diff options
Diffstat (limited to 'lib/pkcs11x.c')
-rw-r--r-- | lib/pkcs11x.c | 63 |
1 files changed, 36 insertions, 27 deletions
diff --git a/lib/pkcs11x.c b/lib/pkcs11x.c index dfaee58a39..01aac1ddd4 100644 --- a/lib/pkcs11x.c +++ b/lib/pkcs11x.c @@ -40,7 +40,7 @@ struct find_ext_data_st { unsigned int exts_size; }; -static int override_ext(gnutls_x509_crt_t crt, gnutls_datum_t *ext) +static int override_ext(gnutls_x509_crt_t crt, gnutls_datum_t * ext) { gnutls_x509_ext_st parsed; int ret; @@ -50,12 +50,14 @@ static int override_ext(gnutls_x509_crt_t crt, gnutls_datum_t *ext) return gnutls_assert_val(ret); /* set the new extension */ - ret = _gnutls_x509_crt_set_extension(crt, parsed.oid, &parsed.data, parsed.critical); + ret = + _gnutls_x509_crt_set_extension(crt, parsed.oid, &parsed.data, + parsed.critical); if (ret < 0) { gnutls_assert(); goto cleanup; } - + ret = 0; cleanup: gnutls_x509_ext_deinit(&parsed); @@ -65,10 +67,11 @@ static int override_ext(gnutls_x509_crt_t crt, gnutls_datum_t *ext) /* This function re-encodes a certificate to contain its stapled extensions. * That assumes that the certificate is not in the distrusted list. */ -int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t *spki, gnutls_datum_t *der) +int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, + gnutls_datum_t * spki, gnutls_datum_t * der) { int ret; - gnutls_datum_t new_der = {NULL, 0}; + gnutls_datum_t new_der = { NULL, 0 }; struct ck_attribute a[2]; struct ck_attribute b[1]; unsigned long count; @@ -81,7 +84,8 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t ck_object_handle_t obj; if (sinfo->trusted == 0) { - _gnutls_debug_log("p11: cannot override extensions on a non-p11-kit trust module\n"); + _gnutls_debug_log + ("p11: cannot override extensions on a non-p11-kit trust module\n"); return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } @@ -134,7 +138,8 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, b, 1) == CKR_OK) { - gnutls_datum_t data = { b[0].value, b[0].value_len }; + gnutls_datum_t data = + { b[0].value, b[0].value_len }; ret = override_ext(crt, &data); if (ret < 0) { @@ -142,10 +147,13 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t goto cleanup; } } - } while (pkcs11_find_objects(sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1); + } while (pkcs11_find_objects + (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK + && count == 1); /* overwrite the old certificate with the new */ - ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &new_der); + ret = + gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &new_der); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -169,8 +177,7 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t static int find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, - struct ck_token_info *tinfo, struct ck_info *lib_info, - void *input) + struct ck_token_info *tinfo, struct ck_info *lib_info, void *input) { struct find_ext_data_st *find_data = input; struct ck_attribute a[4]; @@ -188,10 +195,8 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, /* do not bother reading the token if basic fields do not match */ - if (!p11_kit_uri_match_token_info - (find_data->obj->info, tinfo) - || !p11_kit_uri_match_module_info(find_data->obj->info, - lib_info)) { + if (!p11_kit_uri_match_token_info(find_data->obj->info, tinfo) + || !p11_kit_uri_match_module_info(find_data->obj->info, lib_info)) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -214,8 +219,10 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, return pkcs11_rv_to_err(rv); } - while(pkcs11_find_objects(sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1) { - rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, obj, CKA_VALUE, &ext); + while (pkcs11_find_objects(sinfo->module, sinfo->pks, &obj, 1, &count) + == CKR_OK && count == 1) { + rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, obj, + CKA_VALUE, &ext); if (rv == CKR_OK) { if (unlikely(INT_ADD_OVERFLOW(find_data->exts_size, 1))) { @@ -224,15 +231,18 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, } find_data->exts = - _gnutls_reallocarray_fast(find_data->exts, - find_data->exts_size + 1, - sizeof(find_data->exts[0])); + _gnutls_reallocarray_fast(find_data->exts, + find_data->exts_size + 1, + sizeof(find_data->exts + [0])); if (find_data->exts == NULL) { ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); goto cleanup; } - if (_gnutls_x509_decode_ext(&ext, &find_data->exts[find_data->exts_size]) == 0) { + if (_gnutls_x509_decode_ext + (&ext, + &find_data->exts[find_data->exts_size]) == 0) { find_data->exts_size++; } gnutls_free(ext.data); @@ -265,11 +275,11 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, **/ int gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj, - gnutls_x509_ext_st **exts, unsigned int *exts_size, + gnutls_x509_ext_st ** exts, unsigned int *exts_size, unsigned int flags) { int ret; - gnutls_datum_t spki = {NULL, 0}; + gnutls_datum_t spki = { NULL, 0 }; struct find_ext_data_st find_data; unsigned deinit_spki = 0; @@ -278,7 +288,8 @@ gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj, *exts_size = 0; - if (obj->type != GNUTLS_PKCS11_OBJ_X509_CRT && obj->type != GNUTLS_PKCS11_OBJ_PUBKEY) + if (obj->type != GNUTLS_PKCS11_OBJ_X509_CRT + && obj->type != GNUTLS_PKCS11_OBJ_PUBKEY) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (obj->type == GNUTLS_PKCS11_OBJ_PUBKEY) { @@ -296,8 +307,7 @@ gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj, find_data.obj = obj; ret = _pkcs11_traverse_tokens(find_ext_cb, &find_data, obj->info, - &obj->pin, - pkcs11_obj_flags_to_int(flags)); + &obj->pin, pkcs11_obj_flags_to_int(flags)); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -312,4 +322,3 @@ gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj, gnutls_free(spki.data); return ret; } - |