summaryrefslogtreecommitdiff
path: root/lib/privkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/privkey.c')
-rw-r--r--lib/privkey.c237
1 files changed, 135 insertions, 102 deletions
diff --git a/lib/privkey.c b/lib/privkey.c
index b94db068a8..7a5a38a58d 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -41,7 +41,7 @@
static int
privkey_sign_prehashed(gnutls_privkey_t signer,
- const gnutls_sign_entry_st *se,
+ const gnutls_sign_entry_st * se,
const gnutls_datum_t * hash_data,
gnutls_datum_t * signature,
gnutls_x509_spki_st * params);
@@ -79,11 +79,14 @@ gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key)
*
* Since: 3.5.0
**/
-int gnutls_privkey_get_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t *digest, void *seed, size_t *seed_size)
+int gnutls_privkey_get_seed(gnutls_privkey_t key,
+ gnutls_digest_algorithm_t * digest, void *seed,
+ size_t *seed_size)
{
if (key->type != GNUTLS_PRIVKEY_X509)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return gnutls_x509_privkey_get_seed(key->key.x509, digest, seed, seed_size);
+ return gnutls_x509_privkey_get_seed(key->key.x509, digest, seed,
+ seed_size);
}
/**
@@ -101,11 +104,14 @@ int gnutls_privkey_get_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t *dig
*
* Since: 3.5.0
**/
-int gnutls_privkey_verify_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t digest, const void *seed, size_t seed_size)
+int gnutls_privkey_verify_seed(gnutls_privkey_t key,
+ gnutls_digest_algorithm_t digest,
+ const void *seed, size_t seed_size)
{
if (key->type != GNUTLS_PRIVKEY_X509)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return gnutls_x509_privkey_verify_seed(key->key.x509, digest, seed, seed_size);
+ return gnutls_x509_privkey_verify_seed(key->key.x509, digest, seed,
+ seed_size);
}
/**
@@ -209,7 +215,9 @@ privkey_to_pubkey(gnutls_pk_algorithm_t pk,
case GNUTLS_PK_EDDSA_ED448:
case GNUTLS_PK_ECDH_X25519:
case GNUTLS_PK_ECDH_X448:
- ret = _gnutls_set_datum(&pub->raw_pub, priv->raw_pub.data, priv->raw_pub.size);
+ ret =
+ _gnutls_set_datum(&pub->raw_pub, priv->raw_pub.data,
+ priv->raw_pub.size);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -242,8 +250,7 @@ privkey_to_pubkey(gnutls_pk_algorithm_t pk,
/* Returns the public key of the private key (if possible)
*/
-int
-_gnutls_privkey_get_mpis(gnutls_privkey_t key, gnutls_pk_params_st * params)
+int _gnutls_privkey_get_mpis(gnutls_privkey_t key, gnutls_pk_params_st * params)
{
int ret;
@@ -252,17 +259,19 @@ _gnutls_privkey_get_mpis(gnutls_privkey_t key, gnutls_pk_params_st * params)
ret = _gnutls_pk_params_copy(params, &key->key.x509->params);
break;
#ifdef ENABLE_PKCS11
- case GNUTLS_PRIVKEY_PKCS11: {
- gnutls_pubkey_t pubkey;
+ case GNUTLS_PRIVKEY_PKCS11:{
+ gnutls_pubkey_t pubkey;
- ret = _pkcs11_privkey_get_pubkey(key->key.pkcs11, &pubkey, 0);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret =
+ _pkcs11_privkey_get_pubkey(key->key.pkcs11, &pubkey,
+ 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_pubkey_get_mpis(pubkey, params);
- gnutls_pubkey_deinit(pubkey);
+ ret = _gnutls_pubkey_get_mpis(pubkey, params);
+ gnutls_pubkey_deinit(pubkey);
- break;
+ break;
}
#endif
default:
@@ -338,10 +347,9 @@ _gnutls_privkey_get_spki_params(gnutls_privkey_t key,
*/
int
_gnutls_privkey_update_spki_params(gnutls_privkey_t key,
- gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t dig,
- unsigned flags,
- gnutls_x509_spki_st *params)
+ gnutls_pk_algorithm_t pk,
+ gnutls_digest_algorithm_t dig,
+ unsigned flags, gnutls_x509_spki_st * params)
{
unsigned salt_size = 0;
unsigned bits = 0;
@@ -355,7 +363,7 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key,
key_pk = gnutls_privkey_get_pk_algorithm(key, &bits);
if ((key_pk != pk) &&
- !(key_pk == GNUTLS_PK_RSA && pk == GNUTLS_PK_RSA_PSS)) {
+ !(key_pk == GNUTLS_PK_RSA && pk == GNUTLS_PK_RSA_PSS)) {
gnutls_assert();
return GNUTLS_E_CONSTRAINT_ERROR;
}
@@ -371,8 +379,11 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key,
if (params->pk == GNUTLS_PK_RSA)
salt_size = 0;
else if (params->pk == GNUTLS_PK_RSA_PSS) {
- if (params->rsa_pss_dig != GNUTLS_DIG_UNKNOWN && dig != params->rsa_pss_dig) {
- return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR);
+ if (params->rsa_pss_dig != GNUTLS_DIG_UNKNOWN
+ && dig != params->rsa_pss_dig) {
+ return
+ gnutls_assert_val
+ (GNUTLS_E_CONSTRAINT_ERROR);
}
salt_size = params->salt_size;
@@ -381,12 +392,16 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key,
if (flags & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE)
params->salt_size = 0;
else {
- ret = _gnutls_find_rsa_pss_salt_size(bits, me, salt_size);
+ ret =
+ _gnutls_find_rsa_pss_salt_size(bits, me, salt_size);
if (ret < 0)
return gnutls_assert_val(ret);
- if (flags & GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH &&
- (size_t)ret != _gnutls_hash_get_algo_len(me)) {
- return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR);
+ if (flags &
+ GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH
+ && (size_t)ret != _gnutls_hash_get_algo_len(me)) {
+ return
+ gnutls_assert_val
+ (GNUTLS_E_CONSTRAINT_ERROR);
}
params->salt_size = ret;
}
@@ -535,7 +550,7 @@ gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
return 0;
}
-#if 0
+# if 0
/**
* gnutls_privkey_import_pkcs11_url:
* @key: A key of type #gnutls_pubkey_t
@@ -554,10 +569,11 @@ int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url)
{
int x;
}
-#endif
+# endif
static
-int _gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url, unsigned flags)
+int _gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url,
+ unsigned flags)
{
gnutls_pkcs11_privkey_t pkey;
int ret;
@@ -611,7 +627,7 @@ int _gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url, uns
*/
int
gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey,
- gnutls_pkcs11_privkey_t *key)
+ gnutls_pkcs11_privkey_t * key)
{
int ret;
@@ -777,8 +793,7 @@ gnutls_privkey_import_ext3(gnutls_privkey_t pkey,
gnutls_privkey_sign_func sign_fn,
gnutls_privkey_decrypt_func decrypt_fn,
gnutls_privkey_deinit_func deinit_fn,
- gnutls_privkey_info_func info_fn,
- unsigned int flags)
+ gnutls_privkey_info_func info_fn, unsigned int flags)
{
int ret;
@@ -802,7 +817,9 @@ gnutls_privkey_import_ext3(gnutls_privkey_t pkey,
pkey->type = GNUTLS_PRIVKEY_EXT;
pkey->flags = flags;
- pkey->pk_algorithm = pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO, pkey->key.ext.userdata);
+ pkey->pk_algorithm =
+ pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO,
+ pkey->key.ext.userdata);
if (!PK_IS_OK_FOR_EXT2(pkey->pk_algorithm))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
@@ -862,13 +879,12 @@ gnutls_privkey_import_ext3(gnutls_privkey_t pkey,
**/
int
gnutls_privkey_import_ext4(gnutls_privkey_t pkey,
- void *userdata,
- gnutls_privkey_sign_data_func sign_data_fn,
- gnutls_privkey_sign_hash_func sign_hash_fn,
- gnutls_privkey_decrypt_func decrypt_fn,
- gnutls_privkey_deinit_func deinit_fn,
- gnutls_privkey_info_func info_fn,
- unsigned int flags)
+ void *userdata,
+ gnutls_privkey_sign_data_func sign_data_fn,
+ gnutls_privkey_sign_hash_func sign_hash_fn,
+ gnutls_privkey_decrypt_func decrypt_fn,
+ gnutls_privkey_deinit_func deinit_fn,
+ gnutls_privkey_info_func info_fn, unsigned int flags)
{
int ret;
@@ -893,9 +909,13 @@ gnutls_privkey_import_ext4(gnutls_privkey_t pkey,
pkey->type = GNUTLS_PRIVKEY_EXT;
pkey->flags = flags;
- pkey->pk_algorithm = pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO, pkey->key.ext.userdata);
+ pkey->pk_algorithm =
+ pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO,
+ pkey->key.ext.userdata);
- ret = pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS, pkey->key.ext.userdata);
+ ret =
+ pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS,
+ pkey->key.ext.userdata);
if (ret >= 0)
pkey->key.ext.bits = ret;
@@ -974,8 +994,7 @@ gnutls_privkey_import_x509(gnutls_privkey_t pkey,
* Since: 3.4.0
*/
int
-gnutls_privkey_export_x509(gnutls_privkey_t pkey,
- gnutls_x509_privkey_t *key)
+gnutls_privkey_export_x509(gnutls_privkey_t pkey, gnutls_x509_privkey_t * key)
{
int ret;
@@ -1084,7 +1103,8 @@ gnutls_privkey_generate(gnutls_privkey_t pkey,
int
gnutls_privkey_generate2(gnutls_privkey_t pkey,
gnutls_pk_algorithm_t algo, unsigned int bits,
- unsigned int flags, const gnutls_keygen_data_st *data, unsigned data_size)
+ unsigned int flags, const gnutls_keygen_data_st * data,
+ unsigned data_size)
{
int ret;
@@ -1092,7 +1112,9 @@ gnutls_privkey_generate2(gnutls_privkey_t pkey,
if (ret < 0)
return gnutls_assert_val(ret);
- ret = gnutls_x509_privkey_generate2(pkey->key.x509, algo, bits, flags, data, data_size);
+ ret =
+ gnutls_x509_privkey_generate2(pkey->key.x509, algo, bits, flags,
+ data, data_size);
if (ret < 0) {
gnutls_x509_privkey_deinit(pkey->key.x509);
pkey->key.x509 = NULL;
@@ -1147,7 +1169,7 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer,
}
ret = _gnutls_privkey_update_spki_params(signer, signer->pk_algorithm,
- hash, flags, &params);
+ hash, flags, &params);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -1155,7 +1177,10 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer,
FIX_SIGN_PARAMS(params, flags, hash);
- return privkey_sign_and_hash_data(signer, _gnutls_pk_to_sign_entry(params.pk, hash), data, signature, &params);
+ return privkey_sign_and_hash_data(signer,
+ _gnutls_pk_to_sign_entry(params.pk,
+ hash), data,
+ signature, &params);
}
/**
@@ -1201,7 +1226,7 @@ gnutls_privkey_sign_data2(gnutls_privkey_t signer,
}
ret = _gnutls_privkey_update_spki_params(signer, se->pk, se->hash,
- flags, &params);
+ flags, &params);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -1267,7 +1292,7 @@ gnutls_privkey_sign_hash2(gnutls_privkey_t signer,
}
ret = _gnutls_privkey_update_spki_params(signer, se->pk, se->hash,
- flags, &params);
+ flags, &params);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -1288,7 +1313,7 @@ gnutls_privkey_sign_hash2(gnutls_privkey_t signer,
int
privkey_sign_and_hash_data(gnutls_privkey_t signer,
- const gnutls_sign_entry_st *se,
+ const gnutls_sign_entry_st * se,
const gnutls_datum_t * data,
gnutls_datum_t * signature,
gnutls_x509_spki_st * params)
@@ -1301,7 +1326,8 @@ privkey_sign_and_hash_data(gnutls_privkey_t signer,
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if (_gnutls_pk_is_not_prehashed(se->pk)) {
- return privkey_sign_raw_data(signer, se, data, signature, params);
+ return privkey_sign_raw_data(signer, se, data, signature,
+ params);
}
me = hash_to_entry(se->hash);
@@ -1335,7 +1361,6 @@ privkey_sign_and_hash_data(gnutls_privkey_t signer,
return ret;
}
-
/**
* gnutls_privkey_sign_hash:
* @signer: Holds the signer's key
@@ -1382,7 +1407,7 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer,
}
ret = _gnutls_privkey_update_spki_params(signer, signer->pk_algorithm,
- hash_algo, flags, &params);
+ hash_algo, flags, &params);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -1391,11 +1416,13 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer,
/* legacy callers of this API could use a hash algorithm of 0 (unknown)
* to indicate raw hashing. As we now always want to know the signing
* algorithm involved, we try discovering the hash algorithm. */
- if (hash_algo == 0 && (params.pk == GNUTLS_PK_DSA || params.pk == GNUTLS_PK_ECDSA)) {
+ if (hash_algo == 0
+ && (params.pk == GNUTLS_PK_DSA || params.pk == GNUTLS_PK_ECDSA)) {
hash_algo = _gnutls_hash_size_to_sha_hash(hash_data->size);
}
- if (params.pk == GNUTLS_PK_RSA && (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)) {
+ if (params.pk == GNUTLS_PK_RSA
+ && (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)) {
/* the corresponding signature algorithm is SIGN_RSA_RAW,
* irrespective of hash algorithm. */
se = _gnutls_sign_to_entry(GNUTLS_SIGN_RSA_RAW);
@@ -1410,8 +1437,7 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer,
FIX_SIGN_PARAMS(params, flags, hash_algo);
- ret = privkey_sign_prehashed(signer, se,
- hash_data, signature, &params);
+ ret = privkey_sign_prehashed(signer, se, hash_data, signature, &params);
cleanup:
if (ret < 0) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
@@ -1423,10 +1449,9 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer,
static int
privkey_sign_prehashed(gnutls_privkey_t signer,
- const gnutls_sign_entry_st *se,
+ const gnutls_sign_entry_st * se,
const gnutls_datum_t * hash_data,
- gnutls_datum_t * signature,
- gnutls_x509_spki_st * params)
+ gnutls_datum_t * signature, gnutls_x509_spki_st * params)
{
int ret;
gnutls_datum_t digest;
@@ -1436,9 +1461,7 @@ privkey_sign_prehashed(gnutls_privkey_t signer,
if (se->id == GNUTLS_SIGN_RSA_RAW) {
return privkey_sign_raw_data(signer,
- se,
- hash_data, signature,
- params);
+ se, hash_data, signature, params);
}
if (_gnutls_pk_is_not_prehashed(signer->pk_algorithm)) {
@@ -1459,10 +1482,7 @@ privkey_sign_prehashed(gnutls_privkey_t signer,
goto cleanup;
}
- ret = privkey_sign_raw_data(signer,
- se,
- &digest, signature,
- params);
+ ret = privkey_sign_raw_data(signer, se, &digest, signature, params);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -1499,10 +1519,9 @@ privkey_sign_prehashed(gnutls_privkey_t signer,
-*/
int
privkey_sign_raw_data(gnutls_privkey_t key,
- const gnutls_sign_entry_st *se,
+ const gnutls_sign_entry_st * se,
const gnutls_datum_t * data,
- gnutls_datum_t * signature,
- gnutls_x509_spki_st * params)
+ gnutls_datum_t * signature, gnutls_x509_spki_st * params)
{
if (unlikely(se == NULL))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
@@ -1511,25 +1530,25 @@ privkey_sign_raw_data(gnutls_privkey_t key,
#ifdef ENABLE_PKCS11
case GNUTLS_PRIVKEY_PKCS11:
return _gnutls_pkcs11_privkey_sign(key->key.pkcs11, se,
- data, signature,
- params);
+ data, signature, params);
#endif
case GNUTLS_PRIVKEY_X509:
return _gnutls_pk_sign(se->pk, signature, data,
&key->key.x509->params, params);
case GNUTLS_PRIVKEY_EXT:
if (unlikely(key->key.ext.sign_data_func == NULL &&
- key->key.ext.sign_hash_func == NULL &&
- key->key.ext.sign_func == NULL))
+ key->key.ext.sign_hash_func == NULL &&
+ key->key.ext.sign_func == NULL))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if (_gnutls_pk_is_not_prehashed(se->pk)) {
if (!key->key.ext.sign_data_func)
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return
+ gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
return key->key.ext.sign_data_func(key, se->id,
- key->key.ext.userdata,
- 0,
+ key->key.
+ ext.userdata, 0,
data, signature);
} else if (key->key.ext.sign_hash_func) {
if (se->pk == GNUTLS_PK_RSA) {
@@ -1539,14 +1558,16 @@ privkey_sign_raw_data(gnutls_privkey_t key,
/* se may not be set here if we are doing legacy RSA */
return key->key.ext.sign_hash_func(key, se->id,
- key->key.ext.userdata,
- 0,
+ key->key.
+ ext.userdata, 0,
data, signature);
} else {
if (!PK_IS_OK_FOR_EXT2(se->pk))
- return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ return
+ gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- return key->key.ext.sign_func(key, key->key.ext.userdata,
+ return key->key.ext.sign_func(key,
+ key->key.ext.userdata,
data, signature);
}
default:
@@ -1622,8 +1643,7 @@ int
gnutls_privkey_decrypt_data2(gnutls_privkey_t key,
unsigned int flags,
const gnutls_datum_t * ciphertext,
- unsigned char * plaintext,
- size_t plaintext_size)
+ unsigned char *plaintext, size_t plaintext_size)
{
/* Note: except for the backwards compatibility function, no
* conditional code should be called after the decryption
@@ -1638,8 +1658,7 @@ gnutls_privkey_decrypt_data2(gnutls_privkey_t key,
int ret;
ret = key->key.ext.decrypt_func(key,
key->key.ext.userdata,
- ciphertext,
- &plain);
+ ciphertext, &plain);
if (plain.size != plaintext_size) {
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
} else {
@@ -1767,10 +1786,14 @@ gnutls_privkey_import_url(gnutls_privkey_t key, const char *url,
unsigned i;
int ret;
- for (i=0;i<_gnutls_custom_urls_size;i++) {
- if (strncmp(url, _gnutls_custom_urls[i].name, _gnutls_custom_urls[i].name_size) == 0) {
+ for (i = 0; i < _gnutls_custom_urls_size; i++) {
+ if (strncmp
+ (url, _gnutls_custom_urls[i].name,
+ _gnutls_custom_urls[i].name_size) == 0) {
if (_gnutls_custom_urls[i].import_key) {
- ret = _gnutls_custom_urls[i].import_key(key, url, flags);
+ ret =
+ _gnutls_custom_urls[i].import_key(key, url,
+ flags);
goto cleanup;
}
break;
@@ -1840,8 +1863,7 @@ void gnutls_privkey_set_pin_function(gnutls_privkey_t key,
* Since: 3.5.0
*
**/
-void gnutls_privkey_set_flags(gnutls_privkey_t key,
- unsigned int flags)
+void gnutls_privkey_set_flags(gnutls_privkey_t key, unsigned int flags)
{
key->flags |= flags;
if (key->type == GNUTLS_PRIVKEY_X509)
@@ -1924,7 +1946,8 @@ int gnutls_privkey_verify_params(gnutls_privkey_t key)
* Since: 3.6.0
**/
int
-gnutls_privkey_get_spki(gnutls_privkey_t privkey, gnutls_x509_spki_t spki, unsigned int flags)
+gnutls_privkey_get_spki(gnutls_privkey_t privkey, gnutls_x509_spki_t spki,
+ unsigned int flags)
{
gnutls_x509_spki_t p = &privkey->key.x509->params.spki;
@@ -1956,7 +1979,8 @@ gnutls_privkey_get_spki(gnutls_privkey_t privkey, gnutls_x509_spki_t spki, unsig
* Since: 3.6.0
**/
int
-gnutls_privkey_set_spki(gnutls_privkey_t privkey, const gnutls_x509_spki_t spki, unsigned int flags)
+gnutls_privkey_set_spki(gnutls_privkey_t privkey, const gnutls_x509_spki_t spki,
+ unsigned int flags)
{
if (privkey == NULL || privkey->type != GNUTLS_PRIVKEY_X509) {
gnutls_assert();
@@ -1987,10 +2011,12 @@ unsigned _gnutls_privkey_compatible_with_sig(gnutls_privkey_t privkey,
* negotiating RSA-PSS sig.
*/
- if (se->pk != privkey->pk_algorithm) { /* if the PK algorithm of the signature differs to the one on the pubkey */
+ if (se->pk != privkey->pk_algorithm) { /* if the PK algorithm of the signature differs to the one on the pubkey */
if (!sign_supports_priv_pk_algorithm(se, privkey->pk_algorithm)) {
- _gnutls_handshake_log("cannot use privkey of %s with %s\n",
- gnutls_pk_get_name(privkey->pk_algorithm), se->name);
+ _gnutls_handshake_log
+ ("cannot use privkey of %s with %s\n",
+ gnutls_pk_get_name(privkey->pk_algorithm),
+ se->name);
return 0;
}
}
@@ -2000,14 +2026,20 @@ unsigned _gnutls_privkey_compatible_with_sig(gnutls_privkey_t privkey,
int ret;
ret = privkey->key.ext.info_func(privkey,
- GNUTLS_SIGN_ALGO_TO_FLAGS(sign)|GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO,
- privkey->key.ext.userdata);
+ GNUTLS_SIGN_ALGO_TO_FLAGS
+ (sign) |
+ GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO,
+ privkey->key.
+ ext.userdata);
if (ret != -1)
return ret;
/* use the old flag */
- ret = privkey->key.ext.info_func(privkey, GNUTLS_PRIVKEY_INFO_SIGN_ALGO,
- privkey->key.ext.userdata);
+ ret =
+ privkey->key.ext.info_func(privkey,
+ GNUTLS_PRIVKEY_INFO_SIGN_ALGO,
+ privkey->key.
+ ext.userdata);
if (ret == (int)sign)
return 1;
}
@@ -2018,7 +2050,8 @@ unsigned _gnutls_privkey_compatible_with_sig(gnutls_privkey_t privkey,
}
#ifdef ENABLE_PKCS11
else if (privkey->type == GNUTLS_PRIVKEY_PKCS11) {
- if (privkey->pk_algorithm == GNUTLS_PK_RSA && se->pk == GNUTLS_PK_RSA_PSS) {
+ if (privkey->pk_algorithm == GNUTLS_PK_RSA
+ && se->pk == GNUTLS_PK_RSA_PSS) {
if (!privkey->key.pkcs11->rsa_pss_ok)
return 0;
}
View Lorry Controller Status