summaryrefslogtreecommitdiff
path: root/lib/ext/server_cert_type.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ext/server_cert_type.c')
-rw-r--r--lib/ext/server_cert_type.c147
1 files changed, 81 insertions, 66 deletions
diff --git a/lib/ext/server_cert_type.c b/lib/ext/server_cert_type.c
index 6db2a1f92e..1e489bf308 100644
--- a/lib/ext/server_cert_type.c
+++ b/lib/ext/server_cert_type.c
@@ -36,13 +36,11 @@
#include "state.h"
#include "datum.h"
-
static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
- const uint8_t* data,
+ const uint8_t * data,
size_t data_size);
static int _gnutls_server_cert_type_send_params(gnutls_session_t session,
- gnutls_buffer_st* data);
-
+ gnutls_buffer_st * data);
const hello_ext_entry_st ext_mod_server_cert_type = {
.name = "Server Certificate Type",
@@ -51,10 +49,9 @@ const hello_ext_entry_st ext_mod_server_cert_type = {
.client_parse_point = GNUTLS_EXT_TLS,
.server_parse_point = GNUTLS_EXT_TLS,
.validity = GNUTLS_EXT_FLAG_TLS |
- GNUTLS_EXT_FLAG_DTLS |
- GNUTLS_EXT_FLAG_CLIENT_HELLO |
- GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO |
- GNUTLS_EXT_FLAG_EE,
+ GNUTLS_EXT_FLAG_DTLS |
+ GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO | GNUTLS_EXT_FLAG_EE,
.recv_func = _gnutls_server_cert_type_recv_params,
.send_func = _gnutls_server_cert_type_send_params,
.pack_func = _gnutls_hello_ext_default_pack,
@@ -63,31 +60,31 @@ const hello_ext_entry_st ext_mod_server_cert_type = {
.cannot_be_overriden = 1
};
-
static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
- const uint8_t* data,
+ const uint8_t * data,
size_t data_size)
{
int ret;
gnutls_certificate_type_t cert_type;
size_t i;
bool found = false;
- const uint8_t* pdata = data;
+ const uint8_t *pdata = data;
/* Only activate this extension if we have cert credentials set
* and alternative cert types are allowed */
if (!are_alternative_cert_types_allowed(session) ||
- (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL))
+ (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL))
return 0;
if (!IS_SERVER(session)) { // client mode
- gnutls_datum_t sent_cert_types; // Holds the previously sent cert types
+ gnutls_datum_t sent_cert_types; // Holds the previously sent cert types
/* Compare packet length with expected packet length. For the
* client this is a single byte. */
if (data_size != 1) {
return
- gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
}
/* The server picked one of the offered cert types if he supports
@@ -97,36 +94,40 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
* we're going to check it nevertheless. */
cert_type = IANA2cert_type(pdata[0]);
- _gnutls_handshake_log("EXT[%p]: Received a %s server certificate type confirmation from the server.\n",
- session, gnutls_certificate_type_get_name(cert_type));
+ _gnutls_handshake_log
+ ("EXT[%p]: Received a %s server certificate type confirmation from the server.\n",
+ session, gnutls_certificate_type_get_name(cert_type));
// Check validity of cert type
if (cert_type == GNUTLS_CRT_UNKNOWN) {
- return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
}
/* Get the cert types that we sent to the server (they were stored
* in IANA representation.
*/
ret = _gnutls_hello_ext_get_datum(session,
- GNUTLS_EXTENSION_SERVER_CERT_TYPE,
- &sent_cert_types);
+ GNUTLS_EXTENSION_SERVER_CERT_TYPE,
+ &sent_cert_types);
if (ret < 0) {
/* This should not happen and indicate a memory corruption!
* Assertion are always on in production code so execution
* will halt here. */
assert(false);
}
-
// Check whether what we got back is actually offered by us
for (i = 0; i < sent_cert_types.size; i++) {
- if (IANA2cert_type(sent_cert_types.data[i]) == cert_type)
+ if (IANA2cert_type(sent_cert_types.data[i]) ==
+ cert_type)
found = true;
}
if (found) {
// Everything OK, now set the server certificate type
- _gnutls_session_server_cert_type_set(session, cert_type);
+ _gnutls_session_server_cert_type_set(session,
+ cert_type);
ret = GNUTLS_E_SUCCESS;
} else {
// No valid cert type found
@@ -136,24 +137,25 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
return ret;
} else { // server mode
- gnutls_datum_t cert_types; // Holds the received cert types
+ gnutls_datum_t cert_types; // Holds the received cert types
// Compare packet length with expected packet length.
DECR_LEN(data_size, 1);
if (data[0] != data_size) {
return
- gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
}
pdata += 1;
// Assign the contents of our data buffer to a gnutls_datum_t
- cert_types.data = (uint8_t*)pdata; // Need casting to get rid of 'discards const qualifier' warning
+ cert_types.data = (uint8_t *) pdata; // Need casting to get rid of 'discards const qualifier' warning
cert_types.size = data_size;
// Store the server certificate types in our session
_gnutls_hello_ext_set_datum(session,
- GNUTLS_EXTENSION_SERVER_CERT_TYPE,
- &cert_types);
+ GNUTLS_EXTENSION_SERVER_CERT_TYPE,
+ &cert_types);
/* We receive a list of supported certificate types that the client
* is able to process when offered by the server via a subsequent
@@ -169,11 +171,15 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
if (cert_type == GNUTLS_CRT_UNKNOWN)
continue;
- _gnutls_handshake_log("EXT[%p]: Checking compatibility of a %s server certificate type that was received from the client.\n",
- session, gnutls_certificate_type_get_name(cert_type));
+ _gnutls_handshake_log
+ ("EXT[%p]: Checking compatibility of a %s server certificate type that was received from the client.\n",
+ session,
+ gnutls_certificate_type_get_name(cert_type));
// Check for support of this cert type
- if (_gnutls_session_is_cert_type_supported(session, cert_type, true, GNUTLS_CTYPE_SERVER) == 0) {
+ if (_gnutls_session_is_cert_type_supported
+ (session, cert_type, true,
+ GNUTLS_CTYPE_SERVER) == 0) {
found = true;
break;
}
@@ -181,7 +187,8 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
// We found a matching ctype, we pick this one
if (found) {
- _gnutls_session_server_cert_type_set(session, cert_type);
+ _gnutls_session_server_cert_type_set(session,
+ cert_type);
ret = GNUTLS_E_SUCCESS;
} else {
/* If no supported certificate type can be found we terminate
@@ -196,23 +203,23 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
}
static int _gnutls_server_cert_type_send_params(gnutls_session_t session,
- gnutls_buffer_st* data)
+ gnutls_buffer_st * data)
{
int ret;
- uint8_t cert_type_IANA; // Holds an IANA cert type ID
+ uint8_t cert_type_IANA; // Holds an IANA cert type ID
gnutls_certificate_type_t cert_type;
/* Only activate this extension if we have cert credentials set
* and alternative cert types are allowed */
if (!are_alternative_cert_types_allowed(session) ||
- (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL))
+ (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL))
return 0;
if (!IS_SERVER(session)) { // Client mode
- uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported (IANA) cert types. Inv: 0 <= cert type Id < 256
+ uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported (IANA) cert types. Inv: 0 <= cert type Id < 256
size_t i, num_cert_types = 0;
- priority_st* cert_priorities;
- gnutls_datum_t tmp_cert_types; // For type conversion
+ priority_st *cert_priorities;
+ gnutls_datum_t tmp_cert_types; // For type conversion
// For brevity
cert_priorities = &session->internals.priorities->server_ctype;
@@ -230,12 +237,14 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session,
* types.
*/
if (cert_priorities->num_priorities == 1 &&
- cert_priorities->priorities[0] == DEFAULT_CERT_TYPE) {
+ cert_priorities->priorities[0] ==
+ DEFAULT_CERT_TYPE) {
_gnutls_handshake_log
- ("EXT[%p]: Server certificate type was set to default cert type (%s). "
- "We therefore do not send this extension.\n",
- session,
- gnutls_certificate_type_get_name(DEFAULT_CERT_TYPE));
+ ("EXT[%p]: Server certificate type was set to default cert type (%s). "
+ "We therefore do not send this extension.\n",
+ session,
+ gnutls_certificate_type_get_name
+ (DEFAULT_CERT_TYPE));
// Explicitly set but default ctype, so don't send anything
return 0;
@@ -254,14 +263,17 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session,
cert_type = cert_priorities->priorities[i];
- if (_gnutls_session_is_cert_type_supported(session, cert_type,
- false, GNUTLS_CTYPE_SERVER) == 0) {
+ if (_gnutls_session_is_cert_type_supported
+ (session, cert_type, false,
+ GNUTLS_CTYPE_SERVER) == 0) {
/* Check whether we are allowed to store another cert type
* in our buffer. In other words, prevent a possible buffer
* overflow. This situation can occur when a user sets
* duplicate cert types in the priority strings. */
if (num_cert_types >= GNUTLS_CRT_MAX)
- return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_SHORT_MEMORY_BUFFER);
// Convert to IANA representation
ret = cert_type2IANA(cert_type);
@@ -269,17 +281,18 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val(ret);
- cert_type_IANA = ret; // For readability
+ cert_type_IANA = ret; // For readability
// Add this cert type to our list with supported types
- cert_types[num_cert_types] = cert_type_IANA;
+ cert_types[num_cert_types] =
+ cert_type_IANA;
num_cert_types++;
_gnutls_handshake_log
- ("EXT[%p]: Server certificate type %s (%d) was queued.\n",
- session,
- gnutls_certificate_type_get_name(cert_type),
- cert_type_IANA);
+ ("EXT[%p]: Server certificate type %s (%d) was queued.\n",
+ session,
+ gnutls_certificate_type_get_name
+ (cert_type), cert_type_IANA);
}
}
@@ -290,18 +303,20 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session,
*/
if (num_cert_types == 0) { // For now, this should not occur since we only check priorities while pruning.
_gnutls_handshake_log
- ("EXT[%p]: Server certificate types were set but none of them is supported. "
- "We do not send this extension.\n",
- session);
+ ("EXT[%p]: Server certificate types were set but none of them is supported. "
+ "We do not send this extension.\n",
+ session);
return 0;
} else if (num_cert_types == 1 &&
- IANA2cert_type(cert_types[0]) == DEFAULT_CERT_TYPE) {
+ IANA2cert_type(cert_types[0]) ==
+ DEFAULT_CERT_TYPE) {
_gnutls_handshake_log
- ("EXT[%p]: The only supported server certificate type is (%s) which is the default. "
- "We therefore do not send this extension.\n",
- session,
- gnutls_certificate_type_get_name(DEFAULT_CERT_TYPE));
+ ("EXT[%p]: The only supported server certificate type is (%s) which is the default. "
+ "We therefore do not send this extension.\n",
+ session,
+ gnutls_certificate_type_get_name
+ (DEFAULT_CERT_TYPE));
return 0;
}
@@ -314,8 +329,8 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session,
tmp_cert_types.size = num_cert_types;
_gnutls_hello_ext_set_datum(session,
- GNUTLS_EXTENSION_SERVER_CERT_TYPE,
- &tmp_cert_types);
+ GNUTLS_EXTENSION_SERVER_CERT_TYPE,
+ &tmp_cert_types);
/* Serialize the certificate types into a sequence of octets
* uint8: length of sequence of cert types (1 octet)
@@ -333,7 +348,7 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session,
return num_cert_types + 1;
}
}
- } else { // Server mode
+ } else { // Server mode
// Retrieve negotiated server certificate type and send it
cert_type = get_certificate_type(session, GNUTLS_CTYPE_SERVER);
ret = cert_type2IANA(cert_type);
@@ -341,10 +356,11 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val(ret);
- cert_type_IANA = ret; // For readability
+ cert_type_IANA = ret; // For readability
- _gnutls_handshake_log("EXT[%p]: Confirming to use a %s server certificate type.\n",
- session, gnutls_certificate_type_get_name(cert_type));
+ _gnutls_handshake_log
+ ("EXT[%p]: Confirming to use a %s server certificate type.\n",
+ session, gnutls_certificate_type_get_name(cert_type));
ret = gnutls_buffer_append_data(data, &cert_type_IANA, 1);
@@ -358,7 +374,6 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session,
return 0;
}
-
/** Extension interface **/
/* The interface is defined in state.c:
View Lorry Controller Status