
+int _gnutls_server_select_suite(gnutls_session session, opaque * data,
+ int datalen)
{
- int x, i, j;
- cipher_suite_st *ciphers, cs;
- int retval, err;
- gnutls_pk_algorithm pk_algo; /* will hold the pk algorithms
- * supported by the peer.
- */
+ int x, i, j;
+ cipher_suite_st *ciphers, cs;
+ int retval, err;
+ gnutls_pk_algorithm pk_algo; /* will hold the pk algorithms
+ * supported by the peer.
+ */
- pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites( data, datalen);
-
- x = _gnutls_supported_ciphersuites(session, &ciphers);
- if (x < 0) { /* the case x==0 is handled within the function. */
- gnutls_assert();
- return x;
- }
-
- /* Here we remove any ciphersuite that does not conform
- * the certificate requested, or to the
- * authentication requested (e.g. SRP).
- */
- x = _gnutls_remove_unwanted_ciphersuites(session, &ciphers, x, pk_algo);
- if (x<=0) {
- gnutls_assert();
- gnutls_free(ciphers);
- if (x<0) return x;
- else return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
- }
-
- /* Data length should be zero mod 2 since
- * every ciphersuite is 2 bytes. (this check is needed
- * see below).
- */
- if (datalen % 2 != 0) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites(data, datalen);
+ x = _gnutls_supported_ciphersuites(session, &ciphers);
+ if (x < 0) { /* the case x==0 is handled within the function. */
+ gnutls_assert();
+ return x;
+ }
+
+ /* Here we remove any ciphersuite that does not conform
+ * the certificate requested, or to the
+ * authentication requested (e.g. SRP).
+ */
+ x = _gnutls_remove_unwanted_ciphersuites(session, &ciphers, x,
+ pk_algo);
+ if (x <= 0) {
+ gnutls_assert();
+ gnutls_free(ciphers);
+ if (x < 0)
+ return x;
+ else
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+
+ /* Data length should be zero mod 2 since
+ * every ciphersuite is 2 bytes. (this check is needed
+ * see below).
+ */
+ if (datalen % 2 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
#ifdef HANDSHAKE_DEBUG
- _gnutls_handshake_log("HSK[%x]: Requested cipher suites: \n", session);
- for (j = 0; j < datalen; j += 2) {
- memcpy( &cs.suite, &data[j], 2);
- _gnutls_handshake_log("\t%s\n",
- _gnutls_cipher_suite_get_name(&cs));
- }
- _gnutls_handshake_log("HSK[%x]: Supported cipher suites: \n", session);
- for (j = 0; j < x; j++)
- _gnutls_handshake_log("\t%s\n",
- _gnutls_cipher_suite_get_name(&ciphers[j]));
+ _gnutls_handshake_log("HSK[%x]: Requested cipher suites: \n", session);
+ for (j = 0; j < datalen; j += 2) {
+ memcpy(&cs.suite, &data[j], 2);
+ _gnutls_handshake_log("\t%s\n",
+ _gnutls_cipher_suite_get_name(&cs));
+ }
+ _gnutls_handshake_log("HSK[%x]: Supported cipher suites: \n", session);
+ for (j = 0; j < x; j++)
+ _gnutls_handshake_log("\t%s\n",
+ _gnutls_cipher_suite_get_name(&ciphers[j]));
#endif
- memset(session->security_parameters.current_cipher_suite.suite, '\0', 2);
-
- retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
-
- for (j = 0; j < datalen; j += 2) {
- for (i = 0; i < x; i++) {
- if (memcmp(ciphers[i].suite, &data[j], 2) ==
- 0) {
- memcpy( &cs.suite, &data[j], 2);
-
- _gnutls_handshake_log("HSK[%x]: Selected cipher suite: %s\n",
- session, _gnutls_cipher_suite_get_name(&cs));
- memcpy(session->security_parameters.current_cipher_suite.suite, ciphers[i].suite, 2);
- retval = 0;
- goto finish;
- }
- }
- }
-
- finish:
- gnutls_free(ciphers);
-
- if (retval != 0) {
- gnutls_assert();
- return retval;
- }
-
- /* check if the credentials (username, public key etc.) are ok
- */
- if (_gnutls_get_kx_cred
- (session, _gnutls_cipher_suite_get_kx_algo(&session->security_parameters.
- current_cipher_suite),
- &err) == NULL && err != 0) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ memset(session->security_parameters.current_cipher_suite.suite, '\0',
+ 2);
+ retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
- /* set the mod_auth_st to the appropriate struct
- * according to the KX algorithm. This is needed since all the
- * handshake functions are read from there;
- */
- session->internals.auth_struct =
- _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
- (&session->security_parameters.
- current_cipher_suite));
- if (session->internals.auth_struct == NULL) {
+ for (j = 0; j < datalen; j += 2) {
+ for (i = 0; i < x; i++) {
+ if (memcmp(ciphers[i].suite, &data[j], 2) == 0) {
+ memcpy(&cs.suite, &data[j], 2);
_gnutls_handshake_log
- ("HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n", session);
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ ("HSK[%x]: Selected cipher suite: %s\n", session,
+ _gnutls_cipher_suite_get_name(&cs));
+ memcpy(session->security_parameters.current_cipher_suite.
+ suite, ciphers[i].suite, 2);
+ retval = 0;
+ goto finish;
+ }
}
+ }
- return 0;
+ finish:
+ gnutls_free(ciphers);
+
+ if (retval != 0) {
+ gnutls_assert();
+ return retval;
+ }
+
+ /* check if the credentials (username, public key etc.) are ok
+ */
+ if (_gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo(&session->security_parameters.
+ current_cipher_suite),
+ &err) == NULL && err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.
+ current_cipher_suite));
+ if (session->internals.auth_struct == NULL) {
+
+ _gnutls_handshake_log
+ ("HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return 0;
}
/* This selects the best supported compression method from the ones provided
*/
-int _gnutls_server_select_comp_method(gnutls_session session, opaque * data,
- int datalen)
+int _gnutls_server_select_comp_method(gnutls_session session,
+ opaque * data, int datalen)
{
- int x, i, j;
- uint8 *comps;
+ int x, i, j;
+ uint8 *comps;
- x = _gnutls_supported_compression_methods(session, &comps);
- if (x < 0) {
- gnutls_assert();
- return x;
- }
+ x = _gnutls_supported_compression_methods(session, &comps);
+ if (x < 0) {
+ gnutls_assert();
+ return x;
+ }
- memset( &session->internals.compression_method, 0, sizeof(gnutls_compression_method));
+ memset(&session->internals.compression_method, 0,
+ sizeof(gnutls_compression_method));
- for (j = 0; j < datalen; j++) {
- for (i = 0; i < x; i++) {
- if (comps[i] == data[j]) {
- gnutls_compression_method method =
- _gnutls_compression_get_id(comps[i]);
+ for (j = 0; j < datalen; j++) {
+ for (i = 0; i < x; i++) {
+ if (comps[i] == data[j]) {
+ gnutls_compression_method method =
+ _gnutls_compression_get_id(comps[i]);
- session->internals.compression_method = method;
- gnutls_free(comps);
+ session->internals.compression_method = method;
+ gnutls_free(comps);
- _gnutls_handshake_log("HSK[%x]: Selected Compression Method: %s\n",
- session, gnutls_compression_get_name(session->internals.
- compression_method));
+ _gnutls_handshake_log
+ ("HSK[%x]: Selected Compression Method: %s\n", session,
+ gnutls_compression_get_name(session->internals.
+ compression_method));
- return 0;
- }
- }
+ return 0;
+ }
}
+ }
- /* we were not able to find a compatible compression
- * algorithm
- */
- gnutls_free(comps);
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ /* we were not able to find a compatible compression
+ * algorithm
+ */
+ gnutls_free(comps);
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
}
@@ -701,39 +725,43 @@ int _gnutls_server_select_comp_method(gnutls_session session, opaque * data,
* GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again
* (until it returns ok), with NULL parameters.
*/
-int _gnutls_send_empty_handshake(gnutls_session session, HandshakeType type,
- int again)
+int _gnutls_send_empty_handshake(gnutls_session session,
+ HandshakeType type, int again)
{
- opaque data = 0;
- opaque *ptr;
+ opaque data = 0;
+ opaque *ptr;
- if (again == 0)
- ptr = &data;
- else
- ptr = NULL;
+ if (again == 0)
+ ptr = &data;
+ else
+ ptr = NULL;
- return _gnutls_send_handshake(session, ptr, 0, type);
+ return _gnutls_send_handshake(session, ptr, 0, type);
}
/* This function will hash the handshake message we sent.
*/
static
-int _gnutls_handshake_hash_add_sent( gnutls_session session, HandshakeType type,
- opaque* dataptr, uint32 datalen) {
-int ret;
+int _gnutls_handshake_hash_add_sent(gnutls_session session,
+ HandshakeType type, opaque * dataptr,
+ uint32 datalen)
+{
+ int ret;
- if ( (ret=_gnutls_handshake_hash_pending( session)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if ((ret = _gnutls_handshake_hash_pending(session)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if ( type != GNUTLS_HELLO_REQUEST) {
- _gnutls_hash( session->internals.handshake_mac_handle_sha, dataptr, datalen);
- _gnutls_hash( session->internals.handshake_mac_handle_md5, dataptr, datalen);
- }
+ if (type != GNUTLS_HELLO_REQUEST) {
+ _gnutls_hash(session->internals.handshake_mac_handle_sha, dataptr,
+ datalen);
+ _gnutls_hash(session->internals.handshake_mac_handle_md5, dataptr,
+ datalen);
+ }
- return 0;
+ return 0;
}
@@ -745,62 +773,64 @@ int ret;
int _gnutls_send_handshake(gnutls_session session, void *i_data,
uint32 i_datasize, HandshakeType type)
{
- int ret;
- uint8 *data;
- uint32 datasize;
- int pos = 0;
-
- if (i_data == NULL && i_datasize == 0) {
- /* we are resuming a previously interrupted
- * send.
- */
- ret = _gnutls_handshake_io_write_flush(session);
- return ret;
+ int ret;
+ uint8 *data;
+ uint32 datasize;
+ int pos = 0;
+
+ if (i_data == NULL && i_datasize == 0) {
+ /* we are resuming a previously interrupted
+ * send.
+ */
+ ret = _gnutls_handshake_io_write_flush(session);
+ return ret;
- }
+ }
- if (i_data == NULL && i_datasize > 0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (i_data == NULL && i_datasize > 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* first run */
- datasize = i_datasize + HANDSHAKE_HEADER_SIZE;
- data = gnutls_alloca(datasize);
- if (data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ /* first run */
+ datasize = i_datasize + HANDSHAKE_HEADER_SIZE;
+ data = gnutls_alloca(datasize);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- data[pos++] = (uint8) type;
- _gnutls_write_uint24(i_datasize, &data[pos]);
- pos += 3;
+ data[pos++] = (uint8) type;
+ _gnutls_write_uint24(i_datasize, &data[pos]);
+ pos += 3;
- if (i_datasize > 0)
- memcpy(&data[pos], i_data, i_datasize);
+ if (i_datasize > 0)
+ memcpy(&data[pos], i_data, i_datasize);
- _gnutls_handshake_log("HSK[%x]: %s was send [%ld bytes]\n",
- session, _gnutls_handshake2str(type), datasize);
+ _gnutls_handshake_log("HSK[%x]: %s was send [%ld bytes]\n",
+ session, _gnutls_handshake2str(type), datasize);
- /* Here we keep the handshake messages in order to hash them...
- */
- if ( type != GNUTLS_HELLO_REQUEST)
- if ( (ret= _gnutls_handshake_hash_add_sent( session, type, data, datasize)) < 0) {
- gnutls_assert();
- gnutls_afree(data);
- return ret;
- }
+ /* Here we keep the handshake messages in order to hash them...
+ */
+ if (type != GNUTLS_HELLO_REQUEST)
+ if ((ret =
+ _gnutls_handshake_hash_add_sent(session, type, data,
+ datasize)) < 0) {
+ gnutls_assert();
+ gnutls_afree(data);
+ return ret;
+ }
- session->internals.last_handshake_out = type;
+ session->internals.last_handshake_out = type;
- ret =
- _gnutls_handshake_io_send_int(session, GNUTLS_HANDSHAKE, type,
- data, datasize);
+ ret =
+ _gnutls_handshake_io_send_int(session, GNUTLS_HANDSHAKE, type,
+ data, datasize);
- gnutls_afree(data);
+ gnutls_afree(data);
- return ret;
+ return ret;
}
/* This function will read the handshake header and return it to the caller. If the
@@ -814,127 +844,117 @@ static int _gnutls_recv_handshake_header(gnutls_session session,
HandshakeType type,
HandshakeType * recv_type)
{
- int ret;
- uint32 length32 = 0;
- uint8 *dataptr = NULL; /* for realloc */
- size_t handshake_header_size = HANDSHAKE_HEADER_SIZE;
-
- /* if we have data into the buffer then return them, do not read the next packet.
- * In order to return we need a full TLS handshake header, or in case of a version 2
- * packet, then we return the first byte.
- */
- if (session->internals.handshake_header_buffer.header_size ==
- handshake_header_size || (session->internals.v2_hello != 0
- && type == GNUTLS_CLIENT_HELLO
- && session->internals.
- handshake_header_buffer.
- packet_length > 0)) {
-
- *recv_type =
- session->internals.handshake_header_buffer.
- recv_type;
-
- return session->internals.handshake_header_buffer.
- packet_length;
- }
-
- /* Note: SSL2_HEADERS == 1 */
+ int ret;
+ uint32 length32 = 0;
+ uint8 *dataptr = NULL; /* for realloc */
+ size_t handshake_header_size = HANDSHAKE_HEADER_SIZE;
+
+ /* if we have data into the buffer then return them, do not read the next packet.
+ * In order to return we need a full TLS handshake header, or in case of a version 2
+ * packet, then we return the first byte.
+ */
+ if (session->internals.handshake_header_buffer.header_size ==
+ handshake_header_size || (session->internals.v2_hello != 0
+ && type == GNUTLS_CLIENT_HELLO
+ && session->internals.
+ handshake_header_buffer.
+ packet_length > 0)) {
+
+ *recv_type = session->internals.handshake_header_buffer.recv_type;
+
+ return session->internals.handshake_header_buffer.packet_length;
+ }
+
+ /* Note: SSL2_HEADERS == 1 */
+
+ dataptr = session->internals.handshake_header_buffer.header;
+
+ /* If we haven't already read the handshake headers.
+ */
+ if (session->internals.handshake_header_buffer.header_size <
+ SSL2_HEADERS) {
+ ret =
+ _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE,
+ type, dataptr, SSL2_HEADERS);
- dataptr = session->internals.handshake_header_buffer.header;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* If we haven't already read the handshake headers.
+ /* The case ret==0 is caught here.
*/
- if (session->internals.handshake_header_buffer.header_size <
- SSL2_HEADERS) {
- ret =
- _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE,
- type, dataptr,
- SSL2_HEADERS);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* The case ret==0 is caught here.
- */
- if (ret != SSL2_HEADERS) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- session->internals.handshake_header_buffer.
- header_size = SSL2_HEADERS;
+ if (ret != SSL2_HEADERS) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
+ session->internals.handshake_header_buffer.
+ header_size = SSL2_HEADERS;
+ }
- if (session->internals.v2_hello == 0
- || type != GNUTLS_CLIENT_HELLO) {
- ret =
- _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE,
- type,
- &dataptr[session->
- internals.
- handshake_header_buffer.
- header_size],
- HANDSHAKE_HEADER_SIZE -
- session->internals.
- handshake_header_buffer.
- header_size);
- if (ret <= 0) {
- gnutls_assert();
- return (ret <
- 0) ? ret :
- GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- if ((size_t)ret !=
- HANDSHAKE_HEADER_SIZE -
- session->internals.handshake_header_buffer.
- header_size) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- *recv_type = dataptr[0];
-
- /* we do not use DECR_LEN because we know
- * that the packet has enough data.
- */
- length32 = _gnutls_read_uint24(&dataptr[1]);
- handshake_header_size = HANDSHAKE_HEADER_SIZE;
+ if (session->internals.v2_hello == 0 || type != GNUTLS_CLIENT_HELLO) {
+ ret =
+ _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE,
+ type,
+ &dataptr[session->
+ internals.
+ handshake_header_buffer.
+ header_size],
+ HANDSHAKE_HEADER_SIZE -
+ session->internals.
+ handshake_header_buffer.
+ header_size);
+ if (ret <= 0) {
+ gnutls_assert();
+ return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ if ((size_t) ret !=
+ HANDSHAKE_HEADER_SIZE -
+ session->internals.handshake_header_buffer.header_size) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ *recv_type = dataptr[0];
+
+ /* we do not use DECR_LEN because we know
+ * that the packet has enough data.
+ */
+ length32 = _gnutls_read_uint24(&dataptr[1]);
+ handshake_header_size = HANDSHAKE_HEADER_SIZE;
- _gnutls_handshake_log("HSK[%x]: %s was received [%ld bytes]\n",
- session, _gnutls_handshake2str(dataptr[0]),
- length32 + HANDSHAKE_HEADER_SIZE);
+ _gnutls_handshake_log("HSK[%x]: %s was received [%ld bytes]\n",
+ session, _gnutls_handshake2str(dataptr[0]),
+ length32 + HANDSHAKE_HEADER_SIZE);
- } else { /* v2 hello */
- length32 = session->internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */
+ } else { /* v2 hello */
+ length32 = session->internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */
- handshake_header_size = SSL2_HEADERS; /* we've already read one byte */
+ handshake_header_size = SSL2_HEADERS; /* we've already read one byte */
- *recv_type = dataptr[0];
+ *recv_type = dataptr[0];
- _gnutls_handshake_log("HSK[%x]: %s(v2) was received [%ld bytes]\n",
- session, _gnutls_handshake2str(*recv_type),
- length32 + handshake_header_size);
+ _gnutls_handshake_log("HSK[%x]: %s(v2) was received [%ld bytes]\n",
+ session, _gnutls_handshake2str(*recv_type),
+ length32 + handshake_header_size);
- if (*recv_type != GNUTLS_CLIENT_HELLO) { /* it should be one or nothing */
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
- }
+ if (*recv_type != GNUTLS_CLIENT_HELLO) { /* it should be one or nothing */
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
}
+ }
- /* put the packet into the buffer */
- session->internals.handshake_header_buffer.header_size =
- handshake_header_size;
- session->internals.handshake_header_buffer.packet_length =
- length32;
- session->internals.handshake_header_buffer.recv_type =
- *recv_type;
+ /* put the packet into the buffer */
+ session->internals.handshake_header_buffer.header_size =
+ handshake_header_size;
+ session->internals.handshake_header_buffer.packet_length = length32;
+ session->internals.handshake_header_buffer.recv_type = *recv_type;
- if (*recv_type != type) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
- }
+ if (*recv_type != type) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ }
- return length32;
+ return length32;
}
#define _gnutls_handshake_header_buffer_clear( session) session->internals.handshake_header_buffer.header_size = 0
@@ -945,40 +965,43 @@ static int _gnutls_recv_handshake_header(gnutls_session session,
* handshake data.
*/
static
-int _gnutls_handshake_hash_add_recvd( gnutls_session session, HandshakeType recv_type,
- opaque* header, uint16 header_size, opaque* dataptr, uint32 datalen) {
-int ret;
+int _gnutls_handshake_hash_add_recvd(gnutls_session session,
+ HandshakeType recv_type,
+ opaque * header, uint16 header_size,
+ opaque * dataptr, uint32 datalen)
+{
+ int ret;
- /* The idea here is to hash the previous message we received,
- * and add the one we just received into the handshake_hash_buffer.
- */
-
- if ( (ret=_gnutls_handshake_hash_pending( session)) < 0) {
- gnutls_assert();
- return ret;
+ /* The idea here is to hash the previous message we received,
+ * and add the one we just received into the handshake_hash_buffer.
+ */
+
+ if ((ret = _gnutls_handshake_hash_pending(session)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* here we buffer the handshake messages - needed at Finished message */
+ if (recv_type != GNUTLS_HELLO_REQUEST) {
+
+ if ((ret =
+ _gnutls_handshake_buffer_put(session,
+ header, header_size)) < 0) {
+ gnutls_assert();
+ return ret;
}
-
- /* here we buffer the handshake messages - needed at Finished message */
- if ( recv_type != GNUTLS_HELLO_REQUEST) {
-
- if ((ret =
- _gnutls_handshake_buffer_put(session,
- header, header_size)) < 0) {
- gnutls_assert();
- return ret;
- }
- if ( datalen > 0) {
- if ((ret =
- _gnutls_handshake_buffer_put(session, dataptr,
- datalen)) < 0) {
- gnutls_assert();
- return ret;
- }
- }
+ if (datalen > 0) {
+ if ((ret =
+ _gnutls_handshake_buffer_put(session, dataptr,
+ datalen)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
}
+ }
- return 0;
+ return 0;
}
@@ -991,118 +1014,121 @@ int _gnutls_recv_handshake(gnutls_session session, uint8 ** data,
int *datalen, HandshakeType type,
Optional optional)
{
- int ret;
- uint32 length32 = 0;
- opaque *dataptr = NULL;
- HandshakeType recv_type;
-
- ret = _gnutls_recv_handshake_header(session, type, &recv_type);
- if (ret < 0) {
+ int ret;
+ uint32 length32 = 0;
+ opaque *dataptr = NULL;
+ HandshakeType recv_type;
- /* In SRP when expecting the server hello we may receive
- * an alert instead. Do as the draft demands.
- */
- if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
- gnutls_alert_get( session) == GNUTLS_A_MISSING_SRP_USERNAME &&
- type == GNUTLS_SERVER_HELLO)
- {
- gnutls_assert();
- return GNUTLS_E_INT_HANDSHAKE_AGAIN;
- }
-
- if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET
- && optional == OPTIONAL_PACKET) {
- if (datalen != NULL)
- *datalen = 0;
- if (data != NULL)
- *data = NULL;
- return 0; /* ok just ignore the packet */
- }
-
- return ret;
- }
+ ret = _gnutls_recv_handshake_header(session, type, &recv_type);
+ if (ret < 0) {
- session->internals.last_handshake_in = recv_type;
-
- length32 = ret;
-
- if (length32 > 0)
- dataptr = gnutls_malloc(length32);
- else if (recv_type != GNUTLS_SERVER_HELLO_DONE) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ /* In SRP when expecting the server hello we may receive
+ * an alert instead. Do as the draft demands.
+ */
+ if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
+ gnutls_alert_get(session) == GNUTLS_A_MISSING_SRP_USERNAME &&
+ type == GNUTLS_SERVER_HELLO) {
+ gnutls_assert();
+ return GNUTLS_E_INT_HANDSHAKE_AGAIN;
}
- if (dataptr == NULL && length32 > 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET
+ && optional == OPTIONAL_PACKET) {
+ if (datalen != NULL)
+ *datalen = 0;
+ if (data != NULL)
+ *data = NULL;
+ return 0; /* ok just ignore the packet */
}
- if (datalen != NULL)
- *datalen = length32;
-
- if (length32 > 0) {
- ret =
- _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE,
- type, dataptr, length32);
- if (ret <= 0) {
- gnutls_assert();
- gnutls_free(dataptr);
- return (ret ==
- 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH :
- ret;
- }
- }
+ return ret;
+ }
- if (data != NULL && length32 > 0)
- *data = dataptr;
+ session->internals.last_handshake_in = recv_type;
+ length32 = ret;
- ret = _gnutls_handshake_hash_add_recvd( session, recv_type,
- session->internals.handshake_header_buffer.header,
- session->internals.handshake_header_buffer.header_size,
- dataptr, length32);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_handshake_header_buffer_clear(session);
- return ret;
- }
+ if (length32 > 0)
+ dataptr = gnutls_malloc(length32);
+ else if (recv_type != GNUTLS_SERVER_HELLO_DONE) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
- /* If we fail before this then we will reuse the handshake header
- * have have received above. if we get here the we clear the handshake
- * header we received.
- */
- _gnutls_handshake_header_buffer_clear(session);
+ if (dataptr == NULL && length32 > 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- switch (recv_type) {
- case GNUTLS_CLIENT_HELLO:
- case GNUTLS_SERVER_HELLO:
- ret = _gnutls_recv_hello(session, dataptr, length32);
- /* dataptr is freed because the caller does not
- * need it */
- gnutls_free(dataptr);
- if (data!=NULL) *data = NULL;
- break;
- case GNUTLS_SERVER_HELLO_DONE:
- if (length32==0) ret = 0;
- else ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- break;
- case GNUTLS_CERTIFICATE_PKT:
- case GNUTLS_FINISHED:
- case GNUTLS_SERVER_KEY_EXCHANGE:
- case GNUTLS_CLIENT_KEY_EXCHANGE:
- case GNUTLS_CERTIFICATE_REQUEST:
- case GNUTLS_CERTIFICATE_VERIFY:
- ret = length32;
- break;
- default:
- gnutls_assert();
- gnutls_free(dataptr);
- if (data!=NULL) *data = NULL;
- ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
- }
+ if (datalen != NULL)
+ *datalen = length32;
+ if (length32 > 0) {
+ ret =
+ _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE,
+ type, dataptr, length32);
+ if (ret <= 0) {
+ gnutls_assert();
+ gnutls_free(dataptr);
+ return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret;
+ }
+ }
+
+ if (data != NULL && length32 > 0)
+ *data = dataptr;
+
+
+ ret = _gnutls_handshake_hash_add_recvd(session, recv_type,
+ session->internals.
+ handshake_header_buffer.header,
+ session->internals.
+ handshake_header_buffer.
+ header_size, dataptr, length32);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_handshake_header_buffer_clear(session);
return ret;
+ }
+
+ /* If we fail before this then we will reuse the handshake header
+ * have have received above. if we get here the we clear the handshake
+ * header we received.
+ */
+ _gnutls_handshake_header_buffer_clear(session);
+
+ switch (recv_type) {
+ case GNUTLS_CLIENT_HELLO:
+ case GNUTLS_SERVER_HELLO:
+ ret = _gnutls_recv_hello(session, dataptr, length32);
+ /* dataptr is freed because the caller does not
+ * need it */
+ gnutls_free(dataptr);
+ if (data != NULL)
+ *data = NULL;
+ break;
+ case GNUTLS_SERVER_HELLO_DONE:
+ if (length32 == 0)
+ ret = 0;
+ else
+ ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ break;
+ case GNUTLS_CERTIFICATE_PKT:
+ case GNUTLS_FINISHED:
+ case GNUTLS_SERVER_KEY_EXCHANGE:
+ case GNUTLS_CLIENT_KEY_EXCHANGE:
+ case GNUTLS_CERTIFICATE_REQUEST:
+ case GNUTLS_CERTIFICATE_VERIFY:
+ ret = length32;
+ break;
+ default:
+ gnutls_assert();
+ gnutls_free(dataptr);
+ if (data != NULL)
+ *data = NULL;
+ ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ }
+
+ return ret;
}
/* This function checks if the given cipher suite is supported, and sets it
@@ -1111,72 +1137,75 @@ int _gnutls_recv_handshake(gnutls_session session, uint8 ** data,
static int _gnutls_client_set_ciphersuite(gnutls_session session,
opaque suite[2])
{
- uint8 z;
- cipher_suite_st *cipher_suites;
- int cipher_suite_num;
- int i, err;
-
- z = 1;
- cipher_suite_num = _gnutls_supported_ciphersuites(session, &cipher_suites);
- if (cipher_suite_num < 0) {
- gnutls_assert();
- return cipher_suite_num;
- }
-
- for (i = 0; i < cipher_suite_num; i++) {
- if (memcmp(&cipher_suites[i], suite, 2) == 0) {
- z = 0; break;
- }
- }
-
- gnutls_free(cipher_suites);
+ uint8 z;
+ cipher_suite_st *cipher_suites;
+ int cipher_suite_num;
+ int i, err;
+
+ z = 1;
+ cipher_suite_num =
+ _gnutls_supported_ciphersuites(session, &cipher_suites);
+ if (cipher_suite_num < 0) {
+ gnutls_assert();
+ return cipher_suite_num;
+ }
- if (z != 0) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ for (i = 0; i < cipher_suite_num; i++) {
+ if (memcmp(&cipher_suites[i], suite, 2) == 0) {
+ z = 0;
+ break;
}
+ }
- memcpy(session->security_parameters.
- current_cipher_suite.suite, suite, 2);
-
- _gnutls_handshake_log("HSK[%x]: Selected cipher suite: %s\n", session,
- _gnutls_cipher_suite_get_name(&session->
- security_parameters.
- current_cipher_suite));
+ gnutls_free(cipher_suites);
-
- /* check if the credentials (username, public key etc.) are ok.
- * Actually checks if they exist.
- */
- if (_gnutls_get_kx_cred
- (session, _gnutls_cipher_suite_get_kx_algo(&session->
- security_parameters.
- current_cipher_suite),
- &err) == NULL && err != 0) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ if (z != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+
+ memcpy(session->security_parameters.
+ current_cipher_suite.suite, suite, 2);
+
+ _gnutls_handshake_log("HSK[%x]: Selected cipher suite: %s\n", session,
+ _gnutls_cipher_suite_get_name(&session->
+ security_parameters.
+ current_cipher_suite));
+
+
+ /* check if the credentials (username, public key etc.) are ok.
+ * Actually checks if they exist.
+ */
+ if (_gnutls_get_kx_cred
+ (session, _gnutls_cipher_suite_get_kx_algo(&session->
+ security_parameters.
+ current_cipher_suite),
+ &err) == NULL && err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- /* set the mod_auth_st to the appropriate struct
- * according to the KX algorithm. This is needed since all the
- * handshake functions are read from there;
- */
- session->internals.auth_struct =
- _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
- (&session->security_parameters.
- current_cipher_suite));
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.
+ current_cipher_suite));
- if (session->internals.auth_struct == NULL) {
+ if (session->internals.auth_struct == NULL) {
- _gnutls_handshake_log
- ("HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n", session);
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ _gnutls_handshake_log
+ ("HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- return 0;
+ return 0;
}
/* This function sets the given comp method to the session.
@@ -1184,35 +1213,36 @@ static int _gnutls_client_set_ciphersuite(gnutls_session session,
static int _gnutls_client_set_comp_method(gnutls_session session,
opaque comp_method)
{
- int comp_methods_num;
- uint8 *compression_methods;
- int i;
+ int comp_methods_num;
+ uint8 *compression_methods;
+ int i;
- comp_methods_num = _gnutls_supported_compression_methods(session,
- &compression_methods);
- if ( comp_methods_num < 0) {
- gnutls_assert();
- return comp_methods_num;
- }
-
- for (i = 0; i < comp_methods_num; i++) {
- if (compression_methods[i] == comp_method) {
- comp_methods_num = 0; break;
- }
+ comp_methods_num = _gnutls_supported_compression_methods(session,
+ &compression_methods);
+ if (comp_methods_num < 0) {
+ gnutls_assert();
+ return comp_methods_num;
+ }
+
+ for (i = 0; i < comp_methods_num; i++) {
+ if (compression_methods[i] == comp_method) {
+ comp_methods_num = 0;
+ break;
}
+ }
- gnutls_free(compression_methods);
+ gnutls_free(compression_methods);
- if (comp_methods_num != 0) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
+ if (comp_methods_num != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
- session->internals.compression_method =
- _gnutls_compression_get_id(comp_method);
+ session->internals.compression_method =
+ _gnutls_compression_get_id(comp_method);
- return 0;
+ return 0;
}
/* This function returns 0 if we are resuming a session or -1 otherwise.
@@ -1223,40 +1253,41 @@ static int _gnutls_client_check_if_resuming(gnutls_session session,
opaque * session_id,
int session_id_len)
{
-opaque buf[2*TLS_MAX_SESSION_ID_SIZE+1];
+ opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
+
+ _gnutls_handshake_log("HSK[%x]: SessionID length: %d\n", session,
+ session_id_len);
+ _gnutls_handshake_log("HSK[%x]: SessionID: %s\n", session,
+ _gnutls_bin2hex(session_id, session_id_len, buf,
+ sizeof(buf)));
+
+ if ((session->internals.resumed_security_parameters.
+ session_id_size > 0)
+ && memcmp(session_id,
+ session->internals.
+ resumed_security_parameters.session_id,
+ session_id_len) == 0) {
+ /* resume session */
+ memcpy(session->internals.
+ resumed_security_parameters.server_random,
+ session->security_parameters.server_random,
+ TLS_RANDOM_SIZE);
+ memcpy(session->internals.
+ resumed_security_parameters.client_random,
+ session->security_parameters.client_random,
+ TLS_RANDOM_SIZE);
+ session->internals.resumed = RESUME_TRUE; /* we are resuming */
- _gnutls_handshake_log("HSK[%x]: SessionID length: %d\n", session, session_id_len);
- _gnutls_handshake_log("HSK[%x]: SessionID: %s\n", session,
- _gnutls_bin2hex(session_id, session_id_len, buf, sizeof(buf)));
-
- if ((session->internals.resumed_security_parameters.
- session_id_size > 0)
- && memcmp(session_id,
- session->internals.
- resumed_security_parameters.session_id,
- session_id_len) == 0) {
- /* resume session */
- memcpy(session->internals.
- resumed_security_parameters.server_random,
- session->security_parameters.server_random,
- TLS_RANDOM_SIZE);
- memcpy(session->internals.
- resumed_security_parameters.client_random,
- session->security_parameters.client_random,
- TLS_RANDOM_SIZE);
- session->internals.resumed = RESUME_TRUE; /* we are resuming */
+ return 0;
+ } else {
+ /* keep the new session id */
+ session->internals.resumed = RESUME_FALSE; /* we are not resuming */
+ session->security_parameters.session_id_size = session_id_len;
+ memcpy(session->security_parameters.session_id,
+ session_id, session_id_len);
- return 0;
- } else {
- /* keep the new session id */
- session->internals.resumed = RESUME_FALSE; /* we are not resuming */
- session->security_parameters.session_id_size =
- session_id_len;
- memcpy(session->security_parameters.session_id,
- session_id, session_id_len);
-
- return -1;
- }
+ return -1;
+ }
}
@@ -1264,94 +1295,94 @@ opaque buf[2*TLS_MAX_SESSION_ID_SIZE+1];
* This function also restores resumed parameters if we are resuming a
* session.
*/
-static int _gnutls_read_server_hello(gnutls_session session, opaque *data,
+static int _gnutls_read_server_hello(gnutls_session session, opaque * data,
int datalen)
{
- uint8 session_id_len = 0;
- int pos = 0;
- int ret = 0;
- gnutls_protocol_version version;
- int len = datalen;
+ uint8 session_id_len = 0;
+ int pos = 0;
+ int ret = 0;
+ gnutls_protocol_version version;
+ int len = datalen;
- if (datalen < 38) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ if (datalen < 38) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
- _gnutls_handshake_log("HSK[%x]: Server's version: %d.%d\n",
- session, data[pos], data[pos + 1]);
+ _gnutls_handshake_log("HSK[%x]: Server's version: %d.%d\n",
+ session, data[pos], data[pos + 1]);
- DECR_LEN(len, 2);
- version = _gnutls_version_get(data[pos], data[pos + 1]);
- if (_gnutls_version_is_supported(session, version) == 0) {
- gnutls_assert();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- } else {
- _gnutls_set_current_version(session, version);
- }
+ DECR_LEN(len, 2);
+ version = _gnutls_version_get(data[pos], data[pos + 1]);
+ if (_gnutls_version_is_supported(session, version) == 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ } else {
+ _gnutls_set_current_version(session, version);
+ }
- pos += 2;
+ pos += 2;
- DECR_LEN(len, TLS_RANDOM_SIZE);
- _gnutls_set_server_random(session, &data[pos]);
- pos += TLS_RANDOM_SIZE;
+ DECR_LEN(len, TLS_RANDOM_SIZE);
+ _gnutls_set_server_random(session, &data[pos]);
+ pos += TLS_RANDOM_SIZE;
- /* Read session ID
- */
- DECR_LEN(len, 1);
- session_id_len = data[pos++];
+ /* Read session ID
+ */
+ DECR_LEN(len, 1);
+ session_id_len = data[pos++];
- if (len < session_id_len) {
- gnutls_assert();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
- DECR_LEN(len, session_id_len);
+ if (len < session_id_len) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ DECR_LEN(len, session_id_len);
- /* check if we are resuming and set the appropriate
- * values;
- */
- if (_gnutls_client_check_if_resuming
- (session, &data[pos], session_id_len) == 0)
- return 0;
- pos += session_id_len;
+ /* check if we are resuming and set the appropriate
+ * values;
+ */
+ if (_gnutls_client_check_if_resuming
+ (session, &data[pos], session_id_len) == 0)
+ return 0;
+ pos += session_id_len;
- /* Check if the given cipher suite is supported and copy
- * it to the session.
- */
+ /* Check if the given cipher suite is supported and copy
+ * it to the session.
+ */
- DECR_LEN(len, 2);
- ret = _gnutls_client_set_ciphersuite(session, &data[pos]);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- pos += 2;
+ DECR_LEN(len, 2);
+ ret = _gnutls_client_set_ciphersuite(session, &data[pos]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ pos += 2;
- /* move to compression
- */
- DECR_LEN(len, 1);
+ /* move to compression
+ */
+ DECR_LEN(len, 1);
- ret = _gnutls_client_set_comp_method(session, data[pos++]);
- if (ret < 0) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
+ ret = _gnutls_client_set_comp_method(session, data[pos++]);
+ if (ret < 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
- /* Parse extensions.
- */
- if (version >= GNUTLS_TLS1) {
- ret = _gnutls_parse_extensions(session, &data[pos], len); /* len is the rest of the parsed length */
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ /* Parse extensions.
+ */
+ if (version >= GNUTLS_TLS1) {
+ ret = _gnutls_parse_extensions(session, &data[pos], len); /* len is the rest of the parsed length */
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- return ret;
+ }
+ return ret;
}
@@ -1359,63 +1390,64 @@ static int _gnutls_read_server_hello(gnutls_session session, opaque *data,
* Needed in client hello messages. Returns the new data length.
*/
static int _gnutls_copy_ciphersuites(gnutls_session session,
- opaque * ret_data, size_t ret_data_size)
+ opaque * ret_data,
+ size_t ret_data_size)
{
- int ret, i;
- cipher_suite_st *cipher_suites;
- uint16 cipher_num;
- int datalen, pos;
+ int ret, i;
+ cipher_suite_st *cipher_suites;
+ uint16 cipher_num;
+ int datalen, pos;
- ret = _gnutls_supported_ciphersuites_sorted(session, &cipher_suites);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_supported_ciphersuites_sorted(session, &cipher_suites);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Here we remove any ciphersuite that does not conform
+ * the certificate requested, or to the
+ * authentication requested (eg SRP).
+ */
+ ret =
+ _gnutls_remove_unwanted_ciphersuites(session, &cipher_suites,
+ ret, -1);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_free(cipher_suites);
+ return ret;
+ }
- /* Here we remove any ciphersuite that does not conform
- * the certificate requested, or to the
- * authentication requested (eg SRP).
- */
- ret =
- _gnutls_remove_unwanted_ciphersuites(session, &cipher_suites,
- ret, -1);
- if (ret < 0) {
- gnutls_assert();
- gnutls_free(cipher_suites);
- return ret;
- }
+ /* If no cipher suites were enabled.
+ */
+ if (ret == 0) {
+ gnutls_assert();
+ gnutls_free(cipher_suites);
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- /* If no cipher suites were enabled.
- */
- if (ret == 0) {
- gnutls_assert();
- gnutls_free(cipher_suites);
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ cipher_num = ret;
- cipher_num = ret;
-
- cipher_num *= sizeof(uint16); /* in order to get bytes */
-
- datalen = pos = 0;
+ cipher_num *= sizeof(uint16); /* in order to get bytes */
- datalen += sizeof(uint16) + cipher_num;
+ datalen = pos = 0;
- if ((size_t)datalen > ret_data_size) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- _gnutls_write_uint16(cipher_num, ret_data);
- pos += 2;
+ datalen += sizeof(uint16) + cipher_num;
- for (i = 0; i < (cipher_num / 2); i++) {
- memcpy( &ret_data[pos], cipher_suites[i].suite, 2);
- pos += 2;
- }
- gnutls_free(cipher_suites);
+ if ((size_t) datalen > ret_data_size) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ _gnutls_write_uint16(cipher_num, ret_data);
+ pos += 2;
+
+ for (i = 0; i < (cipher_num / 2); i++) {
+ memcpy(&ret_data[pos], cipher_suites[i].suite, 2);
+ pos += 2;
+ }
+ gnutls_free(cipher_suites);
- return datalen;
+ return datalen;
}
@@ -1423,39 +1455,40 @@ static int _gnutls_copy_ciphersuites(gnutls_session session,
* Needed in hello messages. Returns the new data length.
*/
static int _gnutls_copy_comp_methods(gnutls_session session,
- opaque * ret_data, size_t ret_data_size)
+ opaque * ret_data,
+ size_t ret_data_size)
{
- int ret, i;
- uint8 *compression_methods, comp_num;
- int datalen, pos;
-
- ret =
- _gnutls_supported_compression_methods(session,
- &compression_methods);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret, i;
+ uint8 *compression_methods, comp_num;
+ int datalen, pos;
+
+ ret =
+ _gnutls_supported_compression_methods(session,
+ &compression_methods);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- comp_num = ret;
+ comp_num = ret;
- datalen = pos = 0;
- datalen += comp_num + 1;
+ datalen = pos = 0;
+ datalen += comp_num + 1;
- if ((size_t)datalen > ret_data_size) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if ((size_t) datalen > ret_data_size) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- ret_data[pos++] = comp_num; /* put the number of compression methods */
+ ret_data[pos++] = comp_num; /* put the number of compression methods */
- for (i = 0; i < comp_num; i++) {
- ret_data[pos++] = compression_methods[i];
- }
+ for (i = 0; i < comp_num; i++) {
+ ret_data[pos++] = compression_methods[i];
+ }
- gnutls_free(compression_methods);
+ gnutls_free(compression_methods);
- return datalen;
+ return datalen;
}
/* This should be sufficient by now. It should hold all the extensions
@@ -1467,312 +1500,313 @@ static int _gnutls_copy_comp_methods(gnutls_session session,
*/
static int _gnutls_send_client_hello(gnutls_session session, int again)
{
- opaque *data = NULL;
- int extdatalen;
- int pos = 0;
- int datalen = 0, ret = 0;
- opaque random[TLS_RANDOM_SIZE];
- gnutls_protocol_version hver;
- opaque extdata[MAX_EXT_DATA_LENGTH];
-
- opaque *SessionID =
- session->internals.resumed_security_parameters.session_id;
- uint8 session_id_len =
- session->internals.resumed_security_parameters.
- session_id_size;
-
- if (SessionID == NULL) session_id_len = 0;
- else if (session_id_len == 0) SessionID = NULL;
-
- if (again == 0) {
-
- datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE;
- /* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE)
- */
-
- data = gnutls_malloc(datalen);
- if (data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ opaque *data = NULL;
+ int extdatalen;
+ int pos = 0;
+ int datalen = 0, ret = 0;
+ opaque random[TLS_RANDOM_SIZE];
+ gnutls_protocol_version hver;
+ opaque extdata[MAX_EXT_DATA_LENGTH];
+
+ opaque *SessionID =
+ session->internals.resumed_security_parameters.session_id;
+ uint8 session_id_len =
+ session->internals.resumed_security_parameters.session_id_size;
+
+ if (SessionID == NULL)
+ session_id_len = 0;
+ else if (session_id_len == 0)
+ SessionID = NULL;
+
+ if (again == 0) {
+
+ datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE;
+ /* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE)
+ */
- /* if we are resuming a session then we set the
- * version number to the previously established.
- */
- if (SessionID == NULL)
- hver = _gnutls_version_max(session);
- else { /* we are resuming a session */
- hver =
- session->internals.
- resumed_security_parameters.version;
- }
+ data = gnutls_malloc(datalen);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0) {
- gnutls_assert();
- gnutls_free(data);
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ /* if we are resuming a session then we set the
+ * version number to the previously established.
+ */
+ if (SessionID == NULL)
+ hver = _gnutls_version_max(session);
+ else { /* we are resuming a session */
+ hver = session->internals.resumed_security_parameters.version;
+ }
- data[pos++] = _gnutls_version_get_major(hver);
- data[pos++] = _gnutls_version_get_minor(hver);
-
- /* Set the version we advertized as maximum
- * (RSA uses it).
- */
- _gnutls_set_adv_version( session, hver);
-
- /* Some old implementations do not interoperate if we send a
- * different version in the record layer.
- * It seems they prefer to read the record's version
- * as the one we actually requested.
- * The proper behaviour is to use the one in the client hello
- * handshake packet and ignore the one in the packet's record
- * header.
- */
- _gnutls_set_current_version(session, hver);
-
- /* In order to know when this session was initiated.
- */
- session->security_parameters.timestamp = time(NULL);
-
- /* Generate random data
- */
- _gnutls_tls_create_random(random);
- _gnutls_set_client_random(session, random);
-
- memcpy(&data[pos], random, TLS_RANDOM_SIZE);
- pos += TLS_RANDOM_SIZE;
-
- /* Copy the Session ID
- */
- data[pos++] = session_id_len;
-
- if (session_id_len > 0) {
- memcpy(&data[pos], SessionID, session_id_len);
- pos += session_id_len;
- }
+ if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0) {
+ gnutls_assert();
+ gnutls_free(data);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ data[pos++] = _gnutls_version_get_major(hver);
+ data[pos++] = _gnutls_version_get_minor(hver);
- /* Copy the ciphersuites.
- */
- extdatalen = _gnutls_copy_ciphersuites(session, extdata, sizeof(extdata));
- if (extdatalen > 0) {
- datalen += extdatalen;
- data = gnutls_realloc_fast(data, datalen);
- if (data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy(&data[pos], extdata, extdatalen);
- pos += extdatalen;
-
- } else {
- if (extdatalen == 0)
- extdatalen = GNUTLS_E_INTERNAL_ERROR;
- gnutls_free(data);
- gnutls_assert();
- return extdatalen;
- }
+ /* Set the version we advertized as maximum
+ * (RSA uses it).
+ */
+ _gnutls_set_adv_version(session, hver);
+
+ /* Some old implementations do not interoperate if we send a
+ * different version in the record layer.
+ * It seems they prefer to read the record's version
+ * as the one we actually requested.
+ * The proper behaviour is to use the one in the client hello
+ * handshake packet and ignore the one in the packet's record
+ * header.
+ */
+ _gnutls_set_current_version(session, hver);
+
+ /* In order to know when this session was initiated.
+ */
+ session->security_parameters.timestamp = time(NULL);
+ /* Generate random data
+ */
+ _gnutls_tls_create_random(random);
+ _gnutls_set_client_random(session, random);
- /* Copy the compression methods.
- */
- extdatalen = _gnutls_copy_comp_methods(session, extdata, sizeof(extdata));
- if (extdatalen > 0) {
- datalen += extdatalen;
- data = gnutls_realloc_fast(data, datalen);
- if (data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy(&data[pos], extdata, extdatalen);
- pos += extdatalen;
-
- } else {
- if (extdatalen == 0)
- extdatalen = GNUTLS_E_INTERNAL_ERROR;
- gnutls_free(data);
- gnutls_assert();
- return extdatalen;
- }
+ memcpy(&data[pos], random, TLS_RANDOM_SIZE);
+ pos += TLS_RANDOM_SIZE;
+
+ /* Copy the Session ID
+ */
+ data[pos++] = session_id_len;
+
+ if (session_id_len > 0) {
+ memcpy(&data[pos], SessionID, session_id_len);
+ pos += session_id_len;
+ }
+
+
+ /* Copy the ciphersuites.
+ */
+ extdatalen =
+ _gnutls_copy_ciphersuites(session, extdata, sizeof(extdata));
+ if (extdatalen > 0) {
+ datalen += extdatalen;
+ data = gnutls_realloc_fast(data, datalen);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(&data[pos], extdata, extdatalen);
+ pos += extdatalen;
+
+ } else {
+ if (extdatalen == 0)
+ extdatalen = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_free(data);
+ gnutls_assert();
+ return extdatalen;
+ }
+
+
+ /* Copy the compression methods.
+ */
+ extdatalen =
+ _gnutls_copy_comp_methods(session, extdata, sizeof(extdata));
+ if (extdatalen > 0) {
+ datalen += extdatalen;
+ data = gnutls_realloc_fast(data, datalen);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- /* Generate and copy TLS extensions.
- */
- if (hver >= GNUTLS_TLS1) {
- extdatalen = _gnutls_gen_extensions(session, extdata, sizeof(extdata));
-
- if (extdatalen > 0) {
- datalen += extdatalen;
- data = gnutls_realloc_fast(data, datalen);
- if (data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy(&data[pos], extdata, extdatalen);
- } else if (extdatalen < 0) {
- gnutls_assert();
- gnutls_free(data);
- return extdatalen;
- }
+ memcpy(&data[pos], extdata, extdatalen);
+ pos += extdatalen;
+
+ } else {
+ if (extdatalen == 0)
+ extdatalen = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_free(data);
+ gnutls_assert();
+ return extdatalen;
+ }
+
+ /* Generate and copy TLS extensions.
+ */
+ if (hver >= GNUTLS_TLS1) {
+ extdatalen =
+ _gnutls_gen_extensions(session, extdata, sizeof(extdata));
+
+ if (extdatalen > 0) {
+ datalen += extdatalen;
+ data = gnutls_realloc_fast(data, datalen);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
+
+ memcpy(&data[pos], extdata, extdatalen);
+ } else if (extdatalen < 0) {
+ gnutls_assert();
+ gnutls_free(data);
+ return extdatalen;
+ }
}
+ }
- ret =
- _gnutls_send_handshake(session, data, datalen,
- GNUTLS_CLIENT_HELLO);
- gnutls_free(data);
+ ret =
+ _gnutls_send_handshake(session, data, datalen,
+ GNUTLS_CLIENT_HELLO);
+ gnutls_free(data);
- return ret;
+ return ret;
}
static int _gnutls_send_server_hello(gnutls_session session, int again)
{
- opaque *data = NULL;
- opaque extdata[MAX_EXT_DATA_LENGTH];
- int extdatalen;
- int pos = 0;
- int datalen, ret = 0;
- uint8 comp;
- opaque *SessionID = session->security_parameters.session_id;
- uint8 session_id_len = session->security_parameters.session_id_size;
- opaque buf[2*TLS_MAX_SESSION_ID_SIZE+1];
+ opaque *data = NULL;
+ opaque extdata[MAX_EXT_DATA_LENGTH];
+ int extdatalen;
+ int pos = 0;
+ int datalen, ret = 0;
+ uint8 comp;
+ opaque *SessionID = session->security_parameters.session_id;
+ uint8 session_id_len = session->security_parameters.session_id_size;
+ opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
+
+ if (SessionID == NULL)
+ session_id_len = 0;
+
+ datalen = 0;
+
+ if (IS_SRP_KX
+ (_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.current_cipher_suite))) {
+ /* While resuming we cannot check the username extension since it is
+ * not available at this point. It will be copied on connection
+ * state activation.
+ */
+ if (session->internals.resumed == RESUME_FALSE &&
+ session->security_parameters.extensions.srp_username[0] == 0) {
+ /* The peer didn't send a valid SRP extension with the
+ * SRP username. The draft requires that we send an
+ * alert and start the handshake again.
+ */
+ gnutls_assert();
+ ret = gnutls_alert_send(session, GNUTLS_AL_WARNING,
+ GNUTLS_A_MISSING_SRP_USERNAME);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (SessionID == NULL)
- session_id_len = 0;
-
- datalen = 0;
-
- if (IS_SRP_KX(
- _gnutls_cipher_suite_get_kx_algo(
- &session->security_parameters.current_cipher_suite)))
- {
- /* While resuming we cannot check the username extension since it is
- * not available at this point. It will be copied on connection
- * state activation.
- */
- if (session->internals.resumed == RESUME_FALSE &&
- session->security_parameters.extensions.srp_username[0] == 0)
- {
- /* The peer didn't send a valid SRP extension with the
- * SRP username. The draft requires that we send an
- * alert and start the handshake again.
- */
- gnutls_assert();
- ret = gnutls_alert_send( session, GNUTLS_AL_WARNING,
- GNUTLS_A_MISSING_SRP_USERNAME);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return GNUTLS_E_INT_HANDSHAKE_AGAIN;
- }
+ return GNUTLS_E_INT_HANDSHAKE_AGAIN;
}
+ }
- if (again == 0) {
- datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3;
- extdatalen = _gnutls_gen_extensions(session, extdata, sizeof(extdata));
+ if (again == 0) {
+ datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3;
+ extdatalen =
+ _gnutls_gen_extensions(session, extdata, sizeof(extdata));
- if (extdatalen < 0) {
- gnutls_assert();
- return extdatalen;
- }
+ if (extdatalen < 0) {
+ gnutls_assert();
+ return extdatalen;
+ }
- data = gnutls_alloca(datalen + extdatalen);
- if (data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ data = gnutls_alloca(datalen + extdatalen);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- data[pos++] =
- _gnutls_version_get_major(session->security_parameters.
- version);
- data[pos++] =
- _gnutls_version_get_minor(session->security_parameters.
- version);
-
- memcpy(&data[pos],
- session->security_parameters.server_random,
- TLS_RANDOM_SIZE);
- pos += TLS_RANDOM_SIZE;
-
- data[pos++] = session_id_len;
- if (session_id_len > 0) {
- memcpy(&data[pos], SessionID, session_id_len);
- }
- pos += session_id_len;
+ data[pos++] =
+ _gnutls_version_get_major(session->security_parameters.
+ version);
+ data[pos++] =
+ _gnutls_version_get_minor(session->security_parameters.
+ version);
+
+ memcpy(&data[pos],
+ session->security_parameters.server_random,
+ TLS_RANDOM_SIZE);
+ pos += TLS_RANDOM_SIZE;
+
+ data[pos++] = session_id_len;
+ if (session_id_len > 0) {
+ memcpy(&data[pos], SessionID, session_id_len);
+ }
+ pos += session_id_len;
- _gnutls_handshake_log("HSK[%x]: SessionID: %s\n", session,
- _gnutls_bin2hex(SessionID, session_id_len, buf, sizeof(buf)));
+ _gnutls_handshake_log("HSK[%x]: SessionID: %s\n", session,
+ _gnutls_bin2hex(SessionID, session_id_len,
+ buf, sizeof(buf)));
- memcpy(&data[pos],
- session->security_parameters.
- current_cipher_suite.suite, 2);
- pos += 2;
+ memcpy(&data[pos],
+ session->security_parameters.current_cipher_suite.suite, 2);
+ pos += 2;
- comp =
- (uint8) _gnutls_compression_get_num(session->
- internals.
- compression_method);
- data[pos++] = comp;
+ comp =
+ (uint8) _gnutls_compression_get_num(session->
+ internals.
+ compression_method);
+ data[pos++] = comp;
- if (extdatalen > 0) {
- datalen += extdatalen;
+ if (extdatalen > 0) {
+ datalen += extdatalen;
- memcpy(&data[pos], extdata, extdatalen);
- }
+ memcpy(&data[pos], extdata, extdatalen);
}
+ }
- ret =
- _gnutls_send_handshake(session, data, datalen,
- GNUTLS_SERVER_HELLO);
- gnutls_afree(data);
+ ret =
+ _gnutls_send_handshake(session, data, datalen,
+ GNUTLS_SERVER_HELLO);
+ gnutls_afree(data);
- return ret;
+ return ret;
}
int _gnutls_send_hello(gnutls_session session, int again)
{
- int ret;
+ int ret;
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
- ret = _gnutls_send_client_hello(session, again);
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ ret = _gnutls_send_client_hello(session, again);
- } else { /* SERVER */
- ret = _gnutls_send_server_hello(session, again);
- }
+ } else { /* SERVER */
+ ret = _gnutls_send_server_hello(session, again);
+ }
- return ret;
+ return ret;
}
/* RECEIVE A HELLO MESSAGE. This should be called from gnutls_recv_handshake_int only if a
* hello message is expected. It uses the security_parameters.current_cipher_suite
* and internals.compression_method.
*/
-int _gnutls_recv_hello(gnutls_session session, opaque *data, int datalen)
+int _gnutls_recv_hello(gnutls_session session, opaque * data, int datalen)
{
- int ret;
+ int ret;
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
- ret = _gnutls_read_server_hello(session, data, datalen);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- } else { /* Server side reading a client hello */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ ret = _gnutls_read_server_hello(session, data, datalen);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ } else { /* Server side reading a client hello */
- ret = _gnutls_read_client_hello(session, data, datalen);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_read_client_hello(session, data, datalen);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
+ }
- return ret;
+ return ret;
}
/* The packets in gnutls_handshake (it's more broad than original TLS handshake)
@@ -1821,64 +1855,67 @@ int _gnutls_recv_hello(gnutls_session session, opaque *data, int datalen)
**/
int gnutls_rehandshake(gnutls_session session)
{
- int ret;
+ int ret;
- /* only server sends that handshake packet */
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- return GNUTLS_E_INVALID_REQUEST;
+ /* only server sends that handshake packet */
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ return GNUTLS_E_INVALID_REQUEST;
- ret =
- _gnutls_send_empty_handshake(session, GNUTLS_HELLO_REQUEST,
- AGAIN(STATE50));
- STATE = STATE50;
+ ret =
+ _gnutls_send_empty_handshake(session, GNUTLS_HELLO_REQUEST,
+ AGAIN(STATE50));
+ STATE = STATE50;
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- STATE = STATE0;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ STATE = STATE0;
- return 0;
+ return 0;
}
-inline
-static int _gnutls_abort_handshake( gnutls_session session, int ret)
+inline static int _gnutls_abort_handshake(gnutls_session session, int ret)
{
- if ( ((ret==GNUTLS_E_WARNING_ALERT_RECEIVED) &&
- ( gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
- || ret==GNUTLS_E_GOT_APPLICATION_DATA)
- return 0;
+ if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
+ (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
+ || ret == GNUTLS_E_GOT_APPLICATION_DATA)
+ return 0;
- /* this doesn't matter */
- return GNUTLS_E_INTERNAL_ERROR;
+ /* this doesn't matter */
+ return GNUTLS_E_INTERNAL_ERROR;
}
/* This function initialized the handshake hash session.
* required for finished messages.
*/
-inline
-static int _gnutls_handshake_hash_init( gnutls_session session) {
+inline static int _gnutls_handshake_hash_init(gnutls_session session)
+{
- if ( session->internals.handshake_mac_handle_md5==NULL) {
- session->internals.handshake_mac_handle_md5 = _gnutls_hash_init( GNUTLS_MAC_MD5);
+ if (session->internals.handshake_mac_handle_md5 == NULL) {
+ session->internals.handshake_mac_handle_md5 =
+ _gnutls_hash_init(GNUTLS_MAC_MD5);
- if (session->internals.handshake_mac_handle_md5==GNUTLS_HASH_FAILED) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (session->internals.handshake_mac_handle_md5 ==
+ GNUTLS_HASH_FAILED) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
+ }
- if ( session->internals.handshake_mac_handle_sha==NULL) {
- session->internals.handshake_mac_handle_sha = _gnutls_hash_init( GNUTLS_MAC_SHA);
- if (session->internals.handshake_mac_handle_sha==GNUTLS_HASH_FAILED) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (session->internals.handshake_mac_handle_sha == NULL) {
+ session->internals.handshake_mac_handle_sha =
+ _gnutls_hash_init(GNUTLS_MAC_SHA);
+ if (session->internals.handshake_mac_handle_sha ==
+ GNUTLS_HASH_FAILED) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
+ }
- return 0;
-}
+ return 0;
+}
/**
* gnutls_handshake - This is the main function in the handshake protocol.
@@ -1906,43 +1943,43 @@ static int _gnutls_handshake_hash_init( gnutls_session session) {
**/
int gnutls_handshake(gnutls_session session)
{
- int ret;
+ int ret;
- if ( (ret=_gnutls_handshake_hash_init( session)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if ((ret = _gnutls_handshake_hash_init(session)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ ret = _gnutls_handshake_client(session);
+ } else {
+ ret = _gnutls_handshake_server(session);
+ }
+ if (ret < 0) {
+ /* In the case of a rehandshake abort
+ * we should reset the handshake's internal state.
+ */
+ if (_gnutls_abort_handshake(session, ret) == 0)
+ STATE = STATE0;
- if (session->security_parameters.entity == GNUTLS_CLIENT) {
- ret = _gnutls_handshake_client(session);
- } else {
- ret = _gnutls_handshake_server(session);
- }
- if (ret < 0) {
- /* In the case of a rehandshake abort
- * we should reset the handshake's internal state.
- */
- if (_gnutls_abort_handshake( session, ret) == 0)
- STATE = STATE0;
+ return ret;
+ }
- return ret;
- }
-
- ret = _gnutls_handshake_common(session);
+ ret = _gnutls_handshake_common(session);
- if (ret < 0) {
- if (_gnutls_abort_handshake( session, ret) == 0)
- STATE = STATE0;
-
- return ret;
- }
-
- STATE = STATE0;
+ if (ret < 0) {
+ if (_gnutls_abort_handshake(session, ret) == 0)
+ STATE = STATE0;
- _gnutls_handshake_io_buffer_clear(session);
- _gnutls_handshake_internal_state_clear(session);
+ return ret;
+ }
- return 0;
+ STATE = STATE0;
+
+ _gnutls_handshake_io_buffer_clear(session);
+ _gnutls_handshake_internal_state_clear(session);
+
+ return 0;
}
/* Here if GNUTLS_E_INT_HANDSHAKE_AGAIN is received we go to
@@ -1975,162 +2012,154 @@ int gnutls_handshake(gnutls_session session)
*/
int _gnutls_handshake_client(gnutls_session session)
{
- int ret = 0;
+ int ret = 0;
#ifdef HANDSHAKE_DEBUG
- char buf[64];
-
- if (session->internals.resumed_security_parameters.
- session_id_size > 0)
- _gnutls_handshake_log("HSK[%x]: Ask to resume: %s\n", session,
- _gnutls_bin2hex(session->internals.
- resumed_security_parameters.
- session_id,
- session->internals.
- resumed_security_parameters.
- session_id_size, buf, sizeof(buf)));
+ char buf[64];
+
+ if (session->internals.resumed_security_parameters.session_id_size > 0)
+ _gnutls_handshake_log("HSK[%x]: Ask to resume: %s\n", session,
+ _gnutls_bin2hex(session->internals.
+ resumed_security_parameters.
+ session_id,
+ session->internals.
+ resumed_security_parameters.
+ session_id_size, buf,
+ sizeof(buf)));
#endif
- restart:
-
- switch (STATE) {
- case STATE0:
- case STATE1:
- ret = _gnutls_send_hello(session, AGAIN(STATE1));
- STATE = STATE1;
- IMED_RET("send hello", ret);
-
- case STATE2:
- /* receive the server hello */
- ret =
- _gnutls_recv_handshake(session, NULL, NULL,
- GNUTLS_SERVER_HELLO,
- MANDATORY_PACKET);
- STATE = STATE2;
- IMED_RET("recv hello", ret);
-
- case STATE3:
- /* RECV CERTIFICATE */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_certificate(session);
- STATE = STATE3;
- IMED_RET("recv server certificate", ret);
-
- case STATE4:
- /* receive the server key exchange */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_server_kx_message(session);
- STATE = STATE4;
- IMED_RET("recv server kx message", ret);
-
- case STATE5:
- /* receive the server certificate request - if any
- */
-
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_recv_server_certificate_request(session);
- STATE = STATE5;
- IMED_RET("recv server certificate request message", ret);
-
- case STATE6:
- /* receive the server hello done */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_recv_handshake(session, NULL, NULL,
- GNUTLS_SERVER_HELLO_DONE,
- MANDATORY_PACKET);
- STATE = STATE6;
- IMED_RET("recv server hello done", ret);
-
- case STATE7:
- /* send our certificate - if any and if requested
- */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_send_client_certificate(session,
- AGAIN(STATE7));
- STATE = STATE7;
- IMED_RET("send client certificate", ret);
-
- case STATE8:
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_send_client_kx_message(session,
- AGAIN(STATE8));
- STATE = STATE8;
- IMED_RET("send client kx", ret);
-
- case STATE9:
- /* send client certificate verify */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_send_client_certificate_verify(session,
- AGAIN
- (STATE9));
- STATE = STATE9;
- IMED_RET("send client certificate verify", ret);
-
- STATE = STATE0;
- default:
- break;
- }
+ restart:
+ switch (STATE) {
+ case STATE0:
+ case STATE1:
+ ret = _gnutls_send_hello(session, AGAIN(STATE1));
+ STATE = STATE1;
+ IMED_RET("send hello", ret);
- return 0;
+ case STATE2:
+ /* receive the server hello */
+ ret =
+ _gnutls_recv_handshake(session, NULL, NULL,
+ GNUTLS_SERVER_HELLO, MANDATORY_PACKET);
+ STATE = STATE2;
+ IMED_RET("recv hello", ret);
+
+ case STATE3:
+ /* RECV CERTIFICATE */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_certificate(session);
+ STATE = STATE3;
+ IMED_RET("recv server certificate", ret);
+
+ case STATE4:
+ /* receive the server key exchange */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_kx_message(session);
+ STATE = STATE4;
+ IMED_RET("recv server kx message", ret);
+
+ case STATE5:
+ /* receive the server certificate request - if any
+ */
+
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_certificate_request(session);
+ STATE = STATE5;
+ IMED_RET("recv server certificate request message", ret);
+
+ case STATE6:
+ /* receive the server hello done */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_recv_handshake(session, NULL, NULL,
+ GNUTLS_SERVER_HELLO_DONE,
+ MANDATORY_PACKET);
+ STATE = STATE6;
+ IMED_RET("recv server hello done", ret);
+
+ case STATE7:
+ /* send our certificate - if any and if requested
+ */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_send_client_certificate(session, AGAIN(STATE7));
+ STATE = STATE7;
+ IMED_RET("send client certificate", ret);
+
+ case STATE8:
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_send_client_kx_message(session, AGAIN(STATE8));
+ STATE = STATE8;
+ IMED_RET("send client kx", ret);
+
+ case STATE9:
+ /* send client certificate verify */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_client_certificate_verify(session,
+ AGAIN(STATE9));
+ STATE = STATE9;
+ IMED_RET("send client certificate verify", ret);
+
+ STATE = STATE0;
+ default:
+ break;
+ }
+
+
+ return 0;
}
/* This function sends the final handshake packets and initializes connection
*/
static int _gnutls_send_handshake_final(gnutls_session session, int init)
{
- int ret = 0;
-
- /* Send the CHANGE CIPHER SPEC PACKET */
-
- switch (STATE) {
- case STATE0:
- case STATE20:
- ret =
- _gnutls_send_change_cipher_spec(session, AGAIN(STATE20));
- STATE = STATE20;
- if (ret < 0) {
- ERR("send ChangeCipherSpec", ret);
- gnutls_assert();
- return ret;
- }
+ int ret = 0;
- /* Initialize the connection session (start encryption) - in case of client
- */
- if (init == TRUE) {
- ret = _gnutls_connection_state_init(session);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- }
+ /* Send the CHANGE CIPHER SPEC PACKET */
- ret = _gnutls_write_connection_state_init(session);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ switch (STATE) {
+ case STATE0:
+ case STATE20:
+ ret = _gnutls_send_change_cipher_spec(session, AGAIN(STATE20));
+ STATE = STATE20;
+ if (ret < 0) {
+ ERR("send ChangeCipherSpec", ret);
+ gnutls_assert();
+ return ret;
+ }
- case STATE21:
- /* send the finished message */
- ret = _gnutls_send_finished(session, AGAIN(STATE21));
- STATE = STATE21;
- if (ret < 0) {
- ERR("send Finished", ret);
- gnutls_assert();
- return ret;
- }
+ /* Initialize the connection session (start encryption) - in case of client
+ */
+ if (init == TRUE) {
+ ret = _gnutls_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
- STATE = STATE0;
- default:
- break;
+ ret = _gnutls_write_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- return 0;
+ case STATE21:
+ /* send the finished message */
+ ret = _gnutls_send_finished(session, AGAIN(STATE21));
+ STATE = STATE21;
+ if (ret < 0) {
+ ERR("send Finished", ret);
+ gnutls_assert();
+ return ret;
+ }
+
+ STATE = STATE0;
+ default:
+ break;
+ }
+
+ return 0;
}
/* This function receives the final handshake packets
@@ -2139,54 +2168,52 @@ static int _gnutls_send_handshake_final(gnutls_session session, int init)
*/
static int _gnutls_recv_handshake_final(gnutls_session session, int init)
{
- int ret = 0;
- uint8 ch;
-
- switch (STATE) {
- case STATE0:
- case STATE30:
- ret =
- _gnutls_recv_int(session, GNUTLS_CHANGE_CIPHER_SPEC, -1,
- &ch, 1);
- STATE = STATE30;
- if (ret <= 0) {
- ERR("recv ChangeCipherSpec", ret);
- gnutls_assert();
- return (ret <
- 0) ? ret :
- GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ int ret = 0;
+ uint8 ch;
- /* Initialize the connection session (start encryption) - in case of server */
- if (init == TRUE) {
- ret = _gnutls_connection_state_init(session);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- }
+ switch (STATE) {
+ case STATE0:
+ case STATE30:
+ ret =
+ _gnutls_recv_int(session, GNUTLS_CHANGE_CIPHER_SPEC, -1,
+ &ch, 1);
+ STATE = STATE30;
+ if (ret <= 0) {
+ ERR("recv ChangeCipherSpec", ret);
+ gnutls_assert();
+ return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ /* Initialize the connection session (start encryption) - in case of server */
+ if (init == TRUE) {
+ ret = _gnutls_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
- ret = _gnutls_read_connection_state_init(session);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_read_connection_state_init(session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- case STATE31:
- ret = _gnutls_recv_finished(session);
- STATE = STATE31;
- if (ret < 0) {
- ERR("recv finished", ret);
- gnutls_assert();
- return ret;
- }
- STATE = STATE0;
- default:
- break;
+ case STATE31:
+ ret = _gnutls_recv_finished(session);
+ STATE = STATE31;
+ if (ret < 0) {
+ ERR("recv finished", ret);
+ gnutls_assert();
+ return ret;
}
+ STATE = STATE0;
+ default:
+ break;
+ }
- return 0;
+ return 0;
}
/*
@@ -2196,236 +2223,231 @@ static int _gnutls_recv_handshake_final(gnutls_session session, int init)
int _gnutls_handshake_server(gnutls_session session)
{
- int ret = 0;
-
- restart:
-
- switch (STATE) {
- case STATE0:
- case STATE1:
- ret =
- _gnutls_recv_handshake(session, NULL, NULL,
- GNUTLS_CLIENT_HELLO,
- MANDATORY_PACKET);
- STATE = STATE1;
- IMED_RET("recv hello", ret);
-
- case STATE2:
- ret = _gnutls_send_hello(session, AGAIN(STATE2));
- STATE = STATE2;
- IMED_RET("send hello", ret);
-
- /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
- case STATE3:
- /* NOTE: these should not be send if we are resuming */
-
- if (session->internals.resumed == RESUME_FALSE)
- ret =
- _gnutls_send_server_certificate(session,
- AGAIN(STATE3));
- STATE = STATE3;
- IMED_RET("send server certificate", ret);
-
- case STATE4:
- /* send server key exchange (A) */
- if (session->internals.resumed == RESUME_FALSE)
- ret =
- _gnutls_send_server_kx_message(session,
- AGAIN(STATE4));
- STATE = STATE4;
- IMED_RET("send server kx", ret);
-
- case STATE5:
- /* Send certificate request - if requested to */
- if (session->internals.resumed == RESUME_FALSE)
- ret =
- _gnutls_send_server_certificate_request(session,
- AGAIN
- (STATE5));
- STATE = STATE5;
- IMED_RET("send server cert request", ret);
-
- case STATE6:
- /* send the server hello done */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_send_empty_handshake(session,
- GNUTLS_SERVER_HELLO_DONE,
- AGAIN(STATE6));
- STATE = STATE6;
- IMED_RET("send server hello done", ret);
-
-
- /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
- case STATE7:
- /* receive the client certificate message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_certificate(session);
- STATE = STATE7;
- IMED_RET("recv client certificate", ret);
-
- case STATE8:
- /* receive the client key exchange message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret = _gnutls_recv_client_kx_message(session);
- STATE = STATE8;
- IMED_RET("recv client kx", ret);
-
- case STATE9:
- /* receive the client certificate verify message */
- if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
- ret =
- _gnutls_recv_client_certificate_verify_message
- (session);
- STATE = STATE9;
- IMED_RET("recv client certificate verify", ret);
-
- STATE = STATE0; /* finished thus clear session */
- default:
- break;
- }
+ int ret = 0;
- return 0;
+ restart:
+
+ switch (STATE) {
+ case STATE0:
+ case STATE1:
+ ret =
+ _gnutls_recv_handshake(session, NULL, NULL,
+ GNUTLS_CLIENT_HELLO, MANDATORY_PACKET);
+ STATE = STATE1;
+ IMED_RET("recv hello", ret);
+
+ case STATE2:
+ ret = _gnutls_send_hello(session, AGAIN(STATE2));
+ STATE = STATE2;
+ IMED_RET("send hello", ret);
+
+ /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
+ case STATE3:
+ /* NOTE: these should not be send if we are resuming */
+
+ if (session->internals.resumed == RESUME_FALSE)
+ ret = _gnutls_send_server_certificate(session, AGAIN(STATE3));
+ STATE = STATE3;
+ IMED_RET("send server certificate", ret);
+
+ case STATE4:
+ /* send server key exchange (A) */
+ if (session->internals.resumed == RESUME_FALSE)
+ ret = _gnutls_send_server_kx_message(session, AGAIN(STATE4));
+ STATE = STATE4;
+ IMED_RET("send server kx", ret);
+
+ case STATE5:
+ /* Send certificate request - if requested to */
+ if (session->internals.resumed == RESUME_FALSE)
+ ret =
+ _gnutls_send_server_certificate_request(session,
+ AGAIN(STATE5));
+ STATE = STATE5;
+ IMED_RET("send server cert request", ret);
+
+ case STATE6:
+ /* send the server hello done */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_empty_handshake(session,
+ GNUTLS_SERVER_HELLO_DONE,
+ AGAIN(STATE6));
+ STATE = STATE6;
+ IMED_RET("send server hello done", ret);
+
+
+ /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
+ case STATE7:
+ /* receive the client certificate message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_certificate(session);
+ STATE = STATE7;
+ IMED_RET("recv client certificate", ret);
+
+ case STATE8:
+ /* receive the client key exchange message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_kx_message(session);
+ STATE = STATE8;
+ IMED_RET("recv client kx", ret);
+
+ case STATE9:
+ /* receive the client certificate verify message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_certificate_verify_message(session);
+ STATE = STATE9;
+ IMED_RET("recv client certificate verify", ret);
+
+ STATE = STATE0; /* finished thus clear session */
+ default:
+ break;
+ }
+
+ return 0;
}
int _gnutls_handshake_common(gnutls_session session)
{
- int ret = 0;
+ int ret = 0;
- restart:
+ restart:
- /* send and recv the change cipher spec and finished messages */
- if ((session->internals.resumed == RESUME_TRUE
- && session->security_parameters.entity == GNUTLS_CLIENT)
- || (session->internals.resumed == RESUME_FALSE
- && session->security_parameters.entity == GNUTLS_SERVER)) {
- /* if we are a client resuming - or we are a server not resuming */
+ /* send and recv the change cipher spec and finished messages */
+ if ((session->internals.resumed == RESUME_TRUE
+ && session->security_parameters.entity == GNUTLS_CLIENT)
+ || (session->internals.resumed == RESUME_FALSE
+ && session->security_parameters.entity == GNUTLS_SERVER)) {
+ /* if we are a client resuming - or we are a server not resuming */
- ret = _gnutls_recv_handshake_final(session, TRUE);
- IMED_RET("recv handshake final", ret);
+ ret = _gnutls_recv_handshake_final(session, TRUE);
+ IMED_RET("recv handshake final", ret);
- ret = _gnutls_send_handshake_final(session, FALSE);
- IMED_RET("send handshake final", ret);
- } else { /* if we are a client not resuming - or we are a server resuming */
+ ret = _gnutls_send_handshake_final(session, FALSE);
+ IMED_RET("send handshake final", ret);
+ } else { /* if we are a client not resuming - or we are a server resuming */
- ret = _gnutls_send_handshake_final(session, TRUE);
- IMED_RET("send handshake final 2", ret);
+ ret = _gnutls_send_handshake_final(session, TRUE);
+ IMED_RET("send handshake final 2", ret);
- ret = _gnutls_recv_handshake_final(session, FALSE);
- IMED_RET("recv handshake final 2", ret);
- }
+ ret = _gnutls_recv_handshake_final(session, FALSE);
+ IMED_RET("recv handshake final 2", ret);
+ }
- if (session->security_parameters.entity == GNUTLS_SERVER) {
- /* in order to support session resuming */
- _gnutls_server_register_current_session(session);
- }
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ /* in order to support session resuming */
+ _gnutls_server_register_current_session(session);
+ }
- /* clear handshake buffer */
- _gnutls_handshake_hash_buffers_clear(session);
- return ret;
+ /* clear handshake buffer */
+ _gnutls_handshake_hash_buffers_clear(session);
+ return ret;
}
-int _gnutls_generate_session_id(opaque *session_id, uint8 * len)
+int _gnutls_generate_session_id(opaque * session_id, uint8 * len)
{
- *len = TLS_MAX_SESSION_ID_SIZE;
+ *len = TLS_MAX_SESSION_ID_SIZE;
- if (_gnutls_get_random(session_id, *len, GNUTLS_WEAK_RANDOM) <
- 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (_gnutls_get_random(session_id, *len, GNUTLS_WEAK_RANDOM) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
int _gnutls_recv_hello_request(gnutls_session session, void *data,
uint32 data_size)
{
- uint8 type;
+ uint8 type;
- if (session->security_parameters.entity == GNUTLS_SERVER) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
- if (data_size < 1) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- type = ((uint8 *) data)[0];
- if (type == GNUTLS_HELLO_REQUEST)
- return GNUTLS_E_REHANDSHAKE;
- else {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET;
- }
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+ if (data_size < 1) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ type = ((uint8 *) data)[0];
+ if (type == GNUTLS_HELLO_REQUEST)
+ return GNUTLS_E_REHANDSHAKE;
+ else {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
}
/* Returns 1 if the given KX has not the corresponding parameters
* (DH or RSA) set up. Otherwise returns 0.
*/
-inline static int check_server_params( gnutls_session session, gnutls_kx_algorithm kx,
- gnutls_kx_algorithm* alg, int alg_size)
+inline static int check_server_params(gnutls_session session,
+ gnutls_kx_algorithm kx,
+ gnutls_kx_algorithm * alg,
+ int alg_size)
{
- int cred_type;
- const gnutls_certificate_credentials x509_cred;
- const gnutls_anon_server_credentials anon_cred;
- gnutls_dh_params dh_params = NULL;
- gnutls_rsa_params rsa_params = NULL;
- int j, remove;
-
- cred_type = _gnutls_map_kx_get_cred( kx, 1);
-
- if (cred_type == GNUTLS_CRD_CERTIFICATE) {
- x509_cred =
- _gnutls_get_cred(session->key, cred_type, NULL);
-
- if (x509_cred != NULL) {
- dh_params = _gnutls_certificate_get_dh_params(x509_cred, session);
- rsa_params = _gnutls_certificate_get_rsa_params(x509_cred, session);
- }
+ int cred_type;
+ const gnutls_certificate_credentials x509_cred;
+ const gnutls_anon_server_credentials anon_cred;
+ gnutls_dh_params dh_params = NULL;
+ gnutls_rsa_params rsa_params = NULL;
+ int j, remove;
- /* Check also if the certificate supports the
- * KX method.
- */
- remove = 1;
- for (j = 0; j < alg_size; j++) {
- if (alg[j] == kx) {
- remove = 0;
- break;
- }
- }
-
- if (remove == 1) return 1;
+ cred_type = _gnutls_map_kx_get_cred(kx, 1);
-#ifdef ENABLE_ANON
- } else if ( cred_type == GNUTLS_CRD_ANON) {
- anon_cred =
- _gnutls_get_cred(session->key, cred_type, NULL);
-
- if (anon_cred != NULL) {
- dh_params = _gnutls_anon_get_dh_params(anon_cred, session);
- }
-#endif
- } else return 0; /* no need for params */
+ if (cred_type == GNUTLS_CRD_CERTIFICATE) {
+ x509_cred = _gnutls_get_cred(session->key, cred_type, NULL);
+ if (x509_cred != NULL) {
+ dh_params =
+ _gnutls_certificate_get_dh_params(x509_cred, session);
+ rsa_params =
+ _gnutls_certificate_get_rsa_params(x509_cred, session);
+ }
- /* If the key exchange method needs RSA or DH params,
- * but they are not set then remove it.
+ /* Check also if the certificate supports the
+ * KX method.
*/
- if (_gnutls_kx_needs_rsa_params( kx) != 0) {
- /* needs rsa params. */
- if (_gnutls_get_rsa_params( rsa_params)==NULL)
- return 1;
- }
-
- if (_gnutls_kx_needs_dh_params( kx) != 0) {
- /* needs DH params. */
- if (_gnutls_get_dh_params( dh_params)==NULL)
- return 1;
+ remove = 1;
+ for (j = 0; j < alg_size; j++) {
+ if (alg[j] == kx) {
+ remove = 0;
+ break;
+ }
}
- return 0;
+ if (remove == 1)
+ return 1;
+
+#ifdef ENABLE_ANON
+ } else if (cred_type == GNUTLS_CRD_ANON) {
+ anon_cred = _gnutls_get_cred(session->key, cred_type, NULL);
+
+ if (anon_cred != NULL) {
+ dh_params = _gnutls_anon_get_dh_params(anon_cred, session);
+ }
+#endif
+ } else
+ return 0; /* no need for params */
+
+
+ /* If the key exchange method needs RSA or DH params,
+ * but they are not set then remove it.
+ */
+ if (_gnutls_kx_needs_rsa_params(kx) != 0) {
+ /* needs rsa params. */
+ if (_gnutls_get_rsa_params(rsa_params) == NULL)
+ return 1;
+ }
+
+ if (_gnutls_kx_needs_dh_params(kx) != 0) {
+ /* needs DH params. */
+ if (_gnutls_get_dh_params(dh_params) == NULL)
+ return 1;
+ }
+
+ return 0;
}
/* This function will remove algorithms that are not supported by
@@ -2437,103 +2459,107 @@ inline static int check_server_params( gnutls_session session, gnutls_kx_algorit
*/
int _gnutls_remove_unwanted_ciphersuites(gnutls_session session,
cipher_suite_st **
- cipherSuites, int numCipherSuites,
- gnutls_pk_algorithm requested_pk_algo)
+ cipherSuites, int numCipherSuites,
+ gnutls_pk_algorithm
+ requested_pk_algo)
{
- int ret = 0;
- cipher_suite_st *newSuite, cs;
- int newSuiteSize = 0, i, remove;
- const gnutls_certificate_credentials x509_cred;
- gnutls_kx_algorithm kx;
- int server = session->security_parameters.entity==GNUTLS_SERVER?1:0;
- gnutls_kx_algorithm *alg;
- int alg_size;
-
- /* if we should use a specific certificate,
- * we should remove all algorithms that are not supported
- * by that certificate and are on the same authentication
- * method (CERTIFICATE).
- */
+ int ret = 0;
+ cipher_suite_st *newSuite, cs;
+ int newSuiteSize = 0, i, remove;
+ const gnutls_certificate_credentials x509_cred;
+ gnutls_kx_algorithm kx;
+ int server =
+ session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
+ gnutls_kx_algorithm *alg;
+ int alg_size;
+
+ /* if we should use a specific certificate,
+ * we should remove all algorithms that are not supported
+ * by that certificate and are on the same authentication
+ * method (CERTIFICATE).
+ */
+
+ x509_cred =
+ _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+
+ /* if x509_cred==NULL we should remove all X509 ciphersuites
+ */
+
+ if (session->security_parameters.entity == GNUTLS_SERVER
+ && x509_cred != NULL) {
+ ret = _gnutls_server_select_cert(session, requested_pk_algo);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
- x509_cred =
- _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ /* get all the key exchange algorithms that are
+ * supported by the X509 certificate parameters.
+ */
+ if ((ret =
+ _gnutls_selected_cert_supported_kx(session, &alg,
+ &alg_size)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* if x509_cred==NULL we should remove all X509 ciphersuites
+ newSuite = gnutls_malloc(numCipherSuites * sizeof(cipher_suite_st));
+ if (newSuite == NULL) {
+ gnutls_assert();
+ gnutls_free(alg);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* now removes ciphersuites based on the KX algorithm
+ */
+ for (i = 0; i < numCipherSuites; i++) {
+ /* finds the key exchange algorithm in
+ * the ciphersuite
*/
+ kx = _gnutls_cipher_suite_get_kx_algo(&(*cipherSuites)[i]);
+ remove = 0;
- if (session->security_parameters.entity == GNUTLS_SERVER && x509_cred != NULL) {
- ret = _gnutls_server_select_cert(session, requested_pk_algo);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- }
-
- /* get all the key exchange algorithms that are
- * supported by the X509 certificate parameters.
+ /* if it is defined but had no credentials
*/
- if ((ret =
- _gnutls_selected_cert_supported_kx(session, &alg,
- &alg_size)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if (_gnutls_get_kx_cred(session, kx, NULL) == NULL) {
+ remove = 1;
+ } else {
+ remove = 0;
- newSuite =
- gnutls_malloc(numCipherSuites * sizeof(cipher_suite_st));
- if (newSuite == NULL) {
- gnutls_assert();
- gnutls_free(alg);
- return GNUTLS_E_MEMORY_ERROR;
+ if (server)
+ remove = check_server_params(session, kx, alg, alg_size);
}
- /* now removes ciphersuites based on the KX algorithm
- */
- for (i = 0; i < numCipherSuites; i++) {
- /* finds the key exchange algorithm in
- * the ciphersuite
- */
- kx = _gnutls_cipher_suite_get_kx_algo(&(*cipherSuites)[i]);
- remove = 0;
- /* if it is defined but had no credentials
- */
- if (_gnutls_get_kx_cred(session, kx, NULL) == NULL) {
- remove = 1;
- } else {
- remove = 0;
- if (server)
- remove = check_server_params( session, kx, alg, alg_size);
- }
-
-
-
- memcpy( &cs.suite, &(*cipherSuites)[i].suite, 2);
+ memcpy(&cs.suite, &(*cipherSuites)[i].suite, 2);
- if (remove == 0) {
+ if (remove == 0) {
- _gnutls_handshake_log("HSK[%x]: Keeping ciphersuite: %s\n", session,
- _gnutls_cipher_suite_get_name(&cs));
+ _gnutls_handshake_log("HSK[%x]: Keeping ciphersuite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name(&cs));
- memcpy(newSuite[newSuiteSize].suite,
- (*cipherSuites)[i].suite, 2);
- newSuiteSize++;
- } else {
- _gnutls_handshake_log("HSK[%x]: Removing ciphersuite: %s\n", session,
- _gnutls_cipher_suite_get_name(&cs));
+ memcpy(newSuite[newSuiteSize].suite,
+ (*cipherSuites)[i].suite, 2);
+ newSuiteSize++;
+ } else {
+ _gnutls_handshake_log("HSK[%x]: Removing ciphersuite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name(&cs));
- }
}
+ }
- gnutls_free(alg);
- gnutls_free(*cipherSuites);
- *cipherSuites = newSuite;
+ gnutls_free(alg);
+ gnutls_free(*cipherSuites);
+ *cipherSuites = newSuite;
- ret = newSuiteSize;
+ ret = newSuiteSize;
- return ret;
+ return ret;
}
@@ -2548,18 +2574,23 @@ int _gnutls_remove_unwanted_ciphersuites(gnutls_session session,
* to set an upper limit.
*
**/
-void gnutls_handshake_set_max_packet_length(gnutls_session session, int max)
+void gnutls_handshake_set_max_packet_length(gnutls_session session,
+ int max)
{
- session->internals.max_handshake_data_buffer_size = max;
+ session->internals.max_handshake_data_buffer_size = max;
}
-void _gnutls_set_adv_version( gnutls_session session, gnutls_protocol_version ver) {
- set_adv_version( session, _gnutls_version_get_major(ver), _gnutls_version_get_minor(ver));
+void _gnutls_set_adv_version(gnutls_session session,
+ gnutls_protocol_version ver)
+{
+ set_adv_version(session, _gnutls_version_get_major(ver),
+ _gnutls_version_get_minor(ver));
}
-gnutls_protocol_version _gnutls_get_adv_version( gnutls_session session) {
- return _gnutls_version_get( _gnutls_get_adv_version_major( session),
- _gnutls_get_adv_version_minor( session));
+gnutls_protocol_version _gnutls_get_adv_version(gnutls_session session)
+{
+ return _gnutls_version_get(_gnutls_get_adv_version_major(session),
+ _gnutls_get_adv_version_minor(session));
}
/**
@@ -2572,9 +2603,10 @@ gnutls_protocol_version _gnutls_get_adv_version( gnutls_session session) {
*
* Check gnutls.h for the available handshake descriptions.
**/
-gnutls_handshake_description gnutls_handshake_get_last_in( gnutls_session session)
+gnutls_handshake_description gnutls_handshake_get_last_in(gnutls_session
+ session)
{
- return session->internals.last_handshake_in;
+ return session->internals.last_handshake_in;
}
/**
@@ -2588,8 +2620,8 @@ gnutls_handshake_description gnutls_handshake_get_last_in( gnutls_session sessio
* Check gnutls.h for the available handshake descriptions.
*
**/
-gnutls_handshake_description gnutls_handshake_get_last_out( gnutls_session session)
+gnutls_handshake_description gnutls_handshake_get_last_out(gnutls_session
+ session)
{
- return session->internals.last_handshake_out;
+ return session->internals.last_handshake_out;
}
-
diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h
index 5a86c9be74..52bb61dc9d 100644
--- a/lib/gnutls_handshake.h
+++ b/lib/gnutls_handshake.h
@@ -20,24 +20,32 @@
typedef enum Optional { OPTIONAL_PACKET, MANDATORY_PACKET } Optional;
-int _gnutls_send_handshake( gnutls_session session, void* i_data, uint32 i_datasize, HandshakeType type);
-int gnutls_send_hello_request( gnutls_session session);
-int _gnutls_recv_hello_request( gnutls_session session, void* data, uint32 data_size);
-int _gnutls_send_hello( gnutls_session session, int again);
-int _gnutls_recv_hello( gnutls_session session, opaque* data, int datalen);
-int gnutls_handshake( gnutls_session session);
-int _gnutls_recv_handshake( gnutls_session session, uint8**, int*, HandshakeType, Optional optional);
-int _gnutls_generate_session_id( opaque* session_id, uint8* len);
-int _gnutls_handshake_common( gnutls_session session);
-int _gnutls_handshake_client( gnutls_session session);
-int _gnutls_handshake_server( gnutls_session session);
-void _gnutls_set_server_random( gnutls_session session, uint8* random);
-void _gnutls_set_client_random( gnutls_session session, uint8* random);
-int _gnutls_tls_create_random( opaque* dst);
-int _gnutls_remove_unwanted_ciphersuites( gnutls_session session, cipher_suite_st ** cipherSuites, int numCipherSuites, gnutls_pk_algorithm);
-void gnutls_handshake_set_max_packet_length( gnutls_session session, int max);
-int _gnutls_find_pk_algos_in_ciphersuites( opaque* data, int datalen);
-int _gnutls_server_select_suite(gnutls_session session, opaque *data, int datalen);
+int _gnutls_send_handshake(gnutls_session session, void *i_data,
+ uint32 i_datasize, HandshakeType type);
+int gnutls_send_hello_request(gnutls_session session);
+int _gnutls_recv_hello_request(gnutls_session session, void *data,
+ uint32 data_size);
+int _gnutls_send_hello(gnutls_session session, int again);
+int _gnutls_recv_hello(gnutls_session session, opaque * data, int datalen);
+int gnutls_handshake(gnutls_session session);
+int _gnutls_recv_handshake(gnutls_session session, uint8 **, int *,
+ HandshakeType, Optional optional);
+int _gnutls_generate_session_id(opaque * session_id, uint8 * len);
+int _gnutls_handshake_common(gnutls_session session);
+int _gnutls_handshake_client(gnutls_session session);
+int _gnutls_handshake_server(gnutls_session session);
+void _gnutls_set_server_random(gnutls_session session, uint8 * random);
+void _gnutls_set_client_random(gnutls_session session, uint8 * random);
+int _gnutls_tls_create_random(opaque * dst);
+int _gnutls_remove_unwanted_ciphersuites(gnutls_session session,
+ cipher_suite_st ** cipherSuites,
+ int numCipherSuites,
+ gnutls_pk_algorithm);
+void gnutls_handshake_set_max_packet_length(gnutls_session session,
+ int max);
+int _gnutls_find_pk_algos_in_ciphersuites(opaque * data, int datalen);
+int _gnutls_server_select_suite(gnutls_session session, opaque * data,
+ int datalen);
#define STATE session->internals.handshake_state
/* This returns true if we have got there
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index 7cecfa705c..af09e431e1 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -31,360 +31,365 @@
GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm)
{
- mac_hd_t ret;
- gcry_error_t result;
-
- ret = gnutls_malloc(sizeof(mac_hd_t_INT));
- if (ret == NULL) {
- gnutls_assert();
- return GNUTLS_HASH_FAILED;
- }
-
- ret->algorithm = algorithm;
-
- switch (algorithm) {
- case GNUTLS_MAC_SHA:
- result = gcry_md_open( &ret->handle, GCRY_MD_SHA1, 0);
- break;
- case GNUTLS_MAC_MD5:
- result = gcry_md_open( &ret->handle, GCRY_MD_MD5, 0);
- break;
- case GNUTLS_MAC_RMD160:
- result = gcry_md_open( &ret->handle, GCRY_MD_RMD160, 0);
- break;
- default:
- gnutls_assert();
- result = -1;
- }
-
- if (result) {
- gnutls_assert();
- gnutls_free(ret);
- ret = GNUTLS_HASH_FAILED;
- }
-
- return ret;
+ mac_hd_t ret;
+ gcry_error_t result;
+
+ ret = gnutls_malloc(sizeof(mac_hd_t_INT));
+ if (ret == NULL) {
+ gnutls_assert();
+ return GNUTLS_HASH_FAILED;
+ }
+
+ ret->algorithm = algorithm;
+
+ switch (algorithm) {
+ case GNUTLS_MAC_SHA:
+ result = gcry_md_open(&ret->handle, GCRY_MD_SHA1, 0);
+ break;
+ case GNUTLS_MAC_MD5:
+ result = gcry_md_open(&ret->handle, GCRY_MD_MD5, 0);
+ break;
+ case GNUTLS_MAC_RMD160:
+ result = gcry_md_open(&ret->handle, GCRY_MD_RMD160, 0);
+ break;
+ default:
+ gnutls_assert();
+ result = -1;
+ }
+
+ if (result) {
+ gnutls_assert();
+ gnutls_free(ret);
+ ret = GNUTLS_HASH_FAILED;
+ }
+
+ return ret;
}
int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm)
{
- int ret;
-
- switch (algorithm) {
- case GNUTLS_MAC_SHA:
- ret = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
- break;
- case GNUTLS_MAC_MD5:
- ret = gcry_md_get_algo_dlen(GCRY_MD_MD5);
- break;
- case GNUTLS_MAC_RMD160:
- ret = gcry_md_get_algo_dlen(GCRY_MD_RMD160);
- break;
- default:
- ret = 0; break;
- }
-
- return ret;
+ int ret;
+
+ switch (algorithm) {
+ case GNUTLS_MAC_SHA:
+ ret = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
+ break;
+ case GNUTLS_MAC_MD5:
+ ret = gcry_md_get_algo_dlen(GCRY_MD_MD5);
+ break;
+ case GNUTLS_MAC_RMD160:
+ ret = gcry_md_get_algo_dlen(GCRY_MD_RMD160);
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+
+ return ret;
}
-int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void *text, size_t textlen)
+int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void *text,
+ size_t textlen)
{
- if (textlen > 0)
- gcry_md_write(handle->handle, text, textlen);
- return 0;
+ if (textlen > 0)
+ gcry_md_write(handle->handle, text, textlen);
+ return 0;
}
GNUTLS_HASH_HANDLE _gnutls_hash_copy(GNUTLS_HASH_HANDLE handle)
{
- GNUTLS_HASH_HANDLE ret;
- gcry_error_t result;
+ GNUTLS_HASH_HANDLE ret;
+ gcry_error_t result;
- ret = gnutls_malloc(sizeof(mac_hd_t_INT));
+ ret = gnutls_malloc(sizeof(mac_hd_t_INT));
- if (ret == NULL)
- return GNUTLS_HASH_FAILED;
+ if (ret == NULL)
+ return GNUTLS_HASH_FAILED;
- ret->algorithm = handle->algorithm;
- ret->key = NULL; /* it's a hash anyway */
- ret->keysize = 0;
+ ret->algorithm = handle->algorithm;
+ ret->key = NULL; /* it's a hash anyway */
+ ret->keysize = 0;
- result = gcry_md_copy( &ret->handle, handle->handle);
+ result = gcry_md_copy(&ret->handle, handle->handle);
- if (result) {
- gnutls_free(ret);
- return GNUTLS_HASH_FAILED;
- }
+ if (result) {
+ gnutls_free(ret);
+ return GNUTLS_HASH_FAILED;
+ }
- return ret;
+ return ret;
}
void _gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void *digest)
{
- opaque *mac;
- int maclen;
+ opaque *mac;
+ int maclen;
- maclen = _gnutls_hash_get_algo_len( handle->algorithm);
+ maclen = _gnutls_hash_get_algo_len(handle->algorithm);
- gcry_md_final(handle->handle);
- mac = gcry_md_read(handle->handle, 0);
- if (digest != NULL)
- memcpy(digest, mac, maclen);
+ gcry_md_final(handle->handle);
+ mac = gcry_md_read(handle->handle, 0);
+ if (digest != NULL)
+ memcpy(digest, mac, maclen);
- gcry_md_close(handle->handle);
+ gcry_md_close(handle->handle);
- gnutls_free(handle);
+ gnutls_free(handle);
}
mac_hd_t _gnutls_hmac_init(gnutls_mac_algorithm algorithm,
- const void *key, int keylen)
+ const void *key, int keylen)
{
- mac_hd_t ret;
- gcry_error_t result;
-
- ret = gnutls_malloc(sizeof(mac_hd_t_INT));
- if (ret == NULL)
- return GNUTLS_MAC_FAILED;
-
- switch (algorithm) {
- case GNUTLS_MAC_SHA:
- result = gcry_md_open(&ret->handle, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
- break;
- case GNUTLS_MAC_MD5:
- result = gcry_md_open(&ret->handle, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
- break;
- case GNUTLS_MAC_RMD160:
- result = gcry_md_open(&ret->handle, GCRY_MD_RMD160, GCRY_MD_FLAG_HMAC);
- break;
- default:
- result = -1;
- }
-
- if (result) {
- gnutls_free(ret);
- ret = GNUTLS_MAC_FAILED;
- }
-
- if (ret != GNUTLS_MAC_FAILED) {
- gcry_md_setkey(ret->handle, key, keylen);
+ mac_hd_t ret;
+ gcry_error_t result;
+
+ ret = gnutls_malloc(sizeof(mac_hd_t_INT));
+ if (ret == NULL)
+ return GNUTLS_MAC_FAILED;
+
+ switch (algorithm) {
+ case GNUTLS_MAC_SHA:
+ result =
+ gcry_md_open(&ret->handle, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
+ break;
+ case GNUTLS_MAC_MD5:
+ result =
+ gcry_md_open(&ret->handle, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
+ break;
+ case GNUTLS_MAC_RMD160:
+ result =
+ gcry_md_open(&ret->handle, GCRY_MD_RMD160, GCRY_MD_FLAG_HMAC);
+ break;
+ default:
+ result = -1;
+ }
+
+ if (result) {
+ gnutls_free(ret);
+ ret = GNUTLS_MAC_FAILED;
+ }
+
+ if (ret != GNUTLS_MAC_FAILED) {
+ gcry_md_setkey(ret->handle, key, keylen);
- ret->algorithm = algorithm;
- ret->key = key;
- ret->keysize = keylen;
- }
+ ret->algorithm = algorithm;
+ ret->key = key;
+ ret->keysize = keylen;
+ }
- return ret;
+ return ret;
}
void _gnutls_hmac_deinit(mac_hd_t handle, void *digest)
{
- opaque *mac;
- int maclen;
+ opaque *mac;
+ int maclen;
- maclen = _gnutls_hash_get_algo_len( handle->algorithm);
+ maclen = _gnutls_hash_get_algo_len(handle->algorithm);
- gcry_md_final(handle->handle);
- mac = gcry_md_read(handle->handle, 0);
+ gcry_md_final(handle->handle);
+ mac = gcry_md_read(handle->handle, 0);
- if (digest != NULL)
- memcpy(digest, mac, maclen);
+ if (digest != NULL)
+ memcpy(digest, mac, maclen);
- gcry_md_close(handle->handle);
+ gcry_md_close(handle->handle);
- gnutls_free(handle);
+ gnutls_free(handle);
}
-inline static int get_padsize( gnutls_mac_algorithm algorithm)
+inline static int get_padsize(gnutls_mac_algorithm algorithm)
{
- switch (algorithm) {
- case GNUTLS_MAC_MD5:
- return 48;
- case GNUTLS_MAC_SHA:
- return 40;
- default:
- return 0;
- }
+ switch (algorithm) {
+ case GNUTLS_MAC_MD5:
+ return 48;
+ case GNUTLS_MAC_SHA:
+ return 40;
+ default:
+ return 0;
+ }
}
mac_hd_t _gnutls_mac_init_ssl3(gnutls_mac_algorithm algorithm, void *key,
- int keylen)
+ int keylen)
{
- mac_hd_t ret;
- opaque ipad[48];
- int padsize;
-
- padsize = get_padsize( algorithm);
- if (padsize == 0) {
- gnutls_assert();
- return GNUTLS_MAC_FAILED;
- }
+ mac_hd_t ret;
+ opaque ipad[48];
+ int padsize;
- memset(ipad, 0x36, padsize);
+ padsize = get_padsize(algorithm);
+ if (padsize == 0) {
+ gnutls_assert();
+ return GNUTLS_MAC_FAILED;
+ }
- ret = _gnutls_hash_init(algorithm);
- if (ret != GNUTLS_HASH_FAILED) {
- ret->key = key;
- ret->keysize = keylen;
+ memset(ipad, 0x36, padsize);
- if (keylen > 0)
- _gnutls_hash(ret, key, keylen);
- _gnutls_hash(ret, ipad, padsize);
- }
+ ret = _gnutls_hash_init(algorithm);
+ if (ret != GNUTLS_HASH_FAILED) {
+ ret->key = key;
+ ret->keysize = keylen;
- return ret;
+ if (keylen > 0)
+ _gnutls_hash(ret, key, keylen);
+ _gnutls_hash(ret, ipad, padsize);
+ }
+
+ return ret;
}
void _gnutls_mac_deinit_ssl3(mac_hd_t handle, void *digest)
{
- opaque ret[MAX_HASH_SIZE];
- mac_hd_t td;
- opaque opad[48];
- int padsize;
- int block;
-
- padsize = get_padsize( handle->algorithm);
- if (padsize == 0) {
- gnutls_assert();
- return;
- }
-
- memset(opad, 0x5C, padsize);
-
- td = _gnutls_hash_init(handle->algorithm);
- if (td != GNUTLS_MAC_FAILED) {
- if (handle->keysize > 0)
- _gnutls_hash(td, handle->key, handle->keysize);
+ opaque ret[MAX_HASH_SIZE];
+ mac_hd_t td;
+ opaque opad[48];
+ int padsize;
+ int block;
+
+ padsize = get_padsize(handle->algorithm);
+ if (padsize == 0) {
+ gnutls_assert();
+ return;
+ }
+
+ memset(opad, 0x5C, padsize);
+
+ td = _gnutls_hash_init(handle->algorithm);
+ if (td != GNUTLS_MAC_FAILED) {
+ if (handle->keysize > 0)
+ _gnutls_hash(td, handle->key, handle->keysize);
+
+ _gnutls_hash(td, opad, padsize);
+ block = _gnutls_hmac_get_algo_len(handle->algorithm);
+ _gnutls_hash_deinit(handle, ret); /* get the previous hash */
+ _gnutls_hash(td, ret, block);
- _gnutls_hash(td, opad, padsize);
- block = _gnutls_hmac_get_algo_len(handle->algorithm);
- _gnutls_hash_deinit(handle, ret); /* get the previous hash */
- _gnutls_hash(td, ret, block);
-
- _gnutls_hash_deinit(td, digest);
- }
+ _gnutls_hash_deinit(td, digest);
+ }
}
void _gnutls_mac_deinit_ssl3_handshake(mac_hd_t handle,
void *digest, opaque * key,
uint32 key_size)
{
- opaque ret[MAX_HASH_SIZE];
- mac_hd_t td;
- opaque opad[48];
- opaque ipad[48];
- int padsize;
- int block;
-
- padsize = get_padsize( handle->algorithm);
- if (padsize == 0) {
- gnutls_assert();
- return;
- }
+ opaque ret[MAX_HASH_SIZE];
+ mac_hd_t td;
+ opaque opad[48];
+ opaque ipad[48];
+ int padsize;
+ int block;
- memset(opad, 0x5C, padsize);
- memset(ipad, 0x36, padsize);
+ padsize = get_padsize(handle->algorithm);
+ if (padsize == 0) {
+ gnutls_assert();
+ return;
+ }
- td = _gnutls_hash_init(handle->algorithm);
- if (td != GNUTLS_HASH_FAILED) {
- if (key_size > 0)
- _gnutls_hash(td, key, key_size);
+ memset(opad, 0x5C, padsize);
+ memset(ipad, 0x36, padsize);
- _gnutls_hash(td, opad, padsize);
- block = _gnutls_hmac_get_algo_len(handle->algorithm);
+ td = _gnutls_hash_init(handle->algorithm);
+ if (td != GNUTLS_HASH_FAILED) {
+ if (key_size > 0)
+ _gnutls_hash(td, key, key_size);
- if (key_size > 0)
- _gnutls_hash(handle, key, key_size);
- _gnutls_hash(handle, ipad, padsize);
- _gnutls_hash_deinit(handle, ret); /* get the previous hash */
+ _gnutls_hash(td, opad, padsize);
+ block = _gnutls_hmac_get_algo_len(handle->algorithm);
- _gnutls_hash(td, ret, block);
+ if (key_size > 0)
+ _gnutls_hash(handle, key, key_size);
+ _gnutls_hash(handle, ipad, padsize);
+ _gnutls_hash_deinit(handle, ret); /* get the previous hash */
- _gnutls_hash_deinit(td, digest);
- }
+ _gnutls_hash(td, ret, block);
+
+ _gnutls_hash_deinit(td, digest);
+ }
}
-static int ssl3_sha(int i, opaque *secret, int secret_len, opaque *random,
- int random_len, void *digest)
+static int ssl3_sha(int i, opaque * secret, int secret_len,
+ opaque * random, int random_len, void *digest)
{
- int j;
- opaque text1[26];
+ int j;
+ opaque text1[26];
- GNUTLS_HASH_HANDLE td;
+ GNUTLS_HASH_HANDLE td;
- for (j = 0; j < i + 1; j++) {
- text1[j] = 65 + i; /* A==65 */
- }
+ for (j = 0; j < i + 1; j++) {
+ text1[j] = 65 + i; /* A==65 */
+ }
- td = _gnutls_hash_init(GNUTLS_MAC_SHA);
- if (td == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
+ td = _gnutls_hash_init(GNUTLS_MAC_SHA);
+ if (td == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
- _gnutls_hash(td, text1, i + 1);
- _gnutls_hash(td, secret, secret_len);
- _gnutls_hash(td, random, random_len);
+ _gnutls_hash(td, text1, i + 1);
+ _gnutls_hash(td, secret, secret_len);
+ _gnutls_hash(td, random, random_len);
- _gnutls_hash_deinit(td, digest);
- return 0;
+ _gnutls_hash_deinit(td, digest);
+ return 0;
}
-static int ssl3_md5(int i, opaque *secret, int secret_len, opaque *random,
- int random_len, void *digest)
+static int ssl3_md5(int i, opaque * secret, int secret_len,
+ opaque * random, int random_len, void *digest)
{
- opaque tmp[MAX_HASH_SIZE];
- mac_hd_t td;
- int ret;
-
- td = _gnutls_hash_init(GNUTLS_MAC_MD5);
- if (td == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
+ opaque tmp[MAX_HASH_SIZE];
+ mac_hd_t td;
+ int ret;
- _gnutls_hash(td, secret, secret_len);
+ td = _gnutls_hash_init(GNUTLS_MAC_MD5);
+ if (td == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
- ret = ssl3_sha(i, secret, secret_len, random, random_len, tmp);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_hash_deinit(td, digest);
- return ret;
- }
-
- _gnutls_hash(td, tmp, _gnutls_hash_get_algo_len(GNUTLS_MAC_SHA));
+ _gnutls_hash(td, secret, secret_len);
+ ret = ssl3_sha(i, secret, secret_len, random, random_len, tmp);
+ if (ret < 0) {
+ gnutls_assert();
_gnutls_hash_deinit(td, digest);
- return 0;
+ return ret;
+ }
+
+ _gnutls_hash(td, tmp, _gnutls_hash_get_algo_len(GNUTLS_MAC_SHA));
+
+ _gnutls_hash_deinit(td, digest);
+ return 0;
}
int _gnutls_ssl3_hash_md5(void *first, int first_len,
void *second, int second_len, int ret_len,
opaque * ret)
{
- opaque digest[MAX_HASH_SIZE];
- mac_hd_t td;
- int block = _gnutls_hash_get_algo_len(GNUTLS_MAC_MD5);
-
- td = _gnutls_hash_init(GNUTLS_MAC_MD5);
- if (td == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
+ opaque digest[MAX_HASH_SIZE];
+ mac_hd_t td;
+ int block = _gnutls_hash_get_algo_len(GNUTLS_MAC_MD5);
- _gnutls_hash(td, first, first_len);
- _gnutls_hash(td, second, second_len);
+ td = _gnutls_hash_init(GNUTLS_MAC_MD5);
+ if (td == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
- _gnutls_hash_deinit(td, digest);
+ _gnutls_hash(td, first, first_len);
+ _gnutls_hash(td, second, second_len);
- if (ret_len > block) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ _gnutls_hash_deinit(td, digest);
- memcpy(ret, digest, ret_len);
+ if (ret_len > block) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- return 0;
+ memcpy(ret, digest, ret_len);
+
+ return 0;
}
@@ -392,37 +397,35 @@ int _gnutls_ssl3_generate_random(void *secret, int secret_len,
void *random, int random_len,
int ret_bytes, opaque * ret)
{
- int i = 0, copy, output_bytes;
- opaque digest[MAX_HASH_SIZE];
- int block = _gnutls_hash_get_algo_len(GNUTLS_MAC_MD5);
- int result, times;
-
- output_bytes = 0;
- do {
- output_bytes += block;
- } while (output_bytes < ret_bytes);
-
- times = output_bytes / block;
-
- for (i = 0; i < times; i++) {
-
- result =
- ssl3_md5(i, secret, secret_len, random, random_len,
- digest);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- if ((1 + i) * block < ret_bytes) {
- copy = block;
- } else {
- copy = ret_bytes - (i) * block;
- }
-
- memcpy(&ret[i * block], digest, copy);
+ int i = 0, copy, output_bytes;
+ opaque digest[MAX_HASH_SIZE];
+ int block = _gnutls_hash_get_algo_len(GNUTLS_MAC_MD5);
+ int result, times;
+
+ output_bytes = 0;
+ do {
+ output_bytes += block;
+ } while (output_bytes < ret_bytes);
+
+ times = output_bytes / block;
+
+ for (i = 0; i < times; i++) {
+
+ result =
+ ssl3_md5(i, secret, secret_len, random, random_len, digest);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
}
- return 0;
-}
+ if ((1 + i) * block < ret_bytes) {
+ copy = block;
+ } else {
+ copy = ret_bytes - (i) * block;
+ }
+ memcpy(&ret[i * block], digest, copy);
+ }
+
+ return 0;
+}
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index 15c7e19514..2e626c9f8e 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -26,36 +26,42 @@
/* for message digests */
typedef struct {
- gcry_md_hd_t handle;
- gnutls_mac_algorithm algorithm;
- const void* key;
- int keysize;
+ gcry_md_hd_t handle;
+ gnutls_mac_algorithm algorithm;
+ const void *key;
+ int keysize;
} mac_hd_t_INT;
-typedef mac_hd_t_INT* mac_hd_t;
+typedef mac_hd_t_INT *mac_hd_t;
typedef mac_hd_t GNUTLS_HASH_HANDLE;
#define GNUTLS_HASH_FAILED NULL
#define GNUTLS_MAC_FAILED NULL
-mac_hd_t _gnutls_hmac_init( gnutls_mac_algorithm algorithm, const void* key, int keylen);
+mac_hd_t _gnutls_hmac_init(gnutls_mac_algorithm algorithm, const void *key,
+ int keylen);
#define _gnutls_hmac_get_algo_len _gnutls_hash_get_algo_len
#define _gnutls_hmac _gnutls_hash
-void _gnutls_hmac_deinit( mac_hd_t handle, void* digest);
+void _gnutls_hmac_deinit(mac_hd_t handle, void *digest);
-mac_hd_t _gnutls_mac_init_ssl3( gnutls_mac_algorithm algorithm, void* key, int keylen);
-void _gnutls_mac_deinit_ssl3( mac_hd_t handle, void* digest);
+mac_hd_t _gnutls_mac_init_ssl3(gnutls_mac_algorithm algorithm, void *key,
+ int keylen);
+void _gnutls_mac_deinit_ssl3(mac_hd_t handle, void *digest);
GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm);
int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm);
-int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void* text, size_t textlen);
-void _gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void* digest);
+int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void *text,
+ size_t textlen);
+void _gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void *digest);
-int _gnutls_ssl3_generate_random(void *secret, int secret_len, void *random, int random_len, int bytes, opaque* ret);
-int _gnutls_ssl3_hash_md5(void *first, int first_len,
- void *second, int second_len, int ret_len, opaque* ret);
+int _gnutls_ssl3_generate_random(void *secret, int secret_len,
+ void *random, int random_len, int bytes,
+ opaque * ret);
+int _gnutls_ssl3_hash_md5(void *first, int first_len, void *second,
+ int second_len, int ret_len, opaque * ret);
-void _gnutls_mac_deinit_ssl3_handshake(mac_hd_t handle, void* digest, opaque* key, uint32 key_size);
+void _gnutls_mac_deinit_ssl3_handshake(mac_hd_t handle, void *digest,
+ opaque * key, uint32 key_size);
GNUTLS_HASH_HANDLE _gnutls_hash_copy(GNUTLS_HASH_HANDLE handle);
-#endif /* GNUTLS_HASH_INT_H */
+#endif /* GNUTLS_HASH_INT_H */
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index b9415b9c12..8f7e13dbc5 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -41,7 +41,7 @@
/* It might be a good idea to replace int with void*
* here.
*/
-typedef void * gnutls_transport_ptr;
+typedef void *gnutls_transport_ptr;
#define MAX32 4294967295
#define MAX24 16777215
@@ -60,7 +60,7 @@ typedef void * gnutls_transport_ptr;
*/
#define MAX_HASH_SIZE 20
-#define MAX_LOG_SIZE 1024 /* maximum size of log message */
+#define MAX_LOG_SIZE 1024 /* maximum size of log message */
#define MAX_SRP_USERNAME 128
#define MAX_SERVER_NAME_SIZE 128
@@ -100,49 +100,60 @@ typedef void * gnutls_transport_ptr;
#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert(); COM;} } while (0)
typedef unsigned char opaque;
-typedef struct { opaque pint[3]; } uint24;
+typedef struct {
+ opaque pint[3];
+} uint24;
typedef struct {
- opaque * data;
- unsigned int size;
+ opaque *data;
+ unsigned int size;
} gnutls_datum;
#include <gnutls_mpi.h>
-typedef enum ChangeCipherSpecType { GNUTLS_TYPE_CHANGE_CIPHER_SPEC=1 } ChangeCipherSpecType;
+typedef enum ChangeCipherSpecType { GNUTLS_TYPE_CHANGE_CIPHER_SPEC =
+ 1 } ChangeCipherSpecType;
-typedef enum gnutls_certificate_status {
- GNUTLS_CERT_INVALID=2, /* will be set if the certificate
- * was not verified.
- */
- GNUTLS_CERT_REVOKED=32, /* in X.509 this will be set only if CRLs are checked
+typedef enum gnutls_certificate_status {
+ GNUTLS_CERT_INVALID = 2, /* will be set if the certificate
+ * was not verified.
+ */
+ GNUTLS_CERT_REVOKED = 32, /* in X.509 this will be set only if CRLs are checked
*/
- /* Those are extra information about the verification
- * process. Will be set only if the certificate was
- * not verified.
- */
- GNUTLS_CERT_SIGNER_NOT_FOUND=64,
- GNUTLS_CERT_SIGNER_NOT_CA=128
+ /* Those are extra information about the verification
+ * process. Will be set only if the certificate was
+ * not verified.
+ */
+ GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
+ GNUTLS_CERT_SIGNER_NOT_CA = 128
} gnutls_certificate_status;
-typedef enum gnutls_certificate_request { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } gnutls_certificate_request;
+typedef enum gnutls_certificate_request { GNUTLS_CERT_IGNORE,
+ GNUTLS_CERT_REQUEST =
+ 1, GNUTLS_CERT_REQUIRE } gnutls_certificate_request;
-typedef enum gnutls_openpgp_key_status { GNUTLS_OPENPGP_KEY,
- GNUTLS_OPENPGP_KEY_FINGERPRINT
+typedef enum gnutls_openpgp_key_status { GNUTLS_OPENPGP_KEY,
+ GNUTLS_OPENPGP_KEY_FINGERPRINT
} gnutls_openpgp_key_status;
-typedef enum gnutls_close_request { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } gnutls_close_request;
+typedef enum gnutls_close_request {
+ GNUTLS_SHUT_RDWR = 0, GNUTLS_SHUT_WR = 1
+} gnutls_close_request;
-typedef enum HandshakeState { STATE0=0, STATE1, STATE2, STATE3, STATE4, STATE5,
- STATE6, STATE7, STATE8, STATE9, STATE20=20, STATE21,
- STATE30=30, STATE31, STATE50=50, STATE60=60, STATE61, STATE62 } HandshakeState;
+typedef enum HandshakeState { STATE0 = 0, STATE1, STATE2,
+ STATE3, STATE4, STATE5,
+ STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21,
+ STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62
+} HandshakeState;
-typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO,
- GNUTLS_CERTIFICATE_PKT=11, GNUTLS_SERVER_KEY_EXCHANGE,
- GNUTLS_CERTIFICATE_REQUEST, GNUTLS_SERVER_HELLO_DONE,
- GNUTLS_CERTIFICATE_VERIFY, GNUTLS_CLIENT_KEY_EXCHANGE,
- GNUTLS_FINISHED=20 } HandshakeType;
+typedef enum HandshakeType { GNUTLS_HELLO_REQUEST,
+ GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO,
+ GNUTLS_CERTIFICATE_PKT = 11, GNUTLS_SERVER_KEY_EXCHANGE,
+ GNUTLS_CERTIFICATE_REQUEST, GNUTLS_SERVER_HELLO_DONE,
+ GNUTLS_CERTIFICATE_VERIFY, GNUTLS_CLIENT_KEY_EXCHANGE,
+ GNUTLS_FINISHED = 20
+} HandshakeType;
typedef HandshakeType gnutls_handshake_description;
@@ -157,41 +168,49 @@ typedef HandshakeType gnutls_handshake_description;
/* STATE */
-typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_NULL=1,
- GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_ARCFOUR_40,
-
- GNUTLS_CIPHER_RC2_40_CBC=90, GNUTLS_CIPHER_DES_CBC
+typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_NULL = 1,
+ GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_ARCFOUR_40,
+ GNUTLS_CIPHER_RC2_40_CBC = 90, GNUTLS_CIPHER_DES_CBC
} gnutls_cipher_algorithm;
-typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS,
- GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP,
- GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS
+typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA = 1, GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP,
+ GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS
} gnutls_kx_algorithm;
-typedef enum gnutls_params_type { GNUTLS_PARAMS_RSA_EXPORT=1,
- GNUTLS_PARAMS_DH
+typedef enum gnutls_params_type { GNUTLS_PARAMS_RSA_EXPORT = 1,
+ GNUTLS_PARAMS_DH
} gnutls_params_type;
-typedef enum gnutls_mac_algorithm { GNUTLS_MAC_UNKNOWN=0, GNUTLS_MAC_NULL=1,
-GNUTLS_MAC_MD5, GNUTLS_MAC_SHA, GNUTLS_MAC_RMD160
+typedef enum gnutls_mac_algorithm { GNUTLS_MAC_UNKNOWN = 0,
+ GNUTLS_MAC_NULL = 1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA,
+ GNUTLS_MAC_RMD160
} gnutls_mac_algorithm;
typedef gnutls_mac_algorithm gnutls_digest_algorithm;
-typedef enum gnutls_compression_method { GNUTLS_COMP_NULL=1, GNUTLS_COMP_DEFLATE,
- GNUTLS_COMP_LZO
+typedef enum gnutls_compression_method {
+ GNUTLS_COMP_NULL = 1, GNUTLS_COMP_DEFLATE,
+ GNUTLS_COMP_LZO
} gnutls_compression_method;
-typedef enum gnutls_connection_end { GNUTLS_SERVER=1, GNUTLS_CLIENT } gnutls_connection_end;
+typedef enum gnutls_connection_end {
+ GNUTLS_SERVER = 1, GNUTLS_CLIENT
+} gnutls_connection_end;
-typedef enum extensions_t { GNUTLS_EXTENSION_SERVER_NAME=0,
- GNUTLS_EXTENSION_MAX_RECORD_SIZE=1, GNUTLS_EXTENSION_SRP=6,
- GNUTLS_EXTENSION_CERT_TYPE=7
+typedef enum extensions_t { GNUTLS_EXTENSION_SERVER_NAME = 0,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, GNUTLS_EXTENSION_SRP = 6,
+ GNUTLS_EXTENSION_CERT_TYPE = 7
} extensions_t;
-typedef enum gnutls_credentials_type { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } gnutls_credentials_type;
+typedef enum gnutls_credentials_type {
+ GNUTLS_CRD_CERTIFICATE = 1, GNUTLS_CRD_ANON,
+ GNUTLS_CRD_SRP
+} gnutls_credentials_type;
-typedef enum gnutls_certificate_type { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP
+typedef enum gnutls_certificate_type {
+ GNUTLS_CRT_X509 = 1, GNUTLS_CRT_OPENPGP
} gnutls_certificate_type;
typedef enum { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
@@ -200,94 +219,102 @@ typedef enum valid_session_t { VALID_TRUE, VALID_FALSE } valid_session_t;
typedef enum resumable_session_t { RESUME_TRUE, RESUME_FALSE } resumable_session_t;
/* Record Protocol */
-typedef enum content_type_t { GNUTLS_CHANGE_CIPHER_SPEC=20, GNUTLS_ALERT,
- GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA
+typedef enum content_type_t {
+ GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
+ GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA
} content_type_t;
-typedef enum gnutls_x509_crt_fmt { GNUTLS_X509_FMT_DER,
- GNUTLS_X509_FMT_PEM } gnutls_x509_crt_fmt;
+typedef enum gnutls_x509_crt_fmt {
+ GNUTLS_X509_FMT_DER,
+ GNUTLS_X509_FMT_PEM
+} gnutls_x509_crt_fmt;
-typedef enum gnutls_pk_algorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA,
- GNUTLS_PK_UNKNOWN = 0xff
+typedef enum gnutls_pk_algorithm {
+ GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA,
+ GNUTLS_PK_UNKNOWN = 0xff
} gnutls_pk_algorithm;
+
#define GNUTLS_PK_ANY (gnutls_pk_algorithm)-1
#define GNUTLS_PK_NONE (gnutls_pk_algorithm)0
-typedef enum gnutls_sign_algorithm { GNUTLS_SIGN_RSA_SHA = 1, GNUTLS_SIGN_DSA_SHA,
- GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2,
- GNUTLS_SIGN_UNKNOWN = 0xff
+typedef enum gnutls_sign_algorithm {
+ GNUTLS_SIGN_RSA_SHA = 1, GNUTLS_SIGN_DSA_SHA,
+ GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2,
+ GNUTLS_SIGN_UNKNOWN = 0xff
} gnutls_sign_algorithm;
/* STATE (stop) */
-typedef void (*LOG_FUNC)( int, const char*);
+typedef void (*LOG_FUNC) (int, const char *);
/* Pull & Push functions defines:
*/
-typedef ssize_t (*gnutls_pull_func)(gnutls_transport_ptr, void*, size_t);
-typedef ssize_t (*gnutls_push_func)(gnutls_transport_ptr, const void*, size_t);
+typedef ssize_t(*gnutls_pull_func) (gnutls_transport_ptr, void *, size_t);
+typedef ssize_t(*gnutls_push_func) (gnutls_transport_ptr, const void *,
+ size_t);
/* Store & Retrieve functions defines:
*/
-typedef int (*gnutls_db_store_func)(void*, gnutls_datum key, gnutls_datum data);
-typedef int (*gnutls_db_remove_func)(void*, gnutls_datum key);
-typedef gnutls_datum (*gnutls_db_retr_func)(void*, gnutls_datum key);
+typedef int (*gnutls_db_store_func) (void *, gnutls_datum key,
+ gnutls_datum data);
+typedef int (*gnutls_db_remove_func) (void *, gnutls_datum key);
+typedef gnutls_datum(*gnutls_db_retr_func) (void *, gnutls_datum key);
typedef struct auth_cred_st {
- gnutls_credentials_type algorithm;
+ gnutls_credentials_type algorithm;
- /* the type of credentials depends on algorithm
- */
- void* credentials;
- struct auth_cred_st* next;
+ /* the type of credentials depends on algorithm
+ */
+ void *credentials;
+ struct auth_cred_st *next;
} auth_cred_st;
struct gnutls_key_st {
- /* For DH KX */
- gnutls_datum key;
- mpi_t KEY;
- mpi_t client_Y;
- mpi_t client_g;
- mpi_t client_p;
- mpi_t dh_secret;
- /* for SRP */
- mpi_t A;
- mpi_t B;
- mpi_t u;
- mpi_t b;
- mpi_t a;
- mpi_t x;
- /* RSA: e, m
- */
- mpi_t rsa[2];
-
- /* this is used to hold the peers authentication data
- */
- /* auth_info_t structures SHOULD NOT contain malloced
- * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
- * Rememember that this should be calloced!
- */
- void* auth_info;
- gnutls_credentials_type auth_info_type;
- int auth_info_size; /* needed in order to store to db for restoring
- */
- uint8 crypt_algo;
-
- auth_cred_st* cred; /* used to specify keys/certificates etc */
-
- int certificate_requested;
- /* some ciphersuites use this
- * to provide client authentication.
- * 1 if client auth was requested
- * by the peer, 0 otherwise
- *** In case of a server this
- * holds 1 if we should wait
- * for a client certificate verify
- */
+ /* For DH KX */
+ gnutls_datum key;
+ mpi_t KEY;
+ mpi_t client_Y;
+ mpi_t client_g;
+ mpi_t client_p;
+ mpi_t dh_secret;
+ /* for SRP */
+ mpi_t A;
+ mpi_t B;
+ mpi_t u;
+ mpi_t b;
+ mpi_t a;
+ mpi_t x;
+ /* RSA: e, m
+ */
+ mpi_t rsa[2];
+
+ /* this is used to hold the peers authentication data
+ */
+ /* auth_info_t structures SHOULD NOT contain malloced
+ * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
+ * Rememember that this should be calloced!
+ */
+ void *auth_info;
+ gnutls_credentials_type auth_info_type;
+ int auth_info_size; /* needed in order to store to db for restoring
+ */
+ uint8 crypt_algo;
+
+ auth_cred_st *cred; /* used to specify keys/certificates etc */
+
+ int certificate_requested;
+ /* some ciphersuites use this
+ * to provide client authentication.
+ * 1 if client auth was requested
+ * by the peer, 0 otherwise
+ *** In case of a server this
+ * holds 1 if we should wait
+ * for a client certificate verify
+ */
};
-typedef struct gnutls_key_st* gnutls_key_st;
+typedef struct gnutls_key_st *gnutls_key_st;
/* STATE (cont) */
@@ -298,44 +325,45 @@ typedef struct gnutls_key_st* gnutls_key_st;
#include <gnutls_cert.h>
typedef struct {
- uint8 suite[2];
+ uint8 suite[2];
} cipher_suite_st;
/* Versions should be in order of the oldest
* (eg. SSL3 is before TLS1)
*/
#define GNUTLS_TLS1 GNUTLS_TLS1_0
-typedef enum gnutls_protocol_version { GNUTLS_SSL3=1, GNUTLS_TLS1_0,
- GNUTLS_TLS1_1, GNUTLS_VERSION_UNKNOWN=0xff }
-gnutls_protocol_version;
+typedef enum gnutls_protocol_version {
+ GNUTLS_SSL3 = 1, GNUTLS_TLS1_0,
+ GNUTLS_TLS1_1, GNUTLS_VERSION_UNKNOWN = 0xff
+} gnutls_protocol_version;
/* This structure holds parameters got from TLS extension
* mechanism. (some extensions may hold parameters in auth_info_t
* structures also - see SRP).
*/
-typedef enum gnutls_server_name_type { GNUTLS_NAME_DNS=1
+typedef enum gnutls_server_name_type { GNUTLS_NAME_DNS = 1
} gnutls_server_name_type;
typedef struct {
- opaque name[MAX_SERVER_NAME_SIZE];
- uint name_length;
- gnutls_server_name_type type;
+ opaque name[MAX_SERVER_NAME_SIZE];
+ uint name_length;
+ gnutls_server_name_type type;
} server_name_st;
#define MAX_SERVER_NAME_EXTENSIONS 3
typedef struct {
- server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
- /* limit server_name extensions */
- uint server_names_size;
- opaque srp_username[MAX_SRP_USERNAME];
+ server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
+ /* limit server_name extensions */
+ uint server_names_size;
+ opaque srp_username[MAX_SRP_USERNAME];
} tls_ext_st;
/* auth_info_t structures now MAY contain malloced
* elements.
*/
-
+
/* This structure and auth_info_t, are stored in the resume database,
* and are restored, in case of resume.
* Holds all the required parameters to resume the current
@@ -351,82 +379,82 @@ typedef struct {
* the handshake is in progress is the cipher suite value.
*/
typedef struct {
- gnutls_connection_end entity;
- gnutls_kx_algorithm kx_algorithm;
- /* we've got separate write/read bulk/macs because
- * there is a time in handshake where the peer has
- * null cipher and we don't
- */
- gnutls_cipher_algorithm read_bulk_cipher_algorithm;
- gnutls_mac_algorithm read_mac_algorithm;
- gnutls_compression_method read_compression_algorithm;
-
- gnutls_cipher_algorithm write_bulk_cipher_algorithm;
- gnutls_mac_algorithm write_mac_algorithm;
- gnutls_compression_method write_compression_algorithm;
-
- /* this is the ciphersuite we are going to use
- * moved here from internals in order to be restored
- * on resume;
- */
- cipher_suite_st current_cipher_suite;
- opaque master_secret[TLS_MASTER_SIZE];
- opaque client_random[TLS_RANDOM_SIZE];
- opaque server_random[TLS_RANDOM_SIZE];
- opaque session_id[TLS_MAX_SESSION_ID_SIZE];
- uint8 session_id_size;
- time_t timestamp;
- tls_ext_st extensions;
-
- /* The send size is the one requested by the programmer.
- * The recv size is the one negotiated with the peer.
- */
- uint16 max_record_send_size;
- uint16 max_record_recv_size;
- /* holds the negotiated certificate type */
- gnutls_certificate_type cert_type;
- gnutls_protocol_version version; /* moved here */
+ gnutls_connection_end entity;
+ gnutls_kx_algorithm kx_algorithm;
+ /* we've got separate write/read bulk/macs because
+ * there is a time in handshake where the peer has
+ * null cipher and we don't
+ */
+ gnutls_cipher_algorithm read_bulk_cipher_algorithm;
+ gnutls_mac_algorithm read_mac_algorithm;
+ gnutls_compression_method read_compression_algorithm;
+
+ gnutls_cipher_algorithm write_bulk_cipher_algorithm;
+ gnutls_mac_algorithm write_mac_algorithm;
+ gnutls_compression_method write_compression_algorithm;
+
+ /* this is the ciphersuite we are going to use
+ * moved here from internals in order to be restored
+ * on resume;
+ */
+ cipher_suite_st current_cipher_suite;
+ opaque master_secret[TLS_MASTER_SIZE];
+ opaque client_random[TLS_RANDOM_SIZE];
+ opaque server_random[TLS_RANDOM_SIZE];
+ opaque session_id[TLS_MAX_SESSION_ID_SIZE];
+ uint8 session_id_size;
+ time_t timestamp;
+ tls_ext_st extensions;
+
+ /* The send size is the one requested by the programmer.
+ * The recv size is the one negotiated with the peer.
+ */
+ uint16 max_record_send_size;
+ uint16 max_record_recv_size;
+ /* holds the negotiated certificate type */
+ gnutls_certificate_type cert_type;
+ gnutls_protocol_version version; /* moved here */
} security_parameters_st;
/* This structure holds the generated keys
*/
typedef struct {
- gnutls_datum server_write_mac_secret;
- gnutls_datum client_write_mac_secret;
- gnutls_datum server_write_IV;
- gnutls_datum client_write_IV;
- gnutls_datum server_write_key;
- gnutls_datum client_write_key;
- int generated_keys; /* zero if keys have not
- * been generated. Non zero
- * otherwise.
- */
+ gnutls_datum server_write_mac_secret;
+ gnutls_datum client_write_mac_secret;
+ gnutls_datum server_write_IV;
+ gnutls_datum client_write_IV;
+ gnutls_datum server_write_key;
+ gnutls_datum client_write_key;
+ int generated_keys; /* zero if keys have not
+ * been generated. Non zero
+ * otherwise.
+ */
} cipher_specs_st;
typedef struct {
- cipher_hd_t write_cipher_state;
- cipher_hd_t read_cipher_state;
- comp_hd_t read_compression_state;
- comp_hd_t write_compression_state;
- gnutls_datum read_mac_secret;
- gnutls_datum write_mac_secret;
- uint64 read_sequence_number;
- uint64 write_sequence_number;
+ cipher_hd_t write_cipher_state;
+ cipher_hd_t read_cipher_state;
+ comp_hd_t read_compression_state;
+ comp_hd_t write_compression_state;
+ gnutls_datum read_mac_secret;
+ gnutls_datum write_mac_secret;
+ uint64 read_sequence_number;
+ uint64 write_sequence_number;
} conn_stat_st;
typedef struct {
- unsigned int priority[MAX_ALGOS];
- unsigned int algorithms;
+ unsigned int priority[MAX_ALGOS];
+ unsigned int algorithms;
} priority_st;
/* DH and RSA parameters types.
*/
typedef struct {
- /* [0] is the prime, [1] is the generator.
- */
- mpi_t params[2];
+ /* [0] is the prime, [1] is the generator.
+ */
+ mpi_t params[2];
} dh_params_st;
#define gnutls_dh_params dh_params_st*
@@ -434,253 +462,255 @@ typedef struct {
#define gnutls_rsa_params gnutls_x509_privkey
typedef struct {
- gnutls_dh_params anon_dh_params;
- int free_anon_dh_params;
- gnutls_dh_params cert_dh_params;
- int free_cert_dh_params;
- gnutls_rsa_params rsa_params;
- int free_rsa_params;
+ gnutls_dh_params anon_dh_params;
+ int free_anon_dh_params;
+ gnutls_dh_params cert_dh_params;
+ int free_cert_dh_params;
+ gnutls_rsa_params rsa_params;
+ int free_rsa_params;
} internal_params_st;
typedef struct gnutls_params_st {
- gnutls_params_type type;
- union params {
- gnutls_dh_params dh;
- gnutls_rsa_params rsa_export;
- } params;
- int deinit;
+ gnutls_params_type type;
+ union params {
+ gnutls_dh_params dh;
+ gnutls_rsa_params rsa_export;
+ } params;
+ int deinit;
} gnutls_params_st;
typedef struct {
- opaque header[HANDSHAKE_HEADER_SIZE];
- /* this holds the number of bytes in the handshake_header[] */
- size_t header_size;
- /* this holds the length of the handshake packet */
- size_t packet_length;
- HandshakeType recv_type;
+ opaque header[HANDSHAKE_HEADER_SIZE];
+ /* this holds the number of bytes in the handshake_header[] */
+ size_t header_size;
+ /* this holds the length of the handshake packet */
+ size_t packet_length;
+ HandshakeType recv_type;
} handshake_header_buffer_st;
/* Openpgp key retrieval callback */
-typedef int (*gnutls_openpgp_recv_key_func)(struct gnutls_session_int*,
- const unsigned char *keyfpr, unsigned int keyfpr_length, gnutls_datum *);
+typedef int (*gnutls_openpgp_recv_key_func) (struct gnutls_session_int *,
+ const unsigned char *keyfpr,
+ unsigned int keyfpr_length,
+ gnutls_datum *);
typedef struct {
- gnutls_buffer application_data_buffer; /* holds data to be delivered to application layer */
- gnutls_buffer handshake_hash_buffer; /* used to keep the last received handshake
- * message */
- mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */
- mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */
-
- gnutls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */
- resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */
- HandshakeState handshake_state; /* holds
- * a number which indicates where
- * the handshake procedure has been
- * interrupted. If it is 0 then
- * no interruption has happened.
- */
-
- valid_session_t valid_connection; /* true or FALSE - if this session is valid */
-
- int may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
- */
- int may_not_write;
- int read_eof; /* non-zero if we have received a closure alert. */
-
- int last_alert; /* last alert received */
-
- /* The last handshake messages sent or received.
- */
- int last_handshake_in;
- int last_handshake_out;
-
- /* this is the compression method we are going to use */
- gnutls_compression_method compression_method;
- /* priorities */
- priority_st cipher_algorithm_priority;
- priority_st mac_algorithm_priority;
- priority_st kx_algorithm_priority;
- priority_st compression_method_priority;
- priority_st protocol_priority;
- priority_st cert_type_priority;
-
- /* resumed session */
- resumable_session_t resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */
- security_parameters_st resumed_security_parameters;
-
- /* sockets internals */
- int lowat;
-
- /* These buffers are used in the handshake
- * protocol only. freed using _gnutls_handshake_io_buffer_clear();
- */
- gnutls_buffer handshake_send_buffer;
- size_t handshake_send_buffer_prev_size;
- content_type_t handshake_send_buffer_type;
- HandshakeType handshake_send_buffer_htype;
- content_type_t handshake_recv_buffer_type;
- HandshakeType handshake_recv_buffer_htype;
- gnutls_buffer handshake_recv_buffer;
-
- /* this buffer holds a record packet -mostly used for
- * non blocking IO.
+ gnutls_buffer application_data_buffer; /* holds data to be delivered to application layer */
+ gnutls_buffer handshake_hash_buffer; /* used to keep the last received handshake
+ * message */
+ mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */
+ mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */
+
+ gnutls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */
+ resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */
+ HandshakeState handshake_state; /* holds
+ * a number which indicates where
+ * the handshake procedure has been
+ * interrupted. If it is 0 then
+ * no interruption has happened.
*/
- gnutls_buffer record_recv_buffer;
- gnutls_buffer record_send_buffer; /* holds cached data
- * for the gnutls_io_write_buffered()
- * function.
- */
- size_t record_send_buffer_prev_size; /* holds the
- * data written in the previous runs.
- */
- size_t record_send_buffer_user_size; /* holds the
- * size of the user specified data to
- * send.
- */
-
- /* 0 if no peeked data was kept, 1 otherwise.
+
+ valid_session_t valid_connection; /* true or FALSE - if this session is valid */
+
+ int may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
+ */
+ int may_not_write;
+ int read_eof; /* non-zero if we have received a closure alert. */
+
+ int last_alert; /* last alert received */
+
+ /* The last handshake messages sent or received.
+ */
+ int last_handshake_in;
+ int last_handshake_out;
+
+ /* this is the compression method we are going to use */
+ gnutls_compression_method compression_method;
+ /* priorities */
+ priority_st cipher_algorithm_priority;
+ priority_st mac_algorithm_priority;
+ priority_st kx_algorithm_priority;
+ priority_st compression_method_priority;
+ priority_st protocol_priority;
+ priority_st cert_type_priority;
+
+ /* resumed session */
+ resumable_session_t resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */
+ security_parameters_st resumed_security_parameters;
+
+ /* sockets internals */
+ int lowat;
+
+ /* These buffers are used in the handshake
+ * protocol only. freed using _gnutls_handshake_io_buffer_clear();
+ */
+ gnutls_buffer handshake_send_buffer;
+ size_t handshake_send_buffer_prev_size;
+ content_type_t handshake_send_buffer_type;
+ HandshakeType handshake_send_buffer_htype;
+ content_type_t handshake_recv_buffer_type;
+ HandshakeType handshake_recv_buffer_htype;
+ gnutls_buffer handshake_recv_buffer;
+
+ /* this buffer holds a record packet -mostly used for
+ * non blocking IO.
+ */
+ gnutls_buffer record_recv_buffer;
+ gnutls_buffer record_send_buffer; /* holds cached data
+ * for the gnutls_io_write_buffered()
+ * function.
*/
- int have_peeked_data;
-
- int expire_time; /* after expire_time seconds this session will expire */
- struct mod_auth_st_int* auth_struct; /* used in handshake packets and KX algorithms */
- int v2_hello; /* 0 if the client hello is v3+.
- * non-zero if we got a v2 hello.
- */
- /* keeps the headers of the handshake packet
- */
- handshake_header_buffer_st handshake_header_buffer;
-
- /* this is the highest version available
- * to the peer. (advertized version).
- * This is obtained by the Handshake Client Hello
- * message. (some implementations read the Record version)
- */
- uint8 adv_version_major;
- uint8 adv_version_minor;
-
- /* if this is non zero a certificate request message
- * will be sent to the client. - only if the ciphersuite
- * supports it.
- */
- int send_cert_req;
-
- /* bits to use for DHE and DHA
- * use _gnutls_dh_get_prime_bits() and gnutls_dh_set_prime_bits()
- * to access it.
- */
- uint16 dh_prime_bits;
-
- size_t max_handshake_data_buffer_size;
-
- /* PUSH & PULL functions.
- */
- gnutls_pull_func _gnutls_pull_func;
- gnutls_push_func _gnutls_push_func;
- /* Holds the first argument of PUSH and PULL
- * functions;
- */
- gnutls_transport_ptr transport_recv_ptr;
- gnutls_transport_ptr transport_send_ptr;
-
- /* STORE & RETRIEVE functions. Only used if other
- * backend than gdbm is used.
- */
- gnutls_db_store_func db_store_func;
- gnutls_db_retr_func db_retrieve_func;
- gnutls_db_remove_func db_remove_func;
- void* db_ptr;
-
- /* Holds the record size requested by the
- * user.
- */
- uint16 proposed_record_size;
-
- /* holds the selected certificate and key.
- * use _gnutls_selected_certs_deinit() and _gnutls_selected_certs_set()
- * to change them.
- */
- gnutls_cert* selected_cert_list;
- int selected_cert_list_length;
- gnutls_privkey* selected_key;
- int selected_need_free;
-
- /* holds the extensions we sent to the peer
- * (in case of a client)
- */
- uint16 extensions_sent[MAX_EXT_TYPES];
- uint16 extensions_sent_size;
-
- /* is 0 if we are to send the whole PGP key, or non zero
- * if the fingerprint is to be sent.
- */
- int pgp_fingerprint;
-
- /* This holds the default version that our first
- * record packet will have. */
- opaque default_record_version[2];
-
- int cbc_protection_hack;
-
- void* user_ptr;
-
- int enable_private;/* non zero to
- * enable cipher suites
- * which have 0xFF status.
- */
-
- /* Holds 0 if the last called function was interrupted while
- * receiving, and non zero otherwise.
- */
- int direction;
-
- /* This callback will be used (if set) to receive an
- * openpgp key. (if the peer sends a fingerprint)
- */
- gnutls_openpgp_recv_key_func openpgp_recv_key_func;
-
- /* If non zero the server will not advertize the CA's he
- * trusts (do not send an RDN sequence).
- */
- int ignore_rdn_sequence;
-
- /* This is used to set an arbitary version in the RSA
- * PMS secret. Can be used by clients to test whether the
- * server checks that version. (** only used in gnutls-cli-debug)
- */
- opaque rsa_pms_version[2];
-
- char* srp_username;
- char* srp_password;
-
- /* This is only set in SRP, when the handshake is
- * restarted if an username is not found.
- */
- int handshake_restarted;
-
- /* Here we cache the DH or RSA parameters got from the
- * credentials structure, or from a callback. That is to
- * minimize external calls.
- */
- internal_params_st params;
-
- /* This buffer is used by the record recv functions,
- * as a temporary store buffer.
- */
- gnutls_datum recv_buffer;
-
- /* If you add anything here, check _gnutls_handshake_internal_state_clear().
- */
+ size_t record_send_buffer_prev_size; /* holds the
+ * data written in the previous runs.
+ */
+ size_t record_send_buffer_user_size; /* holds the
+ * size of the user specified data to
+ * send.
+ */
+
+ /* 0 if no peeked data was kept, 1 otherwise.
+ */
+ int have_peeked_data;
+
+ int expire_time; /* after expire_time seconds this session will expire */
+ struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
+ int v2_hello; /* 0 if the client hello is v3+.
+ * non-zero if we got a v2 hello.
+ */
+ /* keeps the headers of the handshake packet
+ */
+ handshake_header_buffer_st handshake_header_buffer;
+
+ /* this is the highest version available
+ * to the peer. (advertized version).
+ * This is obtained by the Handshake Client Hello
+ * message. (some implementations read the Record version)
+ */
+ uint8 adv_version_major;
+ uint8 adv_version_minor;
+
+ /* if this is non zero a certificate request message
+ * will be sent to the client. - only if the ciphersuite
+ * supports it.
+ */
+ int send_cert_req;
+
+ /* bits to use for DHE and DHA
+ * use _gnutls_dh_get_prime_bits() and gnutls_dh_set_prime_bits()
+ * to access it.
+ */
+ uint16 dh_prime_bits;
+
+ size_t max_handshake_data_buffer_size;
+
+ /* PUSH & PULL functions.
+ */
+ gnutls_pull_func _gnutls_pull_func;
+ gnutls_push_func _gnutls_push_func;
+ /* Holds the first argument of PUSH and PULL
+ * functions;
+ */
+ gnutls_transport_ptr transport_recv_ptr;
+ gnutls_transport_ptr transport_send_ptr;
+
+ /* STORE & RETRIEVE functions. Only used if other
+ * backend than gdbm is used.
+ */
+ gnutls_db_store_func db_store_func;
+ gnutls_db_retr_func db_retrieve_func;
+ gnutls_db_remove_func db_remove_func;
+ void *db_ptr;
+
+ /* Holds the record size requested by the
+ * user.
+ */
+ uint16 proposed_record_size;
+
+ /* holds the selected certificate and key.
+ * use _gnutls_selected_certs_deinit() and _gnutls_selected_certs_set()
+ * to change them.
+ */
+ gnutls_cert *selected_cert_list;
+ int selected_cert_list_length;
+ gnutls_privkey *selected_key;
+ int selected_need_free;
+
+ /* holds the extensions we sent to the peer
+ * (in case of a client)
+ */
+ uint16 extensions_sent[MAX_EXT_TYPES];
+ uint16 extensions_sent_size;
+
+ /* is 0 if we are to send the whole PGP key, or non zero
+ * if the fingerprint is to be sent.
+ */
+ int pgp_fingerprint;
+
+ /* This holds the default version that our first
+ * record packet will have. */
+ opaque default_record_version[2];
+
+ int cbc_protection_hack;
+
+ void *user_ptr;
+
+ int enable_private; /* non zero to
+ * enable cipher suites
+ * which have 0xFF status.
+ */
+
+ /* Holds 0 if the last called function was interrupted while
+ * receiving, and non zero otherwise.
+ */
+ int direction;
+
+ /* This callback will be used (if set) to receive an
+ * openpgp key. (if the peer sends a fingerprint)
+ */
+ gnutls_openpgp_recv_key_func openpgp_recv_key_func;
+
+ /* If non zero the server will not advertize the CA's he
+ * trusts (do not send an RDN sequence).
+ */
+ int ignore_rdn_sequence;
+
+ /* This is used to set an arbitary version in the RSA
+ * PMS secret. Can be used by clients to test whether the
+ * server checks that version. (** only used in gnutls-cli-debug)
+ */
+ opaque rsa_pms_version[2];
+
+ char *srp_username;
+ char *srp_password;
+
+ /* This is only set in SRP, when the handshake is
+ * restarted if an username is not found.
+ */
+ int handshake_restarted;
+
+ /* Here we cache the DH or RSA parameters got from the
+ * credentials structure, or from a callback. That is to
+ * minimize external calls.
+ */
+ internal_params_st params;
+
+ /* This buffer is used by the record recv functions,
+ * as a temporary store buffer.
+ */
+ gnutls_datum recv_buffer;
+
+ /* If you add anything here, check _gnutls_handshake_internal_state_clear().
+ */
} internals_st;
struct gnutls_session_int {
- security_parameters_st security_parameters;
- cipher_specs_st cipher_specs;
- conn_stat_st connection_state;
- internals_st internals;
- gnutls_key_st key;
+ security_parameters_st security_parameters;
+ cipher_specs_st cipher_specs;
+ conn_stat_st connection_state;
+ internals_st internals;
+ gnutls_key_st key;
};
typedef struct gnutls_session_int *gnutls_session;
@@ -689,9 +719,11 @@ typedef struct gnutls_session_int *gnutls_session;
/* functions
*/
-void _gnutls_set_current_version(gnutls_session session, gnutls_protocol_version version);
-gnutls_protocol_version gnutls_protocol_get_version(gnutls_session session);
-void _gnutls_free_auth_info( gnutls_session session);
+void _gnutls_set_current_version(gnutls_session session,
+ gnutls_protocol_version version);
+gnutls_protocol_version gnutls_protocol_get_version(gnutls_session
+ session);
+void _gnutls_free_auth_info(gnutls_session session);
/* These two macros return the advertized TLS version of
* the peer.
@@ -706,13 +738,14 @@ void _gnutls_free_auth_info( gnutls_session session);
session->internals.adv_version_major = major; \
session->internals.adv_version_minor = minor
-void _gnutls_set_adv_version( gnutls_session, gnutls_protocol_version);
-gnutls_protocol_version _gnutls_get_adv_version( gnutls_session);
+void _gnutls_set_adv_version(gnutls_session, gnutls_protocol_version);
+gnutls_protocol_version _gnutls_get_adv_version(gnutls_session);
-int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data,
- void* result, size_t* result_size);
+int gnutls_fingerprint(gnutls_digest_algorithm algo,
+ const gnutls_datum * data, void *result,
+ size_t * result_size);
typedef int gnutls_params_function(gnutls_session, gnutls_params_type,
- gnutls_params_st*);
+ gnutls_params_st *);
-#endif /* GNUTLS_INT_H */
+#endif /* GNUTLS_INT_H */
diff --git a/lib/gnutls_int_compat.c b/lib/gnutls_int_compat.c
index ffb367a6b3..39ee08c2cd 100644
--- a/lib/gnutls_int_compat.c
+++ b/lib/gnutls_int_compat.c
@@ -3,10 +3,10 @@
/* This file contains functions needed only for binary compatibility
* with previous versions.
*/
-#define GNUTLS_BACKWARDS_COMPATIBLE
+#define GNUTLS_BACKWARDS_COMPATIBLE
#ifdef GNUTLS_BACKWARDS_COMPATIBLE
/* removed everything for 0.9.0 release */
-#endif /* GNUTLS_BACKWARDS_COMPATIBLE */
+#endif /* GNUTLS_BACKWARDS_COMPATIBLE */
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index 59ae665333..0de4eaff99 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -41,52 +41,68 @@
*/
#define MASTER_SECRET "master secret"
-static int generate_normal_master( gnutls_session session, int);
+static int generate_normal_master(gnutls_session session, int);
-int _gnutls_generate_master( gnutls_session session, int keep_premaster)
+int _gnutls_generate_master(gnutls_session session, int keep_premaster)
{
- if (session->internals.resumed==RESUME_FALSE)
- return generate_normal_master(session, keep_premaster);
- return 0;
+ if (session->internals.resumed == RESUME_FALSE)
+ return generate_normal_master(session, keep_premaster);
+ return 0;
}
/* here we generate the TLS Master secret.
*/
#define PREMASTER session->key->key
-static int generate_normal_master( gnutls_session session, int keep_premaster)
+static int generate_normal_master(gnutls_session session,
+ int keep_premaster)
{
-int ret = 0;
-opaque random[2*TLS_RANDOM_SIZE];
-char buf[64];
-
- memcpy(random, session->security_parameters.client_random, TLS_RANDOM_SIZE);
- memcpy(&random[TLS_RANDOM_SIZE], session->security_parameters.server_random, TLS_RANDOM_SIZE);
-
- _gnutls_hard_log( "INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, _gnutls_bin2hex(PREMASTER.data, PREMASTER.size, buf, sizeof(buf)));
- _gnutls_hard_log( "INT: CLIENT RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.client_random,32, buf, sizeof(buf)));
- _gnutls_hard_log( "INT: SERVER RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.server_random,32, buf, sizeof(buf)));
-
- if ( gnutls_protocol_get_version( session) == GNUTLS_SSL3) {
- ret =
- _gnutls_ssl3_generate_random( PREMASTER.data, PREMASTER.size,
- random, 2*TLS_RANDOM_SIZE, TLS_MASTER_SIZE,
- session->security_parameters.master_secret);
-
- } else {
- ret =
- _gnutls_PRF( PREMASTER.data, PREMASTER.size,
- MASTER_SECRET, strlen(MASTER_SECRET),
- random, 2*TLS_RANDOM_SIZE, TLS_MASTER_SIZE,
- session->security_parameters.master_secret);
- }
-
- if (!keep_premaster) _gnutls_free_datum(&PREMASTER);
-
- if (ret<0) return ret;
+ int ret = 0;
+ opaque random[2 * TLS_RANDOM_SIZE];
+ char buf[64];
+
+ memcpy(random, session->security_parameters.client_random,
+ TLS_RANDOM_SIZE);
+ memcpy(&random[TLS_RANDOM_SIZE],
+ session->security_parameters.server_random, TLS_RANDOM_SIZE);
+
+ _gnutls_hard_log("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size,
+ _gnutls_bin2hex(PREMASTER.data, PREMASTER.size, buf,
+ sizeof(buf)));
+ _gnutls_hard_log("INT: CLIENT RANDOM[%d]: %s\n", 32,
+ _gnutls_bin2hex(session->security_parameters.
+ client_random, 32, buf, sizeof(buf)));
+ _gnutls_hard_log("INT: SERVER RANDOM[%d]: %s\n", 32,
+ _gnutls_bin2hex(session->security_parameters.
+ server_random, 32, buf, sizeof(buf)));
+
+ if (gnutls_protocol_get_version(session) == GNUTLS_SSL3) {
+ ret =
+ _gnutls_ssl3_generate_random(PREMASTER.data, PREMASTER.size,
+ random, 2 * TLS_RANDOM_SIZE,
+ TLS_MASTER_SIZE,
+ session->security_parameters.
+ master_secret);
+
+ } else {
+ ret =
+ _gnutls_PRF(PREMASTER.data, PREMASTER.size,
+ MASTER_SECRET, strlen(MASTER_SECRET),
+ random, 2 * TLS_RANDOM_SIZE, TLS_MASTER_SIZE,
+ session->security_parameters.master_secret);
+ }
- _gnutls_hard_log( "INT: MASTER SECRET: %s\n", _gnutls_bin2hex(session->security_parameters.master_secret, TLS_MASTER_SIZE, buf, sizeof(buf)));
+ if (!keep_premaster)
+ _gnutls_free_datum(&PREMASTER);
+ if (ret < 0)
return ret;
+
+ _gnutls_hard_log("INT: MASTER SECRET: %s\n",
+ _gnutls_bin2hex(session->security_parameters.
+ master_secret, TLS_MASTER_SIZE, buf,
+ sizeof(buf)));
+
+ return ret;
}
@@ -94,483 +110,537 @@ char buf[64];
* server. It does nothing if this type of message is not required
* by the selected ciphersuite.
*/
-int _gnutls_send_server_kx_message( gnutls_session session, int again)
+int _gnutls_send_server_kx_message(gnutls_session session, int again)
{
- uint8 *data = NULL;
- int data_size = 0;
- int ret = 0;
+ uint8 *data = NULL;
+ int data_size = 0;
+ int ret = 0;
- if (session->internals.auth_struct->gnutls_generate_server_kx==NULL)
- return 0;
+ if (session->internals.auth_struct->gnutls_generate_server_kx == NULL)
+ return 0;
- data = NULL;
- data_size = 0;
-
- if (again == 0) {
- data_size = session->internals.auth_struct->gnutls_generate_server_kx( session, &data);
-
- if (data_size == GNUTLS_E_INT_RET_0) {
- gnutls_assert();
- return 0;
- }
-
- if (data_size < 0) {
- gnutls_assert();
- return data_size;
- }
+ data = NULL;
+ data_size = 0;
+
+ if (again == 0) {
+ data_size =
+ session->internals.auth_struct->
+ gnutls_generate_server_kx(session, &data);
+
+ if (data_size == GNUTLS_E_INT_RET_0) {
+ gnutls_assert();
+ return 0;
}
-
- ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE);
- gnutls_free(data);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ if (data_size < 0) {
+ gnutls_assert();
+ return data_size;
}
- return data_size;
+ }
+
+ ret =
+ _gnutls_send_handshake(session, data, data_size,
+ GNUTLS_SERVER_KEY_EXCHANGE);
+ gnutls_free(data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ return data_size;
}
/* This function sends a certificate request message to the
* client.
*/
-int _gnutls_send_server_certificate_request( gnutls_session session, int again)
+int _gnutls_send_server_certificate_request(gnutls_session session,
+ int again)
{
- uint8 *data = NULL;
- int data_size = 0;
- int ret = 0;
+ uint8 *data = NULL;
+ int data_size = 0;
+ int ret = 0;
- if (session->internals.auth_struct->gnutls_generate_server_certificate_request==NULL)
- return 0;
+ if (session->internals.auth_struct->
+ gnutls_generate_server_certificate_request == NULL)
+ return 0;
- if (session->internals.send_cert_req <= 0)
- return 0;
-
- data = NULL;
- data_size = 0;
+ if (session->internals.send_cert_req <= 0)
+ return 0;
- if (again == 0) {
- data_size = session->internals.auth_struct->gnutls_generate_server_certificate_request( session, &data);
+ data = NULL;
+ data_size = 0;
- if (data_size < 0) {
- gnutls_assert();
- return data_size;
- }
- }
- ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_CERTIFICATE_REQUEST);
- gnutls_free(data);
+ if (again == 0) {
+ data_size =
+ session->internals.auth_struct->
+ gnutls_generate_server_certificate_request(session, &data);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ if (data_size < 0) {
+ gnutls_assert();
+ return data_size;
}
- return data_size;
+ }
+ ret =
+ _gnutls_send_handshake(session, data, data_size,
+ GNUTLS_CERTIFICATE_REQUEST);
+ gnutls_free(data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ return data_size;
}
/* This is the function for the client to send the key
* exchange message
*/
-int _gnutls_send_client_kx_message( gnutls_session session, int again)
+int _gnutls_send_client_kx_message(gnutls_session session, int again)
{
- uint8 *data;
- int data_size;
- int ret = 0;
-
- if (session->internals.auth_struct->gnutls_generate_client_kx==NULL)
- return 0;
+ uint8 *data;
+ int data_size;
+ int ret = 0;
+ if (session->internals.auth_struct->gnutls_generate_client_kx == NULL)
+ return 0;
- data = NULL;
- data_size = 0;
- if (again == 0) {
- data_size = session->internals.auth_struct->gnutls_generate_client_kx( session, &data);
- if (data_size < 0) {
- gnutls_assert();
- return data_size;
- }
- }
- ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE);
- gnutls_free(data);
+ data = NULL;
+ data_size = 0;
- if (ret<0) {
- gnutls_assert();
- return ret;
+ if (again == 0) {
+ data_size =
+ session->internals.auth_struct->
+ gnutls_generate_client_kx(session, &data);
+ if (data_size < 0) {
+ gnutls_assert();
+ return data_size;
}
-
+ }
+ ret =
+ _gnutls_send_handshake(session, data, data_size,
+ GNUTLS_CLIENT_KEY_EXCHANGE);
+ gnutls_free(data);
+
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ return ret;
}
/* This is the function for the client to send the certificate
* verify message
*/
-int _gnutls_send_client_certificate_verify( gnutls_session session, int again)
+int _gnutls_send_client_certificate_verify(gnutls_session session,
+ int again)
{
- uint8 *data;
- int ret = 0;
- int data_size;
+ uint8 *data;
+ int ret = 0;
+ int data_size;
- /* This is a packet that is only sent by the client
- */
- if (session->security_parameters.entity==GNUTLS_SERVER) return 0;
-
- /* if certificate verify is not needed just exit
- */
- if (session->key->certificate_requested==0)
- return 0;
+ /* This is a packet that is only sent by the client
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return 0;
- if (session->internals.auth_struct->gnutls_generate_client_cert_vrfy==NULL) {
- gnutls_assert();
- return 0; /* this algorithm does not support cli_cert_vrfy
- */
- }
-
- data = NULL;
- data_size = 0;
-
- if (again == 0) {
- data_size = session->internals.auth_struct->gnutls_generate_client_cert_vrfy( session, &data);
- if (data_size < 0) {
- gnutls_assert();
- return data_size;
- }
- if (data_size == 0)
- return 0;
+ /* if certificate verify is not needed just exit
+ */
+ if (session->key->certificate_requested == 0)
+ return 0;
+ if (session->internals.auth_struct->gnutls_generate_client_cert_vrfy ==
+ NULL) {
+ gnutls_assert();
+ return 0; /* this algorithm does not support cli_cert_vrfy
+ */
+ }
+
+ data = NULL;
+ data_size = 0;
+
+ if (again == 0) {
+ data_size =
+ session->internals.auth_struct->
+ gnutls_generate_client_cert_vrfy(session, &data);
+ if (data_size < 0) {
+ gnutls_assert();
+ return data_size;
}
- ret =
- _gnutls_send_handshake( session, data,
- data_size,
- GNUTLS_CERTIFICATE_VERIFY);
- gnutls_free(data);
+ if (data_size == 0)
+ return 0;
- return ret;
+ }
+ ret =
+ _gnutls_send_handshake(session, data,
+ data_size, GNUTLS_CERTIFICATE_VERIFY);
+ gnutls_free(data);
+
+ return ret;
}
-int _gnutls_recv_server_kx_message( gnutls_session session)
+int _gnutls_recv_server_kx_message(gnutls_session session)
{
- uint8 *data = NULL;
- int datasize;
- int ret = 0;
+ uint8 *data = NULL;
+ int datasize;
+ int ret = 0;
- if (session->internals.auth_struct->gnutls_process_server_kx!=NULL) {
+ if (session->internals.auth_struct->gnutls_process_server_kx != NULL) {
- /* EXCEPTION FOR RSA_EXPORT cipher suite
- */
- if ( _gnutls_session_is_export( session) != 0 &&
- _gnutls_peers_cert_less_512(session) != 0) {
- gnutls_assert();
- return 0;
- }
-
- ret =
- _gnutls_recv_handshake( session, &data,
+ /* EXCEPTION FOR RSA_EXPORT cipher suite
+ */
+ if (_gnutls_session_is_export(session) != 0 &&
+ _gnutls_peers_cert_less_512(session) != 0) {
+ gnutls_assert();
+ return 0;
+ }
+
+ ret =
+ _gnutls_recv_handshake(session, &data,
&datasize,
- GNUTLS_SERVER_KEY_EXCHANGE, MANDATORY_PACKET);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = session->internals.auth_struct->gnutls_process_server_kx( session, data, datasize);
- gnutls_free(data);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
+ GNUTLS_SERVER_KEY_EXCHANGE,
+ MANDATORY_PACKET);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- return ret;
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_server_kx(session, data, datasize);
+ gnutls_free(data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ }
+ return ret;
}
-int _gnutls_recv_server_certificate_request( gnutls_session session)
+int _gnutls_recv_server_certificate_request(gnutls_session session)
{
- uint8 *data;
- int datasize;
- int ret = 0;
+ uint8 *data;
+ int datasize;
+ int ret = 0;
- if (session->internals.auth_struct->gnutls_process_server_certificate_request!=NULL) {
+ if (session->internals.auth_struct->
+ gnutls_process_server_certificate_request != NULL) {
- ret =
- _gnutls_recv_handshake( session, &data,
+ ret =
+ _gnutls_recv_handshake(session, &data,
&datasize,
- GNUTLS_CERTIFICATE_REQUEST, OPTIONAL_PACKET);
- if (ret < 0)
- return ret;
-
- if (ret==0 && datasize == 0)
- return 0; /* ignored */
-
- ret = session->internals.auth_struct->gnutls_process_server_certificate_request( session, data, datasize);
- gnutls_free(data);
- if (ret < 0)
- return ret;
-
- }
- return ret;
+ GNUTLS_CERTIFICATE_REQUEST,
+ OPTIONAL_PACKET);
+ if (ret < 0)
+ return ret;
+
+ if (ret == 0 && datasize == 0)
+ return 0; /* ignored */
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_server_certificate_request(session, data,
+ datasize);
+ gnutls_free(data);
+ if (ret < 0)
+ return ret;
+
+ }
+ return ret;
}
-int _gnutls_recv_client_kx_message( gnutls_session session)
+int _gnutls_recv_client_kx_message(gnutls_session session)
{
- uint8 *data;
- int datasize;
- int ret = 0;
+ uint8 *data;
+ int datasize;
+ int ret = 0;
- /* Do key exchange only if the algorithm permits it */
- if (session->internals.auth_struct->gnutls_process_client_kx != NULL) {
+ /* Do key exchange only if the algorithm permits it */
+ if (session->internals.auth_struct->gnutls_process_client_kx != NULL) {
- ret =
- _gnutls_recv_handshake( session, &data,
- &datasize,
- GNUTLS_CLIENT_KEY_EXCHANGE, MANDATORY_PACKET);
- if (ret < 0)
- return ret;
+ ret =
+ _gnutls_recv_handshake(session, &data,
+ &datasize,
+ GNUTLS_CLIENT_KEY_EXCHANGE,
+ MANDATORY_PACKET);
+ if (ret < 0)
+ return ret;
- ret = session->internals.auth_struct->gnutls_process_client_kx( session, data, datasize);
- gnutls_free(data);
- if (ret < 0)
- return ret;
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_client_kx(session, data, datasize);
+ gnutls_free(data);
+ if (ret < 0)
+ return ret;
- }
+ }
- return ret;
+ return ret;
}
/* This is called when we want send our certificate
*/
-int _gnutls_send_client_certificate( gnutls_session session, int again)
+int _gnutls_send_client_certificate(gnutls_session session, int again)
{
- uint8 *data = NULL;
- int data_size = 0;
- int ret = 0;
+ uint8 *data = NULL;
+ int data_size = 0;
+ int ret = 0;
- if (session->key->certificate_requested == 0)
- return 0;
+ if (session->key->certificate_requested == 0)
+ return 0;
- if (session->internals.auth_struct->gnutls_generate_client_certificate==NULL)
- return 0;
+ if (session->internals.auth_struct->
+ gnutls_generate_client_certificate == NULL)
+ return 0;
- data = NULL;
- data_size = 0;
-
- if (again == 0) {
- if (gnutls_protocol_get_version( session) != GNUTLS_SSL3 ||
- session->internals.selected_cert_list_length > 0) {
- /* TLS 1.0 or SSL 3.0 with a valid certificate
- */
- data_size = session->internals.auth_struct->gnutls_generate_client_certificate( session, &data);
-
- if (data_size < 0) {
- gnutls_assert();
- return data_size;
- }
- }
- }
+ data = NULL;
+ data_size = 0;
- /* In the SSL 3.0 protocol we need to send a
- * no certificate alert instead of an
- * empty certificate.
- */
- if (gnutls_protocol_get_version( session) == GNUTLS_SSL3 &&
- session->internals.selected_cert_list_length == 0)
- {
- ret = gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_SSL3_NO_CERTIFICATE);
-
- } else { /* TLS 1.0 or SSL 3.0 with a valid certificate
- */
- ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_CERTIFICATE_PKT);
- gnutls_free(data);
- }
+ if (again == 0) {
+ if (gnutls_protocol_get_version(session) != GNUTLS_SSL3 ||
+ session->internals.selected_cert_list_length > 0) {
+ /* TLS 1.0 or SSL 3.0 with a valid certificate
+ */
+ data_size =
+ session->internals.auth_struct->
+ gnutls_generate_client_certificate(session, &data);
- if (ret < 0) {
+ if (data_size < 0) {
gnutls_assert();
- return ret;
+ return data_size;
+ }
}
+ }
+
+ /* In the SSL 3.0 protocol we need to send a
+ * no certificate alert instead of an
+ * empty certificate.
+ */
+ if (gnutls_protocol_get_version(session) == GNUTLS_SSL3 &&
+ session->internals.selected_cert_list_length == 0) {
+ ret =
+ gnutls_alert_send(session, GNUTLS_AL_WARNING,
+ GNUTLS_A_SSL3_NO_CERTIFICATE);
+
+ } else { /* TLS 1.0 or SSL 3.0 with a valid certificate
+ */
+ ret =
+ _gnutls_send_handshake(session, data, data_size,
+ GNUTLS_CERTIFICATE_PKT);
+ gnutls_free(data);
+ }
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return data_size;
+ return data_size;
}
/* This is called when we want send our certificate
*/
-int _gnutls_send_server_certificate( gnutls_session session, int again)
+int _gnutls_send_server_certificate(gnutls_session session, int again)
{
- uint8 *data = NULL;
- int data_size = 0;
- int ret = 0;
+ uint8 *data = NULL;
+ int data_size = 0;
+ int ret = 0;
- if (session->internals.auth_struct->gnutls_generate_server_certificate==NULL)
- return 0;
+ if (session->internals.auth_struct->
+ gnutls_generate_server_certificate == NULL)
+ return 0;
- data = NULL;
- data_size = 0;
+ data = NULL;
+ data_size = 0;
- if (again == 0) {
- data_size = session->internals.auth_struct->gnutls_generate_server_certificate( session, &data);
+ if (again == 0) {
+ data_size =
+ session->internals.auth_struct->
+ gnutls_generate_server_certificate(session, &data);
- if (data_size < 0) {
- gnutls_assert();
- return data_size;
- }
- }
- ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_CERTIFICATE_PKT);
- gnutls_free(data);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ if (data_size < 0) {
+ gnutls_assert();
+ return data_size;
}
+ }
+ ret =
+ _gnutls_send_handshake(session, data, data_size,
+ GNUTLS_CERTIFICATE_PKT);
+ gnutls_free(data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return data_size;
+ return data_size;
}
-int _gnutls_recv_client_certificate( gnutls_session session)
+int _gnutls_recv_client_certificate(gnutls_session session)
{
- int datasize;
- opaque * data;
- int ret = 0;
- int optional;
+ int datasize;
+ opaque *data;
+ int ret = 0;
+ int optional;
- if (session->internals.auth_struct->gnutls_process_client_certificate!=NULL) {
+ if (session->internals.auth_struct->
+ gnutls_process_client_certificate != NULL) {
- /* if we have not requested a certificate then just return
- */
- if ( session->internals.send_cert_req == 0) {
- return 0;
- }
-
- if ( session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
- optional = MANDATORY_PACKET;
- else
- optional = OPTIONAL_PACKET;
-
- ret =
- _gnutls_recv_handshake( session, &data,
- &datasize,
- GNUTLS_CERTIFICATE_PKT, optional);
- if (ret < 0) {
- if (optional == OPTIONAL_PACKET &&
- ret==GNUTLS_E_WARNING_ALERT_RECEIVED &&
- gnutls_protocol_get_version(session) == GNUTLS_SSL3 &&
- gnutls_alert_get(session)==GNUTLS_A_SSL3_NO_CERTIFICATE) {
-
- /* SSL3 does not send an empty certificate,
- * but this alert. So we just ignore it.
- */
- gnutls_assert();
- return 0;
- }
- /* certificate was required */
- if (optional==MANDATORY_PACKET) {
- gnutls_assert();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- return ret;
- }
-
- if (ret == 0 && datasize == 0 && optional == OPTIONAL_PACKET) {
- /* Client has not sent the certificate message.
- * well I'm not sure we should accept this
- * behaviour.
- */
- gnutls_assert();
- return 0;
- }
-
-
- ret = session->internals.auth_struct->gnutls_process_client_certificate( session, data, datasize);
- gnutls_free(data);
- if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) {
- gnutls_assert();
- return ret;
- }
-
- /* ok we should expect a certificate verify message now
+ /* if we have not requested a certificate then just return
+ */
+ if (session->internals.send_cert_req == 0) {
+ return 0;
+ }
+
+ if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
+ optional = MANDATORY_PACKET;
+ else
+ optional = OPTIONAL_PACKET;
+
+ ret =
+ _gnutls_recv_handshake(session, &data,
+ &datasize,
+ GNUTLS_CERTIFICATE_PKT, optional);
+ if (ret < 0) {
+ if (optional == OPTIONAL_PACKET &&
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
+ gnutls_protocol_get_version(session) == GNUTLS_SSL3 &&
+ gnutls_alert_get(session) ==
+ GNUTLS_A_SSL3_NO_CERTIFICATE) {
+
+ /* SSL3 does not send an empty certificate,
+ * but this alert. So we just ignore it.
*/
- if (ret==GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET)
- ret = 0;
- else
- session->key->certificate_requested = 1;
+ gnutls_assert();
+ return 0;
+ }
+ /* certificate was required */
+ if (optional == MANDATORY_PACKET) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+ return ret;
}
- return ret;
+ if (ret == 0 && datasize == 0 && optional == OPTIONAL_PACKET) {
+ /* Client has not sent the certificate message.
+ * well I'm not sure we should accept this
+ * behaviour.
+ */
+ gnutls_assert();
+ return 0;
+ }
+
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_client_certificate(session, data, datasize);
+ gnutls_free(data);
+ if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* ok we should expect a certificate verify message now
+ */
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND
+ && optional == OPTIONAL_PACKET)
+ ret = 0;
+ else
+ session->key->certificate_requested = 1;
+
+ }
+
+ return ret;
}
-int _gnutls_recv_server_certificate( gnutls_session session)
+int _gnutls_recv_server_certificate(gnutls_session session)
{
- int datasize;
- opaque * data;
- int ret = 0;
-
- if (session->internals.auth_struct->gnutls_process_server_certificate!=NULL) {
-
- ret =
- _gnutls_recv_handshake( session, &data,
- &datasize,
- GNUTLS_CERTIFICATE_PKT, MANDATORY_PACKET);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = session->internals.auth_struct->gnutls_process_server_certificate( session, data, datasize);
- gnutls_free(data);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int datasize;
+ opaque *data;
+ int ret = 0;
+
+ if (session->internals.auth_struct->
+ gnutls_process_server_certificate != NULL) {
+
+ ret =
+ _gnutls_recv_handshake(session, &data,
+ &datasize,
+ GNUTLS_CERTIFICATE_PKT,
+ MANDATORY_PACKET);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- return ret;
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_server_certificate(session, data, datasize);
+ gnutls_free(data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+
+ return ret;
}
/* Recv the client certificate verify. This packet may not
* arrive if the peer did not send us a certificate.
*/
-int _gnutls_recv_client_certificate_verify_message( gnutls_session session)
+int _gnutls_recv_client_certificate_verify_message(gnutls_session session)
{
- uint8 *data;
- int datasize;
- int ret = 0;
-
-
- if (session->internals.auth_struct->gnutls_process_client_cert_vrfy != NULL) {
-
- if ( session->internals.send_cert_req == 0 ||
- session->key->certificate_requested == 0) {
- return 0;
- }
-
- ret =
- _gnutls_recv_handshake( session, &data,
- &datasize,
- GNUTLS_CERTIFICATE_VERIFY, OPTIONAL_PACKET);
- if (ret < 0)
- return ret;
-
- if (ret==0 && datasize == 0 && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) {
- /* certificate was required */
- gnutls_assert();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- ret = session->internals.auth_struct->gnutls_process_client_cert_vrfy( session, data, datasize);
- gnutls_free(data);
- if (ret < 0)
- return ret;
+ uint8 *data;
+ int datasize;
+ int ret = 0;
+
+ if (session->internals.auth_struct->gnutls_process_client_cert_vrfy !=
+ NULL) {
+
+ if (session->internals.send_cert_req == 0 ||
+ session->key->certificate_requested == 0) {
+ return 0;
}
- return ret;
+ ret =
+ _gnutls_recv_handshake(session, &data,
+ &datasize,
+ GNUTLS_CERTIFICATE_VERIFY,
+ OPTIONAL_PACKET);
+ if (ret < 0)
+ return ret;
+
+ if (ret == 0 && datasize == 0
+ && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) {
+ /* certificate was required */
+ gnutls_assert();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ ret =
+ session->internals.auth_struct->
+ gnutls_process_client_cert_vrfy(session, data, datasize);
+ gnutls_free(data);
+ if (ret < 0)
+ return ret;
+
+ }
+
+ return ret;
}
diff --git a/lib/gnutls_kx.h b/lib/gnutls_kx.h
index a2d8eea197..41f9ad4506 100644
--- a/lib/gnutls_kx.h
+++ b/lib/gnutls_kx.h
@@ -18,17 +18,18 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-int _gnutls_send_server_kx_message( gnutls_session session, int again);
-int _gnutls_send_client_kx_message( gnutls_session session, int again);
-int _gnutls_recv_server_kx_message( gnutls_session session);
-int _gnutls_recv_client_kx_message( gnutls_session session);
-int _gnutls_send_client_certificate_verify( gnutls_session session, int again);
-int _gnutls_send_server_certificate( gnutls_session session, int again);
-int _gnutls_generate_master( gnutls_session session, int keep_premaster);
-int _gnutls_recv_client_certificate( gnutls_session session);
-int _gnutls_recv_server_certificate( gnutls_session session);
-int _gnutls_send_client_certificate( gnutls_session session, int again);
-int _gnutls_recv_server_certificate_request( gnutls_session session);
-int _gnutls_send_server_certificate_request( gnutls_session session, int again);
-int _gnutls_recv_client_certificate_verify_message( gnutls_session session);
-
+int _gnutls_send_server_kx_message(gnutls_session session, int again);
+int _gnutls_send_client_kx_message(gnutls_session session, int again);
+int _gnutls_recv_server_kx_message(gnutls_session session);
+int _gnutls_recv_client_kx_message(gnutls_session session);
+int _gnutls_send_client_certificate_verify(gnutls_session session,
+ int again);
+int _gnutls_send_server_certificate(gnutls_session session, int again);
+int _gnutls_generate_master(gnutls_session session, int keep_premaster);
+int _gnutls_recv_client_certificate(gnutls_session session);
+int _gnutls_recv_server_certificate(gnutls_session session);
+int _gnutls_send_client_certificate(gnutls_session session, int again);
+int _gnutls_recv_server_certificate_request(gnutls_session session);
+int _gnutls_send_server_certificate_request(gnutls_session session,
+ int again);
+int _gnutls_recv_client_certificate_verify_message(gnutls_session session);
diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c
index 0762c6f1ae..2202e75e54 100644
--- a/lib/gnutls_mem.c
+++ b/lib/gnutls_mem.c
@@ -29,56 +29,65 @@ gnutls_alloc_function gnutls_malloc = malloc;
gnutls_free_function gnutls_free = free;
gnutls_realloc_function gnutls_realloc = realloc;
-void* (*gnutls_calloc)(size_t, size_t) = calloc;
-char* (*gnutls_strdup)(const char*) = _gnutls_strdup;
+void *(*gnutls_calloc) (size_t, size_t) = calloc;
+char *(*gnutls_strdup) (const char *) = _gnutls_strdup;
-int _gnutls_is_secure_mem_null( const void* ign) { return 0; }
+int _gnutls_is_secure_mem_null(const void *ign)
+{
+ return 0;
+}
-int (*_gnutls_is_secure_memory)(const void*) = _gnutls_is_secure_mem_null;
+int (*_gnutls_is_secure_memory) (const void *) =
+ _gnutls_is_secure_mem_null;
void *_gnutls_calloc(size_t nmemb, size_t size)
{
- void *ret;
- size *= nmemb;
- ret = gnutls_malloc(size);
- if (ret != NULL) memset(ret, 0, size);
- return ret;
+ void *ret;
+ size *= nmemb;
+ ret = gnutls_malloc(size);
+ if (ret != NULL)
+ memset(ret, 0, size);
+ return ret;
}
svoid *gnutls_secure_calloc(size_t nmemb, size_t size)
{
- svoid *ret;
- size *= nmemb;
- ret = gnutls_secure_malloc(size);
- if (ret != NULL) memset(ret, 0, size);
- return ret;
+ svoid *ret;
+ size *= nmemb;
+ ret = gnutls_secure_malloc(size);
+ if (ret != NULL)
+ memset(ret, 0, size);
+ return ret;
}
/* This realloc will free ptr in case realloc
* fails.
*/
-void* gnutls_realloc_fast( void* ptr, size_t size)
+void *gnutls_realloc_fast(void *ptr, size_t size)
{
-void *ret;
+ void *ret;
- if (size == 0) return ptr;
+ if (size == 0)
+ return ptr;
- ret = gnutls_realloc( ptr, size);
- if ( ret == NULL) {
- gnutls_free( ptr);
- }
+ ret = gnutls_realloc(ptr, size);
+ if (ret == NULL) {
+ gnutls_free(ptr);
+ }
- return ret;
+ return ret;
}
-char* _gnutls_strdup( const char* str) {
-size_t siz = strlen( str) + 1;
-char* ret;
+char *_gnutls_strdup(const char *str)
+{
+ size_t siz = strlen(str) + 1;
+ char *ret;
- ret = gnutls_malloc( siz);
- if (ret != NULL) memcpy( ret, str, siz);
- return ret;
+ ret = gnutls_malloc(siz);
+ if (ret != NULL)
+ memcpy(ret, str, siz);
+ return ret;
}
@@ -96,7 +105,7 @@ char* ret;
* The allocation function used is the one set by gnutls_global_set_mem_functions().
*
**/
-void* gnutls_malloc( size_t s)
+void *gnutls_malloc(size_t s)
{
}
@@ -109,9 +118,8 @@ void* gnutls_malloc( size_t s)
* The deallocation function used is the one set by gnutls_global_set_mem_functions().
*
**/
-void gnutls_free( void* ptr)
+void gnutls_free(void *ptr)
{
}
#endif
-
diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h
index 959757a27f..06bb2167e3 100644
--- a/lib/gnutls_mem.h
+++ b/lib/gnutls_mem.h
@@ -5,7 +5,7 @@
# include <dmalloc.h>
#endif
-typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
+typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
/* Use gnutls_afree() when calling alloca, or
* memory leaks may occur in systems which do not
@@ -29,30 +29,30 @@ typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
# define gnutls_alloca gnutls_malloc
# define gnutls_afree gnutls_free
# endif
-#endif /* HAVE_ALLOCA */
+#endif /* HAVE_ALLOCA */
-typedef void* (*gnutls_alloc_function)(size_t);
-typedef void (*gnutls_free_function)(void*);
-typedef void* (*gnutls_realloc_function)(void*, size_t);
+typedef void *(*gnutls_alloc_function) (size_t);
+typedef void (*gnutls_free_function) (void *);
+typedef void *(*gnutls_realloc_function) (void *, size_t);
extern gnutls_alloc_function gnutls_secure_malloc;
extern gnutls_alloc_function gnutls_malloc;
extern gnutls_free_function gnutls_free;
-extern int (*_gnutls_is_secure_memory)(const void*);
+extern int (*_gnutls_is_secure_memory) (const void *);
extern gnutls_realloc_function gnutls_realloc;
-extern void* (*gnutls_calloc)(size_t, size_t);
-extern char* (*gnutls_strdup)( const char*);
+extern void *(*gnutls_calloc) (size_t, size_t);
+extern char *(*gnutls_strdup) (const char *);
/* this realloc function will return ptr if size==0, and
* will free the ptr if the new allocation failed.
*/
-void* gnutls_realloc_fast( void* ptr, size_t size);
+void *gnutls_realloc_fast(void *ptr, size_t size);
-svoid* gnutls_secure_calloc( size_t nmemb, size_t size);
-void* _gnutls_calloc( size_t nmemb, size_t size);
+svoid *gnutls_secure_calloc(size_t nmemb, size_t size);
+void *_gnutls_calloc(size_t nmemb, size_t size);
-char* _gnutls_strdup( const char*);
+char *_gnutls_strdup(const char *);
-#endif /* GNUTLS_MEM_H */
+#endif /* GNUTLS_MEM_H */
diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c
index 9d135ae092..2ba9ac7713 100644
--- a/lib/gnutls_mpi.c
+++ b/lib/gnutls_mpi.c
@@ -31,97 +31,109 @@
/* Functions that refer to the libgcrypt library.
*/
-
-void _gnutls_mpi_release( mpi_t* x) {
- if (*x==NULL) return;
- gcry_mpi_release(*x);
- *x=NULL;
+
+void _gnutls_mpi_release(mpi_t * x)
+{
+ if (*x == NULL)
+ return;
+ gcry_mpi_release(*x);
+ *x = NULL;
}
/* returns zero on success
*/
-int _gnutls_mpi_scan( mpi_t *ret_mpi, const opaque *buffer, size_t *nbytes ) {
- int ret;
-
- ret = gcry_mpi_scan( ret_mpi, GCRYMPI_FMT_USG, buffer, *nbytes, nbytes);
- if (ret) return GNUTLS_E_MPI_SCAN_FAILED;
-
- /* MPIs with 0 bits are illegal
- */
- if (_gnutls_mpi_get_nbits( *ret_mpi) == 0) {
- _gnutls_mpi_release( ret_mpi);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+int _gnutls_mpi_scan(mpi_t * ret_mpi, const opaque * buffer,
+ size_t * nbytes)
+{
+ int ret;
- return 0;
-}
+ ret = gcry_mpi_scan(ret_mpi, GCRYMPI_FMT_USG, buffer, *nbytes, nbytes);
+ if (ret)
+ return GNUTLS_E_MPI_SCAN_FAILED;
-int _gnutls_mpi_scan_pgp( mpi_t *ret_mpi, const opaque *buffer, size_t *nbytes)
-{
-int ret;
- ret = gcry_mpi_scan( ret_mpi, GCRYMPI_FMT_PGP, buffer, *nbytes, nbytes);
- if (ret) return GNUTLS_E_MPI_SCAN_FAILED;
+ /* MPIs with 0 bits are illegal
+ */
+ if (_gnutls_mpi_get_nbits(*ret_mpi) == 0) {
+ _gnutls_mpi_release(ret_mpi);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- /* MPIs with 0 bits are illegal
- */
- if (_gnutls_mpi_get_nbits( *ret_mpi) == 0) {
- _gnutls_mpi_release( ret_mpi);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ return 0;
+}
- return 0;
+int _gnutls_mpi_scan_pgp(mpi_t * ret_mpi, const opaque * buffer,
+ size_t * nbytes)
+{
+ int ret;
+ ret = gcry_mpi_scan(ret_mpi, GCRYMPI_FMT_PGP, buffer, *nbytes, nbytes);
+ if (ret)
+ return GNUTLS_E_MPI_SCAN_FAILED;
+
+ /* MPIs with 0 bits are illegal
+ */
+ if (_gnutls_mpi_get_nbits(*ret_mpi) == 0) {
+ _gnutls_mpi_release(ret_mpi);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ return 0;
}
-int _gnutls_mpi_print( void *buffer, size_t *nbytes, const mpi_t a )
+int _gnutls_mpi_print(void *buffer, size_t * nbytes, const mpi_t a)
{
-int ret;
+ int ret;
- if (nbytes == NULL || a == NULL) return GNUTLS_E_INVALID_REQUEST;
+ if (nbytes == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- ret = gcry_mpi_print( GCRYMPI_FMT_USG, buffer, *nbytes, nbytes, a);
- if (!ret) return 0;
-
- return GNUTLS_E_MPI_PRINT_FAILED;
+ ret = gcry_mpi_print(GCRYMPI_FMT_USG, buffer, *nbytes, nbytes, a);
+ if (!ret)
+ return 0;
+
+ return GNUTLS_E_MPI_PRINT_FAILED;
}
/* Always has the first bit zero */
-int _gnutls_mpi_print_lz( void *buffer, size_t *nbytes, const mpi_t a )
+int _gnutls_mpi_print_lz(void *buffer, size_t * nbytes, const mpi_t a)
{
-int ret;
+ int ret;
- if (nbytes == NULL || a == NULL) return GNUTLS_E_INVALID_REQUEST;
+ if (nbytes == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- ret = gcry_mpi_print( GCRYMPI_FMT_STD, buffer, *nbytes, nbytes, a);
- if (!ret) return 0;
-
- return GNUTLS_E_MPI_PRINT_FAILED;
+ ret = gcry_mpi_print(GCRYMPI_FMT_STD, buffer, *nbytes, nbytes, a);
+ if (!ret)
+ return 0;
+
+ return GNUTLS_E_MPI_PRINT_FAILED;
}
/* Always has the first bit zero */
-int _gnutls_mpi_dprint_lz( gnutls_datum* dest, const mpi_t a )
+int _gnutls_mpi_dprint_lz(gnutls_datum * dest, const mpi_t a)
{
-int ret;
-opaque* buf = NULL;
-size_t bytes = 0;
-
- if (dest == NULL || a == NULL) return GNUTLS_E_INVALID_REQUEST;
-
- gcry_mpi_print( GCRYMPI_FMT_STD, NULL, 0, &bytes, a);
-
- if (bytes != 0)
- buf = gnutls_malloc( bytes);
- if (buf == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = gcry_mpi_print( GCRYMPI_FMT_STD, buf, bytes, &bytes, a);
- if (!ret) {
- dest->data = buf;
- dest->size = bytes;
- return 0;
- }
-
- gnutls_free(buf);
- return GNUTLS_E_MPI_PRINT_FAILED;
+ int ret;
+ opaque *buf = NULL;
+ size_t bytes = 0;
+
+ if (dest == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ gcry_mpi_print(GCRYMPI_FMT_STD, NULL, 0, &bytes, a);
+
+ if (bytes != 0)
+ buf = gnutls_malloc(bytes);
+ if (buf == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = gcry_mpi_print(GCRYMPI_FMT_STD, buf, bytes, &bytes, a);
+ if (!ret) {
+ dest->data = buf;
+ dest->size = bytes;
+ return 0;
+ }
+
+ gnutls_free(buf);
+ return GNUTLS_E_MPI_PRINT_FAILED;
}
@@ -129,82 +141,86 @@ size_t bytes = 0;
* from asn1 structs. Combines the read and mpi_scan
* steps.
*/
-int _gnutls_x509_read_int( ASN1_TYPE node, const char* value,
- mpi_t* ret_mpi)
+int _gnutls_x509_read_int(ASN1_TYPE node, const char *value,
+ mpi_t * ret_mpi)
{
-int result;
-size_t s_len;
-opaque* tmpstr = NULL;
-int tmpstr_size;
-
- tmpstr_size = 0;
- result = asn1_read_value( node, value, NULL, &tmpstr_size);
- if (result != ASN1_MEM_ERROR) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- tmpstr = gnutls_alloca( tmpstr_size);
- if (tmpstr == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_read_value( node, value, tmpstr, &tmpstr_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_afree( tmpstr);
- return _gnutls_asn2err(result);
- }
-
- s_len = tmpstr_size;
- if (_gnutls_mpi_scan( ret_mpi, tmpstr, &s_len) != 0) {
- gnutls_assert();
- gnutls_afree( tmpstr);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- gnutls_afree( tmpstr);
-
- return 0;
+ int result;
+ size_t s_len;
+ opaque *tmpstr = NULL;
+ int tmpstr_size;
+
+ tmpstr_size = 0;
+ result = asn1_read_value(node, value, NULL, &tmpstr_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ tmpstr = gnutls_alloca(tmpstr_size);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value(node, value, tmpstr, &tmpstr_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_afree(tmpstr);
+ return _gnutls_asn2err(result);
+ }
+
+ s_len = tmpstr_size;
+ if (_gnutls_mpi_scan(ret_mpi, tmpstr, &s_len) != 0) {
+ gnutls_assert();
+ gnutls_afree(tmpstr);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ gnutls_afree(tmpstr);
+
+ return 0;
}
/* Writes the specified integer into the specified node.
*/
-int _gnutls_x509_write_int( ASN1_TYPE node, const char* value, mpi_t mpi, int lz)
+int _gnutls_x509_write_int(ASN1_TYPE node, const char *value, mpi_t mpi,
+ int lz)
{
-opaque *tmpstr;
-size_t s_len;
-int result;
-
- s_len = 0;
- if (lz) result = _gnutls_mpi_print_lz( NULL, &s_len, mpi);
- else result = _gnutls_mpi_print( NULL, &s_len, mpi);
-
- tmpstr = gnutls_alloca( s_len);
- if (tmpstr == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (lz) result = _gnutls_mpi_print_lz( tmpstr, &s_len, mpi);
- else result = _gnutls_mpi_print( tmpstr, &s_len, mpi);
-
- if (result != 0) {
- gnutls_assert();
- gnutls_afree( tmpstr);
- return GNUTLS_E_MPI_PRINT_FAILED;
- }
-
- result = asn1_write_value( node, value, tmpstr, s_len);
-
- gnutls_afree( tmpstr);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ opaque *tmpstr;
+ size_t s_len;
+ int result;
+
+ s_len = 0;
+ if (lz)
+ result = _gnutls_mpi_print_lz(NULL, &s_len, mpi);
+ else
+ result = _gnutls_mpi_print(NULL, &s_len, mpi);
+
+ tmpstr = gnutls_alloca(s_len);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (lz)
+ result = _gnutls_mpi_print_lz(tmpstr, &s_len, mpi);
+ else
+ result = _gnutls_mpi_print(tmpstr, &s_len, mpi);
+
+ if (result != 0) {
+ gnutls_assert();
+ gnutls_afree(tmpstr);
+ return GNUTLS_E_MPI_PRINT_FAILED;
+ }
- return 0;
-}
+ result = asn1_write_value(node, value, tmpstr, s_len);
+ gnutls_afree(tmpstr);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
+}
diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h
index 350226691d..41a05bf7ee 100644
--- a/lib/gnutls_mpi.h
+++ b/lib/gnutls_mpi.h
@@ -31,18 +31,20 @@ typedef mpi_t GNUTLS_MPI;
#define _gnutls_prime_check gcry_prime_check
#define _gnutls_mpi_div gcry_mpi_div
-# define _gnutls_mpi_alloc_like(x) _gnutls_mpi_new(_gnutls_mpi_get_nbits(x))
-# define _gnutls_mpi_salloc_like(x) _gnutls_mpi_snew(_gnutls_mpi_get_nbits(x))
+# define _gnutls_mpi_alloc_like(x) _gnutls_mpi_new(_gnutls_mpi_get_nbits(x))
+# define _gnutls_mpi_salloc_like(x) _gnutls_mpi_snew(_gnutls_mpi_get_nbits(x))
-void _gnutls_mpi_release( mpi_t* x);
+void _gnutls_mpi_release(mpi_t * x);
-int _gnutls_mpi_scan( mpi_t *ret_mpi, const opaque *buffer, size_t *nbytes );
-int _gnutls_mpi_scan_pgp( mpi_t *ret_mpi, const opaque *buffer, size_t *nbytes );
+int _gnutls_mpi_scan(mpi_t * ret_mpi, const opaque * buffer,
+ size_t * nbytes);
+int _gnutls_mpi_scan_pgp(mpi_t * ret_mpi, const opaque * buffer,
+ size_t * nbytes);
-int _gnutls_mpi_print( void *buffer, size_t *nbytes, const mpi_t a );
-int _gnutls_mpi_print_lz( void *buffer, size_t *nbytes, const mpi_t a );
+int _gnutls_mpi_print(void *buffer, size_t * nbytes, const mpi_t a);
+int _gnutls_mpi_print_lz(void *buffer, size_t * nbytes, const mpi_t a);
-int _gnutls_mpi_dprint_lz( gnutls_datum* dest, const mpi_t a );
+int _gnutls_mpi_dprint_lz(gnutls_datum * dest, const mpi_t a);
#define _gnutls_mpi_dprint _gnutls_mpi_dprint_lz
#endif
diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c
index 8d9ed1c8c4..259e230f20 100644
--- a/lib/gnutls_num.c
+++ b/lib/gnutls_num.c
@@ -32,130 +32,144 @@
* Returns 0 on success, or -1 if the uint64 max limit
* has been reached.
*/
-int _gnutls_uint64pp( uint64 *x) {
-register int i, y=0;
-
- for (i=7;i>=0;i--) {
- y = 0;
- if ( x->i[i] == 0xff) {
- x->i[i] = 0;
- y = 1;
- } else x->i[i]++;
-
- if (y==0) break;
- }
- if (y != 0) return -1; /* over 64 bits! WOW */
-
- return 0;
+int _gnutls_uint64pp(uint64 * x)
+{
+ register int i, y = 0;
+
+ for (i = 7; i >= 0; i--) {
+ y = 0;
+ if (x->i[i] == 0xff) {
+ x->i[i] = 0;
+ y = 1;
+ } else
+ x->i[i]++;
+
+ if (y == 0)
+ break;
+ }
+ if (y != 0)
+ return -1; /* over 64 bits! WOW */
+
+ return 0;
}
-uint32 _gnutls_uint24touint32( uint24 num) {
-uint32 ret=0;
+uint32 _gnutls_uint24touint32(uint24 num)
+{
+ uint32 ret = 0;
- ((uint8*)&ret)[1] = num.pint[0];
- ((uint8*)&ret)[2] = num.pint[1];
- ((uint8*)&ret)[3] = num.pint[2];
- return ret;
+ ((uint8 *) & ret)[1] = num.pint[0];
+ ((uint8 *) & ret)[2] = num.pint[1];
+ ((uint8 *) & ret)[3] = num.pint[2];
+ return ret;
}
-uint24 _gnutls_uint32touint24( uint32 num) {
-uint24 ret;
+uint24 _gnutls_uint32touint24(uint32 num)
+{
+ uint24 ret;
- ret.pint[0] = ((uint8*)&num)[1];
- ret.pint[1] = ((uint8*)&num)[2];
- ret.pint[2] = ((uint8*)&num)[3];
- return ret;
+ ret.pint[0] = ((uint8 *) & num)[1];
+ ret.pint[1] = ((uint8 *) & num)[2];
+ ret.pint[2] = ((uint8 *) & num)[3];
+ return ret;
}
/* data should be at least 3 bytes */
-uint32 _gnutls_read_uint24( const opaque* data) {
-uint32 res;
-uint24 num;
-
- num.pint[0] = data[0];
- num.pint[1] = data[1];
- num.pint[2] = data[2];
-
- res = _gnutls_uint24touint32( num);
+uint32 _gnutls_read_uint24(const opaque * data)
+{
+ uint32 res;
+ uint24 num;
+
+ num.pint[0] = data[0];
+ num.pint[1] = data[1];
+ num.pint[2] = data[2];
+
+ res = _gnutls_uint24touint32(num);
#ifndef WORDS_BIGENDIAN
- res = byteswap32( res);
+ res = byteswap32(res);
#endif
-return res;
+ return res;
}
-void _gnutls_write_uint24( uint32 num, opaque* data) {
-uint24 tmp;
-
+void _gnutls_write_uint24(uint32 num, opaque * data)
+{
+ uint24 tmp;
+
#ifndef WORDS_BIGENDIAN
- num = byteswap32( num);
+ num = byteswap32(num);
#endif
- tmp = _gnutls_uint32touint24( num);
+ tmp = _gnutls_uint32touint24(num);
- data[0] = tmp.pint[0];
- data[1] = tmp.pint[1];
- data[2] = tmp.pint[2];
+ data[0] = tmp.pint[0];
+ data[1] = tmp.pint[1];
+ data[2] = tmp.pint[2];
}
-uint32 _gnutls_read_uint32( const opaque* data) {
-uint32 res;
+uint32 _gnutls_read_uint32(const opaque * data)
+{
+ uint32 res;
- memcpy( &res, data, sizeof(uint32));
+ memcpy(&res, data, sizeof(uint32));
#ifndef WORDS_BIGENDIAN
- res = byteswap32( res);
+ res = byteswap32(res);
#endif
-return res;
+ return res;
}
-void _gnutls_write_uint32( uint32 num, opaque* data) {
+void _gnutls_write_uint32(uint32 num, opaque * data)
+{
#ifndef WORDS_BIGENDIAN
- num = byteswap32( num);
+ num = byteswap32(num);
#endif
- memcpy( data, &num, sizeof(uint32));
+ memcpy(data, &num, sizeof(uint32));
}
-uint16 _gnutls_read_uint16( const opaque* data) {
-uint16 res;
- memcpy( &res, data, sizeof(uint16));
+uint16 _gnutls_read_uint16(const opaque * data)
+{
+ uint16 res;
+ memcpy(&res, data, sizeof(uint16));
#ifndef WORDS_BIGENDIAN
- res = byteswap16( res);
+ res = byteswap16(res);
#endif
-return res;
+ return res;
}
-void _gnutls_write_uint16( uint16 num, opaque* data) {
+void _gnutls_write_uint16(uint16 num, opaque * data)
+{
#ifndef WORDS_BIGENDIAN
- num = byteswap16( num);
+ num = byteswap16(num);
#endif
- memcpy( data, &num, sizeof(uint16));
+ memcpy(data, &num, sizeof(uint16));
}
-uint32 _gnutls_conv_uint32( uint32 data) {
+uint32 _gnutls_conv_uint32(uint32 data)
+{
#ifndef WORDS_BIGENDIAN
- return byteswap32( data);
+ return byteswap32(data);
#else
- return data;
+ return data;
#endif
}
-uint16 _gnutls_conv_uint16( uint16 data) {
+uint16 _gnutls_conv_uint16(uint16 data)
+{
#ifndef WORDS_BIGENDIAN
- return byteswap16( data);
+ return byteswap16(data);
#else
- return data;
+ return data;
#endif
}
-uint32 _gnutls_uint64touint32( const uint64* num) {
-uint32 ret;
+uint32 _gnutls_uint64touint32(const uint64 * num)
+{
+ uint32 ret;
- memcpy( &ret, &num->i[4], 4);
+ memcpy(&ret, &num->i[4], 4);
#ifndef WORDS_BIGENDIAN
- ret = byteswap32(ret);
+ ret = byteswap32(ret);
#endif
- return ret;
+ return ret;
}
-
diff --git a/lib/gnutls_num.h b/lib/gnutls_num.h
index 91a54a4073..2c49ddb50f 100644
--- a/lib/gnutls_num.h
+++ b/lib/gnutls_num.h
@@ -31,18 +31,18 @@
#define byteswap16(x) ((rotl16(x, 8) & 0x00ff) | (rotr16(x, 8) & 0xff00))
#define byteswap32(x) ((rotl32(x, 8) & 0x00ff00ffUL) | (rotr32(x, 8) & 0xff00ff00UL))
-uint32 _gnutls_uint24touint32( uint24 num);
-uint24 _gnutls_uint32touint24( uint32 num);
-uint32 _gnutls_read_uint32( const opaque* data);
-uint16 _gnutls_read_uint16( const opaque* data);
-uint32 _gnutls_conv_uint32( uint32 data);
-uint16 _gnutls_conv_uint16( uint16 data);
-uint32 _gnutls_read_uint24( const opaque* data);
-void _gnutls_write_uint24( uint32 num, opaque* data);
-void _gnutls_write_uint32( uint32 num, opaque* data);
-void _gnutls_write_uint16( uint16 num, opaque* data);
-uint32 _gnutls_uint64touint32( const uint64*);
+uint32 _gnutls_uint24touint32(uint24 num);
+uint24 _gnutls_uint32touint24(uint32 num);
+uint32 _gnutls_read_uint32(const opaque * data);
+uint16 _gnutls_read_uint16(const opaque * data);
+uint32 _gnutls_conv_uint32(uint32 data);
+uint16 _gnutls_conv_uint16(uint16 data);
+uint32 _gnutls_read_uint24(const opaque * data);
+void _gnutls_write_uint24(uint32 num, opaque * data);
+void _gnutls_write_uint32(uint32 num, opaque * data);
+void _gnutls_write_uint16(uint16 num, opaque * data);
+uint32 _gnutls_uint64touint32(const uint64 *);
-int _gnutls_uint64pp( uint64 *);
+int _gnutls_uint64pp(uint64 *);
# define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0
# define UINT64DATA(x) x.i
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index fa49381d96..fce507b6de 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -36,162 +36,173 @@
#include <x509/mpi.h>
#include <x509/common.h>
-static int _gnutls_pk_encrypt(int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey, int pkey_len);
-static int _gnutls_pk_sign(int algo, mpi_t* data, mpi_t hash, mpi_t * pkey, int);
-static int _gnutls_pk_verify(int algo, mpi_t hash, mpi_t* data, mpi_t *pkey, int);
-static int _gnutls_pk_decrypt(int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey, int);
+static int _gnutls_pk_encrypt(int algo, mpi_t * resarr, mpi_t data,
+ mpi_t * pkey, int pkey_len);
+static int _gnutls_pk_sign(int algo, mpi_t * data, mpi_t hash,
+ mpi_t * pkey, int);
+static int _gnutls_pk_verify(int algo, mpi_t hash, mpi_t * data,
+ mpi_t * pkey, int);
+static int _gnutls_pk_decrypt(int algo, mpi_t * resarr, mpi_t data,
+ mpi_t * pkey, int);
/* Do PKCS-1 RSA encryption.
* params is modulus, public exp.
*/
int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext,
- const gnutls_datum *plaintext, mpi_t* params,
- uint params_len,
- uint btype)
+ const gnutls_datum * plaintext,
+ mpi_t * params, uint params_len, uint btype)
{
- unsigned int i, pad;
- int ret;
- mpi_t m, res;
- opaque *edata, *ps;
- size_t k, psize;
- size_t mod_bits;
-
- mod_bits = _gnutls_mpi_get_nbits(params[0]);
- k = mod_bits / 8;
- if ( mod_bits % 8 != 0) k++;
-
- if (plaintext->size > k - 11) {
- gnutls_assert();
- return GNUTLS_E_PK_ENCRYPTION_FAILED;
- }
-
- edata = gnutls_alloca(k);
- if (edata == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* EB = 00||BT||PS||00||D
- * (use block type 'btype')
- */
-
- edata[0] = 0;
- edata[1] = btype;
- psize = k - 3 - plaintext->size;
-
- ps = &edata[2];
- switch (btype) {
- case 2:
- /* using public key */
- if (params_len < RSA_PUBLIC_PARAMS) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if ( (ret=_gnutls_get_random(ps, psize, GNUTLS_STRONG_RANDOM)) < 0) {
- gnutls_assert();
- gnutls_afree(edata);
- return ret;
- }
- for (i = 0; i < psize; i++) {
- opaque rnd[3];
-
- /* Read three random bytes that will be
- * used to replace the zeros.
- */
- if ( (ret=_gnutls_get_random( rnd, 3, GNUTLS_STRONG_RANDOM)) < 0) {
- gnutls_assert();
- gnutls_afree(edata);
- return ret;
- }
- /* use non zero values for
- * the first two.
- */
- if (rnd[0]==0) rnd[0] = 0xaf;
- if (rnd[1]==0) rnd[1] = 0xae;
-
- if (ps[i] == 0) {
- /* If the first one is zero then set it to rnd[0].
- * If the second one is zero then set it to rnd[1].
- * Otherwise add (mod 256) the two previous ones plus rnd[3], or use
- * rnd[1] if the value == 0.
- */
- if (i<2) ps[i] = rnd[i];
- else ps[i] = GMAX( rnd[3] + ps[i-1] + ps[i-2], rnd[1]);
- }
- }
- break;
- case 1:
- /* using private key */
-
- if (params_len < RSA_PRIVATE_PARAMS) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- for (i = 0; i < psize; i++)
- ps[i] = 0xff;
- break;
- default:
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ps[psize] = 0;
- memcpy(&ps[psize + 1], plaintext->data, plaintext->size);
-
- if (_gnutls_mpi_scan(&m, edata, &k) != 0) {
+ unsigned int i, pad;
+ int ret;
+ mpi_t m, res;
+ opaque *edata, *ps;
+ size_t k, psize;
+ size_t mod_bits;
+
+ mod_bits = _gnutls_mpi_get_nbits(params[0]);
+ k = mod_bits / 8;
+ if (mod_bits % 8 != 0)
+ k++;
+
+ if (plaintext->size > k - 11) {
+ gnutls_assert();
+ return GNUTLS_E_PK_ENCRYPTION_FAILED;
+ }
+
+ edata = gnutls_alloca(k);
+ if (edata == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* EB = 00||BT||PS||00||D
+ * (use block type 'btype')
+ */
+
+ edata[0] = 0;
+ edata[1] = btype;
+ psize = k - 3 - plaintext->size;
+
+ ps = &edata[2];
+ switch (btype) {
+ case 2:
+ /* using public key */
+ if (params_len < RSA_PUBLIC_PARAMS) {
+ gnutls_assert();
+ gnutls_afree(edata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((ret =
+ _gnutls_get_random(ps, psize, GNUTLS_STRONG_RANDOM)) < 0) {
+ gnutls_assert();
+ gnutls_afree(edata);
+ return ret;
+ }
+ for (i = 0; i < psize; i++) {
+ opaque rnd[3];
+
+ /* Read three random bytes that will be
+ * used to replace the zeros.
+ */
+ if ((ret =
+ _gnutls_get_random(rnd, 3, GNUTLS_STRONG_RANDOM)) < 0) {
gnutls_assert();
gnutls_afree(edata);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
- gnutls_afree(edata);
-
- if (btype==2) /* encrypt */
- ret = _gnutls_pk_encrypt(GCRY_PK_RSA, &res, m, params, params_len);
- else /* sign */
- ret = _gnutls_pk_sign(GCRY_PK_RSA, &res, m, params, params_len);
-
- _gnutls_mpi_release(&m);
-
- if (ret < 0) {
- gnutls_assert();
return ret;
- }
+ }
+ /* use non zero values for
+ * the first two.
+ */
+ if (rnd[0] == 0)
+ rnd[0] = 0xaf;
+ if (rnd[1] == 0)
+ rnd[1] = 0xae;
+
+ if (ps[i] == 0) {
+ /* If the first one is zero then set it to rnd[0].
+ * If the second one is zero then set it to rnd[1].
+ * Otherwise add (mod 256) the two previous ones plus rnd[3], or use
+ * rnd[1] if the value == 0.
+ */
+ if (i < 2)
+ ps[i] = rnd[i];
+ else
+ ps[i] = GMAX(rnd[3] + ps[i - 1] + ps[i - 2], rnd[1]);
+ }
+ }
+ break;
+ case 1:
+ /* using private key */
+
+ if (params_len < RSA_PRIVATE_PARAMS) {
+ gnutls_assert();
+ gnutls_afree(edata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ for (i = 0; i < psize; i++)
+ ps[i] = 0xff;
+ break;
+ default:
+ gnutls_assert();
+ gnutls_afree(edata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- _gnutls_mpi_print(NULL, &psize, res);
+ ps[psize] = 0;
+ memcpy(&ps[psize + 1], plaintext->data, plaintext->size);
- if (psize < k) {
- /* padding psize */
- pad = k - psize;
- psize = k;
- } else if (psize==k) {
- pad = 0;
- } else { /* psize > k !!! */
- /* This is an impossible situation */
- gnutls_assert();
- _gnutls_mpi_release(&res);
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (_gnutls_mpi_scan(&m, edata, &k) != 0) {
+ gnutls_assert();
+ gnutls_afree(edata);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ gnutls_afree(edata);
+
+ if (btype == 2) /* encrypt */
+ ret = _gnutls_pk_encrypt(GCRY_PK_RSA, &res, m, params, params_len);
+ else /* sign */
+ ret = _gnutls_pk_sign(GCRY_PK_RSA, &res, m, params, params_len);
+
+ _gnutls_mpi_release(&m);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_mpi_print(NULL, &psize, res);
+
+ if (psize < k) {
+ /* padding psize */
+ pad = k - psize;
+ psize = k;
+ } else if (psize == k) {
+ pad = 0;
+ } else { /* psize > k !!! */
+ /* This is an impossible situation */
+ gnutls_assert();
+ _gnutls_mpi_release(&res);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- ciphertext->data = gnutls_malloc(psize);
- if (ciphertext->data == NULL) {
- gnutls_assert();
- _gnutls_mpi_release(&res);
- return GNUTLS_E_MEMORY_ERROR;
- }
- _gnutls_mpi_print( &ciphertext->data[pad], &psize, res);
- for (i=0;i<pad;i++) ciphertext->data[i] = 0;
+ ciphertext->data = gnutls_malloc(psize);
+ if (ciphertext->data == NULL) {
+ gnutls_assert();
+ _gnutls_mpi_release(&res);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ _gnutls_mpi_print(&ciphertext->data[pad], &psize, res);
+ for (i = 0; i < pad; i++)
+ ciphertext->data[i] = 0;
- ciphertext->size = k;
+ ciphertext->size = k;
- _gnutls_mpi_release(&res);
+ _gnutls_mpi_release(&res);
- return 0;
+ return 0;
}
@@ -200,309 +211,322 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext,
* Can decrypt block type 1 and type 2 packets.
*/
int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext,
- const gnutls_datum *ciphertext, mpi_t* params, uint params_len,
- uint btype)
+ const gnutls_datum * ciphertext,
+ mpi_t * params, uint params_len, uint btype)
{
- uint k, i;
- int ret;
- mpi_t c, res;
- opaque *edata;
- size_t esize, mod_bits;
-
- mod_bits = _gnutls_mpi_get_nbits(params[0]);
- k = mod_bits / 8;
- if ( mod_bits % 8 != 0) k++;
-
- esize = ciphertext->size;
-
- if (esize != k) {
- gnutls_assert();
- return GNUTLS_E_PK_DECRYPTION_FAILED;
- }
-
- if (_gnutls_mpi_scan(&c, ciphertext->data, &esize) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- /* we can use btype to see if the private key is
- * available.
- */
- if (btype==2)
- ret = _gnutls_pk_decrypt(GCRY_PK_RSA, &res, c, params, params_len);
- else {
- ret = _gnutls_pk_encrypt(GCRY_PK_RSA, &res, c, params, params_len);
- }
- _gnutls_mpi_release(&c);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- _gnutls_mpi_print(NULL, &esize, res);
- edata = gnutls_alloca(esize + 1);
- if (edata == NULL) {
- gnutls_assert();
- _gnutls_mpi_release(&res);
- return GNUTLS_E_MEMORY_ERROR;
- }
- _gnutls_mpi_print(&edata[1], &esize, res);
-
+ uint k, i;
+ int ret;
+ mpi_t c, res;
+ opaque *edata;
+ size_t esize, mod_bits;
+
+ mod_bits = _gnutls_mpi_get_nbits(params[0]);
+ k = mod_bits / 8;
+ if (mod_bits % 8 != 0)
+ k++;
+
+ esize = ciphertext->size;
+
+ if (esize != k) {
+ gnutls_assert();
+ return GNUTLS_E_PK_DECRYPTION_FAILED;
+ }
+
+ if (_gnutls_mpi_scan(&c, ciphertext->data, &esize) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ /* we can use btype to see if the private key is
+ * available.
+ */
+ if (btype == 2)
+ ret = _gnutls_pk_decrypt(GCRY_PK_RSA, &res, c, params, params_len);
+ else {
+ ret = _gnutls_pk_encrypt(GCRY_PK_RSA, &res, c, params, params_len);
+ }
+ _gnutls_mpi_release(&c);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_mpi_print(NULL, &esize, res);
+ edata = gnutls_alloca(esize + 1);
+ if (edata == NULL) {
+ gnutls_assert();
_gnutls_mpi_release(&res);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ _gnutls_mpi_print(&edata[1], &esize, res);
- /* EB = 00||BT||PS||00||D
- * (use block type 'btype')
- */
+ _gnutls_mpi_release(&res);
+ /* EB = 00||BT||PS||00||D
+ * (use block type 'btype')
+ */
- edata[0] = 0;
- esize++;
- if (edata[0] != 0 || edata[1] != btype) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_DECRYPTION_FAILED;
- }
+ edata[0] = 0;
+ esize++;
- ret = GNUTLS_E_DECRYPTION_FAILED;
- switch (btype) {
- case 2:
- for (i = 2; i < esize; i++) {
- if (edata[i] == 0) {
- ret = 0;
- break;
- }
- }
- break;
- case 1:
- for (i = 2; i < esize; i++) {
- if (edata[i] == 0 && i > 2) {
- ret = 0;
- break;
- }
- if (edata[i] != 0xff) {
- _gnutls_handshake_log("PKCS #1 padding error");
- ret = GNUTLS_E_PKCS1_WRONG_PAD;
- break;
- }
- }
+ if (edata[0] != 0 || edata[1] != btype) {
+ gnutls_assert();
+ gnutls_afree(edata);
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ ret = GNUTLS_E_DECRYPTION_FAILED;
+ switch (btype) {
+ case 2:
+ for (i = 2; i < esize; i++) {
+ if (edata[i] == 0) {
+ ret = 0;
break;
- default:
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_INTERNAL_ERROR;
+ }
}
- i++;
-
- if (ret < 0) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_DECRYPTION_FAILED;
+ break;
+ case 1:
+ for (i = 2; i < esize; i++) {
+ if (edata[i] == 0 && i > 2) {
+ ret = 0;
+ break;
+ }
+ if (edata[i] != 0xff) {
+ _gnutls_handshake_log("PKCS #1 padding error");
+ ret = GNUTLS_E_PKCS1_WRONG_PAD;
+ break;
+ }
}
+ break;
+ default:
+ gnutls_assert();
+ gnutls_afree(edata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ i++;
- if (_gnutls_sset_datum(plaintext, &edata[i], esize - i) < 0) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_afree(edata);
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+ if (_gnutls_sset_datum(plaintext, &edata[i], esize - i) < 0) {
+ gnutls_assert();
gnutls_afree(edata);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ gnutls_afree(edata);
- return 0;
+ return 0;
}
-int _gnutls_rsa_verify( const gnutls_datum* vdata, const gnutls_datum *ciphertext,
- mpi_t *params, int params_len, int btype) {
+int _gnutls_rsa_verify(const gnutls_datum * vdata,
+ const gnutls_datum * ciphertext, mpi_t * params,
+ int params_len, int btype)
+{
- gnutls_datum plain;
- int ret;
+ gnutls_datum plain;
+ int ret;
- /* decrypt signature */
- if ( (ret=_gnutls_pkcs1_rsa_decrypt( &plain, ciphertext, params, params_len, btype)) < 0) {
- gnutls_assert();
- return ret;
- }
+ /* decrypt signature */
+ if ((ret =
+ _gnutls_pkcs1_rsa_decrypt(&plain, ciphertext, params, params_len,
+ btype)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (plain.size != vdata->size) {
- gnutls_assert();
- _gnutls_free_datum( &plain);
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
+ if (plain.size != vdata->size) {
+ gnutls_assert();
+ _gnutls_free_datum(&plain);
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
- if ( memcmp(plain.data, vdata->data, plain.size)!=0) {
- gnutls_assert();
- _gnutls_free_datum( &plain);
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
+ if (memcmp(plain.data, vdata->data, plain.size) != 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&plain);
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
- _gnutls_free_datum( &plain);
+ _gnutls_free_datum(&plain);
- return 0; /* ok */
+ return 0; /* ok */
}
/* encodes the Dss-Sig-Value structure
*/
-static int encode_ber_rs( gnutls_datum* sig_value, mpi_t r, mpi_t s) {
-ASN1_TYPE sig;
-int result, tot_len;
-
- if ((result=asn1_create_element( _gnutls_get_gnutls_asn(), "GNUTLS.DSASignatureValue",
- &sig))!=ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+static int encode_ber_rs(gnutls_datum * sig_value, mpi_t r, mpi_t s)
+{
+ ASN1_TYPE sig;
+ int result, tot_len;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_int(sig, "r", r, 1);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return result;
+ }
- result = _gnutls_x509_write_int( sig, "r", r, 1);
- if ( result < 0) {
- gnutls_assert();
- asn1_delete_structure(&sig);
- return result;
- }
+ result = _gnutls_x509_write_int(sig, "s", s, 1);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return result;
+ }
- result = _gnutls_x509_write_int( sig, "s", s, 1);
- if (result < 0) {
- gnutls_assert();
- asn1_delete_structure(&sig);
- return result;
- }
+ tot_len = 0;
- tot_len = 0;
-
- result = _gnutls_x509_der_encode( sig, "", sig_value, 0);
+ result = _gnutls_x509_der_encode(sig, "", sig_value, 0);
- asn1_delete_structure(&sig);
+ asn1_delete_structure(&sig);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/* Do DSA signature calculation. params is p, q, g, y, x in that order.
*/
-int _gnutls_dsa_sign(gnutls_datum * signature, const gnutls_datum *hash,
+int _gnutls_dsa_sign(gnutls_datum * signature, const gnutls_datum * hash,
mpi_t * params, uint params_len)
{
- mpi_t rs[2], mdata;
- int ret;
- size_t k;
-
- k = hash->size;
- if (k!=20) { /* SHA only */
- gnutls_assert();
- return GNUTLS_E_PK_SIGN_FAILED;
- }
-
- if (_gnutls_mpi_scan(&mdata, hash->data, &k) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- ret = _gnutls_pk_sign(GCRY_PK_DSA, rs, mdata, params, params_len);
- /* rs[0], rs[1] now hold r,s */
- _gnutls_mpi_release(&mdata);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = encode_ber_rs( signature, rs[0], rs[1]);
-
- /* free r,s */
- _gnutls_mpi_release(&rs[0]);
- _gnutls_mpi_release(&rs[1]);
-
- if (ret!=0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
+ mpi_t rs[2], mdata;
+ int ret;
+ size_t k;
+
+ k = hash->size;
+ if (k != 20) { /* SHA only */
+ gnutls_assert();
+ return GNUTLS_E_PK_SIGN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan(&mdata, hash->data, &k) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ ret = _gnutls_pk_sign(GCRY_PK_DSA, rs, mdata, params, params_len);
+ /* rs[0], rs[1] now hold r,s */
+ _gnutls_mpi_release(&mdata);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = encode_ber_rs(signature, rs[0], rs[1]);
+
+ /* free r,s */
+ _gnutls_mpi_release(&rs[0]);
+ _gnutls_mpi_release(&rs[1]);
+
+ if (ret != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
}
/* decodes the Dss-Sig-Value structure
*/
-static int decode_ber_rs( const gnutls_datum* sig_value, mpi_t* r, mpi_t* s) {
-ASN1_TYPE sig;
-int result;
+static int decode_ber_rs(const gnutls_datum * sig_value, mpi_t * r,
+ mpi_t * s)
+{
+ ASN1_TYPE sig;
+ int result;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&sig, sig_value->data, sig_value->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return _gnutls_asn2err(result);
+ }
- if ((result=asn1_create_element( _gnutls_get_gnutls_asn(), "GNUTLS.DSASignatureValue", &sig))!=ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ result = _gnutls_x509_read_int(sig, "r", r);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&sig);
+ return result;
+ }
- result = asn1_der_decoding( &sig, sig_value->data, sig_value->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&sig);
- return _gnutls_asn2err(result);
- }
-
- result =
- _gnutls_x509_read_int( sig, "r", r);
- if (result < 0) {
- gnutls_assert();
- asn1_delete_structure(&sig);
- return result;
- }
+ result = _gnutls_x509_read_int(sig, "s", s);
+ if (result < 0) {
+ gnutls_assert();
+ _gnutls_mpi_release(s);
+ asn1_delete_structure(&sig);
+ return result;
+ }
- result =
- _gnutls_x509_read_int( sig, "s", s);
- if (result < 0) {
- gnutls_assert();
- _gnutls_mpi_release( s);
- asn1_delete_structure(&sig);
- return result;
- }
+ asn1_delete_structure(&sig);
- asn1_delete_structure(&sig);
-
- return 0;
+ return 0;
}
/* params is p, q, g, y in that order
*/
-int _gnutls_dsa_verify( const gnutls_datum* vdata, const gnutls_datum *sig_value,
- mpi_t * params, int params_len) {
-
- mpi_t mdata;
- int ret;
- size_t k;
- mpi_t rs[2];
-
- if (vdata->size != 20) { /* sha-1 only */
- gnutls_assert();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- if (decode_ber_rs( sig_value, &rs[0], &rs[1])!=0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- k = vdata->size;
- if (_gnutls_mpi_scan(&mdata, vdata->data, &k) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- /* decrypt signature */
- ret=_gnutls_pk_verify( GCRY_PK_DSA, mdata, rs, params,
- params_len);
- _gnutls_mpi_release(&mdata);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+int _gnutls_dsa_verify(const gnutls_datum * vdata,
+ const gnutls_datum * sig_value, mpi_t * params,
+ int params_len)
+{
- return 0; /* ok */
+ mpi_t mdata;
+ int ret;
+ size_t k;
+ mpi_t rs[2];
+
+ if (vdata->size != 20) { /* sha-1 only */
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ if (decode_ber_rs(sig_value, &rs[0], &rs[1]) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ k = vdata->size;
+ if (_gnutls_mpi_scan(&mdata, vdata->data, &k) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ /* decrypt signature */
+ ret = _gnutls_pk_verify(GCRY_PK_DSA, mdata, rs, params, params_len);
+ _gnutls_mpi_release(&mdata);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0; /* ok */
}
@@ -513,295 +537,298 @@ int _gnutls_dsa_verify( const gnutls_datum* vdata, const gnutls_datum *sig_value
* Emulate our old PK interface here - sometime in the future we might
* change the internal design to directly fit to libgcrypt.
*/
-static int _gnutls_pk_encrypt(int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey, int pkey_len)
+static int _gnutls_pk_encrypt(int algo, mpi_t * resarr, mpi_t data,
+ mpi_t * pkey, int pkey_len)
{
- gcry_sexp_t s_ciph, s_data, s_pkey;
- int rc=-1;
-
- /* make a sexp from pkey */
- switch (algo) {
- case GCRY_PK_RSA:
- if (pkey_len >= 2)
- rc = gcry_sexp_build(&s_pkey, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- pkey[0], pkey[1]);
- break;
+ gcry_sexp_t s_ciph, s_data, s_pkey;
+ int rc = -1;
+
+ /* make a sexp from pkey */
+ switch (algo) {
+ case GCRY_PK_RSA:
+ if (pkey_len >= 2)
+ rc = gcry_sexp_build(&s_pkey, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ pkey[0], pkey[1]);
+ break;
+
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (rc != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* put the data into a simple list */
+ if (gcry_sexp_build(&s_data, NULL, "%m", data)) {
+ gnutls_assert();
+ gcry_sexp_release(s_pkey);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ /* pass it to libgcrypt */
+ rc = gcry_pk_encrypt(&s_ciph, s_data, s_pkey);
+ gcry_sexp_release(s_data);
+ gcry_sexp_release(s_pkey);
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (rc != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_ENCRYPTION_FAILED;
- /* put the data into a simple list */
- if (gcry_sexp_build(&s_data, NULL, "%m", data)) {
- gnutls_assert();
- gcry_sexp_release(s_pkey);
- return GNUTLS_E_INTERNAL_ERROR;
+ } else { /* add better error handling or make gnupg use S-Exp directly */
+ gcry_sexp_t list = gcry_sexp_find_token(s_ciph, "a", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(s_ciph);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- /* pass it to libgcrypt */
- rc = gcry_pk_encrypt(&s_ciph, s_data, s_pkey);
- gcry_sexp_release(s_data);
- gcry_sexp_release(s_pkey);
+ resarr[0] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_PK_ENCRYPTION_FAILED;
-
- } else { /* add better error handling or make gnupg use S-Exp directly */
- gcry_sexp_t list = gcry_sexp_find_token(s_ciph, "a", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_ciph);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[0] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
-
- if (resarr[0] == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_ciph);
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (resarr[0] == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(s_ciph);
+ return GNUTLS_E_INTERNAL_ERROR;
}
+ }
- gcry_sexp_release(s_ciph);
- return rc;
+ gcry_sexp_release(s_ciph);
+ return rc;
}
-static
-int _gnutls_pk_decrypt(int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey, int pkey_len)
+static
+int _gnutls_pk_decrypt(int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey,
+ int pkey_len)
{
- gcry_sexp_t s_plain, s_data, s_pkey;
- int rc=-1;
-
- /* make a sexp from pkey */
- switch (algo) {
- case GCRY_PK_RSA:
- if (pkey_len >=6)
- rc = gcry_sexp_build(&s_pkey, NULL,
- "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
- pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], pkey[5]);
-
- break;
-
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* put the data into a simple list */
- if (gcry_sexp_build(&s_data, NULL, "(enc-val(rsa(a%m)))", data)) {
- gnutls_assert();
- gcry_sexp_release(s_pkey);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* pass it to libgcrypt */
- rc = gcry_pk_decrypt(&s_plain, s_data, s_pkey);
- gcry_sexp_release(s_data);
+ gcry_sexp_t s_plain, s_data, s_pkey;
+ int rc = -1;
+
+ /* make a sexp from pkey */
+ switch (algo) {
+ case GCRY_PK_RSA:
+ if (pkey_len >= 6)
+ rc = gcry_sexp_build(&s_pkey, NULL,
+ "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
+ pkey[0], pkey[1], pkey[2], pkey[3],
+ pkey[4], pkey[5]);
+
+ break;
+
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (rc != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* put the data into a simple list */
+ if (gcry_sexp_build(&s_data, NULL, "(enc-val(rsa(a%m)))", data)) {
+ gnutls_assert();
gcry_sexp_release(s_pkey);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_PK_DECRYPTION_FAILED;
+ /* pass it to libgcrypt */
+ rc = gcry_pk_decrypt(&s_plain, s_data, s_pkey);
+ gcry_sexp_release(s_data);
+ gcry_sexp_release(s_pkey);
- } else { /* add better error handling or make gnupg use S-Exp directly */
- resarr[0] = gcry_sexp_nth_mpi(s_plain, 0, 0);
+ if (rc != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_DECRYPTION_FAILED;
- if (resarr[0] == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_plain);
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ } else { /* add better error handling or make gnupg use S-Exp directly */
+ resarr[0] = gcry_sexp_nth_mpi(s_plain, 0, 0);
+
+ if (resarr[0] == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(s_plain);
+ return GNUTLS_E_INTERNAL_ERROR;
}
+ }
- gcry_sexp_release(s_plain);
- return rc;
+ gcry_sexp_release(s_plain);
+ return rc;
}
/* in case of DSA puts into data, r,s
*/
-static
-int _gnutls_pk_sign(int algo, mpi_t* data, mpi_t hash, mpi_t * pkey, int pkey_len)
+static
+int _gnutls_pk_sign(int algo, mpi_t * data, mpi_t hash, mpi_t * pkey,
+ int pkey_len)
{
- gcry_sexp_t s_hash, s_key, s_sig;
- int rc=-1;
-
- /* make a sexp from pkey */
- switch (algo) {
- case GCRY_PK_DSA:
- if (pkey_len >= 5)
- rc = gcry_sexp_build(&s_key, NULL,
- "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
- pkey[0], pkey[1], pkey[2],
- pkey[3], pkey[4]);
- else {
- gnutls_assert();
- }
-
- break;
- case GCRY_PK_RSA:
- if (pkey_len >=6)
- rc = gcry_sexp_build(&s_key, NULL,
- "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
- pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], pkey[5]);
- else {
- gnutls_assert();
- }
- break;
-
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ gcry_sexp_t s_hash, s_key, s_sig;
+ int rc = -1;
+
+ /* make a sexp from pkey */
+ switch (algo) {
+ case GCRY_PK_DSA:
+ if (pkey_len >= 5)
+ rc = gcry_sexp_build(&s_key, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
+ pkey[0], pkey[1], pkey[2],
+ pkey[3], pkey[4]);
+ else {
+ gnutls_assert();
}
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ break;
+ case GCRY_PK_RSA:
+ if (pkey_len >= 6)
+ rc = gcry_sexp_build(&s_key, NULL,
+ "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
+ pkey[0], pkey[1], pkey[2], pkey[3],
+ pkey[4], pkey[5]);
+ else {
+ gnutls_assert();
}
+ break;
- /* put the data into a simple list */
- if (gcry_sexp_build(&s_hash, NULL, "%m", hash)) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- /* pass it to libgcrypt */
- rc = gcry_pk_sign(&s_sig, s_hash, s_key);
- gcry_sexp_release(s_hash);
- gcry_sexp_release(s_key);
+ if (rc != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_PK_SIGN_FAILED;
-
- } else {
- gcry_sexp_t list;
-
- if (algo==GCRY_PK_DSA) {
- list = gcry_sexp_find_token( s_sig, "r" , 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_sig);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- data[0] = gcry_sexp_nth_mpi( list, 1, 0 );
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token( s_sig, "s" , 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_sig);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- data[1] = gcry_sexp_nth_mpi( list, 1, 0 );
- gcry_sexp_release (list);
- } else { /* GCRY_PK_RSA */
- list = gcry_sexp_find_token( s_sig, "s" , 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_sig);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- data[0] = gcry_sexp_nth_mpi( list, 1, 0 );
- gcry_sexp_release (list);
- }
- }
+ /* put the data into a simple list */
+ if (gcry_sexp_build(&s_hash, NULL, "%m", hash)) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- gcry_sexp_release(s_sig);
- return 0;
-}
+ /* pass it to libgcrypt */
+ rc = gcry_pk_sign(&s_sig, s_hash, s_key);
+ gcry_sexp_release(s_hash);
+ gcry_sexp_release(s_key);
+ if (rc != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIGN_FAILED;
-static int _gnutls_pk_verify(int algo, mpi_t hash, mpi_t* data, mpi_t *pkey, int pkey_len)
-{
- gcry_sexp_t s_sig, s_hash, s_pkey;
- int rc=-1;
-
- /* make a sexp from pkey */
- switch (algo) {
- case GCRY_PK_DSA:
- if (pkey_len >= 4)
- rc = gcry_sexp_build(&s_pkey, NULL,
- "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
- pkey[0], pkey[1], pkey[2], pkey[3]);
- break;
- case GCRY_PK_RSA:
- if (pkey_len >= 2)
- rc = gcry_sexp_build(&s_pkey, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- pkey[0], pkey[1]);
- break;
+ } else {
+ gcry_sexp_t list;
- default:
+ if (algo == GCRY_PK_DSA) {
+ list = gcry_sexp_find_token(s_sig, "r", 0);
+ if (list == NULL) {
gnutls_assert();
+ gcry_sexp_release(s_sig);
return GNUTLS_E_INTERNAL_ERROR;
- }
+ }
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ data[0] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
- /* put the data into a simple list */
- if (gcry_sexp_build(&s_hash, NULL, "%m", hash)) {
+ list = gcry_sexp_find_token(s_sig, "s", 0);
+ if (list == NULL) {
gnutls_assert();
- gcry_sexp_release(s_pkey);
+ gcry_sexp_release(s_sig);
return GNUTLS_E_INTERNAL_ERROR;
- }
+ }
- switch (algo) {
- case GCRY_PK_DSA:
- rc = gcry_sexp_build(&s_sig, NULL,
- "(sig-val(dsa(r%m)(s%m)))",
- data[0], data[1]);
- break;
- case GCRY_PK_RSA:
- rc = gcry_sexp_build(&s_sig, NULL,
- "(sig-val(rsa(s%m)))",
- data[0]);
- break;
-
- default:
+ data[1] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+ } else { /* GCRY_PK_RSA */
+ list = gcry_sexp_find_token(s_sig, "s", 0);
+ if (list == NULL) {
gnutls_assert();
- gcry_sexp_release(s_pkey);
- gcry_sexp_release(s_hash);
+ gcry_sexp_release(s_sig);
return GNUTLS_E_INTERNAL_ERROR;
- }
+ }
- if (rc != 0) {
- gnutls_assert();
- gcry_sexp_release(s_pkey);
- gcry_sexp_release(s_hash);
- return GNUTLS_E_INTERNAL_ERROR;
+ data[0] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
}
+ }
- rc = gcry_pk_verify( s_sig, s_hash, s_pkey);
-
- gcry_sexp_release(s_sig);
+ gcry_sexp_release(s_sig);
+ return 0;
+}
+
+
+static int _gnutls_pk_verify(int algo, mpi_t hash, mpi_t * data,
+ mpi_t * pkey, int pkey_len)
+{
+ gcry_sexp_t s_sig, s_hash, s_pkey;
+ int rc = -1;
+
+ /* make a sexp from pkey */
+ switch (algo) {
+ case GCRY_PK_DSA:
+ if (pkey_len >= 4)
+ rc = gcry_sexp_build(&s_pkey, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ pkey[0], pkey[1], pkey[2], pkey[3]);
+ break;
+ case GCRY_PK_RSA:
+ if (pkey_len >= 2)
+ rc = gcry_sexp_build(&s_pkey, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ pkey[0], pkey[1]);
+ break;
+
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (rc != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* put the data into a simple list */
+ if (gcry_sexp_build(&s_hash, NULL, "%m", hash)) {
+ gnutls_assert();
+ gcry_sexp_release(s_pkey);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ switch (algo) {
+ case GCRY_PK_DSA:
+ rc = gcry_sexp_build(&s_sig, NULL,
+ "(sig-val(dsa(r%m)(s%m)))", data[0], data[1]);
+ break;
+ case GCRY_PK_RSA:
+ rc = gcry_sexp_build(&s_sig, NULL, "(sig-val(rsa(s%m)))", data[0]);
+ break;
+
+ default:
+ gnutls_assert();
+ gcry_sexp_release(s_pkey);
gcry_sexp_release(s_hash);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (rc != 0) {
+ gnutls_assert();
gcry_sexp_release(s_pkey);
+ gcry_sexp_release(s_hash);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
+ rc = gcry_pk_verify(s_sig, s_hash, s_pkey);
+
+ gcry_sexp_release(s_sig);
+ gcry_sexp_release(s_hash);
+ gcry_sexp_release(s_pkey);
+
+ if (rc != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h
index 9838d6589b..9378706af0 100644
--- a/lib/gnutls_pk.h
+++ b/lib/gnutls_pk.h
@@ -1,15 +1,20 @@
#ifndef GNUTLS_PK_H
# define GNUTLS_PK_H
-int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, const gnutls_datum *plaintext,
- mpi_t * params, uint params_len, uint btype);
-int _gnutls_dsa_sign(gnutls_datum * signature, const gnutls_datum *plaintext,
- mpi_t *params, uint params_len);
-int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, const gnutls_datum* ciphertext,
- mpi_t * params, uint params_len, uint btype);
-int _gnutls_rsa_verify( const gnutls_datum* vdata, const gnutls_datum *ciphertext,
- mpi_t* params, int params_len, int btype);
-int _gnutls_dsa_verify( const gnutls_datum* vdata, const gnutls_datum *sig_value,
- mpi_t * params, int params_len);
+int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext,
+ const gnutls_datum * plaintext,
+ mpi_t * params, uint params_len, uint btype);
+int _gnutls_dsa_sign(gnutls_datum * signature,
+ const gnutls_datum * plaintext, mpi_t * params,
+ uint params_len);
+int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext,
+ const gnutls_datum * ciphertext,
+ mpi_t * params, uint params_len, uint btype);
+int _gnutls_rsa_verify(const gnutls_datum * vdata,
+ const gnutls_datum * ciphertext, mpi_t * params,
+ int params_len, int btype);
+int _gnutls_dsa_verify(const gnutls_datum * vdata,
+ const gnutls_datum * sig_value, mpi_t * params,
+ int params_len);
-#endif /* GNUTLS_PK_H */
+#endif /* GNUTLS_PK_H */
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 7a39b827a1..e3fa10e409 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -42,18 +42,19 @@
**/
int gnutls_cipher_set_priority(gnutls_session session, const int *list)
{
- int num = 0, i;
+ int num = 0, i;
- while (list[num] != 0) num++;
- if (num > MAX_ALGOS) num = MAX_ALGOS;
- session->internals.cipher_algorithm_priority.algorithms = num;
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ session->internals.cipher_algorithm_priority.algorithms = num;
- for (i = 0; i < num; i++) {
- session->internals.cipher_algorithm_priority.priority[i] =
- list[i];
- }
+ for (i = 0; i < num; i++) {
+ session->internals.cipher_algorithm_priority.priority[i] = list[i];
+ }
- return 0;
+ return 0;
}
/**
@@ -70,18 +71,19 @@ int gnutls_cipher_set_priority(gnutls_session session, const int *list)
**/
int gnutls_kx_set_priority(gnutls_session session, const int *list)
{
- int num = 0, i;
+ int num = 0, i;
- while (list[num] != 0) num++;
- if (num > MAX_ALGOS) num = MAX_ALGOS;
- session->internals.kx_algorithm_priority.algorithms = num;
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ session->internals.kx_algorithm_priority.algorithms = num;
- for (i = 0; i < num; i++) {
- session->internals.kx_algorithm_priority.priority[i] =
- list[i];
- }
+ for (i = 0; i < num; i++) {
+ session->internals.kx_algorithm_priority.priority[i] = list[i];
+ }
- return 0;
+ return 0;
}
/**
@@ -98,18 +100,19 @@ int gnutls_kx_set_priority(gnutls_session session, const int *list)
**/
int gnutls_mac_set_priority(gnutls_session session, const int *list)
{
- int num = 0, i;
+ int num = 0, i;
- while (list[num] != 0) num++;
- if (num > MAX_ALGOS) num = MAX_ALGOS;
- session->internals.mac_algorithm_priority.algorithms = num;
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ session->internals.mac_algorithm_priority.algorithms = num;
- for (i = 0; i < num; i++) {
- session->internals.mac_algorithm_priority.priority[i] =
- list[i];
- }
+ for (i = 0; i < num; i++) {
+ session->internals.mac_algorithm_priority.priority[i] = list[i];
+ }
- return 0;
+ return 0;
}
/**
@@ -132,17 +135,19 @@ int gnutls_mac_set_priority(gnutls_session session, const int *list)
int gnutls_compression_set_priority(gnutls_session session,
const int *list)
{
- int num = 0, i;
-
- while (list[num] != 0) num++;
- if (num > MAX_ALGOS) num = MAX_ALGOS;
- session->internals.compression_method_priority.algorithms = num;
-
- for (i = 0; i < num; i++) {
- session->internals.compression_method_priority.
- priority[i] = list[i];
- }
- return 0;
+ int num = 0, i;
+
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ session->internals.compression_method_priority.algorithms = num;
+
+ for (i = 0; i < num; i++) {
+ session->internals.compression_method_priority.
+ priority[i] = list[i];
+ }
+ return 0;
}
/**
@@ -157,23 +162,25 @@ int gnutls_compression_set_priority(gnutls_session session,
**/
int gnutls_protocol_set_priority(gnutls_session session, const int *list)
{
- int num = 0, i;
+ int num = 0, i;
- while (list[num] != 0) num++;
- if (num > MAX_ALGOS) num = MAX_ALGOS;
- session->internals.protocol_priority.algorithms = num;
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ session->internals.protocol_priority.algorithms = num;
- for (i = 0; i < num; i++) {
- session->internals.protocol_priority.priority[i] = list[i];
- }
+ for (i = 0; i < num; i++) {
+ session->internals.protocol_priority.priority[i] = list[i];
+ }
- /* set the current version to the first in the chain.
- * This will be overridden later.
- */
- if (num > 0)
- _gnutls_set_current_version(session, list[0]);
+ /* set the current version to the first in the chain.
+ * This will be overridden later.
+ */
+ if (num > 0)
+ _gnutls_set_current_version(session, list[0]);
- return 0;
+ return 0;
}
/**
@@ -193,22 +200,23 @@ int gnutls_certificate_type_set_priority(gnutls_session session,
{
#ifdef USE_OPENPGP
- int num = 0, i;
+ int num = 0, i;
- while (list[num] != 0) num++;
- if (num > MAX_ALGOS) num = MAX_ALGOS;
- session->internals.cert_type_priority.algorithms = num;
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ session->internals.cert_type_priority.algorithms = num;
- for (i = 0; i < num; i++) {
- session->internals.cert_type_priority.priority[i] =
- list[i];
- }
+ for (i = 0; i < num; i++) {
+ session->internals.cert_type_priority.priority[i] = list[i];
+ }
- return 0;
+ return 0;
#else
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
#endif
}
@@ -231,25 +239,24 @@ int gnutls_certificate_type_set_priority(gnutls_session session,
**/
int gnutls_set_default_priority(gnutls_session session)
{
- static const int protocol_priority[] =
- { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
- static const int kx_priority[] =
- { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, 0 };
- static const int cipher_priority[] = {
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, 0
- };
- static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 };
- static const int mac_priority[] =
- { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 };
-
- gnutls_cipher_set_priority(session, cipher_priority);
- gnutls_compression_set_priority(session, comp_priority);
- gnutls_kx_set_priority(session, kx_priority);
- gnutls_protocol_set_priority(session, protocol_priority);
- gnutls_mac_set_priority(session, mac_priority);
-
- return 0;
+ static const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
+ static const int kx_priority[] =
+ { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, 0 };
+ static const int cipher_priority[] = {
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, 0
+ };
+ static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 };
+ static const int mac_priority[] =
+ { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 };
+
+ gnutls_cipher_set_priority(session, cipher_priority);
+ gnutls_compression_set_priority(session, comp_priority);
+ gnutls_kx_set_priority(session, kx_priority);
+ gnutls_protocol_set_priority(session, protocol_priority);
+ gnutls_mac_set_priority(session, mac_priority);
+
+ return 0;
}
/**
@@ -268,27 +275,27 @@ int gnutls_set_default_priority(gnutls_session session)
**/
int gnutls_set_default_export_priority(gnutls_session session)
{
- static const int protocol_priority[] = {
- GNUTLS_TLS1, GNUTLS_SSL3, 0
- };
- static const int kx_priority[] = {
- GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_RSA_EXPORT, 0
- };
- static const int cipher_priority[] = {
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_CIPHER_ARCFOUR_40, 0
- };
- static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 };
- static const int mac_priority[] =
- { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 };
-
- gnutls_cipher_set_priority(session, cipher_priority);
- gnutls_compression_set_priority(session, comp_priority);
- gnutls_kx_set_priority(session, kx_priority);
- gnutls_protocol_set_priority(session, protocol_priority);
- gnutls_mac_set_priority(session, mac_priority);
-
- return 0;
+ static const int protocol_priority[] = {
+ GNUTLS_TLS1, GNUTLS_SSL3, 0
+ };
+ static const int kx_priority[] = {
+ GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_RSA_EXPORT, 0
+ };
+ static const int cipher_priority[] = {
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_CIPHER_ARCFOUR_40, 0
+ };
+ static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 };
+ static const int mac_priority[] =
+ { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 };
+
+ gnutls_cipher_set_priority(session, cipher_priority);
+ gnutls_compression_set_priority(session, comp_priority);
+ gnutls_kx_set_priority(session, kx_priority);
+ gnutls_protocol_set_priority(session, protocol_priority);
+ gnutls_mac_set_priority(session, mac_priority);
+
+ return 0;
}
diff --git a/lib/gnutls_priority.h b/lib/gnutls_priority.h
index 43cee47ea9..45b84c35d1 100644
--- a/lib/gnutls_priority.h
+++ b/lib/gnutls_priority.h
@@ -18,9 +18,10 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-int gnutls_cipher_set_priority( gnutls_session session, const int*);
-int gnutls_kx_set_priority( gnutls_session session, const int*);
-int gnutls_mac_set_priority( gnutls_session session, const int*);
-int gnutls_compression_set_priority( gnutls_session session, const int*);
-int gnutls_protocol_set_priority( gnutls_session session, const int*);
-int gnutls_certificate_type_set_priority( gnutls_session session, const int*);
+int gnutls_cipher_set_priority(gnutls_session session, const int *);
+int gnutls_kx_set_priority(gnutls_session session, const int *);
+int gnutls_mac_set_priority(gnutls_session session, const int *);
+int gnutls_compression_set_priority(gnutls_session session, const int *);
+int gnutls_protocol_set_priority(gnutls_session session, const int *);
+int gnutls_certificate_type_set_priority(gnutls_session session,
+ const int *);
diff --git a/lib/gnutls_random.c b/lib/gnutls_random.c
index 01e61d4c54..d8360e8e66 100644
--- a/lib/gnutls_random.c
+++ b/lib/gnutls_random.c
@@ -33,11 +33,11 @@
int _gnutls_get_random(opaque * res, int bytes, int level)
{
if (level == GNUTLS_WEAK_RANDOM) {
- gcry_create_nonce( res, bytes);
- return 0;
+ gcry_create_nonce(res, bytes);
+ return 0;
}
- gcry_randomize( res, bytes, level);
+ gcry_randomize(res, bytes, level);
return 0;
}
diff --git a/lib/gnutls_random.h b/lib/gnutls_random.h
index 790ed7d2c9..2cbde3cbf6 100644
--- a/lib/gnutls_random.h
+++ b/lib/gnutls_random.h
@@ -4,4 +4,4 @@
#define GNUTLS_STRONG_RANDOM GCRY_STRONG_RANDOM
#define GNUTLS_VERY_STRONG_RANDOM GCRY_VERY_STRONG_RANDOM
-int _gnutls_get_random(opaque* res, int bytes, int);
+int _gnutls_get_random(opaque * res, int bytes, int);
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index f90d01a683..9cf774dfa4 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -51,14 +51,15 @@
* Returns the version of the currently used protocol.
*
**/
-gnutls_protocol_version gnutls_protocol_get_version(gnutls_session session)
+gnutls_protocol_version gnutls_protocol_get_version(gnutls_session session)
{
- return session->security_parameters.version;
+ return session->security_parameters.version;
}
-void _gnutls_set_current_version(gnutls_session session, gnutls_protocol_version version)
+void _gnutls_set_current_version(gnutls_session session,
+ gnutls_protocol_version version)
{
- session->security_parameters.version = version;
+ session->security_parameters.version = version;
}
/**
@@ -74,9 +75,9 @@ void _gnutls_set_current_version(gnutls_session session, gnutls_protocol_version
* Otherwise it must be called and set lowat to zero.
*
**/
-void gnutls_transport_set_lowat(gnutls_session session, int num)
+void gnutls_transport_set_lowat(gnutls_session session, int num)
{
- session->internals.lowat = num;
+ session->internals.lowat = num;
}
/**
@@ -89,10 +90,11 @@ void gnutls_transport_set_lowat(gnutls_session session, int num)
* handle.
*
**/
-void gnutls_transport_set_ptr(gnutls_session session, gnutls_transport_ptr ptr)
+void gnutls_transport_set_ptr(gnutls_session session,
+ gnutls_transport_ptr ptr)
{
- session->internals.transport_recv_ptr = ptr;
- session->internals.transport_send_ptr = ptr;
+ session->internals.transport_recv_ptr = ptr;
+ session->internals.transport_send_ptr = ptr;
}
@@ -108,11 +110,12 @@ void gnutls_transport_set_ptr(gnutls_session session, gnutls_transport_ptr ptr)
* receiving and sending.
*
**/
-void gnutls_transport_set_ptr2(gnutls_session session, gnutls_transport_ptr recv_ptr,
- gnutls_transport_ptr send_ptr)
+void gnutls_transport_set_ptr2(gnutls_session session,
+ gnutls_transport_ptr recv_ptr,
+ gnutls_transport_ptr send_ptr)
{
- session->internals.transport_send_ptr = send_ptr;
- session->internals.transport_recv_ptr = recv_ptr;
+ session->internals.transport_send_ptr = send_ptr;
+ session->internals.transport_recv_ptr = recv_ptr;
}
/**
@@ -123,9 +126,9 @@ void gnutls_transport_set_ptr2(gnutls_session session, gnutls_transport_ptr recv
* PULL). This must have been set using gnutls_transport_set_ptr().
*
**/
-gnutls_transport_ptr gnutls_transport_get_ptr(gnutls_session session)
+gnutls_transport_ptr gnutls_transport_get_ptr(gnutls_session session)
{
- return session->internals.transport_recv_ptr;
+ return session->internals.transport_recv_ptr;
}
/**
@@ -139,12 +142,12 @@ gnutls_transport_ptr gnutls_transport_get_ptr(gnutls_session session)
*
**/
void gnutls_transport_get_ptr2(gnutls_session session,
- gnutls_transport_ptr *recv_ptr,
- gnutls_transport_ptr *send_ptr)
+ gnutls_transport_ptr * recv_ptr,
+ gnutls_transport_ptr * send_ptr)
{
-
- *recv_ptr = session->internals.transport_recv_ptr;
- *send_ptr = session->internals.transport_send_ptr;
+
+ *recv_ptr = session->internals.transport_recv_ptr;
+ *send_ptr = session->internals.transport_send_ptr;
}
/**
@@ -171,92 +174,94 @@ void gnutls_transport_get_ptr2(gnutls_session session,
* gnutls_record_get_direction().
*
**/
-int gnutls_bye( gnutls_session session, gnutls_close_request how)
+int gnutls_bye(gnutls_session session, gnutls_close_request how)
{
- int ret = 0;
-
- switch (STATE) {
- case STATE0:
- case STATE60:
- ret = _gnutls_io_write_flush( session);
- STATE = STATE60;
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- case STATE61:
- ret = gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY);
- STATE = STATE61;
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- case STATE62:
- if ( how == GNUTLS_SHUT_RDWR) {
- ret = _gnutls_recv_int( session, GNUTLS_ALERT, -1, NULL, 0);
- if (ret >= 0) session->internals.may_not_read = 1;
- }
- STATE = STATE62;
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ int ret = 0;
+
+ switch (STATE) {
+ case STATE0:
+ case STATE60:
+ ret = _gnutls_io_write_flush(session);
+ STATE = STATE60;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- STATE = STATE0;
-
- session->internals.may_not_write = 1;
- return 0;
+ case STATE61:
+ ret =
+ gnutls_alert_send(session, GNUTLS_AL_WARNING,
+ GNUTLS_A_CLOSE_NOTIFY);
+ STATE = STATE61;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ case STATE62:
+ if (how == GNUTLS_SHUT_RDWR) {
+ ret = _gnutls_recv_int(session, GNUTLS_ALERT, -1, NULL, 0);
+ if (ret >= 0)
+ session->internals.may_not_read = 1;
+ }
+ STATE = STATE62;
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ STATE = STATE0;
+
+ session->internals.may_not_write = 1;
+ return 0;
}
-inline
-static void session_invalidate( gnutls_session session)
+inline static void session_invalidate(gnutls_session session)
{
- session->internals.valid_connection = VALID_FALSE;
+ session->internals.valid_connection = VALID_FALSE;
}
-inline
-static void session_unresumable( gnutls_session session)
+inline static void session_unresumable(gnutls_session session)
{
- session->internals.resumable = RESUME_FALSE;
+ session->internals.resumable = RESUME_FALSE;
}
/* returns 0 if session is valid
*/
-inline
-static int session_is_valid( gnutls_session session) {
- if (session->internals.valid_connection==VALID_FALSE)
- return GNUTLS_E_INVALID_SESSION;
-
- return 0;
+inline static int session_is_valid(gnutls_session session)
+{
+ if (session->internals.valid_connection == VALID_FALSE)
+ return GNUTLS_E_INVALID_SESSION;
+
+ return 0;
}
/* Copies the record version into the headers. The
* version must have 2 bytes at least.
*/
-inline static
-void copy_record_version( gnutls_session session, HandshakeType htype,
- opaque version[2])
+inline static
+void copy_record_version(gnutls_session session, HandshakeType htype,
+ opaque version[2])
{
-gnutls_protocol_version lver;
-
- if (htype != GNUTLS_CLIENT_HELLO || session->internals.default_record_version[0] == 0) {
- lver = gnutls_protocol_get_version( session);
-
- version[0] = _gnutls_version_get_major( lver);
- version[1] = _gnutls_version_get_minor( lver);
- } else {
- version[0] = session->internals.default_record_version[0];
- version[1] = session->internals.default_record_version[1];
- }
+ gnutls_protocol_version lver;
+
+ if (htype != GNUTLS_CLIENT_HELLO
+ || session->internals.default_record_version[0] == 0) {
+ lver = gnutls_protocol_get_version(session);
+
+ version[0] = _gnutls_version_get_major(lver);
+ version[1] = _gnutls_version_get_minor(lver);
+ } else {
+ version[0] = session->internals.default_record_version[0];
+ version[1] = session->internals.default_record_version[1];
+ }
}
/* This function behaves exactly like write(). The only difference is
@@ -273,157 +278,174 @@ gnutls_protocol_version lver;
* and only if the previous send was interrupted for some reason.
*
*/
-ssize_t _gnutls_send_int( gnutls_session session, content_type_t type,
- HandshakeType htype, const void *_data, size_t sizeofdata)
+ssize_t _gnutls_send_int(gnutls_session session, content_type_t type,
+ HandshakeType htype, const void *_data,
+ size_t sizeofdata)
{
- uint8 *cipher;
- int cipher_size;
- int retval, ret;
- int data2send_size;
- uint8 headers[5];
- const uint8 *data=_data;
- int erecord_size = 0;
- opaque* erecord = NULL;
-
- /* Do not allow null pointer if the send buffer is empty.
- * If the previous send was interrupted then a null pointer is
- * ok, and means to resume.
- */
- if (session->internals.record_send_buffer.length == 0 &&
- (sizeofdata == 0 || _data==NULL)) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ uint8 *cipher;
+ int cipher_size;
+ int retval, ret;
+ int data2send_size;
+ uint8 headers[5];
+ const uint8 *data = _data;
+ int erecord_size = 0;
+ opaque *erecord = NULL;
+
+ /* Do not allow null pointer if the send buffer is empty.
+ * If the previous send was interrupted then a null pointer is
+ * ok, and means to resume.
+ */
+ if (session->internals.record_send_buffer.length == 0 &&
+ (sizeofdata == 0 || _data == NULL)) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (type != GNUTLS_ALERT) /* alert messages are sent anyway */
+ if (session_is_valid(session)
+ || session->internals.may_not_write != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
}
- if (type!=GNUTLS_ALERT) /* alert messages are sent anyway */
- if ( session_is_valid( session) || session->internals.may_not_write != 0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_SESSION;
- }
+ headers[0] = type;
- headers[0] = type;
-
- /* Use the default record version, if it is
- * set.
- */
- copy_record_version( session, htype, &headers[1]);
+ /* Use the default record version, if it is
+ * set.
+ */
+ copy_record_version(session, htype, &headers[1]);
- _gnutls_record_log( "REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n",
- session, (int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, sizeofdata);
+ _gnutls_record_log
+ ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session,
+ (int) _gnutls_uint64touint32(&session->connection_state.
+ write_sequence_number),
+ _gnutls_packet2str(type), type, sizeofdata);
- if ( sizeofdata > MAX_RECORD_SEND_SIZE)
- data2send_size = MAX_RECORD_SEND_SIZE;
- else
- data2send_size = sizeofdata;
+ if (sizeofdata > MAX_RECORD_SEND_SIZE)
+ data2send_size = MAX_RECORD_SEND_SIZE;
+ else
+ data2send_size = sizeofdata;
- /* Only encrypt if we don't have data to send
- * from the previous run. - probably interrupted.
- */
- if (session->internals.record_send_buffer.length > 0) {
- ret = _gnutls_io_write_flush( session);
- if (ret > 0) cipher_size = ret;
- else cipher_size = 0;
-
- cipher = NULL;
+ /* Only encrypt if we don't have data to send
+ * from the previous run. - probably interrupted.
+ */
+ if (session->internals.record_send_buffer.length > 0) {
+ ret = _gnutls_io_write_flush(session);
+ if (ret > 0)
+ cipher_size = ret;
+ else
+ cipher_size = 0;
- retval = session->internals.record_send_buffer_user_size;
- } else {
+ cipher = NULL;
- /* now proceed to packet encryption
- */
- cipher_size = data2send_size + MAX_RECORD_OVERHEAD;
- cipher = gnutls_malloc( cipher_size);
- if (cipher==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ retval = session->internals.record_send_buffer_user_size;
+ } else {
- cipher_size = _gnutls_encrypt( session, headers, RECORD_HEADER_SIZE, data, data2send_size, cipher,
- cipher_size, type, 1);
- if (cipher_size <= 0) {
- gnutls_assert();
- if (cipher_size==0) cipher_size = GNUTLS_E_ENCRYPTION_FAILED;
- gnutls_afree( erecord);
- gnutls_free( cipher);
- return cipher_size; /* error */
- }
+ /* now proceed to packet encryption
+ */
+ cipher_size = data2send_size + MAX_RECORD_OVERHEAD;
+ cipher = gnutls_malloc(cipher_size);
+ if (cipher == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- retval = data2send_size;
- session->internals.record_send_buffer_user_size = data2send_size;
+ cipher_size =
+ _gnutls_encrypt(session, headers, RECORD_HEADER_SIZE, data,
+ data2send_size, cipher, cipher_size, type, 1);
+ if (cipher_size <= 0) {
+ gnutls_assert();
+ if (cipher_size == 0)
+ cipher_size = GNUTLS_E_ENCRYPTION_FAILED;
+ gnutls_afree(erecord);
+ gnutls_free(cipher);
+ return cipher_size; /* error */
+ }
- /* increase sequence number
- */
- if (_gnutls_uint64pp( &session->connection_state.write_sequence_number) != 0) {
- session_invalidate( session);
- gnutls_assert();
- gnutls_afree( erecord);
- gnutls_free( cipher);
- return GNUTLS_E_RECORD_LIMIT_REACHED;
- }
+ retval = data2send_size;
+ session->internals.record_send_buffer_user_size = data2send_size;
- ret = _gnutls_io_write_buffered2( session, erecord, erecord_size, cipher, cipher_size);
- gnutls_afree( erecord);
- gnutls_free( cipher);
+ /* increase sequence number
+ */
+ if (_gnutls_uint64pp
+ (&session->connection_state.write_sequence_number) != 0) {
+ session_invalidate(session);
+ gnutls_assert();
+ gnutls_afree(erecord);
+ gnutls_free(cipher);
+ return GNUTLS_E_RECORD_LIMIT_REACHED;
}
- if ( ret != cipher_size + erecord_size) {
- if ( ret < 0 && gnutls_error_is_fatal(ret)==0) {
- /* If we have sent any data then just return
- * the error value. Do not invalidate the session.
- */
- gnutls_assert();
- return ret;
- }
-
- if (ret > 0) {
- gnutls_assert();
- ret = GNUTLS_E_INTERNAL_ERROR;
- }
- session_unresumable( session);
- session_invalidate( session);
- gnutls_assert();
- return ret;
+ ret =
+ _gnutls_io_write_buffered2(session, erecord, erecord_size,
+ cipher, cipher_size);
+ gnutls_afree(erecord);
+ gnutls_free(cipher);
+ }
+
+ if (ret != cipher_size + erecord_size) {
+ if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ /* If we have sent any data then just return
+ * the error value. Do not invalidate the session.
+ */
+ gnutls_assert();
+ return ret;
+ }
+
+ if (ret > 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
}
+ session_unresumable(session);
+ session_invalidate(session);
+ gnutls_assert();
+ return ret;
+ }
- session->internals.record_send_buffer_user_size = 0;
+ session->internals.record_send_buffer_user_size = 0;
- _gnutls_record_log( "REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n",
- session, (int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, cipher_size);
+ _gnutls_record_log("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n",
+ session,
+ (int) _gnutls_uint64touint32(&session->
+ connection_state.
+ write_sequence_number),
+ _gnutls_packet2str(type), type, cipher_size);
- return retval;
+ return retval;
}
/* This function is to be called if the handshake was successfully
* completed. This sends a Change Cipher Spec packet to the peer.
*/
-ssize_t _gnutls_send_change_cipher_spec( gnutls_session session, int again)
+ssize_t _gnutls_send_change_cipher_spec(gnutls_session session, int again)
{
- static const opaque data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC };
+ static const opaque data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC };
- _gnutls_handshake_log( "REC[%x]: Sent ChangeCipherSpec\n", session);
+ _gnutls_handshake_log("REC[%x]: Sent ChangeCipherSpec\n", session);
- if (again==0)
- return _gnutls_send_int( session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1);
- else {
- return _gnutls_io_write_flush( session);
- }
+ if (again == 0)
+ return _gnutls_send_int(session, GNUTLS_CHANGE_CIPHER_SPEC, -1,
+ data, 1);
+ else {
+ return _gnutls_io_write_flush(session);
+ }
}
-static int check_recv_type( content_type_t recv_type)
+static int check_recv_type(content_type_t recv_type)
{
- switch( recv_type) {
- case GNUTLS_CHANGE_CIPHER_SPEC:
- case GNUTLS_ALERT:
- case GNUTLS_HANDSHAKE:
- case GNUTLS_APPLICATION_DATA:
- return 0;
- default:
- gnutls_assert();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
+ switch (recv_type) {
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ case GNUTLS_ALERT:
+ case GNUTLS_HANDSHAKE:
+ case GNUTLS_APPLICATION_DATA:
+ return 0;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
}
@@ -431,28 +453,30 @@ static int check_recv_type( content_type_t recv_type)
/* Checks if there are pending data in the record buffers. If there are
* then it copies the data.
*/
-static int check_buffers( gnutls_session session, content_type_t type, opaque* data, int sizeofdata)
+static int check_buffers(gnutls_session session, content_type_t type,
+ opaque * data, int sizeofdata)
{
- if ( (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && _gnutls_record_buffer_get_size(type, session) > 0) {
- int ret, ret2;
- ret = _gnutls_record_buffer_get(type, session, data, sizeofdata);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* if the buffer just got empty */
- if (_gnutls_record_buffer_get_size(type, session)==0) {
- if ( (ret2=_gnutls_io_clear_peeked_data( session)) < 0) {
- gnutls_assert();
- return ret2;
- }
- }
+ if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE)
+ && _gnutls_record_buffer_get_size(type, session) > 0) {
+ int ret, ret2;
+ ret = _gnutls_record_buffer_get(type, session, data, sizeofdata);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return ret;
+ /* if the buffer just got empty */
+ if (_gnutls_record_buffer_get_size(type, session) == 0) {
+ if ((ret2 = _gnutls_io_clear_peeked_data(session)) < 0) {
+ gnutls_assert();
+ return ret2;
+ }
}
-
- return 0;
+
+ return ret;
+ }
+
+ return 0;
}
@@ -461,50 +485,56 @@ static int check_buffers( gnutls_session session, content_type_t type, opaque* d
/* Checks the record headers and returns the length, version and
* content type.
*/
-static
-int record_check_headers( gnutls_session session, uint8 headers[RECORD_HEADER_SIZE], content_type_t type,
- HandshakeType htype, /*output*/ content_type_t *recv_type, opaque version[2], uint16 *length, uint16* header_size)
+static
+int record_check_headers(gnutls_session session,
+ uint8 headers[RECORD_HEADER_SIZE],
+ content_type_t type, HandshakeType htype,
+ /*output */ content_type_t * recv_type,
+ opaque version[2], uint16 * length,
+ uint16 * header_size)
{
- /* Read the first two bytes to determine if this is a
- * version 2 message
+ /* Read the first two bytes to determine if this is a
+ * version 2 message
+ */
+
+ if (htype == GNUTLS_CLIENT_HELLO && type == GNUTLS_HANDSHAKE
+ && headers[0] > 127) {
+
+ /* if msb set and expecting handshake message
+ * it should be SSL 2 hello
*/
+ version[0] = 3; /* assume SSL 3.0 */
+ version[1] = 0;
- if ( htype == GNUTLS_CLIENT_HELLO && type==GNUTLS_HANDSHAKE && headers[0] > 127) {
+ *length = (((headers[0] & 0x7f) << 8)) | headers[1];
- /* if msb set and expecting handshake message
- * it should be SSL 2 hello
- */
- version[0] = 3; /* assume SSL 3.0 */
- version[1] = 0;
-
- *length = (((headers[0] & 0x7f) << 8)) | headers[1];
-
- /* SSL 2.0 headers */
- *header_size = 2;
- *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello
- */
-
- /* in order to assist the handshake protocol.
- * V2 compatibility is a mess.
- */
- session->internals.v2_hello = *length;
+ /* SSL 2.0 headers */
+ *header_size = 2;
+ *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello
+ */
- _gnutls_record_log( "REC[%x]: V2 packet received. Length: %d\n", session, *length);
+ /* in order to assist the handshake protocol.
+ * V2 compatibility is a mess.
+ */
+ session->internals.v2_hello = *length;
- } else {
- /* version 3.x
- */
- *recv_type = headers[0];
- version[0] = headers[1];
- version[1] = headers[2];
+ _gnutls_record_log("REC[%x]: V2 packet received. Length: %d\n",
+ session, *length);
- /* No DECR_LEN, since headers has enough size.
- */
- *length = _gnutls_read_uint16( &headers[3]);
- }
+ } else {
+ /* version 3.x
+ */
+ *recv_type = headers[0];
+ version[0] = headers[1];
+ version[1] = headers[2];
- return 0;
+ /* No DECR_LEN, since headers has enough size.
+ */
+ *length = _gnutls_read_uint16(&headers[3]);
+ }
+
+ return 0;
}
/* Here we check if the advertized version is the one we
@@ -512,19 +542,21 @@ int record_check_headers( gnutls_session session, uint8 headers[RECORD_HEADER_SI
*/
#ifdef CHECK_RECORD_VERSION
inline
-static int record_check_version( gnutls_session session, HandshakeType htype, opaque version[2])
+ static int record_check_version(gnutls_session session,
+ HandshakeType htype, opaque version[2])
{
- if ( (htype!=GNUTLS_CLIENT_HELLO && htype!=GNUTLS_SERVER_HELLO) &&
- gnutls_protocol_get_version(session) != _gnutls_version_get( version[0], version[1])) {
+ if ((htype != GNUTLS_CLIENT_HELLO && htype != GNUTLS_SERVER_HELLO) &&
+ gnutls_protocol_get_version(session) !=
+ _gnutls_version_get(version[0], version[1])) {
- gnutls_assert();
- _gnutls_record_log( "REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n",
- session, htype, version[0], version[1]);
+ gnutls_assert();
+ _gnutls_record_log("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0], version[1]);
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
- return 0;
+ return 0;
}
#else
# define record_check_version(x,y,z) 0
@@ -533,104 +565,114 @@ static int record_check_version( gnutls_session session, HandshakeType htype, op
/* This function will check if the received record type is
* the one we actually expect.
*/
-static int record_check_type( gnutls_session session, content_type_t recv_type,
- content_type_t type, HandshakeType htype, opaque* data, int data_size)
+static int record_check_type(gnutls_session session,
+ content_type_t recv_type, content_type_t type,
+ HandshakeType htype, opaque * data,
+ int data_size)
{
-
- int ret;
-
- if ( (recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE)) {
- _gnutls_record_buffer_put(type, session, (void *) data, data_size);
- } else {
- switch (recv_type) {
- case GNUTLS_ALERT:
-
- _gnutls_record_log( "REC[%x]: Alert[%d|%d] - %s - was received\n",
- session, data[0], data[1], gnutls_alert_get_name((int)data[1]));
-
- session->internals.last_alert = data[1];
-
- /* if close notify is received and
- * the alert is not fatal
- */
- if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) {
- /* If we have been expecting for an alert do
- */
- session->internals.read_eof = 1;
- return GNUTLS_E_INT_RET_0; /* EOF */
- } else {
-
- /* if the alert is FATAL or WARNING
- * return the apropriate message
- */
-
- gnutls_assert();
- ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
- if (data[0] == GNUTLS_AL_FATAL) {
- session_unresumable( session);
- session_invalidate( session);
- ret = GNUTLS_E_FATAL_ALERT_RECEIVED;
- }
-
- return ret;
- }
- break;
-
- case GNUTLS_CHANGE_CIPHER_SPEC:
- /* this packet is now handled in the recv_int()
- * function
- */
- gnutls_assert();
-
- return GNUTLS_E_UNEXPECTED_PACKET;
-
- case GNUTLS_APPLICATION_DATA:
- /* even if data is unexpected put it into the buffer */
- if ( (ret=_gnutls_record_buffer_put(recv_type, session, (void *) data, data_size)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- gnutls_assert();
-
- /* the got_application data is only returned
- * if expecting client hello (for rehandshake
- * reasons). Otherwise it is an unexpected packet
- */
- if (htype == GNUTLS_CLIENT_HELLO && type==GNUTLS_HANDSHAKE)
- return GNUTLS_E_GOT_APPLICATION_DATA;
- else return GNUTLS_E_UNEXPECTED_PACKET;
-
- break;
- case GNUTLS_HANDSHAKE:
- /* This is legal if HELLO_REQUEST is received - and we are a client.
- * If we are a server, a client may initiate a renegotiation at any time.
- */
- if ( session->security_parameters.entity==GNUTLS_SERVER) {
- gnutls_assert();
- return GNUTLS_E_REHANDSHAKE;
- }
-
- /* If we are already in a handshake then a Hello
- * Request is illegal. But here we don't really care
- * since this message will never make it up here.
- */
-
- /* So we accept it */
- return _gnutls_recv_hello_request( session, data, data_size);
-
- break;
- default:
-
- _gnutls_record_log( "REC[%x]: Received Unknown packet %d expecting %d\n",
- session, recv_type, type);
-
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+
+ int ret;
+
+ if ((recv_type == type)
+ && (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE)) {
+ _gnutls_record_buffer_put(type, session, (void *) data, data_size);
+ } else {
+ switch (recv_type) {
+ case GNUTLS_ALERT:
+
+ _gnutls_record_log
+ ("REC[%x]: Alert[%d|%d] - %s - was received\n", session,
+ data[0], data[1], gnutls_alert_get_name((int) data[1]));
+
+ session->internals.last_alert = data[1];
+
+ /* if close notify is received and
+ * the alert is not fatal
+ */
+ if (data[1] == GNUTLS_A_CLOSE_NOTIFY
+ && data[0] != GNUTLS_AL_FATAL) {
+ /* If we have been expecting for an alert do
+ */
+ session->internals.read_eof = 1;
+ return GNUTLS_E_INT_RET_0; /* EOF */
+ } else {
+
+ /* if the alert is FATAL or WARNING
+ * return the apropriate message
+ */
+
+ gnutls_assert();
+ ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
+ if (data[0] == GNUTLS_AL_FATAL) {
+ session_unresumable(session);
+ session_invalidate(session);
+ ret = GNUTLS_E_FATAL_ALERT_RECEIVED;
}
+
+ return ret;
+ }
+ break;
+
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ /* this packet is now handled in the recv_int()
+ * function
+ */
+ gnutls_assert();
+
+ return GNUTLS_E_UNEXPECTED_PACKET;
+
+ case GNUTLS_APPLICATION_DATA:
+ /* even if data is unexpected put it into the buffer */
+ if ((ret =
+ _gnutls_record_buffer_put(recv_type, session,
+ (void *) data,
+ data_size)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ gnutls_assert();
+
+ /* the got_application data is only returned
+ * if expecting client hello (for rehandshake
+ * reasons). Otherwise it is an unexpected packet
+ */
+ if (htype == GNUTLS_CLIENT_HELLO && type == GNUTLS_HANDSHAKE)
+ return GNUTLS_E_GOT_APPLICATION_DATA;
+ else
+ return GNUTLS_E_UNEXPECTED_PACKET;
+
+ break;
+ case GNUTLS_HANDSHAKE:
+ /* This is legal if HELLO_REQUEST is received - and we are a client.
+ * If we are a server, a client may initiate a renegotiation at any time.
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ gnutls_assert();
+ return GNUTLS_E_REHANDSHAKE;
+ }
+
+ /* If we are already in a handshake then a Hello
+ * Request is illegal. But here we don't really care
+ * since this message will never make it up here.
+ */
+
+ /* So we accept it */
+ return _gnutls_recv_hello_request(session, data, data_size);
+
+ break;
+ default:
+
+ _gnutls_record_log
+ ("REC[%x]: Received Unknown packet %d expecting %d\n",
+ session, recv_type, type);
+
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
}
-
- return 0;
+ }
+
+ return 0;
}
@@ -639,35 +681,37 @@ static int record_check_type( gnutls_session session, content_type_t recv_type,
* recv buffer. If the buffer was not initialized before it will
* also initialize it.
*/
-inline
-static int get_temp_recv_buffer( gnutls_session session, gnutls_datum* tmp)
+inline
+ static int get_temp_recv_buffer(gnutls_session session,
+ gnutls_datum * tmp)
{
- /* We allocate MAX_RECORD_RECV_SIZE length
- * because we cannot predict the output data by the record
- * packet length (due to compression).
- */
+ /* We allocate MAX_RECORD_RECV_SIZE length
+ * because we cannot predict the output data by the record
+ * packet length (due to compression).
+ */
- if (MAX_RECORD_RECV_SIZE > session->internals.recv_buffer.size ||
- session->internals.recv_buffer.data == NULL) {
-
- /* Initialize the internal buffer.
- */
- session->internals.recv_buffer.data = gnutls_realloc(
- session->internals.recv_buffer.data, MAX_RECORD_RECV_SIZE);
+ if (MAX_RECORD_RECV_SIZE > session->internals.recv_buffer.size ||
+ session->internals.recv_buffer.data == NULL) {
- if (session->internals.recv_buffer.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- session->internals.recv_buffer.size = MAX_RECORD_RECV_SIZE;
+ /* Initialize the internal buffer.
+ */
+ session->internals.recv_buffer.data =
+ gnutls_realloc(session->internals.recv_buffer.data,
+ MAX_RECORD_RECV_SIZE);
+
+ if (session->internals.recv_buffer.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- tmp->data = session->internals.recv_buffer.data;
- tmp->size = session->internals.recv_buffer.size;
-
- return 0;
+ session->internals.recv_buffer.size = MAX_RECORD_RECV_SIZE;
+ }
+
+ tmp->data = session->internals.recv_buffer.data;
+ tmp->size = session->internals.recv_buffer.size;
+
+ return 0;
}
@@ -680,195 +724,226 @@ static int get_temp_recv_buffer( gnutls_session session, gnutls_datum* tmp)
*
* The HandshakeType was introduced to support SSL V2.0 client hellos.
*/
-ssize_t _gnutls_recv_int( gnutls_session session, content_type_t type,
- HandshakeType htype, opaque *data, size_t sizeofdata)
+ssize_t _gnutls_recv_int(gnutls_session session, content_type_t type,
+ HandshakeType htype, opaque * data,
+ size_t sizeofdata)
{
- gnutls_datum tmp;
- int decrypted_length;
- opaque version[2];
- uint8 *headers;
- content_type_t recv_type;
- uint16 length;
- uint8 *ciphertext;
- uint8 *recv_data;
- int ret, ret2;
- uint16 header_size;
- int empty_packet = 0;
-
- if (type != GNUTLS_ALERT && (sizeofdata == 0 || data == NULL)) {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ gnutls_datum tmp;
+ int decrypted_length;
+ opaque version[2];
+ uint8 *headers;
+ content_type_t recv_type;
+ uint16 length;
+ uint8 *ciphertext;
+ uint8 *recv_data;
+ int ret, ret2;
+ uint16 header_size;
+ int empty_packet = 0;
+
+ if (type != GNUTLS_ALERT && (sizeofdata == 0 || data == NULL)) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ begin:
+
+ if (empty_packet > MAX_EMPTY_PACKETS_SEQUENCE) {
+ gnutls_assert();
+ return GNUTLS_E_TOO_MANY_EMPTY_PACKETS;
+ }
+
+ if (session->internals.read_eof != 0) {
+ /* if we have already read an EOF
+ */
+ return 0;
+ } else if (session_is_valid(session) != 0
+ || session->internals.may_not_read != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_SESSION;
+ }
- begin:
-
- if (empty_packet > MAX_EMPTY_PACKETS_SEQUENCE) {
- gnutls_assert();
- return GNUTLS_E_TOO_MANY_EMPTY_PACKETS;
- }
-
- if (session->internals.read_eof != 0) {
- /* if we have already read an EOF
- */
- return 0;
- } else if ( session_is_valid(session)!=0 || session->internals.may_not_read!=0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_SESSION;
- }
-
/* If we have enough data in the cache do not bother receiving
* a new packet. (in order to flush the cache)
*/
- ret = check_buffers( session, type, data, sizeofdata);
- if (ret != 0)
- return ret;
+ ret = check_buffers(session, type, data, sizeofdata);
+ if (ret != 0)
+ return ret;
/* default headers for TLS 1.0
*/
- header_size = RECORD_HEADER_SIZE;
-
- if ( (ret = _gnutls_io_read_buffered( session, &headers, header_size, -1)) != header_size) {
- if (ret < 0 && gnutls_error_is_fatal(ret)==0) return ret;
-
- session_invalidate( session);
- if (type==GNUTLS_ALERT) {
- gnutls_assert();
- return 0; /* we were expecting close notify */
- }
- session_unresumable( session);
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- if ( (ret=record_check_headers( session, headers, type, htype, &recv_type, version, &length, &header_size)) < 0) {
- gnutls_assert();
- return ret;
+ header_size = RECORD_HEADER_SIZE;
+
+ if ((ret =
+ _gnutls_io_read_buffered(session, &headers, header_size,
+ -1)) != header_size) {
+ if (ret < 0 && gnutls_error_is_fatal(ret) == 0)
+ return ret;
+
+ session_invalidate(session);
+ if (type == GNUTLS_ALERT) {
+ gnutls_assert();
+ return 0; /* we were expecting close notify */
}
+ session_unresumable(session);
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ if ((ret =
+ record_check_headers(session, headers, type, htype, &recv_type,
+ version, &length, &header_size)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
/* Here we check if the Type of the received packet is
* ok.
*/
- if ( (ret = check_recv_type( recv_type)) < 0) {
-
- gnutls_assert();
- return ret;
- }
+ if ((ret = check_recv_type(recv_type)) < 0) {
+
+ gnutls_assert();
+ return ret;
+ }
/* Here we check if the advertized version is the one we
* negotiated in the handshake.
*/
- if ( (ret=record_check_version( session, htype, version)) < 0) {
- gnutls_assert();
- session_invalidate( session);
- return ret;
- }
-
- _gnutls_record_log( "REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n",
- session, (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata);
- _gnutls_record_log( "REC[%x]: Received Packet[%d] %s(%d) with length: %d\n",
- session, (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, length);
-
- if (length > MAX_RECV_SIZE) {
-
- _gnutls_record_log( "REC[%x]: FATAL ERROR: Received packet with length: %d\n", session, length);
-
- session_unresumable( session);
- session_invalidate( session);
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ if ((ret = record_check_version(session, htype, version)) < 0) {
+ gnutls_assert();
+ session_invalidate(session);
+ return ret;
+ }
+
+ _gnutls_record_log
+ ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session,
+ (int) _gnutls_uint64touint32(&session->connection_state.
+ read_sequence_number),
+ _gnutls_packet2str(type), type, sizeofdata);
+ _gnutls_record_log
+ ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", session,
+ (int) _gnutls_uint64touint32(&session->connection_state.
+ read_sequence_number),
+ _gnutls_packet2str(recv_type), recv_type, length);
+
+ if (length > MAX_RECV_SIZE) {
+
+ _gnutls_record_log
+ ("REC[%x]: FATAL ERROR: Received packet with length: %d\n",
+ session, length);
+
+ session_unresumable(session);
+ session_invalidate(session);
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
/* check if we have that data into buffer.
*/
- if ( (ret = _gnutls_io_read_buffered( session, &recv_data, header_size+length, recv_type)) != header_size+length) {
- if (ret<0 && gnutls_error_is_fatal(ret)==0) return ret;
+ if ((ret =
+ _gnutls_io_read_buffered(session, &recv_data,
+ header_size + length,
+ recv_type)) != header_size + length) {
+ if (ret < 0 && gnutls_error_is_fatal(ret) == 0)
+ return ret;
+
+ session_unresumable(session);
+ session_invalidate(session);
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
- session_unresumable( session);
- session_invalidate( session);
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
/* ok now we are sure that we can read all the data - so
* move on !
*/
- _gnutls_io_clear_read_buffer( session);
- ciphertext = &recv_data[header_size];
-
- ret = get_temp_recv_buffer( session, &tmp);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ _gnutls_io_clear_read_buffer(session);
+ ciphertext = &recv_data[header_size];
+
+ ret = get_temp_recv_buffer(session, &tmp);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
/* decrypt the data we got.
*/
- ret = _gnutls_decrypt( session, ciphertext, length, tmp.data, tmp.size, recv_type);
- if (ret < 0) {
- session_unresumable( session);
- session_invalidate( session);
- gnutls_assert();
- return ret;
- }
- decrypted_length = ret;
+ ret =
+ _gnutls_decrypt(session, ciphertext, length, tmp.data, tmp.size,
+ recv_type);
+ if (ret < 0) {
+ session_unresumable(session);
+ session_invalidate(session);
+ gnutls_assert();
+ return ret;
+ }
+ decrypted_length = ret;
/* Check if this is a CHANGE_CIPHER_SPEC
*/
- if (type == GNUTLS_CHANGE_CIPHER_SPEC && recv_type == GNUTLS_CHANGE_CIPHER_SPEC) {
-
- _gnutls_record_log( "REC[%x]: ChangeCipherSpec Packet was received\n", session);
+ if (type == GNUTLS_CHANGE_CIPHER_SPEC
+ && recv_type == GNUTLS_CHANGE_CIPHER_SPEC) {
- if ((size_t)ret!=sizeofdata) { /* sizeofdata should be 1 */
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
- memcpy( data, tmp.data, sizeofdata);
+ _gnutls_record_log
+ ("REC[%x]: ChangeCipherSpec Packet was received\n", session);
- return ret;
+ if ((size_t) ret != sizeofdata) { /* sizeofdata should be 1 */
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
+ memcpy(data, tmp.data, sizeofdata);
+
+ return ret;
+ }
- _gnutls_record_log( "REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n",
- session, (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, decrypted_length);
+ _gnutls_record_log
+ ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session,
+ (int) _gnutls_uint64touint32(&session->connection_state.
+ read_sequence_number),
+ _gnutls_packet2str(recv_type), recv_type, decrypted_length);
/* increase sequence number
*/
- if (_gnutls_uint64pp( &session->connection_state.read_sequence_number)!=0) {
- session_invalidate( session);
- gnutls_assert();
- return GNUTLS_E_RECORD_LIMIT_REACHED;
- }
-
- ret= record_check_type( session, recv_type, type, htype, tmp.data, decrypted_length);
- if (ret < 0) {
- if (ret==GNUTLS_E_INT_RET_0) return 0;
- gnutls_assert();
- return ret;
- }
+ if (_gnutls_uint64pp(&session->connection_state.read_sequence_number)
+ != 0) {
+ session_invalidate(session);
+ gnutls_assert();
+ return GNUTLS_E_RECORD_LIMIT_REACHED;
+ }
+
+ ret =
+ record_check_type(session, recv_type, type, htype, tmp.data,
+ decrypted_length);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_INT_RET_0)
+ return 0;
+ gnutls_assert();
+ return ret;
+ }
/* Get Application data from buffer
*/
- if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && (recv_type == type)) {
+ if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE)
+ && (recv_type == type)) {
- ret = _gnutls_record_buffer_get(type, session, data, sizeofdata);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_record_buffer_get(type, session, data, sizeofdata);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
/* if the buffer just got empty
- */
- if (_gnutls_record_buffer_get_size(type, session)==0) {
- if ( (ret2 = _gnutls_io_clear_peeked_data( session)) < 0) {
- gnutls_assert();
- return ret2;
- }
- }
- } else {
+ */
+ if (_gnutls_record_buffer_get_size(type, session) == 0) {
+ if ((ret2 = _gnutls_io_clear_peeked_data(session)) < 0) {
gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET;
+ return ret2;
+ }
+ }
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
/* we didn't get what we wanted to
*/
- }
+ }
/* (originally for) TLS 1.0 CBC protection.
* Actually this code is called if we just received
@@ -877,12 +952,12 @@ ssize_t _gnutls_recv_int( gnutls_session session, content_type_t type,
* In that case we go to the beginning and start reading
* the next packet.
*/
- if (ret==0) {
- empty_packet++;
- goto begin;
- }
-
- return ret;
+ if (ret == 0) {
+ empty_packet++;
+ goto begin;
+ }
+
+ return ret;
}
@@ -910,9 +985,11 @@ ssize_t _gnutls_recv_int( gnutls_session session, content_type_t type,
* maximum record size.
*
**/
-ssize_t gnutls_record_send( gnutls_session session, const void *data, size_t sizeofdata)
+ssize_t gnutls_record_send(gnutls_session session, const void *data,
+ size_t sizeofdata)
{
- return _gnutls_send_int( session, GNUTLS_APPLICATION_DATA, -1, data, sizeofdata);
+ return _gnutls_send_int(session, GNUTLS_APPLICATION_DATA, -1, data,
+ sizeofdata);
}
/**
@@ -937,9 +1014,11 @@ ssize_t gnutls_record_send( gnutls_session session, const void *data, size_t siz
* A negative error code is returned in case of an error.
*
**/
-ssize_t gnutls_record_recv( gnutls_session session, void *data, size_t sizeofdata)
+ssize_t gnutls_record_recv(gnutls_session session, void *data,
+ size_t sizeofdata)
{
- return _gnutls_recv_int( session, GNUTLS_APPLICATION_DATA, -1, data, sizeofdata);
+ return _gnutls_recv_int(session, GNUTLS_APPLICATION_DATA, -1, data,
+ sizeofdata);
}
/**
@@ -951,12 +1030,12 @@ ssize_t gnutls_record_recv( gnutls_session session, void *data, size_t sizeofdat
* first handshake message.
*
**/
-size_t gnutls_record_get_max_size( gnutls_session session)
+size_t gnutls_record_get_max_size(gnutls_session session)
{
- /* Recv will hold the negotiated max record size
- * always.
- */
- return session->security_parameters.max_record_recv_size;
+ /* Recv will hold the negotiated max record size
+ * always.
+ */
+ return session->security_parameters.max_record_recv_size;
}
@@ -978,23 +1057,23 @@ size_t gnutls_record_get_max_size( gnutls_session session)
* Not all TLS implementations use or even understand this extension.
*
**/
-ssize_t gnutls_record_set_max_size( gnutls_session session, size_t size)
+ssize_t gnutls_record_set_max_size(gnutls_session session, size_t size)
{
-ssize_t new_size;
+ ssize_t new_size;
- if (session->security_parameters.entity==GNUTLS_SERVER)
- return GNUTLS_E_INVALID_REQUEST;
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return GNUTLS_E_INVALID_REQUEST;
- new_size = _gnutls_mre_record2num( size);
+ new_size = _gnutls_mre_record2num(size);
- if (new_size < 0) {
- gnutls_assert();
- return new_size;
- }
-
- session->security_parameters.max_record_send_size = size;
+ if (new_size < 0) {
+ gnutls_assert();
+ return new_size;
+ }
- session->internals.proposed_record_size = size;
+ session->security_parameters.max_record_send_size = size;
- return 0;
+ session->internals.proposed_record_size = size;
+
+ return 0;
}
diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h
index 2b4f5e4f92..1952f487da 100644
--- a/lib/gnutls_record.h
+++ b/lib/gnutls_record.h
@@ -1,6 +1,7 @@
-ssize_t _gnutls_send_int( gnutls_session session, content_type_t type,
- HandshakeType htype, const void* data, size_t sizeofdata);
-ssize_t _gnutls_recv_int( gnutls_session session, content_type_t type,
- HandshakeType, opaque* data, size_t sizeofdata);
-ssize_t _gnutls_send_change_cipher_spec( gnutls_session session, int again);
+ssize_t _gnutls_send_int(gnutls_session session, content_type_t type,
+ HandshakeType htype, const void *data,
+ size_t sizeofdata);
+ssize_t _gnutls_recv_int(gnutls_session session, content_type_t type,
+ HandshakeType, opaque * data, size_t sizeofdata);
+ssize_t _gnutls_send_change_cipher_spec(gnutls_session session, int again);
void gnutls_transport_set_lowat(gnutls_session session, int num);
diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c
index 597a45145a..84d25436d9 100644
--- a/lib/gnutls_rsa_export.c
+++ b/lib/gnutls_rsa_export.c
@@ -23,7 +23,7 @@
/* This file contains code for RSA temporary keys. These keys are
* only used in export cipher suites.
*/
-
+
#include <gnutls_int.h>
#include <gnutls_errors.h>
#include <gnutls_datum.h>
@@ -42,114 +42,114 @@
/* returns e and m, depends on the requested bits.
* We only support limited key sizes.
*/
-const mpi_t* _gnutls_get_rsa_params(gnutls_rsa_params rsa_params)
+const mpi_t *_gnutls_get_rsa_params(gnutls_rsa_params rsa_params)
{
- if (rsa_params == NULL) {
- return NULL;
- }
+ if (rsa_params == NULL) {
+ return NULL;
+ }
- return rsa_params->params;
+ return rsa_params->params;
}
/* resarr will contain: modulus(0), public exponent(1), private exponent(2),
* prime1 - p (3), prime2 - q(4), u (5).
*/
-int _gnutls_rsa_generate_params(mpi_t* resarr, int* resarr_len, int bits)
+int _gnutls_rsa_generate_params(mpi_t * resarr, int *resarr_len, int bits)
{
- int ret;
- gcry_sexp_t parms, key, list;
-
- ret = gcry_sexp_build( &parms, NULL, "(genkey(rsa(nbits %d)))", bits);
- if (ret != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* generate the RSA key */
- ret = gcry_pk_genkey( &key, parms);
- gcry_sexp_release( parms);
-
- if (ret != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- list = gcry_sexp_find_token( key, "n", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[0] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
-
- list = gcry_sexp_find_token( key, "e", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[1] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
-
- list = gcry_sexp_find_token( key, "d", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[2] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
-
- list = gcry_sexp_find_token( key, "p", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[3] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
-
-
- list = gcry_sexp_find_token( key, "q", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[4] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
-
-
- list = gcry_sexp_find_token( key, "u", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[5] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
+ int ret;
+ gcry_sexp_t parms, key, list;
+
+ ret = gcry_sexp_build(&parms, NULL, "(genkey(rsa(nbits %d)))", bits);
+ if (ret != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* generate the RSA key */
+ ret = gcry_pk_genkey(&key, parms);
+ gcry_sexp_release(parms);
+
+ if (ret != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ list = gcry_sexp_find_token(key, "n", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[0] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+ list = gcry_sexp_find_token(key, "e", 0);
+ if (list == NULL) {
+ gnutls_assert();
gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- _gnutls_dump_mpi( "n: ", resarr[0]);
- _gnutls_dump_mpi( "e: ", resarr[1]);
- _gnutls_dump_mpi( "d: ", resarr[2]);
- _gnutls_dump_mpi( "p: ", resarr[3]);
- _gnutls_dump_mpi( "q: ", resarr[4]);
- _gnutls_dump_mpi( "u: ", resarr[5]);
-
- *resarr_len = 6;
+ resarr[1] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
- return 0;
+ list = gcry_sexp_find_token(key, "d", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[2] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+ list = gcry_sexp_find_token(key, "p", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[3] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+
+ list = gcry_sexp_find_token(key, "q", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[4] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+
+ list = gcry_sexp_find_token(key, "u", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[5] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+ gcry_sexp_release(key);
+
+ _gnutls_dump_mpi("n: ", resarr[0]);
+ _gnutls_dump_mpi("e: ", resarr[1]);
+ _gnutls_dump_mpi("d: ", resarr[2]);
+ _gnutls_dump_mpi("p: ", resarr[3]);
+ _gnutls_dump_mpi("q: ", resarr[4]);
+ _gnutls_dump_mpi("u: ", resarr[5]);
+
+ *resarr_len = 6;
+
+ return 0;
}
@@ -168,13 +168,16 @@ int _gnutls_rsa_generate_params(mpi_t* resarr, int* resarr_len, int bits)
* The new parameters should be stored in the appropriate gnutls_datum.
*
**/
-int gnutls_rsa_params_import_raw(gnutls_rsa_params rsa_params,
- const gnutls_datum *m, const gnutls_datum *e,
- const gnutls_datum *d, const gnutls_datum *p,
- const gnutls_datum *q, const gnutls_datum *u)
+int gnutls_rsa_params_import_raw(gnutls_rsa_params rsa_params,
+ const gnutls_datum * m,
+ const gnutls_datum * e,
+ const gnutls_datum * d,
+ const gnutls_datum * p,
+ const gnutls_datum * q,
+ const gnutls_datum * u)
{
- return gnutls_x509_privkey_import_rsa_raw( rsa_params,
- m, e, d, p, q, u);
+ return gnutls_x509_privkey_import_rsa_raw(rsa_params,
+ m, e, d, p, q, u);
}
/**
@@ -186,17 +189,17 @@ int gnutls_rsa_params_import_raw(gnutls_rsa_params rsa_params,
**/
int gnutls_rsa_params_init(gnutls_rsa_params * rsa_params)
{
-int ret;
-
- ret = gnutls_x509_privkey_init( rsa_params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- (*rsa_params)->crippled = 1;
-
- return 0;
+ int ret;
+
+ ret = gnutls_x509_privkey_init(rsa_params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ (*rsa_params)->crippled = 1;
+
+ return 0;
}
/**
@@ -208,7 +211,7 @@ int ret;
**/
void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params)
{
- gnutls_x509_privkey_deinit(rsa_params);
+ gnutls_x509_privkey_deinit(rsa_params);
}
/**
@@ -222,7 +225,7 @@ void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params)
**/
int gnutls_rsa_params_cpy(gnutls_rsa_params dst, gnutls_rsa_params src)
{
- return gnutls_x509_privkey_cpy( dst, src);
+ return gnutls_x509_privkey_cpy(dst, src);
}
/**
@@ -240,9 +243,10 @@ int gnutls_rsa_params_cpy(gnutls_rsa_params dst, gnutls_rsa_params src)
* no use calling this in client side.
*
**/
-int gnutls_rsa_params_generate2(gnutls_rsa_params params, unsigned int bits)
+int gnutls_rsa_params_generate2(gnutls_rsa_params params,
+ unsigned int bits)
{
- return gnutls_x509_privkey_generate( params, GNUTLS_PK_RSA, bits, 0);
+ return gnutls_x509_privkey_generate(params, GNUTLS_PK_RSA, bits, 0);
}
/**
@@ -261,11 +265,11 @@ int gnutls_rsa_params_generate2(gnutls_rsa_params params, unsigned int bits)
* 0 on success.
*
**/
-int gnutls_rsa_params_import_pkcs1(gnutls_rsa_params params,
- const gnutls_datum * pkcs1_params, gnutls_x509_crt_fmt format)
+int gnutls_rsa_params_import_pkcs1(gnutls_rsa_params params,
+ const gnutls_datum * pkcs1_params,
+ gnutls_x509_crt_fmt format)
{
- return gnutls_x509_privkey_import( params, pkcs1_params,
- format);
+ return gnutls_x509_privkey_import(params, pkcs1_params, format);
}
@@ -287,12 +291,13 @@ int gnutls_rsa_params_import_pkcs1(gnutls_rsa_params params,
* 0 on success.
*
**/
-int gnutls_rsa_params_export_pkcs1( gnutls_rsa_params params,
- gnutls_x509_crt_fmt format, unsigned char* params_data,
- size_t* params_data_size)
+int gnutls_rsa_params_export_pkcs1(gnutls_rsa_params params,
+ gnutls_x509_crt_fmt format,
+ unsigned char *params_data,
+ size_t * params_data_size)
{
- return gnutls_x509_privkey_export( params, format,
- params_data, params_data_size);
+ return gnutls_x509_privkey_export(params, format,
+ params_data, params_data_size);
}
@@ -313,21 +318,22 @@ int gnutls_rsa_params_export_pkcs1( gnutls_rsa_params params,
*
**/
int gnutls_rsa_params_export_raw(gnutls_rsa_params params,
- gnutls_datum * m, gnutls_datum *e,
- gnutls_datum *d, gnutls_datum *p, gnutls_datum* q,
- gnutls_datum* u, unsigned int *bits)
+ gnutls_datum * m, gnutls_datum * e,
+ gnutls_datum * d, gnutls_datum * p,
+ gnutls_datum * q, gnutls_datum * u,
+ unsigned int *bits)
{
-int ret;
+ int ret;
- ret = gnutls_x509_privkey_export_rsa_raw( params, m, e, d, p, q, u);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = gnutls_x509_privkey_export_rsa_raw(params, m, e, d, p, q, u);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (bits)
- *bits = _gnutls_mpi_get_nbits(params->params[3]);
+ if (bits)
+ *bits = _gnutls_mpi_get_nbits(params->params[3]);
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_rsa_export.h b/lib/gnutls_rsa_export.h
index ce2c70e4f0..0d18464982 100644
--- a/lib/gnutls_rsa_export.h
+++ b/lib/gnutls_rsa_export.h
@@ -18,8 +18,7 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-const mpi_t* _gnutls_get_rsa_params(gnutls_rsa_params);
-int _gnutls_peers_cert_less_512( gnutls_session session);
-int _gnutls_rsa_generate_params(mpi_t* resarr, int* resarr_len, int bits);
+const mpi_t *_gnutls_get_rsa_params(gnutls_rsa_params);
+int _gnutls_peers_cert_less_512(gnutls_session session);
+int _gnutls_rsa_generate_params(mpi_t * resarr, int *resarr_len, int bits);
void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params);
-
diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c
index ca043c5b21..9eabfa043f 100644
--- a/lib/gnutls_session.c
+++ b/lib/gnutls_session.c
@@ -39,34 +39,35 @@
*
* Resuming sessions is really useful and speedups connections after a succesful one.
**/
-int gnutls_session_get_data( gnutls_session session,
- void* session_data, size_t *session_data_size)
+int gnutls_session_get_data(gnutls_session session,
+ void *session_data, size_t * session_data_size)
{
- gnutls_datum psession;
- int ret;
-
- if (*session_data_size < SESSION_SIZE || session_data==NULL) {
- *session_data_size = SESSION_SIZE;
- session_data = NULL; /* return with the new session_data_size value */
- }
-
- if (session->internals.resumable==RESUME_FALSE) return GNUTLS_E_INVALID_SESSION;
- /* just return the session size */
- if (session_data==NULL) {
- return 0;
- }
-
- psession.data = session_data;
-
- ret = _gnutls_session_pack( session, &psession);
- if (ret< 0) {
- gnutls_assert();
- return ret;
- }
- *session_data_size = psession.size;
+ gnutls_datum psession;
+ int ret;
+ if (*session_data_size < SESSION_SIZE || session_data == NULL) {
+ *session_data_size = SESSION_SIZE;
+ session_data = NULL; /* return with the new session_data_size value */
+ }
+
+ if (session->internals.resumable == RESUME_FALSE)
+ return GNUTLS_E_INVALID_SESSION;
+ /* just return the session size */
+ if (session_data == NULL) {
return 0;
+ }
+
+ psession.data = session_data;
+
+ ret = _gnutls_session_pack(session, &psession);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ *session_data_size = psession.size;
+
+ return 0;
}
@@ -84,19 +85,20 @@ int gnutls_session_get_data( gnutls_session session,
* Session id is some data set by the server, that identify the current session.
* In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes.
**/
-int gnutls_session_get_id( gnutls_session session,
- void* session_id, size_t *session_id_size)
+int gnutls_session_get_id(gnutls_session session,
+ void *session_id, size_t * session_id_size)
{
- *session_id_size = session->security_parameters.session_id_size;
-
- /* just return the session size */
- if (session_id==NULL) {
- return 0;
- }
- memcpy( session_id, &session->security_parameters.session_id, *session_id_size);
-
+ *session_id_size = session->security_parameters.session_id_size;
+
+ /* just return the session size */
+ if (session_id == NULL) {
return 0;
+ }
+ memcpy(session_id, &session->security_parameters.session_id,
+ *session_id_size);
+
+ return 0;
}
/**
@@ -116,24 +118,25 @@ int gnutls_session_get_id( gnutls_session session,
* Returns a negative value on error.
*
**/
-int gnutls_session_set_data( gnutls_session session, const void* session_data,
- size_t session_data_size)
+int gnutls_session_set_data(gnutls_session session,
+ const void *session_data,
+ size_t session_data_size)
{
- int ret;
- gnutls_datum psession;
-
- psession.data = (opaque*)session_data;
- psession.size = session_data_size;
-
- if (session_data==NULL || session_data_size == 0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
- ret = _gnutls_session_unpack( session, &psession);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return 0;
+ int ret;
+ gnutls_datum psession;
+
+ psession.data = (opaque *) session_data;
+ psession.size = session_data_size;
+
+ if (session_data == NULL || session_data_size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ ret = _gnutls_session_unpack(session, &psession);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
diff --git a/lib/gnutls_session.h b/lib/gnutls_session.h
index c9c25b4fa4..882d56fed0 100644
--- a/lib/gnutls_session.h
+++ b/lib/gnutls_session.h
@@ -18,5 +18,8 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-int gnutls_session_set_data( gnutls_session session, const opaque* session_data, int session_data_size);
-int gnutls_session_get_data( gnutls_session session, opaque* session_data, int *session_data_size);
+int gnutls_session_set_data(gnutls_session session,
+ const opaque * session_data,
+ int session_data_size);
+int gnutls_session_get_data(gnutls_session session, opaque * session_data,
+ int *session_data_size);
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index 3fff4977fb..ff0c990621 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
-
+
/* Contains functions that are supposed to pack and unpack session data,
* before and after they are sent to the database backend.
*/
@@ -35,382 +35,391 @@
#include <gnutls_num.h>
#define PACK_HEADER_SIZE 1
-int _gnutls_pack_certificate_auth_info( cert_auth_info_t info,
- gnutls_datum * packed_session);
+int _gnutls_pack_certificate_auth_info(cert_auth_info_t info,
+ gnutls_datum * packed_session);
int _gnutls_unpack_certificate_auth_info(cert_auth_info_t info,
- const gnutls_datum * packed_session);
-static int _gnutls_pack_certificate_auth_info_size( cert_auth_info_t info);
+ const gnutls_datum *
+ packed_session);
+static int _gnutls_pack_certificate_auth_info_size(cert_auth_info_t info);
/* Since auth_info structures contain malloced data, this function
* is required in order to pack these structures in a vector in
* order to store them to the DB.
*/
-int _gnutls_session_pack(gnutls_session session, gnutls_datum * packed_session)
+int _gnutls_session_pack(gnutls_session session,
+ gnutls_datum * packed_session)
{
- uint32 pack_size;
- int ret;
+ uint32 pack_size;
+ int ret;
- if (packed_session==NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (packed_session == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- switch (gnutls_auth_get_type(session)) {
+ switch (gnutls_auth_get_type(session)) {
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:{
- srp_server_auth_info_t info =
- _gnutls_get_auth_info(session);
-
-
- if (info == NULL && session->key->auth_info_size!=0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- pack_size = session->key->auth_info_size;
- packed_session->size =
- PACK_HEADER_SIZE + pack_size + sizeof(uint32);
-
- packed_session->data[0] = GNUTLS_CRD_SRP;
- _gnutls_write_uint32(pack_size,
- &packed_session->
- data[PACK_HEADER_SIZE]);
-
- if (session->key->auth_info_size > 0)
- memcpy(&packed_session->
- data[PACK_HEADER_SIZE + sizeof(uint32)],
- info, session->key->auth_info_size);
+ case GNUTLS_CRD_SRP:{
+ srp_server_auth_info_t info = _gnutls_get_auth_info(session);
- }
- break;
-#endif
- case GNUTLS_CRD_ANON:{
- anon_client_auth_info_t info =
- _gnutls_get_auth_info(session);
- if (info == NULL && session->key->auth_info_size!=0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- packed_session->size =
- PACK_HEADER_SIZE + session->key->auth_info_size + sizeof(uint32);
-
- packed_session->data[0] = GNUTLS_CRD_ANON;
- _gnutls_write_uint32(session->key->auth_info_size,
- &packed_session->
- data[PACK_HEADER_SIZE]);
-
- if (session->key->auth_info_size > 0)
- memcpy(&packed_session->
- data[PACK_HEADER_SIZE + sizeof(uint32)],
- info, session->key->auth_info_size);
-
- }
- break;
- case GNUTLS_CRD_CERTIFICATE:{
- cert_auth_info_t info =
- _gnutls_get_auth_info(session);
- if (info == NULL && session->key->auth_info_size!=0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- _gnutls_pack_certificate_auth_info(info,
- packed_session);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- }
- break;
- default:
- return GNUTLS_E_INTERNAL_ERROR;
+ if (info == NULL && session->key->auth_info_size != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pack_size = session->key->auth_info_size;
+ packed_session->size =
+ PACK_HEADER_SIZE + pack_size + sizeof(uint32);
+
+ packed_session->data[0] = GNUTLS_CRD_SRP;
+ _gnutls_write_uint32(pack_size,
+ &packed_session->data[PACK_HEADER_SIZE]);
+
+ if (session->key->auth_info_size > 0)
+ memcpy(&packed_session->
+ data[PACK_HEADER_SIZE + sizeof(uint32)],
+ info, session->key->auth_info_size);
}
- /* Auth_info structures copied. Now copy security_parameters_st.
- */
- packed_session->size += sizeof(security_parameters_st)+sizeof(uint32);
+ break;
+#endif
+ case GNUTLS_CRD_ANON:{
+ anon_client_auth_info_t info = _gnutls_get_auth_info(session);
+ if (info == NULL && session->key->auth_info_size != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ packed_session->size =
+ PACK_HEADER_SIZE + session->key->auth_info_size +
+ sizeof(uint32);
+
+ packed_session->data[0] = GNUTLS_CRD_ANON;
+ _gnutls_write_uint32(session->key->auth_info_size,
+ &packed_session->data[PACK_HEADER_SIZE]);
+
+ if (session->key->auth_info_size > 0)
+ memcpy(&packed_session->
+ data[PACK_HEADER_SIZE + sizeof(uint32)],
+ info, session->key->auth_info_size);
- _gnutls_write_uint32( sizeof(security_parameters_st), &packed_session->data[packed_session->size - sizeof(security_parameters_st) - sizeof(uint32)]);
- memcpy(&packed_session->
- data[packed_session->size - sizeof(security_parameters_st)],
- &session->security_parameters, sizeof(security_parameters_st));
+ }
+ break;
+ case GNUTLS_CRD_CERTIFICATE:{
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+ if (info == NULL && session->key->auth_info_size != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return 0;
+ ret = _gnutls_pack_certificate_auth_info(info, packed_session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ }
+ break;
+ default:
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ }
+
+ /* Auth_info structures copied. Now copy security_parameters_st.
+ */
+ packed_session->size +=
+ sizeof(security_parameters_st) + sizeof(uint32);
+
+ _gnutls_write_uint32(sizeof(security_parameters_st),
+ &packed_session->data[packed_session->size -
+ sizeof
+ (security_parameters_st) -
+ sizeof(uint32)]);
+ memcpy(&packed_session->
+ data[packed_session->size - sizeof(security_parameters_st)],
+ &session->security_parameters, sizeof(security_parameters_st));
+
+ return 0;
}
/* Returns the size needed to hold the current session.
*/
-uint _gnutls_session_size( gnutls_session session)
+uint _gnutls_session_size(gnutls_session session)
{
- uint32 pack_size;
+ uint32 pack_size;
- pack_size = PACK_HEADER_SIZE + sizeof(uint32);
+ pack_size = PACK_HEADER_SIZE + sizeof(uint32);
- switch ( gnutls_auth_get_type(session)) {
- case GNUTLS_CRD_SRP:
- case GNUTLS_CRD_ANON:
- pack_size += session->key->auth_info_size;
- break;
- case GNUTLS_CRD_CERTIFICATE: {
- cert_auth_info_t info =
- _gnutls_get_auth_info(session);
-
- pack_size += _gnutls_pack_certificate_auth_info_size( info);
- }
- break;
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_SRP:
+ case GNUTLS_CRD_ANON:
+ pack_size += session->key->auth_info_size;
+ break;
+ case GNUTLS_CRD_CERTIFICATE:{
+ cert_auth_info_t info = _gnutls_get_auth_info(session);
+
+ pack_size += _gnutls_pack_certificate_auth_info_size(info);
}
+ break;
+ }
- /* Auth_info structures copied. Now copy security_parameters_st.
- */
- pack_size += sizeof(security_parameters_st) + sizeof(uint32);
+ /* Auth_info structures copied. Now copy security_parameters_st.
+ */
+ pack_size += sizeof(security_parameters_st) + sizeof(uint32);
- return pack_size;
+ return pack_size;
}
int _gnutls_session_unpack(gnutls_session session,
const gnutls_datum * packed_session)
{
- uint32 pack_size;
- int ret;
- time_t timestamp = time(0);
- security_parameters_st sp;
+ uint32 pack_size;
+ int ret;
+ time_t timestamp = time(0);
+ security_parameters_st sp;
- if (packed_session==NULL || packed_session->size == 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (packed_session == NULL || packed_session->size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (session->key->auth_info != NULL) {
- _gnutls_free_auth_info( session);
- }
-
- switch ( packed_session->data[0]) {
+ if (session->key->auth_info != NULL) {
+ _gnutls_free_auth_info(session);
+ }
+
+ switch (packed_session->data[0]) {
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:{
-
- pack_size =
- _gnutls_read_uint32(&packed_session->
- data[PACK_HEADER_SIZE]);
-
- if (pack_size == 0) break;
- if (pack_size != sizeof(srp_server_auth_info_st)) {
- gnutls_assert();
- return GNUTLS_E_DB_ERROR;
- }
-
- session->key->auth_info =
- gnutls_malloc( pack_size);
-
- if (session->key->auth_info == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- session->key->auth_info_size =
- sizeof(srp_server_auth_info_st);
-
-
- memcpy(session->key->auth_info,
- &packed_session->data[PACK_HEADER_SIZE +
- sizeof(uint32)],
- pack_size);
- }
- break;
-#endif
- case GNUTLS_CRD_ANON:{
- pack_size =
- _gnutls_read_uint32(&packed_session->
- data[PACK_HEADER_SIZE]);
-
- if (pack_size == 0) break;
-
- if (pack_size != sizeof(anon_client_auth_info_st)) {
- gnutls_assert();
- return GNUTLS_E_DB_ERROR;
- }
-
- session->key->auth_info =
- gnutls_malloc( pack_size);
-
- if (session->key->auth_info == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- session->key->auth_info_size = pack_size;
-
- memcpy(session->key->auth_info,
- &packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)],
- pack_size);
- }
- break;
- case GNUTLS_CRD_CERTIFICATE:{
- pack_size =
- _gnutls_read_uint32(&packed_session->
- data[PACK_HEADER_SIZE]);
-
- if (pack_size == 0) {
- session->key->auth_info = NULL;
- session->key->auth_info_size = 0;
- break;
- }
- if (pack_size < sizeof(cert_auth_info_st)) {
- gnutls_assert();
- return GNUTLS_E_DB_ERROR;
- }
-
- session->key->auth_info =
- gnutls_malloc( sizeof(cert_auth_info_st));
-
- if (session->key->auth_info == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- session->key->auth_info_size =
- sizeof(cert_auth_info_st);
-
- ret =
- _gnutls_unpack_certificate_auth_info(session->
- key->
- auth_info,
- packed_session);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- }
+ case GNUTLS_CRD_SRP:{
+
+ pack_size =
+ _gnutls_read_uint32(&packed_session->
+ data[PACK_HEADER_SIZE]);
+
+ if (pack_size == 0)
break;
- default:
+ if (pack_size != sizeof(srp_server_auth_info_st)) {
gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ return GNUTLS_E_DB_ERROR;
+ }
- }
+ session->key->auth_info = gnutls_malloc(pack_size);
- session->key->auth_info_type = packed_session->data[0];
+ if (session->key->auth_info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ session->key->auth_info_size = sizeof(srp_server_auth_info_st);
- /* Auth_info structures copied. Now copy security_parameters_st.
- */
- ret =
- _gnutls_read_uint32(&packed_session->
- data[PACK_HEADER_SIZE + sizeof(uint32) +
- pack_size]);
- if (ret != sizeof(security_parameters_st)) {
- gnutls_assert();
- return GNUTLS_E_DB_ERROR;
+ memcpy(session->key->auth_info,
+ &packed_session->data[PACK_HEADER_SIZE +
+ sizeof(uint32)], pack_size);
}
- memcpy(&sp, &packed_session->data[PACK_HEADER_SIZE +
- 2 * sizeof(uint32) + pack_size],
- sizeof(security_parameters_st));
+ break;
+#endif
+ case GNUTLS_CRD_ANON:{
+ pack_size =
+ _gnutls_read_uint32(&packed_session->
+ data[PACK_HEADER_SIZE]);
- if ( timestamp - sp.timestamp <= session->internals.expire_time
- && sp.timestamp <= timestamp) {
+ if (pack_size == 0)
+ break;
- memcpy( &session->internals.resumed_security_parameters, &sp, sizeof(security_parameters_st));
- } else {
- _gnutls_free_auth_info( session);
+ if (pack_size != sizeof(anon_client_auth_info_st)) {
gnutls_assert();
- return GNUTLS_E_EXPIRED;
- }
+ return GNUTLS_E_DB_ERROR;
+ }
+ session->key->auth_info = gnutls_malloc(pack_size);
- return 0;
-}
+ if (session->key->auth_info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ session->key->auth_info_size = pack_size;
-int _gnutls_pack_certificate_auth_info( cert_auth_info_t info,
- gnutls_datum * packed_session)
-{
- unsigned int pos, i;
- int info_size;
+ memcpy(session->key->auth_info,
+ &packed_session->data[PACK_HEADER_SIZE +
+ sizeof(uint32)], pack_size);
+ }
+ break;
+ case GNUTLS_CRD_CERTIFICATE:{
+ pack_size =
+ _gnutls_read_uint32(&packed_session->
+ data[PACK_HEADER_SIZE]);
- packed_session->size = _gnutls_pack_certificate_auth_info_size( info);
+ if (pack_size == 0) {
+ session->key->auth_info = NULL;
+ session->key->auth_info_size = 0;
+ break;
+ }
+ if (pack_size < sizeof(cert_auth_info_st)) {
+ gnutls_assert();
+ return GNUTLS_E_DB_ERROR;
+ }
- if (info==NULL) info_size = 0;
- else info_size = sizeof(cert_auth_info_st);
+ session->key->auth_info =
+ gnutls_malloc(sizeof(cert_auth_info_st));
- packed_session->data[0] = GNUTLS_CRD_CERTIFICATE;
- _gnutls_write_uint32( packed_session->size-PACK_HEADER_SIZE-sizeof(uint32), &packed_session->data[PACK_HEADER_SIZE]);
+ if (session->key->auth_info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ session->key->auth_info_size = sizeof(cert_auth_info_st);
+
+ ret =
+ _gnutls_unpack_certificate_auth_info(session->
+ key->
+ auth_info,
+ packed_session);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (info!=NULL) {
- memcpy(&packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)],
- info, sizeof(cert_auth_info_st));
}
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ }
+
+ session->key->auth_info_type = packed_session->data[0];
+
+ /* Auth_info structures copied. Now copy security_parameters_st.
+ */
+ ret =
+ _gnutls_read_uint32(&packed_session->
+ data[PACK_HEADER_SIZE + sizeof(uint32) +
+ pack_size]);
+
+ if (ret != sizeof(security_parameters_st)) {
+ gnutls_assert();
+ return GNUTLS_E_DB_ERROR;
+ }
+ memcpy(&sp, &packed_session->data[PACK_HEADER_SIZE +
+ 2 * sizeof(uint32) + pack_size],
+ sizeof(security_parameters_st));
+
+ if (timestamp - sp.timestamp <= session->internals.expire_time
+ && sp.timestamp <= timestamp) {
+
+ memcpy(&session->internals.resumed_security_parameters, &sp,
+ sizeof(security_parameters_st));
+ } else {
+ _gnutls_free_auth_info(session);
+ gnutls_assert();
+ return GNUTLS_E_EXPIRED;
+ }
+
+
+ return 0;
+}
- pos = PACK_HEADER_SIZE + sizeof(uint32) + info_size;
-
- if (info!=NULL) {
- for (i=0;i<info->ncerts;i++) {
- _gnutls_write_uint32( info->raw_certificate_list[i].size, &packed_session->data[pos]);
- pos += sizeof(uint32);
-
- memcpy(&packed_session->data[pos], info->raw_certificate_list[i].data, info->raw_certificate_list[i].size);
- pos += info->raw_certificate_list[i].size;
- }
+int _gnutls_pack_certificate_auth_info(cert_auth_info_t info,
+ gnutls_datum * packed_session)
+{
+ unsigned int pos, i;
+ int info_size;
+
+ packed_session->size = _gnutls_pack_certificate_auth_info_size(info);
+
+ if (info == NULL)
+ info_size = 0;
+ else
+ info_size = sizeof(cert_auth_info_st);
+
+ packed_session->data[0] = GNUTLS_CRD_CERTIFICATE;
+ _gnutls_write_uint32(packed_session->size - PACK_HEADER_SIZE -
+ sizeof(uint32),
+ &packed_session->data[PACK_HEADER_SIZE]);
+
+ if (info != NULL) {
+ memcpy(&packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)],
+ info, sizeof(cert_auth_info_st));
+ }
+
+ pos = PACK_HEADER_SIZE + sizeof(uint32) + info_size;
+
+ if (info != NULL) {
+ for (i = 0; i < info->ncerts; i++) {
+ _gnutls_write_uint32(info->raw_certificate_list[i].size,
+ &packed_session->data[pos]);
+ pos += sizeof(uint32);
+
+ memcpy(&packed_session->data[pos],
+ info->raw_certificate_list[i].data,
+ info->raw_certificate_list[i].size);
+ pos += info->raw_certificate_list[i].size;
}
-
- return 0;
+ }
+
+ return 0;
}
-static int _gnutls_pack_certificate_auth_info_size( cert_auth_info_t info)
+static int _gnutls_pack_certificate_auth_info_size(cert_auth_info_t info)
{
- uint32 pack_size = sizeof(cert_auth_info_st);
- unsigned int i;
+ uint32 pack_size = sizeof(cert_auth_info_st);
+ unsigned int i;
- if (info == NULL)
- return sizeof(uint32) + PACK_HEADER_SIZE;
+ if (info == NULL)
+ return sizeof(uint32) + PACK_HEADER_SIZE;
- for (i=0;i<info->ncerts;i++) {
- pack_size += sizeof(uint32) + info->raw_certificate_list[i].size;
- }
+ for (i = 0; i < info->ncerts; i++) {
+ pack_size += sizeof(uint32) + info->raw_certificate_list[i].size;
+ }
- return pack_size + PACK_HEADER_SIZE + sizeof(uint32);
+ return pack_size + PACK_HEADER_SIZE + sizeof(uint32);
}
int _gnutls_unpack_certificate_auth_info(cert_auth_info_t info,
- const gnutls_datum * packed_session)
+ const gnutls_datum *
+ packed_session)
{
-unsigned int i,j, pos;
-int ret;
-uint32 size;
-
- memcpy(info,
- &packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)],
- sizeof(cert_auth_info_st));
-
- pos = PACK_HEADER_SIZE + sizeof(uint32) + sizeof(cert_auth_info_st);
- if (info->ncerts > 0) {
- info->raw_certificate_list = gnutls_calloc( 1, info->ncerts * sizeof( gnutls_datum));
- if (info->raw_certificate_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (i=0;i<info->ncerts;i++) {
- size = _gnutls_read_uint32( &packed_session->data[ pos]);
- pos += sizeof(uint32);
-
- ret = _gnutls_set_datum( &info->raw_certificate_list[i], &packed_session->data[ pos], size);
- pos += size;
-
- if (ret < 0) {
- gnutls_assert();
- goto clear;
- }
- }
+ unsigned int i, j, pos;
+ int ret;
+ uint32 size;
+
+ memcpy(info,
+ &packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)],
+ sizeof(cert_auth_info_st));
+
+ pos = PACK_HEADER_SIZE + sizeof(uint32) + sizeof(cert_auth_info_st);
+ if (info->ncerts > 0) {
+ info->raw_certificate_list =
+ gnutls_calloc(1, info->ncerts * sizeof(gnutls_datum));
+ if (info->raw_certificate_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- return 0;
-
- clear:
- for (j=0;j<i;j++)
- _gnutls_free_datum( &info->raw_certificate_list[j]);
- gnutls_free( info->raw_certificate_list);
- return GNUTLS_E_MEMORY_ERROR;
-
+ for (i = 0; i < info->ncerts; i++) {
+ size = _gnutls_read_uint32(&packed_session->data[pos]);
+ pos += sizeof(uint32);
+
+ ret =
+ _gnutls_set_datum(&info->raw_certificate_list[i],
+ &packed_session->data[pos], size);
+ pos += size;
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto clear;
+ }
+ }
+ }
+ return 0;
+
+ clear:
+ for (j = 0; j < i; j++)
+ _gnutls_free_datum(&info->raw_certificate_list[j]);
+
+ gnutls_free(info->raw_certificate_list);
+ return GNUTLS_E_MEMORY_ERROR;
+
}
diff --git a/lib/gnutls_session_pack.h b/lib/gnutls_session_pack.h
index 8602d9f976..0956beb758 100644
--- a/lib/gnutls_session_pack.h
+++ b/lib/gnutls_session_pack.h
@@ -1,3 +1,5 @@
-int _gnutls_session_pack( gnutls_session session, gnutls_datum* packed_session);
-int _gnutls_session_unpack( gnutls_session session, const gnutls_datum* packed_session);
+int _gnutls_session_pack(gnutls_session session,
+ gnutls_datum * packed_session);
+int _gnutls_session_unpack(gnutls_session session,
+ const gnutls_datum * packed_session);
uint _gnutls_session_size(gnutls_session session);
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 045f2f33f7..e84508b3a9 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -36,129 +36,145 @@
#include <gnutls_kx.h>
static
-int _gnutls_tls_sign( gnutls_cert* cert, gnutls_privkey* pkey, const gnutls_datum* hash_concat, gnutls_datum *signature);
+int _gnutls_tls_sign(gnutls_cert * cert, gnutls_privkey * pkey,
+ const gnutls_datum * hash_concat,
+ gnutls_datum * signature);
/* Generates a signature of all the previous sent packets in the
* handshake procedure. (20040227: now it works for SSL 3.0 as well)
*/
-int _gnutls_tls_sign_hdata( gnutls_session session,
- gnutls_cert* cert, gnutls_privkey* pkey, gnutls_datum *signature)
+int _gnutls_tls_sign_hdata(gnutls_session session,
+ gnutls_cert * cert, gnutls_privkey * pkey,
+ gnutls_datum * signature)
{
-gnutls_datum dconcat;
-int ret;
-opaque concat[36];
-mac_hd_t td_md5;
-mac_hd_t td_sha;
-gnutls_protocol_version ver = gnutls_protocol_get_version( session);
-
- td_sha = _gnutls_hash_copy( session->internals.handshake_mac_handle_sha);
- if (td_sha == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
+ gnutls_datum dconcat;
+ int ret;
+ opaque concat[36];
+ mac_hd_t td_md5;
+ mac_hd_t td_sha;
+ gnutls_protocol_version ver = gnutls_protocol_get_version(session);
+
+ td_sha =
+ _gnutls_hash_copy(session->internals.handshake_mac_handle_sha);
+ if (td_sha == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ if (ver == GNUTLS_SSL3) {
+ ret = _gnutls_generate_master(session, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- if (ver == GNUTLS_SSL3) {
- ret = _gnutls_generate_master( session, 1);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- _gnutls_mac_deinit_ssl3_handshake( td_sha, &concat[16], session->security_parameters.master_secret, TLS_MASTER_SIZE);
- } else
- _gnutls_hash_deinit(td_sha, &concat[16]);
-
- switch (cert->subject_pk_algorithm) {
- case GNUTLS_PK_RSA:
- td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5);
- if (td_md5 == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
-
- if (ver == GNUTLS_SSL3)
- _gnutls_mac_deinit_ssl3_handshake( td_md5, concat, session->security_parameters.master_secret, TLS_MASTER_SIZE);
- else
- _gnutls_hash_deinit(td_md5, concat);
-
- dconcat.data = concat;
- dconcat.size = 36;
- break;
- case GNUTLS_PK_DSA:
- dconcat.data = &concat[16];
- dconcat.size = 20;
- break;
-
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = _gnutls_tls_sign( cert, pkey, &dconcat, signature);
- if (ret < 0) {
- gnutls_assert();
+ _gnutls_mac_deinit_ssl3_handshake(td_sha, &concat[16],
+ session->security_parameters.
+ master_secret, TLS_MASTER_SIZE);
+ } else
+ _gnutls_hash_deinit(td_sha, &concat[16]);
+
+ switch (cert->subject_pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ td_md5 =
+ _gnutls_hash_copy(session->internals.handshake_mac_handle_md5);
+ if (td_md5 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
}
-
- return ret;
+
+ if (ver == GNUTLS_SSL3)
+ _gnutls_mac_deinit_ssl3_handshake(td_md5, concat,
+ session->security_parameters.
+ master_secret,
+ TLS_MASTER_SIZE);
+ else
+ _gnutls_hash_deinit(td_md5, concat);
+
+ dconcat.data = concat;
+ dconcat.size = 36;
+ break;
+ case GNUTLS_PK_DSA:
+ dconcat.data = &concat[16];
+ dconcat.size = 20;
+ break;
+
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = _gnutls_tls_sign(cert, pkey, &dconcat, signature);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
/* Generates a signature of all the random data and the parameters.
* Used in DHE_* ciphersuites.
*/
-int _gnutls_tls_sign_params( gnutls_session session, gnutls_cert* cert, gnutls_privkey* pkey, gnutls_datum* params, gnutls_datum *signature)
+int _gnutls_tls_sign_params(gnutls_session session, gnutls_cert * cert,
+ gnutls_privkey * pkey, gnutls_datum * params,
+ gnutls_datum * signature)
{
-gnutls_datum dconcat;
-int ret;
-mac_hd_t td_md5;
-mac_hd_t td_sha;
-opaque concat[36];
-
-
- td_sha = _gnutls_hash_init( GNUTLS_MAC_SHA);
- if (td_sha == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
+ gnutls_datum dconcat;
+ int ret;
+ mac_hd_t td_md5;
+ mac_hd_t td_sha;
+ opaque concat[36];
+
+
+ td_sha = _gnutls_hash_init(GNUTLS_MAC_SHA);
+ if (td_sha == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ _gnutls_hash(td_sha, session->security_parameters.client_random,
+ TLS_RANDOM_SIZE);
+ _gnutls_hash(td_sha, session->security_parameters.server_random,
+ TLS_RANDOM_SIZE);
+ _gnutls_hash(td_sha, params->data, params->size);
+
+ _gnutls_hash_deinit(td_sha, &concat[16]);
+
+ switch (cert->subject_pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ td_md5 = _gnutls_hash_init(GNUTLS_MAC_MD5);
+ if (td_md5 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
}
- _gnutls_hash( td_sha, session->security_parameters.client_random, TLS_RANDOM_SIZE);
- _gnutls_hash( td_sha, session->security_parameters.server_random, TLS_RANDOM_SIZE);
- _gnutls_hash( td_sha, params->data, params->size);
+ _gnutls_hash(td_md5, session->security_parameters.client_random,
+ TLS_RANDOM_SIZE);
+ _gnutls_hash(td_md5, session->security_parameters.server_random,
+ TLS_RANDOM_SIZE);
+ _gnutls_hash(td_md5, params->data, params->size);
- _gnutls_hash_deinit(td_sha, &concat[16]);
+ _gnutls_hash_deinit(td_md5, concat);
- switch (cert->subject_pk_algorithm) {
- case GNUTLS_PK_RSA:
- td_md5 = _gnutls_hash_init( GNUTLS_MAC_MD5);
- if (td_md5 == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
-
- _gnutls_hash( td_md5, session->security_parameters.client_random, TLS_RANDOM_SIZE);
- _gnutls_hash( td_md5, session->security_parameters.server_random, TLS_RANDOM_SIZE);
- _gnutls_hash( td_md5, params->data, params->size);
-
- _gnutls_hash_deinit(td_md5, concat);
-
- dconcat.data = concat;
- dconcat.size = 36;
- break;
- case GNUTLS_PK_DSA:
- dconcat.data = &concat[16];
- dconcat.size = 20;
- break;
-
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = _gnutls_tls_sign( cert, pkey, &dconcat, signature);
- if (ret < 0) {
- gnutls_assert();
- }
-
- return ret;
+ dconcat.data = concat;
+ dconcat.size = 36;
+ break;
+ case GNUTLS_PK_DSA:
+ dconcat.data = &concat[16];
+ dconcat.size = 20;
+ break;
+
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = _gnutls_tls_sign(cert, pkey, &dconcat, signature);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
@@ -166,36 +182,36 @@ opaque concat[36];
/* This will create a PKCS1 or DSA signature, using the given parameters, and the
* given data. The output will be allocated and be put in signature.
*/
-int _gnutls_sign( gnutls_pk_algorithm algo, mpi_t* params, int params_size,
- const gnutls_datum* data, gnutls_datum *signature)
+int _gnutls_sign(gnutls_pk_algorithm algo, mpi_t * params, int params_size,
+ const gnutls_datum * data, gnutls_datum * signature)
{
-int ret;
-
- switch(algo) {
- case GNUTLS_PK_RSA:
- /* encrypt */
- if ((ret=_gnutls_pkcs1_rsa_encrypt( signature, data, params,
- params_size, 1)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- break;
- case GNUTLS_PK_DSA:
- /* sign */
- if ((ret=_gnutls_dsa_sign( signature, data, params,
- params_size)) < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- break;
+ int ret;
+
+ switch (algo) {
+ case GNUTLS_PK_RSA:
+ /* encrypt */
+ if ((ret = _gnutls_pkcs1_rsa_encrypt(signature, data, params,
+ params_size, 1)) < 0) {
+ gnutls_assert();
+ return ret;
}
- return 0;
+ break;
+ case GNUTLS_PK_DSA:
+ /* sign */
+ if ((ret = _gnutls_dsa_sign(signature, data, params,
+ params_size)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ break;
+ }
+
+ return 0;
}
/* This will create a PKCS1 or DSA signature, as defined in the TLS protocol.
@@ -203,185 +219,199 @@ int ret;
* it supports signing.
*/
static
-int _gnutls_tls_sign( gnutls_cert* cert, gnutls_privkey* pkey,
- const gnutls_datum* hash_concat, gnutls_datum *signature)
+int _gnutls_tls_sign(gnutls_cert * cert, gnutls_privkey * pkey,
+ const gnutls_datum * hash_concat,
+ gnutls_datum * signature)
{
- /* If our certificate supports signing
- */
+ /* If our certificate supports signing
+ */
+
+ if (cert != NULL)
+ if (cert->keyUsage != 0)
+ if (!(cert->keyUsage & KEY_DIGITAL_SIGNATURE)) {
+ gnutls_assert();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
- if ( cert != NULL)
- if ( cert->keyUsage != 0)
- if ( !(cert->keyUsage & KEY_DIGITAL_SIGNATURE)) {
- gnutls_assert();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- }
+ return _gnutls_sign(pkey->pk_algorithm, pkey->params,
+ pkey->params_size, hash_concat, signature);
- return _gnutls_sign( pkey->pk_algorithm, pkey->params, pkey->params_size,
- hash_concat, signature);
-
}
static
-int _gnutls_pkcs1_rsa_verify_sig( gnutls_cert *cert, const gnutls_datum *hash_concat,
- gnutls_datum *signature)
+int _gnutls_pkcs1_rsa_verify_sig(gnutls_cert * cert,
+ const gnutls_datum * hash_concat,
+ gnutls_datum * signature)
{
- int ret;
- gnutls_datum vdata;
-
- if (cert->version == 0 || cert==NULL) { /* this is the only way to check
- * if it is initialized
- */
+ int ret;
+ gnutls_datum vdata;
+
+ if (cert->version == 0 || cert == NULL) { /* this is the only way to check
+ * if it is initialized
+ */
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ /* If the certificate supports signing continue.
+ */
+ if (cert != NULL)
+ if (cert->keyUsage != 0)
+ if (!(cert->keyUsage & KEY_DIGITAL_SIGNATURE)) {
gnutls_assert();
- return GNUTLS_E_CERTIFICATE_ERROR;
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+
+ switch (cert->subject_pk_algorithm) {
+ case GNUTLS_PK_RSA:
+
+ vdata.data = hash_concat->data;
+ vdata.size = hash_concat->size;
+
+ /* verify signature */
+ if ((ret = _gnutls_rsa_verify(&vdata, signature, cert->params,
+ cert->params_size, 1)) < 0) {
+ gnutls_assert();
+ return ret;
}
- /* If the certificate supports signing continue.
- */
- if ( cert != NULL)
- if ( cert->keyUsage != 0)
- if ( !(cert->keyUsage & KEY_DIGITAL_SIGNATURE)) {
- gnutls_assert();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
- }
-
- switch(cert->subject_pk_algorithm) {
- case GNUTLS_PK_RSA:
-
- vdata.data = hash_concat->data;
- vdata.size = hash_concat->size;
-
- /* verify signature */
- if ( (ret=_gnutls_rsa_verify( &vdata, signature, cert->params,
- cert->params_size, 1)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- break;
- case GNUTLS_PK_DSA:
-
- vdata.data = &hash_concat->data[16];
- vdata.size = 20; /* sha1 */
-
- /* verify signature */
- if ( (ret=_gnutls_dsa_verify( &vdata, signature, cert->params,
- cert->params_size)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- break;
-
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ break;
+ case GNUTLS_PK_DSA:
+
+ vdata.data = &hash_concat->data[16];
+ vdata.size = 20; /* sha1 */
+
+ /* verify signature */
+ if ((ret = _gnutls_dsa_verify(&vdata, signature, cert->params,
+ cert->params_size)) < 0) {
+ gnutls_assert();
+ return ret;
}
-
+
+ break;
+
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
- return 0;
+ return 0;
}
/* Verifies a TLS signature (like the one in the client certificate
* verify message).
*/
-int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature)
+int _gnutls_verify_sig_hdata(gnutls_session session, gnutls_cert * cert,
+ gnutls_datum * signature)
{
-int ret;
-opaque concat[36];
-mac_hd_t td_md5;
-mac_hd_t td_sha;
-gnutls_datum dconcat;
-gnutls_protocol_version ver = gnutls_protocol_get_version( session);
-
- td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5);
- if (td_md5 == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
-
- td_sha = _gnutls_hash_copy( session->internals.handshake_mac_handle_sha);
- if (td_sha == NULL) {
- gnutls_assert();
- _gnutls_hash_deinit( td_md5, NULL);
- return GNUTLS_E_HASH_FAILED;
- }
-
- if (ver == GNUTLS_SSL3) {
- ret = _gnutls_generate_master( session, 1);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- _gnutls_mac_deinit_ssl3_handshake( td_md5, concat, session->security_parameters.master_secret, TLS_MASTER_SIZE);
- _gnutls_mac_deinit_ssl3_handshake( td_sha, &concat[16], session->security_parameters.master_secret, TLS_MASTER_SIZE);
- } else {
- _gnutls_hash_deinit(td_md5, concat);
- _gnutls_hash_deinit(td_sha, &concat[16]);
+ int ret;
+ opaque concat[36];
+ mac_hd_t td_md5;
+ mac_hd_t td_sha;
+ gnutls_datum dconcat;
+ gnutls_protocol_version ver = gnutls_protocol_get_version(session);
+
+ td_md5 =
+ _gnutls_hash_copy(session->internals.handshake_mac_handle_md5);
+ if (td_md5 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ td_sha =
+ _gnutls_hash_copy(session->internals.handshake_mac_handle_sha);
+ if (td_sha == NULL) {
+ gnutls_assert();
+ _gnutls_hash_deinit(td_md5, NULL);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ if (ver == GNUTLS_SSL3) {
+ ret = _gnutls_generate_master(session, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- dconcat.data = concat;
- dconcat.size = 20+16; /* md5+ sha */
+ _gnutls_mac_deinit_ssl3_handshake(td_md5, concat,
+ session->security_parameters.
+ master_secret, TLS_MASTER_SIZE);
+ _gnutls_mac_deinit_ssl3_handshake(td_sha, &concat[16],
+ session->security_parameters.
+ master_secret, TLS_MASTER_SIZE);
+ } else {
+ _gnutls_hash_deinit(td_md5, concat);
+ _gnutls_hash_deinit(td_sha, &concat[16]);
+ }
- ret = _gnutls_pkcs1_rsa_verify_sig( cert, &dconcat, signature);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ dconcat.data = concat;
+ dconcat.size = 20 + 16; /* md5+ sha */
+ ret = _gnutls_pkcs1_rsa_verify_sig(cert, &dconcat, signature);
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ return ret;
}
/* Generates a signature of all the random data and the parameters.
* Used in DHE_* ciphersuites.
*/
-int _gnutls_verify_sig_params( gnutls_session session, gnutls_cert *cert, const gnutls_datum* params, gnutls_datum *signature)
+int _gnutls_verify_sig_params(gnutls_session session, gnutls_cert * cert,
+ const gnutls_datum * params,
+ gnutls_datum * signature)
{
-gnutls_datum dconcat;
-int ret;
-mac_hd_t td_md5;
-mac_hd_t td_sha;
-opaque concat[36];
-
- td_md5 = _gnutls_hash_init( GNUTLS_MAC_MD5);
- if (td_md5 == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
-
- td_sha = _gnutls_hash_init( GNUTLS_MAC_SHA);
- if (td_sha == NULL) {
- gnutls_assert();
- _gnutls_hash_deinit( td_md5, NULL);
- return GNUTLS_E_HASH_FAILED;
- }
-
- _gnutls_hash( td_md5, session->security_parameters.client_random, TLS_RANDOM_SIZE);
- _gnutls_hash( td_md5, session->security_parameters.server_random, TLS_RANDOM_SIZE);
- _gnutls_hash( td_md5, params->data, params->size);
-
- _gnutls_hash( td_sha, session->security_parameters.client_random, TLS_RANDOM_SIZE);
- _gnutls_hash( td_sha, session->security_parameters.server_random, TLS_RANDOM_SIZE);
- _gnutls_hash( td_sha, params->data, params->size);
-
- _gnutls_hash_deinit(td_md5, concat);
- _gnutls_hash_deinit(td_sha, &concat[16]);
-
- dconcat.data = concat;
- dconcat.size = 36;
-
- ret = _gnutls_pkcs1_rsa_verify_sig( cert, &dconcat, signature);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
+ gnutls_datum dconcat;
+ int ret;
+ mac_hd_t td_md5;
+ mac_hd_t td_sha;
+ opaque concat[36];
+
+ td_md5 = _gnutls_hash_init(GNUTLS_MAC_MD5);
+ if (td_md5 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ td_sha = _gnutls_hash_init(GNUTLS_MAC_SHA);
+ if (td_sha == NULL) {
+ gnutls_assert();
+ _gnutls_hash_deinit(td_md5, NULL);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ _gnutls_hash(td_md5, session->security_parameters.client_random,
+ TLS_RANDOM_SIZE);
+ _gnutls_hash(td_md5, session->security_parameters.server_random,
+ TLS_RANDOM_SIZE);
+ _gnutls_hash(td_md5, params->data, params->size);
+
+ _gnutls_hash(td_sha, session->security_parameters.client_random,
+ TLS_RANDOM_SIZE);
+ _gnutls_hash(td_sha, session->security_parameters.server_random,
+ TLS_RANDOM_SIZE);
+ _gnutls_hash(td_sha, params->data, params->size);
+
+ _gnutls_hash_deinit(td_md5, concat);
+ _gnutls_hash_deinit(td_sha, &concat[16]);
+
+ dconcat.data = concat;
+ dconcat.size = 36;
+
+ ret = _gnutls_pkcs1_rsa_verify_sig(cert, &dconcat, signature);
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
-}
+ return ret;
+}
diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h
index eb832e30e9..4cc217fb77 100644
--- a/lib/gnutls_sig.h
+++ b/lib/gnutls_sig.h
@@ -2,12 +2,21 @@
# define GNUTLS_SIG_H
# include <auth_cert.h>
-gnutls_certificate_status gnutls_x509_verify_signature(gnutls_cert* cert, gnutls_cert* issuer);
-int _gnutls_tls_sign_hdata( gnutls_session session, gnutls_cert* cert, gnutls_privkey *pkey, gnutls_datum *signature);
-int _gnutls_tls_sign_params( gnutls_session session, gnutls_cert* cert, gnutls_privkey *pkey, gnutls_datum* params, gnutls_datum *signature);
-int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature);
-int _gnutls_verify_sig_params( gnutls_session session, gnutls_cert *cert, const gnutls_datum* params, gnutls_datum* signature);
-int _gnutls_sign( gnutls_pk_algorithm algo, mpi_t* params, int params_size,
- const gnutls_datum* data, gnutls_datum *signature);
+gnutls_certificate_status gnutls_x509_verify_signature(gnutls_cert * cert,
+ gnutls_cert *
+ issuer);
+int _gnutls_tls_sign_hdata(gnutls_session session, gnutls_cert * cert,
+ gnutls_privkey * pkey,
+ gnutls_datum * signature);
+int _gnutls_tls_sign_params(gnutls_session session, gnutls_cert * cert,
+ gnutls_privkey * pkey, gnutls_datum * params,
+ gnutls_datum * signature);
+int _gnutls_verify_sig_hdata(gnutls_session session, gnutls_cert * cert,
+ gnutls_datum * signature);
+int _gnutls_verify_sig_params(gnutls_session session, gnutls_cert * cert,
+ const gnutls_datum * params,
+ gnutls_datum * signature);
+int _gnutls_sign(gnutls_pk_algorithm algo, mpi_t * params, int params_size,
+ const gnutls_datum * data, gnutls_datum * signature);
#endif
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 7f3d89bf5a..65e8848a2a 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -47,9 +47,10 @@
return ret; \
}
-void _gnutls_session_cert_type_set( gnutls_session session, gnutls_certificate_type ct)
+void _gnutls_session_cert_type_set(gnutls_session session,
+ gnutls_certificate_type ct)
{
- session->security_parameters.cert_type = ct;
+ session->security_parameters.cert_type = ct;
}
/**
@@ -58,8 +59,9 @@ void _gnutls_session_cert_type_set( gnutls_session session, gnutls_certificate_t
*
* Returns the currently used cipher.
**/
-gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session) {
- return session->security_parameters.read_bulk_cipher_algorithm;
+gnutls_cipher_algorithm gnutls_cipher_get(gnutls_session session)
+{
+ return session->security_parameters.read_bulk_cipher_algorithm;
}
/**
@@ -70,9 +72,9 @@ gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session) {
* is by default X.509, unless it is negotiated as a TLS extension.
*
**/
-gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session)
+gnutls_certificate_type gnutls_certificate_type_get(gnutls_session session)
{
- return session->security_parameters.cert_type;
+ return session->security_parameters.cert_type;
}
/**
@@ -81,9 +83,9 @@ gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session)
*
* Returns the key exchange algorithm used in the last handshake.
**/
-gnutls_kx_algorithm gnutls_kx_get( gnutls_session session)
+gnutls_kx_algorithm gnutls_kx_get(gnutls_session session)
{
- return session->security_parameters.kx_algorithm;
+ return session->security_parameters.kx_algorithm;
}
/**
@@ -92,9 +94,9 @@ gnutls_kx_algorithm gnutls_kx_get( gnutls_session session)
*
* Returns the currently used mac algorithm.
**/
-gnutls_mac_algorithm gnutls_mac_get( gnutls_session session)
+gnutls_mac_algorithm gnutls_mac_get(gnutls_session session)
{
- return session->security_parameters.read_mac_algorithm;
+ return session->security_parameters.read_mac_algorithm;
}
/**
@@ -103,104 +105,105 @@ gnutls_mac_algorithm gnutls_mac_get( gnutls_session session)
*
* Returns the currently used compression method.
**/
-gnutls_compression_method gnutls_compression_get( gnutls_session session)
+gnutls_compression_method gnutls_compression_get(gnutls_session session)
{
- return session->security_parameters.read_compression_algorithm;
+ return session->security_parameters.read_compression_algorithm;
}
/* Check if the given certificate type is supported.
* This means that it is enabled by the priority functions,
* and a matching certificate exists.
*/
-int _gnutls_session_cert_type_supported( gnutls_session session,
- gnutls_certificate_type cert_type)
-{
-uint i;
-uint cert_found = 0;
-const gnutls_certificate_credentials cred;
-
- if (session->security_parameters.entity==GNUTLS_SERVER) {
- cred =
- _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
-
- if (cred == NULL)
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
-
- for (i = 0; i < cred->ncerts; i++) {
- if (cred->cert_list[i][0].cert_type == cert_type) {
- cert_found = 1;
- break;
- }
- }
- if (cert_found == 0)
- /* no certificate is of that type.
- */
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+int _gnutls_session_cert_type_supported(gnutls_session session,
+ gnutls_certificate_type cert_type)
+{
+ uint i;
+ uint cert_found = 0;
+ const gnutls_certificate_credentials cred;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER) {
+ cred =
+ _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+
+ if (cred == NULL)
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+
+ for (i = 0; i < cred->ncerts; i++) {
+ if (cred->cert_list[i][0].cert_type == cert_type) {
+ cert_found = 1;
+ break;
+ }
}
-
+ if (cert_found == 0)
+ /* no certificate is of that type.
+ */
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
- if (session->internals.cert_type_priority.algorithms==0 && cert_type ==
- DEFAULT_CERT_TYPE) return 0;
- for (i=0;i<session->internals.cert_type_priority.algorithms;i++) {
- if (session->internals.cert_type_priority.priority[i]
- == cert_type) {
- return 0; /* ok */
- }
+ if (session->internals.cert_type_priority.algorithms == 0
+ && cert_type == DEFAULT_CERT_TYPE)
+ return 0;
+
+ for (i = 0; i < session->internals.cert_type_priority.algorithms; i++) {
+ if (session->internals.cert_type_priority.priority[i]
+ == cert_type) {
+ return 0; /* ok */
}
+ }
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
}
/* this function deinitializes all the internal parameters stored
* in a session struct.
*/
-inline
-static void deinit_internal_params( gnutls_session session)
+inline static void deinit_internal_params(gnutls_session session)
{
- if (session->internals.params.free_anon_dh_params)
- gnutls_dh_params_deinit( session->internals.params.anon_dh_params);
+ if (session->internals.params.free_anon_dh_params)
+ gnutls_dh_params_deinit(session->internals.params.anon_dh_params);
+
+ if (session->internals.params.free_cert_dh_params)
+ gnutls_dh_params_deinit(session->internals.params.cert_dh_params);
- if (session->internals.params.free_cert_dh_params)
- gnutls_dh_params_deinit( session->internals.params.cert_dh_params);
+ if (session->internals.params.free_rsa_params)
+ gnutls_rsa_params_deinit(session->internals.params.rsa_params);
- if (session->internals.params.free_rsa_params)
- gnutls_rsa_params_deinit( session->internals.params.rsa_params);
-
- memset( &session->internals.params, 0, sizeof( session->internals.params));
+ memset(&session->internals.params, 0,
+ sizeof(session->internals.params));
}
/* This function will clear all the variables in internals
* structure within the session, which depend on the current handshake.
* This is used to allow further handshakes.
*/
-void _gnutls_handshake_internal_state_clear( gnutls_session session)
+void _gnutls_handshake_internal_state_clear(gnutls_session session)
{
- session->internals.extensions_sent_size = 0;
+ session->internals.extensions_sent_size = 0;
- /* by default no selected certificate */
- session->internals.proposed_record_size = DEFAULT_MAX_RECORD_SIZE;
- session->internals.adv_version_major = 0;
- session->internals.adv_version_minor = 0;
- session->internals.v2_hello = 0;
- memset( &session->internals.handshake_header_buffer, 0,
- sizeof(handshake_header_buffer_st));
- session->internals.adv_version_minor = 0;
- session->internals.adv_version_minor = 0;
- session->internals.direction = 0;
+ /* by default no selected certificate */
+ session->internals.proposed_record_size = DEFAULT_MAX_RECORD_SIZE;
+ session->internals.adv_version_major = 0;
+ session->internals.adv_version_minor = 0;
+ session->internals.v2_hello = 0;
+ memset(&session->internals.handshake_header_buffer, 0,
+ sizeof(handshake_header_buffer_st));
+ session->internals.adv_version_minor = 0;
+ session->internals.adv_version_minor = 0;
+ session->internals.direction = 0;
- /* use out of band data for the last
- * handshake messages received.
- */
- session->internals.last_handshake_in = -1;
- session->internals.last_handshake_out = -1;
+ /* use out of band data for the last
+ * handshake messages received.
+ */
+ session->internals.last_handshake_in = -1;
+ session->internals.last_handshake_out = -1;
- session->internals.handshake_restarted = 0;
+ session->internals.handshake_restarted = 0;
- session->internals.resumable = RESUME_TRUE;
- _gnutls_free_datum( &session->internals.recv_buffer);
+ session->internals.resumable = RESUME_TRUE;
+ _gnutls_free_datum(&session->internals.recv_buffer);
- deinit_internal_params( session);
+ deinit_internal_params(session);
}
@@ -218,86 +221,96 @@ void _gnutls_handshake_internal_state_clear( gnutls_session session)
**/
int gnutls_init(gnutls_session * session, gnutls_connection_end con_end)
{
- *session = gnutls_calloc(1, sizeof(struct gnutls_session_int));
- if (*session==NULL) return GNUTLS_E_MEMORY_ERROR;
-
- (*session)->security_parameters.entity = con_end;
+ *session = gnutls_calloc(1, sizeof(struct gnutls_session_int));
+ if (*session == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
- /* the default certificate type for TLS */
- (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
+ (*session)->security_parameters.entity = con_end;
+
+ /* the default certificate type for TLS */
+ (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
/* Set the defaults for initial handshake */
- (*session)->security_parameters.read_bulk_cipher_algorithm =
- (*session)->security_parameters.write_bulk_cipher_algorithm = GNUTLS_CIPHER_NULL;
+ (*session)->security_parameters.read_bulk_cipher_algorithm =
+ (*session)->security_parameters.write_bulk_cipher_algorithm =
+ GNUTLS_CIPHER_NULL;
- (*session)->security_parameters.read_mac_algorithm =
- (*session)->security_parameters.write_mac_algorithm = GNUTLS_MAC_NULL;
+ (*session)->security_parameters.read_mac_algorithm =
+ (*session)->security_parameters.write_mac_algorithm =
+ GNUTLS_MAC_NULL;
- (*session)->security_parameters.read_compression_algorithm = GNUTLS_COMP_NULL;
- (*session)->security_parameters.write_compression_algorithm = GNUTLS_COMP_NULL;
+ (*session)->security_parameters.read_compression_algorithm =
+ GNUTLS_COMP_NULL;
+ (*session)->security_parameters.write_compression_algorithm =
+ GNUTLS_COMP_NULL;
- (*session)->internals.enable_private = 0;
-
- /* Initialize buffers */
- _gnutls_buffer_init( &(*session)->internals.application_data_buffer);
- _gnutls_buffer_init( &(*session)->internals.handshake_data_buffer);
- _gnutls_buffer_init( &(*session)->internals.handshake_hash_buffer);
+ (*session)->internals.enable_private = 0;
- _gnutls_buffer_init( &(*session)->internals.record_send_buffer);
- _gnutls_buffer_init( &(*session)->internals.record_recv_buffer);
+ /* Initialize buffers */
+ _gnutls_buffer_init(&(*session)->internals.application_data_buffer);
+ _gnutls_buffer_init(&(*session)->internals.handshake_data_buffer);
+ _gnutls_buffer_init(&(*session)->internals.handshake_hash_buffer);
- _gnutls_buffer_init( &(*session)->internals.handshake_send_buffer);
- _gnutls_buffer_init( &(*session)->internals.handshake_recv_buffer);
+ _gnutls_buffer_init(&(*session)->internals.record_send_buffer);
+ _gnutls_buffer_init(&(*session)->internals.record_recv_buffer);
- (*session)->key = gnutls_calloc(1, sizeof(struct gnutls_key_st));
- if ( (*session)->key == NULL) {
- cleanup_session:
- gnutls_free( *session); *session = NULL;
- return GNUTLS_E_MEMORY_ERROR;
- }
+ _gnutls_buffer_init(&(*session)->internals.handshake_send_buffer);
+ _gnutls_buffer_init(&(*session)->internals.handshake_recv_buffer);
- (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */
+ (*session)->key = gnutls_calloc(1, sizeof(struct gnutls_key_st));
+ if ((*session)->key == NULL) {
+ cleanup_session:
+ gnutls_free(*session);
+ *session = NULL;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- gnutls_dh_set_prime_bits( (*session), MIN_DH_BITS);
+ (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */
- gnutls_transport_set_lowat((*session), DEFAULT_LOWAT); /* the default for tcp */
+ gnutls_dh_set_prime_bits((*session), MIN_DH_BITS);
- gnutls_handshake_set_max_packet_length( (*session), MAX_HANDSHAKE_PACKET_SIZE);
+ gnutls_transport_set_lowat((*session), DEFAULT_LOWAT); /* the default for tcp */
- /* Allocate a minimum size for recv_data
- * This is allocated in order to avoid small messages, making
- * the receive procedure slow.
- */
- (*session)->internals.record_recv_buffer.data = gnutls_malloc(INITIAL_RECV_BUFFER_SIZE);
- if ( (*session)->internals.record_recv_buffer.data == NULL) {
- gnutls_free((*session)->key);
- goto cleanup_session;
- }
+ gnutls_handshake_set_max_packet_length((*session),
+ MAX_HANDSHAKE_PACKET_SIZE);
- /* set the socket pointers to -1;
- */
- (*session)->internals.transport_recv_ptr = (gnutls_transport_ptr)-1;
- (*session)->internals.transport_send_ptr = (gnutls_transport_ptr)-1;
-
- /* set the default maximum record size for TLS
- */
- (*session)->security_parameters.max_record_recv_size = DEFAULT_MAX_RECORD_SIZE;
- (*session)->security_parameters.max_record_send_size = DEFAULT_MAX_RECORD_SIZE;
+ /* Allocate a minimum size for recv_data
+ * This is allocated in order to avoid small messages, making
+ * the receive procedure slow.
+ */
+ (*session)->internals.record_recv_buffer.data =
+ gnutls_malloc(INITIAL_RECV_BUFFER_SIZE);
+ if ((*session)->internals.record_recv_buffer.data == NULL) {
+ gnutls_free((*session)->key);
+ goto cleanup_session;
+ }
- /* everything else not initialized here is initialized
- * as NULL or 0. This is why calloc is used.
- */
+ /* set the socket pointers to -1;
+ */
+ (*session)->internals.transport_recv_ptr = (gnutls_transport_ptr) - 1;
+ (*session)->internals.transport_send_ptr = (gnutls_transport_ptr) - 1;
- _gnutls_handshake_internal_state_clear( *session);
+ /* set the default maximum record size for TLS
+ */
+ (*session)->security_parameters.max_record_recv_size =
+ DEFAULT_MAX_RECORD_SIZE;
+ (*session)->security_parameters.max_record_send_size =
+ DEFAULT_MAX_RECORD_SIZE;
- return 0;
+ /* everything else not initialized here is initialized
+ * as NULL or 0. This is why calloc is used.
+ */
+
+ _gnutls_handshake_internal_state_clear(*session);
+
+ return 0;
}
/* returns RESUME_FALSE or RESUME_TRUE.
*/
-int _gnutls_session_is_resumable( gnutls_session session)
+int _gnutls_session_is_resumable(gnutls_session session)
{
- return session->internals.resumable;
+ return session->internals.resumable;
}
@@ -313,238 +326,248 @@ int _gnutls_session_is_resumable( gnutls_session session)
void gnutls_deinit(gnutls_session session)
{
- if (session==NULL) return;
+ if (session == NULL)
+ return;
- /* remove auth info firstly */
- _gnutls_free_auth_info(session );
+ /* remove auth info firstly */
+ _gnutls_free_auth_info(session);
- _gnutls_handshake_internal_state_clear( session);
- _gnutls_handshake_io_buffer_clear( session);
+ _gnutls_handshake_internal_state_clear(session);
+ _gnutls_handshake_io_buffer_clear(session);
- _gnutls_free_datum(&session->connection_state.read_mac_secret);
- _gnutls_free_datum(&session->connection_state.write_mac_secret);
+ _gnutls_free_datum(&session->connection_state.read_mac_secret);
+ _gnutls_free_datum(&session->connection_state.write_mac_secret);
- _gnutls_buffer_clear( &session->internals.handshake_hash_buffer);
- _gnutls_buffer_clear( &session->internals.handshake_data_buffer);
- _gnutls_buffer_clear( &session->internals.application_data_buffer);
- _gnutls_buffer_clear( &session->internals.record_recv_buffer);
- _gnutls_buffer_clear( &session->internals.record_send_buffer);
+ _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
+ _gnutls_buffer_clear(&session->internals.handshake_data_buffer);
+ _gnutls_buffer_clear(&session->internals.application_data_buffer);
+ _gnutls_buffer_clear(&session->internals.record_recv_buffer);
+ _gnutls_buffer_clear(&session->internals.record_send_buffer);
- gnutls_credentials_clear( session);
- _gnutls_selected_certs_deinit( session);
+ gnutls_credentials_clear(session);
+ _gnutls_selected_certs_deinit(session);
- if (session->connection_state.read_cipher_state != NULL)
- _gnutls_cipher_deinit(session->connection_state.read_cipher_state);
- if (session->connection_state.write_cipher_state != NULL)
- _gnutls_cipher_deinit(session->connection_state.write_cipher_state);
+ if (session->connection_state.read_cipher_state != NULL)
+ _gnutls_cipher_deinit(session->connection_state.read_cipher_state);
+ if (session->connection_state.write_cipher_state != NULL)
+ _gnutls_cipher_deinit(session->connection_state.
+ write_cipher_state);
- if (session->connection_state.read_compression_state != NULL)
- _gnutls_comp_deinit(session->connection_state.read_compression_state, 1);
- if (session->connection_state.write_compression_state != NULL)
- _gnutls_comp_deinit(session->connection_state.write_compression_state, 0);
+ if (session->connection_state.read_compression_state != NULL)
+ _gnutls_comp_deinit(session->connection_state.
+ read_compression_state, 1);
+ if (session->connection_state.write_compression_state != NULL)
+ _gnutls_comp_deinit(session->connection_state.
+ write_compression_state, 0);
- _gnutls_free_datum( &session->cipher_specs.server_write_mac_secret);
- _gnutls_free_datum( &session->cipher_specs.client_write_mac_secret);
- _gnutls_free_datum( &session->cipher_specs.server_write_IV);
- _gnutls_free_datum( &session->cipher_specs.client_write_IV);
- _gnutls_free_datum( &session->cipher_specs.server_write_key);
- _gnutls_free_datum( &session->cipher_specs.client_write_key);
+ _gnutls_free_datum(&session->cipher_specs.server_write_mac_secret);
+ _gnutls_free_datum(&session->cipher_specs.client_write_mac_secret);
+ _gnutls_free_datum(&session->cipher_specs.server_write_IV);
+ _gnutls_free_datum(&session->cipher_specs.client_write_IV);
+ _gnutls_free_datum(&session->cipher_specs.server_write_key);
+ _gnutls_free_datum(&session->cipher_specs.client_write_key);
- if (session->key != NULL) {
- _gnutls_mpi_release(&session->key->KEY);
- _gnutls_mpi_release(&session->key->client_Y);
- _gnutls_mpi_release(&session->key->client_p);
- _gnutls_mpi_release(&session->key->client_g);
+ if (session->key != NULL) {
+ _gnutls_mpi_release(&session->key->KEY);
+ _gnutls_mpi_release(&session->key->client_Y);
+ _gnutls_mpi_release(&session->key->client_p);
+ _gnutls_mpi_release(&session->key->client_g);
- _gnutls_mpi_release(&session->key->u);
- _gnutls_mpi_release(&session->key->a);
- _gnutls_mpi_release(&session->key->x);
- _gnutls_mpi_release(&session->key->A);
- _gnutls_mpi_release(&session->key->B);
- _gnutls_mpi_release(&session->key->b);
+ _gnutls_mpi_release(&session->key->u);
+ _gnutls_mpi_release(&session->key->a);
+ _gnutls_mpi_release(&session->key->x);
+ _gnutls_mpi_release(&session->key->A);
+ _gnutls_mpi_release(&session->key->B);
+ _gnutls_mpi_release(&session->key->b);
- /* RSA */
- _gnutls_mpi_release(&session->key->rsa[0]);
- _gnutls_mpi_release(&session->key->rsa[1]);
+ /* RSA */
+ _gnutls_mpi_release(&session->key->rsa[0]);
+ _gnutls_mpi_release(&session->key->rsa[1]);
- _gnutls_mpi_release(&session->key->dh_secret);
- gnutls_free(session->key);
+ _gnutls_mpi_release(&session->key->dh_secret);
+ gnutls_free(session->key);
- session->key = NULL;
- }
+ session->key = NULL;
+ }
- gnutls_free( session->internals.srp_username);
+ gnutls_free(session->internals.srp_username);
- if (session->internals.srp_password) {
- memset( session->internals.srp_password, 0,
- strlen(session->internals.srp_password));
- gnutls_free( session->internals.srp_password);
- }
+ if (session->internals.srp_password) {
+ memset(session->internals.srp_password, 0,
+ strlen(session->internals.srp_password));
+ gnutls_free(session->internals.srp_password);
+ }
- memset( session, 0, sizeof(struct gnutls_session_int));
- gnutls_free(session);
+ memset(session, 0, sizeof(struct gnutls_session_int));
+ gnutls_free(session);
}
/* Returns the minimum prime bits that are acceptable.
*/
-int _gnutls_dh_get_allowed_prime_bits( gnutls_session session)
+int _gnutls_dh_get_allowed_prime_bits(gnutls_session session)
{
- return session->internals.dh_prime_bits;
+ return session->internals.dh_prime_bits;
}
-int _gnutls_dh_set_peer_public( gnutls_session session, mpi_t public)
+int _gnutls_dh_set_peer_public(gnutls_session session, mpi_t public)
{
-dh_info_t * dh;
-int ret;
-
- switch( gnutls_auth_get_type( session)) {
- case GNUTLS_CRD_ANON: {
- anon_server_auth_info_t info;
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ dh_info_t *dh;
+ int ret;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:{
+ anon_server_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE: {
- cert_auth_info_t info;
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:{
+ cert_auth_info_t info;
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ dh = &info->dh;
+ break;
}
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- dh->public_key_size = sizeof( dh->public_key);
- ret = _gnutls_mpi_print_lz( dh->public_key, &dh->public_key_size, public);
- if (ret < 0) {
- gnutls_assert();
- dh->public_key_size = 0;
- return ret;
- }
+ dh->public_key_size = sizeof(dh->public_key);
+ ret =
+ _gnutls_mpi_print_lz(dh->public_key, &dh->public_key_size, public);
+ if (ret < 0) {
+ gnutls_assert();
+ dh->public_key_size = 0;
+ return ret;
+ }
- return 0;
+ return 0;
}
-int _gnutls_dh_set_secret_bits( gnutls_session session, uint bits)
-{
- switch( gnutls_auth_get_type( session)) {
- case GNUTLS_CRD_ANON: {
- anon_server_auth_info_t info;
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- info->dh.secret_bits = bits;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE: {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- info->dh.secret_bits = bits;
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+int _gnutls_dh_set_secret_bits(gnutls_session session, uint bits)
+{
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:{
+ anon_server_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ info->dh.secret_bits = bits;
+ break;
}
+ case GNUTLS_CRD_CERTIFICATE:{
+ cert_auth_info_t info;
- return 0;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ info->dh.secret_bits = bits;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+
+ return 0;
}
/* This function will set in the auth info structure the
* RSA exponent and the modulus.
*/
-int _gnutls_rsa_export_set_pubkey( gnutls_session session, mpi_t exp, mpi_t mod)
+int _gnutls_rsa_export_set_pubkey(gnutls_session session, mpi_t exp,
+ mpi_t mod)
{
- cert_auth_info_t info;
- int ret;
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ cert_auth_info_t info;
+ int ret;
- info->rsa_export.modulus_size = sizeof( info->rsa_export.modulus);
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- ret = _gnutls_mpi_print_lz( info->rsa_export.modulus, &info->rsa_export.modulus_size, mod);
- if (ret < 0) {
- gnutls_assert();
- info->rsa_export.modulus_size = 0;
- return ret;
- }
+ info->rsa_export.modulus_size = sizeof(info->rsa_export.modulus);
- info->rsa_export.exponent_size = sizeof( info->rsa_export.exponent);
- ret = _gnutls_mpi_print_lz( info->rsa_export.exponent, &info->rsa_export.exponent_size, exp);
- if (ret < 0) {
- gnutls_assert();
- info->rsa_export.exponent_size = 0;
- return ret;
- }
+ ret =
+ _gnutls_mpi_print_lz(info->rsa_export.modulus,
+ &info->rsa_export.modulus_size, mod);
+ if (ret < 0) {
+ gnutls_assert();
+ info->rsa_export.modulus_size = 0;
+ return ret;
+ }
- return 0;
+ info->rsa_export.exponent_size = sizeof(info->rsa_export.exponent);
+ ret =
+ _gnutls_mpi_print_lz(info->rsa_export.exponent,
+ &info->rsa_export.exponent_size, exp);
+ if (ret < 0) {
+ gnutls_assert();
+ info->rsa_export.exponent_size = 0;
+ return ret;
+ }
+
+ return 0;
}
/* Sets the prime and the generator in the auth info structure.
*/
-int _gnutls_dh_set_group( gnutls_session session, mpi_t gen, mpi_t prime)
-{
-dh_info_t* dh;
-int ret;
-
- switch( gnutls_auth_get_type( session)) {
- case GNUTLS_CRD_ANON: {
- anon_server_auth_info_t info;
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE: {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+int _gnutls_dh_set_group(gnutls_session session, mpi_t gen, mpi_t prime)
+{
+ dh_info_t *dh;
+ int ret;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:{
+ anon_server_auth_info_t info;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- dh->prime_size = sizeof( dh->prime);
- ret = _gnutls_mpi_print_lz( dh->prime, &dh->prime_size, prime);
- if (ret < 0) {
- gnutls_assert();
- dh->prime_size = 0;
- return ret;
+ dh = &info->dh;
+ break;
}
+ case GNUTLS_CRD_CERTIFICATE:{
+ cert_auth_info_t info;
- dh->generator_size = sizeof( dh->generator);
- ret = _gnutls_mpi_print_lz( dh->generator, &dh->generator_size, gen);
- if (ret < 0) {
- gnutls_assert();
- dh->generator_size = 0;
- return ret;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
}
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
-
- return 0;
+ dh->prime_size = sizeof(dh->prime);
+ ret = _gnutls_mpi_print_lz(dh->prime, &dh->prime_size, prime);
+ if (ret < 0) {
+ gnutls_assert();
+ dh->prime_size = 0;
+ return ret;
+ }
+
+ dh->generator_size = sizeof(dh->generator);
+ ret = _gnutls_mpi_print_lz(dh->generator, &dh->generator_size, gen);
+ if (ret < 0) {
+ gnutls_assert();
+ dh->generator_size = 0;
+ return ret;
+ }
+
+
+ return 0;
}
/**
@@ -558,9 +581,10 @@ int ret;
* server can obtain the client's key.
*
**/
-void gnutls_openpgp_send_key(gnutls_session session, gnutls_openpgp_key_status status)
+void gnutls_openpgp_send_key(gnutls_session session,
+ gnutls_openpgp_key_status status)
{
- session->internals.pgp_fingerprint = status;
+ session->internals.pgp_fingerprint = status;
}
/**
@@ -577,14 +601,15 @@ void gnutls_openpgp_send_key(gnutls_session session, gnutls_openpgp_key_status s
* certificate with X.509 certificates.
*
**/
-void gnutls_certificate_send_x509_rdn_sequence(gnutls_session session, int status)
+void gnutls_certificate_send_x509_rdn_sequence(gnutls_session session,
+ int status)
{
- session->internals.ignore_rdn_sequence = status;
+ session->internals.ignore_rdn_sequence = status;
}
-int _gnutls_openpgp_send_fingerprint(gnutls_session session)
+int _gnutls_openpgp_send_fingerprint(gnutls_session session)
{
- return session->internals.pgp_fingerprint;
+ return session->internals.pgp_fingerprint;
}
/*-
@@ -599,10 +624,11 @@ int _gnutls_openpgp_send_fingerprint(gnutls_session session)
*
-*/
void _gnutls_record_set_default_version(gnutls_session session,
- unsigned char major, unsigned char minor)
+ unsigned char major,
+ unsigned char minor)
{
- session->internals.default_record_version[0] = major;
- session->internals.default_record_version[1] = minor;
+ session->internals.default_record_version[0] = major;
+ session->internals.default_record_version[1] = minor;
}
/**
@@ -623,26 +649,30 @@ void _gnutls_record_set_default_version(gnutls_session session,
* servers and clients may cause interoperability problems.
*
**/
-void gnutls_handshake_set_private_extensions(gnutls_session session, int allow)
+void gnutls_handshake_set_private_extensions(gnutls_session session,
+ int allow)
{
- session->internals.enable_private = allow;
+ session->internals.enable_private = allow;
}
inline
-static int _gnutls_cal_PRF_A( gnutls_mac_algorithm algorithm, const void *secret, int secret_size, const void *seed, int seed_size, void* result)
+ static int _gnutls_cal_PRF_A(gnutls_mac_algorithm algorithm,
+ const void *secret, int secret_size,
+ const void *seed, int seed_size,
+ void *result)
{
- mac_hd_t td1;
+ mac_hd_t td1;
- td1 = _gnutls_hmac_init(algorithm, secret, secret_size);
- if (td1 == GNUTLS_MAC_FAILED) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ td1 = _gnutls_hmac_init(algorithm, secret, secret_size);
+ if (td1 == GNUTLS_MAC_FAILED) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- _gnutls_hmac(td1, seed, seed_size);
- _gnutls_hmac_deinit(td1, result);
-
- return 0;
+ _gnutls_hmac(td1, seed, seed_size);
+ _gnutls_hmac_deinit(td1, result);
+
+ return 0;
}
#define MAX_SEED_SIZE 200
@@ -650,75 +680,81 @@ static int _gnutls_cal_PRF_A( gnutls_mac_algorithm algorithm, const void *secret
/* Produces "total_bytes" bytes using the hash algorithm specified.
* (used in the PRF function)
*/
-static int _gnutls_P_hash( gnutls_mac_algorithm algorithm, const opaque * secret, int secret_size, const opaque * seed, int seed_size, int total_bytes, opaque* ret)
+static int _gnutls_P_hash(gnutls_mac_algorithm algorithm,
+ const opaque * secret, int secret_size,
+ const opaque * seed, int seed_size,
+ int total_bytes, opaque * ret)
{
- mac_hd_t td2;
- int i, times, how, blocksize, A_size;
- opaque final[20], Atmp[MAX_SEED_SIZE];
- int output_bytes, result;
+ mac_hd_t td2;
+ int i, times, how, blocksize, A_size;
+ opaque final[20], Atmp[MAX_SEED_SIZE];
+ int output_bytes, result;
- if (seed_size > MAX_SEED_SIZE || total_bytes<=0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ if (seed_size > MAX_SEED_SIZE || total_bytes <= 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ blocksize = _gnutls_hmac_get_algo_len(algorithm);
+
+ output_bytes = 0;
+ do {
+ output_bytes += blocksize;
+ } while (output_bytes < total_bytes);
+
+ /* calculate A(0) */
+
+ memcpy(Atmp, seed, seed_size);
+ A_size = seed_size;
+
+ times = output_bytes / blocksize;
+
+ for (i = 0; i < times; i++) {
+ td2 = _gnutls_hmac_init(algorithm, secret, secret_size);
+ if (td2 == GNUTLS_MAC_FAILED) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
}
-
- blocksize = _gnutls_hmac_get_algo_len(algorithm);
-
- output_bytes = 0;
- do {
- output_bytes += blocksize;
- } while (output_bytes < total_bytes);
-
- /* calculate A(0) */
-
- memcpy( Atmp, seed, seed_size);
- A_size = seed_size;
-
- times = output_bytes / blocksize;
-
- for (i = 0; i < times; i++) {
- td2 = _gnutls_hmac_init(algorithm, secret, secret_size);
- if (td2 == GNUTLS_MAC_FAILED) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* here we calculate A(i+1) */
- if ((result=_gnutls_cal_PRF_A( algorithm, secret, secret_size, Atmp, A_size, Atmp)) < 0) {
- gnutls_assert();
- _gnutls_hmac_deinit(td2, final);
- return result;
- }
-
- A_size = blocksize;
-
- _gnutls_hmac(td2, Atmp, A_size);
- _gnutls_hmac(td2, seed, seed_size);
- _gnutls_hmac_deinit(td2, final);
-
- if ( (1+i) * blocksize < total_bytes) {
- how = blocksize;
- } else {
- how = total_bytes - (i) * blocksize;
- }
-
- if (how > 0) {
- memcpy(&ret[i * blocksize], final, how);
- }
+
+ /* here we calculate A(i+1) */
+ if ((result =
+ _gnutls_cal_PRF_A(algorithm, secret, secret_size, Atmp,
+ A_size, Atmp)) < 0) {
+ gnutls_assert();
+ _gnutls_hmac_deinit(td2, final);
+ return result;
}
-
- return 0;
+
+ A_size = blocksize;
+
+ _gnutls_hmac(td2, Atmp, A_size);
+ _gnutls_hmac(td2, seed, seed_size);
+ _gnutls_hmac_deinit(td2, final);
+
+ if ((1 + i) * blocksize < total_bytes) {
+ how = blocksize;
+ } else {
+ how = total_bytes - (i) * blocksize;
+ }
+
+ if (how > 0) {
+ memcpy(&ret[i * blocksize], final, how);
+ }
+ }
+
+ return 0;
}
/* Xor's two buffers and puts the output in the first one.
*/
inline static
-void _gnutls_xor(opaque* o1, opaque* o2, int length) {
-int i;
- for (i = 0; i < length; i++) {
- o1[i] ^= o2[i];
- }
+void _gnutls_xor(opaque * o1, opaque * o2, int length)
+{
+ int i;
+ for (i = 0; i < length; i++) {
+ o1[i] ^= o2[i];
+ }
}
@@ -729,56 +765,61 @@ int i;
* needed by the TLS specification. ret must have a least total_bytes
* available.
*/
-int _gnutls_PRF( const opaque * secret, int secret_size, const char * label, int label_size,
- opaque * seed, int seed_size, int total_bytes, void* ret)
+int _gnutls_PRF(const opaque * secret, int secret_size, const char *label,
+ int label_size, opaque * seed, int seed_size,
+ int total_bytes, void *ret)
{
- int l_s, s_seed_size;
- const opaque *s1, *s2;
- opaque s_seed[MAX_SEED_SIZE];
- opaque o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES];
- int result;
+ int l_s, s_seed_size;
+ const opaque *s1, *s2;
+ opaque s_seed[MAX_SEED_SIZE];
+ opaque o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES];
+ int result;
- if (total_bytes > MAX_PRF_BYTES) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- /* label+seed = s_seed */
- s_seed_size = seed_size + label_size;
+ if (total_bytes > MAX_PRF_BYTES) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ /* label+seed = s_seed */
+ s_seed_size = seed_size + label_size;
- if (s_seed_size > MAX_SEED_SIZE) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (s_seed_size > MAX_SEED_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- memcpy(s_seed, label, label_size);
- memcpy(&s_seed[label_size], seed, seed_size);
+ memcpy(s_seed, label, label_size);
+ memcpy(&s_seed[label_size], seed, seed_size);
- l_s = secret_size / 2;
-
- s1 = &secret[0];
- s2 = &secret[l_s];
+ l_s = secret_size / 2;
- if (secret_size % 2 != 0) {
- l_s++;
- }
+ s1 = &secret[0];
+ s2 = &secret[l_s];
- result = _gnutls_P_hash( GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size, total_bytes, o1);
- if (result<0) {
- gnutls_assert();
- return result;
- }
+ if (secret_size % 2 != 0) {
+ l_s++;
+ }
- result = _gnutls_P_hash( GNUTLS_MAC_SHA, s2, l_s, s_seed, s_seed_size, total_bytes, o2);
- if (result<0) {
- gnutls_assert();
- return result;
- }
+ result =
+ _gnutls_P_hash(GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size,
+ total_bytes, o1);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_P_hash(GNUTLS_MAC_SHA, s2, l_s, s_seed, s_seed_size,
+ total_bytes, o2);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- _gnutls_xor(o1, o2, total_bytes);
+ _gnutls_xor(o1, o2, total_bytes);
- memcpy( ret, o1, total_bytes);
+ memcpy(ret, o1, total_bytes);
- return 0; /* ok */
+ return 0; /* ok */
}
@@ -792,17 +833,18 @@ int _gnutls_PRF( const opaque * secret, int secret_size, const char * label, int
**/
int gnutls_session_is_resumed(gnutls_session session)
{
- if (session->security_parameters.entity==GNUTLS_CLIENT) {
- if (memcmp( session->security_parameters.session_id,
- session->internals.resumed_security_parameters.session_id,
- session->security_parameters.session_id_size)==0)
- return 1;
- } else {
- if (session->internals.resumed==RESUME_TRUE)
- return 1;
- }
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ if (memcmp(session->security_parameters.session_id,
+ session->internals.resumed_security_parameters.
+ session_id,
+ session->security_parameters.session_id_size) == 0)
+ return 1;
+ } else {
+ if (session->internals.resumed == RESUME_TRUE)
+ return 1;
+ }
- return 0;
+ return 0;
}
/*-
@@ -814,14 +856,16 @@ int gnutls_session_is_resumed(gnutls_session session)
-*/
int _gnutls_session_is_export(gnutls_session session)
{
- gnutls_cipher_algorithm cipher;
-
- cipher = _gnutls_cipher_suite_get_cipher_algo( &session->security_parameters.current_cipher_suite);
-
- if (_gnutls_cipher_get_export_flag( cipher) != 0)
- return 1;
+ gnutls_cipher_algorithm cipher;
- return 0;
+ cipher =
+ _gnutls_cipher_suite_get_cipher_algo(&session->security_parameters.
+ current_cipher_suite);
+
+ if (_gnutls_cipher_get_export_flag(cipher) != 0)
+ return 1;
+
+ return 0;
}
/**
@@ -832,9 +876,9 @@ int _gnutls_session_is_export(gnutls_session session)
* This is the pointer set with gnutls_session_set_ptr().
*
**/
-void* gnutls_session_get_ptr(gnutls_session session)
+void *gnutls_session_get_ptr(gnutls_session session)
{
- return session->internals.user_ptr;
+ return session->internals.user_ptr;
}
/**
@@ -846,9 +890,9 @@ void* gnutls_session_get_ptr(gnutls_session session)
* This is pointer can be accessed with gnutls_session_get_ptr().
*
**/
-void gnutls_session_set_ptr(gnutls_session session, void* ptr)
+void gnutls_session_set_ptr(gnutls_session session, void *ptr)
{
- session->internals.user_ptr = ptr;
+ session->internals.user_ptr = ptr;
}
@@ -867,8 +911,9 @@ void gnutls_session_set_ptr(gnutls_session session, void* ptr)
* write data.
*
**/
-int gnutls_record_get_direction(gnutls_session session) {
- return session->internals.direction;
+int gnutls_record_get_direction(gnutls_session session)
+{
+ return session->internals.direction;
}
/*-
@@ -882,9 +927,9 @@ int gnutls_record_get_direction(gnutls_session session) {
* test server's capabilities.
*
-*/
-void _gnutls_rsa_pms_set_version(gnutls_session session, unsigned char major,
- unsigned char minor)
+void _gnutls_rsa_pms_set_version(gnutls_session session,
+ unsigned char major, unsigned char minor)
{
- session->internals.rsa_pms_version[0] = major;
- session->internals.rsa_pms_version[1] = minor;
+ session->internals.rsa_pms_version[0] = major;
+ session->internals.rsa_pms_version[1] = minor;
}
diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h
index 41b8b178ad..19433fef05 100644
--- a/lib/gnutls_state.h
+++ b/lib/gnutls_state.h
@@ -3,10 +3,12 @@
#include <gnutls_int.h>
-void _gnutls_session_cert_type_set( gnutls_session session, gnutls_certificate_type);
-gnutls_kx_algorithm gnutls_kx_get( gnutls_session session);
-gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session);
-gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session);
+void _gnutls_session_cert_type_set(gnutls_session session,
+ gnutls_certificate_type);
+gnutls_kx_algorithm gnutls_kx_get(gnutls_session session);
+gnutls_cipher_algorithm gnutls_cipher_get(gnutls_session session);
+gnutls_certificate_type gnutls_certificate_type_get(gnutls_session
+ session);
#include <gnutls_auth_int.h>
@@ -17,25 +19,28 @@ gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session);
#endif
-int _gnutls_session_cert_type_supported( gnutls_session, gnutls_certificate_type);
+int _gnutls_session_cert_type_supported(gnutls_session,
+ gnutls_certificate_type);
-int _gnutls_dh_set_secret_bits( gnutls_session session, uint bits);
+int _gnutls_dh_set_secret_bits(gnutls_session session, uint bits);
-int _gnutls_dh_set_peer_public( gnutls_session session, mpi_t public);
-int _gnutls_dh_set_group( gnutls_session session, mpi_t gen, mpi_t prime);
+int _gnutls_dh_set_peer_public(gnutls_session session, mpi_t public);
+int _gnutls_dh_set_group(gnutls_session session, mpi_t gen, mpi_t prime);
-int _gnutls_dh_get_allowed_prime_bits( gnutls_session session);
-void gnutls_dh_set_prime_bits( gnutls_session session, unsigned int bits);
-void _gnutls_handshake_internal_state_clear( gnutls_session);
+int _gnutls_dh_get_allowed_prime_bits(gnutls_session session);
+void gnutls_dh_set_prime_bits(gnutls_session session, unsigned int bits);
+void _gnutls_handshake_internal_state_clear(gnutls_session);
-int _gnutls_rsa_export_set_pubkey( gnutls_session session, mpi_t exp, mpi_t mod);
+int _gnutls_rsa_export_set_pubkey(gnutls_session session, mpi_t exp,
+ mpi_t mod);
-int _gnutls_session_is_resumable( gnutls_session session);
-int _gnutls_session_is_export( gnutls_session session);
+int _gnutls_session_is_resumable(gnutls_session session);
+int _gnutls_session_is_export(gnutls_session session);
-int _gnutls_openpgp_send_fingerprint( gnutls_session session);
+int _gnutls_openpgp_send_fingerprint(gnutls_session session);
-int _gnutls_PRF( const opaque * secret, int secret_size, const char * label,
- int label_size, opaque * seed, int seed_size, int total_bytes, void* ret);
+int _gnutls_PRF(const opaque * secret, int secret_size, const char *label,
+ int label_size, opaque * seed, int seed_size,
+ int total_bytes, void *ret);
#define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index 10911bedfd..0e55c35d9a 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -31,157 +31,166 @@
*
* They should be used only with null terminated strings.
*/
-void _gnutls_str_cat( char* dest, size_t dest_tot_size, const char* src) {
-size_t str_size = strlen(src);
-size_t dest_size = strlen(dest);
-
- if ( dest_tot_size - dest_size > str_size) {
- strcat( dest, src);
- } else {
- if ( dest_tot_size - dest_size > 0) {
- strncat( dest, src, (dest_tot_size - dest_size) -1);
- dest[dest_tot_size-1] = 0;
- }
+void _gnutls_str_cat(char *dest, size_t dest_tot_size, const char *src)
+{
+ size_t str_size = strlen(src);
+ size_t dest_size = strlen(dest);
+
+ if (dest_tot_size - dest_size > str_size) {
+ strcat(dest, src);
+ } else {
+ if (dest_tot_size - dest_size > 0) {
+ strncat(dest, src, (dest_tot_size - dest_size) - 1);
+ dest[dest_tot_size - 1] = 0;
}
+ }
}
-void _gnutls_str_cpy( char* dest, size_t dest_tot_size, const char* src) {
-size_t str_size = strlen(src);
-
- if ( dest_tot_size > str_size) {
- strcpy( dest, src);
- } else {
- if ( dest_tot_size > 0) {
- strncpy( dest, src, (dest_tot_size) -1);
- dest[dest_tot_size-1] = 0;
- }
+void _gnutls_str_cpy(char *dest, size_t dest_tot_size, const char *src)
+{
+ size_t str_size = strlen(src);
+
+ if (dest_tot_size > str_size) {
+ strcpy(dest, src);
+ } else {
+ if (dest_tot_size > 0) {
+ strncpy(dest, src, (dest_tot_size) - 1);
+ dest[dest_tot_size - 1] = 0;
}
+ }
}
-void _gnutls_mem_cpy( char* dest, size_t dest_tot_size, const char* src, size_t src_size)
+void _gnutls_mem_cpy(char *dest, size_t dest_tot_size, const char *src,
+ size_t src_size)
{
- if ( dest_tot_size >= src_size) {
- memcpy( dest, src, src_size);
- } else {
- if ( dest_tot_size > 0) {
- memcpy( dest, src, dest_tot_size);
- }
+ if (dest_tot_size >= src_size) {
+ memcpy(dest, src, src_size);
+ } else {
+ if (dest_tot_size > 0) {
+ memcpy(dest, src, dest_tot_size);
}
+ }
}
-void _gnutls_string_init( gnutls_string* str, gnutls_alloc_function alloc_func,
- gnutls_realloc_function realloc_func,
- gnutls_free_function free_func)
+void _gnutls_string_init(gnutls_string * str,
+ gnutls_alloc_function alloc_func,
+ gnutls_realloc_function realloc_func,
+ gnutls_free_function free_func)
{
- str->data = NULL;
- str->max_length = 0;
- str->length = 0;
-
- str->alloc_func = alloc_func;
- str->free_func = free_func;
- str->realloc_func = realloc_func;
+ str->data = NULL;
+ str->max_length = 0;
+ str->length = 0;
+
+ str->alloc_func = alloc_func;
+ str->free_func = free_func;
+ str->realloc_func = realloc_func;
}
-void _gnutls_string_clear( gnutls_string* str)
+void _gnutls_string_clear(gnutls_string * str)
{
- if (str==NULL || str->data == NULL) return;
- str->free_func( str->data);
-
- str->data = NULL;
- str->max_length = 0;
- str->length = 0;
+ if (str == NULL || str->data == NULL)
+ return;
+ str->free_func(str->data);
+
+ str->data = NULL;
+ str->max_length = 0;
+ str->length = 0;
}
/* This one does not copy the string.
*/
-gnutls_datum _gnutls_string2datum( gnutls_string* str)
+gnutls_datum _gnutls_string2datum(gnutls_string * str)
{
- gnutls_datum ret;
-
- ret.data = str->data;
- ret.size = str->length;
-
- return ret;
+ gnutls_datum ret;
+
+ ret.data = str->data;
+ ret.size = str->length;
+
+ return ret;
}
#define MIN_CHUNK 256
-int _gnutls_string_copy_str( gnutls_string* dest, const char * src)
+int _gnutls_string_copy_str(gnutls_string * dest, const char *src)
{
- size_t src_len = strlen( src);
-
- if (dest->max_length >= src_len) {
- memcpy( dest->data, src, src_len);
- dest->length = src_len;
-
- return src_len;
- } else {
- dest->data = dest->realloc_func( dest->data, GMAX(src_len, MIN_CHUNK));
- if (dest->data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- dest->max_length = GMAX( MIN_CHUNK, src_len);
-
- memcpy( dest->data, src, src_len);
- dest->length = src_len;
-
- return src_len;
+ size_t src_len = strlen(src);
+
+ if (dest->max_length >= src_len) {
+ memcpy(dest->data, src, src_len);
+ dest->length = src_len;
+
+ return src_len;
+ } else {
+ dest->data =
+ dest->realloc_func(dest->data, GMAX(src_len, MIN_CHUNK));
+ if (dest->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
+ dest->max_length = GMAX(MIN_CHUNK, src_len);
+
+ memcpy(dest->data, src, src_len);
+ dest->length = src_len;
+
+ return src_len;
+ }
}
-int _gnutls_string_append_str( gnutls_string* dest, const char * src)
+int _gnutls_string_append_str(gnutls_string * dest, const char *src)
{
- size_t src_len = strlen( src);
- size_t tot_len = src_len + dest->length;
-
- if (dest->max_length >= tot_len) {
- memcpy( &dest->data[dest->length], src, src_len);
- dest->length = tot_len;
-
- return tot_len;
- } else {
- size_t new_len = GMAX( src_len, MIN_CHUNK) + GMAX( dest->max_length, MIN_CHUNK);
-
- dest->data = dest->realloc_func( dest->data, new_len);
- if (dest->data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- dest->max_length = new_len;
-
- memcpy( &dest->data[dest->length], src, src_len);
- dest->length = tot_len;
-
- return tot_len;
+ size_t src_len = strlen(src);
+ size_t tot_len = src_len + dest->length;
+
+ if (dest->max_length >= tot_len) {
+ memcpy(&dest->data[dest->length], src, src_len);
+ dest->length = tot_len;
+
+ return tot_len;
+ } else {
+ size_t new_len =
+ GMAX(src_len, MIN_CHUNK) + GMAX(dest->max_length, MIN_CHUNK);
+
+ dest->data = dest->realloc_func(dest->data, new_len);
+ if (dest->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
+ dest->max_length = new_len;
+
+ memcpy(&dest->data[dest->length], src, src_len);
+ dest->length = tot_len;
+
+ return tot_len;
+ }
}
-int _gnutls_string_append_data( gnutls_string* dest, const void * data, size_t data_size)
+int _gnutls_string_append_data(gnutls_string * dest, const void *data,
+ size_t data_size)
{
- size_t tot_len = data_size + dest->length;
-
- if (dest->max_length >= tot_len) {
- memcpy( &dest->data[dest->length], data, data_size);
- dest->length = tot_len;
-
- return tot_len;
- } else {
- size_t new_len = GMAX( data_size, MIN_CHUNK) + GMAX(dest->max_length, MIN_CHUNK);
-
- dest->data = dest->realloc_func( dest->data, new_len);
- if (dest->data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- dest->max_length = new_len;
-
- memcpy( &dest->data[dest->length], data, data_size);
- dest->length = tot_len;
-
- return tot_len;
+ size_t tot_len = data_size + dest->length;
+
+ if (dest->max_length >= tot_len) {
+ memcpy(&dest->data[dest->length], data, data_size);
+ dest->length = tot_len;
+
+ return tot_len;
+ } else {
+ size_t new_len =
+ GMAX(data_size, MIN_CHUNK) + GMAX(dest->max_length, MIN_CHUNK);
+
+ dest->data = dest->realloc_func(dest->data, new_len);
+ if (dest->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
+ dest->max_length = new_len;
+
+ memcpy(&dest->data[dest->length], data, data_size);
+ dest->length = tot_len;
+
+ return tot_len;
+ }
}
/* Converts the given string (old) to hex. A buffer must be provided
@@ -190,18 +199,19 @@ int _gnutls_string_append_data( gnutls_string* dest, const void * data, size_t d
* NULL.
*/
char *_gnutls_bin2hex(const void *_old, size_t oldlen,
- char *buffer, size_t buffer_size)
+ char *buffer, size_t buffer_size)
{
- unsigned int i, j;
- const opaque *old = _old;
+ unsigned int i, j;
+ const opaque *old = _old;
- if ((oldlen * 2) + 1 > buffer_size) return NULL;
+ if ((oldlen * 2) + 1 > buffer_size)
+ return NULL;
- for (i = j = 0; i < oldlen; j+=2) {
- sprintf(&buffer[j], "%.2x", old[i]);
- i++;
- }
- buffer[j] = '\0';
+ for (i = j = 0; i < oldlen; j += 2) {
+ sprintf(&buffer[j], "%.2x", old[i]);
+ i++;
+ }
+ buffer[j] = '\0';
- return buffer;
+ return buffer;
}
diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h
index 97007fffa6..ec94878593 100644
--- a/lib/gnutls_str.h
+++ b/lib/gnutls_str.h
@@ -3,32 +3,35 @@
#include <gnutls_int.h>
-void _gnutls_str_cpy( char* dest, size_t dest_tot_size, const char* src);
-void _gnutls_mem_cpy( char* dest, size_t dest_tot_size, const char* src, size_t src_size);
-void _gnutls_str_cat( char* dest, size_t dest_tot_size, const char* src);
+void _gnutls_str_cpy(char *dest, size_t dest_tot_size, const char *src);
+void _gnutls_mem_cpy(char *dest, size_t dest_tot_size, const char *src,
+ size_t src_size);
+void _gnutls_str_cat(char *dest, size_t dest_tot_size, const char *src);
typedef struct {
- opaque * data;
- size_t max_length;
- size_t length;
- gnutls_realloc_function realloc_func;
- gnutls_alloc_function alloc_func;
- gnutls_free_function free_func;
+ opaque *data;
+ size_t max_length;
+ size_t length;
+ gnutls_realloc_function realloc_func;
+ gnutls_alloc_function alloc_func;
+ gnutls_free_function free_func;
} gnutls_string;
-void _gnutls_string_init( gnutls_string*, gnutls_alloc_function, gnutls_realloc_function, gnutls_free_function);
-void _gnutls_string_clear( gnutls_string*);
+void _gnutls_string_init(gnutls_string *, gnutls_alloc_function,
+ gnutls_realloc_function, gnutls_free_function);
+void _gnutls_string_clear(gnutls_string *);
/* Beware, do not clear the string, after calling this
* function
*/
-gnutls_datum _gnutls_string2datum( gnutls_string* str);
+gnutls_datum _gnutls_string2datum(gnutls_string * str);
-int _gnutls_string_copy_str( gnutls_string* dest, const char* src);
-int _gnutls_string_append_str( gnutls_string*, const char* str);
-int _gnutls_string_append_data( gnutls_string*, const void* data, size_t data_size);
+int _gnutls_string_copy_str(gnutls_string * dest, const char *src);
+int _gnutls_string_append_str(gnutls_string *, const char *str);
+int _gnutls_string_append_data(gnutls_string *, const void *data,
+ size_t data_size);
-char * _gnutls_bin2hex(const void *old, size_t oldlen, char* buffer,
- size_t buffer_size);
+char *_gnutls_bin2hex(const void *old, size_t oldlen, char *buffer,
+ size_t buffer_size);
#endif
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 6871f38f5c..462aec6de3 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -53,7 +53,7 @@
**/
void gnutls_dh_set_prime_bits(gnutls_session session, unsigned int bits)
{
- session->internals.dh_prime_bits = bits;
+ session->internals.dh_prime_bits = bits;
}
@@ -71,46 +71,46 @@ void gnutls_dh_set_prime_bits(gnutls_session session, unsigned int bits)
* Returns a negative value in case of an error.
*
**/
-int gnutls_dh_get_group(gnutls_session session,
- gnutls_datum* raw_gen, gnutls_datum* raw_prime)
+int gnutls_dh_get_group(gnutls_session session,
+ gnutls_datum * raw_gen, gnutls_datum * raw_prime)
{
-dh_info_t *dh;
-int ret;
-anon_server_auth_info_t anon_info;
-cert_auth_info_t cert_info;
-
- switch( gnutls_auth_get_type( session)) {
- case GNUTLS_CRD_ANON:
- anon_info = _gnutls_get_auth_info(session);
- if (anon_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &anon_info->dh;
- break;
- case GNUTLS_CRD_CERTIFICATE:
- cert_info = _gnutls_get_auth_info(session);
- if (cert_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &cert_info->dh;
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_set_datum( raw_prime, dh->prime, dh->prime_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = _gnutls_set_datum( raw_gen, dh->generator, dh->generator_size);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum( raw_prime);
- return ret;
- }
-
- return 0;
+ dh_info_t *dh;
+ int ret;
+ anon_server_auth_info_t anon_info;
+ cert_auth_info_t cert_info;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:
+ anon_info = _gnutls_get_auth_info(session);
+ if (anon_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &anon_info->dh;
+ break;
+ case GNUTLS_CRD_CERTIFICATE:
+ cert_info = _gnutls_get_auth_info(session);
+ if (cert_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &cert_info->dh;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_set_datum(raw_prime, dh->prime, dh->prime_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = _gnutls_set_datum(raw_gen, dh->generator, dh->generator_size);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(raw_prime);
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -125,34 +125,34 @@ cert_auth_info_t cert_info;
* Returns a negative value in case of an error.
*
**/
-int gnutls_dh_get_pubkey(gnutls_session session, gnutls_datum* raw_key)
+int gnutls_dh_get_pubkey(gnutls_session session, gnutls_datum * raw_key)
{
-dh_info_t* dh;
-anon_server_auth_info_t anon_info;
-cert_auth_info_t cert_info;
-
- switch( gnutls_auth_get_type( session)) {
- case GNUTLS_CRD_ANON: {
- anon_info = _gnutls_get_auth_info(session);
- if (anon_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &anon_info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE: {
-
- cert_info = _gnutls_get_auth_info(session);
- if (cert_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &cert_info->dh;
- break;
- }
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ dh_info_t *dh;
+ anon_server_auth_info_t anon_info;
+ cert_auth_info_t cert_info;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:{
+ anon_info = _gnutls_get_auth_info(session);
+ if (anon_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &anon_info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:{
+
+ cert_info = _gnutls_get_auth_info(session);
+ if (cert_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &cert_info->dh;
+ break;
}
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_set_datum( raw_key, dh->public_key, dh->public_key_size);
+ return _gnutls_set_datum(raw_key, dh->public_key, dh->public_key_size);
}
/**
@@ -167,35 +167,36 @@ cert_auth_info_t cert_info;
* Returns a negative value in case of an error.
*
**/
-int gnutls_rsa_export_get_pubkey(gnutls_session session, gnutls_datum* exp, gnutls_datum* mod)
+int gnutls_rsa_export_get_pubkey(gnutls_session session,
+ gnutls_datum * exp, gnutls_datum * mod)
{
-cert_auth_info_t info;
-int ret;
-
- if ( gnutls_auth_get_type( session) == GNUTLS_CRD_CERTIFICATE) {
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- ret = _gnutls_set_datum( mod, info->rsa_export.modulus,
- info->rsa_export.modulus_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = _gnutls_set_datum( exp, info->rsa_export.exponent,
- info->rsa_export.exponent_size);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum( mod);
- return ret;
- }
-
- return 0;
+ cert_auth_info_t info;
+ int ret;
+
+ if (gnutls_auth_get_type(session) == GNUTLS_CRD_CERTIFICATE) {
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ ret = _gnutls_set_datum(mod, info->rsa_export.modulus,
+ info->rsa_export.modulus_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- return GNUTLS_E_INVALID_REQUEST;
+ ret = _gnutls_set_datum(exp, info->rsa_export.exponent,
+ info->rsa_export.exponent_size);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(mod);
+ return ret;
+ }
+
+ return 0;
+ }
+
+ return GNUTLS_E_INVALID_REQUEST;
}
@@ -210,28 +211,28 @@ int ret;
**/
int gnutls_dh_get_secret_bits(gnutls_session session)
{
- switch( gnutls_auth_get_type( session)) {
- case GNUTLS_CRD_ANON: {
- anon_server_auth_info_t info;
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- return info->dh.secret_bits;
- }
- case GNUTLS_CRD_CERTIFICATE: {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- return info->dh.secret_bits;
- }
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:{
+ anon_server_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return info->dh.secret_bits;
+ }
+ case GNUTLS_CRD_CERTIFICATE:{
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ return info->dh.secret_bits;
}
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
@@ -246,34 +247,34 @@ int gnutls_dh_get_secret_bits(gnutls_session session)
**/
int gnutls_dh_get_prime_bits(gnutls_session session)
{
-dh_info_t *dh;
-
- switch( gnutls_auth_get_type( session)) {
- case GNUTLS_CRD_ANON: {
- anon_server_auth_info_t info;
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE: {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ dh_info_t *dh;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:{
+ anon_server_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &info->dh;
+ break;
}
+ case GNUTLS_CRD_CERTIFICATE:{
+ cert_auth_info_t info;
- return (dh->prime_size)*8;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return (dh->prime_size) * 8;
}
@@ -288,13 +289,13 @@ dh_info_t *dh;
**/
int gnutls_rsa_export_get_modulus_bits(gnutls_session session)
{
-cert_auth_info_t info;
+ cert_auth_info_t info;
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
- return info->rsa_export.modulus_size*8;
+ return info->rsa_export.modulus_size * 8;
}
/**
@@ -308,35 +309,35 @@ cert_auth_info_t info;
**/
int gnutls_dh_get_peers_public_bits(gnutls_session session)
{
-dh_info_t * dh;
-
- switch( gnutls_auth_get_type( session)) {
- case GNUTLS_CRD_ANON: {
- anon_server_auth_info_t info;
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case GNUTLS_CRD_CERTIFICATE: {
- cert_auth_info_t info;
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ dh_info_t *dh;
+
+ switch (gnutls_auth_get_type(session)) {
+ case GNUTLS_CRD_ANON:{
+ anon_server_auth_info_t info;
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
}
+ case GNUTLS_CRD_CERTIFICATE:{
+ cert_auth_info_t info;
- return dh->public_key_size*8;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return dh->public_key_size * 8;
}
@@ -355,20 +356,20 @@ dh_info_t * dh;
**/
const gnutls_datum *gnutls_certificate_get_ours(gnutls_session session)
{
- const gnutls_certificate_credentials cred;
+ const gnutls_certificate_credentials cred;
- CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
- cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL || cred->cert_list == NULL) {
- gnutls_assert();
- return NULL;
- }
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL || cred->cert_list == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
- if (session->internals.selected_cert_list == NULL)
- return NULL;
+ if (session->internals.selected_cert_list == NULL)
+ return NULL;
- return &session->internals.selected_cert_list[0].raw;
+ return &session->internals.selected_cert_list[0].raw;
}
/**
@@ -385,19 +386,19 @@ const gnutls_datum *gnutls_certificate_get_ours(gnutls_session session)
* Returns NULL in case of an error, or if no certificate was sent.
*
**/
-const gnutls_datum *gnutls_certificate_get_peers(gnutls_session session,
- unsigned int *list_size)
+const gnutls_datum *gnutls_certificate_get_peers(gnutls_session session,
+ unsigned int *list_size)
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return NULL;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return NULL;
- *list_size = info->ncerts;
- return info->raw_certificate_list;
+ *list_size = info->ncerts;
+ return info->raw_certificate_list;
}
@@ -412,14 +413,14 @@ const gnutls_datum *gnutls_certificate_get_peers(gnutls_session session,
**/
int gnutls_certificate_client_get_request_status(gnutls_session session)
{
- cert_auth_info_t info;
+ cert_auth_info_t info;
- CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, 0);
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, 0);
- info = _gnutls_get_auth_info(session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- return info->certificate_requested;
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return info->certificate_requested;
}
/**
@@ -442,30 +443,30 @@ int gnutls_certificate_client_get_request_status(gnutls_session session)
* Returns a negative value in case of an error.
*
**/
-int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data,
- void* result, size_t* result_size)
+int gnutls_fingerprint(gnutls_digest_algorithm algo,
+ const gnutls_datum * data, void *result,
+ size_t * result_size)
{
- GNUTLS_HASH_HANDLE td;
- int hash_len = _gnutls_hash_get_algo_len(algo);
-
- if (hash_len < 0 || (uint)hash_len > *result_size ||
- result==NULL)
- {
- *result_size = hash_len;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ GNUTLS_HASH_HANDLE td;
+ int hash_len = _gnutls_hash_get_algo_len(algo);
+
+ if (hash_len < 0 || (uint) hash_len > *result_size || result == NULL) {
*result_size = hash_len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *result_size = hash_len;
- if (result) {
- td = _gnutls_hash_init( algo);
- if (td==NULL) return GNUTLS_E_HASH_FAILED;
-
- _gnutls_hash( td, data->data, data->size);
-
- _gnutls_hash_deinit( td, result);
- }
-
- return 0;
+ if (result) {
+ td = _gnutls_hash_init(algo);
+ if (td == NULL)
+ return GNUTLS_E_HASH_FAILED;
+
+ _gnutls_hash(td, data->data, data->size);
+
+ _gnutls_hash_deinit(td, result);
+ }
+
+ return 0;
}
/**
@@ -478,9 +479,10 @@ int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data,
* cipher suites.
*
**/
-void gnutls_anon_set_server_dh_params( gnutls_anon_server_credentials res, gnutls_dh_params dh_params)
+void gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials res,
+ gnutls_dh_params dh_params)
{
- res->dh_params = dh_params;
+ res->dh_params = dh_params;
}
/**
@@ -493,9 +495,10 @@ void gnutls_anon_set_server_dh_params( gnutls_anon_server_credentials res, gnutl
* cipher suites.
*
**/
-void gnutls_certificate_set_dh_params(gnutls_certificate_credentials res, gnutls_dh_params dh_params)
+void gnutls_certificate_set_dh_params(gnutls_certificate_credentials res,
+ gnutls_dh_params dh_params)
{
- res->dh_params = dh_params;
+ res->dh_params = dh_params;
}
/**
@@ -508,10 +511,11 @@ void gnutls_certificate_set_dh_params(gnutls_certificate_credentials res, gnutls
* should return zero on success.
*
**/
-void gnutls_certificate_set_params_function(gnutls_certificate_credentials res,
- gnutls_params_function* func)
+void gnutls_certificate_set_params_function(gnutls_certificate_credentials
+ res,
+ gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
/**
@@ -524,10 +528,10 @@ void gnutls_certificate_set_params_function(gnutls_certificate_credentials res,
* return zero on success.
*
**/
-void gnutls_anon_set_params_function(gnutls_anon_server_credentials res,
- gnutls_params_function* func)
+void gnutls_anon_set_params_function(gnutls_anon_server_credentials res,
+ gnutls_params_function * func)
{
- res->params_func = func;
+ res->params_func = func;
}
@@ -540,9 +544,10 @@ void gnutls_anon_set_params_function(gnutls_anon_server_credentials res,
* Flags must be OR of the gnutls_certificate_verify_flags enumerations.
*
**/
-void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials res, unsigned int flags)
+void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials
+ res, unsigned int flags)
{
- res->verify_flags = flags;
+ res->verify_flags = flags;
}
/**
@@ -555,7 +560,9 @@ void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials res, uns
* cipher suites.
*
**/
-void gnutls_certificate_set_rsa_export_params(gnutls_certificate_credentials res, gnutls_rsa_params rsa_params)
+void
+gnutls_certificate_set_rsa_export_params(gnutls_certificate_credentials
+ res, gnutls_rsa_params rsa_params)
{
- res->rsa_params = rsa_params;
+ res->rsa_params = rsa_params;
}
diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h
index 29093fa989..29f6baa8b3 100644
--- a/lib/gnutls_ui.h
+++ b/lib/gnutls_ui.h
@@ -2,8 +2,8 @@
# define GNUTLS_UI_H
typedef enum gnutls_x509_subject_alt_name {
- GNUTLS_SAN_DNSNAME = 1, GNUTLS_SAN_RFC822NAME,
- GNUTLS_SAN_URI, GNUTLS_SAN_IPADDRESS
+ GNUTLS_SAN_DNSNAME = 1, GNUTLS_SAN_RFC822NAME,
+ GNUTLS_SAN_URI, GNUTLS_SAN_IPADDRESS
} gnutls_x509_subject_alt_name;
# ifdef LIBGNUTLS_VERSION /* These are defined only in gnutls.h */
@@ -15,35 +15,43 @@ struct gnutls_openpgp_privkey_int;
typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey;
typedef struct gnutls_retr_st {
- gnutls_certificate_type type;
- union cert {
- gnutls_x509_crt *x509;
- gnutls_openpgp_key pgp;
- } cert;
- unsigned int ncerts; /* one for pgp keys */
-
- union key {
- gnutls_x509_privkey x509;
- gnutls_openpgp_privkey pgp;
- } key;
-
- unsigned int deinit_all; /* if non zero all keys will be deinited */
+ gnutls_certificate_type type;
+ union cert {
+ gnutls_x509_crt *x509;
+ gnutls_openpgp_key pgp;
+ } cert;
+ unsigned int ncerts; /* one for pgp keys */
+
+ union key {
+ gnutls_x509_privkey x509;
+ gnutls_openpgp_privkey pgp;
+ } key;
+
+ unsigned int deinit_all; /* if non zero all keys will be deinited */
} gnutls_retr_st;
typedef int gnutls_certificate_client_retrieve_function(gnutls_session,
- const gnutls_datum* req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm* pk_algos, int pk_algos_length,
- gnutls_retr_st *);
+ const gnutls_datum
+ * req_ca_rdn,
+ int nreqs,
+ const
+ gnutls_pk_algorithm
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_retr_st *);
typedef int gnutls_certificate_server_retrieve_function(gnutls_session,
- gnutls_retr_st *);
+ gnutls_retr_st *);
/* Functions that allow auth_info_t structures handling
*/
gnutls_credentials_type gnutls_auth_get_type(gnutls_session session);
-gnutls_credentials_type gnutls_auth_server_get_type(gnutls_session session);
-gnutls_credentials_type gnutls_auth_client_get_type(gnutls_session session);
+gnutls_credentials_type gnutls_auth_server_get_type(gnutls_session
+ session);
+gnutls_credentials_type gnutls_auth_client_get_type(gnutls_session
+ session);
/* DH */
@@ -52,39 +60,49 @@ int gnutls_dh_get_secret_bits(gnutls_session);
int gnutls_dh_get_peers_public_bits(gnutls_session);
int gnutls_dh_get_prime_bits(gnutls_session);
-int gnutls_dh_get_group(gnutls_session, gnutls_datum* gen, gnutls_datum* prime);
-int gnutls_dh_get_pubkey(gnutls_session, gnutls_datum* pub);
+int gnutls_dh_get_group(gnutls_session, gnutls_datum * gen,
+ gnutls_datum * prime);
+int gnutls_dh_get_pubkey(gnutls_session, gnutls_datum * pub);
/* RSA */
-int gnutls_rsa_export_get_pubkey(gnutls_session session, gnutls_datum* exp, gnutls_datum* mod);
+int gnutls_rsa_export_get_pubkey(gnutls_session session,
+ gnutls_datum * exp, gnutls_datum * mod);
int gnutls_rsa_export_get_modulus_bits(gnutls_session session);
/* X509PKI */
/* These are set on the credentials structure.
*/
-void gnutls_certificate_client_set_retrieve_function(gnutls_certificate_client_credentials,
- gnutls_certificate_client_retrieve_function *);
-void gnutls_certificate_server_set_retrieve_function(gnutls_certificate_server_credentials,
- gnutls_certificate_server_retrieve_function *);
+void
+gnutls_certificate_client_set_retrieve_function
+(gnutls_certificate_client_credentials,
+gnutls_certificate_client_retrieve_function *);
+void
+gnutls_certificate_server_set_retrieve_function
+(gnutls_certificate_server_credentials,
+gnutls_certificate_server_retrieve_function *);
void gnutls_certificate_server_set_request(gnutls_session,
- gnutls_certificate_request);
+ gnutls_certificate_request);
/* X.509 certificate handling functions
*/
int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params,
- gnutls_x509_crt_fmt format, gnutls_datum * prime,
- gnutls_datum * generator, int *prime_bits);
+ gnutls_x509_crt_fmt format,
+ gnutls_datum * prime,
+ gnutls_datum * generator,
+ int *prime_bits);
int gnutls_pkcs3_export_dh_params(const gnutls_datum * prime,
- const gnutls_datum * generator, gnutls_x509_crt_fmt format,
- unsigned char *params_data, int *params_data_size);
+ const gnutls_datum * generator,
+ gnutls_x509_crt_fmt format,
+ unsigned char *params_data,
+ int *params_data_size);
/* get data from the session
*/
const gnutls_datum *gnutls_certificate_get_peers(gnutls_session,
- unsigned int *list_size);
+ unsigned int *list_size);
const gnutls_datum *gnutls_certificate_get_ours(gnutls_session session);
time_t gnutls_certificate_activation_time_peers(gnutls_session session);
@@ -94,15 +112,17 @@ int gnutls_certificate_client_get_request_status(gnutls_session);
int gnutls_certificate_verify_peers(gnutls_session);
int gnutls_pem_base64_encode(const char *header, const gnutls_datum * data,
- char *result, size_t * result_size);
+ char *result, size_t * result_size);
int gnutls_pem_base64_decode(const char *header,
- const gnutls_datum * b64_data,
- unsigned char *result, size_t * result_size);
+ const gnutls_datum * b64_data,
+ unsigned char *result, size_t * result_size);
int gnutls_pem_base64_encode_alloc(const char *header,
- const gnutls_datum * data, gnutls_datum * result);
+ const gnutls_datum * data,
+ gnutls_datum * result);
int gnutls_pem_base64_decode_alloc(const char *header,
- const gnutls_datum * b64_data, gnutls_datum * result);
+ const gnutls_datum * b64_data,
+ gnutls_datum * result);
/* key_usage will be an OR of the following values:
*/
@@ -121,21 +141,22 @@ int gnutls_pem_base64_decode_alloc(const char *header,
#define GNUTLS_KEY_DECIPHER_ONLY 32768
typedef struct gnutls_params_st {
- gnutls_params_type type;
- union params {
- gnutls_dh_params dh;
- gnutls_rsa_params rsa_export;
- } params;
- int deinit;
+ gnutls_params_type type;
+ union params {
+ gnutls_dh_params dh;
+ gnutls_rsa_params rsa_export;
+ } params;
+ int deinit;
} gnutls_params_st;
typedef int gnutls_params_function(gnutls_session, gnutls_params_type,
- gnutls_params_st*);
+ gnutls_params_st *);
-void gnutls_certificate_set_params_function(gnutls_certificate_credentials res,
- gnutls_params_function* func);
-void gnutls_anon_set_params_function(gnutls_certificate_credentials res,
- gnutls_params_function* func);
+void gnutls_certificate_set_params_function(gnutls_certificate_credentials
+ res,
+ gnutls_params_function * func);
+void gnutls_anon_set_params_function(gnutls_certificate_credentials res,
+ gnutls_params_function * func);
diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c
index 7e19848582..0cda405a00 100644
--- a/lib/gnutls_v2_compat.c
+++ b/lib/gnutls_v2_compat.c
@@ -41,38 +41,40 @@
#include "gnutls_auth_int.h"
/* This selects the best supported ciphersuite from the ones provided */
-static int _gnutls_handshake_select_v2_suite(gnutls_session session, opaque *data, int datalen)
+static int _gnutls_handshake_select_v2_suite(gnutls_session session,
+ opaque * data, int datalen)
{
- int i, j, ret;
- opaque* _data;
- int _datalen;
-
- _gnutls_handshake_log( "HSK[%x]: Parsing a version 2.0 client hello.\n", session);
-
- _data = gnutls_malloc( datalen);
- if (_data==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ int i, j, ret;
+ opaque *_data;
+ int _datalen;
+
+ _gnutls_handshake_log("HSK[%x]: Parsing a version 2.0 client hello.\n",
+ session);
+
+ _data = gnutls_malloc(datalen);
+ if (_data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (datalen % 3 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ i = _datalen = 0;
+ for (j = 0; j < datalen; j += 3) {
+ if (data[j] == 0) {
+ memcpy(&_data[i], &data[j + 1], 2);
+ i += 2;
+ _datalen += 2;
}
+ }
- if (datalen % 3 != 0) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- i = _datalen = 0;
- for (j = 0; j < datalen; j += 3) {
- if (data[j] == 0) {
- memcpy( &_data[i], &data[j+1], 2);
- i+=2;
- _datalen+=2;
- }
- }
+ ret = _gnutls_server_select_suite(session, _data, _datalen);
+ gnutls_free(_data);
- ret = _gnutls_server_select_suite( session, _data, _datalen);
- gnutls_free(_data);
-
- return ret;
+ return ret;
}
@@ -81,152 +83,162 @@ static int _gnutls_handshake_select_v2_suite(gnutls_session session, opaque *dat
* However they set their version to 3.0 or 3.1.
*/
int _gnutls_read_client_hello_v2(gnutls_session session, opaque * data,
- int datalen)
+ int datalen)
{
- uint16 session_id_len = 0;
- int pos = 0;
- int ret = 0;
- uint16 sizeOfSuites;
- gnutls_protocol_version version;
- opaque random[TLS_RANDOM_SIZE];
- int len = datalen;
- int err;
- uint16 challenge;
- opaque session_id[TLS_MAX_SESSION_ID_SIZE];
- gnutls_protocol_version ver;
-
- /* we only want to get here once - only in client hello */
- session->internals.v2_hello = 0;
-
- DECR_LEN(len, 2);
-
- _gnutls_handshake_log( "HSK[%x]: SSL 2.0 Hello: Client's version: %d.%d\n",
- session, data[pos], data[pos + 1]);
-
- set_adv_version( session, data[pos], data[pos+1]);
-
- version = _gnutls_version_get(data[pos], data[pos + 1]);
-
- /* if we do not support that version
- */
- if (_gnutls_version_is_supported(session, version) == 0) {
- ver = _gnutls_version_lowest( session);
- } else {
- ver = version;
- }
-
- _gnutls_set_current_version(session, ver);
-
- pos += 2;
-
-
- /* Read uint16 cipher_spec_length */
- DECR_LEN(len, 2);
- sizeOfSuites = _gnutls_read_uint16( &data[pos]);
- pos += 2;
-
- /* read session id length */
- DECR_LEN(len, 2);
- session_id_len = _gnutls_read_uint16( &data[pos]);
- pos += 2;
+ uint16 session_id_len = 0;
+ int pos = 0;
+ int ret = 0;
+ uint16 sizeOfSuites;
+ gnutls_protocol_version version;
+ opaque random[TLS_RANDOM_SIZE];
+ int len = datalen;
+ int err;
+ uint16 challenge;
+ opaque session_id[TLS_MAX_SESSION_ID_SIZE];
+ gnutls_protocol_version ver;
+
+ /* we only want to get here once - only in client hello */
+ session->internals.v2_hello = 0;
+
+ DECR_LEN(len, 2);
+
+ _gnutls_handshake_log
+ ("HSK[%x]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
+ data[pos], data[pos + 1]);
+
+ set_adv_version(session, data[pos], data[pos + 1]);
+
+ version = _gnutls_version_get(data[pos], data[pos + 1]);
+
+ /* if we do not support that version
+ */
+ if (_gnutls_version_is_supported(session, version) == 0) {
+ ver = _gnutls_version_lowest(session);
+ } else {
+ ver = version;
+ }
+
+ _gnutls_set_current_version(session, ver);
+
+ pos += 2;
+
+
+ /* Read uint16 cipher_spec_length */
+ DECR_LEN(len, 2);
+ sizeOfSuites = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ /* read session id length */
+ DECR_LEN(len, 2);
+ session_id_len = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ if (session_id_len > TLS_MAX_SESSION_ID_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ /* read challenge length */
+ DECR_LEN(len, 2);
+ challenge = _gnutls_read_uint16(&data[pos]);
+ pos += 2;
+
+ if (challenge < 16 || challenge > TLS_RANDOM_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+
+ /* find an appropriate cipher suite */
+
+ DECR_LEN(len, sizeOfSuites);
+ ret =
+ _gnutls_handshake_select_v2_suite(session, &data[pos],
+ sizeOfSuites);
+
+ pos += sizeOfSuites;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (session_id_len > TLS_MAX_SESSION_ID_SIZE) {
- gnutls_assert();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
+ /* check if the credentials (username, public key etc.) are ok
+ */
+ if (_gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo(&session->security_parameters.
+ current_cipher_suite),
+ &err) == NULL && err != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
- /* read challenge length */
- DECR_LEN(len, 2);
- challenge = _gnutls_read_uint16( &data[pos]);
- pos += 2;
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.
+ current_cipher_suite));
+ if (session->internals.auth_struct == NULL) {
- if ( challenge < 16 || challenge > TLS_RANDOM_SIZE) {
- gnutls_assert();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
- }
+ _gnutls_handshake_log
+ ("HSK[%x]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
- /* find an appropriate cipher suite */
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- DECR_LEN(len, sizeOfSuites);
- ret = _gnutls_handshake_select_v2_suite(session, &data[pos], sizeOfSuites);
- pos += sizeOfSuites;
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- /* check if the credentials (username, public key etc.) are ok
- */
- if (_gnutls_get_kx_cred( session, _gnutls_cipher_suite_get_kx_algo(
- &session->security_parameters.current_cipher_suite), &err) == NULL && err != 0) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ /* read random new values -skip session id for now */
+ DECR_LEN(len, session_id_len); /* skip session id for now */
+ memcpy(session_id, &data[pos], session_id_len);
+ pos += session_id_len;
- /* set the mod_auth_st to the appropriate struct
- * according to the KX algorithm. This is needed since all the
- * handshake functions are read from there;
- */
- session->internals.auth_struct =
- _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo
- (&session->security_parameters.
- current_cipher_suite));
- if (session->internals.auth_struct == NULL) {
-
- _gnutls_handshake_log(
- "HSK[%x]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
- session);
-
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ DECR_LEN(len, challenge);
+ memset(random, 0, TLS_RANDOM_SIZE);
-
+ memcpy(&random[TLS_RANDOM_SIZE - challenge], &data[pos], challenge);
- /* read random new values -skip session id for now */
- DECR_LEN(len, session_id_len); /* skip session id for now */
- memcpy( session_id, &data[pos], session_id_len);
- pos += session_id_len;
-
- DECR_LEN(len, challenge);
- memset( random, 0, TLS_RANDOM_SIZE);
-
- memcpy( &random[TLS_RANDOM_SIZE-challenge], &data[pos], challenge);
+ _gnutls_set_client_random(session, random);
- _gnutls_set_client_random( session, random);
+ /* generate server random value */
- /* generate server random value */
+ _gnutls_tls_create_random(random);
+ _gnutls_set_server_random(session, random);
- _gnutls_tls_create_random( random);
- _gnutls_set_server_random( session, random);
-
- session->security_parameters.timestamp = time(NULL);
+ session->security_parameters.timestamp = time(NULL);
- /* RESUME SESSION */
+ /* RESUME SESSION */
- DECR_LEN(len, session_id_len);
- ret = _gnutls_server_restore_session(session, session_id, session_id_len);
+ DECR_LEN(len, session_id_len);
+ ret =
+ _gnutls_server_restore_session(session, session_id,
+ session_id_len);
- if (ret == 0) { /* resumed! */
- /* get the new random values */
- memcpy(session->internals.resumed_security_parameters.server_random,
- session->security_parameters.server_random, TLS_RANDOM_SIZE);
- memcpy(session->internals.resumed_security_parameters.client_random,
- session->security_parameters.client_random, TLS_RANDOM_SIZE);
+ if (ret == 0) { /* resumed! */
+ /* get the new random values */
+ memcpy(session->internals.resumed_security_parameters.
+ server_random, session->security_parameters.server_random,
+ TLS_RANDOM_SIZE);
+ memcpy(session->internals.resumed_security_parameters.
+ client_random, session->security_parameters.client_random,
+ TLS_RANDOM_SIZE);
- session->internals.resumed = RESUME_TRUE;
- return 0;
- } else {
- _gnutls_generate_session_id(session->security_parameters.
- session_id,
- &session->security_parameters.
- session_id_size);
- session->internals.resumed = RESUME_FALSE;
- }
+ session->internals.resumed = RESUME_TRUE;
+ return 0;
+ } else {
+ _gnutls_generate_session_id(session->security_parameters.
+ session_id,
+ &session->security_parameters.
+ session_id_size);
+ session->internals.resumed = RESUME_FALSE;
+ }
- session->internals.compression_method = GNUTLS_COMP_NULL;
+ session->internals.compression_method = GNUTLS_COMP_NULL;
- return 0;
+ return 0;
}
diff --git a/lib/gnutls_v2_compat.h b/lib/gnutls_v2_compat.h
index 77297cac3d..ce935d5782 100644
--- a/lib/gnutls_v2_compat.h
+++ b/lib/gnutls_v2_compat.h
@@ -1 +1,2 @@
-int _gnutls_read_client_hello_v2(gnutls_session session, opaque * data, int datalen);
+int _gnutls_read_client_hello_v2(gnutls_session session, opaque * data,
+ int datalen);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 705b56a230..6e6ca037c5 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -71,78 +71,79 @@
-*/
int _gnutls_x509_cert_verify_peers(gnutls_session session)
{
- cert_auth_info_t info;
- const gnutls_certificate_credentials cred;
- unsigned int verify;
- gnutls_x509_crt *peer_certificate_list;
- int peer_certificate_list_size, i, x, ret;
-
- CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info(session);
- if (info == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL) {
- gnutls_assert();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- /* generate a list of gnutls_certs based on the auth info
- * raw certs.
- */
- peer_certificate_list_size = info->ncerts;
- peer_certificate_list =
- gnutls_calloc(1,
- peer_certificate_list_size *
- sizeof(gnutls_x509_crt));
- if (peer_certificate_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ cert_auth_info_t info;
+ const gnutls_certificate_credentials cred;
+ unsigned int verify;
+ gnutls_x509_crt *peer_certificate_list;
+ int peer_certificate_list_size, i, x, ret;
+
+ CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info(session);
+ if (info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ /* generate a list of gnutls_certs based on the auth info
+ * raw certs.
+ */
+ peer_certificate_list_size = info->ncerts;
+ peer_certificate_list =
+ gnutls_calloc(1,
+ peer_certificate_list_size *
+ sizeof(gnutls_x509_crt));
+ if (peer_certificate_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < peer_certificate_list_size; i++) {
+ ret = gnutls_x509_crt_init(&peer_certificate_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ CLEAR_CERTS;
+ return ret;
}
- for (i = 0; i < peer_certificate_list_size; i++) {
- ret = gnutls_x509_crt_init( &peer_certificate_list[i]);
- if (ret < 0) {
- gnutls_assert();
- CLEAR_CERTS;
- return ret;
- }
-
- ret =
- gnutls_x509_crt_import(peer_certificate_list[i],
- &info->
- raw_certificate_list[i], GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- gnutls_assert();
- CLEAR_CERTS;
- return ret;
- }
+ ret =
+ gnutls_x509_crt_import(peer_certificate_list[i],
+ &info->
+ raw_certificate_list[i],
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ CLEAR_CERTS;
+ return ret;
}
+ }
- /* Verify certificate
- */
- ret =
- gnutls_x509_crt_list_verify(peer_certificate_list,
- peer_certificate_list_size,
- cred->x509_ca_list, cred->x509_ncas,
- cred->x509_crl_list, cred->x509_ncrls,
- cred->verify_flags, &verify);
+ /* Verify certificate
+ */
+ ret =
+ gnutls_x509_crt_list_verify(peer_certificate_list,
+ peer_certificate_list_size,
+ cred->x509_ca_list, cred->x509_ncas,
+ cred->x509_crl_list, cred->x509_ncrls,
+ cred->verify_flags, &verify);
- CLEAR_CERTS;
+ CLEAR_CERTS;
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return verify;
+ return verify;
}
/*
@@ -152,118 +153,123 @@ int _gnutls_x509_cert_verify_peers(gnutls_session session)
/* returns error if the certificate has different algorithm than
* the given key parameters.
*/
-static int _gnutls_check_key_cert_match( gnutls_certificate_credentials res)
+static int _gnutls_check_key_cert_match(gnutls_certificate_credentials res)
{
-gnutls_datum cid;
-gnutls_datum kid;
-uint pk = res->cert_list[res->ncerts-1][0].subject_pk_algorithm;
-
- if (res->pkey[res->ncerts-1].pk_algorithm != pk)
- {
- gnutls_assert();
- return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
- }
-
- if (pk == GNUTLS_PK_RSA) {
- _gnutls_x509_write_rsa_params( res->pkey[res->ncerts-1].params,
- res->pkey[res->ncerts-1].params_size, &kid);
-
-
- _gnutls_x509_write_rsa_params( res->cert_list[res->ncerts-1][0].params,
- res->cert_list[res->ncerts-1][0].params_size, &cid);
- } else if ( pk == GNUTLS_PK_DSA) {
-
- _gnutls_x509_write_dsa_params( res->pkey[res->ncerts-1].params,
- res->pkey[res->ncerts-1].params_size, &kid);
-
- _gnutls_x509_write_dsa_params( res->cert_list[res->ncerts-1][0].params,
- res->cert_list[res->ncerts-1][0].params_size, &cid);
- }
-
- if (cid.size != kid.size) {
- gnutls_assert();
- _gnutls_free_datum( &kid);
- _gnutls_free_datum( &cid);
- return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
- }
-
- if (memcmp( kid.data, cid.data, kid.size) != 0) {
- gnutls_assert();
- _gnutls_free_datum( &kid);
- _gnutls_free_datum( &cid);
- return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
- }
-
- _gnutls_free_datum( &kid);
- _gnutls_free_datum( &cid);
- return 0;
+ gnutls_datum cid;
+ gnutls_datum kid;
+ uint pk = res->cert_list[res->ncerts - 1][0].subject_pk_algorithm;
+
+ if (res->pkey[res->ncerts - 1].pk_algorithm != pk) {
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
+ }
+
+ if (pk == GNUTLS_PK_RSA) {
+ _gnutls_x509_write_rsa_params(res->pkey[res->ncerts - 1].params,
+ res->pkey[res->ncerts -
+ 1].params_size, &kid);
+
+
+ _gnutls_x509_write_rsa_params(res->cert_list[res->ncerts - 1][0].
+ params,
+ res->cert_list[res->ncerts -
+ 1][0].params_size,
+ &cid);
+ } else if (pk == GNUTLS_PK_DSA) {
+
+ _gnutls_x509_write_dsa_params(res->pkey[res->ncerts - 1].params,
+ res->pkey[res->ncerts -
+ 1].params_size, &kid);
+
+ _gnutls_x509_write_dsa_params(res->cert_list[res->ncerts - 1][0].
+ params,
+ res->cert_list[res->ncerts -
+ 1][0].params_size,
+ &cid);
+ }
+
+ if (cid.size != kid.size) {
+ gnutls_assert();
+ _gnutls_free_datum(&kid);
+ _gnutls_free_datum(&cid);
+ return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
+ }
+
+ if (memcmp(kid.data, cid.data, kid.size) != 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&kid);
+ _gnutls_free_datum(&cid);
+ return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
+ }
+
+ _gnutls_free_datum(&kid);
+ _gnutls_free_datum(&cid);
+ return 0;
}
/* Reads a DER encoded certificate list from memory and stores it to
* a gnutls_cert structure. This is only called if PKCS7 read fails.
* returns the number of certificates parsed (1)
*/
-static int parse_crt_mem( gnutls_cert** cert_list, uint* ncerts,
- gnutls_x509_crt cert)
+static int parse_crt_mem(gnutls_cert ** cert_list, uint * ncerts,
+ gnutls_x509_crt cert)
{
- int i;
- int ret;
+ int i;
+ int ret;
- i = *ncerts + 1;
+ i = *ncerts + 1;
- *cert_list =
- (gnutls_cert *) gnutls_realloc_fast( *cert_list,
- i *
- sizeof(gnutls_cert));
+ *cert_list =
+ (gnutls_cert *) gnutls_realloc_fast(*cert_list,
+ i * sizeof(gnutls_cert));
- if ( *cert_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (*cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ret = _gnutls_x509_crt_to_gcert(
- &cert_list[0][i-1], cert, 0);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- *ncerts = i;
+ ret = _gnutls_x509_crt_to_gcert(&cert_list[0][i - 1], cert, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 1; /* one certificate parsed */
+ *ncerts = i;
+
+ return 1; /* one certificate parsed */
}
/* Reads a DER encoded certificate list from memory and stores it to
* a gnutls_cert structure. This is only called if PKCS7 read fails.
* returns the number of certificates parsed (1)
*/
-static int parse_der_cert_mem( gnutls_cert** cert_list, uint* ncerts,
- const void *input_cert, int input_cert_size)
+static int parse_der_cert_mem(gnutls_cert ** cert_list, uint * ncerts,
+ const void *input_cert, int input_cert_size)
{
- gnutls_datum tmp;
- gnutls_x509_crt cert;
- int ret;
-
- ret = gnutls_x509_crt_init( &cert);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
+ gnutls_datum tmp;
+ gnutls_x509_crt cert;
+ int ret;
- tmp.data = (opaque*)input_cert;
- tmp.size = input_cert_size;
+ ret = gnutls_x509_crt_init(&cert);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_x509_crt_import( cert, &tmp, GNUTLS_X509_FMT_DER);
- if ( ret < 0) {
- gnutls_assert();
- gnutls_x509_crt_deinit( cert);
- return ret;
- }
+ tmp.data = (opaque *) input_cert;
+ tmp.size = input_cert_size;
- ret = parse_crt_mem( cert_list, ncerts, cert);
- gnutls_x509_crt_deinit( cert);
-
+ ret = gnutls_x509_crt_import(cert, &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_crt_deinit(cert);
return ret;
+ }
+
+ ret = parse_crt_mem(cert_list, ncerts, cert);
+ gnutls_x509_crt_deinit(cert);
+
+ return ret;
}
#define CERT_PEM 1
@@ -273,350 +279,369 @@ static int parse_der_cert_mem( gnutls_cert** cert_list, uint* ncerts,
* a gnutls_cert structure.
* returns the number of certificate parsed
*/
-static int parse_pkcs7_cert_mem( gnutls_cert** cert_list, uint* ncerts, const
- void *input_cert, int input_cert_size, int flags)
+static int parse_pkcs7_cert_mem(gnutls_cert ** cert_list, uint * ncerts, const
+ void *input_cert, int input_cert_size,
+ int flags)
{
#ifdef ENABLE_PKI
- int i, j, count;
- gnutls_datum tmp, tmp2;
- int ret;
- opaque *pcert = NULL;
- size_t pcert_size;
- gnutls_pkcs7 pkcs7;
-
- ret = gnutls_pkcs7_init( &pkcs7);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- if (flags & CERT_PEM)
- ret = gnutls_pkcs7_import( pkcs7, &tmp, GNUTLS_X509_FMT_PEM);
- else
- ret = gnutls_pkcs7_import( pkcs7, &tmp, GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- /* if we failed to read the structure,
- * then just try to decode a plain DER
- * certificate.
- */
- gnutls_assert();
- gnutls_pkcs7_deinit(pkcs7);
+ int i, j, count;
+ gnutls_datum tmp, tmp2;
+ int ret;
+ opaque *pcert = NULL;
+ size_t pcert_size;
+ gnutls_pkcs7 pkcs7;
+
+ ret = gnutls_pkcs7_init(&pkcs7);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (flags & CERT_PEM)
+ ret = gnutls_pkcs7_import(pkcs7, &tmp, GNUTLS_X509_FMT_PEM);
+ else
+ ret = gnutls_pkcs7_import(pkcs7, &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ /* if we failed to read the structure,
+ * then just try to decode a plain DER
+ * certificate.
+ */
+ gnutls_assert();
+ gnutls_pkcs7_deinit(pkcs7);
#endif
- return parse_der_cert_mem( cert_list, ncerts,
- input_cert, input_cert_size);
+ return parse_der_cert_mem(cert_list, ncerts,
+ input_cert, input_cert_size);
#ifdef ENABLE_PKI
+ }
+
+ i = *ncerts + 1;
+
+ /* tmp now contains the decoded certificate list */
+ tmp.data = (opaque *) input_cert;
+ tmp.size = input_cert_size;
+
+ ret = gnutls_pkcs7_get_crt_count(pkcs7);
+
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_pkcs7_deinit(pkcs7);
+ return ret;
+ }
+ count = ret;
+
+ j = count - 1;
+ do {
+ pcert_size = 0;
+ ret = gnutls_pkcs7_get_crt_raw(pkcs7, j, NULL, &pcert_size);
+ if (ret != GNUTLS_E_MEMORY_ERROR) {
+ count--;
+ continue;
+ }
+
+ pcert = gnutls_malloc(pcert_size);
+ if (ret == GNUTLS_E_MEMORY_ERROR) {
+ gnutls_assert();
+ count--;
+ continue;
}
- i = *ncerts + 1;
+ /* read the certificate
+ */
+ ret = gnutls_pkcs7_get_crt_raw(pkcs7, j, pcert, &pcert_size);
- /* tmp now contains the decoded certificate list */
- tmp.data = (opaque*)input_cert;
- tmp.size = input_cert_size;
+ j--;
- ret = gnutls_pkcs7_get_crt_count( pkcs7);
+ if (ret >= 0) {
+ *cert_list =
+ (gnutls_cert *) gnutls_realloc_fast(*cert_list,
+ i *
+ sizeof(gnutls_cert));
- if (ret < 0) {
+ if (*cert_list == NULL) {
+ gnutls_assert();
+ gnutls_free(pcert);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ tmp2.data = pcert;
+ tmp2.size = pcert_size;
+
+ ret =
+ _gnutls_x509_raw_cert_to_gcert(&cert_list[0][i - 1], &tmp2,
+ 0);
+
+ if (ret < 0) {
gnutls_assert();
gnutls_pkcs7_deinit(pkcs7);
+ gnutls_free(pcert);
return ret;
+ }
+
+ i++;
}
- count = ret;
-
- j = count - 1;
- do {
- pcert_size = 0;
- ret = gnutls_pkcs7_get_crt_raw( pkcs7, j, NULL, &pcert_size);
- if (ret!=GNUTLS_E_MEMORY_ERROR) {
- count--;
- continue;
- }
-
- pcert = gnutls_malloc( pcert_size);
- if (ret==GNUTLS_E_MEMORY_ERROR) {
- gnutls_assert();
- count--;
- continue;
- }
- /* read the certificate
- */
- ret = gnutls_pkcs7_get_crt_raw( pkcs7, j, pcert, &pcert_size);
-
- j--;
-
- if (ret >= 0) {
- *cert_list =
- (gnutls_cert *) gnutls_realloc_fast( *cert_list,
- i * sizeof(gnutls_cert));
-
- if ( *cert_list == NULL) {
- gnutls_assert();
- gnutls_free( pcert);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- tmp2.data = pcert;
- tmp2.size = pcert_size;
-
- ret = _gnutls_x509_raw_cert_to_gcert(
- &cert_list[0][i - 1], &tmp2, 0);
-
- if ( ret < 0) {
- gnutls_assert();
- gnutls_pkcs7_deinit(pkcs7);
- gnutls_free( pcert);
- return ret;
- }
-
- i++;
- }
-
- gnutls_free( pcert);
+ gnutls_free(pcert);
- } while (ret >= 0 && j >= 0);
+ } while (ret >= 0 && j >= 0);
- *ncerts = i - 1;
+ *ncerts = i - 1;
- gnutls_pkcs7_deinit(pkcs7);
- return count;
+ gnutls_pkcs7_deinit(pkcs7);
+ return count;
#endif
}
/* Reads a base64 encoded certificate list from memory and stores it to
* a gnutls_cert structure. Returns the number of certificate parsed.
*/
-static int parse_pem_cert_mem( gnutls_cert** cert_list, uint* ncerts,
- const char *input_cert, int input_cert_size)
+static int parse_pem_cert_mem(gnutls_cert ** cert_list, uint * ncerts,
+ const char *input_cert, int input_cert_size)
{
- int size, siz2, i;
- const char *ptr;
- opaque *ptr2;
- gnutls_datum tmp;
- int ret, count;
+ int size, siz2, i;
+ const char *ptr;
+ opaque *ptr2;
+ gnutls_datum tmp;
+ int ret, count;
#ifdef ENABLE_PKI
- if ( (ptr = strnstr( input_cert, PEM_PKCS7_SEP, input_cert_size)) != NULL)
- {
- size = strlen( ptr);
+ if ((ptr =
+ strnstr(input_cert, PEM_PKCS7_SEP, input_cert_size)) != NULL) {
+ size = strlen(ptr);
- ret = parse_pkcs7_cert_mem( cert_list, ncerts, ptr,
- size, CERT_PEM);
+ ret = parse_pkcs7_cert_mem(cert_list, ncerts, ptr, size, CERT_PEM);
- return ret;
- }
+ return ret;
+ }
#endif
- /* move to the certificate
- */
- ptr = strnstr( input_cert, PEM_CERT_SEP, input_cert_size);
- if (ptr == NULL) ptr = strnstr( input_cert, PEM_CERT_SEP2, input_cert_size);
+ /* move to the certificate
+ */
+ ptr = strnstr(input_cert, PEM_CERT_SEP, input_cert_size);
+ if (ptr == NULL)
+ ptr = strnstr(input_cert, PEM_CERT_SEP2, input_cert_size);
- if (ptr == NULL) {
- gnutls_assert();
- return GNUTLS_E_BASE64_DECODING_ERROR;
+ if (ptr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ size = input_cert_size - (ptr - input_cert);
+
+ i = *ncerts + 1;
+ count = 0;
+
+ do {
+
+ siz2 = _gnutls_fbase64_decode(NULL, ptr, size, &ptr2);
+
+ if (siz2 < 0) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
}
- size = input_cert_size - (ptr - input_cert);
- i = *ncerts + 1;
- count = 0;
+ *cert_list =
+ (gnutls_cert *) gnutls_realloc_fast(*cert_list,
+ i * sizeof(gnutls_cert));
- do {
+ if (*cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- siz2 = _gnutls_fbase64_decode(NULL, ptr, size, &ptr2);
+ tmp.data = ptr2;
+ tmp.size = siz2;
- if (siz2 < 0) {
- gnutls_assert();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
+ ret =
+ _gnutls_x509_raw_cert_to_gcert(&cert_list[0][i - 1], &tmp, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- *cert_list =
- (gnutls_cert *) gnutls_realloc_fast( *cert_list,
- i *
- sizeof(gnutls_cert));
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+ size = input_cert_size - (ptr - input_cert);
- if ( *cert_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (size > 0) {
+ char *ptr2;
- tmp.data = ptr2;
- tmp.size = siz2;
+ ptr2 = strnstr(ptr, PEM_CERT_SEP, size);
+ if (ptr2 == NULL)
+ ptr2 = strnstr(ptr, PEM_CERT_SEP2, size);
- ret = _gnutls_x509_raw_cert_to_gcert(
- &cert_list[0][i - 1], &tmp, 0);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* now we move ptr after the pem header
- */
- ptr++;
- /* find the next certificate (if any)
- */
- size = input_cert_size - (ptr - input_cert);
-
- if (size > 0) {
- char* ptr2;
-
- ptr2 = strnstr(ptr, PEM_CERT_SEP, size);
- if (ptr2 == NULL) ptr2 = strnstr( ptr, PEM_CERT_SEP2, size);
-
- ptr = ptr2;
- } else ptr = NULL;
+ ptr = ptr2;
+ } else
+ ptr = NULL;
- i++;
- count++;
+ i++;
+ count++;
- } while ( ptr != NULL);
+ } while (ptr != NULL);
- *ncerts = i - 1;
+ *ncerts = i - 1;
- return count;
+ return count;
}
/* Reads a DER or PEM certificate from memory
*/
-static
-int read_cert_mem(gnutls_certificate_credentials res, const void *cert, int cert_size,
- gnutls_x509_crt_fmt type)
+static
+int read_cert_mem(gnutls_certificate_credentials res, const void *cert,
+ int cert_size, gnutls_x509_crt_fmt type)
{
- int ret;
-
- /* allocate space for the certificate to add
- */
- res->cert_list = gnutls_realloc_fast( res->cert_list,
- (1+ res->ncerts)*sizeof(gnutls_cert*));
- if ( res->cert_list==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- res->cert_list_length = gnutls_realloc_fast( res->cert_list_length,
- (1+ res->ncerts)*sizeof(int));
- if (res->cert_list_length==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- res->cert_list[res->ncerts] = NULL; /* for realloc */
- res->cert_list_length[res->ncerts] = 0;
-
- if (type==GNUTLS_X509_FMT_DER)
- ret = parse_pkcs7_cert_mem( &res->cert_list[res->ncerts],
- &res->cert_list_length[res->ncerts], cert, cert_size, 0);
- else
- ret = parse_pem_cert_mem( &res->cert_list[res->ncerts], &res->cert_list_length[res->ncerts],
- cert, cert_size);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret;
+
+ /* allocate space for the certificate to add
+ */
+ res->cert_list = gnutls_realloc_fast(res->cert_list,
+ (1 +
+ res->ncerts) *
+ sizeof(gnutls_cert *));
+ if (res->cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ res->cert_list_length = gnutls_realloc_fast(res->cert_list_length,
+ (1 +
+ res->ncerts) *
+ sizeof(int));
+ if (res->cert_list_length == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ res->cert_list[res->ncerts] = NULL; /* for realloc */
+ res->cert_list_length[res->ncerts] = 0;
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_pkcs7_cert_mem(&res->cert_list[res->ncerts],
+ &res->cert_list_length[res->ncerts],
+ cert, cert_size, 0);
+ else
+ ret =
+ parse_pem_cert_mem(&res->cert_list[res->ncerts],
+ &res->cert_list_length[res->ncerts], cert,
+ cert_size);
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ return ret;
}
-int _gnutls_x509_privkey_to_gkey( gnutls_privkey* dest, gnutls_x509_privkey src)
+int _gnutls_x509_privkey_to_gkey(gnutls_privkey * dest,
+ gnutls_x509_privkey src)
{
-int i, ret;
+ int i, ret;
- memset( dest, 0, sizeof(gnutls_privkey));
+ memset(dest, 0, sizeof(gnutls_privkey));
- for(i=0;i<src->params_size;i++) {
- dest->params[i] = _gnutls_mpi_copy( src->params[i]);
- if (dest->params[i] == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
+ for (i = 0; i < src->params_size; i++) {
+ dest->params[i] = _gnutls_mpi_copy(src->params[i]);
+ if (dest->params[i] == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
}
+ }
- dest->pk_algorithm = src->pk_algorithm;
- dest->params_size = src->params_size;
+ dest->pk_algorithm = src->pk_algorithm;
+ dest->params_size = src->params_size;
- return 0;
+ return 0;
- cleanup:
-
- for (i=0;i<src->params_size;i++) {
- _gnutls_mpi_release( &dest->params[i]);
- }
- return ret;
+ cleanup:
+
+ for (i = 0; i < src->params_size; i++) {
+ _gnutls_mpi_release(&dest->params[i]);
+ }
+ return ret;
}
-void _gnutls_gkey_deinit(gnutls_privkey *key)
+void _gnutls_gkey_deinit(gnutls_privkey * key)
{
-int i;
- if (key == NULL) return;
+ int i;
+ if (key == NULL)
+ return;
- for (i = 0; i < key->params_size; i++) {
- _gnutls_mpi_release( &key->params[i]);
- }
+ for (i = 0; i < key->params_size; i++) {
+ _gnutls_mpi_release(&key->params[i]);
+ }
}
-int _gnutls_x509_raw_privkey_to_gkey( gnutls_privkey* privkey, const gnutls_datum* raw_key,
- gnutls_x509_crt_fmt type)
+int _gnutls_x509_raw_privkey_to_gkey(gnutls_privkey * privkey,
+ const gnutls_datum * raw_key,
+ gnutls_x509_crt_fmt type)
{
-gnutls_x509_privkey tmpkey;
-int ret;
+ gnutls_x509_privkey tmpkey;
+ int ret;
- ret = gnutls_x509_privkey_init( &tmpkey);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = gnutls_x509_privkey_init(&tmpkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_x509_privkey_import( tmpkey, raw_key, type);
- if (ret < 0) {
- gnutls_assert();
- gnutls_x509_privkey_deinit( tmpkey);
- return ret;
- }
+ ret = gnutls_x509_privkey_import(tmpkey, raw_key, type);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_privkey_deinit(tmpkey);
+ return ret;
+ }
- ret = _gnutls_x509_privkey_to_gkey( privkey, tmpkey);
- if (ret < 0) {
- gnutls_assert();
- gnutls_x509_privkey_deinit( tmpkey);
- return ret;
- }
+ ret = _gnutls_x509_privkey_to_gkey(privkey, tmpkey);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_x509_privkey_deinit(tmpkey);
+ return ret;
+ }
+
+ gnutls_x509_privkey_deinit(tmpkey);
- gnutls_x509_privkey_deinit( tmpkey);
-
- return 0;
+ return 0;
}
/* Reads a PEM encoded PKCS-1 RSA private key from memory
* 2002-01-26: Added ability to read DSA keys.
* type indicates the certificate format.
*/
-static int read_key_mem(gnutls_certificate_credentials res, const void *key, int key_size,
- gnutls_x509_crt_fmt type)
+static int read_key_mem(gnutls_certificate_credentials res,
+ const void *key, int key_size,
+ gnutls_x509_crt_fmt type)
{
- int ret;
- gnutls_datum tmp;
-
- /* allocate space for the pkey list
- */
- res->pkey = gnutls_realloc_fast( res->pkey, (res->ncerts+1)*sizeof(gnutls_privkey));
- if (res->pkey==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- tmp.data = (opaque*)key;
- tmp.size = key_size;
-
- ret = _gnutls_x509_raw_privkey_to_gkey( &res->pkey[res->ncerts], &tmp, type);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret;
+ gnutls_datum tmp;
+
+ /* allocate space for the pkey list
+ */
+ res->pkey =
+ gnutls_realloc_fast(res->pkey,
+ (res->ncerts + 1) * sizeof(gnutls_privkey));
+ if (res->pkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ tmp.data = (opaque *) key;
+ tmp.size = key_size;
+
+ ret =
+ _gnutls_x509_raw_privkey_to_gkey(&res->pkey[res->ncerts], &tmp,
+ type);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/* Opens a file reads its contents and stores it
@@ -634,113 +659,115 @@ static int read_key_mem(gnutls_certificate_credentials res, const void *key, int
#include <strfile.h>
-void _gnutls_strfile_free( strfile *x)
+void _gnutls_strfile_free(strfile * x)
{
#ifdef HAVE_MMAP
- if (x->mmaped) {
- munmap( x->data, x->size);
- return;
- }
+ if (x->mmaped) {
+ munmap(x->data, x->size);
+ return;
+ }
#endif
- gnutls_free( x->data);
- x->data = NULL;
+ gnutls_free(x->data);
+ x->data = NULL;
}
-strfile _gnutls_file_to_str( const char * file)
+strfile _gnutls_file_to_str(const char *file)
{
- int fd1 = -1;
- struct stat stat_st;
- size_t tot_size;
- size_t left;
- opaque* tmp;
- ssize_t i = 0;
- strfile null = { NULL, 0, 0 };
- strfile ret = { NULL, 0, 0 };
-
- fd1 = open( file, 0);
- if (fd1==-1) {
- gnutls_assert();
- return null;
- }
-
- if (fstat( fd1, &stat_st) == -1) {
- gnutls_assert();
- goto error;
- }
-
- tot_size = stat_st.st_size;
- if (tot_size == 0) {
- gnutls_assert();
- goto error;
- }
-
+ int fd1 = -1;
+ struct stat stat_st;
+ size_t tot_size;
+ size_t left;
+ opaque *tmp;
+ ssize_t i = 0;
+ strfile null = { NULL, 0, 0 };
+ strfile ret = { NULL, 0, 0 };
+
+ fd1 = open(file, 0);
+ if (fd1 == -1) {
+ gnutls_assert();
+ return null;
+ }
+
+ if (fstat(fd1, &stat_st) == -1) {
+ gnutls_assert();
+ goto error;
+ }
+
+ tot_size = stat_st.st_size;
+ if (tot_size == 0) {
+ gnutls_assert();
+ goto error;
+ }
#ifdef HAVE_MMAP
- if ((tmp=mmap( NULL, tot_size, PROT_READ, MAP_SHARED, fd1, 0)) != MAP_FAILED) {
- ret.mmaped = 1;
- ret.data = tmp;
- ret.size = tot_size;
-
- close(fd1);
- return ret;
- }
+ if ((tmp =
+ mmap(NULL, tot_size, PROT_READ, MAP_SHARED, fd1,
+ 0)) != MAP_FAILED) {
+ ret.mmaped = 1;
+ ret.data = tmp;
+ ret.size = tot_size;
+
+ close(fd1);
+ return ret;
+ }
#endif
- ret.data = gnutls_malloc( tot_size);
- if (ret.data == NULL) {
+ ret.data = gnutls_malloc(tot_size);
+ if (ret.data == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ left = tot_size;
+ while (left > 0) {
+ i = read(fd1, &ret.data[tot_size - left], left);
+ if (i == -1) {
+ if (errno == EAGAIN || errno == EINTR)
+ continue;
+ else {
gnutls_assert();
goto error;
- }
-
- left = tot_size;
- while (left > 0) {
- i = read( fd1, &ret.data[tot_size - left], left);
- if (i == -1) {
- if (errno == EAGAIN || errno == EINTR)
- continue;
- else {
- gnutls_assert();
- goto error;
- }
- } else if (i==0) break;
-
- left -= i;
- }
+ }
+ } else if (i == 0)
+ break;
- ret.size = tot_size - left;
+ left -= i;
+ }
- ret.mmaped = 0;
+ ret.size = tot_size - left;
- close(fd1);
+ ret.mmaped = 0;
- return ret;
-
- error:
-
- if (!ret.mmaped)
- gnutls_free( ret.data);
- close(fd1);
- return null;
+ close(fd1);
+
+ return ret;
+
+ error:
+
+ if (!ret.mmaped)
+ gnutls_free(ret.data);
+ close(fd1);
+ return null;
}
/* Reads a certificate file
*/
-static int read_cert_file(gnutls_certificate_credentials res, const char *certfile,
- gnutls_x509_crt_fmt type)
+static int read_cert_file(gnutls_certificate_credentials res,
+ const char *certfile, gnutls_x509_crt_fmt type)
{
- int ret;
- strfile x;
+ int ret;
+ strfile x;
- x = _gnutls_file_to_str( certfile);
- if (x.data == NULL) {
- gnutls_assert();
- return GNUTLS_E_FILE_ERROR;
- }
+ x = _gnutls_file_to_str(certfile);
+ if (x.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
- ret = read_cert_mem( res, x.data, x.size, type);
- _gnutls_strfile_free(&x);
-
- return ret;
+ ret = read_cert_mem(res, x.data, x.size, type);
+ _gnutls_strfile_free(&x);
+
+ return ret;
}
@@ -749,22 +776,22 @@ static int read_cert_file(gnutls_certificate_credentials res, const char *certfi
/* Reads PKCS-1 RSA private key file or a DSA file (in the format openssl
* stores it).
*/
-static int read_key_file(gnutls_certificate_credentials res, const char *keyfile,
- gnutls_x509_crt_fmt type)
+static int read_key_file(gnutls_certificate_credentials res,
+ const char *keyfile, gnutls_x509_crt_fmt type)
{
- int ret;
- strfile x;
+ int ret;
+ strfile x;
- x = _gnutls_file_to_str( keyfile);
- if (x.data == NULL) {
- gnutls_assert();
- return GNUTLS_E_FILE_ERROR;
- }
+ x = _gnutls_file_to_str(keyfile);
+ if (x.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
- ret = read_key_mem( res, x.data, x.size, type);
- _gnutls_strfile_free(&x);
-
- return ret;
+ ret = read_key_mem(res, x.data, x.size, type);
+ _gnutls_strfile_free(&x);
+
+ return ret;
}
/**
@@ -793,27 +820,29 @@ static int read_key_file(gnutls_certificate_credentials res, const char *keyfile
* then the strings that hold their values must be null terminated.
*
**/
-int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials res, const gnutls_datum* cert,
- const gnutls_datum* key, gnutls_x509_crt_fmt type)
+int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials res,
+ const gnutls_datum * cert,
+ const gnutls_datum * key,
+ gnutls_x509_crt_fmt type)
{
- int ret;
+ int ret;
- /* this should be first
- */
- if ((ret = read_key_mem( res, key->data, key->size, type)) < 0)
- return ret;
+ /* this should be first
+ */
+ if ((ret = read_key_mem(res, key->data, key->size, type)) < 0)
+ return ret;
- if ((ret = read_cert_mem( res, cert->data, cert->size, type)) < 0)
- return ret;
+ if ((ret = read_cert_mem(res, cert->data, cert->size, type)) < 0)
+ return ret;
- res->ncerts++;
+ res->ncerts++;
- if ((ret=_gnutls_check_key_cert_match( res)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if ((ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -829,61 +858,69 @@ int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials res, cons
* server).
*
**/
-int gnutls_certificate_set_x509_key(gnutls_certificate_credentials res,
- gnutls_x509_crt *cert_list, int cert_list_size,
- gnutls_x509_privkey key)
+int gnutls_certificate_set_x509_key(gnutls_certificate_credentials res,
+ gnutls_x509_crt * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey key)
{
- int ret, i;
-
- /* this should be first
- */
-
- res->pkey = gnutls_realloc_fast( res->pkey, (res->ncerts+1)*sizeof(gnutls_privkey));
- if (res->pkey==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = _gnutls_x509_privkey_to_gkey( &res->pkey[res->ncerts], key);
+ int ret, i;
+
+ /* this should be first
+ */
+
+ res->pkey =
+ gnutls_realloc_fast(res->pkey,
+ (res->ncerts + 1) * sizeof(gnutls_privkey));
+ if (res->pkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_x509_privkey_to_gkey(&res->pkey[res->ncerts], key);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ res->cert_list = gnutls_realloc_fast(res->cert_list,
+ (1 +
+ res->ncerts) *
+ sizeof(gnutls_cert *));
+ if (res->cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ res->cert_list_length = gnutls_realloc_fast(res->cert_list_length,
+ (1 +
+ res->ncerts) *
+ sizeof(int));
+ if (res->cert_list_length == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ res->cert_list[res->ncerts] = NULL; /* for realloc */
+ res->cert_list_length[res->ncerts] = 0;
+
+
+ for (i = 0; i < cert_list_size; i++) {
+ ret = parse_crt_mem(&res->cert_list[res->ncerts],
+ &res->cert_list_length[res->ncerts],
+ cert_list[i]);
if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- res->cert_list = gnutls_realloc_fast( res->cert_list,
- (1+ res->ncerts)*sizeof(gnutls_cert*));
- if ( res->cert_list==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- res->cert_list_length = gnutls_realloc_fast( res->cert_list_length,
- (1+ res->ncerts)*sizeof(int));
- if (res->cert_list_length==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- res->cert_list[res->ncerts] = NULL; /* for realloc */
- res->cert_list_length[res->ncerts] = 0;
-
-
- for (i=0;i<cert_list_size;i++) {
- ret = parse_crt_mem( &res->cert_list[res->ncerts],
- &res->cert_list_length[res->ncerts], cert_list[i]);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
+ gnutls_assert();
+ return ret;
}
- res->ncerts++;
+ }
+ res->ncerts++;
- if ((ret=_gnutls_check_key_cert_match( res)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if ((ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -903,87 +940,91 @@ int gnutls_certificate_set_x509_key(gnutls_certificate_credentials res,
* this function.
*
**/
-int gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials res, const char *CERTFILE,
- const char *KEYFILE, gnutls_x509_crt_fmt type)
+int gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials
+ res, const char *CERTFILE,
+ const char *KEYFILE,
+ gnutls_x509_crt_fmt type)
{
- int ret;
+ int ret;
- /* this should be first
- */
- if ((ret = read_key_file(res, KEYFILE, type)) < 0)
- return ret;
+ /* this should be first
+ */
+ if ((ret = read_key_file(res, KEYFILE, type)) < 0)
+ return ret;
- if ((ret = read_cert_file(res, CERTFILE, type)) < 0)
- return ret;
+ if ((ret = read_cert_file(res, CERTFILE, type)) < 0)
+ return ret;
- res->ncerts++;
+ res->ncerts++;
- if ((ret=_gnutls_check_key_cert_match( res)) < 0) {
- gnutls_assert();
- return ret;
- }
+ if ((ret = _gnutls_check_key_cert_match(res)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
-static int generate_rdn_seq( gnutls_certificate_credentials res)
+static int generate_rdn_seq(gnutls_certificate_credentials res)
{
-gnutls_datum tmp;
-gnutls_datum _tmp;
-int ret;
-uint size, i;
-opaque *pdata;
-
- /* Generate the RDN sequence
- * This will be sent to clients when a certificate
- * request message is sent.
- */
-
- /* FIXME: in case of a client it is not needed
- * to do that. This would save time and memory.
- * However we don't have that information available
- * here.
- */
-
- size = 0;
- for (i = 0; i < res->x509_ncas; i++) {
- if ((ret = _gnutls_x509_crt_get_raw_issuer_dn(
- res->x509_ca_list[i], &tmp)) < 0) {
- gnutls_assert();
- return ret;
- }
- size += (2 + tmp.size);
- }
-
- if (res->x509_rdn_sequence.data != NULL)
- gnutls_free( res->x509_rdn_sequence.data);
-
- res->x509_rdn_sequence.data = gnutls_malloc(size);
- if (res->x509_rdn_sequence.data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
- res->x509_rdn_sequence.size = size;
-
- pdata = res->x509_rdn_sequence.data;
-
- for (i = 0; i < res->x509_ncas; i++) {
- if ((ret = _gnutls_x509_crt_get_raw_issuer_dn(
- res->x509_ca_list[i], &tmp)) < 0) {
- gnutls_free(res->x509_rdn_sequence.data);
- res->x509_rdn_sequence.size = 0;
- res->x509_rdn_sequence.data = NULL;
- gnutls_assert();
- return ret;
- }
-
- _tmp.data = (opaque*) tmp.data;
- _tmp.size = tmp.size;
- _gnutls_write_datum16(pdata, _tmp);
- pdata += (2 + tmp.size);
- }
-
- return 0;
+ gnutls_datum tmp;
+ gnutls_datum _tmp;
+ int ret;
+ uint size, i;
+ opaque *pdata;
+
+ /* Generate the RDN sequence
+ * This will be sent to clients when a certificate
+ * request message is sent.
+ */
+
+ /* FIXME: in case of a client it is not needed
+ * to do that. This would save time and memory.
+ * However we don't have that information available
+ * here.
+ */
+
+ size = 0;
+ for (i = 0; i < res->x509_ncas; i++) {
+ if ((ret =
+ _gnutls_x509_crt_get_raw_issuer_dn(res->x509_ca_list[i],
+ &tmp)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ size += (2 + tmp.size);
+ }
+
+ if (res->x509_rdn_sequence.data != NULL)
+ gnutls_free(res->x509_rdn_sequence.data);
+
+ res->x509_rdn_sequence.data = gnutls_malloc(size);
+ if (res->x509_rdn_sequence.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ res->x509_rdn_sequence.size = size;
+
+ pdata = res->x509_rdn_sequence.data;
+
+ for (i = 0; i < res->x509_ncas; i++) {
+ if ((ret =
+ _gnutls_x509_crt_get_raw_issuer_dn(res->x509_ca_list[i],
+ &tmp)) < 0) {
+ gnutls_free(res->x509_rdn_sequence.data);
+ res->x509_rdn_sequence.size = 0;
+ res->x509_rdn_sequence.data = NULL;
+ gnutls_assert();
+ return ret;
+ }
+
+ _tmp.data = (opaque *) tmp.data;
+ _tmp.size = tmp.size;
+ _gnutls_write_datum16(pdata, _tmp);
+ pdata += (2 + tmp.size);
+ }
+
+ return 0;
}
@@ -992,180 +1033,179 @@ opaque *pdata;
/* Returns 0 if it's ok to use the gnutls_kx_algorithm with this
* certificate (uses the KeyUsage field).
*/
-int _gnutls_check_key_usage( const gnutls_cert* cert,
- gnutls_kx_algorithm alg)
+int _gnutls_check_key_usage(const gnutls_cert * cert,
+ gnutls_kx_algorithm alg)
{
- unsigned int keyUsage = 0;
- int encipher_type;
+ unsigned int keyUsage = 0;
+ int encipher_type;
- if ( cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- if (_gnutls_map_kx_get_cred(alg, 1) == GNUTLS_CRD_CERTIFICATE ||
- _gnutls_map_kx_get_cred(alg, 0) == GNUTLS_CRD_CERTIFICATE)
- {
-
- keyUsage = cert->keyUsage;
-
- encipher_type = _gnutls_kx_encipher_type( alg);
-
- if (keyUsage != 0 && encipher_type != CIPHER_IGN) {
- /* If keyUsage has been set in the certificate
- */
-
- if ( encipher_type == CIPHER_ENCRYPT) {
- /* If the key exchange method requires an encipher
- * type algorithm, and key's usage does not permit
- * encipherment, then fail.
- */
- if (!(keyUsage & KEY_KEY_ENCIPHERMENT)) {
- gnutls_assert();
- return
- GNUTLS_E_KEY_USAGE_VIOLATION;
- }
- }
-
- if ( encipher_type == CIPHER_SIGN) {
- /* The same as above, but for sign only keys
- */
- if (!(keyUsage & KEY_DIGITAL_SIGNATURE)) {
- gnutls_assert();
- return
- GNUTLS_E_KEY_USAGE_VIOLATION;
- }
- }
+ if (_gnutls_map_kx_get_cred(alg, 1) == GNUTLS_CRD_CERTIFICATE ||
+ _gnutls_map_kx_get_cred(alg, 0) == GNUTLS_CRD_CERTIFICATE) {
+
+ keyUsage = cert->keyUsage;
+
+ encipher_type = _gnutls_kx_encipher_type(alg);
+
+ if (keyUsage != 0 && encipher_type != CIPHER_IGN) {
+ /* If keyUsage has been set in the certificate
+ */
+
+ if (encipher_type == CIPHER_ENCRYPT) {
+ /* If the key exchange method requires an encipher
+ * type algorithm, and key's usage does not permit
+ * encipherment, then fail.
+ */
+ if (!(keyUsage & KEY_KEY_ENCIPHERMENT)) {
+ gnutls_assert();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
}
+ }
+
+ if (encipher_type == CIPHER_SIGN) {
+ /* The same as above, but for sign only keys
+ */
+ if (!(keyUsage & KEY_DIGITAL_SIGNATURE)) {
+ gnutls_assert();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+ }
}
- return 0;
+ }
+ return 0;
}
-static int parse_pem_ca_mem( gnutls_x509_crt** cert_list, uint* ncerts,
- const opaque *input_cert, int input_cert_size)
+static int parse_pem_ca_mem(gnutls_x509_crt ** cert_list, uint * ncerts,
+ const opaque * input_cert, int input_cert_size)
{
- int i, size;
- const opaque *ptr;
- gnutls_datum tmp;
- int ret, count;
+ int i, size;
+ const opaque *ptr;
+ gnutls_datum tmp;
+ int ret, count;
- /* move to the certificate
- */
- ptr = strnstr( input_cert, PEM_CERT_SEP, input_cert_size);
- if (ptr == NULL) ptr = strnstr( input_cert, PEM_CERT_SEP2, input_cert_size);
+ /* move to the certificate
+ */
+ ptr = strnstr(input_cert, PEM_CERT_SEP, input_cert_size);
+ if (ptr == NULL)
+ ptr = strnstr(input_cert, PEM_CERT_SEP2, input_cert_size);
- if (ptr == NULL) {
- gnutls_assert();
- return GNUTLS_E_BASE64_DECODING_ERROR;
+ if (ptr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ size = input_cert_size - (ptr - input_cert);
+
+ i = *ncerts + 1;
+ count = 0;
+
+ do {
+
+ *cert_list =
+ (gnutls_x509_crt *) gnutls_realloc_fast(*cert_list,
+ i *
+ sizeof
+ (gnutls_x509_crt));
+
+ if (*cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crt_init(&cert_list[0][i - 1]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- size = input_cert_size - (ptr - input_cert);
- i = *ncerts + 1;
- count = 0;
+ tmp.data = (opaque *) ptr;
+ tmp.size = size;
- do {
+ ret =
+ gnutls_x509_crt_import(cert_list[0][i - 1],
+ &tmp, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- *cert_list =
- (gnutls_x509_crt *) gnutls_realloc_fast( *cert_list,
- i *
- sizeof(gnutls_x509_crt));
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
- if ( *cert_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ size = input_cert_size - (ptr - input_cert);
- ret = gnutls_x509_crt_init( &cert_list[0][i - 1]);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- tmp.data = (opaque*)ptr;
- tmp.size = size;
-
- ret =
- gnutls_x509_crt_import(
- cert_list[0][i - 1],
- &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (size > 0) {
+ char *ptr2;
- /* now we move ptr after the pem header
- */
- ptr++;
- /* find the next certificate (if any)
- */
+ ptr2 = strnstr(ptr, PEM_CERT_SEP, size);
+ if (ptr2 == NULL)
+ ptr = strnstr(ptr, PEM_CERT_SEP2, size);
- size = input_cert_size - (ptr - input_cert);
-
- if (size > 0) {
- char* ptr2;
-
- ptr2 = strnstr(ptr, PEM_CERT_SEP, size);
- if (ptr2 == NULL) ptr = strnstr( ptr, PEM_CERT_SEP2, size);
-
- ptr = ptr2;
- } else ptr = NULL;
+ ptr = ptr2;
+ } else
+ ptr = NULL;
- i++;
- count++;
+ i++;
+ count++;
- } while ( ptr != NULL);
+ } while (ptr != NULL);
- *ncerts = i - 1;
+ *ncerts = i - 1;
- return count;
+ return count;
}
/* Reads a DER encoded certificate list from memory and stores it to
* a gnutls_cert structure. This is only called if PKCS7 read fails.
* returns the number of certificates parsed (1)
*/
-static int parse_der_ca_mem( gnutls_x509_crt** cert_list, uint* ncerts,
- const void *input_cert, int input_cert_size)
+static int parse_der_ca_mem(gnutls_x509_crt ** cert_list, uint * ncerts,
+ const void *input_cert, int input_cert_size)
{
- int i;
- gnutls_datum tmp;
- int ret;
+ int i;
+ gnutls_datum tmp;
+ int ret;
- i = *ncerts + 1;
+ i = *ncerts + 1;
- *cert_list =
- (gnutls_x509_crt *) gnutls_realloc_fast( *cert_list,
- i *
- sizeof(gnutls_x509_crt));
+ *cert_list =
+ (gnutls_x509_crt *) gnutls_realloc_fast(*cert_list,
+ i *
+ sizeof(gnutls_x509_crt));
- if ( *cert_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (*cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- tmp.data = (opaque*)input_cert;
- tmp.size = input_cert_size;
+ tmp.data = (opaque *) input_cert;
+ tmp.size = input_cert_size;
- ret = gnutls_x509_crt_init( &cert_list[0][i - 1]);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret =
- gnutls_x509_crt_import(
- cert_list[0][i - 1],
- &tmp, GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- *ncerts = i;
+ ret = gnutls_x509_crt_init(&cert_list[0][i - 1]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 1; /* one certificate parsed */
+ ret =
+ gnutls_x509_crt_import(cert_list[0][i - 1],
+ &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ *ncerts = i;
+
+ return 1; /* one certificate parsed */
}
/**
@@ -1188,22 +1228,23 @@ static int parse_der_ca_mem( gnutls_x509_crt** cert_list, uint* ncerts,
* value on error.
*
**/
-int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials res,
- const gnutls_datum *ca, gnutls_x509_crt_fmt type)
+int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials
+ res, const gnutls_datum * ca,
+ gnutls_x509_crt_fmt type)
{
- int ret, ret2;
+ int ret, ret2;
- if (type==GNUTLS_X509_FMT_DER)
- return parse_der_ca_mem( &res->x509_ca_list, &res->x509_ncas,
- ca->data, ca->size);
- else
- return parse_pem_ca_mem( &res->x509_ca_list, &res->x509_ncas,
- ca->data, ca->size);
+ if (type == GNUTLS_X509_FMT_DER)
+ return parse_der_ca_mem(&res->x509_ca_list, &res->x509_ncas,
+ ca->data, ca->size);
+ else
+ return parse_pem_ca_mem(&res->x509_ca_list, &res->x509_ncas,
+ ca->data, ca->size);
- if ((ret2 = generate_rdn_seq(res)) < 0)
- return ret2;
+ if ((ret2 = generate_rdn_seq(res)) < 0)
+ return ret2;
- return ret;
+ return ret;
}
/**
@@ -1225,32 +1266,35 @@ int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials res,
* Returns 0 on success.
*
**/
-int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials res,
- gnutls_x509_crt * ca_list, int ca_list_size)
+int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials res,
+ gnutls_x509_crt * ca_list,
+ int ca_list_size)
{
- int ret, i, ret2;
-
- res->x509_ca_list = gnutls_realloc_fast( res->x509_ca_list,
- (ca_list_size + res->x509_ncas)*sizeof(gnutls_x509_crt));
- if ( res->x509_ca_list==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (i=0;i<ca_list_size;i++) {
- ret = _gnutls_x509_crt_cpy( res->x509_ca_list[i+res->x509_ncas],
- ca_list[i]);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
- res->x509_ncas++;
+ int ret, i, ret2;
+
+ res->x509_ca_list = gnutls_realloc_fast(res->x509_ca_list,
+ (ca_list_size +
+ res->x509_ncas) *
+ sizeof(gnutls_x509_crt));
+ if (res->x509_ca_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < ca_list_size; i++) {
+ ret = _gnutls_x509_crt_cpy(res->x509_ca_list[i + res->x509_ncas],
+ ca_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
+ res->x509_ncas++;
+ }
- if ((ret2 = generate_rdn_seq(res)) < 0)
- return ret2;
+ if ((ret2 = generate_rdn_seq(res)) < 0)
+ return ret2;
- return 0;
+ return 0;
}
/**
@@ -1273,189 +1317,192 @@ int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials res,
* value on error.
*
**/
-int gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials res,
- const char *cafile, gnutls_x509_crt_fmt type)
+int gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials
+ res, const char *cafile,
+ gnutls_x509_crt_fmt type)
{
- int ret, ret2;
- strfile x;
-
- x = _gnutls_file_to_str( cafile);
- if (x.data == NULL) {
- gnutls_assert();
- return GNUTLS_E_FILE_ERROR;
- }
-
- if (type==GNUTLS_X509_FMT_DER)
- ret = parse_der_ca_mem( &res->x509_ca_list, &res->x509_ncas,
- x.data, x.size);
- else
- ret = parse_pem_ca_mem( &res->x509_ca_list, &res->x509_ncas,
- x.data, x.size);
-
- _gnutls_strfile_free(&x);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret, ret2;
+ strfile x;
+
+ x = _gnutls_file_to_str(cafile);
+ if (x.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_ca_mem(&res->x509_ca_list, &res->x509_ncas,
+ x.data, x.size);
+ else
+ ret = parse_pem_ca_mem(&res->x509_ca_list, &res->x509_ncas,
+ x.data, x.size);
+
+ _gnutls_strfile_free(&x);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if ((ret2 = generate_rdn_seq(res)) < 0)
- return ret2;
+ if ((ret2 = generate_rdn_seq(res)) < 0)
+ return ret2;
- return ret;
+ return ret;
}
#ifdef ENABLE_PKI
-static int parse_pem_crl_mem( gnutls_x509_crl** crl_list, uint* ncrls,
- const opaque *input_crl, int input_crl_size)
+static int parse_pem_crl_mem(gnutls_x509_crl ** crl_list, uint * ncrls,
+ const opaque * input_crl, int input_crl_size)
{
- int size, i;
- const opaque *ptr;
- gnutls_datum tmp;
- int ret, count;
+ int size, i;
+ const opaque *ptr;
+ gnutls_datum tmp;
+ int ret, count;
- /* move to the certificate
- */
- ptr = strnstr( input_crl, PEM_CRL_SEP, input_crl_size);
- if (ptr == NULL) {
- gnutls_assert();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
+ /* move to the certificate
+ */
+ ptr = strnstr(input_crl, PEM_CRL_SEP, input_crl_size);
+ if (ptr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
- size = input_crl_size - (ptr - input_crl);
+ size = input_crl_size - (ptr - input_crl);
- i = *ncrls + 1;
- count = 0;
+ i = *ncrls + 1;
+ count = 0;
- do {
+ do {
- *crl_list =
- (gnutls_x509_crl *) gnutls_realloc_fast( *crl_list,
- i *
- sizeof(gnutls_x509_crl));
+ *crl_list =
+ (gnutls_x509_crl *) gnutls_realloc_fast(*crl_list,
+ i *
+ sizeof
+ (gnutls_x509_crl));
- if ( *crl_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (*crl_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ret = gnutls_x509_crl_init( &crl_list[0][i - 1]);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- tmp.data = (char*)ptr;
- tmp.size = size;
-
- ret =
- gnutls_x509_crl_import(
- crl_list[0][i - 1],
- &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = gnutls_x509_crl_init(&crl_list[0][i - 1]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* now we move ptr after the pem header
- */
- ptr++;
- /* find the next certificate (if any)
- */
+ tmp.data = (char *) ptr;
+ tmp.size = size;
- size = input_crl_size - (ptr - input_crl);
+ ret =
+ gnutls_x509_crl_import(crl_list[0][i - 1],
+ &tmp, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+
+ size = input_crl_size - (ptr - input_crl);
- if (size > 0)
- ptr = strnstr(ptr, PEM_CRL_SEP, size);
- else ptr = NULL;
- i++;
- count++;
+ if (size > 0)
+ ptr = strnstr(ptr, PEM_CRL_SEP, size);
+ else
+ ptr = NULL;
+ i++;
+ count++;
- } while ( ptr != NULL);
+ } while (ptr != NULL);
- *ncrls = i - 1;
+ *ncrls = i - 1;
- return count;
+ return count;
}
/* Reads a DER encoded certificate list from memory and stores it to
* a gnutls_cert structure. This is only called if PKCS7 read fails.
* returns the number of certificates parsed (1)
*/
-static int parse_der_crl_mem( gnutls_x509_crl** crl_list, uint* ncrls,
- const void *input_crl, int input_crl_size)
+static int parse_der_crl_mem(gnutls_x509_crl ** crl_list, uint * ncrls,
+ const void *input_crl, int input_crl_size)
{
- int i;
- gnutls_datum tmp;
- int ret;
+ int i;
+ gnutls_datum tmp;
+ int ret;
- i = *ncrls + 1;
+ i = *ncrls + 1;
- *crl_list =
- (gnutls_x509_crl *) gnutls_realloc_fast( *crl_list,
- i *
- sizeof(gnutls_x509_crl));
+ *crl_list =
+ (gnutls_x509_crl *) gnutls_realloc_fast(*crl_list,
+ i *
+ sizeof(gnutls_x509_crl));
- if ( *crl_list == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (*crl_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- tmp.data = (opaque*)input_crl;
- tmp.size = input_crl_size;
+ tmp.data = (opaque *) input_crl;
+ tmp.size = input_crl_size;
- ret = gnutls_x509_crl_init( &crl_list[0][i - 1]);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret =
- gnutls_x509_crl_import(
- crl_list[0][i - 1],
- &tmp, GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- *ncrls = i;
+ ret = gnutls_x509_crl_init(&crl_list[0][i - 1]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crl_import(crl_list[0][i - 1],
+ &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ *ncrls = i;
- return 1; /* one certificate parsed */
+ return 1; /* one certificate parsed */
}
/* Reads a DER or PEM CRL from memory
*/
-static
-int read_crl_mem(gnutls_certificate_credentials res, const void *crl, int crl_size,
- gnutls_x509_crt_fmt type)
+static
+int read_crl_mem(gnutls_certificate_credentials res, const void *crl,
+ int crl_size, gnutls_x509_crt_fmt type)
{
- int ret;
-
- /* allocate space for the certificate to add
- */
- res->x509_crl_list = gnutls_realloc_fast( res->x509_crl_list,
- (1+ res->x509_ncrls)*sizeof(gnutls_x509_crl));
- if ( res->x509_crl_list==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if (type==GNUTLS_X509_FMT_DER)
- ret = parse_der_crl_mem( &res->x509_crl_list,
- &res->x509_ncrls, crl, crl_size);
- else
- ret = parse_pem_crl_mem( &res->x509_crl_list,
- &res->x509_ncrls, crl, crl_size);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
+ int ret;
+
+ /* allocate space for the certificate to add
+ */
+ res->x509_crl_list = gnutls_realloc_fast(res->x509_crl_list,
+ (1 +
+ res->x509_ncrls) *
+ sizeof(gnutls_x509_crl));
+ if (res->x509_crl_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_crl_mem(&res->x509_crl_list,
+ &res->x509_ncrls, crl, crl_size);
+ else
+ ret = parse_pem_crl_mem(&res->x509_crl_list,
+ &res->x509_ncrls, crl, crl_size);
+
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ return ret;
}
/**
@@ -1474,15 +1521,16 @@ int read_crl_mem(gnutls_certificate_credentials res, const void *crl, int crl_si
* on error.
*
**/
-int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials res,
- const gnutls_datum *CRL, gnutls_x509_crt_fmt type)
+int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials res,
+ const gnutls_datum * CRL,
+ gnutls_x509_crt_fmt type)
{
- int ret;
-
- if ((ret = read_crl_mem(res, CRL->data, CRL->size, type)) < 0)
- return ret;
+ int ret;
+ if ((ret = read_crl_mem(res, CRL->data, CRL->size, type)) < 0)
return ret;
+
+ return ret;
}
/**
@@ -1500,29 +1548,32 @@ int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials res,
* Returns 0 on success.
*
**/
-int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials res,
- gnutls_x509_crl* crl_list, int crl_list_size)
+int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials res,
+ gnutls_x509_crl * crl_list,
+ int crl_list_size)
{
- int ret, i;
-
- res->x509_crl_list = gnutls_realloc_fast( res->x509_crl_list,
- (crl_list_size + res->x509_ncrls)*sizeof(gnutls_x509_crl));
- if ( res->x509_crl_list==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (i=0;i<crl_list_size;i++) {
- ret = _gnutls_x509_crl_cpy( res->x509_crl_list[i+res->x509_ncrls],
- crl_list[i]);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
- res->x509_ncrls++;
+ int ret, i;
+
+ res->x509_crl_list = gnutls_realloc_fast(res->x509_crl_list,
+ (crl_list_size +
+ res->x509_ncrls) *
+ sizeof(gnutls_x509_crl));
+ if (res->x509_crl_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < crl_list_size; i++) {
+ ret = _gnutls_x509_crl_cpy(res->x509_crl_list[i + res->x509_ncrls],
+ crl_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
+ res->x509_ncrls++;
+ }
- return 0;
+ return 0;
}
/**
@@ -1541,33 +1592,34 @@ int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials res,
* on error.
*
**/
-int gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials res,
- const char *crlfile, gnutls_x509_crt_fmt type)
+int gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials
+ res, const char *crlfile,
+ gnutls_x509_crt_fmt type)
{
- int ret;
- strfile x;
-
- x = _gnutls_file_to_str( crlfile);
- if (x.data == NULL) {
- gnutls_assert();
- return GNUTLS_E_FILE_ERROR;
- }
-
- if (type==GNUTLS_X509_FMT_DER)
- ret = parse_der_crl_mem( &res->x509_crl_list, &res->x509_ncrls,
- x.data, x.size);
- else
- ret = parse_pem_crl_mem( &res->x509_crl_list, &res->x509_ncrls,
- x.data, x.size);
-
- _gnutls_strfile_free(&x);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
+ int ret;
+ strfile x;
+
+ x = _gnutls_file_to_str(crlfile);
+ if (x.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_crl_mem(&res->x509_crl_list, &res->x509_ncrls,
+ x.data, x.size);
+ else
+ ret = parse_pem_crl_mem(&res->x509_crl_list, &res->x509_ncrls,
+ x.data, x.size);
+
+ _gnutls_strfile_free(&x);
+
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ return ret;
}
@@ -1581,16 +1633,16 @@ int gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials res,
**/
void gnutls_certificate_free_crls(gnutls_certificate_credentials sc)
{
- uint j;
+ uint j;
+
+ for (j = 0; j < sc->x509_ncrls; j++) {
+ gnutls_x509_crl_deinit(sc->x509_crl_list[j]);
+ }
- for (j = 0; j < sc->x509_ncrls; j++) {
- gnutls_x509_crl_deinit( sc->x509_crl_list[j]);
- }
-
- sc->x509_ncrls = 0;
+ sc->x509_ncrls = 0;
- gnutls_free( sc->x509_crl_list);
- sc->x509_crl_list = NULL;
+ gnutls_free(sc->x509_crl_list);
+ sc->x509_crl_list = NULL;
}
#endif
diff --git a/lib/gnutls_x509.h b/lib/gnutls_x509.h
index f6ff1e32ac..ed29e3534a 100644
--- a/lib/gnutls_x509.h
+++ b/lib/gnutls_x509.h
@@ -11,11 +11,16 @@ int _gnutls_x509_cert_verify_peers(gnutls_session session);
#define PEM_KEY_RSA_SEP "-----BEGIN RSA"
#define PEM_KEY_DSA_SEP "-----BEGIN DSA"
-int _gnutls_check_key_usage( const gnutls_cert* cert, gnutls_kx_algorithm alg);
+int _gnutls_check_key_usage(const gnutls_cert * cert,
+ gnutls_kx_algorithm alg);
-int _gnutls_x509_read_rsa_params(opaque * der, int dersize, mpi_t * params);
-int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, mpi_t * params);
+int _gnutls_x509_read_rsa_params(opaque * der, int dersize,
+ mpi_t * params);
+int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize,
+ mpi_t * params);
-int _gnutls_x509_raw_privkey_to_gkey( gnutls_privkey* privkey, const gnutls_datum* raw_key,
- gnutls_x509_crt_fmt type);
-int _gnutls_x509_privkey_to_gkey( gnutls_privkey* privkey, gnutls_x509_privkey);
+int _gnutls_x509_raw_privkey_to_gkey(gnutls_privkey * privkey,
+ const gnutls_datum * raw_key,
+ gnutls_x509_crt_fmt type);
+int _gnutls_x509_privkey_to_gkey(gnutls_privkey * privkey,
+ gnutls_x509_privkey);
diff --git a/lib/io_debug.h b/lib/io_debug.h
index 2c3e2ff8ab..85c499fcd1 100644
--- a/lib/io_debug.h
+++ b/lib/io_debug.h
@@ -15,7 +15,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-
+
/* This debug file was contributed by
* Paul Sheer <psheer@icon.co.za>. Some changes were made by nmav.
* Its purpose is to debug non blocking behaviour of gnutls. The included
@@ -27,7 +27,7 @@
#include <gnutls_int.h>
-#define EDUNNO EAGAIN /* EAGAIN */
+#define EDUNNO EAGAIN /* EAGAIN */
extern int errno;
static int initialized_rand = 0;
@@ -36,32 +36,32 @@ static int initialized_rand = 0;
srand(time(0)); \
initialized_rand = 1; \
}
-static int recv_debug (int fd, char *buf, int len, int flags)
+static int recv_debug(int fd, char *buf, int len, int flags)
{
INITIALIZE_RAND;
-
+
if (!(rand() % IO_DEBUG)) {
errno = EDUNNO;
return -1;
}
if (len > 1)
len = 1;
- return recv (fd, buf, len, flags);
+ return recv(fd, buf, len, flags);
}
#define recv recv_debug
-static int send_debug (int fd, const char *buf, int len, int flags)
+static int send_debug(int fd, const char *buf, int len, int flags)
{
INITIALIZE_RAND;
-
+
if (!(rand() % IO_DEBUG)) {
errno = EDUNNO;
return -1;
}
if (len > 10)
len = 10;
- return send (fd, buf, len, flags);
+ return send(fd, buf, len, flags);
}
#define send send_debug
diff --git a/lib/pkix_asn1_tab.c b/lib/pkix_asn1_tab.c
index c31c516258..0e2ec9bba7 100644
--- a/lib/pkix_asn1_tab.c
+++ b/lib/pkix_asn1_tab.c
@@ -1,1095 +1,1103 @@
#include "libtasn1.h"
-const ASN1_ARRAY_TYPE pkix_asn1_tab[]={
- {"PKIX1",536875024,0},
- {0,1073741836,0},
- {"id-ce",1879048204,0},
- {"joint-iso-ccitt",1073741825,"2"},
- {"ds",1073741825,"5"},
- {0,1,"29"},
- {"id-ce-authorityKeyIdentifier",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"35"},
- {"AuthorityKeyIdentifier",1610612741,0},
- {"keyIdentifier",1610637314,"KeyIdentifier"},
- {0,4104,"0"},
- {"authorityCertIssuer",1610637314,"GeneralNames"},
- {0,4104,"1"},
- {"authorityCertSerialNumber",536895490,"CertificateSerialNumber"},
- {0,4104,"2"},
- {"KeyIdentifier",1073741831,0},
- {"id-ce-subjectKeyIdentifier",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"14"},
- {"SubjectKeyIdentifier",1073741826,"KeyIdentifier"},
- {"id-ce-keyUsage",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"15"},
- {"KeyUsage",1610874886,0},
- {"digitalSignature",1073741825,"0"},
- {"nonRepudiation",1073741825,"1"},
- {"keyEncipherment",1073741825,"2"},
- {"dataEncipherment",1073741825,"3"},
- {"keyAgreement",1073741825,"4"},
- {"keyCertSign",1073741825,"5"},
- {"cRLSign",1073741825,"6"},
- {"encipherOnly",1073741825,"7"},
- {"decipherOnly",1,"8"},
- {"id-ce-privateKeyUsagePeriod",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"16"},
- {"PrivateKeyUsagePeriod",1610612741,0},
- {"notBefore",1619025937,0},
- {0,4104,"0"},
- {"notAfter",545284113,0},
- {0,4104,"1"},
- {"id-ce-certificatePolicies",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"32"},
- {"CertificatePolicies",1612709899,0},
- {"MAX",1074266122,"1"},
- {0,2,"PolicyInformation"},
- {"PolicyInformation",1610612741,0},
- {"policyIdentifier",1073741826,"CertPolicyId"},
- {"policyQualifiers",538984459,0},
- {"MAX",1074266122,"1"},
- {0,2,"PolicyQualifierInfo"},
- {"CertPolicyId",1073741836,0},
- {"PolicyQualifierInfo",1610612741,0},
- {"policyQualifierId",1073741826,"PolicyQualifierId"},
- {"qualifier",541065229,0},
- {"policyQualifierId",1,0},
- {"PolicyQualifierId",1073741836,0},
- {"CPSuri",1073741826,"IA5String"},
- {"UserNotice",1610612741,0},
- {"noticeRef",1073758210,"NoticeReference"},
- {"explicitText",16386,"DisplayText"},
- {"NoticeReference",1610612741,0},
- {"organization",1073741826,"DisplayText"},
- {"noticeNumbers",536870923,0},
- {0,3,0},
- {"DisplayText",1610612754,0},
- {"visibleString",1612709890,"VisibleString"},
- {"200",524298,"1"},
- {"bmpString",1612709890,"BMPString"},
- {"200",524298,"1"},
- {"utf8String",538968066,"UTF8String"},
- {"200",524298,"1"},
- {"id-ce-policyMappings",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"33"},
- {"PolicyMappings",1612709899,0},
- {"MAX",1074266122,"1"},
- {0,536870917,0},
- {"issuerDomainPolicy",1073741826,"CertPolicyId"},
- {"subjectDomainPolicy",2,"CertPolicyId"},
- {"DirectoryString",1610612754,0},
- {"teletexString",1612709890,"TeletexString"},
- {"MAX",524298,"1"},
- {"printableString",1612709890,"PrintableString"},
- {"MAX",524298,"1"},
- {"universalString",1612709890,"UniversalString"},
- {"MAX",524298,"1"},
- {"utf8String",1612709890,"UTF8String"},
- {"MAX",524298,"1"},
- {"bmpString",538968066,"BMPString"},
- {"MAX",524298,"1"},
- {"id-ce-subjectAltName",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"17"},
- {"SubjectAltName",1073741826,"GeneralNames"},
- {"GeneralNames",1612709899,0},
- {"MAX",1074266122,"1"},
- {0,2,"GeneralName"},
- {"GeneralName",1610612754,0},
- {"otherName",1610620930,"AnotherName"},
- {0,4104,"0"},
- {"rfc822Name",1610620930,"IA5String"},
- {0,4104,"1"},
- {"dNSName",1610620930,"IA5String"},
- {0,4104,"2"},
- {"x400Address",1610620930,"ORAddress"},
- {0,4104,"3"},
- {"directoryName",1610620930,"Name"},
- {0,4104,"4"},
- {"ediPartyName",1610620930,"EDIPartyName"},
- {0,4104,"5"},
- {"uniformResourceIdentifier",1610620930,"IA5String"},
- {0,4104,"6"},
- {"iPAddress",1610620935,0},
- {0,4104,"7"},
- {"registeredID",536879116,0},
- {0,4104,"8"},
- {"AnotherName",1610612741,0},
- {"type-id",1073741836,0},
- {"value",541073421,0},
- {0,1073743880,"0"},
- {"type-id",1,0},
- {"EDIPartyName",1610612741,0},
- {"nameAssigner",1610637314,"DirectoryString"},
- {0,4104,"0"},
- {"partyName",536879106,"DirectoryString"},
- {0,4104,"1"},
- {"id-ce-issuerAltName",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"18"},
- {"IssuerAltName",1073741826,"GeneralNames"},
- {"id-ce-subjectDirectoryAttributes",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"9"},
- {"SubjectDirectoryAttributes",1612709899,0},
- {"MAX",1074266122,"1"},
- {0,2,"Attribute"},
- {"id-ce-basicConstraints",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"19"},
- {"BasicConstraints",1610612741,0},
- {"cA",1610645508,0},
- {0,131081,0},
- {"pathLenConstraint",537411587,0},
- {"0",10,"MAX"},
- {"id-ce-nameConstraints",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"30"},
- {"NameConstraints",1610612741,0},
- {"permittedSubtrees",1610637314,"GeneralSubtrees"},
- {0,4104,"0"},
- {"excludedSubtrees",536895490,"GeneralSubtrees"},
- {0,4104,"1"},
- {"GeneralSubtrees",1612709899,0},
- {"MAX",1074266122,"1"},
- {0,2,"GeneralSubtree"},
- {"GeneralSubtree",1610612741,0},
- {"base",1073741826,"GeneralName"},
- {"minimum",1610653698,"BaseDistance"},
- {0,1073741833,"0"},
- {0,4104,"0"},
- {"maximum",536895490,"BaseDistance"},
- {0,4104,"1"},
- {"BaseDistance",1611137027,0},
- {"0",10,"MAX"},
- {"id-ce-policyConstraints",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"36"},
- {"PolicyConstraints",1610612741,0},
- {"requireExplicitPolicy",1610637314,"SkipCerts"},
- {0,4104,"0"},
- {"inhibitPolicyMapping",536895490,"SkipCerts"},
- {0,4104,"1"},
- {"SkipCerts",1611137027,0},
- {"0",10,"MAX"},
- {"id-ce-cRLDistributionPoints",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"31"},
- {"CRLDistributionPoints",1612709899,0},
- {"MAX",1074266122,"1"},
- {0,2,"DistributionPoint"},
- {"DistributionPoint",1610612741,0},
- {"distributionPoint",1610637314,"DistributionPointName"},
- {0,2056,"0"},
- {"reasons",1610637314,"ReasonFlags"},
- {0,4104,"1"},
- {"cRLIssuer",536895490,"GeneralNames"},
- {0,4104,"2"},
- {"DistributionPointName",1610612754,0},
- {"fullName",1610620930,"GeneralNames"},
- {0,4104,"0"},
- {"nameRelativeToCRLIssuer",536879106,"RelativeDistinguishedName"},
- {0,4104,"1"},
- {"ReasonFlags",1610874886,0},
- {"unused",1073741825,"0"},
- {"keyCompromise",1073741825,"1"},
- {"cACompromise",1073741825,"2"},
- {"affiliationChanged",1073741825,"3"},
- {"superseded",1073741825,"4"},
- {"cessationOfOperation",1073741825,"5"},
- {"certificateHold",1073741825,"6"},
- {"privilegeWithdrawn",1073741825,"7"},
- {"aACompromise",1,"8"},
- {"id-ce-extKeyUsage",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"37"},
- {"ExtKeyUsageSyntax",1612709899,0},
- {"MAX",1074266122,"1"},
- {0,2,"KeyPurposeId"},
- {"KeyPurposeId",1073741836,0},
- {"id-kp-serverAuth",1879048204,0},
- {0,1073741825,"id-kp"},
- {0,1,"1"},
- {"id-kp-clientAuth",1879048204,0},
- {0,1073741825,"id-kp"},
- {0,1,"2"},
- {"id-kp-codeSigning",1879048204,0},
- {0,1073741825,"id-kp"},
- {0,1,"3"},
- {"id-kp-emailProtection",1879048204,0},
- {0,1073741825,"id-kp"},
- {0,1,"4"},
- {"id-kp-ipsecEndSystem",1879048204,0},
- {0,1073741825,"id-kp"},
- {0,1,"5"},
- {"id-kp-ipsecTunnel",1879048204,0},
- {0,1073741825,"id-kp"},
- {0,1,"6"},
- {"id-kp-ipsecUser",1879048204,0},
- {0,1073741825,"id-kp"},
- {0,1,"7"},
- {"id-kp-timeStamping",1879048204,0},
- {0,1073741825,"id-kp"},
- {0,1,"8"},
- {"id-pe-authorityInfoAccess",1879048204,0},
- {0,1073741825,"id-pe"},
- {0,1,"1"},
- {"AuthorityInfoAccessSyntax",1612709899,0},
- {"MAX",1074266122,"1"},
- {0,2,"AccessDescription"},
- {"AccessDescription",1610612741,0},
- {"accessMethod",1073741836,0},
- {"accessLocation",2,"GeneralName"},
- {"id-ce-cRLNumber",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"20"},
- {"CRLNumber",1611137027,0},
- {"0",10,"MAX"},
- {"id-ce-issuingDistributionPoint",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"28"},
- {"IssuingDistributionPoint",1610612741,0},
- {"distributionPoint",1610637314,"DistributionPointName"},
- {0,4104,"0"},
- {"onlyContainsUserCerts",1610653700,0},
- {0,1073872905,0},
- {0,4104,"1"},
- {"onlyContainsCACerts",1610653700,0},
- {0,1073872905,0},
- {0,4104,"2"},
- {"onlySomeReasons",1610637314,"ReasonFlags"},
- {0,4104,"3"},
- {"indirectCRL",536911876,0},
- {0,1073872905,0},
- {0,4104,"4"},
- {"id-ce-deltaCRLIndicator",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"27"},
- {"BaseCRLNumber",1073741826,"CRLNumber"},
- {"id-ce-cRLReasons",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"21"},
- {"CRLReason",1610874901,0},
- {"unspecified",1073741825,"0"},
- {"keyCompromise",1073741825,"1"},
- {"cACompromise",1073741825,"2"},
- {"affiliationChanged",1073741825,"3"},
- {"superseded",1073741825,"4"},
- {"cessationOfOperation",1073741825,"5"},
- {"certificateHold",1073741825,"6"},
- {"removeFromCRL",1,"8"},
- {"id-ce-certificateIssuer",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"29"},
- {"CertificateIssuer",1073741826,"GeneralNames"},
- {"id-ce-holdInstructionCode",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"23"},
- {"HoldInstructionCode",1073741836,0},
- {"holdInstruction",1879048204,0},
- {"joint-iso-itu-t",1073741825,"2"},
- {"member-body",1073741825,"2"},
- {"us",1073741825,"840"},
- {"x9cm",1073741825,"10040"},
- {0,1,"2"},
- {"id-holdinstruction-none",1879048204,0},
- {0,1073741825,"holdInstruction"},
- {0,1,"1"},
- {"id-holdinstruction-callissuer",1879048204,0},
- {0,1073741825,"holdInstruction"},
- {0,1,"2"},
- {"id-holdinstruction-reject",1879048204,0},
- {0,1073741825,"holdInstruction"},
- {0,1,"3"},
- {"id-ce-invalidityDate",1879048204,0},
- {0,1073741825,"id-ce"},
- {0,1,"24"},
- {"InvalidityDate",1082130449,0},
- {"VisibleString",1610620935,0},
- {0,4360,"26"},
- {"NumericString",1610620935,0},
- {0,4360,"18"},
- {"IA5String",1610620935,0},
- {0,4360,"22"},
- {"TeletexString",1610620935,0},
- {0,4360,"20"},
- {"PrintableString",1610620935,0},
- {0,4360,"19"},
- {"UniversalString",1610620935,0},
- {0,4360,"28"},
- {"BMPString",1610620935,0},
- {0,4360,"30"},
- {"UTF8String",1610620935,0},
- {0,4360,"12"},
- {"id-pkix",1879048204,0},
- {"iso",1073741825,"1"},
- {"identified-organization",1073741825,"3"},
- {"dod",1073741825,"6"},
- {"internet",1073741825,"1"},
- {"security",1073741825,"5"},
- {"mechanisms",1073741825,"5"},
- {"pkix",1,"7"},
- {"id-pe",1879048204,0},
- {0,1073741825,"id-pkix"},
- {0,1,"1"},
- {"id-qt",1879048204,0},
- {0,1073741825,"id-pkix"},
- {0,1,"2"},
- {"id-kp",1879048204,0},
- {0,1073741825,"id-pkix"},
- {0,1,"3"},
- {"id-ad",1879048204,0},
- {0,1073741825,"id-pkix"},
- {0,1,"48"},
- {"id-qt-cps",1879048204,0},
- {0,1073741825,"id-qt"},
- {0,1,"1"},
- {"id-qt-unotice",1879048204,0},
- {0,1073741825,"id-qt"},
- {0,1,"2"},
- {"id-ad-ocsp",1879048204,0},
- {0,1073741825,"id-ad"},
- {0,1,"1"},
- {"id-ad-caIssuers",1879048204,0},
- {0,1073741825,"id-ad"},
- {0,1,"2"},
- {"Attribute",1610612741,0},
- {"type",1073741826,"AttributeType"},
- {"values",536870927,0},
- {0,2,"AttributeValue"},
- {"AttributeType",1073741836,0},
- {"AttributeValue",1614807053,0},
- {"type",1,0},
- {"AttributeTypeAndValue",1610612741,0},
- {"type",1073741826,"AttributeType"},
- {"value",2,"AttributeValue"},
- {"id-at",1879048204,0},
- {"joint-iso-ccitt",1073741825,"2"},
- {"ds",1073741825,"5"},
- {0,1,"4"},
- {"id-at-initials",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"43"},
- {"X520initials",1073741826,"DirectoryString"},
- {"id-at-generationQualifier",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"44"},
- {"X520generationQualifier",1073741826,"DirectoryString"},
- {"id-at-surname",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"4"},
- {"X520surName",1073741826,"DirectoryString"},
- {"id-at-givenName",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"42"},
- {"X520givenName",1073741826,"DirectoryString"},
- {"id-at-name",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"41"},
- {"X520name",1073741826,"DirectoryString"},
- {"id-at-commonName",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"3"},
- {"X520CommonName",1073741826,"DirectoryString"},
- {"id-at-localityName",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"7"},
- {"X520LocalityName",1073741826,"DirectoryString"},
- {"id-at-stateOrProvinceName",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"8"},
- {"X520StateOrProvinceName",1073741826,"DirectoryString"},
- {"id-at-organizationName",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"10"},
- {"X520OrganizationName",1073741826,"DirectoryString"},
- {"id-at-organizationalUnitName",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"11"},
- {"X520OrganizationalUnitName",1073741826,"DirectoryString"},
- {"id-at-title",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"12"},
- {"X520Title",1073741826,"DirectoryString"},
- {"id-at-description",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"13"},
- {"X520Description",1073741826,"DirectoryString"},
- {"id-at-dnQualifier",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"46"},
- {"X520dnQualifier",1073741826,"PrintableString"},
- {"id-at-countryName",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"6"},
- {"X520countryName",1612709890,"PrintableString"},
- {0,1048586,"2"},
- {"id-at-serialNumber",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"5"},
- {"X520serialNumber",1073741826,"PrintableString"},
- {"id-at-telephoneNumber",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"20"},
- {"X520telephoneNumber",1073741826,"PrintableString"},
- {"id-at-facsimileTelephoneNumber",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"23"},
- {"X520facsimileTelephoneNumber",1073741826,"PrintableString"},
- {"id-at-pseudonym",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"65"},
- {"X520pseudonym",1073741826,"DirectoryString"},
- {"id-at-name",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"41"},
- {"X520name",1073741826,"DirectoryString"},
- {"id-at-streetAddress",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"9"},
- {"X520streetAddress",1073741826,"DirectoryString"},
- {"id-at-postalAddress",1880096780,"AttributeType"},
- {0,1073741825,"id-at"},
- {0,1,"16"},
- {"X520postalAddress",1073741826,"PostalAddress"},
- {"PostalAddress",1610612747,0},
- {0,2,"DirectoryString"},
- {"pkcs",1879048204,0},
- {"iso",1073741825,"1"},
- {"member-body",1073741825,"2"},
- {"us",1073741825,"840"},
- {"rsadsi",1073741825,"113549"},
- {"pkcs",1,"1"},
- {"pkcs-9",1879048204,0},
- {0,1073741825,"pkcs"},
- {0,1,"9"},
- {"emailAddress",1880096780,"AttributeType"},
- {0,1073741825,"pkcs-9"},
- {0,1,"1"},
- {"Pkcs9email",1612709890,"IA5String"},
- {"ub-emailaddress-length",524298,"1"},
- {"Name",1610612754,0},
- {"rdnSequence",2,"RDNSequence"},
- {"RDNSequence",1610612747,0},
- {0,2,"RelativeDistinguishedName"},
- {"DistinguishedName",1073741826,"RDNSequence"},
- {"RelativeDistinguishedName",1612709903,0},
- {"MAX",1074266122,"1"},
- {0,2,"AttributeTypeAndValue"},
- {"Certificate",1610612741,0},
- {"tbsCertificate",1073741826,"TBSCertificate"},
- {"signatureAlgorithm",1073741826,"AlgorithmIdentifier"},
- {"signature",6,0},
- {"TBSCertificate",1610612741,0},
- {"version",1610653698,"Version"},
- {0,1073741833,"v1"},
- {0,2056,"0"},
- {"serialNumber",1073741826,"CertificateSerialNumber"},
- {"signature",1073741826,"AlgorithmIdentifier"},
- {"issuer",1073741826,"Name"},
- {"validity",1073741826,"Validity"},
- {"subject",1073741826,"Name"},
- {"subjectPublicKeyInfo",1073741826,"SubjectPublicKeyInfo"},
- {"issuerUniqueID",1610637314,"UniqueIdentifier"},
- {0,4104,"1"},
- {"subjectUniqueID",1610637314,"UniqueIdentifier"},
- {0,4104,"2"},
- {"extensions",536895490,"Extensions"},
- {0,2056,"3"},
- {"Version",1610874883,0},
- {"v1",1073741825,"0"},
- {"v2",1073741825,"1"},
- {"v3",1,"2"},
- {"CertificateSerialNumber",1073741827,0},
- {"Validity",1610612741,0},
- {"notBefore",1073741826,"Time"},
- {"notAfter",2,"Time"},
- {"Time",1610612754,0},
- {"utcTime",1090519057,0},
- {"generalTime",8388625,0},
- {"UniqueIdentifier",1073741830,0},
- {"SubjectPublicKeyInfo",1610612741,0},
- {"algorithm",1073741826,"AlgorithmIdentifier"},
- {"subjectPublicKey",6,0},
- {"Extensions",1612709899,0},
- {"MAX",1074266122,"1"},
- {0,2,"Extension"},
- {"Extension",1610612741,0},
- {"extnID",1073741836,0},
- {"critical",1610645508,0},
- {0,131081,0},
- {"extnValue",7,0},
- {"CertificateList",1610612741,0},
- {"tbsCertList",1073741826,"TBSCertList"},
- {"signatureAlgorithm",1073741826,"AlgorithmIdentifier"},
- {"signature",6,0},
- {"TBSCertList",1610612741,0},
- {"version",1073758210,"Version"},
- {"signature",1073741826,"AlgorithmIdentifier"},
- {"issuer",1073741826,"Name"},
- {"thisUpdate",1073741826,"Time"},
- {"nextUpdate",1073758210,"Time"},
- {"revokedCertificates",1610629131,0},
- {0,536870917,0},
- {"userCertificate",1073741826,"CertificateSerialNumber"},
- {"revocationDate",1073741826,"Time"},
- {"crlEntryExtensions",16386,"Extensions"},
- {"crlExtensions",536895490,"Extensions"},
- {0,2056,"0"},
- {"AlgorithmIdentifier",1610612741,0},
- {"algorithm",1073741836,0},
- {"parameters",541081613,0},
- {"algorithm",1,0},
- {"pkcs-1",1879048204,0},
- {0,1073741825,"pkcs"},
- {0,1,"1"},
- {"rsaEncryption",1879048204,0},
- {0,1073741825,"pkcs-1"},
- {0,1,"1"},
- {"md2WithRSAEncryption",1879048204,0},
- {0,1073741825,"pkcs-1"},
- {0,1,"2"},
- {"md5WithRSAEncryption",1879048204,0},
- {0,1073741825,"pkcs-1"},
- {0,1,"4"},
- {"sha1WithRSAEncryption",1879048204,0},
- {0,1073741825,"pkcs-1"},
- {0,1,"5"},
- {"id-dsa-with-sha1",1879048204,0},
- {"iso",1073741825,"1"},
- {"member-body",1073741825,"2"},
- {"us",1073741825,"840"},
- {"x9-57",1073741825,"10040"},
- {"x9algorithm",1073741825,"4"},
- {0,1,"3"},
- {"Dss-Sig-Value",1610612741,0},
- {"r",1073741827,0},
- {"s",3,0},
- {"dhpublicnumber",1879048204,0},
- {"iso",1073741825,"1"},
- {"member-body",1073741825,"2"},
- {"us",1073741825,"840"},
- {"ansi-x942",1073741825,"10046"},
- {"number-type",1073741825,"2"},
- {0,1,"1"},
- {"DomainParameters",1610612741,0},
- {"p",1073741827,0},
- {"g",1073741827,0},
- {"q",1073741827,0},
- {"j",1073758211,0},
- {"validationParms",16386,"ValidationParms"},
- {"ValidationParms",1610612741,0},
- {"seed",1073741830,0},
- {"pgenCounter",3,0},
- {"id-dsa",1879048204,0},
- {"iso",1073741825,"1"},
- {"member-body",1073741825,"2"},
- {"us",1073741825,"840"},
- {"x9-57",1073741825,"10040"},
- {"x9algorithm",1073741825,"4"},
- {0,1,"1"},
- {"Dss-Parms",1610612741,0},
- {"p",1073741827,0},
- {"q",1073741827,0},
- {"g",3,0},
- {"ORAddress",1610612741,0},
- {"built-in-standard-attributes",1073741826,"BuiltInStandardAttributes"},
- {"built-in-domain-defined-attributes",1073758210,"BuiltInDomainDefinedAttributes"},
- {"extension-attributes",16386,"ExtensionAttributes"},
- {"BuiltInStandardAttributes",1610612741,0},
- {"country-name",1073758210,"CountryName"},
- {"administration-domain-name",1073758210,"AdministrationDomainName"},
- {"network-address",1610637314,"NetworkAddress"},
- {0,2056,"0"},
- {"terminal-identifier",1610637314,"TerminalIdentifier"},
- {0,2056,"1"},
- {"private-domain-name",1610637314,"PrivateDomainName"},
- {0,2056,"2"},
- {"organization-name",1610637314,"OrganizationName"},
- {0,2056,"3"},
- {"numeric-user-identifier",1610637314,"NumericUserIdentifier"},
- {0,2056,"4"},
- {"personal-name",1610637314,"PersonalName"},
- {0,2056,"5"},
- {"organizational-unit-names",536895490,"OrganizationalUnitNames"},
- {0,2056,"6"},
- {"CountryName",1610620946,0},
- {0,1073746952,"1"},
- {"x121-dcc-code",1612709890,"NumericString"},
- {0,1048586,"ub-country-name-numeric-length"},
- {"iso-3166-alpha2-code",538968066,"PrintableString"},
- {0,1048586,"ub-country-name-alpha-length"},
- {"AdministrationDomainName",1610620946,0},
- {0,1073744904,"2"},
- {"numeric",1612709890,"NumericString"},
- {"ub-domain-name-length",524298,"0"},
- {"printable",538968066,"PrintableString"},
- {"ub-domain-name-length",524298,"0"},
- {"NetworkAddress",1073741826,"X121Address"},
- {"X121Address",1612709890,"NumericString"},
- {"ub-x121-address-length",524298,"1"},
- {"TerminalIdentifier",1612709890,"PrintableString"},
- {"ub-terminal-id-length",524298,"1"},
- {"PrivateDomainName",1610612754,0},
- {"numeric",1612709890,"NumericString"},
- {"ub-domain-name-length",524298,"1"},
- {"printable",538968066,"PrintableString"},
- {"ub-domain-name-length",524298,"1"},
- {"OrganizationName",1612709890,"PrintableString"},
- {"ub-organization-name-length",524298,"1"},
- {"NumericUserIdentifier",1612709890,"NumericString"},
- {"ub-numeric-user-id-length",524298,"1"},
- {"PersonalName",1610612750,0},
- {"surname",1814044674,"PrintableString"},
- {0,1073745928,"0"},
- {"ub-surname-length",524298,"1"},
- {"given-name",1814061058,"PrintableString"},
- {0,1073745928,"1"},
- {"ub-given-name-length",524298,"1"},
- {"initials",1814061058,"PrintableString"},
- {0,1073745928,"2"},
- {"ub-initials-length",524298,"1"},
- {"generation-qualifier",740319234,"PrintableString"},
- {0,1073745928,"3"},
- {"ub-generation-qualifier-length",524298,"1"},
- {"OrganizationalUnitNames",1612709899,0},
- {"ub-organizational-units",1074266122,"1"},
- {0,2,"OrganizationalUnitName"},
- {"OrganizationalUnitName",1612709890,"PrintableString"},
- {"ub-organizational-unit-name-length",524298,"1"},
- {"BuiltInDomainDefinedAttributes",1612709899,0},
- {"ub-domain-defined-attributes",1074266122,"1"},
- {0,2,"BuiltInDomainDefinedAttribute"},
- {"BuiltInDomainDefinedAttribute",1610612741,0},
- {"type",1612709890,"PrintableString"},
- {"ub-domain-defined-attribute-type-length",524298,"1"},
- {"value",538968066,"PrintableString"},
- {"ub-domain-defined-attribute-value-length",524298,"1"},
- {"ExtensionAttributes",1612709903,0},
- {"ub-extension-attributes",1074266122,"1"},
- {0,2,"ExtensionAttribute"},
- {"ExtensionAttribute",1610612741,0},
- {"extension-attribute-type",1611145219,0},
- {0,1073743880,"0"},
- {"0",10,"ub-extension-attributes"},
- {"extension-attribute-value",541073421,0},
- {0,1073743880,"1"},
- {"extension-attribute-type",1,0},
- {"common-name",1342177283,"1"},
- {"CommonName",1612709890,"PrintableString"},
- {"ub-common-name-length",524298,"1"},
- {"teletex-common-name",1342177283,"2"},
- {"TeletexCommonName",1612709890,"TeletexString"},
- {"ub-common-name-length",524298,"1"},
- {"teletex-organization-name",1342177283,"3"},
- {"TeletexOrganizationName",1612709890,"TeletexString"},
- {"ub-organization-name-length",524298,"1"},
- {"teletex-personal-name",1342177283,"4"},
- {"TeletexPersonalName",1610612750,0},
- {"surname",1814044674,"TeletexString"},
- {0,1073743880,"0"},
- {"ub-surname-length",524298,"1"},
- {"given-name",1814061058,"TeletexString"},
- {0,1073743880,"1"},
- {"ub-given-name-length",524298,"1"},
- {"initials",1814061058,"TeletexString"},
- {0,1073743880,"2"},
- {"ub-initials-length",524298,"1"},
- {"generation-qualifier",740319234,"TeletexString"},
- {0,1073743880,"3"},
- {"ub-generation-qualifier-length",524298,"1"},
- {"teletex-organizational-unit-names",1342177283,"5"},
- {"TeletexOrganizationalUnitNames",1612709899,0},
- {"ub-organizational-units",1074266122,"1"},
- {0,2,"TeletexOrganizationalUnitName"},
- {"TeletexOrganizationalUnitName",1612709890,"TeletexString"},
- {"ub-organizational-unit-name-length",524298,"1"},
- {"pds-name",1342177283,"7"},
- {"PDSName",1612709890,"PrintableString"},
- {"ub-pds-name-length",524298,"1"},
- {"physical-delivery-country-name",1342177283,"8"},
- {"PhysicalDeliveryCountryName",1610612754,0},
- {"x121-dcc-code",1612709890,"NumericString"},
- {0,1048586,"ub-country-name-numeric-length"},
- {"iso-3166-alpha2-code",538968066,"PrintableString"},
- {0,1048586,"ub-country-name-alpha-length"},
- {"postal-code",1342177283,"9"},
- {"PostalCode",1610612754,0},
- {"numeric-code",1612709890,"NumericString"},
- {"ub-postal-code-length",524298,"1"},
- {"printable-code",538968066,"PrintableString"},
- {"ub-postal-code-length",524298,"1"},
- {"physical-delivery-office-name",1342177283,"10"},
- {"PhysicalDeliveryOfficeName",1073741826,"PDSParameter"},
- {"physical-delivery-office-number",1342177283,"11"},
- {"PhysicalDeliveryOfficeNumber",1073741826,"PDSParameter"},
- {"extension-OR-address-components",1342177283,"12"},
- {"ExtensionORAddressComponents",1073741826,"PDSParameter"},
- {"physical-delivery-personal-name",1342177283,"13"},
- {"PhysicalDeliveryPersonalName",1073741826,"PDSParameter"},
- {"physical-delivery-organization-name",1342177283,"14"},
- {"PhysicalDeliveryOrganizationName",1073741826,"PDSParameter"},
- {"extension-physical-delivery-address-components",1342177283,"15"},
- {"ExtensionPhysicalDeliveryAddressComponents",1073741826,"PDSParameter"},
- {"unformatted-postal-address",1342177283,"16"},
- {"UnformattedPostalAddress",1610612750,0},
- {"printable-address",1814052875,0},
- {"ub-pds-physical-address-lines",1074266122,"1"},
- {0,538968066,"PrintableString"},
- {"ub-pds-parameter-length",524298,"1"},
- {"teletex-string",740311042,"TeletexString"},
- {"ub-unformatted-address-length",524298,"1"},
- {"street-address",1342177283,"17"},
- {"StreetAddress",1073741826,"PDSParameter"},
- {"post-office-box-address",1342177283,"18"},
- {"PostOfficeBoxAddress",1073741826,"PDSParameter"},
- {"poste-restante-address",1342177283,"19"},
- {"PosteRestanteAddress",1073741826,"PDSParameter"},
- {"unique-postal-name",1342177283,"20"},
- {"UniquePostalName",1073741826,"PDSParameter"},
- {"local-postal-attributes",1342177283,"21"},
- {"LocalPostalAttributes",1073741826,"PDSParameter"},
- {"PDSParameter",1610612750,0},
- {"printable-string",1814052866,"PrintableString"},
- {"ub-pds-parameter-length",524298,"1"},
- {"teletex-string",740311042,"TeletexString"},
- {"ub-pds-parameter-length",524298,"1"},
- {"extended-network-address",1342177283,"22"},
- {"ExtendedNetworkAddress",1610612754,0},
- {"e163-4-address",1610612741,0},
- {"number",1612718082,"NumericString"},
- {0,1073743880,"0"},
- {"ub-e163-4-number-length",524298,"1"},
- {"sub-address",538992642,"NumericString"},
- {0,1073743880,"1"},
- {"ub-e163-4-sub-address-length",524298,"1"},
- {"psap-address",536879106,"PresentationAddress"},
- {0,2056,"0"},
- {"PresentationAddress",1610612741,0},
- {"pSelector",1610637319,0},
- {0,2056,"0"},
- {"sSelector",1610637319,0},
- {0,2056,"1"},
- {"tSelector",1610637319,0},
- {0,2056,"2"},
- {"nAddresses",538976271,0},
- {0,1073743880,"3"},
- {"MAX",1074266122,"1"},
- {0,7,0},
- {"terminal-type",1342177283,"23"},
- {"TerminalType",1610874883,0},
- {"telex",1073741825,"3"},
- {"teletex",1073741825,"4"},
- {"g3-facsimile",1073741825,"5"},
- {"g4-facsimile",1073741825,"6"},
- {"ia5-terminal",1073741825,"7"},
- {"videotex",1,"8"},
- {"teletex-domain-defined-attributes",1342177283,"6"},
- {"TeletexDomainDefinedAttributes",1612709899,0},
- {"ub-domain-defined-attributes",1074266122,"1"},
- {0,2,"TeletexDomainDefinedAttribute"},
- {"TeletexDomainDefinedAttribute",1610612741,0},
- {"type",1612709890,"TeletexString"},
- {"ub-domain-defined-attribute-type-length",524298,"1"},
- {"value",538968066,"TeletexString"},
- {"ub-domain-defined-attribute-value-length",524298,"1"},
- {"ub-name",1342177283,"32768"},
- {"ub-common-name",1342177283,"64"},
- {"ub-locality-name",1342177283,"128"},
- {"ub-state-name",1342177283,"128"},
- {"ub-organization-name",1342177283,"64"},
- {"ub-organizational-unit-name",1342177283,"64"},
- {"ub-title",1342177283,"64"},
- {"ub-match",1342177283,"128"},
- {"ub-emailaddress-length",1342177283,"128"},
- {"ub-common-name-length",1342177283,"64"},
- {"ub-country-name-alpha-length",1342177283,"2"},
- {"ub-country-name-numeric-length",1342177283,"3"},
- {"ub-domain-defined-attributes",1342177283,"4"},
- {"ub-domain-defined-attribute-type-length",1342177283,"8"},
- {"ub-domain-defined-attribute-value-length",1342177283,"128"},
- {"ub-domain-name-length",1342177283,"16"},
- {"ub-extension-attributes",1342177283,"256"},
- {"ub-e163-4-number-length",1342177283,"15"},
- {"ub-e163-4-sub-address-length",1342177283,"40"},
- {"ub-generation-qualifier-length",1342177283,"3"},
- {"ub-given-name-length",1342177283,"16"},
- {"ub-initials-length",1342177283,"5"},
- {"ub-integer-options",1342177283,"256"},
- {"ub-numeric-user-id-length",1342177283,"32"},
- {"ub-organization-name-length",1342177283,"64"},
- {"ub-organizational-unit-name-length",1342177283,"32"},
- {"ub-organizational-units",1342177283,"4"},
- {"ub-pds-name-length",1342177283,"16"},
- {"ub-pds-parameter-length",1342177283,"30"},
- {"ub-pds-physical-address-lines",1342177283,"6"},
- {"ub-postal-code-length",1342177283,"16"},
- {"ub-surname-length",1342177283,"40"},
- {"ub-terminal-id-length",1342177283,"24"},
- {"ub-unformatted-address-length",1342177283,"180"},
- {"ub-x121-address-length",1342177283,"16"},
- {"pkcs-7-ContentInfo",1610612741,0},
- {"contentType",1073741826,"pkcs-7-ContentType"},
- {"content",541073421,0},
- {0,1073743880,"0"},
- {"contentType",1,0},
- {"pkcs-7-DigestInfo",1610612741,0},
- {"digestAlgorithm",1073741826,"pkcs-7-DigestAlgorithmIdentifier"},
- {"digest",2,"pkcs-7-Digest"},
- {"pkcs-7-Digest",1073741831,0},
- {"pkcs-7-ContentType",1073741836,0},
- {"pkcs-7-SignedData",1610612741,0},
- {"version",1073741826,"pkcs-7-CMSVersion"},
- {"digestAlgorithms",1073741826,"pkcs-7-DigestAlgorithmIdentifiers"},
- {"encapContentInfo",1073741826,"pkcs-7-EncapsulatedContentInfo"},
- {"certificates",1610637314,"pkcs-7-CertificateSet"},
- {0,4104,"0"},
- {"crls",1610637314,"pkcs-7-CertificateRevocationLists"},
- {0,4104,"1"},
- {"signerInfos",2,"pkcs-7-SignerInfos"},
- {"pkcs-7-CMSVersion",1610874883,0},
- {"v0",1073741825,"0"},
- {"v1",1073741825,"1"},
- {"v2",1073741825,"2"},
- {"v3",1073741825,"3"},
- {"v4",1,"4"},
- {"pkcs-7-DigestAlgorithmIdentifiers",1610612751,0},
- {0,2,"pkcs-7-DigestAlgorithmIdentifier"},
- {"pkcs-7-DigestAlgorithmIdentifier",1073741826,"AlgorithmIdentifier"},
- {"pkcs-7-EncapsulatedContentInfo",1610612741,0},
- {"eContentType",1073741826,"pkcs-7-ContentType"},
- {"eContent",536895495,0},
- {0,2056,"0"},
- {"pkcs-7-CertificateRevocationLists",1610612751,0},
- {0,13,0},
- {"pkcs-7-CertificateChoices",1610612754,0},
- {"certificate",13,0},
- {"pkcs-7-CertificateSet",1610612751,0},
- {0,2,"pkcs-7-CertificateChoices"},
- {"pkcs-7-SignerInfos",1610612751,0},
- {0,13,0},
- {"pkcs-10-CertificationRequestInfo",1610612741,0},
- {"version",1610874883,0},
- {"v1",1,"0"},
- {"subject",1073741826,"Name"},
- {"subjectPKInfo",1073741826,"SubjectPublicKeyInfo"},
- {"attributes",536879106,"Attributes"},
- {0,4104,"0"},
- {"Attributes",1610612751,0},
- {0,2,"Attribute"},
- {"pkcs-10-CertificationRequest",1610612741,0},
- {"certificationRequestInfo",1073741826,"pkcs-10-CertificationRequestInfo"},
- {"signatureAlgorithm",1073741826,"AlgorithmIdentifier"},
- {"signature",6,0},
- {"pkcs-9-ub-challengePassword",1342177283,"255"},
- {"pkcs-9-certTypes",1879048204,0},
- {0,1073741825,"pkcs-9"},
- {0,1,"22"},
- {"pkcs-9-crlTypes",1879048204,0},
- {0,1073741825,"pkcs-9"},
- {0,1,"23"},
- {"pkcs-9-at-challengePassword",1879048204,0},
- {0,1073741825,"pkcs-9"},
- {0,1,"7"},
- {"pkcs-9-challengePassword",1610612754,0},
- {"printableString",1612709890,"PrintableString"},
- {"pkcs-9-ub-challengePassword",524298,"1"},
- {"utf8String",538968066,"UTF8String"},
- {"pkcs-9-ub-challengePassword",524298,"1"},
- {"pkcs-9-at-localKeyId",1879048204,0},
- {0,1073741825,"pkcs-9"},
- {0,1,"21"},
- {"pkcs-9-localKeyId",1073741831,0},
- {"pkcs-9-at-friendlyName",1879048204,0},
- {0,1073741825,"pkcs-9"},
- {0,1,"20"},
- {"pkcs-9-friendlyName",1612709890,"BMPString"},
- {"255",524298,"1"},
- {"pkcs-8-PrivateKeyInfo",1610612741,0},
- {"version",1073741826,"pkcs-8-Version"},
- {"privateKeyAlgorithm",1073741826,"AlgorithmIdentifier"},
- {"privateKey",1073741826,"pkcs-8-PrivateKey"},
- {"attributes",536895490,"Attributes"},
- {0,4104,"0"},
- {"pkcs-8-Version",1610874883,0},
- {"v1",1,"0"},
- {"pkcs-8-PrivateKey",1073741831,0},
- {"pkcs-8-Attributes",1610612751,0},
- {0,2,"Attribute"},
- {"pkcs-8-EncryptedPrivateKeyInfo",1610612741,0},
- {"encryptionAlgorithm",1073741826,"AlgorithmIdentifier"},
- {"encryptedData",2,"pkcs-8-EncryptedData"},
- {"pkcs-8-EncryptedData",1073741831,0},
- {"pkcs-5",1879048204,0},
- {0,1073741825,"pkcs"},
- {0,1,"5"},
- {"pkcs-5-encryptionAlgorithm",1879048204,0},
- {"iso",1073741825,"1"},
- {"member-body",1073741825,"2"},
- {"us",1073741825,"840"},
- {"rsadsi",1073741825,"113549"},
- {0,1,"3"},
- {"pkcs-5-des-EDE3-CBC",1879048204,0},
- {0,1073741825,"pkcs-5-encryptionAlgorithm"},
- {0,1,"7"},
- {"pkcs-5-des-EDE3-CBC-params",1612709895,0},
- {0,1048586,"8"},
- {"pkcs-5-id-PBES2",1879048204,0},
- {0,1073741825,"pkcs-5"},
- {0,1,"13"},
- {"pkcs-5-PBES2-params",1610612741,0},
- {"keyDerivationFunc",1073741826,"AlgorithmIdentifier"},
- {"encryptionScheme",2,"AlgorithmIdentifier"},
- {"pkcs-5-id-PBKDF2",1879048204,0},
- {0,1073741825,"pkcs-5"},
- {0,1,"12"},
- {"pkcs-5-PBKDF2-params",1610612741,0},
- {"salt",1610612754,0},
- {"specified",1073741831,0},
- {"otherSource",2,"AlgorithmIdentifier"},
- {"iterationCount",1611137027,0},
- {"1",10,"MAX"},
- {"keyLength",1611153411,0},
- {"1",10,"MAX"},
- {"prf",16386,"AlgorithmIdentifier"},
- {"pkcs-12",1879048204,0},
- {0,1073741825,"pkcs"},
- {0,1,"12"},
- {"pkcs-12-PFX",1610612741,0},
- {"version",1610874883,0},
- {"v3",1,"3"},
- {"authSafe",1073741826,"pkcs-7-ContentInfo"},
- {"macData",16386,"pkcs-12-MacData"},
- {"pkcs-12-PbeParams",1610612741,0},
- {"salt",1073741831,0},
- {"iterations",3,0},
- {"pkcs-12-MacData",1610612741,0},
- {"mac",1073741826,"pkcs-7-DigestInfo"},
- {"macSalt",1073741831,0},
- {"iterations",536903683,0},
- {0,9,"1"},
- {"pkcs-12-AuthenticatedSafe",1610612747,0},
- {0,2,"pkcs-7-ContentInfo"},
- {"pkcs-12-SafeContents",1610612747,0},
- {0,2,"pkcs-12-SafeBag"},
- {"pkcs-12-SafeBag",1610612741,0},
- {"bagId",1073741836,0},
- {"bagValue",1614815245,0},
- {0,1073743880,"0"},
- {"badId",1,0},
- {"bagAttributes",536887311,0},
- {0,2,"pkcs-12-PKCS12Attribute"},
- {"pkcs-12-bagtypes",1879048204,0},
- {0,1073741825,"pkcs-12"},
- {0,1073741825,"10"},
- {0,1,"1"},
- {"pkcs-12-keyBag",1879048204,0},
- {0,1073741825,"pkcs-12-bagtypes"},
- {0,1,"1"},
- {"pkcs-12-pkcs8ShroudedKeyBag",1879048204,0},
- {0,1073741825,"pkcs-12-bagtypes"},
- {0,1,"2"},
- {"pkcs-12-certBag",1879048204,0},
- {0,1073741825,"pkcs-12-bagtypes"},
- {0,1,"3"},
- {"pkcs-12-crlBag",1879048204,0},
- {0,1073741825,"pkcs-12-bagtypes"},
- {0,1,"4"},
- {"pkcs-12-KeyBag",1073741826,"pkcs-8-PrivateKeyInfo"},
- {"pkcs-12-PKCS8ShroudedKeyBag",1073741826,"pkcs-8-EncryptedPrivateKeyInfo"},
- {"pkcs-12-CertBag",1610612741,0},
- {"certId",1073741836,0},
- {"certValue",541073421,0},
- {0,1073743880,"0"},
- {"certId",1,0},
- {"pkcs-12-CRLBag",1610612741,0},
- {"crlId",1073741836,0},
- {"crlValue",541073421,0},
- {0,1073743880,"0"},
- {"crlId",1,0},
- {"pkcs-12-PKCS12Attribute",1073741826,"Attribute"},
- {"pkcs-7-data",1879048204,0},
- {"iso",1073741825,"1"},
- {"member-body",1073741825,"2"},
- {"us",1073741825,"840"},
- {"rsadsi",1073741825,"113549"},
- {"pkcs",1073741825,"1"},
- {"pkcs7",1073741825,"7"},
- {0,1,"1"},
- {"pkcs-7-encryptedData",1879048204,0},
- {"iso",1073741825,"1"},
- {"member-body",1073741825,"2"},
- {"us",1073741825,"840"},
- {"rsadsi",1073741825,"113549"},
- {"pkcs",1073741825,"1"},
- {"pkcs7",1073741825,"7"},
- {0,1,"6"},
- {"pkcs-7-Data",1073741831,0},
- {"pkcs-7-EncryptedData",1610612741,0},
- {"version",1073741826,"pkcs-7-CMSVersion"},
- {"encryptedContentInfo",1073741826,"pkcs-7-EncryptedContentInfo"},
- {"unprotectedAttrs",536895490,"pkcs-7-UnprotectedAttributes"},
- {0,4104,"1"},
- {"pkcs-7-EncryptedContentInfo",1610612741,0},
- {"contentType",1073741826,"pkcs-7-ContentType"},
- {"contentEncryptionAlgorithm",1073741826,"pkcs-7-ContentEncryptionAlgorithmIdentifier"},
- {"encryptedContent",536895490,"pkcs-7-EncryptedContent"},
- {0,4104,"0"},
- {"pkcs-7-ContentEncryptionAlgorithmIdentifier",1073741826,"AlgorithmIdentifier"},
- {"pkcs-7-EncryptedContent",1073741831,0},
- {"pkcs-7-UnprotectedAttributes",1612709903,0},
- {"MAX",1074266122,"1"},
- {0,2,"Attribute"},
- {"id-at-ldap-DC",1880096780,"AttributeType"},
- {0,1073741825,"0"},
- {0,1073741825,"9"},
- {0,1073741825,"2342"},
- {0,1073741825,"19200300"},
- {0,1073741825,"100"},
- {0,1073741825,"1"},
- {0,1,"25"},
- {"ldap-DC",1073741826,"IA5String"},
- {"id-at-ldap-UID",1880096780,"AttributeType"},
- {0,1073741825,"0"},
- {0,1073741825,"9"},
- {0,1073741825,"2342"},
- {0,1073741825,"19200300"},
- {0,1073741825,"100"},
- {0,1073741825,"1"},
- {0,1,"1"},
- {"ldap-UID",1073741826,"IA5String"},
- {"id-pda",1879048204,0},
- {0,1073741825,"id-pkix"},
- {0,1,"9"},
- {"id-pda-dateOfBirth",1880096780,"AttributeType"},
- {0,1073741825,"id-pda"},
- {0,1,"1"},
- {"DateOfBirth",1082130449,0},
- {"id-pda-placeOfBirth",1880096780,"AttributeType"},
- {0,1073741825,"id-pda"},
- {0,1,"2"},
- {"PlaceOfBirth",1073741826,"DirectoryString"},
- {"id-pda-gender",1880096780,"AttributeType"},
- {0,1073741825,"id-pda"},
- {0,1,"3"},
- {"Gender",1612709890,"PrintableString"},
- {0,1048586,"1"},
- {"id-pda-countryOfCitizenship",1880096780,"AttributeType"},
- {0,1073741825,"id-pda"},
- {0,1,"4"},
- {"CountryOfCitizenship",1612709890,"PrintableString"},
- {0,1048586,"2"},
- {"id-pda-countryOfResidence",1880096780,"AttributeType"},
- {0,1073741825,"id-pda"},
- {0,1,"5"},
- {"CountryOfResidence",538968066,"PrintableString"},
- {0,1048586,"2"},
- {0,0,0}
+const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
+ {"PKIX1", 536875024, 0},
+ {0, 1073741836, 0},
+ {"id-ce", 1879048204, 0},
+ {"joint-iso-ccitt", 1073741825, "2"},
+ {"ds", 1073741825, "5"},
+ {0, 1, "29"},
+ {"id-ce-authorityKeyIdentifier", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "35"},
+ {"AuthorityKeyIdentifier", 1610612741, 0},
+ {"keyIdentifier", 1610637314, "KeyIdentifier"},
+ {0, 4104, "0"},
+ {"authorityCertIssuer", 1610637314, "GeneralNames"},
+ {0, 4104, "1"},
+ {"authorityCertSerialNumber", 536895490, "CertificateSerialNumber"},
+ {0, 4104, "2"},
+ {"KeyIdentifier", 1073741831, 0},
+ {"id-ce-subjectKeyIdentifier", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "14"},
+ {"SubjectKeyIdentifier", 1073741826, "KeyIdentifier"},
+ {"id-ce-keyUsage", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "15"},
+ {"KeyUsage", 1610874886, 0},
+ {"digitalSignature", 1073741825, "0"},
+ {"nonRepudiation", 1073741825, "1"},
+ {"keyEncipherment", 1073741825, "2"},
+ {"dataEncipherment", 1073741825, "3"},
+ {"keyAgreement", 1073741825, "4"},
+ {"keyCertSign", 1073741825, "5"},
+ {"cRLSign", 1073741825, "6"},
+ {"encipherOnly", 1073741825, "7"},
+ {"decipherOnly", 1, "8"},
+ {"id-ce-privateKeyUsagePeriod", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "16"},
+ {"PrivateKeyUsagePeriod", 1610612741, 0},
+ {"notBefore", 1619025937, 0},
+ {0, 4104, "0"},
+ {"notAfter", 545284113, 0},
+ {0, 4104, "1"},
+ {"id-ce-certificatePolicies", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "32"},
+ {"CertificatePolicies", 1612709899, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "PolicyInformation"},
+ {"PolicyInformation", 1610612741, 0},
+ {"policyIdentifier", 1073741826, "CertPolicyId"},
+ {"policyQualifiers", 538984459, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "PolicyQualifierInfo"},
+ {"CertPolicyId", 1073741836, 0},
+ {"PolicyQualifierInfo", 1610612741, 0},
+ {"policyQualifierId", 1073741826, "PolicyQualifierId"},
+ {"qualifier", 541065229, 0},
+ {"policyQualifierId", 1, 0},
+ {"PolicyQualifierId", 1073741836, 0},
+ {"CPSuri", 1073741826, "IA5String"},
+ {"UserNotice", 1610612741, 0},
+ {"noticeRef", 1073758210, "NoticeReference"},
+ {"explicitText", 16386, "DisplayText"},
+ {"NoticeReference", 1610612741, 0},
+ {"organization", 1073741826, "DisplayText"},
+ {"noticeNumbers", 536870923, 0},
+ {0, 3, 0},
+ {"DisplayText", 1610612754, 0},
+ {"visibleString", 1612709890, "VisibleString"},
+ {"200", 524298, "1"},
+ {"bmpString", 1612709890, "BMPString"},
+ {"200", 524298, "1"},
+ {"utf8String", 538968066, "UTF8String"},
+ {"200", 524298, "1"},
+ {"id-ce-policyMappings", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "33"},
+ {"PolicyMappings", 1612709899, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 536870917, 0},
+ {"issuerDomainPolicy", 1073741826, "CertPolicyId"},
+ {"subjectDomainPolicy", 2, "CertPolicyId"},
+ {"DirectoryString", 1610612754, 0},
+ {"teletexString", 1612709890, "TeletexString"},
+ {"MAX", 524298, "1"},
+ {"printableString", 1612709890, "PrintableString"},
+ {"MAX", 524298, "1"},
+ {"universalString", 1612709890, "UniversalString"},
+ {"MAX", 524298, "1"},
+ {"utf8String", 1612709890, "UTF8String"},
+ {"MAX", 524298, "1"},
+ {"bmpString", 538968066, "BMPString"},
+ {"MAX", 524298, "1"},
+ {"id-ce-subjectAltName", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "17"},
+ {"SubjectAltName", 1073741826, "GeneralNames"},
+ {"GeneralNames", 1612709899, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "GeneralName"},
+ {"GeneralName", 1610612754, 0},
+ {"otherName", 1610620930, "AnotherName"},
+ {0, 4104, "0"},
+ {"rfc822Name", 1610620930, "IA5String"},
+ {0, 4104, "1"},
+ {"dNSName", 1610620930, "IA5String"},
+ {0, 4104, "2"},
+ {"x400Address", 1610620930, "ORAddress"},
+ {0, 4104, "3"},
+ {"directoryName", 1610620930, "Name"},
+ {0, 4104, "4"},
+ {"ediPartyName", 1610620930, "EDIPartyName"},
+ {0, 4104, "5"},
+ {"uniformResourceIdentifier", 1610620930, "IA5String"},
+ {0, 4104, "6"},
+ {"iPAddress", 1610620935, 0},
+ {0, 4104, "7"},
+ {"registeredID", 536879116, 0},
+ {0, 4104, "8"},
+ {"AnotherName", 1610612741, 0},
+ {"type-id", 1073741836, 0},
+ {"value", 541073421, 0},
+ {0, 1073743880, "0"},
+ {"type-id", 1, 0},
+ {"EDIPartyName", 1610612741, 0},
+ {"nameAssigner", 1610637314, "DirectoryString"},
+ {0, 4104, "0"},
+ {"partyName", 536879106, "DirectoryString"},
+ {0, 4104, "1"},
+ {"id-ce-issuerAltName", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "18"},
+ {"IssuerAltName", 1073741826, "GeneralNames"},
+ {"id-ce-subjectDirectoryAttributes", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "9"},
+ {"SubjectDirectoryAttributes", 1612709899, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "Attribute"},
+ {"id-ce-basicConstraints", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "19"},
+ {"BasicConstraints", 1610612741, 0},
+ {"cA", 1610645508, 0},
+ {0, 131081, 0},
+ {"pathLenConstraint", 537411587, 0},
+ {"0", 10, "MAX"},
+ {"id-ce-nameConstraints", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "30"},
+ {"NameConstraints", 1610612741, 0},
+ {"permittedSubtrees", 1610637314, "GeneralSubtrees"},
+ {0, 4104, "0"},
+ {"excludedSubtrees", 536895490, "GeneralSubtrees"},
+ {0, 4104, "1"},
+ {"GeneralSubtrees", 1612709899, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "GeneralSubtree"},
+ {"GeneralSubtree", 1610612741, 0},
+ {"base", 1073741826, "GeneralName"},
+ {"minimum", 1610653698, "BaseDistance"},
+ {0, 1073741833, "0"},
+ {0, 4104, "0"},
+ {"maximum", 536895490, "BaseDistance"},
+ {0, 4104, "1"},
+ {"BaseDistance", 1611137027, 0},
+ {"0", 10, "MAX"},
+ {"id-ce-policyConstraints", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "36"},
+ {"PolicyConstraints", 1610612741, 0},
+ {"requireExplicitPolicy", 1610637314, "SkipCerts"},
+ {0, 4104, "0"},
+ {"inhibitPolicyMapping", 536895490, "SkipCerts"},
+ {0, 4104, "1"},
+ {"SkipCerts", 1611137027, 0},
+ {"0", 10, "MAX"},
+ {"id-ce-cRLDistributionPoints", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "31"},
+ {"CRLDistributionPoints", 1612709899, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "DistributionPoint"},
+ {"DistributionPoint", 1610612741, 0},
+ {"distributionPoint", 1610637314, "DistributionPointName"},
+ {0, 2056, "0"},
+ {"reasons", 1610637314, "ReasonFlags"},
+ {0, 4104, "1"},
+ {"cRLIssuer", 536895490, "GeneralNames"},
+ {0, 4104, "2"},
+ {"DistributionPointName", 1610612754, 0},
+ {"fullName", 1610620930, "GeneralNames"},
+ {0, 4104, "0"},
+ {"nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"},
+ {0, 4104, "1"},
+ {"ReasonFlags", 1610874886, 0},
+ {"unused", 1073741825, "0"},
+ {"keyCompromise", 1073741825, "1"},
+ {"cACompromise", 1073741825, "2"},
+ {"affiliationChanged", 1073741825, "3"},
+ {"superseded", 1073741825, "4"},
+ {"cessationOfOperation", 1073741825, "5"},
+ {"certificateHold", 1073741825, "6"},
+ {"privilegeWithdrawn", 1073741825, "7"},
+ {"aACompromise", 1, "8"},
+ {"id-ce-extKeyUsage", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "37"},
+ {"ExtKeyUsageSyntax", 1612709899, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "KeyPurposeId"},
+ {"KeyPurposeId", 1073741836, 0},
+ {"id-kp-serverAuth", 1879048204, 0},
+ {0, 1073741825, "id-kp"},
+ {0, 1, "1"},
+ {"id-kp-clientAuth", 1879048204, 0},
+ {0, 1073741825, "id-kp"},
+ {0, 1, "2"},
+ {"id-kp-codeSigning", 1879048204, 0},
+ {0, 1073741825, "id-kp"},
+ {0, 1, "3"},
+ {"id-kp-emailProtection", 1879048204, 0},
+ {0, 1073741825, "id-kp"},
+ {0, 1, "4"},
+ {"id-kp-ipsecEndSystem", 1879048204, 0},
+ {0, 1073741825, "id-kp"},
+ {0, 1, "5"},
+ {"id-kp-ipsecTunnel", 1879048204, 0},
+ {0, 1073741825, "id-kp"},
+ {0, 1, "6"},
+ {"id-kp-ipsecUser", 1879048204, 0},
+ {0, 1073741825, "id-kp"},
+ {0, 1, "7"},
+ {"id-kp-timeStamping", 1879048204, 0},
+ {0, 1073741825, "id-kp"},
+ {0, 1, "8"},
+ {"id-pe-authorityInfoAccess", 1879048204, 0},
+ {0, 1073741825, "id-pe"},
+ {0, 1, "1"},
+ {"AuthorityInfoAccessSyntax", 1612709899, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "AccessDescription"},
+ {"AccessDescription", 1610612741, 0},
+ {"accessMethod", 1073741836, 0},
+ {"accessLocation", 2, "GeneralName"},
+ {"id-ce-cRLNumber", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "20"},
+ {"CRLNumber", 1611137027, 0},
+ {"0", 10, "MAX"},
+ {"id-ce-issuingDistributionPoint", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "28"},
+ {"IssuingDistributionPoint", 1610612741, 0},
+ {"distributionPoint", 1610637314, "DistributionPointName"},
+ {0, 4104, "0"},
+ {"onlyContainsUserCerts", 1610653700, 0},
+ {0, 1073872905, 0},
+ {0, 4104, "1"},
+ {"onlyContainsCACerts", 1610653700, 0},
+ {0, 1073872905, 0},
+ {0, 4104, "2"},
+ {"onlySomeReasons", 1610637314, "ReasonFlags"},
+ {0, 4104, "3"},
+ {"indirectCRL", 536911876, 0},
+ {0, 1073872905, 0},
+ {0, 4104, "4"},
+ {"id-ce-deltaCRLIndicator", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "27"},
+ {"BaseCRLNumber", 1073741826, "CRLNumber"},
+ {"id-ce-cRLReasons", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "21"},
+ {"CRLReason", 1610874901, 0},
+ {"unspecified", 1073741825, "0"},
+ {"keyCompromise", 1073741825, "1"},
+ {"cACompromise", 1073741825, "2"},
+ {"affiliationChanged", 1073741825, "3"},
+ {"superseded", 1073741825, "4"},
+ {"cessationOfOperation", 1073741825, "5"},
+ {"certificateHold", 1073741825, "6"},
+ {"removeFromCRL", 1, "8"},
+ {"id-ce-certificateIssuer", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "29"},
+ {"CertificateIssuer", 1073741826, "GeneralNames"},
+ {"id-ce-holdInstructionCode", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "23"},
+ {"HoldInstructionCode", 1073741836, 0},
+ {"holdInstruction", 1879048204, 0},
+ {"joint-iso-itu-t", 1073741825, "2"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"x9cm", 1073741825, "10040"},
+ {0, 1, "2"},
+ {"id-holdinstruction-none", 1879048204, 0},
+ {0, 1073741825, "holdInstruction"},
+ {0, 1, "1"},
+ {"id-holdinstruction-callissuer", 1879048204, 0},
+ {0, 1073741825, "holdInstruction"},
+ {0, 1, "2"},
+ {"id-holdinstruction-reject", 1879048204, 0},
+ {0, 1073741825, "holdInstruction"},
+ {0, 1, "3"},
+ {"id-ce-invalidityDate", 1879048204, 0},
+ {0, 1073741825, "id-ce"},
+ {0, 1, "24"},
+ {"InvalidityDate", 1082130449, 0},
+ {"VisibleString", 1610620935, 0},
+ {0, 4360, "26"},
+ {"NumericString", 1610620935, 0},
+ {0, 4360, "18"},
+ {"IA5String", 1610620935, 0},
+ {0, 4360, "22"},
+ {"TeletexString", 1610620935, 0},
+ {0, 4360, "20"},
+ {"PrintableString", 1610620935, 0},
+ {0, 4360, "19"},
+ {"UniversalString", 1610620935, 0},
+ {0, 4360, "28"},
+ {"BMPString", 1610620935, 0},
+ {0, 4360, "30"},
+ {"UTF8String", 1610620935, 0},
+ {0, 4360, "12"},
+ {"id-pkix", 1879048204, 0},
+ {"iso", 1073741825, "1"},
+ {"identified-organization", 1073741825, "3"},
+ {"dod", 1073741825, "6"},
+ {"internet", 1073741825, "1"},
+ {"security", 1073741825, "5"},
+ {"mechanisms", 1073741825, "5"},
+ {"pkix", 1, "7"},
+ {"id-pe", 1879048204, 0},
+ {0, 1073741825, "id-pkix"},
+ {0, 1, "1"},
+ {"id-qt", 1879048204, 0},
+ {0, 1073741825, "id-pkix"},
+ {0, 1, "2"},
+ {"id-kp", 1879048204, 0},
+ {0, 1073741825, "id-pkix"},
+ {0, 1, "3"},
+ {"id-ad", 1879048204, 0},
+ {0, 1073741825, "id-pkix"},
+ {0, 1, "48"},
+ {"id-qt-cps", 1879048204, 0},
+ {0, 1073741825, "id-qt"},
+ {0, 1, "1"},
+ {"id-qt-unotice", 1879048204, 0},
+ {0, 1073741825, "id-qt"},
+ {0, 1, "2"},
+ {"id-ad-ocsp", 1879048204, 0},
+ {0, 1073741825, "id-ad"},
+ {0, 1, "1"},
+ {"id-ad-caIssuers", 1879048204, 0},
+ {0, 1073741825, "id-ad"},
+ {0, 1, "2"},
+ {"Attribute", 1610612741, 0},
+ {"type", 1073741826, "AttributeType"},
+ {"values", 536870927, 0},
+ {0, 2, "AttributeValue"},
+ {"AttributeType", 1073741836, 0},
+ {"AttributeValue", 1614807053, 0},
+ {"type", 1, 0},
+ {"AttributeTypeAndValue", 1610612741, 0},
+ {"type", 1073741826, "AttributeType"},
+ {"value", 2, "AttributeValue"},
+ {"id-at", 1879048204, 0},
+ {"joint-iso-ccitt", 1073741825, "2"},
+ {"ds", 1073741825, "5"},
+ {0, 1, "4"},
+ {"id-at-initials", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "43"},
+ {"X520initials", 1073741826, "DirectoryString"},
+ {"id-at-generationQualifier", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "44"},
+ {"X520generationQualifier", 1073741826, "DirectoryString"},
+ {"id-at-surname", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "4"},
+ {"X520surName", 1073741826, "DirectoryString"},
+ {"id-at-givenName", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "42"},
+ {"X520givenName", 1073741826, "DirectoryString"},
+ {"id-at-name", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "41"},
+ {"X520name", 1073741826, "DirectoryString"},
+ {"id-at-commonName", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "3"},
+ {"X520CommonName", 1073741826, "DirectoryString"},
+ {"id-at-localityName", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "7"},
+ {"X520LocalityName", 1073741826, "DirectoryString"},
+ {"id-at-stateOrProvinceName", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "8"},
+ {"X520StateOrProvinceName", 1073741826, "DirectoryString"},
+ {"id-at-organizationName", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "10"},
+ {"X520OrganizationName", 1073741826, "DirectoryString"},
+ {"id-at-organizationalUnitName", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "11"},
+ {"X520OrganizationalUnitName", 1073741826, "DirectoryString"},
+ {"id-at-title", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "12"},
+ {"X520Title", 1073741826, "DirectoryString"},
+ {"id-at-description", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "13"},
+ {"X520Description", 1073741826, "DirectoryString"},
+ {"id-at-dnQualifier", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "46"},
+ {"X520dnQualifier", 1073741826, "PrintableString"},
+ {"id-at-countryName", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "6"},
+ {"X520countryName", 1612709890, "PrintableString"},
+ {0, 1048586, "2"},
+ {"id-at-serialNumber", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "5"},
+ {"X520serialNumber", 1073741826, "PrintableString"},
+ {"id-at-telephoneNumber", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "20"},
+ {"X520telephoneNumber", 1073741826, "PrintableString"},
+ {"id-at-facsimileTelephoneNumber", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "23"},
+ {"X520facsimileTelephoneNumber", 1073741826, "PrintableString"},
+ {"id-at-pseudonym", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "65"},
+ {"X520pseudonym", 1073741826, "DirectoryString"},
+ {"id-at-name", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "41"},
+ {"X520name", 1073741826, "DirectoryString"},
+ {"id-at-streetAddress", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "9"},
+ {"X520streetAddress", 1073741826, "DirectoryString"},
+ {"id-at-postalAddress", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-at"},
+ {0, 1, "16"},
+ {"X520postalAddress", 1073741826, "PostalAddress"},
+ {"PostalAddress", 1610612747, 0},
+ {0, 2, "DirectoryString"},
+ {"pkcs", 1879048204, 0},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"rsadsi", 1073741825, "113549"},
+ {"pkcs", 1, "1"},
+ {"pkcs-9", 1879048204, 0},
+ {0, 1073741825, "pkcs"},
+ {0, 1, "9"},
+ {"emailAddress", 1880096780, "AttributeType"},
+ {0, 1073741825, "pkcs-9"},
+ {0, 1, "1"},
+ {"Pkcs9email", 1612709890, "IA5String"},
+ {"ub-emailaddress-length", 524298, "1"},
+ {"Name", 1610612754, 0},
+ {"rdnSequence", 2, "RDNSequence"},
+ {"RDNSequence", 1610612747, 0},
+ {0, 2, "RelativeDistinguishedName"},
+ {"DistinguishedName", 1073741826, "RDNSequence"},
+ {"RelativeDistinguishedName", 1612709903, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "AttributeTypeAndValue"},
+ {"Certificate", 1610612741, 0},
+ {"tbsCertificate", 1073741826, "TBSCertificate"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 6, 0},
+ {"TBSCertificate", 1610612741, 0},
+ {"version", 1610653698, "Version"},
+ {0, 1073741833, "v1"},
+ {0, 2056, "0"},
+ {"serialNumber", 1073741826, "CertificateSerialNumber"},
+ {"signature", 1073741826, "AlgorithmIdentifier"},
+ {"issuer", 1073741826, "Name"},
+ {"validity", 1073741826, "Validity"},
+ {"subject", 1073741826, "Name"},
+ {"subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"},
+ {"issuerUniqueID", 1610637314, "UniqueIdentifier"},
+ {0, 4104, "1"},
+ {"subjectUniqueID", 1610637314, "UniqueIdentifier"},
+ {0, 4104, "2"},
+ {"extensions", 536895490, "Extensions"},
+ {0, 2056, "3"},
+ {"Version", 1610874883, 0},
+ {"v1", 1073741825, "0"},
+ {"v2", 1073741825, "1"},
+ {"v3", 1, "2"},
+ {"CertificateSerialNumber", 1073741827, 0},
+ {"Validity", 1610612741, 0},
+ {"notBefore", 1073741826, "Time"},
+ {"notAfter", 2, "Time"},
+ {"Time", 1610612754, 0},
+ {"utcTime", 1090519057, 0},
+ {"generalTime", 8388625, 0},
+ {"UniqueIdentifier", 1073741830, 0},
+ {"SubjectPublicKeyInfo", 1610612741, 0},
+ {"algorithm", 1073741826, "AlgorithmIdentifier"},
+ {"subjectPublicKey", 6, 0},
+ {"Extensions", 1612709899, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "Extension"},
+ {"Extension", 1610612741, 0},
+ {"extnID", 1073741836, 0},
+ {"critical", 1610645508, 0},
+ {0, 131081, 0},
+ {"extnValue", 7, 0},
+ {"CertificateList", 1610612741, 0},
+ {"tbsCertList", 1073741826, "TBSCertList"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 6, 0},
+ {"TBSCertList", 1610612741, 0},
+ {"version", 1073758210, "Version"},
+ {"signature", 1073741826, "AlgorithmIdentifier"},
+ {"issuer", 1073741826, "Name"},
+ {"thisUpdate", 1073741826, "Time"},
+ {"nextUpdate", 1073758210, "Time"},
+ {"revokedCertificates", 1610629131, 0},
+ {0, 536870917, 0},
+ {"userCertificate", 1073741826, "CertificateSerialNumber"},
+ {"revocationDate", 1073741826, "Time"},
+ {"crlEntryExtensions", 16386, "Extensions"},
+ {"crlExtensions", 536895490, "Extensions"},
+ {0, 2056, "0"},
+ {"AlgorithmIdentifier", 1610612741, 0},
+ {"algorithm", 1073741836, 0},
+ {"parameters", 541081613, 0},
+ {"algorithm", 1, 0},
+ {"pkcs-1", 1879048204, 0},
+ {0, 1073741825, "pkcs"},
+ {0, 1, "1"},
+ {"rsaEncryption", 1879048204, 0},
+ {0, 1073741825, "pkcs-1"},
+ {0, 1, "1"},
+ {"md2WithRSAEncryption", 1879048204, 0},
+ {0, 1073741825, "pkcs-1"},
+ {0, 1, "2"},
+ {"md5WithRSAEncryption", 1879048204, 0},
+ {0, 1073741825, "pkcs-1"},
+ {0, 1, "4"},
+ {"sha1WithRSAEncryption", 1879048204, 0},
+ {0, 1073741825, "pkcs-1"},
+ {0, 1, "5"},
+ {"id-dsa-with-sha1", 1879048204, 0},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"x9-57", 1073741825, "10040"},
+ {"x9algorithm", 1073741825, "4"},
+ {0, 1, "3"},
+ {"Dss-Sig-Value", 1610612741, 0},
+ {"r", 1073741827, 0},
+ {"s", 3, 0},
+ {"dhpublicnumber", 1879048204, 0},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"ansi-x942", 1073741825, "10046"},
+ {"number-type", 1073741825, "2"},
+ {0, 1, "1"},
+ {"DomainParameters", 1610612741, 0},
+ {"p", 1073741827, 0},
+ {"g", 1073741827, 0},
+ {"q", 1073741827, 0},
+ {"j", 1073758211, 0},
+ {"validationParms", 16386, "ValidationParms"},
+ {"ValidationParms", 1610612741, 0},
+ {"seed", 1073741830, 0},
+ {"pgenCounter", 3, 0},
+ {"id-dsa", 1879048204, 0},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"x9-57", 1073741825, "10040"},
+ {"x9algorithm", 1073741825, "4"},
+ {0, 1, "1"},
+ {"Dss-Parms", 1610612741, 0},
+ {"p", 1073741827, 0},
+ {"q", 1073741827, 0},
+ {"g", 3, 0},
+ {"ORAddress", 1610612741, 0},
+ {"built-in-standard-attributes", 1073741826,
+ "BuiltInStandardAttributes"},
+ {"built-in-domain-defined-attributes", 1073758210,
+ "BuiltInDomainDefinedAttributes"},
+ {"extension-attributes", 16386, "ExtensionAttributes"},
+ {"BuiltInStandardAttributes", 1610612741, 0},
+ {"country-name", 1073758210, "CountryName"},
+ {"administration-domain-name", 1073758210, "AdministrationDomainName"},
+ {"network-address", 1610637314, "NetworkAddress"},
+ {0, 2056, "0"},
+ {"terminal-identifier", 1610637314, "TerminalIdentifier"},
+ {0, 2056, "1"},
+ {"private-domain-name", 1610637314, "PrivateDomainName"},
+ {0, 2056, "2"},
+ {"organization-name", 1610637314, "OrganizationName"},
+ {0, 2056, "3"},
+ {"numeric-user-identifier", 1610637314, "NumericUserIdentifier"},
+ {0, 2056, "4"},
+ {"personal-name", 1610637314, "PersonalName"},
+ {0, 2056, "5"},
+ {"organizational-unit-names", 536895490, "OrganizationalUnitNames"},
+ {0, 2056, "6"},
+ {"CountryName", 1610620946, 0},
+ {0, 1073746952, "1"},
+ {"x121-dcc-code", 1612709890, "NumericString"},
+ {0, 1048586, "ub-country-name-numeric-length"},
+ {"iso-3166-alpha2-code", 538968066, "PrintableString"},
+ {0, 1048586, "ub-country-name-alpha-length"},
+ {"AdministrationDomainName", 1610620946, 0},
+ {0, 1073744904, "2"},
+ {"numeric", 1612709890, "NumericString"},
+ {"ub-domain-name-length", 524298, "0"},
+ {"printable", 538968066, "PrintableString"},
+ {"ub-domain-name-length", 524298, "0"},
+ {"NetworkAddress", 1073741826, "X121Address"},
+ {"X121Address", 1612709890, "NumericString"},
+ {"ub-x121-address-length", 524298, "1"},
+ {"TerminalIdentifier", 1612709890, "PrintableString"},
+ {"ub-terminal-id-length", 524298, "1"},
+ {"PrivateDomainName", 1610612754, 0},
+ {"numeric", 1612709890, "NumericString"},
+ {"ub-domain-name-length", 524298, "1"},
+ {"printable", 538968066, "PrintableString"},
+ {"ub-domain-name-length", 524298, "1"},
+ {"OrganizationName", 1612709890, "PrintableString"},
+ {"ub-organization-name-length", 524298, "1"},
+ {"NumericUserIdentifier", 1612709890, "NumericString"},
+ {"ub-numeric-user-id-length", 524298, "1"},
+ {"PersonalName", 1610612750, 0},
+ {"surname", 1814044674, "PrintableString"},
+ {0, 1073745928, "0"},
+ {"ub-surname-length", 524298, "1"},
+ {"given-name", 1814061058, "PrintableString"},
+ {0, 1073745928, "1"},
+ {"ub-given-name-length", 524298, "1"},
+ {"initials", 1814061058, "PrintableString"},
+ {0, 1073745928, "2"},
+ {"ub-initials-length", 524298, "1"},
+ {"generation-qualifier", 740319234, "PrintableString"},
+ {0, 1073745928, "3"},
+ {"ub-generation-qualifier-length", 524298, "1"},
+ {"OrganizationalUnitNames", 1612709899, 0},
+ {"ub-organizational-units", 1074266122, "1"},
+ {0, 2, "OrganizationalUnitName"},
+ {"OrganizationalUnitName", 1612709890, "PrintableString"},
+ {"ub-organizational-unit-name-length", 524298, "1"},
+ {"BuiltInDomainDefinedAttributes", 1612709899, 0},
+ {"ub-domain-defined-attributes", 1074266122, "1"},
+ {0, 2, "BuiltInDomainDefinedAttribute"},
+ {"BuiltInDomainDefinedAttribute", 1610612741, 0},
+ {"type", 1612709890, "PrintableString"},
+ {"ub-domain-defined-attribute-type-length", 524298, "1"},
+ {"value", 538968066, "PrintableString"},
+ {"ub-domain-defined-attribute-value-length", 524298, "1"},
+ {"ExtensionAttributes", 1612709903, 0},
+ {"ub-extension-attributes", 1074266122, "1"},
+ {0, 2, "ExtensionAttribute"},
+ {"ExtensionAttribute", 1610612741, 0},
+ {"extension-attribute-type", 1611145219, 0},
+ {0, 1073743880, "0"},
+ {"0", 10, "ub-extension-attributes"},
+ {"extension-attribute-value", 541073421, 0},
+ {0, 1073743880, "1"},
+ {"extension-attribute-type", 1, 0},
+ {"common-name", 1342177283, "1"},
+ {"CommonName", 1612709890, "PrintableString"},
+ {"ub-common-name-length", 524298, "1"},
+ {"teletex-common-name", 1342177283, "2"},
+ {"TeletexCommonName", 1612709890, "TeletexString"},
+ {"ub-common-name-length", 524298, "1"},
+ {"teletex-organization-name", 1342177283, "3"},
+ {"TeletexOrganizationName", 1612709890, "TeletexString"},
+ {"ub-organization-name-length", 524298, "1"},
+ {"teletex-personal-name", 1342177283, "4"},
+ {"TeletexPersonalName", 1610612750, 0},
+ {"surname", 1814044674, "TeletexString"},
+ {0, 1073743880, "0"},
+ {"ub-surname-length", 524298, "1"},
+ {"given-name", 1814061058, "TeletexString"},
+ {0, 1073743880, "1"},
+ {"ub-given-name-length", 524298, "1"},
+ {"initials", 1814061058, "TeletexString"},
+ {0, 1073743880, "2"},
+ {"ub-initials-length", 524298, "1"},
+ {"generation-qualifier", 740319234, "TeletexString"},
+ {0, 1073743880, "3"},
+ {"ub-generation-qualifier-length", 524298, "1"},
+ {"teletex-organizational-unit-names", 1342177283, "5"},
+ {"TeletexOrganizationalUnitNames", 1612709899, 0},
+ {"ub-organizational-units", 1074266122, "1"},
+ {0, 2, "TeletexOrganizationalUnitName"},
+ {"TeletexOrganizationalUnitName", 1612709890, "TeletexString"},
+ {"ub-organizational-unit-name-length", 524298, "1"},
+ {"pds-name", 1342177283, "7"},
+ {"PDSName", 1612709890, "PrintableString"},
+ {"ub-pds-name-length", 524298, "1"},
+ {"physical-delivery-country-name", 1342177283, "8"},
+ {"PhysicalDeliveryCountryName", 1610612754, 0},
+ {"x121-dcc-code", 1612709890, "NumericString"},
+ {0, 1048586, "ub-country-name-numeric-length"},
+ {"iso-3166-alpha2-code", 538968066, "PrintableString"},
+ {0, 1048586, "ub-country-name-alpha-length"},
+ {"postal-code", 1342177283, "9"},
+ {"PostalCode", 1610612754, 0},
+ {"numeric-code", 1612709890, "NumericString"},
+ {"ub-postal-code-length", 524298, "1"},
+ {"printable-code", 538968066, "PrintableString"},
+ {"ub-postal-code-length", 524298, "1"},
+ {"physical-delivery-office-name", 1342177283, "10"},
+ {"PhysicalDeliveryOfficeName", 1073741826, "PDSParameter"},
+ {"physical-delivery-office-number", 1342177283, "11"},
+ {"PhysicalDeliveryOfficeNumber", 1073741826, "PDSParameter"},
+ {"extension-OR-address-components", 1342177283, "12"},
+ {"ExtensionORAddressComponents", 1073741826, "PDSParameter"},
+ {"physical-delivery-personal-name", 1342177283, "13"},
+ {"PhysicalDeliveryPersonalName", 1073741826, "PDSParameter"},
+ {"physical-delivery-organization-name", 1342177283, "14"},
+ {"PhysicalDeliveryOrganizationName", 1073741826, "PDSParameter"},
+ {"extension-physical-delivery-address-components", 1342177283, "15"},
+ {"ExtensionPhysicalDeliveryAddressComponents", 1073741826,
+ "PDSParameter"},
+ {"unformatted-postal-address", 1342177283, "16"},
+ {"UnformattedPostalAddress", 1610612750, 0},
+ {"printable-address", 1814052875, 0},
+ {"ub-pds-physical-address-lines", 1074266122, "1"},
+ {0, 538968066, "PrintableString"},
+ {"ub-pds-parameter-length", 524298, "1"},
+ {"teletex-string", 740311042, "TeletexString"},
+ {"ub-unformatted-address-length", 524298, "1"},
+ {"street-address", 1342177283, "17"},
+ {"StreetAddress", 1073741826, "PDSParameter"},
+ {"post-office-box-address", 1342177283, "18"},
+ {"PostOfficeBoxAddress", 1073741826, "PDSParameter"},
+ {"poste-restante-address", 1342177283, "19"},
+ {"PosteRestanteAddress", 1073741826, "PDSParameter"},
+ {"unique-postal-name", 1342177283, "20"},
+ {"UniquePostalName", 1073741826, "PDSParameter"},
+ {"local-postal-attributes", 1342177283, "21"},
+ {"LocalPostalAttributes", 1073741826, "PDSParameter"},
+ {"PDSParameter", 1610612750, 0},
+ {"printable-string", 1814052866, "PrintableString"},
+ {"ub-pds-parameter-length", 524298, "1"},
+ {"teletex-string", 740311042, "TeletexString"},
+ {"ub-pds-parameter-length", 524298, "1"},
+ {"extended-network-address", 1342177283, "22"},
+ {"ExtendedNetworkAddress", 1610612754, 0},
+ {"e163-4-address", 1610612741, 0},
+ {"number", 1612718082, "NumericString"},
+ {0, 1073743880, "0"},
+ {"ub-e163-4-number-length", 524298, "1"},
+ {"sub-address", 538992642, "NumericString"},
+ {0, 1073743880, "1"},
+ {"ub-e163-4-sub-address-length", 524298, "1"},
+ {"psap-address", 536879106, "PresentationAddress"},
+ {0, 2056, "0"},
+ {"PresentationAddress", 1610612741, 0},
+ {"pSelector", 1610637319, 0},
+ {0, 2056, "0"},
+ {"sSelector", 1610637319, 0},
+ {0, 2056, "1"},
+ {"tSelector", 1610637319, 0},
+ {0, 2056, "2"},
+ {"nAddresses", 538976271, 0},
+ {0, 1073743880, "3"},
+ {"MAX", 1074266122, "1"},
+ {0, 7, 0},
+ {"terminal-type", 1342177283, "23"},
+ {"TerminalType", 1610874883, 0},
+ {"telex", 1073741825, "3"},
+ {"teletex", 1073741825, "4"},
+ {"g3-facsimile", 1073741825, "5"},
+ {"g4-facsimile", 1073741825, "6"},
+ {"ia5-terminal", 1073741825, "7"},
+ {"videotex", 1, "8"},
+ {"teletex-domain-defined-attributes", 1342177283, "6"},
+ {"TeletexDomainDefinedAttributes", 1612709899, 0},
+ {"ub-domain-defined-attributes", 1074266122, "1"},
+ {0, 2, "TeletexDomainDefinedAttribute"},
+ {"TeletexDomainDefinedAttribute", 1610612741, 0},
+ {"type", 1612709890, "TeletexString"},
+ {"ub-domain-defined-attribute-type-length", 524298, "1"},
+ {"value", 538968066, "TeletexString"},
+ {"ub-domain-defined-attribute-value-length", 524298, "1"},
+ {"ub-name", 1342177283, "32768"},
+ {"ub-common-name", 1342177283, "64"},
+ {"ub-locality-name", 1342177283, "128"},
+ {"ub-state-name", 1342177283, "128"},
+ {"ub-organization-name", 1342177283, "64"},
+ {"ub-organizational-unit-name", 1342177283, "64"},
+ {"ub-title", 1342177283, "64"},
+ {"ub-match", 1342177283, "128"},
+ {"ub-emailaddress-length", 1342177283, "128"},
+ {"ub-common-name-length", 1342177283, "64"},
+ {"ub-country-name-alpha-length", 1342177283, "2"},
+ {"ub-country-name-numeric-length", 1342177283, "3"},
+ {"ub-domain-defined-attributes", 1342177283, "4"},
+ {"ub-domain-defined-attribute-type-length", 1342177283, "8"},
+ {"ub-domain-defined-attribute-value-length", 1342177283, "128"},
+ {"ub-domain-name-length", 1342177283, "16"},
+ {"ub-extension-attributes", 1342177283, "256"},
+ {"ub-e163-4-number-length", 1342177283, "15"},
+ {"ub-e163-4-sub-address-length", 1342177283, "40"},
+ {"ub-generation-qualifier-length", 1342177283, "3"},
+ {"ub-given-name-length", 1342177283, "16"},
+ {"ub-initials-length", 1342177283, "5"},
+ {"ub-integer-options", 1342177283, "256"},
+ {"ub-numeric-user-id-length", 1342177283, "32"},
+ {"ub-organization-name-length", 1342177283, "64"},
+ {"ub-organizational-unit-name-length", 1342177283, "32"},
+ {"ub-organizational-units", 1342177283, "4"},
+ {"ub-pds-name-length", 1342177283, "16"},
+ {"ub-pds-parameter-length", 1342177283, "30"},
+ {"ub-pds-physical-address-lines", 1342177283, "6"},
+ {"ub-postal-code-length", 1342177283, "16"},
+ {"ub-surname-length", 1342177283, "40"},
+ {"ub-terminal-id-length", 1342177283, "24"},
+ {"ub-unformatted-address-length", 1342177283, "180"},
+ {"ub-x121-address-length", 1342177283, "16"},
+ {"pkcs-7-ContentInfo", 1610612741, 0},
+ {"contentType", 1073741826, "pkcs-7-ContentType"},
+ {"content", 541073421, 0},
+ {0, 1073743880, "0"},
+ {"contentType", 1, 0},
+ {"pkcs-7-DigestInfo", 1610612741, 0},
+ {"digestAlgorithm", 1073741826, "pkcs-7-DigestAlgorithmIdentifier"},
+ {"digest", 2, "pkcs-7-Digest"},
+ {"pkcs-7-Digest", 1073741831, 0},
+ {"pkcs-7-ContentType", 1073741836, 0},
+ {"pkcs-7-SignedData", 1610612741, 0},
+ {"version", 1073741826, "pkcs-7-CMSVersion"},
+ {"digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"},
+ {"encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"},
+ {"certificates", 1610637314, "pkcs-7-CertificateSet"},
+ {0, 4104, "0"},
+ {"crls", 1610637314, "pkcs-7-CertificateRevocationLists"},
+ {0, 4104, "1"},
+ {"signerInfos", 2, "pkcs-7-SignerInfos"},
+ {"pkcs-7-CMSVersion", 1610874883, 0},
+ {"v0", 1073741825, "0"},
+ {"v1", 1073741825, "1"},
+ {"v2", 1073741825, "2"},
+ {"v3", 1073741825, "3"},
+ {"v4", 1, "4"},
+ {"pkcs-7-DigestAlgorithmIdentifiers", 1610612751, 0},
+ {0, 2, "pkcs-7-DigestAlgorithmIdentifier"},
+ {"pkcs-7-DigestAlgorithmIdentifier", 1073741826,
+ "AlgorithmIdentifier"},
+ {"pkcs-7-EncapsulatedContentInfo", 1610612741, 0},
+ {"eContentType", 1073741826, "pkcs-7-ContentType"},
+ {"eContent", 536895495, 0},
+ {0, 2056, "0"},
+ {"pkcs-7-CertificateRevocationLists", 1610612751, 0},
+ {0, 13, 0},
+ {"pkcs-7-CertificateChoices", 1610612754, 0},
+ {"certificate", 13, 0},
+ {"pkcs-7-CertificateSet", 1610612751, 0},
+ {0, 2, "pkcs-7-CertificateChoices"},
+ {"pkcs-7-SignerInfos", 1610612751, 0},
+ {0, 13, 0},
+ {"pkcs-10-CertificationRequestInfo", 1610612741, 0},
+ {"version", 1610874883, 0},
+ {"v1", 1, "0"},
+ {"subject", 1073741826, "Name"},
+ {"subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"},
+ {"attributes", 536879106, "Attributes"},
+ {0, 4104, "0"},
+ {"Attributes", 1610612751, 0},
+ {0, 2, "Attribute"},
+ {"pkcs-10-CertificationRequest", 1610612741, 0},
+ {"certificationRequestInfo", 1073741826,
+ "pkcs-10-CertificationRequestInfo"},
+ {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"signature", 6, 0},
+ {"pkcs-9-ub-challengePassword", 1342177283, "255"},
+ {"pkcs-9-certTypes", 1879048204, 0},
+ {0, 1073741825, "pkcs-9"},
+ {0, 1, "22"},
+ {"pkcs-9-crlTypes", 1879048204, 0},
+ {0, 1073741825, "pkcs-9"},
+ {0, 1, "23"},
+ {"pkcs-9-at-challengePassword", 1879048204, 0},
+ {0, 1073741825, "pkcs-9"},
+ {0, 1, "7"},
+ {"pkcs-9-challengePassword", 1610612754, 0},
+ {"printableString", 1612709890, "PrintableString"},
+ {"pkcs-9-ub-challengePassword", 524298, "1"},
+ {"utf8String", 538968066, "UTF8String"},
+ {"pkcs-9-ub-challengePassword", 524298, "1"},
+ {"pkcs-9-at-localKeyId", 1879048204, 0},
+ {0, 1073741825, "pkcs-9"},
+ {0, 1, "21"},
+ {"pkcs-9-localKeyId", 1073741831, 0},
+ {"pkcs-9-at-friendlyName", 1879048204, 0},
+ {0, 1073741825, "pkcs-9"},
+ {0, 1, "20"},
+ {"pkcs-9-friendlyName", 1612709890, "BMPString"},
+ {"255", 524298, "1"},
+ {"pkcs-8-PrivateKeyInfo", 1610612741, 0},
+ {"version", 1073741826, "pkcs-8-Version"},
+ {"privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"privateKey", 1073741826, "pkcs-8-PrivateKey"},
+ {"attributes", 536895490, "Attributes"},
+ {0, 4104, "0"},
+ {"pkcs-8-Version", 1610874883, 0},
+ {"v1", 1, "0"},
+ {"pkcs-8-PrivateKey", 1073741831, 0},
+ {"pkcs-8-Attributes", 1610612751, 0},
+ {0, 2, "Attribute"},
+ {"pkcs-8-EncryptedPrivateKeyInfo", 1610612741, 0},
+ {"encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ {"encryptedData", 2, "pkcs-8-EncryptedData"},
+ {"pkcs-8-EncryptedData", 1073741831, 0},
+ {"pkcs-5", 1879048204, 0},
+ {0, 1073741825, "pkcs"},
+ {0, 1, "5"},
+ {"pkcs-5-encryptionAlgorithm", 1879048204, 0},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"rsadsi", 1073741825, "113549"},
+ {0, 1, "3"},
+ {"pkcs-5-des-EDE3-CBC", 1879048204, 0},
+ {0, 1073741825, "pkcs-5-encryptionAlgorithm"},
+ {0, 1, "7"},
+ {"pkcs-5-des-EDE3-CBC-params", 1612709895, 0},
+ {0, 1048586, "8"},
+ {"pkcs-5-id-PBES2", 1879048204, 0},
+ {0, 1073741825, "pkcs-5"},
+ {0, 1, "13"},
+ {"pkcs-5-PBES2-params", 1610612741, 0},
+ {"keyDerivationFunc", 1073741826, "AlgorithmIdentifier"},
+ {"encryptionScheme", 2, "AlgorithmIdentifier"},
+ {"pkcs-5-id-PBKDF2", 1879048204, 0},
+ {0, 1073741825, "pkcs-5"},
+ {0, 1, "12"},
+ {"pkcs-5-PBKDF2-params", 1610612741, 0},
+ {"salt", 1610612754, 0},
+ {"specified", 1073741831, 0},
+ {"otherSource", 2, "AlgorithmIdentifier"},
+ {"iterationCount", 1611137027, 0},
+ {"1", 10, "MAX"},
+ {"keyLength", 1611153411, 0},
+ {"1", 10, "MAX"},
+ {"prf", 16386, "AlgorithmIdentifier"},
+ {"pkcs-12", 1879048204, 0},
+ {0, 1073741825, "pkcs"},
+ {0, 1, "12"},
+ {"pkcs-12-PFX", 1610612741, 0},
+ {"version", 1610874883, 0},
+ {"v3", 1, "3"},
+ {"authSafe", 1073741826, "pkcs-7-ContentInfo"},
+ {"macData", 16386, "pkcs-12-MacData"},
+ {"pkcs-12-PbeParams", 1610612741, 0},
+ {"salt", 1073741831, 0},
+ {"iterations", 3, 0},
+ {"pkcs-12-MacData", 1610612741, 0},
+ {"mac", 1073741826, "pkcs-7-DigestInfo"},
+ {"macSalt", 1073741831, 0},
+ {"iterations", 536903683, 0},
+ {0, 9, "1"},
+ {"pkcs-12-AuthenticatedSafe", 1610612747, 0},
+ {0, 2, "pkcs-7-ContentInfo"},
+ {"pkcs-12-SafeContents", 1610612747, 0},
+ {0, 2, "pkcs-12-SafeBag"},
+ {"pkcs-12-SafeBag", 1610612741, 0},
+ {"bagId", 1073741836, 0},
+ {"bagValue", 1614815245, 0},
+ {0, 1073743880, "0"},
+ {"badId", 1, 0},
+ {"bagAttributes", 536887311, 0},
+ {0, 2, "pkcs-12-PKCS12Attribute"},
+ {"pkcs-12-bagtypes", 1879048204, 0},
+ {0, 1073741825, "pkcs-12"},
+ {0, 1073741825, "10"},
+ {0, 1, "1"},
+ {"pkcs-12-keyBag", 1879048204, 0},
+ {0, 1073741825, "pkcs-12-bagtypes"},
+ {0, 1, "1"},
+ {"pkcs-12-pkcs8ShroudedKeyBag", 1879048204, 0},
+ {0, 1073741825, "pkcs-12-bagtypes"},
+ {0, 1, "2"},
+ {"pkcs-12-certBag", 1879048204, 0},
+ {0, 1073741825, "pkcs-12-bagtypes"},
+ {0, 1, "3"},
+ {"pkcs-12-crlBag", 1879048204, 0},
+ {0, 1073741825, "pkcs-12-bagtypes"},
+ {0, 1, "4"},
+ {"pkcs-12-KeyBag", 1073741826, "pkcs-8-PrivateKeyInfo"},
+ {"pkcs-12-PKCS8ShroudedKeyBag", 1073741826,
+ "pkcs-8-EncryptedPrivateKeyInfo"},
+ {"pkcs-12-CertBag", 1610612741, 0},
+ {"certId", 1073741836, 0},
+ {"certValue", 541073421, 0},
+ {0, 1073743880, "0"},
+ {"certId", 1, 0},
+ {"pkcs-12-CRLBag", 1610612741, 0},
+ {"crlId", 1073741836, 0},
+ {"crlValue", 541073421, 0},
+ {0, 1073743880, "0"},
+ {"crlId", 1, 0},
+ {"pkcs-12-PKCS12Attribute", 1073741826, "Attribute"},
+ {"pkcs-7-data", 1879048204, 0},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"rsadsi", 1073741825, "113549"},
+ {"pkcs", 1073741825, "1"},
+ {"pkcs7", 1073741825, "7"},
+ {0, 1, "1"},
+ {"pkcs-7-encryptedData", 1879048204, 0},
+ {"iso", 1073741825, "1"},
+ {"member-body", 1073741825, "2"},
+ {"us", 1073741825, "840"},
+ {"rsadsi", 1073741825, "113549"},
+ {"pkcs", 1073741825, "1"},
+ {"pkcs7", 1073741825, "7"},
+ {0, 1, "6"},
+ {"pkcs-7-Data", 1073741831, 0},
+ {"pkcs-7-EncryptedData", 1610612741, 0},
+ {"version", 1073741826, "pkcs-7-CMSVersion"},
+ {"encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"},
+ {"unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"},
+ {0, 4104, "1"},
+ {"pkcs-7-EncryptedContentInfo", 1610612741, 0},
+ {"contentType", 1073741826, "pkcs-7-ContentType"},
+ {"contentEncryptionAlgorithm", 1073741826,
+ "pkcs-7-ContentEncryptionAlgorithmIdentifier"},
+ {"encryptedContent", 536895490, "pkcs-7-EncryptedContent"},
+ {0, 4104, "0"},
+ {"pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826,
+ "AlgorithmIdentifier"},
+ {"pkcs-7-EncryptedContent", 1073741831, 0},
+ {"pkcs-7-UnprotectedAttributes", 1612709903, 0},
+ {"MAX", 1074266122, "1"},
+ {0, 2, "Attribute"},
+ {"id-at-ldap-DC", 1880096780, "AttributeType"},
+ {0, 1073741825, "0"},
+ {0, 1073741825, "9"},
+ {0, 1073741825, "2342"},
+ {0, 1073741825, "19200300"},
+ {0, 1073741825, "100"},
+ {0, 1073741825, "1"},
+ {0, 1, "25"},
+ {"ldap-DC", 1073741826, "IA5String"},
+ {"id-at-ldap-UID", 1880096780, "AttributeType"},
+ {0, 1073741825, "0"},
+ {0, 1073741825, "9"},
+ {0, 1073741825, "2342"},
+ {0, 1073741825, "19200300"},
+ {0, 1073741825, "100"},
+ {0, 1073741825, "1"},
+ {0, 1, "1"},
+ {"ldap-UID", 1073741826, "IA5String"},
+ {"id-pda", 1879048204, 0},
+ {0, 1073741825, "id-pkix"},
+ {0, 1, "9"},
+ {"id-pda-dateOfBirth", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-pda"},
+ {0, 1, "1"},
+ {"DateOfBirth", 1082130449, 0},
+ {"id-pda-placeOfBirth", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-pda"},
+ {0, 1, "2"},
+ {"PlaceOfBirth", 1073741826, "DirectoryString"},
+ {"id-pda-gender", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-pda"},
+ {0, 1, "3"},
+ {"Gender", 1612709890, "PrintableString"},
+ {0, 1048586, "1"},
+ {"id-pda-countryOfCitizenship", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-pda"},
+ {0, 1, "4"},
+ {"CountryOfCitizenship", 1612709890, "PrintableString"},
+ {0, 1048586, "2"},
+ {"id-pda-countryOfResidence", 1880096780, "AttributeType"},
+ {0, 1073741825, "id-pda"},
+ {0, 1, "5"},
+ {"CountryOfResidence", 538968066, "PrintableString"},
+ {0, 1048586, "2"},
+ {0, 0, 0}
};
diff --git a/lib/strfile.h b/lib/strfile.h
index 56ed41fed1..8afa7efcfe 100644
--- a/lib/strfile.h
+++ b/lib/strfile.h
@@ -1,8 +1,8 @@
typedef struct {
- opaque * data;
- size_t size;
- int mmaped;
+ opaque *data;
+ size_t size;
+ int mmaped;
} strfile;
-void _gnutls_strfile_free( strfile *x);
-strfile _gnutls_file_to_str( const char * file);
+void _gnutls_strfile_free(strfile * x);
+strfile _gnutls_file_to_str(const char *file);
diff --git a/lib/strnstr.c b/lib/strnstr.c
index 7eaa9d0dac..d664384ee7 100644
--- a/lib/strnstr.c
+++ b/lib/strnstr.c
@@ -26,23 +26,25 @@
char *strnstr(const char *haystack, const char *needle, size_t haystacklen)
{
- char *p;
- ssize_t plen;
- ssize_t len = strlen(needle);
+ char *p;
+ ssize_t plen;
+ ssize_t len = strlen(needle);
- if (*needle == '\0') /* everything matches empty string */
- return (char*) haystack;
+ if (*needle == '\0') /* everything matches empty string */
+ return (char *) haystack;
- plen = haystacklen;
- for (p = (char*) haystack; p != NULL; p = memchr(p + 1, *needle, plen-1)) {
- plen = haystacklen - (p - haystack);
+ plen = haystacklen;
+ for (p = (char *) haystack; p != NULL;
+ p = memchr(p + 1, *needle, plen - 1)) {
+ plen = haystacklen - (p - haystack);
- if (plen < len) return NULL;
+ if (plen < len)
+ return NULL;
- if (strncmp(p, needle, len) == 0)
- return (p);
- }
- return NULL;
+ if (strncmp(p, needle, len) == 0)
+ return (p);
+ }
+ return NULL;
}
#endif
diff --git a/lib/x509/common.c b/lib/x509/common.c
index 2cd9149917..9b281dfe4d 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -34,64 +34,65 @@
#include <time.h>
typedef struct _oid2string {
- const char * oid;
- const char * ldap_desc;
- int choice; /* of type DirectoryString */
- int printable;
+ const char *oid;
+ const char *ldap_desc;
+ int choice; /* of type DirectoryString */
+ int printable;
} oid2string;
/* This list contains all the OIDs that may be
* contained in a rdnSequence and are printable.
*/
static const oid2string _oid2str[] = {
- /* PKIX
- */
- {"1.3.6.1.5.5.7.9.1", "dateOfBirth", 0, 1},
- {"1.3.6.1.5.5.7.9.2", "placeOfBirth", 0, 1},
- {"1.3.6.1.5.5.7.9.3", "gender", 0, 1},
- {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1},
- {"1.3.6.1.5.5.7.9.5", "countryOfResidence", 0, 1},
-
- {"2.5.4.6", "C", 0, 1},
- {"2.5.4.9", "STREET", 1, 1},
- {"2.5.4.12", "T", 1, 1},
- {"2.5.4.10", "O", 1, 1},
- {"2.5.4.11", "OU", 1, 1},
- {"2.5.4.3", "CN", 1, 1},
- {"2.5.4.7", "L", 1, 1},
- {"2.5.4.8", "ST", 1, 1},
-
- {"2.5.4.5", "serialNumber", 0, 1},
- {"2.5.4.20", "telephoneNumber", 0, 1},
- {"2.5.4.4", "surName", 1, 1},
- {"2.5.4.43", "initials", 1, 1},
- {"2.5.4.44", "generationQualifier", 1, 1},
- {"2.5.4.42", "givenName", 1, 1},
- {"2.5.4.65", "pseudonym", 1, 1},
- {"2.5.4.46", "dnQualifier", 0, 1},
-
- {"0.9.2342.19200300.100.1.25", "DC", 0, 1},
- {"0.9.2342.19200300.100.1.1", "UID", 0, 1},
- {"1.2.840.113549.1.9.1", "EMAIL", 0, 1},
- {"1.2.840.113549.1.9.7", NULL, 1, 1},
-
- /* friendly name */
- {"1.2.840.113549.1.9.20", NULL, 0, 1},
- {NULL, NULL, 0, 0}
+ /* PKIX
+ */
+ {"1.3.6.1.5.5.7.9.1", "dateOfBirth", 0, 1},
+ {"1.3.6.1.5.5.7.9.2", "placeOfBirth", 0, 1},
+ {"1.3.6.1.5.5.7.9.3", "gender", 0, 1},
+ {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1},
+ {"1.3.6.1.5.5.7.9.5", "countryOfResidence", 0, 1},
+
+ {"2.5.4.6", "C", 0, 1},
+ {"2.5.4.9", "STREET", 1, 1},
+ {"2.5.4.12", "T", 1, 1},
+ {"2.5.4.10", "O", 1, 1},
+ {"2.5.4.11", "OU", 1, 1},
+ {"2.5.4.3", "CN", 1, 1},
+ {"2.5.4.7", "L", 1, 1},
+ {"2.5.4.8", "ST", 1, 1},
+
+ {"2.5.4.5", "serialNumber", 0, 1},
+ {"2.5.4.20", "telephoneNumber", 0, 1},
+ {"2.5.4.4", "surName", 1, 1},
+ {"2.5.4.43", "initials", 1, 1},
+ {"2.5.4.44", "generationQualifier", 1, 1},
+ {"2.5.4.42", "givenName", 1, 1},
+ {"2.5.4.65", "pseudonym", 1, 1},
+ {"2.5.4.46", "dnQualifier", 0, 1},
+
+ {"0.9.2342.19200300.100.1.25", "DC", 0, 1},
+ {"0.9.2342.19200300.100.1.1", "UID", 0, 1},
+ {"1.2.840.113549.1.9.1", "EMAIL", 0, 1},
+ {"1.2.840.113549.1.9.7", NULL, 1, 1},
+
+ /* friendly name */
+ {"1.2.840.113549.1.9.20", NULL, 0, 1},
+ {NULL, NULL, 0, 0}
};
/* Returns 1 if the data defined by the OID are printable.
*/
-int _gnutls_x509_oid_data_printable( const char* oid) {
-int i = 0;
+int _gnutls_x509_oid_data_printable(const char *oid)
+{
+ int i = 0;
- do {
- if ( strcmp(_oid2str[i].oid, oid)==0)
- return _oid2str[i].printable;
- i++;
- } while( _oid2str[i].oid != NULL);
+ do {
+ if (strcmp(_oid2str[i].oid, oid) == 0)
+ return _oid2str[i].printable;
+ i++;
+ } while (_oid2str[i].oid != NULL);
- return 0;
+ return 0;
}
/**
@@ -108,44 +109,46 @@ int i = 0;
* Returns 1 on known OIDs and 0 otherwise.
*
**/
-int gnutls_x509_dn_oid_known( const char* oid)
+int gnutls_x509_dn_oid_known(const char *oid)
{
-int i = 0;
+ int i = 0;
- do {
- if ( strcmp(_oid2str[i].oid, oid)==0)
- return 1;
- i++;
- } while( _oid2str[i].oid != NULL);
+ do {
+ if (strcmp(_oid2str[i].oid, oid) == 0)
+ return 1;
+ i++;
+ } while (_oid2str[i].oid != NULL);
- return 0;
+ return 0;
}
/* Returns 1 if the data defined by the OID are of a choice
* type.
*/
-int _gnutls_x509_oid_data_choice( const char* oid) {
-int i = 0;
+int _gnutls_x509_oid_data_choice(const char *oid)
+{
+ int i = 0;
- do {
- if ( strcmp(_oid2str[i].oid, oid)==0)
- return _oid2str[i].choice;
- i++;
- } while( _oid2str[i].oid != NULL);
+ do {
+ if (strcmp(_oid2str[i].oid, oid) == 0)
+ return _oid2str[i].choice;
+ i++;
+ } while (_oid2str[i].oid != NULL);
- return 0;
+ return 0;
}
-const char* _gnutls_x509_oid2ldap_string( const char* oid) {
-int i = 0;
+const char *_gnutls_x509_oid2ldap_string(const char *oid)
+{
+ int i = 0;
- do {
- if ( strcmp(_oid2str[i].oid, oid)==0)
- return _oid2str[i].ldap_desc;
- i++;
- } while( _oid2str[i].oid != NULL);
+ do {
+ if (strcmp(_oid2str[i].oid, oid) == 0)
+ return _oid2str[i].ldap_desc;
+ i++;
+ } while (_oid2str[i].oid != NULL);
- return NULL;
+ return NULL;
}
/* This function will convert an attribute value, specified by the OID,
@@ -154,84 +157,87 @@ int i = 0;
* res may be null. This will just return the res_size, needed to
* hold the string.
*/
-int _gnutls_x509_oid_data2string( const char* oid, void* value,
- int value_size, char * res, size_t *res_size)
+int _gnutls_x509_oid_data2string(const char *oid, void *value,
+ int value_size, char *res,
+ size_t * res_size)
{
-char str[1024], tmpname[128];
-const char* ANAME = NULL;
-int CHOICE = -1, len = -1, result;
-ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
-
- if (value==NULL || value_size <=0 || res_size == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ( _gnutls_x509_oid_data_printable( oid) == 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ANAME = asn1_find_structure_from_oid( _gnutls_get_pkix(), oid);
- CHOICE = _gnutls_x509_oid_data_choice( oid);
+ char str[1024], tmpname[128];
+ const char *ANAME = NULL;
+ int CHOICE = -1, len = -1, result;
+ ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
+
+ if (value == NULL || value_size <= 0 || res_size == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (_gnutls_x509_oid_data_printable(oid) == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ANAME = asn1_find_structure_from_oid(_gnutls_get_pkix(), oid);
+ CHOICE = _gnutls_x509_oid_data_choice(oid);
+
+ if (ANAME == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ _gnutls_str_cpy(str, sizeof(str), "PKIX1.");
+ _gnutls_str_cat(str, sizeof(str), ANAME);
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(), str,
+ &tmpasn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if ((result =
+ asn1_der_decoding(&tmpasn, value, value_size,
+ NULL)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&tmpasn);
+ return _gnutls_asn2err(result);
+ }
+
+ /* If this is a choice then we read the choice. Otherwise it
+ * is the value;
+ */
+ len = sizeof(str) - 1;
+ if ((result = asn1_read_value(tmpasn, "", str, &len)) != ASN1_SUCCESS) { /* CHOICE */
+ gnutls_assert();
+ asn1_delete_structure(&tmpasn);
+ return _gnutls_asn2err(result);
+ }
- if (ANAME==NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (CHOICE == 0) {
+ str[len] = 0;
+ if (res)
+ _gnutls_str_cpy(res, *res_size, str);
+ *res_size = len;
- _gnutls_str_cpy(str, sizeof(str), "PKIX1.");
- _gnutls_str_cat(str, sizeof(str), ANAME);
+ } else { /* CHOICE */
+ str[len] = 0;
+ _gnutls_str_cpy(tmpname, sizeof(tmpname), str);
+ len = sizeof(str) - 1;
if ((result =
- asn1_create_element(_gnutls_get_pkix(), str,
- &tmpasn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- if ((result = asn1_der_decoding(&tmpasn, value, value_size, NULL)) != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&tmpasn);
- return _gnutls_asn2err(result);
+ asn1_read_value(tmpasn, tmpname, str,
+ &len)) != ASN1_SUCCESS) {
+ asn1_delete_structure(&tmpasn);
+ return _gnutls_asn2err(result);
}
+ str[len] = 0;
- /* If this is a choice then we read the choice. Otherwise it
- * is the value;
- */
- len = sizeof( str) - 1;
- if ((result = asn1_read_value(tmpasn, "", str, &len)) != ASN1_SUCCESS) { /* CHOICE */
- gnutls_assert();
- asn1_delete_structure(&tmpasn);
- return _gnutls_asn2err(result);
- }
+ if (res)
+ _gnutls_str_cpy(res, *res_size, str);
+ *res_size = len;
+ }
+ asn1_delete_structure(&tmpasn);
- if (CHOICE == 0) {
- str[len] = 0;
- if (res)
- _gnutls_str_cpy(res, *res_size, str);
- *res_size = len;
-
- } else { /* CHOICE */
- str[len] = 0;
- _gnutls_str_cpy( tmpname, sizeof(tmpname), str);
-
- len = sizeof(str) - 1;
- if ((result =
- asn1_read_value(tmpasn, tmpname, str,
- &len)) != ASN1_SUCCESS) {
- asn1_delete_structure(&tmpasn);
- return _gnutls_asn2err(result);
- }
- str[len] = 0;
-
- if (res)
- _gnutls_str_cpy(res, *res_size, str);
- *res_size = len;
- }
- asn1_delete_structure(&tmpasn);
-
- return 0;
+ return 0;
}
@@ -242,92 +248,105 @@ ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
*/
void _gnutls_int2str(unsigned int k, char *data)
{
- if (k > 999)
- sprintf(data, "%d", 999);
- else
- sprintf(data, "%d", k);
+ if (k > 999)
+ sprintf(data, "%d", 999);
+ else
+ sprintf(data, "%d", k);
}
-gnutls_pk_algorithm _gnutls_x509_oid2pk_algorithm( const char* oid)
+gnutls_pk_algorithm _gnutls_x509_oid2pk_algorithm(const char *oid)
{
- if (strcmp( oid, PKIX1_RSA_OID) == 0) /* pkix-1 1 - RSA */
- return GNUTLS_PK_RSA;
- else if (strcmp( oid, DSA_OID) == 0)
- return GNUTLS_PK_DSA;
+ if (strcmp(oid, PKIX1_RSA_OID) == 0) /* pkix-1 1 - RSA */
+ return GNUTLS_PK_RSA;
+ else if (strcmp(oid, DSA_OID) == 0)
+ return GNUTLS_PK_DSA;
- _gnutls_x509_log("Unknown PK OID: '%s'\n", oid);
+ _gnutls_x509_log("Unknown PK OID: '%s'\n", oid);
- return GNUTLS_PK_UNKNOWN;
+ return GNUTLS_PK_UNKNOWN;
}
-gnutls_sign_algorithm _gnutls_x509_oid2sign_algorithm( const char* oid)
+gnutls_sign_algorithm _gnutls_x509_oid2sign_algorithm(const char *oid)
{
- if (strcmp( oid, RSA_MD5_OID) == 0) {
- return GNUTLS_SIGN_RSA_MD5;
- } else if (strcmp( oid, RSA_SHA1_OID) == 0) {
- return GNUTLS_SIGN_RSA_SHA;
- } else if (strcmp( oid, RSA_MD2_OID) == 0) {
- return GNUTLS_SIGN_RSA_MD2;
- } else if (strcmp( oid, DSA_SHA1_OID) == 0) {
- return GNUTLS_SIGN_DSA_SHA;
- }
-
- _gnutls_x509_log("Unknown SIGN OID: '%s'\n", oid);
-
- return GNUTLS_SIGN_UNKNOWN;
+ if (strcmp(oid, RSA_MD5_OID) == 0) {
+ return GNUTLS_SIGN_RSA_MD5;
+ } else if (strcmp(oid, RSA_SHA1_OID) == 0) {
+ return GNUTLS_SIGN_RSA_SHA;
+ } else if (strcmp(oid, RSA_MD2_OID) == 0) {
+ return GNUTLS_SIGN_RSA_MD2;
+ } else if (strcmp(oid, DSA_SHA1_OID) == 0) {
+ return GNUTLS_SIGN_DSA_SHA;
+ }
+
+ _gnutls_x509_log("Unknown SIGN OID: '%s'\n", oid);
+
+ return GNUTLS_SIGN_UNKNOWN;
}
/* returns -1 on error
*/
-gnutls_mac_algorithm _gnutls_x509_oid2mac_algorithm( const char* oid)
+gnutls_mac_algorithm _gnutls_x509_oid2mac_algorithm(const char *oid)
{
- if (strcmp( oid, OID_SHA1) == 0)
- return GNUTLS_MAC_SHA;
- else if (strcmp( oid, OID_MD5) == 0)
- return GNUTLS_MAC_MD5;
+ if (strcmp(oid, OID_SHA1) == 0)
+ return GNUTLS_MAC_SHA;
+ else if (strcmp(oid, OID_MD5) == 0)
+ return GNUTLS_MAC_MD5;
- return GNUTLS_MAC_UNKNOWN;
+ return GNUTLS_MAC_UNKNOWN;
}
-const char* _gnutls_x509_mac_to_oid( gnutls_mac_algorithm mac)
+const char *_gnutls_x509_mac_to_oid(gnutls_mac_algorithm mac)
{
- if (mac == GNUTLS_MAC_SHA) return OID_SHA1;
- else if (mac == GNUTLS_MAC_MD5) return OID_MD5;
- else return NULL;
+ if (mac == GNUTLS_MAC_SHA)
+ return OID_SHA1;
+ else if (mac == GNUTLS_MAC_MD5)
+ return OID_MD5;
+ else
+ return NULL;
}
-const char* _gnutls_x509_pk_to_oid( gnutls_pk_algorithm pk)
+const char *_gnutls_x509_pk_to_oid(gnutls_pk_algorithm pk)
{
- if (pk == GNUTLS_PK_RSA) return PKIX1_RSA_OID;
- else if (pk == GNUTLS_PK_DSA) return DSA_OID;
- else return NULL;
+ if (pk == GNUTLS_PK_RSA)
+ return PKIX1_RSA_OID;
+ else if (pk == GNUTLS_PK_DSA)
+ return DSA_OID;
+ else
+ return NULL;
}
-gnutls_sign_algorithm _gnutls_x509_pk_to_sign(
- gnutls_pk_algorithm pk, gnutls_mac_algorithm mac)
+gnutls_sign_algorithm _gnutls_x509_pk_to_sign(gnutls_pk_algorithm pk,
+ gnutls_mac_algorithm mac)
{
- if (pk == GNUTLS_PK_RSA) {
- if (mac == GNUTLS_MAC_SHA) return GNUTLS_SIGN_RSA_SHA;
- else if (mac == GNUTLS_MAC_MD5) return GNUTLS_SIGN_RSA_MD5;
- } else if (pk == GNUTLS_PK_DSA) {
- if (mac == GNUTLS_MAC_SHA) return GNUTLS_SIGN_DSA_SHA;
- }
- return GNUTLS_SIGN_UNKNOWN;
+ if (pk == GNUTLS_PK_RSA) {
+ if (mac == GNUTLS_MAC_SHA)
+ return GNUTLS_SIGN_RSA_SHA;
+ else if (mac == GNUTLS_MAC_MD5)
+ return GNUTLS_SIGN_RSA_MD5;
+ } else if (pk == GNUTLS_PK_DSA) {
+ if (mac == GNUTLS_MAC_SHA)
+ return GNUTLS_SIGN_DSA_SHA;
+ }
+ return GNUTLS_SIGN_UNKNOWN;
}
-const char* _gnutls_x509_sign_to_oid( gnutls_pk_algorithm pk, gnutls_mac_algorithm mac)
+const char *_gnutls_x509_sign_to_oid(gnutls_pk_algorithm pk,
+ gnutls_mac_algorithm mac)
{
-gnutls_sign_algorithm sign;
+ gnutls_sign_algorithm sign;
- sign = _gnutls_x509_pk_to_sign( pk, mac);
+ sign = _gnutls_x509_pk_to_sign(pk, mac);
- if (sign == GNUTLS_SIGN_RSA_SHA) return RSA_SHA1_OID;
- else if (sign == GNUTLS_SIGN_RSA_MD5) return RSA_MD5_OID;
- else if (sign == GNUTLS_SIGN_DSA_SHA) return DSA_SHA1_OID;
-
- return NULL;
+ if (sign == GNUTLS_SIGN_RSA_SHA)
+ return RSA_SHA1_OID;
+ else if (sign == GNUTLS_SIGN_RSA_MD5)
+ return RSA_MD5_OID;
+ else if (sign == GNUTLS_SIGN_DSA_SHA)
+ return DSA_SHA1_OID;
+
+ return NULL;
}
@@ -341,22 +360,22 @@ gnutls_sign_algorithm sign;
* depend on the libc structure.
*/
typedef struct fake_tm {
- int tm_mon;
- int tm_year; /* FULL year - ie 1971 */
- int tm_mday;
- int tm_hour;
- int tm_min;
- int tm_sec;
+ int tm_mon;
+ int tm_year; /* FULL year - ie 1971 */
+ int tm_mday;
+ int tm_hour;
+ int tm_min;
+ int tm_sec;
} fake_tm;
/* The mktime_utc function is due to Russ Allbery (rra@stanford.edu),
* who placed it under public domain:
*/
-
+
/* The number of days in each month.
*/
static const int MONTHDAYS[] = {
- 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
};
/* Whether a given year is a leap year. */
@@ -371,29 +390,29 @@ static const int MONTHDAYS[] = {
*/
static time_t mktime_utc(const struct fake_tm *tm)
{
- time_t result = 0;
- int i;
+ time_t result = 0;
+ int i;
/* We do allow some ill-formed dates, but we don't do anything special
* with them and our callers really shouldn't pass them to us. Do
* explicitly disallow the ones that would cause invalid array accesses
* or other algorithm problems.
*/
- if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
- return (time_t) - 1;
+ if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
+ return (time_t) - 1;
/* Convert to a time_t.
*/
- for (i = 1970; i < tm->tm_year; i++)
- result += 365 + ISLEAP(i);
- for (i = 0; i < tm->tm_mon; i++)
- result += MONTHDAYS[i];
- if (tm->tm_mon > 1 && ISLEAP(tm->tm_year))
- result++;
- result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour;
- result = 60 * result + tm->tm_min;
- result = 60 * result + tm->tm_sec;
- return result;
+ for (i = 1970; i < tm->tm_year; i++)
+ result += 365 + ISLEAP(i);
+ for (i = 0; i < tm->tm_mon; i++)
+ result += MONTHDAYS[i];
+ if (tm->tm_mon > 1 && ISLEAP(tm->tm_year))
+ result++;
+ result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour;
+ result = 60 * result + tm->tm_min;
+ result = 60 * result + tm->tm_sec;
+ return result;
}
@@ -403,54 +422,54 @@ static time_t mktime_utc(const struct fake_tm *tm)
*/
time_t _gnutls_x509_time2gtime(const char *ttime, int year)
{
- char xx[3];
- struct fake_tm etime;
- time_t ret;
+ char xx[3];
+ struct fake_tm etime;
+ time_t ret;
- if (strlen( ttime) < 8) {
- gnutls_assert();
- return (time_t) -1;
- }
+ if (strlen(ttime) < 8) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- etime.tm_year = year;
+ etime.tm_year = year;
- /* In order to work with 32 bit
- * time_t.
- */
- if (sizeof (time_t) <= 4 && etime.tm_year >= 2038)
- return (time_t)2145914603; /* 2037-12-31 23:23:23 */
+ /* In order to work with 32 bit
+ * time_t.
+ */
+ if (sizeof(time_t) <= 4 && etime.tm_year >= 2038)
+ return (time_t) 2145914603; /* 2037-12-31 23:23:23 */
- xx[2] = 0;
+ xx[2] = 0;
/* get the month
*/
- memcpy(xx, ttime, 2); /* month */
- etime.tm_mon = atoi(xx) - 1;
- ttime += 2;
+ memcpy(xx, ttime, 2); /* month */
+ etime.tm_mon = atoi(xx) - 1;
+ ttime += 2;
/* get the day
*/
- memcpy(xx, ttime, 2); /* day */
- etime.tm_mday = atoi(xx);
- ttime += 2;
+ memcpy(xx, ttime, 2); /* day */
+ etime.tm_mday = atoi(xx);
+ ttime += 2;
/* get the hour
*/
- memcpy(xx, ttime, 2); /* hour */
- etime.tm_hour = atoi(xx);
- ttime += 2;
+ memcpy(xx, ttime, 2); /* hour */
+ etime.tm_hour = atoi(xx);
+ ttime += 2;
/* get the minutes
*/
- memcpy(xx, ttime, 2); /* minutes */
- etime.tm_min = atoi(xx);
- ttime += 2;
+ memcpy(xx, ttime, 2); /* minutes */
+ etime.tm_min = atoi(xx);
+ ttime += 2;
- etime.tm_sec = 0;
+ etime.tm_sec = 0;
- ret = mktime_utc(&etime);
+ ret = mktime_utc(&etime);
- return ret;
+ return ret;
}
@@ -460,57 +479,58 @@ time_t _gnutls_x509_time2gtime(const char *ttime, int year)
*/
time_t _gnutls_x509_utcTime2gtime(const char *ttime)
{
- char xx[3];
- int year;
-
- if (strlen( ttime) < 10) {
- gnutls_assert();
- return (time_t) -1;
- }
- xx[2] = 0;
+ char xx[3];
+ int year;
+
+ if (strlen(ttime) < 10) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
+ xx[2] = 0;
/* get the year
*/
- memcpy(xx, ttime, 2); /* year */
- year = atoi(xx);
- ttime += 2;
+ memcpy(xx, ttime, 2); /* year */
+ year = atoi(xx);
+ ttime += 2;
- if (year > 49)
- year += 1900;
- else
- year += 2000;
+ if (year > 49)
+ year += 1900;
+ else
+ year += 2000;
- return _gnutls_x509_time2gtime( ttime, year);
+ return _gnutls_x509_time2gtime(ttime, year);
}
/* returns a time value that contains the given time.
* The given time is expressed as:
* YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)
*/
-int _gnutls_x509_gtime2utcTime(time_t gtime, char *str_time, int str_time_size)
+int _gnutls_x509_gtime2utcTime(time_t gtime, char *str_time,
+ int str_time_size)
{
-size_t ret;
+ size_t ret;
#ifdef HAVE_GMTIME_R
-struct tm _tm;
+ struct tm _tm;
- gmtime_r( &gtime, &_tm);
+ gmtime_r(&gtime, &_tm);
- ret = strftime( str_time, str_time_size, "%y%m%d%H%M00Z", &_tm);
+ ret = strftime(str_time, str_time_size, "%y%m%d%H%M00Z", &_tm);
#else
-struct tm* _tm;
-
- _tm = gmtime( &gtime);
-
- ret = strftime( str_time, str_time_size, "%y%m%d%H%M00Z", _tm);
+ struct tm *_tm;
+
+ _tm = gmtime(&gtime);
+
+ ret = strftime(str_time, str_time_size, "%y%m%d%H%M00Z", _tm);
#endif
-
- if (!ret) {
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- return 0;
-
+
+ if (!ret) {
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ return 0;
+
}
/* returns a time_t value that contains the given time.
@@ -519,29 +539,29 @@ struct tm* _tm;
*/
time_t _gnutls_x509_generalTime2gtime(const char *ttime)
{
- char xx[5];
- int year;
+ char xx[5];
+ int year;
- if (strlen( ttime) < 12) {
- gnutls_assert();
- return (time_t) -1;
- }
+ if (strlen(ttime) < 12) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- if (strchr(ttime, 'Z') == 0) {
- gnutls_assert();
- /* sorry we don't support it yet
- */
- return (time_t)-1;
- }
- xx[4] = 0;
+ if (strchr(ttime, 'Z') == 0) {
+ gnutls_assert();
+ /* sorry we don't support it yet
+ */
+ return (time_t) - 1;
+ }
+ xx[4] = 0;
/* get the year
*/
- memcpy(xx, ttime, 4); /* year */
- year = atoi(xx);
- ttime += 4;
+ memcpy(xx, ttime, 4); /* year */
+ year = atoi(xx);
+ ttime += 4;
- return _gnutls_x509_time2gtime( ttime, year);
+ return _gnutls_x509_time2gtime(ttime, year);
}
@@ -551,45 +571,45 @@ time_t _gnutls_x509_generalTime2gtime(const char *ttime)
#define MAX_TIME 1024
time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when)
{
- char ttime[MAX_TIME];
- char name[1024];
- time_t ctime = (time_t)-1;
- int len, result;
+ char ttime[MAX_TIME];
+ char name[1024];
+ time_t ctime = (time_t) - 1;
+ int len, result;
- _gnutls_str_cpy(name, sizeof(name), when);
+ _gnutls_str_cpy(name, sizeof(name), when);
- len = sizeof(ttime) - 1;
- if ((result = asn1_read_value(c2, name, ttime, &len)) < 0) {
- gnutls_assert();
- return (time_t) (-1);
- }
+ len = sizeof(ttime) - 1;
+ if ((result = asn1_read_value(c2, name, ttime, &len)) < 0) {
+ gnutls_assert();
+ return (time_t) (-1);
+ }
- /* CHOICE */
- if (strcmp(ttime, "GeneralizedTime") == 0) {
-
- _gnutls_str_cat(name, sizeof(name), ".generalTime");
- len = sizeof(ttime) - 1;
- result = asn1_read_value(c2, name, ttime, &len);
- if (result == ASN1_SUCCESS)
- ctime = _gnutls_x509_generalTime2gtime(ttime);
- } else { /* UTCTIME */
-
- _gnutls_str_cat(name, sizeof(name), ".utcTime");
- len = sizeof(ttime) - 1;
- result = asn1_read_value(c2, name, ttime, &len);
- if (result == ASN1_SUCCESS)
- ctime = _gnutls_x509_utcTime2gtime(ttime);
- }
+ /* CHOICE */
+ if (strcmp(ttime, "GeneralizedTime") == 0) {
- /* We cannot handle dates after 2031 in 32 bit machines.
- * a time_t of 64bits has to be used.
- */
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return (time_t) (-1);
- }
- return ctime;
+ _gnutls_str_cat(name, sizeof(name), ".generalTime");
+ len = sizeof(ttime) - 1;
+ result = asn1_read_value(c2, name, ttime, &len);
+ if (result == ASN1_SUCCESS)
+ ctime = _gnutls_x509_generalTime2gtime(ttime);
+ } else { /* UTCTIME */
+
+ _gnutls_str_cat(name, sizeof(name), ".utcTime");
+ len = sizeof(ttime) - 1;
+ result = asn1_read_value(c2, name, ttime, &len);
+ if (result == ASN1_SUCCESS)
+ ctime = _gnutls_x509_utcTime2gtime(ttime);
+ }
+
+ /* We cannot handle dates after 2031 in 32 bit machines.
+ * a time_t of 64bits has to be used.
+ */
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return (time_t) (-1);
+ }
+ return ctime;
}
/* Sets the time in time_t in the ASN1_TYPE given. Where should
@@ -597,129 +617,138 @@ time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when)
*/
int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim)
{
- char str_time[MAX_TIME];
- char name[1024];
- int result, len;
+ char str_time[MAX_TIME];
+ char name[1024];
+ int result, len;
- _gnutls_str_cpy(name, sizeof(name), where);
+ _gnutls_str_cpy(name, sizeof(name), where);
- if ((result = asn1_write_value(c2, name, "utcTime", 1)) < 0) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if ((result = asn1_write_value(c2, name, "utcTime", 1)) < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- result = _gnutls_x509_gtime2utcTime( tim, str_time, sizeof(str_time));
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ result = _gnutls_x509_gtime2utcTime(tim, str_time, sizeof(str_time));
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- _gnutls_str_cat(name, sizeof(name), ".utcTime");
+ _gnutls_str_cat(name, sizeof(name), ".utcTime");
- result = asn1_write_value(c2, name, str_time, len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ result = asn1_write_value(c2, name, str_time, len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
-gnutls_x509_subject_alt_name _gnutls_x509_san_find_type( char* str_type)
+gnutls_x509_subject_alt_name _gnutls_x509_san_find_type(char *str_type)
{
- if (strcmp( str_type, "dNSName")==0) return GNUTLS_SAN_DNSNAME;
- if (strcmp( str_type, "rfc822Name")==0) return GNUTLS_SAN_RFC822NAME;
- if (strcmp( str_type, "uniformResourceIdentifier")==0) return GNUTLS_SAN_URI;
- if (strcmp( str_type, "iPAddress")==0) return GNUTLS_SAN_IPADDRESS;
- return (gnutls_x509_subject_alt_name)-1;
+ if (strcmp(str_type, "dNSName") == 0)
+ return GNUTLS_SAN_DNSNAME;
+ if (strcmp(str_type, "rfc822Name") == 0)
+ return GNUTLS_SAN_RFC822NAME;
+ if (strcmp(str_type, "uniformResourceIdentifier") == 0)
+ return GNUTLS_SAN_URI;
+ if (strcmp(str_type, "iPAddress") == 0)
+ return GNUTLS_SAN_IPADDRESS;
+ return (gnutls_x509_subject_alt_name) - 1;
}
/* A generic export function. Will export the given ASN.1 encoded data
* to PEM or DER raw data.
*/
-int _gnutls_x509_export_int( ASN1_TYPE asn1_data,
- gnutls_x509_crt_fmt format, char* pem_header,
- int tmp_buf_size, unsigned char* output_data, size_t* output_data_size)
+int _gnutls_x509_export_int(ASN1_TYPE asn1_data,
+ gnutls_x509_crt_fmt format, char *pem_header,
+ int tmp_buf_size, unsigned char *output_data,
+ size_t * output_data_size)
{
- int result, len;
- if (tmp_buf_size == 0) tmp_buf_size = 16*1024;
-
- if (format == GNUTLS_X509_FMT_DER) {
-
- if (output_data == NULL) *output_data_size = 0;
-
- len = *output_data_size;
-
- if ((result=asn1_der_coding( asn1_data, "", output_data, &len, NULL)) != ASN1_SUCCESS)
- {
- *output_data_size = len;
- if (result == ASN1_MEM_ERROR) {
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- *output_data_size = len;
-
- } else { /* PEM */
- opaque *tmp;
- opaque *out;
-
- len = tmp_buf_size;
-
- tmp = gnutls_alloca( len);
- if (tmp == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if ((result=asn1_der_coding( asn1_data, "", tmp, &len, NULL)) != ASN1_SUCCESS) {
- gnutls_assert();
- if (result == ASN1_MEM_ERROR) {
- *output_data_size = B64FSIZE(strlen(pem_header),len) + 1;
- }
- gnutls_afree(tmp);
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_fbase64_encode( pem_header,
- tmp, len, &out);
-
- gnutls_afree(tmp);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- if (result == 0) { /* oooops */
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if ((uint)result > *output_data_size) {
- gnutls_assert();
- gnutls_free(out);
- *output_data_size = result;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *output_data_size = result;
-
- if (output_data) {
- memcpy( output_data, out, result);
-
- /* do not include the null character into output size.
- */
- *output_data_size = result - 1;
- }
- gnutls_free( out);
-
+ int result, len;
+ if (tmp_buf_size == 0)
+ tmp_buf_size = 16 * 1024;
+
+ if (format == GNUTLS_X509_FMT_DER) {
+
+ if (output_data == NULL)
+ *output_data_size = 0;
+
+ len = *output_data_size;
+
+ if ((result =
+ asn1_der_coding(asn1_data, "", output_data, &len,
+ NULL)) != ASN1_SUCCESS) {
+ *output_data_size = len;
+ if (result == ASN1_MEM_ERROR) {
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ *output_data_size = len;
+
+ } else { /* PEM */
+ opaque *tmp;
+ opaque *out;
+
+ len = tmp_buf_size;
+
+ tmp = gnutls_alloca(len);
+ if (tmp == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if ((result =
+ asn1_der_coding(asn1_data, "", tmp, &len,
+ NULL)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ if (result == ASN1_MEM_ERROR) {
+ *output_data_size = B64FSIZE(strlen(pem_header), len) + 1;
+ }
+ gnutls_afree(tmp);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_fbase64_encode(pem_header, tmp, len, &out);
+
+ gnutls_afree(tmp);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (result == 0) { /* oooops */
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- return 0;
+ if ((uint) result > *output_data_size) {
+ gnutls_assert();
+ gnutls_free(out);
+ *output_data_size = result;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *output_data_size = result;
+
+ if (output_data) {
+ memcpy(output_data, out, result);
+
+ /* do not include the null character into output size.
+ */
+ *output_data_size = result - 1;
+ }
+ gnutls_free(out);
+
+ }
+
+ return 0;
}
@@ -728,71 +757,74 @@ int _gnutls_x509_export_int( ASN1_TYPE asn1_data,
* If str is non zero, then the output will be treated as
* an octet string.
*/
-int _gnutls_x509_read_value( ASN1_TYPE c, const char* root, gnutls_datum *ret, int str)
+int _gnutls_x509_read_value(ASN1_TYPE c, const char *root,
+ gnutls_datum * ret, int str)
{
-int len = 0, result;
-opaque* tmp = NULL;
-ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- result = asn1_read_value(c, root, NULL, &len);
- if (result != ASN1_MEM_ERROR) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- return result;
+ int len = 0, result;
+ opaque *tmp = NULL;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ result = asn1_read_value(c, root, NULL, &len);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ return result;
+ }
+
+ tmp = gnutls_malloc(len);
+ if (tmp == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value(c, root, tmp, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Extract the OCTET STRING.
+ */
+
+ if (str) {
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
- tmp = gnutls_malloc(len);
- if (tmp == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_read_value(c, root, tmp, &len);
+ result = asn1_der_decoding(&c2, tmp, len, NULL);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
- /* Extract the OCTET STRING.
- */
-
- if (str) {
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
- result = asn1_der_decoding(&c2, tmp, len, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ result = asn1_read_value(c2, "", tmp, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ }
- result = asn1_read_value(c2, "", tmp, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ ret->data = tmp;
+ ret->size = len;
- }
-
- ret->data = tmp;
- ret->size = len;
-
- return 0;
+ return 0;
- cleanup:
- if (c2) asn1_delete_structure(&c2);
- gnutls_free(tmp);
- return result;
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ gnutls_free(tmp);
+ return result;
}
@@ -800,78 +832,80 @@ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
* the given datum. If str is non null then the data are encoded as
* an OCTET STRING.
*/
-int _gnutls_x509_der_encode( ASN1_TYPE src, const char* src_name,
- gnutls_datum *res, int str)
+int _gnutls_x509_der_encode(ASN1_TYPE src, const char *src_name,
+ gnutls_datum * res, int str)
{
-int size, result;
-int asize;
-opaque *data = NULL;
-ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- size = 0;
- result = asn1_der_coding( src, src_name, NULL, &size, NULL);
- if (result != ASN1_MEM_ERROR) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ int size, result;
+ int asize;
+ opaque *data = NULL;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ size = 0;
+ result = asn1_der_coding(src, src_name, NULL, &size, NULL);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* allocate data for the der
+ */
+
+ if (str)
+ size += 16; /* for later to include the octet tags */
+ asize = size;
+
+ data = gnutls_malloc(size);
+ if (data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_der_coding(src, src_name, data, &size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (str) {
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
- /* allocate data for the der
- */
-
- if (str) size += 16; /* for later to include the octet tags */
- asize = size;
-
- data = gnutls_malloc( size);
- if (data == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
+ result = asn1_write_value(c2, "", data, size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
- result = asn1_der_coding( src, src_name, data, &size, NULL);
+ result = asn1_der_coding(c2, "", data, &asize, NULL);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
- if (str) {
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = asn1_write_value(c2, "", data, size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = asn1_der_coding(c2, "", data, &asize, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- size = asize;
-
- asn1_delete_structure( &c2);
- }
+ size = asize;
+
+ asn1_delete_structure(&c2);
+ }
- res->data = data;
- res->size = size;
- return 0;
+ res->data = data;
+ res->size = size;
+ return 0;
- cleanup:
- gnutls_free(data);
- asn1_delete_structure( &c2);
- return result;
+ cleanup:
+ gnutls_free(data);
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -880,431 +914,438 @@ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
* as OCTET. If str is non null then the data are encoded as
* an OCTET STRING.
*/
-int _gnutls_x509_der_encode_and_copy( ASN1_TYPE src, const char* src_name,
- ASN1_TYPE dest, const char* dest_name, int str)
+int _gnutls_x509_der_encode_and_copy(ASN1_TYPE src, const char *src_name,
+ ASN1_TYPE dest, const char *dest_name,
+ int str)
{
-int result;
-gnutls_datum encoded;
+ int result;
+ gnutls_datum encoded;
- result = _gnutls_x509_der_encode( src, src_name, &encoded, str);
+ result = _gnutls_x509_der_encode(src, src_name, &encoded, str);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Write the data.
- */
- result = asn1_write_value( dest, dest_name, encoded.data, encoded.size);
+ /* Write the data.
+ */
+ result = asn1_write_value(dest, dest_name, encoded.data, encoded.size);
- _gnutls_free_datum(&encoded);
+ _gnutls_free_datum(&encoded);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/* Writes the value of the datum in the given ASN1_TYPE. If str is non
* zero it encodes it as OCTET STRING.
*/
-int _gnutls_x509_write_value( ASN1_TYPE c, const char* root,
- const gnutls_datum *data, int str)
+int _gnutls_x509_write_value(ASN1_TYPE c, const char *root,
+ const gnutls_datum * data, int str)
{
-int result;
-int asize;
-ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-gnutls_datum val;
-
- asize = data->size + 16;
-
- val.data = gnutls_malloc( asize);
- if (val.data == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
+ int result;
+ int asize;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_datum val;
+
+ asize = data->size + 16;
+
+ val.data = gnutls_malloc(asize);
+ if (val.data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ if (str) {
+ /* Convert it to OCTET STRING
+ */
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
- if (str) {
- /* Convert it to OCTET STRING
- */
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = asn1_write_value(c2, "", data->data, data->size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode( c2, "", &val, 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- } else {
- val.data = data->data;
- val.size = data->size;
+ result = asn1_write_value(c2, "", data->data, data->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
- /* Write the data.
- */
- result = asn1_write_value( c, root, val.data, val.size);
+ result = _gnutls_x509_der_encode(c2, "", &val, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- if (val.data != data->data)
- _gnutls_free_datum(&val);
+ } else {
+ val.data = data->data;
+ val.size = data->size;
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ /* Write the data.
+ */
+ result = asn1_write_value(c, root, val.data, val.size);
- return 0;
-
- cleanup:
- if (val.data != data->data) _gnutls_free_datum( &val);
- return result;
+ if (val.data != data->data)
+ _gnutls_free_datum(&val);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
+
+ cleanup:
+ if (val.data != data->data)
+ _gnutls_free_datum(&val);
+ return result;
}
/* Encodes and copies the private key parameters into a
* subjectPublicKeyInfo structure.
*
*/
-int _gnutls_x509_encode_and_copy_PKI_params( ASN1_TYPE dst, const char* dst_name,
- gnutls_pk_algorithm pk_algorithm, mpi_t* params, int params_size)
+int _gnutls_x509_encode_and_copy_PKI_params(ASN1_TYPE dst,
+ const char *dst_name,
+ gnutls_pk_algorithm
+ pk_algorithm, mpi_t * params,
+ int params_size)
{
-const char* pk;
-gnutls_datum der = {NULL, 0};
-int result;
-char name[128];
-
- pk = _gnutls_x509_pk_to_oid( pk_algorithm);
- if (pk == NULL) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
-
- /* write the OID
+ const char *pk;
+ gnutls_datum der = { NULL, 0 };
+ int result;
+ char name[128];
+
+ pk = _gnutls_x509_pk_to_oid(pk_algorithm);
+ if (pk == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ /* write the OID
+ */
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".algorithm.algorithm");
+ result = asn1_write_value(dst, name, pk, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (pk_algorithm == GNUTLS_PK_RSA) {
+ /* disable parameters, which are not used in RSA.
*/
- _gnutls_str_cpy( name, sizeof(name), dst_name);
- _gnutls_str_cat( name, sizeof(name), ".algorithm.algorithm");
- result = asn1_write_value( dst, name, pk, 1);
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".algorithm.parameters");
+ result = asn1_write_value(dst, name, NULL, 0);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
- if (pk_algorithm == GNUTLS_PK_RSA) {
- /* disable parameters, which are not used in RSA.
- */
- _gnutls_str_cpy( name, sizeof(name), dst_name);
- _gnutls_str_cat( name, sizeof(name), ".algorithm.parameters");
- result = asn1_write_value( dst, name, NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_x509_write_rsa_params( params, params_size, &der);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Write the DER parameters. (in bits)
- */
- _gnutls_str_cpy( name, sizeof(name), dst_name);
- _gnutls_str_cat( name, sizeof(name), ".subjectPublicKey");
- result = asn1_write_value( dst, name, der.data, der.size*8);
-
- _gnutls_free_datum(&der);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
- } else if (pk_algorithm == GNUTLS_PK_DSA) {
-
- result = _gnutls_x509_write_dsa_params( params, params_size, &der);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Write the DER parameters.
- */
- _gnutls_str_cpy( name, sizeof(name), dst_name);
- _gnutls_str_cat( name, sizeof(name), ".algorithm.parameters");
- result = asn1_write_value( dst, name, der.data, der.size);
-
- _gnutls_free_datum(&der);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_x509_write_dsa_public_key( params, params_size, &der);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- _gnutls_str_cpy( name, sizeof(name), dst_name);
- _gnutls_str_cat( name, sizeof(name), ".subjectPublicKey");
- result = asn1_write_value( dst, name, der.data, der.size*8);
-
- _gnutls_free_datum(&der);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- } else return GNUTLS_E_UNIMPLEMENTED_FEATURE;
-
- return 0;
-}
+ result = _gnutls_x509_write_rsa_params(params, params_size, &der);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
-/* Reads and returns the PK algorithm of the given certificate-like
- * ASN.1 structure. src_name should be something like "tbsCertificate.subjectPublicKeyInfo".
- */
-int _gnutls_x509_get_pk_algorithm( ASN1_TYPE src, const char* src_name, unsigned int* bits)
-{
-int result;
-opaque *str = NULL;
-int algo;
-char oid[64];
-int len;
-mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
-char name[128];
-
- _gnutls_str_cpy( name, sizeof(name), src_name);
- _gnutls_str_cat( name, sizeof(name), ".algorithm.algorithm");
-
- len = sizeof(oid);
- result =
- asn1_read_value(src, name, oid, &len);
+ /* Write the DER parameters. (in bits)
+ */
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".subjectPublicKey");
+ result = asn1_write_value(dst, name, der.data, der.size * 8);
+
+ _gnutls_free_datum(&der);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
+ } else if (pk_algorithm == GNUTLS_PK_DSA) {
- algo = _gnutls_x509_oid2pk_algorithm( oid);
-
- if ( bits==NULL) {
- gnutls_free(str);
- return algo;
+ result = _gnutls_x509_write_dsa_params(params, params_size, &der);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
}
- /* Now read the parameters' bits
+ /* Write the DER parameters.
*/
- _gnutls_str_cpy( name, sizeof(name), src_name);
- _gnutls_str_cat( name, sizeof(name), ".subjectPublicKey");
-
- len = 0;
- result = asn1_read_value( src, name, NULL, &len);
- if (result != ASN1_MEM_ERROR) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".algorithm.parameters");
+ result = asn1_write_value(dst, name, der.data, der.size);
- if (len % 8 != 0) {
- gnutls_assert();
- return GNUTLS_E_CERTIFICATE_ERROR;
+ _gnutls_free_datum(&der);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
-
- len /= 8;
-
- str = gnutls_malloc( len);
- if (str == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+
+ result =
+ _gnutls_x509_write_dsa_public_key(params, params_size, &der);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
}
- _gnutls_str_cpy( name, sizeof(name), src_name);
- _gnutls_str_cat( name, sizeof(name), ".subjectPublicKey");
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".subjectPublicKey");
+ result = asn1_write_value(dst, name, der.data, der.size * 8);
+
+ _gnutls_free_datum(&der);
- result = asn1_read_value(src, name, str, &len);
-
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_free(str);
- return _gnutls_asn2err(result);
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
- len /= 8;
+ } else
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- if (algo==GNUTLS_PK_RSA) {
- if ((result=_gnutls_x509_read_rsa_params( str, len, params)) < 0) {
- gnutls_assert();
- return result;
- }
+ return 0;
+}
- bits[0] = _gnutls_mpi_get_nbits( params[0]);
-
- _gnutls_mpi_release( &params[0]);
- _gnutls_mpi_release( &params[1]);
- }
+/* Reads and returns the PK algorithm of the given certificate-like
+ * ASN.1 structure. src_name should be something like "tbsCertificate.subjectPublicKeyInfo".
+ */
+int _gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name,
+ unsigned int *bits)
+{
+ int result;
+ opaque *str = NULL;
+ int algo;
+ char oid[64];
+ int len;
+ mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
+ char name[128];
- if (algo==GNUTLS_PK_DSA) {
+ _gnutls_str_cpy(name, sizeof(name), src_name);
+ _gnutls_str_cat(name, sizeof(name), ".algorithm.algorithm");
- if ((result =
- _gnutls_x509_read_dsa_pubkey(str, len, params)) < 0) {
- gnutls_assert();
- return result;
- }
+ len = sizeof(oid);
+ result = asn1_read_value(src, name, oid, &len);
- bits[0] = _gnutls_mpi_get_nbits( params[3]);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- _gnutls_mpi_release( &params[3]);
- }
+ algo = _gnutls_x509_oid2pk_algorithm(oid);
+ if (bits == NULL) {
gnutls_free(str);
return algo;
-}
+ }
-ASN1_TYPE _asn1_find_node(ASN1_TYPE pointer,const char *name);
+ /* Now read the parameters' bits
+ */
+ _gnutls_str_cpy(name, sizeof(name), src_name);
+ _gnutls_str_cat(name, sizeof(name), ".subjectPublicKey");
-int _gnutls_asn1_copy_node( ASN1_TYPE *dst, const char* dst_name,
- ASN1_TYPE src, const char* src_name)
-{
+ len = 0;
+ result = asn1_read_value(src, name, NULL, &len);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- int result;
- gnutls_datum der;
- ASN1_TYPE dst_node;
+ if (len % 8 != 0) {
+ gnutls_assert();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
- result = _gnutls_x509_der_encode( src, src_name, &der, 0);
- if (result < 0) {
- gnutls_assert();
- return result;
+ len /= 8;
+
+ str = gnutls_malloc(len);
+ if (str == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_str_cpy(name, sizeof(name), src_name);
+ _gnutls_str_cat(name, sizeof(name), ".subjectPublicKey");
+
+ result = asn1_read_value(src, name, str, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(str);
+ return _gnutls_asn2err(result);
+ }
+
+ len /= 8;
+
+ if (algo == GNUTLS_PK_RSA) {
+ if ((result = _gnutls_x509_read_rsa_params(str, len, params)) < 0) {
+ gnutls_assert();
+ return result;
}
- dst_node=_asn1_find_node(*dst, dst_name);
- if(dst_node==NULL) {
- gnutls_assert();
- return _gnutls_asn2err(ASN1_ELEMENT_NOT_FOUND);
+ bits[0] = _gnutls_mpi_get_nbits(params[0]);
+
+ _gnutls_mpi_release(&params[0]);
+ _gnutls_mpi_release(&params[1]);
+ }
+
+ if (algo == GNUTLS_PK_DSA) {
+
+ if ((result = _gnutls_x509_read_dsa_pubkey(str, len, params)) < 0) {
+ gnutls_assert();
+ return result;
}
- result = asn1_der_decoding( &dst_node, der.data, der.size, NULL);
-
+ bits[0] = _gnutls_mpi_get_nbits(params[3]);
+
+ _gnutls_mpi_release(&params[3]);
+ }
+
+ gnutls_free(str);
+ return algo;
+}
+
+ASN1_TYPE _asn1_find_node(ASN1_TYPE pointer, const char *name);
+
+int _gnutls_asn1_copy_node(ASN1_TYPE * dst, const char *dst_name,
+ ASN1_TYPE src, const char *src_name)
+{
+
+ int result;
+ gnutls_datum der;
+ ASN1_TYPE dst_node;
+
+ result = _gnutls_x509_der_encode(src, src_name, &der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ dst_node = _asn1_find_node(*dst, dst_name);
+ if (dst_node == NULL) {
+ gnutls_assert();
+ return _gnutls_asn2err(ASN1_ELEMENT_NOT_FOUND);
+ }
+
+ result = asn1_der_decoding(&dst_node, der.data, der.size, NULL);
+
#if 0
- result = asn1_der_decoding_element( dst, dst_name, der.data,
- der.size, NULL);
+ result = asn1_der_decoding_element(dst, dst_name, der.data,
+ der.size, NULL);
#endif
- _gnutls_free_datum( &der);
+ _gnutls_free_datum(&der);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- return 0;
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/* Reads the DER signed data from the certificate and allocates space and
* returns them into signed_data.
*/
-int _gnutls_x509_get_signed_data( ASN1_TYPE src, const char* src_name, gnutls_datum * signed_data)
+int _gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name,
+ gnutls_datum * signed_data)
{
-gnutls_datum der;
-int start, end, result;
+ gnutls_datum der;
+ int start, end, result;
- result = _gnutls_x509_der_encode( src, "", &der, 0);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Get the signed data
- */
- result = asn1_der_decoding_startEnd( src, der.data, der.size,
- src_name, &start,
- &end);
- if (result != ASN1_SUCCESS) {
- result = _gnutls_asn2err(result);
- gnutls_assert();
- goto cleanup;
- }
+ result = _gnutls_x509_der_encode(src, "", &der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result =
- _gnutls_set_datum( signed_data, &der.data[start], end - start + 1);
+ /* Get the signed data
+ */
+ result = asn1_der_decoding_startEnd(src, der.data, der.size,
+ src_name, &start, &end);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ result =
+ _gnutls_set_datum(signed_data, &der.data[start], end - start + 1);
- result = 0;
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- cleanup:
- _gnutls_free_datum(&der);
+ result = 0;
- return result;
-}
+ cleanup:
+ _gnutls_free_datum(&der);
+
+ return result;
+}
/* Reads the DER signature from the certificate and allocates space and
* returns them into signed_data.
*/
-int _gnutls_x509_get_signature( ASN1_TYPE src, const char* src_name, gnutls_datum * signature)
+int _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name,
+ gnutls_datum * signature)
{
-int bits, result, len;
-
- signature->data = NULL;
- signature->size = 0;
-
- /* Read the signature
- */
- bits = 0;
- result = asn1_read_value( src, src_name, NULL, &bits);
-
- if (result != ASN1_MEM_ERROR) {
- result = _gnutls_asn2err(result);
- gnutls_assert();
- goto cleanup;
- }
-
- if (bits % 8 != 0) {
- gnutls_assert();
- result = GNUTLS_E_CERTIFICATE_ERROR;
- goto cleanup;
- }
+ int bits, result, len;
+
+ signature->data = NULL;
+ signature->size = 0;
+
+ /* Read the signature
+ */
+ bits = 0;
+ result = asn1_read_value(src, src_name, NULL, &bits);
+
+ if (result != ASN1_MEM_ERROR) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (bits % 8 != 0) {
+ gnutls_assert();
+ result = GNUTLS_E_CERTIFICATE_ERROR;
+ goto cleanup;
+ }
+
+ len = bits / 8;
+
+ signature->data = gnutls_malloc(len);
+ if (signature->data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ return result;
+ }
- len = bits/8;
+ /* read the bit string of the signature
+ */
+ bits = len;
+ result = asn1_read_value(src, src_name, signature->data, &bits);
- signature->data = gnutls_malloc( len);
- if (signature->data == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- return result;
- }
-
- /* read the bit string of the signature
- */
- bits = len;
- result = asn1_read_value( src, src_name, signature->data,
- &bits);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
- if (result != ASN1_SUCCESS) {
- result = _gnutls_asn2err(result);
- gnutls_assert();
- goto cleanup;
- }
-
- signature->size = len;
+ signature->size = len;
- return 0;
+ return 0;
- cleanup:
- return result;
+ cleanup:
+ return result;
}
diff --git a/lib/x509/compat.c b/lib/x509/compat.c
index 00fcd4629a..90aae9e60a 100644
--- a/lib/x509/compat.c
+++ b/lib/x509/compat.c
@@ -27,7 +27,7 @@
#include <gnutls_global.h>
#include <gnutls_errors.h>
-#include <string.h> /* memset */
+#include <string.h> /* memset */
#include <dn.h>
#include <libtasn1.h>
#include <gnutls/x509.h>
@@ -41,27 +41,26 @@
* Returns a (time_t) -1 in case of an error.
*
**/
-time_t _gnutls_x509_get_raw_crt_activation_time(const
- gnutls_datum *
- cert)
+time_t _gnutls_x509_get_raw_crt_activation_time(const gnutls_datum * cert)
{
- gnutls_x509_crt xcert;
- time_t result;
+ gnutls_x509_crt xcert;
+ time_t result;
- result = gnutls_x509_crt_init( &xcert);
- if (result < 0) return result;
-
- result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_x509_crt_deinit( xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_activation_time( xcert);
-
- gnutls_x509_crt_deinit( xcert);
-
+ result = gnutls_x509_crt_init(&xcert);
+ if (result < 0)
return result;
+
+ result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit(xcert);
+ return result;
+ }
+
+ result = gnutls_x509_crt_get_activation_time(xcert);
+
+ gnutls_x509_crt_deinit(xcert);
+
+ return result;
}
/**
@@ -73,26 +72,24 @@ time_t _gnutls_x509_get_raw_crt_activation_time(const
* Returns a (time_t) -1 in case of an error.
*
**/
-time_t _gnutls_x509_get_raw_crt_expiration_time(const
- gnutls_datum *
- cert)
+time_t _gnutls_x509_get_raw_crt_expiration_time(const gnutls_datum * cert)
{
- gnutls_x509_crt xcert;
- time_t result;
+ gnutls_x509_crt xcert;
+ time_t result;
- result = gnutls_x509_crt_init( &xcert);
- if (result < 0) return result;
-
- result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_x509_crt_deinit( xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_expiration_time( xcert);
-
- gnutls_x509_crt_deinit( xcert);
-
+ result = gnutls_x509_crt_init(&xcert);
+ if (result < 0)
return result;
-}
+ result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit(xcert);
+ return result;
+ }
+
+ result = gnutls_x509_crt_get_expiration_time(xcert);
+
+ gnutls_x509_crt_deinit(xcert);
+
+ return result;
+}
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index 3ae42dced9..3a6673b76d 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -48,20 +48,20 @@
**/
int gnutls_x509_crl_init(gnutls_x509_crl * crl)
{
- *crl = gnutls_calloc(1, sizeof(gnutls_x509_crl_int));
-
- if (*crl) {
- int result = asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.CertificateList",
- &(*crl)->crl);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_free( *crl);
- return _gnutls_asn2err(result);
- }
- return 0; /* success */
+ *crl = gnutls_calloc(1, sizeof(gnutls_x509_crl_int));
+
+ if (*crl) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.CertificateList",
+ &(*crl)->crl);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*crl);
+ return _gnutls_asn2err(result);
}
- return GNUTLS_E_MEMORY_ERROR;
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -73,12 +73,13 @@ int gnutls_x509_crl_init(gnutls_x509_crl * crl)
**/
void gnutls_x509_crl_deinit(gnutls_x509_crl crl)
{
- if (!crl) return;
+ if (!crl)
+ return;
- if (crl->crl)
- asn1_delete_structure(&crl->crl);
+ if (crl->crl)
+ asn1_delete_structure(&crl->crl);
- gnutls_free(crl);
+ gnutls_free(crl);
}
/**
@@ -98,57 +99,55 @@ void gnutls_x509_crl_deinit(gnutls_x509_crl crl)
int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data,
gnutls_x509_crt_fmt format)
{
- int result = 0, need_free = 0;
- gnutls_datum _data;
-
- _data.data = data->data;
- _data.size = data->size;
-
- if (crl == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ int result = 0, need_free = 0;
+ gnutls_datum _data;
- /* If the CRL is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM) {
- opaque *out;
+ _data.data = data->data;
+ _data.size = data->size;
- result =
- _gnutls_fbase64_decode(PEM_CRL, data->data, data->size,
- &out);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (result <= 0) {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert();
- return result;
- }
+ /* If the CRL is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ opaque *out;
- _data.data = out;
- _data.size = result;
+ result =
+ _gnutls_fbase64_decode(PEM_CRL, data->data, data->size, &out);
- need_free = 1;
+ if (result <= 0) {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert();
+ return result;
}
+ _data.data = out;
+ _data.size = result;
- result =
- asn1_der_decoding(&crl->crl, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS) {
- result = _gnutls_asn2err(result);
- gnutls_assert();
- goto cleanup;
- }
+ need_free = 1;
+ }
- if (need_free)
- _gnutls_free_datum(&_data);
- return 0;
+ result = asn1_der_decoding(&crl->crl, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
- cleanup:
- if (need_free)
- _gnutls_free_datum(&_data);
- return result;
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
@@ -170,16 +169,16 @@ int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data,
*
**/
int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl crl, char *buf,
- size_t *sizeof_buf)
+ size_t * sizeof_buf)
{
- if (crl == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_parse_dn(crl->crl,
- "tbsCertList.issuer.rdnSequence",
- buf, sizeof_buf);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn(crl->crl,
+ "tbsCertList.issuer.rdnSequence",
+ buf, sizeof_buf);
}
/**
@@ -208,17 +207,18 @@ int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl crl, char *buf,
*
**/
int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl crl,
- const char *oid, int indx, unsigned int raw_flag,
- void *buf, size_t *sizeof_buf)
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf)
{
- if (crl == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_parse_dn_oid(crl->crl,
- "tbsCertList.issuer.rdnSequence",
- oid, indx, raw_flag, buf, sizeof_buf);
+ return _gnutls_x509_parse_dn_oid(crl->crl,
+ "tbsCertList.issuer.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
}
/**
@@ -238,16 +238,17 @@ int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl crl,
* On success 0 is returned.
*
**/
-int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl crl,
- int indx, void *oid, size_t *sizeof_oid)
+int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl crl,
+ int indx, void *oid, size_t * sizeof_oid)
{
- if (crl==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn_oid( crl->crl,
- "tbsCertList.issuer.rdnSequence", indx, oid, sizeof_oid);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid(crl->crl,
+ "tbsCertList.issuer.rdnSequence", indx,
+ oid, sizeof_oid);
}
@@ -263,30 +264,32 @@ int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl crl,
**/
int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl crl)
{
- int result;
- gnutls_datum sa;
+ int result;
+ gnutls_datum sa;
- if (crl == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* Read the signature algorithm. Note that parameters are not
- * read. They will be read from the issuer's certificate if needed.
- */
-
- result = _gnutls_x509_read_value( crl->crl, "signatureAlgorithm.algorithm", &sa, 0);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- result = _gnutls_x509_oid2sign_algorithm( (const char*)sa.data);
+ /* Read the signature algorithm. Note that parameters are not
+ * read. They will be read from the issuer's certificate if needed.
+ */
- _gnutls_free_datum( &sa);
+ result =
+ _gnutls_x509_read_value(crl->crl, "signatureAlgorithm.algorithm",
+ &sa, 0);
+ if (result < 0) {
+ gnutls_assert();
return result;
+ }
+
+ result = _gnutls_x509_oid2sign_algorithm((const char *) sa.data);
+
+ _gnutls_free_datum(&sa);
+
+ return result;
}
/**
@@ -300,23 +303,23 @@ int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl crl)
**/
int gnutls_x509_crl_get_version(gnutls_x509_crl crl)
{
- opaque version[5];
- int len, result;
-
- if (crl == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof(version);
- if ((result =
- asn1_read_value(crl->crl, "tbsCertList.version", version,
- &len)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- return (int) version[0] + 1;
+ opaque version[5];
+ int len, result;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(version);
+ if ((result =
+ asn1_read_value(crl->crl, "tbsCertList.version", version,
+ &len)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return (int) version[0] + 1;
}
/**
@@ -330,13 +333,12 @@ int gnutls_x509_crl_get_version(gnutls_x509_crl crl)
**/
time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl crl)
{
- if (crl == NULL) {
- gnutls_assert();
- return (time_t)-1;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time(crl->crl,
- "tbsCertList.thisUpdate");
+ return _gnutls_x509_get_time(crl->crl, "tbsCertList.thisUpdate");
}
/**
@@ -352,13 +354,12 @@ time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl crl)
**/
time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl crl)
{
- if (crl == NULL) {
- gnutls_assert();
- return (time_t)-1;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time(crl->crl,
- "tbsCertList.nextUpdate");
+ return _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate");
}
/**
@@ -374,24 +375,23 @@ time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl crl)
int gnutls_x509_crl_get_crt_count(gnutls_x509_crl crl)
{
- int count, result;
+ int count, result;
- if (crl == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result =
- asn1_number_of_elements(crl->crl,
- "tbsCertList.revokedCertificates",
- &count);
+ result =
+ asn1_number_of_elements(crl->crl,
+ "tbsCertList.revokedCertificates", &count);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return 0; /* no certificates */
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return 0; /* no certificates */
+ }
- return count;
+ return count;
}
/**
@@ -409,50 +409,47 @@ int gnutls_x509_crl_get_crt_count(gnutls_x509_crl crl)
*
**/
int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl crl, int index,
- unsigned char *serial,
- size_t *serial_size, time_t * time)
+ unsigned char *serial,
+ size_t * serial_size, time_t * time)
{
- int result, _serial_size;
- char str_index[MAX_INT_DIGITS];
- char serial_name[64];
- char date_name[64];
-
- if (crl == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _gnutls_int2str(index + 1, str_index);
- _gnutls_str_cpy(serial_name, sizeof(serial_name),
- "tbsCertList.revokedCertificates.?");
- _gnutls_str_cat(serial_name, sizeof(serial_name), str_index);
- _gnutls_str_cat(serial_name, sizeof(serial_name),
- ".userCertificate");
-
- _gnutls_str_cpy(date_name, sizeof(date_name),
- "tbsCertList.revokedCertificates.?");
- _gnutls_str_cat(date_name, sizeof(date_name), str_index);
- _gnutls_str_cat(date_name, sizeof(date_name), ".revocationDate");
-
- _serial_size = *serial_size;
- result =
- asn1_read_value(crl->crl, serial_name, serial,
- &_serial_size);
-
- *serial_size = _serial_size;
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- return _gnutls_asn2err(result);
- }
-
- if (time) {
- *time = _gnutls_x509_get_time(crl->crl, date_name);
- }
-
- return 0;
+ int result, _serial_size;
+ char str_index[MAX_INT_DIGITS];
+ char serial_name[64];
+ char date_name[64];
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _gnutls_int2str(index + 1, str_index);
+ _gnutls_str_cpy(serial_name, sizeof(serial_name),
+ "tbsCertList.revokedCertificates.?");
+ _gnutls_str_cat(serial_name, sizeof(serial_name), str_index);
+ _gnutls_str_cat(serial_name, sizeof(serial_name), ".userCertificate");
+
+ _gnutls_str_cpy(date_name, sizeof(date_name),
+ "tbsCertList.revokedCertificates.?");
+ _gnutls_str_cat(date_name, sizeof(date_name), str_index);
+ _gnutls_str_cat(date_name, sizeof(date_name), ".revocationDate");
+
+ _serial_size = *serial_size;
+ result = asn1_read_value(crl->crl, serial_name, serial, &_serial_size);
+
+ *serial_size = _serial_size;
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return _gnutls_asn2err(result);
+ }
+
+ if (time) {
+ *time = _gnutls_x509_get_time(crl->crl, date_name);
+ }
+
+ return 0;
}
/*-
@@ -469,63 +466,65 @@ int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl crl, int index,
int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl crl,
gnutls_datum * dn)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len1;
- int start1, end1;
- gnutls_datum crl_signed_data;
-
- if (crl == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* get the issuer of 'crl'
- */
- if ((result =
- asn1_create_element(_gnutls_get_pkix(), "PKIX1.TBSCertList",
- &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_x509_get_signed_data( crl->crl, "tbsCertList", &crl_signed_data);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- result =
- asn1_der_decoding(&c2, crl_signed_data.data,
- crl_signed_data.size, NULL);
- if (result != ASN1_SUCCESS) {
- /* couldn't decode DER */
- gnutls_assert();
- asn1_delete_structure(&c2);
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len1;
+ int start1, end1;
+ gnutls_datum crl_signed_data;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* get the issuer of 'crl'
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.TBSCertList",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_get_signed_data(crl->crl, "tbsCertList",
+ &crl_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ asn1_der_decoding(&c2, crl_signed_data.data,
+ crl_signed_data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- result =
- asn1_der_decoding_startEnd(c2, crl_signed_data.data,
- crl_signed_data.size, "issuer",
- &start1, &end1);
+ result =
+ asn1_der_decoding_startEnd(c2, crl_signed_data.data,
+ crl_signed_data.size, "issuer",
+ &start1, &end1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- len1 = end1 - start1 + 1;
+ len1 = end1 - start1 + 1;
- _gnutls_set_datum( dn, &crl_signed_data.data[start1], len1);
+ _gnutls_set_datum(dn, &crl_signed_data.data[start1], len1);
- result = 0;
+ result = 0;
-cleanup:
- asn1_delete_structure(&c2);
- _gnutls_free_datum( &crl_signed_data);
- return result;
+ cleanup:
+ asn1_delete_structure(&c2);
+ _gnutls_free_datum(&crl_signed_data);
+ return result;
}
/**
@@ -546,16 +545,18 @@ cleanup:
* Returns 0 on success, and a negative value on failure.
*
**/
-int gnutls_x509_crl_export( gnutls_x509_crl crl,
- gnutls_x509_crt_fmt format, void* output_data, size_t* output_data_size)
+int gnutls_x509_crl_export(gnutls_x509_crl crl,
+ gnutls_x509_crt_fmt format, void *output_data,
+ size_t * output_data_size)
{
- if (crl == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_export_int( crl->crl, format, PEM_CRL, *output_data_size,
- output_data, output_data_size);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int(crl->crl, format, PEM_CRL,
+ *output_data_size, output_data,
+ output_data_size);
}
/*-
@@ -570,42 +571,43 @@ int gnutls_x509_crl_export( gnutls_x509_crl crl,
-*/
int _gnutls_x509_crl_cpy(gnutls_x509_crl dest, gnutls_x509_crl src)
{
-int ret;
-size_t der_size;
-opaque * der;
-gnutls_datum tmp;
-
- ret = gnutls_x509_crl_export( src, GNUTLS_X509_FMT_DER, NULL, &der_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
- gnutls_assert();
- return ret;
- }
-
- der = gnutls_alloca( der_size);
- if (der == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ int ret;
+ size_t der_size;
+ opaque *der;
+ gnutls_datum tmp;
+
+ ret =
+ gnutls_x509_crl_export(src, GNUTLS_X509_FMT_DER, NULL, &der_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ return ret;
+ }
+
+ der = gnutls_alloca(der_size);
+ if (der == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ret = gnutls_x509_crl_export( src, GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0) {
- gnutls_assert();
- gnutls_afree( der);
- return ret;
- }
+ ret = gnutls_x509_crl_export(src, GNUTLS_X509_FMT_DER, der, &der_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_afree(der);
+ return ret;
+ }
- tmp.data = der;
- tmp.size = der_size;
- ret = gnutls_x509_crl_import( dest, &tmp, GNUTLS_X509_FMT_DER);
+ tmp.data = der;
+ tmp.size = der_size;
+ ret = gnutls_x509_crl_import(dest, &tmp, GNUTLS_X509_FMT_DER);
- gnutls_afree( der);
+ gnutls_afree(der);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c
index 7545f2c6a8..c68889cf52 100644
--- a/lib/x509/crl_write.c
+++ b/lib/x509/crl_write.c
@@ -41,7 +41,7 @@
#include <libtasn1.h>
#include <gnutls_ui.h>
-static void disable_optional_stuff( gnutls_x509_crl crl);
+static void disable_optional_stuff(gnutls_x509_crl crl);
/**
* gnutls_x509_crl_set_version - This function will set the CRL version
@@ -57,24 +57,25 @@ static void disable_optional_stuff( gnutls_x509_crl crl);
**/
int gnutls_x509_crl_set_version(gnutls_x509_crl crl, unsigned int version)
{
-int result;
-char null = version;
+ int result;
+ char null = version;
- if (crl==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- null -= 1;
- if (null < 0) null = 0;
+ null -= 1;
+ if (null < 0)
+ null = 0;
- result = asn1_write_value( crl->crl, "tbsCertList.version", &null, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ result = asn1_write_value(crl->crl, "tbsCertList.version", &null, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/**
@@ -92,28 +93,28 @@ char null = version;
* Returns 0 on success.
*
**/
-int gnutls_x509_crl_sign(gnutls_x509_crl crl, gnutls_x509_crt issuer,
- gnutls_x509_privkey issuer_key)
+int gnutls_x509_crl_sign(gnutls_x509_crl crl, gnutls_x509_crt issuer,
+ gnutls_x509_privkey issuer_key)
{
-int result;
-
- if (crl==NULL || issuer == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* disable all the unneeded OPTIONAL fields.
- */
- disable_optional_stuff( crl);
-
- result = _gnutls_x509_pkix_sign( crl->crl, "tbsCertList", issuer,
- issuer_key);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- return 0;
+ int result;
+
+ if (crl == NULL || issuer == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* disable all the unneeded OPTIONAL fields.
+ */
+ disable_optional_stuff(crl);
+
+ result = _gnutls_x509_pkix_sign(crl->crl, "tbsCertList", issuer,
+ issuer_key);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -128,12 +129,13 @@ int result;
**/
int gnutls_x509_crl_set_this_update(gnutls_x509_crl crl, time_t act_time)
{
- if (crl==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_set_time( crl->crl, "tbsCertList.thisUpdate", act_time);
+ return _gnutls_x509_set_time(crl->crl, "tbsCertList.thisUpdate",
+ act_time);
}
/**
@@ -148,11 +150,12 @@ int gnutls_x509_crl_set_this_update(gnutls_x509_crl crl, time_t act_time)
**/
int gnutls_x509_crl_set_next_update(gnutls_x509_crl crl, time_t exp_time)
{
- if (crl==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
- return _gnutls_x509_set_time( crl->crl, "tbsCertList.nextUpdate", exp_time);
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ return _gnutls_x509_set_time(crl->crl, "tbsCertList.nextUpdate",
+ exp_time);
}
/**
@@ -167,42 +170,53 @@ int gnutls_x509_crl_set_next_update(gnutls_x509_crl crl, time_t exp_time)
* Returns 0 on success, or a negative value in case of an error.
*
**/
-int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl crl, const void* serial,
- size_t serial_size, time_t revocation_time)
+int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl crl, const void *serial,
+ size_t serial_size,
+ time_t revocation_time)
{
- int ret;
-
- if (crl==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = asn1_write_value(crl->crl, "tbsCertList.revokedCertificates", "NEW", 1);
- if (ret != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(ret);
- }
-
- ret = asn1_write_value(crl->crl, "tbsCertList.revokedCertificates.?LAST.userCertificate", serial, serial_size);
- if (ret != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(ret);
- }
-
- ret = _gnutls_x509_set_time( crl->crl, "tbsCertList.revokedCertificates.?LAST.revocationDate",
- revocation_time);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = asn1_write_value(crl->crl, "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions", NULL, 0);
- if (ret != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(ret);
- }
-
- return 0;
+ int ret;
+
+ if (crl == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ asn1_write_value(crl->crl, "tbsCertList.revokedCertificates",
+ "NEW", 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret =
+ asn1_write_value(crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.userCertificate",
+ serial, serial_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ ret =
+ _gnutls_x509_set_time(crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.revocationDate",
+ revocation_time);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ asn1_write_value(crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
+ NULL, 0);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/**
@@ -217,43 +231,45 @@ int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl crl, const void* serial,
*
**/
int gnutls_x509_crl_set_crt(gnutls_x509_crl crl, gnutls_x509_crt crt,
- time_t revocation_time)
+ time_t revocation_time)
{
- int ret;
- opaque serial[128];
- size_t serial_size;
-
- if (crl==NULL || crt == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- serial_size = sizeof(serial);
- ret = gnutls_x509_crt_get_serial(crt, serial, &serial_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_x509_crl_set_crt_serial( crl, serial, serial_size, revocation_time);
- if (ret < 0) {
- gnutls_assert();
- return _gnutls_asn2err(ret);
- }
-
- return 0;
+ int ret;
+ opaque serial[128];
+ size_t serial_size;
+
+ if (crl == NULL || crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ serial_size = sizeof(serial);
+ ret = gnutls_x509_crt_get_serial(crt, serial, &serial_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crl_set_crt_serial(crl, serial, serial_size,
+ revocation_time);
+ if (ret < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
+
+ return 0;
}
/* If OPTIONAL fields have not been initialized then
* disable them.
*/
-static void disable_optional_stuff( gnutls_x509_crl crl)
+static void disable_optional_stuff(gnutls_x509_crl crl)
{
- asn1_write_value( crl->crl, "tbsCertList.crlExtensions", NULL, 0);
+ asn1_write_value(crl->crl, "tbsCertList.crlExtensions", NULL, 0);
- return;
+ return;
}
-#endif /* ENABLE_PKI */
+#endif /* ENABLE_PKI */
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index e6d4d1669c..0bbf0b903b 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -52,20 +52,20 @@
**/
int gnutls_x509_crq_init(gnutls_x509_crq * crq)
{
- *crq = gnutls_calloc( 1, sizeof(gnutls_x509_crq_int));
-
- if (*crq) {
- int result = asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-10-CertificationRequest",
- &((*crq)->crq));
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_free( *crq);
- return _gnutls_asn2err(result);
- }
- return 0; /* success */
+ *crq = gnutls_calloc(1, sizeof(gnutls_x509_crq_int));
+
+ if (*crq) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-10-CertificationRequest",
+ &((*crq)->crq));
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*crq);
+ return _gnutls_asn2err(result);
}
- return GNUTLS_E_MEMORY_ERROR;
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -77,12 +77,13 @@ int gnutls_x509_crq_init(gnutls_x509_crq * crq)
**/
void gnutls_x509_crq_deinit(gnutls_x509_crq crq)
{
- if (!crq) return;
+ if (!crq)
+ return;
- if (crq->crq)
- asn1_delete_structure(&crq->crq);
+ if (crq->crq)
+ asn1_delete_structure(&crq->crq);
- gnutls_free(crq);
+ gnutls_free(crq);
}
#define PEM_CRQ "NEW CERTIFICATE REQUEST"
@@ -103,56 +104,59 @@ void gnutls_x509_crq_deinit(gnutls_x509_crq crq)
*
**/
int gnutls_x509_crq_import(gnutls_x509_crq crq, const gnutls_datum * data,
- gnutls_x509_crt_fmt format)
+ gnutls_x509_crt_fmt format)
{
- int result = 0, need_free = 0;
- gnutls_datum _data;
+ int result = 0, need_free = 0;
+ gnutls_datum _data;
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ opaque *out;
+
+ /* Try the first header */
+ result = _gnutls_fbase64_decode(PEM_CRQ, data->data, data->size,
+ &out);
+
+ if (result <= 0) /* Go for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_CRQ2, data->data, data->size,
+ &out);
+
+ if (result <= 0) {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert();
+ return result;
}
-
- _data.data = data->data;
- _data.size = data->size;
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM) {
- opaque *out;
-
- /* Try the first header */
- result = _gnutls_fbase64_decode(PEM_CRQ, data->data, data->size,
- &out);
-
- if (result <= 0) /* Go for the second header */
- result = _gnutls_fbase64_decode(PEM_CRQ2, data->data, data->size,
- &out);
-
- if (result <= 0) {
- if (result==0) result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert();
- return result;
- }
-
- _data.data = out;
- _data.size = result;
-
- need_free = 1;
- }
+ _data.data = out;
+ _data.size = result;
- result = asn1_der_decoding(&crq->crq, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS) {
- result = _gnutls_asn2err(result);
- gnutls_assert();
- goto cleanup;
- }
+ need_free = 1;
+ }
- result = 0;
+ result = asn1_der_decoding(&crq->crq, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
- cleanup:
- if (need_free) _gnutls_free_datum( &_data);
- return result;
+ result = 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
@@ -175,15 +179,16 @@ int gnutls_x509_crq_import(gnutls_x509_crq crq, const gnutls_datum * data,
*
**/
int gnutls_x509_crq_get_dn(gnutls_x509_crq crq, char *buf,
- size_t *sizeof_buf)
+ size_t * sizeof_buf)
{
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_parse_dn( crq->crq, "certificationRequestInfo.subject.rdnSequence",
- buf, sizeof_buf);
+ return _gnutls_x509_parse_dn(crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ buf, sizeof_buf);
}
/**
@@ -211,16 +216,18 @@ int gnutls_x509_crq_get_dn(gnutls_x509_crq crq, char *buf,
* On success 0 is returned.
*
**/
-int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq crq, const char* oid,
- int indx, unsigned int raw_flag, void *buf, size_t *sizeof_buf)
+int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq crq, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
{
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_parse_dn_oid( crq->crq, "certificationRequestInfo.subject.rdnSequence",
- oid, indx, raw_flag, buf, sizeof_buf);
+ return _gnutls_x509_parse_dn_oid(crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
}
/**
@@ -241,15 +248,16 @@ int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq crq, const char* oid,
*
**/
int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq crq,
- int indx, void *oid, size_t *sizeof_oid)
+ int indx, void *oid, size_t * sizeof_oid)
{
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_get_dn_oid( crq->crq, "certificationRequestInfo.subject.rdnSequence",
- indx, oid, sizeof_oid);
+ return _gnutls_x509_get_dn_oid(crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ indx, oid, sizeof_oid);
}
/* Parses an Attribute list in the asn1_struct, and searches for the
@@ -261,134 +269,117 @@ int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq crq,
*
*/
static int parse_attribute(ASN1_TYPE asn1_struct,
- const char *attr_name,
- const char *given_oid, int indx,
- char *buf, size_t *sizeof_buf)
+ const char *attr_name,
+ const char *given_oid, int indx,
+ char *buf, size_t * sizeof_buf)
{
- int k1, result;
- char tmpbuffer1[64];
- char tmpbuffer3[64];
- char counter[MAX_INT_DIGITS];
- char value[200];
- char oid[128];
- int len, printable;
-
- if (*sizeof_buf == 0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ int k1, result;
+ char tmpbuffer1[64];
+ char tmpbuffer3[64];
+ char counter[MAX_INT_DIGITS];
+ char value[200];
+ char oid[128];
+ int len, printable;
+
+ if (*sizeof_buf == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ buf[0] = 0;
+
+ k1 = 0;
+ do {
+
+ k1++;
+ /* create a string like "attribute.?1"
+ */
+ _gnutls_int2str(k1, counter);
+ _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), attr_name);
+
+ if (strlen(tmpbuffer1) > 0)
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), ".");
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?");
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter);
+
+ len = sizeof(value) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
}
- buf[0] = 0;
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- k1 = 0;
- do {
+ /* Move to the attibute type and values
+ */
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer1);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type");
+
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- k1++;
- /* create a string like "attribute.?1"
- */
- _gnutls_int2str(k1, counter);
- _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1),
- attr_name);
+ if (strcmp(oid, given_oid) == 0) { /* Found the OID */
- if (strlen( tmpbuffer1) > 0)
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), ".");
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?");
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter);
+ /* Read the Value
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer1);
- len = sizeof(value) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+ _gnutls_int2str(indx + 1, counter);
+
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".values.?");
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), counter);
+
+ len = sizeof(value) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer3, value, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- gnutls_assert();
- break;
- }
- if (result != ASN1_VALUE_NOT_FOUND) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ printable = _gnutls_x509_oid_data_printable(oid);
+
+ if (printable == 1) {
+ if ((result =
+ _gnutls_x509_oid_data2string
+ (oid, value, len, buf, sizeof_buf)) < 0) {
+ gnutls_assert();
+ goto cleanup;
}
- /* Move to the attibute type and values
- */
- /* Read the OID
- */
- _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
- tmpbuffer1);
- _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
- ".type");
-
- len = sizeof(oid) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer3, oid,
- &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if (strcmp(oid, given_oid) == 0) { /* Found the OID */
-
- /* Read the Value
- */
- _gnutls_str_cpy(tmpbuffer3,
- sizeof(tmpbuffer3),
- tmpbuffer1);
-
- _gnutls_int2str(indx + 1, counter);
-
- _gnutls_str_cat(tmpbuffer3,
- sizeof(tmpbuffer3),
- ".values.?");
- _gnutls_str_cat(tmpbuffer3,
- sizeof(tmpbuffer3),
- counter);
-
- len = sizeof(value) - 1;
- result =
- asn1_read_value(asn1_struct,
- tmpbuffer3, value,
- &len);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
-
- printable =
- _gnutls_x509_oid_data_printable(oid);
-
- if (printable == 1) {
- if ((result =
- _gnutls_x509_oid_data2string
- (oid, value, len, buf,
- sizeof_buf)) < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- return 0;
- } else {
- gnutls_assert();
- return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE;
- }
- }
-
- } while (1);
+ return 0;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE;
+ }
+ }
- gnutls_assert();
+ } while (1);
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ gnutls_assert();
- cleanup:
- return result;
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ cleanup:
+ return result;
}
/**
@@ -403,16 +394,17 @@ static int parse_attribute(ASN1_TYPE asn1_struct,
* Returns 0 on success.
*
**/
-int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq crq,
- char* pass, size_t* sizeof_pass)
+int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq crq,
+ char *pass,
+ size_t * sizeof_pass)
{
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return parse_attribute( crq->crq, "certificationRequestInfo.attributes",
- "1.2.840.113549.1.9.7", 0, pass, sizeof_pass);
+ return parse_attribute(crq->crq, "certificationRequestInfo.attributes",
+ "1.2.840.113549.1.9.7", 0, pass, sizeof_pass);
}
/**
@@ -435,15 +427,17 @@ int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq crq,
* Returns 0 on success.
*
**/
-int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq crq, const char* oid,
- unsigned int raw_flag, const void *data, unsigned int sizeof_data)
+int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq crq, const char *oid,
+ unsigned int raw_flag, const void *data,
+ unsigned int sizeof_data)
{
- if (sizeof_data == 0 || data == NULL || crq == NULL) {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_set_dn_oid( crq->crq, "certificationRequestInfo.subject",
- oid, raw_flag, data, sizeof_data);
+ if (sizeof_data == 0 || data == NULL || crq == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_dn_oid(crq->crq,
+ "certificationRequestInfo.subject", oid,
+ raw_flag, data, sizeof_data);
}
/**
@@ -459,23 +453,26 @@ int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq crq, const char* oid,
**/
int gnutls_x509_crq_set_version(gnutls_x509_crq crq, unsigned int version)
{
-int result;
-unsigned char null = version;
+ int result;
+ unsigned char null = version;
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (null > 0) null--;
-
- result = asn1_write_value( crq->crq, "certificationRequestInfo.version", &null, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (null > 0)
+ null--;
+
+ result =
+ asn1_write_value(crq->crq, "certificationRequestInfo.version",
+ &null, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/**
@@ -489,24 +486,26 @@ unsigned char null = version;
**/
int gnutls_x509_crq_get_version(gnutls_x509_crq crq)
{
- opaque version[5];
- int len, result;
+ opaque version[5];
+ int len, result;
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- len = sizeof(version);
- if ((result = asn1_read_value(crq->crq, "certificationRequestInfo.version", version, &len)) !=
- ASN1_SUCCESS) {
-
- if (result == ASN1_ELEMENT_NOT_FOUND) return 1; /* the DEFAULT version */
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ len = sizeof(version);
+ if ((result =
+ asn1_read_value(crq->crq, "certificationRequestInfo.version",
+ version, &len)) != ASN1_SUCCESS) {
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return (int) version[0] + 1;
+ return (int) version[0] + 1;
}
/**
@@ -522,23 +521,25 @@ int gnutls_x509_crq_get_version(gnutls_x509_crq crq)
**/
int gnutls_x509_crq_set_key(gnutls_x509_crq crq, gnutls_x509_privkey key)
{
-int result;
+ int result;
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_encode_and_copy_PKI_params( crq->crq,
- "certificationRequestInfo.subjectPKInfo", key->pk_algorithm,
- key->params, key->params_size);
+ result = _gnutls_x509_encode_and_copy_PKI_params(crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ key->pk_algorithm,
+ key->params,
+ key->params_size);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -551,32 +552,38 @@ int result;
* Returns 0 on success.
*
**/
-int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq crq, const char* pass)
+int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq crq,
+ const char *pass)
{
-int result;
-
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ int result;
- /* Add the attribute.
- */
- result = asn1_write_value( crq->crq, "certificationRequestInfo.attributes", "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Add the attribute.
+ */
+ result =
+ asn1_write_value(crq->crq, "certificationRequestInfo.attributes",
+ "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- result = _gnutls_x509_encode_and_write_attribute( "1.2.840.113549.1.9.7", crq->crq,
- "certificationRequestInfo.attributes.?LAST", pass, strlen(pass), 1);
+ result =
+ _gnutls_x509_encode_and_write_attribute("1.2.840.113549.1.9.7",
+ crq->crq,
+ "certificationRequestInfo.attributes.?LAST",
+ pass, strlen(pass), 1);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -596,45 +603,49 @@ int result;
**/
int gnutls_x509_crq_sign(gnutls_x509_crq crq, gnutls_x509_privkey key)
{
-int result;
-gnutls_datum signature;
+ int result;
+ gnutls_datum signature;
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* Step 1. Self sign the request.
- */
- result = _gnutls_x509_sign_tbs( crq->crq, "certificationRequestInfo", GNUTLS_MAC_SHA,
- key, &signature);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ /* Step 1. Self sign the request.
+ */
+ result =
+ _gnutls_x509_sign_tbs(crq->crq, "certificationRequestInfo",
+ GNUTLS_MAC_SHA, key, &signature);
- /* Step 2. write the signature (bits)
- */
- result = asn1_write_value( crq->crq, "signature", signature.data, signature.size*8);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- _gnutls_free_datum( &signature);
+ /* Step 2. write the signature (bits)
+ */
+ result =
+ asn1_write_value(crq->crq, "signature", signature.data,
+ signature.size * 8);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ _gnutls_free_datum(&signature);
- /* Step 3. Write the signatureAlgorithm field.
- */
- result = _gnutls_x509_write_sig_params( crq->crq, "signatureAlgorithm",
- key->pk_algorithm, key->params, key->params_size);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Step 3. Write the signatureAlgorithm field.
+ */
+ result = _gnutls_x509_write_sig_params(crq->crq, "signatureAlgorithm",
+ key->pk_algorithm, key->params,
+ key->params_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -656,16 +667,18 @@ gnutls_datum signature;
* 0 on success.
*
**/
-int gnutls_x509_crq_export( gnutls_x509_crq crq,
- gnutls_x509_crt_fmt format, void* output_data, size_t* output_data_size)
+int gnutls_x509_crq_export(gnutls_x509_crq crq,
+ gnutls_x509_crt_fmt format, void *output_data,
+ size_t * output_data_size)
{
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return _gnutls_x509_export_int( crq->crq, format, PEM_CRQ, *output_data_size,
- output_data, output_data_size);
+ return _gnutls_x509_export_int(crq->crq, format, PEM_CRQ,
+ *output_data_size, output_data,
+ output_data_size);
}
/**
@@ -685,22 +698,25 @@ int gnutls_x509_crq_export( gnutls_x509_crq crq,
* or a negative value on error.
*
**/
-int gnutls_x509_crq_get_pk_algorithm( gnutls_x509_crq crq, unsigned int* bits)
+int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq crq,
+ unsigned int *bits)
{
-int result;
+ int result;
- if (crq==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ _gnutls_x509_get_pk_algorithm(crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ bits);
+ if (result < 0) {
+ gnutls_assert();
+ }
- result = _gnutls_x509_get_pk_algorithm( crq->crq, "certificationRequestInfo.subjectPKInfo",
- bits);
- if (result < 0) {
- gnutls_assert();
- }
-
- return result;
+ return result;
}
-#endif /* ENABLE_PKI */
+#endif /* ENABLE_PKI */
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index ef0e6401cc..aa626c8a4a 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -39,40 +39,40 @@
*/
static const char *oid2ldap_string(const char *oid)
{
- const char *ret;
+ const char *ret;
- ret = _gnutls_x509_oid2ldap_string(oid);
- if (ret)
- return ret;
+ ret = _gnutls_x509_oid2ldap_string(oid);
+ if (ret)
+ return ret;
- /* else return the OID in dotted format */
- return oid;
+ /* else return the OID in dotted format */
+ return oid;
}
/* Escapes a string following the rules from RFC2253.
*/
static char *str_escape(char *str, char *buffer, unsigned int buffer_size)
{
- int str_length, j, i;
+ int str_length, j, i;
- if (str == NULL || buffer == NULL)
- return NULL;
+ if (str == NULL || buffer == NULL)
+ return NULL;
- str_length = GMIN(strlen(str), buffer_size - 1);
+ str_length = GMIN(strlen(str), buffer_size - 1);
- for (i = j = 0; i < str_length; i++) {
- if (str[i] == ',' || str[i] == '+' || str[i] == '"'
- || str[i] == '\\' || str[i] == '<' || str[i] == '>'
- || str[i] == ';')
- buffer[j++] = '\\';
+ for (i = j = 0; i < str_length; i++) {
+ if (str[i] == ',' || str[i] == '+' || str[i] == '"'
+ || str[i] == '\\' || str[i] == '<' || str[i] == '>'
+ || str[i] == ';')
+ buffer[j++] = '\\';
- buffer[j++] = str[i];
- }
+ buffer[j++] = str[i];
+ }
- /* null terminate the string */
- buffer[j] = 0;
+ /* null terminate the string */
+ buffer[j] = 0;
- return buffer;
+ return buffer;
}
/* Parses an X509 DN in the asn1_struct, and puts the output into
@@ -85,251 +85,233 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
const char *asn1_rdn_name, char *buf,
size_t * sizeof_buf)
{
- gnutls_string out_str;
- int k2, k1, result;
- char tmpbuffer1[64];
- char tmpbuffer2[64];
- char tmpbuffer3[64];
- char counter[MAX_INT_DIGITS];
- opaque value[256], *value2 = NULL;
- char *escaped = NULL;
- const char *ldap_desc;
- char oid[128];
- int len, printable;
- char* string = NULL;
- size_t sizeof_string ,sizeof_escaped;
-
- if (sizeof_buf == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ gnutls_string out_str;
+ int k2, k1, result;
+ char tmpbuffer1[64];
+ char tmpbuffer2[64];
+ char tmpbuffer3[64];
+ char counter[MAX_INT_DIGITS];
+ opaque value[256], *value2 = NULL;
+ char *escaped = NULL;
+ const char *ldap_desc;
+ char oid[128];
+ int len, printable;
+ char *string = NULL;
+ size_t sizeof_string, sizeof_escaped;
+
+ if (sizeof_buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (buf)
+ buf[0] = 0;
+ else
+ *sizeof_buf = 0;
+
+ _gnutls_string_init(&out_str, gnutls_malloc, gnutls_realloc,
+ gnutls_free);
+
+ k1 = 0;
+ do {
+
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ _gnutls_int2str(k1, counter);
+ _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name);
+ if (strlen(tmpbuffer1) > 0)
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), ".");
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?");
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter);
+
+ len = sizeof(value) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
}
- if (buf)
- buf[0] = 0;
- else
- *sizeof_buf = 0;
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- _gnutls_string_init(&out_str, gnutls_malloc, gnutls_realloc,
- gnutls_free);
+ k2 = 0;
- k1 = 0;
- do {
+ do { /* Move to the attibute type and values
+ */
+ k2++;
- k1++;
- /* create a string like "tbsCertList.issuer.rdnSequence.?1"
- */
- _gnutls_int2str(k1, counter);
- _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1),
- asn1_rdn_name);
- if (strlen(tmpbuffer1) > 0)
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1),
- ".");
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?");
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter);
-
- len = sizeof(value) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+ _gnutls_int2str(k2, counter);
+ _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1);
+ if (strlen(tmpbuffer2) > 0)
+ _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), ".");
+ _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?");
+ _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter);
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- break;
- }
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
- if (result != ASN1_VALUE_NOT_FOUND) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ len = sizeof(value) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- k2 = 0;
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type");
- do { /* Move to the attibute type and values
- */
- k2++;
-
- _gnutls_int2str(k2, counter);
- _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2),
- tmpbuffer1);
- if (strlen(tmpbuffer2) > 0)
- _gnutls_str_cat(tmpbuffer2,
- sizeof(tmpbuffer2), ".");
- _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2),
- "?");
- _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2),
- counter);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof(value) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer2, value,
- &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- if (result != ASN1_VALUE_NOT_FOUND) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len);
- /* Read the OID
- */
- _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
- tmpbuffer2);
- _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
- ".type");
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- len = sizeof(oid) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer3, oid,
- &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ /* Read the Value
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".value");
- /* Read the Value
- */
- _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
- tmpbuffer2);
- _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
- ".value");
+ len = 0;
+ result = asn1_read_value(asn1_struct, tmpbuffer3, NULL, &len);
- len = 0;
- result =
- asn1_read_value(asn1_struct, tmpbuffer3, NULL,
- &len);
-
- value2 = gnutls_malloc( len);
- if (value2 == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
+ value2 = gnutls_malloc(len);
+ if (value2 == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
- result =
- asn1_read_value(asn1_struct, tmpbuffer3, value2,
- &len);
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer3, value2, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
#define STR_APPEND(y) if ((result=_gnutls_string_append_str( &out_str, y)) < 0) { \
gnutls_assert(); \
goto cleanup; \
}
- /* The encodings of adjoining RelativeDistinguishedNames are separated
- * by a comma character (',' ASCII 44).
- */
-
- /* Where there is a multi-valued RDN, the outputs from adjoining
- * AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
- * character.
- */
- if (k1 != 1) { /* the first time do not append a comma */
- if (k2 != 1) { /* adjoining multi-value RDN */
- STR_APPEND("+");
- } else {
- STR_APPEND(",");
- }
- }
+ /* The encodings of adjoining RelativeDistinguishedNames are separated
+ * by a comma character (',' ASCII 44).
+ */
+
+ /* Where there is a multi-valued RDN, the outputs from adjoining
+ * AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
+ * character.
+ */
+ if (k1 != 1) { /* the first time do not append a comma */
+ if (k2 != 1) { /* adjoining multi-value RDN */
+ STR_APPEND("+");
+ } else {
+ STR_APPEND(",");
+ }
+ }
- ldap_desc = oid2ldap_string(oid);
- printable = _gnutls_x509_oid_data_printable(oid);
+ ldap_desc = oid2ldap_string(oid);
+ printable = _gnutls_x509_oid_data_printable(oid);
- sizeof_escaped = 2*len + 1;
+ sizeof_escaped = 2 * len + 1;
- escaped = gnutls_malloc( sizeof_escaped);
- if (escaped == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
+ escaped = gnutls_malloc(sizeof_escaped);
+ if (escaped == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
- if (printable == 1) {
- sizeof_string = len;
-
- string = gnutls_malloc( sizeof_string);
- if (string == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
-
- STR_APPEND(ldap_desc);
- STR_APPEND("=");
- result =
- _gnutls_x509_oid_data2string(oid,
- value2,
- len,
- string,
- &sizeof_string);
-
- if (result < 0) {
- gnutls_assert();
- _gnutls_x509_log
- ("Found OID: '%s' with value '%s'\n",
- oid, _gnutls_bin2hex(value2,
- len,
- escaped,
- sizeof_escaped));
- goto cleanup;
- }
- STR_APPEND(str_escape(string, escaped, sizeof_escaped));
- gnutls_free(string); string = NULL;
- } else {
- char *res;
-
- res =
- _gnutls_bin2hex(value2, len, escaped,
- sizeof_escaped);
-
- STR_APPEND(ldap_desc);
- STR_APPEND("=#");
- if (res) {
- STR_APPEND(res);
- } else {
- STR_APPEND("(null)");
- }
- }
-
- gnutls_free( escaped); escaped = NULL;
- gnutls_free( value2); value2 = NULL;
+ if (printable == 1) {
+ sizeof_string = len;
- } while (1);
+ string = gnutls_malloc(sizeof_string);
+ if (string == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
- } while (1);
- if (out_str.length >= (unsigned int) *sizeof_buf) {
- gnutls_assert();
- *sizeof_buf = out_str.length;
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
+ STR_APPEND(ldap_desc);
+ STR_APPEND("=");
+ result =
+ _gnutls_x509_oid_data2string(oid,
+ value2,
+ len,
+ string, &sizeof_string);
+
+ if (result < 0) {
+ gnutls_assert();
+ _gnutls_x509_log
+ ("Found OID: '%s' with value '%s'\n",
+ oid, _gnutls_bin2hex(value2,
+ len,
+ escaped, sizeof_escaped));
+ goto cleanup;
+ }
+ STR_APPEND(str_escape(string, escaped, sizeof_escaped));
+ gnutls_free(string);
+ string = NULL;
+ } else {
+ char *res;
+
+ res =
+ _gnutls_bin2hex(value2, len, escaped, sizeof_escaped);
+
+ STR_APPEND(ldap_desc);
+ STR_APPEND("=#");
+ if (res) {
+ STR_APPEND(res);
+ } else {
+ STR_APPEND("(null)");
+ }
+ }
- if (buf) {
- memcpy(buf, out_str.data, out_str.length);
- buf[out_str.length] = 0;
- }
- *sizeof_buf = out_str.length;
+ gnutls_free(escaped);
+ escaped = NULL;
+ gnutls_free(value2);
+ value2 = NULL;
+
+ } while (1);
- result = 0;
+ } while (1);
- cleanup:
- gnutls_free( value2);
- gnutls_free( string);
- gnutls_free( escaped);
- _gnutls_string_clear(&out_str);
- return result;
+ if (out_str.length >= (unsigned int) *sizeof_buf) {
+ gnutls_assert();
+ *sizeof_buf = out_str.length;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+
+ if (buf) {
+ memcpy(buf, out_str.data, out_str.length);
+ buf[out_str.length] = 0;
+ }
+ *sizeof_buf = out_str.length;
+
+ result = 0;
+
+ cleanup:
+ gnutls_free(value2);
+ gnutls_free(string);
+ gnutls_free(escaped);
+ _gnutls_string_clear(&out_str);
+ return result;
}
/* Parses an X509 DN in the asn1_struct, and searches for the
@@ -346,210 +328,177 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
*/
int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct,
const char *asn1_rdn_name,
- const char *given_oid, int indx,
+ const char *given_oid, int indx,
unsigned int raw_flag,
void *buf, size_t * sizeof_buf)
{
- int k2, k1, result;
- char tmpbuffer1[64];
- char tmpbuffer2[64];
- char tmpbuffer3[64];
- char counter[MAX_INT_DIGITS];
- opaque value[256];
- char escaped[256];
- char oid[128];
- int len, printable;
- int i = 0;
- char * cbuf = buf;
-
- if (cbuf == NULL)
- *sizeof_buf = 0;
- else
- cbuf[0] = 0;
-
- k1 = 0;
- do {
-
- k1++;
- /* create a string like "tbsCertList.issuer.rdnSequence.?1"
- */
- _gnutls_int2str(k1, counter);
- _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1),
- asn1_rdn_name);
+ int k2, k1, result;
+ char tmpbuffer1[64];
+ char tmpbuffer2[64];
+ char tmpbuffer3[64];
+ char counter[MAX_INT_DIGITS];
+ opaque value[256];
+ char escaped[256];
+ char oid[128];
+ int len, printable;
+ int i = 0;
+ char *cbuf = buf;
+
+ if (cbuf == NULL)
+ *sizeof_buf = 0;
+ else
+ cbuf[0] = 0;
+
+ k1 = 0;
+ do {
+
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ _gnutls_int2str(k1, counter);
+ _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name);
- if (strlen(tmpbuffer1) > 0)
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1),
- ".");
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?");
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter);
+ if (strlen(tmpbuffer1) > 0)
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), ".");
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?");
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter);
- len = sizeof(value) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+ len = sizeof(value) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- gnutls_assert();
- break;
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ }
- if (result != ASN1_VALUE_NOT_FOUND) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- k2 = 0;
+ k2 = 0;
- do { /* Move to the attibute type and values
+ do { /* Move to the attibute type and values
*/
- k2++;
+ k2++;
- _gnutls_int2str(k2, counter);
- _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2),
- tmpbuffer1);
+ _gnutls_int2str(k2, counter);
+ _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1);
- if (strlen(tmpbuffer2) > 0)
- _gnutls_str_cat(tmpbuffer2,
- sizeof(tmpbuffer2), ".");
- _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2),
- "?");
- _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2),
- counter);
+ if (strlen(tmpbuffer2) > 0)
+ _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), ".");
+ _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?");
+ _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter);
- /* Try to read the RelativeDistinguishedName attributes.
- */
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
- len = sizeof(value) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer2, value,
- &len);
+ len = sizeof(value) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len);
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- break;
- }
- if (result != ASN1_VALUE_NOT_FOUND) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- /* Read the OID
- */
- _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
- tmpbuffer2);
- _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
- ".type");
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type");
- len = sizeof(oid) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer3, oid,
- &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len);
- if (strcmp(oid, given_oid) == 0 && indx == i++) { /* Found the OID */
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- /* Read the Value
- */
- _gnutls_str_cpy(tmpbuffer3,
- sizeof(tmpbuffer3),
- tmpbuffer2);
- _gnutls_str_cat(tmpbuffer3,
- sizeof(tmpbuffer3),
- ".value");
-
- len = *sizeof_buf;
- result =
- asn1_read_value(asn1_struct,
- tmpbuffer3, buf,
- &len);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if (raw_flag != 0) {
- if ((uint)len > *sizeof_buf) {
- *sizeof_buf = len;
- return
- GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *sizeof_buf = len;
-
- return 0;
-
- } else { /* parse data. raw_flag == 0 */
- printable =
- _gnutls_x509_oid_data_printable
- (oid);
-
- if (printable == 1) {
- result =
- _gnutls_x509_oid_data2string
- (oid, buf, len, cbuf,
- sizeof_buf);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- return 0;
- } else {
- char *res;
-
- res =
- _gnutls_bin2hex(cbuf,
- len,
- escaped,
- sizeof
- (escaped));
- if (res) {
- unsigned int size =
- strlen(res) +
- 1;
- if (size + 1 >
- *sizeof_buf) {
- *sizeof_buf
- = size;
- return
- GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *sizeof_buf = size; /* -1 for the null +1 for the '#' */
-
- if (buf) {
- strcpy(cbuf,
- "#");
- strcat(cbuf,
- res);
- }
-
- return 0;
- } else {
- gnutls_assert();
- return
- GNUTLS_E_INTERNAL_ERROR;
- }
- }
- } /* raw_flag == 0 */
+ if (strcmp(oid, given_oid) == 0 && indx == i++) { /* Found the OID */
+
+ /* Read the Value
+ */
+ _gnutls_str_cpy(tmpbuffer3,
+ sizeof(tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".value");
+
+ len = *sizeof_buf;
+ result =
+ asn1_read_value(asn1_struct, tmpbuffer3, buf, &len);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (raw_flag != 0) {
+ if ((uint) len > *sizeof_buf) {
+ *sizeof_buf = len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *sizeof_buf = len;
+
+ return 0;
+
+ } else { /* parse data. raw_flag == 0 */
+ printable = _gnutls_x509_oid_data_printable(oid);
+
+ if (printable == 1) {
+ result =
+ _gnutls_x509_oid_data2string
+ (oid, buf, len, cbuf, sizeof_buf);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
}
- } while (1);
+ return 0;
+ } else {
+ char *res;
+
+ res =
+ _gnutls_bin2hex(cbuf,
+ len, escaped, sizeof(escaped));
+ if (res) {
+ unsigned int size = strlen(res) + 1;
+ if (size + 1 > *sizeof_buf) {
+ *sizeof_buf = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *sizeof_buf = size; /* -1 for the null +1 for the '#' */
+
+ if (buf) {
+ strcpy(cbuf, "#");
+ strcat(cbuf, res);
+ }
+
+ return 0;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+ } /* raw_flag == 0 */
+ }
} while (1);
- gnutls_assert();
+ } while (1);
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ gnutls_assert();
- cleanup:
- return result;
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ cleanup:
+ return result;
}
/* Parses an X509 DN in the asn1_struct, and returns the requested
@@ -562,130 +511,117 @@ int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct,
* OID found, 1 the second etc.
*/
int _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct,
- const char *asn1_rdn_name,
- int indx, void *_oid, size_t * sizeof_oid)
+ const char *asn1_rdn_name,
+ int indx, void *_oid, size_t * sizeof_oid)
{
- int k2, k1, result;
- char tmpbuffer1[64];
- char tmpbuffer2[64];
- char tmpbuffer3[64];
- char counter[MAX_INT_DIGITS];
- char value[256];
- char oid[128];
- int len;
- int i = 0;
-
- k1 = 0;
- do {
-
- k1++;
- /* create a string like "tbsCertList.issuer.rdnSequence.?1"
- */
- _gnutls_int2str(k1, counter);
- _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1),
- asn1_rdn_name);
+ int k2, k1, result;
+ char tmpbuffer1[64];
+ char tmpbuffer2[64];
+ char tmpbuffer3[64];
+ char counter[MAX_INT_DIGITS];
+ char value[256];
+ char oid[128];
+ int len;
+ int i = 0;
+
+ k1 = 0;
+ do {
+
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ _gnutls_int2str(k1, counter);
+ _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name);
- if (strlen(tmpbuffer1) > 0)
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1),
- ".");
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?");
- _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter);
+ if (strlen(tmpbuffer1) > 0)
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), ".");
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?");
+ _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter);
- len = sizeof(value) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
+ len = sizeof(value) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len);
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- gnutls_assert();
- break;
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ }
- if (result != ASN1_VALUE_NOT_FOUND) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- k2 = 0;
+ k2 = 0;
- do { /* Move to the attibute type and values
+ do { /* Move to the attibute type and values
*/
- k2++;
+ k2++;
- _gnutls_int2str(k2, counter);
- _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2),
- tmpbuffer1);
+ _gnutls_int2str(k2, counter);
+ _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1);
- if (strlen(tmpbuffer2) > 0)
- _gnutls_str_cat(tmpbuffer2,
- sizeof(tmpbuffer2), ".");
- _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2),
- "?");
- _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2),
- counter);
+ if (strlen(tmpbuffer2) > 0)
+ _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), ".");
+ _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?");
+ _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter);
- /* Try to read the RelativeDistinguishedName attributes.
- */
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
- len = sizeof(value) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer2, value,
- &len);
+ len = sizeof(value) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len);
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- break;
- }
- if (result != ASN1_VALUE_NOT_FOUND) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+ if (result != ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- /* Read the OID
- */
- _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3),
- tmpbuffer2);
- _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3),
- ".type");
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type");
- len = sizeof(oid) - 1;
- result =
- asn1_read_value(asn1_struct, tmpbuffer3, oid,
- &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len);
- if ( indx == i++) { /* Found the OID */
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- len = strlen( oid) + 1;
+ if (indx == i++) { /* Found the OID */
- if ( *sizeof_oid < (uint)len) {
- *sizeof_oid = len;
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy( oid, _oid, len);
- *sizeof_oid = len - 1;
+ len = strlen(oid) + 1;
- return 0;
- }
- } while (1);
+ if (*sizeof_oid < (uint) len) {
+ *sizeof_oid = len;
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ memcpy(oid, _oid, len);
+ *sizeof_oid = len - 1;
+
+ return 0;
+ }
} while (1);
- gnutls_assert();
+ } while (1);
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ gnutls_assert();
- cleanup:
- return result;
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ cleanup:
+ return result;
}
/* This will encode and write the AttributeTypeAndValue field.
@@ -698,108 +634,106 @@ int _gnutls_x509_encode_and_write_attribute(const char *given_oid,
const void *_data,
int sizeof_data, int multi)
{
- const char *val_name;
- const opaque *data = _data;
- char tmp[128];
- ASN1_TYPE c2;
- int result;
-
-
- /* Find how to encode the data.
- */
- val_name =
- asn1_find_structure_from_oid(_gnutls_get_pkix(), given_oid);
- if (val_name == NULL) {
- gnutls_assert();
- return GNUTLS_E_X509_UNSUPPORTED_OID;
- }
+ const char *val_name;
+ const opaque *data = _data;
+ char tmp[128];
+ ASN1_TYPE c2;
+ int result;
- _gnutls_str_cpy(tmp, sizeof(tmp), "PKIX1.");
- _gnutls_str_cat(tmp, sizeof(tmp), val_name);
- result = asn1_create_element(_gnutls_get_pkix(), tmp, &c2);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ /* Find how to encode the data.
+ */
+ val_name = asn1_find_structure_from_oid(_gnutls_get_pkix(), given_oid);
+ if (val_name == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_X509_UNSUPPORTED_OID;
+ }
- tmp[0] = 0;
+ _gnutls_str_cpy(tmp, sizeof(tmp), "PKIX1.");
+ _gnutls_str_cat(tmp, sizeof(tmp), val_name);
- if ((result = _gnutls_x509_oid_data_choice(given_oid)) > 0) {
- char *string_type;
- int i;
+ result = asn1_create_element(_gnutls_get_pkix(), tmp, &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- string_type = "printableString";
+ tmp[0] = 0;
- /* Check if the data is plain ascii, and use
- * the UTF8 string type if not.
- */
- for (i = 0; i < sizeof_data; i++) {
- if (!isascii(data[i])) {
- string_type = "utf8String";
- break;
- }
- }
+ if ((result = _gnutls_x509_oid_data_choice(given_oid)) > 0) {
+ char *string_type;
+ int i;
- /* if the type is a CHOICE then write the
- * type we'll use.
- */
- result = asn1_write_value(c2, "", string_type, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
+ string_type = "printableString";
- _gnutls_str_cpy(tmp, sizeof(tmp), string_type);
+ /* Check if the data is plain ascii, and use
+ * the UTF8 string type if not.
+ */
+ for (i = 0; i < sizeof_data; i++) {
+ if (!isascii(data[i])) {
+ string_type = "utf8String";
+ break;
+ }
}
- result = asn1_write_value(c2, tmp, data, sizeof_data);
+ /* if the type is a CHOICE then write the
+ * type we'll use.
+ */
+ result = asn1_write_value(c2, "", string_type, 1);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
}
+ _gnutls_str_cpy(tmp, sizeof(tmp), string_type);
+ }
- /* write the data (value)
- */
+ result = asn1_write_value(c2, tmp, data, sizeof_data);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
- _gnutls_str_cpy(tmp, sizeof(tmp), where);
- _gnutls_str_cat(tmp, sizeof(tmp), ".value");
- if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */
- _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */
+ /* write the data (value)
+ */
- result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".value");
- _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
+ if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */
+ _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */
+ result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
- result =
- _gnutls_x509_der_encode_and_copy(c2, "", asn1_struct, tmp, 0);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
- /* write the type
- */
- _gnutls_str_cpy(tmp, sizeof(tmp), where);
- _gnutls_str_cat(tmp, sizeof(tmp), ".type");
+ }
- result = asn1_write_value(asn1_struct, tmp, given_oid, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ result = _gnutls_x509_der_encode_and_copy(c2, "", asn1_struct, tmp, 0);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ /* write the type
+ */
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".type");
+
+ result = asn1_write_value(asn1_struct, tmp, given_oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return 0;
}
/* This will write the AttributeTypeAndValue field. The data must be already DER encoded.
@@ -811,46 +745,46 @@ int _gnutls_x509_write_attribute(const char *given_oid,
const void *_data, int sizeof_data,
int multi)
{
- char tmp[128];
- int result;
+ char tmp[128];
+ int result;
- /* write the data (value)
- */
+ /* write the data (value)
+ */
- _gnutls_str_cpy(tmp, sizeof(tmp), where);
- _gnutls_str_cat(tmp, sizeof(tmp), ".value");
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".value");
- if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */
- _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */
+ if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */
+ _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */
- result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
+ _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
- }
+ }
- result = asn1_write_value(asn1_struct, tmp, _data, sizeof_data);
- if (result < 0) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ result = asn1_write_value(asn1_struct, tmp, _data, sizeof_data);
+ if (result < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- /* write the type
- */
- _gnutls_str_cpy(tmp, sizeof(tmp), where);
- _gnutls_str_cat(tmp, sizeof(tmp), ".type");
+ /* write the type
+ */
+ _gnutls_str_cpy(tmp, sizeof(tmp), where);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".type");
- result = asn1_write_value(asn1_struct, tmp, given_oid, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ result = asn1_write_value(asn1_struct, tmp, given_oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
@@ -862,39 +796,39 @@ int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct,
int oid_size,
gnutls_datum * value, int multi)
{
- char tmpbuffer[128];
- int len, result;
+ char tmpbuffer[128];
+ int len, result;
- /* Read the OID
- */
- _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where);
- _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".type");
+ /* Read the OID
+ */
+ _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where);
+ _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".type");
- len = oid_size - 1;
- result = asn1_read_value(asn1_struct, tmpbuffer, oid, &len);
+ len = oid_size - 1;
+ result = asn1_read_value(asn1_struct, tmpbuffer, oid, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- return result;
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ return result;
+ }
- /* Read the Value
- */
+ /* Read the Value
+ */
- _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where);
- _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".value");
+ _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where);
+ _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".value");
- if (multi)
- _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), "s.?1"); /* .values.?1 */
+ if (multi)
+ _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), "s.?1"); /* .values.?1 */
- result = _gnutls_x509_read_value(asn1_struct, tmpbuffer, value, 0);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ result = _gnutls_x509_read_value(asn1_struct, tmpbuffer, value, 0);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
@@ -910,72 +844,68 @@ int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct,
int raw_flag, const char *name,
int sizeof_name)
{
- int result;
- char tmp[64], asn1_rdn_name[64];
+ int result;
+ char tmp[64], asn1_rdn_name[64];
- if (sizeof_name == 0 || name == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (sizeof_name == 0 || name == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* create the rdnSequence
- */
- result =
- asn1_write_value(asn1_struct, asn1_name, "rdnSequence", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ /* create the rdnSequence
+ */
+ result = asn1_write_value(asn1_struct, asn1_name, "rdnSequence", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- _gnutls_str_cpy(asn1_rdn_name, sizeof(asn1_rdn_name), asn1_name);
- _gnutls_str_cat(asn1_rdn_name, sizeof(asn1_rdn_name),
- ".rdnSequence");
+ _gnutls_str_cpy(asn1_rdn_name, sizeof(asn1_rdn_name), asn1_name);
+ _gnutls_str_cat(asn1_rdn_name, sizeof(asn1_rdn_name), ".rdnSequence");
- /* create a new element
- */
- result = asn1_write_value(asn1_struct, asn1_rdn_name, "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ /* create a new element
+ */
+ result = asn1_write_value(asn1_struct, asn1_rdn_name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name);
- _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
+ _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST");
- /* create the set with only one element
- */
- result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ /* create the set with only one element
+ */
+ result = asn1_write_value(asn1_struct, tmp, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- /* Encode and write the data
- */
- _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name);
- _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST.?LAST");
+ /* Encode and write the data
+ */
+ _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name);
+ _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST.?LAST");
- if (!raw_flag) {
- result =
- _gnutls_x509_encode_and_write_attribute(given_oid,
- asn1_struct,
- tmp, name,
- sizeof_name,
- 0);
- } else {
- result =
- _gnutls_x509_write_attribute(given_oid, asn1_struct,
- tmp, name, sizeof_name,
- 0);
- }
+ if (!raw_flag) {
+ result =
+ _gnutls_x509_encode_and_write_attribute(given_oid,
+ asn1_struct,
+ tmp, name,
+ sizeof_name, 0);
+ } else {
+ result =
+ _gnutls_x509_write_attribute(given_oid, asn1_struct,
+ tmp, name, sizeof_name, 0);
+ }
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
@@ -996,37 +926,37 @@ int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct,
int gnutls_x509_rdn_get(const gnutls_datum * idn,
char *buf, size_t * sizeof_buf)
{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
- if (sizeof_buf == 0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (sizeof_buf == 0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (buf)
- buf[0] = 0;
+ if (buf)
+ buf[0] = 0;
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS) {
- /* couldn't decode DER */
- gnutls_assert();
- asn1_delete_structure(&dn);
- return _gnutls_asn2err(result);
- }
+ result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
- result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, sizeof_buf);
+ result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, sizeof_buf);
- asn1_delete_structure(&dn);
- return result;
+ asn1_delete_structure(&dn);
+ return result;
}
@@ -1048,37 +978,37 @@ int gnutls_x509_rdn_get(const gnutls_datum * idn,
*
**/
int gnutls_x509_rdn_get_by_oid(const gnutls_datum * idn, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * sizeof_buf)
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
- if (sizeof_buf == 0) {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (sizeof_buf == 0) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS) {
- /* couldn't decode DER */
- gnutls_assert();
- asn1_delete_structure(&dn);
- return _gnutls_asn2err(result);
- }
+ result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
- result =
- _gnutls_x509_parse_dn_oid(dn, "rdnSequence", oid, indx,
- raw_flag, buf, sizeof_buf);
+ result =
+ _gnutls_x509_parse_dn_oid(dn, "rdnSequence", oid, indx,
+ raw_flag, buf, sizeof_buf);
- asn1_delete_structure(&dn);
- return result;
+ asn1_delete_structure(&dn);
+ return result;
}
@@ -1096,37 +1026,36 @@ int gnutls_x509_rdn_get_by_oid(const gnutls_datum * idn, const char *oid,
* and 0 on success.
*
**/
-int gnutls_x509_rdn_get_oid(const gnutls_datum * idn,
- int indx, void *buf, size_t * sizeof_buf)
+int gnutls_x509_rdn_get_oid(const gnutls_datum * idn,
+ int indx, void *buf, size_t * sizeof_buf)
{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
- if (sizeof_buf == 0) {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (sizeof_buf == 0) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS) {
- /* couldn't decode DER */
- gnutls_assert();
- asn1_delete_structure(&dn);
- return _gnutls_asn2err(result);
- }
+ result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ gnutls_assert();
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
- result =
- _gnutls_x509_get_dn_oid(dn, "rdnSequence", indx,
- buf, sizeof_buf);
+ result =
+ _gnutls_x509_get_dn_oid(dn, "rdnSequence", indx, buf, sizeof_buf);
- asn1_delete_structure(&dn);
- return result;
+ asn1_delete_structure(&dn);
+ return result;
}
@@ -1142,13 +1071,13 @@ int _gnutls_x509_compare_raw_dn(const gnutls_datum * dn1,
const gnutls_datum * dn2)
{
- if (dn1->size != dn2->size) {
- gnutls_assert();
- return 0;
- }
- if (memcmp(dn1->data, dn2->data, dn2->size) != 0) {
- gnutls_assert();
- return 0;
- }
- return 1; /* they match */
+ if (dn1->size != dn2->size) {
+ gnutls_assert();
+ return 0;
+ }
+ if (memcmp(dn1->data, dn2->data, dn2->size) != 0) {
+ gnutls_assert();
+ return 0;
+ }
+ return 1; /* they match */
}
diff --git a/lib/x509/dsa.c b/lib/x509/dsa.c
index 1a2d593fc0..e4ac45bb07 100644
--- a/lib/x509/dsa.c
+++ b/lib/x509/dsa.c
@@ -22,7 +22,7 @@
/* This file contains code for DSA keys.
*/
-
+
#include <gnutls_int.h>
#include <gnutls_errors.h>
#include <gnutls_datum.h>
@@ -30,96 +30,95 @@
/* resarr will contain: p(0), q(1), g(2), y(3), x(4).
*/
-int _gnutls_dsa_generate_params(mpi_t* resarr, int* resarr_len, int bits)
+int _gnutls_dsa_generate_params(mpi_t * resarr, int *resarr_len, int bits)
{
- int ret;
- gcry_sexp_t parms, key, list;
-
- if (bits > 1024) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gcry_sexp_build( &parms, NULL, "(genkey(dsa(nbits %d)))", bits);
- if (ret != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* generate the DSA key
- */
- ret = gcry_pk_genkey( &key, parms);
- gcry_sexp_release( parms);
-
- if (ret != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- list = gcry_sexp_find_token( key, "p", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[0] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
-
- list = gcry_sexp_find_token( key, "q", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[1] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
-
- list = gcry_sexp_find_token( key, "g", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[2] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
-
- list = gcry_sexp_find_token( key, "y", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[3] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
-
-
- list = gcry_sexp_find_token( key, "x", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release( key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[4] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
+ int ret;
+ gcry_sexp_t parms, key, list;
+
+ if (bits > 1024) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gcry_sexp_build(&parms, NULL, "(genkey(dsa(nbits %d)))", bits);
+ if (ret != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* generate the DSA key
+ */
+ ret = gcry_pk_genkey(&key, parms);
+ gcry_sexp_release(parms);
+
+ if (ret != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ list = gcry_sexp_find_token(key, "p", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ resarr[0] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+ list = gcry_sexp_find_token(key, "q", 0);
+ if (list == NULL) {
+ gnutls_assert();
gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- _gnutls_dump_mpi( "p: ", resarr[0]);
- _gnutls_dump_mpi( "q: ", resarr[1]);
- _gnutls_dump_mpi( "g: ", resarr[2]);
- _gnutls_dump_mpi( "y: ", resarr[3]);
- _gnutls_dump_mpi( "x: ", resarr[4]);
+ resarr[1] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
- *resarr_len = 5;
+ list = gcry_sexp_find_token(key, "g", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
- return 0;
+ resarr[2] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
-}
+ list = gcry_sexp_find_token(key, "y", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[3] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+
+ list = gcry_sexp_find_token(key, "x", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release(key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[4] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+
+ gcry_sexp_release(key);
+ _gnutls_dump_mpi("p: ", resarr[0]);
+ _gnutls_dump_mpi("q: ", resarr[1]);
+ _gnutls_dump_mpi("g: ", resarr[2]);
+ _gnutls_dump_mpi("y: ", resarr[3]);
+ _gnutls_dump_mpi("x: ", resarr[4]);
+
+ *resarr_len = 5;
+
+ return 0;
+
+}
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index 21bc965c3d..1d499f6abf 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -41,114 +41,117 @@
* If the extension does not exist, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will
* be returned.
*/
-int _gnutls_x509_crt_get_extension( gnutls_x509_crt cert, const char* extension_id,
- int indx, gnutls_datum* ret, unsigned int * _critical)
+int _gnutls_x509_crt_get_extension(gnutls_x509_crt cert,
+ const char *extension_id, int indx,
+ gnutls_datum * ret,
+ unsigned int *_critical)
{
- int k, result, len;
- char name[128], name2[128], counter[MAX_INT_DIGITS];
- char str[1024];
- char str_critical[10];
- int critical = 0;
- char extnID[128];
- gnutls_datum value;
- int indx_counter = 0;
-
- ret->data = NULL;
- ret->size = 0;
-
- k = 0;
+ int k, result, len;
+ char name[128], name2[128], counter[MAX_INT_DIGITS];
+ char str[1024];
+ char str_critical[10];
+ int critical = 0;
+ char extnID[128];
+ gnutls_datum value;
+ int indx_counter = 0;
+
+ ret->data = NULL;
+ ret->size = 0;
+
+ k = 0;
+ do {
+ k++;
+
+ _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?");
+ _gnutls_int2str(k, counter);
+ _gnutls_str_cat(name, sizeof(name), counter);
+
+ len = sizeof(str) - 1;
+ result = asn1_read_value(cert->cert, name, str, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
+
do {
- k++;
- _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?");
- _gnutls_int2str(k, counter);
- _gnutls_str_cat(name, sizeof(name), counter);
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
- len = sizeof(str) - 1;
- result = asn1_read_value(cert->cert, name, str, &len);
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(cert->cert, name2, extnID, &len);
- /* move to next
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp(extnID, extension_id) == 0
+ && indx == indx_counter++) {
+ /* extension was found
+ */
+
+ /* read the critical status.
*/
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".critical");
+
+ len = sizeof(str_critical);
+ result =
+ asn1_read_value(cert->cert, name2, str_critical, &len);
if (result == ASN1_ELEMENT_NOT_FOUND) {
- break;
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
- do {
-
- _gnutls_str_cpy(name2, sizeof(name2), name);
- _gnutls_str_cat(name2, sizeof(name2), ".extnID");
-
- len = sizeof(extnID) - 1;
- result =
- asn1_read_value(cert->cert, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- gnutls_assert();
- break;
- } else if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- /* Handle Extension
- */
- if ( strcmp(extnID, extension_id)==0 && indx == indx_counter++) {
- /* extension was found
- */
-
- /* read the critical status.
- */
- _gnutls_str_cpy(name2, sizeof(name2), name);
- _gnutls_str_cat(name2, sizeof(name2), ".critical");
-
- len = sizeof(str_critical);
- result =
- asn1_read_value(cert->cert, name2, str_critical, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- gnutls_assert();
- break;
- } else if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- if (str_critical[0] == 'T')
- critical = 1;
- else critical = 0;
-
- /* read the value.
- */
- _gnutls_str_cpy(name2, sizeof(name2), name);
- _gnutls_str_cat(name2, sizeof(name2), ".extnValue");
-
- result = _gnutls_x509_read_value( cert->cert, name2,
- &value, 0);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- ret->data = value.data;
- ret->size = value.size;
-
- if (_critical)
- *_critical = critical;
-
- return 0;
- }
-
-
- } while (0);
- } while (1);
+ if (str_critical[0] == 'T')
+ critical = 1;
+ else
+ critical = 0;
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- } else {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ /* read the value.
+ */
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnValue");
+
+ result = _gnutls_x509_read_value(cert->cert, name2,
+ &value, 0);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ ret->data = value.data;
+ ret->size = value.size;
+
+ if (_critical)
+ *_critical = critical;
+
+ return 0;
+ }
+
+
+ } while (0);
+ } while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
}
/* This function will attempt to return the requested extension OID found in
@@ -157,77 +160,77 @@ int _gnutls_x509_crt_get_extension( gnutls_x509_crt cert, const char* extension_
* If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will
* be returned.
*/
-int _gnutls_x509_crt_get_extension_oid( gnutls_x509_crt cert,
- int indx, void* oid, size_t* sizeof_oid)
+int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt cert,
+ int indx, void *oid,
+ size_t * sizeof_oid)
{
- int k, result, len;
- char name[128], name2[128], counter[MAX_INT_DIGITS];
- char str[1024];
- char extnID[128];
- int indx_counter = 0;
+ int k, result, len;
+ char name[128], name2[128], counter[MAX_INT_DIGITS];
+ char str[1024];
+ char extnID[128];
+ int indx_counter = 0;
- k = 0;
- do {
- k++;
+ k = 0;
+ do {
+ k++;
- _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?");
- _gnutls_int2str(k, counter);
- _gnutls_str_cat(name, sizeof(name), counter);
+ _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?");
+ _gnutls_int2str(k, counter);
+ _gnutls_str_cat(name, sizeof(name), counter);
- len = sizeof(str) - 1;
- result = asn1_read_value(cert->cert, name, str, &len);
+ len = sizeof(str) - 1;
+ result = asn1_read_value(cert->cert, name, str, &len);
- /* move to next
- */
+ /* move to next
+ */
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- break;
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
- do {
+ do {
- _gnutls_str_cpy(name2, sizeof(name2), name);
- _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
- len = sizeof(extnID) - 1;
- result =
- asn1_read_value(cert->cert, name2, extnID, &len);
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(cert->cert, name2, extnID, &len);
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- gnutls_assert();
- break;
- } else if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- /* Handle Extension
- */
- if ( indx == indx_counter++) {
- len = strlen( extnID) + 1;
+ /* Handle Extension
+ */
+ if (indx == indx_counter++) {
+ len = strlen(extnID) + 1;
- if ( *sizeof_oid < (uint)len) {
- *sizeof_oid = len;
- gnutls_assert();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy( oid, extnID, len);
- *sizeof_oid = len - 1;
+ if (*sizeof_oid < (uint) len) {
+ *sizeof_oid = len;
+ gnutls_assert();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- return 0;
- }
+ memcpy(oid, extnID, len);
+ *sizeof_oid = len - 1;
+ return 0;
+ }
- } while (0);
- } while (1);
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- } else {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ } while (0);
+ } while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
}
/* This function will attempt to set the requested extension in
@@ -235,82 +238,94 @@ int _gnutls_x509_crt_get_extension_oid( gnutls_x509_crt cert,
*
* Critical will be either 0 or 1.
*/
-static int set_extension( ASN1_TYPE asn, const char* extension_id,
- const gnutls_datum* ext_data, unsigned int critical)
+static int set_extension(ASN1_TYPE asn, const char *extension_id,
+ const gnutls_datum * ext_data,
+ unsigned int critical)
{
- int result;
- const char *str;
-
- /* Add a new extension in the list.
- */
- result = asn1_write_value(asn, "tbsCertificate.extensions", "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = asn1_write_value(asn, "tbsCertificate.extensions.?LAST.extnID", extension_id, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- if (critical==0) str = "FALSE";
- else str = "TRUE";
-
-
- result = asn1_write_value(asn, "tbsCertificate.extensions.?LAST.critical", str, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ int result;
+ const char *str;
+
+ /* Add a new extension in the list.
+ */
+ result = asn1_write_value(asn, "tbsCertificate.extensions", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_write_value(asn, "tbsCertificate.extensions.?LAST.extnID",
+ extension_id, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (critical == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+
+ result =
+ asn1_write_value(asn, "tbsCertificate.extensions.?LAST.critical",
+ str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_write_value(asn,
+ "tbsCertificate.extensions.?LAST.extnValue",
+ ext_data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_x509_write_value( asn, "tbsCertificate.extensions.?LAST.extnValue",
- ext_data, 0);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- return 0;
+ return 0;
}
/* Overwrite the given extension (using the index)
* index here starts from one.
*/
-static int overwrite_extension( ASN1_TYPE asn, unsigned int indx,
- const gnutls_datum *ext_data, unsigned int critical)
+static int overwrite_extension(ASN1_TYPE asn, unsigned int indx,
+ const gnutls_datum * ext_data,
+ unsigned int critical)
{
-char name[128], name2[128], counter[MAX_INT_DIGITS];
-const char* str;
-int result;
-
- _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?");
- _gnutls_int2str(indx, counter);
- _gnutls_str_cat(name, sizeof(name), counter);
-
- if (critical==0) str = "FALSE";
- else str = "TRUE";
-
- _gnutls_str_cpy(name2, sizeof(name2), name);
- _gnutls_str_cat(name2, sizeof(name2), ".critical");
-
- result = asn1_write_value(asn, name2, str, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- _gnutls_str_cpy(name2, sizeof(name2), name);
- _gnutls_str_cat(name2, sizeof(name2), ".extnValue");
+ char name[128], name2[128], counter[MAX_INT_DIGITS];
+ const char *str;
+ int result;
+
+ _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?");
+ _gnutls_int2str(indx, counter);
+ _gnutls_str_cat(name, sizeof(name), counter);
+
+ if (critical == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".critical");
+
+ result = asn1_write_value(asn, name2, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnValue");
+
+ result = _gnutls_x509_write_value(asn, name2, ext_data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_x509_write_value( asn, name2, ext_data, 0);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- return 0;
+ return 0;
}
/* This function will attempt to overwrite the requested extension with
@@ -318,396 +333,412 @@ int result;
*
* Critical will be either 0 or 1.
*/
-int _gnutls_x509_crt_set_extension( gnutls_x509_crt cert, const char* ext_id,
- const gnutls_datum* ext_data, unsigned int critical)
+int _gnutls_x509_crt_set_extension(gnutls_x509_crt cert,
+ const char *ext_id,
+ const gnutls_datum * ext_data,
+ unsigned int critical)
{
- int result;
- int k, len;
- char name[128], name2[128], counter[MAX_INT_DIGITS];
- char extnID[128];
+ int result;
+ int k, len;
+ char name[128], name2[128], counter[MAX_INT_DIGITS];
+ char extnID[128];
- /* Find the index of the given extension.
- */
- k = 0;
- do {
- k++;
+ /* Find the index of the given extension.
+ */
+ k = 0;
+ do {
+ k++;
- _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?");
- _gnutls_int2str(k, counter);
- _gnutls_str_cat(name, sizeof(name), counter);
+ _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?");
+ _gnutls_int2str(k, counter);
+ _gnutls_str_cat(name, sizeof(name), counter);
- len = sizeof(extnID) - 1;
- result = asn1_read_value(cert->cert, name, extnID, &len);
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(cert->cert, name, extnID, &len);
- /* move to next
- */
+ /* move to next
+ */
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- break;
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ break;
+ }
- do {
+ do {
- _gnutls_str_cpy(name2, sizeof(name2), name);
- _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
- len = sizeof(extnID) - 1;
- result =
- asn1_read_value(cert->cert, name2, extnID, &len);
+ len = sizeof(extnID) - 1;
+ result = asn1_read_value(cert->cert, name2, extnID, &len);
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- gnutls_assert();
- break;
- } else if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ break;
+ } else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- /* Handle Extension
- */
- if ( strcmp(extnID, ext_id)==0) {
- /* extension was found
- */
- return overwrite_extension( cert->cert, k, ext_data, critical);
- }
+ /* Handle Extension
+ */
+ if (strcmp(extnID, ext_id) == 0) {
+ /* extension was found
+ */
+ return overwrite_extension(cert->cert, k, ext_data,
+ critical);
+ }
- } while (0);
- } while (1);
+ } while (0);
+ } while (1);
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- return set_extension( cert->cert, ext_id, ext_data, critical);
- } else {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ return set_extension(cert->cert, ext_id, ext_data, critical);
+ } else {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
-
- return 0;
+
+ return 0;
}
/* Here we only extract the KeyUsage field, from the DER encoded
* extension.
*/
-int _gnutls_x509_ext_extract_keyUsage(uint16 *keyUsage, opaque * extnValue,
- int extnValueLen)
+int _gnutls_x509_ext_extract_keyUsage(uint16 * keyUsage,
+ opaque * extnValue, int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int len, result;
- uint8 str[2];
-
- str[0] = str[1] = 0;
- *keyUsage = 0;
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int len, result;
+ uint8 str[2];
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext
- )) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ str[0] = str[1] = 0;
+ *keyUsage = 0;
- result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&ext);
- return _gnutls_asn2err(result);
- }
-
- len = sizeof(str);
- result = asn1_read_value(ext, "", str, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&ext);
- return 0;
- }
-
- *keyUsage = str[0] | (str[1] << 8);
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+ len = sizeof(str);
+ result = asn1_read_value(ext, "", str, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
return 0;
+ }
+
+ *keyUsage = str[0] | (str[1] << 8);
+
+ asn1_delete_structure(&ext);
+
+ return 0;
}
/* extract the basicConstraints from the DER encoded extension
*/
int _gnutls_x509_ext_extract_basicConstraints(int *CA, opaque * extnValue,
- int extnValueLen)
+ int extnValueLen)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- char str[128];
- int len, result;
-
- *CA = 0;
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.BasicConstraints", &ext
- )) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ char str[128];
+ int len, result;
- result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ *CA = 0;
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&ext);
- return _gnutls_asn2err(result);
- }
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.BasicConstraints",
+ &ext)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- len = sizeof(str) - 1;
- /* the default value of cA is false.
- */
- result = asn1_read_value(ext, "cA", str, &len);
- if (result != ASN1_SUCCESS) {
- asn1_delete_structure(&ext);
- return 0;
- }
+ result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
+
+ len = sizeof(str) - 1;
+ /* the default value of cA is false.
+ */
+ result = asn1_read_value(ext, "cA", str, &len);
+ if (result != ASN1_SUCCESS) {
+ asn1_delete_structure(&ext);
+ return 0;
+ }
- if (strcmp(str, "TRUE") == 0)
- *CA = 1;
- else
- *CA = 0;
+ asn1_delete_structure(&ext);
+ if (strcmp(str, "TRUE") == 0)
+ *CA = 1;
+ else
+ *CA = 0;
- return 0;
+
+ return 0;
}
/* generate the basicConstraints in a DER encoded extension
* Use 0 or 1 (TRUE) for CA.
*/
-int _gnutls_x509_ext_gen_basicConstraints(int CA, gnutls_datum* der_ext)
+int _gnutls_x509_ext_gen_basicConstraints(int CA, gnutls_datum * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- const char *str;
- int result;
-
- if (CA == 0) str = "FALSE";
- else str = "TRUE";
-
- result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.BasicConstraints", &ext);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ const char *str;
+ int result;
+
+ if (CA == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.BasicConstraints",
+ &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "cA", str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
- result = asn1_write_value(ext, "cA", str, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&ext);
- return _gnutls_asn2err(result);
- }
+ asn1_write_value(ext, "pathLenConstraint", NULL, 0);
- asn1_write_value(ext, "pathLenConstraint", NULL, 0);
-
- result = _gnutls_x509_der_encode( ext, "", der_ext, 0);
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
- asn1_delete_structure(&ext);
+ asn1_delete_structure(&ext);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/* generate the keyUsage in a DER encoded extension
* Use an ORed SEQUENCE of GNUTLS_KEY_* for usage.
*/
-int _gnutls_x509_ext_gen_keyUsage(uint16 usage, gnutls_datum* der_ext)
+int _gnutls_x509_ext_gen_keyUsage(uint16 usage, gnutls_datum * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- uint8 str[2];
-
- result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- str[0] = usage & 0xff;
- str[1] = usage >> 8;
-
- result = asn1_write_value(ext, "", str, 9);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&ext);
- return _gnutls_asn2err(result);
- }
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ uint8 str[2];
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ str[0] = usage & 0xff;
+ str[1] = usage >> 8;
+
+ result = asn1_write_value(ext, "", str, 9);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
- result = _gnutls_x509_der_encode( ext, "", der_ext, 0);
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
- asn1_delete_structure(&ext);
+ asn1_delete_structure(&ext);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
-static int write_new_general_name( ASN1_TYPE ext, const char* ext_name,
- gnutls_x509_subject_alt_name type, const char* data_string)
+static int write_new_general_name(ASN1_TYPE ext, const char *ext_name,
+ gnutls_x509_subject_alt_name type,
+ const char *data_string)
{
-const char* str;
-int result;
-char name[128];
-
- result = asn1_write_value( ext, ext_name, "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- switch(type) {
- case GNUTLS_SAN_DNSNAME:
- str = "dNSName";
- break;
- case GNUTLS_SAN_RFC822NAME:
- str = "rfc822Name";
- break;
- case GNUTLS_SAN_URI:
- str = "uniformResourceIdentifier";
- break;
- case GNUTLS_SAN_IPADDRESS:
- str = "iPAddress";
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (ext_name[0] == 0) { /* no dot */
- _gnutls_str_cpy( name, sizeof(name), "?LAST");
- } else {
- _gnutls_str_cpy( name, sizeof(name), ext_name);
- _gnutls_str_cat( name, sizeof(name), ".?LAST");
- }
-
- result = asn1_write_value( ext, name, str, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- _gnutls_str_cat( name, sizeof(name), ".");
- _gnutls_str_cat( name, sizeof(name), str);
-
- result = asn1_write_value(ext, name, data_string, strlen(data_string));
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&ext);
- return _gnutls_asn2err(result);
- }
+ const char *str;
+ int result;
+ char name[128];
+
+ result = asn1_write_value(ext, ext_name, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ switch (type) {
+ case GNUTLS_SAN_DNSNAME:
+ str = "dNSName";
+ break;
+ case GNUTLS_SAN_RFC822NAME:
+ str = "rfc822Name";
+ break;
+ case GNUTLS_SAN_URI:
+ str = "uniformResourceIdentifier";
+ break;
+ case GNUTLS_SAN_IPADDRESS:
+ str = "iPAddress";
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (ext_name[0] == 0) { /* no dot */
+ _gnutls_str_cpy(name, sizeof(name), "?LAST");
+ } else {
+ _gnutls_str_cpy(name, sizeof(name), ext_name);
+ _gnutls_str_cat(name, sizeof(name), ".?LAST");
+ }
+
+ result = asn1_write_value(ext, name, str, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ _gnutls_str_cat(name, sizeof(name), ".");
+ _gnutls_str_cat(name, sizeof(name), str);
+
+ result = asn1_write_value(ext, name, data_string, strlen(data_string));
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/* Convert the given name to GeneralNames in a DER encoded extension.
* This is the same as subject alternative name.
*/
-int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name type,
- const char* data_string, gnutls_datum* der_ext)
+int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name
+ type, const char *data_string,
+ gnutls_datum * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.GeneralNames", &ext);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = write_new_general_name(ext, "", type, data_string);
- if (result < 0) {
- gnutls_assert();
- asn1_delete_structure(&ext);
- return result;
- }
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.GeneralNames",
+ &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = write_new_general_name(ext, "", type, data_string);
+ if (result < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return result;
+ }
- result = _gnutls_x509_der_encode( ext, "", der_ext, 0);
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
- asn1_delete_structure(&ext);
+ asn1_delete_structure(&ext);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/* generate the SubjectKeyID in a DER encoded extension
*/
-int _gnutls_x509_ext_gen_key_id(const void* id, size_t id_size, gnutls_datum* der_ext)
+int _gnutls_x509_ext_gen_key_id(const void *id, size_t id_size,
+ gnutls_datum * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.SubjectKeyIdentifier", &ext);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = asn1_write_value(ext, "", id, id_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&ext);
- return _gnutls_asn2err(result);
- }
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.SubjectKeyIdentifier", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "", id, id_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
- result = _gnutls_x509_der_encode( ext, "", der_ext, 0);
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
- asn1_delete_structure(&ext);
+ asn1_delete_structure(&ext);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/* generate the AuthorityKeyID in a DER encoded extension
*/
-int _gnutls_x509_ext_gen_auth_key_id(const void* id, size_t id_size, gnutls_datum* der_ext)
+int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size,
+ gnutls_datum * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", &ext);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = asn1_write_value(ext, "keyIdentifier", id, id_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&ext);
- return _gnutls_asn2err(result);
- }
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.AuthorityKeyIdentifier", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(ext, "keyIdentifier", id, id_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&ext);
+ return _gnutls_asn2err(result);
+ }
- asn1_write_value(ext, "authorityCertIssuer", NULL, 0);
- asn1_write_value(ext, "authorityCertSerialNumber", NULL, 0);
+ asn1_write_value(ext, "authorityCertIssuer", NULL, 0);
+ asn1_write_value(ext, "authorityCertSerialNumber", NULL, 0);
- result = _gnutls_x509_der_encode( ext, "", der_ext, 0);
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
- asn1_delete_structure(&ext);
+ asn1_delete_structure(&ext);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
@@ -716,85 +747,93 @@ int _gnutls_x509_ext_gen_auth_key_id(const void* id, size_t id_size, gnutls_datu
* reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*.
*
*/
-int _gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name type,
- const void* data_string, unsigned int reason_flags, gnutls_datum* der_ext)
+int _gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name type,
+ const void *data_string,
+ unsigned int reason_flags,
+ gnutls_datum * der_ext)
{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- gnutls_datum gnames = {NULL, 0};
- int result;
- uint8 reasons[2];
-
- reasons[0] = reason_flags & 0xff;
- reasons[1] = reason_flags >> 8;
-
- result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.CRLDistributionPoints", &ext);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = asn1_write_value( ext, "", "NEW", 1);
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ gnutls_datum gnames = { NULL, 0 };
+ int result;
+ uint8 reasons[2];
+
+ reasons[0] = reason_flags & 0xff;
+ reasons[1] = reason_flags >> 8;
+
+ result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.CRLDistributionPoints", &ext);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value(ext, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (reason_flags) {
+ result = asn1_write_value(ext, "?LAST.reasons", reasons, 9);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if (reason_flags) {
- result = asn1_write_value( ext, "?LAST.reasons", reasons, 9);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
- } else {
- result = asn1_write_value( ext, "?LAST.reasons", NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
-
- result = asn1_write_value( ext, "?LAST.cRLIssuer", NULL, 0);
+ } else {
+ result = asn1_write_value(ext, "?LAST.reasons", NULL, 0);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+ }
+
+ result = asn1_write_value(ext, "?LAST.cRLIssuer", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
#if 0
- /* When used as type CHOICE.
- */
- result = asn1_write_value( ext, "?LAST.distributionPoint", "fullName", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ /* When used as type CHOICE.
+ */
+ result =
+ asn1_write_value(ext, "?LAST.distributionPoint", "fullName", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
#endif
- asn1_write_value( ext, "?LAST.distributionPoint.nameRelativeToCRLIssuer", NULL, 0);
+ asn1_write_value(ext,
+ "?LAST.distributionPoint.nameRelativeToCRLIssuer",
+ NULL, 0);
- result = write_new_general_name(ext, "?LAST.distributionPoint.fullName", type, data_string);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ result =
+ write_new_general_name(ext, "?LAST.distributionPoint.fullName",
+ type, data_string);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = _gnutls_x509_der_encode( ext, "", der_ext, 0);
+ result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = 0;
+ result = 0;
-cleanup:
- _gnutls_free_datum( &gnames);
- asn1_delete_structure(&ext);
+ cleanup:
+ _gnutls_free_datum(&gnames);
+ asn1_delete_structure(&ext);
- return result;
+ return result;
}
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index 7a0604ccd3..f7ea8ac213 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -37,43 +37,42 @@
*/
int _gnutls_x509_read_rsa_params(opaque * der, int dersize, mpi_t * params)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if ((result=asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk))
- != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- result = asn1_der_decoding(&spk, der, dersize, NULL);
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&spk);
- return _gnutls_asn2err(result);
- }
+ result = asn1_der_decoding(&spk, der, dersize, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
- if ( (result=_gnutls_x509_read_int( spk, "modulus",
- &params[0])) < 0) {
- gnutls_assert();
- asn1_delete_structure(&spk);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
- if ( (result=_gnutls_x509_read_int( spk, "publicExponent",
- &params[1])) < 0) {
- gnutls_assert();
- _gnutls_mpi_release(&params[0]);
- asn1_delete_structure(&spk);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
+ if ((result = _gnutls_x509_read_int(spk, "modulus", &params[0])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+ if ((result = _gnutls_x509_read_int(spk, "publicExponent",
+ &params[1])) < 0) {
+ gnutls_assert();
+ _gnutls_mpi_release(&params[0]);
asn1_delete_structure(&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
- return 0;
+ asn1_delete_structure(&spk);
+
+ return 0;
}
@@ -84,59 +83,58 @@ int _gnutls_x509_read_rsa_params(opaque * der, int dersize, mpi_t * params)
*/
int _gnutls_x509_read_dsa_params(opaque * der, int dersize, mpi_t * params)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.Dss-Parms", &spk
- )) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- result = asn1_der_decoding(&spk, der, dersize, NULL);
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.Dss-Parms", &spk)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&spk);
- return _gnutls_asn2err(result);
- }
+ result = asn1_der_decoding(&spk, der, dersize, NULL);
- /* FIXME: If the parameters are not included in the certificate
- * then the issuer's parameters should be used. This is not
- * done yet.
- */
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
- /* Read p */
+ /* FIXME: If the parameters are not included in the certificate
+ * then the issuer's parameters should be used. This is not
+ * done yet.
+ */
- if ( (result=_gnutls_x509_read_int( spk, "p", &params[0])) < 0) {
- gnutls_assert();
- asn1_delete_structure(&spk);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
+ /* Read p */
- /* Read q */
+ if ((result = _gnutls_x509_read_int(spk, "p", &params[0])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
- if ( (result=_gnutls_x509_read_int( spk, "q", &params[1])) < 0) {
- gnutls_assert();
- asn1_delete_structure(&spk);
- _gnutls_mpi_release(&params[0]);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
+ /* Read q */
- /* Read g */
-
- if ( (result=_gnutls_x509_read_int( spk, "g", &params[2])) < 0) {
- gnutls_assert();
- asn1_delete_structure(&spk);
- _gnutls_mpi_release(&params[0]);
- _gnutls_mpi_release(&params[1]);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
+ if ((result = _gnutls_x509_read_int(spk, "q", &params[1])) < 0) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ _gnutls_mpi_release(&params[0]);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+ /* Read g */
+
+ if ((result = _gnutls_x509_read_int(spk, "g", &params[2])) < 0) {
+ gnutls_assert();
asn1_delete_structure(&spk);
+ _gnutls_mpi_release(&params[0]);
+ _gnutls_mpi_release(&params[1]);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
- return 0;
+ asn1_delete_structure(&spk);
+
+ return 0;
}
@@ -146,133 +144,132 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, mpi_t * params)
*/
int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, mpi_t * params)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- if ( (result=asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", &spk
- )) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- result = asn1_der_decoding(&spk, der, dersize, NULL);
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey",
+ &spk)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&spk);
- return _gnutls_asn2err(result);
- }
+ result = asn1_der_decoding(&spk, der, dersize, NULL);
- /* Read Y */
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
- if ( (result=_gnutls_x509_read_int( spk, "", &params[3])) < 0) {
- gnutls_assert();
- asn1_delete_structure(&spk);
- return _gnutls_asn2err(result);
- }
+ /* Read Y */
+ if ((result = _gnutls_x509_read_int(spk, "", &params[3])) < 0) {
+ gnutls_assert();
asn1_delete_structure(&spk);
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ asn1_delete_structure(&spk);
+
+ return 0;
}
/* Extracts DSA and RSA parameters from a certificate.
*/
-int _gnutls_x509_crt_get_mpis( gnutls_x509_crt cert,
- mpi_t* params, int *params_size)
+int _gnutls_x509_crt_get_mpis(gnutls_x509_crt cert,
+ mpi_t * params, int *params_size)
{
-int len, result;
-opaque str[5*1024];
-int pk_algorithm;
+ int len, result;
+ opaque str[5 * 1024];
+ int pk_algorithm;
+
+ /* Read the algorithm's OID
+ */
+ pk_algorithm = gnutls_x509_crt_get_pk_algorithm(cert, NULL);
+
+ /* Read the algorithm's parameters
+ */
+ len = sizeof(str);
+ result = asn1_read_value(cert->cert,
+ "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey",
+ str, &len);
+ len /= 8;
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ switch (pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ /* params[0] is the modulus,
+ * params[1] is the exponent
+ */
+ if (*params_size < RSA_PUBLIC_PARAMS) {
+ gnutls_assert();
+ /* internal error. Increase the mpi_ts in params */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((result = _gnutls_x509_read_rsa_params(str, len, params)) < 0) {
+ gnutls_assert();
+ return result;
+ }
+ *params_size = RSA_PUBLIC_PARAMS;
- /* Read the algorithm's OID
+ return 0;
+ break;
+ case GNUTLS_PK_DSA:
+ /* params[0] is p,
+ * params[1] is q,
+ * params[2] is q,
+ * params[3] is pub.
*/
- pk_algorithm = gnutls_x509_crt_get_pk_algorithm(cert, NULL);
- /* Read the algorithm's parameters
+ if (*params_size < DSA_PUBLIC_PARAMS) {
+ gnutls_assert();
+ /* internal error. Increase the mpi_ts in params */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((result = _gnutls_x509_read_dsa_pubkey(str, len, params)) < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Now read the parameters
*/
+
len = sizeof(str);
- result = asn1_read_value(cert->cert,
- "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", str, &len);
- len /= 8;
+ result = asn1_read_value(cert->cert,
+ "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters",
+ str, &len);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
- switch( pk_algorithm) {
- case GNUTLS_PK_RSA:
- /* params[0] is the modulus,
- * params[1] is the exponent
- */
- if ( *params_size < RSA_PUBLIC_PARAMS) {
- gnutls_assert();
- /* internal error. Increase the mpi_ts in params */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if ((result =
- _gnutls_x509_read_rsa_params( str, len, params)) < 0) {
- gnutls_assert();
- return result;
- }
- *params_size = RSA_PUBLIC_PARAMS;
-
- return 0;
- break;
- case GNUTLS_PK_DSA:
- /* params[0] is p,
- * params[1] is q,
- * params[2] is q,
- * params[3] is pub.
- */
-
- if ( *params_size < DSA_PUBLIC_PARAMS) {
- gnutls_assert();
- /* internal error. Increase the mpi_ts in params */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if ((result =
- _gnutls_x509_read_dsa_pubkey( str, len, params)) < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Now read the parameters
- */
-
- len = sizeof(str);
- result = asn1_read_value(cert->cert,
- "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters", str, &len);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- if ((result =
- _gnutls_x509_read_dsa_params(str, len, params)) < 0) {
- gnutls_assert();
- return result;
- }
- *params_size = DSA_PUBLIC_PARAMS;
-
- return 0;
- break;
-
- default:
- /* other types like DH
- * currently not supported
- */
- gnutls_assert();
-
- return GNUTLS_E_X509_CERTIFICATE_ERROR;
+ if ((result = _gnutls_x509_read_dsa_params(str, len, params)) < 0) {
+ gnutls_assert();
+ return result;
}
+ *params_size = DSA_PUBLIC_PARAMS;
+
+ return 0;
+ break;
+
+ default:
+ /* other types like DH
+ * currently not supported
+ */
+ gnutls_assert();
+
+ return GNUTLS_E_X509_CERTIFICATE_ERROR;
+ }
}
/*
@@ -282,115 +279,116 @@ int pk_algorithm;
*
* Allocates the space used to store the DER data.
*/
-int _gnutls_x509_write_rsa_params( mpi_t * params, int params_size,
- gnutls_datum* der)
+int _gnutls_x509_write_rsa_params(mpi_t * params, int params_size,
+ gnutls_datum * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- der->data = NULL;
- der->size = 0;
-
- if (params_size < 2) {
- gnutls_assert();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- if ((result=asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk))
- != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_x509_write_int( spk, "modulus", params[0], 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_int( spk, "publicExponent", params[1], 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode( spk, "", der, 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- asn1_delete_structure(&spk);
- return 0;
-
-cleanup:
- asn1_delete_structure(&spk);
-
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params_size < 2) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_int(spk, "modulus", params[0], 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_int(spk, "publicExponent", params[1], 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&spk);
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+
+ return result;
}
/*
* This function writes and encodes the parameters for DSS or RSA keys.
* This is the "signatureAlgorithm" fields.
*/
-int _gnutls_x509_write_sig_params( ASN1_TYPE dst, const char* dst_name,
- gnutls_pk_algorithm pk_algorithm, mpi_t * params, int params_size)
+int _gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name,
+ gnutls_pk_algorithm pk_algorithm,
+ mpi_t * params, int params_size)
{
-gnutls_datum der;
-int result;
-char name[128];
-const char* pk;
-
- _gnutls_str_cpy( name, sizeof(name), dst_name);
- _gnutls_str_cat( name, sizeof(name), ".algorithm");
-
- pk = _gnutls_x509_sign_to_oid( pk_algorithm, GNUTLS_MAC_SHA);
- if (pk == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ gnutls_datum der;
+ int result;
+ char name[128];
+ const char *pk;
+
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".algorithm");
+
+ pk = _gnutls_x509_sign_to_oid(pk_algorithm, GNUTLS_MAC_SHA);
+ if (pk == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* write the OID.
+ */
+ result = asn1_write_value(dst, name, pk, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+
+ _gnutls_str_cpy(name, sizeof(name), dst_name);
+ _gnutls_str_cat(name, sizeof(name), ".parameters");
+
+ if (pk_algorithm == GNUTLS_PK_DSA) {
+ result = _gnutls_x509_write_dsa_params(params, params_size, &der);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
}
-
- /* write the OID.
- */
- result = asn1_write_value( dst, name, pk, 1);
+
+ result = asn1_write_value(dst, name, der.data, der.size);
+ _gnutls_free_datum(&der);
+
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
+ } else { /* RSA */
+ result = asn1_write_value(dst, name, NULL, 0);
-
- _gnutls_str_cpy( name, sizeof(name), dst_name);
- _gnutls_str_cat( name, sizeof(name), ".parameters");
-
- if (pk_algorithm == GNUTLS_PK_DSA) {
- result = _gnutls_x509_write_dsa_params( params, params_size, &der);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- result = asn1_write_value( dst, name, der.data, der.size);
- _gnutls_free_datum( &der);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
- } else { /* RSA */
- result = asn1_write_value( dst, name, NULL, 0);
-
- if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) {
- /* Here we ignore the element not found error, since this
- * may have been disabled before.
- */
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) {
+ /* Here we ignore the element not found error, since this
+ * may have been disabled before.
+ */
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
+ }
- return 0;
+ return 0;
}
/*
@@ -399,58 +397,58 @@ const char* pk;
*
* Allocates the space used to store the DER data.
*/
-int _gnutls_x509_write_dsa_params( mpi_t * params, int params_size,
- gnutls_datum* der)
+int _gnutls_x509_write_dsa_params(mpi_t * params, int params_size,
+ gnutls_datum * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- der->data = NULL;
- der->size = 0;
-
- if (params_size < 3) {
- gnutls_assert();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- if ((result=asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.DSAParameters", &spk))
- != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_x509_write_int( spk, "p", params[0], 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_int( spk, "q", params[1], 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_write_int( spk, "g", params[2], 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode( spk, "", der, 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- asn1_delete_structure(&spk);
- return 0;
-
-cleanup:
- asn1_delete_structure(&spk);
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params_size < 3) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAParameters", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_int(spk, "p", params[0], 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_int(spk, "q", params[1], 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_int(spk, "g", params[2], 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&spk);
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+ return result;
}
/*
@@ -459,46 +457,46 @@ cleanup:
*
* Allocates the space used to store the DER data.
*/
-int _gnutls_x509_write_dsa_public_key( mpi_t * params, int params_size,
- gnutls_datum* der)
+int _gnutls_x509_write_dsa_public_key(mpi_t * params, int params_size,
+ gnutls_datum * der)
{
- int result;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-
- der->data = NULL;
- der->size = 0;
-
- if (params_size < 3) {
- gnutls_assert();
- result = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- if ((result=asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", &spk))
- != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_x509_write_int( spk, "", params[3], 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode( spk, "", der, 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- asn1_delete_structure(&spk);
- return 0;
-
-cleanup:
- asn1_delete_structure(&spk);
- return result;
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params_size < 3) {
+ gnutls_assert();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", &spk))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_write_int(spk, "", params[3], 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode(spk, "", der, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&spk);
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(&spk);
+ return result;
}
@@ -506,66 +504,66 @@ cleanup:
* from asn1 structs. Combines the read and the convertion
* steps.
*/
-int _gnutls_x509_read_uint( ASN1_TYPE node, const char* value,
- unsigned int* ret)
+int _gnutls_x509_read_uint(ASN1_TYPE node, const char *value,
+ unsigned int *ret)
{
-int len, result;
-opaque* tmpstr;
-
- len = 0;
- result = asn1_read_value( node, value, NULL, &len);
- if (result != ASN1_MEM_ERROR) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- tmpstr = gnutls_alloca( len);
- if (tmpstr==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_read_value( node, value, tmpstr, &len);
-
- gnutls_afree( tmpstr);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- if (len == 1)
- *ret = tmpstr[0];
- else if (len == 2)
- *ret = _gnutls_read_uint16(tmpstr);
- else if (len == 3)
- *ret = _gnutls_read_uint24(tmpstr);
- else if (len == 4)
- *ret = _gnutls_read_uint32(tmpstr);
- else {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- return 0;
+ int len, result;
+ opaque *tmpstr;
+
+ len = 0;
+ result = asn1_read_value(node, value, NULL, &len);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ tmpstr = gnutls_alloca(len);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value(node, value, tmpstr, &len);
+
+ gnutls_afree(tmpstr);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (len == 1)
+ *ret = tmpstr[0];
+ else if (len == 2)
+ *ret = _gnutls_read_uint16(tmpstr);
+ else if (len == 3)
+ *ret = _gnutls_read_uint24(tmpstr);
+ else if (len == 4)
+ *ret = _gnutls_read_uint32(tmpstr);
+ else {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return 0;
}
/* Writes the specified integer into the specified node.
*/
-int _gnutls_x509_write_uint32( ASN1_TYPE node, const char* value, uint32 num)
+int _gnutls_x509_write_uint32(ASN1_TYPE node, const char *value,
+ uint32 num)
{
-opaque tmpstr[4];
-int result;
+ opaque tmpstr[4];
+ int result;
- _gnutls_write_uint32(num, tmpstr);
+ _gnutls_write_uint32(num, tmpstr);
- result = asn1_write_value( node, value, tmpstr, 4);
+ result = asn1_write_value(node, value, tmpstr, 4);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
-
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 0b9c0253c9..ee48262401 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -44,69 +44,73 @@
* which holds them. Returns an ASN1_TYPE of authenticatedSafe.
*/
static
-int _decode_pkcs12_auth_safe( ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, gnutls_datum* raw)
+int _decode_pkcs12_auth_safe(ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe,
+ gnutls_datum * raw)
{
-char oid[128];
-ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-gnutls_datum auth_safe = { NULL, 0 };
-int tmp_size, len, result;
-
- len = sizeof(oid) - 1;
- result = asn1_read_value(pkcs12, "authSafe.contentType", oid, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- if ( strcmp( oid, DATA_OID) != 0) {
- gnutls_assert();
- _gnutls_x509_log( "Unknown PKCS12 Content OID '%s'\n", oid);
- return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
- }
-
- /* Step 1. Read the content data
- */
-
- tmp_size = 0;
- result = _gnutls_x509_read_value(pkcs12, "authSafe.content", &auth_safe, 1);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- /* Step 2. Extract the authenticatedSafe.
- */
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = asn1_der_decoding(&c2, auth_safe.data, auth_safe.size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if (raw == NULL) {
- _gnutls_free_datum(&auth_safe);
- } else {
- raw->data = auth_safe.data;
- raw->size = auth_safe.size;
- }
-
- if (authen_safe)
- *authen_safe = c2;
-
- return 0;
-
- cleanup:
- if (c2) asn1_delete_structure(&c2);
- _gnutls_free_datum( &auth_safe);
- return result;
+ char oid[128];
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_datum auth_safe = { NULL, 0 };
+ int tmp_size, len, result;
+
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(pkcs12, "authSafe.contentType", oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (strcmp(oid, DATA_OID) != 0) {
+ gnutls_assert();
+ _gnutls_x509_log("Unknown PKCS12 Content OID '%s'\n", oid);
+ return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
+ }
+
+ /* Step 1. Read the content data
+ */
+
+ tmp_size = 0;
+ result =
+ _gnutls_x509_read_value(pkcs12, "authSafe.content", &auth_safe, 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Step 2. Extract the authenticatedSafe.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding(&c2, auth_safe.data, auth_safe.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (raw == NULL) {
+ _gnutls_free_datum(&auth_safe);
+ } else {
+ raw->data = auth_safe.data;
+ raw->size = auth_safe.size;
+ }
+
+ if (authen_safe)
+ *authen_safe = c2;
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ _gnutls_free_datum(&auth_safe);
+ return result;
}
/**
@@ -122,20 +126,20 @@ int tmp_size, len, result;
**/
int gnutls_pkcs12_init(gnutls_pkcs12 * pkcs12)
{
- *pkcs12 = gnutls_calloc( 1, sizeof(gnutls_pkcs12_int));
-
- if (*pkcs12) {
- int result = asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-12-PFX",
- &(*pkcs12)->pkcs12);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_free( *pkcs12);
- return _gnutls_asn2err(result);
- }
- return 0; /* success */
+ *pkcs12 = gnutls_calloc(1, sizeof(gnutls_pkcs12_int));
+
+ if (*pkcs12) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-PFX",
+ &(*pkcs12)->pkcs12);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*pkcs12);
+ return _gnutls_asn2err(result);
}
- return GNUTLS_E_MEMORY_ERROR;
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -147,12 +151,13 @@ int gnutls_pkcs12_init(gnutls_pkcs12 * pkcs12)
**/
void gnutls_pkcs12_deinit(gnutls_pkcs12 pkcs12)
{
- if (!pkcs12) return;
+ if (!pkcs12)
+ return;
- if (pkcs12->pkcs12)
- asn1_delete_structure(&pkcs12->pkcs12);
+ if (pkcs12->pkcs12)
+ asn1_delete_structure(&pkcs12->pkcs12);
- gnutls_free(pkcs12);
+ gnutls_free(pkcs12);
}
/**
@@ -171,53 +176,57 @@ void gnutls_pkcs12_deinit(gnutls_pkcs12 pkcs12)
*
**/
int gnutls_pkcs12_import(gnutls_pkcs12 pkcs12, const gnutls_datum * data,
- gnutls_x509_crt_fmt format, unsigned int flags)
+ gnutls_x509_crt_fmt format, unsigned int flags)
{
- int result = 0, need_free = 0;
- gnutls_datum _data;
-
- _data.data = data->data;
- _data.size = data->size;
+ int result = 0, need_free = 0;
+ gnutls_datum _data;
- if (pkcs12==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ _data.data = data->data;
+ _data.size = data->size;
- /* If the PKCS12 is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM) {
- opaque *out;
-
- result = _gnutls_fbase64_decode(PEM_PKCS12, data->data, data->size,
- &out);
-
- if (result <= 0) {
- if (result==0) result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert();
- return result;
- }
-
- _data.data = out;
- _data.size = result;
-
- need_free = 1;
- }
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = asn1_der_decoding(&pkcs12->pkcs12, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS) {
- result = _gnutls_asn2err(result);
- gnutls_assert();
- goto cleanup;
+ /* If the PKCS12 is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ opaque *out;
+
+ result = _gnutls_fbase64_decode(PEM_PKCS12, data->data, data->size,
+ &out);
+
+ if (result <= 0) {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert();
+ return result;
}
- if (need_free) _gnutls_free_datum( &_data);
+ _data.data = out;
+ _data.size = result;
- return 0;
+ need_free = 1;
+ }
- cleanup:
- if (need_free) _gnutls_free_datum( &_data);
- return result;
+ result =
+ asn1_der_decoding(&pkcs12->pkcs12, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
@@ -240,240 +249,254 @@ int gnutls_pkcs12_import(gnutls_pkcs12 pkcs12, const gnutls_datum * data,
* 0 on success.
*
**/
-int gnutls_pkcs12_export( gnutls_pkcs12 pkcs12,
- gnutls_x509_crt_fmt format, void* output_data, size_t* output_data_size)
+int gnutls_pkcs12_export(gnutls_pkcs12 pkcs12,
+ gnutls_x509_crt_fmt format, void *output_data,
+ size_t * output_data_size)
{
- if (pkcs12==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_export_int( pkcs12->pkcs12, format, PEM_PKCS12, *output_data_size,
- output_data, output_data_size);
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int(pkcs12->pkcs12, format, PEM_PKCS12,
+ *output_data_size, output_data,
+ output_data_size);
}
-static int oid2bag( const char* oid)
+static int oid2bag(const char *oid)
{
- if (strcmp(oid, BAG_PKCS8_KEY)==0)
- return GNUTLS_BAG_PKCS8_KEY;
- if (strcmp(oid, BAG_PKCS8_ENCRYPTED_KEY)==0)
- return GNUTLS_BAG_PKCS8_ENCRYPTED_KEY;
- if (strcmp(oid, BAG_CERTIFICATE)==0)
- return GNUTLS_BAG_CERTIFICATE;
- if (strcmp(oid, BAG_CRL)==0)
- return GNUTLS_BAG_CRL;
-
- return GNUTLS_BAG_UNKNOWN;
+ if (strcmp(oid, BAG_PKCS8_KEY) == 0)
+ return GNUTLS_BAG_PKCS8_KEY;
+ if (strcmp(oid, BAG_PKCS8_ENCRYPTED_KEY) == 0)
+ return GNUTLS_BAG_PKCS8_ENCRYPTED_KEY;
+ if (strcmp(oid, BAG_CERTIFICATE) == 0)
+ return GNUTLS_BAG_CERTIFICATE;
+ if (strcmp(oid, BAG_CRL) == 0)
+ return GNUTLS_BAG_CRL;
+
+ return GNUTLS_BAG_UNKNOWN;
}
-static const char* bag_to_oid( int bag)
+static const char *bag_to_oid(int bag)
{
- switch (bag) {
- case GNUTLS_BAG_PKCS8_KEY:
- return BAG_PKCS8_KEY;
- case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
- return BAG_PKCS8_ENCRYPTED_KEY;
- case GNUTLS_BAG_CERTIFICATE:
- return BAG_CERTIFICATE;
- case GNUTLS_BAG_CRL:
- return BAG_CRL;
- }
- return NULL;
+ switch (bag) {
+ case GNUTLS_BAG_PKCS8_KEY:
+ return BAG_PKCS8_KEY;
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ return BAG_PKCS8_ENCRYPTED_KEY;
+ case GNUTLS_BAG_CERTIFICATE:
+ return BAG_CERTIFICATE;
+ case GNUTLS_BAG_CRL:
+ return BAG_CRL;
+ }
+ return NULL;
}
-static inline
-char* ucs2_to_ascii( char* data, int size) {
-int i;
+static inline char *ucs2_to_ascii(char *data, int size)
+{
+ int i;
+
+ for (i = 0; i < size / 2; i++)
+ data[i] = data[i * 2 + 1];
+ data[i] = 0;
- for (i=0;i<size/2;i++)
- data[i] = data[i*2 + 1];
- data[i] = 0;
-
- return data;
+ return data;
}
/* Decodes the SafeContents, and puts the output in
* the given bag.
*/
int
-_pkcs12_decode_safe_contents( const gnutls_datum* content, gnutls_pkcs12_bag bag)
+_pkcs12_decode_safe_contents(const gnutls_datum * content,
+ gnutls_pkcs12_bag bag)
{
-char oid[128], root[128];
-ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-int len, result;
-int bag_type;
-gnutls_datum attr_val;
-int count = 0, i, attributes, j;
-char counter[MAX_INT_DIGITS];
-
- /* Step 1. Extract the SEQUENCE.
- */
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ char oid[128], root[128];
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int len, result;
+ int bag_type;
+ gnutls_datum attr_val;
+ int count = 0, i, attributes, j;
+ char counter[MAX_INT_DIGITS];
+
+ /* Step 1. Extract the SEQUENCE.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding(&c2, content->data, content->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Count the number of bags
+ */
+ result = asn1_number_of_elements(c2, "", &count);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ bag->bag_elements = GMIN(MAX_BAG_ELEMENTS, count);
+
+ for (i = 0; i < bag->bag_elements; i++) {
+
+ _gnutls_str_cpy(root, sizeof(root), "?");
+ _gnutls_int2str(i + 1, counter);
+ _gnutls_str_cat(root, sizeof(root), counter);
+ _gnutls_str_cat(root, sizeof(root), ".bagId");
+
+ len = sizeof(oid);
+ result = asn1_read_value(c2, root, oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
- result = asn1_der_decoding(&c2, content->data, content->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ /* Read the Bag type
+ */
+ bag_type = oid2bag(oid);
+
+ if (bag_type < 0) {
+ gnutls_assert();
+ goto cleanup;
}
- /* Count the number of bags
+ /* Read the Bag Value
*/
- result = asn1_number_of_elements( c2, "", &count);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+
+ _gnutls_str_cpy(root, sizeof(root), "?");
+ _gnutls_int2str(i + 1, counter);
+ _gnutls_str_cat(root, sizeof(root), counter);
+ _gnutls_str_cat(root, sizeof(root), ".bagValue");
+
+ result =
+ _gnutls_x509_read_value(c2, root, &bag->element[i].data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
}
- bag->bag_elements = GMIN(MAX_BAG_ELEMENTS, count);
+ if (bag_type == GNUTLS_BAG_CERTIFICATE ||
+ bag_type == GNUTLS_BAG_CRL) {
+ gnutls_datum tmp = bag->element[i].data;
- for (i=0;i<bag->bag_elements;i++) {
+ result =
+ _pkcs12_decode_crt_bag(bag_type, &tmp,
+ &bag->element[i].data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- _gnutls_str_cpy( root, sizeof(root), "?");
- _gnutls_int2str( i+1, counter);
- _gnutls_str_cat( root, sizeof(root), counter);
- _gnutls_str_cat( root, sizeof(root), ".bagId");
+ _gnutls_free_datum(&tmp);
+ }
- len = sizeof(oid);
- result = asn1_read_value(c2, root, oid, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ /* read the bag attributes
+ */
+ _gnutls_str_cpy(root, sizeof(root), "?");
+ _gnutls_int2str(i + 1, counter);
+ _gnutls_str_cat(root, sizeof(root), counter);
+ _gnutls_str_cat(root, sizeof(root), ".bagAttributes");
+
+ result = asn1_number_of_elements(c2, root, &attributes);
+ if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- /* Read the Bag type
- */
- bag_type = oid2bag( oid);
-
- if (bag_type < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ if (attributes < 0)
+ attributes = 1;
+
+ if (result != ASN1_ELEMENT_NOT_FOUND)
+ for (j = 0; j < attributes; j++) {
- /* Read the Bag Value
- */
+ _gnutls_str_cpy(root, sizeof(root), "?");
+ _gnutls_int2str(i + 1, counter);
+ _gnutls_str_cat(root, sizeof(root), counter);
+ _gnutls_str_cat(root, sizeof(root), ".bagAttributes.?");
+ _gnutls_int2str(j + 1, counter);
+ _gnutls_str_cat(root, sizeof(root), counter);
- _gnutls_str_cpy( root, sizeof(root), "?");
- _gnutls_int2str( i+1, counter);
- _gnutls_str_cat( root, sizeof(root), counter);
- _gnutls_str_cat( root, sizeof(root), ".bagValue");
+ result =
+ _gnutls_x509_decode_and_read_attribute(c2, root, oid,
+ sizeof(oid),
+ &attr_val, 1);
- result = _gnutls_x509_read_value( c2, root, &bag->element[i].data, 0);
if (result < 0) {
- gnutls_assert();
- goto cleanup;
+ gnutls_assert();
+ goto cleanup;
}
- if (bag_type == GNUTLS_BAG_CERTIFICATE ||
- bag_type == GNUTLS_BAG_CRL) {
- gnutls_datum tmp = bag->element[i].data;
-
- result = _pkcs12_decode_crt_bag( bag_type, &tmp, &bag->element[i].data);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- _gnutls_free_datum( &tmp);
- }
- /* read the bag attributes
- */
- _gnutls_str_cpy( root, sizeof(root), "?");
- _gnutls_int2str( i+1, counter);
- _gnutls_str_cat( root, sizeof(root), counter);
- _gnutls_str_cat( root, sizeof(root), ".bagAttributes");
-
- result = asn1_number_of_elements( c2, root, &attributes);
- if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ if (strcmp(oid, KEY_ID_OID) == 0)
+ bag->element[i].local_key_id = attr_val;
+ else if (strcmp(oid, FRIENDLY_NAME_OID) == 0)
+ bag->element[i].friendly_name =
+ ucs2_to_ascii(attr_val.data, attr_val.size);
+ else {
+ _gnutls_x509_log
+ ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid);
}
+ }
- if (attributes < 0) attributes = 1;
-
- if (result != ASN1_ELEMENT_NOT_FOUND)
- for (j=0;j<attributes;j++) {
-
- _gnutls_str_cpy( root, sizeof(root), "?");
- _gnutls_int2str( i+1, counter);
- _gnutls_str_cat( root, sizeof(root), counter);
- _gnutls_str_cat( root, sizeof(root), ".bagAttributes.?");
- _gnutls_int2str( j+1, counter);
- _gnutls_str_cat( root, sizeof(root), counter);
-
- result = _gnutls_x509_decode_and_read_attribute(
- c2, root, oid, sizeof(oid), &attr_val, 1);
-
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
-
- if (strcmp( oid, KEY_ID_OID)==0)
- bag->element[i].local_key_id = attr_val;
- else if (strcmp( oid, FRIENDLY_NAME_OID)==0)
- bag->element[i].friendly_name = ucs2_to_ascii( attr_val.data, attr_val.size);
- else {
- _gnutls_x509_log( "Unknown PKCS12 Bag Attribute OID '%s'\n", oid);
- }
- }
-
- bag->element[i].type = bag_type;
-
- }
+ bag->element[i].type = bag_type;
- asn1_delete_structure(&c2);
+ }
+ asn1_delete_structure(&c2);
- return 0;
- cleanup:
- if (c2) asn1_delete_structure(&c2);
- return result;
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
static
-int _parse_safe_contents( ASN1_TYPE sc, const char* sc_name, gnutls_pkcs12_bag bag)
+int _parse_safe_contents(ASN1_TYPE sc, const char *sc_name,
+ gnutls_pkcs12_bag bag)
{
-gnutls_datum content = { NULL, 0 };
-int result;
+ gnutls_datum content = { NULL, 0 };
+ int result;
- /* Step 1. Extract the content.
- */
+ /* Step 1. Extract the content.
+ */
- result = _gnutls_x509_read_value(sc, sc_name, &content, 1);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ result = _gnutls_x509_read_value(sc, sc_name, &content, 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = _pkcs12_decode_safe_contents( &content, bag);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ result = _pkcs12_decode_safe_contents(&content, bag);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- _gnutls_free_datum( &content);
+ _gnutls_free_datum(&content);
- return 0;
-
- cleanup:
- _gnutls_free_datum( &content);
- return result;
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&content);
+ return result;
}
@@ -490,133 +513,137 @@ int result;
* will be returned.
*
**/
-int gnutls_pkcs12_get_bag(gnutls_pkcs12 pkcs12,
- int indx, gnutls_pkcs12_bag bag)
+int gnutls_pkcs12_get_bag(gnutls_pkcs12 pkcs12,
+ int indx, gnutls_pkcs12_bag bag)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len;
- char root2[64];
- char oid[128];
- char counter[MAX_INT_DIGITS];
- gnutls_datum tmp = {NULL, 0};
-
- if (pkcs12==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len;
+ char root2[64];
+ char oid[128];
+ char counter[MAX_INT_DIGITS];
+ gnutls_datum tmp = { NULL, 0 };
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Step 1. decode the data.
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Step 1. decode the data.
- */
- result = _decode_pkcs12_auth_safe( pkcs12->pkcs12, &c2, NULL);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Step 2. Parse the AuthenticatedSafe
- */
-
- _gnutls_str_cpy( root2, sizeof(root2), "?");
- _gnutls_int2str( indx+1, counter);
- _gnutls_str_cat( root2, sizeof(root2), counter);
- _gnutls_str_cat( root2, sizeof(root2), ".contentType");
+ /* Step 2. Parse the AuthenticatedSafe
+ */
- len = sizeof(oid) - 1;
+ _gnutls_str_cpy(root2, sizeof(root2), "?");
+ _gnutls_int2str(indx + 1, counter);
+ _gnutls_str_cat(root2, sizeof(root2), counter);
+ _gnutls_str_cat(root2, sizeof(root2), ".contentType");
- result = asn1_read_value(c2, root2, oid, &len);
+ len = sizeof(oid) - 1;
- if (result == ASN1_ELEMENT_NOT_FOUND) {
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto cleanup;
- }
+ result = asn1_read_value(c2, root2, oid, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ if (result == ASN1_ELEMENT_NOT_FOUND) {
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto cleanup;
+ }
- /* Not encrypted Bag
- */
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- _gnutls_str_cpy( root2, sizeof(root2), "?");
- _gnutls_int2str( indx+1, counter);
- _gnutls_str_cat( root2, sizeof(root2), counter);
- _gnutls_str_cat( root2, sizeof(root2), ".content");
+ /* Not encrypted Bag
+ */
- if (strcmp( oid, DATA_OID) == 0) {
- result = _parse_safe_contents( c2, root2, bag);
- goto cleanup;
- }
-
- /* ENC_DATA_OID needs decryption */
+ _gnutls_str_cpy(root2, sizeof(root2), "?");
+ _gnutls_int2str(indx + 1, counter);
+ _gnutls_str_cat(root2, sizeof(root2), counter);
+ _gnutls_str_cat(root2, sizeof(root2), ".content");
- bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
- bag->bag_elements = 1;
+ if (strcmp(oid, DATA_OID) == 0) {
+ result = _parse_safe_contents(c2, root2, bag);
+ goto cleanup;
+ }
- result = _gnutls_x509_read_value( c2, root2, &bag->element[0].data, 0);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ /* ENC_DATA_OID needs decryption */
- return 0;
+ bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
+ bag->bag_elements = 1;
+
+ result = _gnutls_x509_read_value(c2, root2, &bag->element[0].data, 0);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- cleanup:
- _gnutls_free_datum( &tmp);
- if (c2) asn1_delete_structure(&c2);
- return result;
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/* Creates an empty PFX structure for the PKCS12 structure.
*/
static int create_empty_pfx(ASN1_TYPE pkcs12)
{
- uint8 three = 3;
- int result;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- /* Use version 3
- */
- result = asn1_write_value( pkcs12, "version", &three, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Write the content type of the data
- */
- result = asn1_write_value(pkcs12, "authSafe.contentType", DATA_OID, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Check if the authenticatedSafe content is empty, and encode a
- * null one in that case.
- */
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode_and_copy( c2, "", pkcs12, "authSafe.content", 1);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
- asn1_delete_structure( &c2);
-
- return 0;
-
- cleanup:
- asn1_delete_structure( &c2);
- return result;
+ uint8 three = 3;
+ int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ /* Use version 3
+ */
+ result = asn1_write_value(pkcs12, "version", &three, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Write the content type of the data
+ */
+ result = asn1_write_value(pkcs12, "authSafe.contentType", DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Check if the authenticatedSafe content is empty, and encode a
+ * null one in that case.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs12,
+ "authSafe.content", 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(&c2);
+ return result;
}
@@ -631,103 +658,112 @@ static int create_empty_pfx(ASN1_TYPE pkcs12)
**/
int gnutls_pkcs12_set_bag(gnutls_pkcs12 pkcs12, gnutls_pkcs12_bag bag)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
- int result;
- int enc = 0, dum = 1;
- char null;
-
- if (pkcs12==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Step 1. Check if the pkcs12 structure is empty. In that
- * case generate an empty PFX.
- */
- result = asn1_read_value(pkcs12->pkcs12, "authSafe.content", &null, &dum);
- if (result == ASN1_VALUE_NOT_FOUND) {
- result = create_empty_pfx( pkcs12->pkcs12);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
- }
-
- /* Step 2. decode the authenticatedSafe.
- */
- result = _decode_pkcs12_auth_safe( pkcs12->pkcs12, &c2, NULL);
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
+ int result;
+ int enc = 0, dum = 1;
+ char null;
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Step 1. Check if the pkcs12 structure is empty. In that
+ * case generate an empty PFX.
+ */
+ result =
+ asn1_read_value(pkcs12->pkcs12, "authSafe.content", &null, &dum);
+ if (result == ASN1_VALUE_NOT_FOUND) {
+ result = create_empty_pfx(pkcs12->pkcs12);
if (result < 0) {
- gnutls_assert();
- return result;
+ gnutls_assert();
+ return result;
}
+ }
- /* Step 3. Encode the bag elements into a SafeContents
- * structure.
- */
- result = _pkcs12_encode_safe_contents( bag, &safe_cont, &enc);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe
- * structure.
+ /* Step 2. decode the authenticatedSafe.
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 3. Encode the bag elements into a SafeContents
+ * structure.
+ */
+ result = _pkcs12_encode_safe_contents(bag, &safe_cont, &enc);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe
+ * structure.
+ */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (enc)
+ result =
+ asn1_write_value(c2, "?LAST.contentType", ENC_DATA_OID, 1);
+ else
+ result = asn1_write_value(c2, "?LAST.contentType", DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (enc) {
+ /* Encrypted packets are written directly.
*/
- result = asn1_write_value(c2, "", "NEW", 1);
+ result =
+ asn1_write_value(c2, "?LAST.content",
+ bag->element[0].data.data,
+ bag->element[0].data.size);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
-
- if (enc)
- result = asn1_write_value(c2, "?LAST.contentType", ENC_DATA_OID, 1);
- else
- result = asn1_write_value(c2, "?LAST.contentType", DATA_OID, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ } else {
+ result =
+ _gnutls_x509_der_encode_and_copy(safe_cont, "", c2,
+ "?LAST.content", 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
}
+ }
- if (enc) {
- /* Encrypted packets are written directly.
- */
- result = asn1_write_value( c2, "?LAST.content", bag->element[0].data.data, bag->element[0].data.size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
- } else {
- result = _gnutls_x509_der_encode_and_copy( safe_cont, "", c2, "?LAST.content", 1);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
- }
+ asn1_delete_structure(&safe_cont);
- asn1_delete_structure(&safe_cont);
-
- /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
- * structure.
- */
- result = _gnutls_x509_der_encode_and_copy( c2, "", pkcs12->pkcs12, "authSafe.content", 1);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
+ * structure.
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs12->pkcs12,
+ "authSafe.content", 1);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- asn1_delete_structure(&c2);
+ asn1_delete_structure(&c2);
- return 0;
+ return 0;
- cleanup:
- asn1_delete_structure(&c2);
- asn1_delete_structure(&safe_cont);
- return result;
+ cleanup:
+ asn1_delete_structure(&c2);
+ asn1_delete_structure(&safe_cont);
+ return result;
}
/**
@@ -739,102 +775,114 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12 pkcs12, gnutls_pkcs12_bag bag)
* Returns 0 on success.
*
**/
-int gnutls_pkcs12_generate_mac(gnutls_pkcs12 pkcs12, const char* pass)
+int gnutls_pkcs12_generate_mac(gnutls_pkcs12 pkcs12, const char *pass)
{
- opaque salt[8], key[20];
- int result;
- const int iter = 1;
- mac_hd_t td1 = NULL;
- gnutls_datum tmp = {NULL, 0};
- opaque sha_mac[20];
-
- if (pkcs12==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Generate the salt.
- */
- _gnutls_get_random(salt, sizeof(salt), GNUTLS_WEAK_RANDOM);
-
- /* Write the salt into the structure.
- */
- result = asn1_write_value(pkcs12->pkcs12, "macData.macSalt", salt, sizeof(salt));
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* write the iterations
- */
-
- if (iter > 1) {
- result = _gnutls_x509_write_uint32( pkcs12->pkcs12, "macData.iterations", iter);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- /* Generate the key.
- */
- result = _pkcs12_string_to_key( 3/*MAC*/, salt, sizeof(salt),
- iter, pass, sizeof(key), key);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- /* Get the data to be MACed
- */
- result = _decode_pkcs12_auth_safe( pkcs12->pkcs12, NULL, &tmp);
+ opaque salt[8], key[20];
+ int result;
+ const int iter = 1;
+ mac_hd_t td1 = NULL;
+ gnutls_datum tmp = { NULL, 0 };
+ opaque sha_mac[20];
+
+ if (pkcs12 == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Generate the salt.
+ */
+ _gnutls_get_random(salt, sizeof(salt), GNUTLS_WEAK_RANDOM);
+
+ /* Write the salt into the structure.
+ */
+ result =
+ asn1_write_value(pkcs12->pkcs12, "macData.macSalt", salt,
+ sizeof(salt));
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* write the iterations
+ */
+
+ if (iter > 1) {
+ result =
+ _gnutls_x509_write_uint32(pkcs12->pkcs12, "macData.iterations",
+ iter);
if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- /* MAC the data
- */
- td1 = _gnutls_hmac_init(GNUTLS_MAC_SHA, key, sizeof(key));
- if (td1 == GNUTLS_MAC_FAILED) {
- gnutls_assert();
- result = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- _gnutls_hmac(td1, tmp.data, tmp.size);
- _gnutls_free_datum( &tmp);
-
- _gnutls_hmac_deinit(td1, sha_mac);
-
-
- result = asn1_write_value(pkcs12->pkcs12, "macData.mac.digest", sha_mac, sizeof(sha_mac));
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = asn1_write_value(pkcs12->pkcs12, "macData.mac.digestAlgorithm.parameters", NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ gnutls_assert();
+ goto cleanup;
}
-
- result = asn1_write_value(pkcs12->pkcs12, "macData.mac.digestAlgorithm.algorithm", OID_SHA1, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- return 0;
-
- cleanup:
- _gnutls_free_datum( &tmp);
- return result;
+ }
+
+ /* Generate the key.
+ */
+ result = _pkcs12_string_to_key(3 /*MAC*/, salt, sizeof(salt),
+ iter, pass, sizeof(key), key);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Get the data to be MACed
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, NULL, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* MAC the data
+ */
+ td1 = _gnutls_hmac_init(GNUTLS_MAC_SHA, key, sizeof(key));
+ if (td1 == GNUTLS_MAC_FAILED) {
+ gnutls_assert();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ _gnutls_hmac(td1, tmp.data, tmp.size);
+ _gnutls_free_datum(&tmp);
+
+ _gnutls_hmac_deinit(td1, sha_mac);
+
+
+ result =
+ asn1_write_value(pkcs12->pkcs12, "macData.mac.digest", sha_mac,
+ sizeof(sha_mac));
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(pkcs12->pkcs12,
+ "macData.mac.digestAlgorithm.parameters", NULL,
+ 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(pkcs12->pkcs12,
+ "macData.mac.digestAlgorithm.algorithm", OID_SHA1,
+ 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ return result;
}
/**
@@ -846,181 +894,194 @@ int gnutls_pkcs12_generate_mac(gnutls_pkcs12 pkcs12, const char* pass)
* Returns 0 on success.
*
**/
-int gnutls_pkcs12_verify_mac(gnutls_pkcs12 pkcs12, const char* pass)
+int gnutls_pkcs12_verify_mac(gnutls_pkcs12 pkcs12, const char *pass)
{
- opaque key[20];
- int result;
- unsigned int iter, len;
- mac_hd_t td1 = NULL;
- gnutls_datum tmp = {NULL, 0}, salt = {NULL, 0};
- opaque sha_mac[20];
- opaque sha_mac_orig[20];
-
- if (pkcs12==NULL || pass == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* read the iterations
- */
-
- result = _gnutls_x509_read_uint( pkcs12->pkcs12, "macData.iterations", &iter);
- if (result < 0) {
- iter = 1; /* the default */
- }
+ opaque key[20];
+ int result;
+ unsigned int iter, len;
+ mac_hd_t td1 = NULL;
+ gnutls_datum tmp = { NULL, 0 }, salt = {
+ NULL, 0};
+ opaque sha_mac[20];
+ opaque sha_mac_orig[20];
+
+ if (pkcs12 == NULL || pass == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* read the iterations
+ */
+
+ result =
+ _gnutls_x509_read_uint(pkcs12->pkcs12, "macData.iterations",
+ &iter);
+ if (result < 0) {
+ iter = 1; /* the default */
+ }
+
+
+ /* Read the salt from the structure.
+ */
+ result =
+ _gnutls_x509_read_value(pkcs12->pkcs12, "macData.macSalt", &salt,
+ 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Generate the key.
+ */
+ result = _pkcs12_string_to_key(3 /*MAC*/, salt.data, salt.size,
+ iter, pass, sizeof(key), key);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ _gnutls_free_datum(&salt);
+
+ /* Get the data to be MACed
+ */
+ result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, NULL, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* MAC the data
+ */
+ td1 = _gnutls_hmac_init(GNUTLS_MAC_SHA, key, sizeof(key));
+ if (td1 == GNUTLS_MAC_FAILED) {
+ gnutls_assert();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ _gnutls_hmac(td1, tmp.data, tmp.size);
+ _gnutls_free_datum(&tmp);
+
+ _gnutls_hmac_deinit(td1, sha_mac);
+
+ len = sizeof(sha_mac_orig);
+ result =
+ asn1_read_value(pkcs12->pkcs12, "macData.mac.digest", sha_mac_orig,
+ &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (memcmp(sha_mac_orig, sha_mac, sizeof(sha_mac)) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MAC_VERIFY_FAILED;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ _gnutls_free_datum(&salt);
+ return result;
+}
- /* Read the salt from the structure.
+static int write_attributes(gnutls_pkcs12_bag bag, int elem, ASN1_TYPE c2,
+ const char *where)
+{
+ int result;
+ char root[128];
+
+ /* If the bag attributes are empty, then write
+ * nothing to the attribute field.
+ */
+ if (bag->element[elem].friendly_name == NULL &&
+ bag->element[elem].local_key_id.data == NULL) {
+ /* no attributes
*/
- result = _gnutls_x509_read_value(pkcs12->pkcs12, "macData.macSalt", &salt, 0);
+ result = asn1_write_value(c2, where, NULL, 0);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
- /* Generate the key.
+ return 0;
+ }
+
+ if (bag->element[elem].local_key_id.data != NULL) {
+
+ /* Add a new Attribute
*/
- result = _pkcs12_string_to_key( 3/*MAC*/, salt.data, salt.size,
- iter, pass, sizeof(key), key);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
+ result = asn1_write_value(c2, where, "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
- _gnutls_free_datum( &salt);
+ _gnutls_str_cpy(root, sizeof(root), where);
+ _gnutls_str_cat(root, sizeof(root), ".?LAST");
- /* Get the data to be MACed
- */
- result = _decode_pkcs12_auth_safe( pkcs12->pkcs12, NULL, &tmp);
+ result =
+ _gnutls_x509_encode_and_write_attribute(KEY_ID_OID, c2, root,
+ bag->element[elem].
+ local_key_id.data,
+ bag->element[elem].
+ local_key_id.size, 1);
if (result < 0) {
- gnutls_assert();
- goto cleanup;
+ gnutls_assert();
+ return result;
}
+ }
+
+ if (bag->element[elem].friendly_name != NULL) {
+ opaque *name;
+ int size, i;
+ const char *p;
- /* MAC the data
+ /* Add a new Attribute
*/
- td1 = _gnutls_hmac_init(GNUTLS_MAC_SHA, key, sizeof(key));
- if (td1 == GNUTLS_MAC_FAILED) {
- gnutls_assert();
- result = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- _gnutls_hmac(td1, tmp.data, tmp.size);
- _gnutls_free_datum( &tmp);
-
- _gnutls_hmac_deinit(td1, sha_mac);
-
- len = sizeof(sha_mac_orig);
- result = asn1_read_value(pkcs12->pkcs12, "macData.mac.digest", sha_mac_orig, &len);
+ result = asn1_write_value(c2, where, "NEW", 1);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if (memcmp( sha_mac_orig, sha_mac, sizeof(sha_mac)) != 0) {
- gnutls_assert();
- return GNUTLS_E_MAC_VERIFY_FAILED;
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
- return 0;
-
- cleanup:
- _gnutls_free_datum( &tmp);
- _gnutls_free_datum( &salt);
- return result;
-}
-
-
-static int write_attributes( gnutls_pkcs12_bag bag, int elem, ASN1_TYPE c2, const char* where) {
-int result;
-char root[128];
-
- /* If the bag attributes are empty, then write
- * nothing to the attribute field.
+ /* convert name to BMPString
*/
- if (bag->element[elem].friendly_name == NULL &&
- bag->element[elem].local_key_id.data == NULL) {
- /* no attributes
- */
- result = asn1_write_value(c2, where, NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ size = strlen(bag->element[elem].friendly_name) * 2;
+ name = gnutls_malloc(size);
- return 0;
+ if (name == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- if (bag->element[elem].local_key_id.data != NULL) {
-
- /* Add a new Attribute
- */
- result = asn1_write_value(c2, where, "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- _gnutls_str_cpy( root, sizeof(root), where);
- _gnutls_str_cat( root, sizeof(root), ".?LAST");
-
- result = _gnutls_x509_encode_and_write_attribute(
- KEY_ID_OID, c2, root, bag->element[elem].local_key_id.data,
- bag->element[elem].local_key_id.size, 1);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ p = bag->element[elem].friendly_name;
+ for (i = 0; i < size; i += 2) {
+ name[i] = 0;
+ name[i + 1] = *p;
+ p++;
}
- if (bag->element[elem].friendly_name != NULL) {
- opaque* name;
- int size, i;
- const char* p;
-
- /* Add a new Attribute
- */
- result = asn1_write_value(c2, where, "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- /* convert name to BMPString
- */
- size = strlen(bag->element[elem].friendly_name)*2;
- name = gnutls_malloc(size);
-
- if (name == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- p = bag->element[elem].friendly_name;
- for (i=0;i<size;i+=2) {
- name[i] = 0;
- name[i+1] = *p;
- p++;
- }
+ _gnutls_str_cpy(root, sizeof(root), where);
+ _gnutls_str_cat(root, sizeof(root), ".?LAST");
- _gnutls_str_cpy( root, sizeof(root), where);
- _gnutls_str_cat( root, sizeof(root), ".?LAST");
-
- result = _gnutls_x509_encode_and_write_attribute(
- FRIENDLY_NAME_OID, c2, root, name, size, 1);
+ result =
+ _gnutls_x509_encode_and_write_attribute(FRIENDLY_NAME_OID, c2,
+ root, name, size, 1);
- gnutls_free(name);
+ gnutls_free(name);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
}
+ }
- return 0;
+ return 0;
}
@@ -1028,108 +1089,114 @@ char root[128];
* the given datum. Enc is set to non zero if the data are encrypted;
*/
int
-_pkcs12_encode_safe_contents( gnutls_pkcs12_bag bag, ASN1_TYPE* contents, int *enc)
+_pkcs12_encode_safe_contents(gnutls_pkcs12_bag bag, ASN1_TYPE * contents,
+ int *enc)
{
-ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-int result;
-int i;
-const char* oid;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ int i;
+ const char *oid;
+
+ if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc) {
+ *enc = 1;
+ return 0; /* ENCRYPTED BAG, do nothing. */
+ } else if (enc)
+ *enc = 0;
+
+ /* Step 1. Create the SEQUENCE.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ for (i = 0; i < bag->bag_elements; i++) {
+
+ oid = bag_to_oid(bag->element[i].type);
+ if (oid == NULL) {
+ gnutls_assert();
+ continue;
+ }
- if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc) {
- *enc = 1;
- return 0; /* ENCRYPTED BAG, do nothing. */
- } else if (enc) *enc = 0;
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- /* Step 1. Create the SEQUENCE.
+ /* Copy the bag type.
*/
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ result = asn1_write_value(c2, "?LAST.bagId", oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
- for (i=0;i<bag->bag_elements;i++) {
-
- oid = bag_to_oid( bag->element[i].type);
- if (oid==NULL) {
- gnutls_assert();
- continue;
- }
-
- result = asn1_write_value(c2, "", "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ /* Set empty attributes
+ */
+ result = write_attributes(bag, i, c2, "?LAST.bagAttributes");
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- /* Copy the bag type.
- */
- result = asn1_write_value(c2, "?LAST.bagId", oid, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
- /* Set empty attributes
- */
- result = write_attributes(bag, i, c2, "?LAST.bagAttributes");
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ /* Copy the Bag Value
+ */
+ if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE ||
+ bag->element[i].type == GNUTLS_BAG_CRL) {
+ gnutls_datum tmp;
- /* Copy the Bag Value
- */
+ /* in that case encode it to a CertBag or
+ * a CrlBag.
+ */
- if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE ||
- bag->element[i].type == GNUTLS_BAG_CRL) {
- gnutls_datum tmp;
+ result =
+ _pkcs12_encode_crt_bag(bag->element[i].type,
+ &bag->element[i].data, &tmp);
- /* in that case encode it to a CertBag or
- * a CrlBag.
- */
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = _pkcs12_encode_crt_bag( bag->element[i].type, &bag->element[i].data, &tmp);
+ result = _gnutls_x509_write_value(c2, "?LAST.bagValue",
+ &tmp, 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ _gnutls_free_datum(&tmp);
- result = _gnutls_x509_write_value( c2, "?LAST.bagValue",
- &tmp, 0);
-
- _gnutls_free_datum( &tmp);
+ } else {
- } else {
+ result = _gnutls_x509_write_value(c2, "?LAST.bagValue",
+ &bag->element[i].data, 0);
+ }
- result = _gnutls_x509_write_value( c2, "?LAST.bagValue",
- &bag->element[i].data, 0);
- }
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ }
- }
-
- /* Encode the data and copy them into the datum
- */
- *contents = c2;
+ /* Encode the data and copy them into the datum
+ */
+ *contents = c2;
- return 0;
+ return 0;
- cleanup:
- if (c2) asn1_delete_structure(&c2);
- return result;
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
-#endif /* ENABLE_PKI */
+#endif /* ENABLE_PKI */
diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c
index e27504bb01..352ddb279a 100644
--- a/lib/x509/pkcs12_bag.c
+++ b/lib/x509/pkcs12_bag.c
@@ -47,26 +47,25 @@
**/
int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag * bag)
{
- *bag = gnutls_calloc( 1, sizeof(gnutls_pkcs12_bag_int));
+ *bag = gnutls_calloc(1, sizeof(gnutls_pkcs12_bag_int));
- if (*bag) {
- return 0; /* success */
- }
- return GNUTLS_E_MEMORY_ERROR;
+ if (*bag) {
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
-static inline
-void _pkcs12_bag_free_data( gnutls_pkcs12_bag bag)
+static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag bag)
{
-int i;
-
- for (i=0;i<bag->bag_elements;i++) {
- _gnutls_free_datum( &bag->element[i].data);
- _gnutls_free_datum( &bag->element[i].local_key_id);
- gnutls_free( bag->element[i].friendly_name);
- bag->element[i].friendly_name = NULL;
- bag->element[i].type = 0;
- }
+ int i;
+
+ for (i = 0; i < bag->bag_elements; i++) {
+ _gnutls_free_datum(&bag->element[i].data);
+ _gnutls_free_datum(&bag->element[i].local_key_id);
+ gnutls_free(bag->element[i].friendly_name);
+ bag->element[i].friendly_name = NULL;
+ bag->element[i].type = 0;
+ }
}
@@ -80,11 +79,12 @@ int i;
**/
void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag bag)
{
- if (!bag) return;
+ if (!bag)
+ return;
- _pkcs12_bag_free_data( bag);
+ _pkcs12_bag_free_data(bag);
- gnutls_free(bag);
+ gnutls_free(bag);
}
/**
@@ -96,16 +96,17 @@ void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag bag)
* enumerations.
*
**/
-gnutls_pkcs12_bag_type gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag bag, int indx)
+gnutls_pkcs12_bag_type gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag bag,
+ int indx)
{
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (indx >= bag->bag_elements)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- return bag->element[indx].type;
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx >= bag->bag_elements)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return bag->element[indx].type;
}
/**
@@ -117,12 +118,12 @@ gnutls_pkcs12_bag_type gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag bag, int ind
**/
int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag bag)
{
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return bag->bag_elements;
+ return bag->bag_elements;
}
/**
@@ -138,151 +139,156 @@ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag bag)
* Returns 0 on success and a negative error code on error.
*
**/
-int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag bag, int indx, gnutls_datum * data)
+int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag bag, int indx,
+ gnutls_datum * data)
{
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx >= bag->bag_elements)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ if (indx >= bag->bag_elements)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- data->data = bag->element[indx].data.data;
- data->size = bag->element[indx].data.size;
+ data->data = bag->element[indx].data.data;
+ data->size = bag->element[indx].data.size;
- return 0;
+ return 0;
}
#define X509_CERT_OID "1.2.840.113549.1.9.22.1"
#define X509_CRL_OID "1.2.840.113549.1.9.23.1"
-int _pkcs12_decode_crt_bag( gnutls_pkcs12_bag_type type, const gnutls_datum* in,
- gnutls_datum* out)
+int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type type,
+ const gnutls_datum * in, gnutls_datum * out)
{
- int ret;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (type == GNUTLS_BAG_CERTIFICATE) {
- if ((ret=asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-12-CertBag", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- ret = _gnutls_asn2err(ret);
- goto cleanup;
- }
-
- ret = asn1_der_decoding( &c2, in->data, in->size, NULL);
- if (ret != ASN1_SUCCESS) {
- gnutls_assert();
- ret = _gnutls_asn2err(ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_read_value( c2, "certValue", out, 1);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- } else { /* CRL */
- if ((ret=asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-12-CRLBag", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- ret = _gnutls_asn2err(ret);
- goto cleanup;
- }
-
- ret = asn1_der_decoding( &c2, in->data, in->size, NULL);
- if (ret != ASN1_SUCCESS) {
- gnutls_assert();
- ret = _gnutls_asn2err(ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_read_value( c2, "crlValue", out, 1);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ int ret;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (type == GNUTLS_BAG_CERTIFICATE) {
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CertBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
}
- asn1_delete_structure( &c2);
+ ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
- return 0;
-
+ ret = _gnutls_x509_read_value(c2, "certValue", out, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- cleanup:
+ } else { /* CRL */
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CRLBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
- asn1_delete_structure( &c2);
- return ret;
+ ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_read_value(c2, "crlValue", out, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+
+ cleanup:
+
+ asn1_delete_structure(&c2);
+ return ret;
}
-int _pkcs12_encode_crt_bag( gnutls_pkcs12_bag_type type, const gnutls_datum* raw,
- gnutls_datum* out)
+int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type type,
+ const gnutls_datum * raw, gnutls_datum * out)
{
- int ret;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (type == GNUTLS_BAG_CERTIFICATE) {
- if ((ret=asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-12-CertBag", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- ret = _gnutls_asn2err(ret);
- goto cleanup;
- }
-
- ret = asn1_write_value( c2, "certId", X509_CERT_OID, 1);
- if (ret != ASN1_SUCCESS) {
- gnutls_assert();
- ret = _gnutls_asn2err(ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_write_value( c2, "certValue", raw, 1);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- } else { /* CRL */
- if ((ret=asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-12-CRLBag", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- ret = _gnutls_asn2err(ret);
- goto cleanup;
- }
-
- ret = asn1_write_value( c2, "crlId", X509_CRL_OID, 1);
- if (ret != ASN1_SUCCESS) {
- gnutls_assert();
- ret = _gnutls_asn2err(ret);
- goto cleanup;
- }
-
- ret = _gnutls_x509_write_value( c2, "crlValue", raw, 1);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ int ret;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (type == GNUTLS_BAG_CERTIFICATE) {
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CertBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
}
- ret = _gnutls_x509_der_encode( c2, "", out, 0);
+ ret = asn1_write_value(c2, "certId", X509_CERT_OID, 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
+ ret = _gnutls_x509_write_value(c2, "certValue", raw, 1);
if (ret < 0) {
- gnutls_assert();
- goto cleanup;
+ gnutls_assert();
+ goto cleanup;
}
-
- asn1_delete_structure( &c2);
- return 0;
-
+ } else { /* CRL */
+ if ((ret = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-CRLBag",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
- cleanup:
+ ret = asn1_write_value(c2, "crlId", X509_CRL_OID, 1);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ ret = _gnutls_asn2err(ret);
+ goto cleanup;
+ }
- asn1_delete_structure( &c2);
- return ret;
+ ret = _gnutls_x509_write_value(c2, "crlValue", raw, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = _gnutls_x509_der_encode(c2, "", out, 0);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+
+ cleanup:
+
+ asn1_delete_structure(&c2);
+ return ret;
}
@@ -299,46 +305,49 @@ int _pkcs12_encode_crt_bag( gnutls_pkcs12_bag_type type, const gnutls_datum* raw
* value on error.
*
**/
-int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag bag, gnutls_pkcs12_bag_type type,
- const gnutls_datum* data)
+int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag bag,
+ gnutls_pkcs12_bag_type type,
+ const gnutls_datum * data)
{
-int ret;
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ int ret;
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->bag_elements == MAX_BAG_ELEMENTS - 1) {
+ gnutls_assert();
+ /* bag is full */
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- if (bag->bag_elements == MAX_BAG_ELEMENTS-1) {
- gnutls_assert();
- /* bag is full */
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (bag->bag_elements == 1) {
+ /* A bag with a key or an encrypted bag, must have
+ * only one element.
+ */
- if (bag->bag_elements == 1) {
- /* A bag with a key or an encrypted bag, must have
- * only one element.
- */
-
- if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY ||
- bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY ||
- bag->element[0].type == GNUTLS_BAG_ENCRYPTED) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY ||
+ bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY ||
+ bag->element[0].type == GNUTLS_BAG_ENCRYPTED) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
}
+ }
- ret = _gnutls_set_datum( &bag->element[bag->bag_elements].data, data->data, data->size);
+ ret =
+ _gnutls_set_datum(&bag->element[bag->bag_elements].data,
+ data->data, data->size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- bag->element[bag->bag_elements].type = type;
+ bag->element[bag->bag_elements].type = type;
- bag->bag_elements++;
+ bag->bag_elements++;
- return bag->bag_elements-1;
+ return bag->bag_elements - 1;
}
/**
@@ -355,25 +364,25 @@ int ret;
**/
int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag bag, gnutls_x509_crt crt)
{
-int ret;
-gnutls_datum data;
+ int ret;
+ gnutls_datum data;
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_x509_der_encode( crt->cert, "", &data, 0);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_pkcs12_bag_set_data( bag, GNUTLS_BAG_CERTIFICATE, &data);
-
- _gnutls_free_datum( &data);
-
+ ret = _gnutls_x509_der_encode(crt->cert, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CERTIFICATE, &data);
+
+ _gnutls_free_datum(&data);
+
+ return ret;
}
/**
@@ -390,26 +399,26 @@ gnutls_datum data;
**/
int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag bag, gnutls_x509_crl crl)
{
-int ret;
-gnutls_datum data;
+ int ret;
+ gnutls_datum data;
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_x509_der_encode( crl->crl, "", &data, 0);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_pkcs12_bag_set_data( bag, GNUTLS_BAG_CRL, &data);
-
- _gnutls_free_datum( &data);
-
+ ret = _gnutls_x509_der_encode(crl->crl, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CRL, &data);
+
+ _gnutls_free_datum(&data);
+
+ return ret;
}
/**
@@ -425,31 +434,31 @@ gnutls_datum data;
* Returns 0 on success, or a negative value on error.
*
**/
-int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag bag, int indx,
- const gnutls_datum* id)
+int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag bag, int indx,
+ const gnutls_datum * id)
{
-int ret;
+ int ret;
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx > bag->bag_elements-1) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_set_datum( &bag->element[indx].local_key_id,
- id->data, id->size);
+ ret = _gnutls_set_datum(&bag->element[indx].local_key_id,
+ id->data, id->size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -464,23 +473,23 @@ int ret;
* Returns 0 on success, or a negative value on error.
*
**/
-int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag bag, int indx,
- gnutls_datum* id)
+int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag bag, int indx,
+ gnutls_datum * id)
{
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx > bag->bag_elements-1) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- id->data = bag->element[indx].local_key_id.data;
- id->size = bag->element[indx].local_key_id.size;
+ id->data = bag->element[indx].local_key_id.data;
+ id->size = bag->element[indx].local_key_id.size;
- return 0;
+ return 0;
}
/**
@@ -495,22 +504,22 @@ int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag bag, int indx,
* Returns 0 on success, or a negative value on error.
*
**/
-int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag bag, int indx,
- char **name)
+int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag bag, int indx,
+ char **name)
{
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx > bag->bag_elements-1) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- *name = bag->element[indx].friendly_name;
+ *name = bag->element[indx].friendly_name;
- return 0;
+ return 0;
}
@@ -527,27 +536,27 @@ int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag bag, int indx,
* Returns 0 on success, or a negative value on error.
*
**/
-int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag bag, int indx,
- const char* name)
+int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag bag, int indx,
+ const char *name)
{
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (indx > bag->bag_elements-1) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (indx > bag->bag_elements - 1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- bag->element[indx].friendly_name = gnutls_strdup(name);
+ bag->element[indx].friendly_name = gnutls_strdup(name);
- if (name == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ if (name == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- return 0;
+ return 0;
}
@@ -559,45 +568,44 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag bag, int indx,
* This function will decrypt the given encrypted bag and return 0 on success.
*
**/
-int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag bag, const char* pass)
+int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag bag, const char *pass)
{
-int ret;
-gnutls_datum dec;
+ int ret;
+ gnutls_datum dec;
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_pkcs7_decrypt_data(
- &bag->element[0].data, pass, &dec);
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_pkcs7_decrypt_data(&bag->element[0].data, pass, &dec);
- /* decryption succeeded. Now decode the SafeContents
- * stuff, and parse it.
- */
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- _gnutls_free_datum( &bag->element[0].data);
+ /* decryption succeeded. Now decode the SafeContents
+ * stuff, and parse it.
+ */
- ret = _pkcs12_decode_safe_contents( &dec, bag);
+ _gnutls_free_datum(&bag->element[0].data);
- _gnutls_free_datum( &dec);
+ ret = _pkcs12_decode_safe_contents(&dec, bag);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ _gnutls_free_datum(&dec);
- return 0;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -609,78 +617,83 @@ gnutls_datum dec;
* This function will encrypt the given bag and return 0 on success.
*
**/
-int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag bag, const char* pass, unsigned int flags)
+int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag bag, const char *pass,
+ unsigned int flags)
{
-int ret;
-ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
-gnutls_datum der = {NULL, 0};
-gnutls_datum enc = {NULL, 0};
-schema_id id;
-
- if (bag == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Encode the whole bag to a safe contents
- * structure.
- */
- ret = _pkcs12_encode_safe_contents( bag, &safe_cont, NULL);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* DER encode the SafeContents.
- */
- ret = _gnutls_x509_der_encode( safe_cont, "", &der, 0);
-
- asn1_delete_structure( &safe_cont);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret;
+ ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
+ gnutls_datum der = { NULL, 0 };
+ gnutls_datum enc = { NULL, 0 };
+ schema_id id;
+
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Encode the whole bag to a safe contents
+ * structure.
+ */
+ ret = _pkcs12_encode_safe_contents(bag, &safe_cont, NULL);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (flags & GNUTLS_PKCS_PLAIN) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) id = PKCS12_ARCFOUR_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) id = PKCS12_RC2_40_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PBES2_3DES) id = PBES2;
- else id = PKCS12_3DES_SHA1;
+ /* DER encode the SafeContents.
+ */
+ ret = _gnutls_x509_der_encode(safe_cont, "", &der, 0);
- /* Now encrypt them.
- */
- ret = _gnutls_pkcs7_encrypt_data( id, &der, pass, &enc);
+ asn1_delete_structure(&safe_cont);
- _gnutls_free_datum( &der);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (flags & GNUTLS_PKCS_PLAIN) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
+ id = PKCS12_ARCFOUR_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
+ id = PKCS12_RC2_40_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
+ id = PBES2;
+ else
+ id = PKCS12_3DES_SHA1;
+
+ /* Now encrypt them.
+ */
+ ret = _gnutls_pkcs7_encrypt_data(id, &der, pass, &enc);
+
+ _gnutls_free_datum(&der);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ /* encryption succeeded.
+ */
- /* encryption succeeded.
- */
+ _pkcs12_bag_free_data(bag);
- _pkcs12_bag_free_data( bag);
+ bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
+ bag->element[0].data = enc;
- bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
- bag->element[0].data = enc;
-
- bag->bag_elements = 1;
+ bag->bag_elements = 1;
- return 0;
+ return 0;
}
-#endif /* ENABLE_PKI */
+#endif /* ENABLE_PKI */
diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c
index 3225fa88d6..4ea40de2c7 100644
--- a/lib/x509/pkcs12_encr.c
+++ b/lib/x509/pkcs12_encr.c
@@ -30,17 +30,18 @@
/* Returns 0 if the password is ok, or a negative error
* code instead.
*/
-static int _pkcs12_check_pass( const char* pass, size_t plen)
+static int _pkcs12_check_pass(const char *pass, size_t plen)
{
-const unsigned char* p = pass;
-unsigned int i;
+ const unsigned char *p = pass;
+ unsigned int i;
- for (i=0;i<plen;i++) {
- if ( isascii(p[i])) continue;
- return GNUTLS_E_INVALID_PASSWORD;
- }
-
- return 0;
+ for (i = 0; i < plen; i++) {
+ if (isascii(p[i]))
+ continue;
+ return GNUTLS_E_INVALID_PASSWORD;
+ }
+
+ return 0;
}
/* ID should be:
@@ -48,103 +49,96 @@ unsigned int i;
* 2 for IV
* 1 for encryption key
*/
-int
-_pkcs12_string_to_key (unsigned int id, const opaque *salt, unsigned int salt_size,
- unsigned int iter, const char *pw,
- unsigned int req_keylen, opaque *keybuf)
+int
+_pkcs12_string_to_key(unsigned int id, const opaque * salt,
+ unsigned int salt_size, unsigned int iter,
+ const char *pw, unsigned int req_keylen,
+ opaque * keybuf)
{
- int rc;
- gcry_error_t err;
- unsigned int i, j;
- gcry_md_hd_t md;
- mpi_t num_b1 = NULL;
- unsigned int pwlen;
- opaque hash[20], buf_b[64], buf_i[128], *p;
- size_t cur_keylen;
- size_t n;
+ int rc;
+ gcry_error_t err;
+ unsigned int i, j;
+ gcry_md_hd_t md;
+ mpi_t num_b1 = NULL;
+ unsigned int pwlen;
+ opaque hash[20], buf_b[64], buf_i[128], *p;
+ size_t cur_keylen;
+ size_t n;
- cur_keylen = 0;
- pwlen = strlen (pw);
- if (pwlen > 63/2) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ cur_keylen = 0;
+ pwlen = strlen(pw);
+ if (pwlen > 63 / 2) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if ((rc=_pkcs12_check_pass( pw, pwlen)) < 0) {
- gnutls_assert();
- return rc;
- }
+ if ((rc = _pkcs12_check_pass(pw, pwlen)) < 0) {
+ gnutls_assert();
+ return rc;
+ }
- /* Store salt and password in BUF_I */
- p = buf_i;
- for(i=0; i < 64; i++)
- *p++ = salt [i % salt_size];
- for(i=j=0; i < 64; i += 2)
- {
- *p++ = 0;
- *p++ = pw[j];
- if (++j > pwlen) /* Note, that we include the trailing zero */
- j = 0;
+ /* Store salt and password in BUF_I */
+ p = buf_i;
+ for (i = 0; i < 64; i++)
+ *p++ = salt[i % salt_size];
+ for (i = j = 0; i < 64; i += 2) {
+ *p++ = 0;
+ *p++ = pw[j];
+ if (++j > pwlen) /* Note, that we include the trailing zero */
+ j = 0;
}
- for (;;)
- {
- err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
- if (err)
- {
- gnutls_assert();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
- for(i=0; i < 64; i++)
- gcry_md_putc (md, id);
- gcry_md_write (md, buf_i, 128);
- memcpy (hash, gcry_md_read (md, 0), 20);
- gcry_md_close (md);
- for (i=1; i < iter; i++)
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
+ for (;;) {
+ err = gcry_md_open(&md, GCRY_MD_SHA1, 0);
+ if (err) {
+ gnutls_assert();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+ for (i = 0; i < 64; i++)
+ gcry_md_putc(md, id);
+ gcry_md_write(md, buf_i, 128);
+ memcpy(hash, gcry_md_read(md, 0), 20);
+ gcry_md_close(md);
+ for (i = 1; i < iter; i++)
+ gcry_md_hash_buffer(GCRY_MD_SHA1, hash, hash, 20);
- for (i=0; i < 20 && cur_keylen < req_keylen; i++)
- keybuf[cur_keylen++] = hash[i];
- if (cur_keylen == req_keylen)
- {
- gcry_mpi_release (num_b1);
- return 0; /* ready */
- }
-
- /* need more bytes. */
- for(i=0; i < 64; i++)
- buf_b[i] = hash[i % 20];
- n = 64;
- rc = _gnutls_mpi_scan(&num_b1, buf_b, &n);
- if (rc < 0)
- {
- gnutls_assert();
- return rc;
- }
- gcry_mpi_add_ui (num_b1, num_b1, 1);
- for (i=0; i < 128; i += 64)
- {
- mpi_t num_ij;
+ for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
+ keybuf[cur_keylen++] = hash[i];
+ if (cur_keylen == req_keylen) {
+ gcry_mpi_release(num_b1);
+ return 0; /* ready */
+ }
- n = 64;
- rc = _gnutls_mpi_scan (&num_ij, buf_i + i, &n);
- if (rc < 0)
- {
- gnutls_assert();
- return rc;
- }
- gcry_mpi_add (num_ij, num_ij, num_b1);
- gcry_mpi_clear_highbit (num_ij, 64*8);
- n = 64;
- rc = _gnutls_mpi_print( buf_i + i, &n, num_ij);
- if (rc < 0)
- {
- gnutls_assert();
- return rc;
- }
- gcry_mpi_release (num_ij);
- }
+ /* need more bytes. */
+ for (i = 0; i < 64; i++)
+ buf_b[i] = hash[i % 20];
+ n = 64;
+ rc = _gnutls_mpi_scan(&num_b1, buf_b, &n);
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+ gcry_mpi_add_ui(num_b1, num_b1, 1);
+ for (i = 0; i < 128; i += 64) {
+ mpi_t num_ij;
+
+ n = 64;
+ rc = _gnutls_mpi_scan(&num_ij, buf_i + i, &n);
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+ gcry_mpi_add(num_ij, num_ij, num_b1);
+ gcry_mpi_clear_highbit(num_ij, 64 * 8);
+ n = 64;
+ rc = _gnutls_mpi_print(buf_i + i, &n, num_ij);
+ if (rc < 0) {
+ gnutls_assert();
+ return rc;
+ }
+ gcry_mpi_release(num_ij);
+ }
}
}
-#endif /* ENABLE_PKI */
+#endif /* ENABLE_PKI */
diff --git a/lib/x509/pkcs5.c b/lib/x509/pkcs5.c
index c1c745b71e..183b6fc5a2 100644
--- a/lib/x509/pkcs5.c
+++ b/lib/x509/pkcs5.c
@@ -55,159 +55,155 @@
#define MAX_PRF_BLOCK_LEN 80
int
-_gnutls_pkcs5_pbkdf2 (int PRF,
- const char *P,
- size_t Plen,
- const unsigned char *S,
- size_t Slen, unsigned int c, unsigned int dkLen, char *DK)
+_gnutls_pkcs5_pbkdf2(int PRF,
+ const char *P,
+ size_t Plen,
+ const unsigned char *S,
+ size_t Slen, unsigned int c, unsigned int dkLen,
+ char *DK)
{
- gcry_md_hd_t prf;
- gcry_error_t err;
- char U[MAX_PRF_BLOCK_LEN];
- char T[MAX_PRF_BLOCK_LEN];
- unsigned int u;
- unsigned int hLen = gcry_md_get_algo_dlen (PRF);
- unsigned int l;
- unsigned int r;
- int rc;
- unsigned char *p;
- int i;
- int k;
-
- if (hLen == 0 || hLen > MAX_PRF_BLOCK_LEN)
- return PKCS5_INVALID_PRF;
-
- if (c == 0)
- return PKCS5_INVALID_ITERATION_COUNT;
-
- if (dkLen == 0)
- return PKCS5_INVALID_DERIVED_KEY_LENGTH;
-
- /*
- *
- * Steps:
- *
- * 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
- * stop.
- */
-
- if (dkLen > 4294967295U)
- return PKCS5_DERIVED_KEY_TOO_LONG;
-
- /*
- * 2. Let l be the number of hLen-octet blocks in the derived key,
- * rounding up, and let r be the number of octets in the last
- * block:
- *
- * l = CEIL (dkLen / hLen) ,
- * r = dkLen - (l - 1) * hLen .
- *
- * Here, CEIL (x) is the "ceiling" function, i.e. the smallest
- * integer greater than, or equal to, x.
- */
-
- l = dkLen / hLen;
- if (dkLen % hLen)
- l++;
- r = dkLen - (l - 1) * hLen;
-
- /*
- * 3. For each block of the derived key apply the function F defined
- * below to the password P, the salt S, the iteration count c, and
- * the block index to compute the block:
- *
- * T_1 = F (P, S, c, 1) ,
- * T_2 = F (P, S, c, 2) ,
- * ...
- * T_l = F (P, S, c, l) ,
- *
- * where the function F is defined as the exclusive-or sum of the
- * first c iterates of the underlying pseudorandom function PRF
- * applied to the password P and the concatenation of the salt S
- * and the block index i:
- *
- * F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
- *
- * where
- *
- * U_1 = PRF (P, S || INT (i)) ,
- * U_2 = PRF (P, U_1) ,
- * ...
- * U_c = PRF (P, U_{c-1}) .
- *
- * Here, INT (i) is a four-octet encoding of the integer i, most
- * significant octet first.
- *
- * 4. Concatenate the blocks and extract the first dkLen octets to
- * produce a derived key DK:
- *
- * DK = T_1 || T_2 || ... || T_l<0..r-1>
- *
- * 5. Output the derived key DK.
- *
- * Note. The construction of the function F follows a "belt-and-
- * suspenders" approach. The iterates U_i are computed recursively to
- * remove a degree of parallelism from an opponent; they are exclusive-
- * ored together to reduce concerns about the recursion degenerating
- * into a small set of values.
- *
- */
-
- err = gcry_md_open ( &prf, PRF, GCRY_MD_FLAG_HMAC);
- if (err)
- return PKCS5_INVALID_PRF;
-
- for (i = 1; (uint)i <= l; i++)
- {
- memset (T, 0, hLen);
-
- for (u = 1; u <= c; u++)
- {
- gcry_md_reset (prf);
-
- rc = gcry_md_setkey (prf, P, Plen);
- if (rc)
- return PKCS5_INVALID_PRF;
-
- if (u == 1)
- {
- char *tmp;
- size_t tmplen = Slen + 4;
-
- tmp = gnutls_alloca( tmplen);
- if (tmp == NULL)
- return PKCS5_INVALID_PRF;
-
- memcpy (tmp, S, Slen);
- tmp[Slen + 0] = (i & 0xff000000) >> 24;
- tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
- tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
- tmp[Slen + 3] = (i & 0x000000ff) >> 0;
-
- gcry_md_write (prf, tmp, tmplen);
- gnutls_afree(tmp);
- }
- else
- {
- gcry_md_write (prf, U, hLen);
+ gcry_md_hd_t prf;
+ gcry_error_t err;
+ char U[MAX_PRF_BLOCK_LEN];
+ char T[MAX_PRF_BLOCK_LEN];
+ unsigned int u;
+ unsigned int hLen = gcry_md_get_algo_dlen(PRF);
+ unsigned int l;
+ unsigned int r;
+ int rc;
+ unsigned char *p;
+ int i;
+ int k;
+
+ if (hLen == 0 || hLen > MAX_PRF_BLOCK_LEN)
+ return PKCS5_INVALID_PRF;
+
+ if (c == 0)
+ return PKCS5_INVALID_ITERATION_COUNT;
+
+ if (dkLen == 0)
+ return PKCS5_INVALID_DERIVED_KEY_LENGTH;
+
+ /*
+ *
+ * Steps:
+ *
+ * 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
+ * stop.
+ */
+
+ if (dkLen > 4294967295U)
+ return PKCS5_DERIVED_KEY_TOO_LONG;
+
+ /*
+ * 2. Let l be the number of hLen-octet blocks in the derived key,
+ * rounding up, and let r be the number of octets in the last
+ * block:
+ *
+ * l = CEIL (dkLen / hLen) ,
+ * r = dkLen - (l - 1) * hLen .
+ *
+ * Here, CEIL (x) is the "ceiling" function, i.e. the smallest
+ * integer greater than, or equal to, x.
+ */
+
+ l = dkLen / hLen;
+ if (dkLen % hLen)
+ l++;
+ r = dkLen - (l - 1) * hLen;
+
+ /*
+ * 3. For each block of the derived key apply the function F defined
+ * below to the password P, the salt S, the iteration count c, and
+ * the block index to compute the block:
+ *
+ * T_1 = F (P, S, c, 1) ,
+ * T_2 = F (P, S, c, 2) ,
+ * ...
+ * T_l = F (P, S, c, l) ,
+ *
+ * where the function F is defined as the exclusive-or sum of the
+ * first c iterates of the underlying pseudorandom function PRF
+ * applied to the password P and the concatenation of the salt S
+ * and the block index i:
+ *
+ * F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
+ *
+ * where
+ *
+ * U_1 = PRF (P, S || INT (i)) ,
+ * U_2 = PRF (P, U_1) ,
+ * ...
+ * U_c = PRF (P, U_{c-1}) .
+ *
+ * Here, INT (i) is a four-octet encoding of the integer i, most
+ * significant octet first.
+ *
+ * 4. Concatenate the blocks and extract the first dkLen octets to
+ * produce a derived key DK:
+ *
+ * DK = T_1 || T_2 || ... || T_l<0..r-1>
+ *
+ * 5. Output the derived key DK.
+ *
+ * Note. The construction of the function F follows a "belt-and-
+ * suspenders" approach. The iterates U_i are computed recursively to
+ * remove a degree of parallelism from an opponent; they are exclusive-
+ * ored together to reduce concerns about the recursion degenerating
+ * into a small set of values.
+ *
+ */
+
+ err = gcry_md_open(&prf, PRF, GCRY_MD_FLAG_HMAC);
+ if (err)
+ return PKCS5_INVALID_PRF;
+
+ for (i = 1; (uint) i <= l; i++) {
+ memset(T, 0, hLen);
+
+ for (u = 1; u <= c; u++) {
+ gcry_md_reset(prf);
+
+ rc = gcry_md_setkey(prf, P, Plen);
+ if (rc)
+ return PKCS5_INVALID_PRF;
+
+ if (u == 1) {
+ char *tmp;
+ size_t tmplen = Slen + 4;
+
+ tmp = gnutls_alloca(tmplen);
+ if (tmp == NULL)
+ return PKCS5_INVALID_PRF;
+
+ memcpy(tmp, S, Slen);
+ tmp[Slen + 0] = (i & 0xff000000) >> 24;
+ tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
+ tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
+ tmp[Slen + 3] = (i & 0x000000ff) >> 0;
+
+ gcry_md_write(prf, tmp, tmplen);
+ gnutls_afree(tmp);
+ } else {
+ gcry_md_write(prf, U, hLen);
}
- p = gcry_md_read (prf, PRF);
- if (p == NULL)
- return PKCS5_INVALID_PRF;
+ p = gcry_md_read(prf, PRF);
+ if (p == NULL)
+ return PKCS5_INVALID_PRF;
- memcpy (U, p, hLen);
+ memcpy(U, p, hLen);
- for (k = 0; (uint)k < hLen; k++)
- T[k] ^= U[k];
+ for (k = 0; (uint) k < hLen; k++)
+ T[k] ^= U[k];
}
- memcpy (DK + (i - 1) * hLen, T, (uint)i == l ? r : hLen);
+ memcpy(DK + (i - 1) * hLen, T, (uint) i == l ? r : hLen);
}
- gcry_md_close (prf);
+ gcry_md_close(prf);
- return PKCS5_OK;
+ return PKCS5_OK;
}
#endif
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 3b969f32fb..ce301fda7d 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -43,86 +43,89 @@
* data are copied (they are locally allocated) there.
*/
static
-int _decode_pkcs7_signed_data( ASN1_TYPE pkcs7, ASN1_TYPE * sdata, gnutls_datum* raw)
+int _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata,
+ gnutls_datum * raw)
{
-char oid[128];
-ASN1_TYPE c2;
-opaque *tmp = NULL;
-int tmp_size, len, result;
-
- len = sizeof(oid) - 1;
- result = asn1_read_value(pkcs7, "contentType", oid, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- if ( strcmp( oid, SIGNED_DATA_OID) != 0) {
- gnutls_assert();
- _gnutls_x509_log( "Unknown PKCS7 Content OID '%s'\n", oid);
- return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
- }
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- /* the Signed-data has been created, so
- * decode them.
- */
- tmp_size = 0;
- result = asn1_read_value(pkcs7, "content", NULL, &tmp_size);
- if (result!=ASN1_MEM_ERROR) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- tmp = gnutls_malloc(tmp_size);
- if (tmp==NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- result = asn1_read_value(pkcs7, "content", tmp, &tmp_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* tmp, tmp_size hold the data and the size of the CertificateSet structure
- * actually the ANY stuff.
- */
-
- /* Step 1. In case of a signed structure extract certificate set.
- */
-
- result = asn1_der_decoding(&c2, tmp, tmp_size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if (raw == NULL) {
- gnutls_free(tmp);
- } else {
- raw->data = tmp;
- raw->size = tmp_size;
- }
-
- *sdata = c2;
-
- return 0;
-
- cleanup:
- if (c2) asn1_delete_structure(&c2);
- gnutls_free(tmp);
- return result;
+ char oid[128];
+ ASN1_TYPE c2;
+ opaque *tmp = NULL;
+ int tmp_size, len, result;
+
+ len = sizeof(oid) - 1;
+ result = asn1_read_value(pkcs7, "contentType", oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ if (strcmp(oid, SIGNED_DATA_OID) != 0) {
+ gnutls_assert();
+ _gnutls_x509_log("Unknown PKCS7 Content OID '%s'\n", oid);
+ return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* the Signed-data has been created, so
+ * decode them.
+ */
+ tmp_size = 0;
+ result = asn1_read_value(pkcs7, "content", NULL, &tmp_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ tmp = gnutls_malloc(tmp_size);
+ if (tmp == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value(pkcs7, "content", tmp, &tmp_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* tmp, tmp_size hold the data and the size of the CertificateSet structure
+ * actually the ANY stuff.
+ */
+
+ /* Step 1. In case of a signed structure extract certificate set.
+ */
+
+ result = asn1_der_decoding(&c2, tmp, tmp_size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if (raw == NULL) {
+ gnutls_free(tmp);
+ } else {
+ raw->data = tmp;
+ raw->size = tmp_size;
+ }
+
+ *sdata = c2;
+
+ return 0;
+
+ cleanup:
+ if (c2)
+ asn1_delete_structure(&c2);
+ gnutls_free(tmp);
+ return result;
}
/**
@@ -138,20 +141,20 @@ int tmp_size, len, result;
**/
int gnutls_pkcs7_init(gnutls_pkcs7 * pkcs7)
{
- *pkcs7 = gnutls_calloc( 1, sizeof(gnutls_pkcs7_int));
-
- if (*pkcs7) {
- int result = asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-7-ContentInfo",
- &(*pkcs7)->pkcs7);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_free( *pkcs7);
- return _gnutls_asn2err(result);
- }
- return 0; /* success */
+ *pkcs7 = gnutls_calloc(1, sizeof(gnutls_pkcs7_int));
+
+ if (*pkcs7) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-ContentInfo",
+ &(*pkcs7)->pkcs7);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*pkcs7);
+ return _gnutls_asn2err(result);
}
- return GNUTLS_E_MEMORY_ERROR;
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -163,12 +166,13 @@ int gnutls_pkcs7_init(gnutls_pkcs7 * pkcs7)
**/
void gnutls_pkcs7_deinit(gnutls_pkcs7 pkcs7)
{
- if (!pkcs7) return;
+ if (!pkcs7)
+ return;
- if (pkcs7->pkcs7)
- asn1_delete_structure(&pkcs7->pkcs7);
+ if (pkcs7->pkcs7)
+ asn1_delete_structure(&pkcs7->pkcs7);
- gnutls_free(pkcs7);
+ gnutls_free(pkcs7);
}
/**
@@ -186,52 +190,56 @@ void gnutls_pkcs7_deinit(gnutls_pkcs7 pkcs7)
*
**/
int gnutls_pkcs7_import(gnutls_pkcs7 pkcs7, const gnutls_datum * data,
- gnutls_x509_crt_fmt format)
+ gnutls_x509_crt_fmt format)
{
- int result = 0, need_free = 0;
- gnutls_datum _data;
+ int result = 0, need_free = 0;
+ gnutls_datum _data;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- _data.data = data->data;
- _data.size = data->size;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- /* If the PKCS7 is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM) {
- opaque *out;
-
- result = _gnutls_fbase64_decode(PEM_PKCS7, data->data, data->size,
- &out);
-
- if (result <= 0) {
- if (result==0) result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert();
- return result;
- }
-
- _data.data = out;
- _data.size = result;
-
- need_free = 1;
- }
+ _data.data = data->data;
+ _data.size = data->size;
+ /* If the PKCS7 is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ opaque *out;
- result = asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS) {
- result = _gnutls_asn2err(result);
- gnutls_assert();
- goto cleanup;
+ result = _gnutls_fbase64_decode(PEM_PKCS7, data->data, data->size,
+ &out);
+
+ if (result <= 0) {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert();
+ return result;
}
- if (need_free) _gnutls_free_datum( &_data);
+ _data.data = out;
+ _data.size = result;
- return 0;
+ need_free = 1;
+ }
- cleanup:
- if (need_free) _gnutls_free_datum( &_data);
- return result;
+
+ result =
+ asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return 0;
+
+ cleanup:
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
/**
@@ -249,86 +257,88 @@ int gnutls_pkcs7_import(gnutls_pkcs7 pkcs7, const gnutls_datum * data,
* will be returned.
*
**/
-int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7 pkcs7,
- int indx, void* certificate, size_t* certificate_size)
+int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7 pkcs7,
+ int indx, void *certificate,
+ size_t * certificate_size)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len;
- char root2[64];
- char oid[128];
- char counter[MAX_INT_DIGITS];
- gnutls_datum tmp = {NULL, 0};
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len;
+ char root2[64];
+ char oid[128];
+ char counter[MAX_INT_DIGITS];
+ gnutls_datum tmp = { NULL, 0 };
+
+ if (certificate_size == NULL || pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- if (certificate_size == NULL || pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ /* Step 2. Parse the CertificateSet
+ */
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, &tmp);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Step 2. Parse the CertificateSet
- */
-
- _gnutls_str_cpy( root2, sizeof(root2), "certificates.?");
- _gnutls_int2str( indx+1, counter);
- _gnutls_str_cat( root2, sizeof(root2), counter);
+ _gnutls_str_cpy(root2, sizeof(root2), "certificates.?");
+ _gnutls_int2str(indx + 1, counter);
+ _gnutls_str_cat(root2, sizeof(root2), counter);
- len = sizeof(oid) - 1;
+ len = sizeof(oid) - 1;
- result = asn1_read_value(c2, root2, oid, &len);
+ result = asn1_read_value(c2, root2, oid, &len);
+
+ if (result == ASN1_VALUE_NOT_FOUND) {
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto cleanup;
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* if 'Certificate' is the choice found:
+ */
+ if (strcmp(oid, "certificate") == 0) {
+ int start, end;
+
+ result = asn1_der_decoding_startEnd(c2, tmp.data, tmp.size,
+ root2, &start, &end);
- if (result == ASN1_VALUE_NOT_FOUND) {
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- goto cleanup;
- }
-
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
}
- /* if 'Certificate' is the choice found:
- */
- if (strcmp( oid, "certificate") == 0) {
- int start, end;
-
- result = asn1_der_decoding_startEnd(c2, tmp.data, tmp.size,
- root2, &start, &end);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- end = end-start+1;
-
- if ( (uint)end > *certificate_size) {
- *certificate_size = end;
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
-
- if (certificate)
- memcpy( certificate, &tmp.data[start], end);
-
- *certificate_size = end;
-
- result = 0;
-
- } else {
- result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ end = end - start + 1;
+
+ if ((uint) end > *certificate_size) {
+ *certificate_size = end;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
}
- cleanup:
- _gnutls_free_datum( &tmp);
- if (c2) asn1_delete_structure(&c2);
- return result;
+ if (certificate)
+ memcpy(certificate, &tmp.data[start], end);
+
+ *certificate_size = end;
+
+ result = 0;
+
+ } else {
+ result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/**
@@ -343,33 +353,33 @@ int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7 pkcs7,
**/
int gnutls_pkcs7_get_crt_count(gnutls_pkcs7 pkcs7)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, count;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, count;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Step 2. Count the CertificateSet */
-
- result = asn1_number_of_elements( c2, "certificates", &count);
+ /* Step 2. Count the CertificateSet */
- asn1_delete_structure(&c2);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return 0; /* no certificates */
- }
+ result = asn1_number_of_elements(c2, "certificates", &count);
+
+ asn1_delete_structure(&c2);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return 0; /* no certificates */
+ }
+
+ return count;
- return count;
-
}
/**
@@ -391,14 +401,16 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7 pkcs7)
* 0 on success.
*
**/
-int gnutls_pkcs7_export( gnutls_pkcs7 pkcs7,
- gnutls_x509_crt_fmt format, void* output_data, size_t* output_data_size)
+int gnutls_pkcs7_export(gnutls_pkcs7 pkcs7,
+ gnutls_x509_crt_fmt format, void *output_data,
+ size_t * output_data_size)
{
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- return _gnutls_x509_export_int( pkcs7->pkcs7, format, PEM_PKCS7, *output_data_size,
- output_data, output_data_size);
+ return _gnutls_x509_export_int(pkcs7->pkcs7, format, PEM_PKCS7,
+ *output_data_size, output_data,
+ output_data_size);
}
/* Creates an empty signed data structure in the pkcs7
@@ -406,68 +418,72 @@ int gnutls_pkcs7_export( gnutls_pkcs7 pkcs7,
*/
static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
{
- uint8 one = 1;
- int result;
-
- *sdata = ASN1_TYPE_EMPTY;
-
- if ((result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", sdata)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Use version 1
- */
- result = asn1_write_value( *sdata, "version", &one, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Use no digest algorithms
- */
-
- /* id-data */
- result = asn1_write_value( *sdata, "encapContentInfo.eContentType", "1.2.840.113549.1.7.5", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = asn1_write_value( *sdata, "encapContentInfo.eContent", NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Add no certificates.
- */
-
- /* Add no crls.
- */
-
- /* Add no signerInfos.
- */
-
- /* Write the content type of the signed data
- */
- result = asn1_write_value(pkcs7, "contentType", SIGNED_DATA_OID, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- return 0;
-
- cleanup:
- asn1_delete_structure( sdata);
- return result;
+ uint8 one = 1;
+ int result;
+
+ *sdata = ASN1_TYPE_EMPTY;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData",
+ sdata)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Use version 1
+ */
+ result = asn1_write_value(*sdata, "version", &one, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Use no digest algorithms
+ */
+
+ /* id-data */
+ result =
+ asn1_write_value(*sdata, "encapContentInfo.eContentType",
+ "1.2.840.113549.1.7.5", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Add no certificates.
+ */
+
+ /* Add no crls.
+ */
+
+ /* Add no signerInfos.
+ */
+
+ /* Write the content type of the signed data
+ */
+ result = asn1_write_value(pkcs7, "contentType", SIGNED_DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(sdata);
+ return result;
}
@@ -480,76 +496,80 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
* Returns 0 on success.
*
**/
-int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7 pkcs7,
- const gnutls_datum* crt)
+int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7 pkcs7, const gnutls_datum * crt)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL);
- if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
- gnutls_assert();
- return result;
- }
-
- /* If the signed data are uninitialized
- * then create them.
- */
- if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
- /* The pkcs7 structure is new, so create the
- * signedData.
- */
- result = create_empty_signed_data( pkcs7->pkcs7, &c2);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
- }
-
- /* Step 2. Append the new certificate.
- */
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
- result = asn1_write_value(c2, "certificates", "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = asn1_write_value(c2, "certificates.?LAST", "certificate", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- result = asn1_write_value(c2, "certificates.?LAST.certificate", crt->data, crt->size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ return result;
+ }
- /* Step 3. Replace the old content with the new
+ /* If the signed data are uninitialized
+ * then create them.
+ */
+ if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ /* The pkcs7 structure is new, so create the
+ * signedData.
*/
- result = _gnutls_x509_der_encode_and_copy( c2, "", pkcs7->pkcs7, "content", 0);
+ result = create_empty_signed_data(pkcs7->pkcs7, &c2);
if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* Step 2. Append the new certificate.
+ */
+
+ result = asn1_write_value(c2, "certificates", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value(c2, "certificates.?LAST", "certificate", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value(c2, "certificates.?LAST.certificate", crt->data,
+ crt->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7, "content",
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
asn1_delete_structure(&c2);
-
- return 0;
-
- cleanup:
- if (c2) asn1_delete_structure(&c2);
- return result;
+ return result;
}
/**
@@ -563,31 +583,30 @@ int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7 pkcs7,
* Returns 0 on success.
*
**/
-int gnutls_pkcs7_set_crt(gnutls_pkcs7 pkcs7,
- gnutls_x509_crt crt)
+int gnutls_pkcs7_set_crt(gnutls_pkcs7 pkcs7, gnutls_x509_crt crt)
{
- int ret;
- gnutls_datum data;
+ int ret;
+ gnutls_datum data;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- ret = _gnutls_x509_der_encode( crt->cert, "", &data, 0);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_pkcs7_set_crt_raw( pkcs7, &data);
+ ret = _gnutls_x509_der_encode(crt->cert, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- _gnutls_free_datum( &data);
+ ret = gnutls_pkcs7_set_crt_raw(pkcs7, &data);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ _gnutls_free_datum(&data);
- return 0;
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
@@ -602,51 +621,54 @@ int gnutls_pkcs7_set_crt(gnutls_pkcs7 pkcs7,
**/
int gnutls_pkcs7_delete_crt(gnutls_pkcs7 pkcs7, int indx)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- char counter[MAX_INT_DIGITS];
- char root2[64];
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. Decode the signed data.
- */
- result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Step 2. Delete the certificate.
- */
-
- _gnutls_str_cpy( root2, sizeof(root2), "certificates.?");
- _gnutls_int2str( indx+1, counter);
- _gnutls_str_cat( root2, sizeof(root2), counter);
-
- result = asn1_write_value(c2, root2, NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Step 3. Replace the old content with the new
- */
- result = _gnutls_x509_der_encode_and_copy( c2, "", pkcs7->pkcs7, "content", 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char counter[MAX_INT_DIGITS];
+ char root2[64];
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. Decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Delete the certificate.
+ */
+
+ _gnutls_str_cpy(root2, sizeof(root2), "certificates.?");
+ _gnutls_int2str(indx + 1, counter);
+ _gnutls_str_cat(root2, sizeof(root2), counter);
+
+ result = asn1_write_value(c2, root2, NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7, "content",
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
asn1_delete_structure(&c2);
-
- return 0;
-
- cleanup:
- if (c2) asn1_delete_structure(&c2);
- return result;
+ return result;
}
/* Read and write CRLs
@@ -667,65 +689,66 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7 pkcs7, int indx)
* will be returned.
*
**/
-int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7 pkcs7,
- int indx, void* crl, size_t* crl_size)
+int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7 pkcs7,
+ int indx, void *crl, size_t * crl_size)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- char root2[64];
- char counter[MAX_INT_DIGITS];
- gnutls_datum tmp = {NULL, 0};
- int start, end;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char root2[64];
+ char counter[MAX_INT_DIGITS];
+ gnutls_datum tmp = { NULL, 0 };
+ int start, end;
+
+ if (pkcs7 == NULL || crl_size == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- if (pkcs7==NULL || crl_size == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ /* Step 2. Parse the CertificateSet
+ */
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, &tmp);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Step 2. Parse the CertificateSet
- */
-
- _gnutls_str_cpy( root2, sizeof(root2), "crls.?");
- _gnutls_int2str( indx+1, counter);
- _gnutls_str_cat( root2, sizeof(root2), counter);
+ _gnutls_str_cpy(root2, sizeof(root2), "crls.?");
+ _gnutls_int2str(indx + 1, counter);
+ _gnutls_str_cat(root2, sizeof(root2), counter);
- /* Get the raw CRL
- */
- result = asn1_der_decoding_startEnd(c2, tmp.data, tmp.size,
- root2, &start, &end);
+ /* Get the raw CRL
+ */
+ result = asn1_der_decoding_startEnd(c2, tmp.data, tmp.size,
+ root2, &start, &end);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- end = end-start+1;
-
- if ( (uint)end > *crl_size) {
- *crl_size = end;
- result = GNUTLS_E_SHORT_MEMORY_BUFFER;
- goto cleanup;
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- if (crl)
- memcpy( crl, &tmp.data[start], end);
+ end = end - start + 1;
+ if ((uint) end > *crl_size) {
*crl_size = end;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
- result = 0;
+ if (crl)
+ memcpy(crl, &tmp.data[start], end);
- cleanup:
- _gnutls_free_datum( &tmp);
- if (c2) asn1_delete_structure(&c2);
- return result;
+ *crl_size = end;
+
+ result = 0;
+
+ cleanup:
+ _gnutls_free_datum(&tmp);
+ if (c2)
+ asn1_delete_structure(&c2);
+ return result;
}
/**
@@ -740,33 +763,33 @@ int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7 pkcs7,
**/
int gnutls_pkcs7_get_crl_count(gnutls_pkcs7 pkcs7)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, count;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, count;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Step 2. Count the CertificateSet */
-
- result = asn1_number_of_elements( c2, "crls", &count);
+ /* Step 2. Count the CertificateSet */
- asn1_delete_structure(&c2);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return 0; /* no crls */
- }
+ result = asn1_number_of_elements(c2, "crls", &count);
+
+ asn1_delete_structure(&c2);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return 0; /* no crls */
+ }
+
+ return count;
- return count;
-
}
/**
@@ -778,69 +801,71 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7 pkcs7)
* Returns 0 on success.
*
**/
-int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7 pkcs7,
- const gnutls_datum* crl)
+int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7 pkcs7, const gnutls_datum * crl)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. decode the signed data.
- */
- result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL);
- if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
- gnutls_assert();
- return result;
- }
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- /* If the signed data are uninitialized
- * then create them.
- */
- if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
- /* The pkcs7 structure is new, so create the
- * signedData.
- */
- result = create_empty_signed_data( pkcs7->pkcs7, &c2);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
- }
-
- /* Step 2. Append the new crl.
- */
-
- result = asn1_write_value(c2, "crls", "NEW", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- result = asn1_write_value(c2, "crls.?LAST", crl->data, crl->size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ gnutls_assert();
+ return result;
+ }
- /* Step 3. Replace the old content with the new
+ /* If the signed data are uninitialized
+ * then create them.
+ */
+ if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) {
+ /* The pkcs7 structure is new, so create the
+ * signedData.
*/
- result = _gnutls_x509_der_encode_and_copy( c2, "", pkcs7->pkcs7, "content", 0);
+ result = create_empty_signed_data(pkcs7->pkcs7, &c2);
if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
+ gnutls_assert();
+ return result;
+ }
+ }
+
+ /* Step 2. Append the new crl.
+ */
+
+ result = asn1_write_value(c2, "crls", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value(c2, "crls.?LAST", crl->data, crl->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7, "content",
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
asn1_delete_structure(&c2);
-
- return 0;
-
- cleanup:
- if (c2) asn1_delete_structure(&c2);
- return result;
+ return result;
}
/**
@@ -854,28 +879,28 @@ int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7 pkcs7,
**/
int gnutls_pkcs7_set_crl(gnutls_pkcs7 pkcs7, gnutls_x509_crl crl)
{
- int ret;
- gnutls_datum data;
+ int ret;
+ gnutls_datum data;
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- ret = _gnutls_x509_der_encode( crl->crl, "", &data, 0);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_x509_der_encode(crl->crl, "", &data, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = gnutls_pkcs7_set_crl_raw( pkcs7, &data);
-
- _gnutls_free_datum( &data);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = gnutls_pkcs7_set_crl_raw(pkcs7, &data);
- return 0;
+ _gnutls_free_datum(&data);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -889,51 +914,54 @@ int gnutls_pkcs7_set_crl(gnutls_pkcs7 pkcs7, gnutls_x509_crl crl)
**/
int gnutls_pkcs7_delete_crl(gnutls_pkcs7 pkcs7, int indx)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result;
- char counter[MAX_INT_DIGITS];
- char root2[64];
-
- if (pkcs7 == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* Step 1. Decode the signed data.
- */
- result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Step 2. Delete the crl.
- */
-
- _gnutls_str_cpy( root2, sizeof(root2), "crls.?");
- _gnutls_int2str( indx+1, counter);
- _gnutls_str_cat( root2, sizeof(root2), counter);
-
- result = asn1_write_value(c2, root2, NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Step 3. Replace the old content with the new
- */
- result = _gnutls_x509_der_encode_and_copy( c2, "", pkcs7->pkcs7, "content", 0);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char counter[MAX_INT_DIGITS];
+ char root2[64];
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. Decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 2. Delete the crl.
+ */
+
+ _gnutls_str_cpy(root2, sizeof(root2), "crls.?");
+ _gnutls_int2str(indx + 1, counter);
+ _gnutls_str_cat(root2, sizeof(root2), counter);
+
+ result = asn1_write_value(c2, root2, NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7, "content",
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ asn1_delete_structure(&c2);
+
+ return 0;
+
+ cleanup:
+ if (c2)
asn1_delete_structure(&c2);
-
- return 0;
-
- cleanup:
- if (c2) asn1_delete_structure(&c2);
- return result;
+ return result;
}
-#endif /* ENABLE_PKI */
+#endif /* ENABLE_PKI */
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 74a2eb23ec..73d7d69863 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -36,8 +36,8 @@
#include <dsa.h>
#include <verify.h>
-static int _encode_rsa( ASN1_TYPE* c2, mpi_t* params);
-static int _encode_dsa( ASN1_TYPE* c2, mpi_t* params);
+static int _encode_rsa(ASN1_TYPE * c2, mpi_t * params);
+static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params);
/**
* gnutls_x509_privkey_init - This function initializes a gnutls_crl structure
@@ -50,15 +50,15 @@ static int _encode_dsa( ASN1_TYPE* c2, mpi_t* params);
**/
int gnutls_x509_privkey_init(gnutls_x509_privkey * key)
{
- *key = gnutls_calloc( 1, sizeof(gnutls_x509_privkey_int));
+ *key = gnutls_calloc(1, sizeof(gnutls_x509_privkey_int));
- if (*key) {
- (*key)->key = ASN1_TYPE_EMPTY;
- (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
- return 0; /* success */
- }
+ if (*key) {
+ (*key)->key = ASN1_TYPE_EMPTY;
+ (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ return 0; /* success */
+ }
- return GNUTLS_E_MEMORY_ERROR;
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -70,16 +70,17 @@ int gnutls_x509_privkey_init(gnutls_x509_privkey * key)
**/
void gnutls_x509_privkey_deinit(gnutls_x509_privkey key)
{
-int i;
+ int i;
- if (!key) return;
+ if (!key)
+ return;
- for (i = 0; i < key->params_size; i++) {
- _gnutls_mpi_release( &key->params[i]);
- }
+ for (i = 0; i < key->params_size; i++) {
+ _gnutls_mpi_release(&key->params[i]);
+ }
- asn1_delete_structure(&key->key);
- gnutls_free(key);
+ asn1_delete_structure(&key->key);
+ gnutls_free(key);
}
/**
@@ -90,211 +91,216 @@ int i;
* This function will copy a private key from source to destination key.
*
**/
-int gnutls_x509_privkey_cpy(gnutls_x509_privkey dst, gnutls_x509_privkey src)
+int gnutls_x509_privkey_cpy(gnutls_x509_privkey dst,
+ gnutls_x509_privkey src)
{
-int i, ret;
+ int i, ret;
- if (!src || !dst) return GNUTLS_E_INVALID_REQUEST;
+ if (!src || !dst)
+ return GNUTLS_E_INVALID_REQUEST;
- for (i = 0; i < src->params_size; i++) {
- dst->params[i] = _gnutls_mpi_copy( src->params[i]);
- if (dst->params[i] == NULL) return GNUTLS_E_MEMORY_ERROR;
- }
+ for (i = 0; i < src->params_size; i++) {
+ dst->params[i] = _gnutls_mpi_copy(src->params[i]);
+ if (dst->params[i] == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- dst->params_size = src->params_size;
- dst->pk_algorithm = src->pk_algorithm;
- dst->crippled = src->crippled;
-
- if (!src->crippled) {
- switch( dst->pk_algorithm) {
- case GNUTLS_PK_DSA:
- ret = _encode_dsa( &dst->key, dst->params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- case GNUTLS_PK_RSA:
- ret = _encode_rsa( &dst->key, dst->params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ dst->params_size = src->params_size;
+ dst->pk_algorithm = src->pk_algorithm;
+ dst->crippled = src->crippled;
+
+ if (!src->crippled) {
+ switch (dst->pk_algorithm) {
+ case GNUTLS_PK_DSA:
+ ret = _encode_dsa(&dst->key, dst->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_RSA:
+ ret = _encode_rsa(&dst->key, dst->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
}
+ }
- return 0;
+ return 0;
}
/* Converts an RSA PKCS#1 key to
* an internal structure (gnutls_private_key)
*/
-ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key( const gnutls_datum *raw_key,
- gnutls_x509_privkey pkey)
+ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum *
+ raw_key,
+ gnutls_x509_privkey pkey)
{
- int result;
- ASN1_TYPE pkey_asn;
-
- if ((result =
- asn1_create_element(_gnutls_get_gnutls_asn(),
- "GNUTLS.RSAPrivateKey", &pkey_asn
- )) != ASN1_SUCCESS) {
- gnutls_assert();
- return NULL;
- }
-
- if ((sizeof(pkey->params) / sizeof(mpi_t)) < RSA_PRIVATE_PARAMS) {
- gnutls_assert();
- /* internal error. Increase the mpi_ts in params */
- return NULL;
- }
-
- result = asn1_der_decoding(&pkey_asn, raw_key->data, raw_key->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int(pkey_asn, "modulus",
- &pkey->params[0])) < 0) {
- gnutls_assert();
- goto error;
- }
-
- if ((result =
- _gnutls_x509_read_int(pkey_asn, "publicExponent",
- &pkey->params[1])) < 0) {
- gnutls_assert();
- goto error;
- }
-
- if ((result =
- _gnutls_x509_read_int(pkey_asn, "privateExponent",
- &pkey->params[2])) < 0) {
- gnutls_assert();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int(pkey_asn, "prime1",
- &pkey->params[3])) < 0) {
- gnutls_assert();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int(pkey_asn, "prime2",
- &pkey->params[4])) < 0) {
- gnutls_assert();
- goto error;
- }
-
+ int result;
+ ASN1_TYPE pkey_asn;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.RSAPrivateKey",
+ &pkey_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if ((sizeof(pkey->params) / sizeof(mpi_t)) < RSA_PRIVATE_PARAMS) {
+ gnutls_assert();
+ /* internal error. Increase the mpi_ts in params */
+ return NULL;
+ }
+
+ result =
+ asn1_der_decoding(&pkey_asn, raw_key->data, raw_key->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "modulus",
+ &pkey->params[0])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_int(pkey_asn, "publicExponent",
+ &pkey->params[1])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_int(pkey_asn, "privateExponent",
+ &pkey->params[2])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "prime1",
+ &pkey->params[3])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int(pkey_asn, "prime2",
+ &pkey->params[4])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
#if 1
- /* Calculate the coefficient. This is because the gcrypt
- * library is uses the p,q in the reverse order.
- */
- pkey->params[5] =
- _gnutls_mpi_snew(_gnutls_mpi_get_nbits(pkey->params[0]));
-
- if (pkey->params[5] == NULL) {
- gnutls_assert();
- goto error;
- }
-
- _gnutls_mpi_invm(pkey->params[5], pkey->params[3], pkey->params[4]);
- /* p, q */
+ /* Calculate the coefficient. This is because the gcrypt
+ * library is uses the p,q in the reverse order.
+ */
+ pkey->params[5] =
+ _gnutls_mpi_snew(_gnutls_mpi_get_nbits(pkey->params[0]));
+
+ if (pkey->params[5] == NULL) {
+ gnutls_assert();
+ goto error;
+ }
+
+ _gnutls_mpi_invm(pkey->params[5], pkey->params[3], pkey->params[4]);
+ /* p, q */
#else
- if ( (result=_gnutls_x509_read_int( pkey_asn, "coefficient",
- &pkey->params[5])) < 0) {
- gnutls_assert();
- goto error;
- }
+ if ((result = _gnutls_x509_read_int(pkey_asn, "coefficient",
+ &pkey->params[5])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
#endif
- pkey->params_size = 6;
+ pkey->params_size = 6;
- return pkey_asn;
+ return pkey_asn;
- error:
- asn1_delete_structure(&pkey_asn);
- _gnutls_mpi_release(&pkey->params[0]);
- _gnutls_mpi_release(&pkey->params[1]);
- _gnutls_mpi_release(&pkey->params[2]);
- _gnutls_mpi_release(&pkey->params[3]);
- _gnutls_mpi_release(&pkey->params[4]);
- _gnutls_mpi_release(&pkey->params[5]);
- return NULL;
+ error:
+ asn1_delete_structure(&pkey_asn);
+ _gnutls_mpi_release(&pkey->params[0]);
+ _gnutls_mpi_release(&pkey->params[1]);
+ _gnutls_mpi_release(&pkey->params[2]);
+ _gnutls_mpi_release(&pkey->params[3]);
+ _gnutls_mpi_release(&pkey->params[4]);
+ _gnutls_mpi_release(&pkey->params[5]);
+ return NULL;
}
-static ASN1_TYPE decode_dsa_key( const gnutls_datum* raw_key,
- gnutls_x509_privkey pkey)
+static ASN1_TYPE decode_dsa_key(const gnutls_datum * raw_key,
+ gnutls_x509_privkey pkey)
{
- int result;
- ASN1_TYPE dsa_asn;
-
- if ((result =
- asn1_create_element(_gnutls_get_gnutls_asn(),
- "GNUTLS.DSAPrivateKey", &dsa_asn
- )) != ASN1_SUCCESS) {
- gnutls_assert();
- return NULL;
- }
-
- if ((sizeof(pkey->params) / sizeof(mpi_t)) < DSA_PRIVATE_PARAMS) {
- gnutls_assert();
- /* internal error. Increase the mpi_ts in params */
- return NULL;
- }
-
- result = asn1_der_decoding(&dsa_asn, raw_key->data, raw_key->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int(dsa_asn, "p",
- &pkey->params[0])) < 0) {
- gnutls_assert();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int(dsa_asn, "q",
- &pkey->params[1])) < 0) {
- gnutls_assert();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int(dsa_asn, "g",
- &pkey->params[2])) < 0) {
- gnutls_assert();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int(dsa_asn, "Y",
- &pkey->params[3])) < 0) {
- gnutls_assert();
- goto error;
- }
-
- if ((result = _gnutls_x509_read_int(dsa_asn, "priv",
- &pkey->params[4])) < 0) {
- gnutls_assert();
- goto error;
- }
- pkey->params_size = 5;
-
- return dsa_asn;
-
- error:
- asn1_delete_structure(&dsa_asn);
- _gnutls_mpi_release(&pkey->params[0]);
- _gnutls_mpi_release(&pkey->params[1]);
- _gnutls_mpi_release(&pkey->params[2]);
- _gnutls_mpi_release(&pkey->params[3]);
- _gnutls_mpi_release(&pkey->params[4]);
- return NULL;
+ int result;
+ ASN1_TYPE dsa_asn;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DSAPrivateKey",
+ &dsa_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ if ((sizeof(pkey->params) / sizeof(mpi_t)) < DSA_PRIVATE_PARAMS) {
+ gnutls_assert();
+ /* internal error. Increase the mpi_ts in params */
+ return NULL;
+ }
+
+ result =
+ asn1_der_decoding(&dsa_asn, raw_key->data, raw_key->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int(dsa_asn, "p",
+ &pkey->params[0])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int(dsa_asn, "q",
+ &pkey->params[1])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int(dsa_asn, "g",
+ &pkey->params[2])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int(dsa_asn, "Y",
+ &pkey->params[3])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int(dsa_asn, "priv",
+ &pkey->params[4])) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ pkey->params_size = 5;
+
+ return dsa_asn;
+
+ error:
+ asn1_delete_structure(&dsa_asn);
+ _gnutls_mpi_release(&pkey->params[0]);
+ _gnutls_mpi_release(&pkey->params[1]);
+ _gnutls_mpi_release(&pkey->params[2]);
+ _gnutls_mpi_release(&pkey->params[3]);
+ _gnutls_mpi_release(&pkey->params[4]);
+ return NULL;
}
@@ -317,94 +323,100 @@ static ASN1_TYPE decode_dsa_key( const gnutls_datum* raw_key,
* Returns 0 on success.
*
**/
-int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * data,
- gnutls_x509_crt_fmt format)
+int gnutls_x509_privkey_import(gnutls_x509_privkey key,
+ const gnutls_datum * data,
+ gnutls_x509_crt_fmt format)
{
- int result = 0, need_free = 0;
- gnutls_datum _data;
+ int result = 0, need_free = 0;
+ gnutls_datum _data;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ opaque *out;
- if (key == NULL) {
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode(PEM_KEY_RSA, data->data, data->size,
+ &out);
+ key->pk_algorithm = GNUTLS_PK_RSA;
+
+ if (result <= 0) {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_KEY_DSA, data->data, data->size,
+ &out);
+ key->pk_algorithm = GNUTLS_PK_DSA;
+
+ if (result <= 0) {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ return result;
+ }
}
-
- _data.data = data->data;
- _data.size = data->size;
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ _data.data = out;
+ _data.size = result;
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM) {
- opaque *out;
-
- /* Try the first header */
- result = _gnutls_fbase64_decode(PEM_KEY_RSA, data->data, data->size,
- &out);
- key->pk_algorithm = GNUTLS_PK_RSA;
-
- if (result <= 0) {
- /* try for the second header */
- result = _gnutls_fbase64_decode(PEM_KEY_DSA, data->data, data->size,
- &out);
- key->pk_algorithm = GNUTLS_PK_DSA;
-
- if (result <= 0) {
- if (result==0) result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert();
- return result;
- }
- }
-
- _data.data = out;
- _data.size = result;
-
- need_free = 1;
+ need_free = 1;
+ }
+
+ if (key->pk_algorithm == GNUTLS_PK_RSA) {
+ key->key = _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key);
+ if (key->key == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_ASN1_DER_ERROR;
+ goto cleanup;
}
+ } else if (key->pk_algorithm == GNUTLS_PK_DSA) {
+ key->key = decode_dsa_key(&_data, key);
+ if (key->key == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_ASN1_DER_ERROR;
+ goto cleanup;
+ }
+ } else {
+ /* Try decoding with both, and accept the one that
+ * succeeds.
+ */
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ key->key = decode_dsa_key(&_data, key);
- if (key->pk_algorithm == GNUTLS_PK_RSA) {
- key->key = _gnutls_privkey_decode_pkcs1_rsa_key( &_data, key);
- if (key->key == NULL) {
- gnutls_assert();
- result = GNUTLS_E_ASN1_DER_ERROR;
- goto cleanup;
- }
- } else if (key->pk_algorithm == GNUTLS_PK_DSA) {
- key->key = decode_dsa_key( &_data, key);
- if (key->key == NULL) {
- gnutls_assert();
- result = GNUTLS_E_ASN1_DER_ERROR;
- goto cleanup;
- }
- } else {
- /* Try decoding with both, and accept the one that
- * succeeds.
- */
- key->pk_algorithm = GNUTLS_PK_DSA;
- key->key = decode_dsa_key( &_data, key);
-
- if (key->key == NULL) {
- key->pk_algorithm = GNUTLS_PK_RSA;
- key->key = _gnutls_privkey_decode_pkcs1_rsa_key( &_data, key);
- if (key->key == NULL) {
- gnutls_assert();
- result = GNUTLS_E_ASN1_DER_ERROR;
- goto cleanup;
- }
- }
+ if (key->key == NULL) {
+ key->pk_algorithm = GNUTLS_PK_RSA;
+ key->key = _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key);
+ if (key->key == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_ASN1_DER_ERROR;
+ goto cleanup;
+ }
}
+ }
- if (need_free) _gnutls_free_datum( &_data);
+ if (need_free)
+ _gnutls_free_datum(&_data);
- /* The key has now been decoded.
- */
+ /* The key has now been decoded.
+ */
- return 0;
+ return 0;
- cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
- if (need_free) _gnutls_free_datum( &_data);
- return result;
+ cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
#define FREE_RSA_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \
@@ -426,74 +438,77 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * dat
* to the native gnutls_x509_privkey format. The output will be stored in @key.
*
**/
-int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey key,
- const gnutls_datum* m, const gnutls_datum* e,
- const gnutls_datum* d, const gnutls_datum* p,
- const gnutls_datum* q, const gnutls_datum* u)
+int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey key,
+ const gnutls_datum * m,
+ const gnutls_datum * e,
+ const gnutls_datum * d,
+ const gnutls_datum * p,
+ const gnutls_datum * q,
+ const gnutls_datum * u)
{
- int i = 0, ret;
- size_t siz = 0;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- siz = m->size;
- if (_gnutls_mpi_scan(&key->params[0], m->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = e->size;
- if (_gnutls_mpi_scan(&key->params[1], e->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = d->size;
- if (_gnutls_mpi_scan(&key->params[2], d->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = p->size;
- if (_gnutls_mpi_scan(&key->params[3], p->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = q->size;
- if (_gnutls_mpi_scan(&key->params[4], q->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = u->size;
- if (_gnutls_mpi_scan(&key->params[5], u->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (!key->crippled) {
- ret = _encode_rsa( &key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return ret;
- }
+ int i = 0, ret;
+ size_t siz = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ siz = m->size;
+ if (_gnutls_mpi_scan(&key->params[0], m->data, &siz)) {
+ gnutls_assert();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = e->size;
+ if (_gnutls_mpi_scan(&key->params[1], e->data, &siz)) {
+ gnutls_assert();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = d->size;
+ if (_gnutls_mpi_scan(&key->params[2], d->data, &siz)) {
+ gnutls_assert();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = p->size;
+ if (_gnutls_mpi_scan(&key->params[3], p->data, &siz)) {
+ gnutls_assert();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = q->size;
+ if (_gnutls_mpi_scan(&key->params[4], q->data, &siz)) {
+ gnutls_assert();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = u->size;
+ if (_gnutls_mpi_scan(&key->params[5], u->data, &siz)) {
+ gnutls_assert();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (!key->crippled) {
+ ret = _encode_rsa(&key->key, key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ FREE_RSA_PRIVATE_PARAMS;
+ return ret;
}
+ }
- key->params_size = RSA_PRIVATE_PARAMS;
- key->pk_algorithm = GNUTLS_PK_RSA;
+ key->params_size = RSA_PRIVATE_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_RSA;
- return 0;
+ return 0;
}
@@ -510,67 +525,69 @@ int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey key,
* to the native gnutls_x509_privkey format. The output will be stored in @key.
*
**/
-int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey key,
- const gnutls_datum* p, const gnutls_datum* q,
- const gnutls_datum* g, const gnutls_datum* y,
- const gnutls_datum* x)
+int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey key,
+ const gnutls_datum * p,
+ const gnutls_datum * q,
+ const gnutls_datum * g,
+ const gnutls_datum * y,
+ const gnutls_datum * x)
{
- int i = 0, ret;
- size_t siz = 0;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- siz = p->size;
- if (_gnutls_mpi_scan(&key->params[0], p->data, &siz)) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = q->size;
- if (_gnutls_mpi_scan(&key->params[1], q->data, &siz)) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = g->size;
- if (_gnutls_mpi_scan(&key->params[2], g->data, &siz)) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = y->size;
- if (_gnutls_mpi_scan(&key->params[3], y->data, &siz)) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = x->size;
- if (_gnutls_mpi_scan(&key->params[4], x->data, &siz)) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (!key->crippled) {
- ret = _encode_dsa( &key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return ret;
- }
+ int i = 0, ret;
+ size_t siz = 0;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ siz = p->size;
+ if (_gnutls_mpi_scan(&key->params[0], p->data, &siz)) {
+ gnutls_assert();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = q->size;
+ if (_gnutls_mpi_scan(&key->params[1], q->data, &siz)) {
+ gnutls_assert();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = g->size;
+ if (_gnutls_mpi_scan(&key->params[2], g->data, &siz)) {
+ gnutls_assert();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = y->size;
+ if (_gnutls_mpi_scan(&key->params[3], y->data, &siz)) {
+ gnutls_assert();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = x->size;
+ if (_gnutls_mpi_scan(&key->params[4], x->data, &siz)) {
+ gnutls_assert();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (!key->crippled) {
+ ret = _encode_dsa(&key->key, key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ FREE_DSA_PRIVATE_PARAMS;
+ return ret;
}
+ }
- key->params_size = DSA_PRIVATE_PARAMS;
- key->pk_algorithm = GNUTLS_PK_DSA;
+ key->params_size = DSA_PRIVATE_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_DSA;
- return 0;
+ return 0;
}
@@ -586,14 +603,14 @@ int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey key,
* or a negative value on error.
*
**/
-int gnutls_x509_privkey_get_pk_algorithm( gnutls_x509_privkey key)
+int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey key)
{
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- return key->pk_algorithm;
+ return key->pk_algorithm;
}
@@ -618,48 +635,52 @@ int gnutls_x509_privkey_get_pk_algorithm( gnutls_x509_privkey key)
* 0 on success.
*
**/
-int gnutls_x509_privkey_export( gnutls_x509_privkey key,
- gnutls_x509_crt_fmt format, void* output_data, size_t* output_data_size)
+int gnutls_x509_privkey_export(gnutls_x509_privkey key,
+ gnutls_x509_crt_fmt format,
+ void *output_data,
+ size_t * output_data_size)
{
- char * msg;
- int ret;
-
- if (key == NULL) {
+ char *msg;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm == GNUTLS_PK_RSA)
+ msg = PEM_KEY_RSA;
+ else if (key->pk_algorithm == GNUTLS_PK_DSA)
+ msg = PEM_KEY_DSA;
+ else
+ msg = NULL;
+
+ if (key->crippled) { /* encode the parameters on the fly.
+ */
+ switch (key->pk_algorithm) {
+ case GNUTLS_PK_DSA:
+ ret = _encode_dsa(&key->key, key->params);
+ if (ret < 0) {
gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key->pk_algorithm == GNUTLS_PK_RSA)
- msg = PEM_KEY_RSA;
- else if (key->pk_algorithm == GNUTLS_PK_DSA)
- msg = PEM_KEY_DSA;
- else msg = NULL;
-
- if (key->crippled) { /* encode the parameters on the fly.
- */
- switch( key->pk_algorithm) {
- case GNUTLS_PK_DSA:
- ret = _encode_dsa( &key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- case GNUTLS_PK_RSA:
- ret = _encode_rsa( &key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_RSA:
+ ret = _encode_rsa(&key->key, key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
}
+ }
- return _gnutls_x509_export_int( key->key, format, msg, *output_data_size,
- output_data, output_data_size);
+ return _gnutls_x509_export_int(key->key, format, msg,
+ *output_data_size, output_data,
+ output_data_size);
}
/**
@@ -678,74 +699,74 @@ int gnutls_x509_privkey_export( gnutls_x509_privkey key,
*
**/
int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey key,
- gnutls_datum * m, gnutls_datum *e,
- gnutls_datum *d, gnutls_datum *p, gnutls_datum* q,
- gnutls_datum* u)
+ gnutls_datum * m, gnutls_datum * e,
+ gnutls_datum * d, gnutls_datum * p,
+ gnutls_datum * q, gnutls_datum * u)
{
-int ret;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_mpi_dprint(m, key->params[0]);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* E */
- ret = _gnutls_mpi_dprint(e, key->params[1]);
- if (ret < 0) {
- _gnutls_free_datum( m);
- gnutls_assert();
- return ret;
- }
-
- /* D */
- ret = _gnutls_mpi_dprint(d, key->params[2]);
- if (ret < 0) {
- _gnutls_free_datum( m);
- _gnutls_free_datum( e);
- gnutls_assert();
- return ret;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint(p, key->params[3]);
- if (ret < 0) {
- _gnutls_free_datum( m);
- _gnutls_free_datum( d);
- _gnutls_free_datum( e);
- gnutls_assert();
- return ret;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint(q, key->params[4]);
- if (ret < 0) {
- _gnutls_free_datum( m);
- _gnutls_free_datum( d);
- _gnutls_free_datum( e);
- _gnutls_free_datum( p);
- gnutls_assert();
- return ret;
- }
-
- /* U */
- ret = _gnutls_mpi_dprint(u, key->params[5]);
- if (ret < 0) {
- _gnutls_free_datum( m);
- _gnutls_free_datum( d);
- _gnutls_free_datum( e);
- _gnutls_free_datum( p);
- _gnutls_free_datum( q);
- gnutls_assert();
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_mpi_dprint(m, key->params[0]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* E */
+ ret = _gnutls_mpi_dprint(e, key->params[1]);
+ if (ret < 0) {
+ _gnutls_free_datum(m);
+ gnutls_assert();
+ return ret;
+ }
+
+ /* D */
+ ret = _gnutls_mpi_dprint(d, key->params[2]);
+ if (ret < 0) {
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(e);
+ gnutls_assert();
+ return ret;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint(p, key->params[3]);
+ if (ret < 0) {
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(d);
+ _gnutls_free_datum(e);
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint(q, key->params[4]);
+ if (ret < 0) {
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(d);
+ _gnutls_free_datum(e);
+ _gnutls_free_datum(p);
+ gnutls_assert();
+ return ret;
+ }
+
+ /* U */
+ ret = _gnutls_mpi_dprint(u, key->params[5]);
+ if (ret < 0) {
+ _gnutls_free_datum(m);
+ _gnutls_free_datum(d);
+ _gnutls_free_datum(e);
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/**
@@ -763,374 +784,373 @@ int ret;
*
**/
int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey key,
- gnutls_datum * p, gnutls_datum *q,
- gnutls_datum *g, gnutls_datum *y, gnutls_datum* x)
+ gnutls_datum * p, gnutls_datum * q,
+ gnutls_datum * g, gnutls_datum * y,
+ gnutls_datum * x)
{
-int ret;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* P */
- ret = _gnutls_mpi_dprint(p, key->params[0]);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint(q, key->params[1]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- return ret;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint(g, key->params[2]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- _gnutls_free_datum(q);
- return ret;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint(y, key->params[3]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- _gnutls_free_datum(g);
- _gnutls_free_datum(q);
- return ret;
- }
-
- /* X */
- ret = _gnutls_mpi_dprint(x, key->params[4]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(y);
- _gnutls_free_datum(p);
- _gnutls_free_datum(g);
- _gnutls_free_datum(q);
- return ret;
- }
-
- return 0;
+ int ret;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint(p, key->params[0]);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint(q, key->params[1]);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ return ret;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint(g, key->params[2]);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint(y, key->params[3]);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+ /* X */
+ ret = _gnutls_mpi_dprint(x, key->params[4]);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(y);
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ return ret;
+ }
+
+ return 0;
}
/* Encodes the RSA parameters into an ASN.1 RSA private key structure.
*/
-static int _encode_rsa( ASN1_TYPE* c2, mpi_t* params)
+static int _encode_rsa(ASN1_TYPE * c2, mpi_t * params)
{
- int result, i;
- size_t size[8], total;
- opaque * m_data, *pube_data, *prie_data;
- opaque* p1_data, *p2_data, *u_data, *exp1_data, *exp2_data;
- opaque * all_data = NULL, *p;
- mpi_t exp1 = NULL, exp2 = NULL, q1 = NULL, p1 = NULL;
- opaque null = '\0';
-
- /* Read all the sizes */
- total = 0;
- for (i=0;i<6;i++) {
- _gnutls_mpi_print_lz( NULL, &size[i], params[i]);
- total += size[i];
- }
-
- /* Now generate exp1 and exp2
- */
- exp1 = _gnutls_mpi_salloc_like( params[0]); /* like modulus */
- if (exp1 == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- exp2 = _gnutls_mpi_salloc_like( params[0]);
- if (exp2 == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- q1 = _gnutls_mpi_salloc_like( params[4]);
- if (q1 == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- p1 = _gnutls_mpi_salloc_like( params[3]);
- if (p1 == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- _gnutls_mpi_add_ui( p1, params[3], -1);
- _gnutls_mpi_add_ui( q1, params[4], -1);
-
- _gnutls_mpi_mod( exp1, params[2], p1);
- _gnutls_mpi_mod( exp2, params[2], q1);
-
-
- /* calculate exp's size */
- _gnutls_mpi_print_lz( NULL, &size[6], exp1);
- total += size[6];
-
- _gnutls_mpi_print_lz( NULL, &size[7], exp2);
- total += size[7];
-
- /* Encoding phase.
- * allocate data enough to hold everything
- */
- all_data = gnutls_secure_malloc( total);
- if (all_data == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- p = all_data;
- m_data = p; p+= size[0];
- pube_data = p; p+= size[1];
- prie_data = p; p+= size[2];
- p1_data = p; p+= size[3];
- p2_data = p; p+= size[4];
- u_data = p; p+= size[5];
- exp1_data = p; p+= size[6];
- exp2_data = p;
-
- _gnutls_mpi_print_lz( m_data, &size[0], params[0]);
- _gnutls_mpi_print_lz( pube_data, &size[1], params[1]);
- _gnutls_mpi_print_lz( prie_data, &size[2], params[2]);
- _gnutls_mpi_print_lz( p1_data, &size[3], params[3]);
- _gnutls_mpi_print_lz( p2_data, &size[4], params[4]);
- _gnutls_mpi_print_lz( u_data, &size[5], params[5]);
- _gnutls_mpi_print_lz( exp1_data, &size[6], exp1);
- _gnutls_mpi_print_lz( exp2_data, &size[7], exp2);
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPrivateKey", c2))
- != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Write PRIME
- */
- if ((result = asn1_write_value(*c2, "modulus",
- m_data, size[0])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "publicExponent",
- pube_data, size[1])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "privateExponent",
- prie_data, size[2])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "prime1",
- p1_data, size[3])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "prime2",
- p2_data, size[4])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "exponent1",
- exp1_data, size[6])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "exponent2",
- exp2_data, size[7])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "coefficient",
- u_data, size[5])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- gnutls_free(all_data);
-
- if ((result = asn1_write_value(*c2, "otherPrimeInfos",
- NULL, 0)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "version",
- &null, 1)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- return 0;
-
- cleanup:
- _gnutls_mpi_release( &exp1);
- _gnutls_mpi_release( &exp2);
- _gnutls_mpi_release( &q1);
- _gnutls_mpi_release( &p1);
- asn1_delete_structure(c2);
- gnutls_free( all_data);
-
- return result;
+ int result, i;
+ size_t size[8], total;
+ opaque *m_data, *pube_data, *prie_data;
+ opaque *p1_data, *p2_data, *u_data, *exp1_data, *exp2_data;
+ opaque *all_data = NULL, *p;
+ mpi_t exp1 = NULL, exp2 = NULL, q1 = NULL, p1 = NULL;
+ opaque null = '\0';
+
+ /* Read all the sizes */
+ total = 0;
+ for (i = 0; i < 6; i++) {
+ _gnutls_mpi_print_lz(NULL, &size[i], params[i]);
+ total += size[i];
+ }
+
+ /* Now generate exp1 and exp2
+ */
+ exp1 = _gnutls_mpi_salloc_like(params[0]); /* like modulus */
+ if (exp1 == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ exp2 = _gnutls_mpi_salloc_like(params[0]);
+ if (exp2 == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ q1 = _gnutls_mpi_salloc_like(params[4]);
+ if (q1 == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ p1 = _gnutls_mpi_salloc_like(params[3]);
+ if (p1 == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ _gnutls_mpi_add_ui(p1, params[3], -1);
+ _gnutls_mpi_add_ui(q1, params[4], -1);
+
+ _gnutls_mpi_mod(exp1, params[2], p1);
+ _gnutls_mpi_mod(exp2, params[2], q1);
+
+
+ /* calculate exp's size */
+ _gnutls_mpi_print_lz(NULL, &size[6], exp1);
+ total += size[6];
+
+ _gnutls_mpi_print_lz(NULL, &size[7], exp2);
+ total += size[7];
+
+ /* Encoding phase.
+ * allocate data enough to hold everything
+ */
+ all_data = gnutls_secure_malloc(total);
+ if (all_data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ p = all_data;
+ m_data = p;
+ p += size[0];
+ pube_data = p;
+ p += size[1];
+ prie_data = p;
+ p += size[2];
+ p1_data = p;
+ p += size[3];
+ p2_data = p;
+ p += size[4];
+ u_data = p;
+ p += size[5];
+ exp1_data = p;
+ p += size[6];
+ exp2_data = p;
+
+ _gnutls_mpi_print_lz(m_data, &size[0], params[0]);
+ _gnutls_mpi_print_lz(pube_data, &size[1], params[1]);
+ _gnutls_mpi_print_lz(prie_data, &size[2], params[2]);
+ _gnutls_mpi_print_lz(p1_data, &size[3], params[3]);
+ _gnutls_mpi_print_lz(p2_data, &size[4], params[4]);
+ _gnutls_mpi_print_lz(u_data, &size[5], params[5]);
+ _gnutls_mpi_print_lz(exp1_data, &size[6], exp1);
+ _gnutls_mpi_print_lz(exp2_data, &size[7], exp2);
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPrivateKey", c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value(*c2, "modulus",
+ m_data, size[0])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "publicExponent",
+ pube_data, size[1])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "privateExponent",
+ prie_data, size[2])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "prime1",
+ p1_data, size[3])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "prime2",
+ p2_data, size[4])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "exponent1",
+ exp1_data, size[6])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "exponent2",
+ exp2_data, size[7])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "coefficient",
+ u_data, size[5])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ gnutls_free(all_data);
+
+ if ((result = asn1_write_value(*c2, "otherPrimeInfos",
+ NULL, 0)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "version",
+ &null, 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ _gnutls_mpi_release(&exp1);
+ _gnutls_mpi_release(&exp2);
+ _gnutls_mpi_release(&q1);
+ _gnutls_mpi_release(&p1);
+ asn1_delete_structure(c2);
+ gnutls_free(all_data);
+
+ return result;
}
/* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure.
*/
-static int _encode_dsa( ASN1_TYPE* c2, mpi_t* params)
+static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params)
{
- int result, i;
- size_t size[DSA_PRIVATE_PARAMS], total;
- opaque* p_data, *q_data, *g_data, *x_data, *y_data;
- opaque * all_data = NULL, *p;
- opaque null = '\0';
-
- /* Read all the sizes */
- total = 0;
- for (i=0;i<DSA_PRIVATE_PARAMS;i++) {
- _gnutls_mpi_print_lz( NULL, &size[i], params[i]);
- total += size[i];
- }
-
- /* Encoding phase.
- * allocate data enough to hold everything
- */
- all_data = gnutls_secure_malloc( total);
- if (all_data == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- p = all_data;
- p_data = p; p += size[0];
- q_data = p; p += size[1];
- g_data = p; p += size[2];
- y_data = p; p += size[3];
- x_data = p;
-
- _gnutls_mpi_print_lz( p_data, &size[0], params[0]);
- _gnutls_mpi_print_lz( q_data, &size[1], params[1]);
- _gnutls_mpi_print_lz( g_data, &size[2], params[2]);
- _gnutls_mpi_print_lz( y_data, &size[3], params[3]);
- _gnutls_mpi_print_lz( x_data, &size[4], params[4]);
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPrivateKey", c2))
- != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Write PRIME
- */
- if ((result = asn1_write_value(*c2, "p",
- p_data, size[0])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "q",
- q_data, size[1])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "g",
- g_data, size[2])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "Y",
- y_data, size[3])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "priv",
- x_data, size[4])) != ASN1_SUCCESS)
- {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- gnutls_free(all_data);
-
- if ((result = asn1_write_value(*c2, "version",
- &null, 1)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- return 0;
-
- cleanup:
- asn1_delete_structure(c2);
- gnutls_free( all_data);
-
- return result;
+ int result, i;
+ size_t size[DSA_PRIVATE_PARAMS], total;
+ opaque *p_data, *q_data, *g_data, *x_data, *y_data;
+ opaque *all_data = NULL, *p;
+ opaque null = '\0';
+
+ /* Read all the sizes */
+ total = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
+ _gnutls_mpi_print_lz(NULL, &size[i], params[i]);
+ total += size[i];
+ }
+
+ /* Encoding phase.
+ * allocate data enough to hold everything
+ */
+ all_data = gnutls_secure_malloc(total);
+ if (all_data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ p = all_data;
+ p_data = p;
+ p += size[0];
+ q_data = p;
+ p += size[1];
+ g_data = p;
+ p += size[2];
+ y_data = p;
+ p += size[3];
+ x_data = p;
+
+ _gnutls_mpi_print_lz(p_data, &size[0], params[0]);
+ _gnutls_mpi_print_lz(q_data, &size[1], params[1]);
+ _gnutls_mpi_print_lz(g_data, &size[2], params[2]);
+ _gnutls_mpi_print_lz(y_data, &size[3], params[3]);
+ _gnutls_mpi_print_lz(x_data, &size[4], params[4]);
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPrivateKey", c2))
+ != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value(*c2, "p",
+ p_data, size[0])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "q",
+ q_data, size[1])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "g",
+ g_data, size[2])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "Y",
+ y_data, size[3])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value(*c2, "priv",
+ x_data, size[4])) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ gnutls_free(all_data);
+
+ if ((result = asn1_write_value(*c2, "version",
+ &null, 1)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ asn1_delete_structure(c2);
+ gnutls_free(all_data);
+
+ return result;
}
@@ -1147,69 +1167,70 @@ static int _encode_dsa( ASN1_TYPE* c2, mpi_t* params)
* Returns 0 on success or a negative value on error.
*
**/
-int gnutls_x509_privkey_generate( gnutls_x509_privkey key, gnutls_pk_algorithm algo,
- unsigned int bits, unsigned int flags)
+int gnutls_x509_privkey_generate(gnutls_x509_privkey key,
+ gnutls_pk_algorithm algo,
+ unsigned int bits, unsigned int flags)
{
-int ret, params_len;
-int i;
+ int ret, params_len;
+ int i;
- if (key == NULL) {
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ switch (algo) {
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_dsa_generate_params(key->params, &params_len, bits);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (!key->crippled) {
+ ret = _encode_dsa(&key->key, key->params);
+ if (ret < 0) {
gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+ }
+ key->params_size = params_len;
+ key->pk_algorithm = GNUTLS_PK_DSA;
+
+ break;
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_rsa_generate_params(key->params, &params_len, bits);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- switch( algo) {
- case GNUTLS_PK_DSA:
- ret = _gnutls_dsa_generate_params( key->params, &params_len, bits);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- if (!key->crippled) {
- ret = _encode_dsa( &key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- }
- key->params_size = params_len;
- key->pk_algorithm = GNUTLS_PK_DSA;
-
- break;
- case GNUTLS_PK_RSA:
- ret = _gnutls_rsa_generate_params( key->params, &params_len, bits);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- if (!key->crippled) {
- ret = _encode_rsa( &key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- key->params_size = params_len;
- key->pk_algorithm = GNUTLS_PK_RSA;
-
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (!key->crippled) {
+ ret = _encode_rsa(&key->key, key->params);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
}
-
- return 0;
- cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
- key->params_size = 0;
- for (i=0;i<params_len;i++)
- _gnutls_mpi_release(&key->params[i]);
+ key->params_size = params_len;
+ key->pk_algorithm = GNUTLS_PK_RSA;
- return ret;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+
+ cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ key->params_size = 0;
+ for (i = 0; i < params_len; i++)
+ _gnutls_mpi_release(&key->params[i]);
+
+ return ret;
}
/**
@@ -1231,56 +1252,63 @@ int i;
* 0 on success.
*
**/
-int gnutls_x509_privkey_get_key_id( gnutls_x509_privkey key, unsigned int flags,
- unsigned char* output_data, size_t* output_data_size)
+int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
-int result;
-GNUTLS_HASH_HANDLE hd;
-gnutls_datum der = { NULL, 0 };
+ int result;
+ GNUTLS_HASH_HANDLE hd;
+ gnutls_datum der = { NULL, 0 };
- if (key == NULL || key->crippled) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL || key->crippled) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (*output_data_size < 20) {
- gnutls_assert();
- *output_data_size = 20;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (*output_data_size < 20) {
+ gnutls_assert();
+ *output_data_size = 20;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- if (key->pk_algorithm == GNUTLS_PK_RSA) {
- result = _gnutls_x509_write_rsa_params( key->params, key->params_size, &der);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
- } else if (key->pk_algorithm == GNUTLS_PK_DSA) {
- result = _gnutls_x509_write_dsa_public_key( key->params, key->params_size, &der);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
- } else return GNUTLS_E_INTERNAL_ERROR;
-
- hd = _gnutls_hash_init( GNUTLS_MAC_SHA);
- if (hd == GNUTLS_HASH_FAILED) {
- gnutls_assert();
- result = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
+ if (key->pk_algorithm == GNUTLS_PK_RSA) {
+ result =
+ _gnutls_x509_write_rsa_params(key->params, key->params_size,
+ &der);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else if (key->pk_algorithm == GNUTLS_PK_DSA) {
+ result =
+ _gnutls_x509_write_dsa_public_key(key->params,
+ key->params_size, &der);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
}
-
- _gnutls_hash( hd, der.data, der.size);
+ } else
+ return GNUTLS_E_INTERNAL_ERROR;
- _gnutls_hash_deinit( hd, output_data);
- *output_data_size = 20;
+ hd = _gnutls_hash_init(GNUTLS_MAC_SHA);
+ if (hd == GNUTLS_HASH_FAILED) {
+ gnutls_assert();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
- result = 0;
+ _gnutls_hash(hd, der.data, der.size);
-cleanup:
-
- _gnutls_free_datum( &der);
- return result;
+ _gnutls_hash_deinit(hd, output_data);
+ *output_data_size = 20;
+
+ result = 0;
+
+ cleanup:
+
+ _gnutls_free_datum(&der);
+ return result;
}
#ifdef ENABLE_PKI
@@ -1306,36 +1334,38 @@ cleanup:
* 0 on success.
*
**/
-int gnutls_x509_privkey_sign_data( gnutls_x509_privkey key, gnutls_digest_algorithm digest,
- unsigned int flags, const gnutls_datum* data,
- void* signature, size_t* signature_size)
+int gnutls_x509_privkey_sign_data(gnutls_x509_privkey key,
+ gnutls_digest_algorithm digest,
+ unsigned int flags,
+ const gnutls_datum * data,
+ void *signature, size_t * signature_size)
{
-int result;
-gnutls_datum sig = { NULL, 0 };
+ int result;
+ gnutls_datum sig = { NULL, 0 };
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_sign( data, digest, key, &sig);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- if (*signature_size < sig.size) {
- *signature_size = sig.size;
- _gnutls_free_datum( &sig);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
+ result = _gnutls_x509_sign(data, digest, key, &sig);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (*signature_size < sig.size) {
*signature_size = sig.size;
- memcpy( signature, sig.data, sig.size);
-
- _gnutls_free_datum( &sig);
+ _gnutls_free_datum(&sig);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- return 0;
+ *signature_size = sig.size;
+ memcpy(signature, sig.data, sig.size);
+
+ _gnutls_free_datum(&sig);
+
+ return 0;
}
/**
@@ -1352,24 +1382,25 @@ gnutls_datum sig = { NULL, 0 };
* 1 on success.
*
**/
-int gnutls_x509_privkey_verify_data( gnutls_x509_privkey key, unsigned int flags,
- const gnutls_datum* data, const gnutls_datum* signature)
+int gnutls_x509_privkey_verify_data(gnutls_x509_privkey key,
+ unsigned int flags,
+ const gnutls_datum * data,
+ const gnutls_datum * signature)
{
-int result;
+ int result;
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_privkey_verify_signature( data, signature, key);
- if (result < 0) {
- gnutls_assert();
- return 0;
- }
-
- return result;
+ result = _gnutls_x509_privkey_verify_signature(data, signature, key);
+ if (result < 0) {
+ gnutls_assert();
+ return 0;
+ }
+
+ return result;
}
#endif
-
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 894be9f1b7..c0fe3fd663 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -54,16 +54,16 @@
#define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
struct pbkdf2_params {
- opaque salt[32];
- int salt_size;
- unsigned int iter_count;
- int key_size;
+ opaque salt[32];
+ int salt_size;
+ unsigned int iter_count;
+ int key_size;
};
struct pbe_enc_params {
- gnutls_cipher_algorithm cipher;
- opaque iv[8];
- int iv_size;
+ gnutls_cipher_algorithm cipher;
+ opaque iv[8];
+ int iv_size;
};
static int generate_key(schema_id schema, const char *password,
@@ -82,18 +82,20 @@ static int decrypt_data(schema_id, ASN1_TYPE pkcs8_asn, const char *root,
const struct pbe_enc_params *enc_params,
gnutls_datum * decrypted_data);
static int decode_private_key_info(const gnutls_datum * der,
- gnutls_x509_privkey pkey, ASN1_TYPE* out);
-static int write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, const char* where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params);
+ gnutls_x509_privkey pkey,
+ ASN1_TYPE * out);
+static int write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params);
static int encrypt_data(const gnutls_datum * plain,
const struct pbe_enc_params *enc_params,
gnutls_datum * key, gnutls_datum * encrypted);
static int read_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
- struct pbkdf2_params *params);
+ struct pbkdf2_params *params);
static int write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *params);
+ const struct pbkdf2_params *params);
#define PEM_PKCS8 "ENCRYPTED PRIVATE KEY"
#define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY"
@@ -104,21 +106,22 @@ static int write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
inline static int check_schema(const char *oid)
{
- if (strcmp(oid, PBES2_OID) == 0)
- return PBES2;
+ if (strcmp(oid, PBES2_OID) == 0)
+ return PBES2;
- if (strcmp(oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
- return PKCS12_3DES_SHA1;
+ if (strcmp(oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
+ return PKCS12_3DES_SHA1;
- if (strcmp(oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0)
- return PKCS12_ARCFOUR_SHA1;
+ if (strcmp(oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0)
+ return PKCS12_ARCFOUR_SHA1;
- if (strcmp(oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0)
- return PKCS12_RC2_40_SHA1;
+ if (strcmp(oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0)
+ return PKCS12_RC2_40_SHA1;
- _gnutls_x509_log("PKCS encryption schema OID '%s' is unsupported.\n", oid);
+ _gnutls_x509_log("PKCS encryption schema OID '%s' is unsupported.\n",
+ oid);
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
/*
@@ -130,244 +133,243 @@ static int encode_to_private_key_info(gnutls_x509_privkey pkey,
gnutls_datum * der,
ASN1_TYPE * pkey_info)
{
- int result;
- size_t size;
- opaque *data = NULL;
- opaque null = 0;
-
- if (pkey->pk_algorithm != GNUTLS_PK_RSA) {
- gnutls_assert();
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
- }
-
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-8-PrivateKeyInfo",
- pkey_info)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Write the version.
- */
- result = asn1_write_value(*pkey_info, "version", &null, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* write the privateKeyAlgorithm
- * fields. (OID+NULL data)
- */
- result =
- asn1_write_value(*pkey_info, "privateKeyAlgorithm.algorithm",
- PKIX1_RSA_OID, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- result =
- asn1_write_value(*pkey_info, "privateKeyAlgorithm.parameters",
- NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Write the raw private key
- */
- size = 0;
- result =
- gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER, NULL,
- &size);
- if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) {
- gnutls_assert();
- goto error;
- }
-
- data = gnutls_alloca(size);
- if (data == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
-
- result =
- gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER, data,
- &size);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- result = asn1_write_value(*pkey_info, "privateKey", data, size);
-
+ int result;
+ size_t size;
+ opaque *data = NULL;
+ opaque null = 0;
+
+ if (pkey->pk_algorithm != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-PrivateKeyInfo",
+ pkey_info)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Write the version.
+ */
+ result = asn1_write_value(*pkey_info, "version", &null, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* write the privateKeyAlgorithm
+ * fields. (OID+NULL data)
+ */
+ result =
+ asn1_write_value(*pkey_info, "privateKeyAlgorithm.algorithm",
+ PKIX1_RSA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ asn1_write_value(*pkey_info, "privateKeyAlgorithm.parameters",
+ NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Write the raw private key
+ */
+ size = 0;
+ result =
+ gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER, NULL, &size);
+ if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ goto error;
+ }
+
+ data = gnutls_alloca(size);
+ if (data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+
+ result =
+ gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER, data, &size);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = asn1_write_value(*pkey_info, "privateKey", data, size);
+
+ gnutls_afree(data);
+ data = NULL;
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Append an empty Attributes field.
+ */
+ result = asn1_write_value(*pkey_info, "attributes", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* DER Encode the generated private key info.
+ */
+ size = 0;
+ result = asn1_der_coding(*pkey_info, "", NULL, &size, NULL);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* allocate data for the der
+ */
+ der->size = size;
+ der->data = gnutls_malloc(size);
+ if (der->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_der_coding(*pkey_info, "", der->data, &size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(pkey_info);
+ if (data != NULL) {
gnutls_afree(data);
- data = NULL;
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Append an empty Attributes field.
- */
- result = asn1_write_value(*pkey_info, "attributes", NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* DER Encode the generated private key info.
- */
- size = 0;
- result = asn1_der_coding(*pkey_info, "", NULL, &size, NULL);
- if (result != ASN1_MEM_ERROR) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* allocate data for the der
- */
- der->size = size;
- der->data = gnutls_malloc(size);
- if (der->data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_der_coding(*pkey_info, "", der->data, &size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- return 0;
-
- error:
- asn1_delete_structure(pkey_info);
- if (data != NULL) {
- gnutls_afree(data);
- }
- return result;
+ }
+ return result;
}
/* Converts a PKCS #8 private key info to
* a PKCS #8 EncryptedPrivateKeyInfo.
*/
-static
-int encode_to_pkcs8_key( schema_id schema, const gnutls_datum * der_key,
- const char *password, ASN1_TYPE* out)
+static
+int encode_to_pkcs8_key(schema_id schema, const gnutls_datum * der_key,
+ const char *password, ASN1_TYPE * out)
{
- int result;
- gnutls_datum key = { NULL, 0 };
- gnutls_datum tmp = { NULL, 0 };
- ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
-
-
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Write the encryption schema OID
- */
- switch (schema) {
- case PBES2:
- result =
- asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
- PBES2_OID, 1);
- break;
- case PKCS12_3DES_SHA1:
- result =
- asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
- PKCS12_PBE_3DES_SHA1_OID, 1);
- break;
- case PKCS12_ARCFOUR_SHA1:
- result =
- asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
- PKCS12_PBE_ARCFOUR_SHA1_OID, 1);
- break;
- case PKCS12_RC2_40_SHA1:
- result =
- asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
- PKCS12_PBE_RC2_40_SHA1_OID, 1);
- break;
-
- }
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Generate a symmetric key.
- */
-
+ int result;
+ gnutls_datum key = { NULL, 0 };
+ gnutls_datum tmp = { NULL, 0 };
+ ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Write the encryption schema OID
+ */
+ switch (schema) {
+ case PBES2:
result =
- generate_key(schema, password, &kdf_params, &enc_params, &key);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- result = write_schema_params(schema, pkcs8_asn, "encryptionAlgorithm.parameters",
- &kdf_params, &enc_params);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- /* Parameters have been encoded. Now
- * encrypt the Data.
- */
- result = encrypt_data( der_key, &enc_params, &key, &tmp);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- /* write the encrypted data.
- */
+ asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
+ PBES2_OID, 1);
+ break;
+ case PKCS12_3DES_SHA1:
result =
- asn1_write_value(pkcs8_asn, "encryptedData", tmp.data,
- tmp.size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- _gnutls_free_datum(&tmp);
- _gnutls_free_datum(&key);
-
- *out = pkcs8_asn;
-
- return 0;
-
- error:
- _gnutls_free_datum(&key);
- _gnutls_free_datum(&tmp);
- asn1_delete_structure(&pkcs8_asn);
- return result;
+ asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
+ PKCS12_PBE_3DES_SHA1_OID, 1);
+ break;
+ case PKCS12_ARCFOUR_SHA1:
+ result =
+ asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
+ PKCS12_PBE_ARCFOUR_SHA1_OID, 1);
+ break;
+ case PKCS12_RC2_40_SHA1:
+ result =
+ asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
+ PKCS12_PBE_RC2_40_SHA1_OID, 1);
+ break;
+
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Generate a symmetric key.
+ */
+
+ result =
+ generate_key(schema, password, &kdf_params, &enc_params, &key);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ write_schema_params(schema, pkcs8_asn,
+ "encryptionAlgorithm.parameters", &kdf_params,
+ &enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Parameters have been encoded. Now
+ * encrypt the Data.
+ */
+ result = encrypt_data(der_key, &enc_params, &key, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* write the encrypted data.
+ */
+ result =
+ asn1_write_value(pkcs8_asn, "encryptedData", tmp.data, tmp.size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ _gnutls_free_datum(&tmp);
+ _gnutls_free_datum(&key);
+
+ *out = pkcs8_asn;
+
+ return 0;
+
+ error:
+ _gnutls_free_datum(&key);
+ _gnutls_free_datum(&tmp);
+ asn1_delete_structure(&pkcs8_asn);
+ return result;
}
@@ -404,68 +406,67 @@ int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey key,
const char *password,
unsigned int flags,
void *output_data,
- size_t *output_data_size)
+ size_t * output_data_size)
{
- ASN1_TYPE pkcs8_asn, pkey_info;
- int ret;
- gnutls_datum tmp;
- schema_id schema;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Get the private key info
- * tmp holds the DER encoding.
- */
- ret = encode_to_private_key_info(key, &tmp, &pkey_info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ASN1_TYPE pkcs8_asn, pkey_info;
+ int ret;
+ gnutls_datum tmp;
+ schema_id schema;
+
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Get the private key info
+ * tmp holds the DER encoding.
+ */
+ ret = encode_to_private_key_info(key, &tmp, &pkey_info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (flags & GNUTLS_PKCS_USE_PKCS12_3DES)
- schema = PKCS12_3DES_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
- schema = PKCS12_ARCFOUR_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
- schema = PKCS12_RC2_40_SHA1;
- else
- schema = PBES2;
+ if (flags & GNUTLS_PKCS_USE_PKCS12_3DES)
+ schema = PKCS12_3DES_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
+ schema = PKCS12_ARCFOUR_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
+ schema = PKCS12_RC2_40_SHA1;
+ else
+ schema = PBES2;
- if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
- {
- _gnutls_free_datum(&tmp);
+ if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) {
+ _gnutls_free_datum(&tmp);
- ret =
- _gnutls_x509_export_int(pkey_info, format,
- PEM_UNENCRYPTED_PKCS8,
- *output_data_size, output_data,
- output_data_size);
+ ret =
+ _gnutls_x509_export_int(pkey_info, format,
+ PEM_UNENCRYPTED_PKCS8,
+ *output_data_size, output_data,
+ output_data_size);
- asn1_delete_structure(&pkey_info);
- } else {
- asn1_delete_structure(&pkey_info); /* we don't need it */
+ asn1_delete_structure(&pkey_info);
+ } else {
+ asn1_delete_structure(&pkey_info); /* we don't need it */
- ret = encode_to_pkcs8_key(schema, &tmp, password, &pkcs8_asn);
- _gnutls_free_datum(&tmp);
+ ret = encode_to_pkcs8_key(schema, &tmp, password, &pkcs8_asn);
+ _gnutls_free_datum(&tmp);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret =
- _gnutls_x509_export_int(pkcs8_asn, format, PEM_PKCS8,
- *output_data_size, output_data,
- output_data_size);
+ ret =
+ _gnutls_x509_export_int(pkcs8_asn, format, PEM_PKCS8,
+ *output_data_size, output_data,
+ output_data_size);
- asn1_delete_structure(&pkcs8_asn);
- }
+ asn1_delete_structure(&pkcs8_asn);
+ }
- return ret;
+ return ret;
}
@@ -473,333 +474,328 @@ int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey key,
* schema ID.
*/
static
-int read_pkcs_schema_params(schema_id schema, const char* password,
- const opaque * data, int data_size,
+int read_pkcs_schema_params(schema_id schema, const char *password,
+ const opaque * data, int data_size,
struct pbkdf2_params *kdf_params,
struct pbe_enc_params *enc_params)
{
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
- int result;
- gnutls_datum tmp;
-
- switch (schema) {
-
- case PBES2:
-
- /* Now check the key derivation and the encryption
- * functions.
- */
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-5-PBES2-params",
- &pbes2_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Decode the parameters.
- */
- result =
- asn1_der_decoding(&pbes2_asn,
- data, data_size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- tmp.data = (opaque*)data;
- tmp.size = data_size;
-
- result = read_pbkdf2_params(pbes2_asn, &tmp, kdf_params);
- if (result < 0) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- result = read_pbe_enc_params(pbes2_asn, &tmp, enc_params);
- if (result < 0) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- asn1_delete_structure(&pbes2_asn);
- return 0;
- break;
-
- case PKCS12_3DES_SHA1:
- case PKCS12_ARCFOUR_SHA1:
- case PKCS12_RC2_40_SHA1:
-
- if ((schema) == PKCS12_3DES_SHA1) {
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- enc_params->iv_size = 8;
- } else if ((schema) == PKCS12_ARCFOUR_SHA1) {
- enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
- enc_params->iv_size = 0;
- } else if ((schema) == PKCS12_RC2_40_SHA1) {
- enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
- enc_params->iv_size = 8;
- }
-
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-12-PbeParams",
- &pbes2_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Decode the parameters.
- */
- result =
- asn1_der_decoding(&pbes2_asn,
- data, data_size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- result = read_pkcs12_kdf_params(pbes2_asn, kdf_params);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- if (enc_params->iv_size) {
- result = _pkcs12_string_to_key( 2/*IV*/, kdf_params->salt, kdf_params->salt_size,
- kdf_params->iter_count, password, enc_params->iv_size, enc_params->iv);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- }
-
- asn1_delete_structure(&pbes2_asn);
-
- return 0;
- break;
-
- } /* switch */
-
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
-
- error:
- asn1_delete_structure(&pbes2_asn);
- return result;
-}
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
+ int result;
+ gnutls_datum tmp;
+ switch (schema) {
-/* Converts a PKCS #8 key to
- * an internal structure (gnutls_private_key)
- * (normally a PKCS #1 encoded RSA key)
- */
-static
-int decode_pkcs8_key(const gnutls_datum * raw_key,
- const char *password,
- gnutls_x509_privkey pkey, ASN1_TYPE* out)
-{
- int result, len;
- char enc_oid[64];
- gnutls_datum tmp;
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs8_asn = ASN1_TYPE_EMPTY;
- ASN1_TYPE ret_asn;
- int params_start, params_end, params_len;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
- schema_id schema;
+ case PBES2:
+ /* Now check the key derivation and the encryption
+ * functions.
+ */
if ((result =
asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- result =
- asn1_der_decoding(&pkcs8_asn, raw_key->data, raw_key->size,
- NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Check the encryption schema OID
- */
- len = sizeof(enc_oid);
- result =
- asn1_read_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
- enc_oid, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- goto error;
+ "PKIX1.pkcs-5-PBES2-params",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
}
- if ((result = check_schema(enc_oid)) < 0) {
- gnutls_assert();
- goto error;
- }
-
- schema = result;
-
- /* Get the DER encoding of the parameters.
+ /* Decode the parameters.
*/
- result =
- asn1_der_decoding_startEnd(pkcs8_asn, raw_key->data,
- raw_key->size,
- "encryptionAlgorithm.parameters",
- &params_start, &params_end);
+ result = asn1_der_decoding(&pbes2_asn, data, data_size, NULL);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
}
- params_len = params_end - params_start + 1;
-
- result =
- read_pkcs_schema_params(schema, password,
- &raw_key->data[params_start],
- params_len, &kdf_params, &enc_params);
+ tmp.data = (opaque *) data;
+ tmp.size = data_size;
- /* Parameters have been decoded. Now
- * decrypt the EncryptedData.
- */
- result =
- decrypt_data(schema, pkcs8_asn, "encryptedData", password, &kdf_params,
- &enc_params, &tmp);
+ result = read_pbkdf2_params(pbes2_asn, &tmp, kdf_params);
if (result < 0) {
- gnutls_assert();
- goto error;
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
}
- asn1_delete_structure(&pkcs8_asn);
-
- result = decode_private_key_info(&tmp, pkey, &ret_asn);
- _gnutls_free_datum(&tmp);
-
+ result = read_pbe_enc_params(pbes2_asn, &tmp, enc_params);
if (result < 0) {
- gnutls_assert();
- goto error;
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
}
- *out = ret_asn;
-
- return 0;
-
- error:
asn1_delete_structure(&pbes2_asn);
- asn1_delete_structure(&pkcs8_asn);
- return result;
-}
+ return 0;
+ break;
-static
-int decode_private_key_info(const gnutls_datum * der,
- gnutls_x509_privkey pkey, ASN1_TYPE* out)
-{
- int result, len;
- opaque oid[64], *data = NULL;
- gnutls_datum tmp;
- ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
- ASN1_TYPE ret_asn;
- int data_size;
+ case PKCS12_3DES_SHA1:
+ case PKCS12_ARCFOUR_SHA1:
+ case PKCS12_RC2_40_SHA1:
+ if ((schema) == PKCS12_3DES_SHA1) {
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ enc_params->iv_size = 8;
+ } else if ((schema) == PKCS12_ARCFOUR_SHA1) {
+ enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
+ enc_params->iv_size = 0;
+ } else if ((schema) == PKCS12_RC2_40_SHA1) {
+ enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
+ enc_params->iv_size = 8;
+ }
if ((result =
asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-8-PrivateKeyInfo",
- &pkcs8_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- result = asn1_der_decoding(&pkcs8_asn, der->data, der->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- goto error;
+ "PKIX1.pkcs-12-PbeParams",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
}
- /* Check the private key algorithm OID
+ /* Decode the parameters.
*/
- len = sizeof(oid);
- result =
- asn1_read_value(pkcs8_asn, "privateKeyAlgorithm.algorithm",
- oid, &len);
+ result = asn1_der_decoding(&pbes2_asn, data, data_size, NULL);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
}
- /* we only support RSA private keys.
- */
- if (strcmp(oid, PKIX1_RSA_OID) != 0) {
- gnutls_assert();
- _gnutls_x509_log
- ("PKCS #8 private key OID '%s' is unsupported.\n",
- oid);
- result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- goto error;
+ result = read_pkcs12_kdf_params(pbes2_asn, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
}
- /* Get the DER encoding of the actual private key.
- */
- data_size = 0;
- result =
- asn1_read_value(pkcs8_asn, "privateKey", NULL, &data_size);
- if (result != ASN1_MEM_ERROR) {
+ if (enc_params->iv_size) {
+ result =
+ _pkcs12_string_to_key(2 /*IV*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ enc_params->iv_size, enc_params->iv);
+ if (result < 0) {
gnutls_assert();
- result = _gnutls_asn2err(result);
goto error;
- }
+ }
- data = gnutls_alloca(data_size);
- if (data == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto error;
}
- result =
- asn1_read_value(pkcs8_asn, "privateKey", data, &data_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
+ asn1_delete_structure(&pbes2_asn);
- asn1_delete_structure(&pkcs8_asn);
+ return 0;
+ break;
- tmp.data = data;
- tmp.size = data_size;
+ } /* switch */
- pkey->pk_algorithm = GNUTLS_PK_RSA;
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
- ret_asn = _gnutls_privkey_decode_pkcs1_rsa_key(&tmp, pkey);
- if (ret_asn == NULL) {
- gnutls_assert();
- }
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ return result;
+}
- *out = ret_asn;
- return 0;
+/* Converts a PKCS #8 key to
+ * an internal structure (gnutls_private_key)
+ * (normally a PKCS #1 encoded RSA key)
+ */
+static
+int decode_pkcs8_key(const gnutls_datum * raw_key,
+ const char *password,
+ gnutls_x509_privkey pkey, ASN1_TYPE * out)
+{
+ int result, len;
+ char enc_oid[64];
+ gnutls_datum tmp;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs8_asn = ASN1_TYPE_EMPTY;
+ ASN1_TYPE ret_asn;
+ int params_start, params_end, params_len;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ schema_id schema;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result =
+ asn1_der_decoding(&pkcs8_asn, raw_key->data, raw_key->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Check the encryption schema OID
+ */
+ len = sizeof(enc_oid);
+ result =
+ asn1_read_value(pkcs8_asn, "encryptionAlgorithm.algorithm",
+ enc_oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ if ((result = check_schema(enc_oid)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ schema = result;
+
+ /* Get the DER encoding of the parameters.
+ */
+ result =
+ asn1_der_decoding_startEnd(pkcs8_asn, raw_key->data,
+ raw_key->size,
+ "encryptionAlgorithm.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ params_len = params_end - params_start + 1;
+
+ result =
+ read_pkcs_schema_params(schema, password,
+ &raw_key->data[params_start],
+ params_len, &kdf_params, &enc_params);
+
+
+ /* Parameters have been decoded. Now
+ * decrypt the EncryptedData.
+ */
+ result =
+ decrypt_data(schema, pkcs8_asn, "encryptedData", password,
+ &kdf_params, &enc_params, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ asn1_delete_structure(&pkcs8_asn);
+
+ result = decode_private_key_info(&tmp, pkey, &ret_asn);
+ _gnutls_free_datum(&tmp);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ *out = ret_asn;
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ asn1_delete_structure(&pkcs8_asn);
+ return result;
+}
- error:
- asn1_delete_structure(&pkcs8_asn);
- if (data != NULL) {
- gnutls_afree(data);
- }
- return result;
+static
+int decode_private_key_info(const gnutls_datum * der,
+ gnutls_x509_privkey pkey, ASN1_TYPE * out)
+{
+ int result, len;
+ opaque oid[64], *data = NULL;
+ gnutls_datum tmp;
+ ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
+ ASN1_TYPE ret_asn;
+ int data_size;
+
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-8-PrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = asn1_der_decoding(&pkcs8_asn, der->data, der->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Check the private key algorithm OID
+ */
+ len = sizeof(oid);
+ result =
+ asn1_read_value(pkcs8_asn, "privateKeyAlgorithm.algorithm",
+ oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* we only support RSA private keys.
+ */
+ if (strcmp(oid, PKIX1_RSA_OID) != 0) {
+ gnutls_assert();
+ _gnutls_x509_log
+ ("PKCS #8 private key OID '%s' is unsupported.\n", oid);
+ result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ goto error;
+ }
+
+ /* Get the DER encoding of the actual private key.
+ */
+ data_size = 0;
+ result = asn1_read_value(pkcs8_asn, "privateKey", NULL, &data_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ data = gnutls_alloca(data_size);
+ if (data == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ result = asn1_read_value(pkcs8_asn, "privateKey", data, &data_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ asn1_delete_structure(&pkcs8_asn);
+
+ tmp.data = data;
+ tmp.size = data_size;
+
+ pkey->pk_algorithm = GNUTLS_PK_RSA;
+
+ ret_asn = _gnutls_privkey_decode_pkcs1_rsa_key(&tmp, pkey);
+ if (ret_asn == NULL) {
+ gnutls_assert();
+ }
+
+ *out = ret_asn;
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pkcs8_asn);
+ if (data != NULL) {
+ gnutls_afree(data);
+ }
+ return result;
}
@@ -832,78 +828,78 @@ int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey key,
const char *password,
unsigned int flags)
{
- int result = 0, need_free = 0;
- gnutls_datum _data;
- int encrypted;
+ int result = 0, need_free = 0;
+ gnutls_datum _data;
+ int encrypted;
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- _data.data = data->data;
- _data.size = data->size;
+ _data.data = data->data;
+ _data.size = data->size;
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
- /* If the Certificate is in PEM format then decode it
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ opaque *out;
+
+ /* Try the first header
*/
- if (format == GNUTLS_X509_FMT_PEM) {
- opaque *out;
-
- /* Try the first header
- */
- result =
- _gnutls_fbase64_decode(PEM_UNENCRYPTED_PKCS8,
- data->data, data->size, &out);
- encrypted = 0;
-
- if (result < 0) { /* Try the encrypted header
- */
- result =
- _gnutls_fbase64_decode(PEM_PKCS8, data->data,
- data->size, &out);
-
- if (result <= 0) {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert();
- return result;
- }
-
- encrypted = 1;
- }
-
- _data.data = out;
- _data.size = result;
-
- need_free = 1;
- }
+ result =
+ _gnutls_fbase64_decode(PEM_UNENCRYPTED_PKCS8,
+ data->data, data->size, &out);
+ encrypted = 0;
- if (flags & GNUTLS_PKCS_PLAIN || password == NULL) {
- result = decode_private_key_info(&_data, key, &key->key);
- } else { /* encrypted. */
- result = decode_pkcs8_key(&_data, password, key, &key->key);
- }
+ if (result < 0) { /* Try the encrypted header
+ */
+ result =
+ _gnutls_fbase64_decode(PEM_PKCS8, data->data,
+ data->size, &out);
- if (result < 0) {
+ if (result <= 0) {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
gnutls_assert();
- goto cleanup;
+ return result;
+ }
+
+ encrypted = 1;
}
- if (need_free)
- _gnutls_free_datum(&_data);
+ _data.data = out;
+ _data.size = result;
- /* The key has now been decoded.
- */
+ need_free = 1;
+ }
- return 0;
+ if (flags & GNUTLS_PKCS_PLAIN || password == NULL) {
+ result = decode_private_key_info(&_data, key, &key->key);
+ } else { /* encrypted. */
+ result = decode_pkcs8_key(&_data, password, key, &key->key);
+ }
- cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
- if (need_free)
- _gnutls_free_datum(&_data);
- return result;
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ /* The key has now been decoded.
+ */
+
+ return 0;
+
+ cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
/* Reads the PBKDF2 parameters.
@@ -912,181 +908,180 @@ static int read_pbkdf2_params(ASN1_TYPE pbes2_asn,
const gnutls_datum * der,
struct pbkdf2_params *params)
{
- int params_start, params_end;
- int params_len, len, result;
- ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
- char oid[64];
-
- memset(params, 0, sizeof(params));
-
- /* Check the key derivation algorithm
- */
- len = sizeof(oid);
- result =
- asn1_read_value(pbes2_asn, "keyDerivationFunc.algorithm", oid,
- &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
- _gnutls_hard_log("keyDerivationFunc.algorithm: %s\n", oid);
-
- if (strcmp(oid, PBKDF2_OID) != 0) {
- gnutls_assert();
- _gnutls_x509_log
- ("PKCS #8 key derivation OID '%s' is unsupported.\n",
- oid);
- return _gnutls_asn2err(result);
- }
-
- result =
- asn1_der_decoding_startEnd(pbes2_asn, der->data, der->size,
- "keyDerivationFunc.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
- params_len = params_end - params_start + 1;
-
- /* Now check the key derivation and the encryption
- * functions.
- */
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-5-PBKDF2-params",
- &pbkdf2_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result =
- asn1_der_decoding(&pbkdf2_asn, &der->data[params_start],
- params_len, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* read the salt */
- params->salt_size = sizeof(params->salt);
- result =
- asn1_read_value(pbkdf2_asn, "salt.specified", params->salt,
- &params->salt_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
- _gnutls_hard_log("salt.specified.size: %d\n", params->salt_size);
-
- /* read the iteration count
- */
- result =
- _gnutls_x509_read_uint(pbkdf2_asn, "iterationCount",
- &params->iter_count);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- goto error;
- }
- _gnutls_hard_log("iterationCount: %d\n", params->iter_count);
-
- /* read the keylength, if it is set.
- */
- result =
- _gnutls_x509_read_uint(pbkdf2_asn, "keyLength",
- &params->key_size);
- if (result < 0) {
- params->key_size = 0;
- }
- _gnutls_hard_log("keyLength: %d\n", params->key_size);
+ int params_start, params_end;
+ int params_len, len, result;
+ ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
+ char oid[64];
+
+ memset(params, 0, sizeof(params));
+
+ /* Check the key derivation algorithm
+ */
+ len = sizeof(oid);
+ result =
+ asn1_read_value(pbes2_asn, "keyDerivationFunc.algorithm", oid,
+ &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ _gnutls_hard_log("keyDerivationFunc.algorithm: %s\n", oid);
+
+ if (strcmp(oid, PBKDF2_OID) != 0) {
+ gnutls_assert();
+ _gnutls_x509_log
+ ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding_startEnd(pbes2_asn, der->data, der->size,
+ "keyDerivationFunc.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ params_len = params_end - params_start + 1;
+
+ /* Now check the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-PBKDF2-params",
+ &pbkdf2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&pbkdf2_asn, &der->data[params_start],
+ params_len, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* read the salt */
+ params->salt_size = sizeof(params->salt);
+ result =
+ asn1_read_value(pbkdf2_asn, "salt.specified", params->salt,
+ &params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.specified.size: %d\n", params->salt_size);
+
+ /* read the iteration count
+ */
+ result =
+ _gnutls_x509_read_uint(pbkdf2_asn, "iterationCount",
+ &params->iter_count);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", params->iter_count);
+
+ /* read the keylength, if it is set.
+ */
+ result =
+ _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", &params->key_size);
+ if (result < 0) {
+ params->key_size = 0;
+ }
+ _gnutls_hard_log("keyLength: %d\n", params->key_size);
- /* We don't read the PRF. We only use the default.
- */
+ /* We don't read the PRF. We only use the default.
+ */
- return 0;
+ return 0;
- error:
- asn1_delete_structure(&pbkdf2_asn);
- return result;
+ error:
+ asn1_delete_structure(&pbkdf2_asn);
+ return result;
}
/* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA).
*/
static int read_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
- struct pbkdf2_params *params)
+ struct pbkdf2_params *params)
{
- int result;
-
- memset(params, 0, sizeof(params));
-
- /* read the salt */
- params->salt_size = sizeof(params->salt);
- result =
- asn1_read_value(pbes2_asn, "salt", params->salt,
- &params->salt_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
- _gnutls_hard_log("salt.size: %d\n", params->salt_size);
-
- /* read the iteration count
- */
- result =
- _gnutls_x509_read_uint(pbes2_asn, "iterations",
- &params->iter_count);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- goto error;
- }
- _gnutls_hard_log("iterationCount: %d\n", params->iter_count);
-
- params->key_size = 0;
-
- return 0;
-
- error:
- return result;
+ int result;
+
+ memset(params, 0, sizeof(params));
+
+ /* read the salt */
+ params->salt_size = sizeof(params->salt);
+ result =
+ asn1_read_value(pbes2_asn, "salt", params->salt,
+ &params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.size: %d\n", params->salt_size);
+
+ /* read the iteration count
+ */
+ result =
+ _gnutls_x509_read_uint(pbes2_asn, "iterations",
+ &params->iter_count);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", params->iter_count);
+
+ params->key_size = 0;
+
+ return 0;
+
+ error:
+ return result;
}
/* Writes the PBE parameters for PKCS-12 schemas.
*/
static int write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn,
- const struct pbkdf2_params *kdf_params)
+ const struct pbkdf2_params *kdf_params)
{
- int result;
-
- /* write the salt
- */
- result =
- asn1_write_value(pbes2_asn, "salt",
- kdf_params->salt, kdf_params->salt_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
- _gnutls_hard_log("salt.size: %d\n",
- kdf_params->salt_size);
-
- /* write the iteration count
- */
- result = _gnutls_x509_write_uint32( pbes2_asn, "iterations", kdf_params->iter_count);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
- _gnutls_hard_log("iterationCount: %d\n", kdf_params->iter_count);
-
- return 0;
-
- error:
- return result;
+ int result;
+
+ /* write the salt
+ */
+ result =
+ asn1_write_value(pbes2_asn, "salt",
+ kdf_params->salt, kdf_params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.size: %d\n", kdf_params->salt_size);
+
+ /* write the iteration count
+ */
+ result =
+ _gnutls_x509_write_uint32(pbes2_asn, "iterations",
+ kdf_params->iter_count);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", kdf_params->iter_count);
+
+ return 0;
+
+ error:
+ return result;
}
@@ -1097,21 +1092,20 @@ inline
static int oid2cipher(const char *oid, gnutls_cipher_algorithm * algo)
{
- *algo = 0;
+ *algo = 0;
- if (strcmp(oid, DES_EDE3_CBC_OID) == 0) {
- *algo = GNUTLS_CIPHER_3DES_CBC;
- return 0;
- }
+ if (strcmp(oid, DES_EDE3_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_3DES_CBC;
+ return 0;
+ }
- if (strcmp(oid, DES_CBC_OID) == 0) {
- *algo = GNUTLS_CIPHER_DES_CBC;
- return 0;
- }
+ if (strcmp(oid, DES_CBC_OID) == 0) {
+ *algo = GNUTLS_CIPHER_DES_CBC;
+ return 0;
+ }
- _gnutls_x509_log("PKCS #8 encryption OID '%s' is unsupported.\n",
- oid);
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ _gnutls_x509_log("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
@@ -1119,189 +1113,190 @@ static int read_pbe_enc_params(ASN1_TYPE pbes2_asn,
const gnutls_datum * der,
struct pbe_enc_params *params)
{
- int params_start, params_end;
- int params_len, len, result;
- ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
- char oid[64];
-
- memset(params, 0, sizeof(params));
-
- /* Check the encryption algorithm
- */
- len = sizeof(oid);
- result =
- asn1_read_value(pbes2_asn, "encryptionScheme.algorithm", oid,
- &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- goto error;
- }
- _gnutls_hard_log("encryptionScheme.algorithm: %s\n", oid);
-
- if ((result = oid2cipher(oid, &params->cipher)) < 0) {
- gnutls_assert();
- goto error;
- }
-
- result =
- asn1_der_decoding_startEnd(pbes2_asn, der->data, der->size,
- "encryptionScheme.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
- params_len = params_end - params_start + 1;
-
- /* Now check the encryption parameters.
- */
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-5-des-EDE3-CBC-params",
- &pbe_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result =
- asn1_der_decoding(&pbe_asn, &der->data[params_start],
- params_len, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* read the IV */
- params->iv_size = sizeof(params->iv);
- result =
- asn1_read_value(pbe_asn, "", params->iv, &params->iv_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
- _gnutls_hard_log("IV.size: %d\n", params->iv_size);
-
- return 0;
-
- error:
- asn1_delete_structure(&pbe_asn);
- return result;
+ int params_start, params_end;
+ int params_len, len, result;
+ ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
+ char oid[64];
+
+ memset(params, 0, sizeof(params));
+
+ /* Check the encryption algorithm
+ */
+ len = sizeof(oid);
+ result =
+ asn1_read_value(pbes2_asn, "encryptionScheme.algorithm", oid,
+ &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("encryptionScheme.algorithm: %s\n", oid);
+
+ if ((result = oid2cipher(oid, &params->cipher)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ asn1_der_decoding_startEnd(pbes2_asn, der->data, der->size,
+ "encryptionScheme.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+ params_len = params_end - params_start + 1;
+
+ /* Now check the encryption parameters.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-des-EDE3-CBC-params",
+ &pbe_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&pbe_asn, &der->data[params_start],
+ params_len, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* read the IV */
+ params->iv_size = sizeof(params->iv);
+ result = asn1_read_value(pbe_asn, "", params->iv, &params->iv_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("IV.size: %d\n", params->iv_size);
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbe_asn);
+ return result;
}
-static int decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, const char *root,
- const char *password,
+static int decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *root, const char *password,
const struct pbkdf2_params *kdf_params,
const struct pbe_enc_params *enc_params,
gnutls_datum * decrypted_data)
{
- int result;
- int data_size;
- opaque *data = NULL, *key = NULL;
- gnutls_datum dkey, div;
- cipher_hd_t ch = NULL;
- int key_size;
-
- data_size = 0;
- result = asn1_read_value(pkcs8_asn, root, NULL, &data_size);
- if (result != ASN1_MEM_ERROR) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ int result;
+ int data_size;
+ opaque *data = NULL, *key = NULL;
+ gnutls_datum dkey, div;
+ cipher_hd_t ch = NULL;
+ int key_size;
+
+ data_size = 0;
+ result = asn1_read_value(pkcs8_asn, root, NULL, &data_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ data = gnutls_malloc(data_size);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value(pkcs8_asn, root, data, &data_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ if (kdf_params->key_size == 0) {
+ key_size = gnutls_cipher_get_key_size(enc_params->cipher);
+ } else
+ key_size = kdf_params->key_size;
+
+ key = gnutls_alloca(key_size);
+ if (key == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* generate the key
+ */
+ if (schema == PBES2) {
+ result =
+ _gnutls_pkcs5_pbkdf2(PKCS5_PRF_SHA1, password,
+ strlen(password), kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, key_size, key);
- data = gnutls_malloc(data_size);
- if (data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (result != PKCS5_OK) {
+ gnutls_assert();
+ result = GNUTLS_E_DECRYPTION_FAILED;
+ goto error;
}
+ } else {
+ result =
+ _pkcs12_string_to_key(1 /*KEY*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ key_size, key);
- result = asn1_read_value(pkcs8_asn, root, data, &data_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
}
+ }
- if (kdf_params->key_size == 0) {
- key_size = gnutls_cipher_get_key_size(enc_params->cipher);
- } else
- key_size = kdf_params->key_size;
+ /* do the decryption.
+ */
+ dkey.data = key;
+ dkey.size = key_size;
- key = gnutls_alloca(key_size);
- if (key == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
+ div.data = (opaque *) enc_params->iv;
+ div.size = enc_params->iv_size;
+ ch = _gnutls_cipher_init(enc_params->cipher, &dkey, &div);
- /* generate the key
- */
- if (schema == PBES2) {
- result =
- _gnutls_pkcs5_pbkdf2(PKCS5_PRF_SHA1, password,
- strlen(password), kdf_params->salt,
- kdf_params->salt_size,
- kdf_params->iter_count, key_size, key);
-
- if (result != PKCS5_OK) {
- gnutls_assert();
- result = GNUTLS_E_DECRYPTION_FAILED;
- goto error;
- }
- } else {
- result =
- _pkcs12_string_to_key( 1/*KEY*/, kdf_params->salt, kdf_params->salt_size,
- kdf_params->iter_count, password, key_size, key);
-
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
- }
+ gnutls_afree(key);
+ key = NULL;
- /* do the decryption.
- */
- dkey.data = key;
- dkey.size = key_size;
+ if (ch == NULL) {
+ gnutls_assert();
+ result = GNUTLS_E_DECRYPTION_FAILED;
+ goto error;
+ }
- div.data = (opaque *) enc_params->iv;
- div.size = enc_params->iv_size;
- ch = _gnutls_cipher_init(enc_params->cipher, &dkey, &div);
+ result = _gnutls_cipher_decrypt(ch, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
- gnutls_afree(key);
- key = NULL;
+ decrypted_data->data = data;
- if (ch == NULL) {
- gnutls_assert();
- result = GNUTLS_E_DECRYPTION_FAILED;
- goto error;
- }
-
- result = _gnutls_cipher_decrypt(ch, data, data_size);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
+ if (_gnutls_cipher_get_block_size(enc_params->cipher) != 1)
+ decrypted_data->size = data_size - data[data_size - 1];
+ else
+ decrypted_data->size = data_size;
- decrypted_data->data = data;
+ _gnutls_cipher_deinit(ch);
- if ( _gnutls_cipher_get_block_size(enc_params->cipher) != 1)
- decrypted_data->size = data_size - data[data_size - 1];
- else
- decrypted_data->size = data_size;
+ return 0;
+ error:
+ gnutls_free(data);
+ gnutls_afree(key);
+ if (ch != NULL)
_gnutls_cipher_deinit(ch);
-
- return 0;
-
- error:
- gnutls_free(data);
- gnutls_afree(key);
- if (ch != NULL)
- _gnutls_cipher_deinit(ch);
- return result;
+ return result;
}
@@ -1310,629 +1305,634 @@ static int decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, const char *root,
static int write_pbkdf2_params(ASN1_TYPE pbes2_asn,
const struct pbkdf2_params *kdf_params)
{
- int result;
- ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
- opaque tmp[64];
-
- /* Write the key derivation algorithm
- */
- result =
- asn1_write_value(pbes2_asn, "keyDerivationFunc.algorithm",
- PBKDF2_OID, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- /* Now write the key derivation and the encryption
- * functions.
- */
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-5-PBKDF2-params",
- &pbkdf2_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = asn1_write_value(pbkdf2_asn, "salt", "specified", 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* write the salt
- */
- result =
- asn1_write_value(pbkdf2_asn, "salt.specified",
- kdf_params->salt, kdf_params->salt_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
- _gnutls_hard_log("salt.specified.size: %d\n",
- kdf_params->salt_size);
-
- /* write the iteration count
- */
- _gnutls_write_uint32(kdf_params->iter_count, tmp);
-
- result = asn1_write_value(pbkdf2_asn, "iterationCount", tmp, 4);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
- _gnutls_hard_log("iterationCount: %d\n", kdf_params->iter_count);
-
- /* write the keylength, if it is set.
- */
- result = asn1_write_value(pbkdf2_asn, "keyLength", NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* We write an emptry prf.
- */
- result = asn1_write_value(pbkdf2_asn, "prf", NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* now encode them an put the DER output
- * in the keyDerivationFunc.parameters
- */
- result = _gnutls_x509_der_encode_and_copy(pbkdf2_asn, "",
- pbes2_asn,
- "keyDerivationFunc.parameters", 0);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- return 0;
-
- error:
- asn1_delete_structure(&pbkdf2_asn);
- return result;
+ int result;
+ ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
+ opaque tmp[64];
+
+ /* Write the key derivation algorithm
+ */
+ result =
+ asn1_write_value(pbes2_asn, "keyDerivationFunc.algorithm",
+ PBKDF2_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Now write the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-PBKDF2-params",
+ &pbkdf2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(pbkdf2_asn, "salt", "specified", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* write the salt
+ */
+ result =
+ asn1_write_value(pbkdf2_asn, "salt.specified",
+ kdf_params->salt, kdf_params->salt_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("salt.specified.size: %d\n", kdf_params->salt_size);
+
+ /* write the iteration count
+ */
+ _gnutls_write_uint32(kdf_params->iter_count, tmp);
+
+ result = asn1_write_value(pbkdf2_asn, "iterationCount", tmp, 4);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("iterationCount: %d\n", kdf_params->iter_count);
+
+ /* write the keylength, if it is set.
+ */
+ result = asn1_write_value(pbkdf2_asn, "keyLength", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* We write an emptry prf.
+ */
+ result = asn1_write_value(pbkdf2_asn, "prf", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* now encode them an put the DER output
+ * in the keyDerivationFunc.parameters
+ */
+ result = _gnutls_x509_der_encode_and_copy(pbkdf2_asn, "",
+ pbes2_asn,
+ "keyDerivationFunc.parameters",
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbkdf2_asn);
+ return result;
}
static int write_pbe_enc_params(ASN1_TYPE pbes2_asn,
const struct pbe_enc_params *params)
{
- int result;
- ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
-
- /* Write the encryption algorithm
- */
- result =
- asn1_write_value(pbes2_asn, "encryptionScheme.algorithm",
- DES_EDE3_CBC_OID, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- goto error;
- }
- _gnutls_hard_log("encryptionScheme.algorithm: %s\n",
- DES_EDE3_CBC_OID);
-
- /* Now check the encryption parameters.
- */
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-5-des-EDE3-CBC-params",
- &pbe_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- /* read the salt */
- result =
- asn1_write_value(pbe_asn, "", params->iv, params->iv_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
- _gnutls_hard_log("IV.size: %d\n", params->iv_size);
-
- /* now encode them an put the DER output
- * in the encryptionScheme.parameters
- */
- result = _gnutls_x509_der_encode_and_copy(pbe_asn, "",
- pbes2_asn,
- "encryptionScheme.parameters", 0);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- return 0;
-
- error:
- asn1_delete_structure(&pbe_asn);
- return result;
+ int result;
+ ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
+
+ /* Write the encryption algorithm
+ */
+ result =
+ asn1_write_value(pbes2_asn, "encryptionScheme.algorithm",
+ DES_EDE3_CBC_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ goto error;
+ }
+ _gnutls_hard_log("encryptionScheme.algorithm: %s\n", DES_EDE3_CBC_OID);
+
+ /* Now check the encryption parameters.
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-5-des-EDE3-CBC-params",
+ &pbe_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* read the salt */
+ result = asn1_write_value(pbe_asn, "", params->iv, params->iv_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ _gnutls_hard_log("IV.size: %d\n", params->iv_size);
+
+ /* now encode them an put the DER output
+ * in the encryptionScheme.parameters
+ */
+ result = _gnutls_x509_der_encode_and_copy(pbe_asn, "",
+ pbes2_asn,
+ "encryptionScheme.parameters",
+ 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbe_asn);
+ return result;
}
/* Generates a key and also stores the key parameters.
*/
-static int generate_key( schema_id schema,
- const char *password,
+static int generate_key(schema_id schema,
+ const char *password,
struct pbkdf2_params *kdf_params,
struct pbe_enc_params *enc_params,
gnutls_datum * key)
{
- opaque rnd[2];
- int ret;
+ opaque rnd[2];
+ int ret;
- /* We should use the flags here to use different
- * encryption algorithms etc.
- */
+ /* We should use the flags here to use different
+ * encryption algorithms etc.
+ */
- if (schema == PKCS12_ARCFOUR_SHA1)
- enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
- else if (schema == PKCS12_3DES_SHA1)
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- else if (schema == PKCS12_RC2_40_SHA1)
- enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
+ if (schema == PKCS12_ARCFOUR_SHA1)
+ enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
+ else if (schema == PKCS12_3DES_SHA1)
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ else if (schema == PKCS12_RC2_40_SHA1)
+ enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
- _gnutls_get_random(rnd, 2, GNUTLS_STRONG_RANDOM);
+ _gnutls_get_random(rnd, 2, GNUTLS_STRONG_RANDOM);
- /* generate salt */
-
- if (schema==PBES2)
- kdf_params->salt_size =
- GMIN(sizeof(kdf_params->salt), (uint) (10 + (rnd[1] % 10)));
- else
- kdf_params->salt_size = 8;
+ /* generate salt */
- _gnutls_get_random(kdf_params->salt, kdf_params->salt_size,
- GNUTLS_STRONG_RANDOM);
+ if (schema == PBES2)
+ kdf_params->salt_size =
+ GMIN(sizeof(kdf_params->salt), (uint) (10 + (rnd[1] % 10)));
+ else
+ kdf_params->salt_size = 8;
- kdf_params->iter_count = 256 + rnd[0];
- key->size = kdf_params->key_size =
- gnutls_cipher_get_key_size(enc_params->cipher);
+ _gnutls_get_random(kdf_params->salt, kdf_params->salt_size,
+ GNUTLS_STRONG_RANDOM);
- enc_params->iv_size =
- _gnutls_cipher_get_iv_size(enc_params->cipher);
+ kdf_params->iter_count = 256 + rnd[0];
+ key->size = kdf_params->key_size =
+ gnutls_cipher_get_key_size(enc_params->cipher);
- key->data = gnutls_secure_malloc(key->size);
- if (key->data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ enc_params->iv_size = _gnutls_cipher_get_iv_size(enc_params->cipher);
- /* now generate the key.
- */
+ key->data = gnutls_secure_malloc(key->size);
+ if (key->data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* now generate the key.
+ */
- if (schema == PBES2) {
+ if (schema == PBES2) {
- ret = _gnutls_pkcs5_pbkdf2(PKCS5_PRF_SHA1, password,
+ ret = _gnutls_pkcs5_pbkdf2(PKCS5_PRF_SHA1, password,
strlen(password), kdf_params->salt,
kdf_params->salt_size,
kdf_params->iter_count,
kdf_params->key_size, key->data);
- if (ret != PKCS5_OK) {
- gnutls_assert();
- return GNUTLS_E_ENCRYPTION_FAILED;
- }
-
- if (enc_params->iv_size)
- _gnutls_get_random(enc_params->iv, enc_params->iv_size,
- GNUTLS_WEAK_RANDOM);
-
- } else { /* PKCS12 schemas */
- ret =
- _pkcs12_string_to_key( 1/*KEY*/, kdf_params->salt, kdf_params->salt_size,
- kdf_params->iter_count, password, kdf_params->key_size, key->data);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- /* Now generate the IV
- */
- if (enc_params->iv_size) {
- ret = _pkcs12_string_to_key( 2/*IV*/, kdf_params->salt, kdf_params->salt_size,
- kdf_params->iter_count, password, enc_params->iv_size, enc_params->iv);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- }
- }
-
-
- return 0;
-}
-
-
-/* Encodes the parameters to be written in the encryptionAlgorithm.parameters
- * part.
- */
-static int write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
- const char * where,
- const struct pbkdf2_params *kdf_params,
- const struct pbe_enc_params *enc_params)
-{
- int result;
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
-
- if (schema == PBES2) {
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-5-PBES2-params",
- &pbes2_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = write_pbkdf2_params(pbes2_asn, kdf_params);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- result = write_pbe_enc_params(pbes2_asn, enc_params);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- result = _gnutls_x509_der_encode_and_copy(pbes2_asn, "",
- pkcs8_asn,
- where, 0);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- asn1_delete_structure(&pbes2_asn);
- } else { /* PKCS12 schemas */
-
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-12-PbeParams",
- &pbes2_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- result = write_pkcs12_kdf_params(pbes2_asn, kdf_params);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- result = _gnutls_x509_der_encode_and_copy(pbes2_asn, "",
- pkcs8_asn,
- where, 0);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- asn1_delete_structure(&pbes2_asn);
-
- }
-
- return 0;
-
- error:
- asn1_delete_structure(&pbes2_asn);
- return result;
-
-}
-
-static int encrypt_data( const gnutls_datum * plain,
- const struct pbe_enc_params *enc_params,
- gnutls_datum * key, gnutls_datum * encrypted)
-{
- int result;
- int data_size;
- opaque *data = NULL;
- gnutls_datum div;
- cipher_hd_t ch = NULL;
- opaque pad, pad_size;
-
- pad_size = _gnutls_cipher_get_block_size(enc_params->cipher);
-
- if (pad_size == 1) /* stream */ pad_size = 0;
-
- data = gnutls_malloc(plain->size + pad_size);
- if (data == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (ret != PKCS5_OK) {
+ gnutls_assert();
+ return GNUTLS_E_ENCRYPTION_FAILED;
}
- memcpy(data, plain->data, plain->size);
-
- if (pad_size > 0) {
- pad = pad_size - (plain->size % pad_size);
- if (pad == 0)
- pad = pad_size;
- memset(&data[plain->size], pad, pad);
- } else pad = 0;
+ if (enc_params->iv_size)
+ _gnutls_get_random(enc_params->iv, enc_params->iv_size,
+ GNUTLS_WEAK_RANDOM);
- data_size = plain->size + pad;
-
- div.data = (opaque *) enc_params->iv;
- div.size = enc_params->iv_size;
- ch = _gnutls_cipher_init(enc_params->cipher, key, &div);
-
- if (ch == GNUTLS_CIPHER_FAILED) {
- gnutls_assert();
- result = GNUTLS_E_ENCRYPTION_FAILED;
- goto error;
+ } else { /* PKCS12 schemas */
+ ret =
+ _pkcs12_string_to_key(1 /*KEY*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ kdf_params->key_size, key->data);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- result = _gnutls_cipher_encrypt(ch, data, data_size);
- if (result < 0) {
+ /* Now generate the IV
+ */
+ if (enc_params->iv_size) {
+ ret =
+ _pkcs12_string_to_key(2 /*IV*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ enc_params->iv_size, enc_params->iv);
+ if (ret < 0) {
gnutls_assert();
- goto error;
+ return ret;
+ }
}
+ }
- encrypted->data = data;
- encrypted->size = data_size;
-
- _gnutls_cipher_deinit(ch);
-
- return 0;
- error:
- gnutls_free(data);
- if (ch != NULL)
- _gnutls_cipher_deinit(ch);
- return result;
+ return 0;
}
-/* Decrypts a PKCS #7 encryptedData. The output is allocated
- * and stored in dec.
+
+/* Encodes the parameters to be written in the encryptionAlgorithm.parameters
+ * part.
*/
-int _gnutls_pkcs7_decrypt_data(const gnutls_datum * data,
- const char *password,
- gnutls_datum * dec)
+static int write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params)
{
- int result, len;
- char enc_oid[64];
- gnutls_datum tmp;
- ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY;
- int params_start, params_end, params_len;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
- schema_id schema;
+ int result;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
+ if (schema == PBES2) {
if ((result =
asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-7-EncryptedData",
- &pkcs7_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
+ "PKIX1.pkcs-5-PBES2-params",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
}
- result =
- asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
+ result = write_pbkdf2_params(pbes2_asn, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
}
- /* Check the encryption schema OID
- */
- len = sizeof(enc_oid);
- result =
- asn1_read_value(pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- enc_oid, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
+ result = write_pbe_enc_params(pbes2_asn, enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
}
- if ((result = check_schema(enc_oid)) < 0) {
- gnutls_assert();
- goto error;
+ result = _gnutls_x509_der_encode_and_copy(pbes2_asn, "",
+ pkcs8_asn, where, 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
}
- schema = result;
- /* Get the DER encoding of the parameters.
- */
- result =
- asn1_der_decoding_startEnd(pkcs7_asn, data->data, data->size,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- &params_start, &params_end);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
- params_len = params_end - params_start + 1;
+ asn1_delete_structure(&pbes2_asn);
+ } else { /* PKCS12 schemas */
- result =
- read_pkcs_schema_params(schema, password,
- &data->data[params_start],
- params_len, &kdf_params, &enc_params);
- if (result < ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-12-PbeParams",
+ &pbes2_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
}
- /* Parameters have been decoded. Now
- * decrypt the EncryptedData.
- */
+ result = write_pkcs12_kdf_params(pbes2_asn, kdf_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
- result =
- decrypt_data(schema, pkcs7_asn,
- "encryptedContentInfo.encryptedContent", password,
- &kdf_params, &enc_params, &tmp);
+ result = _gnutls_x509_der_encode_and_copy(pbes2_asn, "",
+ pkcs8_asn, where, 0);
if (result < 0) {
- gnutls_assert();
- goto error;
+ gnutls_assert();
+ goto error;
}
- asn1_delete_structure(&pkcs7_asn);
+ asn1_delete_structure(&pbes2_asn);
- *dec = tmp;
+ }
- return 0;
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ return result;
- error:
- asn1_delete_structure(&pbes2_asn);
- asn1_delete_structure(&pkcs7_asn);
- return result;
+}
+
+static int encrypt_data(const gnutls_datum * plain,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum * key, gnutls_datum * encrypted)
+{
+ int result;
+ int data_size;
+ opaque *data = NULL;
+ gnutls_datum div;
+ cipher_hd_t ch = NULL;
+ opaque pad, pad_size;
+
+ pad_size = _gnutls_cipher_get_block_size(enc_params->cipher);
+
+ if (pad_size == 1) /* stream */
+ pad_size = 0;
+
+ data = gnutls_malloc(plain->size + pad_size);
+ if (data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy(data, plain->data, plain->size);
+
+ if (pad_size > 0) {
+ pad = pad_size - (plain->size % pad_size);
+ if (pad == 0)
+ pad = pad_size;
+ memset(&data[plain->size], pad, pad);
+ } else
+ pad = 0;
+
+ data_size = plain->size + pad;
+
+ div.data = (opaque *) enc_params->iv;
+ div.size = enc_params->iv_size;
+ ch = _gnutls_cipher_init(enc_params->cipher, key, &div);
+
+ if (ch == GNUTLS_CIPHER_FAILED) {
+ gnutls_assert();
+ result = GNUTLS_E_ENCRYPTION_FAILED;
+ goto error;
+ }
+
+ result = _gnutls_cipher_encrypt(ch, data, data_size);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ encrypted->data = data;
+ encrypted->size = data_size;
+
+ _gnutls_cipher_deinit(ch);
+
+ return 0;
+
+ error:
+ gnutls_free(data);
+ if (ch != NULL)
+ _gnutls_cipher_deinit(ch);
+ return result;
+}
+
+/* Decrypts a PKCS #7 encryptedData. The output is allocated
+ * and stored in dec.
+ */
+int _gnutls_pkcs7_decrypt_data(const gnutls_datum * data,
+ const char *password, gnutls_datum * dec)
+{
+ int result, len;
+ char enc_oid[64];
+ gnutls_datum tmp;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY;
+ int params_start, params_end, params_len;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ schema_id schema;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-EncryptedData",
+ &pkcs7_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Check the encryption schema OID
+ */
+ len = sizeof(enc_oid);
+ result =
+ asn1_read_value(pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ enc_oid, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ if ((result = check_schema(enc_oid)) < 0) {
+ gnutls_assert();
+ goto error;
+ }
+ schema = result;
+
+ /* Get the DER encoding of the parameters.
+ */
+ result =
+ asn1_der_decoding_startEnd(pkcs7_asn, data->data, data->size,
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &params_start, &params_end);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+ params_len = params_end - params_start + 1;
+
+ result =
+ read_pkcs_schema_params(schema, password,
+ &data->data[params_start],
+ params_len, &kdf_params, &enc_params);
+ if (result < ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Parameters have been decoded. Now
+ * decrypt the EncryptedData.
+ */
+
+ result =
+ decrypt_data(schema, pkcs7_asn,
+ "encryptedContentInfo.encryptedContent", password,
+ &kdf_params, &enc_params, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ asn1_delete_structure(&pkcs7_asn);
+
+ *dec = tmp;
+
+ return 0;
+
+ error:
+ asn1_delete_structure(&pbes2_asn);
+ asn1_delete_structure(&pkcs7_asn);
+ return result;
}
/* Encrypts to a PKCS #7 encryptedData. The output is allocated
* and stored in enc.
*/
int _gnutls_pkcs7_encrypt_data(schema_id schema, const gnutls_datum * data,
- const char *password,
- gnutls_datum * enc)
+ const char *password, gnutls_datum * enc)
{
- int result;
- gnutls_datum key = { NULL, 0 };
- gnutls_datum tmp = { NULL, 0 };
- ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
- struct pbkdf2_params kdf_params;
- struct pbe_enc_params enc_params;
-
-
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.pkcs-7-EncryptedData",
- &pkcs7_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Write the encryption schema OID
- */
- switch (schema) {
- case PBES2:
- result =
- asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- PBES2_OID, 1);
- break;
- case PKCS12_3DES_SHA1:
- result =
- asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- PKCS12_PBE_3DES_SHA1_OID, 1);
- break;
- case PKCS12_ARCFOUR_SHA1:
- result =
- asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- PKCS12_PBE_ARCFOUR_SHA1_OID, 1);
- break;
- case PKCS12_RC2_40_SHA1:
- result =
- asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- PKCS12_PBE_RC2_40_SHA1_OID, 1);
- break;
-
- }
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Generate a symmetric key.
- */
-
+ int result;
+ gnutls_datum key = { NULL, 0 };
+ gnutls_datum tmp = { NULL, 0 };
+ ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.pkcs-7-EncryptedData",
+ &pkcs7_asn)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Write the encryption schema OID
+ */
+ switch (schema) {
+ case PBES2:
result =
- generate_key(schema, password, &kdf_params, &enc_params, &key);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- result = write_schema_params(schema, pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
- &kdf_params, &enc_params);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- /* Parameters have been encoded. Now
- * encrypt the Data.
- */
- result = encrypt_data( data, &enc_params, &key, &tmp);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
- /* write the encrypted data.
- */
+ asn1_write_value(pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ PBES2_OID, 1);
+ break;
+ case PKCS12_3DES_SHA1:
result =
- asn1_write_value(pkcs7_asn, "encryptedContentInfo.encryptedContent", tmp.data,
- tmp.size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- _gnutls_free_datum(&tmp);
- _gnutls_free_datum(&key);
-
- /* Now write the rest of the pkcs-7 stuff.
- */
-
- result = _gnutls_x509_write_uint32( pkcs7_asn, "version", 0);
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
+ asn1_write_value(pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ PKCS12_PBE_3DES_SHA1_OID, 1);
+ break;
+ case PKCS12_ARCFOUR_SHA1:
result =
- asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentType", DATA_OID, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
+ asn1_write_value(pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ PKCS12_PBE_ARCFOUR_SHA1_OID, 1);
+ break;
+ case PKCS12_RC2_40_SHA1:
result =
- asn1_write_value(pkcs7_asn, "unprotectedAttrs", NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto error;
- }
-
- /* Now encode and copy the DER stuff.
- */
- result = _gnutls_x509_der_encode( pkcs7_asn, "", enc, 0);
-
- asn1_delete_structure(&pkcs7_asn);
-
- if (result < 0) {
- gnutls_assert();
- goto error;
- }
-
-
- error:
- _gnutls_free_datum(&key);
- _gnutls_free_datum(&tmp);
- asn1_delete_structure(&pkcs7_asn);
- return result;
+ asn1_write_value(pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ PKCS12_PBE_RC2_40_SHA1_OID, 1);
+ break;
+
+ }
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Generate a symmetric key.
+ */
+
+ result =
+ generate_key(schema, password, &kdf_params, &enc_params, &key);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result = write_schema_params(schema, pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &kdf_params, &enc_params);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* Parameters have been encoded. Now
+ * encrypt the Data.
+ */
+ result = encrypt_data(data, &enc_params, &key, &tmp);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ /* write the encrypted data.
+ */
+ result =
+ asn1_write_value(pkcs7_asn,
+ "encryptedContentInfo.encryptedContent", tmp.data,
+ tmp.size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ _gnutls_free_datum(&tmp);
+ _gnutls_free_datum(&key);
+
+ /* Now write the rest of the pkcs-7 stuff.
+ */
+
+ result = _gnutls_x509_write_uint32(pkcs7_asn, "version", 0);
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+ result =
+ asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentType",
+ DATA_OID, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ result = asn1_write_value(pkcs7_asn, "unprotectedAttrs", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto error;
+ }
+
+ /* Now encode and copy the DER stuff.
+ */
+ result = _gnutls_x509_der_encode(pkcs7_asn, "", enc, 0);
+
+ asn1_delete_structure(&pkcs7_asn);
+
+ if (result < 0) {
+ gnutls_assert();
+ goto error;
+ }
+
+
+ error:
+ _gnutls_free_datum(&key);
+ _gnutls_free_datum(&tmp);
+ asn1_delete_structure(&pkcs7_asn);
+ return result;
}
diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c
index b6229719c2..a1a7e1b82d 100644
--- a/lib/x509/rfc2818_hostname.c
+++ b/lib/x509/rfc2818_hostname.c
@@ -34,36 +34,36 @@
*/
int _gnutls_hostname_compare(const char *certname, const char *hostname)
{
- const char *cmpstr1, *cmpstr2;
+ const char *cmpstr1, *cmpstr2;
- if (strlen(certname) == 0 || strlen(hostname) == 0)
- return 0;
+ if (strlen(certname) == 0 || strlen(hostname) == 0)
+ return 0;
- if (strlen(certname) > 2 && strncmp(certname, "*.", 2) == 0) {
- /* a wildcard certificate */
+ if (strlen(certname) > 2 && strncmp(certname, "*.", 2) == 0) {
+ /* a wildcard certificate */
- cmpstr1 = certname + 1;
+ cmpstr1 = certname + 1;
- /* find the first dot in hostname, compare from there on */
- cmpstr2 = strchr(hostname, '.');
+ /* find the first dot in hostname, compare from there on */
+ cmpstr2 = strchr(hostname, '.');
- if (cmpstr2 == NULL) {
- /* error, the hostname we're connecting to is only a local part */
- return 0;
- }
+ if (cmpstr2 == NULL) {
+ /* error, the hostname we're connecting to is only a local part */
+ return 0;
+ }
- if (strcasecmp(cmpstr1, cmpstr2) == 0) {
- return 1;
- }
+ if (strcasecmp(cmpstr1, cmpstr2) == 0) {
+ return 1;
+ }
- return 0;
- }
+ return 0;
+ }
- if (strcasecmp(certname, hostname) == 0) {
- return 1;
- }
+ if (strcasecmp(certname, hostname) == 0) {
+ return 1;
+ }
- return 0;
+ return 0;
}
/**
@@ -80,63 +80,63 @@ int _gnutls_hostname_compare(const char *certname, const char *hostname)
*
**/
int gnutls_x509_crt_check_hostname(gnutls_x509_crt cert,
- const char *hostname)
+ const char *hostname)
{
- char dnsname[MAX_CN];
- size_t dnsnamesize;
- int found_dnsname = 0;
- int ret = 0;
- int i = 0;
-
- /* try matching against:
- * 1) a DNS name as an alternative name (subjectAltName) extension
- * in the certificate
- * 2) the common name (CN) in the certificate
- *
- * either of these may be of the form: *.domain.tld
- *
- * only try (2) if there is no subjectAltName extension of
- * type dNSName
- */
-
- /* Check through all included subjectAltName extensions, comparing
- * against all those of type dNSName.
- */
- for (i = 0; !(ret < 0); i++) {
-
- dnsnamesize = sizeof(dnsname);
- ret =
- gnutls_x509_crt_get_subject_alt_name(cert, i,
- dnsname, &dnsnamesize, NULL);
-
- if (ret == GNUTLS_SAN_DNSNAME) {
- found_dnsname = 1;
- if (_gnutls_hostname_compare(dnsname, hostname)) {
- return 1;
- }
- }
-
- }
-
- if (!found_dnsname) {
- /* not got the necessary extension, use CN instead
- */
- dnsnamesize = sizeof(dnsname);
- if (gnutls_x509_crt_get_dn_by_oid(cert, OID_X520_COMMON_NAME, 0,
- 0, dnsname, &dnsnamesize) < 0) {
- /* got an error, can't find a name
- */
- return 1;
- }
-
- if (_gnutls_hostname_compare(dnsname, hostname)) {
- return 1;
- }
- }
-
- /* not found a matching name
- */
- return 0;
+ char dnsname[MAX_CN];
+ size_t dnsnamesize;
+ int found_dnsname = 0;
+ int ret = 0;
+ int i = 0;
+
+ /* try matching against:
+ * 1) a DNS name as an alternative name (subjectAltName) extension
+ * in the certificate
+ * 2) the common name (CN) in the certificate
+ *
+ * either of these may be of the form: *.domain.tld
+ *
+ * only try (2) if there is no subjectAltName extension of
+ * type dNSName
+ */
+
+ /* Check through all included subjectAltName extensions, comparing
+ * against all those of type dNSName.
+ */
+ for (i = 0; !(ret < 0); i++) {
+
+ dnsnamesize = sizeof(dnsname);
+ ret =
+ gnutls_x509_crt_get_subject_alt_name(cert, i,
+ dnsname, &dnsnamesize,
+ NULL);
+
+ if (ret == GNUTLS_SAN_DNSNAME) {
+ found_dnsname = 1;
+ if (_gnutls_hostname_compare(dnsname, hostname)) {
+ return 1;
+ }
+ }
+
+ }
+
+ if (!found_dnsname) {
+ /* not got the necessary extension, use CN instead
+ */
+ dnsnamesize = sizeof(dnsname);
+ if (gnutls_x509_crt_get_dn_by_oid(cert, OID_X520_COMMON_NAME, 0,
+ 0, dnsname, &dnsnamesize) < 0) {
+ /* got an error, can't find a name
+ */
+ return 1;
+ }
+
+ if (_gnutls_hostname_compare(dnsname, hostname)) {
+ return 1;
+ }
+ }
+
+ /* not found a matching name
+ */
+ return 0;
}
-
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 35e8ba8fa3..8586bd86b7 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -46,69 +46,69 @@
/* Writes the digest information and the digest in a DER encoded
* structure. The digest info is allocated and stored into the info structure.
*/
-static int encode_ber_digest_info( gnutls_mac_algorithm hash,
- const gnutls_datum* digest, gnutls_datum *info)
+static int encode_ber_digest_info(gnutls_mac_algorithm hash,
+ const gnutls_datum * digest,
+ gnutls_datum * info)
{
-ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
-int result;
-const char* algo;
-
- algo = _gnutls_x509_mac_to_oid( hash);
- if (algo == NULL) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- }
+ ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
+ int result;
+ const char *algo;
+
+ algo = _gnutls_x509_mac_to_oid(hash);
+ if (algo == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DigestInfo",
+ &dinfo)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value(dinfo, "digestAlgorithm.algorithm", algo, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
- if ((result=asn1_create_element( _gnutls_get_gnutls_asn(),
- "GNUTLS.DigestInfo", &dinfo))!=ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result =
- asn1_write_value( dinfo, "digestAlgorithm.algorithm", algo, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&dinfo);
- return _gnutls_asn2err(result);
- }
+ result =
+ asn1_write_value(dinfo, "digestAlgorithm.parameters", NULL, 0);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
- result =
- asn1_write_value( dinfo, "digestAlgorithm.parameters", NULL, 0);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&dinfo);
- return _gnutls_asn2err(result);
- }
+ result = asn1_write_value(dinfo, "digest", digest->data, digest->size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
- result =
- asn1_write_value( dinfo, "digest", digest->data, digest->size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&dinfo);
- return _gnutls_asn2err(result);
- }
+ info->size = 0;
+ asn1_der_coding(dinfo, "", NULL, &info->size, NULL);
- info->size = 0;
- asn1_der_coding( dinfo, "", NULL, &info->size, NULL);
+ info->data = gnutls_malloc(info->size);
+ if (info->data == NULL) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- info->data = gnutls_malloc( info->size);
- if (info->data == NULL) {
- gnutls_assert();
- asn1_delete_structure(&dinfo);
- return GNUTLS_E_MEMORY_ERROR;
- }
+ result = asn1_der_coding(dinfo, "", info->data, &info->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_coding( dinfo, "", info->data, &info->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&dinfo);
- return _gnutls_asn2err(result);
- }
+ asn1_delete_structure(&dinfo);
- asn1_delete_structure(&dinfo);
-
- return 0;
+ return 0;
}
/* if hash==MD5 then we do RSA-MD5
@@ -117,71 +117,75 @@ const char* algo;
* params[1] is public key
*/
static int
-pkcs1_rsa_sign( gnutls_mac_algorithm hash, const gnutls_datum* text,
- mpi_t *params, int params_len, gnutls_datum* signature)
+pkcs1_rsa_sign(gnutls_mac_algorithm hash, const gnutls_datum * text,
+ mpi_t * params, int params_len, gnutls_datum * signature)
{
- int ret;
- opaque _digest[MAX_HASH_SIZE];
- GNUTLS_HASH_HANDLE hd;
- gnutls_datum digest, info;
-
- hd = _gnutls_hash_init( hash);
- if (hd == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
-
- _gnutls_hash( hd, text->data, text->size);
- _gnutls_hash_deinit( hd, _digest);
-
- digest.data = _digest;
- digest.size = _gnutls_hash_get_algo_len(hash);
-
- /* Encode the digest as a DigestInfo
- */
- if ( (ret = encode_ber_digest_info( hash, &digest, &info)) != 0) {
- gnutls_assert();
- return ret;
- }
-
- if ( (ret=_gnutls_sign( GNUTLS_PK_RSA, params, params_len, &info, signature)) < 0) {
- gnutls_assert();
- _gnutls_free_datum( &info);
- return ret;
- }
-
- _gnutls_free_datum( &info);
-
- return 0;
+ int ret;
+ opaque _digest[MAX_HASH_SIZE];
+ GNUTLS_HASH_HANDLE hd;
+ gnutls_datum digest, info;
+
+ hd = _gnutls_hash_init(hash);
+ if (hd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ _gnutls_hash(hd, text->data, text->size);
+ _gnutls_hash_deinit(hd, _digest);
+
+ digest.data = _digest;
+ digest.size = _gnutls_hash_get_algo_len(hash);
+
+ /* Encode the digest as a DigestInfo
+ */
+ if ((ret = encode_ber_digest_info(hash, &digest, &info)) != 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if ((ret =
+ _gnutls_sign(GNUTLS_PK_RSA, params, params_len, &info,
+ signature)) < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&info);
+ return ret;
+ }
+
+ _gnutls_free_datum(&info);
+
+ return 0;
}
static int
-dsa_sign( const gnutls_datum* text,
- mpi_t *params, int params_len, gnutls_datum* signature)
+dsa_sign(const gnutls_datum * text,
+ mpi_t * params, int params_len, gnutls_datum * signature)
{
- int ret;
- opaque _digest[MAX_HASH_SIZE];
- GNUTLS_HASH_HANDLE hd;
- gnutls_datum digest;
-
- hd = _gnutls_hash_init( GNUTLS_MAC_SHA);
- if (hd == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
-
- _gnutls_hash( hd, text->data, text->size);
- _gnutls_hash_deinit( hd, _digest);
-
- digest.data = _digest;
- digest.size = 20;
-
- if ( (ret=_gnutls_sign( GNUTLS_PK_DSA, params, params_len, &digest, signature)) < 0) {
- gnutls_assert();
- return ret;
- }
-
- return 0;
+ int ret;
+ opaque _digest[MAX_HASH_SIZE];
+ GNUTLS_HASH_HANDLE hd;
+ gnutls_datum digest;
+
+ hd = _gnutls_hash_init(GNUTLS_MAC_SHA);
+ if (hd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ _gnutls_hash(hd, text->data, text->size);
+ _gnutls_hash_deinit(hd, _digest);
+
+ digest.data = _digest;
+ digest.size = 20;
+
+ if ((ret =
+ _gnutls_sign(GNUTLS_PK_DSA, params, params_len, &digest,
+ signature)) < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return 0;
}
/* Signs the given data using the parameters from the signer's
@@ -193,74 +197,77 @@ dsa_sign( const gnutls_datum* text,
* 'signature' will hold the signature!
* 'hash' is only used in PKCS1 RSA signing.
*/
-int _gnutls_x509_sign( const gnutls_datum* tbs, gnutls_mac_algorithm hash,
- gnutls_x509_privkey signer, gnutls_datum* signature)
+int _gnutls_x509_sign(const gnutls_datum * tbs, gnutls_mac_algorithm hash,
+ gnutls_x509_privkey signer, gnutls_datum * signature)
{
-int ret;
-
- switch( signer->pk_algorithm)
- {
- case GNUTLS_PK_RSA:
- ret = pkcs1_rsa_sign( hash, tbs, signer->params, signer->params_size,
- signature);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- return 0;
- break;
- case GNUTLS_PK_DSA:
- ret = dsa_sign( tbs, signer->params, signer->params_size, signature);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return 0;
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ int ret;
+
+ switch (signer->pk_algorithm) {
+ case GNUTLS_PK_RSA:
+ ret =
+ pkcs1_rsa_sign(hash, tbs, signer->params, signer->params_size,
+ signature);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+ return 0;
+ break;
+ case GNUTLS_PK_DSA:
+ ret =
+ dsa_sign(tbs, signer->params, signer->params_size, signature);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
+ return 0;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
}
/* This is the same as the _gnutls_x509_sign, but this one will decode
* the ASN1_TYPE given, and sign the DER data. Actually used to get the DER
* of the TBS and sign it on the fly.
*/
-int _gnutls_x509_sign_tbs( ASN1_TYPE cert, const char* tbs_name,
- gnutls_mac_algorithm hash, gnutls_x509_privkey signer, gnutls_datum* signature)
+int _gnutls_x509_sign_tbs(ASN1_TYPE cert, const char *tbs_name,
+ gnutls_mac_algorithm hash,
+ gnutls_x509_privkey signer,
+ gnutls_datum * signature)
{
-int result;
-opaque *buf;
-int buf_size;
-gnutls_datum tbs;
-
- buf_size = 0;
- asn1_der_coding( cert, tbs_name, NULL, &buf_size, NULL);
-
- buf = gnutls_alloca( buf_size);
- if (buf == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ int result;
+ opaque *buf;
+ int buf_size;
+ gnutls_datum tbs;
- result = asn1_der_coding( cert, tbs_name, buf, &buf_size, NULL);
+ buf_size = 0;
+ asn1_der_coding(cert, tbs_name, NULL, &buf_size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_afree(buf);
- return _gnutls_asn2err(result);
- }
+ buf = gnutls_alloca(buf_size);
+ if (buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_der_coding(cert, tbs_name, buf, &buf_size, NULL);
- tbs.data = buf;
- tbs.size = buf_size;
-
- result = _gnutls_x509_sign( &tbs, hash, signer, signature);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
gnutls_afree(buf);
-
- return result;
+ return _gnutls_asn2err(result);
+ }
+
+ tbs.data = buf;
+ tbs.size = buf_size;
+
+ result = _gnutls_x509_sign(&tbs, hash, signer, signature);
+ gnutls_afree(buf);
+
+ return result;
}
/*-
@@ -275,70 +282,78 @@ gnutls_datum tbs;
* Returns 0 on success.
*
-*/
-int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char* src_name,
- gnutls_x509_crt issuer, gnutls_x509_privkey issuer_key)
+int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
+ gnutls_x509_crt issuer,
+ gnutls_x509_privkey issuer_key)
{
-int result;
-gnutls_datum signature;
-char name[128];
-
- /* Step 1. Copy the issuer's name into the certificate.
- */
- _gnutls_str_cpy( name, sizeof(name), src_name);
- _gnutls_str_cat( name, sizeof(name), ".issuer");
-
- result = _gnutls_asn1_copy_node( &src, name,
- issuer->cert, "tbsCertificate.subject");
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Step 1.5. Write the signature stuff in the tbsCertificate.
- */
- _gnutls_str_cpy( name, sizeof(name), src_name);
- _gnutls_str_cat( name, sizeof(name), ".signature");
-
- result = _gnutls_x509_write_sig_params( src, name,
- issuer_key->pk_algorithm, issuer_key->params, issuer_key->params_size);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* Step 2. Sign the certificate.
- */
- result = _gnutls_x509_sign_tbs( src, src_name, GNUTLS_MAC_SHA,
- issuer_key, &signature);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- /* write the signature (bits)
- */
- result = asn1_write_value( src, "signature", signature.data, signature.size*8);
-
- _gnutls_free_datum( &signature);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ int result;
+ gnutls_datum signature;
+ char name[128];
+
+ /* Step 1. Copy the issuer's name into the certificate.
+ */
+ _gnutls_str_cpy(name, sizeof(name), src_name);
+ _gnutls_str_cat(name, sizeof(name), ".issuer");
+
+ result = _gnutls_asn1_copy_node(&src, name,
+ issuer->cert,
+ "tbsCertificate.subject");
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* Step 1.5. Write the signature stuff in the tbsCertificate.
+ */
+ _gnutls_str_cpy(name, sizeof(name), src_name);
+ _gnutls_str_cat(name, sizeof(name), ".signature");
+
+ result = _gnutls_x509_write_sig_params(src, name,
+ issuer_key->pk_algorithm,
+ issuer_key->params,
+ issuer_key->params_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- /* Step 3. Move up and write the AlgorithmIdentifier, which is also
- * the same.
- */
+ /* Step 2. Sign the certificate.
+ */
+ result = _gnutls_x509_sign_tbs(src, src_name, GNUTLS_MAC_SHA,
+ issuer_key, &signature);
- result = _gnutls_x509_write_sig_params( src, "signatureAlgorithm",
- issuer_key->pk_algorithm, issuer_key->params, issuer_key->params_size);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ /* write the signature (bits)
+ */
+ result =
+ asn1_write_value(src, "signature", signature.data,
+ signature.size * 8);
+
+ _gnutls_free_datum(&signature);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Step 3. Move up and write the AlgorithmIdentifier, which is also
+ * the same.
+ */
+
+ result = _gnutls_x509_write_sig_params(src, "signatureAlgorithm",
+ issuer_key->pk_algorithm,
+ issuer_key->params,
+ issuer_key->params_size);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
#endif
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index f5d1a910d4..15bb97bf58 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -40,15 +40,18 @@
#include <verify.h>
static int _gnutls_verify_certificate2(gnutls_x509_crt cert,
- gnutls_x509_crt *trusted_cas, int tcas_size,
- unsigned int flags, unsigned int* output);
-int _gnutls_x509_verify_signature(const gnutls_datum* signed_data,
- const gnutls_datum* signature, gnutls_x509_crt issuer);
+ gnutls_x509_crt * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output);
+int _gnutls_x509_verify_signature(const gnutls_datum * signed_data,
+ const gnutls_datum * signature,
+ gnutls_x509_crt issuer);
static
int is_crl_issuer(gnutls_x509_crl crl, gnutls_x509_crt issuer_cert);
static int _gnutls_verify_crl2(gnutls_x509_crl crl,
- gnutls_x509_crt *trusted_cas, int tcas_size,
- unsigned int flags, unsigned int *output);
+ gnutls_x509_crt * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output);
/* Checks if the issuer of a certificate is a
@@ -60,67 +63,74 @@ static int _gnutls_verify_crl2(gnutls_x509_crl crl,
*/
static int check_if_ca(gnutls_x509_crt cert, gnutls_x509_crt issuer)
{
-gnutls_datum cert_signed_data = { NULL, 0 };
-gnutls_datum issuer_signed_data = { NULL, 0 };
-gnutls_datum cert_signature = { NULL, 0 };
-gnutls_datum issuer_signature = { NULL, 0 };
-int result;
-
- /* Check if the issuer is the same with the
- * certificate. This is added in order for trusted
- * certificates to be able to verify themselves.
- */
-
- result = _gnutls_x509_get_signed_data( issuer->cert, "tbsCertificate", &issuer_signed_data);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_signed_data( cert->cert, "tbsCertificate", &cert_signed_data);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_signature( issuer->cert, "signature", &issuer_signature);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- result = _gnutls_x509_get_signature( cert->cert, "signature", &cert_signature);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ gnutls_datum cert_signed_data = { NULL, 0 };
+ gnutls_datum issuer_signed_data = { NULL, 0 };
+ gnutls_datum cert_signature = { NULL, 0 };
+ gnutls_datum issuer_signature = { NULL, 0 };
+ int result;
+
+ /* Check if the issuer is the same with the
+ * certificate. This is added in order for trusted
+ * certificates to be able to verify themselves.
+ */
+
+ result =
+ _gnutls_x509_get_signed_data(issuer->cert, "tbsCertificate",
+ &issuer_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- if (cert_signed_data.size == issuer_signed_data.size) {
- if (
- (memcmp(cert_signed_data.data, issuer_signed_data.data,
- cert_signed_data.size) == 0) &&
- (cert_signature.size == issuer_signature.size) &&
- (memcmp(cert_signature.data, issuer_signature.data,
- cert_signature.size) == 0))
+ result =
+ _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate",
+ &cert_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = 1;
- goto cleanup;
- }
+ result =
+ _gnutls_x509_get_signature(issuer->cert, "signature",
+ &issuer_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- if (gnutls_x509_crt_get_ca_status(issuer, NULL) == 1) {
- result = 1;
- goto cleanup;
- } else
- gnutls_assert();
+ result =
+ _gnutls_x509_get_signature(cert->cert, "signature",
+ &cert_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (cert_signed_data.size == issuer_signed_data.size) {
+ if ((memcmp(cert_signed_data.data, issuer_signed_data.data,
+ cert_signed_data.size) == 0) &&
+ (cert_signature.size == issuer_signature.size) &&
+ (memcmp(cert_signature.data, issuer_signature.data,
+ cert_signature.size) == 0))
+
+ result = 1;
+ goto cleanup;
+ }
+
+ if (gnutls_x509_crt_get_ca_status(issuer, NULL) == 1) {
+ result = 1;
+ goto cleanup;
+ } else
+ gnutls_assert();
- result = 0;
+ result = 0;
-cleanup:
- _gnutls_free_datum( &cert_signed_data);
- _gnutls_free_datum( &issuer_signed_data);
- _gnutls_free_datum( &cert_signature);
- _gnutls_free_datum( &issuer_signature);
- return result;
+ cleanup:
+ _gnutls_free_datum(&cert_signed_data);
+ _gnutls_free_datum(&issuer_signed_data);
+ _gnutls_free_datum(&cert_signature);
+ _gnutls_free_datum(&issuer_signature);
+ return result;
}
@@ -134,47 +144,49 @@ cleanup:
static
int is_issuer(gnutls_x509_crt cert, gnutls_x509_crt issuer_cert)
{
- gnutls_datum dn1 = {NULL, 0}, dn2 = { NULL, 0 };
- int ret;
+ gnutls_datum dn1 = { NULL, 0 }, dn2 = {
+ NULL, 0};
+ int ret;
- ret = _gnutls_x509_crt_get_raw_issuer_dn( cert, &dn1);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ ret = _gnutls_x509_crt_get_raw_issuer_dn(cert, &dn1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- ret = _gnutls_x509_crt_get_raw_dn( issuer_cert, &dn2);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ ret = _gnutls_x509_crt_get_raw_dn(issuer_cert, &dn2);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- ret = _gnutls_x509_compare_raw_dn( &dn1, &dn2);
-
-cleanup:
- _gnutls_free_datum(&dn1);
- _gnutls_free_datum(&dn2);
- return ret;
+ ret = _gnutls_x509_compare_raw_dn(&dn1, &dn2);
+
+ cleanup:
+ _gnutls_free_datum(&dn1);
+ _gnutls_free_datum(&dn2);
+ return ret;
}
static inline
-gnutls_x509_crt find_issuer(gnutls_x509_crt cert,
- gnutls_x509_crt * trusted_cas, int tcas_size)
+ gnutls_x509_crt find_issuer(gnutls_x509_crt cert,
+ gnutls_x509_crt * trusted_cas,
+ int tcas_size)
{
- int i;
+ int i;
- /* this is serial search.
- */
+ /* this is serial search.
+ */
- for (i = 0; i < tcas_size; i++) {
- if (is_issuer(cert, trusted_cas[i]) == 1)
- return trusted_cas[i];
- }
+ for (i = 0; i < tcas_size; i++) {
+ if (is_issuer(cert, trusted_cas[i]) == 1)
+ return trusted_cas[i];
+ }
- gnutls_assert();
- return NULL;
+ gnutls_assert();
+ return NULL;
}
@@ -189,78 +201,91 @@ gnutls_x509_crt find_issuer(gnutls_x509_crt cert,
* procedure.
*/
static int _gnutls_verify_certificate2(gnutls_x509_crt cert,
- gnutls_x509_crt *trusted_cas, int tcas_size,
- unsigned int flags, unsigned int *output)
+ gnutls_x509_crt * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output)
{
-gnutls_datum cert_signed_data = { NULL, 0 };
-gnutls_datum cert_signature = { NULL, 0 };
-gnutls_x509_crt issuer;
-int ret, issuer_version, result;
-
- if (output) *output = 0;
-
- if (tcas_size >= 1)
- issuer = find_issuer(cert, trusted_cas, tcas_size);
- else {
- gnutls_assert();
- if (output) *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
- return 0;
- }
+ gnutls_datum cert_signed_data = { NULL, 0 };
+ gnutls_datum cert_signature = { NULL, 0 };
+ gnutls_x509_crt issuer;
+ int ret, issuer_version, result;
- /* issuer is not in trusted certificate
- * authorities.
- */
- if (issuer == NULL) {
- if (output) *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
- gnutls_assert();
- return 0;
- }
+ if (output)
+ *output = 0;
- issuer_version = gnutls_x509_crt_get_version( issuer);
- if (issuer_version < 0) {
- gnutls_assert();
- return issuer_version;
- }
+ if (tcas_size >= 1)
+ issuer = find_issuer(cert, trusted_cas, tcas_size);
+ else {
+ gnutls_assert();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ /* issuer is not in trusted certificate
+ * authorities.
+ */
+ if (issuer == NULL) {
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ gnutls_assert();
+ return 0;
+ }
- if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
- !((flags & GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT) && issuer_version == 1)) {
- if (check_if_ca(cert, issuer)==0) {
- gnutls_assert();
- if (output) *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
- return 0;
- }
+ issuer_version = gnutls_x509_crt_get_version(issuer);
+ if (issuer_version < 0) {
+ gnutls_assert();
+ return issuer_version;
+ }
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
+ !((flags & GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT)
+ && issuer_version == 1)) {
+ if (check_if_ca(cert, issuer) == 0) {
+ gnutls_assert();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
+ return 0;
}
+ }
- result = _gnutls_x509_get_signed_data( cert->cert, "tbsCertificate", &cert_signed_data);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ result =
+ _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate",
+ &cert_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- result = _gnutls_x509_get_signature( cert->cert, "signature", &cert_signature);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ result =
+ _gnutls_x509_get_signature(cert->cert, "signature",
+ &cert_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- ret = _gnutls_x509_verify_signature(&cert_signed_data, &cert_signature, issuer);
- if (ret < 0) {
- gnutls_assert();
- } else if (ret == 0) {
- gnutls_assert();
- /* error. ignore it */
- if (output) *output |= GNUTLS_CERT_INVALID;
- ret = 0;
- }
+ ret =
+ _gnutls_x509_verify_signature(&cert_signed_data, &cert_signature,
+ issuer);
+ if (ret < 0) {
+ gnutls_assert();
+ } else if (ret == 0) {
+ gnutls_assert();
+ /* error. ignore it */
+ if (output)
+ *output |= GNUTLS_CERT_INVALID;
+ ret = 0;
+ }
+
+ result = ret;
- result = ret;
-
-cleanup:
- _gnutls_free_datum( &cert_signed_data);
- _gnutls_free_datum( &cert_signature);
-
- return result;
+ cleanup:
+ _gnutls_free_datum(&cert_signed_data);
+ _gnutls_free_datum(&cert_signature);
+
+ return result;
}
@@ -278,72 +303,75 @@ cleanup:
* lead to a trusted CA in order to be trusted.
*/
static
-unsigned int _gnutls_x509_verify_certificate(gnutls_x509_crt * certificate_list,
- int clist_size,
- gnutls_x509_crt * trusted_cas,
- int tcas_size, gnutls_x509_crl *CRLs,
- int crls_size, unsigned int flags)
+unsigned int _gnutls_x509_verify_certificate(gnutls_x509_crt *
+ certificate_list,
+ int clist_size,
+ gnutls_x509_crt * trusted_cas,
+ int tcas_size,
+ gnutls_x509_crl * CRLs,
+ int crls_size,
+ unsigned int flags)
{
- int i = 0, ret;
- unsigned int status = 0, output;
+ int i = 0, ret;
+ unsigned int status = 0, output;
- /* Check for revoked certificates in the chain
- */
+ /* Check for revoked certificates in the chain
+ */
#ifdef ENABLE_PKI
- for (i = 0; i < clist_size; i++) {
- ret = gnutls_x509_crt_check_revocation( certificate_list[i],
- CRLs, crls_size);
- if (ret == 1) { /* revoked */
- status |= GNUTLS_CERT_REVOKED;
- }
+ for (i = 0; i < clist_size; i++) {
+ ret = gnutls_x509_crt_check_revocation(certificate_list[i],
+ CRLs, crls_size);
+ if (ret == 1) { /* revoked */
+ status |= GNUTLS_CERT_REVOKED;
}
+ }
#endif
- /* Verify the certificate path
- */
- for (i = 0; i < clist_size; i++) {
- if (i + 1 >= clist_size)
- break;
-
- if ((ret =
- _gnutls_verify_certificate2(certificate_list[i],
- &certificate_list[i + 1], 1, flags, NULL)) != 1)
- {
- status |= GNUTLS_CERT_INVALID;
- }
- }
+ /* Verify the certificate path
+ */
+ for (i = 0; i < clist_size; i++) {
+ if (i + 1 >= clist_size)
+ break;
- if (status != 0) {
- /* If there is any problem in the
- * certificate chain then mark as not trusted
- * and return immediately.
- */
- gnutls_assert();
- return (0 | GNUTLS_CERT_INVALID);
+ if ((ret =
+ _gnutls_verify_certificate2(certificate_list[i],
+ &certificate_list[i + 1], 1,
+ flags, NULL)) != 1) {
+ status |= GNUTLS_CERT_INVALID;
}
-
- /* Now verify the last certificate in the certificate path
- * against the trusted CA certificate list.
- *
- * If no CAs are present returns NOT_TRUSTED. Thus works
- * in self signed etc certificates.
+ }
+
+ if (status != 0) {
+ /* If there is any problem in the
+ * certificate chain then mark as not trusted
+ * and return immediately.
*/
- ret =
- _gnutls_verify_certificate2(certificate_list[i], trusted_cas,
- tcas_size, flags, &output);
-
- if (ret == 0) {
- /* if the last certificate in the certificate
- * list is invalid, then the certificate is not
- * trusted.
- */
- gnutls_assert();
- status |= output;
-
- status |= GNUTLS_CERT_INVALID;
- }
+ gnutls_assert();
+ return (0 | GNUTLS_CERT_INVALID);
+ }
+
+ /* Now verify the last certificate in the certificate path
+ * against the trusted CA certificate list.
+ *
+ * If no CAs are present returns NOT_TRUSTED. Thus works
+ * in self signed etc certificates.
+ */
+ ret =
+ _gnutls_verify_certificate2(certificate_list[i], trusted_cas,
+ tcas_size, flags, &output);
+
+ if (ret == 0) {
+ /* if the last certificate in the certificate
+ * list is invalid, then the certificate is not
+ * trusted.
+ */
+ gnutls_assert();
+ status |= output;
- return status;
+ status |= GNUTLS_CERT_INVALID;
+ }
+
+ return status;
}
@@ -351,58 +379,59 @@ unsigned int _gnutls_x509_verify_certificate(gnutls_x509_crt * certificate_list,
* we use DER here, although we should use BER. It works fine
* anyway.
*/
-static int decode_ber_digest_info( const gnutls_datum *info, gnutls_mac_algorithm *hash,
- opaque* digest, int *digest_size)
+static int decode_ber_digest_info(const gnutls_datum * info,
+ gnutls_mac_algorithm * hash,
+ opaque * digest, int *digest_size)
{
-ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
-int result;
-char str[1024];
-int len;
-
- if ((result=asn1_create_element( _gnutls_get_gnutls_asn(),
- "GNUTLS.DigestInfo", &dinfo))!=ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
+ int result;
+ char str[1024];
+ int len;
+
+ if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
+ "GNUTLS.DigestInfo",
+ &dinfo)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_decoding( &dinfo, info->data, info->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&dinfo);
- return _gnutls_asn2err(result);
- }
-
- len = sizeof(str)-1;
- result =
- asn1_read_value( dinfo, "digestAlgorithm.algorithm", str, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&dinfo);
- return _gnutls_asn2err(result);
- }
+ result = asn1_der_decoding(&dinfo, info->data, info->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
- *hash = _gnutls_x509_oid2mac_algorithm( str);
+ len = sizeof(str) - 1;
+ result =
+ asn1_read_value(dinfo, "digestAlgorithm.algorithm", str, &len);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
- if (*hash==GNUTLS_MAC_UNKNOWN) {
+ *hash = _gnutls_x509_oid2mac_algorithm(str);
- _gnutls_x509_log( "verify.c: HASH OID: %s\n", str);
+ if (*hash == GNUTLS_MAC_UNKNOWN) {
- gnutls_assert();
- asn1_delete_structure(&dinfo);
- return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
- }
-
- result =
- asn1_read_value( dinfo, "digest", digest, digest_size);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&dinfo);
- return _gnutls_asn2err(result);
- }
+ _gnutls_x509_log("verify.c: HASH OID: %s\n", str);
+ gnutls_assert();
asn1_delete_structure(&dinfo);
-
- return 0;
+ return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
+ }
+
+ result = asn1_read_value(dinfo, "digest", digest, digest_size);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&dinfo);
+ return _gnutls_asn2err(result);
+ }
+
+ asn1_delete_structure(&dinfo);
+
+ return 0;
}
/* if hash==MD5 then we do RSA-MD5
@@ -411,116 +440,124 @@ int len;
* params[1] is public key
*/
static int
-_pkcs1_rsa_verify_sig( const gnutls_datum* text, const gnutls_datum* signature,
- mpi_t *params, int params_len)
+_pkcs1_rsa_verify_sig(const gnutls_datum * text,
+ const gnutls_datum * signature, mpi_t * params,
+ int params_len)
{
- gnutls_mac_algorithm hash;
- int ret;
- opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE];
- int digest_size;
- GNUTLS_HASH_HANDLE hd;
- gnutls_datum decrypted;
-
- ret=_gnutls_pkcs1_rsa_decrypt( &decrypted, signature, params, params_len, 1);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ gnutls_mac_algorithm hash;
+ int ret;
+ opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE];
+ int digest_size;
+ GNUTLS_HASH_HANDLE hd;
+ gnutls_datum decrypted;
+
+ ret =
+ _gnutls_pkcs1_rsa_decrypt(&decrypted, signature, params,
+ params_len, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* decrypted is a BER encoded data of type DigestInfo
- */
+ /* decrypted is a BER encoded data of type DigestInfo
+ */
- digest_size = sizeof(digest);
- if ( (ret = decode_ber_digest_info( &decrypted, &hash, digest, &digest_size)) != 0) {
- gnutls_assert();
- _gnutls_free_datum( &decrypted);
- return ret;
- }
+ digest_size = sizeof(digest);
+ if ((ret =
+ decode_ber_digest_info(&decrypted, &hash, digest,
+ &digest_size)) != 0) {
+ gnutls_assert();
+ _gnutls_free_datum(&decrypted);
+ return ret;
+ }
- _gnutls_free_datum( &decrypted);
+ _gnutls_free_datum(&decrypted);
- if (digest_size != _gnutls_hash_get_algo_len(hash)) {
- gnutls_assert();
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
+ if (digest_size != _gnutls_hash_get_algo_len(hash)) {
+ gnutls_assert();
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
- hd = _gnutls_hash_init( hash);
- if (hd == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
+ hd = _gnutls_hash_init(hash);
+ if (hd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
- _gnutls_hash( hd, text->data, text->size);
- _gnutls_hash_deinit( hd, md);
+ _gnutls_hash(hd, text->data, text->size);
+ _gnutls_hash_deinit(hd, md);
- if (memcmp( md, digest, digest_size)!=0) {
- gnutls_assert();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
+ if (memcmp(md, digest, digest_size) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
- return 0;
+ return 0;
}
/* Hashes input data and verifies a DSA signature.
*/
static int
-dsa_verify_sig( const gnutls_datum* text, const gnutls_datum* signature,
- mpi_t *params, int params_len)
+dsa_verify_sig(const gnutls_datum * text, const gnutls_datum * signature,
+ mpi_t * params, int params_len)
{
- int ret;
- opaque _digest[MAX_HASH_SIZE];
- gnutls_datum digest;
- GNUTLS_HASH_HANDLE hd;
-
- hd = _gnutls_hash_init( GNUTLS_MAC_SHA);
- if (hd == NULL) {
- gnutls_assert();
- return GNUTLS_E_HASH_FAILED;
- }
-
- _gnutls_hash( hd, text->data, text->size);
- _gnutls_hash_deinit( hd, _digest);
+ int ret;
+ opaque _digest[MAX_HASH_SIZE];
+ gnutls_datum digest;
+ GNUTLS_HASH_HANDLE hd;
- digest.data = _digest;
- digest.size = 20;
+ hd = _gnutls_hash_init(GNUTLS_MAC_SHA);
+ if (hd == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
- ret = _gnutls_dsa_verify( &digest, signature, params, params_len);
+ _gnutls_hash(hd, text->data, text->size);
+ _gnutls_hash_deinit(hd, _digest);
- return ret;
+ digest.data = _digest;
+ digest.size = 20;
+
+ ret = _gnutls_dsa_verify(&digest, signature, params, params_len);
+
+ return ret;
}
/* Verifies the signature data, and returns 0 if not verified,
* or 1 otherwise.
*/
-static int verify_sig( const gnutls_datum* tbs, const gnutls_datum* signature,
- gnutls_pk_algorithm pk, mpi_t* issuer_params, int issuer_params_size)
+static int verify_sig(const gnutls_datum * tbs,
+ const gnutls_datum * signature,
+ gnutls_pk_algorithm pk, mpi_t * issuer_params,
+ int issuer_params_size)
{
- switch( pk )
- {
- case GNUTLS_PK_RSA:
+ switch (pk) {
+ case GNUTLS_PK_RSA:
- if (_pkcs1_rsa_verify_sig( tbs, signature, issuer_params, issuer_params_size)!=0) {
- gnutls_assert();
- return 0;
- }
+ if (_pkcs1_rsa_verify_sig
+ (tbs, signature, issuer_params, issuer_params_size) != 0) {
+ gnutls_assert();
+ return 0;
+ }
- return 1;
- break;
+ return 1;
+ break;
- case GNUTLS_PK_DSA:
- if (dsa_verify_sig( tbs, signature, issuer_params, issuer_params_size)!=0) {
- gnutls_assert();
- return 0;
- }
+ case GNUTLS_PK_DSA:
+ if (dsa_verify_sig
+ (tbs, signature, issuer_params, issuer_params_size) != 0) {
+ gnutls_assert();
+ return 0;
+ }
- return 1;
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ return 1;
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
- }
+ }
}
/* verifies if the certificate is properly signed.
@@ -529,34 +566,39 @@ static int verify_sig( const gnutls_datum* tbs, const gnutls_datum* signature,
* 'tbs' is the signed data
* 'signature' is the signature!
*/
-int _gnutls_x509_verify_signature( const gnutls_datum* tbs,
- const gnutls_datum* signature, gnutls_x509_crt issuer)
+int _gnutls_x509_verify_signature(const gnutls_datum * tbs,
+ const gnutls_datum * signature,
+ gnutls_x509_crt issuer)
{
-mpi_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
-int ret, issuer_params_size, i;
-
- /* Read the MPI parameters from the issuer's certificate.
- */
- issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;
- ret = _gnutls_x509_crt_get_mpis(issuer, issuer_params, &issuer_params_size);
- if ( ret < 0) {
- gnutls_assert();
- return ret;
- }
+ mpi_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
+ int ret, issuer_params_size, i;
+
+ /* Read the MPI parameters from the issuer's certificate.
+ */
+ issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;
+ ret =
+ _gnutls_x509_crt_get_mpis(issuer, issuer_params,
+ &issuer_params_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = verify_sig( tbs, signature, gnutls_x509_crt_get_pk_algorithm(issuer, NULL),
- issuer_params, issuer_params_size);
- if ( ret < 0) {
- gnutls_assert();
- }
+ ret =
+ verify_sig(tbs, signature,
+ gnutls_x509_crt_get_pk_algorithm(issuer, NULL),
+ issuer_params, issuer_params_size);
+ if (ret < 0) {
+ gnutls_assert();
+ }
- /* release all allocated MPIs
- */
- for (i = 0; i < issuer_params_size; i++) {
- _gnutls_mpi_release( &issuer_params[i]);
- }
+ /* release all allocated MPIs
+ */
+ for (i = 0; i < issuer_params_size; i++) {
+ _gnutls_mpi_release(&issuer_params[i]);
+ }
- return ret;
+ return ret;
}
/* verifies if the certificate is properly signed.
@@ -565,18 +607,19 @@ int ret, issuer_params_size, i;
* 'tbs' is the signed data
* 'signature' is the signature!
*/
-int _gnutls_x509_privkey_verify_signature( const gnutls_datum* tbs,
- const gnutls_datum* signature, gnutls_x509_privkey issuer)
+int _gnutls_x509_privkey_verify_signature(const gnutls_datum * tbs,
+ const gnutls_datum * signature,
+ gnutls_x509_privkey issuer)
{
- int ret;
-
- ret = verify_sig( tbs, signature, issuer->pk_algorithm,
- issuer->params, issuer->params_size);
- if ( ret < 0) {
- gnutls_assert();
- }
+ int ret;
- return ret;
+ ret = verify_sig(tbs, signature, issuer->pk_algorithm,
+ issuer->params, issuer->params_size);
+ if (ret < 0) {
+ gnutls_assert();
+ }
+
+ return ret;
}
/**
@@ -613,21 +656,25 @@ int _gnutls_x509_privkey_verify_signature( const gnutls_datum* tbs,
* Returns 0 on success and a negative value in case of an error.
*
**/
-int gnutls_x509_crt_list_verify( gnutls_x509_crt* cert_list, int cert_list_length,
- gnutls_x509_crt * CA_list, int CA_list_length,
- gnutls_x509_crl* CRL_list, int CRL_list_length,
- unsigned int flags, unsigned int *verify)
+int gnutls_x509_crt_list_verify(gnutls_x509_crt * cert_list,
+ int cert_list_length,
+ gnutls_x509_crt * CA_list,
+ int CA_list_length,
+ gnutls_x509_crl * CRL_list,
+ int CRL_list_length, unsigned int flags,
+ unsigned int *verify)
{
- if (cert_list == NULL || cert_list_length == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ if (cert_list == NULL || cert_list_length == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
- /* Verify certificate
- */
- *verify =
- _gnutls_x509_verify_certificate( cert_list, cert_list_length,
- CA_list, CA_list_length, CRL_list, CRL_list_length, flags);
+ /* Verify certificate
+ */
+ *verify =
+ _gnutls_x509_verify_certificate(cert_list, cert_list_length,
+ CA_list, CA_list_length, CRL_list,
+ CRL_list_length, flags);
- return 0;
+ return 0;
}
/**
@@ -644,20 +691,22 @@ int gnutls_x509_crt_list_verify( gnutls_x509_crt* cert_list, int cert_list_lengt
* Returns 0 on success and a negative value in case of an error.
*
**/
-int gnutls_x509_crt_verify( gnutls_x509_crt cert,
- gnutls_x509_crt *CA_list, int CA_list_length,
- unsigned int flags, unsigned int *verify)
+int gnutls_x509_crt_verify(gnutls_x509_crt cert,
+ gnutls_x509_crt * CA_list, int CA_list_length,
+ unsigned int flags, unsigned int *verify)
{
-int ret;
- /* Verify certificate
- */
- ret = _gnutls_verify_certificate2( cert, CA_list, CA_list_length, flags, verify);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret;
+ /* Verify certificate
+ */
+ ret =
+ _gnutls_verify_certificate2(cert, CA_list, CA_list_length, flags,
+ verify);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
/**
@@ -672,10 +721,10 @@ int ret;
* A negative value is returned in case of an error.
*
**/
-int gnutls_x509_crt_check_issuer( gnutls_x509_crt cert,
- gnutls_x509_crt issuer)
+int gnutls_x509_crt_check_issuer(gnutls_x509_crt cert,
+ gnutls_x509_crt issuer)
{
- return is_issuer(cert, issuer);
+ return is_issuer(cert, issuer);
}
@@ -693,10 +742,10 @@ int gnutls_x509_crt_check_issuer( gnutls_x509_crt cert,
* A negative value is returned in case of an error.
*
**/
-int gnutls_x509_crl_check_issuer( gnutls_x509_crl cert,
- gnutls_x509_crt issuer)
+int gnutls_x509_crl_check_issuer(gnutls_x509_crl cert,
+ gnutls_x509_crt issuer)
{
- return is_crl_issuer(cert, issuer);
+ return is_crl_issuer(cert, issuer);
}
/**
@@ -714,20 +763,20 @@ int gnutls_x509_crl_check_issuer( gnutls_x509_crl cert,
* Returns 0 on success and a negative value in case of an error.
*
**/
-int gnutls_x509_crl_verify( gnutls_x509_crl crl,
- gnutls_x509_crt *CA_list, int CA_list_length,
- unsigned int flags, unsigned int *verify)
+int gnutls_x509_crl_verify(gnutls_x509_crl crl,
+ gnutls_x509_crt * CA_list, int CA_list_length,
+ unsigned int flags, unsigned int *verify)
{
-int ret;
- /* Verify crl
- */
- ret = _gnutls_verify_crl2( crl, CA_list, CA_list_length, flags, verify);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ int ret;
+ /* Verify crl
+ */
+ ret = _gnutls_verify_crl2(crl, CA_list, CA_list_length, flags, verify);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -736,46 +785,48 @@ int ret;
static
int is_crl_issuer(gnutls_x509_crl crl, gnutls_x509_crt issuer_cert)
{
- gnutls_datum dn1 = {NULL, 0}, dn2 = {NULL, 0};
- int ret;
+ gnutls_datum dn1 = { NULL, 0 }, dn2 = {
+ NULL, 0};
+ int ret;
- ret = _gnutls_x509_crl_get_raw_issuer_dn( crl, &dn1);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_x509_crt_get_raw_dn( issuer_cert, &dn2);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_x509_crl_get_raw_issuer_dn(crl, &dn1);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- ret = _gnutls_x509_compare_raw_dn( &dn1, &dn2);
-
-cleanup:
- _gnutls_free_datum( &dn1);
- _gnutls_free_datum( &dn2);
-
+ ret = _gnutls_x509_crt_get_raw_dn(issuer_cert, &dn2);
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ ret = _gnutls_x509_compare_raw_dn(&dn1, &dn2);
+
+ cleanup:
+ _gnutls_free_datum(&dn1);
+ _gnutls_free_datum(&dn2);
+
+ return ret;
}
static inline
-gnutls_x509_crt find_crl_issuer(gnutls_x509_crl crl,
- gnutls_x509_crt * trusted_cas, int tcas_size)
+ gnutls_x509_crt find_crl_issuer(gnutls_x509_crl crl,
+ gnutls_x509_crt * trusted_cas,
+ int tcas_size)
{
- int i;
+ int i;
- /* this is serial search.
- */
+ /* this is serial search.
+ */
- for (i = 0; i < tcas_size; i++) {
- if (is_crl_issuer(crl, trusted_cas[i]) == 1)
- return trusted_cas[i];
- }
+ for (i = 0; i < tcas_size; i++) {
+ if (is_crl_issuer(crl, trusted_cas[i]) == 1)
+ return trusted_cas[i];
+ }
- gnutls_assert();
- return NULL;
+ gnutls_assert();
+ return NULL;
}
/*
@@ -788,72 +839,82 @@ gnutls_x509_crt find_crl_issuer(gnutls_x509_crl crl,
* procedure.
*/
static int _gnutls_verify_crl2(gnutls_x509_crl crl,
- gnutls_x509_crt *trusted_cas, int tcas_size,
- unsigned int flags, unsigned int* output)
+ gnutls_x509_crt * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output)
{
/* CRL is ignored for now */
-gnutls_datum crl_signed_data = { NULL, 0 };
-gnutls_datum crl_signature = { NULL, 0 };
-gnutls_x509_crt issuer;
-int ret, result;
-
- if (output) *output = 0;
-
- if (tcas_size >= 1)
- issuer = find_crl_issuer(crl, trusted_cas, tcas_size);
- else {
- gnutls_assert();
- if (output) *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
- return 0;
- }
+ gnutls_datum crl_signed_data = { NULL, 0 };
+ gnutls_datum crl_signature = { NULL, 0 };
+ gnutls_x509_crt issuer;
+ int ret, result;
- /* issuer is not in trusted certificate
- * authorities.
- */
- if (issuer == NULL) {
- gnutls_assert();
- if (output) *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
- return 0;
- }
+ if (output)
+ *output = 0;
- if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN)) {
- if (gnutls_x509_crt_get_ca_status(issuer, NULL) != 1)
- {
- gnutls_assert();
- if (output) *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
- return 0;
- }
- }
+ if (tcas_size >= 1)
+ issuer = find_crl_issuer(crl, trusted_cas, tcas_size);
+ else {
+ gnutls_assert();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ return 0;
+ }
- result = _gnutls_x509_get_signed_data( crl->crl, "tbsCertList", &crl_signed_data);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ /* issuer is not in trusted certificate
+ * authorities.
+ */
+ if (issuer == NULL) {
+ gnutls_assert();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ return 0;
+ }
- result = _gnutls_x509_get_signature( crl->crl, "signature", &crl_signature);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN)) {
+ if (gnutls_x509_crt_get_ca_status(issuer, NULL) != 1) {
+ gnutls_assert();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
+ return 0;
}
+ }
- ret = _gnutls_x509_verify_signature(&crl_signed_data, &crl_signature, issuer);
- if (ret < 0) {
- gnutls_assert();
- } else if (ret == 0) {
- gnutls_assert();
- /* error. ignore it */
- if (output) *output |= GNUTLS_CERT_INVALID;
- ret = 0;
- }
+ result =
+ _gnutls_x509_get_signed_data(crl->crl, "tbsCertList",
+ &crl_signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature(crl->crl, "signature", &crl_signature);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ _gnutls_x509_verify_signature(&crl_signed_data, &crl_signature,
+ issuer);
+ if (ret < 0) {
+ gnutls_assert();
+ } else if (ret == 0) {
+ gnutls_assert();
+ /* error. ignore it */
+ if (output)
+ *output |= GNUTLS_CERT_INVALID;
+ ret = 0;
+ }
+
+ result = ret;
+
+ cleanup:
+ _gnutls_free_datum(&crl_signed_data);
+ _gnutls_free_datum(&crl_signature);
- result = ret;
-
-cleanup:
- _gnutls_free_datum( &crl_signed_data);
- _gnutls_free_datum( &crl_signature);
-
- return result;
+ return result;
}
#endif
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 1692d3b2c5..afdadaf398 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -50,20 +50,20 @@
**/
int gnutls_x509_crt_init(gnutls_x509_crt * cert)
{
- *cert = gnutls_calloc( 1, sizeof(gnutls_x509_crt_int));
-
- if (*cert) {
- int result = asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.Certificate",
- &(*cert)->cert);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_free( *cert);
- return _gnutls_asn2err(result);
- }
- return 0; /* success */
+ *cert = gnutls_calloc(1, sizeof(gnutls_x509_crt_int));
+
+ if (*cert) {
+ int result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Certificate",
+ &(*cert)->cert);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_free(*cert);
+ return _gnutls_asn2err(result);
}
- return GNUTLS_E_MEMORY_ERROR;
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
}
/*-
@@ -78,42 +78,43 @@ int gnutls_x509_crt_init(gnutls_x509_crt * cert)
-*/
int _gnutls_x509_crt_cpy(gnutls_x509_crt dest, gnutls_x509_crt src)
{
-int ret;
-size_t der_size;
-opaque * der;
-gnutls_datum tmp;
-
- ret = gnutls_x509_crt_export( src, GNUTLS_X509_FMT_DER, NULL, &der_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
- gnutls_assert();
- return ret;
- }
+ int ret;
+ size_t der_size;
+ opaque *der;
+ gnutls_datum tmp;
+
+ ret =
+ gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, NULL, &der_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ gnutls_assert();
+ return ret;
+ }
- der = gnutls_alloca( der_size);
- if (der == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ der = gnutls_alloca(der_size);
+ if (der == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- ret = gnutls_x509_crt_export( src, GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0) {
- gnutls_assert();
- gnutls_afree( der);
- return ret;
- }
+ ret = gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, der, &der_size);
+ if (ret < 0) {
+ gnutls_assert();
+ gnutls_afree(der);
+ return ret;
+ }
- tmp.data = der;
- tmp.size = der_size;
- ret = gnutls_x509_crt_import( dest, &tmp, GNUTLS_X509_FMT_DER);
+ tmp.data = der;
+ tmp.size = der_size;
+ ret = gnutls_x509_crt_import(dest, &tmp, GNUTLS_X509_FMT_DER);
- gnutls_afree( der);
+ gnutls_afree(der);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
@@ -126,12 +127,13 @@ gnutls_datum tmp;
**/
void gnutls_x509_crt_deinit(gnutls_x509_crt cert)
{
- if (!cert) return;
+ if (!cert)
+ return;
- if (cert->cert)
- asn1_delete_structure(&cert->cert);
+ if (cert->cert)
+ asn1_delete_structure(&cert->cert);
- gnutls_free(cert);
+ gnutls_free(cert);
}
/**
@@ -150,65 +152,70 @@ void gnutls_x509_crt_deinit(gnutls_x509_crt cert)
*
**/
int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data,
- gnutls_x509_crt_fmt format)
+ gnutls_x509_crt_fmt format)
{
- int result = 0, need_free = 0;
- gnutls_datum _data;
- opaque *signature = NULL;
+ int result = 0, need_free = 0;
+ gnutls_datum _data;
+ opaque *signature = NULL;
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM) {
- opaque *out;
-
- /* Try the first header */
- result = _gnutls_fbase64_decode(PEM_X509_CERT2, data->data, data->size,
- &out);
-
- if (result <= 0) {
- /* try for the second header */
- result = _gnutls_fbase64_decode(PEM_X509_CERT, data->data, data->size,
- &out);
-
- if (result <= 0) {
- if (result==0) result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert();
- return result;
- }
- }
-
- _data.data = out;
- _data.size = result;
-
- need_free = 1;
- }
+ _data.data = data->data;
+ _data.size = data->size;
- result = asn1_der_decoding(&cert->cert, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS) {
- result = _gnutls_asn2err(result);
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM) {
+ opaque *out;
+
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode(PEM_X509_CERT2, data->data, data->size,
+ &out);
+
+ if (result <= 0) {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode(PEM_X509_CERT, data->data,
+ data->size, &out);
+
+ if (result <= 0) {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
gnutls_assert();
- goto cleanup;
+ return result;
+ }
}
- /* Since we do not want to disable any extension
- */
- cert->use_extensions = 1;
- if (need_free) _gnutls_free_datum( &_data);
+ _data.data = out;
+ _data.size = result;
- return 0;
+ need_free = 1;
+ }
- cleanup:
- gnutls_free( signature);
- if (need_free) _gnutls_free_datum( &_data);
- return result;
+ result = asn1_der_decoding(&cert->cert, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ result = _gnutls_asn2err(result);
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Since we do not want to disable any extension
+ */
+ cert->use_extensions = 1;
+ if (need_free)
+ _gnutls_free_datum(&_data);
+
+ return 0;
+
+ cleanup:
+ gnutls_free(signature);
+ if (need_free)
+ _gnutls_free_datum(&_data);
+ return result;
}
@@ -230,15 +237,16 @@ int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data,
*
**/
int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt cert, char *buf,
- size_t *sizeof_buf)
+ size_t * sizeof_buf)
{
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_parse_dn( cert->cert, "tbsCertificate.issuer.rdnSequence",
- buf, sizeof_buf);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn(cert->cert,
+ "tbsCertificate.issuer.rdnSequence", buf,
+ sizeof_buf);
}
/**
@@ -266,16 +274,19 @@ int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt cert, char *buf,
* On success 0 is returned.
*
**/
-int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt cert, const char* oid,
- int indx, unsigned int raw_flag, void *buf, size_t *sizeof_buf)
+int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt cert,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf)
{
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_parse_dn_oid( cert->cert, "tbsCertificate.issuer.rdnSequence", oid,
- indx, raw_flag, buf, sizeof_buf);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn_oid(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
}
/**
@@ -295,16 +306,18 @@ int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt cert, const char* oid,
* On success 0 is returned.
*
**/
-int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt cert,
- int indx, void *oid, size_t *sizeof_oid)
+int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt cert,
+ int indx, void *oid,
+ size_t * sizeof_oid)
{
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn_oid( cert->cert, "tbsCertificate.issuer.rdnSequence",
- indx, oid, sizeof_oid);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid(cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ indx, oid, sizeof_oid);
}
/**
@@ -325,15 +338,16 @@ int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt cert,
*
**/
int gnutls_x509_crt_get_dn(gnutls_x509_crt cert, char *buf,
- size_t *sizeof_buf)
+ size_t * sizeof_buf)
{
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_parse_dn( cert->cert, "tbsCertificate.subject.rdnSequence",
- buf, sizeof_buf);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn(cert->cert,
+ "tbsCertificate.subject.rdnSequence", buf,
+ sizeof_buf);
}
/**
@@ -361,16 +375,18 @@ int gnutls_x509_crt_get_dn(gnutls_x509_crt cert, char *buf,
* On success 0 is returned.
*
**/
-int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt cert, const char* oid,
- int indx, unsigned int raw_flag, void *buf, size_t *sizeof_buf)
+int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt cert, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
{
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_parse_dn_oid( cert->cert, "tbsCertificate.subject.rdnSequence", oid,
- indx, raw_flag, buf, sizeof_buf);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn_oid(cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
}
/**
@@ -390,16 +406,17 @@ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt cert, const char* oid,
* On success 0 is returned.
*
**/
-int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt cert,
- int indx, void *oid, size_t *sizeof_oid)
+int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt cert,
+ int indx, void *oid, size_t * sizeof_oid)
{
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_get_dn_oid( cert->cert, "tbsCertificate.subject.rdnSequence",
- indx, oid, sizeof_oid);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid(cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ indx, oid, sizeof_oid);
}
/**
@@ -414,29 +431,31 @@ int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt cert,
**/
int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt cert)
{
- int result;
- gnutls_datum sa;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Read the signature algorithm. Note that parameters are not
- * read. They will be read from the issuer's certificate if needed.
- */
- result = _gnutls_x509_read_value( cert->cert, "signatureAlgorithm.algorithm", &sa, 0);
+ int result;
+ gnutls_datum sa;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Read the signature algorithm. Note that parameters are not
+ * read. They will be read from the issuer's certificate if needed.
+ */
+ result =
+ _gnutls_x509_read_value(cert->cert, "signatureAlgorithm.algorithm",
+ &sa, 0);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- result = _gnutls_x509_oid2sign_algorithm( sa.data);
+ result = _gnutls_x509_oid2sign_algorithm(sa.data);
- _gnutls_free_datum( &sa);
+ _gnutls_free_datum(&sa);
- return result;
+ return result;
}
/**
@@ -450,24 +469,26 @@ int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt cert)
**/
int gnutls_x509_crt_get_version(gnutls_x509_crt cert)
{
- opaque version[5];
- int len, result;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof(version);
- if ((result = asn1_read_value(cert->cert, "tbsCertificate.version", version, &len)) !=
- ASN1_SUCCESS) {
-
- if (result == ASN1_ELEMENT_NOT_FOUND) return 1; /* the DEFAULT version */
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- return (int) version[0] + 1;
+ opaque version[5];
+ int len, result;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof(version);
+ if ((result =
+ asn1_read_value(cert->cert, "tbsCertificate.version", version,
+ &len)) != ASN1_SUCCESS) {
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ return (int) version[0] + 1;
}
/**
@@ -481,12 +502,13 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt cert)
**/
time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt cert)
{
- if (cert==NULL) {
- gnutls_assert();
- return (time_t)-1;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time( cert->cert, "tbsCertificate.validity.notBefore");
+ return _gnutls_x509_get_time(cert->cert,
+ "tbsCertificate.validity.notBefore");
}
/**
@@ -500,12 +522,13 @@ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt cert)
**/
time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt cert)
{
- if (cert==NULL) {
- gnutls_assert();
- return (time_t)-1;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return (time_t) - 1;
+ }
- return _gnutls_x509_get_time( cert->cert, "tbsCertificate.validity.notAfter");
+ return _gnutls_x509_get_time(cert->cert,
+ "tbsCertificate.validity.notAfter");
}
/**
@@ -523,22 +546,24 @@ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt cert)
* Returns 0 on success and a negative value in case of an error.
*
**/
-int gnutls_x509_crt_get_serial(gnutls_x509_crt cert, void* result,
- size_t* result_size)
+int gnutls_x509_crt_get_serial(gnutls_x509_crt cert, void *result,
+ size_t * result_size)
{
- int ret;
+ int ret;
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if ((ret = asn1_read_value(cert->cert, "tbsCertificate.serialNumber", result, result_size)) < 0) {
- gnutls_assert();
- return _gnutls_asn2err(ret);
- }
+ if ((ret =
+ asn1_read_value(cert->cert, "tbsCertificate.serialNumber", result,
+ result_size)) < 0) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
- return 0;
+ return 0;
}
/**
@@ -555,66 +580,69 @@ int gnutls_x509_crt_get_serial(gnutls_x509_crt cert, void* result,
* Returns 0 on success and a negative value in case of an error.
*
**/
-int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt cert, void* ret,
- size_t* ret_size, unsigned int* critical)
+int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt cert, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
{
- int result, len;
- gnutls_datum id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
-
- if (ret) memset(ret, 0, *ret_size);
- else *ret_size = 0;
-
- if ((result =
- _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &id, critical)) < 0) {
- return result;
- }
+ int result, len;
+ gnutls_datum id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- if (id.size == 0 || id.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.SubjectKeyIdentifier", &c2);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- _gnutls_free_datum( &id);
- return _gnutls_asn2err(result);
- }
- result = asn1_der_decoding(&c2, id.data, id.size, NULL);
- _gnutls_free_datum( &id);
+ if (ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &id,
+ critical)) < 0) {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectKeyIdentifier", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
- len = *ret_size;
- result =
- asn1_read_value(c2, "", ret, &len);
+ len = *ret_size;
+ result = asn1_read_value(c2, "", ret, &len);
- *ret_size = len;
- asn1_delete_structure(&c2);
+ *ret_size = len;
+ asn1_delete_structure(&c2);
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/**
@@ -632,66 +660,69 @@ int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt cert, void* ret,
* Returns 0 on success and a negative value in case of an error.
*
**/
-int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt cert, void* ret,
- size_t* ret_size, unsigned int* critical)
+int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt cert, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
{
- int result, len;
- gnutls_datum id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ int result, len;
+ gnutls_datum id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (ret) memset(ret, 0, *ret_size);
- else *ret_size = 0;
- if ((result =
- _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &id, critical)) < 0) {
- return result;
- }
+ if (ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
- if (id.size == 0 || id.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", &c2);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- _gnutls_free_datum( &id);
- return _gnutls_asn2err(result);
- }
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &id,
+ critical)) < 0) {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
- result = asn1_der_decoding(&c2, id.data, id.size, NULL);
- _gnutls_free_datum( &id);
+ len = *ret_size;
+ result = asn1_read_value(c2, "keyIdentifier", ret, &len);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
+ *ret_size = len;
+ asn1_delete_structure(&c2);
- len = *ret_size;
- result =
- asn1_read_value(c2, "keyIdentifier", ret, &len);
-
- *ret_size = len;
- asn1_delete_structure(&c2);
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- return 0;
+ return 0;
}
/**
@@ -711,85 +742,87 @@ int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt cert, void* ret,
* or a negative value on error.
*
**/
-int gnutls_x509_crt_get_pk_algorithm( gnutls_x509_crt cert, unsigned int* bits)
+int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt cert,
+ unsigned int *bits)
{
- int result;
+ int result;
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_get_pk_algorithm( cert->cert, "tbsCertificate.subjectPublicKeyInfo",
- bits);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ result =
+ _gnutls_x509_get_pk_algorithm(cert->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ bits);
+ if (result < 0) {
+ gnutls_assert();
return result;
+ }
+
+ return result;
}
/* returns the type and the name.
*/
-static int parse_general_name( ASN1_TYPE src, const char* src_name,
- int seq, void* name, size_t *name_size)
+static int parse_general_name(ASN1_TYPE src, const char *src_name,
+ int seq, void *name, size_t * name_size)
{
-int len;
-char num[MAX_INT_DIGITS];
-char nptr[128];
-int result;
-opaque choice_type[128];
-gnutls_x509_subject_alt_name type;
+ int len;
+ char num[MAX_INT_DIGITS];
+ char nptr[128];
+ int result;
+ opaque choice_type[128];
+ gnutls_x509_subject_alt_name type;
- seq++; /* 0->1, 1->2 etc */
- _gnutls_int2str( seq, num);
+ seq++; /* 0->1, 1->2 etc */
+ _gnutls_int2str(seq, num);
- _gnutls_str_cpy( nptr, sizeof(nptr), src_name);
- if (src_name[0] != 0) _gnutls_str_cat( nptr, sizeof(nptr), ".");
+ _gnutls_str_cpy(nptr, sizeof(nptr), src_name);
+ if (src_name[0] != 0)
+ _gnutls_str_cat(nptr, sizeof(nptr), ".");
- _gnutls_str_cat( nptr, sizeof(nptr), "?");
- _gnutls_str_cat( nptr, sizeof(nptr), num);
+ _gnutls_str_cat(nptr, sizeof(nptr), "?");
+ _gnutls_str_cat(nptr, sizeof(nptr), num);
- len = sizeof(choice_type);
- result =
- asn1_read_value(src, nptr, choice_type, &len);
+ len = sizeof(choice_type);
+ result = asn1_read_value(src, nptr, choice_type, &len);
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- type = _gnutls_x509_san_find_type( choice_type);
- if (type == (gnutls_x509_subject_alt_name)-1) {
- gnutls_assert();
- return GNUTLS_E_X509_UNKNOWN_SAN;
- }
+ type = _gnutls_x509_san_find_type(choice_type);
+ if (type == (gnutls_x509_subject_alt_name) - 1) {
+ gnutls_assert();
+ return GNUTLS_E_X509_UNKNOWN_SAN;
+ }
- _gnutls_str_cat( nptr, sizeof(nptr), ".");
- _gnutls_str_cat( nptr, sizeof(nptr), choice_type);
+ _gnutls_str_cat(nptr, sizeof(nptr), ".");
+ _gnutls_str_cat(nptr, sizeof(nptr), choice_type);
- len = *name_size;
- result =
- asn1_read_value(src, nptr, name, &len);
- *name_size = len;
+ len = *name_size;
+ result = asn1_read_value(src, nptr, name, &len);
+ *name_size = len;
- if (result==ASN1_MEM_ERROR)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (result == ASN1_MEM_ERROR)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return type;
+ return type;
}
/**
@@ -815,60 +848,65 @@ gnutls_x509_subject_alt_name type;
* sequence number then returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
*
**/
-int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert,
- unsigned int seq, void *ret, size_t *ret_size, unsigned int *critical)
+int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
{
- int result;
- gnutls_datum dnsname;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- gnutls_x509_subject_alt_name type;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (ret) memset(ret, 0, *ret_size);
- else *ret_size = 0;
-
- if ((result =
- _gnutls_x509_crt_get_extension(cert, "2.5.29.17", 0, &dnsname, critical)) < 0) {
- return result;
- }
-
- if (dnsname.size == 0 || dnsname.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.SubjectAltName", &c2);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- _gnutls_free_datum( &dnsname);
- return _gnutls_asn2err(result);
- }
-
- result = asn1_der_decoding(&c2, dnsname.data, dnsname.size, NULL);
- _gnutls_free_datum( &dnsname);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
+ int result;
+ gnutls_datum dnsname;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_x509_subject_alt_name type;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.17", 0, &dnsname,
+ critical)) < 0) {
+ return result;
+ }
+
+ if (dnsname.size == 0 || dnsname.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.SubjectAltName", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&dnsname);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, dnsname.data, dnsname.size, NULL);
+ _gnutls_free_datum(&dnsname);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
- result = parse_general_name( c2, "", seq, ret, ret_size);
+ result = parse_general_name(c2, "", seq, ret, ret_size);
- asn1_delete_structure(&c2);
+ asn1_delete_structure(&c2);
- if (result < 0) {
- return result;
- }
+ if (result < 0) {
+ return result;
+ }
- type = result;
+ type = result;
- return type;
+ return type;
}
/**
@@ -886,38 +924,43 @@ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert,
* GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
*
**/
-int gnutls_x509_crt_get_ca_status(gnutls_x509_crt cert, unsigned int* critical)
+int gnutls_x509_crt_get_ca_status(gnutls_x509_crt cert,
+ unsigned int *critical)
{
- int result;
- gnutls_datum basicConstraints;
- int ca;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ int result;
+ gnutls_datum basicConstraints;
+ int ca;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.19", 0,
+ &basicConstraints,
+ critical)) < 0) {
+ gnutls_assert();
+ return result;
+ }
- if ((result =
- _gnutls_x509_crt_get_extension(cert, "2.5.29.19", 0, &basicConstraints, critical)) < 0) {
- gnutls_assert();
- return result;
- }
+ if (basicConstraints.size == 0 || basicConstraints.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (basicConstraints.size == 0 || basicConstraints.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result = _gnutls_x509_ext_extract_basicConstraints( &ca, basicConstraints.data,
- basicConstraints.size);
- _gnutls_free_datum( &basicConstraints);
+ result =
+ _gnutls_x509_ext_extract_basicConstraints(&ca,
+ basicConstraints.data,
+ basicConstraints.size);
+ _gnutls_free_datum(&basicConstraints);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return ca;
+ return ca;
}
/**
@@ -939,40 +982,42 @@ int gnutls_x509_crt_get_ca_status(gnutls_x509_crt cert, unsigned int* critical)
* GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
*
**/
-int gnutls_x509_crt_get_key_usage(gnutls_x509_crt cert, unsigned int *key_usage,
- unsigned int *critical)
+int gnutls_x509_crt_get_key_usage(gnutls_x509_crt cert,
+ unsigned int *key_usage,
+ unsigned int *critical)
{
- int result;
- gnutls_datum keyUsage;
- uint16 _usage;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ int result;
+ gnutls_datum keyUsage;
+ uint16 _usage;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.15", 0, &keyUsage,
+ critical)) < 0) {
+ return result;
+ }
- if ((result =
- _gnutls_x509_crt_get_extension(cert, "2.5.29.15", 0, &keyUsage, critical)) < 0) {
- return result;
- }
+ if (keyUsage.size == 0 || keyUsage.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (keyUsage.size == 0 || keyUsage.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ result = _gnutls_x509_ext_extract_keyUsage(&_usage, keyUsage.data,
+ keyUsage.size);
+ _gnutls_free_datum(&keyUsage);
- result = _gnutls_x509_ext_extract_keyUsage( &_usage, keyUsage.data,
- keyUsage.size);
- _gnutls_free_datum( &keyUsage);
-
- *key_usage = _usage;
+ *key_usage = _usage;
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -993,43 +1038,46 @@ int gnutls_x509_crt_get_key_usage(gnutls_x509_crt cert, unsigned int *key_usage,
* GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
*
**/
-int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt cert, const char* oid,
- int indx, void* buf, size_t * sizeof_buf, unsigned int * critical)
+int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt cert,
+ const char *oid, int indx,
+ void *buf, size_t * sizeof_buf,
+ unsigned int *critical)
{
- int result;
- gnutls_datum output;
+ int result;
+ gnutls_datum output;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, oid, indx, &output,
+ critical)) < 0) {
+ gnutls_assert();
+ return result;
+ }
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (output.size == 0 || output.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if ((result =
- _gnutls_x509_crt_get_extension(cert, oid, indx, &output, critical)) < 0) {
- gnutls_assert();
- return result;
- }
+ if (output.size > (unsigned int) *sizeof_buf) {
+ *sizeof_buf = output.size;
+ _gnutls_free_datum(&output);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- if (output.size == 0 || output.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ *sizeof_buf = output.size;
- if (output.size > (unsigned int)*sizeof_buf) {
- *sizeof_buf = output.size;
- _gnutls_free_datum( &output);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (buf)
+ memcpy(buf, output.data, output.size);
- *sizeof_buf = output.size;
-
- if (buf)
- memcpy( buf, output.data, output.size);
+ _gnutls_free_datum(&output);
+
+ return 0;
- _gnutls_free_datum( &output);
-
- return 0;
-
}
/**
@@ -1047,79 +1095,82 @@ int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt cert, const char* oid,
* GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
*
**/
-int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt cert, int indx,
- void* oid, size_t * sizeof_oid)
+int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt cert, int indx,
+ void *oid, size_t * sizeof_oid)
{
- int result;
+ int result;
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result =
- _gnutls_x509_crt_get_extension_oid(cert, indx, oid, sizeof_oid);
- if (result < 0) {
- return result;
- }
+ result =
+ _gnutls_x509_crt_get_extension_oid(cert, indx, oid, sizeof_oid);
+ if (result < 0) {
+ return result;
+ }
+
+ return 0;
- return 0;
-
}
static
-int _gnutls_x509_crt_get_raw_dn2( gnutls_x509_crt cert,
- const char* whom, gnutls_datum* start)
+int _gnutls_x509_crt_get_raw_dn2(gnutls_x509_crt cert,
+ const char *whom, gnutls_datum * start)
{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len1;
- int start1, end1;
- gnutls_datum signed_data;
-
- /* get the issuer of 'cert'
- */
- if ((result =
- asn1_create_element(_gnutls_get_pkix(), "PKIX1.TBSCertificate",
- &c2)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- result = _gnutls_x509_get_signed_data( cert->cert, "tbsCertificate", &signed_data);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len1;
+ int start1, end1;
+ gnutls_datum signed_data;
+
+ /* get the issuer of 'cert'
+ */
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(), "PKIX1.TBSCertificate",
+ &c2)) != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate",
+ &signed_data);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ result =
+ asn1_der_decoding(&c2, signed_data.data, signed_data.size, NULL);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- result = asn1_der_decoding(&c2, signed_data.data, signed_data.size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
+ result =
+ asn1_der_decoding_startEnd(c2, signed_data.data, signed_data.size,
+ whom, &start1, &end1);
- result =
- asn1_der_decoding_startEnd(c2, signed_data.data, signed_data.size,
- whom, &start1, &end1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ result = _gnutls_asn2err(result);
+ goto cleanup;
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- len1 = end1 - start1 + 1;
+ len1 = end1 - start1 + 1;
- _gnutls_set_datum( start, &signed_data.data[start1], len1);
+ _gnutls_set_datum(start, &signed_data.data[start1], len1);
- result = 0;
+ result = 0;
-cleanup:
- asn1_delete_structure(&c2);
- _gnutls_free_datum( &signed_data);
- return result;
+ cleanup:
+ asn1_delete_structure(&c2);
+ _gnutls_free_datum(&signed_data);
+ return result;
}
/*-
@@ -1133,10 +1184,10 @@ cleanup:
* Returns 0 on success or a negative value on error.
*
-*/
-int _gnutls_x509_crt_get_raw_issuer_dn( gnutls_x509_crt cert,
- gnutls_datum* start)
+int _gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt cert,
+ gnutls_datum * start)
{
- return _gnutls_x509_crt_get_raw_dn2( cert, "issuer", start);
+ return _gnutls_x509_crt_get_raw_dn2(cert, "issuer", start);
}
/*-
@@ -1150,10 +1201,9 @@ int _gnutls_x509_crt_get_raw_issuer_dn( gnutls_x509_crt cert,
* Returns 0 on success, or a negative value on error.
*
-*/
-int _gnutls_x509_crt_get_raw_dn( gnutls_x509_crt cert,
- gnutls_datum * start)
+int _gnutls_x509_crt_get_raw_dn(gnutls_x509_crt cert, gnutls_datum * start)
{
- return _gnutls_x509_crt_get_raw_dn2( cert, "subject", start);
+ return _gnutls_x509_crt_get_raw_dn2(cert, "subject", start);
}
@@ -1174,44 +1224,44 @@ int _gnutls_x509_crt_get_raw_dn( gnutls_x509_crt cert,
* On success 0 is returned.
*
**/
-int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt cert,
- gnutls_digest_algorithm algo, void *buf,
- size_t *sizeof_buf)
+int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt cert,
+ gnutls_digest_algorithm algo,
+ void *buf, size_t * sizeof_buf)
{
-opaque *cert_buf;
-int cert_buf_size;
-int result;
-gnutls_datum tmp;
+ opaque *cert_buf;
+ int cert_buf_size;
+ int result;
+ gnutls_datum tmp;
- if (sizeof_buf == 0 || cert == NULL) {
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (sizeof_buf == 0 || cert == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- cert_buf_size = 0;
- asn1_der_coding( cert->cert, "", NULL, &cert_buf_size, NULL);
+ cert_buf_size = 0;
+ asn1_der_coding(cert->cert, "", NULL, &cert_buf_size, NULL);
- cert_buf = gnutls_alloca( cert_buf_size);
- if (cert_buf == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ cert_buf = gnutls_alloca(cert_buf_size);
+ if (cert_buf == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- result = asn1_der_coding( cert->cert, "",
- cert_buf, &cert_buf_size, NULL);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- gnutls_afree( cert_buf);
- return _gnutls_asn2err(result);
- }
-
- tmp.data = cert_buf;
- tmp.size = cert_buf_size;
+ result = asn1_der_coding(cert->cert, "",
+ cert_buf, &cert_buf_size, NULL);
- result = gnutls_fingerprint( algo, &tmp, buf, sizeof_buf);
- gnutls_afree( cert_buf);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ gnutls_afree(cert_buf);
+ return _gnutls_asn2err(result);
+ }
- return result;
+ tmp.data = cert_buf;
+ tmp.size = cert_buf_size;
+
+ result = gnutls_fingerprint(algo, &tmp, buf, sizeof_buf);
+ gnutls_afree(cert_buf);
+
+ return result;
}
/**
@@ -1233,16 +1283,18 @@ gnutls_datum tmp;
* 0 on success.
*
**/
-int gnutls_x509_crt_export( gnutls_x509_crt cert,
- gnutls_x509_crt_fmt format, void* output_data, size_t* output_data_size)
+int gnutls_x509_crt_export(gnutls_x509_crt cert,
+ gnutls_x509_crt_fmt format, void *output_data,
+ size_t * output_data_size)
{
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_export_int( cert->cert, format, "CERTIFICATE", *output_data_size,
- output_data, output_data_size);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int(cert->cert, format, "CERTIFICATE",
+ *output_data_size, output_data,
+ output_data_size);
}
@@ -1265,78 +1317,81 @@ int gnutls_x509_crt_export( gnutls_x509_crt cert,
* 0 on success.
*
**/
-int gnutls_x509_crt_get_key_id( gnutls_x509_crt crt, unsigned int flags,
- unsigned char* output_data, size_t* output_data_size)
+int gnutls_x509_crt_get_key_id(gnutls_x509_crt crt, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
-mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
-int params_size = MAX_PUBLIC_PARAMS_SIZE;
-int i, pk, result = 0;
-gnutls_datum der = { NULL, 0 };
-GNUTLS_HASH_HANDLE hd;
+ mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size = MAX_PUBLIC_PARAMS_SIZE;
+ int i, pk, result = 0;
+ gnutls_datum der = { NULL, 0 };
+ GNUTLS_HASH_HANDLE hd;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*output_data_size < 20) {
+ gnutls_assert();
+ *output_data_size = 20;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
- if (crt==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ pk = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
- if (*output_data_size < 20) {
- gnutls_assert();
- *output_data_size = 20;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
+ if (pk < 0) {
+ gnutls_assert();
+ return pk;
+ }
- pk = gnutls_x509_crt_get_pk_algorithm( crt, NULL);
-
- if ( pk < 0) {
- gnutls_assert();
- return pk;
- }
+ result = _gnutls_x509_crt_get_mpis(crt, params, &params_size);
- result = _gnutls_x509_crt_get_mpis( crt, params, &params_size);
-
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ if (pk == GNUTLS_PK_RSA) {
+ result = _gnutls_x509_write_rsa_params(params, params_size, &der);
if (result < 0) {
- gnutls_assert();
- return result;
+ gnutls_assert();
+ goto cleanup;
}
-
- if (pk == GNUTLS_PK_RSA) {
- result = _gnutls_x509_write_rsa_params( params, params_size, &der);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
- } else if (pk == GNUTLS_PK_DSA) {
- result = _gnutls_x509_write_dsa_public_key( params, params_size, &der);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
- }
- } else return GNUTLS_E_INTERNAL_ERROR;
-
- hd = _gnutls_hash_init( GNUTLS_MAC_SHA);
- if (hd == GNUTLS_HASH_FAILED) {
- gnutls_assert();
- result = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
+ } else if (pk == GNUTLS_PK_DSA) {
+ result =
+ _gnutls_x509_write_dsa_public_key(params, params_size, &der);
+ if (result < 0) {
+ gnutls_assert();
+ goto cleanup;
}
-
- _gnutls_hash( hd, der.data, der.size);
+ } else
+ return GNUTLS_E_INTERNAL_ERROR;
- _gnutls_hash_deinit( hd, output_data);
- *output_data_size = 20;
+ hd = _gnutls_hash_init(GNUTLS_MAC_SHA);
+ if (hd == GNUTLS_HASH_FAILED) {
+ gnutls_assert();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
- result = 0;
+ _gnutls_hash(hd, der.data, der.size);
- cleanup:
-
- _gnutls_free_datum( &der);
+ _gnutls_hash_deinit(hd, output_data);
+ *output_data_size = 20;
- /* release all allocated MPIs
- */
- for (i = 0; i < params_size; i++) {
- _gnutls_mpi_release( &params[i]);
- }
- return result;
+ result = 0;
+
+ cleanup:
+
+ _gnutls_free_datum(&der);
+
+ /* release all allocated MPIs
+ */
+ for (i = 0; i < params_size; i++) {
+ _gnutls_mpi_release(&params[i]);
+ }
+ return result;
}
@@ -1356,90 +1411,86 @@ GNUTLS_HASH_HANDLE hd;
*
**/
int gnutls_x509_crt_check_revocation(gnutls_x509_crt cert,
- gnutls_x509_crl * crl_list,
- int crl_list_length)
+ gnutls_x509_crl * crl_list,
+ int crl_list_length)
{
- opaque serial[64];
- opaque cert_serial[64];
- size_t serial_size, cert_serial_size;
- int ncerts, ret, i, j;
- gnutls_datum dn1, dn2;
+ opaque serial[64];
+ opaque cert_serial[64];
+ size_t serial_size, cert_serial_size;
+ int ncerts, ret, i, j;
+ gnutls_datum dn1, dn2;
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (j = 0; j < crl_list_length; j++) { /* do for all the crls */
+
+ /* Step 1. check if issuer's DN match
+ */
+ ret = _gnutls_x509_crl_get_raw_issuer_dn(crl_list[j], &dn1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
- for (j = 0; j < crl_list_length; j++) { /* do for all the crls */
+ ret = _gnutls_x509_crt_get_raw_issuer_dn(cert, &dn2);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- /* Step 1. check if issuer's DN match
- */
- ret = _gnutls_x509_crl_get_raw_issuer_dn(crl_list[j], &dn1);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = _gnutls_x509_compare_raw_dn(&dn1, &dn2);
+ if (ret == 0) {
+ /* issuers do not match so don't even
+ * bother checking.
+ */
+ continue;
+ }
- ret =
- _gnutls_x509_crt_get_raw_issuer_dn(cert, &dn2);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ /* Step 2. Read the certificate's serial number
+ */
+ cert_serial_size = sizeof(cert_serial);
+ ret =
+ gnutls_x509_crt_get_serial(cert, cert_serial,
+ &cert_serial_size);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- ret = _gnutls_x509_compare_raw_dn(&dn1, &dn2);
- if (ret == 0) {
- /* issuers do not match so don't even
- * bother checking.
- */
- continue;
- }
+ /* Step 3. cycle through the CRL serials and compare with
+ * certificate serial we have.
+ */
- /* Step 2. Read the certificate's serial number
- */
- cert_serial_size = sizeof(cert_serial);
- ret =
- gnutls_x509_crt_get_serial(cert, cert_serial,
- &cert_serial_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ncerts = gnutls_x509_crl_get_crt_count(crl_list[j]);
+ if (ncerts < 0) {
+ gnutls_assert();
+ return ncerts;
+ }
- /* Step 3. cycle through the CRL serials and compare with
- * certificate serial we have.
- */
+ for (i = 0; i < ncerts; i++) {
+ serial_size = sizeof(serial);
+ ret =
+ gnutls_x509_crl_get_crt_serial(crl_list[j], i, serial,
+ &serial_size, NULL);
- ncerts = gnutls_x509_crl_get_crt_count(crl_list[j]);
- if (ncerts < 0) {
- gnutls_assert();
- return ncerts;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- for (i = 0; i < ncerts; i++) {
- serial_size = sizeof(serial);
- ret =
- gnutls_x509_crl_get_crt_serial(crl_list[j], i, serial,
- &serial_size,
- NULL);
-
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- if (serial_size == cert_serial_size) {
- if (memcmp
- (serial, cert_serial,
- serial_size) == 0) {
- /* serials match */
- return 1; /* revoked! */
- }
- }
+ if (serial_size == cert_serial_size) {
+ if (memcmp(serial, cert_serial, serial_size) == 0) {
+ /* serials match */
+ return 1; /* revoked! */
}
-
+ }
}
- return 0; /* not revoked. */
+
+ }
+ return 0; /* not revoked. */
}
/**
@@ -1456,23 +1507,24 @@ int gnutls_x509_crt_check_revocation(gnutls_x509_crt cert,
* 1 on success.
*
**/
-int gnutls_x509_crt_verify_data( gnutls_x509_crt crt, unsigned int flags,
- const gnutls_datum* data, const gnutls_datum* signature)
+int gnutls_x509_crt_verify_data(gnutls_x509_crt crt, unsigned int flags,
+ const gnutls_datum * data,
+ const gnutls_datum * signature)
{
-int result;
+ int result;
- if (crt == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_verify_signature( data, signature, crt);
- if (result < 0) {
- gnutls_assert();
- return 0;
- }
-
- return result;
+ result = _gnutls_x509_verify_signature(data, signature, crt);
+ if (result < 0) {
+ gnutls_assert();
+ return 0;
+ }
+
+ return result;
}
/**
@@ -1505,92 +1557,98 @@ int result;
* sequence number then returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
*
**/
-int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt cert,
- unsigned int seq, void *ret, size_t *ret_size,
- unsigned int* reason_flags, unsigned int *critical)
+int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *reason_flags,
+ unsigned int *critical)
{
- int result;
- gnutls_datum dist_points = {NULL, 0};
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- char name[128];
- int len;
- char num[MAX_INT_DIGITS];
- gnutls_x509_subject_alt_name type;
- uint8 reasons[2];
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ int result;
+ gnutls_datum dist_points = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ char name[128];
+ int len;
+ char num[MAX_INT_DIGITS];
+ gnutls_x509_subject_alt_name type;
+ uint8 reasons[2];
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (ret)
+ memset(ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if (reason_flags)
+ *reason_flags = 0;
+
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.31", 0, &dist_points,
+ critical);
+ if (result < 0) {
+ return result;
+ }
+
+ if (dist_points.size == 0 || dist_points.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.CRLDistributionPoints", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&dist_points);
+ return _gnutls_asn2err(result);
+ }
+
+ result =
+ asn1_der_decoding(&c2, dist_points.data, dist_points.size, NULL);
+ _gnutls_free_datum(&dist_points);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
- if (ret) memset(ret, 0, *ret_size);
- else *ret_size = 0;
-
- if (reason_flags) *reason_flags = 0;
+ /* Return the different names from the first CRLDistr. point.
+ * The whole thing is a mess.
+ */
+ _gnutls_str_cpy(name, sizeof(name), "?1.distributionPoint.fullName");
- result =
- _gnutls_x509_crt_get_extension(cert, "2.5.29.31", 0, &dist_points, critical);
- if (result < 0) {
- return result;
- }
-
- if (dist_points.size == 0 || dist_points.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ result = parse_general_name(c2, name, seq, ret, ret_size);
+ if (result < 0) {
+ asn1_delete_structure(&c2);
+ return result;
+ }
- result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.CRLDistributionPoints", &c2);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- _gnutls_free_datum( &dist_points);
- return _gnutls_asn2err(result);
- }
+ type = result;
- result = asn1_der_decoding(&c2, dist_points.data, dist_points.size, NULL);
- _gnutls_free_datum( &dist_points);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
+ /* Read the CRL reasons.
+ */
+ if (reason_flags) {
+ _gnutls_str_cpy(name, sizeof(name), "?");
+ _gnutls_str_cat(name, sizeof(name), num);
+ _gnutls_str_cat(name, sizeof(name), ".reasons");
- /* Return the different names from the first CRLDistr. point.
- * The whole thing is a mess.
- */
- _gnutls_str_cpy( name, sizeof(name), "?1.distributionPoint.fullName");
+ len = sizeof(reasons);
+ result = asn1_read_value(c2, name, reasons, &len);
- result = parse_general_name( c2, name, seq, ret, ret_size);
- if (result < 0) {
- asn1_delete_structure(&c2);
- return result;
+ if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
}
-
- type = result;
-
- /* Read the CRL reasons.
- */
- if (reason_flags) {
- _gnutls_str_cpy( name, sizeof(name), "?");
- _gnutls_str_cat( name, sizeof(name), num);
- _gnutls_str_cat( name, sizeof(name), ".reasons");
-
- len = sizeof(reasons);
- result =
- asn1_read_value(c2, name, reasons, &len);
-
- if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
-
- *reason_flags = reasons[0] | (reasons[1] << 8);
- }
+ *reason_flags = reasons[0] | (reasons[1] << 8);
+ }
- return type;
+ return type;
}
/**
@@ -1611,74 +1669,78 @@ int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt cert,
* On success 0 is returned.
*
**/
-int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt cert,
- int indx, void *oid, size_t *sizeof_oid, unsigned int* critical)
+int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt cert,
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical)
{
- char counter[MAX_INT_DIGITS];
- char tmpstr[64];
- int result, len;
- gnutls_datum id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (oid) memset(oid, 0, *sizeof_oid);
- else *sizeof_oid = 0;
-
- if ((result =
- _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &id, critical)) < 0) {
- return result;
- }
-
- if (id.size == 0 || id.data==NULL) {
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- _gnutls_free_datum( &id);
- return _gnutls_asn2err(result);
- }
-
- result = asn1_der_decoding(&c2, id.data, id.size, NULL);
- _gnutls_free_datum( &id);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
+ char counter[MAX_INT_DIGITS];
+ char tmpstr[64];
+ int result, len;
+ gnutls_datum id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (oid)
+ memset(oid, 0, *sizeof_oid);
+ else
+ *sizeof_oid = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &id,
+ critical)) < 0) {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ _gnutls_free_datum(&id);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&c2, id.data, id.size, NULL);
+ _gnutls_free_datum(&id);
+
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
- indx++;
- /* create a string like "?1"
- */
- _gnutls_int2str(indx, counter);
- _gnutls_str_cpy(tmpstr, sizeof(tmpstr), "?");
- _gnutls_str_cat(tmpstr, sizeof(tmpstr), counter);
+ indx++;
+ /* create a string like "?1"
+ */
+ _gnutls_int2str(indx, counter);
+ _gnutls_str_cpy(tmpstr, sizeof(tmpstr), "?");
+ _gnutls_str_cat(tmpstr, sizeof(tmpstr), counter);
- len = *sizeof_oid;
- result =
- asn1_read_value(c2, tmpstr, oid, &len);
+ len = *sizeof_oid;
+ result = asn1_read_value(c2, tmpstr, oid, &len);
- *sizeof_oid = len;
- asn1_delete_structure(&c2);
+ *sizeof_oid = len;
+ asn1_delete_structure(&c2);
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
@@ -1694,44 +1756,50 @@ int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt cert,
*
**/
int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt crt,
- gnutls_datum * m, gnutls_datum *e)
+ gnutls_datum * m, gnutls_datum * e)
{
-int ret;
-mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
-int params_size = MAX_PUBLIC_PARAMS_SIZE;
-int i;
-
- if (crt == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_crt_get_mpis( crt, params, &params_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = _gnutls_mpi_dprint(m, params[0]);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint(e, params[1]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(m);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- for (i = 0; i < params_size; i++) {
- _gnutls_mpi_release( &params[i]);
- }
+ int ret;
+ mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size = MAX_PUBLIC_PARAMS_SIZE;
+ int i;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
+ if (ret != GNUTLS_PK_RSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crt_get_mpis(crt, params, &params_size);
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+ ret = _gnutls_mpi_dprint(m, params[0]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint(e, params[1]);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(m);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ for (i = 0; i < params_size; i++) {
+ _gnutls_mpi_release(&params[i]);
+ }
+ return ret;
}
/**
@@ -1748,69 +1816,75 @@ cleanup:
*
**/
int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt crt,
- gnutls_datum * p, gnutls_datum *q,
- gnutls_datum *g, gnutls_datum *y)
+ gnutls_datum * p, gnutls_datum * q,
+ gnutls_datum * g, gnutls_datum * y)
{
-int ret;
-mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
-int params_size = MAX_PUBLIC_PARAMS_SIZE;
-int i;
-
- if (crt == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = _gnutls_x509_crt_get_mpis( crt, params, &params_size);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
-
- /* P */
- ret = _gnutls_mpi_dprint(p, params[0]);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- /* Q */
- ret = _gnutls_mpi_dprint(q, params[1]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- goto cleanup;
- }
-
-
- /* G */
- ret = _gnutls_mpi_dprint(g, params[2]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- _gnutls_free_datum(q);
- goto cleanup;
- }
-
-
- /* Y */
- ret = _gnutls_mpi_dprint(y, params[3]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- _gnutls_free_datum(g);
- _gnutls_free_datum(q);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- for (i = 0; i < params_size; i++) {
- _gnutls_mpi_release( &params[i]);
- }
+ int ret;
+ mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size = MAX_PUBLIC_PARAMS_SIZE;
+ int i;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
+ if (ret != GNUTLS_PK_DSA) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crt_get_mpis(crt, params, &params_size);
+ if (ret < 0) {
+ gnutls_assert();
return ret;
+ }
+
+
+ /* P */
+ ret = _gnutls_mpi_dprint(p, params[0]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint(q, params[1]);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ goto cleanup;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint(g, params[2]);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint(y, params[3]);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(p);
+ _gnutls_free_datum(g);
+ _gnutls_free_datum(q);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ for (i = 0; i < params_size; i++) {
+ _gnutls_mpi_release(&params[i]);
+ }
+ return ret;
}
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 32f5ea3001..0fbe906c19 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -41,7 +41,7 @@
#include <libtasn1.h>
#include <gnutls_ui.h>
-static void disable_optional_stuff( gnutls_x509_crt cert);
+static void disable_optional_stuff(gnutls_x509_crt cert);
/**
* gnutls_x509_crt_set_dn_by_oid - This function will set the Certificate request subject's distinguished name
@@ -63,15 +63,16 @@ static void disable_optional_stuff( gnutls_x509_crt cert);
* Returns 0 on success.
*
**/
-int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt crt, const char* oid,
- unsigned int raw_flag, const void *name, unsigned int sizeof_name)
+int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt crt, const char *oid,
+ unsigned int raw_flag, const void *name,
+ unsigned int sizeof_name)
{
- if (sizeof_name == 0 || name == NULL || crt == NULL) {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_set_dn_oid( crt->cert, "tbsCertificate.subject", oid,
- raw_flag, name, sizeof_name);
+ if (sizeof_name == 0 || name == NULL || crt == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.subject",
+ oid, raw_flag, name, sizeof_name);
}
/**
@@ -97,15 +98,18 @@ int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt crt, const char* oid,
* Returns 0 on success.
*
**/
-int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt crt, const char* oid,
- unsigned int raw_flag, const void *name, unsigned int sizeof_name)
+int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt crt,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name)
{
- if (sizeof_name == 0 || name == NULL || crt == NULL) {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_set_dn_oid( crt->cert, "tbsCertificate.issuer", oid,
- raw_flag, name, sizeof_name);
+ if (sizeof_name == 0 || name == NULL || crt == NULL) {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.issuer", oid,
+ raw_flag, name, sizeof_name);
}
/**
@@ -122,23 +126,25 @@ int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt crt, const char* oid,
**/
int gnutls_x509_crt_set_version(gnutls_x509_crt crt, unsigned int version)
{
-int result;
-unsigned char null = version;
+ int result;
+ unsigned char null = version;
- if (crt==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- if (null > 0) null--;
+ if (null > 0)
+ null--;
- result = asn1_write_value( crt->cert, "tbsCertificate.version", &null, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ result =
+ asn1_write_value(crt->cert, "tbsCertificate.version", &null, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- return 0;
+ return 0;
}
/**
@@ -154,23 +160,25 @@ unsigned char null = version;
**/
int gnutls_x509_crt_set_key(gnutls_x509_crt crt, gnutls_x509_privkey key)
{
-int result;
+ int result;
- if (crt==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- result = _gnutls_x509_encode_and_copy_PKI_params( crt->cert,
- "tbsCertificate.subjectPublicKeyInfo", key->pk_algorithm,
- key->params, key->params_size);
+ result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ key->pk_algorithm,
+ key->params,
+ key->params_size);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- return 0;
+ return 0;
}
/**
@@ -186,31 +194,35 @@ int result;
**/
int gnutls_x509_crt_set_crq(gnutls_x509_crt crt, gnutls_x509_crq crq)
{
-int result;
-int pk_algorithm;
-
- if (crt==NULL || crq == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- pk_algorithm = gnutls_x509_crq_get_pk_algorithm( crq, NULL);
-
- result = _gnutls_asn1_copy_node( &crt->cert, "tbsCertificate.subject",
- crq->crq, "certificationRequestInfo.subject");
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- result = _gnutls_asn1_copy_node( &crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- crq->crq, "certificationRequestInfo.subjectPKInfo");
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- return 0;
+ int result;
+ int pk_algorithm;
+
+ if (crt == NULL || crq == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pk_algorithm = gnutls_x509_crq_get_pk_algorithm(crq, NULL);
+
+ result = _gnutls_asn1_copy_node(&crt->cert, "tbsCertificate.subject",
+ crq->crq,
+ "certificationRequestInfo.subject");
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_asn1_copy_node(&crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ crq->crq,
+ "certificationRequestInfo.subjectPKInfo");
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
@@ -226,34 +238,35 @@ int pk_algorithm;
**/
int gnutls_x509_crt_set_ca_status(gnutls_x509_crt crt, unsigned int ca)
{
-int result;
-gnutls_datum der_data;
+ int result;
+ gnutls_datum der_data;
- if (crt==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_basicConstraints( ca, &der_data);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_basicConstraints(ca, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_x509_crt_set_extension( crt, "2.5.29.19", &der_data, 1);
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.19", &der_data, 1);
- _gnutls_free_datum( &der_data);
+ _gnutls_free_datum(&der_data);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- crt->use_extensions = 1;
+ crt->use_extensions = 1;
- return 0;
+ return 0;
}
/**
@@ -268,34 +281,35 @@ gnutls_datum der_data;
**/
int gnutls_x509_crt_set_key_usage(gnutls_x509_crt crt, unsigned int usage)
{
-int result;
-gnutls_datum der_data;
+ int result;
+ gnutls_datum der_data;
- if (crt==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_keyUsage( (uint16)usage, &der_data);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_keyUsage((uint16) usage, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- result = _gnutls_x509_crt_set_extension( crt, "2.5.29.15", &der_data, 1);
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.15", &der_data, 1);
- _gnutls_free_datum( &der_data);
+ _gnutls_free_datum(&der_data);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- crt->use_extensions = 1;
+ crt->use_extensions = 1;
- return 0;
+ return 0;
}
/**
@@ -309,49 +323,57 @@ gnutls_datum der_data;
* Returns 0 on success.
*
**/
-int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt crt, gnutls_x509_subject_alt_name type,
- const char* data_string)
+int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt crt,
+ gnutls_x509_subject_alt_name
+ type,
+ const char *data_string)
{
-int result;
-gnutls_datum der_data;
-gnutls_datum dnsname;
-unsigned int critical;
-
- if (crt==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result = _gnutls_x509_crt_get_extension(crt, "2.5.29.17", 0, &dnsname, &critical);
-
- if (result >= 0) _gnutls_free_datum( &dnsname);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_subject_alt_name( type, data_string, &der_data);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension( crt, "2.5.29.17", &der_data, 0);
-
- _gnutls_free_datum( &der_data);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- crt->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum der_data;
+ gnutls_datum dnsname;
+ unsigned int critical;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(crt, "2.5.29.17", 0, &dnsname,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&dnsname);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_subject_alt_name(type, data_string,
+ &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.17", &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
}
/**
@@ -369,28 +391,28 @@ unsigned int critical;
* Returns 0 on success.
*
**/
-int gnutls_x509_crt_sign(gnutls_x509_crt crt, gnutls_x509_crt issuer,
- gnutls_x509_privkey issuer_key)
+int gnutls_x509_crt_sign(gnutls_x509_crt crt, gnutls_x509_crt issuer,
+ gnutls_x509_privkey issuer_key)
{
-int result;
+ int result;
- if (crt==NULL || issuer == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (crt == NULL || issuer == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- /* disable all the unneeded OPTIONAL fields.
- */
- disable_optional_stuff( crt);
+ /* disable all the unneeded OPTIONAL fields.
+ */
+ disable_optional_stuff(crt);
- result = _gnutls_x509_pkix_sign( crt->cert, "tbsCertificate", issuer,
- issuer_key);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- return 0;
+ result = _gnutls_x509_pkix_sign(crt->cert, "tbsCertificate", issuer,
+ issuer_key);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/**
@@ -403,14 +425,17 @@ int result;
* Returns 0 on success, or a negative value in case of an error.
*
**/
-int gnutls_x509_crt_set_activation_time(gnutls_x509_crt cert, time_t act_time)
+int gnutls_x509_crt_set_activation_time(gnutls_x509_crt cert,
+ time_t act_time)
{
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_set_time( cert->cert, "tbsCertificate.validity.notBefore", act_time);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_time(cert->cert,
+ "tbsCertificate.validity.notBefore",
+ act_time);
}
/**
@@ -423,13 +448,16 @@ int gnutls_x509_crt_set_activation_time(gnutls_x509_crt cert, time_t act_time)
* Returns 0 on success, or a negative value in case of an error.
*
**/
-int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt cert, time_t exp_time)
+int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt cert,
+ time_t exp_time)
{
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
- return _gnutls_x509_set_time( cert->cert, "tbsCertificate.validity.notAfter", exp_time);
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ return _gnutls_x509_set_time(cert->cert,
+ "tbsCertificate.validity.notAfter",
+ exp_time);
}
/**
@@ -446,42 +474,45 @@ int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt cert, time_t exp_time)
* Returns 0 on success, or a negative value in case of an error.
*
**/
-int gnutls_x509_crt_set_serial(gnutls_x509_crt cert, const void* serial,
- size_t serial_size)
+int gnutls_x509_crt_set_serial(gnutls_x509_crt cert, const void *serial,
+ size_t serial_size)
{
- int ret;
+ int ret;
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = asn1_write_value(cert->cert, "tbsCertificate.serialNumber", serial, serial_size);
- if (ret != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(ret);
- }
+ ret =
+ asn1_write_value(cert->cert, "tbsCertificate.serialNumber", serial,
+ serial_size);
+ if (ret != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(ret);
+ }
- return 0;
+ return 0;
}
/* If OPTIONAL fields have not been initialized then
* disable them.
*/
-static void disable_optional_stuff( gnutls_x509_crt cert)
+static void disable_optional_stuff(gnutls_x509_crt cert)
{
- asn1_write_value( cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0);
+ asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0);
- asn1_write_value( cert->cert, "tbsCertificate.subjectUniqueID", NULL, 0);
+ asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID", NULL,
+ 0);
- if (cert->use_extensions == 0) {
- _gnutls_x509_log( "Disabling X.509 extensions.\n");
- asn1_write_value( cert->cert, "tbsCertificate.extensions", NULL, 0);
- }
+ if (cert->use_extensions == 0) {
+ _gnutls_x509_log("Disabling X.509 extensions.\n");
+ asn1_write_value(cert->cert, "tbsCertificate.extensions", NULL, 0);
+ }
- return;
+ return;
}
/**
@@ -496,49 +527,57 @@ static void disable_optional_stuff( gnutls_x509_crt cert)
* Returns 0 on success.
*
**/
-int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt crt, gnutls_x509_subject_alt_name type,
- const void* data_string, unsigned int reason_flags)
+int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt crt,
+ gnutls_x509_subject_alt_name type,
+ const void *data_string,
+ unsigned int reason_flags)
{
-int result;
-gnutls_datum der_data;
-gnutls_datum oldname;
-unsigned int critical;
-
- if (crt==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result = _gnutls_x509_crt_get_extension(crt, "2.5.29.31", 0, &oldname, &critical);
-
- if (result >= 0) _gnutls_free_datum( &oldname);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_crl_dist_points( type, data_string, reason_flags, &der_data);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension( crt, "2.5.29.31", &der_data, 0);
-
- _gnutls_free_datum( &der_data);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- crt->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum der_data;
+ gnutls_datum oldname;
+ unsigned int critical;
+
+ if (crt == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(crt, "2.5.29.31", 0, &oldname,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&oldname);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_crl_dist_points(type, data_string,
+ reason_flags, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(crt, "2.5.29.31", &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
}
/**
@@ -553,37 +592,41 @@ unsigned int critical;
* Returns 0 on success.
*
**/
-int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt dst,
- gnutls_x509_crt src)
+int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt dst,
+ gnutls_x509_crt src)
{
-int result;
-gnutls_datum der_data;
-unsigned int critical;
-
- if (dst==NULL || src == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result = _gnutls_x509_crt_get_extension(src, "2.5.29.31", 0, &der_data, &critical);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension( dst, "2.5.29.31", &der_data, critical);
- _gnutls_free_datum( &der_data);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- dst->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum der_data;
+ unsigned int critical;
+
+ if (dst == NULL || src == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(src, "2.5.29.31", 0, &der_data,
+ &critical);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(dst, "2.5.29.31", &der_data,
+ critical);
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ dst->use_extensions = 1;
+
+ return 0;
}
/**
@@ -597,48 +640,52 @@ unsigned int critical;
* Returns 0 on success, or a negative value in case of an error.
*
**/
-int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt cert, const void* id,
- size_t id_size)
+int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt cert,
+ const void *id, size_t id_size)
{
- int result;
- gnutls_datum old_id, der_data;
- unsigned int critical;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result = _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &old_id, &critical);
-
- if (result >= 0) _gnutls_free_datum( &old_id);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_key_id( id, id_size, &der_data);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension( cert, "2.5.29.14", &der_data, 0);
-
- _gnutls_free_datum( &der_data);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- cert->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum old_id, der_data;
+ unsigned int critical;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &old_id,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_key_id(id, id_size, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(cert, "2.5.29.14", &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
}
/**
@@ -653,48 +700,52 @@ int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt cert, const void* id,
* Returns 0 on success, or a negative value in case of an error.
*
**/
-int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt cert, const void* id,
- size_t id_size)
+int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt cert,
+ const void *id, size_t id_size)
{
- int result;
- gnutls_datum old_id, der_data;
- unsigned int critical;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Check if the extension already exists.
- */
- result = _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &old_id, &critical);
-
- if (result >= 0) _gnutls_free_datum( &old_id);
- if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* generate the extension.
- */
- result = _gnutls_x509_ext_gen_auth_key_id( id, id_size, &der_data);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- result = _gnutls_x509_crt_set_extension( cert, "2.5.29.35", &der_data, 0);
-
- _gnutls_free_datum( &der_data);
-
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- cert->use_extensions = 1;
-
- return 0;
+ int result;
+ gnutls_datum old_id, der_data;
+ unsigned int critical;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &old_id,
+ &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum(&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_auth_key_id(id, id_size, &der_data);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension(cert, "2.5.29.35", &der_data, 0);
+
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
}
/**
@@ -712,85 +763,88 @@ int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt cert, const void* id,
* On success 0 is returned.
*
**/
-int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt cert,
- const void *oid, unsigned int critical)
+int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt cert,
+ const void *oid,
+ unsigned int critical)
{
- int result;
- gnutls_datum old_id, der_data;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result=asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- /* Check if the extension already exists.
+ int result;
+ gnutls_datum old_id, der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &old_id,
+ NULL);
+
+ if (result >= 0) {
+ /* decode it.
*/
- result = _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &old_id, NULL);
-
- if (result >= 0) {
- /* decode it.
- */
- result = asn1_der_decoding(&c2, old_id.data, old_id.size, NULL);
- _gnutls_free_datum( &old_id);
-
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
-
- }
+ result = asn1_der_decoding(&c2, old_id.data, old_id.size, NULL);
+ _gnutls_free_datum(&old_id);
- /* generate the extension.
- */
- /* 1. create a new element.
- */
- result = asn1_write_value( c2, "", "NEW", 1);
if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
}
- /* 2. Add the OID.
- */
- result = asn1_write_value(c2, "?LAST", oid, 1);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&c2);
- return _gnutls_asn2err(result);
- }
+ }
- result = _gnutls_x509_der_encode( c2, "", &der_data, 0);
+ /* generate the extension.
+ */
+ /* 1. create a new element.
+ */
+ result = asn1_write_value(c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
+
+ /* 2. Add the OID.
+ */
+ result = asn1_write_value(c2, "?LAST", oid, 1);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ asn1_delete_structure(&c2);
+ return _gnutls_asn2err(result);
+ }
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
+ result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
+ asn1_delete_structure(&c2);
- result = _gnutls_x509_crt_set_extension( cert, "2.5.29.37",
- &der_data, critical);
+ if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
- _gnutls_free_datum( &der_data);
+ result = _gnutls_x509_crt_set_extension(cert, "2.5.29.37",
+ &der_data, critical);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ _gnutls_free_datum(&der_data);
+
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
- cert->use_extensions = 1;
+ cert->use_extensions = 1;
- return 0;
+ return 0;
}
-#endif /* ENABLE_PKI */
+#endif /* ENABLE_PKI */
diff --git a/lib/x509/xml.c b/lib/x509/xml.c
index 4cac03abe4..e5b1350f34 100644
--- a/lib/x509/xml.c
+++ b/lib/x509/xml.c
@@ -33,10 +33,10 @@
#include <structure.h>
#include <parser_aux.h>
#include <der.h>
-#define LIBASN1_H /* we use this since this file uses
- * libtasn1 internals, and we don't want the
- * exported API.
- */
+#define LIBASN1_H /* we use this since this file uses
+ * libtasn1 internals, and we don't want the
+ * exported API.
+ */
#include <gnutls_int.h>
#include <gnutls_datum.h>
#include <gnutls_global.h>
@@ -46,58 +46,58 @@
#include <x509.h>
#include <common.h>
-const char* asn1_find_structure_from_oid(ASN1_TYPE definitions,
- const char *oidValue);
+const char *asn1_find_structure_from_oid(ASN1_TYPE definitions,
+ const char *oidValue);
-static int _gnutls_x509_expand_extensions(ASN1_TYPE* rasn);
+static int _gnutls_x509_expand_extensions(ASN1_TYPE * rasn);
static const void *find_default_value(ASN1_TYPE x)
{
- ASN1_TYPE p = x;
-
- if (x->value == NULL && x->type & CONST_DEFAULT) {
- if (x->down) {
- x = x->down;
- do {
- if (type_field(x->type) == TYPE_DEFAULT) {
- if (type_field(p->type) ==
- TYPE_BOOLEAN) {
- if (x->type & CONST_TRUE)
- return "TRUE";
- else
- return "FALSE";
- } else
- return x->value;
- }
- x = x->right;
- } while (x != NULL);
-
+ ASN1_TYPE p = x;
+
+ if (x->value == NULL && x->type & CONST_DEFAULT) {
+ if (x->down) {
+ x = x->down;
+ do {
+ if (type_field(x->type) == TYPE_DEFAULT) {
+ if (type_field(p->type) == TYPE_BOOLEAN) {
+ if (x->type & CONST_TRUE)
+ return "TRUE";
+ else
+ return "FALSE";
+ } else
+ return x->value;
}
+ x = x->right;
+ } while (x != NULL);
+
}
- return NULL;
+ }
+ return NULL;
}
static int is_node_printable(ASN1_TYPE x)
{
- switch (type_field(x->type)) {
- case TYPE_TAG:
- case TYPE_SIZE:
- case TYPE_DEFAULT:
+ switch (type_field(x->type)) {
+ case TYPE_TAG:
+ case TYPE_SIZE:
+ case TYPE_DEFAULT:
+ return 0;
+ case TYPE_CONSTANT:{
+ ASN1_TYPE up = _asn1_find_up(x);
+
+ if (up != NULL && type_field(up->type) != TYPE_ANY &&
+ up->value != NULL)
return 0;
- case TYPE_CONSTANT: {
- ASN1_TYPE up = _asn1_find_up( x);
-
- if (up!=NULL && type_field(up->type)!= TYPE_ANY &&
- up->value!=NULL) return 0;
- }
- return 1;
}
- if (x->name == NULL && _asn1_find_up( x) != NULL)
- return 0;
- if (x->value == NULL && x->down == NULL)
- return 0;
return 1;
+ }
+ if (x->name == NULL && _asn1_find_up(x) != NULL)
+ return 0;
+ if (x->value == NULL && x->down == NULL)
+ return 0;
+ return 1;
}
/* returns true if the node is the only one printable in
@@ -105,24 +105,24 @@ static int is_node_printable(ASN1_TYPE x)
*/
static int is_leaf(ASN1_TYPE p)
{
- ASN1_TYPE x;
+ ASN1_TYPE x;
- if (p == NULL)
- return 1;
- if (p->down == NULL)
- return 1;
+ if (p == NULL)
+ return 1;
+ if (p->down == NULL)
+ return 1;
- x = p->down;
+ x = p->down;
- while (x != NULL) {
- if (is_node_printable(x))
- return 0;
- if (is_leaf(x) == 0)
- return 0;
- x = x->right;
- }
+ while (x != NULL) {
+ if (is_node_printable(x))
+ return 0;
+ if (is_leaf(x) == 0)
+ return 0;
+ x = x->right;
+ }
- return 1;
+ return 1;
}
@@ -141,52 +141,57 @@ static int is_leaf(ASN1_TYPE p)
#define ROOT "certificate"
/* This function removes the '?' character from ASN.1 names
*/
-static int normalize_name( ASN1_TYPE p, char* output, int output_size)
+static int normalize_name(ASN1_TYPE p, char *output, int output_size)
{
-const char* name;
-
- if (output_size > 0)
- output[0] = 0;
- else return GNUTLS_E_INTERNAL_ERROR;
-
- if (p==NULL) return GNUTLS_E_INTERNAL_ERROR;
-
- name = p->name;
- if (name == NULL) name = ROOT;
-
- if ( type_field(p->type)==TYPE_CONSTANT) {
- ASN1_TYPE up = _asn1_find_up(p);
- const char * tmp;
-
- if ( up && type_field(up->type)==TYPE_ANY &&
- up->left && up->left->value &&
- up->type & CONST_DEFINED_BY &&
- type_field(up->left->type)==TYPE_OBJECT_ID) {
-
- tmp = asn1_find_structure_from_oid( _gnutls_get_pkix(), up->left->value);
- if ( tmp != NULL)
- _gnutls_str_cpy( output, output_size, tmp);
- else {
- _gnutls_str_cpy( output, output_size, "DEFINED_BY_");
- _gnutls_str_cat( output, output_size, name);
- }
- } else {
- _gnutls_str_cpy( output, output_size, "DEFINED_BY_");
- _gnutls_str_cat( output, output_size, name);
- }
-
-
- return 0;
- }
-
- if ( name[0]=='?') {
- _gnutls_str_cpy( output, output_size, UNNAMED);
- if (strlen(name) > 1)
- _gnutls_str_cat( output, output_size, &name[1]);
+ const char *name;
+
+ if (output_size > 0)
+ output[0] = 0;
+ else
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ if (p == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ name = p->name;
+ if (name == NULL)
+ name = ROOT;
+
+ if (type_field(p->type) == TYPE_CONSTANT) {
+ ASN1_TYPE up = _asn1_find_up(p);
+ const char *tmp;
+
+ if (up && type_field(up->type) == TYPE_ANY &&
+ up->left && up->left->value &&
+ up->type & CONST_DEFINED_BY &&
+ type_field(up->left->type) == TYPE_OBJECT_ID) {
+
+ tmp =
+ asn1_find_structure_from_oid(_gnutls_get_pkix(),
+ up->left->value);
+ if (tmp != NULL)
+ _gnutls_str_cpy(output, output_size, tmp);
+ else {
+ _gnutls_str_cpy(output, output_size, "DEFINED_BY_");
+ _gnutls_str_cat(output, output_size, name);
+ }
} else {
- _gnutls_str_cpy( output, output_size, name);
+ _gnutls_str_cpy(output, output_size, "DEFINED_BY_");
+ _gnutls_str_cat(output, output_size, name);
}
+
+
return 0;
+ }
+
+ if (name[0] == '?') {
+ _gnutls_str_cpy(output, output_size, UNNAMED);
+ if (strlen(name) > 1)
+ _gnutls_str_cat(output, output_size, &name[1]);
+ } else {
+ _gnutls_str_cpy(output, output_size, name);
+ }
+ return 0;
}
#define XML_HEADER "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n" \
@@ -195,406 +200,388 @@ const char* name;
#define XML_FOOTER "</gnutls:x509:certificate>\n"
static int
-_gnutls_asn1_get_structure_xml(ASN1_TYPE structure,
- gnutls_datum * res, int detail)
+_gnutls_asn1_get_structure_xml(ASN1_TYPE structure,
+ gnutls_datum * res, int detail)
{
- node_asn *p, *root;
- int k, indent = 0, len, len2, len3;
- opaque tmp[1024];
- char nname[256];
- int ret;
- gnutls_string str;
-
- if (res == NULL || structure == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ node_asn *p, *root;
+ int k, indent = 0, len, len2, len3;
+ opaque tmp[1024];
+ char nname[256];
+ int ret;
+ gnutls_string str;
+
+ if (res == NULL || structure == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _gnutls_string_init(&str, malloc, realloc, free);
+
+ STR_APPEND(XML_HEADER);
+ indent = 1;
+
+ root = _asn1_find_node(structure, "");
+
+ if (root == NULL) {
+ gnutls_assert();
+ _gnutls_string_clear(&str);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (detail == GNUTLS_XML_SHOW_ALL)
+ ret = asn1_expand_any_defined_by(_gnutls_get_pkix(), &structure);
+ /* we don't need to check the error value
+ * here.
+ */
+
+ if (detail == GNUTLS_XML_SHOW_ALL) {
+ ret = _gnutls_x509_expand_extensions(&structure);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
-
- _gnutls_string_init( &str, malloc, realloc, free);
+ }
- STR_APPEND(XML_HEADER);
- indent = 1;
+ p = root;
+ while (p) {
+ if (is_node_printable(p)) {
+ for (k = 0; k < indent; k++)
+ APPEND(" ", 1);
- root = _asn1_find_node(structure, "");
-
- if (root == NULL) {
+ if ((ret = normalize_name(p, nname, sizeof(nname))) < 0) {
+ _gnutls_string_clear(&str);
gnutls_assert();
- _gnutls_string_clear( &str);
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ return ret;
+ }
- if (detail == GNUTLS_XML_SHOW_ALL)
- ret = asn1_expand_any_defined_by( _gnutls_get_pkix(),
- &structure);
- /* we don't need to check the error value
- * here.
- */
-
- if (detail == GNUTLS_XML_SHOW_ALL) {
- ret = _gnutls_x509_expand_extensions( &structure);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ APPEND("<", 1);
+ STR_APPEND(nname);
}
- p = root;
- while (p) {
- if (is_node_printable(p)) {
- for (k = 0; k < indent; k++)
- APPEND(" ", 1);
+ if (is_node_printable(p)) {
+ switch (type_field(p->type)) {
+ case TYPE_DEFAULT:
+ STR_APPEND(" type=\"DEFAULT\"");
+ break;
+ case TYPE_NULL:
+ STR_APPEND(" type=\"NULL\"");
+ break;
+ case TYPE_IDENTIFIER:
+ STR_APPEND(" type=\"IDENTIFIER\"");
+ break;
+ case TYPE_INTEGER:
+ STR_APPEND(" type=\"INTEGER\"");
+ STR_APPEND(" encoding=\"HEX\"");
+ break;
+ case TYPE_ENUMERATED:
+ STR_APPEND(" type=\"ENUMERATED\"");
+ STR_APPEND(" encoding=\"HEX\"");
+ break;
+ case TYPE_TIME:
+ STR_APPEND(" type=\"TIME\"");
+ break;
+ case TYPE_BOOLEAN:
+ STR_APPEND(" type=\"BOOLEAN\"");
+ break;
+ case TYPE_SEQUENCE:
+ STR_APPEND(" type=\"SEQUENCE\"");
+ break;
+ case TYPE_BIT_STRING:
+ STR_APPEND(" type=\"BIT STRING\"");
+ STR_APPEND(" encoding=\"HEX\"");
+ break;
+ case TYPE_OCTET_STRING:
+ STR_APPEND(" type=\"OCTET STRING\"");
+ STR_APPEND(" encoding=\"HEX\"");
+ break;
+ case TYPE_SEQUENCE_OF:
+ STR_APPEND(" type=\"SEQUENCE OF\"");
+ break;
+ case TYPE_OBJECT_ID:
+ STR_APPEND(" type=\"OBJECT ID\"");
+ break;
+ case TYPE_ANY:
+ STR_APPEND(" type=\"ANY\"");
+ if (!p->down)
+ STR_APPEND(" encoding=\"HEX\"");
+ break;
+ case TYPE_CONSTANT:{
+ ASN1_TYPE up = _asn1_find_up(p);
+
+ if (up && type_field(up->type) == TYPE_ANY &&
+ up->left && up->left->value &&
+ up->type & CONST_DEFINED_BY &&
+ type_field(up->left->type) == TYPE_OBJECT_ID) {
- if ((ret=normalize_name( p, nname, sizeof(nname))) < 0) {
- _gnutls_string_clear( &str);
- gnutls_assert();
- return ret;
+ if (_gnutls_x509_oid_data_printable
+ (up->left->value) == 0) {
+ STR_APPEND(" encoding=\"HEX\"");
}
- APPEND("<", 1);
- STR_APPEND(nname);
+ }
}
+ break;
+ case TYPE_SET:
+ STR_APPEND(" type=\"SET\"");
+ break;
+ case TYPE_SET_OF:
+ STR_APPEND(" type=\"SET OF\"");
+ break;
+ case TYPE_CHOICE:
+ STR_APPEND(" type=\"CHOICE\"");
+ break;
+ case TYPE_DEFINITIONS:
+ STR_APPEND(" type=\"DEFINITIONS\"");
+ break;
+ default:
+ break;
+ }
+ }
- if (is_node_printable(p)) {
- switch (type_field(p->type)) {
- case TYPE_DEFAULT:
- STR_APPEND(" type=\"DEFAULT\"");
- break;
- case TYPE_NULL:
- STR_APPEND(" type=\"NULL\"");
- break;
- case TYPE_IDENTIFIER:
- STR_APPEND(" type=\"IDENTIFIER\"");
- break;
- case TYPE_INTEGER:
- STR_APPEND(" type=\"INTEGER\"");
- STR_APPEND(" encoding=\"HEX\"");
- break;
- case TYPE_ENUMERATED:
- STR_APPEND(" type=\"ENUMERATED\"");
- STR_APPEND(" encoding=\"HEX\"");
- break;
- case TYPE_TIME:
- STR_APPEND(" type=\"TIME\"");
- break;
- case TYPE_BOOLEAN:
- STR_APPEND(" type=\"BOOLEAN\"");
- break;
- case TYPE_SEQUENCE:
- STR_APPEND(" type=\"SEQUENCE\"");
- break;
- case TYPE_BIT_STRING:
- STR_APPEND(" type=\"BIT STRING\"");
- STR_APPEND(" encoding=\"HEX\"");
- break;
- case TYPE_OCTET_STRING:
- STR_APPEND(" type=\"OCTET STRING\"");
- STR_APPEND(" encoding=\"HEX\"");
- break;
- case TYPE_SEQUENCE_OF:
- STR_APPEND(" type=\"SEQUENCE OF\"");
- break;
- case TYPE_OBJECT_ID:
- STR_APPEND(" type=\"OBJECT ID\"");
- break;
- case TYPE_ANY:
- STR_APPEND(" type=\"ANY\"");
- if (!p->down) STR_APPEND(" encoding=\"HEX\"");
- break;
- case TYPE_CONSTANT: {
- ASN1_TYPE up = _asn1_find_up(p);
-
- if ( up && type_field(up->type)==TYPE_ANY &&
- up->left && up->left->value &&
- up->type & CONST_DEFINED_BY &&
- type_field(up->left->type)==TYPE_OBJECT_ID) {
-
- if (_gnutls_x509_oid_data_printable( up->left->value)==0) {
- STR_APPEND(" encoding=\"HEX\"");
- }
-
- }
- }
- break;
- case TYPE_SET:
- STR_APPEND(" type=\"SET\"");
- break;
- case TYPE_SET_OF:
- STR_APPEND(" type=\"SET OF\"");
- break;
- case TYPE_CHOICE:
- STR_APPEND(" type=\"CHOICE\"");
- break;
- case TYPE_DEFINITIONS:
- STR_APPEND(" type=\"DEFINITIONS\"");
- break;
- default:
- break;
- }
- }
+ if (p->type == TYPE_BIT_STRING) {
+ len2 = -1;
+ len = _asn1_get_length_der(p->value, &len2);
+ snprintf(tmp, sizeof(tmp), " length=\"%i\"",
+ (len - 1) * 8 - (p->value[len2]));
+ STR_APPEND(tmp);
+ }
- if (p->type == TYPE_BIT_STRING) {
- len2 = -1;
- len = _asn1_get_length_der(p->value, &len2);
- snprintf(tmp, sizeof(tmp), " length=\"%i\"",
- (len - 1) * 8 - (p->value[len2]));
+ if (is_node_printable(p))
+ STR_APPEND(">");
+
+ if (is_node_printable(p)) {
+ const unsigned char *value;
+
+ if (p->value == NULL)
+ value = find_default_value(p);
+ else
+ value = p->value;
+
+ switch (type_field(p->type)) {
+
+ case TYPE_DEFAULT:
+ if (value)
+ STR_APPEND(value);
+ break;
+ case TYPE_IDENTIFIER:
+ if (value)
+ STR_APPEND(value);
+ break;
+ case TYPE_INTEGER:
+ if (value) {
+ len2 = -1;
+ len = _asn1_get_length_der(value, &len2);
+
+ for (k = 0; k < len; k++) {
+ snprintf(tmp, sizeof(tmp),
+ "%02X", (value)[k + len2]);
STR_APPEND(tmp);
- }
+ }
- if (is_node_printable(p))
- STR_APPEND( ">");
+ }
+ break;
+ case TYPE_ENUMERATED:
+ if (value) {
+ len2 = -1;
+ len = _asn1_get_length_der(value, &len2);
+
+ for (k = 0; k < len; k++) {
+ snprintf(tmp, sizeof(tmp),
+ "%02X", (value)[k + len2]);
+ STR_APPEND(tmp);
+ }
+ }
+ break;
+ case TYPE_TIME:
+ if (value)
+ STR_APPEND(value);
+ break;
+ case TYPE_BOOLEAN:
+ if (value) {
+ if (value[0] == 'T') {
+ STR_APPEND("TRUE");
+ } else if (value[0] == 'F') {
+ STR_APPEND("FALSE");
+ }
+ }
+ break;
+ case TYPE_BIT_STRING:
+ if (value) {
+ len2 = -1;
+ len = _asn1_get_length_der(value, &len2);
+
+ for (k = 1; k < len; k++) {
+ snprintf(tmp, sizeof(tmp),
+ "%02X", (value)[k + len2]);
+ STR_APPEND(tmp);
+ }
+ }
+ break;
+ case TYPE_OCTET_STRING:
+ if (value) {
+ len2 = -1;
+ len = _asn1_get_length_der(value, &len2);
+ for (k = 0; k < len; k++) {
+ snprintf(tmp, sizeof(tmp),
+ "%02X", (value)[k + len2]);
+ STR_APPEND(tmp);
+ }
+ }
+ break;
+ case TYPE_OBJECT_ID:
+ if (value)
+ STR_APPEND(value);
+ break;
+ case TYPE_ANY:
+ if (!p->down) {
+ if (value) {
+ len3 = -1;
+ len2 = _asn1_get_length_der(value, &len3);
+ for (k = 0; k < len2; k++) {
+ snprintf(tmp, sizeof(tmp),
+ "%02X", (value)[k + len3]);
+ STR_APPEND(tmp);
+ }
+ }
+ }
+ break;
+ case TYPE_CONSTANT:{
+ ASN1_TYPE up = _asn1_find_up(p);
- if (is_node_printable(p)) {
- const unsigned char *value;
+ if (up && type_field(up->type) == TYPE_ANY &&
+ up->left && up->left->value &&
+ up->type & CONST_DEFINED_BY &&
+ type_field(up->left->type) == TYPE_OBJECT_ID) {
+
+ len2 = _asn1_get_length_der(up->value, &len3);
+
+ if (len2 > 0 && strcmp(p->name, "type") == 0) {
+ int len = sizeof(tmp);
+ ret =
+ _gnutls_x509_oid_data2string(up->left->
+ value,
+ up->value +
+ len3, len2,
+ tmp, &len);
+
+ if (ret >= 0) {
+ STR_APPEND(tmp);
+ }
+ } else {
+ for (k = 0; k < len2; k++) {
+ snprintf(tmp, sizeof(tmp),
+ "%02X", (up->value)[k + len3]);
+ STR_APPEND(tmp);
+ }
- if (p->value == NULL)
- value = find_default_value(p);
- else
- value = p->value;
-
- switch (type_field(p->type)) {
-
- case TYPE_DEFAULT:
- if (value)
- STR_APPEND(value);
- break;
- case TYPE_IDENTIFIER:
- if (value)
- STR_APPEND(value);
- break;
- case TYPE_INTEGER:
- if (value) {
- len2 = -1;
- len =
- _asn1_get_length_der(value,
- &len2);
-
- for (k = 0; k < len; k++) {
- snprintf(tmp, sizeof(tmp),
- "%02X",
- (value)[k +
- len2]);
- STR_APPEND(tmp);
- }
-
- }
- break;
- case TYPE_ENUMERATED:
- if (value) {
- len2 = -1;
- len =
- _asn1_get_length_der(value,
- &len2);
-
- for (k = 0; k < len; k++) {
- snprintf(tmp, sizeof(tmp),
- "%02X",
- (value)[k +
- len2]);
- STR_APPEND(tmp);
- }
- }
- break;
- case TYPE_TIME:
- if (value)
- STR_APPEND(value);
- break;
- case TYPE_BOOLEAN:
- if (value) {
- if (value[0] == 'T') {
- STR_APPEND("TRUE");
- } else if (value[0] == 'F') {
- STR_APPEND("FALSE");
- }
- }
- break;
- case TYPE_BIT_STRING:
- if (value) {
- len2 = -1;
- len =
- _asn1_get_length_der(value,
- &len2);
-
- for (k = 1; k < len; k++) {
- snprintf(tmp, sizeof(tmp),
- "%02X",
- (value)[k +
- len2]);
- STR_APPEND(tmp);
- }
- }
- break;
- case TYPE_OCTET_STRING:
- if (value) {
- len2 = -1;
- len =
- _asn1_get_length_der(value,
- &len2);
- for (k = 0; k < len; k++) {
- snprintf(tmp, sizeof(tmp),
- "%02X",
- (value)[k +
- len2]);
- STR_APPEND(tmp);
- }
- }
- break;
- case TYPE_OBJECT_ID:
- if (value)
- STR_APPEND(value);
- break;
- case TYPE_ANY:
- if (!p->down) {
- if (value) {
- len3 = -1;
- len2 =
- _asn1_get_length_der(value,
- &len3);
- for (k = 0; k < len2; k++) {
- snprintf(tmp, sizeof(tmp),
- "%02X",
- (value)[k +
- len3]);
- STR_APPEND(tmp);
- }
- }
- }
- break;
- case TYPE_CONSTANT: {
- ASN1_TYPE up = _asn1_find_up(p);
-
- if ( up && type_field(up->type)==TYPE_ANY &&
- up->left && up->left->value &&
- up->type & CONST_DEFINED_BY &&
- type_field(up->left->type)==TYPE_OBJECT_ID) {
-
- len2 =
- _asn1_get_length_der(up->value,
- &len3);
-
- if (len2 > 0 && strcmp( p->name, "type")==0) {
- int len = sizeof(tmp);
- ret = _gnutls_x509_oid_data2string( up->left->value, up->value+len3, len2, tmp, &len);
-
- if (ret >= 0) {
- STR_APPEND( tmp);
- }
- } else {
- for (k = 0; k < len2; k++) {
- snprintf(tmp, sizeof(tmp),
- "%02X",
- (up->value)[k +
- len3]);
- STR_APPEND(tmp);
- }
-
- }
- } else {
- if (value)
- STR_APPEND(value);
- }
-
- }
- break;
- case TYPE_SET:
- case TYPE_SET_OF:
- case TYPE_CHOICE:
- case TYPE_DEFINITIONS:
- case TYPE_SEQUENCE_OF:
- case TYPE_SEQUENCE:
- case TYPE_NULL:
- break;
- default:
- break;
}
+ } else {
+ if (value)
+ STR_APPEND(value);
+ }
+
}
+ break;
+ case TYPE_SET:
+ case TYPE_SET_OF:
+ case TYPE_CHOICE:
+ case TYPE_DEFINITIONS:
+ case TYPE_SEQUENCE_OF:
+ case TYPE_SEQUENCE:
+ case TYPE_NULL:
+ break;
+ default:
+ break;
+ }
+ }
- if (p->down && is_node_printable(p)) {
- ASN1_TYPE x;
- p = p->down;
- indent += 2;
- x = p;
- do {
- if (is_node_printable(x)) {
- STR_APPEND("\n");
- break;
- }
- x = x->right;
- } while (x != NULL);
- } else if (p == root) {
- if (is_node_printable(p)) {
- if ((ret=normalize_name( p, nname, sizeof(nname))) < 0) {
- _gnutls_string_clear( &str);
- gnutls_assert();
- return ret;
- }
-
- APPEND("</", 2);
- STR_APPEND(nname);
- APPEND(">\n", 2);
+ if (p->down && is_node_printable(p)) {
+ ASN1_TYPE x;
+ p = p->down;
+ indent += 2;
+ x = p;
+ do {
+ if (is_node_printable(x)) {
+ STR_APPEND("\n");
+ break;
+ }
+ x = x->right;
+ } while (x != NULL);
+ } else if (p == root) {
+ if (is_node_printable(p)) {
+ if ((ret = normalize_name(p, nname, sizeof(nname))) < 0) {
+ _gnutls_string_clear(&str);
+ gnutls_assert();
+ return ret;
+ }
+
+ APPEND("</", 2);
+ STR_APPEND(nname);
+ APPEND(">\n", 2);
+ }
+ p = NULL;
+ break;
+ } else {
+ if (is_node_printable(p)) {
+ if ((ret = normalize_name(p, nname, sizeof(nname))) < 0) {
+ _gnutls_string_clear(&str);
+ gnutls_assert();
+ return ret;
+ }
+
+ APPEND("</", 2);
+ STR_APPEND(nname);
+ APPEND(">\n", 2);
+ }
+ if (p->right)
+ p = p->right;
+ else {
+ while (1) {
+ ASN1_TYPE old_p;
+
+ old_p = p;
+
+ p = _asn1_find_up(p);
+ indent -= 2;
+ if (is_node_printable(p)) {
+ if (!is_leaf(p)) /* XXX */
+ for (k = 0; k < indent; k++)
+ STR_APPEND(" ");
+
+ if ((ret =
+ normalize_name(p, nname,
+ sizeof(nname))) < 0) {
+ _gnutls_string_clear(&str);
+ gnutls_assert();
+ return ret;
}
+
+ APPEND("</", 2);
+ STR_APPEND(nname);
+ APPEND(">\n", 2);
+ }
+ if (p == root) {
p = NULL;
break;
- } else {
- if (is_node_printable(p)) {
- if ((ret=normalize_name( p, nname, sizeof(nname))) < 0) {
- _gnutls_string_clear( &str);
- gnutls_assert();
- return ret;
- }
-
- APPEND("</", 2);
- STR_APPEND(nname);
- APPEND(">\n", 2);
- }
- if (p->right)
- p = p->right;
- else {
- while (1) {
- ASN1_TYPE old_p;
-
- old_p = p;
-
- p = _asn1_find_up(p);
- indent -= 2;
- if (is_node_printable(p)) {
- if (!is_leaf(p)) /* XXX */
- for (k = 0;
- k < indent;
- k++)
- STR_APPEND(" ");
-
- if ((ret=normalize_name( p, nname, sizeof(nname))) < 0) {
- _gnutls_string_clear( &str);
- gnutls_assert();
- return ret;
- }
-
- APPEND("</", 2);
- STR_APPEND(nname);
- APPEND(">\n", 2);
- }
- if (p == root) {
- p = NULL;
- break;
- }
-
- if (p->right) {
- p = p->right;
- break;
- }
- }
- }
+ }
+
+ if (p->right) {
+ p = p->right;
+ break;
+ }
}
+ }
}
-
- STR_APPEND(XML_FOOTER);
- APPEND( "\n\0", 2);
+ }
- *res = _gnutls_string2datum( &str);
- res->size -= 1; /* null is not included in size */
-
- return 0;
+ STR_APPEND(XML_FOOTER);
+ APPEND("\n\0", 2);
+
+ *res = _gnutls_string2datum(&str);
+ res->size -= 1; /* null is not included in size */
+
+ return 0;
}
/**
@@ -608,20 +595,21 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE structure,
* Returns a negative error code in case of an error.
*
**/
-int gnutls_x509_crt_to_xml(gnutls_x509_crt cert, gnutls_datum* res, int detail)
+int gnutls_x509_crt_to_xml(gnutls_x509_crt cert, gnutls_datum * res,
+ int detail)
{
- int result;
+ int result;
- res->data = NULL;
- res->size = 0;
-
- result = _gnutls_asn1_get_structure_xml( cert->cert, res, detail);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
+ res->data = NULL;
+ res->size = 0;
- return 0;
+ result = _gnutls_asn1_get_structure_xml(cert->cert, res, detail);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+
+ return 0;
}
/* This function will attempt to parse Extensions in
@@ -630,45 +618,45 @@ int gnutls_x509_crt_to_xml(gnutls_x509_crt cert, gnutls_datum* res, int detail)
* If no_critical_ext is non zero, then unsupported critical extensions
* do not lead into a fatal error.
*/
-static int _gnutls_x509_expand_extensions(ASN1_TYPE* rasn)
+static int _gnutls_x509_expand_extensions(ASN1_TYPE * rasn)
{
- int k, result, len;
- char name[128], name2[128], counter[MAX_INT_DIGITS];
- char name1[128];
- char extnID[128];
+ int k, result, len;
+ char name[128], name2[128], counter[MAX_INT_DIGITS];
+ char name1[128];
+ char extnID[128];
- k = 0;
- do {
- k++;
+ k = 0;
+ do {
+ k++;
- _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?");
- _gnutls_int2str(k, counter);
- _gnutls_str_cat(name, sizeof(name), counter);
+ _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?");
+ _gnutls_int2str(k, counter);
+ _gnutls_str_cat(name, sizeof(name), counter);
- _gnutls_str_cpy(name2, sizeof(name2), name);
- _gnutls_str_cat(name2, sizeof(name2), ".extnID");
+ _gnutls_str_cpy(name2, sizeof(name2), name);
+ _gnutls_str_cat(name2, sizeof(name2), ".extnID");
- _gnutls_str_cpy(name1, sizeof(name1), name);
- _gnutls_str_cat(name1, sizeof(name1), ".extnValue");
+ _gnutls_str_cpy(name1, sizeof(name1), name);
+ _gnutls_str_cat(name1, sizeof(name1), ".extnValue");
- len = sizeof(extnID) - 1;
+ len = sizeof(extnID) - 1;
- result = asn1_expand_octet_string( _gnutls_get_pkix(),
- rasn, name1, name2);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
- }
-
- } while (1);
+ result = asn1_expand_octet_string(_gnutls_get_pkix(),
+ rasn, name1, name2);
if (result == ASN1_ELEMENT_NOT_FOUND)
- return 0;
- else
- return _gnutls_asn2err(result);
+ break;
+ else if (result != ASN1_SUCCESS) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ } while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return 0;
+ else
+ return _gnutls_asn2err(result);
}
#endif
diff --git a/lib/x509_b64.c b/lib/x509_b64.c
index 234ca13c1a..dcdb9dbade 100644
--- a/lib/x509_b64.c
+++ b/lib/x509_b64.c
@@ -32,71 +32,69 @@ static const uint8 b64table[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static const uint8 asciitable[128] = {
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
- 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,
- 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
- 0xff, 0xf1, 0xff, 0xff, 0xff, 0x00, /* 0xf1 for '=' */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
- 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
- 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
- 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
- 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
- 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a,
- 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
- 0x31, 0x32, 0x33, 0xff, 0xff, 0xff,
- 0xff, 0xff
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,
+ 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
+ 0xff, 0xf1, 0xff, 0xff, 0xff, 0x00, /* 0xf1 for '=' */
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
+ 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
+ 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a,
+ 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+ 0x31, 0x32, 0x33, 0xff, 0xff, 0xff,
+ 0xff, 0xff
};
-inline static int encode(char * result, const uint8 * data, int left)
+inline static int encode(char *result, const uint8 * data, int left)
{
- int data_len;
-
- if (left > 3)
- data_len = 3;
- else
- data_len = left;
-
- switch (data_len) {
- case 3:
- result[0] = b64table[(data[0] >> 2)];
- result[1] =
- b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
- (data[1] >> 4))];
- result[2] =
- b64table[((((data[1] & 0x0f) << 2) & 0xff) |
- (data[2] >> 6))];
- result[3] = b64table[(((data[2] << 2) & 0xff) >> 2)];
- break;
- case 2:
- result[0] = b64table[(data[0] >> 2)];
- result[1] =
- b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
- (data[1] >> 4))];
- result[2] = b64table[(((data[1] << 4) & 0xff) >> 2)];
- result[3] = '=';
- break;
- case 1:
- result[0] = b64table[(data[0] >> 2)];
- result[1] =
- b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff))];
- result[2] = '=';
- result[3] = '=';
- break;
- default:
- return -1;
- }
-
- return 4;
+ int data_len;
+
+ if (left > 3)
+ data_len = 3;
+ else
+ data_len = left;
+
+ switch (data_len) {
+ case 3:
+ result[0] = b64table[(data[0] >> 2)];
+ result[1] =
+ b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
+ (data[1] >> 4))];
+ result[2] =
+ b64table[((((data[1] & 0x0f) << 2) & 0xff) | (data[2] >> 6))];
+ result[3] = b64table[(((data[2] << 2) & 0xff) >> 2)];
+ break;
+ case 2:
+ result[0] = b64table[(data[0] >> 2)];
+ result[1] =
+ b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
+ (data[1] >> 4))];
+ result[2] = b64table[(((data[1] << 4) & 0xff) >> 2)];
+ result[3] = '=';
+ break;
+ case 1:
+ result[0] = b64table[(data[0] >> 2)];
+ result[1] = b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff))];
+ result[2] = '=';
+ result[3] = '=';
+ break;
+ default:
+ return -1;
+ }
+
+ return 4;
}
@@ -106,61 +104,62 @@ inline static int encode(char * result, const uint8 * data, int left)
#define TOASCII(c) (c < 127 ? asciitable[c] : 0xff)
inline static int decode(uint8 * result, const opaque * data)
{
- uint8 a1, a2;
- int ret = 3;
-
- a1 = TOASCII(data[0]);
- a2 = TOASCII(data[1]);
- if (a1 == 0xff || a2 == 0xff)
- return -1;
- result[0] = ((a1 << 2) & 0xff) | ((a2 >> 4) & 0xff);
-
- a1 = a2;
- a2 = TOASCII(data[2]);
- if (a2 == 0xff)
- return -1;
- result[1] = ((a1 << 4) & 0xff) | ((a2 >> 2) & 0xff);
-
- a1 = a2;
- a2 = TOASCII(data[3]);
- if (a2 == 0xff)
- return -1;
- result[2] = ((a1 << 6) & 0xff) | (a2 & 0xff);
-
- if (data[2] == '=')
- ret--;
-
- if (data[3] == '=')
- ret--;
- return ret;
+ uint8 a1, a2;
+ int ret = 3;
+
+ a1 = TOASCII(data[0]);
+ a2 = TOASCII(data[1]);
+ if (a1 == 0xff || a2 == 0xff)
+ return -1;
+ result[0] = ((a1 << 2) & 0xff) | ((a2 >> 4) & 0xff);
+
+ a1 = a2;
+ a2 = TOASCII(data[2]);
+ if (a2 == 0xff)
+ return -1;
+ result[1] = ((a1 << 4) & 0xff) | ((a2 >> 2) & 0xff);
+
+ a1 = a2;
+ a2 = TOASCII(data[3]);
+ if (a2 == 0xff)
+ return -1;
+ result[2] = ((a1 << 6) & 0xff) | (a2 & 0xff);
+
+ if (data[2] == '=')
+ ret--;
+
+ if (data[3] == '=')
+ ret--;
+ return ret;
}
/* encodes data and puts the result into result (locally allocated)
* The result_size is the return value
*/
-int _gnutls_base64_encode(const uint8 * data, size_t data_size, uint8 ** result)
+int _gnutls_base64_encode(const uint8 * data, size_t data_size,
+ uint8 ** result)
{
- unsigned int i, j;
- int ret, tmp;
- char tmpres[4];
-
- ret = B64SIZE( data_size);
-
- (*result) = gnutls_malloc(ret + 1);
- if ((*result) == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- for (i = j = 0; i < data_size; i += 3, j += 4) {
- tmp = encode(tmpres, &data[i], data_size - i);
- if (tmp == -1) {
- gnutls_free( (*result));
- return GNUTLS_E_MEMORY_ERROR;
- }
- memcpy(&(*result)[j], tmpres, tmp);
+ unsigned int i, j;
+ int ret, tmp;
+ char tmpres[4];
+
+ ret = B64SIZE(data_size);
+
+ (*result) = gnutls_malloc(ret + 1);
+ if ((*result) == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ for (i = j = 0; i < data_size; i += 3, j += 4) {
+ tmp = encode(tmpres, &data[i], data_size - i);
+ if (tmp == -1) {
+ gnutls_free((*result));
+ return GNUTLS_E_MEMORY_ERROR;
}
- (*result)[ret] = 0; /* null terminated */
+ memcpy(&(*result)[j], tmpres, tmp);
+ }
+ (*result)[ret] = 0; /* null terminated */
- return ret;
+ return ret;
}
#define INCR(what, size) \
@@ -171,102 +170,103 @@ int _gnutls_base64_encode(const uint8 * data, size_t data_size, uint8 ** result)
gnutls_free( (*result)); *result = NULL; \
return GNUTLS_E_INTERNAL_ERROR; \
} \
- } while(0)
+ } while(0)
/* encodes data and puts the result into result (locally allocated)
* The result_size (including the null terminator) is the return value.
*/
-int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size,
- uint8 ** result)
+int _gnutls_fbase64_encode(const char *msg, const uint8 * data,
+ int data_size, uint8 ** result)
{
- int i, ret, tmp, j;
- char tmpres[4];
- uint8 *ptr;
- uint8 top[80];
- uint8 bottom[80];
- int pos, bytes, top_len, bottom_len;
- size_t msglen = strlen(msg);
-
- if (msglen > 50) {
- gnutls_assert();
- return GNUTLS_E_BASE64_ENCODING_ERROR;
+ int i, ret, tmp, j;
+ char tmpres[4];
+ uint8 *ptr;
+ uint8 top[80];
+ uint8 bottom[80];
+ int pos, bytes, top_len, bottom_len;
+ size_t msglen = strlen(msg);
+
+ if (msglen > 50) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_ENCODING_ERROR;
+ }
+
+ memset(bottom, 0, sizeof(bottom));
+ memset(top, 0, sizeof(top));
+
+ strcat(top, "-----BEGIN "); /* Flawfinder: ignore */
+ strcat(top, msg); /* Flawfinder: ignore */
+ strcat(top, "-----"); /* Flawfinder: ignore */
+
+ strcat(bottom, "\n-----END "); /* Flawfinder: ignore */
+ strcat(bottom, msg); /* Flawfinder: ignore */
+ strcat(bottom, "-----\n"); /* Flawfinder: ignore */
+
+ top_len = strlen(top);
+ bottom_len = strlen(bottom);
+
+ ret = B64FSIZE(msglen, data_size);
+
+ (*result) = gnutls_calloc(1, ret + 1);
+ if ((*result) == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ bytes = pos = 0;
+ INCR(bytes, top_len);
+ pos = top_len;
+
+ strcpy(*result, top); /* Flawfinder: ignore */
+
+ for (i = j = 0; i < data_size; i += 3, j += 4) {
+
+ tmp = encode(tmpres, &data[i], data_size - i);
+ if (tmp == -1) {
+ gnutls_assert();
+ gnutls_free((*result));
+ *result = NULL;
+ return GNUTLS_E_BASE64_ENCODING_ERROR;
}
- memset(bottom, 0, sizeof(bottom));
- memset(top, 0, sizeof(top));
+ INCR(bytes, 4);
+ ptr = &(*result)[j + pos];
- strcat(top, "-----BEGIN "); /* Flawfinder: ignore */
- strcat(top, msg); /* Flawfinder: ignore */
- strcat(top, "-----"); /* Flawfinder: ignore */
-
- strcat(bottom, "\n-----END "); /* Flawfinder: ignore */
- strcat(bottom, msg); /* Flawfinder: ignore */
- strcat(bottom, "-----\n"); /* Flawfinder: ignore */
-
- top_len = strlen(top);
- bottom_len = strlen(bottom);
+ if ((j) % 64 == 0) {
+ INCR(bytes, 1);
+ pos++;
+ *ptr++ = '\n';
+ }
+ *ptr++ = tmpres[0];
- ret = B64FSIZE( msglen, data_size);
+ if ((j + 1) % 64 == 0) {
+ INCR(bytes, 1);
+ pos++;
+ *ptr++ = '\n';
+ }
+ *ptr++ = tmpres[1];
- (*result) = gnutls_calloc(1, ret + 1);
- if ((*result) == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if ((j + 2) % 64 == 0) {
+ INCR(bytes, 1);
+ pos++;
+ *ptr++ = '\n';
}
+ *ptr++ = tmpres[2];
- bytes = pos = 0;
- INCR( bytes, top_len);
- pos = top_len;
-
- strcpy(*result, top); /* Flawfinder: ignore */
-
- for (i = j = 0; i < data_size; i += 3, j += 4) {
-
- tmp = encode(tmpres, &data[i], data_size - i);
- if (tmp == -1) {
- gnutls_assert();
- gnutls_free( (*result)); *result = NULL;
- return GNUTLS_E_BASE64_ENCODING_ERROR;
- }
-
- INCR(bytes, 4);
- ptr = &(*result)[j + pos];
-
- if ((j) % 64 == 0) {
- INCR(bytes, 1);
- pos++;
- *ptr++ = '\n';
- }
- *ptr++ = tmpres[0];
-
- if ((j + 1) % 64 == 0) {
- INCR(bytes, 1);
- pos++;
- *ptr++ = '\n';
- }
- *ptr++ = tmpres[1];
-
- if ((j + 2) % 64 == 0) {
- INCR(bytes, 1);
- pos++;
- *ptr++ = '\n';
- }
- *ptr++ = tmpres[2];
-
- if ((j + 3) % 64 == 0) {
- INCR(bytes, 1);
- pos++;
- *ptr++ = '\n';
- }
- *ptr++ = tmpres[3];
+ if ((j + 3) % 64 == 0) {
+ INCR(bytes, 1);
+ pos++;
+ *ptr++ = '\n';
}
+ *ptr++ = tmpres[3];
+ }
- INCR( bytes, bottom_len);
+ INCR(bytes, bottom_len);
- memcpy( &(*result)[ bytes-bottom_len], bottom, bottom_len);
- (*result)[ bytes] = 0;
+ memcpy(&(*result)[bytes - bottom_len], bottom, bottom_len);
+ (*result)[bytes] = 0;
- return ret + 1;
+ return ret + 1;
}
/**
@@ -284,26 +284,27 @@ int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size,
* the terminating null.
*
**/
-int gnutls_pem_base64_encode( const char* msg, const gnutls_datum *data, char* result,
- size_t* result_size) {
-opaque* ret;
-int size;
-
- size = _gnutls_fbase64_encode( msg, data->data, data->size, &ret);
- if (size < 0)
- return size;
-
- if (result==NULL || *result_size < (uint)size) {
- gnutls_free(ret);
- *result_size = size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- } else {
- memcpy( result, ret, size);
- gnutls_free(ret);
- *result_size = size - 1;
- }
-
- return 0;
+int gnutls_pem_base64_encode(const char *msg, const gnutls_datum * data,
+ char *result, size_t * result_size)
+{
+ opaque *ret;
+ int size;
+
+ size = _gnutls_fbase64_encode(msg, data->data, data->size, &ret);
+ if (size < 0)
+ return size;
+
+ if (result == NULL || *result_size < (uint) size) {
+ gnutls_free(ret);
+ *result_size = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ memcpy(result, ret, size);
+ gnutls_free(ret);
+ *result_size = size - 1;
+ }
+
+ return 0;
}
/**
@@ -319,69 +320,74 @@ int size;
* You should use gnutls_free() to free the returned data.
*
**/
-int gnutls_pem_base64_encode_alloc( const char* msg, const gnutls_datum *data,
- gnutls_datum* result)
+int gnutls_pem_base64_encode_alloc(const char *msg,
+ const gnutls_datum * data,
+ gnutls_datum * result)
{
-opaque* ret;
-int size;
+ opaque *ret;
+ int size;
- if (result==NULL) return GNUTLS_E_INVALID_REQUEST;
+ if (result == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- size = _gnutls_fbase64_encode( msg, data->data, data->size, &ret);
- if (size < 0)
- return size;
+ size = _gnutls_fbase64_encode(msg, data->data, data->size, &ret);
+ if (size < 0)
+ return size;
- result->data = ret;
- result->size = size - 1;
- return 0;
+ result->data = ret;
+ result->size = size - 1;
+ return 0;
}
/* decodes data and puts the result into result (locally allocated)
* The result_size is the return value
*/
-int _gnutls_base64_decode(const uint8 * data, size_t data_size, uint8 ** result)
+int _gnutls_base64_decode(const uint8 * data, size_t data_size,
+ uint8 ** result)
{
- unsigned int i, j;
- int ret, tmp, est;
- uint8 tmpres[3];
-
- est = ((data_size * 3) / 4) + 1;
- (*result) = gnutls_malloc(est);
- if ((*result) == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- ret = 0;
- for (i = j = 0; i < data_size; i += 4, j += 3) {
- tmp = decode(tmpres, &data[i]);
- if (tmp < 0) {
- gnutls_free( *result); *result = NULL;
- return tmp;
- }
- memcpy(&(*result)[j], tmpres, tmp);
- ret += tmp;
+ unsigned int i, j;
+ int ret, tmp, est;
+ uint8 tmpres[3];
+
+ est = ((data_size * 3) / 4) + 1;
+ (*result) = gnutls_malloc(est);
+ if ((*result) == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = 0;
+ for (i = j = 0; i < data_size; i += 4, j += 3) {
+ tmp = decode(tmpres, &data[i]);
+ if (tmp < 0) {
+ gnutls_free(*result);
+ *result = NULL;
+ return tmp;
}
- return ret;
+ memcpy(&(*result)[j], tmpres, tmp);
+ ret += tmp;
+ }
+ return ret;
}
/* copies data to result but removes newlines and <CR>
* returns the size of the data copied.
*/
-inline static int cpydata(const uint8 * data, int data_size, uint8 ** result)
+inline static int cpydata(const uint8 * data, int data_size,
+ uint8 ** result)
{
- int i, j;
-
- (*result) = gnutls_malloc(data_size);
- if (*result == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- for (j = i = 0; i < data_size; i++) {
- if (data[i] == '\n' || data[i] == '\r')
- continue;
- (*result)[j] = data[i];
- j++;
- }
- return j;
+ int i, j;
+
+ (*result) = gnutls_malloc(data_size);
+ if (*result == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ for (j = i = 0; i < data_size; i++) {
+ if (data[i] == '\n' || data[i] == '\r')
+ continue;
+ (*result)[j] = data[i];
+ j++;
+ }
+ return j;
}
/* Searches the given string for ONE PEM encoded certificate, and
@@ -391,90 +397,91 @@ inline static int cpydata(const uint8 * data, int data_size, uint8 ** result)
*/
#define ENDSTR "-----\n"
#define ENDSTR2 "-----\r"
-int _gnutls_fbase64_decode( const char* header, const opaque * data, size_t data_size,
- uint8 ** result)
+int _gnutls_fbase64_decode(const char *header, const opaque * data,
+ size_t data_size, uint8 ** result)
{
- int ret;
- static const char top[] = "-----BEGIN ";
- static const char bottom[] = "\n-----END ";
- uint8 *rdata;
- int rdata_size;
- uint8 *kdata;
- int kdata_size;
- char pem_header[128];
-
- _gnutls_str_cpy( pem_header, sizeof(pem_header), top);
- if (header != NULL)
- _gnutls_str_cat( pem_header, sizeof(pem_header), header);
-
- rdata = strnstr( data, pem_header, data_size);
-
- if (rdata==NULL) {
- gnutls_assert();
- _gnutls_debug_log( "Could not find '%s'\n", pem_header);
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- data_size -= (unsigned long int)rdata-(unsigned long int)data;
-
- if (data_size < 4 + strlen(bottom)) {
- gnutls_assert();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- kdata = strnstr( rdata, ENDSTR, data_size);
- /* allow CR as well.
- */
- if (kdata==NULL) kdata = strnstr( rdata, ENDSTR2, data_size);
-
- if (kdata==NULL) {
- gnutls_assert();
- _gnutls_x509_log( "Could not find '%s'\n", ENDSTR);
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
- data_size -= strlen(ENDSTR);
- data_size -= (unsigned long int)kdata-(unsigned long int)rdata;
-
- rdata = kdata + strlen(ENDSTR);
-
- /* position is now after the ---BEGIN--- headers */
-
- kdata = strnstr( rdata, bottom, data_size);
- if (kdata==NULL) {
- gnutls_assert();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- /* position of kdata is before the ----END--- footer
- */
- rdata_size = (unsigned long int)kdata-(unsigned long int)rdata;
-
- if (rdata_size < 4) {
- gnutls_assert();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
-
- kdata_size = cpydata(rdata, rdata_size, &kdata);
-
- if (kdata_size < 0) {
- gnutls_assert();
- return kdata_size;
- }
-
- if (kdata_size < 4) {
- gnutls_assert();
- gnutls_free(kdata);
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
+ int ret;
+ static const char top[] = "-----BEGIN ";
+ static const char bottom[] = "\n-----END ";
+ uint8 *rdata;
+ int rdata_size;
+ uint8 *kdata;
+ int kdata_size;
+ char pem_header[128];
+
+ _gnutls_str_cpy(pem_header, sizeof(pem_header), top);
+ if (header != NULL)
+ _gnutls_str_cat(pem_header, sizeof(pem_header), header);
+
+ rdata = strnstr(data, pem_header, data_size);
+
+ if (rdata == NULL) {
+ gnutls_assert();
+ _gnutls_debug_log("Could not find '%s'\n", pem_header);
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ data_size -= (unsigned long int) rdata - (unsigned long int) data;
+
+ if (data_size < 4 + strlen(bottom)) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ kdata = strnstr(rdata, ENDSTR, data_size);
+ /* allow CR as well.
+ */
+ if (kdata == NULL)
+ kdata = strnstr(rdata, ENDSTR2, data_size);
+
+ if (kdata == NULL) {
+ gnutls_assert();
+ _gnutls_x509_log("Could not find '%s'\n", ENDSTR);
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ data_size -= strlen(ENDSTR);
+ data_size -= (unsigned long int) kdata - (unsigned long int) rdata;
+
+ rdata = kdata + strlen(ENDSTR);
+
+ /* position is now after the ---BEGIN--- headers */
+
+ kdata = strnstr(rdata, bottom, data_size);
+ if (kdata == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ /* position of kdata is before the ----END--- footer
+ */
+ rdata_size = (unsigned long int) kdata - (unsigned long int) rdata;
+
+ if (rdata_size < 4) {
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ kdata_size = cpydata(rdata, rdata_size, &kdata);
+
+ if (kdata_size < 0) {
+ gnutls_assert();
+ return kdata_size;
+ }
+
+ if (kdata_size < 4) {
+ gnutls_assert();
+ gnutls_free(kdata);
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
- if ((ret = _gnutls_base64_decode( kdata, kdata_size, result)) < 0) {
- gnutls_free(kdata);
- gnutls_assert();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
+ if ((ret = _gnutls_base64_decode(kdata, kdata_size, result)) < 0) {
gnutls_free(kdata);
-
- return ret;
+ gnutls_assert();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ gnutls_free(kdata);
+
+ return ret;
}
/**
@@ -491,27 +498,30 @@ int _gnutls_fbase64_decode( const char* header, const opaque * data, size_t data
* Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough,
* or 0 on success.
**/
-int gnutls_pem_base64_decode( const char* header, const gnutls_datum *b64_data,
- unsigned char* result, size_t* result_size)
+int gnutls_pem_base64_decode(const char *header,
+ const gnutls_datum * b64_data,
+ unsigned char *result, size_t * result_size)
{
-opaque* ret;
-int size;
-
- size = _gnutls_fbase64_decode( header, b64_data->data, b64_data->size, &ret);
- if (size < 0)
- return size;
-
- if (result==NULL || *result_size < (uint)size) {
- gnutls_free(ret);
- *result_size = size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- } else {
- memcpy( result, ret, size);
- gnutls_free(ret);
- *result_size = size;
- }
-
- return 0;
+ opaque *ret;
+ int size;
+
+ size =
+ _gnutls_fbase64_decode(header, b64_data->data, b64_data->size,
+ &ret);
+ if (size < 0)
+ return size;
+
+ if (result == NULL || *result_size < (uint) size) {
+ gnutls_free(ret);
+ *result_size = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ } else {
+ memcpy(result, ret, size);
+ gnutls_free(ret);
+ *result_size = size;
+ }
+
+ return 0;
}
/**
@@ -529,19 +539,23 @@ int size;
* You should use gnutls_free() to free the returned data.
*
**/
-int gnutls_pem_base64_decode_alloc( const char* header, const gnutls_datum *b64_data,
- gnutls_datum* result)
+int gnutls_pem_base64_decode_alloc(const char *header,
+ const gnutls_datum * b64_data,
+ gnutls_datum * result)
{
-opaque* ret;
-int size;
+ opaque *ret;
+ int size;
- if (result==NULL) return GNUTLS_E_INVALID_REQUEST;
+ if (result == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
- size = _gnutls_fbase64_decode( header, b64_data->data, b64_data->size, &ret);
- if (size < 0)
- return size;
+ size =
+ _gnutls_fbase64_decode(header, b64_data->data, b64_data->size,
+ &ret);
+ if (size < 0)
+ return size;
- result->data = ret;
- result->size = size;
- return 0;
+ result->data = ret;
+ result->size = size;
+ return 0;
}
diff --git a/lib/x509_b64.h b/lib/x509_b64.h
index ada3333742..11ce26eeb0 100644
--- a/lib/x509_b64.h
+++ b/lib/x509_b64.h
@@ -1,15 +1,17 @@
-int _gnutls_base64_encode(const uint8 * data, size_t data_size, uint8 ** result);
-int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size,
- uint8 ** result);
-int _gnutls_base64_decode(const uint8 * data, size_t data_size, uint8 ** result);
-int _gnutls_fbase64_decode( const char* header, const uint8 * data, size_t data_size,
- uint8 ** result);
+int _gnutls_base64_encode(const uint8 * data, size_t data_size,
+ uint8 ** result);
+int _gnutls_fbase64_encode(const char *msg, const uint8 * data,
+ int data_size, uint8 ** result);
+int _gnutls_base64_decode(const uint8 * data, size_t data_size,
+ uint8 ** result);
+int _gnutls_fbase64_decode(const char *header, const uint8 * data,
+ size_t data_size, uint8 ** result);
#define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4)))
/* The size for B64 encoding + newlines plus header
*/
-
+
#define HEADSIZE( hsize) \
sizeof("-----BEGIN ")-1+sizeof("-----")-1+ \
sizeof("\n-----END ")-1+sizeof("-----\n")-1+hsize+hsize
@@ -17,4 +19,3 @@ int _gnutls_fbase64_decode( const char* header, const uint8 * data, size_t data_
#define B64FSIZE( hsize, dsize) \
(B64SIZE(dsize) + HEADSIZE(hsize) + /*newlines*/ \
B64SIZE(dsize)/64 + (((B64SIZE(dsize) % 64) > 0) ? 1 : 0))
-
View Lorry Controller Status