diff options
Diffstat (limited to 'lib/x509/verify-high2.c')
| -rw-r--r-- | lib/x509/verify-high2.c | 129 |
1 files changed, 74 insertions, 55 deletions
diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index e69b1567c4..7391fa273c 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -97,7 +97,9 @@ gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list, ret = gnutls_x509_trust_list_add_cas(list, x509_ca_list, - x509_ncas, tl_flags|GNUTLS_TL_NO_DUPLICATES); + x509_ncas, + tl_flags | + GNUTLS_TL_NO_DUPLICATES); gnutls_free(x509_ca_list); if (ret < 0) @@ -109,14 +111,15 @@ gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list, if (crls != NULL && crls->data != NULL) { ret = gnutls_x509_crl_list_import2(&x509_crl_list, - &x509_ncrls, crls, type, - 0); + &x509_ncrls, crls, type, 0); if (ret < 0) return gnutls_assert_val(ret); ret = gnutls_x509_trust_list_add_crls(list, x509_crl_list, - x509_ncrls, tl_flags|GNUTLS_TL_NO_DUPLICATES, + x509_ncrls, + tl_flags | + GNUTLS_TL_NO_DUPLICATES, tl_vflags); gnutls_free(x509_crl_list); @@ -193,7 +196,8 @@ int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file) * trusted PKCS#11 token. */ static -int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url, unsigned flags) +int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, + const char *url, unsigned flags) { gnutls_x509_crt_t *xcrt_list = NULL; gnutls_pkcs11_obj_t *pcrt_list = NULL; @@ -206,7 +210,8 @@ int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, const char * ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, url, - GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, + GNUTLS_PKCS11_OBJ_FLAG_CRT | + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, 0); if (ret < 0) return gnutls_assert_val(ret); @@ -255,7 +260,8 @@ int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url) ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, url, - GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, + GNUTLS_PKCS11_OBJ_FLAG_CRT | + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, 0); if (ret < 0) return gnutls_assert_val(ret); @@ -296,7 +302,6 @@ int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url) } #endif - /** * gnutls_x509_trust_list_add_trust_file: * @list: The list @@ -339,18 +344,31 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, * otherwise import the individual certificates. */ if (is_pkcs11_url_object(ca_file) != 0) { - return add_trust_list_pkcs11_object_url(list, ca_file, tl_flags); - } else { /* trusted token */ + return add_trust_list_pkcs11_object_url(list, + ca_file, + tl_flags); + } else { /* trusted token */ if (list->pkcs11_token != NULL) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return + gnutls_assert_val + (GNUTLS_E_INVALID_REQUEST); list->pkcs11_token = gnutls_strdup(ca_file); /* enumerate the certificates */ - ret = gnutls_pkcs11_obj_list_import_url(NULL, &pcrt_list_size, - ca_file, - (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED), - 0); - if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + ret = + gnutls_pkcs11_obj_list_import_url(NULL, + &pcrt_list_size, + ca_file, + (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE + | + GNUTLS_PKCS11_OBJ_FLAG_CRT + | + GNUTLS_PKCS11_OBJ_FLAG_MARK_CA + | + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED), + 0); + if (ret < 0 + && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) return gnutls_assert_val(ret); return pcrt_list_size; @@ -358,7 +376,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, } else #endif { - cas.data = (void *) read_file(ca_file, RF_BINARY, &size); + cas.data = (void *)read_file(ca_file, RF_BINARY, &size); if (cas.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; @@ -368,7 +386,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, } if (crl_file) { - crls.data = (void *) read_file(crl_file, RF_BINARY, &size); + crls.data = (void *)read_file(crl_file, RF_BINARY, &size); if (crls.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; @@ -387,9 +405,9 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, static int load_dir_certs(const char *dirname, - gnutls_x509_trust_list_t list, - unsigned int tl_flags, unsigned int tl_vflags, - unsigned type, unsigned crl) + gnutls_x509_trust_list_t list, + unsigned int tl_flags, unsigned int tl_vflags, + unsigned type, unsigned crl) { int ret; int r = 0; @@ -410,7 +428,7 @@ int load_dir_certs(const char *dirname, base_len = pathbuf.len; while ((d = readdir(dirp)) != NULL) { -#ifdef _DIRENT_HAVE_D_TYPE +# ifdef _DIRENT_HAVE_D_TYPE switch (d->d_type) { case DT_REG: case DT_LNK: @@ -419,19 +437,19 @@ int load_dir_certs(const char *dirname, default: continue; } -#endif +# endif ret = _gnutls_pathbuf_append(&pathbuf, d->d_name); if (ret < 0) { continue; } if (crl != 0) { ret = gnutls_x509_trust_list_add_trust_file - (list, NULL, pathbuf.ptr, type, tl_flags, - tl_vflags); + (list, NULL, pathbuf.ptr, type, tl_flags, + tl_vflags); } else { ret = gnutls_x509_trust_list_add_trust_file - (list, pathbuf.ptr, NULL, type, tl_flags, - tl_vflags); + (list, pathbuf.ptr, NULL, type, tl_flags, + tl_vflags); } if (ret >= 0) { r += ret; @@ -441,24 +459,25 @@ int load_dir_certs(const char *dirname, _gnutls_pathbuf_deinit(&pathbuf); closedir(dirp); } -#else /* _WIN32 */ +#else /* _WIN32 */ _TDIR *dirp; struct _tdirent *d; - gnutls_datum_t utf16 = {NULL, 0}; + gnutls_datum_t utf16 = { NULL, 0 }; -#undef UCS2_ENDIAN -#ifdef WORDS_BIGENDIAN -#define UCS2_ENDIAN 1 -#else -#define UCS2_ENDIAN 0 -#endif +# undef UCS2_ENDIAN +# ifdef WORDS_BIGENDIAN +# define UCS2_ENDIAN 1 +# else +# define UCS2_ENDIAN 0 +# endif - ret = _gnutls_utf8_to_ucs2(dirname, strlen(dirname), &utf16, UCS2_ENDIAN); + ret = + _gnutls_utf8_to_ucs2(dirname, strlen(dirname), &utf16, UCS2_ENDIAN); if (ret < 0) { return gnutls_assert_val(ret); } - dirp = _topendir((_TCHAR*)utf16.data); + dirp = _topendir((_TCHAR *) utf16.data); gnutls_free(utf16.data); if (dirp != NULL) { size_t base_len; @@ -470,8 +489,8 @@ int load_dir_certs(const char *dirname, base_len = pathbuf.len; while ((d = _treaddir(dirp)) != NULL) { - gnutls_datum_t utf8 = {NULL, 0}; -#ifdef _DIRENT_HAVE_D_TYPE + gnutls_datum_t utf8 = { NULL, 0 }; +# ifdef _DIRENT_HAVE_D_TYPE switch (d->d_type) { case DT_REG: case DT_LNK: @@ -480,10 +499,10 @@ int load_dir_certs(const char *dirname, default: continue; } -#endif +# endif ret = _gnutls_ucs2_to_utf8(d->d_name, - d->d_namlen * sizeof(d->d_name[0]), - &utf8, + d->d_namlen * + sizeof(d->d_name[0]), &utf8, UCS2_ENDIAN); if (ret < 0) { continue; @@ -496,12 +515,12 @@ int load_dir_certs(const char *dirname, if (crl != 0) { ret = gnutls_x509_trust_list_add_trust_file - (list, NULL, pathbuf.ptr, type, tl_flags, - tl_vflags); + (list, NULL, pathbuf.ptr, type, tl_flags, + tl_vflags); } else { ret = gnutls_x509_trust_list_add_trust_file - (list, pathbuf.ptr, NULL, type, tl_flags, - tl_vflags); + (list, pathbuf.ptr, NULL, type, tl_flags, + tl_vflags); } if (ret >= 0) r += ret; @@ -510,8 +529,8 @@ int load_dir_certs(const char *dirname, _gnutls_pathbuf_deinit(&pathbuf); _tclosedir(dirp); } -#undef UCS2_ENDIAN -#endif /* _WIN32 */ +# undef UCS2_ENDIAN +#endif /* _WIN32 */ return r; } @@ -534,11 +553,11 @@ int load_dir_certs(const char *dirname, **/ int gnutls_x509_trust_list_add_trust_dir(gnutls_x509_trust_list_t list, - const char *ca_dir, - const char *crl_dir, - gnutls_x509_crt_fmt_t type, - unsigned int tl_flags, - unsigned int tl_vflags) + const char *ca_dir, + const char *crl_dir, + gnutls_x509_crt_fmt_t type, + unsigned int tl_flags, + unsigned int tl_vflags) { int ret = 0; @@ -591,13 +610,13 @@ gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list, if (c_strncasecmp(ca_file, PKCS11_URL, PKCS11_URL_SIZE) == 0) { if (is_pkcs11_url_object(ca_file) != 0) { return remove_pkcs11_object_url(list, ca_file); - } else { /* token */ + } else { /* token */ return remove_pkcs11_url(list, ca_file); } } else #endif { - cas.data = (void *) read_file(ca_file, RF_BINARY, &size); + cas.data = (void *)read_file(ca_file, RF_BINARY, &size); if (cas.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; |