diff options
Diffstat (limited to 'lib/auth/rsa.c')
| -rw-r--r-- | lib/auth/rsa.c | 30 |
1 files changed, 11 insertions, 19 deletions
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index 8108ee841d..62c86e470a 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -66,15 +66,16 @@ static int check_key_usage_for_enc(gnutls_session_t session, unsigned key_usage) { if (key_usage != 0) { - if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT) && !(key_usage & GNUTLS_KEY_KEY_AGREEMENT)) { + if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT) + && !(key_usage & GNUTLS_KEY_KEY_AGREEMENT)) { gnutls_assert(); if (session->internals.allow_key_usage_violation == 0) { _gnutls_audit_log(session, - "Peer's certificate does not allow encryption. Key usage violation detected.\n"); + "Peer's certificate does not allow encryption. Key usage violation detected.\n"); return GNUTLS_E_KEY_USAGE_VIOLATION; } else { _gnutls_audit_log(session, - "Peer's certificate does not allow encryption. Key usage violation detected (ignored).\n"); + "Peer's certificate does not allow encryption. Key usage violation detected (ignored).\n"); } } } @@ -115,7 +116,6 @@ _gnutls_get_public_rsa_params(gnutls_session_t session, gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } - // Get the negotiated server certificate type cert_type = get_certificate_type(session, GNUTLS_CTYPE_SERVER); @@ -145,15 +145,14 @@ _gnutls_get_public_rsa_params(gnutls_session_t session, gnutls_pcert_deinit(&peer_cert); return 0; - cleanup2: + cleanup2: gnutls_pcert_deinit(&peer_cert); return ret; } static int -proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) { const char attack_error[] = "auth_rsa: Possible PKCS #1 attack\n"; gnutls_datum_t ciphertext; @@ -233,7 +232,7 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, ok &= CONSTCHECK_EQUAL(session->key.key.data[0], ver_maj); /* if check_ver_min then session->key.key.data[1] must equal ver_min */ ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) & - CONSTCHECK_EQUAL(session->key.key.data[1], ver_min); + CONSTCHECK_EQUAL(session->key.key.data[1], ver_min); if (ok) { /* call logging function unconditionally so all branches are @@ -253,13 +252,9 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, return 0; } - - /* return RSA(random) using the peers public key */ -int -_gnutls_gen_rsa_client_kx(gnutls_session_t session, - gnutls_buffer_st * data) +int _gnutls_gen_rsa_client_kx(gnutls_session_t session, gnutls_buffer_st * data) { cert_auth_info_t auth = session->key.auth_info; gnutls_datum_t sdata; /* data to send */ @@ -283,7 +278,7 @@ _gnutls_gen_rsa_client_kx(gnutls_session_t session, } ret = gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data, - session->key.key.size); + session->key.key.size); if (ret < 0) { gnutls_assert(); return ret; @@ -317,19 +312,16 @@ _gnutls_gen_rsa_client_kx(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - #ifdef ENABLE_SSL3 if (get_num_version(session) == GNUTLS_SSL3) { /* SSL 3.0 */ - ret = - _gnutls_buffer_append_data(data, sdata.data, - sdata.size); + ret = _gnutls_buffer_append_data(data, sdata.data, sdata.size); _gnutls_free_datum(&sdata); return ret; } else #endif - { /* TLS 1.x */ + { /* TLS 1.x */ ret = _gnutls_buffer_append_data_prefix(data, 16, sdata.data, sdata.size); |