1 files changed, 36 insertions, 27 deletions

diff --git a/lib/pkcs11x.c b/lib/pkcs11x.c
index dfaee58a39..01aac1ddd4 100644
--- a/lib/pkcs11x.c
+++ b/lib/pkcs11x.c
@@ -40,7 +40,7 @@ struct find_ext_data_st {
 	unsigned int exts_size;
 };
 
-static int override_ext(gnutls_x509_crt_t crt, gnutls_datum_t *ext)
+static int override_ext(gnutls_x509_crt_t crt, gnutls_datum_t * ext)
 {
 	gnutls_x509_ext_st parsed;
 	int ret;
@@ -50,12 +50,14 @@ static int override_ext(gnutls_x509_crt_t crt, gnutls_datum_t *ext)
 		return gnutls_assert_val(ret);
 
 	/* set the new extension */
-	ret = _gnutls_x509_crt_set_extension(crt, parsed.oid, &parsed.data, parsed.critical);
+	ret =
+	    _gnutls_x509_crt_set_extension(crt, parsed.oid, &parsed.data,
+					   parsed.critical);
 	if (ret < 0) {
 		gnutls_assert();
 		goto cleanup;
 	}
-	
+
 	ret = 0;
  cleanup:
 	gnutls_x509_ext_deinit(&parsed);
@@ -65,10 +67,11 @@ static int override_ext(gnutls_x509_crt_t crt, gnutls_datum_t *ext)
 /* This function re-encodes a certificate to contain its stapled extensions.
  * That assumes that the certificate is not in the distrusted list.
  */
-int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t *spki, gnutls_datum_t *der)
+int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo,
+			      gnutls_datum_t * spki, gnutls_datum_t * der)
 {
 	int ret;
-	gnutls_datum_t new_der = {NULL, 0};
+	gnutls_datum_t new_der = { NULL, 0 };
 	struct ck_attribute a[2];
 	struct ck_attribute b[1];
 	unsigned long count;
@@ -81,7 +84,8 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t
 	ck_object_handle_t obj;
 
 	if (sinfo->trusted == 0) {
-		_gnutls_debug_log("p11: cannot override extensions on a non-p11-kit trust module\n");
+		_gnutls_debug_log
+		    ("p11: cannot override extensions on a non-p11-kit trust module\n");
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 	}
 
@@ -134,7 +138,8 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t
 
 			if (pkcs11_get_attribute_value
 			    (sinfo->module, sinfo->pks, obj, b, 1) == CKR_OK) {
-				gnutls_datum_t data = { b[0].value, b[0].value_len };
+				gnutls_datum_t data =
+				    { b[0].value, b[0].value_len };
 
 				ret = override_ext(crt, &data);
 				if (ret < 0) {
@@ -142,10 +147,13 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t
 					goto cleanup;
 				}
 			}
-		} while (pkcs11_find_objects(sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1);
+		} while (pkcs11_find_objects
+			 (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK
+			 && count == 1);
 
 		/* overwrite the old certificate with the new */
-		ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &new_der);
+		ret =
+		    gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &new_der);
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
@@ -169,8 +177,7 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t
 
 static int
 find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
-	    struct ck_token_info *tinfo, struct ck_info *lib_info,
-	    void *input)
+	    struct ck_token_info *tinfo, struct ck_info *lib_info, void *input)
 {
 	struct find_ext_data_st *find_data = input;
 	struct ck_attribute a[4];
@@ -188,10 +195,8 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
 
 	/* do not bother reading the token if basic fields do not match
 	 */
-	if (!p11_kit_uri_match_token_info
-	    (find_data->obj->info, tinfo)
-	    || !p11_kit_uri_match_module_info(find_data->obj->info,
-					      lib_info)) {
+	if (!p11_kit_uri_match_token_info(find_data->obj->info, tinfo)
+	    || !p11_kit_uri_match_module_info(find_data->obj->info, lib_info)) {
 		gnutls_assert();
 		return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
 	}
@@ -214,8 +219,10 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
 		return pkcs11_rv_to_err(rv);
 	}
 
-	while(pkcs11_find_objects(sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1) {
-		rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, obj, CKA_VALUE, &ext);
+	while (pkcs11_find_objects(sinfo->module, sinfo->pks, &obj, 1, &count)
+	       == CKR_OK && count == 1) {
+		rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, obj,
+						 CKA_VALUE, &ext);
 		if (rv == CKR_OK) {
 
 			if (unlikely(INT_ADD_OVERFLOW(find_data->exts_size, 1))) {
@@ -224,15 +231,18 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
 			}
 
 			find_data->exts =
-				_gnutls_reallocarray_fast(find_data->exts,
-							  find_data->exts_size + 1,
-							  sizeof(find_data->exts[0]));
+			    _gnutls_reallocarray_fast(find_data->exts,
+						      find_data->exts_size + 1,
+						      sizeof(find_data->exts
+							     [0]));
 			if (find_data->exts == NULL) {
 				ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 				goto cleanup;
 			}
 
-			if (_gnutls_x509_decode_ext(&ext, &find_data->exts[find_data->exts_size]) == 0) {
+			if (_gnutls_x509_decode_ext
+			    (&ext,
+			     &find_data->exts[find_data->exts_size]) == 0) {
 				find_data->exts_size++;
 			}
 			gnutls_free(ext.data);
@@ -265,11 +275,11 @@ find_ext_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
  **/
 int
 gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj,
-			   gnutls_x509_ext_st **exts, unsigned int *exts_size,
+			   gnutls_x509_ext_st ** exts, unsigned int *exts_size,
 			   unsigned int flags)
 {
 	int ret;
-	gnutls_datum_t spki = {NULL, 0};
+	gnutls_datum_t spki = { NULL, 0 };
 	struct find_ext_data_st find_data;
 	unsigned deinit_spki = 0;
 
@@ -278,7 +288,8 @@ gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj,
 
 	*exts_size = 0;
 
-	if (obj->type != GNUTLS_PKCS11_OBJ_X509_CRT && obj->type != GNUTLS_PKCS11_OBJ_PUBKEY)
+	if (obj->type != GNUTLS_PKCS11_OBJ_X509_CRT
+	    && obj->type != GNUTLS_PKCS11_OBJ_PUBKEY)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
 	if (obj->type == GNUTLS_PKCS11_OBJ_PUBKEY) {
@@ -296,8 +307,7 @@ gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj,
 	find_data.obj = obj;
 	ret =
 	    _pkcs11_traverse_tokens(find_ext_cb, &find_data, obj->info,
-				    &obj->pin,
-				    pkcs11_obj_flags_to_int(flags));
+				    &obj->pin, pkcs11_obj_flags_to_int(flags));
 	if (ret < 0) {
 		gnutls_assert();
 		goto cleanup;
@@ -312,4 +322,3 @@ gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj,
 		gnutls_free(spki.data);
 	return ret;
 }
-