summaryrefslogtreecommitdiff
path: root/lib/ext/client_cert_type.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ext/client_cert_type.c')
-rw-r--r--lib/ext/client_cert_type.c184
1 files changed, 92 insertions, 92 deletions
diff --git a/lib/ext/client_cert_type.c b/lib/ext/client_cert_type.c
index 772f9da640..230991f9d7 100644
--- a/lib/ext/client_cert_type.c
+++ b/lib/ext/client_cert_type.c
@@ -37,10 +37,10 @@
#include "datum.h"
static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
- const uint8_t * data,
+ const uint8_t *data,
size_t data_size);
static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
- gnutls_buffer_st * data);
+ gnutls_buffer_st *data);
const hello_ext_entry_st ext_mod_client_cert_type = {
.name = "Client Certificate Type",
@@ -48,10 +48,9 @@ const hello_ext_entry_st ext_mod_client_cert_type = {
.gid = GNUTLS_EXTENSION_CLIENT_CERT_TYPE,
.client_parse_point = GNUTLS_EXT_TLS,
.server_parse_point = GNUTLS_EXT_TLS,
- .validity = GNUTLS_EXT_FLAG_TLS |
- GNUTLS_EXT_FLAG_DTLS |
- GNUTLS_EXT_FLAG_CLIENT_HELLO |
- GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO | GNUTLS_EXT_FLAG_EE,
+ .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS |
+ GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO | GNUTLS_EXT_FLAG_EE,
.recv_func = _gnutls_client_cert_type_recv_params,
.send_func = _gnutls_client_cert_type_send_params,
.pack_func = _gnutls_hello_ext_default_pack,
@@ -61,7 +60,7 @@ const hello_ext_entry_st ext_mod_client_cert_type = {
};
static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
- const uint8_t * data,
+ const uint8_t *data,
size_t data_size)
{
int ret;
@@ -76,15 +75,15 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
(_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL))
return 0;
- if (!IS_SERVER(session)) { // client mode
- gnutls_datum_t sent_cert_types; // Holds the previously sent cert types
+ if (!IS_SERVER(session)) { // client mode
+ gnutls_datum_t
+ sent_cert_types; // Holds the previously sent cert types
/* Compare packet length with expected packet length. For the
* client this is a single byte. */
if (data_size != 1) {
- return
- gnutls_assert_val
- (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ return gnutls_assert_val(
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
}
/* The server picked one of the offered cert types if he supports
@@ -95,23 +94,22 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
* to check it nevertheless. */
cert_type = IANA2cert_type(pdata[0]);
- _gnutls_handshake_log
- ("EXT[%p]: Received a %s client certificate type confirmation from the server.\n",
- session, gnutls_certificate_type_get_name(cert_type));
+ _gnutls_handshake_log(
+ "EXT[%p]: Received a %s client certificate type confirmation from the server.\n",
+ session, gnutls_certificate_type_get_name(cert_type));
// Check validity of cert type
if (cert_type == GNUTLS_CRT_UNKNOWN) {
- return
- gnutls_assert_val
- (GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
+ return gnutls_assert_val(
+ GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
}
/* Get the cert types that we sent to the server (they were stored
* in IANA representation.
*/
- ret = _gnutls_hello_ext_get_datum(session,
- GNUTLS_EXTENSION_CLIENT_CERT_TYPE,
- &sent_cert_types);
+ ret = _gnutls_hello_ext_get_datum(
+ session, GNUTLS_EXTENSION_CLIENT_CERT_TYPE,
+ &sent_cert_types);
if (ret < 0) {
/* This should not happen and indicate a memory corruption!
* Assertion are always on in production code so execution
@@ -137,20 +135,20 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
return ret;
- } else { // server mode
- gnutls_datum_t cert_types; // Holds the received cert types
+ } else { // server mode
+ gnutls_datum_t cert_types; // Holds the received cert types
// Compare packet length with expected packet length.
DECR_LEN(data_size, 1);
if (data[0] != data_size) {
- return
- gnutls_assert_val
- (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ return gnutls_assert_val(
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
}
pdata += 1;
// Assign the contents of our data buffer to a gnutls_datum_t
- cert_types.data = (uint8_t *) pdata; // Need casting to get rid of 'discards const qualifier' warning
+ cert_types.data = (uint8_t *)
+ pdata; // Need casting to get rid of 'discards const qualifier' warning
cert_types.size = data_size;
// Store the client certificate types in our session
@@ -172,15 +170,15 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
if (cert_type == GNUTLS_CRT_UNKNOWN)
continue;
- _gnutls_handshake_log
- ("EXT[%p]: Checking compatibility of a %s client certificate type that was received from the client.\n",
- session,
- gnutls_certificate_type_get_name(cert_type));
+ _gnutls_handshake_log(
+ "EXT[%p]: Checking compatibility of a %s client certificate type that was received from the client.\n",
+ session,
+ gnutls_certificate_type_get_name(cert_type));
// Check for support of this cert type
- if (_gnutls_session_is_cert_type_supported
- (session, cert_type, false,
- GNUTLS_CTYPE_CLIENT) == 0) {
+ if (_gnutls_session_is_cert_type_supported(
+ session, cert_type, false,
+ GNUTLS_CTYPE_CLIENT) == 0) {
found = true;
break;
}
@@ -196,9 +194,10 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
* with a fatal alert of type "unsupported_certificate"
* (according to specification rfc7250).
*/
- _gnutls_handshake_log
- ("EXT[%p]: No supported client certificate type was found. "
- "Aborting connection.\n", session);
+ _gnutls_handshake_log(
+ "EXT[%p]: No supported client certificate type was found. "
+ "Aborting connection.\n",
+ session);
ret = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
}
@@ -207,10 +206,10 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
}
static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
- gnutls_buffer_st * data)
+ gnutls_buffer_st *data)
{
int ret;
- uint8_t cert_type_IANA; // Holds an IANA cert type ID
+ uint8_t cert_type_IANA; // Holds an IANA cert type ID
gnutls_certificate_type_t cert_type;
/* Only activate this extension if we have cert credentials set
@@ -219,11 +218,12 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
(_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL))
return 0;
- if (!IS_SERVER(session)) { // Client mode
- uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported (IANA) cert types. Inv: 0 <= cert type Id < 256
+ if (!IS_SERVER(session)) { // Client mode
+ uint8_t cert_types
+ [GNUTLS_CRT_MAX]; // The list with supported (IANA) cert types. Inv: 0 <= cert type Id < 256
size_t i, num_cert_types = 0;
priority_st *cert_priorities;
- gnutls_datum_t tmp_cert_types; // For type conversion
+ gnutls_datum_t tmp_cert_types; // For type conversion
// For brevity
cert_priorities = &session->internals.priorities->client_ctype;
@@ -233,7 +233,8 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
* initialization values apply. This default is currently set to
* x.509 in which case we don't enable this extension.
*/
- if (cert_priorities->num_priorities > 0) { // Priorities are explicitly set
+ if (cert_priorities->num_priorities >
+ 0) { // Priorities are explicitly set
/* If the certificate priority is explicitly set to only
* X.509 (default) then, according to spec we don't send
* this extension. We check this here to avoid further work in
@@ -242,13 +243,13 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
*/
if (cert_priorities->num_priorities == 1 &&
cert_priorities->priorities[0] ==
- DEFAULT_CERT_TYPE) {
- _gnutls_handshake_log
- ("EXT[%p]: Client certificate type was set to default cert type (%s). "
- "We therefore do not send this extension.\n",
- session,
- gnutls_certificate_type_get_name
- (DEFAULT_CERT_TYPE));
+ DEFAULT_CERT_TYPE) {
+ _gnutls_handshake_log(
+ "EXT[%p]: Client certificate type was set to default cert type (%s). "
+ "We therefore do not send this extension.\n",
+ session,
+ gnutls_certificate_type_get_name(
+ DEFAULT_CERT_TYPE));
// Explicitly set but default ctype, so don't send anything
return 0;
@@ -261,17 +262,16 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
for (i = 0; i < cert_priorities->num_priorities; i++) {
cert_type = cert_priorities->priorities[i];
- if (_gnutls_session_is_cert_type_supported
- (session, cert_type, true,
- GNUTLS_CTYPE_CLIENT) == 0) {
+ if (_gnutls_session_is_cert_type_supported(
+ session, cert_type, true,
+ GNUTLS_CTYPE_CLIENT) == 0) {
/* Check whether we are allowed to store another cert type
* in our buffer. In other words, prevent a possible buffer
* overflow. This situation can occur when a user sets
* duplicate cert types in the priority strings. */
if (num_cert_types >= GNUTLS_CRT_MAX)
- return
- gnutls_assert_val
- (GNUTLS_E_SHORT_MEMORY_BUFFER);
+ return gnutls_assert_val(
+ GNUTLS_E_SHORT_MEMORY_BUFFER);
// Convert to IANA representation
ret = cert_type2IANA(cert_type);
@@ -279,18 +279,19 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val(ret);
- cert_type_IANA = ret; // For readability
+ cert_type_IANA = ret; // For readability
// Add this cert type to our list with supported types
cert_types[num_cert_types] =
- cert_type_IANA;
+ cert_type_IANA;
num_cert_types++;
- _gnutls_handshake_log
- ("EXT[%p]: Client certificate type %s (%d) was queued.\n",
- session,
- gnutls_certificate_type_get_name
- (cert_type), cert_type_IANA);
+ _gnutls_handshake_log(
+ "EXT[%p]: Client certificate type %s (%d) was queued.\n",
+ session,
+ gnutls_certificate_type_get_name(
+ cert_type),
+ cert_type_IANA);
}
}
@@ -300,22 +301,22 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
* we do not send this extension (according to RFC7250).
*/
if (num_cert_types == 0) {
- _gnutls_handshake_log
- ("EXT[%p]: Client certificate types were set but none of them is supported. "
- "You might want to check your credentials or your priorities. "
- "We do not send this extension.\n",
- session);
+ _gnutls_handshake_log(
+ "EXT[%p]: Client certificate types were set but none of them is supported. "
+ "You might want to check your credentials or your priorities. "
+ "We do not send this extension.\n",
+ session);
return 0;
} else if (num_cert_types == 1 &&
IANA2cert_type(cert_types[0]) ==
- DEFAULT_CERT_TYPE) {
- _gnutls_handshake_log
- ("EXT[%p]: The only supported client certificate type is (%s) which is the default. "
- "We therefore do not send this extension.\n",
- session,
- gnutls_certificate_type_get_name
- (DEFAULT_CERT_TYPE));
+ DEFAULT_CERT_TYPE) {
+ _gnutls_handshake_log(
+ "EXT[%p]: The only supported client certificate type is (%s) which is the default. "
+ "We therefore do not send this extension.\n",
+ session,
+ gnutls_certificate_type_get_name(
+ DEFAULT_CERT_TYPE));
return 0;
}
@@ -327,17 +328,16 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
tmp_cert_types.data = cert_types;
tmp_cert_types.size = num_cert_types;
- _gnutls_hello_ext_set_datum(session,
- GNUTLS_EXTENSION_CLIENT_CERT_TYPE,
- &tmp_cert_types);
+ _gnutls_hello_ext_set_datum(
+ session, GNUTLS_EXTENSION_CLIENT_CERT_TYPE,
+ &tmp_cert_types);
/* Serialize the certificate types into a sequence of octets
* uint8: length of sequence of cert types (1 octet)
* uint8: cert types (0 <= #octets <= 255)
*/
- ret = _gnutls_buffer_append_data_prefix(data, 8,
- cert_types,
- num_cert_types);
+ ret = _gnutls_buffer_append_data_prefix(
+ data, 8, cert_types, num_cert_types);
// Check for errors
if (ret < 0) {
@@ -347,7 +347,7 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
return num_cert_types + 1;
}
}
- } else { // Server mode
+ } else { // Server mode
const version_entry_st *vers = get_version(session);
/* TLS 1.2:
* Check whether we are going to send a certificate request,
@@ -370,27 +370,27 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session,
* when we cannot find a matching client certificate. This is conform
* spec (RFC7250, 4.2 case 2.).
*/
- cert_type =
- get_certificate_type(session, GNUTLS_CTYPE_CLIENT);
+ cert_type = get_certificate_type(session,
+ GNUTLS_CTYPE_CLIENT);
ret = cert_type2IANA(cert_type);
if (ret < 0)
return gnutls_assert_val(ret);
- cert_type_IANA = ret; // For readability
+ cert_type_IANA = ret; // For readability
- _gnutls_handshake_log
- ("EXT[%p]: Confirming to use a %s client certificate type.\n",
- session,
- gnutls_certificate_type_get_name(cert_type));
+ _gnutls_handshake_log(
+ "EXT[%p]: Confirming to use a %s client certificate type.\n",
+ session,
+ gnutls_certificate_type_get_name(cert_type));
- ret =
- gnutls_buffer_append_data(data, &cert_type_IANA, 1);
+ ret = gnutls_buffer_append_data(data, &cert_type_IANA,
+ 1);
if (ret < 0)
return gnutls_assert_val(ret);
- return 1; // sent one byte
+ return 1; // sent one byte
}
}
View Lorry Controller Status