diff options
Diffstat (limited to 'lib/x509')
54 files changed, 6428 insertions, 8063 deletions
diff --git a/lib/x509/attributes.c b/lib/x509/attributes.c index 5ca57a9b3e..37825eac2a 100644 --- a/lib/x509/attributes.c +++ b/lib/x509/attributes.c @@ -37,9 +37,8 @@ /* Overwrite the given attribute (using the index) * index here starts from one. */ -static int -overwrite_attribute(asn1_node asn, const char *root, unsigned indx, - const gnutls_datum_t * ext_data) +static int overwrite_attribute(asn1_node asn, const char *root, unsigned indx, + const gnutls_datum_t *ext_data) { char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; int result; @@ -68,10 +67,9 @@ overwrite_attribute(asn1_node asn, const char *root, unsigned indx, * "certificationRequestInfo.attributes" * */ -int -_x509_parse_attribute(asn1_node asn1_struct, - const char *attr_name, const char *given_oid, - unsigned indx, int raw, gnutls_datum_t * out) +int _x509_parse_attribute(asn1_node asn1_struct, const char *attr_name, + const char *given_oid, unsigned indx, int raw, + gnutls_datum_t *out) { int k1, result; char tmpbuffer1[MAX_NAME_SIZE]; @@ -83,7 +81,6 @@ _x509_parse_attribute(asn1_node asn1_struct, k1 = 0; do { - k1++; /* create a string like "attribute.?1" */ @@ -125,7 +122,7 @@ _x509_parse_attribute(asn1_node asn1_struct, goto cleanup; } - if (strcmp(oid, given_oid) == 0) { /* Found the OID */ + if (strcmp(oid, given_oid) == 0) { /* Found the OID */ /* Read the Value */ @@ -133,9 +130,8 @@ _x509_parse_attribute(asn1_node asn1_struct, "%s.values.?%u", tmpbuffer1, indx + 1); len = sizeof(value) - 1; - result = - _gnutls_x509_read_value(asn1_struct, - tmpbuffer3, &td); + result = _gnutls_x509_read_value(asn1_struct, + tmpbuffer3, &td); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -144,9 +140,8 @@ _x509_parse_attribute(asn1_node asn1_struct, } if (raw == 0) { - result = - _gnutls_x509_dn_to_string - (oid, td.data, td.size, out); + result = _gnutls_x509_dn_to_string( + oid, td.data, td.size, out); _gnutls_free_datum(&td); @@ -155,7 +150,7 @@ _x509_parse_attribute(asn1_node asn1_struct, goto cleanup; } return 0; - } else { /* raw!=0 */ + } else { /* raw!=0 */ out->data = td.data; out->size = td.size; @@ -163,14 +158,13 @@ _x509_parse_attribute(asn1_node asn1_struct, } } - } - while (1); + } while (1); gnutls_assert(); result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - cleanup: +cleanup: return result; } @@ -179,9 +173,9 @@ _x509_parse_attribute(asn1_node asn1_struct, * * Critical will be either 0 or 1. */ -static int -add_attribute(asn1_node asn, const char *root, const char *attribute_id, - const gnutls_datum_t * ext_data) +static int add_attribute(asn1_node asn, const char *root, + const char *attribute_id, + const gnutls_datum_t *ext_data) { int result; char name[MAX_NAME_SIZE]; @@ -223,9 +217,8 @@ add_attribute(asn1_node asn, const char *root, const char *attribute_id, return 0; } -int -_x509_set_attribute(asn1_node asn, const char *root, - const char *ext_id, const gnutls_datum_t * ext_data) +int _x509_set_attribute(asn1_node asn, const char *root, const char *ext_id, + const gnutls_datum_t *ext_data) { int result; int k, len; @@ -251,7 +244,6 @@ _x509_set_attribute(asn1_node asn, const char *root, } do { - _gnutls_str_cpy(name2, sizeof(name2), name); _gnutls_str_cat(name2, sizeof(name2), ".type"); @@ -275,10 +267,8 @@ _x509_set_attribute(asn1_node asn, const char *root, ext_data); } - } - while (0); - } - while (1); + } while (0); + } while (1); if (result == ASN1_ELEMENT_NOT_FOUND) { return add_attribute(asn, root, ext_id, ext_data); diff --git a/lib/x509/attributes.h b/lib/x509/attributes.h index ff2328ad46..6a1214ace2 100644 --- a/lib/x509/attributes.h +++ b/lib/x509/attributes.h @@ -21,15 +21,13 @@ */ #ifndef GNUTLS_LIB_X509_ATTRIBUTES_H -# define GNUTLS_LIB_X509_ATTRIBUTES_H +#define GNUTLS_LIB_X509_ATTRIBUTES_H -int -_x509_parse_attribute(asn1_node asn1_struct, - const char *attr_name, const char *given_oid, - unsigned indx, int raw, gnutls_datum_t * out); +int _x509_parse_attribute(asn1_node asn1_struct, const char *attr_name, + const char *given_oid, unsigned indx, int raw, + gnutls_datum_t *out); -int -_x509_set_attribute(asn1_node asn, const char *root, - const char *ext_id, const gnutls_datum_t * ext_data); +int _x509_set_attribute(asn1_node asn, const char *root, const char *ext_id, + const gnutls_datum_t *ext_data); -#endif /* GNUTLS_LIB_X509_ATTRIBUTES_H */ +#endif /* GNUTLS_LIB_X509_ATTRIBUTES_H */ diff --git a/lib/x509/common.c b/lib/x509/common.c index 2cc95c9b8b..748d0db4c5 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -35,12 +35,18 @@ #include "extras/hex.h" #include <common.h> -static int data2hex(const void *data, size_t data_size, gnutls_datum_t * out); +static int data2hex(const void *data, size_t data_size, gnutls_datum_t *out); -#define ENTRY(oid, ldap, asn, etype) {oid, sizeof(oid)-1, ldap, sizeof(ldap)-1, asn, etype} +#define ENTRY(oid, ldap, asn, etype) \ + { \ + oid, sizeof(oid) - 1, ldap, sizeof(ldap) - 1, asn, etype \ + } /* when there is no name description */ -#define ENTRY_ND(oid, asn, etype) {oid, sizeof(oid)-1, NULL, 0, asn, etype} +#define ENTRY_ND(oid, asn, etype) \ + { \ + oid, sizeof(oid) - 1, NULL, 0, asn, etype \ + } /* This list contains all the OIDs that may be * contained in a rdnSequence and are printable. @@ -90,8 +96,7 @@ static const struct oid_to_string _oid2str[] = { ENTRY("0.9.2342.19200300.100.1.1", "UID", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID), ENTRY("1.2.840.113556.1.4.656", "userPrincipalName", - "PKIX1.DirectoryString", - ASN1_ETYPE_INVALID), + "PKIX1.DirectoryString", ASN1_ETYPE_INVALID), /* Extended validation */ @@ -102,8 +107,8 @@ static const struct oid_to_string _oid2str[] = { "jurisdictionOfIncorporationStateOrProvinceName", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID), ENTRY("1.3.6.1.4.1.311.60.2.1.3", - "jurisdictionOfIncorporationCountryName", - NULL, ASN1_ETYPE_PRINTABLE_STRING), + "jurisdictionOfIncorporationCountryName", NULL, + ASN1_ETYPE_PRINTABLE_STRING), /* PKCS #9 */ @@ -130,11 +135,11 @@ static const struct oid_to_string _oid2str[] = { /* VAT identification number */ ENTRY("1.2.643.3.131.1.1", "INN", NULL, ASN1_ETYPE_NUMERIC_STRING), - {NULL, 0, NULL, 0, NULL, 0} + { NULL, 0, NULL, 0, NULL, 0 } }; -const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string - *ots, const char *oid) +const struct oid_to_string * +_gnutls_oid_get_entry(const struct oid_to_string *ots, const char *oid) { unsigned int i = 0; unsigned len = strlen(oid); @@ -143,8 +148,7 @@ const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string if (len == ots[i].oid_size && strcmp(ots[i].oid, oid) == 0) return &ots[i]; i++; - } - while (ots[i].oid != NULL); + } while (ots[i].oid != NULL); return NULL; } @@ -152,7 +156,7 @@ const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string const char *_gnutls_oid_get_asn_desc(const char *oid) { const struct oid_to_string *entry = - _gnutls_oid_get_entry(_oid2str, oid); + _gnutls_oid_get_entry(_oid2str, oid); return entry ? entry->asn_desc : NULL; } @@ -166,15 +170,14 @@ const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len) (c_strncasecmp(_oid2str[i].name_desc, str, str_len) == 0)) return _oid2str[i].oid; i++; - } - while (_oid2str[i].oid != NULL); + } while (_oid2str[i].oid != NULL); return NULL; } /* Escapes a string following the rules from RFC4514. */ -static int str_escape(const gnutls_datum_t * str, gnutls_datum_t * escaped) +static int str_escape(const gnutls_datum_t *str, gnutls_datum_t *escaped) { unsigned int j, i; uint8_t *buffer = NULL; @@ -195,10 +198,10 @@ static int str_escape(const gnutls_datum_t * str, gnutls_datum_t * escaped) goto cleanup; } - if (str->data[i] == ',' || str->data[i] == '+' - || str->data[i] == '"' || str->data[i] == '\\' - || str->data[i] == '<' || str->data[i] == '>' - || str->data[i] == ';' || str->data[i] == 0) + if (str->data[i] == ',' || str->data[i] == '+' || + str->data[i] == '"' || str->data[i] == '\\' || + str->data[i] == '<' || str->data[i] == '>' || + str->data[i] == ';' || str->data[i] == 0) buffer[j++] = '\\'; else if (i == 0 && str->data[i] == '#') buffer[j++] = '\\'; @@ -216,7 +219,7 @@ static int str_escape(const gnutls_datum_t * str, gnutls_datum_t * escaped) escaped->size = j; return 0; - cleanup: +cleanup: gnutls_free(buffer); return ret; } @@ -257,7 +260,7 @@ int gnutls_x509_dn_oid_known(const char *oid) const char *gnutls_x509_dn_oid_name(const char *oid, unsigned int flags) { const struct oid_to_string *entry = - _gnutls_oid_get_entry(_oid2str, oid); + _gnutls_oid_get_entry(_oid2str, oid); if (entry && entry->name_desc) return entry->name_desc; @@ -267,9 +270,8 @@ const char *gnutls_x509_dn_oid_name(const char *oid, unsigned int flags) return NULL; } -static int -make_printable_string(unsigned etype, const gnutls_datum_t * input, - gnutls_datum_t * out) +static int make_printable_string(unsigned etype, const gnutls_datum_t *input, + gnutls_datum_t *out) { int printable = 0; int ret; @@ -306,10 +308,11 @@ make_printable_string(unsigned etype, const gnutls_datum_t * input, printable = 1; } - } else if (etype != ASN1_ETYPE_UNIVERSAL_STRING) /* supported but not printable */ + } else if (etype != + ASN1_ETYPE_UNIVERSAL_STRING) /* supported but not printable */ return GNUTLS_E_INVALID_REQUEST; - if (printable == 0) { /* need to allocate out */ + if (printable == 0) { /* need to allocate out */ ret = data2hex(input->data, input->size, out); if (ret < 0) { gnutls_assert(); @@ -320,9 +323,9 @@ make_printable_string(unsigned etype, const gnutls_datum_t * input, return 0; } -static int -decode_complex_string(const struct oid_to_string *oentry, void *value, - int value_size, gnutls_datum_t * out) +static int decode_complex_string(const struct oid_to_string *oentry, + void *value, int value_size, + gnutls_datum_t *out) { char str[MAX_STRING_LEN], tmpname[128]; int len = -1, result; @@ -336,16 +339,14 @@ decode_complex_string(const struct oid_to_string *oentry, void *value, return GNUTLS_E_INTERNAL_ERROR; } - if ((result = - asn1_create_element(_gnutls_get_pkix(), oentry->asn_desc, - &tmpasn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), oentry->asn_desc, + &tmpasn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - if ((result = - _asn1_strict_der_decode(&tmpasn, value, value_size, - asn1_err)) != ASN1_SUCCESS) { + if ((result = _asn1_strict_der_decode(&tmpasn, value, value_size, + asn1_err)) != ASN1_SUCCESS) { gnutls_assert(); _gnutls_debug_log("_asn1_strict_der_decode: %s\n", asn1_err); asn1_delete_structure(&tmpasn); @@ -355,7 +356,8 @@ decode_complex_string(const struct oid_to_string *oentry, void *value, /* Read the type of choice. */ len = sizeof(str) - 1; - if ((result = asn1_read_value(tmpasn, "", str, &len)) != ASN1_SUCCESS) { /* CHOICE */ + if ((result = asn1_read_value(tmpasn, "", str, &len)) != + ASN1_SUCCESS) { /* CHOICE */ gnutls_assert(); asn1_delete_structure(&tmpasn); return _gnutls_asn2err(result); @@ -412,9 +414,8 @@ decode_complex_string(const struct oid_to_string *oentry, void *value, * res may be null. This will just return the res_size, needed to * hold the string. */ -int -_gnutls_x509_dn_to_string(const char *oid, void *value, - int value_size, gnutls_datum_t * str) +int _gnutls_x509_dn_to_string(const char *oid, void *value, int value_size, + gnutls_datum_t *str) { const struct oid_to_string *oentry; int ret; @@ -426,8 +427,8 @@ _gnutls_x509_dn_to_string(const char *oid, void *value, } oentry = _gnutls_oid_get_entry(_oid2str, oid); - if (oentry == NULL) { /* unknown OID -> hex */ - unknown_oid: + if (oentry == NULL) { /* unknown OID -> hex */ + unknown_oid: ret = data2hex(value, value_size, str); if (ret < 0) { gnutls_assert(); @@ -436,16 +437,15 @@ _gnutls_x509_dn_to_string(const char *oid, void *value, return 0; } - if (oentry->asn_desc != NULL) { /* complex */ + if (oentry->asn_desc != NULL) { /* complex */ ret = decode_complex_string(oentry, value, value_size, &tmp); if (ret < 0) { /* we failed decoding -> handle it as unknown OID */ goto unknown_oid; } } else { - ret = - _gnutls_x509_decode_string(oentry->etype, value, - value_size, &tmp, 0); + ret = _gnutls_x509_decode_string(oentry->etype, value, + value_size, &tmp, 0); if (ret < 0) { /* we failed decoding -> handle it as unknown OID */ goto unknown_oid; @@ -464,13 +464,13 @@ _gnutls_x509_dn_to_string(const char *oid, void *value, /* Converts a data string to an LDAP rfc2253 hex string * something like '#01020304' */ -static int data2hex(const void *data, size_t data_size, gnutls_datum_t * out) +static int data2hex(const void *data, size_t data_size, gnutls_datum_t *out) { gnutls_datum_t tmp, td; int ret; size_t size; - td.size = hex_str_size(data_size) + 1; /* +1 for '#' */ + td.size = hex_str_size(data_size) + 1; /* +1 for '#' */ td.data = gnutls_malloc(td.size); if (td.data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); @@ -479,7 +479,7 @@ static int data2hex(const void *data, size_t data_size, gnutls_datum_t * out) tmp.size = data_size; td.data[0] = '#'; - size = td.size - 1; /* don't include '#' */ + size = td.size - 1; /* don't include '#' */ ret = gnutls_hex_encode(&tmp, (char *)&td.data[1], &size); if (ret < 0) { gnutls_assert(); @@ -487,7 +487,7 @@ static int data2hex(const void *data, size_t data_size, gnutls_datum_t * out) return GNUTLS_E_SHORT_MEMORY_BUFFER; } - td.size--; /* don't include null */ + td.size--; /* don't include null */ out->data = td.data; out->size = td.size; @@ -512,25 +512,24 @@ gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type) if (strcmp(str_type, "registeredID") == 0) return GNUTLS_SAN_REGISTERED_ID; - return (gnutls_x509_subject_alt_name_t) - 1; + return (gnutls_x509_subject_alt_name_t)-1; } /* A generic export function. Will export the given ASN.1 encoded data * to PEM or DER raw data. */ -int -_gnutls_x509_export_int_named(asn1_node asn1_data, const char *name, - gnutls_x509_crt_fmt_t format, - const char *pem_header, - unsigned char *output_data, - size_t *output_data_size) +int _gnutls_x509_export_int_named(asn1_node asn1_data, const char *name, + gnutls_x509_crt_fmt_t format, + const char *pem_header, + unsigned char *output_data, + size_t *output_data_size) { int ret; gnutls_datum_t out = { NULL, 0 }; size_t size; - ret = _gnutls_x509_export_int_named2(asn1_data, name, - format, pem_header, &out); + ret = _gnutls_x509_export_int_named2(asn1_data, name, format, + pem_header, &out); if (ret < 0) return gnutls_assert_val(ret); @@ -556,7 +555,7 @@ _gnutls_x509_export_int_named(asn1_node asn1_data, const char *name, ret = 0; - cleanup: +cleanup: gnutls_free(out.data); return ret; @@ -565,10 +564,9 @@ _gnutls_x509_export_int_named(asn1_node asn1_data, const char *name, /* A generic export function. Will export the given ASN.1 encoded data * to PEM or DER raw data. */ -int -_gnutls_x509_export_int_named2(asn1_node asn1_data, const char *name, - gnutls_x509_crt_fmt_t format, - const char *pem_header, gnutls_datum_t * out) +int _gnutls_x509_export_int_named2(asn1_node asn1_data, const char *name, + gnutls_x509_crt_fmt_t format, + const char *pem_header, gnutls_datum_t *out) { int ret; @@ -576,15 +574,15 @@ _gnutls_x509_export_int_named2(asn1_node asn1_data, const char *name, ret = _gnutls_x509_der_encode(asn1_data, name, out, 0); if (ret < 0) return gnutls_assert_val(ret); - } else { /* PEM */ + } else { /* PEM */ gnutls_datum_t tmp; ret = _gnutls_x509_der_encode(asn1_data, name, &tmp, 0); if (ret < 0) return gnutls_assert_val(ret); - ret = - _gnutls_fbase64_encode(pem_header, tmp.data, tmp.size, out); + ret = _gnutls_fbase64_encode(pem_header, tmp.data, tmp.size, + out); _gnutls_free_datum(&tmp); if (ret < 0) @@ -598,10 +596,9 @@ _gnutls_x509_export_int_named2(asn1_node asn1_data, const char *name, * The returned string is always null terminated (but null is not * included in size). */ -int -_gnutls_x509_decode_string(unsigned int etype, - const uint8_t * der, size_t der_size, - gnutls_datum_t * output, unsigned allow_ber) +int _gnutls_x509_decode_string(unsigned int etype, const uint8_t *der, + size_t der_size, gnutls_datum_t *output, + unsigned allow_ber) { int ret; uint8_t *str; @@ -612,13 +609,11 @@ _gnutls_x509_decode_string(unsigned int etype, output->size = 0; if (allow_ber) - ret = - asn1_decode_simple_ber(etype, der, der_size, &str, - &str_size, NULL); + ret = asn1_decode_simple_ber(etype, der, der_size, &str, + &str_size, NULL); else - ret = - asn1_decode_simple_der(etype, der, der_size, - (const uint8_t **)&str, &str_size); + ret = asn1_decode_simple_der(etype, der, der_size, + (const uint8_t **)&str, &str_size); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -638,7 +633,7 @@ _gnutls_x509_decode_string(unsigned int etype, free(str); ret = make_printable_string(etype, &td, output); - if (ret == GNUTLS_E_INVALID_REQUEST) { /* unsupported etype */ + if (ret == GNUTLS_E_INVALID_REQUEST) { /* unsupported etype */ output->data = td.data; output->size = td.size; ret = 0; @@ -655,9 +650,8 @@ _gnutls_x509_decode_string(unsigned int etype, if (len != (size_t)output->size) { _gnutls_free_datum(output); - ret = - gnutls_assert_val - (GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING); + ret = gnutls_assert_val( + GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING); } } @@ -670,9 +664,8 @@ _gnutls_x509_decode_string(unsigned int etype, * Note that this function always allocates one plus * the required data size (and places a null byte). */ -static int -x509_read_value(asn1_node c, const char *root, - gnutls_datum_t * ret, unsigned allow_null) +static int x509_read_value(asn1_node c, const char *root, gnutls_datum_t *ret, + unsigned allow_null) { int len = 0, result; uint8_t *tmp = NULL; @@ -682,8 +675,8 @@ x509_read_value(asn1_node c, const char *root, if (result == 0 && allow_null == 0 && len == 0) { /* don't allow null strings */ return gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR); - } else if (result == 0 && allow_null == 0 - && etype == ASN1_ETYPE_OBJECT_ID && len == 1) { + } else if (result == 0 && allow_null == 0 && + etype == ASN1_ETYPE_OBJECT_ID && len == 1) { return gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR); } @@ -721,8 +714,8 @@ x509_read_value(asn1_node c, const char *root, if (len > 0) { ret->size = len - 1; } else { - result = - gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR); + result = gnutls_assert_val( + GNUTLS_E_ASN1_DER_ERROR); goto cleanup; } break; @@ -739,19 +732,18 @@ x509_read_value(asn1_node c, const char *root, return 0; - cleanup: +cleanup: gnutls_free(tmp); return result; } -int _gnutls_x509_read_value(asn1_node c, const char *root, gnutls_datum_t * ret) +int _gnutls_x509_read_value(asn1_node c, const char *root, gnutls_datum_t *ret) { return x509_read_value(c, root, ret, 0); } -int -_gnutls_x509_read_null_value(asn1_node c, const char *root, - gnutls_datum_t * ret) +int _gnutls_x509_read_null_value(asn1_node c, const char *root, + gnutls_datum_t *ret) { return x509_read_value(c, root, ret, 1); } @@ -762,10 +754,8 @@ _gnutls_x509_read_null_value(asn1_node c, const char *root, * Note that this function always places a null character * at the end of a readable string value (which is not accounted into size) */ -int -_gnutls_x509_read_string(asn1_node c, const char *root, - gnutls_datum_t * ret, unsigned int etype, - unsigned int allow_ber) +int _gnutls_x509_read_string(asn1_node c, const char *root, gnutls_datum_t *ret, + unsigned int etype, unsigned int allow_ber) { int len = 0, result; size_t slen; @@ -812,24 +802,23 @@ _gnutls_x509_read_string(asn1_node c, const char *root, return 0; - cleanup: +cleanup: gnutls_free(tmp); return result; } /* The string type should be IA5String, UTF8String etc. Leave * null for octet string */ -int _gnutls_x509_encode_string(unsigned int etype, - const void *input_data, size_t input_size, - gnutls_datum_t * output) +int _gnutls_x509_encode_string(unsigned int etype, const void *input_data, + size_t input_size, gnutls_datum_t *output) { uint8_t tl[ASN1_MAX_TL_SIZE]; unsigned int tl_size; int ret; tl_size = sizeof(tl); - ret = - asn1_encode_simple_der(etype, input_data, input_size, tl, &tl_size); + ret = asn1_encode_simple_der(etype, input_data, input_size, tl, + &tl_size); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -852,9 +841,8 @@ int _gnutls_x509_encode_string(unsigned int etype, * the given datum. If str is non zero then the data are encoded as * an OCTET STRING. */ -int -_gnutls_x509_der_encode(asn1_node src, const char *src_name, - gnutls_datum_t * res, int str) +int _gnutls_x509_der_encode(asn1_node src, const char *src_name, + gnutls_datum_t *res, int str) { int size, result; int asize; @@ -873,7 +861,7 @@ _gnutls_x509_der_encode(asn1_node src, const char *src_name, */ if (str) - size += 16; /* for later to include the octet tags */ + size += 16; /* for later to include the octet tags */ asize = size; data = gnutls_malloc((size_t)size); @@ -890,9 +878,9 @@ _gnutls_x509_der_encode(asn1_node src, const char *src_name, } if (str) { - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data", - &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-7-Data", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -921,11 +909,10 @@ _gnutls_x509_der_encode(asn1_node src, const char *src_name, res->size = (unsigned)size; return 0; - cleanup: +cleanup: gnutls_free(data); asn1_delete_structure(&c2); return result; - } /* DER Encodes the src asn1_node and stores it to @@ -933,9 +920,9 @@ _gnutls_x509_der_encode(asn1_node src, const char *src_name, * as OCTET. If str is non null then the data are encoded as * an OCTET STRING. */ -int -_gnutls_x509_der_encode_and_copy(asn1_node src, const char *src_name, - asn1_node dest, const char *dest_name, int str) +int _gnutls_x509_der_encode_and_copy(asn1_node src, const char *src_name, + asn1_node dest, const char *dest_name, + int str) { int result; gnutls_datum_t encoded = { NULL, 0 }; @@ -949,8 +936,8 @@ _gnutls_x509_der_encode_and_copy(asn1_node src, const char *src_name, /* Write the data. */ - result = - asn1_write_value(dest, dest_name, encoded.data, (int)encoded.size); + result = asn1_write_value(dest, dest_name, encoded.data, + (int)encoded.size); _gnutls_free_datum(&encoded); @@ -964,9 +951,8 @@ _gnutls_x509_der_encode_and_copy(asn1_node src, const char *src_name, /* Writes the value of the datum in the given asn1_node. */ -int -_gnutls_x509_write_value(asn1_node c, const char *root, - const gnutls_datum_t * data) +int _gnutls_x509_write_value(asn1_node c, const char *root, + const gnutls_datum_t *data) { int ret; @@ -983,9 +969,8 @@ _gnutls_x509_write_value(asn1_node c, const char *root, /* Writes the value of the datum in the given asn1_node as a string. */ -int -_gnutls_x509_write_string(asn1_node c, const char *root, - const gnutls_datum_t * data, unsigned int etype) +int _gnutls_x509_write_string(asn1_node c, const char *root, + const gnutls_datum_t *data, unsigned int etype) { int ret; gnutls_datum_t val = { NULL, 0 }; @@ -1005,31 +990,28 @@ _gnutls_x509_write_string(asn1_node c, const char *root, ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&val); return ret; } -void -_asnstr_append_name(char *name, size_t name_size, const char *part1, - const char *part2) +void _asnstr_append_name(char *name, size_t name_size, const char *part1, + const char *part2) { if (part1[0] != 0) { _gnutls_str_cpy(name, name_size, part1); _gnutls_str_cat(name, name_size, part2); } else _gnutls_str_cpy(name, name_size, - part2 + 1 /* remove initial dot */ ); + part2 + 1 /* remove initial dot */); } /* Encodes and copies the private key parameters into a * subjectPublicKeyInfo structure. * */ -int -_gnutls_x509_encode_and_copy_PKI_params(asn1_node dst, - const char *dst_name, - const gnutls_pk_params_st * params) +int _gnutls_x509_encode_and_copy_PKI_params(asn1_node dst, const char *dst_name, + const gnutls_pk_params_st *params) { const char *oid; gnutls_datum_t der = { NULL, 0 }; @@ -1093,35 +1075,31 @@ _gnutls_x509_encode_and_copy_PKI_params(asn1_node dst, /* Encodes and public key parameters into a * subjectPublicKeyInfo structure and stores it in der. */ -int -_gnutls_x509_encode_PKI_params(gnutls_datum_t * der, - const gnutls_pk_params_st * params) +int _gnutls_x509_encode_PKI_params(gnutls_datum_t *der, + const gnutls_pk_params_st *params) { int ret; asn1_node tmp; - ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Certificate", &tmp); + ret = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Certificate", + &tmp); if (ret != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); } - ret = _gnutls_x509_encode_and_copy_PKI_params(tmp, - "tbsCertificate.subjectPublicKeyInfo", - params); + ret = _gnutls_x509_encode_and_copy_PKI_params( + tmp, "tbsCertificate.subjectPublicKeyInfo", params); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; } - ret = - _gnutls_x509_der_encode(tmp, - "tbsCertificate.subjectPublicKeyInfo", - der, 0); + ret = _gnutls_x509_der_encode( + tmp, "tbsCertificate.subjectPublicKeyInfo", der, 0); - cleanup: +cleanup: asn1_delete_structure(&tmp); return ret; @@ -1130,9 +1108,8 @@ _gnutls_x509_encode_PKI_params(gnutls_datum_t * der, /* Reads and returns the PK algorithm of the given certificate-like * ASN.1 structure. src_name should be something like "tbsCertificate.subjectPublicKeyInfo". */ -int -_gnutls_x509_get_pk_algorithm(asn1_node src, const char *src_name, - gnutls_ecc_curve_t * curve, unsigned int *bits) +int _gnutls_x509_get_pk_algorithm(asn1_node src, const char *src_name, + gnutls_ecc_curve_t *curve, unsigned int *bits) { int result; int algo; @@ -1153,8 +1130,8 @@ _gnutls_x509_get_pk_algorithm(asn1_node src, const char *src_name, algo = _gnutls_oid_to_pk_and_curve(oid, &lcurve); if (algo == GNUTLS_PK_UNKNOWN) { - _gnutls_debug_log - ("%s: unknown public key algorithm: %s\n", __func__, oid); + _gnutls_debug_log("%s: unknown public key algorithm: %s\n", + __func__, oid); } if (curve) @@ -1166,7 +1143,7 @@ _gnutls_x509_get_pk_algorithm(asn1_node src, const char *src_name, /* Now read the parameters' bits */ - if (lcurve != GNUTLS_ECC_CURVE_INVALID) { /* curve present */ + if (lcurve != GNUTLS_ECC_CURVE_INVALID) { /* curve present */ bits[0] = gnutls_ecc_curve_get_size(lcurve) * 8; } else { gnutls_pk_params_st params; @@ -1186,9 +1163,9 @@ _gnutls_x509_get_pk_algorithm(asn1_node src, const char *src_name, /* Reads the DER signed data from the certificate and allocates space and * returns them into signed_data. */ -int -_gnutls_x509_get_signed_data(asn1_node src, const gnutls_datum_t * der, - const char *src_name, gnutls_datum_t * signed_data) +int _gnutls_x509_get_signed_data(asn1_node src, const gnutls_datum_t *der, + const char *src_name, + gnutls_datum_t *signed_data) { int start, end, result; @@ -1198,16 +1175,16 @@ _gnutls_x509_get_signed_data(asn1_node src, const gnutls_datum_t * der, /* Get the signed data */ - result = asn1_der_decoding_startEnd(src, der->data, der->size, - src_name, &start, &end); + result = asn1_der_decoding_startEnd(src, der->data, der->size, src_name, + &start, &end); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); goto cleanup; } - result = - _gnutls_set_datum(signed_data, &der->data[start], end - start + 1); + result = _gnutls_set_datum(signed_data, &der->data[start], + end - start + 1); if (result < 0) { gnutls_assert(); @@ -1216,7 +1193,7 @@ _gnutls_x509_get_signed_data(asn1_node src, const gnutls_datum_t * der, result = 0; - cleanup: +cleanup: return result; } @@ -1271,8 +1248,8 @@ int _gnutls_x509_get_signature_algorithm(asn1_node src, const char *src_name) _gnutls_free_datum(&der); if (result == 0) - result = - gnutls_pk_to_sign(params.pk, params.rsa_pss_dig); + result = gnutls_pk_to_sign(params.pk, + params.rsa_pss_dig); } else if (sa.data) { result = gnutls_oid_to_sign((char *)sa.data); } else { @@ -1290,9 +1267,8 @@ int _gnutls_x509_get_signature_algorithm(asn1_node src, const char *src_name) /* Reads the DER signature from the certificate and allocates space and * returns them into signed_data. */ -int -_gnutls_x509_get_signature(asn1_node src, const char *src_name, - gnutls_datum_t * signature) +int _gnutls_x509_get_signature(asn1_node src, const char *src_name, + gnutls_datum_t *signature) { int result, len; int bits; @@ -1342,7 +1318,7 @@ _gnutls_x509_get_signature(asn1_node src, const char *src_name, return 0; - cleanup: +cleanup: gnutls_free(signature->data); return result; } @@ -1361,7 +1337,7 @@ static int is_printable(char p) static int write_complex_string(asn1_node asn_struct, const char *where, const struct oid_to_string *oentry, - const uint8_t * data, size_t data_size) + const uint8_t *data, size_t data_size) { char tmp[128]; asn1_node c2; @@ -1416,7 +1392,7 @@ static int write_complex_string(asn1_node asn_struct, const char *where, result = 0; - error: +error: asn1_delete_structure(&c2); return result; } @@ -1425,12 +1401,11 @@ static int write_complex_string(asn1_node asn_struct, const char *where, * 'multi' must be (0) if writing an AttributeTypeAndValue, and 1 if Attribute. * In all cases only one value is written. */ -int -_gnutls_x509_encode_and_write_attribute(const char *given_oid, - asn1_node asn1_struct, - const char *where, - const void *_data, - int data_size, int multi) +int _gnutls_x509_encode_and_write_attribute(const char *given_oid, + asn1_node asn1_struct, + const char *where, + const void *_data, int data_size, + int multi) { const uint8_t *data = _data; char tmp[128]; @@ -1450,8 +1425,9 @@ _gnutls_x509_encode_and_write_attribute(const char *given_oid, _gnutls_str_cpy(tmp, sizeof(tmp), where); _gnutls_str_cat(tmp, sizeof(tmp), ".value"); - if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */ - _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */ + if (multi != + 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */ + _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */ result = asn1_write_value(asn1_struct, tmp, "NEW", 1); if (result != ASN1_SUCCESS) { @@ -1463,21 +1439,19 @@ _gnutls_x509_encode_and_write_attribute(const char *given_oid, _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); } - if (oentry->asn_desc != NULL) { /* write a complex string API */ - result = - write_complex_string(asn1_struct, tmp, oentry, data, - data_size); + if (oentry->asn_desc != NULL) { /* write a complex string API */ + result = write_complex_string(asn1_struct, tmp, oentry, data, + data_size); if (result < 0) return gnutls_assert_val(result); - } else { /* write a simple string */ + } else { /* write a simple string */ gnutls_datum_t td; td.data = (void *)data; td.size = data_size; - result = - _gnutls_x509_write_string(asn1_struct, tmp, &td, - oentry->etype); + result = _gnutls_x509_write_string(asn1_struct, tmp, &td, + oentry->etype); if (result < 0) { gnutls_assert(); goto error; @@ -1498,7 +1472,7 @@ _gnutls_x509_encode_and_write_attribute(const char *given_oid, result = 0; - error: +error: return result; } @@ -1508,7 +1482,7 @@ _gnutls_x509_encode_and_write_attribute(const char *given_oid, * * The buffer will always be null terminated. */ -int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf, size_t *buf_size) +int _gnutls_strdatum_to_buf(gnutls_datum_t *d, void *buf, size_t *buf_size) { int ret; uint8_t *_buf = buf; @@ -1524,21 +1498,19 @@ int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf, size_t *buf_size) *buf_size = d->size; ret = 0; - cleanup: +cleanup: _gnutls_free_datum(d); return ret; } -int -_gnutls_x509_get_raw_field2(asn1_node c2, const gnutls_datum_t * raw, - const char *whom, gnutls_datum_t * dn) +int _gnutls_x509_get_raw_field2(asn1_node c2, const gnutls_datum_t *raw, + const char *whom, gnutls_datum_t *dn) { int result, len1; int start1, end1; - result = - asn1_der_decoding_startEnd(c2, raw->data, raw->size, - whom, &start1, &end1); + result = asn1_der_decoding_startEnd(c2, raw->data, raw->size, whom, + &start1, &end1); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -1552,11 +1524,11 @@ _gnutls_x509_get_raw_field2(asn1_node c2, const gnutls_datum_t * raw, dn->size = len1; result = 0; - cleanup: +cleanup: return result; } -int _gnutls_copy_string(const gnutls_datum_t * str, uint8_t * out, +int _gnutls_copy_string(const gnutls_datum_t *str, uint8_t *out, size_t *out_size) { unsigned size_to_check; @@ -1580,8 +1552,7 @@ int _gnutls_copy_string(const gnutls_datum_t * str, uint8_t * out, return 0; } -int _gnutls_copy_data(const gnutls_datum_t * str, uint8_t * out, - size_t *out_size) +int _gnutls_copy_data(const gnutls_datum_t *str, uint8_t *out, size_t *out_size) { if ((unsigned)str->size > *out_size) { gnutls_assert(); @@ -1598,7 +1569,7 @@ int _gnutls_copy_data(const gnutls_datum_t * str, uint8_t * out, } /* Converts an X.509 certificate to subjectPublicKeyInfo */ -int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, gnutls_datum_t * rpubkey) +int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, gnutls_datum_t *rpubkey) { gnutls_pubkey_t pubkey = NULL; int ret; @@ -1621,14 +1592,14 @@ int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, gnutls_datum_t * rpubkey) ret = 0; - cleanup: +cleanup: gnutls_pubkey_deinit(pubkey); return ret; } /* Converts an X.509 certificate to subjectPublicKeyInfo */ -int _gnutls_x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, - gnutls_datum_t * rpubkey) +int _gnutls_x509_raw_crt_to_raw_pubkey(const gnutls_datum_t *cert, + gnutls_datum_t *rpubkey) { gnutls_x509_crt_t crt = NULL; int ret; @@ -1644,16 +1615,15 @@ int _gnutls_x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, } ret = x509_crt_to_raw_pubkey(crt, rpubkey); - cleanup: +cleanup: gnutls_x509_crt_deinit(crt); return ret; } -unsigned -_gnutls_check_valid_key_id(const gnutls_datum_t * key_id, - gnutls_x509_crt_t cert, time_t now, - unsigned *has_ski) +unsigned _gnutls_check_valid_key_id(const gnutls_datum_t *key_id, + gnutls_x509_crt_t cert, time_t now, + unsigned *has_ski) { uint8_t id[MAX_KEY_ID_SIZE]; size_t id_size; @@ -1681,7 +1651,7 @@ _gnutls_check_valid_key_id(const gnutls_datum_t * key_id, if (id_size == key_id->size && !memcmp(id, key_id->data, id_size)) result = 1; - out: +out: return result; } @@ -1721,13 +1691,13 @@ _gnutls_check_valid_key_id(const gnutls_datum_t * key_id, * It will return 3, meaning that the first segment contains [G, H, I]. At this * point, sorting of @clist is complete. */ -unsigned int _gnutls_sort_clist(gnutls_x509_crt_t * clist, +unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist, unsigned int clist_size) { int prev; unsigned int i, j, k; - int issuer[DEFAULT_MAX_VERIFY_DEPTH]; /* contain the index of the issuers */ - bool insorted[DEFAULT_MAX_VERIFY_DEPTH]; /* non zero if clist[i] used in sorted list */ + int issuer[DEFAULT_MAX_VERIFY_DEPTH]; /* contain the index of the issuers */ + bool insorted[DEFAULT_MAX_VERIFY_DEPTH]; /* non zero if clist[i] used in sorted list */ gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH]; assert(clist_size <= DEFAULT_MAX_VERIFY_DEPTH); @@ -1767,7 +1737,7 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t * clist, prev = 0; for (i = 1; i < clist_size; i++) { prev = issuer[prev]; - if (prev < 0) { /* no issuer */ + if (prev < 0) { /* no issuer */ break; } @@ -1791,7 +1761,7 @@ unsigned int _gnutls_sort_clist(gnutls_x509_crt_t * clist, return i; } -int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr) +int _gnutls_check_if_sorted(gnutls_x509_crt_t *crt, int nr) { int i, ret; @@ -1799,12 +1769,11 @@ int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr) if (nr > 1) { for (i = 0; i < nr; i++) { if (i > 0) { - if (!_gnutls_x509_compare_raw_dn - (&crt[i]->raw_dn, - &crt[i - 1]->raw_issuer_dn)) { - ret = - gnutls_assert_val - (GNUTLS_E_CERTIFICATE_LIST_UNSORTED); + if (!_gnutls_x509_compare_raw_dn( + &crt[i]->raw_dn, + &crt[i - 1]->raw_issuer_dn)) { + ret = gnutls_assert_val( + GNUTLS_E_CERTIFICATE_LIST_UNSORTED); goto cleanup; } } @@ -1812,7 +1781,7 @@ int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr) } ret = 0; - cleanup: +cleanup: return ret; } @@ -1912,7 +1881,7 @@ int _gnutls_x509_get_version(asn1_node root, const char *name) result = asn1_read_value(root, name, version, &len); if (result != ASN1_SUCCESS) { if (result == ASN1_ELEMENT_NOT_FOUND) - return 1; /* the DEFAULT version */ + return 1; /* the DEFAULT version */ gnutls_assert(); return _gnutls_asn2err(result); } diff --git a/lib/x509/common.h b/lib/x509/common.h index 51f8faab19..52d5d8f040 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -22,114 +22,114 @@ */ #ifndef GNUTLS_LIB_X509_COMMON_H -# define GNUTLS_LIB_X509_COMMON_H +#define GNUTLS_LIB_X509_COMMON_H -# include <algorithms.h> -# include <abstract_int.h> -# include <x509/x509_int.h> -# include <fips.h> +#include <algorithms.h> +#include <abstract_int.h> +#include <x509/x509_int.h> +#include <fips.h> -# define MAX_STRING_LEN 512 +#define MAX_STRING_LEN 512 -# if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) -# define MAX_ITER_COUNT 10*1024 -# else +#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) +#define MAX_ITER_COUNT 10 * 1024 +#else /* Set a maximum iteration count over which we refuse to * decode a file. That is to prevent DoS. */ -# define MAX_ITER_COUNT (10*1024*1024) -# endif +#define MAX_ITER_COUNT (10 * 1024 * 1024) +#endif -# define GNUTLS_XML_SHOW_ALL 1 +#define GNUTLS_XML_SHOW_ALL 1 -# define PEM_CRL "X509 CRL" -# define PEM_X509_CERT "X509 CERTIFICATE" -# define PEM_X509_CERT2 "CERTIFICATE" -# define PEM_PKCS7 "PKCS7" -# define PEM_PKCS12 "PKCS12" -# define PEM_PK "PUBLIC KEY" +#define PEM_CRL "X509 CRL" +#define PEM_X509_CERT "X509 CERTIFICATE" +#define PEM_X509_CERT2 "CERTIFICATE" +#define PEM_PKCS7 "PKCS7" +#define PEM_PKCS12 "PKCS12" +#define PEM_PK "PUBLIC KEY" /* public key algorithm's OIDs */ -# define PK_PKIX1_RSA_OID "1.2.840.113549.1.1.1" -# define PK_PKIX1_RSA_PSS_OID "1.2.840.113549.1.1.10" -# define PK_X509_RSA_OID "2.5.8.1.1" -# define PK_DSA_OID "1.2.840.10040.4.1" -# define PK_GOST_R3410_94_OID "1.2.643.2.2.20" -# define PK_GOST_R3410_2001_OID "1.2.643.2.2.19" -# define PK_GOST_R3410_2012_256_OID "1.2.643.7.1.1.1.1" -# define PK_GOST_R3410_2012_512_OID "1.2.643.7.1.1.1.2" +#define PK_PKIX1_RSA_OID "1.2.840.113549.1.1.1" +#define PK_PKIX1_RSA_PSS_OID "1.2.840.113549.1.1.10" +#define PK_X509_RSA_OID "2.5.8.1.1" +#define PK_DSA_OID "1.2.840.10040.4.1" +#define PK_GOST_R3410_94_OID "1.2.643.2.2.20" +#define PK_GOST_R3410_2001_OID "1.2.643.2.2.19" +#define PK_GOST_R3410_2012_256_OID "1.2.643.7.1.1.1.1" +#define PK_GOST_R3410_2012_512_OID "1.2.643.7.1.1.1.2" /* signature OIDs */ -# define SIG_DSA_SHA1_OID "1.2.840.10040.4.3" +#define SIG_DSA_SHA1_OID "1.2.840.10040.4.3" /* those two from draft-ietf-pkix-sha2-dsa-ecdsa-06 */ -# define SIG_DSA_SHA224_OID "2.16.840.1.101.3.4.3.1" -# define SIG_DSA_SHA256_OID "2.16.840.1.101.3.4.3.2" -# define SIG_DSA_SHA384_OID "2.16.840.1.101.3.4.3.3" -# define SIG_DSA_SHA512_OID "2.16.840.1.101.3.4.3.4" - -# define SIG_RSA_MD5_OID "1.2.840.113549.1.1.4" -# define SIG_RSA_MD2_OID "1.2.840.113549.1.1.2" -# define SIG_RSA_SHA1_OID "1.2.840.113549.1.1.5" -# define SIG_RSA_SHA224_OID "1.2.840.113549.1.1.14" -# define SIG_RSA_SHA256_OID "1.2.840.113549.1.1.11" -# define SIG_RSA_SHA384_OID "1.2.840.113549.1.1.12" -# define SIG_RSA_SHA512_OID "1.2.840.113549.1.1.13" -# define SIG_RSA_RMD160_OID "1.3.36.3.3.1.2" -# define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" -# define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" -# define SIG_GOST_R3410_2012_256_OID "1.2.643.7.1.1.3.2" -# define SIG_GOST_R3410_2012_512_OID "1.2.643.7.1.1.3.3" -# define ISO_SIG_RSA_SHA1_OID "1.3.14.3.2.29" - -# define SIG_DSA_SHA3_224_OID "2.16.840.1.101.3.4.3.5" -# define SIG_DSA_SHA3_256_OID "2.16.840.1.101.3.4.3.6" -# define SIG_DSA_SHA3_384_OID "2.16.840.1.101.3.4.3.7" -# define SIG_DSA_SHA3_512_OID "2.16.840.1.101.3.4.3.8" - -# define SIG_ECDSA_SHA3_224_OID "2.16.840.1.101.3.4.3.9" -# define SIG_ECDSA_SHA3_256_OID "2.16.840.1.101.3.4.3.10" -# define SIG_ECDSA_SHA3_384_OID "2.16.840.1.101.3.4.3.11" -# define SIG_ECDSA_SHA3_512_OID "2.16.840.1.101.3.4.3.12" - -# define SIG_RSA_SHA3_224_OID "2.16.840.1.101.3.4.3.13" -# define SIG_RSA_SHA3_256_OID "2.16.840.1.101.3.4.3.14" -# define SIG_RSA_SHA3_384_OID "2.16.840.1.101.3.4.3.15" -# define SIG_RSA_SHA3_512_OID "2.16.840.1.101.3.4.3.16" - -# define ECDH_X25519_OID "1.3.101.110" -# define ECDH_X448_OID "1.3.101.111" - -# define SIG_EDDSA_SHA512_OID "1.3.101.112" -# define SIG_ED448_OID "1.3.101.113" - -# define XMPP_OID "1.3.6.1.5.5.7.8.5" -# define KRB5_PRINCIPAL_OID "1.3.6.1.5.2.2" -# define MSUSER_PRINCIPAL_NAME_OID "1.3.6.1.4.1.311.20.2.3" -# define PKIX1_RSA_PSS_MGF1_OID "1.2.840.113549.1.1.8" - -# define GOST28147_89_OID "1.2.643.2.2.21" -# define GOST28147_89_TC26Z_OID "1.2.643.7.1.2.5.1.1" -# define GOST28147_89_CPA_OID "1.2.643.2.2.31.1" -# define GOST28147_89_CPB_OID "1.2.643.2.2.31.2" -# define GOST28147_89_CPC_OID "1.2.643.2.2.31.3" -# define GOST28147_89_CPD_OID "1.2.643.2.2.31.4" - -# define ASN1_NULL "\x05\x00" -# define ASN1_NULL_SIZE 2 +#define SIG_DSA_SHA224_OID "2.16.840.1.101.3.4.3.1" +#define SIG_DSA_SHA256_OID "2.16.840.1.101.3.4.3.2" +#define SIG_DSA_SHA384_OID "2.16.840.1.101.3.4.3.3" +#define SIG_DSA_SHA512_OID "2.16.840.1.101.3.4.3.4" + +#define SIG_RSA_MD5_OID "1.2.840.113549.1.1.4" +#define SIG_RSA_MD2_OID "1.2.840.113549.1.1.2" +#define SIG_RSA_SHA1_OID "1.2.840.113549.1.1.5" +#define SIG_RSA_SHA224_OID "1.2.840.113549.1.1.14" +#define SIG_RSA_SHA256_OID "1.2.840.113549.1.1.11" +#define SIG_RSA_SHA384_OID "1.2.840.113549.1.1.12" +#define SIG_RSA_SHA512_OID "1.2.840.113549.1.1.13" +#define SIG_RSA_RMD160_OID "1.3.36.3.3.1.2" +#define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" +#define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" +#define SIG_GOST_R3410_2012_256_OID "1.2.643.7.1.1.3.2" +#define SIG_GOST_R3410_2012_512_OID "1.2.643.7.1.1.3.3" +#define ISO_SIG_RSA_SHA1_OID "1.3.14.3.2.29" + +#define SIG_DSA_SHA3_224_OID "2.16.840.1.101.3.4.3.5" +#define SIG_DSA_SHA3_256_OID "2.16.840.1.101.3.4.3.6" +#define SIG_DSA_SHA3_384_OID "2.16.840.1.101.3.4.3.7" +#define SIG_DSA_SHA3_512_OID "2.16.840.1.101.3.4.3.8" + +#define SIG_ECDSA_SHA3_224_OID "2.16.840.1.101.3.4.3.9" +#define SIG_ECDSA_SHA3_256_OID "2.16.840.1.101.3.4.3.10" +#define SIG_ECDSA_SHA3_384_OID "2.16.840.1.101.3.4.3.11" +#define SIG_ECDSA_SHA3_512_OID "2.16.840.1.101.3.4.3.12" + +#define SIG_RSA_SHA3_224_OID "2.16.840.1.101.3.4.3.13" +#define SIG_RSA_SHA3_256_OID "2.16.840.1.101.3.4.3.14" +#define SIG_RSA_SHA3_384_OID "2.16.840.1.101.3.4.3.15" +#define SIG_RSA_SHA3_512_OID "2.16.840.1.101.3.4.3.16" + +#define ECDH_X25519_OID "1.3.101.110" +#define ECDH_X448_OID "1.3.101.111" + +#define SIG_EDDSA_SHA512_OID "1.3.101.112" +#define SIG_ED448_OID "1.3.101.113" + +#define XMPP_OID "1.3.6.1.5.5.7.8.5" +#define KRB5_PRINCIPAL_OID "1.3.6.1.5.2.2" +#define MSUSER_PRINCIPAL_NAME_OID "1.3.6.1.4.1.311.20.2.3" +#define PKIX1_RSA_PSS_MGF1_OID "1.2.840.113549.1.1.8" + +#define GOST28147_89_OID "1.2.643.2.2.21" +#define GOST28147_89_TC26Z_OID "1.2.643.7.1.2.5.1.1" +#define GOST28147_89_CPA_OID "1.2.643.2.2.31.1" +#define GOST28147_89_CPB_OID "1.2.643.2.2.31.2" +#define GOST28147_89_CPC_OID "1.2.643.2.2.31.3" +#define GOST28147_89_CPD_OID "1.2.643.2.2.31.4" + +#define ASN1_NULL "\x05\x00" +#define ASN1_NULL_SIZE 2 struct oid_to_string { const char *oid; unsigned oid_size; const char *name_desc; unsigned name_desc_size; - const char *asn_desc; /* description in the pkix file if complex type */ - unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID + const char *asn_desc; /* description in the pkix file if complex type */ + unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID * if cannot be simply parsed */ }; -const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string - *ots, const char *oid); +const struct oid_to_string * +_gnutls_oid_get_entry(const struct oid_to_string *ots, const char *oid); const char *_gnutls_oid_get_asn_desc(const char *oid); @@ -137,16 +137,15 @@ int _gnutls_x509_set_time(asn1_node c2, const char *where, time_t tim, int force_general); int _gnutls_x509_set_raw_time(asn1_node c2, const char *where, time_t tim); -int _gnutls_x509_decode_string(unsigned int etype, - const uint8_t * der, size_t der_size, - gnutls_datum_t * output, unsigned allow_ber); +int _gnutls_x509_decode_string(unsigned int etype, const uint8_t *der, + size_t der_size, gnutls_datum_t *output, + unsigned allow_ber); -int _gnutls_x509_encode_string(unsigned int etype, - const void *input_data, size_t input_size, - gnutls_datum_t * output); +int _gnutls_x509_encode_string(unsigned int etype, const void *input_data, + size_t input_size, gnutls_datum_t *output); -int _gnutls_x509_dn_to_string(const char *OID, void *value, - int value_size, gnutls_datum_t * out); +int _gnutls_x509_dn_to_string(const char *OID, void *value, int value_size, + gnutls_datum_t *out); const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len); time_t _gnutls_x509_get_time(asn1_node c2, const char *when, int general); @@ -157,10 +156,10 @@ int _gnutls_x509_der_encode_and_copy(asn1_node src, const char *src_name, asn1_node dest, const char *dest_name, int str); int _gnutls_x509_der_encode(asn1_node src, const char *src_name, - gnutls_datum_t * res, int str); + gnutls_datum_t *res, int str); -# define _gnutls_x509_export_int(asn1, format, header, out, out_size) \ - _gnutls_x509_export_int_named(asn1, "", format, header, out, out_size) +#define _gnutls_x509_export_int(asn1, format, header, out, out_size) \ + _gnutls_x509_export_int_named(asn1, "", format, header, out, out_size) int _gnutls_x509_export_int_named(asn1_node asn1_data, const char *name, gnutls_x509_crt_fmt_t format, @@ -168,89 +167,79 @@ int _gnutls_x509_export_int_named(asn1_node asn1_data, const char *name, unsigned char *output_data, size_t *output_data_size); -# define _gnutls_x509_export_int2(asn1, format, header, out) \ - _gnutls_x509_export_int_named2(asn1, "", format, header, out) +#define _gnutls_x509_export_int2(asn1, format, header, out) \ + _gnutls_x509_export_int_named2(asn1, "", format, header, out) int _gnutls_x509_export_int_named2(asn1_node asn1_data, const char *name, gnutls_x509_crt_fmt_t format, - const char *pem_header, - gnutls_datum_t * out); + const char *pem_header, gnutls_datum_t *out); -int _gnutls_x509_read_value(asn1_node c, const char *root, - gnutls_datum_t * ret); +int _gnutls_x509_read_value(asn1_node c, const char *root, gnutls_datum_t *ret); int _gnutls_x509_read_null_value(asn1_node c, const char *root, - gnutls_datum_t * ret); -int _gnutls_x509_read_string(asn1_node c, const char *root, - gnutls_datum_t * ret, unsigned int etype, - unsigned allow_ber); + gnutls_datum_t *ret); +int _gnutls_x509_read_string(asn1_node c, const char *root, gnutls_datum_t *ret, + unsigned int etype, unsigned allow_ber); int _gnutls_x509_write_value(asn1_node c, const char *root, - const gnutls_datum_t * data); + const gnutls_datum_t *data); int _gnutls_x509_write_string(asn1_node c, const char *root, - const gnutls_datum_t * data, unsigned int etype); + const gnutls_datum_t *data, unsigned int etype); int _gnutls_x509_encode_and_write_attribute(const char *given_oid, asn1_node asn1_struct, - const char *where, - const void *data, + const char *where, const void *data, int sizeof_data, int multi); int _gnutls_x509_decode_and_read_attribute(asn1_node asn1_struct, const char *where, char *oid, - int oid_size, - gnutls_datum_t * value, + int oid_size, gnutls_datum_t *value, int multi, int octet); int _gnutls_x509_get_pk_algorithm(asn1_node src, const char *src_name, - gnutls_ecc_curve_t * curve, + gnutls_ecc_curve_t *curve, unsigned int *bits); int _gnutls_x509_get_signature_algorithm(asn1_node src, const char *src_name); -int _gnutls_x509_encode_and_copy_PKI_params(asn1_node dst, - const char *dst_name, - const gnutls_pk_params_st * params); -int _gnutls_x509_encode_PKI_params(gnutls_datum_t * der, - const gnutls_pk_params_st * params); -int _gnutls_asn1_copy_node(asn1_node * dst, const char *dst_name, - asn1_node src, const char *src_name); +int _gnutls_x509_encode_and_copy_PKI_params(asn1_node dst, const char *dst_name, + const gnutls_pk_params_st *params); +int _gnutls_x509_encode_PKI_params(gnutls_datum_t *der, + const gnutls_pk_params_st *params); +int _gnutls_asn1_copy_node(asn1_node *dst, const char *dst_name, asn1_node src, + const char *src_name); -int _gnutls_x509_get_signed_data(asn1_node src, const gnutls_datum_t * der, +int _gnutls_x509_get_signed_data(asn1_node src, const gnutls_datum_t *der, const char *src_name, - gnutls_datum_t * signed_data); + gnutls_datum_t *signed_data); int _gnutls_x509_get_signature(asn1_node src, const char *src_name, - gnutls_datum_t * signature); + gnutls_datum_t *signature); int _gnutls_get_asn_mpis(asn1_node asn, const char *root, - gnutls_pk_params_st * params); + gnutls_pk_params_st *params); -int _gnutls_get_key_id(gnutls_pk_params_st *, - unsigned char *output_data, +int _gnutls_get_key_id(gnutls_pk_params_st *, unsigned char *output_data, size_t *output_data_size, unsigned flags); void _asnstr_append_name(char *name, size_t name_size, const char *part1, const char *part2); /* Given a @c2 which it returns an allocated DER encoding of @whom in @out */ -inline static int -_gnutls_x509_get_raw_field(asn1_node c2, const char *whom, gnutls_datum_t * out) +inline static int _gnutls_x509_get_raw_field(asn1_node c2, const char *whom, + gnutls_datum_t *out) { return _gnutls_x509_der_encode(c2, whom, out, 0); } -int -_gnutls_x509_get_raw_field2(asn1_node c2, const gnutls_datum_t * raw, - const char *whom, gnutls_datum_t * dn); +int _gnutls_x509_get_raw_field2(asn1_node c2, const gnutls_datum_t *raw, + const char *whom, gnutls_datum_t *dn); -unsigned -_gnutls_check_if_same_key(gnutls_x509_crt_t cert1, - gnutls_x509_crt_t cert2, unsigned is_ca); +unsigned _gnutls_check_if_same_key(gnutls_x509_crt_t cert1, + gnutls_x509_crt_t cert2, unsigned is_ca); -unsigned -_gnutls_check_if_same_key2(gnutls_x509_crt_t cert1, gnutls_datum_t * cert2bin); +unsigned _gnutls_check_if_same_key2(gnutls_x509_crt_t cert1, + gnutls_datum_t *cert2bin); -unsigned -_gnutls_check_valid_key_id(const gnutls_datum_t * key_id, - gnutls_x509_crt_t cert, time_t now, - unsigned *has_ski); +unsigned _gnutls_check_valid_key_id(const gnutls_datum_t *key_id, + gnutls_x509_crt_t cert, time_t now, + unsigned *has_ski); unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, unsigned no_any); @@ -260,48 +249,47 @@ time_t _gnutls_utcTime2gtime(const char *ttime); int _gnutls_get_extension(asn1_node asn, const char *root, const char *extension_id, int indx, - gnutls_datum_t * ret, unsigned int *_critical); + gnutls_datum_t *ret, unsigned int *_critical); -int _gnutls_set_extension(asn1_node asn, const char *root, - const char *ext_id, - const gnutls_datum_t * ext_data, +int _gnutls_set_extension(asn1_node asn, const char *root, const char *ext_id, + const gnutls_datum_t *ext_data, unsigned int critical); -int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf, size_t *sizeof_buf); +int _gnutls_strdatum_to_buf(gnutls_datum_t *d, void *buf, size_t *sizeof_buf); unsigned _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2); -int _gnutls_copy_string(const gnutls_datum_t * str, uint8_t * out, +int _gnutls_copy_string(const gnutls_datum_t *str, uint8_t *out, size_t *out_size); -int _gnutls_copy_data(const gnutls_datum_t * str, uint8_t * out, +int _gnutls_copy_data(const gnutls_datum_t *str, uint8_t *out, size_t *out_size); -int _gnutls_x509_decode_ext(const gnutls_datum_t * der, - gnutls_x509_ext_st * out); -int _gnutls_x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, - gnutls_datum_t * rpubkey); +int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out); +int _gnutls_x509_raw_crt_to_raw_pubkey(const gnutls_datum_t *cert, + gnutls_datum_t *rpubkey); int _gnutls_x509_get_version(asn1_node root, const char *name); -int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, gnutls_datum_t * rpubkey); +int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, gnutls_datum_t *rpubkey); typedef void (*gnutls_cert_vfunc)(gnutls_x509_crt_t); -unsigned int _gnutls_sort_clist(gnutls_x509_crt_t * clist, +unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist, unsigned int clist_size); -int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr); +int _gnutls_check_if_sorted(gnutls_x509_crt_t *crt, int nr); -inline static int _asn1_strict_der_decode(asn1_node * element, const void *ider, +inline static int _asn1_strict_der_decode(asn1_node *element, const void *ider, int len, char *errorDescription) { -# if defined(STRICT_DER_TIME) || !defined(ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME) -# define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_STRICT_DER -# else -# define _ASN1_DER_FLAGS (ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME|ASN1_DECODE_FLAG_STRICT_DER) -# endif +#if defined(STRICT_DER_TIME) || !defined(ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME) +#define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_STRICT_DER +#else +#define _ASN1_DER_FLAGS \ + (ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME | ASN1_DECODE_FLAG_STRICT_DER) +#endif return asn1_der_decoding2(element, ider, &len, _ASN1_DER_FLAGS, errorDescription); } -#endif /* GNUTLS_LIB_X509_COMMON_H */ +#endif /* GNUTLS_LIB_X509_COMMON_H */ diff --git a/lib/x509/crl.c b/lib/x509/crl.c index 42367dba9c..e7db906824 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -65,7 +65,7 @@ static int crl_reinit(gnutls_x509_crl_t crl) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_x509_crl_init(gnutls_x509_crl_t * crl) +int gnutls_x509_crl_init(gnutls_x509_crl_t *crl) { *crl = NULL; FAIL_IF_LIB_ERROR; @@ -79,7 +79,7 @@ int gnutls_x509_crl_init(gnutls_x509_crl_t * crl) gnutls_free(*crl); return result; } - return 0; /* success */ + return 0; /* success */ } return GNUTLS_E_MEMORY_ERROR; } @@ -116,10 +116,8 @@ void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crl_import(gnutls_x509_crl_t crl, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +int gnutls_x509_crl_import(gnutls_x509_crl_t crl, const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format) { int result = 0; @@ -133,9 +131,8 @@ gnutls_x509_crl_import(gnutls_x509_crl_t crl, /* If the CRL is in PEM format then decode it */ if (format == GNUTLS_X509_FMT_PEM) { - result = - _gnutls_fbase64_decode(PEM_CRL, data->data, data->size, - &crl->der); + result = _gnutls_fbase64_decode(PEM_CRL, data->data, data->size, + &crl->der); if (result < 0) { gnutls_assert(); @@ -158,9 +155,8 @@ gnutls_x509_crl_import(gnutls_x509_crl_t crl, } crl->expanded = 1; - result = - _asn1_strict_der_decode(&crl->crl, crl->der.data, crl->der.size, - NULL); + result = _asn1_strict_der_decode(&crl->crl, crl->der.data, + crl->der.size, NULL); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); @@ -177,7 +173,7 @@ gnutls_x509_crl_import(gnutls_x509_crl_t crl, return 0; - cleanup: +cleanup: _gnutls_free_datum(&crl->der); return result; } @@ -203,17 +199,15 @@ gnutls_x509_crl_import(gnutls_x509_crl_t crl, * with the required size, and 0 on success. * **/ -int -gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl_t crl, char *buf, - size_t *sizeof_buf) +int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl_t crl, char *buf, + size_t *sizeof_buf) { if (crl == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn(crl->crl, - "tbsCertList.issuer.rdnSequence", + return _gnutls_x509_parse_dn(crl->crl, "tbsCertList.issuer.rdnSequence", buf, sizeof_buf, GNUTLS_X509_DN_FLAG_COMPAT); } @@ -244,11 +238,9 @@ gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl_t crl, char *buf, * not long enough, and in that case the sizeof_buf will be updated * with the required size, and 0 on success. **/ -int -gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, - const char *oid, unsigned indx, - unsigned int raw_flag, void *buf, - size_t *sizeof_buf) +int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, const char *oid, + unsigned indx, unsigned int raw_flag, + void *buf, size_t *sizeof_buf) { gnutls_datum_t td; int ret; @@ -259,8 +251,8 @@ gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, } ret = _gnutls_x509_parse_dn_oid(crl->crl, - "tbsCertList.issuer.rdnSequence", - oid, indx, raw_flag, &td); + "tbsCertList.issuer.rdnSequence", oid, + indx, raw_flag, &td); if (ret < 0) return gnutls_assert_val(ret); @@ -283,9 +275,8 @@ gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, * not long enough, and in that case the sizeof_oid will be updated * with the required size. On success 0 is returned. **/ -int -gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, - unsigned indx, void *oid, size_t *sizeof_oid) +int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, unsigned indx, void *oid, + size_t *sizeof_oid) { if (crl == NULL) { gnutls_assert(); @@ -293,8 +284,8 @@ gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, } return _gnutls_x509_get_dn_oid(crl->crl, - "tbsCertList.issuer.rdnSequence", - indx, oid, sizeof_oid); + "tbsCertList.issuer.rdnSequence", indx, + oid, sizeof_oid); } /** @@ -315,15 +306,14 @@ gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, * * Since: 3.1.10 **/ -int gnutls_x509_crl_get_issuer_dn2(gnutls_x509_crl_t crl, gnutls_datum_t * dn) +int gnutls_x509_crl_get_issuer_dn2(gnutls_x509_crl_t crl, gnutls_datum_t *dn) { if (crl == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn(crl->crl, - "tbsCertList.issuer.rdnSequence", + return _gnutls_x509_get_dn(crl->crl, "tbsCertList.issuer.rdnSequence", dn, GNUTLS_X509_DN_FLAG_COMPAT); } @@ -347,17 +337,16 @@ int gnutls_x509_crl_get_issuer_dn2(gnutls_x509_crl_t crl, gnutls_datum_t * dn) * * Since: 3.5.7 **/ -int -gnutls_x509_crl_get_issuer_dn3(gnutls_x509_crl_t crl, gnutls_datum_t * dn, - unsigned flags) +int gnutls_x509_crl_get_issuer_dn3(gnutls_x509_crl_t crl, gnutls_datum_t *dn, + unsigned flags) { if (crl == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn(crl->crl, - "tbsCertList.issuer.rdnSequence", dn, flags); + return _gnutls_x509_get_dn(crl->crl, "tbsCertList.issuer.rdnSequence", + dn, flags); } /** @@ -375,8 +364,8 @@ gnutls_x509_crl_get_issuer_dn3(gnutls_x509_crl_t crl, gnutls_datum_t * dn, **/ int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl) { - return map_errs_to_zero(_gnutls_x509_get_signature_algorithm(crl->crl, - "signatureAlgorithm")); + return map_errs_to_zero(_gnutls_x509_get_signature_algorithm( + crl->crl, "signatureAlgorithm")); } /** @@ -402,9 +391,8 @@ int gnutls_x509_crl_get_signature_oid(gnutls_x509_crl_t crl, char *oid, gnutls_datum_t out; len = sizeof(str); - result = - asn1_read_value(crl->crl, "signatureAlgorithm.algorithm", str, - &len); + result = asn1_read_value(crl->crl, "signatureAlgorithm.algorithm", str, + &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -433,9 +421,8 @@ int gnutls_x509_crl_get_signature_oid(gnutls_x509_crl_t crl, char *oid, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl, - char *sig, size_t *sizeof_sig) +int gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl, char *sig, + size_t *sizeof_sig) { int result; unsigned int bits; @@ -506,7 +493,7 @@ time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl) { if (crl == NULL) { gnutls_assert(); - return (time_t) - 1; + return (time_t)-1; } return _gnutls_x509_get_time(crl->crl, "tbsCertList.thisUpdate", 0); @@ -526,7 +513,7 @@ time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl) { if (crl == NULL) { gnutls_assert(); - return (time_t) - 1; + return (time_t)-1; } return _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate", 0); @@ -543,7 +530,6 @@ time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl) **/ int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl) { - int count, result; if (crl == NULL) { @@ -551,13 +537,12 @@ int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl) return GNUTLS_E_INVALID_REQUEST; } - result = - asn1_number_of_elements(crl->crl, - "tbsCertList.revokedCertificates", &count); + result = asn1_number_of_elements( + crl->crl, "tbsCertList.revokedCertificates", &count); if (result != ASN1_SUCCESS) { gnutls_assert(); - return 0; /* no certificates */ + return 0; /* no certificates */ } return count; @@ -580,12 +565,10 @@ int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, unsigned indx, - unsigned char *serial, - size_t *serial_size, time_t * t) +int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, unsigned indx, + unsigned char *serial, size_t *serial_size, + time_t *t) { - int result, _serial_size; char serial_name[MAX_NAME_SIZE]; char date_name[MAX_NAME_SIZE]; @@ -655,13 +638,11 @@ void gnutls_x509_crl_iter_deinit(gnutls_x509_crl_iter_t iter) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl, - gnutls_x509_crl_iter_t * iter, - unsigned char *serial, - size_t *serial_size, time_t * t) +int gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl, + gnutls_x509_crl_iter_t *iter, + unsigned char *serial, size_t *serial_size, + time_t *t) { - int result, _serial_size; char serial_name[MAX_NAME_SIZE]; char date_name[MAX_NAME_SIZE]; @@ -678,13 +659,12 @@ gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl, } if ((*iter)->rcache == NULL) { - (*iter)->rcache = - asn1_find_node(crl->crl, - "tbsCertList.revokedCertificates.?1"); + (*iter)->rcache = asn1_find_node( + crl->crl, "tbsCertList.revokedCertificates.?1"); (*iter)->rcache_idx = 1; } else { - snprintf(serial_name, sizeof(serial_name), - "?%u", (*iter)->rcache_idx); + snprintf(serial_name, sizeof(serial_name), "?%u", + (*iter)->rcache_idx); (*iter)->rcache = asn1_find_node((*iter)->rcache, serial_name); } if ((*iter)->rcache == NULL) { @@ -693,13 +673,12 @@ gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl, return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); } - snprintf(serial_name, sizeof(serial_name), - "?%u.userCertificate", (*iter)->rcache_idx); + snprintf(serial_name, sizeof(serial_name), "?%u.userCertificate", + (*iter)->rcache_idx); _serial_size = *serial_size; - result = - asn1_read_value((*iter)->rcache, serial_name, serial, - &_serial_size); + result = asn1_read_value((*iter)->rcache, serial_name, serial, + &_serial_size); *serial_size = _serial_size; if (result != ASN1_SUCCESS) { @@ -713,8 +692,8 @@ gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl, } if (t) { - snprintf(date_name, sizeof(date_name), - "?%u.revocationDate", (*iter)->rcache_idx); + snprintf(date_name, sizeof(date_name), "?%u.revocationDate", + (*iter)->rcache_idx); *t = _gnutls_x509_get_time((*iter)->rcache, date_name, 0); } @@ -735,16 +714,14 @@ gnutls_x509_crl_iter_crt_serial(gnutls_x509_crl_t crl, * * Since: 2.12.0 **/ -int -gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, gnutls_datum_t * dn) +int gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, gnutls_datum_t *dn) { if (crl->raw_issuer_dn.size != 0) { return _gnutls_set_datum(dn, crl->raw_issuer_dn.data, crl->raw_issuer_dn.size); } else { - return _gnutls_x509_get_raw_field(crl->crl, - "tbsCertList.issuer.rdnSequence", - dn); + return _gnutls_x509_get_raw_field( + crl->crl, "tbsCertList.issuer.rdnSequence", dn); } } @@ -767,18 +744,16 @@ gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, gnutls_datum_t * dn) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crl_export(gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t *output_data_size) +int gnutls_x509_crl_export(gnutls_x509_crl_t crl, gnutls_x509_crt_fmt_t format, + void *output_data, size_t *output_data_size) { if (crl == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_export_int(crl->crl, format, PEM_CRL, - output_data, output_data_size); + return _gnutls_x509_export_int(crl->crl, format, PEM_CRL, output_data, + output_data_size); } /** @@ -799,9 +774,8 @@ gnutls_x509_crl_export(gnutls_x509_crl_t crl, * * Since 3.1.3 **/ -int -gnutls_x509_crl_export2(gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) +int gnutls_x509_crl_export2(gnutls_x509_crl_t crl, gnutls_x509_crt_fmt_t format, + gnutls_datum_t *out) { if (crl == NULL) { gnutls_assert(); @@ -840,12 +814,10 @@ int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src) } return 0; - } -static int -_get_authority_key_id(gnutls_x509_crl_t cert, asn1_node * c2, - unsigned int *critical) +static int _get_authority_key_id(gnutls_x509_crl_t cert, asn1_node *c2, + unsigned int *critical) { int ret; gnutls_datum_t id; @@ -857,9 +829,8 @@ _get_authority_key_id(gnutls_x509_crl_t cert, asn1_node * c2, return GNUTLS_E_INVALID_REQUEST; } - if ((ret = - _gnutls_x509_crl_get_extension(cert, "2.5.29.35", 0, &id, - critical)) < 0) { + if ((ret = _gnutls_x509_crl_get_extension(cert, "2.5.29.35", 0, &id, + critical)) < 0) { return gnutls_assert_val(ret); } @@ -868,8 +839,8 @@ _get_authority_key_id(gnutls_x509_crl_t cert, asn1_node * c2, return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - ret = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", c2); + ret = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.AuthorityKeyIdentifier", c2); if (ret != ASN1_SUCCESS) { gnutls_assert(); _gnutls_free_datum(&id); @@ -911,15 +882,10 @@ _get_authority_key_id(gnutls_x509_crl_t cert, asn1_node * c2, * * Since: 3.0 **/ -int -gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t crl, - unsigned int seq, - void *alt, - size_t *alt_size, - unsigned int *alt_type, - void *serial, - size_t *serial_size, - unsigned int *critical) +int gnutls_x509_crl_get_authority_key_gn_serial( + gnutls_x509_crl_t crl, unsigned int seq, void *alt, size_t *alt_size, + unsigned int *alt_type, void *serial, size_t *serial_size, + unsigned int *critical) { int ret, result, len; asn1_node c2; @@ -928,9 +894,8 @@ gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t crl, if (ret < 0) return gnutls_assert_val(ret); - ret = - _gnutls_parse_general_name(c2, "authorityCertIssuer", seq, alt, - alt_size, alt_type, 0); + ret = _gnutls_parse_general_name(c2, "authorityCertIssuer", seq, alt, + alt_size, alt_type, 0); if (ret < 0) { ret = gnutls_assert_val(ret); goto fail; @@ -938,9 +903,8 @@ gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t crl, if (serial) { len = *serial_size; - result = - asn1_read_value(c2, "authorityCertSerialNumber", - serial, &len); + result = asn1_read_value(c2, "authorityCertSerialNumber", + serial, &len); *serial_size = len; @@ -948,12 +912,11 @@ gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t crl, ret = _gnutls_asn2err(result); goto fail; } - } ret = 0; - fail: +fail: asn1_delete_structure(&c2); return ret; @@ -980,9 +943,9 @@ gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t crl, * * Since: 2.8.0 **/ -int -gnutls_x509_crl_get_authority_key_id(gnutls_x509_crl_t crl, void *id, - size_t *id_size, unsigned int *critical) +int gnutls_x509_crl_get_authority_key_id(gnutls_x509_crl_t crl, void *id, + size_t *id_size, + unsigned int *critical) { int result, len, ret; asn1_node c2; @@ -1024,9 +987,8 @@ gnutls_x509_crl_get_authority_key_id(gnutls_x509_crl_t crl, void *id, * * Since: 2.8.0 **/ -int -gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret, - size_t *ret_size, unsigned int *critical) +int gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret, + size_t *ret_size, unsigned int *critical) { int result; gnutls_datum_t id; @@ -1041,9 +1003,8 @@ gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret, else *ret_size = 0; - if ((result = - _gnutls_x509_crl_get_extension(crl, "2.5.29.20", 0, &id, - critical)) < 0) { + if ((result = _gnutls_x509_crl_get_extension(crl, "2.5.29.20", 0, &id, + critical)) < 0) { return result; } @@ -1052,8 +1013,8 @@ gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret, return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = - _gnutls_x509_ext_extract_number(ret, ret_size, id.data, id.size); + result = _gnutls_x509_ext_extract_number(ret, ret_size, id.data, + id.size); _gnutls_free_datum(&id); @@ -1083,9 +1044,8 @@ gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret, * * Since: 2.8.0 **/ -int -gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, unsigned indx, - void *oid, size_t *sizeof_oid) +int gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, unsigned indx, + void *oid, size_t *sizeof_oid) { int result; @@ -1100,7 +1060,6 @@ gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, unsigned indx, } return 0; - } /** @@ -1128,10 +1087,9 @@ gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, unsigned indx, * * Since: 2.8.0 **/ -int -gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, unsigned indx, - void *oid, size_t *sizeof_oid, - unsigned int *critical) +int gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, unsigned indx, + void *oid, size_t *sizeof_oid, + unsigned int *critical) { int result; char str_critical[10]; @@ -1143,8 +1101,8 @@ gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, unsigned indx, return GNUTLS_E_INVALID_REQUEST; } - snprintf(name, sizeof(name), - "tbsCertList.crlExtensions.?%u.extnID", indx + 1); + snprintf(name, sizeof(name), "tbsCertList.crlExtensions.?%u.extnID", + indx + 1); len = *sizeof_oid; result = asn1_read_value(crl->crl, name, oid, &len); @@ -1157,8 +1115,8 @@ gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, unsigned indx, return _gnutls_asn2err(result); } - snprintf(name, sizeof(name), - "tbsCertList.crlExtensions.?%u.critical", indx + 1); + snprintf(name, sizeof(name), "tbsCertList.crlExtensions.?%u.critical", + indx + 1); len = sizeof(str_critical); result = asn1_read_value(crl->crl, name, str_critical, &len); if (result != ASN1_SUCCESS) { @@ -1174,7 +1132,6 @@ gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, unsigned indx, } return 0; - } /** @@ -1200,9 +1157,8 @@ gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, unsigned indx, * * Since: 2.8.0 **/ -int -gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl, unsigned indx, - void *data, size_t *sizeof_data) +int gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl, unsigned indx, + void *data, size_t *sizeof_data) { int result, len; char name[MAX_NAME_SIZE]; @@ -1212,8 +1168,8 @@ gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl, unsigned indx, return GNUTLS_E_INVALID_REQUEST; } - snprintf(name, sizeof(name), - "tbsCertList.crlExtensions.?%u.extnValue", indx + 1); + snprintf(name, sizeof(name), "tbsCertList.crlExtensions.?%u.extnValue", + indx + 1); len = *sizeof_data; result = asn1_read_value(crl->crl, name, data, &len); @@ -1248,11 +1204,10 @@ gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl, unsigned indx, * * Since: 3.0 **/ -int -gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** crls, - unsigned int *size, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags) +int gnutls_x509_crl_list_import2(gnutls_x509_crl_t **crls, unsigned int *size, + const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format, + unsigned int flags) { unsigned int init = 1024; int ret; @@ -1263,10 +1218,9 @@ gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** crls, return GNUTLS_E_MEMORY_ERROR; } - ret = - gnutls_x509_crl_list_import(*crls, &init, data, format, - flags | - GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); + ret = gnutls_x509_crl_list_import( + *crls, &init, data, format, + flags | GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { *crls = _gnutls_reallocarray_fast(*crls, init, sizeof(gnutls_x509_crl_t)); @@ -1275,9 +1229,8 @@ gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** crls, return GNUTLS_E_MEMORY_ERROR; } - ret = - gnutls_x509_crl_list_import(*crls, &init, data, format, - flags); + ret = gnutls_x509_crl_list_import(*crls, &init, data, format, + flags); } if (ret < 0) { @@ -1308,11 +1261,10 @@ gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** crls, * * Since: 3.0 **/ -int -gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls, - unsigned int *crl_max, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags) +int gnutls_x509_crl_list_import(gnutls_x509_crl_t *crls, unsigned int *crl_max, + const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format, + unsigned int flags) { int size; const char *ptr; @@ -1326,7 +1278,7 @@ gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls, return GNUTLS_E_SHORT_MEMORY_BUFFER; } - count = 1; /* import only the first one */ + count = 1; /* import only the first one */ ret = gnutls_x509_crl_init(&crls[0]); if (ret < 0) { @@ -1346,8 +1298,8 @@ gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls, /* move to the certificate */ - ptr = memmem(data->data, data->size, - PEM_CRL_SEP, sizeof(PEM_CRL_SEP) - 1); + ptr = memmem(data->data, data->size, PEM_CRL_SEP, + sizeof(PEM_CRL_SEP) - 1); if (ptr == NULL) { gnutls_assert(); return GNUTLS_E_BASE64_DECODING_ERROR; @@ -1357,9 +1309,8 @@ gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls, do { if (count >= *crl_max) { - if (! - (flags & - GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) { + if (!(flags & + GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) { break; } else if (nocopy == 0) { for (j = 0; j < count; j++) @@ -1377,9 +1328,8 @@ gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls, tmp.data = (void *)ptr; tmp.size = data->size - (ptr - (char *)data->data); - ret = - gnutls_x509_crl_import(crls[count], &tmp, - GNUTLS_X509_FMT_PEM); + ret = gnutls_x509_crl_import(crls[count], &tmp, + GNUTLS_X509_FMT_PEM); if (ret < 0) { gnutls_assert(); count++; @@ -1395,15 +1345,13 @@ gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls, size = data->size - (ptr - (char *)data->data); if (size > 0) { - ptr = - memmem(ptr, size, PEM_CRL_SEP, - sizeof(PEM_CRL_SEP) - 1); + ptr = memmem(ptr, size, PEM_CRL_SEP, + sizeof(PEM_CRL_SEP) - 1); } else ptr = NULL; count++; - } - while (ptr != NULL); + } while (ptr != NULL); *crl_max = count; @@ -1412,7 +1360,7 @@ gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls, else return GNUTLS_E_SHORT_MEMORY_BUFFER; - error: +error: for (j = 0; j < count; j++) gnutls_x509_crl_deinit(crls[j]); return ret; diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index 1f3989a205..3385e70d12 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -96,10 +96,9 @@ int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, unsigned int version) * negative error value. * **/ -int -gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, unsigned int flags) +int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, unsigned int flags) { int result; gnutls_privkey_t privkey; @@ -129,7 +128,7 @@ gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, result = 0; - fail: +fail: gnutls_privkey_deinit(privkey); return result; @@ -149,9 +148,8 @@ gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. */ -int -gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key) +int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key) { return gnutls_x509_crl_sign2(crl, issuer, issuer_key, 0, 0); } @@ -214,10 +212,8 @@ int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, time_t exp_time) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, - const void *serial, size_t serial_size, - time_t revocation_time) +int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, const void *serial, + size_t serial_size, time_t revocation_time) { int ret; @@ -226,36 +222,35 @@ gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, return GNUTLS_E_INVALID_REQUEST; } - ret = - asn1_write_value(crl->crl, "tbsCertList.revokedCertificates", - "NEW", 1); + ret = asn1_write_value(crl->crl, "tbsCertList.revokedCertificates", + "NEW", 1); if (ret != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); } - ret = - asn1_write_value(crl->crl, - "tbsCertList.revokedCertificates.?LAST.userCertificate", - serial, serial_size); + ret = asn1_write_value( + crl->crl, + "tbsCertList.revokedCertificates.?LAST.userCertificate", serial, + serial_size); if (ret != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); } - ret = - _gnutls_x509_set_time(crl->crl, - "tbsCertList.revokedCertificates.?LAST.revocationDate", - revocation_time, 0); + ret = _gnutls_x509_set_time( + crl->crl, + "tbsCertList.revokedCertificates.?LAST.revocationDate", + revocation_time, 0); if (ret < 0) { gnutls_assert(); return ret; } - ret = - asn1_write_value(crl->crl, - "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions", - NULL, 0); + ret = asn1_write_value( + crl->crl, + "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions", + NULL, 0); if (ret != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); @@ -275,9 +270,8 @@ gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, gnutls_x509_crt_t crt, - time_t revocation_time) +int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, gnutls_x509_crt_t crt, + time_t revocation_time) { int ret; uint8_t serial[128]; @@ -295,9 +289,8 @@ gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, gnutls_x509_crt_t crt, return ret; } - ret = - gnutls_x509_crl_set_crt_serial(crl, serial, serial_size, - revocation_time); + ret = gnutls_x509_crl_set_crt_serial(crl, serial, serial_size, + revocation_time); if (ret < 0) { gnutls_assert(); return _gnutls_asn2err(ret); @@ -314,7 +307,7 @@ static void disable_optional_stuff(gnutls_x509_crl_t crl) time_t t; t = _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate", 0); - if (t == (time_t) - 1) { + if (t == (time_t)-1) { (void)asn1_write_value(crl->crl, "tbsCertList.nextUpdate", NULL, 0); } @@ -343,9 +336,8 @@ static void disable_optional_stuff(gnutls_x509_crl_t crl) * * Since: 2.8.0 **/ -int -gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl, - const void *id, size_t id_size) +int gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl, const void *id, + size_t id_size) { int result; gnutls_datum_t old_id, der_data; @@ -358,9 +350,8 @@ gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl, /* Check if the extension already exists. */ - result = - _gnutls_x509_crl_get_extension(crl, "2.5.29.35", 0, &old_id, - &critical); + result = _gnutls_x509_crl_get_extension(crl, "2.5.29.35", 0, &old_id, + &critical); if (result >= 0) { _gnutls_free_datum(&old_id); @@ -406,9 +397,8 @@ gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl, * * Since: 2.8.0 **/ -int -gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, - const void *nr, size_t nr_size) +int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, const void *nr, + size_t nr_size) { int result; gnutls_datum_t old_id, der_data; @@ -421,9 +411,8 @@ gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, /* Check if the extension already exists. */ - result = - _gnutls_x509_crl_get_extension(crl, "2.5.29.20", 0, &old_id, - &critical); + result = _gnutls_x509_crl_get_extension(crl, "2.5.29.20", 0, &old_id, + &critical); if (result >= 0) { _gnutls_free_datum(&old_id); @@ -480,11 +469,11 @@ gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, * * Since 2.12.0 **/ -int -gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, unsigned int flags) +int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer, + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags) { int result; @@ -494,9 +483,8 @@ gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl, } if (dig == 0) { - result = - gnutls_x509_crt_get_preferred_hash_algorithm(issuer, &dig, - NULL); + result = gnutls_x509_crt_get_preferred_hash_algorithm( + issuer, &dig, NULL); if (result < 0) return gnutls_assert_val(result); } @@ -505,8 +493,8 @@ gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl, */ disable_optional_stuff(crl); - result = _gnutls_x509_pkix_sign(crl->crl, "tbsCertList", - dig, 0, issuer, issuer_key); + result = _gnutls_x509_pkix_sign(crl->crl, "tbsCertList", dig, 0, issuer, + issuer_key); if (result < 0) { gnutls_assert(); return result; diff --git a/lib/x509/crq.c b/lib/x509/crq.c index b43214af69..0c5585b979 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -50,7 +50,7 @@ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_x509_crq_init(gnutls_x509_crq_t * crq) +int gnutls_x509_crq_init(gnutls_x509_crq_t *crq) { int result; @@ -110,10 +110,8 @@ void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crq_import(gnutls_x509_crq_t crq, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +int gnutls_x509_crq_import(gnutls_x509_crq_t crq, const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -130,14 +128,12 @@ gnutls_x509_crq_import(gnutls_x509_crq_t crq, */ if (format == GNUTLS_X509_FMT_PEM) { /* Try the first header */ - result = - _gnutls_fbase64_decode(PEM_CRQ, data->data, data->size, - &_data); + result = _gnutls_fbase64_decode(PEM_CRQ, data->data, data->size, + &_data); - if (result < 0) /* Go for the second header */ - result = - _gnutls_fbase64_decode(PEM_CRQ2, data->data, - data->size, &_data); + if (result < 0) /* Go for the second header */ + result = _gnutls_fbase64_decode(PEM_CRQ2, data->data, + data->size, &_data); if (result < 0) { gnutls_assert(); @@ -147,8 +143,8 @@ gnutls_x509_crq_import(gnutls_x509_crq_t crq, need_free = 1; } - result = - _asn1_strict_der_decode(&crq->crq, _data.data, _data.size, NULL); + result = _asn1_strict_der_decode(&crq->crq, _data.data, _data.size, + NULL); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); @@ -157,7 +153,7 @@ gnutls_x509_crq_import(gnutls_x509_crq_t crq, result = 0; - cleanup: +cleanup: if (need_free) _gnutls_free_datum(&_data); return result; @@ -181,8 +177,8 @@ gnutls_x509_crq_import(gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_get_signature_algorithm(gnutls_x509_crq_t crq) { - return map_errs_to_zero(_gnutls_x509_get_signature_algorithm(crq->crq, - "signatureAlgorithm")); + return map_errs_to_zero(_gnutls_x509_get_signature_algorithm( + crq->crq, "signatureAlgorithm")); } /** @@ -198,11 +194,10 @@ int gnutls_x509_crq_get_signature_algorithm(gnutls_x509_crq_t crq) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE * if the extension is not present, otherwise a negative error value. **/ -int -gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t crq, - time_t * activation, - time_t * expiration, - unsigned int *critical) +int gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t crq, + time_t *activation, + time_t *expiration, + unsigned int *critical) { int result, ret; asn1_node c2 = NULL; @@ -214,13 +209,13 @@ gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t crq, return GNUTLS_E_INVALID_REQUEST; } - ret = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.16", 0, - buf, &buf_size, critical); + ret = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.16", 0, buf, + &buf_size, critical); if (ret < 0) return gnutls_assert_val(ret); - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.PrivateKeyUsagePeriod", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.PrivateKeyUsagePeriod", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -242,7 +237,7 @@ gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t crq, ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; @@ -274,9 +269,9 @@ int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, size_t *buf_size) return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn(crq->crq, - "certificationRequestInfo.subject.rdnSequence", - buf, buf_size, GNUTLS_X509_DN_FLAG_COMPAT); + return _gnutls_x509_parse_dn( + crq->crq, "certificationRequestInfo.subject.rdnSequence", buf, + buf_size, GNUTLS_X509_DN_FLAG_COMPAT); } /** @@ -297,16 +292,16 @@ int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, size_t *buf_size) * * Since: 3.1.10 **/ -int gnutls_x509_crq_get_dn2(gnutls_x509_crq_t crq, gnutls_datum_t * dn) +int gnutls_x509_crq_get_dn2(gnutls_x509_crq_t crq, gnutls_datum_t *dn) { if (crq == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn(crq->crq, - "certificationRequestInfo.subject.rdnSequence", - dn, GNUTLS_X509_DN_FLAG_COMPAT); + return _gnutls_x509_get_dn( + crq->crq, "certificationRequestInfo.subject.rdnSequence", dn, + GNUTLS_X509_DN_FLAG_COMPAT); } /** @@ -329,7 +324,7 @@ int gnutls_x509_crq_get_dn2(gnutls_x509_crq_t crq, gnutls_datum_t * dn) * * Since: 3.5.7 **/ -int gnutls_x509_crq_get_dn3(gnutls_x509_crq_t crq, gnutls_datum_t * dn, +int gnutls_x509_crq_get_dn3(gnutls_x509_crq_t crq, gnutls_datum_t *dn, unsigned flags) { if (crq == NULL) { @@ -337,9 +332,9 @@ int gnutls_x509_crq_get_dn3(gnutls_x509_crq_t crq, gnutls_datum_t * dn, return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn(crq->crq, - "certificationRequestInfo.subject.rdnSequence", - dn, flags); + return _gnutls_x509_get_dn( + crq->crq, "certificationRequestInfo.subject.rdnSequence", dn, + flags); } /** @@ -367,10 +362,9 @@ int gnutls_x509_crq_get_dn3(gnutls_x509_crq_t crq, gnutls_datum_t * dn, * not long enough, and in that case the *@buf_size will be * updated with the required size. On success 0 is returned. **/ -int -gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, - unsigned indx, unsigned int raw_flag, - void *buf, size_t *buf_size) +int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, + unsigned indx, unsigned int raw_flag, + void *buf, size_t *buf_size) { gnutls_datum_t td; int ret; @@ -380,10 +374,9 @@ gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_x509_parse_dn_oid - (crq->crq, - "certificationRequestInfo.subject.rdnSequence", - oid, indx, raw_flag, &td); + ret = _gnutls_x509_parse_dn_oid( + crq->crq, "certificationRequestInfo.subject.rdnSequence", oid, + indx, raw_flag, &td); if (ret < 0) return gnutls_assert_val(ret); @@ -404,18 +397,17 @@ gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, * not long enough, and in that case the *@sizeof_oid will be * updated with the required size. On success 0 is returned. **/ -int -gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, - unsigned indx, void *oid, size_t *sizeof_oid) +int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, unsigned indx, void *oid, + size_t *sizeof_oid) { if (crq == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn_oid(crq->crq, - "certificationRequestInfo.subject.rdnSequence", - indx, oid, sizeof_oid); + return _gnutls_x509_get_dn_oid( + crq->crq, "certificationRequestInfo.subject.rdnSequence", indx, + oid, sizeof_oid); } /** @@ -431,9 +423,8 @@ gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, - char *pass, size_t *pass_size) +int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, char *pass, + size_t *pass_size) { gnutls_datum_t td; int ret; @@ -443,10 +434,9 @@ gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, return GNUTLS_E_INVALID_REQUEST; } - ret = - _x509_parse_attribute(crq->crq, - "certificationRequestInfo.attributes", - "1.2.840.113549.1.9.7", 0, 0, &td); + ret = _x509_parse_attribute(crq->crq, + "certificationRequestInfo.attributes", + "1.2.840.113549.1.9.7", 0, 0, &td); if (ret < 0) return gnutls_assert_val(ret); @@ -470,10 +460,8 @@ gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, - const char *oid, void *buf, - size_t buf_size) +int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, const char *oid, + void *buf, size_t buf_size) { gnutls_datum_t data; @@ -485,9 +473,8 @@ gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, return GNUTLS_E_INVALID_REQUEST; } - return _x509_set_attribute(crq->crq, - "certificationRequestInfo.attributes", oid, - &data); + return _x509_set_attribute( + crq->crq, "certificationRequestInfo.attributes", oid, &data); } /** @@ -509,10 +496,9 @@ gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, - const char *oid, unsigned indx, void *buf, - size_t *buf_size) +int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, const char *oid, + unsigned indx, void *buf, + size_t *buf_size) { int ret; gnutls_datum_t td; @@ -522,10 +508,9 @@ gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, return GNUTLS_E_INVALID_REQUEST; } - ret = - _x509_parse_attribute(crq->crq, - "certificationRequestInfo.attributes", oid, - indx, 1, &td); + ret = _x509_parse_attribute(crq->crq, + "certificationRequestInfo.attributes", oid, + indx, 1, &td); if (ret < 0) return gnutls_assert_val(ret); @@ -553,18 +538,17 @@ gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, - unsigned int raw_flag, const void *data, - unsigned int sizeof_data) +int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, + unsigned int raw_flag, const void *data, + unsigned int sizeof_data) { if (sizeof_data == 0 || data == NULL || crq == NULL) { return GNUTLS_E_INVALID_REQUEST; } return _gnutls_x509_set_dn_oid(crq->crq, - "certificationRequestInfo.subject", - oid, raw_flag, data, sizeof_data); + "certificationRequestInfo.subject", oid, + raw_flag, data, sizeof_data); } /** @@ -591,9 +575,8 @@ int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, unsigned int version) if (null > 0) null--; - result = - asn1_write_value(crq->crq, "certificationRequestInfo.version", - &null, 1); + result = asn1_write_value(crq->crq, "certificationRequestInfo.version", + &null, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -623,12 +606,11 @@ int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq) } len = sizeof(version); - if ((result = - asn1_read_value(crq->crq, "certificationRequestInfo.version", - version, &len)) != ASN1_SUCCESS) { - + if ((result = asn1_read_value(crq->crq, + "certificationRequestInfo.version", + version, &len)) != ASN1_SUCCESS) { if (result == ASN1_ELEMENT_NOT_FOUND) - return 1; /* the DEFAULT version */ + return 1; /* the DEFAULT version */ gnutls_assert(); return _gnutls_asn2err(result); } @@ -656,8 +638,9 @@ int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_encode_and_copy_PKI_params - (crq->crq, "certificationRequestInfo.subjectPKInfo", &key->params); + result = _gnutls_x509_encode_and_copy_PKI_params( + crq->crq, "certificationRequestInfo.subjectPKInfo", + &key->params); if (result < 0) { gnutls_assert(); @@ -682,9 +665,8 @@ int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t crq, - gnutls_datum_t * m, gnutls_datum_t * e) +int gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t crq, gnutls_datum_t *m, + gnutls_datum_t *e) { int ret; gnutls_pk_params_st params; @@ -723,7 +705,7 @@ gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t crq, ret = 0; - cleanup: +cleanup: gnutls_pk_params_release(¶ms); return ret; } @@ -742,10 +724,9 @@ gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t crq, * * Since: 2.6.0 **/ -int -gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq, - const gnutls_datum_t * m, - const gnutls_datum_t * e) +int gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq, + const gnutls_datum_t *m, + const gnutls_datum_t *e) { int result, ret; size_t siz = 0; @@ -777,8 +758,9 @@ gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq, temp_params.params_nr = RSA_PUBLIC_PARAMS; temp_params.algo = GNUTLS_PK_RSA; - result = _gnutls_x509_encode_and_copy_PKI_params - (crq->crq, "certificationRequestInfo.subjectPKInfo", &temp_params); + result = _gnutls_x509_encode_and_copy_PKI_params( + crq->crq, "certificationRequestInfo.subjectPKInfo", + &temp_params); if (result < 0) { gnutls_assert(); @@ -788,7 +770,7 @@ gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq, ret = 0; - error: +error: gnutls_pk_params_release(&temp_params); return ret; } @@ -804,8 +786,8 @@ gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, const char *pass) +int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, + const char *pass) { int result; char *password = NULL; @@ -817,9 +799,8 @@ gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, const char *pass) /* Add the attribute. */ - result = - asn1_write_value(crq->crq, - "certificationRequestInfo.attributes", "NEW", 1); + result = asn1_write_value( + crq->crq, "certificationRequestInfo.attributes", "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -827,9 +808,8 @@ gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, const char *pass) if (pass) { gnutls_datum_t out; - result = - _gnutls_utf8_password_normalize(pass, strlen(pass), &out, - 0); + result = _gnutls_utf8_password_normalize(pass, strlen(pass), + &out, 0); if (result < 0) return gnutls_assert_val(result); @@ -838,10 +818,10 @@ gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, const char *pass) assert(password != NULL); - result = _gnutls_x509_encode_and_write_attribute - ("1.2.840.113549.1.9.7", crq->crq, - "certificationRequestInfo.attributes.?LAST", password, - strlen(password), 1); + result = _gnutls_x509_encode_and_write_attribute( + "1.2.840.113549.1.9.7", crq->crq, + "certificationRequestInfo.attributes.?LAST", password, + strlen(password), 1); if (result < 0) { gnutls_assert(); goto cleanup; @@ -849,7 +829,7 @@ gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, const char *pass) result = 0; - cleanup: +cleanup: gnutls_free(password); return result; } @@ -882,9 +862,8 @@ gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, const char *pass) * gnutls_x509_crq_set_version()). * **/ -int -gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t dig, unsigned int flags) +int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t dig, unsigned int flags) { int result; gnutls_privkey_t privkey; @@ -914,7 +893,7 @@ gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, result = 0; - fail: +fail: gnutls_privkey_deinit(privkey); return result; @@ -963,18 +942,16 @@ int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crq_export(gnutls_x509_crq_t crq, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t *output_data_size) +int gnutls_x509_crq_export(gnutls_x509_crq_t crq, gnutls_x509_crt_fmt_t format, + void *output_data, size_t *output_data_size) { if (crq == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_export_int(crq->crq, format, PEM_CRQ, - output_data, output_data_size); + return _gnutls_x509_export_int(crq->crq, format, PEM_CRQ, output_data, + output_data_size); } /** @@ -996,9 +973,8 @@ gnutls_x509_crq_export(gnutls_x509_crq_t crq, * * Since 3.1.3 **/ -int -gnutls_x509_crq_export2(gnutls_x509_crq_t crq, - gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) +int gnutls_x509_crq_export2(gnutls_x509_crq_t crq, gnutls_x509_crt_fmt_t format, + gnutls_datum_t *out) { if (crq == NULL) { gnutls_assert(); @@ -1032,8 +1008,8 @@ int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, unsigned int *bits) return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_get_pk_algorithm - (crq->crq, "certificationRequestInfo.subjectPKInfo", NULL, bits); + result = _gnutls_x509_get_pk_algorithm( + crq->crq, "certificationRequestInfo.subjectPKInfo", NULL, bits); if (result < 0) { gnutls_assert(); return result; @@ -1053,9 +1029,8 @@ int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, unsigned int *bits) * * Returns: Zero on success, or a negative error code on error. **/ -int -gnutls_x509_crq_get_spki(gnutls_x509_crq_t crq, - gnutls_x509_spki_t spki, unsigned int flags) +int gnutls_x509_crq_get_spki(gnutls_x509_crq_t crq, gnutls_x509_spki_t spki, + unsigned int flags) { int result; gnutls_x509_spki_st params; @@ -1107,9 +1082,8 @@ int gnutls_x509_crq_get_signature_oid(gnutls_x509_crq_t crq, char *oid, gnutls_datum_t out; len = sizeof(str); - result = - asn1_read_value(crq->crq, "signatureAlgorithm.algorithm", str, - &len); + result = asn1_read_value(crq->crq, "signatureAlgorithm.algorithm", str, + &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1150,10 +1124,10 @@ int gnutls_x509_crq_get_pk_oid(gnutls_x509_crq_t crq, char *oid, gnutls_datum_t out; len = sizeof(str); - result = - asn1_read_value(crq->crq, - "certificationRequestInfo.subjectPKInfo.algorithm.algorithm", - str, &len); + result = asn1_read_value( + crq->crq, + "certificationRequestInfo.subjectPKInfo.algorithm.algorithm", + str, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1195,9 +1169,8 @@ int gnutls_x509_crq_get_pk_oid(gnutls_x509_crq_t crq, char *oid, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq, unsigned indx, - void *oid, size_t *sizeof_oid) +int gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq, unsigned indx, + void *oid, size_t *sizeof_oid) { int result; char name[MAX_NAME_SIZE]; @@ -1223,7 +1196,6 @@ gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq, unsigned indx, } return 0; - } /** @@ -1249,9 +1221,8 @@ gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq, unsigned indx, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq, unsigned indx, - void *data, size_t *sizeof_data) +int gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq, unsigned indx, + void *data, size_t *sizeof_data) { int result, len; char name[MAX_NAME_SIZE]; @@ -1303,10 +1274,9 @@ gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq, unsigned indx, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, unsigned indx, - void *oid, size_t *sizeof_oid, - unsigned int *critical) +int gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, unsigned indx, + void *oid, size_t *sizeof_oid, + unsigned int *critical) { int result; char str_critical[10]; @@ -1322,10 +1292,8 @@ gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, unsigned indx, } /* read extensionRequest */ - result = - gnutls_x509_crq_get_attribute_by_oid(crq, - "1.2.840.113549.1.9.14", - 0, NULL, &extensions_size); + result = gnutls_x509_crq_get_attribute_by_oid( + crq, "1.2.840.113549.1.9.14", 0, NULL, &extensions_size); if (result == GNUTLS_E_SHORT_MEMORY_BUFFER) { extensions = gnutls_malloc(extensions_size); if (extensions == NULL) { @@ -1333,19 +1301,17 @@ gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, unsigned indx, return GNUTLS_E_MEMORY_ERROR; } - result = gnutls_x509_crq_get_attribute_by_oid(crq, - "1.2.840.113549.1.9.14", - 0, - extensions, - &extensions_size); + result = gnutls_x509_crq_get_attribute_by_oid( + crq, "1.2.840.113549.1.9.14", 0, extensions, + &extensions_size); } if (result < 0) { gnutls_assert(); goto out; } - result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions", &c2); + result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions", + &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1353,7 +1319,7 @@ gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, unsigned indx, } result = - _asn1_strict_der_decode(&c2, extensions, extensions_size, NULL); + _asn1_strict_der_decode(&c2, extensions, extensions_size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&c2); @@ -1399,7 +1365,7 @@ gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, unsigned indx, result = 0; - out: +out: gnutls_free(extensions); return result; } @@ -1427,9 +1393,8 @@ gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, unsigned indx, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq, unsigned indx, - void *data, size_t *sizeof_data) +int gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq, unsigned indx, + void *data, size_t *sizeof_data) { int ret; gnutls_datum_t raw; @@ -1465,9 +1430,8 @@ gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq, unsigned indx, * * Since: 3.3.0 **/ -int -gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq, - unsigned indx, gnutls_datum_t * data) +int gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq, unsigned indx, + gnutls_datum_t *data) { int ret, result; char name[MAX_NAME_SIZE]; @@ -1481,10 +1445,8 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq, } /* read extensionRequest */ - ret = - gnutls_x509_crq_get_attribute_by_oid(crq, - "1.2.840.113549.1.9.14", - 0, NULL, &extensions_size); + ret = gnutls_x509_crq_get_attribute_by_oid(crq, "1.2.840.113549.1.9.14", + 0, NULL, &extensions_size); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { gnutls_assert(); if (ret == 0) @@ -1498,18 +1460,15 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq, return GNUTLS_E_MEMORY_ERROR; } - ret = - gnutls_x509_crq_get_attribute_by_oid(crq, - "1.2.840.113549.1.9.14", - 0, extensions, - &extensions_size); + ret = gnutls_x509_crq_get_attribute_by_oid( + crq, "1.2.840.113549.1.9.14", 0, extensions, &extensions_size); if (ret < 0) { gnutls_assert(); goto cleanup; } - result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions", &c2); + result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions", + &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -1517,7 +1476,7 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq, } result = - _asn1_strict_der_decode(&c2, extensions, extensions_size, NULL); + _asn1_strict_der_decode(&c2, extensions, extensions_size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -1536,7 +1495,7 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq, } ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); gnutls_free(extensions); return ret; @@ -1563,9 +1522,9 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t crq, - unsigned int *key_usage, unsigned int *critical) +int gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t crq, + unsigned int *key_usage, + unsigned int *critical) { int result; uint8_t buf[128]; @@ -1577,8 +1536,8 @@ gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t crq, return GNUTLS_E_INVALID_REQUEST; } - result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.15", 0, - buf, &buf_size, critical); + result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.15", 0, buf, + &buf_size, critical); if (result < 0) { gnutls_assert(); return result; @@ -1617,10 +1576,9 @@ gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t crq, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq, - unsigned int *critical, - unsigned int *ca, int *pathlen) +int gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq, + unsigned int *critical, + unsigned int *ca, int *pathlen) { int result; unsigned int tmp_ca; @@ -1633,8 +1591,8 @@ gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq, return GNUTLS_E_INVALID_REQUEST; } - result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.19", 0, - buf, &buf_size, critical); + result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.19", 0, buf, + &buf_size, critical); if (result < 0) { gnutls_assert(); return result; @@ -1643,7 +1601,7 @@ gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq, bd.data = buf; bd.size = buf_size; result = - gnutls_x509_ext_import_basic_constraints(&bd, &tmp_ca, pathlen); + gnutls_x509_ext_import_basic_constraints(&bd, &tmp_ca, pathlen); if (ca) *ca = tmp_ca; @@ -1655,11 +1613,10 @@ gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq, return tmp_ca; } -static int -get_subject_alt_name(gnutls_x509_crq_t crq, - unsigned int seq, void *ret, - size_t *ret_size, unsigned int *ret_type, - unsigned int *critical, int othername_oid) +static int get_subject_alt_name(gnutls_x509_crq_t crq, unsigned int seq, + void *ret, size_t *ret_size, + unsigned int *ret_type, unsigned int *critical, + int othername_oid) { int result; asn1_node c2 = NULL; @@ -1679,9 +1636,8 @@ get_subject_alt_name(gnutls_x509_crq_t crq, /* Extract extension. */ - result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17", 0, - NULL, &dns_size, - critical); + result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17", 0, NULL, + &dns_size, critical); if (result < 0) { gnutls_assert(); return result; @@ -1694,17 +1650,16 @@ get_subject_alt_name(gnutls_x509_crq_t crq, return GNUTLS_E_MEMORY_ERROR; } - result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17", 0, - dnsname.data, - &dns_size, critical); + result = gnutls_x509_crq_get_extension_by_oid( + crq, "2.5.29.17", 0, dnsname.data, &dns_size, critical); if (result < 0) { gnutls_assert(); gnutls_free(dnsname.data); return result; } - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SubjectAltName", &c2); + result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.SubjectAltName", + &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); gnutls_free(dnsname.data); @@ -1759,15 +1714,14 @@ get_subject_alt_name(gnutls_x509_crq_t crq, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_subject_alt_name(gnutls_x509_crq_t crq, - unsigned int seq, void *ret, - size_t *ret_size, - unsigned int *ret_type, - unsigned int *critical) +int gnutls_x509_crq_get_subject_alt_name(gnutls_x509_crq_t crq, + unsigned int seq, void *ret, + size_t *ret_size, + unsigned int *ret_type, + unsigned int *critical) { - return get_subject_alt_name(crq, seq, ret, ret_size, ret_type, - critical, 0); + return get_subject_alt_name(crq, seq, ret, ret_size, ret_type, critical, + 0); } /** @@ -1798,10 +1752,9 @@ gnutls_x509_crq_get_subject_alt_name(gnutls_x509_crq_t crq, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_subject_alt_othername_oid(gnutls_x509_crq_t crq, - unsigned int seq, - void *ret, size_t *ret_size) +int gnutls_x509_crq_get_subject_alt_othername_oid(gnutls_x509_crq_t crq, + unsigned int seq, void *ret, + size_t *ret_size) { return get_subject_alt_name(crq, seq, ret, ret_size, NULL, NULL, 1); } @@ -1827,11 +1780,10 @@ gnutls_x509_crq_get_subject_alt_othername_oid(gnutls_x509_crq_t crq, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq, - const char *oid, unsigned indx, - void *buf, size_t *buf_size, - unsigned int *critical) +int gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq, const char *oid, + unsigned indx, void *buf, + size_t *buf_size, + unsigned int *critical) { int result; unsigned int i; @@ -1840,28 +1792,23 @@ gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq, for (i = 0;; i++) { oid_size = sizeof(_oid); - result = - gnutls_x509_crq_get_extension_info(crq, i, _oid, - &oid_size, critical); + result = gnutls_x509_crq_get_extension_info( + crq, i, _oid, &oid_size, critical); if (result < 0) { gnutls_assert(); return result; } - if (strcmp(oid, _oid) == 0) { /* found */ + if (strcmp(oid, _oid) == 0) { /* found */ if (indx == 0) - return - gnutls_x509_crq_get_extension_data(crq, - i, - buf, - buf_size); + return gnutls_x509_crq_get_extension_data( + crq, i, buf, buf_size); else indx--; } } return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } /** @@ -1884,11 +1831,10 @@ gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq, * * Since: 3.3.8 **/ -int -gnutls_x509_crq_get_extension_by_oid2(gnutls_x509_crq_t crq, - const char *oid, unsigned indx, - gnutls_datum_t * output, - unsigned int *critical) +int gnutls_x509_crq_get_extension_by_oid2(gnutls_x509_crq_t crq, + const char *oid, unsigned indx, + gnutls_datum_t *output, + unsigned int *critical) { int result; unsigned int i; @@ -1897,27 +1843,23 @@ gnutls_x509_crq_get_extension_by_oid2(gnutls_x509_crq_t crq, for (i = 0;; i++) { oid_size = sizeof(_oid); - result = - gnutls_x509_crq_get_extension_info(crq, i, _oid, - &oid_size, critical); + result = gnutls_x509_crq_get_extension_info( + crq, i, _oid, &oid_size, critical); if (result < 0) { gnutls_assert(); return result; } - if (strcmp(oid, _oid) == 0) { /* found */ + if (strcmp(oid, _oid) == 0) { /* found */ if (indx == 0) - return - gnutls_x509_crq_get_extension_data2(crq, - i, - output); + return gnutls_x509_crq_get_extension_data2( + crq, i, output); else indx--; } } return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } /** @@ -1950,11 +1892,11 @@ gnutls_x509_crq_get_extension_by_oid2(gnutls_x509_crq_t crq, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq, - gnutls_x509_subject_alt_name_t nt, - const void *data, - unsigned int data_size, unsigned int flags) +int gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq, + gnutls_x509_subject_alt_name_t nt, + const void *data, + unsigned int data_size, + unsigned int flags) { int result = 0; gnutls_datum_t der_data = { NULL, 0 }; @@ -1970,11 +1912,8 @@ gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq, /* Check if the extension already exists. */ if (flags & GNUTLS_FSAN_APPEND) { - result = - gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17", - 0, NULL, - &prev_data_size, - &critical); + result = gnutls_x509_crq_get_extension_by_oid( + crq, "2.5.29.17", 0, NULL, &prev_data_size, &critical); prev_der_data.size = prev_data_size; switch (result) { @@ -1989,14 +1928,9 @@ gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq, return GNUTLS_E_MEMORY_ERROR; } - result = - gnutls_x509_crq_get_extension_by_oid(crq, - "2.5.29.17", - 0, - prev_der_data. - data, - &prev_data_size, - &critical); + result = gnutls_x509_crq_get_extension_by_oid( + crq, "2.5.29.17", 0, prev_der_data.data, + &prev_data_size, &critical); if (result < 0) { gnutls_assert(); gnutls_free(prev_der_data.data); @@ -2012,18 +1946,16 @@ gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq, /* generate the extension. */ - result = - _gnutls_x509_ext_gen_subject_alt_name(nt, NULL, data, data_size, - &prev_der_data, &der_data); + result = _gnutls_x509_ext_gen_subject_alt_name( + nt, NULL, data, data_size, &prev_der_data, &der_data); gnutls_free(prev_der_data.data); if (result < 0) { gnutls_assert(); goto finish; } - result = - _gnutls_x509_crq_set_extension(crq, "2.5.29.17", &der_data, - critical); + result = _gnutls_x509_crq_set_extension(crq, "2.5.29.17", &der_data, + critical); _gnutls_free_datum(&der_data); @@ -2034,7 +1966,7 @@ gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq, return 0; - finish: +finish: return result; } @@ -2057,12 +1989,10 @@ gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq, * * Since: 3.5.0 **/ -int -gnutls_x509_crq_set_subject_alt_othername(gnutls_x509_crq_t crq, - const char *oid, - const void *data, - unsigned int data_size, - unsigned int flags) +int gnutls_x509_crq_set_subject_alt_othername(gnutls_x509_crq_t crq, + const char *oid, const void *data, + unsigned int data_size, + unsigned int flags) { int result = 0; gnutls_datum_t der_data = { NULL, 0 }; @@ -2079,11 +2009,8 @@ gnutls_x509_crq_set_subject_alt_othername(gnutls_x509_crq_t crq, /* Check if the extension already exists. */ if (flags & GNUTLS_FSAN_APPEND) { - result = - gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.17", - 0, NULL, - &prev_data_size, - &critical); + result = gnutls_x509_crq_get_extension_by_oid( + crq, "2.5.29.17", 0, NULL, &prev_data_size, &critical); prev_der_data.size = prev_data_size; switch (result) { @@ -2098,14 +2025,9 @@ gnutls_x509_crq_set_subject_alt_othername(gnutls_x509_crq_t crq, return GNUTLS_E_MEMORY_ERROR; } - result = - gnutls_x509_crq_get_extension_by_oid(crq, - "2.5.29.17", - 0, - prev_der_data. - data, - &prev_data_size, - &critical); + result = gnutls_x509_crq_get_extension_by_oid( + crq, "2.5.29.17", 0, prev_der_data.data, + &prev_data_size, &critical); if (result < 0) { gnutls_assert(); goto finish; @@ -2118,9 +2040,8 @@ gnutls_x509_crq_set_subject_alt_othername(gnutls_x509_crq_t crq, } } - result = - _gnutls_encode_othername_data(flags, data, data_size, - &encoded_data); + result = _gnutls_encode_othername_data(flags, data, data_size, + &encoded_data); if (result < 0) { gnutls_assert(); goto finish; @@ -2128,19 +2049,16 @@ gnutls_x509_crq_set_subject_alt_othername(gnutls_x509_crq_t crq, /* generate the extension. */ - result = - _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, - encoded_data.data, - encoded_data.size, - &prev_der_data, &der_data); + result = _gnutls_x509_ext_gen_subject_alt_name( + GNUTLS_SAN_OTHERNAME, oid, encoded_data.data, encoded_data.size, + &prev_der_data, &der_data); if (result < 0) { gnutls_assert(); goto finish; } - result = - _gnutls_x509_crq_set_extension(crq, "2.5.29.17", &der_data, - critical); + result = _gnutls_x509_crq_set_extension(crq, "2.5.29.17", &der_data, + critical); if (result < 0) { gnutls_assert(); @@ -2149,7 +2067,7 @@ gnutls_x509_crq_set_subject_alt_othername(gnutls_x509_crq_t crq, result = 0; - finish: +finish: _gnutls_free_datum(&prev_der_data); _gnutls_free_datum(&der_data); _gnutls_free_datum(&encoded_data); @@ -2171,9 +2089,9 @@ gnutls_x509_crq_set_subject_alt_othername(gnutls_x509_crq_t crq, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_set_basic_constraints(gnutls_x509_crq_t crq, - unsigned int ca, int pathLenConstraint) +int gnutls_x509_crq_set_basic_constraints(gnutls_x509_crq_t crq, + unsigned int ca, + int pathLenConstraint) { int result; gnutls_datum_t der_data; @@ -2185,9 +2103,8 @@ gnutls_x509_crq_set_basic_constraints(gnutls_x509_crq_t crq, /* generate the extension. */ - result = - gnutls_x509_ext_export_basic_constraints(ca, pathLenConstraint, - &der_data); + result = gnutls_x509_ext_export_basic_constraints(ca, pathLenConstraint, + &der_data); if (result < 0) { gnutls_assert(); return result; @@ -2266,10 +2183,9 @@ int gnutls_x509_crq_set_key_usage(gnutls_x509_crq_t crq, unsigned int usage) * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq, - unsigned indx, void *oid, - size_t *sizeof_oid, unsigned int *critical) +int gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq, unsigned indx, + void *oid, size_t *sizeof_oid, + unsigned int *critical) { char tmpstr[MAX_NAME_SIZE]; int result, len; @@ -2284,9 +2200,8 @@ gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq, /* Extract extension. */ - result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0, - NULL, &prev_size, - critical); + result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0, NULL, + &prev_size, critical); prev.size = prev_size; if (result < 0) { @@ -2300,17 +2215,16 @@ gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq, return GNUTLS_E_MEMORY_ERROR; } - result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0, - prev.data, - &prev_size, critical); + result = gnutls_x509_crq_get_extension_by_oid( + crq, "2.5.29.37", 0, prev.data, &prev_size, critical); if (result < 0) { gnutls_assert(); gnutls_free(prev.data); return result; } - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.ExtKeyUsageSyntax", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); gnutls_free(prev.data); @@ -2336,7 +2250,8 @@ gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq, *sizeof_oid = len; asn1_delete_structure(&c2); - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) { + if (result == ASN1_VALUE_NOT_FOUND || + result == ASN1_ELEMENT_NOT_FOUND) { return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -2366,9 +2281,8 @@ gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq, - const void *oid, unsigned int critical) +int gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq, const void *oid, + unsigned int critical) { int result; gnutls_datum_t prev = { NULL, 0 }, der_data; @@ -2377,9 +2291,8 @@ gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq, /* Read existing extension, if there is one. */ - result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0, - NULL, &prev_size, - &critical); + result = gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", 0, NULL, + &prev_size, &critical); prev.size = prev_size; switch (result) { @@ -2394,10 +2307,8 @@ gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq, return GNUTLS_E_MEMORY_ERROR; } - result = - gnutls_x509_crq_get_extension_by_oid(crq, "2.5.29.37", - 0, prev.data, - &prev_size, &critical); + result = gnutls_x509_crq_get_extension_by_oid( + crq, "2.5.29.37", 0, prev.data, &prev_size, &critical); if (result < 0) { gnutls_assert(); gnutls_free(prev.data); @@ -2421,8 +2332,8 @@ gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq, if (prev.data) { /* decode it. */ - result = - _asn1_strict_der_decode(&c2, prev.data, prev.size, NULL); + result = _asn1_strict_der_decode(&c2, prev.data, prev.size, + NULL); gnutls_free(prev.data); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -2459,8 +2370,8 @@ gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq, return _gnutls_asn2err(result); } - result = _gnutls_x509_crq_set_extension(crq, "2.5.29.37", - &der_data, critical); + result = _gnutls_x509_crq_set_extension(crq, "2.5.29.37", &der_data, + critical); _gnutls_free_datum(&der_data); if (result < 0) { gnutls_assert(); @@ -2492,9 +2403,9 @@ gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq, * * Since: 2.8.0 **/ -int -gnutls_x509_crq_get_key_id(gnutls_x509_crq_t crq, unsigned int flags, - unsigned char *output_data, size_t *output_data_size) +int gnutls_x509_crq_get_key_id(gnutls_x509_crq_t crq, unsigned int flags, + unsigned char *output_data, + size_t *output_data_size) { int ret = 0; gnutls_pk_params_st params; @@ -2546,9 +2457,9 @@ gnutls_x509_crq_get_key_id(gnutls_x509_crq_t crq, unsigned int flags, * * Since: 2.12.0 **/ -int -gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key, - gnutls_digest_algorithm_t dig, unsigned int flags) +int gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key, + gnutls_digest_algorithm_t dig, + unsigned int flags) { int result; gnutls_datum_t signature; @@ -2585,9 +2496,8 @@ gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key, gnutls_pubkey_deinit(pubkey); return gnutls_assert_val(ret); } - ret = - gnutls_pubkey_get_preferred_hash_algorithm(pubkey, &dig, - NULL); + ret = gnutls_pubkey_get_preferred_hash_algorithm(pubkey, &dig, + NULL); gnutls_pubkey_deinit(pubkey); if (ret < 0) @@ -2609,8 +2519,8 @@ gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key, /* Step 1. Self sign the request. */ - result = - _gnutls_x509_get_tbs(crq->crq, "certificationRequestInfo", &tbs); + result = _gnutls_x509_get_tbs(crq->crq, "certificationRequestInfo", + &tbs); if (result < 0) { gnutls_assert(); @@ -2633,9 +2543,8 @@ gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key, /* Step 2. write the signature (bits) */ - result = - asn1_write_value(crq->crq, "signature", signature.data, - signature.size * 8); + result = asn1_write_value(crq->crq, "signature", signature.data, + signature.size * 8); _gnutls_free_datum(&signature); @@ -2646,9 +2555,8 @@ gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key, /* Step 3. Write the signatureAlgorithm field. */ - result = - _gnutls_x509_write_sign_params(crq->crq, "signatureAlgorithm", - se, ¶ms); + result = _gnutls_x509_write_sign_params(crq->crq, "signatureAlgorithm", + se, ¶ms); if (result < 0) { gnutls_assert(); return result; @@ -2681,17 +2589,15 @@ int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags) gnutls_pk_params_init(¶ms); - ret = - _gnutls_x509_get_signed_data(crq->crq, NULL, - "certificationRequestInfo", &data); + ret = _gnutls_x509_get_signed_data(crq->crq, NULL, + "certificationRequestInfo", &data); if (ret < 0) { gnutls_assert(); return ret; } - ret = - _gnutls_x509_get_signature_algorithm(crq->crq, - "signatureAlgorithm"); + ret = _gnutls_x509_get_signature_algorithm(crq->crq, + "signatureAlgorithm"); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2716,16 +2622,15 @@ int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags) goto cleanup; } - ret = _gnutls_x509_read_sign_params(crq->crq, - "signatureAlgorithm", &sign_params); + ret = _gnutls_x509_read_sign_params(crq->crq, "signatureAlgorithm", + &sign_params); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - pubkey_verify_data(se, hash_to_entry(se->hash), &data, &signature, - ¶ms, &sign_params, flags); + ret = pubkey_verify_data(se, hash_to_entry(se->hash), &data, &signature, + ¶ms, &sign_params, flags); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2733,7 +2638,7 @@ int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags) ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&data); _gnutls_free_datum(&signature); gnutls_pk_params_release(¶ms); @@ -2752,10 +2657,9 @@ int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t crq, - time_t activation, - time_t expiration) +int gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t crq, + time_t activation, + time_t expiration) { int result; gnutls_datum_t der_data; @@ -2766,9 +2670,8 @@ gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t crq, return GNUTLS_E_INVALID_REQUEST; } - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.PrivateKeyUsagePeriod", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.PrivateKeyUsagePeriod", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -2796,7 +2699,7 @@ gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t crq, _gnutls_free_datum(&der_data); - cleanup: +cleanup: asn1_delete_structure(&c2); return result; @@ -2839,10 +2742,9 @@ int gnutls_x509_crq_get_tlsfeatures(gnutls_x509_crq_t crq, return GNUTLS_E_INVALID_REQUEST; } - if ((ret = - gnutls_x509_crq_get_extension_by_oid2(crq, - GNUTLS_X509EXT_OID_TLSFEATURES, - 0, &der, critical)) < 0) { + if ((ret = gnutls_x509_crq_get_extension_by_oid2( + crq, GNUTLS_X509EXT_OID_TLSFEATURES, 0, &der, critical)) < + 0) { return ret; } @@ -2858,7 +2760,7 @@ int gnutls_x509_crq_get_tlsfeatures(gnutls_x509_crq_t crq, } ret = 0; - cleanup: +cleanup: gnutls_free(der.data); return ret; } @@ -2895,9 +2797,8 @@ int gnutls_x509_crq_set_tlsfeatures(gnutls_x509_crq_t crq, return ret; } - ret = - _gnutls_x509_crq_set_extension(crq, GNUTLS_X509EXT_OID_TLSFEATURES, - &der, 0); + ret = _gnutls_x509_crq_set_extension( + crq, GNUTLS_X509EXT_OID_TLSFEATURES, &der, 0); _gnutls_free_datum(&der); @@ -2923,10 +2824,9 @@ int gnutls_x509_crq_set_tlsfeatures(gnutls_x509_crq_t crq, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crq_set_extension_by_oid(gnutls_x509_crq_t crq, - const char *oid, const void *buf, - size_t sizeof_buf, unsigned int critical) +int gnutls_x509_crq_set_extension_by_oid(gnutls_x509_crq_t crq, const char *oid, + const void *buf, size_t sizeof_buf, + unsigned int critical) { int result; gnutls_datum_t der_data; @@ -2946,7 +2846,6 @@ gnutls_x509_crq_set_extension_by_oid(gnutls_x509_crq_t crq, } return 0; - } /** @@ -2968,9 +2867,8 @@ gnutls_x509_crq_set_extension_by_oid(gnutls_x509_crq_t crq, * * Since: 3.6.0 **/ -int -gnutls_x509_crq_set_spki(gnutls_x509_crq_t crq, - const gnutls_x509_spki_t spki, unsigned int flags) +int gnutls_x509_crq_set_spki(gnutls_x509_crq_t crq, + const gnutls_x509_spki_t spki, unsigned int flags) { int ret; gnutls_pk_algorithm_t crq_pk; @@ -3025,9 +2923,8 @@ gnutls_x509_crq_set_spki(gnutls_x509_crq_t crq, /* If salt size is zero, find the optimal salt size. */ if (spki->salt_size == 0) { - ret = - _gnutls_find_rsa_pss_salt_size(bits, me, - spki->salt_size); + ret = _gnutls_find_rsa_pss_salt_size(bits, me, + spki->salt_size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -3056,14 +2953,15 @@ gnutls_x509_crq_set_spki(gnutls_x509_crq_t crq, ret = _gnutls_x509_write_spki_params(crq->crq, "certificationRequestInfo." "subjectPKInfo." - "algorithm", &tpki); + "algorithm", + &tpki); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = 0; - cleanup: +cleanup: gnutls_pk_params_release(¶ms); return ret; } diff --git a/lib/x509/dn.c b/lib/x509/dn.c index c13ce113e8..bae7564ccc 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -34,7 +34,7 @@ */ static int append_elements(asn1_node asn1_struct, const char *asn1_rdn_name, - gnutls_buffer_st * str, int k1, unsigned last) + gnutls_buffer_st *str, int k1, unsigned last) { int k2, result, max_k2; int len; @@ -58,7 +58,8 @@ static int append_elements(asn1_node asn1_struct, const char *asn1_rdn_name, len = sizeof(value) - 1; result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); - if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS) { /* expected */ + if (result != ASN1_VALUE_NOT_FOUND && + result != ASN1_SUCCESS) { /* expected */ gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -73,13 +74,13 @@ static int append_elements(asn1_node asn1_struct, const char *asn1_rdn_name, goto cleanup; } - do { /* Move to the attribute type and values + do { /* Move to the attribute type and values */ k2++; if (tmpbuffer1[0] != 0) - snprintf(tmpbuffer2, sizeof(tmpbuffer2), - "%s.?%d", tmpbuffer1, k2); + snprintf(tmpbuffer2, sizeof(tmpbuffer2), "%s.?%d", + tmpbuffer1, k2); else snprintf(tmpbuffer2, sizeof(tmpbuffer2), "?%d", k2); @@ -91,7 +92,8 @@ static int append_elements(asn1_node asn1_struct, const char *asn1_rdn_name, if (result == ASN1_ELEMENT_NOT_FOUND) break; - if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS) { /* expected */ + if (result != ASN1_VALUE_NOT_FOUND && + result != ASN1_SUCCESS) { /* expected */ gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -125,20 +127,22 @@ static int append_elements(asn1_node asn1_struct, const char *asn1_rdn_name, gnutls_assert(); goto cleanup; } -#define STR_APPEND(y) if ((result=_gnutls_buffer_append_str( str, y)) < 0) { \ - gnutls_assert(); \ - goto cleanup; \ -} -#define DATA_APPEND(x,y) if ((result=_gnutls_buffer_append_data( str, x,y)) < 0) { \ - gnutls_assert(); \ - goto cleanup; \ -} +#define STR_APPEND(y) \ + if ((result = _gnutls_buffer_append_str(str, y)) < 0) { \ + gnutls_assert(); \ + goto cleanup; \ + } +#define DATA_APPEND(x, y) \ + if ((result = _gnutls_buffer_append_data(str, x, y)) < 0) { \ + gnutls_assert(); \ + goto cleanup; \ + } /* The encodings of adjoining RelativeDistinguishedNames are separated * by a comma character (',' ASCII 44). */ - ldap_desc = - gnutls_x509_dn_oid_name(oid, GNUTLS_X509_DN_OID_RETURN_OID); + ldap_desc = gnutls_x509_dn_oid_name( + oid, GNUTLS_X509_DN_OID_RETURN_OID); STR_APPEND(ldap_desc); STR_APPEND("="); @@ -150,8 +154,8 @@ static int append_elements(asn1_node asn1_struct, const char *asn1_rdn_name, * Explicitly reject DirectoryString in such case. */ const char *asn_desc = _gnutls_oid_get_asn_desc(oid); - if (asn_desc && !strcmp(asn_desc, "PKIX1.DirectoryString") - && tvd.data[1] == 0) { + if (asn_desc && !strcmp(asn_desc, "PKIX1.DirectoryString") && + tvd.data[1] == 0) { gnutls_assert(); result = GNUTLS_E_ASN1_VALUE_NOT_VALID; _gnutls_debug_log("Empty DirectoryString\n"); @@ -159,15 +163,13 @@ static int append_elements(asn1_node asn1_struct, const char *asn1_rdn_name, } result = - _gnutls_x509_dn_to_string(oid, tvd.data, tvd.size, &td); + _gnutls_x509_dn_to_string(oid, tvd.data, tvd.size, &td); if (result < 0) { gnutls_assert(); - _gnutls_debug_log - ("Cannot parse OID: '%s' with value '%s'\n", - oid, _gnutls_bin2hex(tvd.data, - tvd.size, - tmpbuffer3, - sizeof(tmpbuffer3), NULL)); + _gnutls_debug_log( + "Cannot parse OID: '%s' with value '%s'\n", oid, + _gnutls_bin2hex(tvd.data, tvd.size, tmpbuffer3, + sizeof(tmpbuffer3), NULL)); goto cleanup; } @@ -184,21 +186,18 @@ static int append_elements(asn1_node asn1_struct, const char *asn1_rdn_name, } else if (!last) { STR_APPEND(","); } - } - while (1); + } while (1); result = 0; - cleanup: +cleanup: _gnutls_free_datum(&td); _gnutls_free_datum(&tvd); return result; } -int -_gnutls_x509_get_dn(asn1_node asn1_struct, - const char *asn1_rdn_name, gnutls_datum_t * dn, - unsigned flags) +int _gnutls_x509_get_dn(asn1_node asn1_struct, const char *asn1_rdn_name, + gnutls_datum_t *dn, unsigned flags) { gnutls_buffer_st out_str; int i, k1, result; @@ -207,11 +206,10 @@ _gnutls_x509_get_dn(asn1_node asn1_struct, result = asn1_number_of_elements(asn1_struct, asn1_rdn_name, &k1); if (result != ASN1_SUCCESS) { - if (result == ASN1_ELEMENT_NOT_FOUND - || result == ASN1_VALUE_NOT_FOUND) { - result = - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + if (result == ASN1_ELEMENT_NOT_FOUND || + result == ASN1_VALUE_NOT_FOUND) { + result = gnutls_assert_val( + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); } else { gnutls_assert(); result = _gnutls_asn2err(result); @@ -227,10 +225,9 @@ _gnutls_x509_get_dn(asn1_node asn1_struct, if (flags & GNUTLS_X509_DN_FLAG_COMPAT) { for (i = 0; i < k1; i++) { - result = - append_elements(asn1_struct, asn1_rdn_name, - &out_str, i + 1, - (i == (k1 - 1)) ? 1 : 0); + result = append_elements(asn1_struct, asn1_rdn_name, + &out_str, i + 1, + (i == (k1 - 1)) ? 1 : 0); if (result < 0) { gnutls_assert(); goto cleanup; @@ -238,9 +235,8 @@ _gnutls_x509_get_dn(asn1_node asn1_struct, } } else { while (k1 > 0) { - result = - append_elements(asn1_struct, asn1_rdn_name, - &out_str, k1, k1 == 1 ? 1 : 0); + result = append_elements(asn1_struct, asn1_rdn_name, + &out_str, k1, k1 == 1 ? 1 : 0); if (result < 0) { gnutls_assert(); goto cleanup; @@ -251,10 +247,9 @@ _gnutls_x509_get_dn(asn1_node asn1_struct, return _gnutls_buffer_to_datum(&out_str, dn, 1); - cleanup: +cleanup: _gnutls_buffer_clear(&out_str); return result; - } /* Parses an X509 DN in the asn1_struct, and puts the output into @@ -263,10 +258,8 @@ _gnutls_x509_get_dn(asn1_node asn1_struct, * asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence". * That is to point in the rndSequence. */ -int -_gnutls_x509_parse_dn(asn1_node asn1_struct, - const char *asn1_rdn_name, char *buf, - size_t *buf_size, unsigned flags) +int _gnutls_x509_parse_dn(asn1_node asn1_struct, const char *asn1_rdn_name, + char *buf, size_t *buf_size, unsigned flags) { int ret; gnutls_datum_t dn = { NULL, 0 }; @@ -302,7 +295,7 @@ _gnutls_x509_parse_dn(asn1_node asn1_struct, *buf_size = dn.size + 1; ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&dn); return ret; } @@ -319,11 +312,9 @@ _gnutls_x509_parse_dn(asn1_node asn1_struct, * indx specifies which OID to return. Ie 0 means return the first specified * OID found, 1 the second etc. */ -int -_gnutls_x509_parse_dn_oid(asn1_node asn1_struct, - const char *asn1_rdn_name, - const char *given_oid, int indx, - unsigned int raw_flag, gnutls_datum_t * out) +int _gnutls_x509_parse_dn_oid(asn1_node asn1_struct, const char *asn1_rdn_name, + const char *given_oid, int indx, + unsigned int raw_flag, gnutls_datum_t *out) { int k2, k1, result; char tmpbuffer1[MAX_NAME_SIZE]; @@ -337,7 +328,6 @@ _gnutls_x509_parse_dn_oid(asn1_node asn1_struct, k1 = 0; do { - k1++; /* create a string like "tbsCertList.issuer.rdnSequence.?1" */ @@ -363,7 +353,7 @@ _gnutls_x509_parse_dn_oid(asn1_node asn1_struct, k2 = 0; - do { /* Move to the attribute type and values + do { /* Move to the attribute type and values */ k2++; @@ -371,16 +361,15 @@ _gnutls_x509_parse_dn_oid(asn1_node asn1_struct, snprintf(tmpbuffer2, sizeof(tmpbuffer2), "%s.?%d", tmpbuffer1, k2); else - snprintf(tmpbuffer2, sizeof(tmpbuffer2), - "?%d", k2); + snprintf(tmpbuffer2, sizeof(tmpbuffer2), "?%d", + k2); /* Try to read the RelativeDistinguishedName attributes. */ len = sizeof(value) - 1; - result = - asn1_read_value(asn1_struct, tmpbuffer2, value, - &len); + result = asn1_read_value(asn1_struct, tmpbuffer2, value, + &len); if (result == ASN1_ELEMENT_NOT_FOUND) { break; @@ -399,8 +388,8 @@ _gnutls_x509_parse_dn_oid(asn1_node asn1_struct, ".type"); len = sizeof(oid) - 1; - result = - asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); + result = asn1_read_value(asn1_struct, tmpbuffer3, oid, + &len); if (result == ASN1_ELEMENT_NOT_FOUND) break; @@ -410,18 +399,18 @@ _gnutls_x509_parse_dn_oid(asn1_node asn1_struct, goto cleanup; } - if (strcmp(oid, given_oid) == 0 && indx == i++) { /* Found the OID */ + if (strcmp(oid, given_oid) == 0 && + indx == i++) { /* Found the OID */ /* Read the Value */ - _gnutls_str_cpy(tmpbuffer3, - sizeof(tmpbuffer3), tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, - sizeof(tmpbuffer3), ".value"); - - result = - _gnutls_x509_read_value(asn1_struct, - tmpbuffer3, &td); + _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), + tmpbuffer2); + _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), + ".value"); + + result = _gnutls_x509_read_value( + asn1_struct, tmpbuffer3, &td); if (result < 0) { gnutls_assert(); goto cleanup; @@ -432,12 +421,9 @@ _gnutls_x509_parse_dn_oid(asn1_node asn1_struct, out->size = td.size; return 0; - } else { /* parse data. raw_flag == 0 */ - result = - _gnutls_x509_dn_to_string(oid, - td.data, - td.size, - out); + } else { /* parse data. raw_flag == 0 */ + result = _gnutls_x509_dn_to_string( + oid, td.data, td.size, out); _gnutls_free_datum(&td); if (result < 0) { @@ -447,19 +433,17 @@ _gnutls_x509_parse_dn_oid(asn1_node asn1_struct, return 0; - } /* raw_flag == 0 */ + } /* raw_flag == 0 */ } - } - while (1); + } while (1); - } - while (1); + } while (1); gnutls_assert(); result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - cleanup: +cleanup: return result; } @@ -472,10 +456,8 @@ _gnutls_x509_parse_dn_oid(asn1_node asn1_struct, * indx specifies which OID to return. Ie 0 means return the first specified * OID found, 1 the second etc. */ -int -_gnutls_x509_get_dn_oid(asn1_node asn1_struct, - const char *asn1_rdn_name, - int indx, void *_oid, size_t *sizeof_oid) +int _gnutls_x509_get_dn_oid(asn1_node asn1_struct, const char *asn1_rdn_name, + int indx, void *_oid, size_t *sizeof_oid) { int k2, k1, result; char tmpbuffer1[MAX_NAME_SIZE]; @@ -488,7 +470,6 @@ _gnutls_x509_get_dn_oid(asn1_node asn1_struct, k1 = 0; do { - k1++; /* create a string like "tbsCertList.issuer.rdnSequence.?1" */ @@ -514,7 +495,7 @@ _gnutls_x509_get_dn_oid(asn1_node asn1_struct, k2 = 0; - do { /* Move to the attribute type and values + do { /* Move to the attribute type and values */ k2++; @@ -522,16 +503,15 @@ _gnutls_x509_get_dn_oid(asn1_node asn1_struct, snprintf(tmpbuffer2, sizeof(tmpbuffer2), "%s.?%d", tmpbuffer1, k2); else - snprintf(tmpbuffer2, sizeof(tmpbuffer2), - "?%d", k2); + snprintf(tmpbuffer2, sizeof(tmpbuffer2), "?%d", + k2); /* Try to read the RelativeDistinguishedName attributes. */ len = sizeof(value) - 1; - result = - asn1_read_value(asn1_struct, tmpbuffer2, value, - &len); + result = asn1_read_value(asn1_struct, tmpbuffer2, value, + &len); if (result == ASN1_ELEMENT_NOT_FOUND) { break; @@ -550,8 +530,8 @@ _gnutls_x509_get_dn_oid(asn1_node asn1_struct, ".type"); len = sizeof(oid) - 1; - result = - asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); + result = asn1_read_value(asn1_struct, tmpbuffer3, oid, + &len); if (result == ASN1_ELEMENT_NOT_FOUND) break; @@ -561,7 +541,7 @@ _gnutls_x509_get_dn_oid(asn1_node asn1_struct, goto cleanup; } - if (indx == i++) { /* Found the OID */ + if (indx == i++) { /* Found the OID */ len = strlen(oid) + 1; @@ -576,17 +556,15 @@ _gnutls_x509_get_dn_oid(asn1_node asn1_struct, return 0; } - } - while (1); + } while (1); - } - while (1); + } while (1); gnutls_assert(); result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - cleanup: +cleanup: return result; } @@ -594,10 +572,10 @@ _gnutls_x509_get_dn_oid(asn1_node asn1_struct, * 'multi' must be (0) if writing an AttributeTypeAndValue, and 1 if Attribute. * In all cases only one value is written. */ -static int -_gnutls_x509_write_attribute(const char *given_oid, - asn1_node asn1_struct, const char *where, - const void *_data, int sizeof_data) +static int _gnutls_x509_write_attribute(const char *given_oid, + asn1_node asn1_struct, + const char *where, const void *_data, + int sizeof_data) { char tmp[128]; int result; @@ -636,12 +614,10 @@ _gnutls_x509_write_attribute(const char *given_oid, * * The output is allocated and stored in value. */ -int -_gnutls_x509_decode_and_read_attribute(asn1_node asn1_struct, - const char *where, char *oid, - int oid_size, - gnutls_datum_t * value, int multi, - int octet_string) +int _gnutls_x509_decode_and_read_attribute(asn1_node asn1_struct, + const char *where, char *oid, + int oid_size, gnutls_datum_t *value, + int multi, int octet_string) { char tmpbuffer[128]; int len, result; @@ -667,12 +643,12 @@ _gnutls_x509_decode_and_read_attribute(asn1_node asn1_struct, _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".value"); if (multi) - _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), "s.?1"); /* .values.?1 */ + _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), + "s.?1"); /* .values.?1 */ if (octet_string) - result = - _gnutls_x509_read_string(asn1_struct, tmpbuffer, value, - ASN1_ETYPE_OCTET_STRING, 0); + result = _gnutls_x509_read_string(asn1_struct, tmpbuffer, value, + ASN1_ETYPE_OCTET_STRING, 0); else result = _gnutls_x509_read_value(asn1_struct, tmpbuffer, value); if (result < 0) { @@ -681,7 +657,6 @@ _gnutls_x509_decode_and_read_attribute(asn1_node asn1_struct, } return 0; - } /* Sets an X509 DN in the asn1_struct, and puts the given OID in the DN. @@ -691,10 +666,9 @@ _gnutls_x509_decode_and_read_attribute(asn1_node asn1_struct, * That is to point before the rndSequence. * */ -int -_gnutls_x509_set_dn_oid(asn1_node asn1_struct, - const char *asn1_name, const char *given_oid, - int raw_flag, const char *name, int sizeof_name) +int _gnutls_x509_set_dn_oid(asn1_node asn1_struct, const char *asn1_name, + const char *given_oid, int raw_flag, + const char *name, int sizeof_name) { int result; char tmp[MAX_NAME_SIZE], asn1_rdn_name[MAX_NAME_SIZE]; @@ -747,15 +721,11 @@ _gnutls_x509_set_dn_oid(asn1_node asn1_struct, _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST.?LAST"); if (!raw_flag) { - result = - _gnutls_x509_encode_and_write_attribute(given_oid, - asn1_struct, - tmp, name, - sizeof_name, 0); + result = _gnutls_x509_encode_and_write_attribute( + given_oid, asn1_struct, tmp, name, sizeof_name, 0); } else { - result = - _gnutls_x509_write_attribute(given_oid, asn1_struct, - tmp, name, sizeof_name); + result = _gnutls_x509_write_attribute(given_oid, asn1_struct, + tmp, name, sizeof_name); } if (result < 0) { @@ -784,7 +754,7 @@ _gnutls_x509_set_dn_oid(asn1_node asn1_struct, * updated if the provided buffer is not long enough, otherwise a * negative error value. **/ -int gnutls_x509_rdn_get(const gnutls_datum_t * idn, char *buf, size_t *buf_size) +int gnutls_x509_rdn_get(const gnutls_datum_t *idn, char *buf, size_t *buf_size) { int ret; gnutls_datum_t out; @@ -821,9 +791,8 @@ int gnutls_x509_rdn_get(const gnutls_datum_t * idn, char *buf, size_t *buf_size) * updated if the provided buffer is not long enough, otherwise a * negative error value. **/ -int -gnutls_x509_rdn_get2(const gnutls_datum_t * idn, - gnutls_datum_t * str, unsigned flags) +int gnutls_x509_rdn_get2(const gnutls_datum_t *idn, gnutls_datum_t *str, + unsigned flags) { int ret; gnutls_x509_dn_t dn; @@ -845,7 +814,7 @@ gnutls_x509_rdn_get2(const gnutls_datum_t * idn, } ret = 0; - cleanup: +cleanup: gnutls_x509_dn_deinit(dn); return ret; } @@ -869,10 +838,9 @@ gnutls_x509_rdn_get2(const gnutls_datum_t * idn, * updated if the provided buffer is not long enough, otherwise a * negative error value. **/ -int -gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid, - unsigned indx, unsigned int raw_flag, - void *buf, size_t *buf_size) +int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t *idn, const char *oid, + unsigned indx, unsigned int raw_flag, void *buf, + size_t *buf_size) { int result; asn1_node dn = NULL; @@ -882,9 +850,8 @@ gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid, return GNUTLS_E_INVALID_REQUEST; } - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Name", + &dn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -897,9 +864,8 @@ gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid, return _gnutls_asn2err(result); } - result = - _gnutls_x509_parse_dn_oid(dn, "rdnSequence", oid, indx, - raw_flag, &td); + result = _gnutls_x509_parse_dn_oid(dn, "rdnSequence", oid, indx, + raw_flag, &td); asn1_delete_structure(&dn); if (result < 0) @@ -925,9 +891,8 @@ gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid, * * Since: 2.4.0 **/ -int -gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, - unsigned indx, void *buf, size_t *buf_size) +int gnutls_x509_rdn_get_oid(const gnutls_datum_t *idn, unsigned indx, void *buf, + size_t *buf_size) { int result; asn1_node dn = NULL; @@ -936,9 +901,8 @@ gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, return GNUTLS_E_INVALID_REQUEST; } - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Name", + &dn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -952,7 +916,7 @@ gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, } result = - _gnutls_x509_get_dn_oid(dn, "rdnSequence", indx, buf, buf_size); + _gnutls_x509_get_dn_oid(dn, "rdnSequence", indx, buf, buf_size); asn1_delete_structure(&dn); return result; @@ -964,9 +928,8 @@ gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, * Returns 1 if the DN's match and (0) if they don't match. Otherwise * a negative error code is returned to indicate error. */ -int -_gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, - const gnutls_datum_t * dn2) +int _gnutls_x509_compare_raw_dn(const gnutls_datum_t *dn1, + const gnutls_datum_t *dn2) { int ret; gnutls_datum_t str1, str2; @@ -1013,9 +976,9 @@ _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, goto cleanup; } - ret = 1; /* they match */ + ret = 1; /* they match */ - cleanup: +cleanup: _gnutls_free_datum(&str1); _gnutls_free_datum(&str2); diff --git a/lib/x509/email-verify.c b/lib/x509/email-verify.c index c9ece51dcb..2e5eaf85a2 100644 --- a/lib/x509/email-verify.c +++ b/lib/x509/email-verify.c @@ -37,9 +37,8 @@ * * Returns: non-zero for a successful match, and zero on failure. **/ -unsigned -gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, - const char *email, unsigned int flags) +unsigned gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, const char *email, + unsigned int flags) { char rfc822name[MAX_CN]; size_t rfc822namesize; @@ -72,34 +71,30 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, * against all those of type RFC822Name. */ for (i = 0; !(ret < 0); i++) { - rfc822namesize = sizeof(rfc822name); - ret = gnutls_x509_crt_get_subject_alt_name(cert, i, - rfc822name, - &rfc822namesize, - NULL); + ret = gnutls_x509_crt_get_subject_alt_name( + cert, i, rfc822name, &rfc822namesize, NULL); if (ret == GNUTLS_SAN_RFC822NAME) { found_rfc822name = 1; if (memchr(rfc822name, '\0', rfc822namesize)) { - _gnutls_debug_log - ("certificate has %s with embedded null in rfc822name\n", - rfc822name); + _gnutls_debug_log( + "certificate has %s with embedded null in rfc822name\n", + rfc822name); continue; } if (!_gnutls_str_is_print(rfc822name, rfc822namesize)) { - _gnutls_debug_log - ("invalid (non-ASCII) email in certificate %.*s\n", - (int)rfc822namesize, rfc822name); + _gnutls_debug_log( + "invalid (non-ASCII) email in certificate %.*s\n", + (int)rfc822namesize, rfc822name); continue; } - ret = - _gnutls_hostname_compare(rfc822name, rfc822namesize, - a_email, - GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS); + ret = _gnutls_hostname_compare( + rfc822name, rfc822namesize, a_email, + GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS); if (ret != 0) { ret = 1; goto cleanup; @@ -114,43 +109,44 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, /* enforce the RFC6125 (§1.8) requirement that only * a single CN must be present */ rfc822namesize = sizeof(rfc822name); - ret = gnutls_x509_crt_get_dn_by_oid - (cert, GNUTLS_OID_PKCS9_EMAIL, 1, 0, rfc822name, - &rfc822namesize); + ret = gnutls_x509_crt_get_dn_by_oid(cert, + GNUTLS_OID_PKCS9_EMAIL, 1, + 0, rfc822name, + &rfc822namesize); if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { ret = 0; goto cleanup; } rfc822namesize = sizeof(rfc822name); - ret = gnutls_x509_crt_get_dn_by_oid - (cert, GNUTLS_OID_PKCS9_EMAIL, 0, 0, rfc822name, - &rfc822namesize); + ret = gnutls_x509_crt_get_dn_by_oid(cert, + GNUTLS_OID_PKCS9_EMAIL, 0, + 0, rfc822name, + &rfc822namesize); if (ret < 0) { ret = 0; goto cleanup; } if (memchr(rfc822name, '\0', rfc822namesize)) { - _gnutls_debug_log - ("certificate has EMAIL %s with embedded null in name\n", - rfc822name); + _gnutls_debug_log( + "certificate has EMAIL %s with embedded null in name\n", + rfc822name); ret = 0; goto cleanup; } if (!_gnutls_str_is_print(rfc822name, rfc822namesize)) { - _gnutls_debug_log - ("invalid (non-ASCII) email in certificate DN %.*s\n", - (int)rfc822namesize, rfc822name); + _gnutls_debug_log( + "invalid (non-ASCII) email in certificate DN %.*s\n", + (int)rfc822namesize, rfc822name); ret = 0; goto cleanup; } - ret = - _gnutls_hostname_compare(rfc822name, rfc822namesize, - a_email, - GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS); + ret = _gnutls_hostname_compare( + rfc822name, rfc822namesize, a_email, + GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS); if (ret != 0) { ret = 1; goto cleanup; @@ -160,7 +156,7 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, /* not found a matching name */ ret = 0; - cleanup: +cleanup: if (a_email != email) { gnutls_free(a_email); } diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index 73133e9db4..24a4ef99c8 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -33,10 +33,9 @@ #include <x509_int.h> #include <datum.h> -int -_gnutls_get_extension(asn1_node asn, const char *root, - const char *extension_id, int indx, - gnutls_datum_t * ret, unsigned int *_critical) +int _gnutls_get_extension(asn1_node asn, const char *root, + const char *extension_id, int indx, + gnutls_datum_t *ret, unsigned int *_critical) { int k, result, len; char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; @@ -70,7 +69,8 @@ _gnutls_get_extension(asn1_node asn, const char *root, /* Handle Extension */ - if (strcmp(extnID, extension_id) == 0 && indx == indx_counter++) { + if (strcmp(extnID, extension_id) == 0 && + indx == indx_counter++) { /* extension was found */ @@ -81,7 +81,7 @@ _gnutls_get_extension(asn1_node asn, const char *root, len = sizeof(str_critical); result = - asn1_read_value(asn, name2, str_critical, &len); + asn1_read_value(asn, name2, str_critical, &len); if (result == ASN1_ELEMENT_NOT_FOUND) { gnutls_assert(); @@ -115,8 +115,7 @@ _gnutls_get_extension(asn1_node asn, const char *root, return 0; } - } - while (1); + } while (1); if (result == ASN1_ELEMENT_NOT_FOUND) { return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; @@ -126,9 +125,8 @@ _gnutls_get_extension(asn1_node asn, const char *root, } } -static int -get_indx_extension(asn1_node asn, const char *root, - int indx, gnutls_datum_t * out) +static int get_indx_extension(asn1_node asn, const char *root, int indx, + gnutls_datum_t *out) { char name[MAX_NAME_SIZE]; int ret; @@ -145,10 +143,9 @@ get_indx_extension(asn1_node asn, const char *root, return 0; } -int -_gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert, - const char *extension_id, int indx, - gnutls_datum_t * data, unsigned int *critical) +int _gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert, + const char *extension_id, int indx, + gnutls_datum_t *data, unsigned int *critical) { return _gnutls_get_extension(cert->cert, "tbsCertificate.extensions", extension_id, indx, data, critical); @@ -171,18 +168,16 @@ _gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert, * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE * will be returned. **/ -int -gnutls_x509_crt_get_extension_data2(gnutls_x509_crt_t cert, - unsigned indx, gnutls_datum_t * data) +int gnutls_x509_crt_get_extension_data2(gnutls_x509_crt_t cert, unsigned indx, + gnutls_datum_t *data) { - return get_indx_extension(cert->cert, "tbsCertificate.extensions", - indx, data); + return get_indx_extension(cert->cert, "tbsCertificate.extensions", indx, + data); } -int -_gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl, - const char *extension_id, int indx, - gnutls_datum_t * data, unsigned int *critical) +int _gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl, + const char *extension_id, int indx, + gnutls_datum_t *data, unsigned int *critical) { return _gnutls_get_extension(crl->crl, "tbsCertList.crlExtensions", extension_id, indx, data, critical); @@ -205,12 +200,11 @@ _gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl, * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE * will be returned. **/ -int -gnutls_x509_crl_get_extension_data2(gnutls_x509_crl_t crl, - unsigned indx, gnutls_datum_t * data) +int gnutls_x509_crl_get_extension_data2(gnutls_x509_crl_t crl, unsigned indx, + gnutls_datum_t *data) { - return get_indx_extension(crl->crl, "tbsCertList.crlExtensions", - indx, data); + return get_indx_extension(crl->crl, "tbsCertList.crlExtensions", indx, + data); } /* This function will attempt to return the requested extension OID found in @@ -219,8 +213,8 @@ gnutls_x509_crl_get_extension_data2(gnutls_x509_crl_t crl, * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will * be returned. */ -static int get_extension_oid(asn1_node asn, const char *root, - unsigned indx, void *oid, size_t *sizeof_oid) +static int get_extension_oid(asn1_node asn, const char *root, unsigned indx, + void *oid, size_t *sizeof_oid) { int k, result, len; char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; @@ -264,8 +258,7 @@ static int get_extension_oid(asn1_node asn, const char *root, return 0; } - } - while (1); + } while (1); if (result == ASN1_ELEMENT_NOT_FOUND) { return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; @@ -281,20 +274,18 @@ static int get_extension_oid(asn1_node asn, const char *root, * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will * be returned. */ -int -_gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, - int indx, void *oid, size_t *sizeof_oid) +int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, int indx, + void *oid, size_t *sizeof_oid) { - return get_extension_oid(cert->cert, "tbsCertificate.extensions", - indx, oid, sizeof_oid); + return get_extension_oid(cert->cert, "tbsCertificate.extensions", indx, + oid, sizeof_oid); } -int -_gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, - int indx, void *oid, size_t *sizeof_oid) +int _gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, int indx, + void *oid, size_t *sizeof_oid) { - return get_extension_oid(crl->crl, "tbsCertList.crlExtensions", - indx, oid, sizeof_oid); + return get_extension_oid(crl->crl, "tbsCertList.crlExtensions", indx, + oid, sizeof_oid); } /* This function will attempt to set the requested extension in @@ -302,9 +293,9 @@ _gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, * * Critical will be either 0 or 1. */ -static int -add_extension(asn1_node asn, const char *root, const char *extension_id, - const gnutls_datum_t * ext_data, unsigned int critical) +static int add_extension(asn1_node asn, const char *root, + const char *extension_id, + const gnutls_datum_t *ext_data, unsigned int critical) { int result; const char *str; @@ -364,9 +355,10 @@ add_extension(asn1_node asn, const char *root, const char *extension_id, /* Overwrite the given extension (using the index) * index here starts from one. */ -static int -overwrite_extension(asn1_node asn, const char *root, unsigned int indx, - const gnutls_datum_t * ext_data, unsigned int critical) +static int overwrite_extension(asn1_node asn, const char *root, + unsigned int indx, + const gnutls_datum_t *ext_data, + unsigned int critical) { char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; const char *str; @@ -403,10 +395,8 @@ overwrite_extension(asn1_node asn, const char *root, unsigned int indx, return 0; } -int -_gnutls_set_extension(asn1_node asn, const char *root, - const char *ext_id, - const gnutls_datum_t * ext_data, unsigned int critical) +int _gnutls_set_extension(asn1_node asn, const char *root, const char *ext_id, + const gnutls_datum_t *ext_data, unsigned int critical) { int result = 0; int k, len; @@ -435,7 +425,6 @@ _gnutls_set_extension(asn1_node asn, const char *root, } do { - _gnutls_str_cpy(name2, sizeof(name2), name); _gnutls_str_cat(name2, sizeof(name2), ".extnID"); @@ -459,10 +448,8 @@ _gnutls_set_extension(asn1_node asn, const char *root, ext_data, critical); } - } - while (0); - } - while (1); + } while (0); + } while (1); if (result == ASN1_ELEMENT_NOT_FOUND) { return add_extension(asn, root, ext_id, ext_data, critical); @@ -479,11 +466,9 @@ _gnutls_set_extension(asn1_node asn, const char *root, * * Critical will be either 0 or 1. */ -int -_gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert, - const char *ext_id, - const gnutls_datum_t * ext_data, - unsigned int critical) +int _gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert, const char *ext_id, + const gnutls_datum_t *ext_data, + unsigned int critical) { MODIFIED(cert); cert->use_extensions = 1; @@ -492,21 +477,17 @@ _gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert, ext_id, ext_data, critical); } -int -_gnutls_x509_crl_set_extension(gnutls_x509_crl_t crl, - const char *ext_id, - const gnutls_datum_t * ext_data, - unsigned int critical) +int _gnutls_x509_crl_set_extension(gnutls_x509_crl_t crl, const char *ext_id, + const gnutls_datum_t *ext_data, + unsigned int critical) { return _gnutls_set_extension(crl->crl, "tbsCertList.crlExtensions", ext_id, ext_data, critical); } -int -_gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq, - const char *ext_id, - const gnutls_datum_t * ext_data, - unsigned int critical) +int _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq, const char *ext_id, + const gnutls_datum_t *ext_data, + unsigned int critical) { unsigned char *extensions = NULL; size_t extensions_size = 0; @@ -514,10 +495,8 @@ _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq, asn1_node c2; int result; - result = - gnutls_x509_crq_get_attribute_by_oid(crq, - "1.2.840.113549.1.9.14", - 0, NULL, &extensions_size); + result = gnutls_x509_crq_get_attribute_by_oid( + crq, "1.2.840.113549.1.9.14", 0, NULL, &extensions_size); if (result == GNUTLS_E_SHORT_MEMORY_BUFFER) { extensions = gnutls_malloc(extensions_size); if (extensions == NULL) { @@ -525,11 +504,9 @@ _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq, return GNUTLS_E_MEMORY_ERROR; } - result = gnutls_x509_crq_get_attribute_by_oid(crq, - "1.2.840.113549.1.9.14", - 0, - extensions, - &extensions_size); + result = gnutls_x509_crq_get_attribute_by_oid( + crq, "1.2.840.113549.1.9.14", 0, extensions, + &extensions_size); } if (result < 0) { if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { @@ -541,8 +518,8 @@ _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq, } } - result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions", &c2); + result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extensions", + &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); gnutls_free(extensions); @@ -550,9 +527,8 @@ _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq, } if (extensions_size > 0) { - result = - _asn1_strict_der_decode(&c2, extensions, extensions_size, - NULL); + result = _asn1_strict_der_decode(&c2, extensions, + extensions_size, NULL); gnutls_free(extensions); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -577,10 +553,8 @@ _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq, return result; } - result = - gnutls_x509_crq_set_attribute_by_oid(crq, - "1.2.840.113549.1.9.14", - der.data, der.size); + result = gnutls_x509_crq_set_attribute_by_oid( + crq, "1.2.840.113549.1.9.14", der.data, der.size); gnutls_free(der.data); if (result < 0) { gnutls_assert(); @@ -592,10 +566,8 @@ _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq, /* extract an INTEGER from the DER encoded extension */ -int -_gnutls_x509_ext_extract_number(uint8_t * number, - size_t *_nr_size, - uint8_t * extnValue, int extnValueLen) +int _gnutls_x509_ext_extract_number(uint8_t *number, size_t *_nr_size, + uint8_t *extnValue, int extnValueLen) { asn1_node ext = NULL; int result; @@ -604,9 +576,9 @@ _gnutls_x509_ext_extract_number(uint8_t * number, /* here it doesn't matter so much that we use CertificateSerialNumber. It is equal * to using INTEGER. */ - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.CertificateSerialNumber", - &ext)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.CertificateSerialNumber", + &ext)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -635,16 +607,14 @@ _gnutls_x509_ext_extract_number(uint8_t * number, /* generate an INTEGER in a DER encoded extension */ -int -_gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size, - gnutls_datum_t * der_ext) +int _gnutls_x509_ext_gen_number(const uint8_t *number, size_t nr_size, + gnutls_datum_t *der_ext) { asn1_node ext = NULL; int result; - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.CertificateSerialNumber", &ext); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.CertificateSerialNumber", &ext); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -669,10 +639,9 @@ _gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size, return 0; } -int -_gnutls_write_general_name(asn1_node ext, const char *ext_name, - gnutls_x509_subject_alt_name_t type, - const void *data, unsigned int data_size) +int _gnutls_write_general_name(asn1_node ext, const char *ext_name, + gnutls_x509_subject_alt_name_t type, + const void *data, unsigned int data_size) { const char *str; int result; @@ -724,10 +693,9 @@ _gnutls_write_general_name(asn1_node ext, const char *ext_name, return 0; } -int -_gnutls_write_new_general_name(asn1_node ext, const char *ext_name, - gnutls_x509_subject_alt_name_t type, - const void *data, unsigned int data_size) +int _gnutls_write_new_general_name(asn1_node ext, const char *ext_name, + gnutls_x509_subject_alt_name_t type, + const void *data, unsigned int data_size) { int result; char name[128]; @@ -738,7 +706,7 @@ _gnutls_write_new_general_name(asn1_node ext, const char *ext_name, return _gnutls_asn2err(result); } - if (ext_name[0] == 0) { /* no dot */ + if (ext_name[0] == 0) { /* no dot */ _gnutls_str_cpy(name, sizeof(name), "?LAST"); } else { _gnutls_str_cpy(name, sizeof(name), ext_name); @@ -754,10 +722,9 @@ _gnutls_write_new_general_name(asn1_node ext, const char *ext_name, return 0; } -int -_gnutls_write_new_othername(asn1_node ext, const char *ext_name, - const char *oid, - const void *data, unsigned int data_size) +int _gnutls_write_new_othername(asn1_node ext, const char *ext_name, + const char *oid, const void *data, + unsigned int data_size) { int result; char name[128]; @@ -769,7 +736,7 @@ _gnutls_write_new_othername(asn1_node ext, const char *ext_name, return _gnutls_asn2err(result); } - if (ext_name[0] == 0) { /* no dot */ + if (ext_name[0] == 0) { /* no dot */ _gnutls_str_cpy(name, sizeof(name), "?LAST"); } else { _gnutls_str_cpy(name, sizeof(name), ext_name); @@ -806,14 +773,12 @@ _gnutls_write_new_othername(asn1_node ext, const char *ext_name, /* Convert the given name to GeneralNames in a DER encoded extension. * This is the same as subject alternative name. */ -int -_gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t - type, - const char *othername_oid, - const void *data, - unsigned int data_size, - const gnutls_datum_t * prev_der_ext, - gnutls_datum_t * der_ext) +int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t type, + const char *othername_oid, + const void *data, + unsigned int data_size, + const gnutls_datum_t *prev_der_ext, + gnutls_datum_t *der_ext) { int ret; gnutls_subject_alt_names_t sans = NULL; @@ -827,10 +792,8 @@ _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t if (prev_der_ext && prev_der_ext->data != NULL && prev_der_ext->size != 0) { - - ret = - gnutls_x509_ext_import_subject_alt_names(prev_der_ext, sans, - 0); + ret = gnutls_x509_ext_import_subject_alt_names(prev_der_ext, + sans, 0); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -852,7 +815,7 @@ _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t } ret = 0; - cleanup: +cleanup: if (sans != NULL) gnutls_subject_alt_names_deinit(sans); @@ -861,9 +824,8 @@ _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t /* generate the AuthorityKeyID in a DER encoded extension */ -int -_gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, - gnutls_datum_t * der_ext) +int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, + gnutls_datum_t *der_ext) { gnutls_x509_aki_t aki; int ret; @@ -889,7 +851,7 @@ _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, ret = 0; - cleanup: +cleanup: gnutls_x509_aki_deinit(aki); return ret; } diff --git a/lib/x509/hostname-verify.c b/lib/x509/hostname-verify.c index fbe7f1a389..331161389f 100644 --- a/lib/x509/hostname-verify.c +++ b/lib/x509/hostname-verify.c @@ -43,8 +43,8 @@ * * Returns: non-zero for a successful match, and zero on failure. **/ -unsigned -gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, const char *hostname) +unsigned gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, + const char *hostname) { return gnutls_x509_crt_check_hostname2(cert, hostname, 0); } @@ -66,13 +66,12 @@ static int check_ip(gnutls_x509_crt_t cert, const void *ip, unsigned ip_size) */ for (i = 0; !(ret < 0); i++) { temp_size = sizeof(temp); - ret = gnutls_x509_crt_get_subject_alt_name(cert, i, - temp, + ret = gnutls_x509_crt_get_subject_alt_name(cert, i, temp, &temp_size, NULL); if (ret == GNUTLS_SAN_IPADDRESS) { - if (temp_size == ip_size - && memcmp(temp, ip, ip_size) == 0) + if (temp_size == ip_size && + memcmp(temp, ip, ip_size) == 0) return 1; } else if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { ret = 0; @@ -97,10 +96,9 @@ static int check_ip(gnutls_x509_crt_t cert, const void *ip, unsigned ip_size) * * Returns: non-zero for a successful match, and zero on failure. **/ -unsigned -gnutls_x509_crt_check_ip(gnutls_x509_crt_t cert, - const unsigned char *ip, unsigned int ip_size, - unsigned int flags) +unsigned gnutls_x509_crt_check_ip(gnutls_x509_crt_t cert, + const unsigned char *ip, unsigned int ip_size, + unsigned int flags) { return check_ip(cert, ip, ip_size); } @@ -110,7 +108,8 @@ gnutls_x509_crt_check_ip(gnutls_x509_crt_t cert, * that we do not fallback to CN-ID if we encounter a supported name * type. */ -#define IS_SAN_SUPPORTED(san) (san==GNUTLS_SAN_DNSNAME||san==GNUTLS_SAN_IPADDRESS) +#define IS_SAN_SUPPORTED(san) \ + (san == GNUTLS_SAN_DNSNAME || san == GNUTLS_SAN_IPADDRESS) /** * gnutls_x509_crt_check_hostname2: @@ -146,9 +145,9 @@ gnutls_x509_crt_check_ip(gnutls_x509_crt_t cert, * * Since: 3.3.0 **/ -unsigned -gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, - const char *hostname, unsigned int flags) +unsigned gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, + const char *hostname, + unsigned int flags) { char dnsname[MAX_CN]; size_t dnsnamesize; @@ -163,9 +162,8 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, /* check whether @hostname is an ip address */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES) && - ((p = strchr(hostname, ':')) != NULL - || inet_pton(AF_INET, hostname, &ipv4) != 0)) { - + ((p = strchr(hostname, ':')) != NULL || + inet_pton(AF_INET, hostname, &ipv4) != 0)) { if (p != NULL) { struct in6_addr ipv6; @@ -184,13 +182,13 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, return ret; } - hostname_fallback: +hostname_fallback: /* convert the provided hostname to ACE-Labels domain. */ ret = gnutls_idna_map(hostname, strlen(hostname), &out, 0); if (ret < 0) { - _gnutls_debug_log - ("unable to convert hostname %s to IDNA format\n", - hostname); + _gnutls_debug_log( + "unable to convert hostname %s to IDNA format\n", + hostname); a_hostname = (char *)hostname; } else { a_hostname = (char *)out.data; @@ -211,32 +209,29 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, * against all those of type dNSName. */ for (i = 0; !(ret < 0); i++) { - dnsnamesize = sizeof(dnsname); - ret = gnutls_x509_crt_get_subject_alt_name(cert, i, - dnsname, + ret = gnutls_x509_crt_get_subject_alt_name(cert, i, dnsname, &dnsnamesize, NULL); if (ret == GNUTLS_SAN_DNSNAME) { found_dnsname = 1; if (memchr(dnsname, '\0', dnsnamesize)) { - _gnutls_debug_log - ("certificate has %s with embedded null in name\n", - dnsname); + _gnutls_debug_log( + "certificate has %s with embedded null in name\n", + dnsname); continue; } if (!_gnutls_str_is_print(dnsname, dnsnamesize)) { - _gnutls_debug_log - ("invalid (non-ASCII) name in certificate %.*s\n", - (int)dnsnamesize, dnsname); + _gnutls_debug_log( + "invalid (non-ASCII) name in certificate %.*s\n", + (int)dnsnamesize, dnsname); continue; } - ret = - _gnutls_hostname_compare(dnsname, dnsnamesize, - a_hostname, flags); + ret = _gnutls_hostname_compare(dnsname, dnsnamesize, + a_hostname, flags); if (ret != 0) { ret = 1; goto cleanup; @@ -247,9 +242,8 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, } } - if (!have_other_addresses && !found_dnsname - && _gnutls_check_key_purpose(cert, GNUTLS_KP_TLS_WWW_SERVER, - 0) != 0) { + if (!have_other_addresses && !found_dnsname && + _gnutls_check_key_purpose(cert, GNUTLS_KP_TLS_WWW_SERVER, 0) != 0) { /* did not get the necessary extension, use CN instead, if the * certificate would have been acceptable for a TLS WWW server purpose. * That is because only for that purpose the CN is a valid field to @@ -259,40 +253,41 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, /* enforce the RFC6125 (§1.8) requirement that only * a single CN must be present */ dnsnamesize = sizeof(dnsname); - ret = gnutls_x509_crt_get_dn_by_oid - (cert, OID_X520_COMMON_NAME, 1, 0, dnsname, &dnsnamesize); + ret = gnutls_x509_crt_get_dn_by_oid(cert, OID_X520_COMMON_NAME, + 1, 0, dnsname, + &dnsnamesize); if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { ret = 0; goto cleanup; } dnsnamesize = sizeof(dnsname); - ret = gnutls_x509_crt_get_dn_by_oid - (cert, OID_X520_COMMON_NAME, 0, 0, dnsname, &dnsnamesize); + ret = gnutls_x509_crt_get_dn_by_oid(cert, OID_X520_COMMON_NAME, + 0, 0, dnsname, + &dnsnamesize); if (ret < 0) { ret = 0; goto cleanup; } if (memchr(dnsname, '\0', dnsnamesize)) { - _gnutls_debug_log - ("certificate has CN %s with embedded null in name\n", - dnsname); + _gnutls_debug_log( + "certificate has CN %s with embedded null in name\n", + dnsname); ret = 0; goto cleanup; } if (!_gnutls_str_is_print(dnsname, dnsnamesize)) { - _gnutls_debug_log - ("invalid (non-ASCII) name in certificate CN %.*s\n", - (int)dnsnamesize, dnsname); + _gnutls_debug_log( + "invalid (non-ASCII) name in certificate CN %.*s\n", + (int)dnsnamesize, dnsname); ret = 0; goto cleanup; } - ret = - _gnutls_hostname_compare(dnsname, dnsnamesize, a_hostname, - flags); + ret = _gnutls_hostname_compare(dnsname, dnsnamesize, a_hostname, + flags); if (ret != 0) { ret = 1; goto cleanup; @@ -302,7 +297,7 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, /* not found a matching name */ ret = 0; - cleanup: +cleanup: if (a_hostname != hostname) { gnutls_free(a_hostname); } diff --git a/lib/x509/ip-in-cidr.h b/lib/x509/ip-in-cidr.h index 3a8c0bae8a..ea27603200 100644 --- a/lib/x509/ip-in-cidr.h +++ b/lib/x509/ip-in-cidr.h @@ -22,7 +22,7 @@ */ #ifndef GNUTLS_LIB_X509_IP_IN_CIDR_H -# define GNUTLS_LIB_X509_IP_IN_CIDR_H +#define GNUTLS_LIB_X509_IP_IN_CIDR_H /*- * ip_in_cidr: @@ -35,11 +35,10 @@ * * Returns: 1 if @ip lies within @cidr, 0 otherwise -*/ -static unsigned ip_in_cidr(const gnutls_datum_t * ip, - const gnutls_datum_t * cidr) +static unsigned ip_in_cidr(const gnutls_datum_t *ip, const gnutls_datum_t *cidr) { unsigned byte; -# ifndef BUILD_IN_TESTS +#ifndef BUILD_IN_TESTS char str_ip[48]; char str_cidr[97]; @@ -50,14 +49,13 @@ static unsigned ip_in_cidr(const gnutls_datum_t * ip, (int)sizeof(str_cidr), _gnutls_cidr_to_string(cidr->data, cidr->size, str_cidr, sizeof(str_cidr))); -# endif +#endif for (byte = 0; byte < ip->size; byte++) - if (((ip->data[byte] ^ cidr->data[byte]) & cidr->data[ip->size + - byte]) != - 0) + if (((ip->data[byte] ^ cidr->data[byte]) & + cidr->data[ip->size + byte]) != 0) return 0; - return 1; /* match */ + return 1; /* match */ } -#endif /* GNUTLS_LIB_X509_IP_IN_CIDR_H */ +#endif /* GNUTLS_LIB_X509_IP_IN_CIDR_H */ diff --git a/lib/x509/ip.c b/lib/x509/ip.c index 06d0fe90c1..536b75c101 100644 --- a/lib/x509/ip.c +++ b/lib/x509/ip.c @@ -97,7 +97,6 @@ int _gnutls_mask_to_prefix(const unsigned char *mask, unsigned mask_size) const char *_gnutls_ip_to_string(const void *_ip, unsigned int ip_size, char *out, unsigned int out_size) { - if (ip_size != 4 && ip_size != 16) { gnutls_assert(); return NULL; @@ -223,7 +222,7 @@ int _gnutls_mask_ip(unsigned char *ip, const unsigned char *mask, * * Since: 3.5.4 */ -int gnutls_x509_cidr_to_rfc5280(const char *cidr, gnutls_datum_t * cidr_rfc5280) +int gnutls_x509_cidr_to_rfc5280(const char *cidr, gnutls_datum_t *cidr_rfc5280) { unsigned iplength, prefix; int ret; @@ -235,8 +234,8 @@ int gnutls_x509_cidr_to_rfc5280(const char *cidr, gnutls_datum_t * cidr_rfc5280) if (p != NULL) { prefix = strtol(p + 1, &p_end, 10); if (prefix == 0 && p_end == p + 1) { - _gnutls_debug_log - ("Cannot parse prefix given in CIDR %s\n", cidr); + _gnutls_debug_log( + "Cannot parse prefix given in CIDR %s\n", cidr); gnutls_assert(); return GNUTLS_E_MALFORMED_CIDR; } @@ -253,9 +252,9 @@ int gnutls_x509_cidr_to_rfc5280(const char *cidr, gnutls_datum_t * cidr_rfc5280) return GNUTLS_E_MALFORMED_CIDR; } - if (strchr(cidr, ':') != 0) { /* IPv6 */ + if (strchr(cidr, ':') != 0) { /* IPv6 */ iplength = 16; - } else { /* IPv4 */ + } else { /* IPv4 */ iplength = 4; } cidr_rfc5280->size = 2 * iplength; @@ -273,9 +272,8 @@ int gnutls_x509_cidr_to_rfc5280(const char *cidr, gnutls_datum_t * cidr_rfc5280) goto cleanup; } - ret = - inet_pton(iplength == 4 ? AF_INET : AF_INET6, cidr_tmp, - cidr_rfc5280->data); + ret = inet_pton(iplength == 4 ? AF_INET : AF_INET6, cidr_tmp, + cidr_rfc5280->data); if (ret == 0) { _gnutls_debug_log("Cannot parse IP from CIDR %s\n", cidr_tmp); ret = gnutls_assert_val(GNUTLS_E_MALFORMED_CIDR); @@ -288,7 +286,7 @@ int gnutls_x509_cidr_to_rfc5280(const char *cidr, gnutls_datum_t * cidr_rfc5280) ret = GNUTLS_E_SUCCESS; - cleanup: +cleanup: gnutls_free(cidr_tmp); return ret; } diff --git a/lib/x509/ip.h b/lib/x509/ip.h index 7bea20e4a3..63f3ad0182 100644 --- a/lib/x509/ip.h +++ b/lib/x509/ip.h @@ -22,7 +22,7 @@ */ #ifndef GNUTLS_LIB_X509_IP_H -# define GNUTLS_LIB_X509_IP_H +#define GNUTLS_LIB_X509_IP_H // for documentation, see the definition int _gnutls_mask_to_prefix(const unsigned char *mask, unsigned mask_size); @@ -39,4 +39,4 @@ const char *_gnutls_cidr_to_string(const void *_ip, unsigned int ip_size, int _gnutls_mask_ip(unsigned char *ip, const unsigned char *mask, unsigned ipsize); -#endif /* GNUTLS_LIB_X509_IP_H */ +#endif /* GNUTLS_LIB_X509_IP_H */ diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index add24b8bd9..38b3d61e0d 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -32,40 +32,38 @@ #include <num.h> #include <ecc.h> -static int _gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize, - gnutls_pk_params_st * params); -static int _gnutls_x509_read_dsa_pubkey(uint8_t * der, int dersize, - gnutls_pk_params_st * params); -static int _gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize, - gnutls_pk_params_st * params); +static int _gnutls_x509_read_rsa_pubkey(uint8_t *der, int dersize, + gnutls_pk_params_st *params); +static int _gnutls_x509_read_dsa_pubkey(uint8_t *der, int dersize, + gnutls_pk_params_st *params); +static int _gnutls_x509_read_ecc_pubkey(uint8_t *der, int dersize, + gnutls_pk_params_st *params); static int _gnutls_x509_read_eddsa_pubkey(gnutls_ecc_curve_t curve, - uint8_t * der, int dersize, - gnutls_pk_params_st * params); -static int _gnutls_x509_read_ecdh_pubkey(gnutls_ecc_curve_t curve, - uint8_t * der, int dersize, - gnutls_pk_params_st * params); -static int _gnutls_x509_read_gost_pubkey(uint8_t * der, int dersize, - gnutls_pk_params_st * params); - -static int -_gnutls_x509_read_dsa_params(uint8_t * der, int dersize, - gnutls_pk_params_st * params); + uint8_t *der, int dersize, + gnutls_pk_params_st *params); +static int _gnutls_x509_read_ecdh_pubkey(gnutls_ecc_curve_t curve, uint8_t *der, + int dersize, + gnutls_pk_params_st *params); +static int _gnutls_x509_read_gost_pubkey(uint8_t *der, int dersize, + gnutls_pk_params_st *params); + +static int _gnutls_x509_read_dsa_params(uint8_t *der, int dersize, + gnutls_pk_params_st *params); /* * some x509 certificate parsing functions that relate to MPI parameter * extraction. This reads the BIT STRING subjectPublicKey. * Returns 2 parameters (m,e). It does not set params_nr. */ -int -_gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize, - gnutls_pk_params_st * params) +int _gnutls_x509_read_rsa_pubkey(uint8_t *der, int dersize, + gnutls_pk_params_st *params) { int result; asn1_node spk = NULL; - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.RSAPublicKey", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -84,8 +82,8 @@ _gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize, return GNUTLS_E_ASN1_GENERIC_ERROR; } - if (_gnutls_x509_read_int(spk, "publicExponent", - ¶ms->params[1]) < 0) { + if (_gnutls_x509_read_int(spk, "publicExponent", ¶ms->params[1]) < + 0) { gnutls_assert(); _gnutls_mpi_release(¶ms->params[0]); asn1_delete_structure(&spk); @@ -95,7 +93,6 @@ _gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize, asn1_delete_structure(&spk); return 0; - } /* @@ -103,21 +100,18 @@ _gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize, * extraction. This reads the BIT STRING subjectPublicKey. * Returns 2 parameters (m,e). It does not set params_nr. */ -int -_gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize, - gnutls_pk_params_st * params) +int _gnutls_x509_read_ecc_pubkey(uint8_t *der, int dersize, + gnutls_pk_params_st *params) { /* RFC5480 defines the public key to be an ECPoint (i.e. OCTET STRING), * Then it says that the OCTET STRING _value_ is converted to BIT STRING. * That means that the value we place there is the raw X9.62 one. */ - return _gnutls_ecc_ansi_x962_import(der, dersize, - ¶ms->params[ECC_X], - ¶ms->params[ECC_Y]); + return _gnutls_ecc_ansi_x962_import( + der, dersize, ¶ms->params[ECC_X], ¶ms->params[ECC_Y]); } -int _gnutls_x509_read_eddsa_pubkey(gnutls_ecc_curve_t curve, - uint8_t * der, int dersize, - gnutls_pk_params_st * params) +int _gnutls_x509_read_eddsa_pubkey(gnutls_ecc_curve_t curve, uint8_t *der, + int dersize, gnutls_pk_params_st *params) { int size = gnutls_ecc_curve_get_size(curve); if (dersize != size) @@ -126,9 +120,8 @@ int _gnutls_x509_read_eddsa_pubkey(gnutls_ecc_curve_t curve, return _gnutls_set_datum(¶ms->raw_pub, der, dersize); } -int _gnutls_x509_read_ecdh_pubkey(gnutls_ecc_curve_t curve, - uint8_t * der, int dersize, - gnutls_pk_params_st * params) +int _gnutls_x509_read_ecdh_pubkey(gnutls_ecc_curve_t curve, uint8_t *der, + int dersize, gnutls_pk_params_st *params) { int size = gnutls_ecc_curve_get_size(curve); if (dersize != size) @@ -139,9 +132,8 @@ int _gnutls_x509_read_ecdh_pubkey(gnutls_ecc_curve_t curve, /* Pubkey is a concatenation of X (in little endian) and Y (also LE) * encoded into OCTET STRING. */ -static int -_gnutls_x509_read_gost_pubkey(uint8_t * der, int dersize, - gnutls_pk_params_st * params) +static int _gnutls_x509_read_gost_pubkey(uint8_t *der, int dersize, + gnutls_pk_params_st *params) { int ret; int len; @@ -182,15 +174,14 @@ _gnutls_x509_read_gost_pubkey(uint8_t * der, int dersize, * from the certificate (subjectPublicKey BIT STRING). * params[0-2]. It does NOT set params_nr. */ -static int -_gnutls_x509_read_dsa_params(uint8_t * der, int dersize, - gnutls_pk_params_st * params) +static int _gnutls_x509_read_dsa_params(uint8_t *der, int dersize, + gnutls_pk_params_st *params) { int result; asn1_node spk = NULL; - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.Dss-Parms", &spk)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Dss-Parms", + &spk)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -237,27 +228,25 @@ _gnutls_x509_read_dsa_params(uint8_t * der, int dersize, asn1_delete_structure(&spk); - params->params_nr = 3; /* public key is missing */ + params->params_nr = 3; /* public key is missing */ params->algo = GNUTLS_PK_DSA; return 0; - } /* reads the curve from the certificate. * params[0-4]. It does NOT set params_nr. */ -int -_gnutls_x509_read_ecc_params(uint8_t * der, int dersize, unsigned int *curve) +int _gnutls_x509_read_ecc_params(uint8_t *der, int dersize, unsigned int *curve) { int ret; asn1_node spk = NULL; char oid[MAX_OID_SIZE]; int oid_size; - if ((ret = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.ECParameters", - &spk)) != ASN1_SUCCESS) { + if ((ret = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.ECParameters", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); } @@ -289,19 +278,17 @@ _gnutls_x509_read_ecc_params(uint8_t * der, int dersize, unsigned int *curve) ret = 0; - cleanup: +cleanup: asn1_delete_structure(&spk); return ret; - } /* Reads RSA-PSS parameters. */ -int -_gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, - gnutls_x509_spki_st * params) +int _gnutls_x509_read_rsa_pss_params(uint8_t *der, int dersize, + gnutls_x509_spki_st *params) { int result; asn1_node spk = NULL; @@ -312,9 +299,9 @@ _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, unsigned int trailer; gnutls_datum_t value = { NULL, 0 }; - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPSSParameters", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.RSAPSSParameters", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -363,24 +350,23 @@ _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, /* Check if maskGenAlgorithm.parameters does exist and * is identical to hashAlgorithm */ - result = - _gnutls_x509_read_value(spk, "maskGenAlgorithm.parameters", - &value); + result = _gnutls_x509_read_value( + spk, "maskGenAlgorithm.parameters", &value); if (result < 0) { gnutls_assert(); goto cleanup; } - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.AlgorithmIdentifier", &c2)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.AlgorithmIdentifier", + &c2)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - result = - _asn1_strict_der_decode(&c2, value.data, value.size, NULL); + result = _asn1_strict_der_decode(&c2, value.data, value.size, + NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -439,7 +425,7 @@ _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, } result = 0; - cleanup: +cleanup: _gnutls_free_datum(&value); asn1_delete_structure(&c2); asn1_delete_structure(&spk); @@ -449,10 +435,9 @@ _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, /* reads the curve from the certificate. * It does NOT set params_nr. */ -int -_gnutls_x509_read_gost_params(uint8_t * der, int dersize, - gnutls_pk_params_st * params, - gnutls_pk_algorithm_t algo) +int _gnutls_x509_read_gost_params(uint8_t *der, int dersize, + gnutls_pk_params_st *params, + gnutls_pk_algorithm_t algo) { int ret; asn1_node spk = NULL; @@ -463,8 +448,8 @@ _gnutls_x509_read_gost_params(uint8_t * der, int dersize, if ((ret = asn1_create_element(_gnutls_get_gnutls_asn(), algo == GNUTLS_PK_GOST_01 ? - "GNUTLS.GOSTParametersOld" : - "GNUTLS.GOSTParameters", + "GNUTLS.GOSTParametersOld" : + "GNUTLS.GOSTParameters", &spk)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); @@ -528,18 +513,17 @@ _gnutls_x509_read_gost_params(uint8_t * der, int dersize, params->gost_params = param; ret = 0; - cleanup: +cleanup: asn1_delete_structure(&spk); return ret; - } /* This function must be called after _gnutls_x509_read_params() */ -int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der, - int dersize, gnutls_pk_params_st * params) +int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t *der, + int dersize, gnutls_pk_params_st *params) { int ret; @@ -553,7 +537,8 @@ int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der, } break; case GNUTLS_PK_DSA: - if (params->params_nr != 3) /* _gnutls_x509_read_pubkey_params must have been called */ + if (params->params_nr != + 3) /* _gnutls_x509_read_pubkey_params must have been called */ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ret = _gnutls_x509_read_dsa_pubkey(der, dersize, params); @@ -570,24 +555,20 @@ int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der, } break; case GNUTLS_PK_EDDSA_ED25519: - ret = - _gnutls_x509_read_eddsa_pubkey(GNUTLS_ECC_CURVE_ED25519, - der, dersize, params); + ret = _gnutls_x509_read_eddsa_pubkey(GNUTLS_ECC_CURVE_ED25519, + der, dersize, params); break; case GNUTLS_PK_EDDSA_ED448: - ret = - _gnutls_x509_read_eddsa_pubkey(GNUTLS_ECC_CURVE_ED448, der, - dersize, params); + ret = _gnutls_x509_read_eddsa_pubkey(GNUTLS_ECC_CURVE_ED448, + der, dersize, params); break; case GNUTLS_PK_ECDH_X25519: - ret = - _gnutls_x509_read_ecdh_pubkey(GNUTLS_ECC_CURVE_X25519, der, - dersize, params); + ret = _gnutls_x509_read_ecdh_pubkey(GNUTLS_ECC_CURVE_X25519, + der, dersize, params); break; case GNUTLS_PK_ECDH_X448: - ret = - _gnutls_x509_read_ecdh_pubkey(GNUTLS_ECC_CURVE_X448, der, - dersize, params); + ret = _gnutls_x509_read_ecdh_pubkey(GNUTLS_ECC_CURVE_X448, der, + dersize, params); break; case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: @@ -607,9 +588,8 @@ int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der, /* This function must be called prior to _gnutls_x509_read_pubkey() */ -int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo, - uint8_t * der, int dersize, - gnutls_pk_params_st * params) +int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo, uint8_t *der, + int dersize, gnutls_pk_params_st *params) { switch (algo) { case GNUTLS_PK_RSA: @@ -636,33 +616,31 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo, /* This function must be called after _gnutls_x509_read_pubkey() */ -int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st * params) +int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st *params) { switch (params->algo) { - case GNUTLS_PK_RSA_PSS:{ - unsigned bits; - const mac_entry_st *me; - size_t hash_size; - - if (params->spki.pk == GNUTLS_PK_UNKNOWN) /* no params present */ - return 0; - - bits = pubkey_to_bits(params); - - me = hash_to_entry(params->spki.rsa_pss_dig); - if (unlikely(me == NULL)) - return - gnutls_assert_val - (GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); - - hash_size = _gnutls_hash_get_algo_len(me); - if (hash_size + params->spki.salt_size + 2 > - (bits + 7) / 8) - return - gnutls_assert_val - (GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); + case GNUTLS_PK_RSA_PSS: { + unsigned bits; + const mac_entry_st *me; + size_t hash_size; + + if (params->spki.pk == + GNUTLS_PK_UNKNOWN) /* no params present */ return 0; - } + + bits = pubkey_to_bits(params); + + me = hash_to_entry(params->spki.rsa_pss_dig); + if (unlikely(me == NULL)) + return gnutls_assert_val( + GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); + + hash_size = _gnutls_hash_get_algo_len(me); + if (hash_size + params->spki.salt_size + 2 > (bits + 7) / 8) + return gnutls_assert_val( + GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); + return 0; + } case GNUTLS_PK_RSA: case GNUTLS_PK_DSA: case GNUTLS_PK_ECDSA: @@ -683,9 +661,8 @@ int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st * params) * from the certificate * only sets params[3] */ -int -_gnutls_x509_read_dsa_pubkey(uint8_t * der, int dersize, - gnutls_pk_params_st * params) +int _gnutls_x509_read_dsa_pubkey(uint8_t *der, int dersize, + gnutls_pk_params_st *params) { return _gnutls_x509_read_der_int(der, dersize, ¶ms->params[3]); } diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index 4aa493b7cc..0d26d3ce36 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -33,16 +33,16 @@ #include <mpi.h> #include <ecc.h> -static int _gnutls_x509_write_rsa_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der); -static int _gnutls_x509_write_dsa_params(const gnutls_pk_params_st * params, - gnutls_datum_t * der); -static int _gnutls_x509_write_dsa_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der); -static int _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, - gnutls_datum_t * der); -static int _gnutls_x509_write_gost_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der); +static int _gnutls_x509_write_rsa_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der); +static int _gnutls_x509_write_dsa_params(const gnutls_pk_params_st *params, + gnutls_datum_t *der); +static int _gnutls_x509_write_dsa_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der); +static int _gnutls_x509_write_gost_params(const gnutls_pk_params_st *params, + gnutls_datum_t *der); +static int _gnutls_x509_write_gost_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der); /* * some x509 certificate functions that relate to MPI parameter @@ -51,9 +51,8 @@ static int _gnutls_x509_write_gost_pubkey(const gnutls_pk_params_st * params, * * Allocates the space used to store the DER data. */ -static int -_gnutls_x509_write_rsa_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der) +static int _gnutls_x509_write_rsa_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der) { int result; asn1_node spk = NULL; @@ -67,9 +66,9 @@ _gnutls_x509_write_rsa_pubkey(const gnutls_pk_params_st * params, goto cleanup; } - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.RSAPublicKey", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -80,8 +79,8 @@ _gnutls_x509_write_rsa_pubkey(const gnutls_pk_params_st * params, goto cleanup; } - result = - _gnutls_x509_write_int(spk, "publicExponent", params->params[1], 1); + result = _gnutls_x509_write_int(spk, "publicExponent", + params->params[1], 1); if (result < 0) { gnutls_assert(); goto cleanup; @@ -95,7 +94,7 @@ _gnutls_x509_write_rsa_pubkey(const gnutls_pk_params_st * params, result = 0; - cleanup: +cleanup: asn1_delete_structure(&spk); return result; @@ -107,9 +106,8 @@ _gnutls_x509_write_rsa_pubkey(const gnutls_pk_params_st * params, * * Allocates the space used to store the DER data. */ -int -_gnutls_x509_write_ecc_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der) +int _gnutls_x509_write_ecc_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der) { int result; @@ -119,7 +117,9 @@ _gnutls_x509_write_ecc_pubkey(const gnutls_pk_params_st * params, if (params->params_nr < ECC_PUBLIC_PARAMS) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - result = _gnutls_ecc_ansi_x962_export(params->curve, params->params[ECC_X], params->params[ECC_Y], /*&out */ + result = _gnutls_ecc_ansi_x962_export(params->curve, + params->params[ECC_X], + params->params[ECC_Y], /*&out */ der); if (result < 0) return gnutls_assert_val(result); @@ -133,9 +133,8 @@ _gnutls_x509_write_ecc_pubkey(const gnutls_pk_params_st * params, * * Allocates the space used to store the data. */ -int -_gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * raw) +int _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *raw) { int ret; @@ -149,8 +148,8 @@ _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params, params->curve != GNUTLS_ECC_CURVE_ED448) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); - ret = - _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size); + ret = _gnutls_set_datum(raw, params->raw_pub.data, + params->raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); @@ -164,8 +163,8 @@ _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params, * Allocates the space used to store the data. */ static int -_gnutls_x509_write_modern_ecdh_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * raw) +_gnutls_x509_write_modern_ecdh_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *raw) { int ret; @@ -179,17 +178,16 @@ _gnutls_x509_write_modern_ecdh_pubkey(const gnutls_pk_params_st * params, params->curve != GNUTLS_ECC_CURVE_X448) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); - ret = - _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size); + ret = _gnutls_set_datum(raw, params->raw_pub.data, + params->raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); return 0; } -int -_gnutls_x509_write_gost_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der) +int _gnutls_x509_write_gost_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der) { bigint_t x, y; int numlen; @@ -254,14 +252,13 @@ _gnutls_x509_write_gost_pubkey(const gnutls_pk_params_st * params, return 0; - cleanup: +cleanup: _gnutls_free_datum(der); return ret; } -int -_gnutls_x509_write_pubkey_params(const gnutls_pk_params_st * params, - gnutls_datum_t * der) +int _gnutls_x509_write_pubkey_params(const gnutls_pk_params_st *params, + gnutls_datum_t *der) { switch (params->algo) { case GNUTLS_PK_DSA: @@ -295,9 +292,8 @@ _gnutls_x509_write_pubkey_params(const gnutls_pk_params_st * params, } } -int -_gnutls_x509_write_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der) +int _gnutls_x509_write_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der) { switch (params->algo) { case GNUTLS_PK_DSA: @@ -328,9 +324,8 @@ _gnutls_x509_write_pubkey(const gnutls_pk_params_st * params, * * Allocates the space used to store the DER data. */ -static int -_gnutls_x509_write_dsa_params(const gnutls_pk_params_st * params, - gnutls_datum_t * der) +static int _gnutls_x509_write_dsa_params(const gnutls_pk_params_st *params, + gnutls_datum_t *der) { int result; asn1_node spk = NULL; @@ -344,9 +339,9 @@ _gnutls_x509_write_dsa_params(const gnutls_pk_params_st * params, goto cleanup; } - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAParameters", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.DSAParameters", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -377,7 +372,7 @@ _gnutls_x509_write_dsa_params(const gnutls_pk_params_st * params, result = 0; - cleanup: +cleanup: asn1_delete_structure(&spk); return result; } @@ -388,9 +383,8 @@ _gnutls_x509_write_dsa_params(const gnutls_pk_params_st * params, * * Allocates the space used to store the DER data. */ -int -_gnutls_x509_write_ecc_params(const gnutls_ecc_curve_t curve, - gnutls_datum_t * der) +int _gnutls_x509_write_ecc_params(const gnutls_ecc_curve_t curve, + gnutls_datum_t *der) { int result; asn1_node spk = NULL; @@ -403,22 +397,22 @@ _gnutls_x509_write_ecc_params(const gnutls_ecc_curve_t curve, if (oid == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.ECParameters", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.ECParameters", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - if ((result = - asn1_write_value(spk, "", "namedCurve", 1)) != ASN1_SUCCESS) { + if ((result = asn1_write_value(spk, "", "namedCurve", 1)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - if ((result = - asn1_write_value(spk, "namedCurve", oid, 1)) != ASN1_SUCCESS) { + if ((result = asn1_write_value(spk, "namedCurve", oid, 1)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -432,14 +426,13 @@ _gnutls_x509_write_ecc_params(const gnutls_ecc_curve_t curve, result = 0; - cleanup: +cleanup: asn1_delete_structure(&spk); return result; } -int -_gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st * params, - gnutls_datum_t * der) +int _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st *params, + gnutls_datum_t *der) { int result; asn1_node spk = NULL; @@ -458,9 +451,9 @@ _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st * params, GNUTLS_SIGN_UNKNOWN) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPSSParameters", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.RSAPSSParameters", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -468,47 +461,45 @@ _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st * params, oid = gnutls_digest_get_oid(params->rsa_pss_dig); - if ((result = asn1_write_value(spk, "hashAlgorithm.algorithm", oid, 1)) - != ASN1_SUCCESS) { + if ((result = asn1_write_value(spk, "hashAlgorithm.algorithm", oid, + 1)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - if ((result = - asn1_write_value(spk, "hashAlgorithm.parameters", NULL, 0)) - != ASN1_SUCCESS) { + if ((result = asn1_write_value(spk, "hashAlgorithm.parameters", NULL, + 0)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - if ((result = - asn1_write_value(spk, "maskGenAlgorithm.algorithm", - PKIX1_RSA_PSS_MGF1_OID, 1)) - != ASN1_SUCCESS) { + if ((result = asn1_write_value(spk, "maskGenAlgorithm.algorithm", + PKIX1_RSA_PSS_MGF1_OID, 1)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.AlgorithmIdentifier", &c2)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.AlgorithmIdentifier", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - if ((result = asn1_write_value(c2, "algorithm", oid, 1)) - != ASN1_SUCCESS) { + if ((result = asn1_write_value(c2, "algorithm", oid, 1)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - if ((result = asn1_write_value(c2, "parameters", NULL, 0)) - != ASN1_SUCCESS) { + if ((result = asn1_write_value(c2, "parameters", NULL, 0)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -520,17 +511,15 @@ _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st * params, goto cleanup; } - if ((result = - asn1_write_value(spk, "maskGenAlgorithm.parameters", - tmp.data, tmp.size)) - != ASN1_SUCCESS) { + if ((result = asn1_write_value(spk, "maskGenAlgorithm.parameters", + tmp.data, tmp.size)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - result = _gnutls_x509_write_uint32(spk, "saltLength", - params->salt_size); + result = + _gnutls_x509_write_uint32(spk, "saltLength", params->salt_size); if (result < 0) { gnutls_assert(); goto cleanup; @@ -550,16 +539,15 @@ _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st * params, result = 0; - cleanup: +cleanup: _gnutls_free_datum(&tmp); asn1_delete_structure(&c2); asn1_delete_structure(&spk); return result; } -static int -_gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, - gnutls_datum_t * der) +static int _gnutls_x509_write_gost_params(const gnutls_pk_params_st *params, + gnutls_datum_t *der) { int result; asn1_node spk = NULL; @@ -572,18 +560,17 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, if (oid == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), - params->algo == GNUTLS_PK_GOST_01 ? - "GNUTLS.GOSTParametersOld" : "GNUTLS.GOSTParameters", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + params->algo == GNUTLS_PK_GOST_01 ? + "GNUTLS.GOSTParametersOld" : + "GNUTLS.GOSTParameters", + &spk)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - if ((result = - asn1_write_value(spk, "publicKeyParamSet", oid, - 1)) != ASN1_SUCCESS) { + if ((result = asn1_write_value(spk, "publicKeyParamSet", oid, 1)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -608,9 +595,8 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, else oid = NULL; - if ((result = - asn1_write_value(spk, "digestParamSet", oid, - oid ? 1 : 0)) != ASN1_SUCCESS) { + if ((result = asn1_write_value(spk, "digestParamSet", oid, + oid ? 1 : 0)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -628,9 +614,8 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, _gnutls_gost_paramset_default(params->algo)) oid = NULL; - if ((result = - asn1_write_value(spk, "encryptionParamSet", oid, - oid ? 1 : 0)) != ASN1_SUCCESS) { + if ((result = asn1_write_value(spk, "encryptionParamSet", oid, + oid ? 1 : 0)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -645,7 +630,7 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, result = 0; - cleanup: +cleanup: asn1_delete_structure(&spk); return result; } @@ -656,9 +641,8 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, * * Allocates the space used to store the DER data. */ -static int -_gnutls_x509_write_dsa_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der) +static int _gnutls_x509_write_dsa_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der) { int result; asn1_node spk = NULL; @@ -672,9 +656,9 @@ _gnutls_x509_write_dsa_pubkey(const gnutls_pk_params_st * params, goto cleanup; } - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", &spk)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.DSAPublicKey", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -693,14 +677,14 @@ _gnutls_x509_write_dsa_pubkey(const gnutls_pk_params_st * params, result = 0; - cleanup: +cleanup: asn1_delete_structure(&spk); return result; } /* Encodes the RSA parameters into an ASN.1 RSA private key structure. */ -static int _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) +static int _gnutls_asn1_encode_rsa(asn1_node *c2, gnutls_pk_params_st *params) { int result, ret; uint8_t null = '\0'; @@ -731,9 +715,9 @@ static int _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) *c2 = NULL; } - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPrivateKey", c2)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.RSAPrivateKey", c2)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; @@ -741,79 +725,71 @@ static int _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) /* Write PRIME */ - ret = - _gnutls_x509_write_int(*c2, "modulus", - params->params[RSA_MODULUS], 1); + ret = _gnutls_x509_write_int(*c2, "modulus", + params->params[RSA_MODULUS], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_int(*c2, "publicExponent", - params->params[RSA_PUB], 1); + ret = _gnutls_x509_write_int(*c2, "publicExponent", + params->params[RSA_PUB], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_key_int(*c2, "privateExponent", - params->params[RSA_PRIV], 1); + ret = _gnutls_x509_write_key_int(*c2, "privateExponent", + params->params[RSA_PRIV], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_key_int(*c2, "prime1", - params->params[RSA_PRIME1], 1); + ret = _gnutls_x509_write_key_int(*c2, "prime1", + params->params[RSA_PRIME1], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_key_int(*c2, "prime2", - params->params[RSA_PRIME2], 1); + ret = _gnutls_x509_write_key_int(*c2, "prime2", + params->params[RSA_PRIME2], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_key_int(*c2, "coefficient", - params->params[RSA_COEF], 1); + ret = _gnutls_x509_write_key_int(*c2, "coefficient", + params->params[RSA_COEF], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_key_int(*c2, "exponent1", - params->params[RSA_E1], 1); + ret = _gnutls_x509_write_key_int(*c2, "exponent1", + params->params[RSA_E1], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_key_int(*c2, "exponent2", - params->params[RSA_E2], 1); + ret = _gnutls_x509_write_key_int(*c2, "exponent2", + params->params[RSA_E2], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - if ((result = asn1_write_value(*c2, "otherPrimeInfos", - NULL, 0)) != ASN1_SUCCESS) { + if ((result = asn1_write_value(*c2, "otherPrimeInfos", NULL, 0)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - if ((result = - asn1_write_value(*c2, "version", &null, 1)) != ASN1_SUCCESS) { + if ((result = asn1_write_value(*c2, "version", &null, 1)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; @@ -821,7 +797,7 @@ static int _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) ret = 0; - cleanup: +cleanup: if (ret < 0) asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); @@ -832,7 +808,7 @@ static int _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) /* Encodes the ECC parameters into an ASN.1 ECPrivateKey structure. */ -static int _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) +static int _gnutls_asn1_encode_ecc(asn1_node *c2, gnutls_pk_params_st *params) { int ret; uint8_t one = '\x01'; @@ -849,9 +825,9 @@ static int _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) *c2 = NULL; } - if ((ret = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.ECPrivateKey", c2)) - != ASN1_SUCCESS) { + if ((ret = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.ECPrivateKey", c2)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; @@ -867,18 +843,16 @@ static int _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) curve_is_modern_ecdh(params->curve)) { if (params->raw_pub.size == 0 || params->raw_priv.size == 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - ret = - asn1_write_value(*c2, "privateKey", params->raw_priv.data, - params->raw_priv.size); + ret = asn1_write_value(*c2, "privateKey", params->raw_priv.data, + params->raw_priv.size); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; } - ret = - asn1_write_value(*c2, "publicKey", params->raw_pub.data, - params->raw_pub.size * 8); + ret = asn1_write_value(*c2, "publicKey", params->raw_pub.data, + params->raw_pub.size * 8); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -888,25 +862,22 @@ static int _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) if (params->params_nr != ECC_PRIVATE_PARAMS) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - ret = - _gnutls_ecc_ansi_x962_export(params->curve, - params->params[ECC_X], - params->params[ECC_Y], - &pubkey); + ret = _gnutls_ecc_ansi_x962_export(params->curve, + params->params[ECC_X], + params->params[ECC_Y], + &pubkey); if (ret < 0) return gnutls_assert_val(ret); - ret = - _gnutls_x509_write_key_int(*c2, "privateKey", - params->params[ECC_K], 1); + ret = _gnutls_x509_write_key_int(*c2, "privateKey", + params->params[ECC_K], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - if ((ret = - asn1_write_value(*c2, "publicKey", pubkey.data, - pubkey.size * 8)) != ASN1_SUCCESS) { + if ((ret = asn1_write_value(*c2, "publicKey", pubkey.data, + pubkey.size * 8)) != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; @@ -914,17 +885,15 @@ static int _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) } /* write our choice */ - if ((ret = - asn1_write_value(*c2, "parameters", "namedCurve", - 1)) != ASN1_SUCCESS) { + if ((ret = asn1_write_value(*c2, "parameters", "namedCurve", 1)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; } - if ((ret = - asn1_write_value(*c2, "parameters.namedCurve", oid, - 1)) != ASN1_SUCCESS) { + if ((ret = asn1_write_value(*c2, "parameters.namedCurve", oid, 1)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; @@ -933,15 +902,14 @@ static int _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) _gnutls_free_datum(&pubkey); return 0; - cleanup: +cleanup: asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); _gnutls_free_datum(&pubkey); return ret; } -static int -_gnutls_asn1_encode_gost(asn1_node * c2, gnutls_pk_params_st * params) +static int _gnutls_asn1_encode_gost(asn1_node *c2, gnutls_pk_params_st *params) { int ret; const char *oid; @@ -957,9 +925,9 @@ _gnutls_asn1_encode_gost(asn1_node * c2, gnutls_pk_params_st * params) *c2 = NULL; } - if ((ret = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.GOSTPrivateKey", c2)) - != ASN1_SUCCESS) { + if ((ret = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.GOSTPrivateKey", c2)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; @@ -973,7 +941,7 @@ _gnutls_asn1_encode_gost(asn1_node * c2, gnutls_pk_params_st * params) return 0; - cleanup: +cleanup: asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); return ret; @@ -981,7 +949,7 @@ _gnutls_asn1_encode_gost(asn1_node * c2, gnutls_pk_params_st * params) /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure. */ -static int _gnutls_asn1_encode_dsa(asn1_node * c2, gnutls_pk_params_st * params) +static int _gnutls_asn1_encode_dsa(asn1_node *c2, gnutls_pk_params_st *params) { int result, ret; const uint8_t null = '\0'; @@ -992,9 +960,9 @@ static int _gnutls_asn1_encode_dsa(asn1_node * c2, gnutls_pk_params_st * params) *c2 = NULL; } - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPrivateKey", c2)) - != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.DSAPrivateKey", c2)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -1031,8 +999,8 @@ static int _gnutls_asn1_encode_dsa(asn1_node * c2, gnutls_pk_params_st * params) goto cleanup; } - if ((result = - asn1_write_value(*c2, "version", &null, 1)) != ASN1_SUCCESS) { + if ((result = asn1_write_value(*c2, "version", &null, 1)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; @@ -1040,13 +1008,13 @@ static int _gnutls_asn1_encode_dsa(asn1_node * c2, gnutls_pk_params_st * params) return 0; - cleanup: +cleanup: asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); return ret; } -int _gnutls_asn1_encode_privkey(asn1_node * c2, gnutls_pk_params_st * params) +int _gnutls_asn1_encode_privkey(asn1_node *c2, gnutls_pk_params_st *params) { switch (params->algo) { case GNUTLS_PK_RSA: diff --git a/lib/x509/krb5.c b/lib/x509/krb5.c index b26d07dfcb..bf287d1d72 100644 --- a/lib/x509/krb5.c +++ b/lib/x509/krb5.c @@ -43,7 +43,7 @@ typedef struct krb5_principal_data { extern const asn1_static_node krb5_asn1_tab[]; -static void cleanup_principal(krb5_principal_data * princ) +static void cleanup_principal(krb5_principal_data *princ) { unsigned i; if (princ) { @@ -91,9 +91,9 @@ static krb5_principal_data *name_to_principal(const char *_name) p = strtok_r(name, "/", &sp); while (p) { if (pos == MAX_COMPONENTS) { - _gnutls_debug_log - ("%s: Cannot parse names with more than %d components\n", - __func__, MAX_COMPONENTS); + _gnutls_debug_log( + "%s: Cannot parse names with more than %d components\n", + __func__, MAX_COMPONENTS); goto fail; } @@ -109,13 +109,13 @@ static krb5_principal_data *name_to_principal(const char *_name) p = strtok_r(NULL, "/", &sp); } - if ((princ->length == 2) - && (strcmp(princ->data[0], "krbtgt") == 0)) { - princ->type = 2; /* KRB_NT_SRV_INST */ + if ((princ->length == 2) && + (strcmp(princ->data[0], "krbtgt") == 0)) { + princ->type = 2; /* KRB_NT_SRV_INST */ } else { - princ->type = 1; /* KRB_NT_PRINCIPAL */ + princ->type = 1; /* KRB_NT_PRINCIPAL */ } - } else { /* enterprise */ + } else { /* enterprise */ princ->data[0] = gnutls_strdup(name); if (princ->data[0] == NULL) { gnutls_assert(); @@ -123,20 +123,20 @@ static krb5_principal_data *name_to_principal(const char *_name) } princ->length++; - princ->type = 10; /* KRB_NT_ENTERPRISE */ + princ->type = 10; /* KRB_NT_ENTERPRISE */ } goto cleanup; - fail: +fail: cleanup_principal(princ); princ = NULL; - cleanup: +cleanup: gnutls_free(name); return princ; } -int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) +int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t *der) { int ret, result; asn1_node c2 = NULL; @@ -150,25 +150,24 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) goto cleanup; } - result = - asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.KRB5PrincipalName", &c2); + result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.KRB5PrincipalName", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(c2, "realm", princ->realm, strlen(princ->realm)); + result = asn1_write_value(c2, "realm", princ->realm, + strlen(princ->realm)); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(c2, "principalName.name-type", &princ->type, 1); + result = asn1_write_value(c2, "principalName.name-type", &princ->type, + 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -176,18 +175,17 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) } for (i = 0; i < princ->length; i++) { - result = - asn1_write_value(c2, "principalName.name-string", "NEW", 1); + result = asn1_write_value(c2, "principalName.name-string", + "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(c2, - "principalName.name-string.?LAST", - princ->data[i], strlen(princ->data[i])); + result = asn1_write_value(c2, "principalName.name-string.?LAST", + princ->data[i], + strlen(princ->data[i])); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -202,13 +200,13 @@ int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der) } ret = 0; - cleanup: +cleanup: cleanup_principal(princ); asn1_delete_structure(&c2); return ret; } -static int principal_to_str(asn1_node c2, gnutls_buffer_st * str) +static int principal_to_str(asn1_node c2, gnutls_buffer_st *str) { gnutls_datum_t realm = { NULL, 0 }; gnutls_datum_t component = { NULL, 0 }; @@ -225,15 +223,15 @@ static int principal_to_str(asn1_node c2, gnutls_buffer_st * str) len = sizeof(name_type); result = - asn1_read_value(c2, "principalName.name-type", name_type, &len); + asn1_read_value(c2, "principalName.name-type", name_type, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - if (len != 1 - || (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) { + if (len != 1 || + (name_type[0] != 1 && name_type[0] != 2 && name_type[0] != 10)) { ret = GNUTLS_E_INVALID_REQUEST; goto cleanup; } @@ -242,8 +240,8 @@ static int principal_to_str(asn1_node c2, gnutls_buffer_st * str) snprintf(val, sizeof(val), "principalName.name-string.?%u", i + 1); ret = _gnutls_x509_read_value(c2, val, &component); - if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND - || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) + if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND || + ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) break; if (ret < 0) { gnutls_assert(); @@ -258,9 +256,8 @@ static int principal_to_str(asn1_node c2, gnutls_buffer_st * str) } } - ret = - _gnutls_buffer_append_data(str, component.data, - component.size); + ret = _gnutls_buffer_append_data(str, component.data, + component.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -282,14 +279,14 @@ static int principal_to_str(asn1_node c2, gnutls_buffer_st * str) } ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&component); gnutls_free(realm.data); return ret; } -int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, - gnutls_datum_t * name) +int _gnutls_krb5_der_to_principal(const gnutls_datum_t *der, + gnutls_datum_t *name) { int ret, result; asn1_node c2 = NULL; @@ -297,9 +294,8 @@ int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, _gnutls_buffer_init(&str); - result = - asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.KRB5PrincipalName", &c2); + result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.KRB5PrincipalName", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -331,7 +327,7 @@ int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, asn1_delete_structure(&c2); return _gnutls_buffer_to_datum(&str, name, 1); - cleanup: +cleanup: _gnutls_buffer_clear(&str); asn1_delete_structure(&c2); return ret; diff --git a/lib/x509/krb5.h b/lib/x509/krb5.h index da9f07b8c0..1267a414ce 100644 --- a/lib/x509/krb5.h +++ b/lib/x509/krb5.h @@ -21,10 +21,10 @@ */ #ifndef GNUTLS_LIB_X509_KRB5_H -# define GNUTLS_LIB_X509_KRB5_H +#define GNUTLS_LIB_X509_KRB5_H -int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t * der); -int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, - gnutls_datum_t * name); +int _gnutls_krb5_principal_to_der(const char *name, gnutls_datum_t *der); +int _gnutls_krb5_der_to_principal(const gnutls_datum_t *der, + gnutls_datum_t *name); -#endif /* GNUTLS_LIB_X509_KRB5_H */ +#endif /* GNUTLS_LIB_X509_KRB5_H */ diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index c696d89936..f96624a15b 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -34,15 +34,15 @@ /* Reads an Integer from the DER encoded data */ -int _gnutls_x509_read_der_int(uint8_t * der, int dersize, bigint_t * out) +int _gnutls_x509_read_der_int(uint8_t *der, int dersize, bigint_t *out) { int result; asn1_node spk = NULL; /* == INTEGER */ - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", - &spk)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.DSAPublicKey", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -66,18 +66,17 @@ int _gnutls_x509_read_der_int(uint8_t * der, int dersize, bigint_t * out) asn1_delete_structure(&spk); return 0; - } -int _gnutls_x509_read_der_uint(uint8_t * der, int dersize, unsigned int *out) +int _gnutls_x509_read_der_uint(uint8_t *der, int dersize, unsigned int *out) { int result; asn1_node spk = NULL; /* == INTEGER */ - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", - &spk)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.DSAPublicKey", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -101,14 +100,12 @@ int _gnutls_x509_read_der_uint(uint8_t * der, int dersize, unsigned int *out) asn1_delete_structure(&spk); return 0; - } /* Extracts DSA and RSA parameters from a certificate. */ -int -_gnutls_get_asn_mpis(asn1_node asn, const char *root, - gnutls_pk_params_st * params) +int _gnutls_get_asn_mpis(asn1_node asn, const char *root, + gnutls_pk_params_st *params) { int result; char name[256]; @@ -133,15 +130,15 @@ _gnutls_get_asn_mpis(asn1_node asn, const char *root, _asnstr_append_name(name, sizeof(name), root, ".algorithm.parameters"); if (pk_algorithm != GNUTLS_PK_RSA && - pk_algorithm != GNUTLS_PK_EDDSA_ED25519 - && pk_algorithm != GNUTLS_PK_ECDH_X25519 - && pk_algorithm != GNUTLS_PK_EDDSA_ED448 - && pk_algorithm != GNUTLS_PK_ECDH_X448) { + pk_algorithm != GNUTLS_PK_EDDSA_ED25519 && + pk_algorithm != GNUTLS_PK_ECDH_X25519 && + pk_algorithm != GNUTLS_PK_EDDSA_ED448 && + pk_algorithm != GNUTLS_PK_ECDH_X448) { /* RSA and EdDSA do not use parameters */ result = _gnutls_x509_read_value(asn, name, &tmp); if (pk_algorithm == GNUTLS_PK_RSA_PSS && - (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND - || result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)) { + (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND || + result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)) { goto skip_params; } if (result < 0) { @@ -149,9 +146,8 @@ _gnutls_get_asn_mpis(asn1_node asn, const char *root, goto error; } - result = - _gnutls_x509_read_pubkey_params(pk_algorithm, - tmp.data, tmp.size, params); + result = _gnutls_x509_read_pubkey_params(pk_algorithm, tmp.data, + tmp.size, params); if (result < 0) { gnutls_assert(); goto error; @@ -160,7 +156,7 @@ _gnutls_get_asn_mpis(asn1_node asn, const char *root, _gnutls_free_datum(&tmp); } - skip_params: +skip_params: /* Now read the public key */ _asnstr_append_name(name, sizeof(name), root, ".subjectPublicKey"); @@ -170,9 +166,8 @@ _gnutls_get_asn_mpis(asn1_node asn, const char *root, goto error; } - if ((result = - _gnutls_x509_read_pubkey(pk_algorithm, tmp.data, tmp.size, - params)) < 0) { + if ((result = _gnutls_x509_read_pubkey(pk_algorithm, tmp.data, tmp.size, + params)) < 0) { gnutls_assert(); goto error; } @@ -185,7 +180,7 @@ _gnutls_get_asn_mpis(asn1_node asn, const char *root, result = 0; - error: +error: if (result < 0) gnutls_pk_params_release(params); _gnutls_free_datum(&tmp); @@ -194,35 +189,32 @@ _gnutls_get_asn_mpis(asn1_node asn, const char *root, /* Extracts DSA and RSA parameters from a certificate. */ -int -_gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert, gnutls_pk_params_st * params) +int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert, + gnutls_pk_params_st *params) { /* Read the algorithm's OID */ - return _gnutls_get_asn_mpis(cert->cert, - "tbsCertificate.subjectPublicKeyInfo", - params); + return _gnutls_get_asn_mpis( + cert->cert, "tbsCertificate.subjectPublicKeyInfo", params); } /* Extracts DSA and RSA parameters from a certificate. */ -int -_gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert, gnutls_pk_params_st * params) +int _gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert, + gnutls_pk_params_st *params) { /* Read the algorithm's OID */ - return _gnutls_get_asn_mpis(cert->crq, - "certificationRequestInfo.subjectPKInfo", - params); + return _gnutls_get_asn_mpis( + cert->crq, "certificationRequestInfo.subjectPKInfo", params); } /* * This function reads and decodes the parameters for DSS or RSA keys. * This is the "signatureAlgorithm" fields. */ -int -_gnutls_x509_read_pkalgo_params(asn1_node src, const char *src_name, - gnutls_x509_spki_st * spki, unsigned is_sig) +int _gnutls_x509_read_pkalgo_params(asn1_node src, const char *src_name, + gnutls_x509_spki_st *spki, unsigned is_sig) { int result; char name[128]; @@ -276,7 +268,7 @@ _gnutls_x509_read_pkalgo_params(asn1_node src, const char *src_name, } static int write_oid_and_params(asn1_node dst, const char *dst_name, - const char *oid, gnutls_x509_spki_st * params) + const char *oid, gnutls_x509_spki_st *params) { int result; char name[128]; @@ -325,9 +317,8 @@ static int write_oid_and_params(asn1_node dst, const char *dst_name, return 0; } -int -_gnutls_x509_write_spki_params(asn1_node dst, const char *dst_name, - gnutls_x509_spki_st * params) +int _gnutls_x509_write_spki_params(asn1_node dst, const char *dst_name, + gnutls_x509_spki_st *params) { const char *oid; @@ -340,19 +331,18 @@ _gnutls_x509_write_spki_params(asn1_node dst, const char *dst_name, if (oid == NULL) { gnutls_assert(); - _gnutls_debug_log - ("Cannot find OID for public key algorithm %s\n", - gnutls_pk_get_name(params->pk)); + _gnutls_debug_log( + "Cannot find OID for public key algorithm %s\n", + gnutls_pk_get_name(params->pk)); return GNUTLS_E_INVALID_REQUEST; } return write_oid_and_params(dst, dst_name, oid, params); } -int -_gnutls_x509_write_sign_params(asn1_node dst, const char *dst_name, - const gnutls_sign_entry_st * se, - gnutls_x509_spki_st * params) +int _gnutls_x509_write_sign_params(asn1_node dst, const char *dst_name, + const gnutls_sign_entry_st *se, + gnutls_x509_spki_st *params) { const char *oid; @@ -365,8 +355,8 @@ _gnutls_x509_write_sign_params(asn1_node dst, const char *dst_name, if (oid == NULL) { gnutls_assert(); - _gnutls_debug_log - ("Cannot find OID for sign algorithm %s\n", se->name); + _gnutls_debug_log("Cannot find OID for sign algorithm %s\n", + se->name); return GNUTLS_E_INVALID_REQUEST; } diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c index a7294afa6a..c37d907a95 100644 --- a/lib/x509/name_constraints.c +++ b/lib/x509/name_constraints.c @@ -39,10 +39,10 @@ #include "ip-in-cidr.h" // for documentation see the implementation -static int name_constraints_intersect_nodes(name_constraints_node_st * nc1, - name_constraints_node_st * nc2, - name_constraints_node_st ** - intersection); +static int +name_constraints_intersect_nodes(name_constraints_node_st *nc1, + name_constraints_node_st *nc2, + name_constraints_node_st **intersection); /*- * is_nc_empty: @@ -94,7 +94,7 @@ static unsigned is_nc_empty(struct gnutls_name_constraints_st *nc, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value. -*/ static int validate_name_constraints_node(gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name) + const gnutls_datum_t *name) { if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME && type != GNUTLS_SAN_DN && type != GNUTLS_SAN_URI && @@ -116,7 +116,7 @@ static int validate_name_constraints_node(gnutls_x509_subject_alt_name_t type, } int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr, - name_constraints_node_st ** _nc) + name_constraints_node_st **_nc) { int ret; char tmpstr[128]; @@ -134,8 +134,8 @@ int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr, for (indx = 1;; indx++) { snprintf(tmpstr, sizeof(tmpstr), "%s.?%u.base", vstr, indx); - ret = - _gnutls_parse_general_name2(c2, tmpstr, -1, &tmp, &type, 0); + ret = _gnutls_parse_general_name2(c2, tmpstr, -1, &tmp, &type, + 0); if (ret < 0) { gnutls_assert(); @@ -145,18 +145,16 @@ int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr, if (type == GNUTLS_SAN_OTHERNAME) { gnutls_datum_t oid = { NULL, 0 }; gnutls_datum_t parsed_othername = { NULL, 0 }; - ret = - _gnutls_parse_general_name2(c2, tmpstr, -1, &oid, - &type, 1); + ret = _gnutls_parse_general_name2(c2, tmpstr, -1, &oid, + &type, 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - gnutls_x509_othername_to_virtual((char *)oid.data, - &tmp, &type, - &parsed_othername); + ret = gnutls_x509_othername_to_virtual( + (char *)oid.data, &tmp, &type, + &parsed_othername); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -202,7 +200,7 @@ int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr, } ret = 0; - cleanup: +cleanup: gnutls_free(tmp.data); return ret; } @@ -213,7 +211,7 @@ int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr, * * Deallocate a list of name constraints nodes starting at the given node. -*/ -void _gnutls_name_constraints_node_free(name_constraints_node_st * node) +void _gnutls_name_constraints_node_free(name_constraints_node_st *node) { name_constraints_node_st *next, *t; @@ -238,12 +236,11 @@ void _gnutls_name_constraints_node_free(name_constraints_node_st * node) * * Returns: Pointer to newly allocated node or NULL in case of memory error. -*/ -static name_constraints_node_st *name_constraints_node_new(unsigned type, - unsigned char *data, - unsigned int size) +static name_constraints_node_st * +name_constraints_node_new(unsigned type, unsigned char *data, unsigned int size) { name_constraints_node_st *tmp = - gnutls_malloc(sizeof(struct name_constraints_node_st)); + gnutls_malloc(sizeof(struct name_constraints_node_st)); if (tmp == NULL) return NULL; tmp->type = type; @@ -251,7 +248,6 @@ static name_constraints_node_st *name_constraints_node_new(unsigned type, tmp->name.size = size; tmp->name.data = NULL; if (tmp->name.size > 0) { - tmp->name.data = gnutls_malloc(tmp->name.size); if (tmp->name.data == NULL) { gnutls_free(tmp); @@ -279,13 +275,13 @@ static name_constraints_node_st *name_constraints_node_new(unsigned type, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value. -*/ -static -int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, - name_constraints_node_st * _nc2, - name_constraints_node_st ** _nc_excluded) +static int +_gnutls_name_constraints_intersect(name_constraints_node_st **_nc, + name_constraints_node_st *_nc2, + name_constraints_node_st **_nc_excluded) { - name_constraints_node_st *nc, *nc2, *t, *tmp, *dest = NULL, *prev = - NULL; + name_constraints_node_st *nc, *nc2, *t, *tmp, *dest = NULL, + *prev = NULL; int ret, type, used; /* temporary array to see, if we need to add universal excluded constraints @@ -310,9 +306,8 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, if (t->type == nc2->type) { // check bounds (we will use 't->type' as index) if (t->type > GNUTLS_SAN_MAX || t->type == 0) - return - gnutls_assert_val - (GNUTLS_E_INTERNAL_ERROR); + return gnutls_assert_val( + GNUTLS_E_INTERNAL_ERROR); // note the possibility of empty intersection for this type // if we add something to the intersection in phase 2, // we will reset this flag back to 0 then @@ -321,11 +316,9 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, } nc2 = nc2->next; } - if (nc2 == NULL || - (t->type != GNUTLS_SAN_DNSNAME && - t->type != GNUTLS_SAN_RFC822NAME && - t->type != GNUTLS_SAN_IPADDRESS) - ) { + if (nc2 == NULL || (t->type != GNUTLS_SAN_DNSNAME && + t->type != GNUTLS_SAN_RFC822NAME && + t->type != GNUTLS_SAN_IPADDRESS)) { /* move node from NC to DEST */ if (prev != NULL) prev->next = next; @@ -355,18 +348,18 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, return gnutls_assert_val(ret); used = 1; // if intersection is not empty - if (tmp != NULL) { // intersection for this type is not empty + if (tmp != + NULL) { // intersection for this type is not empty // check bounds - if (tmp->type > GNUTLS_SAN_MAX - || tmp->type == 0) { + if (tmp->type > GNUTLS_SAN_MAX || + tmp->type == 0) { gnutls_free(tmp); - return - gnutls_assert_val - (GNUTLS_E_INTERNAL_ERROR); + return gnutls_assert_val( + GNUTLS_E_INTERNAL_ERROR); } // we will not add universal excluded constraint for this type types_with_empty_intersection[tmp->type - 1] = - 0; + 0; // add intersection node to DEST tmp->next = dest; dest = tmp; @@ -377,9 +370,8 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, // Beware: also copies nodes other than DNS, email, IP, // since their counterpart may have been moved in phase 1. if (!used) { - tmp = - name_constraints_node_new(nc2->type, nc2->name.data, - nc2->name.size); + tmp = name_constraints_node_new( + nc2->type, nc2->name.data, nc2->name.size); if (tmp == NULL) { _gnutls_name_constraints_node_free(dest); return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); @@ -402,15 +394,14 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, for (type = 1; type <= GNUTLS_SAN_MAX; type++) { if (types_with_empty_intersection[type - 1] == 0) continue; - _gnutls_hard_log - ("Adding universal excluded name constraint for type %d.\n", - type); + _gnutls_hard_log( + "Adding universal excluded name constraint for type %d.\n", + type); switch (type) { case GNUTLS_SAN_IPADDRESS: // add universal restricted range for IPv4 - tmp = - name_constraints_node_new(GNUTLS_SAN_IPADDRESS, - NULL, 8); + tmp = name_constraints_node_new(GNUTLS_SAN_IPADDRESS, + NULL, 8); if (tmp == NULL) { _gnutls_name_constraints_node_free(dest); return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); @@ -418,9 +409,8 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, tmp->next = *_nc_excluded; *_nc_excluded = tmp; // add universal restricted range for IPv6 - tmp = - name_constraints_node_new(GNUTLS_SAN_IPADDRESS, - NULL, 32); + tmp = name_constraints_node_new(GNUTLS_SAN_IPADDRESS, + NULL, 32); if (tmp == NULL) { _gnutls_name_constraints_node_free(dest); return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); @@ -438,15 +428,15 @@ int _gnutls_name_constraints_intersect(name_constraints_node_st ** _nc, tmp->next = *_nc_excluded; *_nc_excluded = tmp; break; - default: // do nothing, at least one node was already moved in phase 1 + default: // do nothing, at least one node was already moved in phase 1 break; } } return GNUTLS_E_SUCCESS; } -static int _gnutls_name_constraints_append(name_constraints_node_st ** _nc, - name_constraints_node_st * _nc2) +static int _gnutls_name_constraints_append(name_constraints_node_st **_nc, + name_constraints_node_st *_nc2) { name_constraints_node_st *nc, *nc2; struct name_constraints_node_st *tmp; @@ -458,9 +448,8 @@ static int _gnutls_name_constraints_append(name_constraints_node_st ** _nc, while (nc2) { nc = *_nc; - tmp = - name_constraints_node_new(nc2->type, nc2->name.data, - nc2->name.size); + tmp = name_constraints_node_new(nc2->type, nc2->name.data, + nc2->name.size); if (tmp == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); @@ -513,8 +502,8 @@ int gnutls_x509_crt_get_name_constraints(gnutls_x509_crt_t crt, return GNUTLS_E_INVALID_REQUEST; } - ret = - _gnutls_x509_crt_get_extension(crt, "2.5.29.30", 0, &der, critical); + ret = _gnutls_x509_crt_get_extension(crt, "2.5.29.30", 0, &der, + critical); if (ret < 0) return gnutls_assert_val(ret); @@ -529,11 +518,10 @@ int gnutls_x509_crt_get_name_constraints(gnutls_x509_crt_t crt, ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&der); return ret; - } /** @@ -562,7 +550,7 @@ void gnutls_x509_name_constraints_deinit(gnutls_x509_name_constraints_t nc) * * Since: 3.3.0 **/ -int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t * nc) +int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t *nc) { *nc = gnutls_calloc(1, sizeof(struct gnutls_name_constraints_st)); if (*nc == NULL) { @@ -573,10 +561,9 @@ int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t * nc) return 0; } -static -int name_constraints_add(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name, unsigned permitted) +static int name_constraints_add(gnutls_x509_name_constraints_t nc, + gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t *name, unsigned permitted) { struct name_constraints_node_st *tmp, *prev = NULL; int ret; @@ -633,9 +620,8 @@ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc, { int ret; - ret = - _gnutls_name_constraints_intersect(&nc->permitted, - nc2->permitted, &nc->excluded); + ret = _gnutls_name_constraints_intersect(&nc->permitted, nc2->permitted, + &nc->excluded); if (ret < 0) { gnutls_assert(); return ret; @@ -666,11 +652,9 @@ int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc, * * Since: 3.3.0 **/ -int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t - nc, - gnutls_x509_subject_alt_name_t - type, - const gnutls_datum_t * name) +int gnutls_x509_name_constraints_add_permitted( + gnutls_x509_name_constraints_t nc, gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t *name) { return name_constraints_add(nc, type, name, 1); } @@ -692,9 +676,9 @@ int gnutls_x509_name_constraints_add_permitted(gnutls_x509_name_constraints_t * * Since: 3.3.0 **/ -int gnutls_x509_name_constraints_add_excluded(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t - type, const gnutls_datum_t * name) +int gnutls_x509_name_constraints_add_excluded( + gnutls_x509_name_constraints_t nc, gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t *name) { return name_constraints_add(nc, type, name, 0); } @@ -733,13 +717,13 @@ int gnutls_x509_crt_set_name_constraints(gnutls_x509_crt_t crt, ret = 0; crt->use_extensions = 1; - cleanup: +cleanup: _gnutls_free_datum(&der); return ret; } -static -unsigned ends_with(const gnutls_datum_t * str, const gnutls_datum_t * suffix) +static unsigned ends_with(const gnutls_datum_t *str, + const gnutls_datum_t *suffix) { unsigned char *tree; unsigned int treelen; @@ -756,57 +740,54 @@ unsigned ends_with(const gnutls_datum_t * str, const gnutls_datum_t * suffix) if (memcmp(str->data + str->size - treelen, tree, treelen) == 0 && str->data[str->size - treelen - 1] == '.') - return 1; /* match */ + return 1; /* match */ return 0; } -static -unsigned email_ends_with(const gnutls_datum_t * str, - const gnutls_datum_t * suffix) +static unsigned email_ends_with(const gnutls_datum_t *str, + const gnutls_datum_t *suffix) { if (suffix->size >= str->size) return 0; if (suffix->size > 1 && suffix->data[0] == '.') { /* .domain.com */ - if (memcmp - (str->data + str->size - suffix->size, suffix->data, - suffix->size) == 0) - return 1; /* match */ + if (memcmp(str->data + str->size - suffix->size, suffix->data, + suffix->size) == 0) + return 1; /* match */ } else { - if (memcmp - (str->data + str->size - suffix->size, suffix->data, - suffix->size) == 0 - && str->data[str->size - suffix->size - 1] == '@') - return 1; /* match */ + if (memcmp(str->data + str->size - suffix->size, suffix->data, + suffix->size) == 0 && + str->data[str->size - suffix->size - 1] == '@') + return 1; /* match */ } return 0; } -static unsigned dnsname_matches(const gnutls_datum_t * name, - const gnutls_datum_t * suffix) +static unsigned dnsname_matches(const gnutls_datum_t *name, + const gnutls_datum_t *suffix) { _gnutls_hard_log("matching %.*s with DNS constraint %.*s\n", name->size, name->data, suffix->size, suffix->data); - if (suffix->size == name->size - && memcmp(suffix->data, name->data, suffix->size) == 0) - return 1; /* match */ + if (suffix->size == name->size && + memcmp(suffix->data, name->data, suffix->size) == 0) + return 1; /* match */ return ends_with(name, suffix); } -static unsigned email_matches(const gnutls_datum_t * name, - const gnutls_datum_t * suffix) +static unsigned email_matches(const gnutls_datum_t *name, + const gnutls_datum_t *suffix) { _gnutls_hard_log("matching %.*s with e-mail constraint %.*s\n", name->size, name->data, suffix->size, suffix->data); - if (suffix->size == name->size - && memcmp(suffix->data, name->data, suffix->size) == 0) - return 1; /* match */ + if (suffix->size == name->size && + memcmp(suffix->data, name->data, suffix->size) == 0) + return 1; /* match */ return email_ends_with(name, suffix); } @@ -824,9 +805,9 @@ static unsigned email_matches(const gnutls_datum_t * name, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value. -*/ static int -name_constraints_intersect_nodes(name_constraints_node_st * nc1, - name_constraints_node_st * nc2, - name_constraints_node_st ** _intersection) +name_constraints_intersect_nodes(name_constraints_node_st *nc1, + name_constraints_node_st *nc2, + name_constraints_node_st **_intersection) { // presume empty intersection name_constraints_node_st *intersection = NULL; @@ -855,9 +836,12 @@ name_constraints_intersect_nodes(name_constraints_node_st * nc1, return GNUTLS_E_SUCCESS; iplength = nc1->name.size / 2; for (byte = 0; byte < iplength; byte++) { - if (((nc1->name.data[byte] ^ nc2->name.data[byte]) // XOR of addresses - & nc1->name.data[byte + iplength] // AND mask from nc1 - & nc2->name.data[byte + iplength]) // AND mask from nc2 + if (((nc1->name.data[byte] ^ + nc2->name.data[byte]) // XOR of addresses + & + nc1->name.data[byte + iplength] // AND mask from nc1 + & + nc2->name.data[byte + iplength]) // AND mask from nc2 != 0) { // CIDRS do not intersect return GNUTLS_E_SUCCESS; @@ -872,9 +856,8 @@ name_constraints_intersect_nodes(name_constraints_node_st * nc1, // copy existing node if applicable if (to_copy != NULL) { - *_intersection = - name_constraints_node_new(to_copy->type, to_copy->name.data, - to_copy->name.size); + *_intersection = name_constraints_node_new( + to_copy->type, to_copy->name.data, to_copy->name.size); if (*_intersection == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); intersection = *_intersection; @@ -891,7 +874,7 @@ name_constraints_intersect_nodes(name_constraints_node_st * nc1, // update intersection, if necessary (we already know one is subset of other) for (byte = 0; byte < 2 * iplength; byte++) { intersection->name.data[byte] |= - nc1->name.data[byte]; + nc1->name.data[byte]; } } } @@ -902,9 +885,9 @@ name_constraints_intersect_nodes(name_constraints_node_st * nc1, /* * Returns: true if the certification is acceptable, and false otherwise. */ -static -unsigned check_unsupported_constraint(gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t type) +static unsigned +check_unsupported_constraint(gnutls_x509_name_constraints_t nc, + gnutls_x509_subject_alt_name_t type) { unsigned i; int ret; @@ -916,9 +899,8 @@ unsigned check_unsupported_constraint(gnutls_x509_name_constraints_t nc, */ i = 0; do { - ret = - gnutls_x509_name_constraints_get_excluded(nc, i++, &rtype, - &rname); + ret = gnutls_x509_name_constraints_get_excluded(nc, i++, &rtype, + &rname); if (ret >= 0) { if (rtype != type) continue; @@ -931,9 +913,8 @@ unsigned check_unsupported_constraint(gnutls_x509_name_constraints_t nc, return 1; } -static -unsigned check_dns_constraints(gnutls_x509_name_constraints_t nc, - const gnutls_datum_t * name) +static unsigned check_dns_constraints(gnutls_x509_name_constraints_t nc, + const gnutls_datum_t *name) { unsigned i; int ret; @@ -944,9 +925,8 @@ unsigned check_dns_constraints(gnutls_x509_name_constraints_t nc, /* check restrictions */ i = 0; do { - ret = - gnutls_x509_name_constraints_get_excluded(nc, i++, &rtype, - &rname); + ret = gnutls_x509_name_constraints_get_excluded(nc, i++, &rtype, + &rname); if (ret >= 0) { if (rtype != GNUTLS_SAN_DNSNAME) continue; @@ -957,16 +937,15 @@ unsigned check_dns_constraints(gnutls_x509_name_constraints_t nc, return gnutls_assert_val(0); if (dnsname_matches(name, &rname) != 0) - return gnutls_assert_val(0); /* rejected */ + return gnutls_assert_val(0); /* rejected */ } } while (ret == 0); /* check allowed */ i = 0; do { - ret = - gnutls_x509_name_constraints_get_permitted(nc, i++, &rtype, - &rname); + ret = gnutls_x509_name_constraints_get_permitted( + nc, i++, &rtype, &rname); if (ret >= 0) { if (rtype != GNUTLS_SAN_DNSNAME) continue; @@ -977,19 +956,19 @@ unsigned check_dns_constraints(gnutls_x509_name_constraints_t nc, allowed_found = 1; if (dnsname_matches(name, &rname) != 0) - return 1; /* accepted */ + return 1; /* accepted */ } } while (ret == 0); - if (allowed_found != 0) /* there are allowed directives but this host wasn't found */ + if (allowed_found != + 0) /* there are allowed directives but this host wasn't found */ return gnutls_assert_val(0); return 1; } -static -unsigned check_email_constraints(gnutls_x509_name_constraints_t nc, - const gnutls_datum_t * name) +static unsigned check_email_constraints(gnutls_x509_name_constraints_t nc, + const gnutls_datum_t *name) { unsigned i; int ret; @@ -1000,9 +979,8 @@ unsigned check_email_constraints(gnutls_x509_name_constraints_t nc, /* check restrictions */ i = 0; do { - ret = - gnutls_x509_name_constraints_get_excluded(nc, i++, &rtype, - &rname); + ret = gnutls_x509_name_constraints_get_excluded(nc, i++, &rtype, + &rname); if (ret >= 0) { if (rtype != GNUTLS_SAN_RFC822NAME) continue; @@ -1013,16 +991,15 @@ unsigned check_email_constraints(gnutls_x509_name_constraints_t nc, return gnutls_assert_val(0); if (email_matches(name, &rname) != 0) - return gnutls_assert_val(0); /* rejected */ + return gnutls_assert_val(0); /* rejected */ } } while (ret == 0); /* check allowed */ i = 0; do { - ret = - gnutls_x509_name_constraints_get_permitted(nc, i++, &rtype, - &rname); + ret = gnutls_x509_name_constraints_get_permitted( + nc, i++, &rtype, &rname); if (ret >= 0) { if (rtype != GNUTLS_SAN_RFC822NAME) continue; @@ -1033,19 +1010,19 @@ unsigned check_email_constraints(gnutls_x509_name_constraints_t nc, allowed_found = 1; if (email_matches(name, &rname) != 0) - return 1; /* accepted */ + return 1; /* accepted */ } } while (ret == 0); - if (allowed_found != 0) /* there are allowed directives but this host wasn't found */ + if (allowed_found != + 0) /* there are allowed directives but this host wasn't found */ return gnutls_assert_val(0); return 1; } -static -unsigned check_ip_constraints(gnutls_x509_name_constraints_t nc, - const gnutls_datum_t * name) +static unsigned check_ip_constraints(gnutls_x509_name_constraints_t nc, + const gnutls_datum_t *name) { unsigned i; int ret; @@ -1056,9 +1033,8 @@ unsigned check_ip_constraints(gnutls_x509_name_constraints_t nc, /* check restrictions */ i = 0; do { - ret = - gnutls_x509_name_constraints_get_excluded(nc, i++, &rtype, - &rname); + ret = gnutls_x509_name_constraints_get_excluded(nc, i++, &rtype, + &rname); if (ret >= 0) { if (rtype != GNUTLS_SAN_IPADDRESS) continue; @@ -1068,16 +1044,15 @@ unsigned check_ip_constraints(gnutls_x509_name_constraints_t nc, continue; if (ip_in_cidr(name, &rname) != 0) - return gnutls_assert_val(0); /* rejected */ + return gnutls_assert_val(0); /* rejected */ } } while (ret == 0); /* check allowed */ i = 0; do { - ret = - gnutls_x509_name_constraints_get_permitted(nc, i++, &rtype, - &rname); + ret = gnutls_x509_name_constraints_get_permitted( + nc, i++, &rtype, &rname); if (ret >= 0) { if (rtype != GNUTLS_SAN_IPADDRESS) continue; @@ -1089,11 +1064,12 @@ unsigned check_ip_constraints(gnutls_x509_name_constraints_t nc, allowed_found = 1; if (ip_in_cidr(name, &rname) != 0) - return 1; /* accepted */ + return 1; /* accepted */ } } while (ret == 0); - if (allowed_found != 0) /* there are allowed directives but this host wasn't found */ + if (allowed_found != + 0) /* there are allowed directives but this host wasn't found */ return gnutls_assert_val(0); return 1; @@ -1116,7 +1092,7 @@ unsigned check_ip_constraints(gnutls_x509_name_constraints_t nc, **/ unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc, gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * name) + const gnutls_datum_t *name) { if (type == GNUTLS_SAN_DNSNAME) return check_dns_constraints(nc, name); @@ -1137,10 +1113,10 @@ unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc, * * Returns: true if the certification is acceptable, and false otherwise */ -static unsigned check_unsupported_constraint2(gnutls_x509_crt_t cert, - gnutls_x509_name_constraints_t nc, - gnutls_x509_subject_alt_name_t - type) +static unsigned +check_unsupported_constraint2(gnutls_x509_crt_t cert, + gnutls_x509_name_constraints_t nc, + gnutls_x509_subject_alt_name_t type) { unsigned idx, found_one; char name[MAX_CN]; @@ -1152,10 +1128,8 @@ static unsigned check_unsupported_constraint2(gnutls_x509_crt_t cert, for (idx = 0;; idx++) { name_size = sizeof(name); - ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx, name, - &name_size, - &san_type, NULL); + ret = gnutls_x509_crt_get_subject_alt_name2( + cert, idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1192,10 +1166,10 @@ static unsigned check_unsupported_constraint2(gnutls_x509_crt_t cert, * * Since: 3.3.0 **/ -unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t - nc, - gnutls_x509_subject_alt_name_t - type, gnutls_x509_crt_t cert) +unsigned +gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc, + gnutls_x509_subject_alt_name_t type, + gnutls_x509_crt_t cert) { char name[MAX_CN]; size_t name_size; @@ -1205,17 +1179,14 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t unsigned found_one; if (is_nc_empty(nc, type) != 0) - return 1; /* shortcut; no constraints to check */ + return 1; /* shortcut; no constraints to check */ if (type == GNUTLS_SAN_RFC822NAME) { found_one = 0; for (idx = 0;; idx++) { name_size = sizeof(name); - ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx, name, - &name_size, - &san_type, - NULL); + ret = gnutls_x509_crt_get_subject_alt_name2( + cert, idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1227,9 +1198,8 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t found_one = 1; n.data = (void *)name; n.size = name_size; - t = gnutls_x509_name_constraints_check(nc, - GNUTLS_SAN_RFC822NAME, - &n); + t = gnutls_x509_name_constraints_check( + nc, GNUTLS_SAN_RFC822NAME, &n); if (t == 0) return gnutls_assert_val(t); } @@ -1242,20 +1212,16 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t do { /* ensure there is only a single EMAIL, similarly to CN handling (rfc6125) */ name_size = sizeof(name); - ret = - gnutls_x509_crt_get_dn_by_oid(cert, - GNUTLS_OID_PKCS9_EMAIL, - 1, 0, name, - &name_size); + ret = gnutls_x509_crt_get_dn_by_oid( + cert, GNUTLS_OID_PKCS9_EMAIL, 1, 0, name, + &name_size); if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) return gnutls_assert_val(0); name_size = sizeof(name); - ret = - gnutls_x509_crt_get_dn_by_oid(cert, - GNUTLS_OID_PKCS9_EMAIL, - 0, 0, name, - &name_size); + ret = gnutls_x509_crt_get_dn_by_oid( + cert, GNUTLS_OID_PKCS9_EMAIL, 0, 0, name, + &name_size); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1264,9 +1230,8 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t found_one = 1; n.data = (void *)name; n.size = name_size; - t = gnutls_x509_name_constraints_check(nc, - GNUTLS_SAN_RFC822NAME, - &n); + t = gnutls_x509_name_constraints_check( + nc, GNUTLS_SAN_RFC822NAME, &n); if (t == 0) return gnutls_assert_val(t); } while (0); @@ -1284,11 +1249,8 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t found_one = 0; for (idx = 0;; idx++) { name_size = sizeof(name); - ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx, name, - &name_size, - &san_type, - NULL); + ret = gnutls_x509_crt_get_subject_alt_name2( + cert, idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1300,9 +1262,8 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t found_one = 1; n.data = (void *)name; n.size = name_size; - t = gnutls_x509_name_constraints_check(nc, - GNUTLS_SAN_DNSNAME, - &n); + t = gnutls_x509_name_constraints_check( + nc, GNUTLS_SAN_DNSNAME, &n); if (t == 0) return gnutls_assert_val(t); } @@ -1315,26 +1276,22 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t /* verify the name constraints against the CN, if the certificate is * not a CA. We do this check only on certificates marked as WWW server, * because that's where the CN check is only performed. */ - if (_gnutls_check_key_purpose(cert, GNUTLS_KP_TLS_WWW_SERVER, 0) - != 0) + if (_gnutls_check_key_purpose(cert, GNUTLS_KP_TLS_WWW_SERVER, + 0) != 0) do { /* ensure there is only a single CN, according to rfc6125 */ name_size = sizeof(name); - ret = - gnutls_x509_crt_get_dn_by_oid(cert, - GNUTLS_OID_X520_COMMON_NAME, - 1, 0, name, - &name_size); + ret = gnutls_x509_crt_get_dn_by_oid( + cert, GNUTLS_OID_X520_COMMON_NAME, 1, 0, + name, &name_size); if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) return gnutls_assert_val(0); name_size = sizeof(name); - ret = - gnutls_x509_crt_get_dn_by_oid(cert, - GNUTLS_OID_X520_COMMON_NAME, - 0, 0, name, - &name_size); + ret = gnutls_x509_crt_get_dn_by_oid( + cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, + name, &name_size); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; @@ -1344,9 +1301,8 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t found_one = 1; n.data = (void *)name; n.size = name_size; - t = gnutls_x509_name_constraints_check(nc, - GNUTLS_SAN_DNSNAME, - &n); + t = gnutls_x509_name_constraints_check( + nc, GNUTLS_SAN_DNSNAME, &n); if (t == 0) return gnutls_assert_val(t); } while (0); @@ -1364,11 +1320,8 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t found_one = 0; for (idx = 0;; idx++) { name_size = sizeof(name); - ret = gnutls_x509_crt_get_subject_alt_name2(cert, - idx, name, - &name_size, - &san_type, - NULL); + ret = gnutls_x509_crt_get_subject_alt_name2( + cert, idx, name, &name_size, &san_type, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret < 0) @@ -1380,9 +1333,8 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t found_one = 1; n.data = (void *)name; n.size = name_size; - t = gnutls_x509_name_constraints_check(nc, - GNUTLS_SAN_IPADDRESS, - &n); + t = gnutls_x509_name_constraints_check( + nc, GNUTLS_SAN_IPADDRESS, &n); if (t == 0) return gnutls_assert_val(t); } @@ -1422,18 +1374,17 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t * * Since: 3.3.0 **/ -int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t - nc, unsigned idx, unsigned *type, - gnutls_datum_t * name) +int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t nc, + unsigned idx, unsigned *type, + gnutls_datum_t *name) { unsigned int i; struct name_constraints_node_st *tmp = nc->permitted; for (i = 0; i < idx; i++) { if (tmp == NULL) - return - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + return gnutls_assert_val( + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); tmp = tmp->next; } @@ -1467,18 +1418,16 @@ int gnutls_x509_name_constraints_get_permitted(gnutls_x509_name_constraints_t * Since: 3.3.0 **/ int gnutls_x509_name_constraints_get_excluded(gnutls_x509_name_constraints_t nc, - unsigned idx, - unsigned *type, - gnutls_datum_t * name) + unsigned idx, unsigned *type, + gnutls_datum_t *name) { unsigned int i; struct name_constraints_node_st *tmp = nc->excluded; for (i = 0; i < idx; i++) { if (tmp == NULL) - return - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + return gnutls_assert_val( + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); tmp = tmp->next; } diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 954427bd97..dd8966a75f 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -64,7 +64,7 @@ typedef struct gnutls_ocsp_resp_int { * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_ocsp_req_init(gnutls_ocsp_req_t * req) +int gnutls_ocsp_req_init(gnutls_ocsp_req_t *req) { gnutls_ocsp_req_t tmp = gnutls_calloc(1, sizeof(gnutls_ocsp_req_int)); int ret; @@ -113,7 +113,7 @@ void gnutls_ocsp_req_deinit(gnutls_ocsp_req_t req) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_ocsp_resp_init(gnutls_ocsp_resp_t * resp) +int gnutls_ocsp_resp_init(gnutls_ocsp_resp_t *resp) { gnutls_ocsp_resp_t tmp = gnutls_calloc(1, sizeof(gnutls_ocsp_resp_int)); int ret; @@ -122,16 +122,16 @@ int gnutls_ocsp_resp_init(gnutls_ocsp_resp_t * resp) if (!tmp) return GNUTLS_E_MEMORY_ERROR; - ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.OCSPResponse", &tmp->resp); + ret = asn1_create_element(_gnutls_get_pkix(), "PKIX1.OCSPResponse", + &tmp->resp); if (ret != ASN1_SUCCESS) { gnutls_assert(); gnutls_free(tmp); return _gnutls_asn2err(ret); } - ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.BasicOCSPResponse", &tmp->basicresp); + ret = asn1_create_element(_gnutls_get_pkix(), "PKIX1.BasicOCSPResponse", + &tmp->basicresp); if (ret != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&tmp->resp); @@ -180,7 +180,7 @@ void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_ocsp_req_import(gnutls_ocsp_req_t req, const gnutls_datum_t * data) +int gnutls_ocsp_req_import(gnutls_ocsp_req_t req, const gnutls_datum_t *data) { int ret = 0; @@ -225,8 +225,7 @@ int gnutls_ocsp_req_import(gnutls_ocsp_req_t req, const gnutls_datum_t * data) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp, const gnutls_datum_t * data) +int gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp, const gnutls_datum_t *data) { return gnutls_ocsp_resp_import2(resp, data, GNUTLS_X509_FMT_DER); } @@ -246,9 +245,9 @@ gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp, const gnutls_datum_t * data) * * Since: 3.6.3 **/ -int -gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp, - const gnutls_datum_t * data, gnutls_x509_crt_fmt_t fmt) +int gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp, + const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t fmt) { int ret = 0; gnutls_datum_t der; @@ -262,9 +261,8 @@ gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp, der.size = data->size; if (fmt == GNUTLS_X509_FMT_PEM) { - ret = - gnutls_pem_base64_decode2(BARE_PEM_OCSP_RESPONSE, data, - &der); + ret = gnutls_pem_base64_decode2(BARE_PEM_OCSP_RESPONSE, data, + &der); if (ret < 0) { return gnutls_assert_val(ret); } @@ -311,32 +309,26 @@ gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp, goto cleanup; } - ret = - _gnutls_x509_read_value(resp->resp, - "responseBytes.responseType", - &resp->response_type_oid); + ret = _gnutls_x509_read_value(resp->resp, "responseBytes.responseType", + &resp->response_type_oid); if (ret < 0) { gnutls_assert(); goto cleanup; } #define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1" - if (resp->response_type_oid.size == sizeof(OCSP_BASIC) - 1 - && memcmp(resp->response_type_oid.data, OCSP_BASIC, - resp->response_type_oid.size) == 0) { - - ret = - _gnutls_x509_read_value(resp->resp, - "responseBytes.response", - &resp->der); + if (resp->response_type_oid.size == sizeof(OCSP_BASIC) - 1 && + memcmp(resp->response_type_oid.data, OCSP_BASIC, + resp->response_type_oid.size) == 0) { + ret = _gnutls_x509_read_value( + resp->resp, "responseBytes.response", &resp->der); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _asn1_strict_der_decode(&resp->basicresp, resp->der.data, - resp->der.size, NULL); + ret = _asn1_strict_der_decode(&resp->basicresp, resp->der.data, + resp->der.size, NULL); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -348,7 +340,7 @@ gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp, } ret = GNUTLS_E_SUCCESS; - cleanup: +cleanup: if (der.data != data->data) gnutls_free(der.data); return ret; @@ -364,7 +356,7 @@ gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp, * Returns: In case of failure a negative error code will be * returned, and 0 on success. **/ -int gnutls_ocsp_req_export(gnutls_ocsp_req_const_t req, gnutls_datum_t * data) +int gnutls_ocsp_req_export(gnutls_ocsp_req_const_t req, gnutls_datum_t *data) { int ret; @@ -396,8 +388,7 @@ int gnutls_ocsp_req_export(gnutls_ocsp_req_const_t req, gnutls_datum_t * data) * Returns: In case of failure a negative error code will be * returned, and 0 on success. **/ -int gnutls_ocsp_resp_export(gnutls_ocsp_resp_const_t resp, - gnutls_datum_t * data) +int gnutls_ocsp_resp_export(gnutls_ocsp_resp_const_t resp, gnutls_datum_t *data) { return gnutls_ocsp_resp_export2(resp, data, GNUTLS_X509_FMT_DER); } @@ -416,7 +407,7 @@ int gnutls_ocsp_resp_export(gnutls_ocsp_resp_const_t resp, * Since: 3.6.3 **/ int gnutls_ocsp_resp_export2(gnutls_ocsp_resp_const_t resp, - gnutls_datum_t * data, gnutls_x509_crt_fmt_t fmt) + gnutls_datum_t *data, gnutls_x509_crt_fmt_t fmt) { int ret; gnutls_datum_t der; @@ -492,13 +483,11 @@ int gnutls_ocsp_req_get_version(gnutls_ocsp_req_const_t req) * CertID available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be * returned. **/ -int -gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_const_t req, - unsigned indx, - gnutls_digest_algorithm_t * digest, - gnutls_datum_t * issuer_name_hash, - gnutls_datum_t * issuer_key_hash, - gnutls_datum_t * serial_number) +int gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_const_t req, unsigned indx, + gnutls_digest_algorithm_t *digest, + gnutls_datum_t *issuer_name_hash, + gnutls_datum_t *issuer_key_hash, + gnutls_datum_t *serial_number) { gnutls_datum_t sa; char name[MAX_NAME_SIZE]; @@ -598,18 +587,17 @@ gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_const_t req, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error code is returned. **/ -int -gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req, - gnutls_digest_algorithm_t digest, - const gnutls_datum_t * issuer_name_hash, - const gnutls_datum_t * issuer_key_hash, - const gnutls_datum_t * serial_number) +int gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req, + gnutls_digest_algorithm_t digest, + const gnutls_datum_t *issuer_name_hash, + const gnutls_datum_t *issuer_key_hash, + const gnutls_datum_t *serial_number) { int result; const char *oid; - if (req == NULL || issuer_name_hash == NULL - || issuer_key_hash == NULL || serial_number == NULL) { + if (req == NULL || issuer_name_hash == NULL || + issuer_key_hash == NULL || serial_number == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } @@ -626,55 +614,54 @@ gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req, return _gnutls_asn2err(result); } - result = asn1_write_value - (req->req, - "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.algorithm", - oid, 1); + result = asn1_write_value( + req->req, + "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.algorithm", + oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } /* XXX we don't support any algorithm with parameters */ - result = asn1_write_value - (req->req, - "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.parameters", - ASN1_NULL, ASN1_NULL_SIZE); + result = asn1_write_value( + req->req, + "tbsRequest.requestList.?LAST.reqCert.hashAlgorithm.parameters", + ASN1_NULL, ASN1_NULL_SIZE); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - result = asn1_write_value - (req->req, - "tbsRequest.requestList.?LAST.reqCert.issuerNameHash", - issuer_name_hash->data, issuer_name_hash->size); + result = asn1_write_value( + req->req, "tbsRequest.requestList.?LAST.reqCert.issuerNameHash", + issuer_name_hash->data, issuer_name_hash->size); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - result = asn1_write_value - (req->req, - "tbsRequest.requestList.?LAST.reqCert.issuerKeyHash", - issuer_key_hash->data, issuer_key_hash->size); + result = asn1_write_value( + req->req, "tbsRequest.requestList.?LAST.reqCert.issuerKeyHash", + issuer_key_hash->data, issuer_key_hash->size); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - result = asn1_write_value - (req->req, "tbsRequest.requestList.?LAST.reqCert.serialNumber", - serial_number->data, serial_number->size); + result = asn1_write_value( + req->req, "tbsRequest.requestList.?LAST.reqCert.serialNumber", + serial_number->data, serial_number->size); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } /* XXX add separate function that can add extensions too */ - result = asn1_write_value - (req->req, - "tbsRequest.requestList.?LAST.singleRequestExtensions", NULL, 0); + result = asn1_write_value( + req->req, + "tbsRequest.requestList.?LAST.singleRequestExtensions", NULL, + 0); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -700,10 +687,9 @@ gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error code is returned. **/ -int -gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req, - gnutls_digest_algorithm_t digest, - gnutls_x509_crt_t issuer, gnutls_x509_crt_t cert) +int gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req, + gnutls_digest_algorithm_t digest, + gnutls_x509_crt_t issuer, gnutls_x509_crt_t cert) { int ret; gnutls_datum_t sn, tmp, inh, ikh; @@ -717,9 +703,8 @@ gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req, return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_x509_der_encode(cert->cert, - "tbsCertificate.issuer.rdnSequence", - &tmp, 0); + ret = _gnutls_x509_der_encode( + cert->cert, "tbsCertificate.issuer.rdnSequence", &tmp, 0); if (ret != GNUTLS_E_SUCCESS) { gnutls_assert(); return ret; @@ -734,9 +719,9 @@ gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req, inh.size = inhlen; inh.data = inh_buf; - ret = _gnutls_x509_read_value - (issuer->cert, - "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", &tmp); + ret = _gnutls_x509_read_value( + issuer->cert, + "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", &tmp); if (ret != GNUTLS_E_SUCCESS) { gnutls_assert(); return ret; @@ -751,9 +736,8 @@ gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req, ikh.size = ikhlen; ikh.data = ikh_buf; - ret = - _gnutls_x509_read_value(cert->cert, - "tbsCertificate.serialNumber", &sn); + ret = _gnutls_x509_read_value(cert->cert, "tbsCertificate.serialNumber", + &sn); if (ret != GNUTLS_E_SUCCESS) { gnutls_assert(); return ret; @@ -794,11 +778,9 @@ gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req, * extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will * be returned. **/ -int -gnutls_ocsp_req_get_extension(gnutls_ocsp_req_const_t req, - unsigned indx, - gnutls_datum_t * oid, - unsigned int *critical, gnutls_datum_t * data) +int gnutls_ocsp_req_get_extension(gnutls_ocsp_req_const_t req, unsigned indx, + gnutls_datum_t *oid, unsigned int *critical, + gnutls_datum_t *data) { int ret; char str_critical[10]; @@ -868,11 +850,9 @@ gnutls_ocsp_req_get_extension(gnutls_ocsp_req_const_t req, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error code is returned. **/ -int -gnutls_ocsp_req_set_extension(gnutls_ocsp_req_t req, - const char *oid, - unsigned int critical, - const gnutls_datum_t * data) +int gnutls_ocsp_req_set_extension(gnutls_ocsp_req_t req, const char *oid, + unsigned int critical, + const gnutls_datum_t *data) { if (req == NULL || oid == NULL || data == NULL) { gnutls_assert(); @@ -897,9 +877,8 @@ gnutls_ocsp_req_set_extension(gnutls_ocsp_req_t req, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error code is returned. **/ -int -gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_const_t req, - unsigned int *critical, gnutls_datum_t * nonce) +int gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_const_t req, + unsigned int *critical, gnutls_datum_t *nonce) { int ret; gnutls_datum_t tmp; @@ -916,9 +895,8 @@ gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_const_t req, return ret; } - ret = - _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, tmp.data, - (size_t)tmp.size, nonce, 0); + ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, tmp.data, + (size_t)tmp.size, nonce, 0); if (ret < 0) { gnutls_assert(); gnutls_free(tmp.data); @@ -943,9 +921,8 @@ gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_const_t req, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error code is returned. **/ -int -gnutls_ocsp_req_set_nonce(gnutls_ocsp_req_t req, - unsigned int critical, const gnutls_datum_t * nonce) +int gnutls_ocsp_req_set_nonce(gnutls_ocsp_req_t req, unsigned int critical, + const gnutls_datum_t *nonce) { int ret; gnutls_datum_t dernonce; @@ -1085,10 +1062,9 @@ int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_const_t resp) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_const_t resp, - gnutls_datum_t * response_type_oid, - gnutls_datum_t * response) +int gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_const_t resp, + gnutls_datum_t *response_type_oid, + gnutls_datum_t *response) { int ret; @@ -1098,10 +1074,9 @@ gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_const_t resp, } if (response_type_oid != NULL) { - ret = - _gnutls_x509_read_value(resp->resp, - "responseBytes.responseType", - response_type_oid); + ret = _gnutls_x509_read_value(resp->resp, + "responseBytes.responseType", + response_type_oid); if (ret < 0) { gnutls_assert(); return ret; @@ -1109,9 +1084,8 @@ gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_const_t resp, } if (response != NULL) { - ret = - _gnutls_x509_read_value(resp->resp, - "responseBytes.response", response); + ret = _gnutls_x509_read_value( + resp->resp, "responseBytes.response", response); if (ret < 0) { gnutls_assert(); return ret; @@ -1164,19 +1138,17 @@ int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_const_t resp) * negative error code is returned. When no data exist it will * return success and set @dn elements to zero. **/ -int -gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_const_t resp, - gnutls_datum_t * dn) +int gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_const_t resp, + gnutls_datum_t *dn) { int ret; - ret = - gnutls_ocsp_resp_get_responder2(resp, dn, - GNUTLS_X509_DN_FLAG_COMPAT); + ret = gnutls_ocsp_resp_get_responder2(resp, dn, + GNUTLS_X509_DN_FLAG_COMPAT); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { dn->data = NULL; dn->size = 0; - return 0; /* for backwards compatibility */ + return 0; /* for backwards compatibility */ } return ret; @@ -1207,9 +1179,8 @@ gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_const_t resp, * negative error code is returned. When no data exist it will return * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. **/ -int -gnutls_ocsp_resp_get_responder2(gnutls_ocsp_resp_const_t resp, - gnutls_datum_t * dn, unsigned flags) +int gnutls_ocsp_resp_get_responder2(gnutls_ocsp_resp_const_t resp, + gnutls_datum_t *dn, unsigned flags) { if (resp == NULL || dn == NULL) { gnutls_assert(); @@ -1220,8 +1191,8 @@ gnutls_ocsp_resp_get_responder2(gnutls_ocsp_resp_const_t resp, dn->size = 0; return _gnutls_x509_get_dn(resp->basicresp, - "tbsResponseData.responderID.byName", - dn, flags); + "tbsResponseData.responderID.byName", dn, + flags); } /** @@ -1240,9 +1211,8 @@ gnutls_ocsp_resp_get_responder2(gnutls_ocsp_resp_const_t resp, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error code is returned. **/ -int -gnutls_ocsp_resp_get_responder_raw_id(gnutls_ocsp_resp_const_t resp, - unsigned type, gnutls_datum_t * raw) +int gnutls_ocsp_resp_get_responder_raw_id(gnutls_ocsp_resp_const_t resp, + unsigned type, gnutls_datum_t *raw) { int ret; @@ -1252,17 +1222,16 @@ gnutls_ocsp_resp_get_responder_raw_id(gnutls_ocsp_resp_const_t resp, } if (type == GNUTLS_OCSP_RESP_ID_KEY) - ret = - _gnutls_x509_read_value(resp->basicresp, - "tbsResponseData.responderID.byKey", - raw); + ret = _gnutls_x509_read_value( + resp->basicresp, "tbsResponseData.responderID.byKey", + raw); else { gnutls_datum_t tmp; /* simply reading a CHOICE of CHOICE value doesn't work in libtasn1 */ - ret = _gnutls_x509_get_raw_field2(resp->basicresp, &resp->der, - "tbsResponseData.responderID.byName", - &tmp); + ret = _gnutls_x509_get_raw_field2( + resp->basicresp, &resp->der, + "tbsResponseData.responderID.byName", &tmp); if (ret >= 0) { int real; /* skip the tag */ @@ -1295,11 +1264,11 @@ gnutls_ocsp_resp_get_responder_raw_id(gnutls_ocsp_resp_const_t resp, } } - if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND - || ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND) + if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND || + ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND) return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - fail: +fail: return ret; } @@ -1320,16 +1289,15 @@ time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_const_t resp) if (resp == NULL || resp->basicresp == NULL) { gnutls_assert(); - return (time_t) (-1); + return (time_t)(-1); } len = sizeof(ttime) - 1; - ret = - asn1_read_value(resp->basicresp, "tbsResponseData.producedAt", - ttime, &len); + ret = asn1_read_value(resp->basicresp, "tbsResponseData.producedAt", + ttime, &len); if (ret != ASN1_SUCCESS) { gnutls_assert(); - return (time_t) (-1); + return (time_t)(-1); } c_time = _gnutls_x509_generalTime2gtime(ttime); @@ -1351,15 +1319,12 @@ time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_const_t resp) * * Since: 3.1.3 **/ -int -gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_const_t resp, - unsigned int indx, gnutls_x509_crt_t crt) +int gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_const_t resp, unsigned int indx, + gnutls_x509_crt_t crt) { int ret; gnutls_digest_algorithm_t digest; - gnutls_datum_t rdn_hash = { NULL, 0 }, rserial = { - NULL, 0 - }; + gnutls_datum_t rdn_hash = { NULL, 0 }, rserial = { NULL, 0 }; gnutls_datum_t cserial = { NULL, 0 }; gnutls_datum_t dn = { NULL, 0 }; uint8_t cdn_hash[MAX_HASH_SIZE]; @@ -1368,10 +1333,9 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_const_t resp, if (resp == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - ret = - gnutls_ocsp_resp_get_single(resp, indx, &digest, &rdn_hash, - NULL, &rserial, NULL, NULL, NULL, - NULL, NULL); + ret = gnutls_ocsp_resp_get_single(resp, indx, &digest, &rdn_hash, NULL, + &rserial, NULL, NULL, NULL, NULL, + NULL); if (ret < 0) return gnutls_assert_val(ret); @@ -1401,8 +1365,8 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_const_t resp, } cserial.size = t; - if (rserial.size != cserial.size - || memcmp(cserial.data, rserial.data, rserial.size) != 0) { + if (rserial.size != cserial.size || + memcmp(cserial.data, rserial.data, rserial.size) != 0) { ret = GNUTLS_E_OCSP_RESPONSE_ERROR; gnutls_assert(); goto cleanup; @@ -1428,7 +1392,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_const_t resp, ret = 0; - cleanup: +cleanup: gnutls_free(rdn_hash.data); gnutls_free(rserial.data); gnutls_free(cserial.data); @@ -1464,18 +1428,14 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_const_t resp, * CertID available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be * returned. **/ -int -gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_const_t resp, - unsigned indx, - gnutls_digest_algorithm_t * digest, - gnutls_datum_t * issuer_name_hash, - gnutls_datum_t * issuer_key_hash, - gnutls_datum_t * serial_number, - unsigned int *cert_status, - time_t * this_update, - time_t * next_update, - time_t * revocation_time, - unsigned int *revocation_reason) +int gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_const_t resp, unsigned indx, + gnutls_digest_algorithm_t *digest, + gnutls_datum_t *issuer_name_hash, + gnutls_datum_t *issuer_key_hash, + gnutls_datum_t *serial_number, + unsigned int *cert_status, time_t *this_update, + time_t *next_update, time_t *revocation_time, + unsigned int *revocation_reason) { char name[MAX_NAME_SIZE]; int ret, result; @@ -1493,9 +1453,10 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_const_t resp, serial_number->data = NULL; if (digest) { - snprintf(name, sizeof(name), - "tbsResponseData.responses.?%u.certID.hashAlgorithm.algorithm", - indx + 1); + snprintf( + name, sizeof(name), + "tbsResponseData.responses.?%u.certID.hashAlgorithm.algorithm", + indx + 1); len = sizeof(oidtmp); result = asn1_read_value(resp->basicresp, name, oidtmp, &len); if (result == ASN1_ELEMENT_NOT_FOUND) { @@ -1600,7 +1561,7 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_const_t resp, result = asn1_read_value(resp->basicresp, name, ttime, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); - *next_update = (time_t) (-1); + *next_update = (time_t)(-1); } else *next_update = _gnutls_x509_generalTime2gtime(ttime); } @@ -1608,22 +1569,24 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_const_t resp, if (revocation_time) { snprintf(name, sizeof(name), "tbsResponseData.responses.?%u.certStatus." - "revoked.revocationTime", indx + 1); + "revoked.revocationTime", + indx + 1); len = sizeof(ttime) - 1; result = asn1_read_value(resp->basicresp, name, ttime, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); - *revocation_time = (time_t) (-1); + *revocation_time = (time_t)(-1); } else *revocation_time = - _gnutls_x509_generalTime2gtime(ttime); + _gnutls_x509_generalTime2gtime(ttime); } /* revocation_reason */ if (revocation_reason) { snprintf(name, sizeof(name), "tbsResponseData.responses.?%u.certStatus." - "revoked.revocationReason", indx + 1); + "revoked.revocationReason", + indx + 1); ret = _gnutls_x509_read_uint(resp->basicresp, name, revocation_reason); @@ -1632,7 +1595,7 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_const_t resp, } return GNUTLS_E_SUCCESS; - fail: +fail: if (issuer_name_hash) gnutls_free(issuer_name_hash->data); if (issuer_key_hash) @@ -1667,11 +1630,9 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_const_t resp, * extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will * be returned. **/ -int -gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_const_t resp, - unsigned indx, - gnutls_datum_t * oid, - unsigned int *critical, gnutls_datum_t * data) +int gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_const_t resp, unsigned indx, + gnutls_datum_t *oid, unsigned int *critical, + gnutls_datum_t *data) { int ret; char str_critical[10]; @@ -1743,25 +1704,22 @@ gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_const_t resp, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error code is returned. **/ -int -gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_const_t resp, - unsigned int *critical, gnutls_datum_t * nonce) +int gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_const_t resp, + unsigned int *critical, gnutls_datum_t *nonce) { int ret; gnutls_datum_t tmp; - ret = - _gnutls_get_extension(resp->basicresp, - "tbsResponseData.responseExtensions", - GNUTLS_OCSP_NONCE, 0, &tmp, critical); + ret = _gnutls_get_extension(resp->basicresp, + "tbsResponseData.responseExtensions", + GNUTLS_OCSP_NONCE, 0, &tmp, critical); if (ret != GNUTLS_E_SUCCESS) { gnutls_assert(); return ret; } - ret = - _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, tmp.data, - (size_t)tmp.size, nonce, 0); + ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, tmp.data, + (size_t)tmp.size, nonce, 0); if (ret < 0) { gnutls_assert(); gnutls_free(tmp.data); @@ -1813,9 +1771,8 @@ int gnutls_ocsp_resp_get_signature_algorithm(gnutls_ocsp_resp_const_t resp) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_ocsp_resp_get_signature(gnutls_ocsp_resp_const_t resp, - gnutls_datum_t * sig) +int gnutls_ocsp_resp_get_signature(gnutls_ocsp_resp_const_t resp, + gnutls_datum_t *sig) { int ret; @@ -1855,9 +1812,8 @@ gnutls_ocsp_resp_get_signature(gnutls_ocsp_resp_const_t resp, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_const_t resp, - gnutls_x509_crt_t ** certs, size_t *ncerts) +int gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_const_t resp, + gnutls_x509_crt_t **certs, size_t *ncerts) { int ret; size_t ctr = 0, i; @@ -1933,7 +1889,7 @@ gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_const_t resp, return GNUTLS_E_SUCCESS; - error: +error: gnutls_free(c.data); for (i = 0; i < ctr; i++) gnutls_x509_crt_deinit(tmpcerts[i]); @@ -1956,9 +1912,8 @@ static gnutls_x509_crt_t find_signercert(gnutls_ocsp_resp_const_t resp) &riddn); if (rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_assert(); - rc = gnutls_ocsp_resp_get_responder_raw_id(resp, - GNUTLS_OCSP_RESP_ID_KEY, - &keyid); + rc = gnutls_ocsp_resp_get_responder_raw_id( + resp, GNUTLS_OCSP_RESP_ID_KEY, &keyid); } if (rc != GNUTLS_E_SUCCESS) { gnutls_assert(); @@ -1976,34 +1931,32 @@ static gnutls_x509_crt_t find_signercert(gnutls_ocsp_resp_const_t resp) assert(certs[i] != NULL); _gnutls_cert_log("checking whether signed against", certs[i]); if (keyid.data != NULL) { - uint8_t digest[64]; /* to support longer key IDs */ + uint8_t digest[64]; /* to support longer key IDs */ gnutls_datum_t spki; size_t digest_size = sizeof(digest); int len; - _gnutls_debug_log - ("checking key ID against SPK identifier\n"); + _gnutls_debug_log( + "checking key ID against SPK identifier\n"); /* check subject key identifier as well, some certificates * match that, but not the hash */ - rc = gnutls_x509_crt_get_subject_key_id(certs[i], - digest, - &digest_size, - NULL); - if (rc >= 0 && digest_size == keyid.size - && memcmp(keyid.data, digest, digest_size) == 0) { + rc = gnutls_x509_crt_get_subject_key_id( + certs[i], digest, &digest_size, NULL); + if (rc >= 0 && digest_size == keyid.size && + memcmp(keyid.data, digest, digest_size) == 0) { signercert = certs[i]; goto quit; } - _gnutls_debug_log - ("checking key ID against SPKI hash\n"); + _gnutls_debug_log( + "checking key ID against SPKI hash\n"); /* continue with checking the hash */ - rc = _gnutls_x509_get_raw_field2(certs[i]->cert, - &certs[i]->der, - "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", - &spki); + rc = _gnutls_x509_get_raw_field2( + certs[i]->cert, &certs[i]->der, + "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", + &spki); if (rc < 0 || spki.size < 6) { gnutls_assert(); signercert = NULL; @@ -2013,7 +1966,7 @@ static gnutls_x509_crt_t find_signercert(gnutls_ocsp_resp_const_t resp) /* For some reason the protocol requires we skip the * tag, length and number of unused bits. */ - if (spki.data[0] != 0x03) { /* bit string */ + if (spki.data[0] != 0x03) { /* bit string */ gnutls_assert(); signercert = NULL; continue; @@ -2026,7 +1979,7 @@ static gnutls_x509_crt_t find_signercert(gnutls_ocsp_resp_const_t resp) signercert = NULL; continue; } - len += 1 + 1; /* skip unused bits as well */ + len += 1 + 1; /* skip unused bits as well */ if (len >= (int)spki.size) { gnutls_assert(); signercert = NULL; @@ -2051,9 +2004,9 @@ static gnutls_x509_crt_t find_signercert(gnutls_ocsp_resp_const_t resp) _gnutls_debug_log("checking issuer DN\n"); assert(riddn.data != NULL); - if ((certs[i]->raw_dn.size == riddn.size) - && memcmp(riddn.data, certs[i]->raw_dn.data, - riddn.size) == 0) { + if ((certs[i]->raw_dn.size == riddn.size) && + memcmp(riddn.data, certs[i]->raw_dn.data, + riddn.size) == 0) { signercert = certs[i]; goto quit; } @@ -2064,7 +2017,7 @@ static gnutls_x509_crt_t find_signercert(gnutls_ocsp_resp_const_t resp) gnutls_assert(); signercert = NULL; - quit: +quit: gnutls_free(riddn.data); gnutls_free(keyid.data); for (i = 0; i < ncerts; i++) @@ -2074,10 +2027,9 @@ static gnutls_x509_crt_t find_signercert(gnutls_ocsp_resp_const_t resp) return signercert; } -static int -_ocsp_resp_verify_direct(gnutls_ocsp_resp_const_t resp, - gnutls_x509_crt_t signercert, - unsigned int *verify, unsigned int flags) +static int _ocsp_resp_verify_direct(gnutls_ocsp_resp_const_t resp, + gnutls_x509_crt_t signercert, + unsigned int *verify, unsigned int flags) { gnutls_datum_t sig = { NULL }; gnutls_datum_t data = { NULL }; @@ -2136,7 +2088,7 @@ _ocsp_resp_verify_direct(gnutls_ocsp_resp_const_t resp, rc = GNUTLS_E_SUCCESS; - done: +done: gnutls_free(sig.data); gnutls_pubkey_deinit(pubkey); @@ -2167,9 +2119,8 @@ static int check_ocsp_purpose(gnutls_x509_crt_t signercert) for (indx = 0;; indx++) { oidsize = sizeof(oidtmp); - rc = gnutls_x509_crt_get_key_purpose_oid(signercert, indx, - oidtmp, &oidsize, - NULL); + rc = gnutls_x509_crt_get_key_purpose_oid( + signercert, indx, oidtmp, &oidsize, NULL); if (rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_assert(); @@ -2215,10 +2166,9 @@ static int check_ocsp_purpose(gnutls_x509_crt_t signercert) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_const_t resp, - gnutls_x509_crt_t issuer, - unsigned int *verify, unsigned int flags) +int gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_const_t resp, + gnutls_x509_crt_t issuer, + unsigned int *verify, unsigned int flags) { gnutls_x509_crt_t signercert; int rc; @@ -2232,7 +2182,6 @@ gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_const_t resp, if (!signercert) { signercert = issuer; } else if (!gnutls_x509_crt_equals(signercert, issuer)) { - /* response contains a signer. Verify him */ unsigned int vtmp; @@ -2263,7 +2212,7 @@ gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_const_t resp, rc = _ocsp_resp_verify_direct(resp, signercert, verify, flags); - done: +done: if (signercert != issuer) gnutls_x509_crt_deinit(signercert); @@ -2300,10 +2249,9 @@ gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_const_t resp, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp, - gnutls_x509_trust_list_t trustlist, - unsigned int *verify, unsigned int flags) +int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp, + gnutls_x509_trust_list_t trustlist, + unsigned int *verify, unsigned int flags) { gnutls_x509_crt_t signercert = NULL; int rc; @@ -2321,9 +2269,8 @@ gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp, if (!signercert) { gnutls_datum_t dn; - rc = gnutls_ocsp_resp_get_responder_raw_id(resp, - GNUTLS_OCSP_RESP_ID_DN, - &dn); + rc = gnutls_ocsp_resp_get_responder_raw_id( + resp, GNUTLS_OCSP_RESP_ID_DN, &dn); if (rc < 0) { gnutls_assert(); *verify = GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND; @@ -2357,11 +2304,9 @@ gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp, gnutls_assert(); - rc = gnutls_x509_trust_list_verify_crt2(trustlist, - &signercert, 1, - &vdata, 1, - flags, &vtmp, - NULL); + rc = gnutls_x509_trust_list_verify_crt2( + trustlist, &signercert, 1, &vdata, 1, flags, + &vtmp, NULL); if (rc != GNUTLS_E_SUCCESS) { gnutls_assert(); goto done; @@ -2378,7 +2323,7 @@ gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp, if (rc < 0) { gnutls_assert(); *verify = - GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR; + GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR; rc = GNUTLS_E_SUCCESS; goto done; } @@ -2387,7 +2332,7 @@ gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp, rc = _ocsp_resp_verify_direct(resp, signercert, verify, flags); - done: +done: gnutls_x509_crt_deinit(signercert); return rc; @@ -2417,11 +2362,11 @@ gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp, * * Since: 3.6.3 **/ -int -gnutls_ocsp_resp_list_import2(gnutls_ocsp_resp_t ** ocsps, - unsigned int *size, - const gnutls_datum_t * resp_data, - gnutls_x509_crt_fmt_t format, unsigned int flags) +int gnutls_ocsp_resp_list_import2(gnutls_ocsp_resp_t **ocsps, + unsigned int *size, + const gnutls_datum_t *resp_data, + gnutls_x509_crt_fmt_t format, + unsigned int flags) { gnutls_ocsp_resp_t resp = NULL; gnutls_ocsp_resp_t *new_ocsps; @@ -2438,17 +2383,15 @@ gnutls_ocsp_resp_list_import2(gnutls_ocsp_resp_t ** ocsps, p.data = memmem(p.data, p.size, PEM_OCSP_RESPONSE, sizeof(PEM_OCSP_RESPONSE) - 1); if (p.data == NULL) { - ret = - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + ret = gnutls_assert_val( + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } p.size -= p.data - resp_data->data; if (p.size <= 0) { - ret = - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + ret = gnutls_assert_val( + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); goto cleanup; } @@ -2459,9 +2402,8 @@ gnutls_ocsp_resp_list_import2(gnutls_ocsp_resp_t ** ocsps, goto fail; } - ret = - gnutls_ocsp_resp_import2(resp, &p, - GNUTLS_X509_FMT_PEM); + ret = gnutls_ocsp_resp_import2(resp, &p, + GNUTLS_X509_FMT_PEM); if (ret < 0) { gnutls_assert(); goto fail; @@ -2472,10 +2414,8 @@ gnutls_ocsp_resp_list_import2(gnutls_ocsp_resp_t ** ocsps, goto fail; } - new_ocsps = _gnutls_reallocarray(*ocsps, - *size + 1, - sizeof - (gnutls_ocsp_resp_t)); + new_ocsps = _gnutls_reallocarray( + *ocsps, *size + 1, sizeof(gnutls_ocsp_resp_t)); if (new_ocsps == NULL) { resp = NULL; gnutls_assert(); @@ -2503,9 +2443,8 @@ gnutls_ocsp_resp_list_import2(gnutls_ocsp_resp_t ** ocsps, return gnutls_assert_val(ret); } - ret = - gnutls_ocsp_resp_import2(resp, resp_data, - GNUTLS_X509_FMT_DER); + ret = gnutls_ocsp_resp_import2(resp, resp_data, + GNUTLS_X509_FMT_DER); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2526,13 +2465,13 @@ gnutls_ocsp_resp_list_import2(gnutls_ocsp_resp_t ** ocsps, ret = 0; goto cleanup; - fail: +fail: for (i = 0; i < *size; i++) { gnutls_ocsp_resp_deinit((*ocsps)[i]); } gnutls_free(*ocsps); - cleanup: +cleanup: if (resp) gnutls_ocsp_resp_deinit(resp); return ret; @@ -2550,12 +2489,12 @@ time_t _gnutls_ocsp_get_validity(gnutls_ocsp_resp_const_t resp) int ret; ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL, - &cert_status, &vtime, &ntime, - &rtime, NULL); + &cert_status, &vtime, &ntime, &rtime, + NULL); if (ret < 0) { - _gnutls_debug_log - ("There was an error parsing the OCSP response: %s\n", - gnutls_strerror(ret)); + _gnutls_debug_log( + "There was an error parsing the OCSP response: %s\n", + gnutls_strerror(ret)); return gnutls_assert_val(-1); } @@ -2605,39 +2544,37 @@ const char *_gnutls_ocsp_verify_status_to_str(gnutls_ocsp_verify_reason_t r, _("The OCSP response is trusted. ")); if (r & GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND) - _gnutls_buffer_append_str(&str, - _ - ("The OCSP response's signer could not be found. ")); + _gnutls_buffer_append_str( + &str, + _("The OCSP response's signer could not be found. ")); if (r & GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR) - _gnutls_buffer_append_str(&str, - _ - ("Error in the signer's key usageflags. ")); + _gnutls_buffer_append_str( + &str, _("Error in the signer's key usageflags. ")); if (r & GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) - _gnutls_buffer_append_str(&str, - _ - ("The OCSP response's signer is not trusted. ")); + _gnutls_buffer_append_str( + &str, _("The OCSP response's signer is not trusted. ")); if (r & GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) - _gnutls_buffer_append_str(&str, - _ - ("The OCSP response depends on insecure algorithms. ")); + _gnutls_buffer_append_str( + &str, + _("The OCSP response depends on insecure algorithms. ")); if (r & GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE) - _gnutls_buffer_append_str(&str, - _ - ("The OCSP response's signature cannot be validated. ")); + _gnutls_buffer_append_str( + &str, + _("The OCSP response's signature cannot be validated. ")); if (r & GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED) - _gnutls_buffer_append_str(&str, - _ - ("The OCSP response's signer's certificate is not activated. ")); + _gnutls_buffer_append_str( + &str, + _("The OCSP response's signer's certificate is not activated. ")); if (r & GNUTLS_OCSP_VERIFY_CERT_EXPIRED) - _gnutls_buffer_append_str(&str, - _ - ("The OCSP response's signer's certificate is expired. ")); + _gnutls_buffer_append_str( + &str, + _("The OCSP response's signer's certificate is expired. ")); ret = _gnutls_buffer_to_datum(&str, &buf, 1); if (ret < 0) diff --git a/lib/x509/ocsp.h b/lib/x509/ocsp.h index 8607a01ed5..98127dcffd 100644 --- a/lib/x509/ocsp.h +++ b/lib/x509/ocsp.h @@ -21,18 +21,18 @@ */ #ifndef GNUTLS_LIB_X509_OCSP_H -# define GNUTLS_LIB_X509_OCSP_H +#define GNUTLS_LIB_X509_OCSP_H /* Online Certificate Status Protocol - RFC 2560 */ -# include <gnutls/ocsp.h> +#include <gnutls/ocsp.h> /* fifteen days */ -# define MAX_OCSP_VALIDITY_SECS (15*60*60*24) +#define MAX_OCSP_VALIDITY_SECS (15 * 60 * 60 * 24) time_t _gnutls_ocsp_get_validity(gnutls_ocsp_resp_const_t resp); -# define MAX_OCSP_MSG_SIZE 128 +#define MAX_OCSP_MSG_SIZE 128 const char *_gnutls_ocsp_verify_status_to_str(gnutls_ocsp_verify_reason_t r, char out[MAX_OCSP_MSG_SIZE]); -#endif /* GNUTLS_LIB_X509_OCSP_H */ +#endif /* GNUTLS_LIB_X509_OCSP_H */ diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c index cdab4e866b..5fbbf86df8 100644 --- a/lib/x509/ocsp_output.c +++ b/lib/x509/ocsp_output.c @@ -35,7 +35,7 @@ #define addf _gnutls_buffer_append_printf #define adds _gnutls_buffer_append_str -static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_const_t req) +static void print_req(gnutls_buffer_st *str, gnutls_ocsp_req_const_t req) { int ret; unsigned indx; @@ -58,9 +58,8 @@ static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_const_t req) gnutls_digest_algorithm_t digest; gnutls_datum_t in, ik, sn; - ret = - gnutls_ocsp_req_get_cert_id(req, indx, &digest, &in, - &ik, &sn); + ret = gnutls_ocsp_req_get_cert_id(req, indx, &digest, &in, &ik, + &sn); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; addf(str, "\t\tCertificate ID:\n"); @@ -96,9 +95,8 @@ static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_const_t req) unsigned int critical; gnutls_datum_t data; - ret = - gnutls_ocsp_req_get_extension(req, indx, &oid, - &critical, &data); + ret = gnutls_ocsp_req_get_extension(req, indx, &oid, &critical, + &data); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret != GNUTLS_E_SUCCESS) { @@ -127,8 +125,8 @@ static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_const_t req) gnutls_free(nonce.data); } } else { - addf(str, "\t\tUnknown extension %s (%s):\n", - oid.data, critical ? "critical" : "not critical"); + addf(str, "\t\tUnknown extension %s (%s):\n", oid.data, + critical ? "critical" : "not critical"); adds(str, _("\t\t\tASCII: ")); _gnutls_buffer_asciiprint(str, (char *)data.data, @@ -165,9 +163,9 @@ static void print_req(gnutls_buffer_st * str, gnutls_ocsp_req_const_t req) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_ocsp_req_print(gnutls_ocsp_req_const_t req, - gnutls_ocsp_print_formats_t format, gnutls_datum_t * out) +int gnutls_ocsp_req_print(gnutls_ocsp_req_const_t req, + gnutls_ocsp_print_formats_t format, + gnutls_datum_t *out) { gnutls_buffer_st str; int rc; @@ -192,9 +190,8 @@ gnutls_ocsp_req_print(gnutls_ocsp_req_const_t req, return GNUTLS_E_SUCCESS; } -static void -print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, - gnutls_ocsp_print_formats_t format) +static void print_resp(gnutls_buffer_st *str, gnutls_ocsp_resp_const_t resp, + gnutls_ocsp_print_formats_t format) { int ret; unsigned indx; @@ -250,13 +247,13 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, adds(str, "\tResponse Type: "); #define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1" - if (oid.size == sizeof(OCSP_BASIC) - 1 - && memcmp(oid.data, OCSP_BASIC, oid.size) == 0) { + if (oid.size == sizeof(OCSP_BASIC) - 1 && + memcmp(oid.data, OCSP_BASIC, oid.size) == 0) { adds(str, "Basic OCSP Response\n"); gnutls_free(oid.data); } else { - addf(str, "Unknown response type (%.*s)\n", - oid.size, oid.data); + addf(str, "Unknown response type (%.*s)\n", oid.size, + oid.data); gnutls_free(oid.data); return; } @@ -279,10 +276,8 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, ret = gnutls_ocsp_resp_get_responder2(resp, &dn, 0); if (ret < 0) { if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - ret = - gnutls_ocsp_resp_get_responder_raw_id(resp, - GNUTLS_OCSP_RESP_ID_KEY, - &dn); + ret = gnutls_ocsp_resp_get_responder_raw_id( + resp, GNUTLS_OCSP_RESP_ID_KEY, &dn); if (ret >= 0) { addf(str, _("\tResponder Key ID: ")); @@ -307,13 +302,12 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, struct tm t; time_t tim = gnutls_ocsp_resp_get_produced(resp); - if (tim == (time_t) - 1) + if (tim == (time_t)-1) addf(str, "error: ocsp_resp_get_produced\n"); else if (gmtime_r(&tim, &t) == NULL) addf(str, "error: gmtime_r (%ld)\n", (unsigned long)tim); - else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) - == 0) + else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) addf(str, "error: strftime (%ld)\n", (unsigned long)tim); else @@ -330,12 +324,9 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, time_t revocation_time; unsigned int revocation_reason; - ret = gnutls_ocsp_resp_get_single(resp, - indx, - &digest, &in, &ik, &sn, - &cert_status, - &this_update, - &next_update, + ret = gnutls_ocsp_resp_get_single(resp, indx, &digest, &in, &ik, + &sn, &cert_status, + &this_update, &next_update, &revocation_time, &revocation_reason); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) @@ -399,13 +390,13 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, size_t max = sizeof(s); struct tm t; - if (revocation_time == (time_t) - 1) + if (revocation_time == (time_t)-1) addf(str, "error: revocation_time\n"); else if (gmtime_r(&revocation_time, &t) == NULL) addf(str, "error: gmtime_r (%ld)\n", (unsigned long)revocation_time); - else if (strftime - (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) + else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", + &t) == 0) addf(str, "error: strftime (%ld)\n", (unsigned long)revocation_time); else @@ -417,13 +408,13 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, size_t max = sizeof(s); struct tm t; - if (this_update == (time_t) - 1) + if (this_update == (time_t)-1) addf(str, "error: this_update\n"); else if (gmtime_r(&this_update, &t) == NULL) addf(str, "error: gmtime_r (%ld)\n", (unsigned long)this_update); - else if (strftime - (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) + else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", + &t) == 0) addf(str, "error: strftime (%ld)\n", (unsigned long)this_update); else @@ -435,13 +426,13 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, size_t max = sizeof(s); struct tm t; - if (next_update != (time_t) - 1) { + if (next_update != (time_t)-1) { if (gmtime_r(&next_update, &t) == NULL) addf(str, "error: gmtime_r (%ld)\n", (unsigned long)next_update); - else if (strftime - (s, max, "%a %b %d %H:%M:%S UTC %Y", - &t) == 0) + else if (strftime(s, max, + "%a %b %d %H:%M:%S UTC %Y", + &t) == 0) addf(str, "error: strftime (%ld)\n", (unsigned long)next_update); else @@ -459,9 +450,8 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, unsigned int critical; gnutls_datum_t data; - ret = - gnutls_ocsp_resp_get_extension(resp, indx, &oid, - &critical, &data); + ret = gnutls_ocsp_resp_get_extension(resp, indx, &oid, + &critical, &data); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret != GNUTLS_E_SUCCESS) { @@ -488,8 +478,8 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, gnutls_free(nonce.data); } } else { - addf(str, "\t\tUnknown extension %s (%s):\n", - oid.data, critical ? "critical" : "not critical"); + addf(str, "\t\tUnknown extension %s (%s):\n", oid.data, + critical ? "critical" : "not critical"); adds(str, _("\t\t\tASCII: ")); _gnutls_buffer_asciiprint(str, (char *)data.data, @@ -504,7 +494,6 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, gnutls_free(oid.data); gnutls_free(data.data); - } ret = gnutls_ocsp_resp_get_signature_algorithm(resp); @@ -518,9 +507,8 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, addf(str, _("\tSignature Algorithm: %s\n"), name); } if (ret != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure(ret) == 0) { - adds(str, - _("warning: signed using a broken signature " - "algorithm that can be forged.\n")); + adds(str, _("warning: signed using a broken signature " + "algorithm that can be forged.\n")); } if (format == GNUTLS_OCSP_PRINT_FULL) { @@ -553,10 +541,8 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, for (i = 0; i < ncerts; i++) { size_t s = 0; - ret = - gnutls_x509_crt_print(certs[i], - GNUTLS_CRT_PRINT_FULL, - &out); + ret = gnutls_x509_crt_print( + certs[i], GNUTLS_CRT_PRINT_FULL, &out); if (ret < 0) addf(str, "error: crt_print: %s\n", gnutls_strerror(ret)); @@ -565,32 +551,28 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, gnutls_free(out.data); } - ret = - gnutls_x509_crt_export(certs[i], - GNUTLS_X509_FMT_PEM, - NULL, &s); + ret = gnutls_x509_crt_export( + certs[i], GNUTLS_X509_FMT_PEM, NULL, + &s); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - addf(str, - "error: crt_export: %s\n", + addf(str, "error: crt_export: %s\n", gnutls_strerror(ret)); else { out.data = gnutls_malloc(s); if (out.data == NULL) - addf(str, - "error: malloc: %s\n", - gnutls_strerror - (GNUTLS_E_MEMORY_ERROR)); + addf(str, "error: malloc: %s\n", + gnutls_strerror( + GNUTLS_E_MEMORY_ERROR)); else { - ret = - gnutls_x509_crt_export - (certs[i], - GNUTLS_X509_FMT_PEM, - out.data, &s); + ret = gnutls_x509_crt_export( + certs[i], + GNUTLS_X509_FMT_PEM, + out.data, &s); if (ret < 0) addf(str, "error: crt_export: %s\n", - gnutls_strerror - (ret)); + gnutls_strerror( + ret)); else { out.size = s; addf(str, "%.*s", @@ -625,9 +607,9 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_const_t resp, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_ocsp_resp_print(gnutls_ocsp_resp_const_t resp, - gnutls_ocsp_print_formats_t format, gnutls_datum_t * out) +int gnutls_ocsp_resp_print(gnutls_ocsp_resp_const_t resp, + gnutls_ocsp_print_formats_t format, + gnutls_datum_t *out) { gnutls_buffer_st str; int rc; diff --git a/lib/x509/output.c b/lib/x509/output.c index 182155fda6..a984652115 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -36,11 +36,11 @@ #define addf _gnutls_buffer_append_printf #define adds _gnutls_buffer_append_str -#define NON_NULL(x) (((x)!=NULL)?((char*)(x)):"") -#define ERROR_STR (char*) "(error)" +#define NON_NULL(x) (((x) != NULL) ? ((char *)(x)) : "") +#define ERROR_STR (char *)"(error)" -static void print_idn_name(gnutls_buffer_st * str, const char *prefix, - const char *type, gnutls_datum_t * name) +static void print_idn_name(gnutls_buffer_st *str, const char *prefix, + const char *type, gnutls_datum_t *name) { unsigned printable = 1; unsigned is_printed = 0; @@ -57,9 +57,8 @@ static void print_idn_name(gnutls_buffer_st * str, const char *prefix, is_printed = 1; } else if (name->data != NULL) { if (strstr((char *)name->data, "xn--") != NULL) { - ret = - gnutls_idna_reverse_map((char *)name->data, - name->size, &out, 0); + ret = gnutls_idna_reverse_map((char *)name->data, + name->size, &out, 0); if (ret >= 0) { addf(str, _("%s%s: %.*s (%s)\n"), prefix, type, name->size, NON_NULL(name->data), @@ -76,8 +75,8 @@ static void print_idn_name(gnutls_buffer_st * str, const char *prefix, } } -static void print_idn_email(gnutls_buffer_st * str, const char *prefix, - const char *type, gnutls_datum_t * name) +static void print_idn_email(gnutls_buffer_st *str, const char *prefix, + const char *type, gnutls_datum_t *name) { unsigned printable = 1; unsigned is_printed = 0; @@ -94,9 +93,8 @@ static void print_idn_email(gnutls_buffer_st * str, const char *prefix, is_printed = 1; } else if (name->data != NULL) { if (strstr((char *)name->data, "xn--") != NULL) { - ret = - _gnutls_idna_email_reverse_map((char *)name->data, - name->size, &out); + ret = _gnutls_idna_email_reverse_map((char *)name->data, + name->size, &out); if (ret >= 0) { addf(str, _("%s%s: %.*s (%s)\n"), prefix, type, name->size, NON_NULL(name->data), @@ -113,23 +111,20 @@ static void print_idn_email(gnutls_buffer_st * str, const char *prefix, } } -static void -print_name(gnutls_buffer_st * str, const char *prefix, unsigned type, - gnutls_datum_t * name, unsigned ip_is_cidr) +static void print_name(gnutls_buffer_st *str, const char *prefix, unsigned type, + gnutls_datum_t *name, unsigned ip_is_cidr) { char *sname = (char *)name->data; char str_ip[64]; const char *p; - if ((type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_OTHERNAME_XMPP - || type == GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL - || type == GNUTLS_SAN_OTHERNAME_MSUSERPRINCIPAL - || type == GNUTLS_SAN_RFC822NAME - || type == GNUTLS_SAN_URI) && sname != NULL - && strlen(sname) != name->size) { - adds(str, - _("warning: SAN contains an embedded NUL, " - "replacing with '!'\n")); + if ((type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_OTHERNAME_XMPP || + type == GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL || + type == GNUTLS_SAN_OTHERNAME_MSUSERPRINCIPAL || + type == GNUTLS_SAN_RFC822NAME || type == GNUTLS_SAN_URI) && + sname != NULL && strlen(sname) != name->size) { + adds(str, _("warning: SAN contains an embedded NUL, " + "replacing with '!'\n")); while (strlen(sname) < name->size) name->data[strlen(sname)] = '!'; } @@ -311,7 +306,7 @@ static char *crl_get_sign_name(gnutls_x509_crl_t crl, int *algo) return gnutls_strdup(oid); } -static void print_proxy(gnutls_buffer_st * str, gnutls_datum_t * der) +static void print_proxy(gnutls_buffer_st *str, gnutls_datum_t *der) { int pathlen; char *policyLanguage; @@ -346,8 +341,8 @@ static void print_proxy(gnutls_buffer_st * str, gnutls_datum_t * der) gnutls_free(policyLanguage); } -static void print_nc(gnutls_buffer_st * str, const char *prefix, - gnutls_datum_t * der) +static void print_nc(gnutls_buffer_st *str, const char *prefix, + gnutls_datum_t *der) { gnutls_x509_name_constraints_t nc; int ret; @@ -367,9 +362,8 @@ static void print_nc(gnutls_buffer_st * str, const char *prefix, snprintf(new_prefix, sizeof(new_prefix), "%s\t\t\t\t", prefix); do { - ret = - gnutls_x509_name_constraints_get_permitted(nc, idx++, &type, - &name); + ret = gnutls_x509_name_constraints_get_permitted(nc, idx++, + &type, &name); if (ret >= 0) { if (idx == 1) @@ -381,9 +375,8 @@ static void print_nc(gnutls_buffer_st * str, const char *prefix, idx = 0; do { - ret = - gnutls_x509_name_constraints_get_excluded(nc, idx++, &type, - &name); + ret = gnutls_x509_name_constraints_get_excluded(nc, idx++, + &type, &name); if (ret >= 0) { if (idx == 1) @@ -393,11 +386,11 @@ static void print_nc(gnutls_buffer_st * str, const char *prefix, } } while (ret == 0); - cleanup: +cleanup: gnutls_x509_name_constraints_deinit(nc); } -static void print_aia(gnutls_buffer_st * str, const gnutls_datum_t * der) +static void print_aia(gnutls_buffer_st *str, const gnutls_datum_t *der) { int err; int seq; @@ -439,11 +432,11 @@ static void print_aia(gnutls_buffer_st * str, const gnutls_datum_t * der) print_name(str, "", san_type, &san, 0); } - cleanup: +cleanup: gnutls_x509_aia_deinit(aia); } -static void print_ski(gnutls_buffer_st * str, gnutls_datum_t * der) +static void print_ski(gnutls_buffer_st *str, gnutls_datum_t *der) { gnutls_datum_t id = { NULL, 0 }; int err; @@ -462,7 +455,7 @@ static void print_ski(gnutls_buffer_st * str, gnutls_datum_t * der) gnutls_free(id.data); } -static void print_time(gnutls_buffer_st * str, time_t timestamp) +static void print_time(gnutls_buffer_st *str, time_t timestamp) { char s[42]; size_t max = sizeof(s); @@ -479,7 +472,7 @@ static void print_time(gnutls_buffer_st * str, time_t timestamp) addf(str, "%s\n", s); } -static void print_scts(gnutls_buffer_st * str, const gnutls_datum_t * der, +static void print_scts(gnutls_buffer_st *str, const gnutls_datum_t *der, const char *prefix) { int retval; @@ -518,9 +511,8 @@ static void print_scts(gnutls_buffer_st * str, const gnutls_datum_t * der, continue; } - retval = gnutls_x509_ct_sct_get(scts, i, - ×tamp, - &logid, &sigalg, &sig); + retval = gnutls_x509_ct_sct_get(scts, i, ×tamp, &logid, + &sigalg, &sig); if (retval < 0) { addf(str, "error: could not get SCT info: %s\n", gnutls_strerror(retval)); @@ -533,10 +525,11 @@ static void print_scts(gnutls_buffer_st * str, const gnutls_datum_t * der, addf(str, "\n"); addf(str, _("%s\t\t\t\tTime: "), prefix); print_time(str, timestamp); - addf(str, _("%s\t\t\t\tExtensions: none\n"), /* there are no extensions defined for v1 */ + addf(str, + _("%s\t\t\t\tExtensions: none\n"), /* there are no extensions defined for v1 */ prefix); - addf(str, _("%s\t\t\t\tSignature algorithm: %s\n"), - prefix, gnutls_sign_get_name(sigalg)); + addf(str, _("%s\t\t\t\tSignature algorithm: %s\n"), prefix, + gnutls_sign_get_name(sigalg)); addf(str, _("%s\t\t\t\tSignature: "), prefix); _gnutls_buffer_hexprint(str, sig.data, sig.size); addf(str, "\n"); @@ -547,7 +540,7 @@ static void print_scts(gnutls_buffer_st * str, const gnutls_datum_t * der, logid.data = NULL; } - cleanup: +cleanup: _gnutls_free_datum(&sig); _gnutls_free_datum(&logid); gnutls_x509_ext_ct_scts_deinit(scts); @@ -561,16 +554,14 @@ typedef union { gnutls_x509_crq_t crq; } cert_type_t; -static void print_aki_gn_serial(gnutls_buffer_st * str, gnutls_x509_aki_t aki) +static void print_aki_gn_serial(gnutls_buffer_st *str, gnutls_x509_aki_t aki) { gnutls_datum_t san, other_oid, serial; unsigned int alt_type; int err; - err = - gnutls_x509_aki_get_cert_issuer(aki, - 0, &alt_type, &san, &other_oid, - &serial); + err = gnutls_x509_aki_get_cert_issuer(aki, 0, &alt_type, &san, + &other_oid, &serial); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { return; } else if (err < 0) { @@ -586,7 +577,7 @@ static void print_aki_gn_serial(gnutls_buffer_st * str, gnutls_x509_aki_t aki) adds(str, "\n"); } -static void print_aki(gnutls_buffer_st * str, gnutls_datum_t * der) +static void print_aki(gnutls_buffer_st *str, gnutls_datum_t *der) { int err; gnutls_x509_aki_t aki; @@ -623,13 +614,12 @@ static void print_aki(gnutls_buffer_st * str, gnutls_datum_t * der) _gnutls_buffer_hexprint(str, id.data, id.size); adds(str, "\n"); - cleanup: +cleanup: gnutls_x509_aki_deinit(aki); } -static void -print_key_usage2(gnutls_buffer_st * str, const char *prefix, - unsigned int key_usage) +static void print_key_usage2(gnutls_buffer_st *str, const char *prefix, + unsigned int key_usage) { if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE) addf(str, _("%sDigital signature.\n"), prefix); @@ -651,9 +641,8 @@ print_key_usage2(gnutls_buffer_st * str, const char *prefix, addf(str, _("%sKey decipher only.\n"), prefix); } -static void -print_key_usage(gnutls_buffer_st * str, const char *prefix, - gnutls_datum_t * der) +static void print_key_usage(gnutls_buffer_st *str, const char *prefix, + gnutls_datum_t *der) { unsigned int key_usage; int err; @@ -667,9 +656,9 @@ print_key_usage(gnutls_buffer_st * str, const char *prefix, print_key_usage2(str, prefix, key_usage); } -static void -print_private_key_usage_period(gnutls_buffer_st * str, const char *prefix, - gnutls_datum_t * der) +static void print_private_key_usage_period(gnutls_buffer_st *str, + const char *prefix, + gnutls_datum_t *der) { time_t activation, expiration; int err; @@ -677,9 +666,8 @@ print_private_key_usage_period(gnutls_buffer_st * str, const char *prefix, struct tm t; size_t max; - err = - gnutls_x509_ext_import_private_key_usage_period(der, &activation, - &expiration); + err = gnutls_x509_ext_import_private_key_usage_period(der, &activation, + &expiration); if (err < 0) { addf(str, "error: get_private_key_usage_period: %s\n", gnutls_strerror(err)); @@ -701,10 +689,9 @@ print_private_key_usage_period(gnutls_buffer_st * str, const char *prefix, addf(str, "error: strftime (%ld)\n", (unsigned long)expiration); else addf(str, _("\t\t\tNot After: %s\n"), s); - } -static void print_crldist(gnutls_buffer_st * str, gnutls_datum_t * der) +static void print_crldist(gnutls_buffer_st *str, gnutls_datum_t *der) { int err; int indx; @@ -727,9 +714,8 @@ static void print_crldist(gnutls_buffer_st * str, gnutls_datum_t * der) } for (indx = 0;; indx++) { - err = - gnutls_x509_crl_dist_points_get(dp, indx, &type, &dist, - &flags); + err = gnutls_x509_crl_dist_points_get(dp, indx, &type, &dist, + &flags); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) goto cleanup; else if (err < 0) { @@ -740,13 +726,12 @@ static void print_crldist(gnutls_buffer_st * str, gnutls_datum_t * der) print_name(str, "\t\t\t", type, &dist, 0); } - cleanup: +cleanup: gnutls_x509_crl_dist_points_deinit(dp); } -static void -print_key_purpose(gnutls_buffer_st * str, const char *prefix, - gnutls_datum_t * der) +static void print_key_purpose(gnutls_buffer_st *str, const char *prefix, + gnutls_datum_t *der) { int indx; gnutls_datum_t oid; @@ -800,12 +785,12 @@ print_key_purpose(gnutls_buffer_st * str, const char *prefix, else addf(str, "%s\t\t\t%s\n", prefix, p); } - cleanup: +cleanup: gnutls_x509_key_purpose_deinit(purposes); } -static void -print_basic(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t * der) +static void print_basic(gnutls_buffer_st *str, const char *prefix, + gnutls_datum_t *der) { int pathlen; unsigned ca; @@ -826,12 +811,12 @@ print_basic(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t * der) prefix); if (pathlen >= 0) - addf(str, _("%s\t\t\tPath Length Constraint: %d\n"), - prefix, pathlen); + addf(str, _("%s\t\t\tPath Length Constraint: %d\n"), prefix, + pathlen); } -static void -print_altname(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t * der) +static void print_altname(gnutls_buffer_st *str, const char *prefix, + gnutls_datum_t *der) { unsigned int altname_idx; gnutls_subject_alt_names_t names; @@ -857,13 +842,12 @@ print_altname(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t * der) } for (altname_idx = 0;; altname_idx++) { - err = gnutls_subject_alt_names_get(names, altname_idx, - &type, &san, &othername); + err = gnutls_subject_alt_names_get(names, altname_idx, &type, + &san, &othername); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (err < 0) { - addf(str, - "error: gnutls_subject_alt_names_get: %s\n", + addf(str, "error: gnutls_subject_alt_names_get: %s\n", gnutls_strerror(err)); break; } @@ -872,10 +856,8 @@ print_altname(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t * der) unsigned vtype; gnutls_datum_t virt; - err = gnutls_x509_othername_to_virtual((char *) - othername.data, - &san, &vtype, - &virt); + err = gnutls_x509_othername_to_virtual( + (char *)othername.data, &san, &vtype, &virt); if (err >= 0) { snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix); print_name(str, pfx, vtype, &virt, 0); @@ -883,10 +865,8 @@ print_altname(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t * der) continue; } - addf(str, - _("%s\t\t\totherName OID: %.*s\n"), - prefix, (int)othername.size, - (char *)othername.data); + addf(str, _("%s\t\t\totherName OID: %.*s\n"), prefix, + (int)othername.size, (char *)othername.data); addf(str, _("%s\t\t\totherName DER: "), prefix); _gnutls_buffer_hexprint(str, san.data, san.size); addf(str, _("\n%s\t\t\totherName ASCII: "), prefix); @@ -894,18 +874,17 @@ print_altname(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t * der) san.size); addf(str, "\n"); } else { - snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix); print_name(str, pfx, type, &san, 0); } } - cleanup: +cleanup: gnutls_subject_alt_names_deinit(names); } -static void -guiddump(gnutls_buffer_st * str, const char *data, size_t len, const char *spc) +static void guiddump(gnutls_buffer_st *str, const char *data, size_t len, + const char *spc) { size_t j; @@ -932,18 +911,18 @@ guiddump(gnutls_buffer_st * str, const char *data, size_t len, const char *spc) addf(str, "}\n"); } -static void -print_unique_ids(gnutls_buffer_st * str, const gnutls_x509_crt_t cert) +static void print_unique_ids(gnutls_buffer_st *str, + const gnutls_x509_crt_t cert) { int result; - char buf[256]; /* if its longer, we won't bother to print it */ + char buf[256]; /* if its longer, we won't bother to print it */ size_t buf_size = 256; result = gnutls_x509_crt_get_issuer_unique_id(cert, buf, &buf_size); if (result >= 0) { addf(str, ("\tIssuer Unique ID:\n")); _gnutls_buffer_hexdump(str, buf, buf_size, "\t\t\t"); - if (buf_size == 16) { /* this could be a GUID */ + if (buf_size == 16) { /* this could be a GUID */ guiddump(str, buf, buf_size, "\t\t\t"); } } @@ -953,14 +932,14 @@ print_unique_ids(gnutls_buffer_st * str, const gnutls_x509_crt_t cert) if (result >= 0) { addf(str, ("\tSubject Unique ID:\n")); _gnutls_buffer_hexdump(str, buf, buf_size, "\t\t\t"); - if (buf_size == 16) { /* this could be a GUID */ + if (buf_size == 16) { /* this could be a GUID */ guiddump(str, buf, buf_size, "\t\t\t"); } } } -static void print_tlsfeatures(gnutls_buffer_st * str, const char *prefix, - const gnutls_datum_t * der) +static void print_tlsfeatures(gnutls_buffer_st *str, const char *prefix, + const gnutls_datum_t *der) { int err; int seq; @@ -995,19 +974,18 @@ static void print_tlsfeatures(gnutls_buffer_st * str, const char *prefix, addf(str, "%s\t\t\t%s(%u)\n", prefix, name, feature); } - cleanup: +cleanup: gnutls_x509_tlsfeatures_deinit(features); } -static void print_subject_sign_tool(gnutls_buffer_st * str, const char *prefix, - const gnutls_datum_t * der) +static void print_subject_sign_tool(gnutls_buffer_st *str, const char *prefix, + const gnutls_datum_t *der) { int ret; gnutls_datum_t tmp = { NULL, 0 }; - ret = - _gnutls_x509_decode_string(ASN1_ETYPE_UTF8_STRING, der->data, - der->size, &tmp, 0); + ret = _gnutls_x509_decode_string(ASN1_ETYPE_UTF8_STRING, der->data, + der->size, &tmp, 0); if (ret < 0) { addf(str, _("%s\t\t\tASCII: "), prefix); _gnutls_buffer_asciiprint(str, (char *)der->data, der->size); @@ -1024,17 +1002,17 @@ static void print_subject_sign_tool(gnutls_buffer_st * str, const char *prefix, _gnutls_free_datum(&tmp); } -static void print_issuer_sign_tool(gnutls_buffer_st * str, const char *prefix, - const gnutls_datum_t * der) +static void print_issuer_sign_tool(gnutls_buffer_st *str, const char *prefix, + const gnutls_datum_t *der) { int ret; asn1_node tmpasn = NULL; char asn1_err[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = ""; gnutls_datum_t tmp; - if (asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.IssuerSignTool", - &tmpasn) != ASN1_SUCCESS) { + if (asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.IssuerSignTool", + &tmpasn) != ASN1_SUCCESS) { gnutls_assert(); goto hexdump; } @@ -1086,7 +1064,7 @@ static void print_issuer_sign_tool(gnutls_buffer_st * str, const char *prefix, return; - hexdump: +hexdump: asn1_delete_structure(&tmpasn); addf(str, _("%s\t\t\tASCII: "), prefix); @@ -1098,7 +1076,10 @@ static void print_issuer_sign_tool(gnutls_buffer_st * str, const char *prefix, adds(str, "\n"); } -#define ENTRY(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, 0} +#define ENTRY(oid, name) \ + { \ + oid, sizeof(oid) - 1, name, sizeof(name) - 1, NULL, 0 \ + } static const struct oid_to_string cp_oid2str[] = { ENTRY("2.5.29.32.0", "anyPolicy"), @@ -1116,7 +1097,7 @@ static const struct oid_to_string cp_oid2str[] = { ENTRY("1.2.643.100.113.5", "Russian security class KB2"), ENTRY("1.2.643.100.113.6", "Russian security class KA1"), - {NULL, 0, NULL, 0}, + { NULL, 0, NULL, 0 }, }; struct ext_indexes_st { @@ -1132,9 +1113,9 @@ struct ext_indexes_st { int tlsfeatures; }; -static void print_extension(gnutls_buffer_st * str, const char *prefix, +static void print_extension(gnutls_buffer_st *str, const char *prefix, struct ext_indexes_st *idx, const char *oid, - unsigned critical, gnutls_datum_t * der) + unsigned critical, gnutls_datum_t *der) { int err; unsigned j; @@ -1145,8 +1126,8 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, addf(str, "warning: more than one basic constraint\n"); } - addf(str, _("%s\t\tBasic Constraints (%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tBasic Constraints (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_basic(str, prefix, der); idx->basic++; @@ -1156,9 +1137,8 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, addf(str, "warning: more than one SKI extension\n"); } - addf(str, - _("%s\t\tSubject Key Identifier (%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tSubject Key Identifier (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_ski(str, der); @@ -1172,16 +1152,14 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, err = gnutls_x509_policies_init(&policies); if (err < 0) { - addf(str, - "error: certificate policies: %s\n", + addf(str, "error: certificate policies: %s\n", gnutls_strerror(err)); return; } err = gnutls_x509_ext_import_policies(der, policies, 0); if (err < 0) { - addf(str, - "error: certificate policies import: %s\n", + addf(str, "error: certificate policies import: %s\n", gnutls_strerror(err)); gnutls_x509_policies_deinit(policies); return; @@ -1193,18 +1171,16 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, break; if (err < 0) { - addf(str, - "error: certificate policy: %s\n", + addf(str, "error: certificate policy: %s\n", gnutls_strerror(err)); break; } if (x == 0) - addf(str, - "%s\t\tCertificate Policies (%s):\n", + addf(str, "%s\t\tCertificate Policies (%s):\n", prefix, critical ? _("critical") : - _("not critical")); + _("not critical")); entry = _gnutls_oid_get_entry(cp_oid2str, policy.oid); if (entry != NULL && entry->name_desc != NULL) @@ -1221,8 +1197,8 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, name = "Note"; else name = "Unknown qualifier"; - addf(str, "%s\t\t\t\t%s: %s\n", - prefix, name, policy.qualifier[j].data); + addf(str, "%s\t\t\t\t%s: %s\n", prefix, name, + policy.qualifier[j].data); } } gnutls_x509_policies_deinit(policies); @@ -1237,20 +1213,17 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, return; } - addf(str, - "%s\t\tInhibit anyPolicy skip certs: %u (%s)\n", + addf(str, "%s\t\tInhibit anyPolicy skip certs: %u (%s)\n", prefix, skipcerts, critical ? _("critical") : _("not critical")); } else if (strcmp(oid, "2.5.29.35") == 0) { - if (idx->aki) { addf(str, "warning: more than one AKI extension\n"); } - addf(str, - _("%s\t\tAuthority Key Identifier (%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_aki(str, der); @@ -1274,9 +1247,8 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, "warning: more than one private key usage period extension\n"); } - addf(str, - _("%s\t\tPrivate Key Usage Period (%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tPrivate Key Usage Period (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_private_key_usage_period(str, prefix, der); @@ -1297,9 +1269,8 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, addf(str, "warning: more than one SKI extension\n"); } - addf(str, - _("%s\t\tSubject Alternative Name (%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tSubject Alternative Name (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_altname(str, prefix, der); idx->san++; } else if (strcmp(oid, "2.5.29.18") == 0) { @@ -1308,9 +1279,8 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, "warning: more than one Issuer AltName extension\n"); } - addf(str, - _("%s\t\tIssuer Alternative Name (%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tIssuer Alternative Name (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_altname(str, prefix, der); @@ -1321,9 +1291,8 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, "warning: more than one CRL distribution point\n"); } - addf(str, - _("%s\t\tCRL Distribution points (%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tCRL Distribution points (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_crldist(str, der); idx->crldist++; @@ -1332,23 +1301,22 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, addf(str, "warning: more than one proxy extension\n"); } - addf(str, - _ - ("%s\t\tProxy Certificate Information (%s):\n"), + addf(str, _("%s\t\tProxy Certificate Information (%s):\n"), prefix, critical ? _("critical") : _("not critical")); print_proxy(str, der); idx->proxy++; } else if (strcmp(oid, "1.3.6.1.5.5.7.1.1") == 0) { - addf(str, _("%s\t\tAuthority Information " - "Access (%s):\n"), prefix, - critical ? _("critical") : _("not critical")); + addf(str, + _("%s\t\tAuthority Information " + "Access (%s):\n"), + prefix, critical ? _("critical") : _("not critical")); print_aia(str, der); } else if (strcmp(oid, GNUTLS_X509EXT_OID_CT_SCT_V1) == 0) { - addf(str, _("%s\t\tCT Precertificate SCTs (%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tCT Precertificate SCTs (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_scts(str, der, prefix); } else if (strcmp(oid, "2.5.29.30") == 0) { @@ -1368,32 +1336,31 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, "warning: more than one tlsfeatures extension\n"); } - addf(str, _("%s\t\tTLS Features (%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tTLS Features (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_tlsfeatures(str, prefix, der); idx->tlsfeatures++; } else if (strcmp(oid, "1.2.643.100.111") == 0) { - addf(str, _("%s\t\tSubject Signing Tool(%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tSubject Signing Tool(%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_subject_sign_tool(str, prefix, der); } else if (strcmp(oid, "1.2.643.100.112") == 0) { - addf(str, _("%s\t\tIssuer Signing Tool(%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tIssuer Signing Tool(%s):\n"), prefix, + critical ? _("critical") : _("not critical")); print_issuer_sign_tool(str, prefix, der); } else if (strcmp(oid, "2.5.4.3") == 0) { int ret; gnutls_datum_t tmp = { NULL, 0 }; - addf(str, _("%s\t\tCommon Name (%s):\n"), - prefix, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tCommon Name (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); - ret = - _gnutls_x509_decode_string(ASN1_ETYPE_PRINTABLE_STRING, - der->data, der->size, &tmp, 0); + ret = _gnutls_x509_decode_string(ASN1_ETYPE_PRINTABLE_STRING, + der->data, der->size, &tmp, 0); if (ret < 0) { addf(str, "error: x509_decode_string: %s\n", gnutls_strerror(ret)); @@ -1402,8 +1369,8 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, gnutls_free(tmp.data); } } else { - addf(str, _("%s\t\tUnknown extension %s (%s):\n"), - prefix, oid, critical ? _("critical") : _("not critical")); + addf(str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid, + critical ? _("critical") : _("not critical")); addf(str, _("%s\t\t\tASCII: "), prefix); _gnutls_buffer_asciiprint(str, (char *)der->data, der->size); @@ -1415,9 +1382,8 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, } } -static void -print_extensions(gnutls_buffer_st * str, const char *prefix, int type, - cert_type_t cert) +static void print_extensions(gnutls_buffer_st *str, const char *prefix, + int type, cert_type_t cert) { unsigned i; int err; @@ -1432,18 +1398,12 @@ print_extensions(gnutls_buffer_st * str, const char *prefix, int type, unsigned int critical; if (type == TYPE_CRT) - err = - gnutls_x509_crt_get_extension_info(cert.crt, i, - oid, - &sizeof_oid, - &critical); + err = gnutls_x509_crt_get_extension_info( + cert.crt, i, oid, &sizeof_oid, &critical); else if (type == TYPE_CRQ) - err = - gnutls_x509_crq_get_extension_info(cert.crq, i, - oid, - &sizeof_oid, - &critical); + err = gnutls_x509_crq_get_extension_info( + cert.crq, i, oid, &sizeof_oid, &critical); else { gnutls_assert(); return; @@ -1461,13 +1421,11 @@ print_extensions(gnutls_buffer_st * str, const char *prefix, int type, addf(str, _("%s\tExtensions:\n"), prefix); if (type == TYPE_CRT) - err = - gnutls_x509_crt_get_extension_data2(cert.crt, i, - &der); + err = gnutls_x509_crt_get_extension_data2(cert.crt, i, + &der); else - err = - gnutls_x509_crq_get_extension_data2(cert.crq, i, - &der); + err = gnutls_x509_crq_get_extension_data2(cert.crq, i, + &der); if (err < 0) { der.data = NULL; @@ -1479,7 +1437,7 @@ print_extensions(gnutls_buffer_st * str, const char *prefix, int type, } } -static void reverse_datum(gnutls_datum_t * d) +static void reverse_datum(gnutls_datum_t *d) { unsigned int i; unsigned char c; @@ -1491,10 +1449,9 @@ static void reverse_datum(gnutls_datum_t * d) } } -static void -print_pubkey(gnutls_buffer_st * str, const char *key_name, - gnutls_pubkey_t pubkey, gnutls_x509_spki_st * spki, - gnutls_certificate_print_formats_t format) +static void print_pubkey(gnutls_buffer_st *str, const char *key_name, + gnutls_pubkey_t pubkey, gnutls_x509_spki_st *spki, + gnutls_certificate_print_formats_t format) { int err; const char *name; @@ -1517,8 +1474,8 @@ print_pubkey(gnutls_buffer_st * str, const char *key_name, addf(str, _("\t%sPublic Key Algorithm: %s\n"), key_name, name); addf(str, _("\tAlgorithm Security Level: %s (%d bits)\n"), - gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param - (err, bits)), bits); + gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param(err, bits)), + bits); if (spki && pk == GNUTLS_PK_RSA_PSS && spki->pk == pk) { addf(str, _("\t\tParameters:\n")); @@ -1529,223 +1486,173 @@ print_pubkey(gnutls_buffer_st * str, const char *key_name, switch (pk) { case GNUTLS_PK_RSA: - case GNUTLS_PK_RSA_PSS: - { - gnutls_datum_t m, e; + case GNUTLS_PK_RSA_PSS: { + gnutls_datum_t m, e; - err = gnutls_pubkey_get_pk_rsa_raw(pubkey, &m, &e); - if (err < 0) - addf(str, "error: get_pk_rsa_raw: %s\n", - gnutls_strerror(err)); - else { - if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) { - addf(str, - _("\t\tModulus (bits %d): "), - bits); - _gnutls_buffer_hexprint(str, - m.data, m.size); - adds(str, "\n"); - addf(str, - _("\t\tExponent (bits %d): "), - e.size * 8); - _gnutls_buffer_hexprint(str, - e.data, e.size); - adds(str, "\n"); - } else { - addf(str, - _("\t\tModulus (bits %d):\n"), - bits); - _gnutls_buffer_hexdump(str, m.data, - m.size, - "\t\t\t"); - addf(str, - _ - ("\t\tExponent (bits %d):\n"), - e.size * 8); - _gnutls_buffer_hexdump(str, e.data, - e.size, - "\t\t\t"); - } - - gnutls_free(m.data); - gnutls_free(e.data); + err = gnutls_pubkey_get_pk_rsa_raw(pubkey, &m, &e); + if (err < 0) + addf(str, "error: get_pk_rsa_raw: %s\n", + gnutls_strerror(err)); + else { + if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) { + addf(str, _("\t\tModulus (bits %d): "), bits); + _gnutls_buffer_hexprint(str, m.data, m.size); + adds(str, "\n"); + addf(str, _("\t\tExponent (bits %d): "), + e.size * 8); + _gnutls_buffer_hexprint(str, e.data, e.size); + adds(str, "\n"); + } else { + addf(str, _("\t\tModulus (bits %d):\n"), bits); + _gnutls_buffer_hexdump(str, m.data, m.size, + "\t\t\t"); + addf(str, _("\t\tExponent (bits %d):\n"), + e.size * 8); + _gnutls_buffer_hexdump(str, e.data, e.size, + "\t\t\t"); } + gnutls_free(m.data); + gnutls_free(e.data); } - break; + + } break; case GNUTLS_PK_EDDSA_ED25519: case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_ECDH_X25519: case GNUTLS_PK_ECDH_X448: - case GNUTLS_PK_ECDSA: - { - gnutls_datum_t x, y; - gnutls_ecc_curve_t curve; + case GNUTLS_PK_ECDSA: { + gnutls_datum_t x, y; + gnutls_ecc_curve_t curve; - err = - gnutls_pubkey_get_pk_ecc_raw(pubkey, &curve, - &x, &y); - if (err < 0) { - addf(str, "error: get_pk_ecc_raw: %s\n", - gnutls_strerror(err)); - } else { - addf(str, _("\t\tCurve:\t%s\n"), - gnutls_ecc_curve_get_name(curve)); - if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) { - adds(str, _("\t\tX: ")); - _gnutls_buffer_hexprint(str, - x.data, x.size); + err = gnutls_pubkey_get_pk_ecc_raw(pubkey, &curve, &x, &y); + if (err < 0) { + addf(str, "error: get_pk_ecc_raw: %s\n", + gnutls_strerror(err)); + } else { + addf(str, _("\t\tCurve:\t%s\n"), + gnutls_ecc_curve_get_name(curve)); + if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) { + adds(str, _("\t\tX: ")); + _gnutls_buffer_hexprint(str, x.data, x.size); + adds(str, "\n"); + if (y.size > 0) { + adds(str, _("\t\tY: ")); + _gnutls_buffer_hexprint(str, y.data, + y.size); adds(str, "\n"); - if (y.size > 0) { - adds(str, _("\t\tY: ")); - _gnutls_buffer_hexprint(str, - y.data, - y.size); - adds(str, "\n"); - } - } else { - adds(str, _("\t\tX:\n")); - _gnutls_buffer_hexdump(str, x.data, - x.size, - "\t\t\t"); - if (y.size > 0) { - adds(str, _("\t\tY:\n")); - _gnutls_buffer_hexdump(str, - y.data, - y.size, - "\t\t\t"); - } } - - gnutls_free(x.data); - gnutls_free(y.data); - - } - } - break; - case GNUTLS_PK_DSA: - { - gnutls_datum_t p, q, g, y; - - err = - gnutls_pubkey_get_pk_dsa_raw(pubkey, &p, &q, - &g, &y); - if (err < 0) - addf(str, "error: get_pk_dsa_raw: %s\n", - gnutls_strerror(err)); - else { - if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) { - addf(str, - _ - ("\t\tPublic key (bits %d): "), - bits); - _gnutls_buffer_hexprint(str, - y.data, y.size); - adds(str, "\n"); - adds(str, _("\t\tP: ")); - _gnutls_buffer_hexprint(str, - p.data, p.size); - adds(str, "\n"); - adds(str, _("\t\tQ: ")); - _gnutls_buffer_hexprint(str, - q.data, q.size); - adds(str, "\n"); - adds(str, _("\t\tG: ")); - _gnutls_buffer_hexprint(str, - g.data, g.size); - adds(str, "\n"); - } else { - addf(str, - _ - ("\t\tPublic key (bits %d):\n"), - bits); - _gnutls_buffer_hexdump(str, y.data, - y.size, - "\t\t\t"); - adds(str, _("\t\tP:\n")); - _gnutls_buffer_hexdump(str, p.data, - p.size, - "\t\t\t"); - adds(str, _("\t\tQ:\n")); - _gnutls_buffer_hexdump(str, q.data, - q.size, - "\t\t\t"); - adds(str, _("\t\tG:\n")); - _gnutls_buffer_hexdump(str, g.data, - g.size, - "\t\t\t"); + } else { + adds(str, _("\t\tX:\n")); + _gnutls_buffer_hexdump(str, x.data, x.size, + "\t\t\t"); + if (y.size > 0) { + adds(str, _("\t\tY:\n")); + _gnutls_buffer_hexdump( + str, y.data, y.size, "\t\t\t"); } + } - gnutls_free(p.data); - gnutls_free(q.data); - gnutls_free(g.data); - gnutls_free(y.data); + gnutls_free(x.data); + gnutls_free(y.data); + } + } break; + case GNUTLS_PK_DSA: { + gnutls_datum_t p, q, g, y; + err = gnutls_pubkey_get_pk_dsa_raw(pubkey, &p, &q, &g, &y); + if (err < 0) + addf(str, "error: get_pk_dsa_raw: %s\n", + gnutls_strerror(err)); + else { + if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) { + addf(str, _("\t\tPublic key (bits %d): "), + bits); + _gnutls_buffer_hexprint(str, y.data, y.size); + adds(str, "\n"); + adds(str, _("\t\tP: ")); + _gnutls_buffer_hexprint(str, p.data, p.size); + adds(str, "\n"); + adds(str, _("\t\tQ: ")); + _gnutls_buffer_hexprint(str, q.data, q.size); + adds(str, "\n"); + adds(str, _("\t\tG: ")); + _gnutls_buffer_hexprint(str, g.data, g.size); + adds(str, "\n"); + } else { + addf(str, _("\t\tPublic key (bits %d):\n"), + bits); + _gnutls_buffer_hexdump(str, y.data, y.size, + "\t\t\t"); + adds(str, _("\t\tP:\n")); + _gnutls_buffer_hexdump(str, p.data, p.size, + "\t\t\t"); + adds(str, _("\t\tQ:\n")); + _gnutls_buffer_hexdump(str, q.data, q.size, + "\t\t\t"); + adds(str, _("\t\tG:\n")); + _gnutls_buffer_hexdump(str, g.data, g.size, + "\t\t\t"); } + + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); } - break; + } break; case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: - case GNUTLS_PK_GOST_12_512: - { - gnutls_datum_t x, y; - gnutls_ecc_curve_t curve; - gnutls_digest_algorithm_t digest; - gnutls_gost_paramset_t param; - - err = - gnutls_pubkey_export_gost_raw2(pubkey, &curve, - &digest, - ¶m, &x, &y, 0); - if (err < 0) - addf(str, "error: get_pk_gost_raw: %s\n", - gnutls_strerror(err)); - else { - addf(str, _("\t\tCurve:\t%s\n"), - gnutls_ecc_curve_get_name(curve)); - addf(str, _("\t\tDigest:\t%s\n"), - gnutls_digest_get_name(digest)); - addf(str, _("\t\tParamSet: %s\n"), - gnutls_gost_paramset_get_name(param)); - reverse_datum(&x); - reverse_datum(&y); - if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) { - adds(str, _("\t\tX: ")); - _gnutls_buffer_hexprint(str, - x.data, x.size); - adds(str, "\n"); - adds(str, _("\t\tY: ")); - _gnutls_buffer_hexprint(str, - y.data, y.size); - adds(str, "\n"); - } else { - adds(str, _("\t\tX:\n")); - _gnutls_buffer_hexdump(str, x.data, - x.size, - "\t\t\t"); - adds(str, _("\t\tY:\n")); - _gnutls_buffer_hexdump(str, y.data, - y.size, - "\t\t\t"); - } - - gnutls_free(x.data); - gnutls_free(y.data); + case GNUTLS_PK_GOST_12_512: { + gnutls_datum_t x, y; + gnutls_ecc_curve_t curve; + gnutls_digest_algorithm_t digest; + gnutls_gost_paramset_t param; + err = gnutls_pubkey_export_gost_raw2(pubkey, &curve, &digest, + ¶m, &x, &y, 0); + if (err < 0) + addf(str, "error: get_pk_gost_raw: %s\n", + gnutls_strerror(err)); + else { + addf(str, _("\t\tCurve:\t%s\n"), + gnutls_ecc_curve_get_name(curve)); + addf(str, _("\t\tDigest:\t%s\n"), + gnutls_digest_get_name(digest)); + addf(str, _("\t\tParamSet: %s\n"), + gnutls_gost_paramset_get_name(param)); + reverse_datum(&x); + reverse_datum(&y); + if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) { + adds(str, _("\t\tX: ")); + _gnutls_buffer_hexprint(str, x.data, x.size); + adds(str, "\n"); + adds(str, _("\t\tY: ")); + _gnutls_buffer_hexprint(str, y.data, y.size); + adds(str, "\n"); + } else { + adds(str, _("\t\tX:\n")); + _gnutls_buffer_hexdump(str, x.data, x.size, + "\t\t\t"); + adds(str, _("\t\tY:\n")); + _gnutls_buffer_hexdump(str, y.data, y.size, + "\t\t\t"); } + + gnutls_free(x.data); + gnutls_free(y.data); } - break; + } break; default: break; } } -static int -print_crt_sig_params(gnutls_buffer_st * str, gnutls_x509_crt_t crt, - gnutls_certificate_print_formats_t format) +static int print_crt_sig_params(gnutls_buffer_st *str, gnutls_x509_crt_t crt, + gnutls_certificate_print_formats_t format) { int ret; gnutls_pk_algorithm_t pk; @@ -1755,9 +1662,8 @@ print_crt_sig_params(gnutls_buffer_st * str, gnutls_x509_crt_t crt, sign = gnutls_x509_crt_get_signature_algorithm(crt); pk = gnutls_sign_get_pk_algorithm(sign); if (pk == GNUTLS_PK_RSA_PSS) { - ret = _gnutls_x509_read_sign_params(crt->cert, - "signatureAlgorithm", - ¶ms); + ret = _gnutls_x509_read_sign_params( + crt->cert, "signatureAlgorithm", ¶ms); if (ret < 0) { addf(str, "error: read_pss_params: %s\n", gnutls_strerror(ret)); @@ -1768,7 +1674,7 @@ print_crt_sig_params(gnutls_buffer_st * str, gnutls_x509_crt_t crt, return 0; } -static void print_pk_name(gnutls_buffer_st * str, gnutls_x509_crt_t crt) +static void print_pk_name(gnutls_buffer_st *str, gnutls_x509_crt_t crt) { const char *p; char *name = get_pk_name(crt, NULL); @@ -1781,9 +1687,8 @@ static void print_pk_name(gnutls_buffer_st * str, gnutls_x509_crt_t crt) gnutls_free(name); } -static int -print_crt_pubkey(gnutls_buffer_st * str, gnutls_x509_crt_t crt, - gnutls_certificate_print_formats_t format) +static int print_crt_pubkey(gnutls_buffer_st *str, gnutls_x509_crt_t crt, + gnutls_certificate_print_formats_t format) { gnutls_pubkey_t pubkey = NULL; gnutls_x509_spki_st params; @@ -1800,7 +1705,7 @@ print_crt_pubkey(gnutls_buffer_st * str, gnutls_x509_crt_t crt, } if (pk == GNUTLS_PK_UNKNOWN) { - print_pk_name(str, crt); /* print basic info only */ + print_pk_name(str, crt); /* print basic info only */ return 0; } @@ -1813,7 +1718,7 @@ print_crt_pubkey(gnutls_buffer_st * str, gnutls_x509_crt_t crt, if (ret != GNUTLS_E_UNIMPLEMENTED_FEATURE) addf(str, "error importing public key: %s\n", gnutls_strerror(ret)); - print_pk_name(str, crt); /* print basic info only */ + print_pk_name(str, crt); /* print basic info only */ ret = 0; goto cleanup; } @@ -1821,15 +1726,14 @@ print_crt_pubkey(gnutls_buffer_st * str, gnutls_x509_crt_t crt, print_pubkey(str, _("Subject "), pubkey, ¶ms, format); ret = 0; - cleanup: +cleanup: gnutls_pubkey_deinit(pubkey); return ret; } -static void -print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert, - gnutls_certificate_print_formats_t format) +static void print_cert(gnutls_buffer_st *str, gnutls_x509_crt_t cert, + gnutls_certificate_print_formats_t format) { /* Version. */ { @@ -1890,8 +1794,8 @@ print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert, if (gmtime_r(&tim, &t) == NULL) addf(str, "error: gmtime_r (%ld)\n", (unsigned long)tim); - else if (strftime - (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) + else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", + &t) == 0) addf(str, "error: strftime (%ld)\n", (unsigned long)tim); else @@ -1909,8 +1813,8 @@ print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert, if (gmtime_r(&tim, &t) == NULL) addf(str, "error: gmtime_r (%ld)\n", (unsigned long)tim); - else if (strftime - (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) + else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", + &t) == 0) addf(str, "error: strftime (%ld)\n", (unsigned long)tim); else @@ -1968,13 +1872,11 @@ print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert, print_crt_sig_params(str, cert, format); - if (err != GNUTLS_SIGN_UNKNOWN - && gnutls_sign_is_secure2(err, - GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) - == 0) { - adds(str, - _("warning: signed using a broken signature " - "algorithm that can be forged.\n")); + if (err != GNUTLS_SIGN_UNKNOWN && + gnutls_sign_is_secure2( + err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) { + adds(str, _("warning: signed using a broken signature " + "algorithm that can be forged.\n")); } err = gnutls_x509_crt_get_signature(cert, buffer, &size); @@ -2006,7 +1908,7 @@ print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert, } } -static void print_fingerprint(gnutls_buffer_st * str, gnutls_x509_crt_t cert) +static void print_fingerprint(gnutls_buffer_st *str, gnutls_x509_crt_t cert) { int err; char buffer[MAX_HASH_SIZE]; @@ -2014,9 +1916,8 @@ static void print_fingerprint(gnutls_buffer_st * str, gnutls_x509_crt_t cert) adds(str, _("\tFingerprint:\n")); - err = - gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1, buffer, - &size); + err = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1, buffer, + &size); if (err < 0) { addf(str, "error: get_fingerprint: %s\n", gnutls_strerror(err)); return; @@ -2027,9 +1928,8 @@ static void print_fingerprint(gnutls_buffer_st * str, gnutls_x509_crt_t cert) adds(str, "\n"); size = sizeof(buffer); - err = - gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA256, buffer, - &size); + err = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA256, buffer, + &size); if (err < 0) { addf(str, "error: get_fingerprint: %s\n", gnutls_strerror(err)); return; @@ -2041,8 +1941,8 @@ static void print_fingerprint(gnutls_buffer_st * str, gnutls_x509_crt_t cert) typedef int get_id_func(void *obj, unsigned, unsigned char *, size_t *); -static void print_obj_id(gnutls_buffer_st * str, const char *prefix, void *obj, - get_id_func * get_id) +static void print_obj_id(gnutls_buffer_st *str, const char *prefix, void *obj, + get_id_func *get_id) { unsigned char sha1_buffer[MAX_HASH_SIZE]; unsigned char sha2_buffer[MAX_HASH_SIZE]; @@ -2051,7 +1951,7 @@ static void print_obj_id(gnutls_buffer_st * str, const char *prefix, void *obj, sha1_size = sizeof(sha1_buffer); err = get_id(obj, GNUTLS_KEYID_USE_SHA1, sha1_buffer, &sha1_size); - if (err == GNUTLS_E_UNIMPLEMENTED_FEATURE) /* unsupported algo */ + if (err == GNUTLS_E_UNIMPLEMENTED_FEATURE) /* unsupported algo */ return; if (err < 0) { @@ -2062,7 +1962,7 @@ static void print_obj_id(gnutls_buffer_st * str, const char *prefix, void *obj, sha2_size = sizeof(sha2_buffer); err = get_id(obj, GNUTLS_KEYID_USE_SHA256, sha2_buffer, &sha2_size); - if (err == GNUTLS_E_UNIMPLEMENTED_FEATURE) /* unsupported algo */ + if (err == GNUTLS_E_UNIMPLEMENTED_FEATURE) /* unsupported algo */ return; if (err < 0) { @@ -2084,7 +1984,7 @@ static void print_obj_id(gnutls_buffer_st * str, const char *prefix, void *obj, return; } -static void print_keyid(gnutls_buffer_st * str, gnutls_x509_crt_t cert) +static void print_keyid(gnutls_buffer_st *str, gnutls_x509_crt_t cert) { int err; const char *name; @@ -2097,7 +1997,7 @@ static void print_keyid(gnutls_buffer_st * str, gnutls_x509_crt_t cert) return; print_obj_id(str, "\t", cert, - (get_id_func *) gnutls_x509_crt_get_key_id); + (get_id_func *)gnutls_x509_crt_get_key_id); if (IS_EC(err)) { gnutls_ecc_curve_t curve; @@ -2111,9 +2011,8 @@ static void print_keyid(gnutls_buffer_st * str, gnutls_x509_crt_t cert) } else if (IS_GOSTEC(err)) { gnutls_ecc_curve_t curve; - err = - gnutls_x509_crt_get_pk_gost_raw(cert, &curve, NULL, NULL, - NULL, NULL); + err = gnutls_x509_crt_get_pk_gost_raw(cert, &curve, NULL, NULL, + NULL, NULL); if (err < 0) return; @@ -2127,16 +2026,14 @@ static void print_keyid(gnutls_buffer_st * str, gnutls_x509_crt_t cert) return; sha1_size = sizeof(sha1_buffer); - err = - gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA1, sha1_buffer, - &sha1_size); - if (err == GNUTLS_E_UNIMPLEMENTED_FEATURE) /* unsupported algo */ + err = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA1, + sha1_buffer, &sha1_size); + if (err == GNUTLS_E_UNIMPLEMENTED_FEATURE) /* unsupported algo */ return; } -static void -print_other(gnutls_buffer_st * str, gnutls_x509_crt_t cert, - gnutls_certificate_print_formats_t format) +static void print_other(gnutls_buffer_st *str, gnutls_x509_crt_t cert, + gnutls_certificate_print_formats_t format) { if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) { print_fingerprint(str, cert); @@ -2144,7 +2041,7 @@ print_other(gnutls_buffer_st * str, gnutls_x509_crt_t cert, print_keyid(str, cert); } -static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert) +static void print_oneline(gnutls_buffer_st *str, gnutls_x509_crt_t cert) { int err; @@ -2215,10 +2112,9 @@ static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert) else p = name; - if (err != GNUTLS_SIGN_UNKNOWN - && gnutls_sign_is_secure2(err, - GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) - == 0) + if (err != GNUTLS_SIGN_UNKNOWN && + gnutls_sign_is_secure2( + err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) addf(str, _("signed using %s (broken!), "), p); else addf(str, _("signed using %s, "), p); @@ -2238,8 +2134,8 @@ static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert) if (gmtime_r(&tim, &t) == NULL) addf(str, "unknown activation (%ld), ", (unsigned long)tim); - else if (strftime - (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) + else if (strftime(s, max, "%Y-%m-%d %H:%M:%S UTC", + &t) == 0) addf(str, "failed activation (%ld), ", (unsigned long)tim); else @@ -2255,8 +2151,8 @@ static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert) if (gmtime_r(&tim, &t) == NULL) addf(str, "unknown expiry (%ld), ", (unsigned long)tim); - else if (strftime - (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) + else if (strftime(s, max, "%Y-%m-%d %H:%M:%S UTC", + &t) == 0) addf(str, "failed expiry (%ld), ", (unsigned long)tim); else @@ -2268,15 +2164,14 @@ static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert) int pathlen; char *policyLanguage; - err = gnutls_x509_crt_get_proxy(cert, NULL, - &pathlen, &policyLanguage, - NULL, NULL); + err = gnutls_x509_crt_get_proxy(cert, NULL, &pathlen, + &policyLanguage, NULL, NULL); if (err == 0) { addf(str, "proxy certificate (policy="); if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.1") == 0) addf(str, "id-ppl-inheritALL"); - else if (strcmp - (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0) + else if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.2") == + 0) addf(str, "id-ppl-independent"); else addf(str, "%s", policyLanguage); @@ -2300,7 +2195,6 @@ static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert) adds(str, "\""); } } - } /** @@ -2322,10 +2216,9 @@ static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_print(gnutls_x509_crt_t cert, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) +int gnutls_x509_crt_print(gnutls_x509_crt_t cert, + gnutls_certificate_print_formats_t format, + gnutls_datum_t *out) { gnutls_buffer_st str; int ret; @@ -2351,9 +2244,8 @@ gnutls_x509_crt_print(gnutls_x509_crt_t cert, } else { _gnutls_buffer_init(&str); - _gnutls_buffer_append_str(&str, - _ - ("X.509 Certificate Information:\n")); + _gnutls_buffer_append_str( + &str, _("X.509 Certificate Information:\n")); print_cert(&str, cert, format); @@ -2365,8 +2257,8 @@ gnutls_x509_crt_print(gnutls_x509_crt_t cert, } } -static void -print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) +static void print_crl(gnutls_buffer_st *str, gnutls_x509_crl_t crl, + int notsigned) { /* Version. */ { @@ -2410,8 +2302,8 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) if (gmtime_r(&tim, &t) == NULL) addf(str, "error: gmtime_r (%ld)\n", (unsigned long)tim); - else if (strftime - (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) + else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", + &t) == 0) addf(str, "error: strftime (%ld)\n", (unsigned long)tim); else @@ -2429,8 +2321,8 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) else if (gmtime_r(&tim, &t) == NULL) addf(str, "error: gmtime_r (%ld)\n", (unsigned long)tim); - else if (strftime - (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) + else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", + &t) == 0) addf(str, "error: strftime (%ld)\n", (unsigned long)tim); else @@ -2450,15 +2342,12 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) size_t sizeof_oid = sizeof(oid); unsigned int critical; - err = gnutls_x509_crl_get_extension_info(crl, i, - oid, - &sizeof_oid, - &critical); + err = gnutls_x509_crl_get_extension_info( + crl, i, oid, &sizeof_oid, &critical); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; if (err < 0) { - addf(str, - "error: get_extension_info: %s\n", + addf(str, "error: get_extension_info: %s\n", gnutls_strerror(err)); break; } @@ -2475,18 +2364,15 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) "warning: more than one CRL number\n"); } - err = - gnutls_x509_crl_get_number(crl, nr, - &nr_size, - &critical); + err = gnutls_x509_crl_get_number( + crl, nr, &nr_size, &critical); addf(str, _("\t\tCRL Number (%s): "), critical ? _("critical") : - _("not critical")); + _("not critical")); if (err < 0) - addf(str, - "error: get_number: %s\n", + addf(str, "error: get_number: %s\n", gnutls_strerror(err)); else { _gnutls_buffer_hexprint(str, nr, @@ -2504,14 +2390,12 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) } addf(str, - _ - ("\t\tAuthority Key Identifier (%s):\n"), + _("\t\tAuthority Key Identifier (%s):\n"), critical ? _("critical") : - _("not critical")); + _("not critical")); - err = - gnutls_x509_crl_get_extension_data2(crl, i, - &der); + err = gnutls_x509_crl_get_extension_data2( + crl, i, &der); if (err < 0) { addf(str, "error: get_extension_data2: %s\n", @@ -2525,16 +2409,13 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) } else { gnutls_datum_t der; - addf(str, - _("\t\tUnknown extension %s (%s):\n"), + addf(str, _("\t\tUnknown extension %s (%s):\n"), oid, critical ? _("critical") : - _("not critical")); + _("not critical")); - err = - gnutls_x509_crl_get_extension_data2(crl, - i, - &der); + err = gnutls_x509_crl_get_extension_data2( + crl, i, &der); if (err < 0) { addf(str, "error: get_extension_data2: %s\n", @@ -2574,9 +2455,8 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) int err; time_t tim; - err = - gnutls_x509_crl_iter_crt_serial(crl, &iter, serial, - &serial_size, &tim); + err = gnutls_x509_crl_iter_crt_serial( + crl, &iter, serial, &serial_size, &tim); if (err < 0) { addf(str, "error: iter_crt_serial: %s\n", gnutls_strerror(err)); @@ -2592,14 +2472,12 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) adds(str, "\n"); if (gmtime_r(&tim, &t) == NULL) - addf(str, - "error: gmtime_r (%ld)\n", + addf(str, "error: gmtime_r (%ld)\n", (unsigned long)tim); - else if (strftime - (s, max, - "%a %b %d %H:%M:%S UTC %Y", &t) == 0) - addf(str, - "error: strftime (%ld)\n", + else if (strftime(s, max, + "%a %b %d %H:%M:%S UTC %Y", + &t) == 0) + addf(str, "error: strftime (%ld)\n", (unsigned long)tim); else addf(str, _("\t\tRevoked at: %s\n"), s); @@ -2625,13 +2503,11 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) addf(str, _("\tSignature Algorithm: %s\n"), p); gnutls_free(name); - if (err != GNUTLS_SIGN_UNKNOWN - && gnutls_sign_is_secure2(err, - GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) - == 0) { - adds(str, - _("warning: signed using a broken signature " - "algorithm that can be forged.\n")); + if (err != GNUTLS_SIGN_UNKNOWN && + gnutls_sign_is_secure2( + err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) { + adds(str, _("warning: signed using a broken signature " + "algorithm that can be forged.\n")); } err = gnutls_x509_crl_get_signature(crl, buffer, &size); @@ -2677,26 +2553,24 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crl_print(gnutls_x509_crl_t crl, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) +int gnutls_x509_crl_print(gnutls_x509_crl_t crl, + gnutls_certificate_print_formats_t format, + gnutls_datum_t *out) { gnutls_buffer_st str; _gnutls_buffer_init(&str); - _gnutls_buffer_append_str - (&str, _("X.509 Certificate Revocation List Information:\n")); + _gnutls_buffer_append_str( + &str, _("X.509 Certificate Revocation List Information:\n")); print_crl(&str, crl, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL); return _gnutls_buffer_to_datum(&str, out, 1); } -static int -print_crq_sig_params(gnutls_buffer_st * str, gnutls_x509_crq_t crt, - gnutls_certificate_print_formats_t format) +static int print_crq_sig_params(gnutls_buffer_st *str, gnutls_x509_crq_t crt, + gnutls_certificate_print_formats_t format) { int ret; gnutls_pk_algorithm_t pk; @@ -2706,9 +2580,8 @@ print_crq_sig_params(gnutls_buffer_st * str, gnutls_x509_crq_t crt, sign = gnutls_x509_crq_get_signature_algorithm(crt); pk = gnutls_sign_get_pk_algorithm(sign); if (pk == GNUTLS_PK_RSA_PSS) { - ret = _gnutls_x509_read_sign_params(crt->crq, - "signatureAlgorithm", - ¶ms); + ret = _gnutls_x509_read_sign_params( + crt->crq, "signatureAlgorithm", ¶ms); if (ret < 0) { addf(str, "error: read_pss_params: %s\n", gnutls_strerror(ret)); @@ -2719,9 +2592,8 @@ print_crq_sig_params(gnutls_buffer_st * str, gnutls_x509_crq_t crt, return 0; } -static int -print_crq_pubkey(gnutls_buffer_st * str, gnutls_x509_crq_t crq, - gnutls_certificate_print_formats_t format) +static int print_crq_pubkey(gnutls_buffer_st *str, gnutls_x509_crq_t crq, + gnutls_certificate_print_formats_t format) { gnutls_pubkey_t pubkey; gnutls_x509_spki_st params; @@ -2742,10 +2614,10 @@ print_crq_pubkey(gnutls_buffer_st * str, gnutls_x509_crq_t crq, print_pubkey(str, _("Subject "), pubkey, ¶ms, format); ret = 0; - cleanup: +cleanup: gnutls_pubkey_deinit(pubkey); - if (ret < 0) { /* print only name */ + if (ret < 0) { /* print only name */ const char *p; char *name = crq_get_pk_name(crq); if (name == NULL) @@ -2761,9 +2633,8 @@ print_crq_pubkey(gnutls_buffer_st * str, gnutls_x509_crq_t crq, return ret; } -static void -print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert, - gnutls_certificate_print_formats_t format) +static void print_crq(gnutls_buffer_st *str, gnutls_x509_crq_t cert, + gnutls_certificate_print_formats_t format) { /* Version. */ { @@ -2821,15 +2692,12 @@ print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert, char oid[MAX_OID_SIZE] = ""; size_t sizeof_oid = sizeof(oid); - err = - gnutls_x509_crq_get_attribute_info(cert, i, - oid, - &sizeof_oid); + err = gnutls_x509_crq_get_attribute_info(cert, i, oid, + &sizeof_oid); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; if (err < 0) { - addf(str, - "error: get_extension_info: %s\n", + addf(str, "error: get_extension_info: %s\n", gnutls_strerror(err)); break; } @@ -2858,11 +2726,10 @@ print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert, "warning: more than one Challenge password attribute\n"); } - err = - gnutls_x509_crq_get_challenge_password - (cert, NULL, &size); - if (err < 0 - && err != GNUTLS_E_SHORT_MEMORY_BUFFER) { + err = gnutls_x509_crq_get_challenge_password( + cert, NULL, &size); + if (err < 0 && + err != GNUTLS_E_SHORT_MEMORY_BUFFER) { addf(str, "error: get_challenge_password: %s\n", gnutls_strerror(err)); @@ -2874,22 +2741,20 @@ print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert, pass = gnutls_malloc(size); if (!pass) { addf(str, "error: malloc: %s\n", - gnutls_strerror - (GNUTLS_E_MEMORY_ERROR)); + gnutls_strerror( + GNUTLS_E_MEMORY_ERROR)); continue; } - err = - gnutls_x509_crq_get_challenge_password - (cert, pass, &size); + err = gnutls_x509_crq_get_challenge_password( + cert, pass, &size); if (err < 0) addf(str, "error: get_challenge_password: %s\n", gnutls_strerror(err)); else addf(str, - _ - ("\t\tChallenge password: %s\n"), + _("\t\tChallenge password: %s\n"), pass); gnutls_free(pass); @@ -2902,9 +2767,8 @@ print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert, addf(str, _("\t\tUnknown attribute %s:\n"), oid); - err = - gnutls_x509_crq_get_attribute_data - (cert, i, NULL, &extlen); + err = gnutls_x509_crq_get_attribute_data( + cert, i, NULL, &extlen); if (err < 0) { addf(str, "error: get_attribute_data: %s\n", @@ -2915,14 +2779,13 @@ print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert, buffer = gnutls_malloc(extlen); if (!buffer) { addf(str, "error: malloc: %s\n", - gnutls_strerror - (GNUTLS_E_MEMORY_ERROR)); + gnutls_strerror( + GNUTLS_E_MEMORY_ERROR)); continue; } - err = - gnutls_x509_crq_get_attribute_data - (cert, i, buffer, &extlen); + err = gnutls_x509_crq_get_attribute_data( + cert, i, buffer, &extlen); if (err < 0) { gnutls_free(buffer); addf(str, @@ -2945,7 +2808,7 @@ print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert, } } -static void print_crq_other(gnutls_buffer_st * str, gnutls_x509_crq_t crq) +static void print_crq_other(gnutls_buffer_st *str, gnutls_x509_crq_t crq) { int ret; @@ -2954,8 +2817,7 @@ static void print_crq_other(gnutls_buffer_st * str, gnutls_x509_crq_t crq) if (ret < 0) return; - print_obj_id(str, "\t", crq, - (get_id_func *) gnutls_x509_crq_get_key_id); + print_obj_id(str, "\t", crq, (get_id_func *)gnutls_x509_crq_get_key_id); } /** @@ -2974,17 +2836,16 @@ static void print_crq_other(gnutls_buffer_st * str, gnutls_x509_crq_t crq) * * Since: 2.8.0 **/ -int -gnutls_x509_crq_print(gnutls_x509_crq_t crq, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) +int gnutls_x509_crq_print(gnutls_x509_crq_t crq, + gnutls_certificate_print_formats_t format, + gnutls_datum_t *out) { gnutls_buffer_st str; _gnutls_buffer_init(&str); - _gnutls_buffer_append_str - (&str, _("PKCS #10 Certificate Request Information:\n")); + _gnutls_buffer_append_str( + &str, _("PKCS #10 Certificate Request Information:\n")); print_crq(&str, crq, format); @@ -2995,9 +2856,8 @@ gnutls_x509_crq_print(gnutls_x509_crq_t crq, return _gnutls_buffer_to_datum(&str, out, 1); } -static void -print_pubkey_other(gnutls_buffer_st * str, gnutls_pubkey_t pubkey, - gnutls_certificate_print_formats_t format) +static void print_pubkey_other(gnutls_buffer_st *str, gnutls_pubkey_t pubkey, + gnutls_certificate_print_formats_t format) { int ret; unsigned int usage; @@ -3019,7 +2879,7 @@ print_pubkey_other(gnutls_buffer_st * str, gnutls_pubkey_t pubkey, if (ret < 0) return; - print_obj_id(str, "", pubkey, (get_id_func *) gnutls_pubkey_get_key_id); + print_obj_id(str, "", pubkey, (get_id_func *)gnutls_pubkey_get_key_id); } /** @@ -3041,10 +2901,9 @@ print_pubkey_other(gnutls_buffer_st * str, gnutls_pubkey_t pubkey, * * Since: 3.1.5 **/ -int -gnutls_pubkey_print(gnutls_pubkey_t pubkey, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) +int gnutls_pubkey_print(gnutls_pubkey_t pubkey, + gnutls_certificate_print_formats_t format, + gnutls_datum_t *out) { gnutls_buffer_st str; @@ -3073,10 +2932,9 @@ gnutls_pubkey_print(gnutls_pubkey_t pubkey, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_ext_print(gnutls_x509_ext_st * exts, unsigned int exts_size, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) +int gnutls_x509_ext_print(gnutls_x509_ext_st *exts, unsigned int exts_size, + gnutls_certificate_print_formats_t format, + gnutls_datum_t *out) { gnutls_buffer_st str; struct ext_indexes_st idx; diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index b84dff94c5..359025a1ab 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -42,9 +42,8 @@ /* Decodes the PKCS #12 auth_safe, and returns the allocated raw data, * which holds them. Returns an asn1_node of authenticatedSafe. */ -static int -_decode_pkcs12_auth_safe(asn1_node pkcs12, asn1_node * authen_safe, - gnutls_datum_t * raw) +static int _decode_pkcs12_auth_safe(asn1_node pkcs12, asn1_node *authen_safe, + gnutls_datum_t *raw) { char oid[MAX_OID_SIZE]; asn1_node c2 = NULL; @@ -68,9 +67,9 @@ _decode_pkcs12_auth_safe(asn1_node pkcs12, asn1_node * authen_safe, /* Step 1. Read the content data */ - result = - _gnutls_x509_read_string(pkcs12, "authSafe.content", - &auth_safe, ASN1_ETYPE_OCTET_STRING, 1); + result = _gnutls_x509_read_string(pkcs12, "authSafe.content", + &auth_safe, ASN1_ETYPE_OCTET_STRING, + 1); if (result < 0) { gnutls_assert(); goto cleanup; @@ -79,16 +78,16 @@ _decode_pkcs12_auth_safe(asn1_node pkcs12, asn1_node * authen_safe, /* Step 2. Extract the authenticatedSafe. */ - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe", - &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-12-AuthenticatedSafe", + &c2)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_der_decoding(&c2, auth_safe.data, auth_safe.size, error_str); + result = asn1_der_decoding(&c2, auth_safe.data, auth_safe.size, + error_str); if (result != ASN1_SUCCESS) { gnutls_assert(); _gnutls_debug_log("DER error: %s\n", error_str); @@ -110,7 +109,7 @@ _decode_pkcs12_auth_safe(asn1_node pkcs12, asn1_node * authen_safe, return 0; - cleanup: +cleanup: if (c2) asn1_delete_structure(&c2); _gnutls_free_datum(&auth_safe); @@ -124,8 +123,8 @@ static int pkcs12_reinit(gnutls_pkcs12_t pkcs12) if (pkcs12->pkcs12) asn1_delete_structure(&pkcs12->pkcs12); - result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-PFX", &pkcs12->pkcs12); + result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.pkcs-12-PFX", + &pkcs12->pkcs12); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -145,7 +144,7 @@ static int pkcs12_reinit(gnutls_pkcs12_t pkcs12) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12) +int gnutls_pkcs12_init(gnutls_pkcs12_t *pkcs12) { *pkcs12 = gnutls_calloc(1, sizeof(gnutls_pkcs12_int)); @@ -156,7 +155,7 @@ int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12) gnutls_free(*pkcs12); return result; } - return 0; /* success */ + return 0; /* success */ } return GNUTLS_E_MEMORY_ERROR; } @@ -193,10 +192,8 @@ void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags) +int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format, unsigned int flags) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -213,9 +210,8 @@ gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, /* If the PKCS12 is in PEM format then decode it */ if (format == GNUTLS_X509_FMT_PEM) { - result = - _gnutls_fbase64_decode(PEM_PKCS12, data->data, - data->size, &_data); + result = _gnutls_fbase64_decode(PEM_PKCS12, data->data, + data->size, &_data); if (result < 0) { gnutls_assert(); @@ -234,9 +230,8 @@ gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, } pkcs12->expanded = 1; - result = - asn1_der_decoding(&pkcs12->pkcs12, _data.data, _data.size, - error_str); + result = asn1_der_decoding(&pkcs12->pkcs12, _data.data, _data.size, + error_str); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); _gnutls_debug_log("DER error: %s\n", error_str); @@ -249,7 +244,7 @@ gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, return 0; - cleanup: +cleanup: if (need_free) _gnutls_free_datum(&_data); return result; @@ -275,10 +270,8 @@ gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, * Returns: In case of failure a negative error code will be * returned, and 0 on success. **/ -int -gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t *output_data_size) +int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, gnutls_x509_crt_fmt_t format, + void *output_data, size_t *output_data_size) { int ret; @@ -320,9 +313,8 @@ gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, * * Since: 3.1.3 **/ -int -gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12, - gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) +int gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12, gnutls_x509_crt_fmt_t format, + gnutls_datum_t *out) { int ret; @@ -380,9 +372,8 @@ static const char *bag_to_oid(int bag) /* Decodes the SafeContents, and puts the output in * the given bag. */ -int -_pkcs12_decode_safe_contents(const gnutls_datum_t * content, - gnutls_pkcs12_bag_t bag) +int _pkcs12_decode_safe_contents(const gnutls_datum_t *content, + gnutls_pkcs12_bag_t bag) { char oid[MAX_OID_SIZE], root[MAX_NAME_SIZE]; asn1_node c2 = NULL; @@ -396,9 +387,9 @@ _pkcs12_decode_safe_contents(const gnutls_datum_t * content, /* Step 1. Extract the SEQUENCE. */ - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents", - &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-12-SafeContents", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -423,7 +414,6 @@ _pkcs12_decode_safe_contents(const gnutls_datum_t * content, bag->bag_elements = MIN(MAX_BAG_ELEMENTS, count); for (i = 0; i < bag->bag_elements; i++) { - snprintf(root, sizeof(root), "?%u.bagId", i + 1); len = sizeof(oid); @@ -448,23 +438,22 @@ _pkcs12_decode_safe_contents(const gnutls_datum_t * content, snprintf(root, sizeof(root), "?%u.bagValue", i + 1); - result = - _gnutls_x509_read_value(c2, root, &bag->element[i].data); + result = _gnutls_x509_read_value(c2, root, + &bag->element[i].data); if (result < 0) { gnutls_assert(); goto cleanup; } - if (bag_type == GNUTLS_BAG_CERTIFICATE - || bag_type == GNUTLS_BAG_CRL - || bag_type == GNUTLS_BAG_SECRET) { + if (bag_type == GNUTLS_BAG_CERTIFICATE || + bag_type == GNUTLS_BAG_CRL || + bag_type == GNUTLS_BAG_SECRET) { gnutls_datum_t tmp = bag->element[i].data; bag->element[i].data.data = NULL; bag->element[i].data.size = 0; - result = - _pkcs12_decode_crt_bag(bag_type, &tmp, - &bag->element[i].data); + result = _pkcs12_decode_crt_bag(bag_type, &tmp, + &bag->element[i].data); _gnutls_free_datum(&tmp); if (result < 0) { gnutls_assert(); @@ -477,7 +466,8 @@ _pkcs12_decode_safe_contents(const gnutls_datum_t * content, snprintf(root, sizeof(root), "?%u.bagAttributes", i + 1); result = asn1_number_of_elements(c2, root, &attributes); - if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) { + if (result != ASN1_SUCCESS && + result != ASN1_ELEMENT_NOT_FOUND) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -488,87 +478,82 @@ _pkcs12_decode_safe_contents(const gnutls_datum_t * content, if (result != ASN1_ELEMENT_NOT_FOUND) for (j = 0; j < attributes; j++) { - snprintf(root, sizeof(root), "?%u.bagAttributes.?%d", i + 1, j + 1); - result = - _gnutls_x509_decode_and_read_attribute - (c2, root, oid, sizeof(oid), &attr_val, - 1, 0); + result = _gnutls_x509_decode_and_read_attribute( + c2, root, oid, sizeof(oid), &attr_val, + 1, 0); if (result < 0) { gnutls_assert(); - continue; /* continue in case we find some known attributes */ + continue; /* continue in case we find some known attributes */ } if (strcmp(oid, KEY_ID_OID) == 0) { - result = - _gnutls_x509_decode_string - (ASN1_ETYPE_OCTET_STRING, - attr_val.data, attr_val.size, - &t, 1); + result = _gnutls_x509_decode_string( + ASN1_ETYPE_OCTET_STRING, + attr_val.data, attr_val.size, + &t, 1); _gnutls_free_datum(&attr_val); if (result < 0) { gnutls_assert(); - _gnutls_debug_log - ("Error decoding PKCS12 Bag Attribute OID '%s'\n", - oid); + _gnutls_debug_log( + "Error decoding PKCS12 Bag Attribute OID '%s'\n", + oid); continue; } - _gnutls_free_datum(&bag->element - [i].local_key_id); + _gnutls_free_datum( + &bag->element[i].local_key_id); bag->element[i].local_key_id.data = - t.data; + t.data; bag->element[i].local_key_id.size = - t.size; - } else if (strcmp(oid, FRIENDLY_NAME_OID) == 0 - && bag->element[i].friendly_name == - NULL) { - result = - _gnutls_x509_decode_string - (ASN1_ETYPE_BMP_STRING, - attr_val.data, attr_val.size, &t, - 1); + t.size; + } else if (strcmp(oid, FRIENDLY_NAME_OID) == + 0 && + bag->element[i].friendly_name == + NULL) { + result = _gnutls_x509_decode_string( + ASN1_ETYPE_BMP_STRING, + attr_val.data, attr_val.size, + &t, 1); _gnutls_free_datum(&attr_val); if (result < 0) { gnutls_assert(); - _gnutls_debug_log - ("Error decoding PKCS12 Bag Attribute OID '%s'\n", - oid); + _gnutls_debug_log( + "Error decoding PKCS12 Bag Attribute OID '%s'\n", + oid); continue; } - gnutls_free(bag-> - element[i].friendly_name); + gnutls_free( + bag->element[i].friendly_name); bag->element[i].friendly_name = - (char *)t.data; + (char *)t.data; } else { _gnutls_free_datum(&attr_val); - _gnutls_debug_log - ("Unknown PKCS12 Bag Attribute OID '%s'\n", - oid); + _gnutls_debug_log( + "Unknown PKCS12 Bag Attribute OID '%s'\n", + oid); } } bag->element[i].type = bag_type; - } result = 0; - cleanup: +cleanup: if (c2) asn1_delete_structure(&c2); return result; - } -static int -_parse_safe_contents(asn1_node sc, const char *sc_name, gnutls_pkcs12_bag_t bag) +static int _parse_safe_contents(asn1_node sc, const char *sc_name, + gnutls_pkcs12_bag_t bag) { gnutls_datum_t content = { NULL, 0 }; int result; @@ -576,9 +561,8 @@ _parse_safe_contents(asn1_node sc, const char *sc_name, gnutls_pkcs12_bag_t bag) /* Step 1. Extract the content. */ - result = - _gnutls_x509_read_string(sc, sc_name, &content, - ASN1_ETYPE_OCTET_STRING, 1); + result = _gnutls_x509_read_string(sc, sc_name, &content, + ASN1_ETYPE_OCTET_STRING, 1); if (result < 0) { gnutls_assert(); goto cleanup; @@ -594,7 +578,7 @@ _parse_safe_contents(asn1_node sc, const char *sc_name, gnutls_pkcs12_bag_t bag) return 0; - cleanup: +cleanup: _gnutls_free_datum(&content); return result; } @@ -613,8 +597,8 @@ _parse_safe_contents(asn1_node sc, const char *sc_name, gnutls_pkcs12_bag_t bag) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, int indx, gnutls_pkcs12_bag_t bag) +int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, int indx, + gnutls_pkcs12_bag_t bag) { asn1_node c2 = NULL; int result, len; @@ -676,7 +660,7 @@ gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, int indx, gnutls_pkcs12_bag_t bag) result = 0; - cleanup: +cleanup: if (c2) asn1_delete_structure(&c2); return result; @@ -712,17 +696,16 @@ static int create_empty_pfx(asn1_node pkcs12) * null one in that case. */ - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe", - &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-12-AuthenticatedSafe", + &c2)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - result = - _gnutls_x509_der_encode_and_copy(c2, "", pkcs12, - "authSafe.content", 1); + result = _gnutls_x509_der_encode_and_copy(c2, "", pkcs12, + "authSafe.content", 1); if (result < 0) { gnutls_assert(); goto cleanup; @@ -731,10 +714,9 @@ static int create_empty_pfx(asn1_node pkcs12) return 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return result; - } /** @@ -763,8 +745,8 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) /* Step 1. Check if the pkcs12 structure is empty. In that * case generate an empty PFX. */ - result = - asn1_read_value(pkcs12->pkcs12, "authSafe.content", &null, &dum); + result = asn1_read_value(pkcs12->pkcs12, "authSafe.content", &null, + &dum); if (result == ASN1_VALUE_NOT_FOUND) { result = create_empty_pfx(pkcs12->pkcs12); if (result < 0) { @@ -801,8 +783,8 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) } if (enc) - result = - asn1_write_value(c2, "?LAST.contentType", ENC_DATA_OID, 1); + result = asn1_write_value(c2, "?LAST.contentType", ENC_DATA_OID, + 1); else result = asn1_write_value(c2, "?LAST.contentType", DATA_OID, 1); if (result != ASN1_SUCCESS) { @@ -814,19 +796,17 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) if (enc) { /* Encrypted packets are written directly. */ - result = - asn1_write_value(c2, "?LAST.content", - bag->element[0].data.data, - bag->element[0].data.size); + result = asn1_write_value(c2, "?LAST.content", + bag->element[0].data.data, + bag->element[0].data.size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } } else { - result = - _gnutls_x509_der_encode_and_copy(safe_cont, "", c2, - "?LAST.content", 1); + result = _gnutls_x509_der_encode_and_copy(safe_cont, "", c2, + "?LAST.content", 1); if (result < 0) { gnutls_assert(); goto cleanup; @@ -838,9 +818,8 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) /* Step 5. Re-encode and copy the AuthenticatedSafe into the pkcs12 * structure. */ - result = - _gnutls_x509_der_encode_and_copy(c2, "", pkcs12->pkcs12, - "authSafe.content", 1); + result = _gnutls_x509_der_encode_and_copy(c2, "", pkcs12->pkcs12, + "authSafe.content", 1); if (result < 0) { gnutls_assert(); goto cleanup; @@ -850,7 +829,7 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) return 0; - cleanup: +cleanup: asn1_delete_structure(&c2); asn1_delete_structure(&safe_cont); return result; @@ -866,10 +845,9 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) */ static int _gnutls_pkcs12_gost_string_to_key(gnutls_mac_algorithm_t algo, - const uint8_t * salt, - unsigned int salt_size, unsigned int iter, - const char *pass, unsigned int req_keylen, - uint8_t * keybuf) + const uint8_t *salt, unsigned int salt_size, + unsigned int iter, const char *pass, + unsigned int req_keylen, uint8_t *keybuf) { uint8_t temp[96]; size_t temp_len = sizeof(temp); @@ -938,9 +916,8 @@ int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, /* Write the salt into the structure. */ - result = - asn1_write_value(pkcs12->pkcs12, "macData.macSalt", salt, - sizeof(salt)); + result = asn1_write_value(pkcs12->pkcs12, "macData.macSalt", salt, + sizeof(salt)); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -951,9 +928,8 @@ int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, */ if (iter > 1) { - result = - _gnutls_x509_write_uint32(pkcs12->pkcs12, - "macData.iterations", iter); + result = _gnutls_x509_write_uint32(pkcs12->pkcs12, + "macData.iterations", iter); if (result < 0) { gnutls_assert(); goto cleanup; @@ -967,16 +943,12 @@ int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, me->id == GNUTLS_MAC_STREEBOG_256 || me->id == GNUTLS_MAC_STREEBOG_512) { key_len = 32; - result = _gnutls_pkcs12_gost_string_to_key(me->id, - salt, - sizeof(salt), - iter, - pass, key_len, key); + result = _gnutls_pkcs12_gost_string_to_key( + me->id, salt, sizeof(salt), iter, pass, key_len, key); } else #endif - result = _gnutls_pkcs12_string_to_key(me, 3 /*MAC*/, - salt, sizeof(salt), - iter, pass, + result = _gnutls_pkcs12_string_to_key(me, 3 /*MAC*/, salt, + sizeof(salt), iter, pass, mac_size, key); if (result < 0) { gnutls_assert(); @@ -1004,28 +976,26 @@ int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, _gnutls_mac_deinit(&td1, mac_out); - result = - asn1_write_value(pkcs12->pkcs12, "macData.mac.digest", mac_out, - mac_size); + result = asn1_write_value(pkcs12->pkcs12, "macData.mac.digest", mac_out, + mac_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(pkcs12->pkcs12, - "macData.mac.digestAlgorithm.parameters", NULL, 0); + result = asn1_write_value(pkcs12->pkcs12, + "macData.mac.digestAlgorithm.parameters", + NULL, 0); if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(pkcs12->pkcs12, - "macData.mac.digestAlgorithm.algorithm", - me->oid, 1); + result = asn1_write_value(pkcs12->pkcs12, + "macData.mac.digestAlgorithm.algorithm", + me->oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1036,7 +1006,7 @@ int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); return 0; - cleanup: +cleanup: _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); _gnutls_free_datum(&tmp); return result; @@ -1075,9 +1045,7 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) unsigned int iter; int len; mac_hd_st td1; - gnutls_datum_t tmp = { NULL, 0 }, salt = { - NULL, 0 - }; + gnutls_datum_t tmp = { NULL, 0 }, salt = { NULL, 0 }; uint8_t mac_output[MAX_HASH_SIZE]; uint8_t mac_output_orig[MAX_HASH_SIZE]; gnutls_mac_algorithm_t algo; @@ -1094,16 +1062,16 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) /* read the iterations */ - result = - _gnutls_x509_read_uint(pkcs12->pkcs12, "macData.iterations", &iter); + result = _gnutls_x509_read_uint(pkcs12->pkcs12, "macData.iterations", + &iter); if (result < 0) { - iter = 1; /* the default */ + iter = 1; /* the default */ } len = sizeof(oid); - result = - asn1_read_value(pkcs12->pkcs12, - "macData.mac.digestAlgorithm.algorithm", oid, &len); + result = asn1_read_value(pkcs12->pkcs12, + "macData.mac.digestAlgorithm.algorithm", oid, + &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1111,7 +1079,7 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) algo = DIG_TO_MAC(gnutls_oid_to_digest(oid)); if (algo == GNUTLS_MAC_UNKNOWN) { - unknown_mac: + unknown_mac: gnutls_assert(); return GNUTLS_E_UNKNOWN_HASH_ALGORITHM; } @@ -1125,9 +1093,8 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) /* Read the salt from the structure. */ - result = - _gnutls_x509_read_null_value(pkcs12->pkcs12, "macData.macSalt", - &salt); + result = _gnutls_x509_read_null_value(pkcs12->pkcs12, "macData.macSalt", + &salt); if (result < 0) { gnutls_assert(); goto cleanup; @@ -1135,9 +1102,9 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) /* Generate the key. */ - result = _gnutls_pkcs12_string_to_key(entry, 3 /*MAC*/, - salt.data, salt.size, - iter, pass, key_len, key); + result = _gnutls_pkcs12_string_to_key(entry, 3 /*MAC*/, salt.data, + salt.size, iter, pass, key_len, + key); if (result < 0) { gnutls_assert(); goto cleanup; @@ -1153,7 +1120,7 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) #if ENABLE_GOST /* GOST PKCS#12 files use either PKCS#12 scheme or proprietary * HMAC-based scheme to generate MAC key. */ - pkcs12_try_gost: +pkcs12_try_gost: #endif /* MAC the data @@ -1169,9 +1136,8 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) _gnutls_mac_deinit(&td1, mac_output); len = sizeof(mac_output_orig); - result = - asn1_read_value(pkcs12->pkcs12, "macData.mac.digest", - mac_output_orig, &len); + result = asn1_read_value(pkcs12->pkcs12, "macData.mac.digest", + mac_output_orig, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1180,23 +1146,17 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) if ((unsigned)len != mac_len || memcmp(mac_output_orig, mac_output, len) != 0) { - #if ENABLE_GOST /* It is possible that GOST files use proprietary * key generation scheme */ - if (!gost_retry && - (algo == GNUTLS_MAC_GOSTR_94 || - algo == GNUTLS_MAC_STREEBOG_256 || - algo == GNUTLS_MAC_STREEBOG_512)) { + if (!gost_retry && (algo == GNUTLS_MAC_GOSTR_94 || + algo == GNUTLS_MAC_STREEBOG_256 || + algo == GNUTLS_MAC_STREEBOG_512)) { gost_retry = 1; key_len = 32; - result = _gnutls_pkcs12_gost_string_to_key(algo, - salt.data, - salt.size, - iter, - pass, - key_len, - key); + result = _gnutls_pkcs12_gost_string_to_key( + algo, salt.data, salt.size, iter, pass, key_len, + key); if (result < 0) { gnutls_assert(); goto cleanup; @@ -1214,16 +1174,15 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) /* _gnutls_pkcs12_string_to_key is not a FIPS approved operation */ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); result = 0; - cleanup: +cleanup: _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); _gnutls_free_datum(&tmp); _gnutls_free_datum(&salt); return result; } -static int -write_attributes(gnutls_pkcs12_bag_t bag, int elem, - asn1_node c2, const char *where) +static int write_attributes(gnutls_pkcs12_bag_t bag, int elem, asn1_node c2, + const char *where) { int result; char root[128]; @@ -1245,7 +1204,6 @@ write_attributes(gnutls_pkcs12_bag_t bag, int elem, } if (bag->element[elem].local_key_id.data != NULL) { - /* Add a new Attribute */ result = asn1_write_value(c2, where, "NEW", 1); @@ -1257,15 +1215,10 @@ write_attributes(gnutls_pkcs12_bag_t bag, int elem, _gnutls_str_cpy(root, sizeof(root), where); _gnutls_str_cat(root, sizeof(root), ".?LAST"); - result = - _gnutls_x509_encode_and_write_attribute(KEY_ID_OID, c2, - root, - bag->element - [elem]. - local_key_id.data, - bag->element[elem]. - local_key_id.size, - 1); + result = _gnutls_x509_encode_and_write_attribute( + KEY_ID_OID, c2, root, + bag->element[elem].local_key_id.data, + bag->element[elem].local_key_id.size, 1); if (result < 0) { gnutls_assert(); return result; @@ -1305,9 +1258,8 @@ write_attributes(gnutls_pkcs12_bag_t bag, int elem, _gnutls_str_cpy(root, sizeof(root), where); _gnutls_str_cat(root, sizeof(root), ".?LAST"); - result = - _gnutls_x509_encode_and_write_attribute - (FRIENDLY_NAME_OID, c2, root, name, size, 1); + result = _gnutls_x509_encode_and_write_attribute( + FRIENDLY_NAME_OID, c2, root, name, size, 1); gnutls_free(name); @@ -1323,9 +1275,8 @@ write_attributes(gnutls_pkcs12_bag_t bag, int elem, /* Encodes the bag into a SafeContents structure, and puts the output in * the given datum. Enc is set to non-zero if the data are encrypted; */ -int -_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, asn1_node * contents, - int *enc) +int _pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, asn1_node *contents, + int *enc) { asn1_node c2 = NULL; int result; @@ -1334,23 +1285,22 @@ _pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, asn1_node * contents, if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc) { *enc = 1; - return 0; /* ENCRYPTED BAG, do nothing. */ + return 0; /* ENCRYPTED BAG, do nothing. */ } else if (enc) *enc = 0; /* Step 1. Create the SEQUENCE. */ - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents", - &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-12-SafeContents", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } for (i = 0; i < bag->bag_elements; i++) { - oid = bag_to_oid(bag->element[i].type); if (oid == NULL) { gnutls_assert(); @@ -1393,33 +1343,29 @@ _pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, asn1_node * contents, * a CrlBag. */ - result = - _pkcs12_encode_crt_bag(bag->element[i].type, - &bag->element[i].data, &tmp); + result = _pkcs12_encode_crt_bag(bag->element[i].type, + &bag->element[i].data, + &tmp); if (result < 0) { gnutls_assert(); goto cleanup; } - result = - _gnutls_x509_write_value(c2, "?LAST.bagValue", - &tmp); + result = _gnutls_x509_write_value(c2, "?LAST.bagValue", + &tmp); _gnutls_free_datum(&tmp); } else { - - result = - _gnutls_x509_write_value(c2, "?LAST.bagValue", - &bag->element[i].data); + result = _gnutls_x509_write_value( + c2, "?LAST.bagValue", &bag->element[i].data); } if (result < 0) { gnutls_assert(); goto cleanup; } - } /* Encode the data and copy them into the datum @@ -1428,19 +1374,18 @@ _pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, asn1_node * contents, return 0; - cleanup: +cleanup: if (c2) asn1_delete_structure(&c2); return result; - } /* Checks if the extra_certs contain certificates that may form a chain * with the first certificate in chain (it is expected that chain_len==1) * and appends those in the chain. */ -static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len, - gnutls_x509_crt_t ** extra_certs, +static int make_chain(gnutls_x509_crt_t **chain, unsigned int *chain_len, + gnutls_x509_crt_t **extra_certs, unsigned int *extra_certs_len, unsigned int flags) { unsigned int i; @@ -1451,22 +1396,19 @@ static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len, i = 0; while (i < *extra_certs_len) { /* if it is an issuer but not a self-signed one */ - if (gnutls_x509_crt_check_issuer - ((*chain)[*chain_len - 1], (*extra_certs)[i]) != 0) { - if (!(flags & GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED) - && - gnutls_x509_crt_check_issuer((*extra_certs)[i], - (*extra_certs)[i]) - != 0) + if (gnutls_x509_crt_check_issuer((*chain)[*chain_len - 1], + (*extra_certs)[i]) != 0) { + if (!(flags & GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED) && + gnutls_x509_crt_check_issuer( + (*extra_certs)[i], (*extra_certs)[i]) != 0) goto skip; if (unlikely(INT_ADD_OVERFLOW(*chain_len, 1))) { return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); } - *chain = _gnutls_reallocarray_fast(*chain, - ++(*chain_len), - sizeof((*chain)[0])); + *chain = _gnutls_reallocarray_fast( + *chain, ++(*chain_len), sizeof((*chain)[0])); if (*chain == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -1474,14 +1416,14 @@ static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len, (*chain)[*chain_len - 1] = (*extra_certs)[i]; (*extra_certs)[i] = - (*extra_certs)[*extra_certs_len - 1]; + (*extra_certs)[*extra_certs_len - 1]; (*extra_certs_len)--; i = 0; continue; } - skip: + skip: i++; } return 0; @@ -1536,15 +1478,13 @@ static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len, * * Since: 3.1.0 **/ -int -gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, - const char *password, - gnutls_x509_privkey_t * key, - gnutls_x509_crt_t ** chain, - unsigned int *chain_len, - gnutls_x509_crt_t ** extra_certs, - unsigned int *extra_certs_len, - gnutls_x509_crl_t * crl, unsigned int flags) +int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, const char *password, + gnutls_x509_privkey_t *key, + gnutls_x509_crt_t **chain, + unsigned int *chain_len, + gnutls_x509_crt_t **extra_certs, + unsigned int *extra_certs_len, + gnutls_x509_crl_t *crl, unsigned int flags) { gnutls_pkcs12_bag_t bag = NULL; gnutls_x509_crt_t *_extra_certs = NULL; @@ -1568,7 +1508,6 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, /* find the first private key */ for (;;) { - ret = gnutls_pkcs12_bag_init(&bag); if (ret < 0) { bag = NULL; @@ -1595,9 +1534,8 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, if (ret == GNUTLS_BAG_ENCRYPTED) { if (password == NULL) { - ret = - gnutls_assert_val - (GNUTLS_E_DECRYPTION_FAILED); + ret = gnutls_assert_val( + GNUTLS_E_DECRYPTION_FAILED); goto done; } @@ -1633,15 +1571,14 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, switch (type) { case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: if (password == NULL) { - ret = - gnutls_assert_val - (GNUTLS_E_DECRYPTION_FAILED); + ret = gnutls_assert_val( + GNUTLS_E_DECRYPTION_FAILED); goto done; } FALLTHROUGH; case GNUTLS_BAG_PKCS8_KEY: - if (*key != NULL) { /* too simple to continue */ + if (*key != NULL) { /* too simple to continue */ gnutls_assert(); break; } @@ -1652,28 +1589,26 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, goto done; } - ret = gnutls_x509_privkey_import_pkcs8 - (*key, &data, GNUTLS_X509_FMT_DER, - password, - type == - GNUTLS_BAG_PKCS8_KEY ? - GNUTLS_PKCS_PLAIN : 0); + ret = gnutls_x509_privkey_import_pkcs8( + *key, &data, GNUTLS_X509_FMT_DER, + password, + type == GNUTLS_BAG_PKCS8_KEY ? + GNUTLS_PKCS_PLAIN : + 0); if (ret < 0) { gnutls_assert(); goto done; } key_id_size = sizeof(key_id); - ret = - gnutls_x509_privkey_get_key_id(*key, 0, - key_id, - &key_id_size); + ret = gnutls_x509_privkey_get_key_id( + *key, 0, key_id, &key_id_size); if (ret < 0) { gnutls_assert(); goto done; } - privkey_ok = 1; /* break */ + privkey_ok = 1; /* break */ break; default: break; @@ -1684,11 +1619,11 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, gnutls_pkcs12_bag_deinit(bag); bag = NULL; - if (privkey_ok != 0) /* private key was found */ + if (privkey_ok != 0) /* private key was found */ break; } - if (privkey_ok == 0) { /* no private key */ + if (privkey_ok == 0) { /* no private key */ gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -1761,10 +1696,8 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, goto done; } - ret = - gnutls_x509_crt_import(this_cert, - &data, - GNUTLS_X509_FMT_DER); + ret = gnutls_x509_crt_import( + this_cert, &data, GNUTLS_X509_FMT_DER); if (ret < 0) { gnutls_assert(); gnutls_x509_crt_deinit(this_cert); @@ -1774,10 +1707,8 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, /* check if the key id match */ cert_id_size = sizeof(cert_id); - ret = - gnutls_x509_crt_get_key_id(this_cert, - 0, cert_id, - &cert_id_size); + ret = gnutls_x509_crt_get_key_id( + this_cert, 0, cert_id, &cert_id_size); if (ret < 0) { gnutls_assert(); gnutls_x509_crt_deinit(this_cert); @@ -1785,47 +1716,43 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, goto done; } - if (memcmp(cert_id, key_id, cert_id_size) != 0) { /* they don't match - skip the certificate */ - if (unlikely - (INT_ADD_OVERFLOW - (_extra_certs_len, 1))) { - ret = - gnutls_assert_val - (GNUTLS_E_MEMORY_ERROR); + if (memcmp(cert_id, key_id, cert_id_size) != + 0) { /* they don't match - skip the certificate */ + if (unlikely(INT_ADD_OVERFLOW( + _extra_certs_len, 1))) { + ret = gnutls_assert_val( + GNUTLS_E_MEMORY_ERROR); goto done; } - _extra_certs = - _gnutls_reallocarray_fast - (_extra_certs, ++_extra_certs_len, - sizeof(_extra_certs[0])); + _extra_certs = _gnutls_reallocarray_fast( + _extra_certs, + ++_extra_certs_len, + sizeof(_extra_certs[0])); if (!_extra_certs) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; goto done; } - _extra_certs - [_extra_certs_len - 1] = this_cert; + _extra_certs[_extra_certs_len - 1] = + this_cert; this_cert = NULL; } else { if (chain && _chain_len == 0) { - _chain = - gnutls_malloc(sizeof - (_chain - [0]) * - (++_chain_len)); + _chain = gnutls_malloc( + sizeof(_chain[0]) * + (++_chain_len)); if (!_chain) { gnutls_assert(); - ret = - GNUTLS_E_MEMORY_ERROR; + ret = GNUTLS_E_MEMORY_ERROR; goto done; } _chain[_chain_len - 1] = - this_cert; + this_cert; this_cert = NULL; } else { - gnutls_x509_crt_deinit - (this_cert); + gnutls_x509_crt_deinit( + this_cert); this_cert = NULL; } } @@ -1843,9 +1770,8 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, goto done; } - ret = - gnutls_x509_crl_import(*crl, &data, - GNUTLS_X509_FMT_DER); + ret = gnutls_x509_crl_import( + *crl, &data, GNUTLS_X509_FMT_DER); if (ret < 0) { gnutls_assert(); gnutls_x509_crl_deinit(*crl); @@ -1874,9 +1800,8 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, goto done; } - ret = - make_chain(&_chain, &_chain_len, &_extra_certs, - &_extra_certs_len, flags); + ret = make_chain(&_chain, &_chain_len, &_extra_certs, + &_extra_certs_len, flags); if (ret < 0) { gnutls_assert(); goto done; @@ -1885,7 +1810,7 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, ret = 0; - done: +done: if (bag) gnutls_pkcs12_bag_deinit(bag); @@ -1953,15 +1878,12 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, * %GNUTLS_E_UNKNOWN_HASH_ALGORITHM if the structure's MAC isn't supported, or * another negative error code in case of a failure. Zero on success. **/ -int -gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac, - void *salt, unsigned int *salt_size, - unsigned int *iter_count, char **oid) +int gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac, + void *salt, unsigned int *salt_size, + unsigned int *iter_count, char **oid) { int ret; - gnutls_datum_t tmp = { NULL, 0 }, dsalt = { - NULL, 0 - }; + gnutls_datum_t tmp = { NULL, 0 }, dsalt = { NULL, 0 }; gnutls_mac_algorithm_t algo; if (oid) @@ -1972,10 +1894,8 @@ gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac, return GNUTLS_E_INVALID_REQUEST; } - ret = - _gnutls_x509_read_value(pkcs12->pkcs12, - "macData.mac.digestAlgorithm.algorithm", - &tmp); + ret = _gnutls_x509_read_value( + pkcs12->pkcs12, "macData.mac.digestAlgorithm.algorithm", &tmp); if (ret < 0) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; @@ -2000,20 +1920,18 @@ gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac, } if (iter_count) { - ret = - _gnutls_x509_read_uint(pkcs12->pkcs12, "macData.iterations", - iter_count); + ret = _gnutls_x509_read_uint(pkcs12->pkcs12, + "macData.iterations", iter_count); if (ret < 0) { - *iter_count = 1; /* the default */ + *iter_count = 1; /* the default */ } } if (salt) { /* Read the salt from the structure. */ - ret = - _gnutls_x509_read_null_value(pkcs12->pkcs12, - "macData.macSalt", &dsalt); + ret = _gnutls_x509_read_null_value(pkcs12->pkcs12, + "macData.macSalt", &dsalt); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2031,9 +1949,8 @@ gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac, } ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&tmp); _gnutls_free_datum(&dsalt); return ret; - } diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index 012d92f8d4..06c38f2b74 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -44,12 +44,12 @@ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag) +int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t *bag) { *bag = gnutls_calloc(1, sizeof(gnutls_pkcs12_bag_int)); if (*bag) { - return 0; /* success */ + return 0; /* success */ } return GNUTLS_E_MEMORY_ERROR; } @@ -64,7 +64,6 @@ static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag) gnutls_free(bag->element[i].friendly_name); bag->element[i].type = 0; } - } /** @@ -136,9 +135,8 @@ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, unsigned indx, - gnutls_datum_t * data) +int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, unsigned indx, + gnutls_datum_t *data) { if (bag == NULL) { gnutls_assert(); @@ -155,12 +153,11 @@ gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, unsigned indx, } #define X509_CERT_OID "1.2.840.113549.1.9.22.1" -#define X509_CRL_OID "1.2.840.113549.1.9.23.1" +#define X509_CRL_OID "1.2.840.113549.1.9.23.1" #define RANDOM_NONCE_OID "1.2.840.113549.1.9.25.3" -int -_pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * in, gnutls_datum_t * out) +int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t *in, gnutls_datum_t *out) { int ret; asn1_node c2 = NULL; @@ -168,8 +165,8 @@ _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, switch (type) { case GNUTLS_BAG_CERTIFICATE: if ((ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CertBag", - &c2)) != ASN1_SUCCESS) { + "PKIX1.pkcs-12-CertBag", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; @@ -182,9 +179,8 @@ _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, goto cleanup; } - ret = - _gnutls_x509_read_string(c2, "certValue", out, - ASN1_ETYPE_OCTET_STRING, 1); + ret = _gnutls_x509_read_string(c2, "certValue", out, + ASN1_ETYPE_OCTET_STRING, 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -193,8 +189,8 @@ _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, case GNUTLS_BAG_CRL: if ((ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CRLBag", - &c2)) != ASN1_SUCCESS) { + "PKIX1.pkcs-12-CRLBag", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; @@ -207,9 +203,8 @@ _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, goto cleanup; } - ret = - _gnutls_x509_read_string(c2, "crlValue", out, - ASN1_ETYPE_OCTET_STRING, 1); + ret = _gnutls_x509_read_string(c2, "crlValue", out, + ASN1_ETYPE_OCTET_STRING, 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -232,9 +227,8 @@ _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, goto cleanup; } - ret = - _gnutls_x509_read_string(c2, "secretValue", out, - ASN1_ETYPE_OCTET_STRING, 1); + ret = _gnutls_x509_read_string(c2, "secretValue", out, + ASN1_ETYPE_OCTET_STRING, 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -251,15 +245,14 @@ _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, return 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; } -int -_pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * raw, gnutls_datum_t * out) +int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t *raw, gnutls_datum_t *out) { int ret; asn1_node c2 = NULL; @@ -267,8 +260,8 @@ _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, switch (type) { case GNUTLS_BAG_CERTIFICATE: if ((ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CertBag", - &c2)) != ASN1_SUCCESS) { + "PKIX1.pkcs-12-CertBag", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; @@ -281,9 +274,8 @@ _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, goto cleanup; } - ret = - _gnutls_x509_write_string(c2, "certValue", raw, - ASN1_ETYPE_OCTET_STRING); + ret = _gnutls_x509_write_string(c2, "certValue", raw, + ASN1_ETYPE_OCTET_STRING); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -292,8 +284,8 @@ _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, case GNUTLS_BAG_CRL: if ((ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CRLBag", - &c2)) != ASN1_SUCCESS) { + "PKIX1.pkcs-12-CRLBag", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; @@ -306,9 +298,8 @@ _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, goto cleanup; } - ret = - _gnutls_x509_write_string(c2, "crlValue", raw, - ASN1_ETYPE_OCTET_STRING); + ret = _gnutls_x509_write_string(c2, "crlValue", raw, + ASN1_ETYPE_OCTET_STRING); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -331,9 +322,8 @@ _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, goto cleanup; } - ret = - _gnutls_x509_write_string(c2, "secretValue", raw, - ASN1_ETYPE_OCTET_STRING); + ret = _gnutls_x509_write_string(c2, "secretValue", raw, + ASN1_ETYPE_OCTET_STRING); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -357,7 +347,7 @@ _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, return 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; @@ -375,10 +365,9 @@ _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, * Returns: the index of the added bag on success, or a negative * value on error. **/ -int -gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, - gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * data) +int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, + gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t *data) { int ret; if (bag == NULL) { @@ -398,16 +387,15 @@ gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, */ if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY || - bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY - || bag->element[0].type == GNUTLS_BAG_ENCRYPTED) { + bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY || + bag->element[0].type == GNUTLS_BAG_ENCRYPTED) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } } - ret = - _gnutls_set_datum(&bag->element[bag->bag_elements].data, - data->data, data->size); + ret = _gnutls_set_datum(&bag->element[bag->bag_elements].data, + data->data, data->size); if (ret < 0) { gnutls_assert(); @@ -503,9 +491,8 @@ int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. or a negative error code on error. **/ -int -gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, unsigned indx, - const gnutls_datum_t * id) +int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, unsigned indx, + const gnutls_datum_t *id) { int ret; @@ -519,8 +506,8 @@ gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, unsigned indx, return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_set_datum(&bag->element[indx].local_key_id, - id->data, id->size); + ret = _gnutls_set_datum(&bag->element[indx].local_key_id, id->data, + id->size); if (ret < 0) { gnutls_assert(); @@ -543,9 +530,8 @@ gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, unsigned indx, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. or a negative error code on error. **/ -int -gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, unsigned indx, - gnutls_datum_t * id) +int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, unsigned indx, + gnutls_datum_t *id) { if (bag == NULL) { gnutls_assert(); @@ -576,9 +562,8 @@ gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, unsigned indx, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. or a negative error code on error. **/ -int -gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, unsigned indx, - char **name) +int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, unsigned indx, + char **name) { if (bag == NULL) { gnutls_assert(); @@ -609,9 +594,8 @@ gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, unsigned indx, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. or a negative error code on error. **/ -int -gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, unsigned indx, - const char *name) +int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, unsigned indx, + const char *name) { if (bag == NULL) { gnutls_assert(); @@ -695,9 +679,8 @@ int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, * otherwise a negative error code is returned. **/ -int -gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, const char *pass, - unsigned int flags) +int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, const char *pass, + unsigned int flags) { int ret; asn1_node safe_cont = NULL; @@ -787,11 +770,10 @@ gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, const char *pass, * %GNUTLS_E_UNKNOWN_CIPHER_TYPE if the structure's encryption isn't supported, or * another negative error code in case of a failure. Zero on success. **/ -int -gnutls_pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, unsigned int *schema, - unsigned int *cipher, void *salt, - unsigned int *salt_size, unsigned int *iter_count, - char **oid) +int gnutls_pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, unsigned int *schema, + unsigned int *cipher, void *salt, + unsigned int *salt_size, + unsigned int *iter_count, char **oid) { int ret; struct pbkdf2_params kdf; @@ -851,10 +833,9 @@ gnutls_pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, unsigned int *schema, * Returns: the index of the added bag on success, or a negative * value on failure. **/ -int -gnutls_pkcs12_bag_set_privkey(gnutls_pkcs12_bag_t bag, - gnutls_x509_privkey_t privkey, - const char *password, unsigned flags) +int gnutls_pkcs12_bag_set_privkey(gnutls_pkcs12_bag_t bag, + gnutls_x509_privkey_t privkey, + const char *password, unsigned flags) { int ret; gnutls_datum_t data = { NULL, 0 }; @@ -870,25 +851,22 @@ gnutls_pkcs12_bag_set_privkey(gnutls_pkcs12_bag_t bag, return gnutls_assert_val(ret); if (password == NULL) { - ret = - gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_PKCS8_KEY, - &data); + ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_PKCS8_KEY, + &data); if (ret < 0) { gnutls_assert(); goto cleanup; } } else { - ret = - gnutls_pkcs12_bag_set_data(bag, - GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, - &data); + ret = gnutls_pkcs12_bag_set_data( + bag, GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, &data); if (ret < 0) { gnutls_assert(); goto cleanup; } } - cleanup: +cleanup: _gnutls_free_datum(&data); return ret; diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c index 4c961b2919..817e8e557d 100644 --- a/lib/x509/pkcs12_encr.c +++ b/lib/x509/pkcs12_encr.c @@ -37,12 +37,10 @@ * Note that this function produces different key for the * NULL password, and for the password with zero length. */ -int -_gnutls_pkcs12_string_to_key(const mac_entry_st * me, - unsigned int id, const uint8_t * salt, - unsigned int salt_size, unsigned int iter, - const char *pw, unsigned int req_keylen, - uint8_t * keybuf) +int _gnutls_pkcs12_string_to_key(const mac_entry_st *me, unsigned int id, + const uint8_t *salt, unsigned int salt_size, + unsigned int iter, const char *pw, + unsigned int req_keylen, uint8_t *keybuf) { int rc; unsigned int i, j; @@ -51,7 +49,7 @@ _gnutls_pkcs12_string_to_key(const mac_entry_st * me, bigint_t v_mpi = NULL; unsigned int pwlen; uint8_t hash[MAX_HASH_SIZE], buf_b[MAX_V_SIZE], - buf_i[MAX_PASS_LEN + MAX_V_SIZE], *p; + buf_i[MAX_PASS_LEN + MAX_V_SIZE], *p; uint8_t d[MAX_V_SIZE]; size_t cur_keylen; size_t n, m, plen, i_size; @@ -84,7 +82,7 @@ _gnutls_pkcs12_string_to_key(const mac_entry_st * me, return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); memset(v_val, 0, sizeof(v_val)); - v_val[0] = 0x01; /* make it be 2^64 or 2^128 */ + v_val[0] = 0x01; /* make it be 2^64 or 2^128 */ cur_keylen = 0; @@ -161,8 +159,9 @@ _gnutls_pkcs12_string_to_key(const mac_entry_st * me, _gnutls_hash(&md, buf_i, i_size); _gnutls_hash_deinit(&md, hash); for (i = 1; i < iter; i++) { - rc = _gnutls_hash_fast((gnutls_digest_algorithm_t) - me->id, hash, mac_len, hash); + rc = _gnutls_hash_fast( + (gnutls_digest_algorithm_t)me->id, hash, + mac_len, hash); if (rc < 0) { gnutls_assert(); goto cleanup; @@ -171,7 +170,7 @@ _gnutls_pkcs12_string_to_key(const mac_entry_st * me, for (i = 0; i < mac_len && cur_keylen < req_keylen; i++) keybuf[cur_keylen++] = hash[i]; if (cur_keylen == req_keylen) { - rc = 0; /* ready */ + rc = 0; /* ready */ goto cleanup; } @@ -217,7 +216,7 @@ _gnutls_pkcs12_string_to_key(const mac_entry_st * me, _gnutls_mpi_release(&num_ij); } } - cleanup: +cleanup: _gnutls_mpi_release(&num_ij); _gnutls_mpi_release(&num_b1); _gnutls_mpi_release(&v_mpi); diff --git a/lib/x509/pkcs7-attrs.c b/lib/x509/pkcs7-attrs.c index 25f947276f..300a3fcce3 100644 --- a/lib/x509/pkcs7-attrs.c +++ b/lib/x509/pkcs7-attrs.c @@ -50,9 +50,8 @@ * * Since: 3.4.2 **/ -int -gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t * list, const char *oid, - gnutls_datum_t * data, unsigned flags) +int gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, + gnutls_datum_t *data, unsigned flags) { int ret; gnutls_pkcs7_attrs_st *r; @@ -79,14 +78,13 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t * list, const char *oid, *list = r; return 0; - fail: +fail: if (r) { gnutls_free(r->data.data); gnutls_free(r); } gnutls_pkcs7_attrs_deinit(*list); return GNUTLS_E_MEMORY_ERROR; - } /** @@ -107,9 +105,8 @@ gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t * list, const char *oid, * * Since: 3.4.2 **/ -int -gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, - gnutls_datum_t * data, unsigned flags) +int gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, + gnutls_datum_t *data, unsigned flags) { unsigned i; gnutls_pkcs7_attrs_st *p = list; diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c index 8cdfb85ac0..a8a55b1e19 100644 --- a/lib/x509/pkcs7-crypt.c +++ b/lib/x509/pkcs7-crypt.c @@ -53,180 +53,169 @@ #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6" static const struct pkcs_cipher_schema_st avail_pkcs_cipher_schemas[] = { - { - .schema = PBES1_DES_MD5, - .name = "PBES1-DES-CBC-MD5", - .flag = GNUTLS_PKCS_PBES1_DES_MD5, - .cipher = GNUTLS_CIPHER_DES_CBC, - .pbes2 = 0, - .cipher_oid = PBES1_DES_MD5_OID, - .write_oid = PBES1_DES_MD5_OID, - .desc = NULL, - .iv_name = NULL, - .decrypt_only = 1}, - { - .schema = PBES2_3DES, - .name = "PBES2-3DES-CBC", - .flag = GNUTLS_PKCS_PBES2_3DES, - .cipher = GNUTLS_CIPHER_3DES_CBC, - .pbes2 = 1, - .cipher_oid = DES_EDE3_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params", - .iv_name = "", - .decrypt_only = 0}, - { - .schema = PBES2_DES, - .name = "PBES2-DES-CBC", - .flag = GNUTLS_PKCS_PBES2_DES, - .cipher = GNUTLS_CIPHER_DES_CBC, - .pbes2 = 1, - .cipher_oid = DES_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-des-CBC-params", - .iv_name = "", - .decrypt_only = 0}, - { - .schema = PBES2_AES_128, - .name = "PBES2-AES128-CBC", - .flag = GNUTLS_PKCS_PBES2_AES_128, - .cipher = GNUTLS_CIPHER_AES_128_CBC, - .pbes2 = 1, - .cipher_oid = AES_128_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-aes128-CBC-params", - .iv_name = "", - .decrypt_only = 0}, - { - .schema = PBES2_AES_192, - .name = "PBES2-AES192-CBC", - .flag = GNUTLS_PKCS_PBES2_AES_192, - .cipher = GNUTLS_CIPHER_AES_192_CBC, - .pbes2 = 1, - .cipher_oid = AES_192_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-aes192-CBC-params", - .iv_name = "", - .decrypt_only = 0}, - { - .schema = PBES2_AES_256, - .name = "PBES2-AES256-CBC", - .flag = GNUTLS_PKCS_PBES2_AES_256, - .cipher = GNUTLS_CIPHER_AES_256_CBC, - .pbes2 = 1, - .cipher_oid = AES_256_CBC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.pkcs-5-aes256-CBC-params", - .iv_name = "", - .decrypt_only = 0}, - { - .schema = PBES2_GOST28147_89_TC26Z, - .name = "PBES2-GOST28147-89-TC26Z", - .flag = GNUTLS_PKCS_PBES2_GOST_TC26Z, - .cipher = GNUTLS_CIPHER_GOST28147_TC26Z_CFB, - .pbes2 = 1, - .cipher_oid = GOST28147_89_TC26Z_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.Gost28147-89-Parameters", - .iv_name = "iv", - .decrypt_only = 0}, - { - .schema = PBES2_GOST28147_89_CPA, - .name = "PBES2-GOST28147-89-CPA", - .flag = GNUTLS_PKCS_PBES2_GOST_CPA, - .cipher = GNUTLS_CIPHER_GOST28147_CPA_CFB, - .pbes2 = 1, - .cipher_oid = GOST28147_89_CPA_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.Gost28147-89-Parameters", - .iv_name = "iv", - .decrypt_only = 0}, - { - .schema = PBES2_GOST28147_89_CPB, - .name = "PBES2-GOST28147-89-CPB", - .flag = GNUTLS_PKCS_PBES2_GOST_CPB, - .cipher = GNUTLS_CIPHER_GOST28147_CPB_CFB, - .pbes2 = 1, - .cipher_oid = GOST28147_89_CPB_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.Gost28147-89-Parameters", - .iv_name = "iv", - .decrypt_only = 0}, - { - .schema = PBES2_GOST28147_89_CPC, - .name = "PBES2-GOST28147-89-CPC", - .flag = GNUTLS_PKCS_PBES2_GOST_CPC, - .cipher = GNUTLS_CIPHER_GOST28147_CPC_CFB, - .pbes2 = 1, - .cipher_oid = GOST28147_89_CPC_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.Gost28147-89-Parameters", - .iv_name = "iv", - .decrypt_only = 0}, - { - .schema = PBES2_GOST28147_89_CPD, - .name = "PBES2-GOST28147-89-CPD", - .flag = GNUTLS_PKCS_PBES2_GOST_CPD, - .cipher = GNUTLS_CIPHER_GOST28147_CPD_CFB, - .pbes2 = 1, - .cipher_oid = GOST28147_89_CPD_OID, - .write_oid = PBES2_OID, - .desc = "PKIX1.Gost28147-89-Parameters", - .iv_name = "iv", - .decrypt_only = 0}, - { - .schema = PKCS12_ARCFOUR_SHA1, - .name = "PKCS12-ARCFOUR-SHA1", - .flag = GNUTLS_PKCS_PKCS12_ARCFOUR, - .cipher = GNUTLS_CIPHER_ARCFOUR, - .pbes2 = 0, - .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, - .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, - .desc = NULL, - .iv_name = NULL, - .decrypt_only = 0}, - { - .schema = PKCS12_RC2_40_SHA1, - .name = "PKCS12-RC2-40-SHA1", - .flag = GNUTLS_PKCS_PKCS12_RC2_40, - .cipher = GNUTLS_CIPHER_RC2_40_CBC, - .pbes2 = 0, - .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID, - .write_oid = PKCS12_PBE_RC2_40_SHA1_OID, - .desc = NULL, - .iv_name = NULL, - .decrypt_only = 0}, - { - .schema = PKCS12_3DES_SHA1, - .name = "PKCS12-3DES-SHA1", - .flag = GNUTLS_PKCS_PKCS12_3DES, - .cipher = GNUTLS_CIPHER_3DES_CBC, - .pbes2 = 0, - .cipher_oid = PKCS12_PBE_3DES_SHA1_OID, - .write_oid = PKCS12_PBE_3DES_SHA1_OID, - .desc = NULL, - .iv_name = NULL, - .decrypt_only = 0}, - {0, 0, 0, 0, 0} + { .schema = PBES1_DES_MD5, + .name = "PBES1-DES-CBC-MD5", + .flag = GNUTLS_PKCS_PBES1_DES_MD5, + .cipher = GNUTLS_CIPHER_DES_CBC, + .pbes2 = 0, + .cipher_oid = PBES1_DES_MD5_OID, + .write_oid = PBES1_DES_MD5_OID, + .desc = NULL, + .iv_name = NULL, + .decrypt_only = 1 }, + { .schema = PBES2_3DES, + .name = "PBES2-3DES-CBC", + .flag = GNUTLS_PKCS_PBES2_3DES, + .cipher = GNUTLS_CIPHER_3DES_CBC, + .pbes2 = 1, + .cipher_oid = DES_EDE3_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-des-EDE3-CBC-params", + .iv_name = "", + .decrypt_only = 0 }, + { .schema = PBES2_DES, + .name = "PBES2-DES-CBC", + .flag = GNUTLS_PKCS_PBES2_DES, + .cipher = GNUTLS_CIPHER_DES_CBC, + .pbes2 = 1, + .cipher_oid = DES_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-des-CBC-params", + .iv_name = "", + .decrypt_only = 0 }, + { .schema = PBES2_AES_128, + .name = "PBES2-AES128-CBC", + .flag = GNUTLS_PKCS_PBES2_AES_128, + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .pbes2 = 1, + .cipher_oid = AES_128_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-aes128-CBC-params", + .iv_name = "", + .decrypt_only = 0 }, + { .schema = PBES2_AES_192, + .name = "PBES2-AES192-CBC", + .flag = GNUTLS_PKCS_PBES2_AES_192, + .cipher = GNUTLS_CIPHER_AES_192_CBC, + .pbes2 = 1, + .cipher_oid = AES_192_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-aes192-CBC-params", + .iv_name = "", + .decrypt_only = 0 }, + { .schema = PBES2_AES_256, + .name = "PBES2-AES256-CBC", + .flag = GNUTLS_PKCS_PBES2_AES_256, + .cipher = GNUTLS_CIPHER_AES_256_CBC, + .pbes2 = 1, + .cipher_oid = AES_256_CBC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.pkcs-5-aes256-CBC-params", + .iv_name = "", + .decrypt_only = 0 }, + { .schema = PBES2_GOST28147_89_TC26Z, + .name = "PBES2-GOST28147-89-TC26Z", + .flag = GNUTLS_PKCS_PBES2_GOST_TC26Z, + .cipher = GNUTLS_CIPHER_GOST28147_TC26Z_CFB, + .pbes2 = 1, + .cipher_oid = GOST28147_89_TC26Z_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.Gost28147-89-Parameters", + .iv_name = "iv", + .decrypt_only = 0 }, + { .schema = PBES2_GOST28147_89_CPA, + .name = "PBES2-GOST28147-89-CPA", + .flag = GNUTLS_PKCS_PBES2_GOST_CPA, + .cipher = GNUTLS_CIPHER_GOST28147_CPA_CFB, + .pbes2 = 1, + .cipher_oid = GOST28147_89_CPA_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.Gost28147-89-Parameters", + .iv_name = "iv", + .decrypt_only = 0 }, + { .schema = PBES2_GOST28147_89_CPB, + .name = "PBES2-GOST28147-89-CPB", + .flag = GNUTLS_PKCS_PBES2_GOST_CPB, + .cipher = GNUTLS_CIPHER_GOST28147_CPB_CFB, + .pbes2 = 1, + .cipher_oid = GOST28147_89_CPB_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.Gost28147-89-Parameters", + .iv_name = "iv", + .decrypt_only = 0 }, + { .schema = PBES2_GOST28147_89_CPC, + .name = "PBES2-GOST28147-89-CPC", + .flag = GNUTLS_PKCS_PBES2_GOST_CPC, + .cipher = GNUTLS_CIPHER_GOST28147_CPC_CFB, + .pbes2 = 1, + .cipher_oid = GOST28147_89_CPC_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.Gost28147-89-Parameters", + .iv_name = "iv", + .decrypt_only = 0 }, + { .schema = PBES2_GOST28147_89_CPD, + .name = "PBES2-GOST28147-89-CPD", + .flag = GNUTLS_PKCS_PBES2_GOST_CPD, + .cipher = GNUTLS_CIPHER_GOST28147_CPD_CFB, + .pbes2 = 1, + .cipher_oid = GOST28147_89_CPD_OID, + .write_oid = PBES2_OID, + .desc = "PKIX1.Gost28147-89-Parameters", + .iv_name = "iv", + .decrypt_only = 0 }, + { .schema = PKCS12_ARCFOUR_SHA1, + .name = "PKCS12-ARCFOUR-SHA1", + .flag = GNUTLS_PKCS_PKCS12_ARCFOUR, + .cipher = GNUTLS_CIPHER_ARCFOUR, + .pbes2 = 0, + .cipher_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, + .write_oid = PKCS12_PBE_ARCFOUR_SHA1_OID, + .desc = NULL, + .iv_name = NULL, + .decrypt_only = 0 }, + { .schema = PKCS12_RC2_40_SHA1, + .name = "PKCS12-RC2-40-SHA1", + .flag = GNUTLS_PKCS_PKCS12_RC2_40, + .cipher = GNUTLS_CIPHER_RC2_40_CBC, + .pbes2 = 0, + .cipher_oid = PKCS12_PBE_RC2_40_SHA1_OID, + .write_oid = PKCS12_PBE_RC2_40_SHA1_OID, + .desc = NULL, + .iv_name = NULL, + .decrypt_only = 0 }, + { .schema = PKCS12_3DES_SHA1, + .name = "PKCS12-3DES-SHA1", + .flag = GNUTLS_PKCS_PKCS12_3DES, + .cipher = GNUTLS_CIPHER_3DES_CBC, + .pbes2 = 0, + .cipher_oid = PKCS12_PBE_3DES_SHA1_OID, + .write_oid = PKCS12_PBE_3DES_SHA1_OID, + .desc = NULL, + .iv_name = NULL, + .decrypt_only = 0 }, + { 0, 0, 0, 0, 0 } }; -#define PBES2_SCHEMA_LOOP(b) { \ - const struct pkcs_cipher_schema_st * _p; \ - for (_p=avail_pkcs_cipher_schemas;_p->schema != 0;_p++) { b; } \ +#define PBES2_SCHEMA_LOOP(b) \ + { \ + const struct pkcs_cipher_schema_st *_p; \ + for (_p = avail_pkcs_cipher_schemas; _p->schema != 0; _p++) { \ + b; \ + } \ } #define PBES2_SCHEMA_FIND_FROM_FLAGS(fl, what) \ - PBES2_SCHEMA_LOOP( if (_p->flag == GNUTLS_PKCS_CIPHER_MASK(fl)) { what; } ) + PBES2_SCHEMA_LOOP( \ + if (_p->flag == GNUTLS_PKCS_CIPHER_MASK(fl)) { what; }) int _gnutls_pkcs_flags_to_schema(unsigned int flags) { - PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema; - ); + PBES2_SCHEMA_FIND_FROM_FLAGS(flags, return _p->schema;); gnutls_assert(); - _gnutls_debug_log - ("Selecting default encryption PBES2_AES_256 (flags: %u).\n", - flags); + _gnutls_debug_log( + "Selecting default encryption PBES2_AES_256 (flags: %u).\n", + flags); return PBES2_AES_256; } @@ -243,8 +232,7 @@ int _gnutls_pkcs_flags_to_schema(unsigned int flags) */ const char *gnutls_pkcs_schema_get_name(unsigned int schema) { - PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name; - ); + PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->name;); return NULL; } @@ -261,17 +249,15 @@ const char *gnutls_pkcs_schema_get_name(unsigned int schema) */ const char *gnutls_pkcs_schema_get_oid(unsigned int schema) { - PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid; - ); + PBES2_SCHEMA_FIND_FROM_FLAGS(schema, return _p->cipher_oid;); return NULL; } -static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned - cipher) +static const struct pkcs_cipher_schema_st * +algo_to_pbes2_cipher_schema(unsigned cipher) { - PBES2_SCHEMA_LOOP(if (_p->cipher == cipher && _p->pbes2 != 0) { - return _p;} - ) ; + PBES2_SCHEMA_LOOP( + if (_p->cipher == cipher && _p->pbes2 != 0) { return _p; }); gnutls_assert(); return NULL; @@ -282,20 +268,21 @@ static const struct pkcs_cipher_schema_st *algo_to_pbes2_cipher_schema(unsigned int _gnutls_check_pkcs_cipher_schema(const char *oid) { if (strcmp(oid, PBES2_OID) == 0) - return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */ + return PBES2_GENERIC; /* PBES2 ciphers are under an umbrella OID */ - PBES2_SCHEMA_LOOP(if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) { - return _p->schema;} - ) ; - _gnutls_debug_log - ("PKCS #12 encryption schema OID '%s' is unsupported.\n", oid); + PBES2_SCHEMA_LOOP( + if (_p->pbes2 == 0 && strcmp(oid, _p->write_oid) == 0) { + return _p->schema; + }); + _gnutls_debug_log( + "PKCS #12 encryption schema OID '%s' is unsupported.\n", oid); return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema) { - PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;) ; + PBES2_SCHEMA_LOOP(if (schema == _p->schema) return _p;); gnutls_assert(); return NULL; @@ -303,15 +290,15 @@ const struct pkcs_cipher_schema_st *_gnutls_pkcs_schema_get(schema_id schema) /* Converts an OID to a gnutls cipher type. */ -static int -pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t * algo) +static int pbes2_cipher_oid_to_algo(const char *oid, + gnutls_cipher_algorithm_t *algo) { - *algo = 0; - PBES2_SCHEMA_LOOP(if - (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) { - *algo = _p->cipher; return 0;} - ) ; + PBES2_SCHEMA_LOOP( + if (_p->pbes2 != 0 && strcmp(_p->cipher_oid, oid) == 0) { + *algo = _p->cipher; + return 0; + }); _gnutls_debug_log("PKCS #8 encryption OID '%s' is unsupported.\n", oid); return GNUTLS_E_UNKNOWN_CIPHER_TYPE; @@ -320,9 +307,8 @@ pbes2_cipher_oid_to_algo(const char *oid, gnutls_cipher_algorithm_t * algo) /* Decrypts a PKCS #7 encryptedData. The output is allocated * and stored in dec. */ -int -_gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, - const char *password, gnutls_datum_t * dec) +int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t *data, const char *password, + gnutls_datum_t *dec) { int result, len; char enc_oid[MAX_OID_SIZE]; @@ -333,10 +319,9 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, struct pbe_enc_params enc_params; schema_id schema; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-7-EncryptedData", - &pkcs7_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-7-EncryptedData", + &pkcs7_asn)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; @@ -352,10 +337,10 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, /* Check the encryption schema OID */ len = sizeof(enc_oid); - result = - asn1_read_value(pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - enc_oid, &len); + result = asn1_read_value( + pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + enc_oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -370,10 +355,10 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, /* Get the DER encoding of the parameters. */ - result = - asn1_der_decoding_startEnd(pkcs7_asn, data->data, data->size, - "encryptedContentInfo.contentEncryptionAlgorithm.parameters", - ¶ms_start, ¶ms_end); + result = asn1_der_decoding_startEnd( + pkcs7_asn, data->data, data->size, + "encryptedContentInfo.contentEncryptionAlgorithm.parameters", + ¶ms_start, ¶ms_end); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -381,11 +366,10 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, } params_len = params_end - params_start + 1; - result = - _gnutls_read_pkcs_schema_params(&schema, password, - &data->data[params_start], - params_len, &kdf_params, - &enc_params); + result = _gnutls_read_pkcs_schema_params(&schema, password, + &data->data[params_start], + params_len, &kdf_params, + &enc_params); if (result < 0) { gnutls_assert(); goto error; @@ -395,11 +379,9 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, * decrypt the EncryptedData. */ - result = - _gnutls_pkcs_raw_decrypt_data(schema, pkcs7_asn, - "encryptedContentInfo.encryptedContent", - password, &kdf_params, &enc_params, - &tmp); + result = _gnutls_pkcs_raw_decrypt_data( + schema, pkcs7_asn, "encryptedContentInfo.encryptedContent", + password, &kdf_params, &enc_params, &tmp); if (result < 0) { gnutls_assert(); goto error; @@ -411,16 +393,15 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, return 0; - error: +error: asn1_delete_structure(&pasn); asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; } -int -_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, - const struct pkcs_cipher_schema_st **p, - struct pbkdf2_params *kdf_params, char **oid) +int _gnutls_pkcs7_data_enc_info(const gnutls_datum_t *data, + const struct pkcs_cipher_schema_st **p, + struct pbkdf2_params *kdf_params, char **oid) { int result, len; char enc_oid[MAX_OID_SIZE]; @@ -429,10 +410,9 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, struct pbe_enc_params enc_params; schema_id schema; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-7-EncryptedData", - &pkcs7_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-7-EncryptedData", + &pkcs7_asn)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; @@ -448,10 +428,10 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, /* Check the encryption schema OID */ len = sizeof(enc_oid); - result = - asn1_read_value(pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - enc_oid, &len); + result = asn1_read_value( + pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + enc_oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -470,10 +450,10 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, /* Get the DER encoding of the parameters. */ - result = - asn1_der_decoding_startEnd(pkcs7_asn, data->data, data->size, - "encryptedContentInfo.contentEncryptionAlgorithm.parameters", - ¶ms_start, ¶ms_end); + result = asn1_der_decoding_startEnd( + pkcs7_asn, data->data, data->size, + "encryptedContentInfo.contentEncryptionAlgorithm.parameters", + ¶ms_start, ¶ms_end); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -481,11 +461,10 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, } params_len = params_end - params_start + 1; - result = - _gnutls_read_pkcs_schema_params(&schema, NULL, - &data->data[params_start], - params_len, kdf_params, - &enc_params); + result = _gnutls_read_pkcs_schema_params(&schema, NULL, + &data->data[params_start], + params_len, kdf_params, + &enc_params); if (result < 0) { gnutls_assert(); goto error; @@ -502,7 +481,7 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, return 0; - error: +error: asn1_delete_structure(&pasn); asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; @@ -511,10 +490,8 @@ _gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, /* Encrypts to a PKCS #7 encryptedData. The output is allocated * and stored in enc. */ -int -_gnutls_pkcs7_encrypt_data(schema_id schema, - const gnutls_datum_t * data, - const char *password, gnutls_datum_t * enc) +int _gnutls_pkcs7_encrypt_data(schema_id schema, const gnutls_datum_t *data, + const char *password, gnutls_datum_t *enc) { int result; gnutls_datum_t key = { NULL, 0 }; @@ -529,19 +506,18 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-7-EncryptedData", - &pkcs7_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-7-EncryptedData", + &pkcs7_asn)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; } - result = - asn1_write_value(pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - s->write_oid, 1); + result = asn1_write_value( + pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + s->write_oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -552,17 +528,17 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, /* Generate a symmetric key. */ - result = - _gnutls_pkcs_generate_key(schema, password, &kdf_params, - &enc_params, &key); + result = _gnutls_pkcs_generate_key(schema, password, &kdf_params, + &enc_params, &key); if (result < 0) { gnutls_assert(); goto error; } - result = _gnutls_pkcs_write_schema_params(schema, pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.parameters", - &kdf_params, &enc_params); + result = _gnutls_pkcs_write_schema_params( + schema, pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.parameters", + &kdf_params, &enc_params); if (result < 0) { gnutls_assert(); goto error; @@ -579,10 +555,9 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, /* write the encrypted data. */ - result = - asn1_write_value(pkcs7_asn, - "encryptedContentInfo.encryptedContent", - tmp.data, tmp.size); + result = asn1_write_value(pkcs7_asn, + "encryptedContentInfo.encryptedContent", + tmp.data, tmp.size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -601,9 +576,8 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, goto error; } - result = - asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentType", - DATA_OID, 1); + result = asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentType", + DATA_OID, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -628,7 +602,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, goto error; } - error: +error: _gnutls_free_key_datum(&key); _gnutls_free_datum(&tmp); asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); @@ -637,9 +611,8 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, /* Reads the PBKDF2 parameters. */ -static int -read_pbkdf2_params(asn1_node pasn, - const gnutls_datum_t * der, struct pbkdf2_params *params) +static int read_pbkdf2_params(asn1_node pasn, const gnutls_datum_t *der, + struct pbkdf2_params *params) { int params_start, params_end; int params_len, len, result; @@ -654,7 +627,7 @@ read_pbkdf2_params(asn1_node pasn, */ len = sizeof(oid); result = - asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid, &len); + asn1_read_value(pasn, "keyDerivationFunc.algorithm", oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -663,15 +636,15 @@ read_pbkdf2_params(asn1_node pasn, if (strcmp(oid, PBKDF2_OID) != 0) { gnutls_assert(); - _gnutls_debug_log - ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid); + _gnutls_debug_log( + "PKCS #8 key derivation OID '%s' is unsupported.\n", + oid); return _gnutls_asn2err(result); } - result = - asn1_der_decoding_startEnd(pasn, der->data, der->size, - "keyDerivationFunc.parameters", - ¶ms_start, ¶ms_end); + result = asn1_der_decoding_startEnd(pasn, der->data, der->size, + "keyDerivationFunc.parameters", + ¶ms_start, ¶ms_end); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -681,17 +654,15 @@ read_pbkdf2_params(asn1_node pasn, /* Now check the key derivation and the encryption * functions. */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-PBKDF2-params", - &pbkdf2_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-5-PBKDF2-params", + &pbkdf2_asn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - result = - _asn1_strict_der_decode(&pbkdf2_asn, &der->data[params_start], - params_len, NULL); + result = _asn1_strict_der_decode(&pbkdf2_asn, &der->data[params_start], + params_len, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -700,9 +671,8 @@ read_pbkdf2_params(asn1_node pasn, /* read the salt */ params->salt_size = sizeof(params->salt); - result = - asn1_read_value(pbkdf2_asn, "salt.specified", params->salt, - ¶ms->salt_size); + result = asn1_read_value(pbkdf2_asn, "salt.specified", params->salt, + ¶ms->salt_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -717,9 +687,8 @@ read_pbkdf2_params(asn1_node pasn, /* read the iteration count */ - result = - _gnutls_x509_read_uint(pbkdf2_asn, "iterationCount", - ¶ms->iter_count); + result = _gnutls_x509_read_uint(pbkdf2_asn, "iterationCount", + ¶ms->iter_count); if (result < 0) { gnutls_assert(); goto error; @@ -734,8 +703,8 @@ read_pbkdf2_params(asn1_node pasn, /* read the keylength, if it is set. */ - result = - _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", ¶ms->key_size); + result = _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", + ¶ms->key_size); if (result < 0) { params->key_size = 0; } @@ -765,10 +734,9 @@ read_pbkdf2_params(asn1_node pasn, result = 0; - error: +error: asn1_delete_structure(&pbkdf2_asn); return result; - } /* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA). @@ -782,7 +750,7 @@ static int read_pkcs12_kdf_params(asn1_node pasn, struct pbkdf2_params *params) /* read the salt */ params->salt_size = sizeof(params->salt); result = - asn1_read_value(pasn, "salt", params->salt, ¶ms->salt_size); + asn1_read_value(pasn, "salt", params->salt, ¶ms->salt_size); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -796,7 +764,7 @@ static int read_pkcs12_kdf_params(asn1_node pasn, struct pbkdf2_params *params) /* read the iteration count */ result = - _gnutls_x509_read_uint(pasn, "iterations", ¶ms->iter_count); + _gnutls_x509_read_uint(pasn, "iterations", ¶ms->iter_count); if (result < 0) return gnutls_assert_val(result); @@ -812,16 +780,15 @@ static int read_pkcs12_kdf_params(asn1_node pasn, struct pbkdf2_params *params) /* Writes the PBE parameters for PKCS-12 schemas. */ -static int -write_pkcs12_kdf_params(asn1_node pasn, const struct pbkdf2_params *kdf_params) +static int write_pkcs12_kdf_params(asn1_node pasn, + const struct pbkdf2_params *kdf_params) { int result; /* write the salt */ - result = - asn1_write_value(pasn, "salt", - kdf_params->salt, kdf_params->salt_size); + result = asn1_write_value(pasn, "salt", kdf_params->salt, + kdf_params->salt_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -831,9 +798,8 @@ write_pkcs12_kdf_params(asn1_node pasn, const struct pbkdf2_params *kdf_params) /* write the iteration count */ - result = - _gnutls_x509_write_uint32(pasn, "iterations", - kdf_params->iter_count); + result = _gnutls_x509_write_uint32(pasn, "iterations", + kdf_params->iter_count); if (result < 0) { gnutls_assert(); goto error; @@ -842,21 +808,19 @@ write_pkcs12_kdf_params(asn1_node pasn, const struct pbkdf2_params *kdf_params) return 0; - error: +error: return result; - } -static int -read_pbes2_gost_oid(uint8_t * der, size_t len, char *oid, int oid_size) +static int read_pbes2_gost_oid(uint8_t *der, size_t len, char *oid, + int oid_size) { int result; asn1_node pbe_asn = NULL; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Gost28147-89-Parameters", - &pbe_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.Gost28147-89-Parameters", + &pbe_asn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -877,14 +841,13 @@ read_pbes2_gost_oid(uint8_t * der, size_t len, char *oid, int oid_size) result = 0; - error: +error: asn1_delete_structure(&pbe_asn); return result; } -static int -read_pbes2_enc_params(asn1_node pasn, - const gnutls_datum_t * der, struct pbe_enc_params *params) +static int read_pbes2_enc_params(asn1_node pasn, const gnutls_datum_t *der, + struct pbe_enc_params *params) { int params_start, params_end; int params_len, len, result; @@ -896,19 +859,17 @@ read_pbes2_enc_params(asn1_node pasn, /* Check the encryption algorithm */ len = sizeof(params->pbes2_oid); - result = - asn1_read_value(pasn, "encryptionScheme.algorithm", - params->pbes2_oid, &len); + result = asn1_read_value(pasn, "encryptionScheme.algorithm", + params->pbes2_oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } _gnutls_hard_log("encryptionScheme.algorithm: %s\n", params->pbes2_oid); - result = - asn1_der_decoding_startEnd(pasn, der->data, der->size, - "encryptionScheme.parameters", - ¶ms_start, ¶ms_end); + result = asn1_der_decoding_startEnd(pasn, der->data, der->size, + "encryptionScheme.parameters", + ¶ms_start, ¶ms_end); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -927,9 +888,8 @@ read_pbes2_enc_params(asn1_node pasn, } } - if ((result = - pbes2_cipher_oid_to_algo(params->pbes2_oid, - ¶ms->cipher)) < 0) { + if ((result = pbes2_cipher_oid_to_algo(params->pbes2_oid, + ¶ms->cipher)) < 0) { gnutls_assert(); return result; } @@ -942,16 +902,14 @@ read_pbes2_enc_params(asn1_node pasn, return GNUTLS_E_INVALID_REQUEST; } - if ((result = - asn1_create_element(_gnutls_get_pkix(), - p->desc, &pbe_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), p->desc, + &pbe_asn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - result = - _asn1_strict_der_decode(&pbe_asn, &der->data[params_start], - params_len, NULL); + result = _asn1_strict_der_decode(&pbe_asn, &der->data[params_start], + params_len, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -960,8 +918,8 @@ read_pbes2_enc_params(asn1_node pasn, /* read the IV */ params->iv_size = sizeof(params->iv); - result = asn1_read_value(pbe_asn, - p->iv_name, params->iv, ¶ms->iv_size); + result = asn1_read_value(pbe_asn, p->iv_name, params->iv, + ¶ms->iv_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -971,7 +929,7 @@ read_pbes2_enc_params(asn1_node pasn, result = 0; - error: +error: asn1_delete_structure(&pbe_asn); return result; } @@ -980,11 +938,10 @@ read_pbes2_enc_params(asn1_node pasn, * schema ID. Initially the schema ID should have PBES2_GENERIC, for * PBES2 schemas, and will be updated by this function for details. */ -int -_gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, - const uint8_t * data, int data_size, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params) +int _gnutls_read_pkcs_schema_params(schema_id *schema, const char *password, + const uint8_t *data, int data_size, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params) { asn1_node pasn = NULL; int result; @@ -995,10 +952,9 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, /* Now check the key derivation and the encryption * functions. */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-PBES2-params", - &pasn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-5-PBES2-params", + &pasn)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; @@ -1013,7 +969,7 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, goto error; } - tmp.data = (uint8_t *) data; + tmp.data = (uint8_t *)data; tmp.size = data_size; result = read_pbkdf2_params(pasn, &tmp, kdf_params); @@ -1042,7 +998,7 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, } else if (*schema == PBES1_DES_MD5) { return _gnutls_read_pbkdf1_params(data, data_size, kdf_params, enc_params); - } else { /* PKCS #12 schema */ + } else { /* PKCS #12 schema */ memset(enc_params, 0, sizeof(*enc_params)); p = _gnutls_pkcs_schema_get(*schema); @@ -1054,10 +1010,9 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, enc_params->cipher = p->cipher; enc_params->iv_size = gnutls_cipher_get_iv_size(p->cipher); - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-PbeParams", - &pasn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-12-PbeParams", + &pasn)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; @@ -1079,37 +1034,31 @@ _gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, } if (enc_params->iv_size) { - result = - _gnutls_pkcs12_string_to_key(mac_to_entry - (GNUTLS_MAC_SHA1), - 2 /*IV*/, - kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, - password, - enc_params->iv_size, - enc_params->iv); + result = _gnutls_pkcs12_string_to_key( + mac_to_entry(GNUTLS_MAC_SHA1), 2 /*IV*/, + kdf_params->salt, kdf_params->salt_size, + kdf_params->iter_count, password, + enc_params->iv_size, enc_params->iv); if (result < 0) { gnutls_assert(); goto error; } - } asn1_delete_structure(&pasn); return 0; - } /* switch */ + } /* switch */ - error: +error: asn1_delete_structure(&pasn); return result; } -static int -_gnutls_pbes2_string_to_key(unsigned int pass_len, const char *password, - const struct pbkdf2_params *kdf_params, - int key_size, uint8_t * key) +static int _gnutls_pbes2_string_to_key(unsigned int pass_len, + const char *password, + const struct pbkdf2_params *kdf_params, + int key_size, uint8_t *key) { gnutls_datum_t _key; gnutls_datum_t salt; @@ -1123,12 +1072,11 @@ _gnutls_pbes2_string_to_key(unsigned int pass_len, const char *password, kdf_params->iter_count, key, key_size); } -int -_gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, - const char *root, const char *_password, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * decrypted_data) +int _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, + const char *root, const char *_password, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params, + gnutls_datum_t *decrypted_data) { gnutls_datum_t enc = { NULL, 0 }; uint8_t *key = NULL; @@ -1143,10 +1091,8 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, if (_password) { gnutls_datum_t pout; - ret = - _gnutls_utf8_password_normalize(_password, - strlen(_password), &pout, - 1); + ret = _gnutls_utf8_password_normalize( + _password, strlen(_password), &pout, 1); if (ret < 0) return gnutls_assert_val(ret); @@ -1166,9 +1112,8 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, if (schema == PBES1_DES_MD5) { ret = _gnutls_decrypt_pbes1_des_md5_data(password, pass_len, - kdf_params, - enc_params, &enc, - decrypted_data); + kdf_params, enc_params, + &enc, decrypted_data); if (ret < 0) goto error; goto cleanup; @@ -1189,21 +1134,18 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, /* generate the key */ p = _gnutls_pkcs_schema_get(schema); - if (p != NULL && p->pbes2 != 0) { /* PBES2 */ + if (p != NULL && p->pbes2 != 0) { /* PBES2 */ ret = _gnutls_pbes2_string_to_key(pass_len, password, kdf_params, key_size, key); if (ret < 0) { gnutls_assert(); goto error; } - } else if (p != NULL) { /* PKCS 12 schema */ - ret = - _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), - 1 /*KEY*/, - kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, - password, key_size, key); + } else if (p != NULL) { /* PKCS 12 schema */ + ret = _gnutls_pkcs12_string_to_key( + mac_to_entry(GNUTLS_MAC_SHA1), 1 /*KEY*/, + kdf_params->salt, kdf_params->salt_size, + kdf_params->iter_count, password, key_size, key); if (ret < 0) { gnutls_assert(); @@ -1223,8 +1165,8 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, block_size = _gnutls_cipher_get_block_size(ce); if (ce->type == CIPHER_BLOCK) { - if (enc.size % block_size != 0 - || (unsigned)enc_params->iv_size != block_size) { + if (enc.size % block_size != 0 || + (unsigned)enc_params->iv_size != block_size) { gnutls_assert(); ret = GNUTLS_E_DECRYPTION_FAILED; goto error; @@ -1243,7 +1185,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, dkey.data = key; dkey.size = key_size; - d_iv.data = (uint8_t *) enc_params->iv; + d_iv.data = (uint8_t *)enc_params->iv; d_iv.size = enc_params->iv_size; ret = gnutls_cipher_init(&ch, ce->id, &dkey, &d_iv); @@ -1266,7 +1208,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, decrypted_data->data = enc.data; if (ce->type == CIPHER_BLOCK && block_size != 1) { - unsigned pslen = (uint8_t) enc.data[enc.size - 1]; + unsigned pslen = (uint8_t)enc.data[enc.size - 1]; unsigned i; if (pslen > block_size || pslen >= enc.size || pslen == 0) { @@ -1292,7 +1234,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, ret = 0; - cleanup: +cleanup: if (password) { zeroize_temp_key(password, pass_len); gnutls_free(password); @@ -1300,7 +1242,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, return ret; - error: +error: if (password) { zeroize_temp_key(password, pass_len); gnutls_free(password); @@ -1321,8 +1263,8 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, /* Writes the PBKDF2 parameters. */ -static int -write_pbkdf2_params(asn1_node pasn, const struct pbkdf2_params *kdf_params) +static int write_pbkdf2_params(asn1_node pasn, + const struct pbkdf2_params *kdf_params) { int result; asn1_node pbkdf2_asn = NULL; @@ -1331,9 +1273,8 @@ write_pbkdf2_params(asn1_node pasn, const struct pbkdf2_params *kdf_params) /* Write the key derivation algorithm */ - result = - asn1_write_value(pasn, "keyDerivationFunc.algorithm", - PBKDF2_OID, 1); + result = asn1_write_value(pasn, "keyDerivationFunc.algorithm", + PBKDF2_OID, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1342,10 +1283,9 @@ write_pbkdf2_params(asn1_node pasn, const struct pbkdf2_params *kdf_params) /* Now write the key derivation and the encryption * functions. */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-PBKDF2-params", - &pbkdf2_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-5-PBKDF2-params", + &pbkdf2_asn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -1359,9 +1299,8 @@ write_pbkdf2_params(asn1_node pasn, const struct pbkdf2_params *kdf_params) /* write the salt */ - result = - asn1_write_value(pbkdf2_asn, "salt.specified", - kdf_params->salt, kdf_params->salt_size); + result = asn1_write_value(pbkdf2_asn, "salt.specified", + kdf_params->salt, kdf_params->salt_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1397,8 +1336,8 @@ write_pbkdf2_params(asn1_node pasn, const struct pbkdf2_params *kdf_params) goto error; } - result = asn1_write_value(pbkdf2_asn, "prf.algorithm", - me->mac_oid, strlen(me->mac_oid)); + result = asn1_write_value(pbkdf2_asn, "prf.algorithm", me->mac_oid, + strlen(me->mac_oid)); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1415,10 +1354,8 @@ write_pbkdf2_params(asn1_node pasn, const struct pbkdf2_params *kdf_params) /* now encode them an put the DER output * in the keyDerivationFunc.parameters */ - result = _gnutls_x509_der_encode_and_copy(pbkdf2_asn, "", - pasn, - "keyDerivationFunc.parameters", - 0); + result = _gnutls_x509_der_encode_and_copy( + pbkdf2_asn, "", pasn, "keyDerivationFunc.parameters", 0); if (result < 0) { gnutls_assert(); goto error; @@ -1426,14 +1363,13 @@ write_pbkdf2_params(asn1_node pasn, const struct pbkdf2_params *kdf_params) result = 0; - error: +error: asn1_delete_structure(&pbkdf2_asn); return result; - } -static int -write_pbes2_enc_params(asn1_node pasn, const struct pbe_enc_params *params) +static int write_pbes2_enc_params(asn1_node pasn, + const struct pbe_enc_params *params) { int result; asn1_node pbe_asn = NULL; @@ -1450,9 +1386,8 @@ write_pbes2_enc_params(asn1_node pasn, const struct pbe_enc_params *params) /* Now check the encryption parameters. */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - p->desc, &pbe_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), p->desc, + &pbe_asn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -1474,8 +1409,8 @@ write_pbes2_enc_params(asn1_node pasn, const struct pbe_enc_params *params) cipher_oid = p->cipher_oid; } - result = - asn1_write_value(pasn, "encryptionScheme.algorithm", cipher_oid, 1); + result = asn1_write_value(pasn, "encryptionScheme.algorithm", + cipher_oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); goto error; @@ -1483,8 +1418,8 @@ write_pbes2_enc_params(asn1_node pasn, const struct pbe_enc_params *params) _gnutls_hard_log("encryptionScheme.algorithm: %s\n", cipher_oid); /* read the salt */ - result = asn1_write_value(pbe_asn, p->iv_name, - params->iv, params->iv_size); + result = asn1_write_value(pbe_asn, p->iv_name, params->iv, + params->iv_size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1495,10 +1430,8 @@ write_pbes2_enc_params(asn1_node pasn, const struct pbe_enc_params *params) /* now encode them an put the DER output * in the encryptionScheme.parameters */ - result = _gnutls_x509_der_encode_and_copy(pbe_asn, "", - pasn, - "encryptionScheme.parameters", - 0); + result = _gnutls_x509_der_encode_and_copy( + pbe_asn, "", pasn, "encryptionScheme.parameters", 0); if (result < 0) { gnutls_assert(); goto error; @@ -1506,20 +1439,17 @@ write_pbes2_enc_params(asn1_node pasn, const struct pbe_enc_params *params) result = 0; - error: +error: asn1_delete_structure(&pbe_asn); return result; - } /* Generates a key and also stores the key parameters. */ -int -_gnutls_pkcs_generate_key(schema_id schema, - const char *_password, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params, - gnutls_datum_t * key) +int _gnutls_pkcs_generate_key(schema_id schema, const char *_password, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params, + gnutls_datum_t *key) { unsigned char rnd[2]; unsigned int pass_len = 0; @@ -1529,10 +1459,8 @@ _gnutls_pkcs_generate_key(schema_id schema, if (_password) { gnutls_datum_t pout; - ret = - _gnutls_utf8_password_normalize(_password, - strlen(_password), &pout, - 0); + ret = _gnutls_utf8_password_normalize( + _password, strlen(_password), &pout, 0); if (ret < 0) return gnutls_assert_val(ret); @@ -1551,10 +1479,10 @@ _gnutls_pkcs_generate_key(schema_id schema, /* generate salt */ kdf_params->salt_size = - MIN(sizeof(kdf_params->salt), (unsigned)(12 + (rnd[1] % 10))); + MIN(sizeof(kdf_params->salt), (unsigned)(12 + (rnd[1] % 10))); p = _gnutls_pkcs_schema_get(schema); - if (p != NULL && p->pbes2 != 0) { /* PBES2 */ + if (p != NULL && p->pbes2 != 0) { /* PBES2 */ enc_params->cipher = p->cipher; } else if (p != NULL) { /* non PBES2 algorithms */ @@ -1575,7 +1503,7 @@ _gnutls_pkcs_generate_key(schema_id schema, kdf_params->iter_count = PKCS12_ITER_COUNT; key->size = kdf_params->key_size = - gnutls_cipher_get_key_size(enc_params->cipher); + gnutls_cipher_get_key_size(enc_params->cipher); enc_params->iv_size = gnutls_cipher_get_iv_size(enc_params->cipher); key->data = gnutls_malloc(key->size); @@ -1608,23 +1536,19 @@ _gnutls_pkcs_generate_key(schema_id schema, } if (enc_params->iv_size) { - ret = gnutls_rnd(GNUTLS_RND_NONCE, - enc_params->iv, enc_params->iv_size); + ret = gnutls_rnd(GNUTLS_RND_NONCE, enc_params->iv, + enc_params->iv_size); if (ret < 0) { gnutls_assert(); goto cleanup; } } - } else { /* PKCS 12 schema */ - ret = - _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), - 1 /*KEY*/, - kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, - password, - kdf_params->key_size, - key->data); + } else { /* PKCS 12 schema */ + ret = _gnutls_pkcs12_string_to_key( + mac_to_entry(GNUTLS_MAC_SHA1), 1 /*KEY*/, + kdf_params->salt, kdf_params->salt_size, + kdf_params->iter_count, password, kdf_params->key_size, + key->data); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1633,16 +1557,11 @@ _gnutls_pkcs_generate_key(schema_id schema, /* Now generate the IV */ if (enc_params->iv_size) { - ret = - _gnutls_pkcs12_string_to_key(mac_to_entry - (GNUTLS_MAC_SHA1), - 2 /*IV*/, - kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, - password, - enc_params->iv_size, - enc_params->iv); + ret = _gnutls_pkcs12_string_to_key( + mac_to_entry(GNUTLS_MAC_SHA1), 2 /*IV*/, + kdf_params->salt, kdf_params->salt_size, + kdf_params->iter_count, password, + enc_params->iv_size, enc_params->iv); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1652,7 +1571,7 @@ _gnutls_pkcs_generate_key(schema_id schema, ret = 0; - cleanup: +cleanup: gnutls_free(password); return ret; } @@ -1660,11 +1579,10 @@ _gnutls_pkcs_generate_key(schema_id schema, /* Encodes the parameters to be written in the encryptionAlgorithm.parameters * part. */ -int -_gnutls_pkcs_write_schema_params(schema_id schema, asn1_node pkcs8_asn, - const char *where, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params) +int _gnutls_pkcs_write_schema_params(schema_id schema, asn1_node pkcs8_asn, + const char *where, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params) { int result; asn1_node pasn = NULL; @@ -1672,11 +1590,10 @@ _gnutls_pkcs_write_schema_params(schema_id schema, asn1_node pkcs8_asn, p = _gnutls_pkcs_schema_get(schema); - if (p != NULL && p->pbes2 != 0) { /* PBES2 */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-PBES2-params", - &pasn)) != ASN1_SUCCESS) { + if (p != NULL && p->pbes2 != 0) { /* PBES2 */ + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-5-PBES2-params", + &pasn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -1693,8 +1610,8 @@ _gnutls_pkcs_write_schema_params(schema_id schema, asn1_node pkcs8_asn, goto error; } - result = _gnutls_x509_der_encode_and_copy(pasn, "", - pkcs8_asn, where, 0); + result = _gnutls_x509_der_encode_and_copy(pasn, "", pkcs8_asn, + where, 0); if (result < 0) { gnutls_assert(); goto error; @@ -1702,12 +1619,11 @@ _gnutls_pkcs_write_schema_params(schema_id schema, asn1_node pkcs8_asn, asn1_delete_structure(&pasn); - } else if (p != NULL) { /* PKCS #12 */ + } else if (p != NULL) { /* PKCS #12 */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-PbeParams", - &pasn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-12-PbeParams", + &pasn)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; @@ -1719,8 +1635,8 @@ _gnutls_pkcs_write_schema_params(schema_id schema, asn1_node pkcs8_asn, goto error; } - result = _gnutls_x509_der_encode_and_copy(pasn, "", - pkcs8_asn, where, 0); + result = _gnutls_x509_der_encode_and_copy(pasn, "", pkcs8_asn, + where, 0); if (result < 0) { gnutls_assert(); goto error; @@ -1731,17 +1647,15 @@ _gnutls_pkcs_write_schema_params(schema_id schema, asn1_node pkcs8_asn, return 0; - error: +error: asn1_delete_structure(&pasn); return result; - } -int -_gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain, - const struct pbe_enc_params *enc_params, - const gnutls_datum_t * key, - gnutls_datum_t * encrypted) +int _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t *plain, + const struct pbe_enc_params *enc_params, + const gnutls_datum_t *key, + gnutls_datum_t *encrypted) { int result; int data_size; @@ -1754,7 +1668,7 @@ _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain, ce = cipher_to_entry(enc_params->cipher); pad_size = _gnutls_cipher_get_block_size(ce); - if (pad_size == 1 || ce->type == CIPHER_STREAM) /* stream */ + if (pad_size == 1 || ce->type == CIPHER_STREAM) /* stream */ pad_size = 0; data = gnutls_malloc(plain->size + pad_size); @@ -1775,7 +1689,7 @@ _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain, data_size = plain->size + pad; - d_iv.data = (uint8_t *) enc_params->iv; + d_iv.data = (uint8_t *)enc_params->iv; d_iv.size = enc_params->iv_size; result = gnutls_cipher_init(&ch, enc_params->cipher, key, &d_iv); if (result < 0) { @@ -1796,7 +1710,7 @@ _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain, return 0; - error: +error: gnutls_free(data); if (ch) { gnutls_cipher_deinit(ch); diff --git a/lib/x509/pkcs7-output.c b/lib/x509/pkcs7-output.c index b5f00db18a..210e7c84f4 100644 --- a/lib/x509/pkcs7-output.c +++ b/lib/x509/pkcs7-output.c @@ -32,8 +32,8 @@ #define addf _gnutls_buffer_append_printf #define adds _gnutls_buffer_append_str -static void print_dn(gnutls_buffer_st * str, const char *prefix, - const gnutls_datum_t * raw) +static void print_dn(gnutls_buffer_st *str, const char *prefix, + const gnutls_datum_t *raw) { gnutls_x509_dn_t dn = NULL; gnutls_datum_t output = { NULL, 0 }; @@ -59,14 +59,21 @@ static void print_dn(gnutls_buffer_st * str, const char *prefix, addf(str, "%s: %s\n", prefix, output.data); - cleanup: +cleanup: gnutls_x509_dn_deinit(dn); gnutls_free(output.data); } /* Do not encode ASN1 and type for now */ -#define ENTRY(oid, name, type) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, type} -#define ENTRY2(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, ASN1_ETYPE_INVALID} +#define ENTRY(oid, name, type) \ + { \ + oid, sizeof(oid) - 1, name, sizeof(name) - 1, NULL, type \ + } +#define ENTRY2(oid, name) \ + { \ + oid, sizeof(oid) - 1, name, sizeof(name) - 1, NULL, \ + ASN1_ETYPE_INVALID \ + } static const struct oid_to_string pkcs7_attrs[] = { ENTRY("1.2.840.113549.1.9.3", "contentType", ASN1_ETYPE_OBJECT_ID), @@ -86,11 +93,11 @@ static const struct oid_to_string pkcs7_attrs[] = { ENTRY2("1.2.840.113549.1.9.16.2.19", "aa-ets-otherSigCert"), ENTRY2("1.2.840.113549.1.9.16.2.47", "aa-signingCertificateV2"), - {NULL, 0, NULL, 0, NULL, 0} + { NULL, 0, NULL, 0, NULL, 0 } }; -static void print_raw(gnutls_buffer_st * str, const char *prefix, - const gnutls_datum_t * raw) +static void print_raw(gnutls_buffer_st *str, const char *prefix, + const gnutls_datum_t *raw) { gnutls_datum_t result; int ret; @@ -108,8 +115,8 @@ static void print_raw(gnutls_buffer_st * str, const char *prefix, gnutls_free(result.data); } -static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, - gnutls_buffer_st * str, +static void print_pkcs7_info(gnutls_pkcs7_signature_info_st *info, + gnutls_buffer_st *str, gnutls_certificate_print_formats_t format) { unsigned i; @@ -148,9 +155,8 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, if (format == GNUTLS_CRT_PRINT_FULL) { if (info->signed_attrs) { for (i = 0;; i++) { - ret = - gnutls_pkcs7_get_attr(info->signed_attrs, i, - &oid, &data, 0); + ret = gnutls_pkcs7_get_attr(info->signed_attrs, + i, &oid, &data, 0); if (ret < 0) break; if (i == 0) @@ -158,18 +164,18 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, entry = _gnutls_oid_get_entry(pkcs7_attrs, oid); snprintf(prefix, sizeof(prefix), "\t\t%s", - (entry - && entry-> - name_desc) ? entry->name_desc : oid); + (entry && entry->name_desc) ? + entry->name_desc : + oid); print_raw(str, prefix, &data); gnutls_free(data.data); } } if (info->unsigned_attrs) { for (i = 0;; i++) { - ret = - gnutls_pkcs7_get_attr(info->unsigned_attrs, - i, &oid, &data, 0); + ret = gnutls_pkcs7_get_attr( + info->unsigned_attrs, i, &oid, &data, + 0); if (ret < 0) break; if (i == 0) @@ -177,9 +183,9 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, entry = _gnutls_oid_get_entry(pkcs7_attrs, oid); snprintf(prefix, sizeof(prefix), "\t\t%s", - (entry - && entry-> - name_desc) ? entry->name_desc : oid); + (entry && entry->name_desc) ? + entry->name_desc : + oid); print_raw(str, prefix, &data); gnutls_free(data.data); } @@ -207,9 +213,9 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, * * Since: 3.6.14 **/ -int gnutls_pkcs7_print_signature_info(gnutls_pkcs7_signature_info_st * info, +int gnutls_pkcs7_print_signature_info(gnutls_pkcs7_signature_info_st *info, gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) + gnutls_datum_t *out) { gnutls_buffer_st str; @@ -238,7 +244,7 @@ int gnutls_pkcs7_print_signature_info(gnutls_pkcs7_signature_info_st * info, **/ int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7, gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) + gnutls_datum_t *out) { int count, ret, i; gnutls_pkcs7_signature_info_st info; @@ -251,8 +257,8 @@ int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7, * we don't print the eContent Type explicitly */ oid = gnutls_pkcs7_get_embedded_data_oid(pkcs7); if (oid) { - if (strcmp(oid, DATA_OID) != 0 - && strcmp(oid, DIGESTED_DATA_OID) != 0) { + if (strcmp(oid, DATA_OID) != 0 && + strcmp(oid, DIGESTED_DATA_OID) != 0) { addf(&str, "eContent Type: %s\n", oid); } } @@ -278,8 +284,8 @@ int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7, addf(&str, "Number of certificates: %u\n\n", count); for (i = 0; i < count; i++) { - ret = - gnutls_pkcs7_get_crt_raw2(pkcs7, i, &data); + ret = gnutls_pkcs7_get_crt_raw2(pkcs7, i, + &data); if (ret < 0) { addf(&str, "Error: cannot print certificate %d\n", @@ -287,9 +293,8 @@ int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7, continue; } - ret = - gnutls_pem_base64_encode_alloc - ("CERTIFICATE", &data, &b64); + ret = gnutls_pem_base64_encode_alloc( + "CERTIFICATE", &data, &b64); if (ret < 0) { gnutls_free(data.data); continue; @@ -307,8 +312,8 @@ int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7, addf(&str, "Number of CRLs: %u\n\n", count); for (i = 0; i < count; i++) { - ret = - gnutls_pkcs7_get_crl_raw2(pkcs7, i, &data); + ret = gnutls_pkcs7_get_crl_raw2(pkcs7, i, + &data); if (ret < 0) { addf(&str, "Error: cannot print certificate %d\n", @@ -316,9 +321,8 @@ int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7, continue; } - ret = - gnutls_pem_base64_encode_alloc("X509 CRL", - &data, &b64); + ret = gnutls_pem_base64_encode_alloc( + "X509 CRL", &data, &b64); if (ret < 0) { gnutls_free(data.data); continue; diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index c67bef6c32..8f0b9c3bd7 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -53,9 +53,8 @@ static int _decode_pkcs7_signed_data(gnutls_pkcs7_t pkcs7) gnutls_datum_t tmp = { NULL, 0 }; len = MAX_OID_SIZE - 1; - result = - asn1_read_value(pkcs7->pkcs7, "contentType", pkcs7->encap_data_oid, - &len); + result = asn1_read_value(pkcs7->pkcs7, "contentType", + pkcs7->encap_data_oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -68,9 +67,9 @@ static int _decode_pkcs7_signed_data(gnutls_pkcs7_t pkcs7) return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE; } - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", - &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-7-SignedData", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -96,33 +95,30 @@ static int _decode_pkcs7_signed_data(gnutls_pkcs7_t pkcs7) /* read the encapsulated content */ len = MAX_OID_SIZE - 1; - result = - asn1_read_value(c2, "encapContentInfo.eContentType", - pkcs7->encap_data_oid, &len); + result = asn1_read_value(c2, "encapContentInfo.eContentType", + pkcs7->encap_data_oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - if (strcmp(pkcs7->encap_data_oid, DATA_OID) != 0 - && strcmp(pkcs7->encap_data_oid, DIGESTED_DATA_OID) != 0) { - _gnutls_debug_log - ("Unknown PKCS#7 Encapsulated Content OID '%s'; treating as raw data\n", - pkcs7->encap_data_oid); - + if (strcmp(pkcs7->encap_data_oid, DATA_OID) != 0 && + strcmp(pkcs7->encap_data_oid, DIGESTED_DATA_OID) != 0) { + _gnutls_debug_log( + "Unknown PKCS#7 Encapsulated Content OID '%s'; treating as raw data\n", + pkcs7->encap_data_oid); } /* Try reading as octet string according to rfc5652. If that fails, attempt * a raw read according to rfc2315 */ - result = - _gnutls_x509_read_string(c2, "encapContentInfo.eContent", - &pkcs7->der_signed_data, - ASN1_ETYPE_OCTET_STRING, 1); + result = _gnutls_x509_read_string(c2, "encapContentInfo.eContent", + &pkcs7->der_signed_data, + ASN1_ETYPE_OCTET_STRING, 1); if (result < 0) { - result = - _gnutls_x509_read_value(c2, "encapContentInfo.eContent", - &pkcs7->der_signed_data); + result = _gnutls_x509_read_value(c2, + "encapContentInfo.eContent", + &pkcs7->der_signed_data); if (result < 0) { pkcs7->der_signed_data.data = NULL; pkcs7->der_signed_data.size = 0; @@ -132,21 +128,19 @@ static int _decode_pkcs7_signed_data(gnutls_pkcs7_t pkcs7) unsigned long tag; /* we skip the embedded element's tag and length - uncharted territorry - used by MICROSOFT_CERT_TRUST_LIST */ - result = - asn1_get_tag_der(pkcs7->der_signed_data.data, - pkcs7->der_signed_data.size, &cls, - &tag_len, &tag); + result = asn1_get_tag_der(pkcs7->der_signed_data.data, + pkcs7->der_signed_data.size, + &cls, &tag_len, &tag); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_get_length_ber(pkcs7->der_signed_data.data + - tag_len, - pkcs7->der_signed_data.size - - tag_len, &len_len); + result = asn1_get_length_ber( + pkcs7->der_signed_data.data + tag_len, + pkcs7->der_signed_data.size - tag_len, + &len_len); if (result < 0) { gnutls_assert(); result = GNUTLS_E_ASN1_DER_ERROR; @@ -168,7 +162,7 @@ static int _decode_pkcs7_signed_data(gnutls_pkcs7_t pkcs7) return 0; - cleanup: +cleanup: gnutls_free(tmp.data); if (c2) asn1_delete_structure(&c2); @@ -203,7 +197,7 @@ static int pkcs7_reinit(gnutls_pkcs7_t pkcs7) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7) +int gnutls_pkcs7_init(gnutls_pkcs7_t *pkcs7) { *pkcs7 = gnutls_calloc(1, sizeof(gnutls_pkcs7_int)); @@ -214,7 +208,7 @@ int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7) gnutls_free(*pkcs7); return result; } - return 0; /* success */ + return 0; /* success */ } return GNUTLS_E_MEMORY_ERROR; } @@ -258,9 +252,8 @@ void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -274,9 +267,8 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, /* If the PKCS7 is in PEM format then decode it */ if (format == GNUTLS_X509_FMT_PEM) { - result = - _gnutls_fbase64_decode(PEM_PKCS7, data->data, - data->size, &_data); + result = _gnutls_fbase64_decode(PEM_PKCS7, data->data, + data->size, &_data); if (result < 0) { gnutls_assert(); @@ -312,7 +304,7 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, result = 0; - cleanup: +cleanup: if (need_free) _gnutls_free_datum(&_data); return result; @@ -337,9 +329,8 @@ gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, * * Since: 3.4.2 **/ -int -gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, - unsigned indx, gnutls_datum_t * cert) +int gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, unsigned indx, + gnutls_datum_t *cert) { int result, len; char root2[MAX_NAME_SIZE]; @@ -379,9 +370,9 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, goto cleanup; } - result = - asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, - tmp.size, root2, &start, &end); + result = asn1_der_decoding_startEnd(pkcs7->signed_data, + tmp.data, tmp.size, root2, + &start, &end); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -396,7 +387,7 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } - cleanup: +cleanup: _gnutls_free_datum(&tmp); return result; } @@ -420,10 +411,8 @@ gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7, * then @certificate_size is updated and * %GNUTLS_E_SHORT_MEMORY_BUFFER is returned. **/ -int -gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, - unsigned indx, void *certificate, - size_t *certificate_size) +int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, unsigned indx, + void *certificate, size_t *certificate_size) { int ret; gnutls_datum_t tmp = { NULL, 0 }; @@ -442,7 +431,7 @@ gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, if (certificate) memcpy(certificate, tmp.data, tmp.size); - cleanup: +cleanup: _gnutls_free_datum(&tmp); return ret; } @@ -466,11 +455,11 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7) /* Step 2. Count the CertificateSet */ - result = - asn1_number_of_elements(pkcs7->signed_data, "certificates", &count); + result = asn1_number_of_elements(pkcs7->signed_data, "certificates", + &count); if (result != ASN1_SUCCESS) { gnutls_assert(); - return 0; /* no certificates */ + return 0; /* no certificates */ } return count; @@ -485,7 +474,7 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7) * * Since: 3.4.2 **/ -void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st * info) +void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st *info) { gnutls_free(info->sig.data); gnutls_free(info->issuer_dn.data); @@ -527,7 +516,7 @@ static time_t parse_time(gnutls_pkcs7_t pkcs7, const char *root) ret = _gnutls_x509_get_time(c2, "", 0); - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; } @@ -551,8 +540,8 @@ int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7) if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = - asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", + &count); if (ret != ASN1_SUCCESS) { gnutls_assert(); return 0; @@ -577,7 +566,7 @@ int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7) * Since: 3.4.2 **/ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, - gnutls_pkcs7_signature_info_st * info) + gnutls_pkcs7_signature_info_st *info) { int ret, count, len; char root[256]; @@ -593,8 +582,8 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, memset(info, 0, sizeof(*info)); info->signing_time = -1; - ret = - asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", + &count); if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; @@ -657,28 +646,26 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, "signerInfos.?%u.sid.issuerAndSerialNumber.issuer.rdnSequence", idx + 1); /* read the signature */ - ret = - _gnutls_x509_get_raw_field(pkcs7->signed_data, root, - &info->issuer_dn); + ret = _gnutls_x509_get_raw_field(pkcs7->signed_data, root, + &info->issuer_dn); if (ret >= 0) { - snprintf(root, sizeof(root), - "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber", - idx + 1); + snprintf( + root, sizeof(root), + "signerInfos.?%u.sid.issuerAndSerialNumber.serialNumber", + idx + 1); /* read the signature */ - ret = - _gnutls_x509_read_value(pkcs7->signed_data, root, - &info->signer_serial); + ret = _gnutls_x509_read_value(pkcs7->signed_data, root, + &info->signer_serial); if (ret < 0) { gnutls_assert(); goto fail; } - } else { /* keyid */ + } else { /* keyid */ snprintf(root, sizeof(root), "signerInfos.?%u.sid.subjectKeyIdentifier", idx + 1); /* read the signature */ - ret = - _gnutls_x509_read_value(pkcs7->signed_data, root, - &info->issuer_keyid); + ret = _gnutls_x509_read_value(pkcs7->signed_data, root, + &info->issuer_keyid); if (ret < 0) { gnutls_assert(); } @@ -748,8 +735,8 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, goto fail; } - ret = - gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, 0); + ret = gnutls_pkcs7_add_attr(&info->unsigned_attrs, oid, &tmp, + 0); gnutls_free(tmp.data); if (ret < 0) { @@ -759,11 +746,11 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, } return 0; - fail: +fail: gnutls_free(tmp.data); gnutls_pkcs7_signature_info_deinit(info); return ret; - unsupp_algo: +unsupp_algo: return GNUTLS_E_UNKNOWN_ALGORITHM; } @@ -771,7 +758,7 @@ int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, * and matches our calculated hash */ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, gnutls_sign_algorithm_t algo, - const gnutls_datum_t * data) + const gnutls_datum_t *data) { unsigned hash; gnutls_datum_t tmp = { NULL, 0 }; @@ -808,10 +795,8 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, for (i = 0;; i++) { snprintf(name, sizeof(name), "%s.signedAttrs.?%u", root, i + 1); - ret = _gnutls_x509_decode_and_read_attribute(pkcs7->signed_data, - name, oid, - sizeof(oid), &tmp, - 1, 0); + ret = _gnutls_x509_decode_and_read_attribute( + pkcs7->signed_data, name, oid, sizeof(oid), &tmp, 1, 0); if (ret < 0) { if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) break; @@ -819,17 +804,16 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, } if (strcmp(oid, ATTR_MESSAGE_DIGEST) == 0) { - ret = - _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, - tmp.data, tmp.size, - &tmp2, 0); + ret = _gnutls_x509_decode_string( + ASN1_ETYPE_OCTET_STRING, tmp.data, tmp.size, + &tmp2, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - if (tmp2.size == hash_size - && memcmp(hash_output, tmp2.data, tmp2.size) == 0) { + if (tmp2.size == hash_size && + memcmp(hash_output, tmp2.data, tmp2.size) == 0) { msg_digest_ok = 1; } else { gnutls_assert(); @@ -844,17 +828,16 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, num_cont_types++; /* check if it matches */ - ret = - _gnutls_x509_get_raw_field(pkcs7->signed_data, - "encapContentInfo.eContentType", - &tmp2); + ret = _gnutls_x509_get_raw_field( + pkcs7->signed_data, + "encapContentInfo.eContentType", &tmp2); if (ret < 0) { gnutls_assert(); goto cleanup; } - if (tmp2.size != tmp.size - || memcmp(tmp.data, tmp2.data, tmp2.size) != 0) { + if (tmp2.size != tmp.size || + memcmp(tmp.data, tmp2.data, tmp2.size) != 0) { gnutls_assert(); ret = GNUTLS_E_PARSING_ERROR; goto cleanup; @@ -870,7 +853,7 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, else ret = gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED); - cleanup: +cleanup: gnutls_free(tmp.data); gnutls_free(tmp2.data); return ret; @@ -880,9 +863,9 @@ static int verify_hash_attr(gnutls_pkcs7_t pkcs7, const char *root, * decided that this should not be an easy task. */ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, - const gnutls_datum_t * data, + const gnutls_datum_t *data, gnutls_sign_algorithm_t algo, - gnutls_datum_t * sigdata) + gnutls_datum_t *sigdata) { int ret; char name[256]; @@ -933,9 +916,8 @@ static int figure_pkcs7_sigdata(gnutls_pkcs7_t pkcs7, const char *root, * * Since: 3.4.8 **/ -int -gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned flags, - gnutls_datum_t * data) +int gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned flags, + gnutls_datum_t *data) { if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; @@ -945,13 +927,11 @@ gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned flags, if (flags & GNUTLS_PKCS7_EDATA_GET_RAW) { if (pkcs7->signed_data == NULL) - return - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + return gnutls_assert_val( + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - return _gnutls_x509_read_value(pkcs7->signed_data, - "encapContentInfo.eContent", - data); + return _gnutls_x509_read_value( + pkcs7->signed_data, "encapContentInfo.eContent", data); } else { return _gnutls_set_datum(data, pkcs7->der_signed_data.data, pkcs7->der_signed_data.size); @@ -1007,10 +987,9 @@ const char *gnutls_pkcs7_get_embedded_data_oid(gnutls_pkcs7_t pkcs7) * * Since: 3.4.2 **/ -int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_t signer, - unsigned idx, - const gnutls_datum_t * data, unsigned flags) +int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t signer, + unsigned idx, const gnutls_datum_t *data, + unsigned flags) { int count, ret; gnutls_datum_t tmpdata = { NULL, 0 }; @@ -1023,8 +1002,8 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = - asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", + &count); if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; @@ -1043,14 +1022,13 @@ int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, goto cleanup; } - ret = - gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, - &info.sig); + ret = gnutls_x509_crt_verify_data2(signer, info.algo, flags, &sigdata, + &info.sig); if (ret < 0) { gnutls_assert(); } - cleanup: +cleanup: gnutls_free(tmpdata.data); gnutls_free(sigdata.data); gnutls_pkcs7_signature_info_deinit(&info); @@ -1101,17 +1079,15 @@ static gnutls_x509_crt_t find_verified_issuer_of(gnutls_pkcs7_t pkcs7, goto skip; } - ret = - gnutls_x509_crt_verify(cert, &issuer, 1, - vflags | - GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, - &vtmp); - if (ret < 0 || vtmp != 0 - || (purpose != NULL - && !_gnutls_check_key_purpose(issuer, purpose, 0))) { - gnutls_assert(); /* maybe next one is trusted */ + ret = gnutls_x509_crt_verify( + cert, &issuer, 1, + vflags | GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, &vtmp); + if (ret < 0 || vtmp != 0 || + (purpose != NULL && + !_gnutls_check_key_purpose(issuer, purpose, 0))) { + gnutls_assert(); /* maybe next one is trusted */ _gnutls_cert_log("failed verification with", issuer); - skip: + skip: gnutls_x509_crt_deinit(issuer); issuer = NULL; gnutls_free(tmp.data); @@ -1130,13 +1106,13 @@ static gnutls_x509_crt_t find_verified_issuer_of(gnutls_pkcs7_t pkcs7, } goto cleanup; - fail: +fail: if (issuer) { gnutls_x509_crt_deinit(issuer); issuer = NULL; } - cleanup: +cleanup: gnutls_free(tmp.data); return issuer; @@ -1145,11 +1121,10 @@ static gnutls_x509_crt_t find_verified_issuer_of(gnutls_pkcs7_t pkcs7, /* Finds a certificate that is issued by @issuer -if given-, and matches * either the serial number or the key ID (both in @info) . */ -static gnutls_x509_crt_t find_child_of_with_serial(gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_t issuer, - const char *purpose, - gnutls_pkcs7_signature_info_st - * info) +static gnutls_x509_crt_t +find_child_of_with_serial(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t issuer, + const char *purpose, + gnutls_pkcs7_signature_info_st *info) { gnutls_x509_crt_t crt = NULL; int ret, count; @@ -1178,8 +1153,8 @@ static gnutls_x509_crt_t find_child_of_with_serial(gnutls_pkcs7_t pkcs7, goto fail; } - ret = - gnutls_x509_crt_import(crt, &tmpdata, GNUTLS_X509_FMT_DER); + ret = gnutls_x509_crt_import(crt, &tmpdata, + GNUTLS_X509_FMT_DER); if (ret < 0) { gnutls_assert(); goto fail; @@ -1209,29 +1184,28 @@ static gnutls_x509_crt_t find_child_of_with_serial(gnutls_pkcs7_t pkcs7, goto skip; } - if (tmp_size != info->signer_serial.size - || memcmp(info->signer_serial.data, tmp, - tmp_size) != 0) { + if (tmp_size != info->signer_serial.size || + memcmp(info->signer_serial.data, tmp, tmp_size) != + 0) { _gnutls_cert_log("doesn't match serial", crt); gnutls_assert(); goto skip; } } else if (info->issuer_keyid.size > 0) { tmp_size = sizeof(tmp); - ret = - gnutls_x509_crt_get_subject_key_id(crt, tmp, - &tmp_size, NULL); + ret = gnutls_x509_crt_get_subject_key_id( + crt, tmp, &tmp_size, NULL); if (ret < 0) { gnutls_assert(); goto skip; } - if (tmp_size != info->issuer_keyid.size - || memcmp(info->issuer_keyid.data, tmp, - tmp_size) != 0) { + if (tmp_size != info->issuer_keyid.size || + memcmp(info->issuer_keyid.data, tmp, tmp_size) != + 0) { _gnutls_cert_log("doesn't match key ID", crt); gnutls_assert(); - skip: + skip: gnutls_x509_crt_deinit(crt); crt = NULL; gnutls_free(tmpdata.data); @@ -1255,24 +1229,23 @@ static gnutls_x509_crt_t find_child_of_with_serial(gnutls_pkcs7_t pkcs7, } goto cleanup; - fail: +fail: if (crt) { gnutls_x509_crt_deinit(crt); crt = NULL; } - cleanup: +cleanup: gnutls_free(tmpdata.data); return crt; } -static -gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, - gnutls_typed_vdata_st * vdata, - unsigned vdata_size, - unsigned vflags, - gnutls_pkcs7_signature_info_st * info) +static gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, + gnutls_x509_trust_list_t tl, + gnutls_typed_vdata_st *vdata, + unsigned vdata_size, unsigned vflags, + gnutls_pkcs7_signature_info_st *info) { gnutls_x509_crt_t issuer = NULL; gnutls_x509_crt_t signer = NULL; @@ -1282,13 +1255,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, const char *purpose = NULL; if (info->issuer_keyid.data) { - ret = - gnutls_x509_trust_list_get_issuer_by_subject_key_id(tl, - NULL, - &info-> - issuer_keyid, - &signer, - 0); + ret = gnutls_x509_trust_list_get_issuer_by_subject_key_id( + tl, NULL, &info->issuer_keyid, &signer, 0); if (ret < 0) { gnutls_assert(); signer = NULL; @@ -1305,10 +1273,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, /* this will give us the issuer of the signer (wtf) */ if (info->issuer_dn.data && signer == NULL) { - ret = - gnutls_x509_trust_list_get_issuer_by_dn(tl, - &info->issuer_dn, - &issuer, 0); + ret = gnutls_x509_trust_list_get_issuer_by_dn( + tl, &info->issuer_dn, &issuer, 0); if (ret < 0) { gnutls_assert(); signer = NULL; @@ -1317,9 +1283,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, if (issuer) { /* try to find the actual signer in the list of * certificates */ - signer = - find_child_of_with_serial(pkcs7, issuer, purpose, - info); + signer = find_child_of_with_serial(pkcs7, issuer, + purpose, info); if (signer == NULL) { gnutls_assert(); goto fail; @@ -1341,10 +1306,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, /* if the signer cannot be verified from our trust list, make a chain of certificates * starting from the identified signer, to a root we know. */ - ret = - gnutls_x509_trust_list_verify_crt2(tl, &signer, 1, vdata, - vdata_size, vflags, - &vtmp, NULL); + ret = gnutls_x509_trust_list_verify_crt2( + tl, &signer, 1, vdata, vdata_size, vflags, &vtmp, NULL); if (ret < 0 || vtmp != 0) { gnutls_x509_crt_t prev = NULL; @@ -1356,13 +1319,12 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, } prev = issuer; - issuer = - find_verified_issuer_of(pkcs7, issuer, - purpose, vflags); + issuer = find_verified_issuer_of( + pkcs7, issuer, purpose, vflags); - if (issuer != NULL - && gnutls_x509_crt_check_issuer(issuer, - issuer)) { + if (issuer != NULL && + gnutls_x509_crt_check_issuer(issuer, + issuer)) { if (prev && prev != signer) gnutls_x509_crt_deinit(prev); prev = issuer; @@ -1370,38 +1332,33 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, } } while (issuer != NULL); - issuer = prev; /* the last we have seen */ + issuer = prev; /* the last we have seen */ if (issuer == NULL) { gnutls_assert(); goto fail; } - ret = - gnutls_x509_trust_list_verify_crt2(tl, &issuer, 1, - vdata, - vdata_size, - vflags, &vtmp, - NULL); + ret = gnutls_x509_trust_list_verify_crt2( + tl, &issuer, 1, vdata, vdata_size, vflags, + &vtmp, NULL); if (ret < 0 || vtmp != 0) { /* could not construct a valid chain */ - _gnutls_reason_log - ("signer's chain failed trust list verification", - vtmp); + _gnutls_reason_log( + "signer's chain failed trust list verification", + vtmp); gnutls_assert(); goto fail; } } } else { /* verify that the signer we got is trusted */ - ret = - gnutls_x509_trust_list_verify_crt2(tl, &signer, 1, vdata, - vdata_size, vflags, - &vtmp, NULL); + ret = gnutls_x509_trust_list_verify_crt2( + tl, &signer, 1, vdata, vdata_size, vflags, &vtmp, NULL); if (ret < 0 || vtmp != 0) { /* could not construct a valid chain */ - _gnutls_reason_log - ("signer failed trust list verification", vtmp); + _gnutls_reason_log( + "signer failed trust list verification", vtmp); gnutls_assert(); goto fail; } @@ -1414,7 +1371,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, goto cleanup; - fail: +fail: if (signer != NULL) { if (issuer == signer) issuer = NULL; @@ -1422,7 +1379,7 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, signer = NULL; } - cleanup: +cleanup: if (issuer != NULL) { gnutls_x509_crt_deinit(issuer); issuer = NULL; @@ -1454,12 +1411,10 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, * * Since: 3.4.2 **/ -int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, - gnutls_x509_trust_list_t tl, - gnutls_typed_vdata_st * vdata, - unsigned int vdata_size, - unsigned idx, - const gnutls_datum_t * data, unsigned flags) +int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl, + gnutls_typed_vdata_st *vdata, unsigned int vdata_size, + unsigned idx, const gnutls_datum_t *data, + unsigned flags) { int count, ret; gnutls_datum_t tmpdata = { NULL, 0 }; @@ -1473,8 +1428,8 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; - ret = - asn1_number_of_elements(pkcs7->signed_data, "signerInfos", &count); + ret = asn1_number_of_elements(pkcs7->signed_data, "signerInfos", + &count); if (ret != ASN1_SUCCESS || idx + 1 > (unsigned)count) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; @@ -1496,10 +1451,9 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, signer = find_signer(pkcs7, tl, vdata, vdata_size, flags, &info); if (signer) { - ret = - gnutls_x509_crt_verify_data3(signer, info.algo, vdata, - vdata_size, &sigdata, - &info.sig, flags); + ret = gnutls_x509_crt_verify_data3(signer, info.algo, vdata, + vdata_size, &sigdata, + &info.sig, flags); if (ret < 0) { _gnutls_cert_log("failed struct verification with", signer); @@ -1511,7 +1465,7 @@ int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; } - cleanup: +cleanup: gnutls_free(tmpdata.data); gnutls_free(sigdata.data); gnutls_pkcs7_signature_info_deinit(&info); @@ -1530,8 +1484,8 @@ static void disable_opt_fields(gnutls_pkcs7_t pkcs7) (void)asn1_write_value(pkcs7->signed_data, "crls", NULL, 0); } - result = - asn1_number_of_elements(pkcs7->signed_data, "certificates", &count); + result = asn1_number_of_elements(pkcs7->signed_data, "certificates", + &count); if (result != ASN1_SUCCESS || count == 0) { (void)asn1_write_value(pkcs7->signed_data, "certificates", NULL, 0); @@ -1549,19 +1503,16 @@ static int reencode(gnutls_pkcs7_t pkcs7) /* Replace the old content with the new */ - result = - _gnutls_x509_der_encode_and_copy(pkcs7->signed_data, "", - pkcs7->pkcs7, "content", - 0); + result = _gnutls_x509_der_encode_and_copy( + pkcs7->signed_data, "", pkcs7->pkcs7, "content", 0); if (result < 0) { return gnutls_assert_val(result); } /* Write the content type of the signed data */ - result = - asn1_write_value(pkcs7->pkcs7, "contentType", - SIGNED_DATA_OID, 1); + result = asn1_write_value(pkcs7->pkcs7, "contentType", + SIGNED_DATA_OID, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1590,10 +1541,8 @@ static int reencode(gnutls_pkcs7_t pkcs7) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t *output_data_size) +int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_fmt_t format, + void *output_data, size_t *output_data_size) { int ret; if (pkcs7 == NULL) @@ -1624,9 +1573,8 @@ gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7, * * Since: 3.1.3 **/ -int -gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) +int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_fmt_t format, + gnutls_datum_t *out) { int ret; if (pkcs7 == NULL) @@ -1641,15 +1589,15 @@ gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7, /* Creates an empty signed data structure in the pkcs7 * structure and returns a handle to the signed data. */ -static int create_empty_signed_data(asn1_node pkcs7, asn1_node * sdata) +static int create_empty_signed_data(asn1_node pkcs7, asn1_node *sdata) { int result; *sdata = NULL; - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", - sdata)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-7-SignedData", sdata)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -1668,9 +1616,8 @@ static int create_empty_signed_data(asn1_node pkcs7, asn1_node * sdata) */ /* id-data */ - result = - asn1_write_value(*sdata, "encapContentInfo.eContentType", - DIGESTED_DATA_OID, 1); + result = asn1_write_value(*sdata, "encapContentInfo.eContentType", + DIGESTED_DATA_OID, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1695,10 +1642,9 @@ static int create_empty_signed_data(asn1_node pkcs7, asn1_node * sdata) return 0; - cleanup: +cleanup: asn1_delete_structure(sdata); return result; - } /** @@ -1712,7 +1658,7 @@ static int create_empty_signed_data(asn1_node pkcs7, asn1_node * sdata) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) +int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t *crt) { int result; @@ -1726,8 +1672,8 @@ int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) /* The pkcs7 structure is new, so create the * signedData. */ - result = - create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data); + result = create_empty_signed_data(pkcs7->pkcs7, + &pkcs7->signed_data); if (result < 0) { gnutls_assert(); return result; @@ -1744,19 +1690,17 @@ int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) goto cleanup; } - result = - asn1_write_value(pkcs7->signed_data, "certificates.?LAST", - "certificate", 1); + result = asn1_write_value(pkcs7->signed_data, "certificates.?LAST", + "certificate", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(pkcs7->signed_data, - "certificates.?LAST.certificate", crt->data, - crt->size); + result = asn1_write_value(pkcs7->signed_data, + "certificates.?LAST.certificate", crt->data, + crt->size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1765,7 +1709,7 @@ int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) result = 0; - cleanup: +cleanup: return result; } @@ -1840,7 +1784,7 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx) return 0; - cleanup: +cleanup: return result; } @@ -1861,9 +1805,8 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx) * * Since: 3.4.2 **/ -int -gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, - unsigned indx, gnutls_datum_t * crl) +int gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, unsigned indx, + gnutls_datum_t *crl) { int result; char root2[MAX_NAME_SIZE]; @@ -1886,9 +1829,8 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, /* Get the raw CRL */ - result = - asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, tmp.size, - root2, &start, &end); + result = asn1_der_decoding_startEnd(pkcs7->signed_data, tmp.data, + tmp.size, root2, &start, &end); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -1900,7 +1842,7 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, result = _gnutls_set_datum(crl, &tmp.data[start], end); - cleanup: +cleanup: _gnutls_free_datum(&tmp); return result; } @@ -1920,9 +1862,8 @@ gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7, * returned. After the last crl has been read * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. **/ -int -gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, - unsigned indx, void *crl, size_t *crl_size) +int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, unsigned indx, void *crl, + size_t *crl_size) { int ret; gnutls_datum_t tmp = { NULL, 0 }; @@ -1943,7 +1884,7 @@ gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, if (crl) memcpy(crl, tmp.data, tmp.size); - cleanup: +cleanup: _gnutls_free_datum(&tmp); return ret; } @@ -1970,11 +1911,10 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7) result = asn1_number_of_elements(pkcs7->signed_data, "crls", &count); if (result != ASN1_SUCCESS) { gnutls_assert(); - return 0; /* no crls */ + return 0; /* no crls */ } return count; - } /** @@ -1987,7 +1927,7 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) +int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t *crl) { int result; @@ -2001,8 +1941,8 @@ int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) /* The pkcs7 structure is new, so create the * signedData. */ - result = - create_empty_signed_data(pkcs7->pkcs7, &pkcs7->signed_data); + result = create_empty_signed_data(pkcs7->pkcs7, + &pkcs7->signed_data); if (result < 0) { gnutls_assert(); return result; @@ -2019,9 +1959,8 @@ int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) goto cleanup; } - result = - asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data, - crl->size); + result = asn1_write_value(pkcs7->signed_data, "crls.?LAST", crl->data, + crl->size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -2030,7 +1969,7 @@ int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) result = 0; - cleanup: +cleanup: return result; } @@ -2104,7 +2043,7 @@ int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx) return 0; - cleanup: +cleanup: return result; } @@ -2134,9 +2073,8 @@ static int write_signer_id(asn1_node c2, const char *root, } serial_size = sizeof(serial); - result = - gnutls_x509_crt_get_subject_key_id(signer, serial, - &serial_size, NULL); + result = gnutls_x509_crt_get_subject_key_id(signer, serial, + &serial_size, NULL); if (result < 0) return gnutls_assert_val(result); @@ -2148,8 +2086,8 @@ static int write_signer_id(asn1_node c2, const char *root, } } else { serial_size = sizeof(serial); - result = - gnutls_x509_crt_get_serial(signer, serial, &serial_size); + result = gnutls_x509_crt_get_serial(signer, serial, + &serial_size); if (result < 0) return gnutls_assert_val(result); @@ -2170,9 +2108,8 @@ static int write_signer_id(asn1_node c2, const char *root, snprintf(name, sizeof(name), "%s.sid.issuerAndSerialNumber.issuer", root); - result = - asn1_copy_node(c2, name, signer->cert, - "tbsCertificate.issuer"); + result = asn1_copy_node(c2, name, signer->cert, + "tbsCertificate.issuer"); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -2217,9 +2154,8 @@ static int add_attrs(asn1_node c2, const char *root, gnutls_pkcs7_attrs_t attrs, snprintf(name, sizeof(name), "%s.?LAST.values.?1", root); - result = - asn1_write_value(c2, name, p->data.data, - p->data.size); + result = asn1_write_value(c2, name, p->data.data, + p->data.size); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -2233,8 +2169,7 @@ static int add_attrs(asn1_node c2, const char *root, gnutls_pkcs7_attrs_t attrs, } static int write_attributes(asn1_node c2, const char *root, - const gnutls_datum_t * data, - const mac_entry_st * me, + const gnutls_datum_t *data, const mac_entry_st *me, gnutls_pkcs7_attrs_t other_attrs, unsigned flags) { char name[256]; @@ -2315,10 +2250,8 @@ static int write_attributes(asn1_node c2, const char *root, return ret; } - ret = - _gnutls_x509_get_raw_field(c2, - "encapContentInfo.eContentType", - &tmp); + ret = _gnutls_x509_get_raw_field( + c2, "encapContentInfo.eContentType", &tmp); if (ret < 0) { gnutls_assert(); return ret; @@ -2337,9 +2270,8 @@ static int write_attributes(asn1_node c2, const char *root, /* If we add any attribute we should add them all */ /* Add hash */ digest_size = _gnutls_hash_get_algo_len(me); - ret = - gnutls_hash_fast(MAC_TO_DIG(me->id), data->data, data->size, - digest); + ret = gnutls_hash_fast(MAC_TO_DIG(me->id), data->data, + data->size, digest); if (ret < 0) { gnutls_assert(); return ret; @@ -2353,10 +2285,8 @@ static int write_attributes(asn1_node c2, const char *root, } snprintf(name, sizeof(name), "%s.?LAST", root); - ret = - _gnutls_x509_encode_and_write_attribute(ATTR_MESSAGE_DIGEST, - c2, name, digest, - digest_size, 1); + ret = _gnutls_x509_encode_and_write_attribute( + ATTR_MESSAGE_DIGEST, c2, name, digest, digest_size, 1); if (ret < 0) { gnutls_assert(); return ret; @@ -2391,10 +2321,8 @@ static int write_attributes(asn1_node c2, const char *root, * * Since: 3.4.2 **/ -int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_t signer, - gnutls_privkey_t signer_key, - const gnutls_datum_t * data, +int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t signer, + gnutls_privkey_t signer_key, const gnutls_datum_t *data, gnutls_pkcs7_attrs_t signed_attrs, gnutls_pkcs7_attrs_t unsigned_attrs, gnutls_digest_algorithm_t dig, unsigned flags) @@ -2411,10 +2339,9 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, return GNUTLS_E_INVALID_REQUEST; if (pkcs7->signed_data == NULL) { - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-7-SignedData", - &pkcs7->signed_data); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-7-SignedData", + &pkcs7->signed_data); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2434,19 +2361,17 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, goto cleanup; } - result = - asn1_write_value(pkcs7->signed_data, - "encapContentInfo.eContentType", DATA_OID, 0); + result = asn1_write_value(pkcs7->signed_data, + "encapContentInfo.eContentType", DATA_OID, 0); if (result != ASN1_SUCCESS) { ret = _gnutls_asn2err(result); goto cleanup; } - if ((flags & GNUTLS_PKCS7_EMBED_DATA) && data->data) { /* embed data */ - ret = - _gnutls_x509_write_string(pkcs7->signed_data, - "encapContentInfo.eContent", data, - ASN1_ETYPE_OCTET_STRING); + if ((flags & GNUTLS_PKCS7_EMBED_DATA) && data->data) { /* embed data */ + ret = _gnutls_x509_write_string(pkcs7->signed_data, + "encapContentInfo.eContent", + data, ASN1_ETYPE_OCTET_STRING); if (ret < 0) { goto cleanup; } @@ -2461,18 +2386,17 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, } /* append digest info algorithm */ - result = - asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", 1); + result = asn1_write_value(pkcs7->signed_data, "digestAlgorithms", "NEW", + 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(pkcs7->signed_data, - "digestAlgorithms.?LAST.algorithm", - _gnutls_x509_digest_to_oid(me), 1); + result = asn1_write_value(pkcs7->signed_data, + "digestAlgorithms.?LAST.algorithm", + _gnutls_x509_digest_to_oid(me), 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2490,19 +2414,17 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, goto cleanup; } - result = - asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.version", - &one, 1); + result = asn1_write_value(pkcs7->signed_data, + "signerInfos.?LAST.version", &one, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(pkcs7->signed_data, - "signerInfos.?LAST.digestAlgorithm.algorithm", - _gnutls_x509_digest_to_oid(me), 1); + result = asn1_write_value(pkcs7->signed_data, + "signerInfos.?LAST.digestAlgorithm.algorithm", + _gnutls_x509_digest_to_oid(me), 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2513,26 +2435,23 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, "signerInfos.?LAST.digestAlgorithm.parameters", NULL, 0); - ret = - write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer, - flags); + ret = write_signer_id(pkcs7->signed_data, "signerInfos.?LAST", signer, + flags); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs", - unsigned_attrs, 0); + ret = add_attrs(pkcs7->signed_data, "signerInfos.?LAST.unsignedAttrs", + unsigned_attrs, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - write_attributes(pkcs7->signed_data, - "signerInfos.?LAST.signedAttrs", data, me, - signed_attrs, flags); + ret = write_attributes(pkcs7->signed_data, + "signerInfos.?LAST.signedAttrs", data, me, + signed_attrs, flags); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2564,8 +2483,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, se = _gnutls_pk_to_sign_entry(params.pk, dig); if (se == NULL) { - ret = - gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + ret = gnutls_assert_val( + GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); goto cleanup; } @@ -2575,10 +2494,9 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, * because some implementations cannot cope with the "expected" signature values. */ params.legacy = 1; - ret = - _gnutls_x509_write_sign_params(pkcs7->signed_data, - "signerInfos.?LAST.signatureAlgorithm", - se, ¶ms); + ret = _gnutls_x509_write_sign_params( + pkcs7->signed_data, "signerInfos.?LAST.signatureAlgorithm", se, + ¶ms); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2587,9 +2505,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, sigalgo = se->id; /* sign the data */ - ret = - figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo, - &sigdata); + ret = figure_pkcs7_sigdata(pkcs7, "signerInfos.?LAST", data, sigalgo, + &sigdata); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2597,16 +2514,16 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, FIX_SIGN_PARAMS(params, flags, dig); - ret = privkey_sign_and_hash_data(signer_key, se, - &sigdata, &signature, ¶ms); + ret = privkey_sign_and_hash_data(signer_key, se, &sigdata, &signature, + ¶ms); if (ret < 0) { gnutls_assert(); goto cleanup; } - result = - asn1_write_value(pkcs7->signed_data, "signerInfos.?LAST.signature", - signature.data, signature.size); + result = asn1_write_value(pkcs7->signed_data, + "signerInfos.?LAST.signature", signature.data, + signature.size); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -2615,7 +2532,7 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7, ret = 0; - cleanup: +cleanup: gnutls_free(sigdata.data); gnutls_free(signature.data); return ret; diff --git a/lib/x509/pkcs7_int.h b/lib/x509/pkcs7_int.h index b691ae95a9..77427c1e07 100644 --- a/lib/x509/pkcs7_int.h +++ b/lib/x509/pkcs7_int.h @@ -22,21 +22,22 @@ */ #ifndef GNUTLS_LIB_X509_PKCS7_INT_H -# define GNUTLS_LIB_X509_PKCS7_INT_H +#define GNUTLS_LIB_X509_PKCS7_INT_H -# include <gnutls/x509.h> +#include <gnutls/x509.h> /* PKCS #7 */ -# define DATA_OID "1.2.840.113549.1.7.1" -# define ENC_DATA_OID "1.2.840.113549.1.7.6" +#define DATA_OID "1.2.840.113549.1.7.1" +#define ENC_DATA_OID "1.2.840.113549.1.7.6" -# define SIGNED_DATA_OID "1.2.840.113549.1.7.2" -# define DIGESTED_DATA_OID "1.2.840.113549.1.7.5" +#define SIGNED_DATA_OID "1.2.840.113549.1.7.2" +#define DIGESTED_DATA_OID "1.2.840.113549.1.7.5" typedef enum schema_id { - PBES2_GENERIC = 1, /* when the algorithm is unknown, temporal use when reading only */ - PBES2_DES, /* the stuff in PKCS #5 */ + PBES2_GENERIC = + 1, /* when the algorithm is unknown, temporal use when reading only */ + PBES2_DES, /* the stuff in PKCS #5 */ PBES2_3DES, PBES2_AES_128, PBES2_AES_192, @@ -46,10 +47,10 @@ typedef enum schema_id { PBES2_GOST28147_89_CPB, PBES2_GOST28147_89_CPC, PBES2_GOST28147_89_CPD, - PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */ + PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */ PKCS12_ARCFOUR_SHA1, PKCS12_RC2_40_SHA1, - PBES1_DES_MD5 /* openssl before 1.1.0 uses that by default */ + PBES1_DES_MD5 /* openssl before 1.1.0 uses that by default */ } schema_id; struct pkcs_cipher_schema_st { @@ -71,66 +72,58 @@ struct pbe_enc_params { gnutls_cipher_algorithm_t cipher; uint8_t iv[MAX_CIPHER_BLOCK_SIZE]; int iv_size; - char pbes2_oid[MAX_OID_SIZE]; /* when reading params, the OID is stored for info purposes */ + char pbes2_oid + [MAX_OID_SIZE]; /* when reading params, the OID is stored for info purposes */ }; -int -_gnutls_decrypt_pbes1_des_md5_data(const char *password, - unsigned password_len, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params, - const gnutls_datum_t * encrypted_data, - gnutls_datum_t * decrypted_data); +int _gnutls_decrypt_pbes1_des_md5_data(const char *password, + unsigned password_len, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params, + const gnutls_datum_t *encrypted_data, + gnutls_datum_t *decrypted_data); int _gnutls_check_pkcs_cipher_schema(const char *oid); -int -_gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, - const char *root, const char *password, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * decrypted_data); +int _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn, + const char *root, const char *password, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params, + gnutls_datum_t *decrypted_data); -int -_gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t * plain, - const struct pbe_enc_params *enc_params, - const gnutls_datum_t * key, - gnutls_datum_t * encrypted); +int _gnutls_pkcs_raw_encrypt_data(const gnutls_datum_t *plain, + const struct pbe_enc_params *enc_params, + const gnutls_datum_t *key, + gnutls_datum_t *encrypted); -int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, - const char *password, gnutls_datum_t * dec); +int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t *data, const char *password, + gnutls_datum_t *dec); -int _gnutls_read_pbkdf1_params(const uint8_t * data, int data_size, +int _gnutls_read_pbkdf1_params(const uint8_t *data, int data_size, struct pbkdf2_params *kdf_params, struct pbe_enc_params *enc_params); -int -_gnutls_read_pkcs_schema_params(schema_id * schema, const char *password, - const uint8_t * data, int data_size, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params); - -int -_gnutls_pkcs_write_schema_params(schema_id schema, asn1_node pkcs8_asn, - const char *where, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params); - -int -_gnutls_pkcs_generate_key(schema_id schema, - const char *password, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params, - gnutls_datum_t * key); +int _gnutls_read_pkcs_schema_params(schema_id *schema, const char *password, + const uint8_t *data, int data_size, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params); + +int _gnutls_pkcs_write_schema_params(schema_id schema, asn1_node pkcs8_asn, + const char *where, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params); + +int _gnutls_pkcs_generate_key(schema_id schema, const char *password, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params, + gnutls_datum_t *key); int _gnutls_pkcs_flags_to_schema(unsigned int flags); -int _gnutls_pkcs7_encrypt_data(schema_id schema, - const gnutls_datum_t * data, - const char *password, gnutls_datum_t * enc); +int _gnutls_pkcs7_encrypt_data(schema_id schema, const gnutls_datum_t *data, + const char *password, gnutls_datum_t *enc); -int -_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, - const struct pkcs_cipher_schema_st **p, - struct pbkdf2_params *kdf_params, char **oid); +int _gnutls_pkcs7_data_enc_info(const gnutls_datum_t *data, + const struct pkcs_cipher_schema_st **p, + struct pbkdf2_params *kdf_params, char **oid); -#endif /* GNUTLS_LIB_X509_PKCS7_INT_H */ +#endif /* GNUTLS_LIB_X509_PKCS7_INT_H */ diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 19082b74db..aae1c3e062 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -45,7 +45,7 @@ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key) +int gnutls_x509_privkey_init(gnutls_x509_privkey_t *key) { *key = NULL; FAIL_IF_LIB_ERROR; @@ -54,7 +54,7 @@ int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key) if (*key) { (*key)->key = NULL; - return 0; /* success */ + return 0; /* success */ } return GNUTLS_E_MEMORY_ERROR; @@ -98,8 +98,8 @@ void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src) +int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, + gnutls_x509_privkey_t src) { int ret; @@ -124,9 +124,8 @@ gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src) /* Converts an RSA PKCS#1 key to * an internal structure (gnutls_private_key) */ -asn1_node -_gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key, - gnutls_x509_privkey_t pkey) +asn1_node _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t *raw_key, + gnutls_x509_privkey_t pkey) { int result; asn1_node pkey_asn; @@ -140,9 +139,8 @@ _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key, return NULL; } - result = - _asn1_strict_der_decode(&pkey_asn, raw_key->data, raw_key->size, - NULL); + result = _asn1_strict_der_decode(&pkey_asn, raw_key->data, + raw_key->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); goto error; @@ -209,7 +207,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key, return pkey_asn; - error: +error: asn1_delete_structure2(&pkey_asn, ASN1_DELETE_FLAG_ZEROIZE); gnutls_pk_params_clear(&pkey->params); gnutls_pk_params_release(&pkey->params); @@ -219,11 +217,10 @@ _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key, /* Converts an ECC key to * an internal structure (gnutls_private_key) */ -int -_gnutls_privkey_decode_ecc_key(asn1_node * pkey_asn, - const gnutls_datum_t * raw_key, - gnutls_x509_privkey_t pkey, - gnutls_ecc_curve_t curve) +int _gnutls_privkey_decode_ecc_key(asn1_node *pkey_asn, + const gnutls_datum_t *raw_key, + gnutls_x509_privkey_t pkey, + gnutls_ecc_curve_t curve) { int ret; unsigned int version; @@ -237,17 +234,15 @@ _gnutls_privkey_decode_ecc_key(asn1_node * pkey_asn, gnutls_pk_params_init(&pkey->params); - if ((ret = - asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.ECPrivateKey", - pkey_asn)) != ASN1_SUCCESS) { + if ((ret = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.ECPrivateKey", pkey_asn)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); } - ret = - _asn1_strict_der_decode(pkey_asn, raw_key->data, raw_key->size, - NULL); + ret = _asn1_strict_der_decode(pkey_asn, raw_key->data, raw_key->size, + NULL); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -261,8 +256,9 @@ _gnutls_privkey_decode_ecc_key(asn1_node * pkey_asn, } if (version != 1) { - _gnutls_debug_log - ("ECC private key version %u is not supported\n", version); + _gnutls_debug_log( + "ECC private key version %u is not supported\n", + version); gnutls_assert(); ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE; goto error; @@ -271,9 +267,8 @@ _gnutls_privkey_decode_ecc_key(asn1_node * pkey_asn, /* read the curve */ if (curve == GNUTLS_ECC_CURVE_INVALID) { oid_size = sizeof(oid); - ret = - asn1_read_value(*pkey_asn, "parameters.namedCurve", oid, - &oid_size); + ret = asn1_read_value(*pkey_asn, "parameters.namedCurve", oid, + &oid_size); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -299,10 +294,9 @@ _gnutls_privkey_decode_ecc_key(asn1_node * pkey_asn, goto error; } - ret = - _gnutls_ecc_ansi_x962_import(out.data, out.size, - &pkey->params.params[ECC_X], - &pkey->params.params[ECC_Y]); + ret = _gnutls_ecc_ansi_x962_import(out.data, out.size, + &pkey->params.params[ECC_X], + &pkey->params.params[ECC_Y]); _gnutls_free_datum(&out); if (ret < 0) { @@ -312,9 +306,8 @@ _gnutls_privkey_decode_ecc_key(asn1_node * pkey_asn, pkey->params.params_nr += 2; /* read the private key */ - ret = - _gnutls_x509_read_key_int(*pkey_asn, "privateKey", - &pkey->params.params[ECC_K]); + ret = _gnutls_x509_read_key_int(*pkey_asn, "privateKey", + &pkey->params.params[ECC_K]); if (ret < 0) { gnutls_assert(); goto error; @@ -324,16 +317,15 @@ _gnutls_privkey_decode_ecc_key(asn1_node * pkey_asn, return 0; - error: +error: asn1_delete_structure2(pkey_asn, ASN1_DELETE_FLAG_ZEROIZE); gnutls_pk_params_clear(&pkey->params); gnutls_pk_params_release(&pkey->params); return ret; - } -static asn1_node -decode_dsa_key(const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) +static asn1_node decode_dsa_key(const gnutls_datum_t *raw_key, + gnutls_x509_privkey_t pkey) { int result; asn1_node dsa_asn; @@ -350,9 +342,8 @@ decode_dsa_key(const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) gnutls_pk_params_init(&pkey->params); - result = - _asn1_strict_der_decode(&dsa_asn, raw_key->data, raw_key->size, - NULL); + result = _asn1_strict_der_decode(&dsa_asn, raw_key->data, raw_key->size, + NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); goto error; @@ -407,12 +398,11 @@ decode_dsa_key(const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) return dsa_asn; - error: +error: asn1_delete_structure2(&dsa_asn, ASN1_DELETE_FLAG_ZEROIZE); gnutls_pk_params_clear(&pkey->params); gnutls_pk_params_release(&pkey->params); return NULL; - } #define PEM_KEY_DSA "DSA PRIVATE KEY" @@ -439,10 +429,9 @@ decode_dsa_key(const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_import(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, + const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -464,16 +453,14 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, char *ptr; uint8_t *begin_ptr; - ptr = - memmem(data->data, data->size, "PRIVATE KEY-----", - sizeof("PRIVATE KEY-----") - 1); + ptr = memmem(data->data, data->size, "PRIVATE KEY-----", + sizeof("PRIVATE KEY-----") - 1); result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; if (ptr != NULL) { - left = - data->size - ((ptrdiff_t)ptr - - (ptrdiff_t)data->data); + left = data->size - + ((ptrdiff_t)ptr - (ptrdiff_t)data->data); if (data->size - left > MAX_PEM_HEADER_SIZE) { ptr -= MAX_PEM_HEADER_SIZE; @@ -483,62 +470,54 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, left = data->size; } - ptr = - memmem(ptr, left, "-----BEGIN ", - sizeof("-----BEGIN ") - 1); + ptr = memmem(ptr, left, "-----BEGIN ", + sizeof("-----BEGIN ") - 1); if (ptr != NULL) { - begin_ptr = (uint8_t *) ptr; - left = - data->size - ((ptrdiff_t)begin_ptr - - (ptrdiff_t)data->data); + begin_ptr = (uint8_t *)ptr; + left = data->size - ((ptrdiff_t)begin_ptr - + (ptrdiff_t)data->data); ptr += sizeof("-----BEGIN ") - 1; - if (left > sizeof(PEM_KEY_RSA) - && memcmp(ptr, PEM_KEY_RSA, - sizeof(PEM_KEY_RSA) - 1) == 0) { - result = - _gnutls_fbase64_decode(PEM_KEY_RSA, - begin_ptr, - left, - &_data); + if (left > sizeof(PEM_KEY_RSA) && + memcmp(ptr, PEM_KEY_RSA, + sizeof(PEM_KEY_RSA) - 1) == 0) { + result = _gnutls_fbase64_decode( + PEM_KEY_RSA, begin_ptr, left, + &_data); if (result >= 0) key->params.algo = - GNUTLS_PK_RSA; - } else if (left > sizeof(PEM_KEY_ECC) - && memcmp(ptr, PEM_KEY_ECC, - sizeof(PEM_KEY_ECC) - 1) == - 0) { - result = - _gnutls_fbase64_decode(PEM_KEY_ECC, - begin_ptr, - left, - &_data); + GNUTLS_PK_RSA; + } else if (left > sizeof(PEM_KEY_ECC) && + memcmp(ptr, PEM_KEY_ECC, + sizeof(PEM_KEY_ECC) - 1) == + 0) { + result = _gnutls_fbase64_decode( + PEM_KEY_ECC, begin_ptr, left, + &_data); if (result >= 0) key->params.algo = GNUTLS_PK_EC; - } else if (left > sizeof(PEM_KEY_DSA) - && memcmp(ptr, PEM_KEY_DSA, - sizeof(PEM_KEY_DSA) - 1) == - 0) { - result = - _gnutls_fbase64_decode(PEM_KEY_DSA, - begin_ptr, - left, - &_data); + } else if (left > sizeof(PEM_KEY_DSA) && + memcmp(ptr, PEM_KEY_DSA, + sizeof(PEM_KEY_DSA) - 1) == + 0) { + result = _gnutls_fbase64_decode( + PEM_KEY_DSA, begin_ptr, left, + &_data); if (result >= 0) key->params.algo = - GNUTLS_PK_DSA; + GNUTLS_PK_DSA; } - if (key->params.algo == GNUTLS_PK_UNKNOWN - && left >= sizeof(PEM_KEY_PKCS8)) { - if (memcmp - (ptr, PEM_KEY_PKCS8, - sizeof(PEM_KEY_PKCS8) - 1) == 0) { - result = - _gnutls_fbase64_decode - (PEM_KEY_PKCS8, begin_ptr, - left, &_data); + if (key->params.algo == GNUTLS_PK_UNKNOWN && + left >= sizeof(PEM_KEY_PKCS8)) { + if (memcmp(ptr, PEM_KEY_PKCS8, + sizeof(PEM_KEY_PKCS8) - 1) == + 0) { + result = _gnutls_fbase64_decode( + PEM_KEY_PKCS8, + begin_ptr, left, + &_data); if (result >= 0) { /* signal for PKCS #8 keys */ key->params.algo = -1; @@ -546,7 +525,6 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, } } } - } if (result < 0) { @@ -562,10 +540,9 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, } key->expanded = 1; - if (key->params.algo == (gnutls_pk_algorithm_t) - 1) { - result = - gnutls_x509_privkey_import_pkcs8(key, data, format, - NULL, GNUTLS_PKCS_PLAIN); + if (key->params.algo == (gnutls_pk_algorithm_t)-1) { + result = gnutls_x509_privkey_import_pkcs8( + key, data, format, NULL, GNUTLS_PKCS_PLAIN); if (result < 0) { gnutls_assert(); key->key = NULL; @@ -583,8 +560,8 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, if (key->key == NULL) gnutls_assert(); } else if (key->params.algo == GNUTLS_PK_EC) { - result = - _gnutls_privkey_decode_ecc_key(&key->key, &_data, key, 0); + result = _gnutls_privkey_decode_ecc_key(&key->key, &_data, key, + 0); if (result < 0) { gnutls_assert(); key->key = NULL; @@ -601,15 +578,13 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, key->key = decode_dsa_key(&_data, key); if (key->key == NULL) { key->params.algo = GNUTLS_PK_EC; - result = - _gnutls_privkey_decode_ecc_key(&key->key, - &_data, key, - 0); + result = _gnutls_privkey_decode_ecc_key( + &key->key, &_data, key, 0); if (result < 0) { result = - gnutls_x509_privkey_import_pkcs8 - (key, data, format, NULL, - GNUTLS_PKCS_PLAIN); + gnutls_x509_privkey_import_pkcs8( + key, data, format, NULL, + GNUTLS_PKCS_PLAIN); if (result >= 0) { /* there are keys (ed25519) which leave key->key NULL */ goto finish; @@ -633,14 +608,14 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, goto cleanup; } - finish: +finish: result = - _gnutls_pk_fixup(key->params.algo, GNUTLS_IMPORT, &key->params); + _gnutls_pk_fixup(key->params.algo, GNUTLS_IMPORT, &key->params); if (result < 0) { gnutls_assert(); } - cleanup: +cleanup: if (need_free) { zeroize_temp_key(_data.data, _data.size); _gnutls_free_datum(&_data); @@ -653,7 +628,7 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, } static int import_pkcs12_privkey(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, + const gnutls_datum_t *data, gnutls_x509_crt_fmt_t format, const char *password, unsigned int flags) { @@ -671,9 +646,8 @@ static int import_pkcs12_privkey(gnutls_x509_privkey_t key, goto fail; } - ret = - gnutls_pkcs12_simple_parse(p12, password, &newkey, NULL, NULL, - NULL, NULL, NULL, 0); + ret = gnutls_pkcs12_simple_parse(p12, password, &newkey, NULL, NULL, + NULL, NULL, NULL, 0); if (ret < 0) { gnutls_assert(); goto fail; @@ -687,7 +661,7 @@ static int import_pkcs12_privkey(gnutls_x509_privkey_t key, } ret = 0; - fail: +fail: gnutls_pkcs12_deinit(p12); @@ -716,11 +690,10 @@ static int import_pkcs12_privkey(gnutls_x509_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - const char *password, unsigned int flags) +int gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, + const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format, + const char *password, unsigned int flags) { int ret = 0; int saved_ret = GNUTLS_E_PARSING_ERROR; @@ -731,14 +704,12 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, size_t left; char *ptr; - ptr = - memmem(data->data, data->size, "PRIVATE KEY-----", - sizeof("PRIVATE KEY-----") - 1); + ptr = memmem(data->data, data->size, "PRIVATE KEY-----", + sizeof("PRIVATE KEY-----") - 1); if (ptr != NULL) { - left = - data->size - ((ptrdiff_t)ptr - - (ptrdiff_t)data->data); + left = data->size - + ((ptrdiff_t)ptr - (ptrdiff_t)data->data); if (data->size - left > 15) { ptr -= 15; @@ -748,32 +719,29 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, left = data->size; } - ptr = - memmem(ptr, left, "-----BEGIN ", - sizeof("-----BEGIN ") - 1); + ptr = memmem(ptr, left, "-----BEGIN ", + sizeof("-----BEGIN ") - 1); if (ptr != NULL) { ptr += sizeof("-----BEGIN ") - 1; - left = - data->size - ((ptrdiff_t)ptr - - (ptrdiff_t)data->data); + left = data->size - + ((ptrdiff_t)ptr - (ptrdiff_t)data->data); } if (ptr != NULL && left > sizeof(PEM_KEY_RSA)) { - if (memcmp - (ptr, PEM_KEY_RSA, - sizeof(PEM_KEY_RSA) - 1) == 0 - || memcmp(ptr, PEM_KEY_ECC, - sizeof(PEM_KEY_ECC) - 1) == 0 - || memcmp(ptr, PEM_KEY_DSA, - sizeof(PEM_KEY_DSA) - 1) == 0) { + if (memcmp(ptr, PEM_KEY_RSA, + sizeof(PEM_KEY_RSA) - 1) == 0 || + memcmp(ptr, PEM_KEY_ECC, + sizeof(PEM_KEY_ECC) - 1) == 0 || + memcmp(ptr, PEM_KEY_DSA, + sizeof(PEM_KEY_DSA) - 1) == 0) { head_enc = 0; } } } } - if (head_enc == 0 - || (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD))) { + if (head_enc == 0 || + (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD))) { ret = gnutls_x509_privkey_import(key, data, format); if (ret >= 0) return ret; @@ -783,26 +751,22 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, /* fall through to PKCS #8 decoding */ } - if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) - || ret < 0) { - - ret = - gnutls_x509_privkey_import_pkcs8(key, data, format, - password, flags); + if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) || + ret < 0) { + ret = gnutls_x509_privkey_import_pkcs8(key, data, format, + password, flags); - if (ret == GNUTLS_E_DECRYPTION_FAILED && - password == NULL && (!(flags & GNUTLS_PKCS_PLAIN))) { + if (ret == GNUTLS_E_DECRYPTION_FAILED && password == NULL && + (!(flags & GNUTLS_PKCS_PLAIN))) { /* use the callback if any */ - ret = - _gnutls_retrieve_pin(&key->pin, "key:", "", 0, pin, - sizeof(pin)); + ret = _gnutls_retrieve_pin(&key->pin, "key:", "", 0, + pin, sizeof(pin)); if (ret == 0) { password = pin; } - ret = - gnutls_x509_privkey_import_pkcs8(key, data, format, - password, flags); + ret = gnutls_x509_privkey_import_pkcs8( + key, data, format, password, flags); } if (saved_ret == GNUTLS_E_PARSING_ERROR) @@ -811,34 +775,28 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, if (ret < 0) { if (ret == GNUTLS_E_DECRYPTION_FAILED) goto cleanup; - ret = - import_pkcs12_privkey(key, data, format, - password, flags); + ret = import_pkcs12_privkey(key, data, format, password, + flags); if (ret < 0 && format == GNUTLS_X509_FMT_PEM) { if (ret == GNUTLS_E_DECRYPTION_FAILED) goto cleanup; - ret = - gnutls_x509_privkey_import_openssl(key, - data, - password); + ret = gnutls_x509_privkey_import_openssl( + key, data, password); - if (ret == GNUTLS_E_DECRYPTION_FAILED - && password == NULL && (key->pin.cb - || - _gnutls_pin_func)) { + if (ret == GNUTLS_E_DECRYPTION_FAILED && + password == NULL && + (key->pin.cb || _gnutls_pin_func)) { /* use the callback if any */ memset(pin, 0, GNUTLS_PKCS11_MAX_PIN_LEN); - ret = - _gnutls_retrieve_pin(&key->pin, - "key:", "", 0, - pin, - sizeof(pin)); + ret = _gnutls_retrieve_pin(&key->pin, + "key:", "", + 0, pin, + sizeof(pin)); if (ret == 0) { - ret = - gnutls_x509_privkey_import_openssl - (key, data, pin); + ret = gnutls_x509_privkey_import_openssl( + key, data, pin); } } @@ -855,7 +813,7 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, ret = 0; - cleanup: +cleanup: if (ret == GNUTLS_E_PARSING_ERROR) ret = saved_ret; @@ -879,17 +837,16 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u) +int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, + const gnutls_datum_t *m, + const gnutls_datum_t *e, + const gnutls_datum_t *d, + const gnutls_datum_t *p, + const gnutls_datum_t *q, + const gnutls_datum_t *u) { - return gnutls_x509_privkey_import_rsa_raw2(key, m, e, d, p, q, u, - NULL, NULL); + return gnutls_x509_privkey_import_rsa_raw2(key, m, e, d, p, q, u, NULL, + NULL); } /** @@ -911,16 +868,12 @@ gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u, - const gnutls_datum_t * e1, - const gnutls_datum_t * e2) +int gnutls_x509_privkey_import_rsa_raw2( + gnutls_x509_privkey_t key, const gnutls_datum_t *m, + const gnutls_datum_t *e, const gnutls_datum_t *d, + const gnutls_datum_t *p, const gnutls_datum_t *q, + const gnutls_datum_t *u, const gnutls_datum_t *e1, + const gnutls_datum_t *e2) { int ret; size_t siz = 0; @@ -933,8 +886,8 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, gnutls_pk_params_init(&key->params); siz = m->size; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[RSA_MODULUS], m->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_MODULUS], m->data, + siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -942,8 +895,8 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, key->params.params_nr++; siz = e->size; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[RSA_PUB], e->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PUB], e->data, + siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -952,8 +905,8 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, if (d) { siz = d->size; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[RSA_PRIV], d->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PRIV], + d->data, siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -962,8 +915,8 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, } siz = p->size; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[RSA_PRIME1], p->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PRIME1], p->data, + siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -971,8 +924,8 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, key->params.params_nr++; siz = q->size; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[RSA_PRIME2], q->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_PRIME2], q->data, + siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -981,8 +934,8 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, if (u) { siz = u->size; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[RSA_COEF], u->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_COEF], + u->data, siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -992,8 +945,8 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, if (e1 && e2) { siz = e1->size; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[RSA_E1], e1->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_E1], + e1->data, siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -1001,8 +954,8 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, key->params.params_nr++; siz = e2->size; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[RSA_E2], e2->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[RSA_E2], + e2->data, siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -1029,11 +982,10 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, return 0; - cleanup: +cleanup: gnutls_pk_params_clear(&key->params); gnutls_pk_params_release(&key->params); return ret; - } /** @@ -1052,13 +1004,12 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y, - const gnutls_datum_t * x) +int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, + const gnutls_datum_t *p, + const gnutls_datum_t *q, + const gnutls_datum_t *g, + const gnutls_datum_t *y, + const gnutls_datum_t *x) { int ret; size_t siz = 0; @@ -1093,8 +1044,8 @@ gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, if (y) { siz = y->size; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[3], y->data, siz)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[3], y->data, + siz)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -1125,11 +1076,10 @@ gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, return 0; - cleanup: +cleanup: gnutls_pk_params_clear(&key->params); gnutls_pk_params_release(&key->params); return ret; - } /** @@ -1150,12 +1100,11 @@ gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, * * Since: 3.0 **/ -int -gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, - gnutls_ecc_curve_t curve, - const gnutls_datum_t * x, - const gnutls_datum_t * y, - const gnutls_datum_t * k) +int gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, + gnutls_ecc_curve_t curve, + const gnutls_datum_t *x, + const gnutls_datum_t *y, + const gnutls_datum_t *k) { int ret; @@ -1194,8 +1143,8 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, goto cleanup; } - ret = - _gnutls_set_datum(&key->params.raw_priv, k->data, k->size); + ret = _gnutls_set_datum(&key->params.raw_priv, k->data, + k->size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1204,24 +1153,24 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, return 0; } - if (_gnutls_mpi_init_scan_nz - (&key->params.params[ECC_X], x->data, x->size)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[ECC_X], x->data, + x->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[ECC_Y], y->data, y->size)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[ECC_Y], y->data, + y->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz - (&key->params.params[ECC_K], k->data, k->size)) { + if (_gnutls_mpi_init_scan_nz(&key->params.params[ECC_K], k->data, + k->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -1244,11 +1193,10 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, return 0; - cleanup: +cleanup: gnutls_pk_params_clear(&key->params); gnutls_pk_params_release(&key->params); return ret; - } /** @@ -1276,14 +1224,13 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, * * Since: 3.6.3 **/ -int -gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, - gnutls_ecc_curve_t curve, - gnutls_digest_algorithm_t digest, - gnutls_gost_paramset_t paramset, - const gnutls_datum_t * x, - const gnutls_datum_t * y, - const gnutls_datum_t * k) +int gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, + gnutls_ecc_curve_t curve, + gnutls_digest_algorithm_t digest, + gnutls_gost_paramset_t paramset, + const gnutls_datum_t *x, + const gnutls_datum_t *y, + const gnutls_datum_t *k) { int ret; @@ -1300,24 +1247,24 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, key->params.gost_params = paramset; - if (_gnutls_mpi_init_scan_le - (&key->params.params[GOST_X], x->data, x->size)) { + if (_gnutls_mpi_init_scan_le(&key->params.params[GOST_X], x->data, + x->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; } key->params.params_nr++; - if (_gnutls_mpi_init_scan_le - (&key->params.params[GOST_Y], y->data, y->size)) { + if (_gnutls_mpi_init_scan_le(&key->params.params[GOST_Y], y->data, + y->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; } key->params.params_nr++; - if (_gnutls_mpi_init_scan_le - (&key->params.params[GOST_K], k->data, k->size)) { + if (_gnutls_mpi_init_scan_le(&key->params.params[GOST_K], k->data, + k->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; goto cleanup; @@ -1332,11 +1279,10 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, return 0; - cleanup: +cleanup: gnutls_pk_params_clear(&key->params); gnutls_pk_params_release(&key->params); return ret; - } /** @@ -1370,9 +1316,8 @@ int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key) * Returns: a member of the #gnutls_pk_algorithm_t enumeration on * success, or a negative error code on error. **/ -int -gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t key, - unsigned int *bits) +int gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t key, + unsigned int *bits) { int ret; @@ -1391,9 +1336,8 @@ gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t key, return key->params.algo; } -void -_gnutls_x509_privkey_get_spki_params(gnutls_x509_privkey_t key, - gnutls_x509_spki_st * params) +void _gnutls_x509_privkey_get_spki_params(gnutls_x509_privkey_t key, + gnutls_x509_spki_st *params) { memcpy(params, &key->params.spki, sizeof(gnutls_x509_spki_st)); } @@ -1409,9 +1353,8 @@ _gnutls_x509_privkey_get_spki_params(gnutls_x509_privkey_t key, * * Returns: Zero on success, or a negative error code on error. **/ -int -gnutls_x509_privkey_get_spki(gnutls_x509_privkey_t key, gnutls_x509_spki_t spki, - unsigned int flags) +int gnutls_x509_privkey_get_spki(gnutls_x509_privkey_t key, + gnutls_x509_spki_t spki, unsigned int flags) { if (key == NULL) { gnutls_assert(); @@ -1437,9 +1380,9 @@ gnutls_x509_privkey_get_spki(gnutls_x509_privkey_t key, gnutls_x509_spki_t spki, * * Returns: Zero on success, or a negative error code on error. **/ -int -gnutls_x509_privkey_set_spki(gnutls_x509_privkey_t key, - const gnutls_x509_spki_t spki, unsigned int flags) +int gnutls_x509_privkey_set_spki(gnutls_x509_privkey_t key, + const gnutls_x509_spki_t spki, + unsigned int flags) { gnutls_pk_params_st tparams; int ret; @@ -1498,10 +1441,9 @@ static const char *set_msg(gnutls_x509_privkey_t key) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_export(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t *output_data_size) +int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t *output_data_size) { gnutls_datum_t out; int ret; @@ -1539,9 +1481,9 @@ gnutls_x509_privkey_export(gnutls_x509_privkey_t key, * * Since 3.1.3 **/ -int -gnutls_x509_privkey_export2(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) +int gnutls_x509_privkey_export2(gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + gnutls_datum_t *out) { const char *msg; int ret; @@ -1551,7 +1493,7 @@ gnutls_x509_privkey_export2(gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } - if (key->key == NULL) { /* can only export in PKCS#8 form */ + if (key->key == NULL) { /* can only export in PKCS#8 form */ return gnutls_x509_privkey_export2_pkcs8(key, format, NULL, 0, out); } @@ -1611,9 +1553,9 @@ gnutls_sec_param_t gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key) * Since: 3.0 **/ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, - gnutls_ecc_curve_t * curve, - gnutls_datum_t * x, - gnutls_datum_t * y, gnutls_datum_t * k) + gnutls_ecc_curve_t *curve, + gnutls_datum_t *x, gnutls_datum_t *y, + gnutls_datum_t *k) { if (key == NULL) { gnutls_assert(); @@ -1646,11 +1588,11 @@ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, * Since: 3.6.3 **/ int gnutls_x509_privkey_export_gost_raw(gnutls_x509_privkey_t key, - gnutls_ecc_curve_t * curve, - gnutls_digest_algorithm_t * digest, - gnutls_gost_paramset_t * paramset, - gnutls_datum_t * x, - gnutls_datum_t * y, gnutls_datum_t * k) + gnutls_ecc_curve_t *curve, + gnutls_digest_algorithm_t *digest, + gnutls_gost_paramset_t *paramset, + gnutls_datum_t *x, gnutls_datum_t *y, + gnutls_datum_t *k) { if (key == NULL) { gnutls_assert(); @@ -1678,11 +1620,10 @@ int gnutls_x509_privkey_export_gost_raw(gnutls_x509_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u) +int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, + gnutls_datum_t *m, gnutls_datum_t *e, + gnutls_datum_t *d, gnutls_datum_t *p, + gnutls_datum_t *q, gnutls_datum_t *u) { return _gnutls_params_get_rsa_raw(&key->params, m, e, d, p, q, u, NULL, NULL, 0); @@ -1709,12 +1650,11 @@ gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, * * Since: 2.12.0 **/ -int -gnutls_x509_privkey_export_rsa_raw2(gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u, - gnutls_datum_t * e1, gnutls_datum_t * e2) +int gnutls_x509_privkey_export_rsa_raw2(gnutls_x509_privkey_t key, + gnutls_datum_t *m, gnutls_datum_t *e, + gnutls_datum_t *d, gnutls_datum_t *p, + gnutls_datum_t *q, gnutls_datum_t *u, + gnutls_datum_t *e1, gnutls_datum_t *e2) { return _gnutls_params_get_rsa_raw(&key->params, m, e, d, p, q, u, e1, e2, 0); @@ -1736,11 +1676,10 @@ gnutls_x509_privkey_export_rsa_raw2(gnutls_x509_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y, - gnutls_datum_t * x) +int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, + gnutls_datum_t *p, gnutls_datum_t *q, + gnutls_datum_t *g, gnutls_datum_t *y, + gnutls_datum_t *x) { return _gnutls_params_get_dsa_raw(&key->params, p, q, g, y, x, 0); } @@ -1776,10 +1715,9 @@ gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, - gnutls_pk_algorithm_t algo, unsigned int bits, - unsigned int flags) +int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, + gnutls_pk_algorithm_t algo, unsigned int bits, + unsigned int flags) { return gnutls_x509_privkey_generate2(key, algo, bits, flags, NULL, 0); } @@ -1824,12 +1762,11 @@ gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, - gnutls_pk_algorithm_t algo, unsigned int bits, - unsigned int flags, - const gnutls_keygen_data_st * data, - unsigned data_size) +int gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, + gnutls_pk_algorithm_t algo, unsigned int bits, + unsigned int flags, + const gnutls_keygen_data_st *data, + unsigned data_size) { int ret; unsigned i; @@ -1843,8 +1780,8 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, gnutls_pk_params_init(&key->params); for (i = 0; i < data_size; i++) { - if (data[i].type == GNUTLS_KEYGEN_SEED - && data[i].size < sizeof(key->params.seed)) { + if (data[i].type == GNUTLS_KEYGEN_SEED && + data[i].size < sizeof(key->params.seed)) { key->params.seed_size = data[i].size; memcpy(key->params.seed, data[i].data, data[i].size); } else if (data[i].type == GNUTLS_KEYGEN_DIGEST) { @@ -1861,8 +1798,8 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, bits = _gnutls_ecc_bits_to_curve(algo, bits); if (gnutls_ecc_curve_get_pk(bits) != algo) { - _gnutls_debug_log - ("curve is incompatible with public key algorithm\n"); + _gnutls_debug_log( + "curve is incompatible with public key algorithm\n"); return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } } @@ -1880,8 +1817,8 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, if ((algo == GNUTLS_PK_GOST_01 && size != 32) || (algo == GNUTLS_PK_GOST_12_256 && size != 32) || (algo == GNUTLS_PK_GOST_12_512 && size != 64)) { - _gnutls_debug_log - ("curve is incompatible with public key algorithm\n"); + _gnutls_debug_log( + "curve is incompatible with public key algorithm\n"); return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } @@ -1906,7 +1843,7 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, key->params.spki.pk = GNUTLS_PK_RSA_PSS; key->params.spki.rsa_pss_dig = - _gnutls_pk_bits_to_sha_hash(bits); + _gnutls_pk_bits_to_sha_hash(bits); me = hash_to_entry(key->params.spki.rsa_pss_dig); if (unlikely(me == NULL)) { @@ -1952,7 +1889,7 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, return 0; - cleanup: +cleanup: key->params.algo = GNUTLS_PK_UNKNOWN; gnutls_pk_params_clear(&key->params); gnutls_pk_params_release(&key->params); @@ -1977,7 +1914,7 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, * Since: 3.5.0 **/ int gnutls_x509_privkey_get_seed(gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t * digest, void *seed, + gnutls_digest_algorithm_t *digest, void *seed, size_t *seed_size) { if (key->params.seed_size == 0) @@ -2003,26 +1940,23 @@ int gnutls_x509_privkey_get_seed(gnutls_x509_privkey_t key, return 0; } -static -int cmp_rsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) +static int cmp_rsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) { - gnutls_datum_t m1 = { NULL, 0 }, e1 = { NULL, 0 }, d1 = - { NULL, 0 }, p1 = { NULL, 0 }, q1 = { NULL, 0 }; - gnutls_datum_t m2 = { NULL, 0 }, e2 = { NULL, 0 }, d2 = - { NULL, 0 }, p2 = { NULL, 0 }, q2 = { NULL, 0 }; + gnutls_datum_t m1 = { NULL, 0 }, e1 = { NULL, 0 }, d1 = { NULL, 0 }, + p1 = { NULL, 0 }, q1 = { NULL, 0 }; + gnutls_datum_t m2 = { NULL, 0 }, e2 = { NULL, 0 }, d2 = { NULL, 0 }, + p2 = { NULL, 0 }, q2 = { NULL, 0 }; int ret; - ret = - gnutls_x509_privkey_export_rsa_raw(key1, &m1, &e1, &d1, &p1, &q1, - NULL); + ret = gnutls_x509_privkey_export_rsa_raw(key1, &m1, &e1, &d1, &p1, &q1, + NULL); if (ret < 0) { gnutls_assert(); return ret; } - ret = - gnutls_x509_privkey_export_rsa_raw(key2, &m2, &e2, &d2, &p2, &q2, - NULL); + ret = gnutls_x509_privkey_export_rsa_raw(key2, &m2, &e2, &d2, &p2, &q2, + NULL); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2059,7 +1993,7 @@ int cmp_rsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) } ret = 0; - cleanup: +cleanup: gnutls_free(m1.data); gnutls_free(e1.data); gnutls_free(d1.data); @@ -2073,22 +2007,21 @@ int cmp_rsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) return ret; } -static -int cmp_dsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) +static int cmp_dsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) { gnutls_datum_t p1 = { NULL, 0 }, q1 = { NULL, 0 }, g1 = { NULL, 0 }; gnutls_datum_t p2 = { NULL, 0 }, q2 = { NULL, 0 }, g2 = { NULL, 0 }; int ret; - ret = - gnutls_x509_privkey_export_dsa_raw(key1, &p1, &q1, &g1, NULL, NULL); + ret = gnutls_x509_privkey_export_dsa_raw(key1, &p1, &q1, &g1, NULL, + NULL); if (ret < 0) { gnutls_assert(); return ret; } - ret = - gnutls_x509_privkey_export_dsa_raw(key2, &p2, &q2, &g2, NULL, NULL); + ret = gnutls_x509_privkey_export_dsa_raw(key2, &p2, &q2, &g2, NULL, + NULL); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2113,7 +2046,7 @@ int cmp_dsa_key(gnutls_x509_privkey_t key1, gnutls_x509_privkey_t key2) } ret = 0; - cleanup: +cleanup: gnutls_free(g1.data); gnutls_free(p1.data); gnutls_free(q1.data); @@ -2153,8 +2086,8 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } - if (key->params.algo != GNUTLS_PK_RSA - && key->params.algo != GNUTLS_PK_DSA) + if (key->params.algo != GNUTLS_PK_RSA && + key->params.algo != GNUTLS_PK_DSA) return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); ret = gnutls_x509_privkey_get_pk_algorithm2(key, &bits); @@ -2190,7 +2123,7 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, else ret = cmp_dsa_key(key, okey); - cleanup: +cleanup: gnutls_x509_privkey_deinit(okey); return ret; @@ -2238,11 +2171,10 @@ int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t key) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, - unsigned int flags, - unsigned char *output_data, - size_t *output_data_size) +int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, + unsigned int flags, + unsigned char *output_data, + size_t *output_data_size) { int ret; @@ -2251,9 +2183,8 @@ gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } - ret = - _gnutls_get_key_id(&key->params, - output_data, output_data_size, flags); + ret = _gnutls_get_key_id(&key->params, output_data, output_data_size, + flags); if (ret < 0) { gnutls_assert(); } @@ -2281,10 +2212,9 @@ gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, * * Deprecated in: 2.12.0 */ -int -gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) +int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, + const gnutls_datum_t *hash, + gnutls_datum_t *signature) { int result; @@ -2293,17 +2223,16 @@ gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } - if (key->params.algo != GNUTLS_PK_RSA - && key->params.algo != GNUTLS_PK_ECDSA - && key->params.algo != GNUTLS_PK_DSA) { + if (key->params.algo != GNUTLS_PK_RSA && + key->params.algo != GNUTLS_PK_ECDSA && + key->params.algo != GNUTLS_PK_DSA) { /* too primitive API - use only with legacy types */ gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - result = - _gnutls_pk_sign(key->params.algo, signature, hash, - &key->params, &key->params.spki); + result = _gnutls_pk_sign(key->params.algo, signature, hash, + &key->params, &key->params.spki); if (result < 0) { gnutls_assert(); @@ -2338,12 +2267,11 @@ gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. */ -int -gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t digest, - unsigned int flags, - const gnutls_datum_t * data, - void *signature, size_t *signature_size) +int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t digest, + unsigned int flags, + const gnutls_datum_t *data, void *signature, + size_t *signature_size) { gnutls_privkey_t privkey; gnutls_datum_t sig = { NULL, 0 }; @@ -2374,7 +2302,7 @@ gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, *signature_size = sig.size; memcpy(signature, sig.data, sig.size); - cleanup: +cleanup: _gnutls_free_datum(&sig); gnutls_privkey_deinit(privkey); return ret; diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c index a9206e7d70..f7b33c825f 100644 --- a/lib/x509/privkey_openssl.c +++ b/lib/x509/privkey_openssl.c @@ -33,9 +33,8 @@ #include <num.h> #include <random.h> -static int -openssl_hash_password(const char *_password, gnutls_datum_t * key, - gnutls_datum_t * salt) +static int openssl_hash_password(const char *_password, gnutls_datum_t *key, + gnutls_datum_t *salt) { unsigned char md5[16]; digest_hd_st hd; @@ -45,10 +44,8 @@ openssl_hash_password(const char *_password, gnutls_datum_t * key, if (_password != NULL) { gnutls_datum_t pout; - ret = - _gnutls_utf8_password_normalize(_password, - strlen(_password), &pout, - 1); + ret = _gnutls_utf8_password_normalize( + _password, strlen(_password), &pout, 1); if (ret < 0) return gnutls_assert_val(ret); @@ -65,7 +62,7 @@ openssl_hash_password(const char *_password, gnutls_datum_t * key, if (count) { ret = _gnutls_hash(&hd, md5, sizeof(md5)); if (ret < 0) { - hash_err: + hash_err: _gnutls_hash_deinit(&hd, NULL); gnutls_assert(); goto cleanup; @@ -97,7 +94,7 @@ openssl_hash_password(const char *_password, gnutls_datum_t * key, } ret = 0; - cleanup: +cleanup: gnutls_free(password); return ret; } @@ -108,14 +105,14 @@ struct pem_cipher { }; static const struct pem_cipher pem_ciphers[] = { - {"DES-CBC", GNUTLS_CIPHER_DES_CBC}, - {"DES-EDE3-CBC", GNUTLS_CIPHER_3DES_CBC}, - {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC}, - {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC}, - {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC}, - {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC}, - {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC}, - {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC}, + { "DES-CBC", GNUTLS_CIPHER_DES_CBC }, + { "DES-EDE3-CBC", GNUTLS_CIPHER_3DES_CBC }, + { "AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC }, + { "AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC }, + { "AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC }, + { "CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC }, + { "CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC }, + { "CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC }, }; /** @@ -137,10 +134,9 @@ static const struct pem_cipher pem_ciphers[] = { * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - const char *password) +int gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key, + const gnutls_datum_t *data, + const char *password) { gnutls_cipher_hd_t handle; gnutls_cipher_algorithm_t cipher = GNUTLS_CIPHER_UNKNOWN; @@ -172,7 +168,7 @@ gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key, } pem_header_size = - data->size - (ptrdiff_t)(pem_header - pem_header_start) - 10; + data->size - (ptrdiff_t)(pem_header - pem_header_start) - 10; pem_header += 10; for (i = 0; i < sizeof(pem_ciphers) / sizeof(pem_ciphers[0]); i++) { @@ -186,8 +182,8 @@ gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key, } if (cipher == GNUTLS_CIPHER_UNKNOWN) { - _gnutls_debug_log - ("Unsupported PEM encryption type: %.10s\n", pem_header); + _gnutls_debug_log("Unsupported PEM encryption type: %.10s\n", + pem_header); gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } @@ -221,9 +217,8 @@ gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key, while (*pem_header == '\n' || *pem_header == '\r') pem_header++; - ret = - _gnutls_base64_decode((const void *)pem_header, - pem_header_size, &b64_data); + ret = _gnutls_base64_decode((const void *)pem_header, pem_header_size, + &b64_data); if (ret < 0) { gnutls_assert(); goto out_salt; @@ -279,7 +274,7 @@ gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key, if (key_data[0] == 0x30) { gnutls_datum_t key_datum; unsigned int blocksize = - gnutls_cipher_get_block_size(cipher); + gnutls_cipher_get_block_size(cipher); unsigned int keylen = key_data[1]; unsigned int ofs = 2; @@ -301,8 +296,8 @@ gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key, keylen += ofs; /* If there appears to be more or less padding than required, fail */ - if (key_data_size - keylen > blocksize - || key_data_size < keylen + 1) { + if (key_data_size - keylen > blocksize || + key_data_size < keylen + 1) { gnutls_assert(); goto fail; } @@ -319,24 +314,23 @@ gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key, key_datum.data = key_data; key_datum.size = keylen; - ret = - gnutls_x509_privkey_import(key, &key_datum, - GNUTLS_X509_FMT_DER); + ret = gnutls_x509_privkey_import(key, &key_datum, + GNUTLS_X509_FMT_DER); if (ret == 0) goto out; } - fail: + fail: ret = GNUTLS_E_DECRYPTION_FAILED; goto out; } - out: +out: zeroize_key(key_data, key_data_size); gnutls_free(key_data); - out_enc_key: +out_enc_key: _gnutls_free_key_datum(&enc_key); - out_b64: +out_b64: gnutls_free(b64_data.data); - out_salt: +out_salt: gnutls_free(salt.data); return ret; } diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 5ee1961c1e..91eb1f16c5 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -41,12 +41,11 @@ static int _decode_pkcs8_ecc_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey); -static -int pkcs8_key_info(const gnutls_datum_t * raw_key, - const struct pkcs_cipher_schema_st **p, - struct pbkdf2_params *kdf_params, char **oid); +static int pkcs8_key_info(const gnutls_datum_t *raw_key, + const struct pkcs_cipher_schema_st **p, + struct pbkdf2_params *kdf_params, char **oid); -static int decode_private_key_info(const gnutls_datum_t * der, +static int decode_private_key_info(const gnutls_datum_t *der, gnutls_x509_privkey_t pkey); #define PEM_PKCS8 "ENCRYPTED PRIVATE KEY" @@ -59,8 +58,8 @@ static int decode_private_key_info(const gnutls_datum_t * der, * For RSA it is a PKCS #1 DER private key and for DSA it is * an ASN.1 INTEGER of the x value. */ -inline static int -_encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) +inline static int _encode_privkey(gnutls_x509_privkey_t pkey, + gnutls_datum_t *raw) { int ret; asn1_node spk = NULL; @@ -83,17 +82,16 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: - if ((ret = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.GOSTPrivateKey", &spk)) - != ASN1_SUCCESS) { + if ((ret = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.GOSTPrivateKey", + &spk)) != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto error; } - ret = - _gnutls_x509_write_key_int_le(spk, "", - pkey->params.params[GOST_K]); + ret = _gnutls_x509_write_key_int_le( + spk, "", pkey->params.params[GOST_K]); if (ret < 0) { gnutls_assert(); goto error; @@ -111,9 +109,8 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) case GNUTLS_PK_RSA: case GNUTLS_PK_RSA_PSS: case GNUTLS_PK_ECDSA: - ret = - _gnutls_x509_export_int2(pkey->key, GNUTLS_X509_FMT_DER, - "", raw); + ret = _gnutls_x509_export_int2(pkey->key, GNUTLS_X509_FMT_DER, + "", raw); if (ret < 0) { gnutls_assert(); goto error; @@ -122,15 +119,15 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) break; case GNUTLS_PK_DSA: /* DSAPublicKey == INTEGER */ - if ((ret = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", &spk)) - != ASN1_SUCCESS) { + if ((ret = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.DSAPublicKey", &spk)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); } - ret = - _gnutls_x509_write_int(spk, "", pkey->params.params[4], 1); + ret = _gnutls_x509_write_int(spk, "", pkey->params.params[4], + 1); if (ret < 0) { gnutls_assert(); goto error; @@ -151,11 +148,10 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) return 0; - error: +error: asn1_delete_structure2(&spk, ASN1_DELETE_FLAG_ZEROIZE); asn1_delete_structure(&spk); return ret; - } /* @@ -163,9 +159,8 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) * info. The output will be allocated and stored into der. Also * the asn1_node of private key info will be returned. */ -static int -encode_to_private_key_info(gnutls_x509_privkey_t pkey, - gnutls_datum_t * der, asn1_node * pkey_info) +static int encode_to_private_key_info(gnutls_x509_privkey_t pkey, + gnutls_datum_t *der, asn1_node *pkey_info) { int result, len; uint8_t null = 0; @@ -185,10 +180,9 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey, return result; } - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-8-PrivateKeyInfo", - pkey_info)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-8-PrivateKeyInfo", + pkey_info)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; @@ -206,18 +200,16 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey, /* write the privateKeyAlgorithm * fields. (OID+NULL data) */ - result = - asn1_write_value(*pkey_info, "privateKeyAlgorithm.algorithm", - oid, 1); + result = asn1_write_value(*pkey_info, "privateKeyAlgorithm.algorithm", + oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; } - result = - asn1_write_value(*pkey_info, "privateKeyAlgorithm.parameters", - algo_params.data, algo_params.size); + result = asn1_write_value(*pkey_info, "privateKeyAlgorithm.parameters", + algo_params.data, algo_params.size); _gnutls_free_key_datum(&algo_params); if (result != ASN1_SUCCESS) { @@ -234,9 +226,8 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey, goto error; } - result = - asn1_write_value(*pkey_info, "privateKey", algo_privkey.data, - algo_privkey.size); + result = asn1_write_value(*pkey_info, "privateKey", algo_privkey.data, + algo_privkey.size); _gnutls_free_key_datum(&algo_privkey); if (result != ASN1_SUCCESS) { @@ -245,8 +236,8 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey, goto error; } - if ((pkey->params.pkflags & GNUTLS_PK_FLAG_PROVABLE) - && pkey->params.seed_size > 0) { + if ((pkey->params.pkflags & GNUTLS_PK_FLAG_PROVABLE) && + pkey->params.seed_size > 0) { gnutls_datum_t seed_info; /* rfc8479 attribute encoding */ @@ -256,9 +247,8 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey, goto error; } - result = - _x509_set_attribute(*pkey_info, "attributes", - OID_ATTR_PROV_SEED, &seed_info); + result = _x509_set_attribute(*pkey_info, "attributes", + OID_ATTR_PROV_SEED, &seed_info); gnutls_free(seed_info.data); if (result < 0) { gnutls_assert(); @@ -303,20 +293,18 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey, return 0; - error: +error: asn1_delete_structure2(pkey_info, ASN1_DELETE_FLAG_ZEROIZE); _gnutls_free_datum(&algo_params); _gnutls_free_key_datum(&algo_privkey); return result; - } /* Converts a PKCS #8 private key info to * a PKCS #8 EncryptedPrivateKeyInfo. */ -static int -encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key, - const char *password, asn1_node * out) +static int encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t *der_key, + const char *password, asn1_node *out) { int result; gnutls_datum_t key = { NULL, 0 }; @@ -331,19 +319,17 @@ encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key, return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element( + _gnutls_get_pkix(), "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } /* Write the encryption schema OID */ - result = - asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm", - s->write_oid, 1); + result = asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm", + s->write_oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -354,18 +340,16 @@ encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key, /* Generate a symmetric key. */ - result = - _gnutls_pkcs_generate_key(schema, password, &kdf_params, - &enc_params, &key); + result = _gnutls_pkcs_generate_key(schema, password, &kdf_params, + &enc_params, &key); if (result < 0) { gnutls_assert(); goto error; } - result = - _gnutls_pkcs_write_schema_params(schema, pkcs8_asn, - "encryptionAlgorithm.parameters", - &kdf_params, &enc_params); + result = _gnutls_pkcs_write_schema_params( + schema, pkcs8_asn, "encryptionAlgorithm.parameters", + &kdf_params, &enc_params); if (result < 0) { gnutls_assert(); goto error; @@ -375,7 +359,7 @@ encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key, * encrypt the Data. */ result = - _gnutls_pkcs_raw_encrypt_data(der_key, &enc_params, &key, &tmp); + _gnutls_pkcs_raw_encrypt_data(der_key, &enc_params, &key, &tmp); if (result < 0) { gnutls_assert(); goto error; @@ -383,8 +367,8 @@ encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key, /* write the encrypted data. */ - result = - asn1_write_value(pkcs8_asn, "encryptedData", tmp.data, tmp.size); + result = asn1_write_value(pkcs8_asn, "encryptedData", tmp.data, + tmp.size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -398,7 +382,7 @@ encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key, return 0; - error: +error: _gnutls_free_key_datum(&key); _gnutls_free_datum(&tmp); asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); @@ -434,12 +418,11 @@ encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key, * Returns: In case of failure a negative error code will be * returned, and 0 on success. **/ -int -gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags, - void *output_data, size_t *output_data_size) +int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + const char *password, unsigned int flags, + void *output_data, + size_t *output_data_size) { asn1_node pkcs8_asn = NULL, pkey_info; int ret; @@ -462,18 +445,19 @@ gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, schema = _gnutls_pkcs_flags_to_schema(flags); - if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) - && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) { + if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && + !(flags & GNUTLS_PKCS_NULL_PASSWORD)) { _gnutls_free_datum(&tmp); - ret = - _gnutls_x509_export_int(pkey_info, format, - PEM_UNENCRYPTED_PKCS8, - output_data, output_data_size); + ret = _gnutls_x509_export_int(pkey_info, format, + PEM_UNENCRYPTED_PKCS8, + output_data, output_data_size); asn1_delete_structure2(&pkey_info, ASN1_DELETE_FLAG_ZEROIZE); } else { - asn1_delete_structure2(&pkey_info, ASN1_DELETE_FLAG_ZEROIZE); /* we don't need it */ + asn1_delete_structure2( + &pkey_info, + ASN1_DELETE_FLAG_ZEROIZE); /* we don't need it */ ret = encode_to_pkcs8_key(schema, &tmp, password, &pkcs8_asn); _gnutls_free_key_datum(&tmp); @@ -483,9 +467,8 @@ gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, return ret; } - ret = - _gnutls_x509_export_int(pkcs8_asn, format, PEM_PKCS8, - output_data, output_data_size); + ret = _gnutls_x509_export_int(pkcs8_asn, format, PEM_PKCS8, + output_data, output_data_size); asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); } @@ -517,11 +500,10 @@ gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, * * Since: 3.4.0 **/ -int -gnutls_pkcs8_info(const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, - unsigned int *schema, unsigned int *cipher, - void *salt, unsigned int *salt_size, - unsigned int *iter_count, char **oid) +int gnutls_pkcs8_info(const gnutls_datum_t *data, gnutls_x509_crt_fmt_t format, + unsigned int *schema, unsigned int *cipher, void *salt, + unsigned int *salt_size, unsigned int *iter_count, + char **oid) { int ret = 0, need_free = 0; gnutls_datum_t _data; @@ -541,15 +523,13 @@ gnutls_pkcs8_info(const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, if (format == GNUTLS_X509_FMT_PEM) { /* Try the first header */ - ret = - _gnutls_fbase64_decode(PEM_UNENCRYPTED_PKCS8, - data->data, data->size, &_data); + ret = _gnutls_fbase64_decode(PEM_UNENCRYPTED_PKCS8, data->data, + data->size, &_data); - if (ret < 0) { /* Try the encrypted header + if (ret < 0) { /* Try the encrypted header */ - ret = - _gnutls_fbase64_decode(PEM_PKCS8, data->data, - data->size, &_data); + ret = _gnutls_fbase64_decode(PEM_PKCS8, data->data, + data->size, &_data); if (ret < 0) { gnutls_assert(); @@ -597,7 +577,7 @@ gnutls_pkcs8_info(const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, return 0; - cleanup: +cleanup: if (ret != GNUTLS_E_UNKNOWN_CIPHER_TYPE && oid) { gnutls_free(*oid); } @@ -633,11 +613,10 @@ gnutls_pkcs8_info(const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, * * Since 3.1.3 **/ -int -gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags, gnutls_datum_t * out) +int gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + const char *password, unsigned int flags, + gnutls_datum_t *out) { asn1_node pkcs8_asn = NULL, pkey_info; int ret; @@ -660,17 +639,18 @@ gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key, schema = _gnutls_pkcs_flags_to_schema(flags); - if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) - && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) { + if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && + !(flags & GNUTLS_PKCS_NULL_PASSWORD)) { _gnutls_free_key_datum(&tmp); - ret = - _gnutls_x509_export_int2(pkey_info, format, - PEM_UNENCRYPTED_PKCS8, out); + ret = _gnutls_x509_export_int2(pkey_info, format, + PEM_UNENCRYPTED_PKCS8, out); asn1_delete_structure2(&pkey_info, ASN1_DELETE_FLAG_ZEROIZE); } else { - asn1_delete_structure2(&pkey_info, ASN1_DELETE_FLAG_ZEROIZE); /* we don't need it */ + asn1_delete_structure2( + &pkey_info, + ASN1_DELETE_FLAG_ZEROIZE); /* we don't need it */ ret = encode_to_pkcs8_key(schema, &tmp, password, &pkcs8_asn); _gnutls_free_key_datum(&tmp); @@ -680,8 +660,8 @@ gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key, return ret; } - ret = - _gnutls_x509_export_int2(pkcs8_asn, format, PEM_PKCS8, out); + ret = _gnutls_x509_export_int2(pkcs8_asn, format, PEM_PKCS8, + out); asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); } @@ -689,28 +669,27 @@ gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key, return ret; } - /* We've gotten this far. In the real world it's almost certain +/* We've gotten this far. In the real world it's almost certain * that we're dealing with a good file, but wrong password. * Sadly like 90% of random data is somehow valid DER for the * a first small number of bytes, so no easy way to guarantee. */ -#define CHECK_ERR_FOR_ENCRYPTED(result) \ - if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND || \ - result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND || \ - result == GNUTLS_E_ASN1_DER_ERROR || \ - result == GNUTLS_E_ASN1_VALUE_NOT_FOUND || \ - result == GNUTLS_E_ASN1_GENERIC_ERROR || \ - result == GNUTLS_E_ASN1_VALUE_NOT_VALID || \ - result == GNUTLS_E_ASN1_TAG_ERROR || \ - result == GNUTLS_E_ASN1_TAG_IMPLICIT || \ - result == GNUTLS_E_ASN1_TYPE_ANY_ERROR || \ - result == GNUTLS_E_ASN1_SYNTAX_ERROR || \ - result == GNUTLS_E_ASN1_DER_OVERFLOW) { \ - result = GNUTLS_E_DECRYPTION_FAILED; \ - } - -static int pkcs8_key_decrypt(const gnutls_datum_t * raw_key, - asn1_node pkcs8_asn, const char *password, - gnutls_x509_privkey_t pkey) +#define CHECK_ERR_FOR_ENCRYPTED(result) \ + if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND || \ + result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND || \ + result == GNUTLS_E_ASN1_DER_ERROR || \ + result == GNUTLS_E_ASN1_VALUE_NOT_FOUND || \ + result == GNUTLS_E_ASN1_GENERIC_ERROR || \ + result == GNUTLS_E_ASN1_VALUE_NOT_VALID || \ + result == GNUTLS_E_ASN1_TAG_ERROR || \ + result == GNUTLS_E_ASN1_TAG_IMPLICIT || \ + result == GNUTLS_E_ASN1_TYPE_ANY_ERROR || \ + result == GNUTLS_E_ASN1_SYNTAX_ERROR || \ + result == GNUTLS_E_ASN1_DER_OVERFLOW) { \ + result = GNUTLS_E_DECRYPTION_FAILED; \ + } + +static int pkcs8_key_decrypt(const gnutls_datum_t *raw_key, asn1_node pkcs8_asn, + const char *password, gnutls_x509_privkey_t pkey) { int result, len; char enc_oid[MAX_OID_SIZE]; @@ -723,9 +702,8 @@ static int pkcs8_key_decrypt(const gnutls_datum_t * raw_key, /* Check the encryption schema OID */ len = sizeof(enc_oid); - result = - asn1_read_value(pkcs8_asn, "encryptionAlgorithm.algorithm", - enc_oid, &len); + result = asn1_read_value(pkcs8_asn, "encryptionAlgorithm.algorithm", + enc_oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); goto error; @@ -740,11 +718,10 @@ static int pkcs8_key_decrypt(const gnutls_datum_t * raw_key, /* Get the DER encoding of the parameters. */ - result = - asn1_der_decoding_startEnd(pkcs8_asn, raw_key->data, - raw_key->size, - "encryptionAlgorithm.parameters", - ¶ms_start, ¶ms_end); + result = asn1_der_decoding_startEnd(pkcs8_asn, raw_key->data, + raw_key->size, + "encryptionAlgorithm.parameters", + ¶ms_start, ¶ms_end); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -752,11 +729,10 @@ static int pkcs8_key_decrypt(const gnutls_datum_t * raw_key, } params_len = params_end - params_start + 1; - result = - _gnutls_read_pkcs_schema_params(&schema, password, - &raw_key->data[params_start], - params_len, &kdf_params, - &enc_params); + result = _gnutls_read_pkcs_schema_params(&schema, password, + &raw_key->data[params_start], + params_len, &kdf_params, + &enc_params); if (result < 0) { gnutls_assert(); @@ -766,10 +742,9 @@ static int pkcs8_key_decrypt(const gnutls_datum_t * raw_key, /* Parameters have been decoded. Now * decrypt the EncryptedData. */ - result = - _gnutls_pkcs_raw_decrypt_data(schema, pkcs8_asn, "encryptedData", - password, &kdf_params, &enc_params, - &tmp); + result = _gnutls_pkcs_raw_decrypt_data(schema, pkcs8_asn, + "encryptedData", password, + &kdf_params, &enc_params, &tmp); if (result < 0) { gnutls_assert(); result = GNUTLS_E_DECRYPTION_FAILED; @@ -787,25 +762,24 @@ static int pkcs8_key_decrypt(const gnutls_datum_t * raw_key, return 0; - error: +error: return result; } -static int check_for_decrypted(const gnutls_datum_t * der) +static int check_for_decrypted(const gnutls_datum_t *der) { int result; asn1_node pkcs8_asn = NULL; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-8-PrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-8-PrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } result = - _asn1_strict_der_decode(&pkcs8_asn, der->data, der->size, NULL); + _asn1_strict_der_decode(&pkcs8_asn, der->data, der->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -813,16 +787,14 @@ static int check_for_decrypted(const gnutls_datum_t * der) } result = 0; - error: +error: asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; - } -static -int pkcs8_key_info(const gnutls_datum_t * raw_key, - const struct pkcs_cipher_schema_st **p, - struct pbkdf2_params *kdf_params, char **oid) +static int pkcs8_key_info(const gnutls_datum_t *raw_key, + const struct pkcs_cipher_schema_st **p, + struct pbkdf2_params *kdf_params, char **oid) { int result, len; char enc_oid[MAX_OID_SIZE * 2]; @@ -837,18 +809,16 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key, if (result == 0) return GNUTLS_E_INVALID_REQUEST; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element( + _gnutls_get_pkix(), "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; } - result = - _asn1_strict_der_decode(&pkcs8_asn, raw_key->data, raw_key->size, - NULL); + result = _asn1_strict_der_decode(&pkcs8_asn, raw_key->data, + raw_key->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -858,9 +828,8 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key, /* Check the encryption schema OID */ len = sizeof(enc_oid); - result = - asn1_read_value(pkcs8_asn, "encryptionAlgorithm.algorithm", - enc_oid, &len); + result = asn1_read_value(pkcs8_asn, "encryptionAlgorithm.algorithm", + enc_oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); goto error; @@ -879,11 +848,10 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key, /* Get the DER encoding of the parameters. */ - result = - asn1_der_decoding_startEnd(pkcs8_asn, raw_key->data, - raw_key->size, - "encryptionAlgorithm.parameters", - ¶ms_start, ¶ms_end); + result = asn1_der_decoding_startEnd(pkcs8_asn, raw_key->data, + raw_key->size, + "encryptionAlgorithm.parameters", + ¶ms_start, ¶ms_end); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -891,11 +859,10 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key, } params_len = params_end - params_start + 1; - result = - _gnutls_read_pkcs_schema_params(&schema, NULL, - &raw_key->data[params_start], - params_len, kdf_params, - &enc_params); + result = _gnutls_read_pkcs_schema_params(&schema, NULL, + &raw_key->data[params_start], + params_len, kdf_params, + &enc_params); if (result < 0) { gnutls_assert(); @@ -917,7 +884,7 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key, result = 0; - error: +error: asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; } @@ -926,26 +893,22 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key, * an internal structure (gnutls_private_key) * (normally a PKCS #1 encoded RSA key) */ -static int -pkcs8_key_decode(const gnutls_datum_t * raw_key, - const char *password, gnutls_x509_privkey_t pkey, - unsigned int decrypt) +static int pkcs8_key_decode(const gnutls_datum_t *raw_key, const char *password, + gnutls_x509_privkey_t pkey, unsigned int decrypt) { int result; asn1_node pkcs8_asn = NULL; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element( + _gnutls_get_pkix(), "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; } - result = - _asn1_strict_der_decode(&pkcs8_asn, raw_key->data, raw_key->size, - NULL); + result = _asn1_strict_der_decode(&pkcs8_asn, raw_key->data, + raw_key->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -957,16 +920,15 @@ pkcs8_key_decode(const gnutls_datum_t * raw_key, else result = 0; - error: +error: asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; - } /* Decodes an RSA privateKey from a PKCS8 structure. */ -static int -_decode_pkcs8_rsa_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) +static int _decode_pkcs8_rsa_key(asn1_node pkcs8_asn, + gnutls_x509_privkey_t pkey) { int ret; gnutls_datum_t tmp = { NULL, 0 }; @@ -988,14 +950,14 @@ _decode_pkcs8_rsa_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) ret = 0; - error: +error: return ret; } /* Decodes an RSA-PSS privateKey from a PKCS8 structure. */ -static int -_decode_pkcs8_rsa_pss_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) +static int _decode_pkcs8_rsa_pss_key(asn1_node pkcs8_asn, + gnutls_x509_privkey_t pkey) { int ret; gnutls_datum_t tmp = { NULL, 0 }; @@ -1006,8 +968,8 @@ _decode_pkcs8_rsa_pss_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) ret = _gnutls_x509_read_value(pkcs8_asn, "privateKeyAlgorithm.parameters", &tmp); if (ret < 0) { - if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND - || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) + if (ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND || + ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) goto skip_params; gnutls_assert(); @@ -1022,7 +984,7 @@ _decode_pkcs8_rsa_pss_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) goto error; } - skip_params: +skip_params: ret = _decode_pkcs8_rsa_key(pkcs8_asn, pkey); if (ret < 0) { gnutls_assert(); @@ -1034,14 +996,14 @@ _decode_pkcs8_rsa_pss_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) ret = 0; - error: +error: return ret; } /* Decodes an ECC privateKey from a PKCS8 structure. */ -static int -_decode_pkcs8_ecc_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) +static int _decode_pkcs8_ecc_key(asn1_node pkcs8_asn, + gnutls_x509_privkey_t pkey) { int ret; gnutls_datum_t tmp = { NULL, 0 }; @@ -1053,9 +1015,8 @@ _decode_pkcs8_ecc_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) * privateKeyAlgorithm.parameters instead of the ECPrivateKey.parameters. */ len = sizeof(oid); - result = - asn1_read_value(pkcs8_asn, "privateKeyAlgorithm.parameters", - oid, &len); + result = asn1_read_value(pkcs8_asn, "privateKeyAlgorithm.parameters", + oid, &len); if (result == ASN1_SUCCESS) { ret = _gnutls_x509_read_ecc_params(oid, len, &curve); if (ret < 0) { @@ -1081,13 +1042,12 @@ _decode_pkcs8_ecc_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) ret = 0; - error: +error: return ret; } -static int -_decode_pkcs8_eddsa_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey, - const char *oid) +static int _decode_pkcs8_eddsa_key(asn1_node pkcs8_asn, + gnutls_x509_privkey_t pkey, const char *oid) { int ret; gnutls_datum_t tmp; @@ -1104,9 +1064,8 @@ _decode_pkcs8_eddsa_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey, ce = _gnutls_ecc_curve_get_params(curve); if (_curve_is_eddsa(ce)) { - ret = - _gnutls_x509_read_string(pkcs8_asn, "privateKey", &tmp, - ASN1_ETYPE_OCTET_STRING, 1); + ret = _gnutls_x509_read_string(pkcs8_asn, "privateKey", &tmp, + ASN1_ETYPE_OCTET_STRING, 1); if (ret < 0) { gnutls_assert(); return gnutls_assert_val(ret); @@ -1138,9 +1097,9 @@ _decode_pkcs8_eddsa_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey, } } -static int -_decode_pkcs8_modern_ecdh_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey, - const char *oid) +static int _decode_pkcs8_modern_ecdh_key(asn1_node pkcs8_asn, + gnutls_x509_privkey_t pkey, + const char *oid) { int ret; gnutls_datum_t tmp; @@ -1157,9 +1116,8 @@ _decode_pkcs8_modern_ecdh_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey, ce = _gnutls_ecc_curve_get_params(curve); if (_curve_is_modern_ecdh(ce)) { - ret = - _gnutls_x509_read_string(pkcs8_asn, "privateKey", &tmp, - ASN1_ETYPE_OCTET_STRING, 1); + ret = _gnutls_x509_read_string(pkcs8_asn, "privateKey", &tmp, + ASN1_ETYPE_OCTET_STRING, 1); if (ret < 0) { gnutls_assert(); return gnutls_assert_val(ret); @@ -1194,9 +1152,8 @@ _decode_pkcs8_modern_ecdh_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey, /* Converts a GOST key to * an internal structure (gnutls_private_key) */ -static int -_privkey_decode_gost_key(const gnutls_datum_t * raw_key, - gnutls_x509_privkey_t pkey) +static int _privkey_decode_gost_key(const gnutls_datum_t *raw_key, + gnutls_x509_privkey_t pkey) { int ret; int ecc_size = gnutls_ecc_curve_get_size(pkey->params.curve); @@ -1230,9 +1187,8 @@ _privkey_decode_gost_key(const gnutls_datum_t * raw_key, goto error; } - ret = _asn1_strict_der_decode(&pkey_asn, - raw_key->data, raw_key->size, - NULL); + ret = _asn1_strict_der_decode(&pkey_asn, raw_key->data, + raw_key->size, NULL); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -1262,9 +1218,8 @@ _privkey_decode_gost_key(const gnutls_datum_t * raw_key, goto error; } - ret = _asn1_strict_der_decode(&pkey_asn, - raw_key->data, raw_key->size, - NULL); + ret = _asn1_strict_der_decode(&pkey_asn, raw_key->data, + raw_key->size, NULL); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -1273,9 +1228,8 @@ _privkey_decode_gost_key(const gnutls_datum_t * raw_key, goto error; } - ret = _gnutls_x509_read_key_int_le(pkey_asn, "", - &pkey-> - params.params[GOST_K]); + ret = _gnutls_x509_read_key_int_le( + pkey_asn, "", &pkey->params.params[GOST_K]); if (ret < 0) { gnutls_assert(); asn1_delete_structure2(&pkey_asn, @@ -1293,20 +1247,21 @@ _privkey_decode_gost_key(const gnutls_datum_t * raw_key, return 0; - error: +error: return ret; - } /* Decodes a GOST privateKey from a PKCS8 structure. */ -static int -_decode_pkcs8_gost_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey, - gnutls_pk_algorithm_t algo) +static int _decode_pkcs8_gost_key(asn1_node pkcs8_asn, + gnutls_x509_privkey_t pkey, + gnutls_pk_algorithm_t algo) { int ret; gnutls_datum_t tmp; - unsigned char oid[3 * MAX_OID_SIZE]; /* GOST parameters can have 3 OIDs at most */ + unsigned char + oid[3 * + MAX_OID_SIZE]; /* GOST parameters can have 3 OIDs at most */ int len, result; gnutls_pk_params_init(&pkey->params); @@ -1319,9 +1274,8 @@ _decode_pkcs8_gost_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey, ret = GNUTLS_E_PARSING_ERROR; goto error; } else { - ret = - _gnutls_x509_read_gost_params(oid, len, &pkey->params, - algo); + ret = _gnutls_x509_read_gost_params(oid, len, &pkey->params, + algo); if (ret < 0) { gnutls_assert(); goto error; @@ -1364,7 +1318,7 @@ _decode_pkcs8_gost_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey, return 0; - error: +error: gnutls_pk_params_clear(&pkey->params); gnutls_pk_params_release(&pkey->params); @@ -1373,8 +1327,8 @@ _decode_pkcs8_gost_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey, /* Decodes an DSA privateKey and params from a PKCS8 structure. */ -static int -_decode_pkcs8_dsa_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) +static int _decode_pkcs8_dsa_key(asn1_node pkcs8_asn, + gnutls_x509_privkey_t pkey) { int ret; gnutls_datum_t tmp = { NULL, 0 }; @@ -1387,9 +1341,8 @@ _decode_pkcs8_dsa_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) goto error; } - ret = - _gnutls_x509_read_der_int(tmp.data, tmp.size, - &pkey->params.params[4]); + ret = _gnutls_x509_read_der_int(tmp.data, tmp.size, + &pkey->params.params[4]); _gnutls_free_key_datum(&tmp); if (ret < 0) { @@ -1397,17 +1350,15 @@ _decode_pkcs8_dsa_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) goto error; } - ret = - _gnutls_x509_read_value(pkcs8_asn, - "privateKeyAlgorithm.parameters", &tmp); + ret = _gnutls_x509_read_value(pkcs8_asn, + "privateKeyAlgorithm.parameters", &tmp); if (ret < 0) { gnutls_assert(); goto error; } - ret = - _gnutls_x509_read_pubkey_params(GNUTLS_PK_DSA, tmp.data, - tmp.size, &pkey->params); + ret = _gnutls_x509_read_pubkey_params(GNUTLS_PK_DSA, tmp.data, tmp.size, + &pkey->params); _gnutls_free_datum(&tmp); if (ret < 0) { gnutls_assert(); @@ -1445,14 +1396,14 @@ _decode_pkcs8_dsa_key(asn1_node pkcs8_asn, gnutls_x509_privkey_t pkey) return 0; - error: +error: if (pkey->params.params_nr != DSA_PRIVATE_PARAMS) _gnutls_mpi_release(&pkey->params.params[4]); return ret; } -static int -decode_private_key_info(const gnutls_datum_t * der, gnutls_x509_privkey_t pkey) +static int decode_private_key_info(const gnutls_datum_t *der, + gnutls_x509_privkey_t pkey) { int result, len; char oid[MAX_OID_SIZE]; @@ -1460,17 +1411,16 @@ decode_private_key_info(const gnutls_datum_t * der, gnutls_x509_privkey_t pkey) gnutls_datum_t sder; int ret; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-8-PrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-8-PrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; } result = - _asn1_strict_der_decode(&pkcs8_asn, der->data, der->size, NULL); + _asn1_strict_der_decode(&pkcs8_asn, der->data, der->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1480,9 +1430,8 @@ decode_private_key_info(const gnutls_datum_t * der, gnutls_x509_privkey_t pkey) /* Check the private key algorithm OID */ len = sizeof(oid); - result = - asn1_read_value(pkcs8_asn, "privateKeyAlgorithm.algorithm", - oid, &len); + result = asn1_read_value(pkcs8_asn, "privateKeyAlgorithm.algorithm", + oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1492,8 +1441,8 @@ decode_private_key_info(const gnutls_datum_t * der, gnutls_x509_privkey_t pkey) pkey->params.algo = gnutls_oid_to_pk(oid); if (pkey->params.algo == GNUTLS_PK_UNKNOWN) { gnutls_assert(); - _gnutls_debug_log - ("PKCS #8 private key OID '%s' is unsupported.\n", oid); + _gnutls_debug_log( + "PKCS #8 private key OID '%s' is unsupported.\n", oid); result = GNUTLS_E_UNKNOWN_PK_ALGORITHM; goto error; } @@ -1525,8 +1474,8 @@ decode_private_key_info(const gnutls_datum_t * der, gnutls_x509_privkey_t pkey) case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: - result = _decode_pkcs8_gost_key(pkcs8_asn, - pkey, pkey->params.algo); + result = _decode_pkcs8_gost_key(pkcs8_asn, pkey, + pkey->params.algo); break; default: result = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); @@ -1539,10 +1488,9 @@ decode_private_key_info(const gnutls_datum_t * der, gnutls_x509_privkey_t pkey) } /* check for provable parameters attribute */ - ret = - _x509_parse_attribute(pkcs8_asn, "attributes", OID_ATTR_PROV_SEED, - 0, 1, &sder); - if (ret >= 0) { /* ignore it when not being present */ + ret = _x509_parse_attribute(pkcs8_asn, "attributes", OID_ATTR_PROV_SEED, + 0, 1, &sder); + if (ret >= 0) { /* ignore it when not being present */ ret = _x509_decode_provable_seed(pkey, &sder); gnutls_free(sder.data); if (ret < 0) { @@ -1552,10 +1500,9 @@ decode_private_key_info(const gnutls_datum_t * der, gnutls_x509_privkey_t pkey) result = 0; - error: +error: asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; - } /** @@ -1586,11 +1533,10 @@ decode_private_key_info(const gnutls_datum_t * der, gnutls_x509_privkey_t pkey) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - const char *password, unsigned int flags) +int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, + const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format, + const char *password, unsigned int flags) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -1610,15 +1556,13 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, if (format == GNUTLS_X509_FMT_PEM) { /* Try the first header */ - result = - _gnutls_fbase64_decode(PEM_UNENCRYPTED_PKCS8, - data->data, data->size, &_data); + result = _gnutls_fbase64_decode(PEM_UNENCRYPTED_PKCS8, + data->data, data->size, &_data); - if (result < 0) { /* Try the encrypted header + if (result < 0) { /* Try the encrypted header */ - result = - _gnutls_fbase64_decode(PEM_PKCS8, data->data, - data->size, &_data); + result = _gnutls_fbase64_decode(PEM_PKCS8, data->data, + data->size, &_data); if (result < 0) { gnutls_assert(); @@ -1641,11 +1585,11 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, */ if (flags & GNUTLS_PKCS_PLAIN) { result = decode_private_key_info(&_data, key); - if (result < 0) { /* check if it is encrypted */ + if (result < 0) { /* check if it is encrypted */ if (pkcs8_key_decode(&_data, "", key, 0) == 0) result = GNUTLS_E_DECRYPTION_FAILED; } - } else { /* encrypted. */ + } else { /* encrypted. */ result = pkcs8_key_decode(&_data, password, key, 1); } @@ -1657,7 +1601,7 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, /* This part is necessary to get the public key on certain algorithms. * In the import above we only get the private key. */ result = - _gnutls_pk_fixup(key->params.algo, GNUTLS_IMPORT, &key->params); + _gnutls_pk_fixup(key->params.algo, GNUTLS_IMPORT, &key->params); if (result < 0) { gnutls_assert(); goto cleanup; @@ -1670,7 +1614,7 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, */ return 0; - cleanup: +cleanup: asn1_delete_structure2(&key->key, ASN1_DELETE_FLAG_ZEROIZE); key->params.algo = GNUTLS_PK_UNKNOWN; if (need_free) { diff --git a/lib/x509/privkey_pkcs8_pbes1.c b/lib/x509/privkey_pkcs8_pbes1.c index c08df189aa..65cb77fd97 100644 --- a/lib/x509/privkey_pkcs8_pbes1.c +++ b/lib/x509/privkey_pkcs8_pbes1.c @@ -37,7 +37,7 @@ * We only support decryption for compatibility with other software. */ -int _gnutls_read_pbkdf1_params(const uint8_t * data, int data_size, +int _gnutls_read_pbkdf1_params(const uint8_t *data, int data_size, struct pbkdf2_params *kdf_params, struct pbe_enc_params *enc_params) { @@ -48,10 +48,9 @@ int _gnutls_read_pbkdf1_params(const uint8_t * data, int data_size, memset(kdf_params, 0, sizeof(*kdf_params)); memset(enc_params, 0, sizeof(*enc_params)); - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-PBE-params", - &pasn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.pkcs-5-PBE-params", &pasn)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -65,16 +64,15 @@ int _gnutls_read_pbkdf1_params(const uint8_t * data, int data_size, goto error; } - ret = - _gnutls_x509_read_uint(pasn, "iterationCount", - &kdf_params->iter_count); + ret = _gnutls_x509_read_uint(pasn, "iterationCount", + &kdf_params->iter_count); if (ret < 0) { gnutls_assert(); goto error; } - if (kdf_params->iter_count >= MAX_ITER_COUNT - || kdf_params->iter_count == 0) { + if (kdf_params->iter_count >= MAX_ITER_COUNT || + kdf_params->iter_count == 0) { ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); goto error; } @@ -96,15 +94,14 @@ int _gnutls_read_pbkdf1_params(const uint8_t * data, int data_size, enc_params->cipher = GNUTLS_CIPHER_DES_CBC; ret = 0; - error: +error: asn1_delete_structure2(&pasn, ASN1_DELETE_FLAG_ZEROIZE); return ret; - } static void pbkdf1_md5(const char *password, unsigned password_len, const uint8_t salt[8], unsigned iter_count, - unsigned key_size, uint8_t * key) + unsigned key_size, uint8_t *key) { struct md5_ctx ctx; uint8_t tmp[16]; @@ -116,7 +113,7 @@ static void pbkdf1_md5(const char *password, unsigned password_len, for (i = 0; i < iter_count; i++) { md5_init(&ctx); if (i == 0) { - md5_update(&ctx, password_len, (uint8_t *) password); + md5_update(&ctx, password_len, (uint8_t *)password); md5_update(&ctx, 8, salt); md5_digest(&ctx, 16, tmp); } else { @@ -129,13 +126,12 @@ static void pbkdf1_md5(const char *password, unsigned password_len, return; } -int -_gnutls_decrypt_pbes1_des_md5_data(const char *password, - unsigned password_len, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params, - const gnutls_datum_t * encrypted_data, - gnutls_datum_t * decrypted_data) +int _gnutls_decrypt_pbes1_des_md5_data(const char *password, + unsigned password_len, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params, + const gnutls_datum_t *encrypted_data, + gnutls_datum_t *decrypted_data) { int result; gnutls_datum_t dkey, d_iv; @@ -165,28 +161,27 @@ _gnutls_decrypt_pbes1_des_md5_data(const char *password, } _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); - result = - gnutls_cipher_decrypt(ch, encrypted_data->data, - encrypted_data->size); + result = gnutls_cipher_decrypt(ch, encrypted_data->data, + encrypted_data->size); if (result < 0) { gnutls_assert(); goto error; } if ((int)encrypted_data->size - - encrypted_data->data[encrypted_data->size - 1] < 0) { + encrypted_data->data[encrypted_data->size - 1] < + 0) { gnutls_assert(); result = GNUTLS_E_ILLEGAL_PARAMETER; goto error; } decrypted_data->data = encrypted_data->data; - decrypted_data->size = - encrypted_data->size - encrypted_data->data[encrypted_data->size - - 1]; + decrypted_data->size = encrypted_data->size - + encrypted_data->data[encrypted_data->size - 1]; result = 0; - error: +error: gnutls_cipher_deinit(ch); return result; diff --git a/lib/x509/prov-seed.c b/lib/x509/prov-seed.c index 0e2543d87f..edbb8b4203 100644 --- a/lib/x509/prov-seed.c +++ b/lib/x509/prov-seed.c @@ -33,9 +33,8 @@ /* This function encodes a seed value and a hash algorithm OID to the format * described in RFC8479. The output is the DER encoded form. */ -int _x509_encode_provable_seed(gnutls_x509_privkey_t pkey, gnutls_datum_t * der) +int _x509_encode_provable_seed(gnutls_x509_privkey_t pkey, gnutls_datum_t *der) { - asn1_node c2; int ret, result; const char *oid; @@ -44,16 +43,15 @@ int _x509_encode_provable_seed(gnutls_x509_privkey_t pkey, gnutls_datum_t * der) if (oid == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if ((result = - asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.ProvableSeed", &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.ProvableSeed", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - result = - asn1_write_value(c2, "seed", pkey->params.seed, - pkey->params.seed_size); + result = asn1_write_value(c2, "seed", pkey->params.seed, + pkey->params.seed_size); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -75,7 +73,7 @@ int _x509_encode_provable_seed(gnutls_x509_privkey_t pkey, gnutls_datum_t * der) ret = 0; - cleanup: +cleanup: asn1_delete_structure2(&c2, ASN1_DELETE_FLAG_ZEROIZE); return ret; } @@ -84,18 +82,17 @@ int _x509_encode_provable_seed(gnutls_x509_privkey_t pkey, gnutls_datum_t * der) * RFC8479. */ int _x509_decode_provable_seed(gnutls_x509_privkey_t pkey, - const gnutls_datum_t * der) + const gnutls_datum_t *der) { - asn1_node c2; int ret, result; char oid[MAX_OID_SIZE]; int oid_size; gnutls_datum_t seed = { NULL, 0 }; - if ((result = - asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.ProvableSeed", &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.ProvableSeed", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -117,10 +114,10 @@ int _x509_decode_provable_seed(gnutls_x509_privkey_t pkey, memcpy(pkey->params.seed, seed.data, seed.size); pkey->params.seed_size = seed.size; } else { - ret = 0; /* ignore struct */ - _gnutls_debug_log - ("%s: ignoring ProvableSeed due to very long params\n", - __func__); + ret = 0; /* ignore struct */ + _gnutls_debug_log( + "%s: ignoring ProvableSeed due to very long params\n", + __func__); goto cleanup; } @@ -137,7 +134,7 @@ int _x509_decode_provable_seed(gnutls_x509_privkey_t pkey, ret = 0; - cleanup: +cleanup: gnutls_free(seed.data); asn1_delete_structure2(&c2, ASN1_DELETE_FLAG_ZEROIZE); return ret; diff --git a/lib/x509/prov-seed.h b/lib/x509/prov-seed.h index a314a86e89..b34b302809 100644 --- a/lib/x509/prov-seed.h +++ b/lib/x509/prov-seed.h @@ -21,11 +21,10 @@ */ #ifndef GNUTLS_LIB_X509_PROV_SEED_H -# define GNUTLS_LIB_X509_PROV_SEED_H +#define GNUTLS_LIB_X509_PROV_SEED_H -int _x509_encode_provable_seed(gnutls_x509_privkey_t pkey, - gnutls_datum_t * der); +int _x509_encode_provable_seed(gnutls_x509_privkey_t pkey, gnutls_datum_t *der); int _x509_decode_provable_seed(gnutls_x509_privkey_t pkey, - const gnutls_datum_t * der); + const gnutls_datum_t *der); -#endif /* GNUTLS_LIB_X509_PROV_SEED_H */ +#endif /* GNUTLS_LIB_X509_PROV_SEED_H */ diff --git a/lib/x509/sign.c b/lib/x509/sign.c index 8cb99b9ec1..48992d4cfa 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -29,7 +29,7 @@ #include "errors.h" #include <libtasn1.h> #include <global.h> -#include <num.h> /* MAX */ +#include <num.h> /* MAX */ #include <tls-sig.h> #include <str.h> #include <datum.h> @@ -42,16 +42,15 @@ * the asn1_node given, and sign the DER data. Actually used to get the DER * of the TBS and sign it on the fly. */ -int -_gnutls_x509_get_tbs(asn1_node cert, const char *tbs_name, gnutls_datum_t * tbs) +int _gnutls_x509_get_tbs(asn1_node cert, const char *tbs_name, + gnutls_datum_t *tbs) { return _gnutls_x509_der_encode(cert, tbs_name, tbs, 0); } -int -_gnutls_x509_crt_get_spki_params(gnutls_x509_crt_t crt, - const gnutls_x509_spki_st * key_params, - gnutls_x509_spki_st * params) +int _gnutls_x509_crt_get_spki_params(gnutls_x509_crt_t crt, + const gnutls_x509_spki_st *key_params, + gnutls_x509_spki_st *params) { int result; gnutls_x509_spki_st crt_params; @@ -73,8 +72,8 @@ _gnutls_x509_crt_get_spki_params(gnutls_x509_crt_t crt, gnutls_assert(); return GNUTLS_E_CERTIFICATE_ERROR; } - } else if (key_params->pk != GNUTLS_PK_RSA - && key_params->pk != GNUTLS_PK_UNKNOWN) { + } else if (key_params->pk != GNUTLS_PK_RSA && + key_params->pk != GNUTLS_PK_UNKNOWN) { gnutls_assert(); return GNUTLS_E_CERTIFICATE_ERROR; } @@ -98,11 +97,10 @@ _gnutls_x509_crt_get_spki_params(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. -*/ -int -_gnutls_x509_pkix_sign(asn1_node src, const char *src_name, - gnutls_digest_algorithm_t dig, - unsigned int flags, - gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key) +int _gnutls_x509_pkix_sign(asn1_node src, const char *src_name, + gnutls_digest_algorithm_t dig, unsigned int flags, + gnutls_x509_crt_t issuer, + gnutls_privkey_t issuer_key) { int result; gnutls_datum_t signature; @@ -140,8 +138,8 @@ _gnutls_x509_pkix_sign(asn1_node src, const char *src_name, _gnutls_str_cpy(name, sizeof(name), src_name); _gnutls_str_cat(name, sizeof(name), ".issuer"); - result = - asn1_copy_node(src, name, issuer->cert, "tbsCertificate.subject"); + result = asn1_copy_node(src, name, issuer->cert, + "tbsCertificate.subject"); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -154,8 +152,8 @@ _gnutls_x509_pkix_sign(asn1_node src, const char *src_name, se = _gnutls_pk_to_sign_entry(params.pk, dig); if (se == NULL) - return - gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + return gnutls_assert_val( + GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); _gnutls_debug_log("signing structure using %s\n", se->name); @@ -177,12 +175,11 @@ _gnutls_x509_pkix_sign(asn1_node src, const char *src_name, FIX_SIGN_PARAMS(params, flags, dig); if (_gnutls_pk_is_not_prehashed(params.pk)) { - result = - privkey_sign_raw_data(issuer_key, se, &tbs, &signature, - ¶ms); + result = privkey_sign_raw_data(issuer_key, se, &tbs, &signature, + ¶ms); } else { - result = privkey_sign_and_hash_data(issuer_key, se, - &tbs, &signature, ¶ms); + result = privkey_sign_and_hash_data(issuer_key, se, &tbs, + &signature, ¶ms); } gnutls_free(tbs.data); @@ -193,9 +190,8 @@ _gnutls_x509_pkix_sign(asn1_node src, const char *src_name, /* write the signature (bits) */ - result = - asn1_write_value(src, "signature", signature.data, - signature.size * 8); + result = asn1_write_value(src, "signature", signature.data, + signature.size * 8); _gnutls_free_datum(&signature); @@ -208,8 +204,8 @@ _gnutls_x509_pkix_sign(asn1_node src, const char *src_name, * the same. */ - result = _gnutls_x509_write_sign_params(src, "signatureAlgorithm", - se, ¶ms); + result = _gnutls_x509_write_sign_params(src, "signatureAlgorithm", se, + ¶ms); if (result < 0) { gnutls_assert(); return result; diff --git a/lib/x509/spki.c b/lib/x509/spki.c index 885a5c8bc4..9e2a6e57c7 100644 --- a/lib/x509/spki.c +++ b/lib/x509/spki.c @@ -40,7 +40,7 @@ * Since: 3.6.0 * **/ -int gnutls_x509_spki_init(gnutls_x509_spki_t * spki) +int gnutls_x509_spki_init(gnutls_x509_spki_t *spki) { gnutls_x509_spki_t tmp; @@ -54,7 +54,7 @@ int gnutls_x509_spki_init(gnutls_x509_spki_t * spki) *spki = tmp; - return 0; /* success */ + return 0; /* success */ } /** @@ -83,10 +83,9 @@ void gnutls_x509_spki_deinit(gnutls_x509_spki_t spki) * Since: 3.6.0 * **/ -void -gnutls_x509_spki_set_rsa_pss_params(gnutls_x509_spki_t spki, - gnutls_digest_algorithm_t dig, - unsigned int salt_size) +void gnutls_x509_spki_set_rsa_pss_params(gnutls_x509_spki_t spki, + gnutls_digest_algorithm_t dig, + unsigned int salt_size) { spki->pk = GNUTLS_PK_RSA_PSS; spki->rsa_pss_dig = dig; @@ -108,10 +107,9 @@ gnutls_x509_spki_set_rsa_pss_params(gnutls_x509_spki_t spki, * Since: 3.6.0 * **/ -int -gnutls_x509_spki_get_rsa_pss_params(gnutls_x509_spki_t spki, - gnutls_digest_algorithm_t * dig, - unsigned int *salt_size) +int gnutls_x509_spki_get_rsa_pss_params(gnutls_x509_spki_t spki, + gnutls_digest_algorithm_t *dig, + unsigned int *salt_size) { if (spki->pk == 0) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); diff --git a/lib/x509/time.c b/lib/x509/time.c index 3dc4eaa751..d9b420559f 100644 --- a/lib/x509/time.c +++ b/lib/x509/time.c @@ -46,7 +46,7 @@ */ typedef struct fake_tm { int tm_mon; - int tm_year; /* FULL year - ie 1971 */ + int tm_year; /* FULL year - ie 1971 */ int tm_mday; int tm_hour; int tm_min; @@ -63,7 +63,7 @@ static const int MONTHDAYS[] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; - /* Whether a given year is a leap year. */ +/* Whether a given year is a leap year. */ #define ISLEAP(year) \ (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0)) @@ -78,20 +78,20 @@ static time_t mktime_utc(const struct fake_tm *tm) time_t result = 0; int i; -/* We do allow some ill-formed dates, but we don't do anything special + /* We do allow some ill-formed dates, but we don't do anything special * with them and our callers really shouldn't pass them to us. Do * explicitly disallow the ones that would cause invalid array accesses * or other algorithm problems. */ if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) - return (time_t) - 1; + return (time_t)-1; /* Check for "obvious" mistakes in dates */ - if (tm->tm_sec > 60 || tm->tm_min > 59 || tm->tm_mday > 31 - || tm->tm_mday < 1 || tm->tm_hour > 23) - return (time_t) - 1; + if (tm->tm_sec > 60 || tm->tm_min > 59 || tm->tm_mday > 31 || + tm->tm_mday < 1 || tm->tm_hour > 23) + return (time_t)-1; -/* Convert to a time_t. + /* Convert to a time_t. */ for (i = 1970; i < tm->tm_year; i++) result += 365 + ISLEAP(i); @@ -116,7 +116,7 @@ static time_t time2gtime(const char *ttime, int year) if (strlen(ttime) < 8) { gnutls_assert(); - return (time_t) - 1; + return (time_t)-1; } etime.tm_year = year; @@ -125,34 +125,34 @@ static time_t time2gtime(const char *ttime, int year) * time_t. */ if (sizeof(time_t) <= 4 && etime.tm_year >= 2038) - return (time_t) 2145914603; /* 2037-12-31 23:23:23 */ + return (time_t)2145914603; /* 2037-12-31 23:23:23 */ if (etime.tm_year < 1970) - return (time_t) 0; + return (time_t)0; xx[2] = 0; -/* get the month + /* get the month */ - memcpy(xx, ttime, 2); /* month */ + memcpy(xx, ttime, 2); /* month */ etime.tm_mon = atoi(xx) - 1; ttime += 2; -/* get the day + /* get the day */ - memcpy(xx, ttime, 2); /* day */ + memcpy(xx, ttime, 2); /* day */ etime.tm_mday = atoi(xx); ttime += 2; -/* get the hour + /* get the hour */ - memcpy(xx, ttime, 2); /* hour */ + memcpy(xx, ttime, 2); /* hour */ etime.tm_hour = atoi(xx); ttime += 2; -/* get the minutes + /* get the minutes */ - memcpy(xx, ttime, 2); /* minutes */ + memcpy(xx, ttime, 2); /* minutes */ etime.tm_min = atoi(xx); ttime += 2; @@ -179,21 +179,21 @@ time_t _gnutls_utcTime2gtime(const char *ttime) if (len < 10) { gnutls_assert(); - return (time_t) - 1; + return (time_t)-1; } #ifdef STRICT_DER_TIME /* Make sure everything else is digits. */ for (i = 0; i < len - 1; i++) { if (c_isdigit(ttime[i])) continue; - return gnutls_assert_val((time_t) - 1); + return gnutls_assert_val((time_t)-1); } #endif xx[2] = 0; -/* get the year + /* get the year */ - memcpy(xx, ttime, 2); /* year */ + memcpy(xx, ttime, 2); /* year */ year = atoi(xx); ttime += 2; @@ -216,25 +216,25 @@ time_t _gnutls_x509_generalTime2gtime(const char *ttime) if (strlen(ttime) < 12) { gnutls_assert(); - return (time_t) - 1; + return (time_t)-1; } if (strchr(ttime, 'Z') == 0) { gnutls_assert(); /* required to be in GMT */ - return (time_t) - 1; + return (time_t)-1; } if (strchr(ttime, '.') != 0) { gnutls_assert(); /* no fractional seconds allowed */ - return (time_t) - 1; + return (time_t)-1; } xx[4] = 0; -/* get the year + /* get the year */ - memcpy(xx, ttime, 4); /* year */ + memcpy(xx, ttime, 4); /* year */ year = atoi(xx); ttime += 4; @@ -244,18 +244,17 @@ time_t _gnutls_x509_generalTime2gtime(const char *ttime) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wformat-y2k" /* tag will contain ASN1_TAG_UTCTime or ASN1_TAG_GENERALIZEDTime */ -static int -gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, - unsigned *tag) +static int gtime_to_suitable_time(time_t gtime, char *str_time, + size_t str_time_size, unsigned *tag) { size_t ret; struct tm _tm; - if (gtime == (time_t) - 1 + if (gtime == (time_t)-1 #if SIZEOF_LONG == 8 || gtime >= 253402210800 #endif - ) { + ) { if (tag) *tag = ASN1_TAG_GENERALIZEDTime; snprintf(str_time, str_time_size, "99991231235959Z"); @@ -287,17 +286,17 @@ gtime_to_suitable_time(time_t gtime, char *str_time, size_t str_time_size, #pragma GCC diagnostic pop -static int -gtime_to_generalTime(time_t gtime, char *str_time, size_t str_time_size) +static int gtime_to_generalTime(time_t gtime, char *str_time, + size_t str_time_size) { size_t ret; struct tm _tm; - if (gtime == (time_t) - 1 + if (gtime == (time_t)-1 #if SIZEOF_LONG == 8 || gtime >= 253402210800 #endif - ) { + ) { snprintf(str_time, str_time_size, "99991231235959Z"); return 0; } @@ -324,14 +323,14 @@ time_t _gnutls_x509_get_time(asn1_node c2, const char *where, int force_general) { char ttime[MAX_TIME]; char name[128]; - time_t c_time = (time_t) - 1; + time_t c_time = (time_t)-1; int len, result; len = sizeof(ttime) - 1; result = asn1_read_value(c2, where, ttime, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); - return (time_t) (-1); + return (time_t)(-1); } if (force_general != 0) { @@ -351,7 +350,7 @@ time_t _gnutls_x509_get_time(asn1_node c2, const char *where, int force_general) result = asn1_read_value(c2, name, ttime, &len); if (result == ASN1_SUCCESS) c_time = _gnutls_x509_generalTime2gtime(ttime); - } else { /* UTCTIME */ + } else { /* UTCTIME */ if (name[0] == 0) _gnutls_str_cpy(name, sizeof(name), "utcTime"); else @@ -367,7 +366,7 @@ time_t _gnutls_x509_get_time(asn1_node c2, const char *where, int force_general) */ if (result != ASN1_SUCCESS) { gnutls_assert(); - return (time_t) (-1); + return (time_t)(-1); } } @@ -377,9 +376,8 @@ time_t _gnutls_x509_get_time(asn1_node c2, const char *where, int force_general) /* Sets the time in time_t in the asn1_node given. Where should * be something like "tbsCertList.thisUpdate". */ -int -_gnutls_x509_set_time(asn1_node c2, const char *where, time_t tim, - int force_general) +int _gnutls_x509_set_time(asn1_node c2, const char *where, time_t tim, + int force_general) { char str_time[MAX_TIME]; char name[128]; @@ -412,8 +410,8 @@ _gnutls_x509_set_time(asn1_node c2, const char *where, time_t tim, } _gnutls_str_cat(name, sizeof(name), ".utcTime"); } else { - if ((result = - asn1_write_value(c2, where, "generalTime", 1)) < 0) { + if ((result = asn1_write_value(c2, where, "generalTime", 1)) < + 0) { gnutls_assert(); return _gnutls_asn2err(result); } diff --git a/lib/x509/tls_features.c b/lib/x509/tls_features.c index c269fe3926..2a12438c40 100644 --- a/lib/x509/tls_features.c +++ b/lib/x509/tls_features.c @@ -45,7 +45,7 @@ * * Since: 3.5.1 **/ -int gnutls_x509_tlsfeatures_init(gnutls_x509_tlsfeatures_t * f) +int gnutls_x509_tlsfeatures_init(gnutls_x509_tlsfeatures_t *f) { *f = gnutls_calloc(1, sizeof(struct gnutls_x509_tlsfeatures_st)); if (*f == NULL) @@ -134,9 +134,9 @@ int gnutls_x509_crt_get_tlsfeatures(gnutls_x509_crt_t crt, return GNUTLS_E_INVALID_REQUEST; } - if ((ret = - _gnutls_x509_crt_get_extension(crt, GNUTLS_X509EXT_OID_TLSFEATURES, - 0, &der, critical)) < 0) { + if ((ret = _gnutls_x509_crt_get_extension( + crt, GNUTLS_X509EXT_OID_TLSFEATURES, 0, &der, critical)) < + 0) { return ret; } @@ -152,7 +152,7 @@ int gnutls_x509_crt_get_tlsfeatures(gnutls_x509_crt_t crt, } ret = 0; - cleanup: +cleanup: gnutls_free(der.data); return ret; } @@ -188,9 +188,8 @@ int gnutls_x509_crt_set_tlsfeatures(gnutls_x509_crt_t crt, return ret; } - ret = - _gnutls_x509_crt_set_extension(crt, GNUTLS_X509EXT_OID_TLSFEATURES, - &der, 0); + ret = _gnutls_x509_crt_set_extension( + crt, GNUTLS_X509EXT_OID_TLSFEATURES, &der, 0); _gnutls_free_datum(&der); @@ -222,7 +221,7 @@ unsigned gnutls_x509_tlsfeatures_check_crt(gnutls_x509_tlsfeatures_t feat, unsigned i, j, uret, found; if (feat->size == 0) - return 1; /* shortcut; no constraints to check */ + return 1; /* shortcut; no constraints to check */ ret = gnutls_x509_tlsfeatures_init(&cfeat); if (ret < 0) @@ -237,9 +236,9 @@ unsigned gnutls_x509_tlsfeatures_check_crt(gnutls_x509_tlsfeatures_t feat, /* if cert's features cannot be a superset */ if (feat->size > cfeat->size) { - _gnutls_debug_log - ("certificate has %u, while issuer has %u tlsfeatures\n", - cfeat->size, feat->size); + _gnutls_debug_log( + "certificate has %u, while issuer has %u tlsfeatures\n", + cfeat->size, feat->size); gnutls_assert(); uret = 0; goto cleanup; @@ -263,7 +262,7 @@ unsigned gnutls_x509_tlsfeatures_check_crt(gnutls_x509_tlsfeatures_t feat, } uret = 1; - cleanup: +cleanup: gnutls_x509_tlsfeatures_deinit(cfeat); return uret; } diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index 7b8b270d69..7109bb0a8c 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -25,7 +25,7 @@ #include "errors.h" #include <libtasn1.h> #include <global.h> -#include <num.h> /* MAX */ +#include <num.h> /* MAX */ #include <tls-sig.h> #include <str.h> #include <datum.h> @@ -80,8 +80,8 @@ static bool cert_eq(const void *cert1, const void *cert2) static size_t cert_hashcode(const void *cert) { const gnutls_x509_crt_t c = (const gnutls_x509_crt_t)cert; - return hash_pjw_bare(c->raw_dn.data, - c->raw_dn.size) % DEFAULT_MAX_VERIFY_DEPTH; + return hash_pjw_bare(c->raw_dn.data, c->raw_dn.size) % + DEFAULT_MAX_VERIFY_DEPTH; } /** @@ -96,8 +96,8 @@ static size_t cert_hashcode(const void *cert) * * Since: 3.0.0 **/ -int -gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list, unsigned int size) +int gnutls_x509_trust_list_init(gnutls_x509_trust_list_t *list, + unsigned int size) { gnutls_x509_trust_list_t tmp; @@ -122,7 +122,7 @@ gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list, unsigned int size) *list = tmp; - return 0; /* success */ + return 0; /* success */ } /** @@ -137,8 +137,8 @@ gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list, unsigned int size) * * Since: 3.0.0 **/ -void -gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list, unsigned int all) +void gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list, + unsigned int all) { unsigned int i, j; @@ -158,8 +158,8 @@ gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list, unsigned int all) for (i = 0; i < list->size; i++) { if (all) { for (j = 0; j < list->node[i].trusted_ca_size; j++) { - gnutls_x509_crt_deinit(list->node[i]. - trusted_cas[j]); + gnutls_x509_crt_deinit( + list->node[i].trusted_cas[j]); } } gnutls_free(list->node[i].trusted_cas); @@ -173,8 +173,8 @@ gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list, unsigned int all) if (all) { for (j = 0; j < list->node[i].named_cert_size; j++) { - gnutls_x509_crt_deinit(list->node[i].named_certs - [j].cert); + gnutls_x509_crt_deinit( + list->node[i].named_certs[j].cert); } } gnutls_free(list->node[i].named_certs); @@ -186,8 +186,8 @@ gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list, unsigned int all) gnutls_free(list); } -static int -add_new_ca_to_rdn_seq(gnutls_x509_trust_list_t list, gnutls_x509_crt_t ca) +static int add_new_ca_to_rdn_seq(gnutls_x509_trust_list_t list, + gnutls_x509_crt_t ca) { gnutls_datum_t tmp; size_t newsize; @@ -228,17 +228,16 @@ add_new_ca_to_rdn_seq(gnutls_x509_trust_list_t list, gnutls_x509_crt_t ca) * deallocated on deinit. This is to handle get_issuer() with * pkcs11 trust modules when the GNUTLS_TL_GET_COPY flag isn't * given. It is not thread safe. */ -static int -trust_list_add_compat(gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert) +static int trust_list_add_compat(gnutls_x509_trust_list_t list, + gnutls_x509_crt_t cert) { if (unlikely(INT_ADD_OVERFLOW(list->keep_certs_size, 1))) { return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); } - list->keep_certs = - _gnutls_reallocarray_fast(list->keep_certs, - list->keep_certs_size + 1, - sizeof(list->keep_certs[0])); + list->keep_certs = _gnutls_reallocarray_fast( + list->keep_certs, list->keep_certs_size + 1, + sizeof(list->keep_certs[0])); if (list->keep_certs == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -279,10 +278,9 @@ trust_list_add_compat(gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert) * * Since: 3.0.0 **/ -int -gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, - const gnutls_x509_crt_t * clist, - unsigned clist_size, unsigned int flags) +int gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, + const gnutls_x509_crt_t *clist, + unsigned clist_size, unsigned int flags) { unsigned i, j; size_t hash; @@ -291,27 +289,22 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, for (i = 0; i < clist_size; i++) { exists = 0; - hash = - hash_pjw_bare(clist[i]->raw_dn.data, clist[i]->raw_dn.size); + hash = hash_pjw_bare(clist[i]->raw_dn.data, + clist[i]->raw_dn.size); hash %= list->size; /* avoid duplicates */ - if (flags & GNUTLS_TL_NO_DUPLICATES - || flags & GNUTLS_TL_NO_DUPLICATE_KEY) { + if (flags & GNUTLS_TL_NO_DUPLICATES || + flags & GNUTLS_TL_NO_DUPLICATE_KEY) { for (j = 0; j < list->node[hash].trusted_ca_size; j++) { if (flags & GNUTLS_TL_NO_DUPLICATES) - ret = - gnutls_x509_crt_equals(list->node - [hash].trusted_cas - [j], - clist[i]); + ret = gnutls_x509_crt_equals( + list->node[hash].trusted_cas[j], + clist[i]); else - ret = - _gnutls_check_if_same_key(list->node - [hash].trusted_cas - [j], - clist[i], - 1); + ret = _gnutls_check_if_same_key( + list->node[hash].trusted_cas[j], + clist[i], 1); if (ret != 0) { exists = 1; break; @@ -319,27 +312,23 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, } if (exists != 0) { - gnutls_x509_crt_deinit(list-> - node[hash].trusted_cas - [j]); + gnutls_x509_crt_deinit( + list->node[hash].trusted_cas[j]); list->node[hash].trusted_cas[j] = clist[i]; continue; } } - if (unlikely - (INT_ADD_OVERFLOW(list->node[hash].trusted_ca_size, 1))) { + if (unlikely(INT_ADD_OVERFLOW(list->node[hash].trusted_ca_size, + 1))) { gnutls_assert(); return i; } - list->node[hash].trusted_cas = - _gnutls_reallocarray_fast(list->node[hash].trusted_cas, - list->node[hash].trusted_ca_size + - 1, - sizeof(list-> - node[hash].trusted_cas - [0])); + list->node[hash].trusted_cas = _gnutls_reallocarray_fast( + list->node[hash].trusted_cas, + list->node[hash].trusted_ca_size + 1, + sizeof(list->node[hash].trusted_cas[0])); if (list->node[hash].trusted_cas == NULL) { gnutls_assert(); return i; @@ -350,15 +339,16 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, gnutls_datum_t dn; gnutls_assert(); if (gnutls_x509_crt_get_dn2(clist[i], &dn) >= 0) { - _gnutls_audit_log(NULL, - "There was a non-CA certificate in the trusted list: %s.\n", - dn.data); + _gnutls_audit_log( + NULL, + "There was a non-CA certificate in the trusted list: %s.\n", + dn.data); gnutls_free(dn.data); } } list->node[hash].trusted_cas[list->node[hash].trusted_ca_size] = - clist[i]; + clist[i]; list->node[hash].trusted_ca_size++; if (flags & GNUTLS_TL_USE_IN_TLS) { @@ -373,8 +363,8 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, return i; } -static int -advance_iter(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_iter_t iter) +static int advance_iter(gnutls_x509_trust_list_t list, + gnutls_x509_trust_list_iter_t iter) { if (iter->node_index < list->size) { ++iter->ca_index; @@ -382,7 +372,7 @@ advance_iter(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_iter_t iter) /* skip entries */ while (iter->node_index < list->size && iter->ca_index >= - list->node[iter->node_index].trusted_ca_size) { + list->node[iter->node_index].trusted_ca_size) { ++iter->node_index; iter->ca_index = 0; } @@ -394,18 +384,14 @@ advance_iter(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_iter_t iter) #ifdef ENABLE_PKCS11 if (list->pkcs11_token != NULL) { if (iter->pkcs11_list == NULL) { - int ret = - gnutls_pkcs11_obj_list_import_url2 - (&iter->pkcs11_list, - &iter->pkcs11_size, - list->pkcs11_token, - (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE - | - GNUTLS_PKCS11_OBJ_FLAG_CRT - | - GNUTLS_PKCS11_OBJ_FLAG_MARK_CA - | GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED), - 0); + int ret = gnutls_pkcs11_obj_list_import_url2( + &iter->pkcs11_list, &iter->pkcs11_size, + list->pkcs11_token, + (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE | + GNUTLS_PKCS11_OBJ_FLAG_CRT | + GNUTLS_PKCS11_OBJ_FLAG_MARK_CA | + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED), + 0); if (ret < 0) return gnutls_assert_val(ret); @@ -446,17 +432,16 @@ advance_iter(gnutls_x509_trust_list_t list, gnutls_x509_trust_list_iter_t iter) * * Since: 3.4.0 **/ -int -gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list, - gnutls_x509_trust_list_iter_t * iter, - gnutls_x509_crt_t * crt) +int gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list, + gnutls_x509_trust_list_iter_t *iter, + gnutls_x509_crt_t *crt) { int ret; /* initialize iterator */ if (*iter == NULL) { - *iter = - gnutls_malloc(sizeof(struct gnutls_x509_trust_list_iter)); + *iter = gnutls_malloc( + sizeof(struct gnutls_x509_trust_list_iter)); if (*iter == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); @@ -488,10 +473,9 @@ gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list, if (ret < 0) return gnutls_assert_val(ret); - ret = - _gnutls_x509_crt_cpy(*crt, - list->node[(*iter)-> - node_index].trusted_cas[(*iter)->ca_index]); + ret = _gnutls_x509_crt_cpy( + *crt, list->node[(*iter)->node_index] + .trusted_cas[(*iter)->ca_index]); if (ret < 0) { gnutls_x509_crt_deinit(*crt); return gnutls_assert_val(ret); @@ -503,10 +487,8 @@ gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list, if (ret < 0) return gnutls_assert_val(ret); - ret = - gnutls_x509_crt_import_pkcs11(*crt, - (*iter)-> - pkcs11_list[(*iter)->pkcs11_index]); + ret = gnutls_x509_crt_import_pkcs11( + *crt, (*iter)->pkcs11_list[(*iter)->pkcs11_index]); if (ret < 0) { gnutls_x509_crt_deinit(*crt); return gnutls_assert_val(ret); @@ -604,31 +586,30 @@ static gnutls_x509_crt_t crt_cpy(gnutls_x509_crt_t src) * * Since: 3.1.10 **/ -int -gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list, - const gnutls_x509_crt_t * clist, - unsigned clist_size) +int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list, + const gnutls_x509_crt_t *clist, + unsigned clist_size) { int r = 0; unsigned j, i; size_t hash; for (i = 0; i < clist_size; i++) { - hash = - hash_pjw_bare(clist[i]->raw_dn.data, clist[i]->raw_dn.size); + hash = hash_pjw_bare(clist[i]->raw_dn.data, + clist[i]->raw_dn.size); hash %= list->size; for (j = 0; j < list->node[hash].trusted_ca_size; j++) { - if (gnutls_x509_crt_equals - (clist[i], list->node[hash].trusted_cas[j]) != 0) { - - gnutls_x509_crt_deinit(list->node[hash]. - trusted_cas[j]); + if (gnutls_x509_crt_equals( + clist[i], + list->node[hash].trusted_cas[j]) != 0) { + gnutls_x509_crt_deinit( + list->node[hash].trusted_cas[j]); list->node[hash].trusted_cas[j] = - list->node[hash].trusted_cas[list-> - node[hash]. - trusted_ca_size - - 1]; + list->node[hash].trusted_cas + [list->node[hash] + .trusted_ca_size - + 1]; list->node[hash].trusted_ca_size--; r++; break; @@ -643,10 +624,9 @@ gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list, * This will prevent a subordinate CA from being valid, and * ensure that a server certificate will also get rejected. */ - list->distrusted = - _gnutls_reallocarray_fast(list->distrusted, - list->distrusted_size + 1, - sizeof(list->distrusted[0])); + list->distrusted = _gnutls_reallocarray_fast( + list->distrusted, list->distrusted_size + 1, + sizeof(list->distrusted[0])); if (list->distrusted == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); @@ -685,39 +665,40 @@ gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list, * * Since: 3.0.0 **/ -int -gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t list, - gnutls_x509_crt_t cert, - const void *name, size_t name_size, - unsigned int flags) +int gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t list, + gnutls_x509_crt_t cert, + const void *name, size_t name_size, + unsigned int flags) { size_t hash; if (name_size >= MAX_SERVER_NAME_SIZE) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - hash = - hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size); + hash = hash_pjw_bare(cert->raw_issuer_dn.data, + cert->raw_issuer_dn.size); hash %= list->size; if (unlikely(INT_ADD_OVERFLOW(list->node[hash].named_cert_size, 1))) { return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); } - list->node[hash].named_certs = - _gnutls_reallocarray_fast(list->node[hash].named_certs, - list->node[hash].named_cert_size + 1, - sizeof(list->node[hash].named_certs[0])); + list->node[hash].named_certs = _gnutls_reallocarray_fast( + list->node[hash].named_certs, + list->node[hash].named_cert_size + 1, + sizeof(list->node[hash].named_certs[0])); if (list->node[hash].named_certs == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); list->node[hash].named_certs[list->node[hash].named_cert_size].cert = - cert; - memcpy(list->node[hash]. - named_certs[list->node[hash].named_cert_size].name, name, - name_size); - list->node[hash].named_certs[list->node[hash]. - named_cert_size].name_size = name_size; + cert; + memcpy(list->node[hash] + .named_certs[list->node[hash].named_cert_size] + .name, + name, name_size); + list->node[hash] + .named_certs[list->node[hash].named_cert_size] + .name_size = name_size; list->node[hash].named_cert_size++; @@ -751,11 +732,10 @@ gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t list, * * Since: 3.0 **/ -int -gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, - const gnutls_x509_crl_t * crl_list, - unsigned crl_size, unsigned int flags, - unsigned int verification_flags) +int gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, + const gnutls_x509_crl_t *crl_list, + unsigned crl_size, unsigned int flags, + unsigned int verification_flags) { int ret; unsigned x, i, j = 0; @@ -770,28 +750,23 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, return 0; for (i = 0; i < crl_size; i++) { - hash = - hash_pjw_bare(crl_list[i]->raw_issuer_dn.data, - crl_list[i]->raw_issuer_dn.size); + hash = hash_pjw_bare(crl_list[i]->raw_issuer_dn.data, + crl_list[i]->raw_issuer_dn.size); hash %= list->size; if (flags & GNUTLS_TL_VERIFY_CRL) { - - ret = - gnutls_x509_crl_verify(crl_list[i], - list->node[hash].trusted_cas, - list->node[hash]. - trusted_ca_size, - verification_flags, &vret); + ret = gnutls_x509_crl_verify( + crl_list[i], list->node[hash].trusted_cas, + list->node[hash].trusted_ca_size, + verification_flags, &vret); if (ret < 0 || vret != 0) { - _gnutls_debug_log - ("CRL verification failed, not adding it\n"); + _gnutls_debug_log( + "CRL verification failed, not adding it\n"); if (flags & GNUTLS_TL_NO_DUPLICATES) gnutls_x509_crl_deinit(crl_list[i]); if (flags & GNUTLS_TL_FAIL_ON_INVALID_CRL) - return - gnutls_assert_val - (GNUTLS_E_CRL_VERIFICATION_ERROR); + return gnutls_assert_val( + GNUTLS_E_CRL_VERIFICATION_ERROR); continue; } } @@ -801,26 +776,29 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, if (flags & GNUTLS_TL_NO_DUPLICATES) { for (x = 0; x < list->node[hash].crl_size; x++) { if (crl_list[i]->raw_issuer_dn.size == - list->node[hash].crls[x]->raw_issuer_dn.size - && memcmp(crl_list[i]->raw_issuer_dn.data, - list->node[hash]. - crls[x]->raw_issuer_dn.data, - crl_list[i]-> - raw_issuer_dn.size) == 0) { - if (gnutls_x509_crl_get_this_update - (crl_list[i]) >= - gnutls_x509_crl_get_this_update - (list->node[hash].crls[x])) { - - gnutls_x509_crl_deinit - (list->node[hash].crls[x]); + list->node[hash] + .crls[x] + ->raw_issuer_dn.size && + memcmp(crl_list[i]->raw_issuer_dn.data, + list->node[hash] + .crls[x] + ->raw_issuer_dn.data, + crl_list[i]->raw_issuer_dn.size) == + 0) { + if (gnutls_x509_crl_get_this_update( + crl_list[i]) >= + gnutls_x509_crl_get_this_update( + list->node[hash].crls[x])) { + gnutls_x509_crl_deinit( + list->node[hash] + .crls[x]); list->node[hash].crls[x] = - crl_list[i]; + crl_list[i]; goto next; } else { /* The new is older, discard it */ - gnutls_x509_crl_deinit(crl_list - [i]); + gnutls_x509_crl_deinit( + crl_list[i]); goto next; } } @@ -844,13 +822,13 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, list->node[hash].crls[list->node[hash].crl_size] = crl_list[i]; list->node[hash].crl_size++; - next: + next: j++; } return j; - error: +error: ret = i; if (flags & GNUTLS_TL_NO_DUPLICATES) while (i < crl_size) @@ -864,7 +842,7 @@ gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, * Returns the new size of the list or a negative number on error. */ static int shorten_clist(gnutls_x509_trust_list_t list, - gnutls_x509_crt_t * certificate_list, + gnutls_x509_crt_t *certificate_list, unsigned int clist_size) { unsigned int j, i; @@ -880,9 +858,9 @@ static int shorten_clist(gnutls_x509_trust_list_t list, * failures on some root self signed certificates that use the * MD2 algorithm. */ - if (gnutls_x509_crt_check_issuer - (certificate_list[clist_size - 1], - certificate_list[clist_size - 1]) != 0) { + if (gnutls_x509_crt_check_issuer( + certificate_list[clist_size - 1], + certificate_list[clist_size - 1]) != 0) { clist_size--; } } @@ -893,15 +871,14 @@ static int shorten_clist(gnutls_x509_trust_list_t list, * self-signed E but already removed above), and we trust B, remove * B, C and D. */ for (i = 1; i < clist_size; i++) { - hash = - hash_pjw_bare(certificate_list[i]->raw_issuer_dn.data, - certificate_list[i]->raw_issuer_dn.size); + hash = hash_pjw_bare(certificate_list[i]->raw_issuer_dn.data, + certificate_list[i]->raw_issuer_dn.size); hash %= list->size; for (j = 0; j < list->node[hash].trusted_ca_size; j++) { - if (gnutls_x509_crt_equals - (certificate_list[i], - list->node[hash].trusted_cas[j]) != 0) { + if (gnutls_x509_crt_equals( + certificate_list[i], + list->node[hash].trusted_cas[j]) != 0) { /* cut the list at the point of first the trusted certificate */ clist_size = i + 1; break; @@ -918,11 +895,10 @@ static int shorten_clist(gnutls_x509_trust_list_t list, * * Returns the new size of the list or a negative number on error. */ -static int -retrieve_issuers(gnutls_x509_trust_list_t list, - gnutls_x509_crt_t subject, - gnutls_x509_crt_t * certificate_list, - unsigned int clist_size_max) +static int retrieve_issuers(gnutls_x509_trust_list_t list, + gnutls_x509_crt_t subject, + gnutls_x509_crt_t *certificate_list, + unsigned int clist_size_max) { gnutls_x509_crt_t *issuers; unsigned int issuers_size; @@ -965,7 +941,7 @@ retrieve_issuers(gnutls_x509_trust_list_t list, memcpy(certificate_list, issuers, ret * sizeof(gnutls_x509_crt_t)); - cleanup: +cleanup: for (i = ret; i < issuers_size; i++) { gnutls_x509_crt_deinit(issuers[i]); } @@ -976,26 +952,23 @@ retrieve_issuers(gnutls_x509_trust_list_t list, int _gnutls_trust_list_get_issuer(gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert, - gnutls_x509_crt_t * issuer, - unsigned int flags) + gnutls_x509_crt_t *issuer, unsigned int flags) { int ret; unsigned int i; size_t hash; - hash = - hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size); + hash = hash_pjw_bare(cert->raw_issuer_dn.data, + cert->raw_issuer_dn.size); hash %= list->size; for (i = 0; i < list->node[hash].trusted_ca_size; i++) { - ret = - gnutls_x509_crt_check_issuer(cert, - list->node[hash]. - trusted_cas[i]); + ret = gnutls_x509_crt_check_issuer( + cert, list->node[hash].trusted_cas[i]); if (ret != 0) { if (flags & GNUTLS_TL_GET_COPY) { - *issuer = - crt_cpy(list->node[hash].trusted_cas[i]); + *issuer = crt_cpy( + list->node[hash].trusted_cas[i]); } else { *issuer = list->node[hash].trusted_cas[i]; } @@ -1006,11 +979,11 @@ int _gnutls_trust_list_get_issuer(gnutls_x509_trust_list_t list, return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } -static -int trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list, - const gnutls_datum_t * dn, - const gnutls_datum_t * spki, - gnutls_x509_crt_t * issuer, unsigned int flags) +static int trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list, + const gnutls_datum_t *dn, + const gnutls_datum_t *spki, + gnutls_x509_crt_t *issuer, + unsigned int flags) { int ret; unsigned int i, j; @@ -1023,28 +996,24 @@ int trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list, hash %= list->size; for (i = 0; i < list->node[hash].trusted_ca_size; i++) { - ret = - _gnutls_x509_compare_raw_dn(dn, - &list-> - node[hash].trusted_cas - [i]->raw_dn); + ret = _gnutls_x509_compare_raw_dn( + dn, &list->node[hash].trusted_cas[i]->raw_dn); if (ret != 0) { if (spki && spki->size > 0) { tmp_size = sizeof(tmp); - ret = - gnutls_x509_crt_get_subject_key_id - (list->node[hash].trusted_cas[i], - tmp, &tmp_size, NULL); + ret = gnutls_x509_crt_get_subject_key_id( + list->node[hash].trusted_cas[i], + tmp, &tmp_size, NULL); if (ret < 0) continue; - if (spki->size != tmp_size - || memcmp(spki->data, tmp, - spki->size) != 0) + if (spki->size != tmp_size || + memcmp(spki->data, tmp, + spki->size) != 0) continue; } - *issuer = - crt_cpy(list->node[hash].trusted_cas[i]); + *issuer = crt_cpy( + list->node[hash].trusted_cas[i]); return 0; } } @@ -1054,15 +1023,14 @@ int trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list, for (j = 0; j < list->node[i].trusted_ca_size; j++) { tmp_size = sizeof(tmp); - ret = - gnutls_x509_crt_get_subject_key_id - (list->node[i].trusted_cas[j], tmp, - &tmp_size, NULL); + ret = gnutls_x509_crt_get_subject_key_id( + list->node[i].trusted_cas[j], tmp, + &tmp_size, NULL); if (ret < 0) continue; - if (spki->size != tmp_size - || memcmp(spki->data, tmp, spki->size) != 0) + if (spki->size != tmp_size || + memcmp(spki->data, tmp, spki->size) != 0) continue; *issuer = crt_cpy(list->node[i].trusted_cas[j]); @@ -1097,7 +1065,7 @@ int trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list, **/ int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert, - gnutls_x509_crt_t * issuer, + gnutls_x509_crt_t *issuer, unsigned int flags) { int ret; @@ -1112,10 +1080,9 @@ int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list, gnutls_x509_crt_t crt; gnutls_datum_t der = { NULL, 0 }; /* use the token for verification */ - ret = - gnutls_pkcs11_get_raw_issuer(list->pkcs11_token, cert, &der, - GNUTLS_X509_FMT_DER, - GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); + ret = gnutls_pkcs11_get_raw_issuer( + list->pkcs11_token, cert, &der, GNUTLS_X509_FMT_DER, + GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); if (ret < 0) { gnutls_assert(); return ret; @@ -1170,8 +1137,8 @@ int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list, * Since: 3.4.0 **/ int gnutls_x509_trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list, - const gnutls_datum_t * dn, - gnutls_x509_crt_t * issuer, + const gnutls_datum_t *dn, + gnutls_x509_crt_t *issuer, unsigned int flags) { int ret; @@ -1186,11 +1153,9 @@ int gnutls_x509_trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list, gnutls_x509_crt_t crt; gnutls_datum_t der = { NULL, 0 }; /* use the token for verification */ - ret = - gnutls_pkcs11_get_raw_issuer_by_dn(list->pkcs11_token, dn, - &der, - GNUTLS_X509_FMT_DER, - GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); + ret = gnutls_pkcs11_get_raw_issuer_by_dn( + list->pkcs11_token, dn, &der, GNUTLS_X509_FMT_DER, + GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); if (ret < 0) { gnutls_assert(); return ret; @@ -1232,15 +1197,10 @@ int gnutls_x509_trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list, * * Since: 3.4.2 **/ -int gnutls_x509_trust_list_get_issuer_by_subject_key_id(gnutls_x509_trust_list_t - list, - const gnutls_datum_t * - dn, - const gnutls_datum_t * - spki, - gnutls_x509_crt_t * - issuer, - unsigned int flags) +int gnutls_x509_trust_list_get_issuer_by_subject_key_id( + gnutls_x509_trust_list_t list, const gnutls_datum_t *dn, + const gnutls_datum_t *spki, gnutls_x509_crt_t *issuer, + unsigned int flags) { int ret; @@ -1254,10 +1214,9 @@ int gnutls_x509_trust_list_get_issuer_by_subject_key_id(gnutls_x509_trust_list_t gnutls_x509_crt_t crt; gnutls_datum_t der = { NULL, 0 }; /* use the token for verification */ - ret = - gnutls_pkcs11_get_raw_issuer_by_subject_key_id - (list->pkcs11_token, dn, spki, &der, GNUTLS_X509_FMT_DER, - GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); + ret = gnutls_pkcs11_get_raw_issuer_by_subject_key_id( + list->pkcs11_token, dn, spki, &der, GNUTLS_X509_FMT_DER, + GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); if (ret < 0) { gnutls_assert(); return ret; @@ -1283,11 +1242,10 @@ int gnutls_x509_trust_list_get_issuer_by_subject_key_id(gnutls_x509_trust_list_t return ret; } -static -int check_if_in_blocklist(gnutls_x509_crt_t * cert_list, - unsigned int cert_list_size, - gnutls_x509_crt_t * blocklist, - unsigned int blocklist_size) +static int check_if_in_blocklist(gnutls_x509_crt_t *cert_list, + unsigned int cert_list_size, + gnutls_x509_crt_t *blocklist, + unsigned int blocklist_size) { unsigned i, j; @@ -1296,8 +1254,8 @@ int check_if_in_blocklist(gnutls_x509_crt_t * cert_list, for (i = 0; i < cert_list_size; i++) { for (j = 0; j < blocklist_size; j++) { - if (gnutls_x509_crt_equals(cert_list[i], blocklist[j]) - != 0) { + if (gnutls_x509_crt_equals(cert_list[i], + blocklist[j]) != 0) { return 1; } } @@ -1326,28 +1284,26 @@ int check_if_in_blocklist(gnutls_x509_crt_t * cert_list, * * Since: 3.0 **/ -int -gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list, - gnutls_x509_crt_t * cert_list, - unsigned int cert_list_size, - unsigned int flags, - unsigned int *voutput, - gnutls_verify_output_function func) +int gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list, + gnutls_x509_crt_t *cert_list, + unsigned int cert_list_size, + unsigned int flags, unsigned int *voutput, + gnutls_verify_output_function func) { - return gnutls_x509_trust_list_verify_crt2(list, cert_list, - cert_list_size, NULL, 0, - flags, voutput, func); + return gnutls_x509_trust_list_verify_crt2( + list, cert_list, cert_list_size, NULL, 0, flags, voutput, func); } -#define LAST_DN cert_list[cert_list_size-1]->raw_dn -#define LAST_IDN cert_list[cert_list_size-1]->raw_issuer_dn +#define LAST_DN cert_list[cert_list_size - 1]->raw_dn +#define LAST_IDN cert_list[cert_list_size - 1]->raw_issuer_dn /* This macro is introduced to detect a verification output which * indicates an unknown signer, a signer which uses an insecure * algorithm (e.g., sha1), a signer has expired, or something that * indicates a superseded signer */ -#define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || \ - (output & GNUTLS_CERT_EXPIRED) || \ - (output & GNUTLS_CERT_INSECURE_ALGORITHM)) +#define SIGNER_OLD_OR_UNKNOWN(output) \ + ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || \ + (output & GNUTLS_CERT_EXPIRED) || \ + (output & GNUTLS_CERT_INSECURE_ALGORITHM)) #define SIGNER_WAS_KNOWN(output) (!(output & GNUTLS_CERT_SIGNER_NOT_FOUND)) /** @@ -1396,15 +1352,11 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list, * * Since: 3.3.8 **/ -int -gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, - gnutls_x509_crt_t * cert_list, - unsigned int cert_list_size, - gnutls_typed_vdata_st * data, - unsigned int elements, - unsigned int flags, - unsigned int *voutput, - gnutls_verify_output_function func) +int gnutls_x509_trust_list_verify_crt2( + gnutls_x509_trust_list_t list, gnutls_x509_crt_t *cert_list, + unsigned int cert_list_size, gnutls_typed_vdata_st *data, + unsigned int elements, unsigned int flags, unsigned int *voutput, + gnutls_verify_output_function func) { int ret = 0; unsigned int i; @@ -1430,8 +1382,8 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, } if (have_set_name != 0) - return - gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val( + GNUTLS_E_INVALID_REQUEST); have_set_name = 1; } else if (data[i].type == GNUTLS_DT_IP_ADDRESS) { if (data[i].size > 0) { @@ -1440,32 +1392,29 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, } if (have_set_name != 0) - return - gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val( + GNUTLS_E_INVALID_REQUEST); have_set_name = 1; } else if (data[i].type == GNUTLS_DT_RFC822NAME) { email = (void *)data[i].data; if (have_set_name != 0) - return - gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val( + GNUTLS_E_INVALID_REQUEST); have_set_name = 1; } else if (data[i].type == GNUTLS_DT_KEY_PURPOSE_OID) { purpose = (void *)data[i].data; } } - if (hostname) { /* shortcut using the named certs - if any */ + if (hostname) { /* shortcut using the named certs - if any */ unsigned vtmp = 0; if (hostname_size == 0) hostname_size = strlen(hostname); - ret = gnutls_x509_trust_list_verify_named_crt(list, - cert_list[0], - hostname, - hostname_size, - flags, &vtmp, - func); + ret = gnutls_x509_trust_list_verify_named_crt( + list, cert_list[0], hostname, hostname_size, flags, + &vtmp, func); if (ret == 0 && vtmp == 0) { *voutput = vtmp; return 0; @@ -1475,14 +1424,13 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, memcpy(sorted, cert_list, cert_list_size * sizeof(gnutls_x509_crt_t)); cert_list = sorted; - records = - gl_list_nx_create_empty(GL_LINKEDHASH_LIST, cert_eq, cert_hashcode, - NULL, false); + records = gl_list_nx_create_empty(GL_LINKEDHASH_LIST, cert_eq, + cert_hashcode, NULL, false); if (records == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); for (i = 0; i < cert_list_size && - cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH;) { + cert_list_size <= DEFAULT_MAX_VERIFY_DEPTH;) { unsigned int sorted_size = 1; unsigned int j; gnutls_x509_crt_t issuer; @@ -1520,11 +1468,9 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, /* If the issuer of the certificate is known, no need * for further processing. */ - if (gnutls_x509_trust_list_get_issuer(list, - cert_list[i - 1], - &issuer, - GNUTLS_TL_GET_COPY) == - 0) { + if (gnutls_x509_trust_list_get_issuer( + list, cert_list[i - 1], &issuer, + GNUTLS_TL_GET_COPY) == 0) { gnutls_x509_crt_deinit(issuer); cert_list_size = i; break; @@ -1538,22 +1484,19 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, continue; } - ret = retrieve_issuers(list, - cert_list[i - 1], - &retrieved[retrieved_size], - DEFAULT_MAX_VERIFY_DEPTH - - MAX(retrieved_size, cert_list_size)); + ret = retrieve_issuers( + list, cert_list[i - 1], &retrieved[retrieved_size], + DEFAULT_MAX_VERIFY_DEPTH - + MAX(retrieved_size, cert_list_size)); if (ret < 0) { break; } else if (ret > 0) { assert((unsigned int)ret <= DEFAULT_MAX_VERIFY_DEPTH - cert_list_size); - memmove(&cert_list[i + ret], - &cert_list[i], + memmove(&cert_list[i + ret], &cert_list[i], (cert_list_size - i) * - sizeof(gnutls_x509_crt_t)); - memcpy(&cert_list[i], - &retrieved[retrieved_size], + sizeof(gnutls_x509_crt_t)); + memcpy(&cert_list[i], &retrieved[retrieved_size], ret * sizeof(gnutls_x509_crt_t)); retrieved_size += ret; cert_list_size += ret; @@ -1568,13 +1511,12 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, if (cert_list_size <= 0) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - hash = - hash_pjw_bare(cert_list[cert_list_size - 1]->raw_issuer_dn.data, - cert_list[cert_list_size - 1]->raw_issuer_dn.size); + hash = hash_pjw_bare(cert_list[cert_list_size - 1]->raw_issuer_dn.data, + cert_list[cert_list_size - 1]->raw_issuer_dn.size); hash %= list->size; - ret = check_if_in_blocklist(cert_list, cert_list_size, - list->distrusted, list->distrusted_size); + ret = check_if_in_blocklist(cert_list, cert_list_size, list->distrusted, + list->distrusted_size); if (ret != 0) { *voutput = 0; *voutput |= GNUTLS_CERT_REVOKED; @@ -1583,33 +1525,30 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, goto cleanup; } - *voutput = - _gnutls_verify_crt_status(list, cert_list, cert_list_size, - list->node[hash].trusted_cas, - list->node[hash].trusted_ca_size, - flags, purpose, func); + *voutput = _gnutls_verify_crt_status(list, cert_list, cert_list_size, + list->node[hash].trusted_cas, + list->node[hash].trusted_ca_size, + flags, purpose, func); saved_output = *voutput; if (SIGNER_OLD_OR_UNKNOWN(*voutput) && (LAST_DN.size != LAST_IDN.size || memcmp(LAST_DN.data, LAST_IDN.data, LAST_IDN.size) != 0)) { - /* if we couldn't find the issuer, try to see if the last * certificate is in the trusted list and try to verify against * (if it is not self signed) */ - hash = - hash_pjw_bare(cert_list[cert_list_size - 1]->raw_dn.data, - cert_list[cert_list_size - 1]->raw_dn.size); + hash = hash_pjw_bare( + cert_list[cert_list_size - 1]->raw_dn.data, + cert_list[cert_list_size - 1]->raw_dn.size); hash %= list->size; - _gnutls_debug_log - ("issuer in verification was not found or insecure; trying against trust list\n"); + _gnutls_debug_log( + "issuer in verification was not found or insecure; trying against trust list\n"); - *voutput = - _gnutls_verify_crt_status(list, cert_list, cert_list_size, - list->node[hash].trusted_cas, - list->node[hash].trusted_ca_size, - flags, purpose, func); + *voutput = _gnutls_verify_crt_status( + list, cert_list, cert_list_size, + list->node[hash].trusted_cas, + list->node[hash].trusted_ca_size, flags, purpose, func); if (*voutput != 0) { if (SIGNER_WAS_KNOWN(saved_output)) *voutput = saved_output; @@ -1623,10 +1562,9 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, if (SIGNER_OLD_OR_UNKNOWN(*voutput) && list->pkcs11_token) { /* use the token for verification */ - *voutput = - _gnutls_pkcs11_verify_crt_status(list, list->pkcs11_token, - cert_list, cert_list_size, - purpose, flags, func); + *voutput = _gnutls_pkcs11_verify_crt_status( + list, list->pkcs11_token, cert_list, cert_list_size, + purpose, flags, func); if (*voutput != 0) { if (SIGNER_WAS_KNOWN(saved_output)) *voutput = saved_output; @@ -1640,30 +1578,28 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, ret = _gnutls_check_key_purpose(cert_list[0], purpose, 0); if (ret != 1) { gnutls_assert(); - *voutput |= - GNUTLS_CERT_PURPOSE_MISMATCH | GNUTLS_CERT_INVALID; + *voutput |= GNUTLS_CERT_PURPOSE_MISMATCH | + GNUTLS_CERT_INVALID; } } if (hostname) { - ret = - gnutls_x509_crt_check_hostname2(cert_list[0], hostname, - flags); + ret = gnutls_x509_crt_check_hostname2(cert_list[0], hostname, + flags); if (ret == 0) { gnutls_assert(); - *voutput |= - GNUTLS_CERT_UNEXPECTED_OWNER | GNUTLS_CERT_INVALID; + *voutput |= GNUTLS_CERT_UNEXPECTED_OWNER | + GNUTLS_CERT_INVALID; } } if (ip.data) { - ret = - gnutls_x509_crt_check_ip(cert_list[0], ip.data, ip.size, - flags); + ret = gnutls_x509_crt_check_ip(cert_list[0], ip.data, ip.size, + flags); if (ret == 0) { gnutls_assert(); - *voutput |= - GNUTLS_CERT_UNEXPECTED_OWNER | GNUTLS_CERT_INVALID; + *voutput |= GNUTLS_CERT_UNEXPECTED_OWNER | + GNUTLS_CERT_INVALID; } } @@ -1671,8 +1607,8 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, ret = gnutls_x509_crt_check_email(cert_list[0], email, 0); if (ret == 0) { gnutls_assert(); - *voutput |= - GNUTLS_CERT_UNEXPECTED_OWNER | GNUTLS_CERT_INVALID; + *voutput |= GNUTLS_CERT_UNEXPECTED_OWNER | + GNUTLS_CERT_INVALID; } } @@ -1686,12 +1622,11 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, /* Check revocation of individual certificates. * start with the last one that we already have its hash */ - ret = - _gnutls_x509_crt_check_revocation(cert_list - [cert_list_size - 1], - list->node[hash].crls, - list->node[hash].crl_size, func); - if (ret == 1) { /* revoked */ + ret = _gnutls_x509_crt_check_revocation(cert_list[cert_list_size - 1], + list->node[hash].crls, + list->node[hash].crl_size, + func); + if (ret == 1) { /* revoked */ *voutput |= GNUTLS_CERT_REVOKED; *voutput |= GNUTLS_CERT_INVALID; ret = 0; @@ -1699,18 +1634,16 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, } for (i = 0; i < cert_list_size - 1; i++) { - hash = - hash_pjw_bare(cert_list[i]->raw_issuer_dn.data, - cert_list[i]->raw_issuer_dn.size); + hash = hash_pjw_bare(cert_list[i]->raw_issuer_dn.data, + cert_list[i]->raw_issuer_dn.size); hash %= list->size; - ret = _gnutls_x509_crt_check_revocation(cert_list[i], - list->node[hash].crls, - list->node[hash]. - crl_size, func); + ret = _gnutls_x509_crt_check_revocation( + cert_list[i], list->node[hash].crls, + list->node[hash].crl_size, func); if (ret < 0) { gnutls_assert(); - } else if (ret == 1) { /* revoked */ + } else if (ret == 1) { /* revoked */ *voutput |= GNUTLS_CERT_REVOKED; *voutput |= GNUTLS_CERT_INVALID; ret = 0; @@ -1718,7 +1651,7 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, } } - cleanup: +cleanup: for (i = 0; i < retrieved_size; i++) { gnutls_x509_crt_deinit(retrieved[i]); } @@ -1752,25 +1685,23 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, * * Since: 3.0.0 **/ -int -gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list, - gnutls_x509_crt_t cert, - const void *name, - size_t name_size, - unsigned int flags, - unsigned int *voutput, - gnutls_verify_output_function func) +int gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list, + gnutls_x509_crt_t cert, + const void *name, size_t name_size, + unsigned int flags, + unsigned int *voutput, + gnutls_verify_output_function func) { int ret; unsigned int i; size_t hash; - hash = - hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size); + hash = hash_pjw_bare(cert->raw_issuer_dn.data, + cert->raw_issuer_dn.size); hash %= list->size; - ret = check_if_in_blocklist(&cert, 1, - list->distrusted, list->distrusted_size); + ret = check_if_in_blocklist(&cert, 1, list->distrusted, + list->distrusted_size); if (ret != 0) { *voutput = 0; *voutput |= GNUTLS_CERT_REVOKED; @@ -1781,11 +1712,13 @@ gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list, *voutput = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND; for (i = 0; i < list->node[hash].named_cert_size; i++) { - if (gnutls_x509_crt_equals(cert, list->node[hash].named_certs[i].cert) != 0) { /* check if name matches */ + if (gnutls_x509_crt_equals( + cert, list->node[hash].named_certs[i].cert) != + 0) { /* check if name matches */ if (list->node[hash].named_certs[i].name_size == - name_size - && memcmp(list->node[hash].named_certs[i].name, - name, name_size) == 0) { + name_size && + memcmp(list->node[hash].named_certs[i].name, name, + name_size) == 0) { *voutput = 0; break; } @@ -1798,11 +1731,9 @@ gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list, /* Check revocation of individual certificates. * start with the last one that we already have its hash */ - ret = _gnutls_x509_crt_check_revocation(cert, - list->node[hash].crls, - list->node[hash].crl_size, - func); - if (ret == 1) { /* revoked */ + ret = _gnutls_x509_crt_check_revocation( + cert, list->node[hash].crls, list->node[hash].crl_size, func); + if (ret == 1) { /* revoked */ *voutput |= GNUTLS_CERT_REVOKED; *voutput |= GNUTLS_CERT_INVALID; return 0; @@ -1812,8 +1743,8 @@ gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list, } /* return 1 if @cert is in @list, 0 if not */ -int -_gnutls_trustlist_inlist(gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert) +int _gnutls_trustlist_inlist(gnutls_x509_trust_list_t list, + gnutls_x509_crt_t cert) { int ret; unsigned int i; @@ -1823,9 +1754,8 @@ _gnutls_trustlist_inlist(gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert) hash %= list->size; for (i = 0; i < list->node[hash].trusted_ca_size; i++) { - ret = - gnutls_x509_crt_equals(cert, - list->node[hash].trusted_cas[i]); + ret = gnutls_x509_crt_equals(cert, + list->node[hash].trusted_cas[i]); if (ret != 0) return 1; } diff --git a/lib/x509/verify-high.h b/lib/x509/verify-high.h index e2bec75261..6c5ed15729 100644 --- a/lib/x509/verify-high.h +++ b/lib/x509/verify-high.h @@ -21,7 +21,7 @@ */ #ifndef GNUTLS_LIB_X509_VERIFY_HIGH_H -# define GNUTLS_LIB_X509_VERIFY_HIGH_H +#define GNUTLS_LIB_X509_VERIFY_HIGH_H struct gnutls_x509_trust_list_st { unsigned int size; @@ -52,4 +52,4 @@ struct gnutls_x509_trust_list_st { int _gnutls_trustlist_inlist(gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert); -#endif /* GNUTLS_LIB_X509_VERIFY_HIGH_H */ +#endif /* GNUTLS_LIB_X509_VERIFY_HIGH_H */ diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index 7391fa273c..ada4860450 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -40,13 +40,13 @@ #include <dirent.h> #if !defined(_DIRENT_HAVE_D_TYPE) && !defined(__native_client__) -# ifdef DT_UNKNOWN -# define _DIRENT_HAVE_D_TYPE -# endif +#ifdef DT_UNKNOWN +#define _DIRENT_HAVE_D_TYPE +#endif #endif #ifdef _WIN32 -# include <tchar.h> +#include <tchar.h> #endif /* Convenience functions for verify-high functionality @@ -71,13 +71,12 @@ * * Since: 3.1 **/ -int -gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list, - const gnutls_datum_t * cas, - const gnutls_datum_t * crls, - gnutls_x509_crt_fmt_t type, - unsigned int tl_flags, - unsigned int tl_vflags) +int gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list, + const gnutls_datum_t *cas, + const gnutls_datum_t *crls, + gnutls_x509_crt_fmt_t type, + unsigned int tl_flags, + unsigned int tl_vflags) { int ret; gnutls_x509_crt_t *x509_ca_list = NULL; @@ -89,17 +88,14 @@ gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list, * that unaccounted certificates/CRLs are deinitialized. */ if (cas != NULL && cas->data != NULL) { - ret = - gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas, - cas, type, 0); + ret = gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas, + cas, type, 0); if (ret < 0) return gnutls_assert_val(ret); - ret = - gnutls_x509_trust_list_add_cas(list, x509_ca_list, - x509_ncas, - tl_flags | - GNUTLS_TL_NO_DUPLICATES); + ret = gnutls_x509_trust_list_add_cas( + list, x509_ca_list, x509_ncas, + tl_flags | GNUTLS_TL_NO_DUPLICATES); gnutls_free(x509_ca_list); if (ret < 0) @@ -109,18 +105,14 @@ gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list, } if (crls != NULL && crls->data != NULL) { - ret = - gnutls_x509_crl_list_import2(&x509_crl_list, - &x509_ncrls, crls, type, 0); + ret = gnutls_x509_crl_list_import2(&x509_crl_list, &x509_ncrls, + crls, type, 0); if (ret < 0) return gnutls_assert_val(ret); - ret = - gnutls_x509_trust_list_add_crls(list, x509_crl_list, - x509_ncrls, - tl_flags | - GNUTLS_TL_NO_DUPLICATES, - tl_vflags); + ret = gnutls_x509_trust_list_add_crls( + list, x509_crl_list, x509_ncrls, + tl_flags | GNUTLS_TL_NO_DUPLICATES, tl_vflags); gnutls_free(x509_crl_list); if (ret < 0) @@ -147,10 +139,9 @@ gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list, * * Since: 3.1.10 **/ -int -gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list, - const gnutls_datum_t * cas, - gnutls_x509_crt_fmt_t type) +int gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list, + const gnutls_datum_t *cas, + gnutls_x509_crt_fmt_t type) { int ret; gnutls_x509_crt_t *x509_ca_list = NULL; @@ -158,15 +149,13 @@ gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list, unsigned int r = 0, i; if (cas != NULL && cas->data != NULL) { - ret = - gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas, - cas, type, 0); + ret = gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas, + cas, type, 0); if (ret < 0) return gnutls_assert_val(ret); - ret = - gnutls_x509_trust_list_remove_cas(list, x509_ca_list, - x509_ncas); + ret = gnutls_x509_trust_list_remove_cas(list, x509_ca_list, + x509_ncas); for (i = 0; i < x509_ncas; i++) gnutls_x509_crt_deinit(x509_ca_list[i]); @@ -182,8 +171,7 @@ gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list, } #ifdef ENABLE_PKCS11 -static -int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file) +static int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file) { if (strcmp(ca_file, list->pkcs11_token) == 0) { gnutls_free(list->pkcs11_token); @@ -195,9 +183,8 @@ int remove_pkcs11_url(gnutls_x509_trust_list_t list, const char *ca_file) * CA certificates are imported directly, rather than using it as a * trusted PKCS#11 token. */ -static -int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, - const char *url, unsigned flags) +static int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, + const char *url, unsigned flags) { gnutls_x509_crt_t *xcrt_list = NULL; gnutls_pkcs11_obj_t *pcrt_list = NULL; @@ -207,12 +194,11 @@ int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, /* here we don't use the flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE, * as we want to explicitly load from any module available in the system. */ - ret = - gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, - url, - GNUTLS_PKCS11_OBJ_FLAG_CRT | - GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, - 0); + ret = gnutls_pkcs11_obj_list_import_url2( + &pcrt_list, &pcrt_list_size, url, + GNUTLS_PKCS11_OBJ_FLAG_CRT | + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, + 0); if (ret < 0) return gnutls_assert_val(ret); @@ -228,19 +214,17 @@ int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, goto cleanup; } - ret = - gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size, - pcrt_list, 0); + ret = gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size, + pcrt_list, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - gnutls_x509_trust_list_add_cas(list, xcrt_list, pcrt_list_size, - flags); + ret = gnutls_x509_trust_list_add_cas(list, xcrt_list, pcrt_list_size, + flags); - cleanup: +cleanup: for (i = 0; i < pcrt_list_size; i++) gnutls_pkcs11_obj_deinit(pcrt_list[i]); gnutls_free(pcrt_list); @@ -249,20 +233,19 @@ int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, return ret; } -static -int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url) +static int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, + const char *url) { gnutls_x509_crt_t *xcrt_list = NULL; gnutls_pkcs11_obj_t *pcrt_list = NULL; unsigned int pcrt_list_size = 0, i; int ret; - ret = - gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, - url, - GNUTLS_PKCS11_OBJ_FLAG_CRT | - GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, - 0); + ret = gnutls_pkcs11_obj_list_import_url2( + &pcrt_list, &pcrt_list_size, url, + GNUTLS_PKCS11_OBJ_FLAG_CRT | + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, + 0); if (ret < 0) return gnutls_assert_val(ret); @@ -278,18 +261,17 @@ int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url) goto cleanup; } - ret = - gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size, - pcrt_list, 0); + ret = gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size, + pcrt_list, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - gnutls_x509_trust_list_remove_cas(list, xcrt_list, pcrt_list_size); + ret = gnutls_x509_trust_list_remove_cas(list, xcrt_list, + pcrt_list_size); - cleanup: +cleanup: for (i = 0; i < pcrt_list_size; i++) { gnutls_pkcs11_obj_deinit(pcrt_list[i]); if (xcrt_list) @@ -322,13 +304,12 @@ int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url) * * Since: 3.1 **/ -int -gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, - const char *ca_file, - const char *crl_file, - gnutls_x509_crt_fmt_t type, - unsigned int tl_flags, - unsigned int tl_vflags) +int gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, + const char *ca_file, + const char *crl_file, + gnutls_x509_crt_fmt_t type, + unsigned int tl_flags, + unsigned int tl_vflags) { gnutls_datum_t cas = { NULL, 0 }; gnutls_datum_t crls = { NULL, 0 }; @@ -344,31 +325,24 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, * otherwise import the individual certificates. */ if (is_pkcs11_url_object(ca_file) != 0) { - return add_trust_list_pkcs11_object_url(list, - ca_file, - tl_flags); - } else { /* trusted token */ + return add_trust_list_pkcs11_object_url( + list, ca_file, tl_flags); + } else { /* trusted token */ if (list->pkcs11_token != NULL) - return - gnutls_assert_val - (GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val( + GNUTLS_E_INVALID_REQUEST); list->pkcs11_token = gnutls_strdup(ca_file); /* enumerate the certificates */ - ret = - gnutls_pkcs11_obj_list_import_url(NULL, - &pcrt_list_size, - ca_file, - (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE - | - GNUTLS_PKCS11_OBJ_FLAG_CRT - | - GNUTLS_PKCS11_OBJ_FLAG_MARK_CA - | - GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED), - 0); - if (ret < 0 - && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + ret = gnutls_pkcs11_obj_list_import_url( + NULL, &pcrt_list_size, ca_file, + (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE | + GNUTLS_PKCS11_OBJ_FLAG_CRT | + GNUTLS_PKCS11_OBJ_FLAG_MARK_CA | + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED), + 0); + if (ret < 0 && + ret != GNUTLS_E_SHORT_MEMORY_BUFFER) return gnutls_assert_val(ret); return pcrt_list_size; @@ -394,20 +368,17 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, crls.size = size; } - ret = - gnutls_x509_trust_list_add_trust_mem(list, &cas, &crls, type, - tl_flags, tl_vflags); + ret = gnutls_x509_trust_list_add_trust_mem(list, &cas, &crls, type, + tl_flags, tl_vflags); free(crls.data); free(cas.data); return ret; } -static -int load_dir_certs(const char *dirname, - gnutls_x509_trust_list_t list, - unsigned int tl_flags, unsigned int tl_vflags, - unsigned type, unsigned crl) +static int load_dir_certs(const char *dirname, gnutls_x509_trust_list_t list, + unsigned int tl_flags, unsigned int tl_vflags, + unsigned type, unsigned crl) { int ret; int r = 0; @@ -428,7 +399,7 @@ int load_dir_certs(const char *dirname, base_len = pathbuf.len; while ((d = readdir(dirp)) != NULL) { -# ifdef _DIRENT_HAVE_D_TYPE +#ifdef _DIRENT_HAVE_D_TYPE switch (d->d_type) { case DT_REG: case DT_LNK: @@ -437,19 +408,19 @@ int load_dir_certs(const char *dirname, default: continue; } -# endif +#endif ret = _gnutls_pathbuf_append(&pathbuf, d->d_name); if (ret < 0) { continue; } if (crl != 0) { - ret = gnutls_x509_trust_list_add_trust_file - (list, NULL, pathbuf.ptr, type, tl_flags, - tl_vflags); + ret = gnutls_x509_trust_list_add_trust_file( + list, NULL, pathbuf.ptr, type, tl_flags, + tl_vflags); } else { - ret = gnutls_x509_trust_list_add_trust_file - (list, pathbuf.ptr, NULL, type, tl_flags, - tl_vflags); + ret = gnutls_x509_trust_list_add_trust_file( + list, pathbuf.ptr, NULL, type, tl_flags, + tl_vflags); } if (ret >= 0) { r += ret; @@ -459,25 +430,25 @@ int load_dir_certs(const char *dirname, _gnutls_pathbuf_deinit(&pathbuf); closedir(dirp); } -#else /* _WIN32 */ +#else /* _WIN32 */ _TDIR *dirp; struct _tdirent *d; gnutls_datum_t utf16 = { NULL, 0 }; -# undef UCS2_ENDIAN -# ifdef WORDS_BIGENDIAN -# define UCS2_ENDIAN 1 -# else -# define UCS2_ENDIAN 0 -# endif +#undef UCS2_ENDIAN +#ifdef WORDS_BIGENDIAN +#define UCS2_ENDIAN 1 +#else +#define UCS2_ENDIAN 0 +#endif - ret = - _gnutls_utf8_to_ucs2(dirname, strlen(dirname), &utf16, UCS2_ENDIAN); + ret = _gnutls_utf8_to_ucs2(dirname, strlen(dirname), &utf16, + UCS2_ENDIAN); if (ret < 0) { return gnutls_assert_val(ret); } - dirp = _topendir((_TCHAR *) utf16.data); + dirp = _topendir((_TCHAR *)utf16.data); gnutls_free(utf16.data); if (dirp != NULL) { size_t base_len; @@ -490,7 +461,7 @@ int load_dir_certs(const char *dirname, base_len = pathbuf.len; while ((d = _treaddir(dirp)) != NULL) { gnutls_datum_t utf8 = { NULL, 0 }; -# ifdef _DIRENT_HAVE_D_TYPE +#ifdef _DIRENT_HAVE_D_TYPE switch (d->d_type) { case DT_REG: case DT_LNK: @@ -499,11 +470,10 @@ int load_dir_certs(const char *dirname, default: continue; } -# endif - ret = _gnutls_ucs2_to_utf8(d->d_name, - d->d_namlen * - sizeof(d->d_name[0]), &utf8, - UCS2_ENDIAN); +#endif + ret = _gnutls_ucs2_to_utf8( + d->d_name, d->d_namlen * sizeof(d->d_name[0]), + &utf8, UCS2_ENDIAN); if (ret < 0) { continue; } @@ -514,13 +484,13 @@ int load_dir_certs(const char *dirname, } if (crl != 0) { - ret = gnutls_x509_trust_list_add_trust_file - (list, NULL, pathbuf.ptr, type, tl_flags, - tl_vflags); + ret = gnutls_x509_trust_list_add_trust_file( + list, NULL, pathbuf.ptr, type, tl_flags, + tl_vflags); } else { - ret = gnutls_x509_trust_list_add_trust_file - (list, pathbuf.ptr, NULL, type, tl_flags, - tl_vflags); + ret = gnutls_x509_trust_list_add_trust_file( + list, pathbuf.ptr, NULL, type, tl_flags, + tl_vflags); } if (ret >= 0) r += ret; @@ -529,8 +499,8 @@ int load_dir_certs(const char *dirname, _gnutls_pathbuf_deinit(&pathbuf); _tclosedir(dirp); } -# undef UCS2_ENDIAN -#endif /* _WIN32 */ +#undef UCS2_ENDIAN +#endif /* _WIN32 */ return r; } @@ -551,13 +521,12 @@ int load_dir_certs(const char *dirname, * * Since: 3.3.6 **/ -int -gnutls_x509_trust_list_add_trust_dir(gnutls_x509_trust_list_t list, - const char *ca_dir, - const char *crl_dir, - gnutls_x509_crt_fmt_t type, - unsigned int tl_flags, - unsigned int tl_vflags) +int gnutls_x509_trust_list_add_trust_dir(gnutls_x509_trust_list_t list, + const char *ca_dir, + const char *crl_dir, + gnutls_x509_crt_fmt_t type, + unsigned int tl_flags, + unsigned int tl_vflags) { int ret = 0; @@ -597,10 +566,9 @@ gnutls_x509_trust_list_add_trust_dir(gnutls_x509_trust_list_t list, * * Since: 3.1.10 **/ -int -gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list, - const char *ca_file, - gnutls_x509_crt_fmt_t type) +int gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list, + const char *ca_file, + gnutls_x509_crt_fmt_t type) { gnutls_datum_t cas = { NULL, 0 }; size_t size; @@ -610,7 +578,7 @@ gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list, if (c_strncasecmp(ca_file, PKCS11_URL, PKCS11_URL_SIZE) == 0) { if (is_pkcs11_url_object(ca_file) != 0) { return remove_pkcs11_object_url(list, ca_file); - } else { /* token */ + } else { /* token */ return remove_pkcs11_url(list, ca_file); } } else diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 52ccedbe31..8f28ee9157 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -30,7 +30,7 @@ #include "errors.h" #include <libtasn1.h> #include <global.h> -#include <num.h> /* MAX */ +#include <num.h> /* MAX */ #include <tls-sig.h> #include <str.h> #include <datum.h> @@ -45,9 +45,8 @@ /* Checks if two certs have the same name and the same key. Return 1 on match. * If @is_ca is zero then this function is identical to gnutls_x509_crt_equals() */ -unsigned -_gnutls_check_if_same_key(gnutls_x509_crt_t cert1, - gnutls_x509_crt_t cert2, unsigned is_ca) +unsigned _gnutls_check_if_same_key(gnutls_x509_crt_t cert1, + gnutls_x509_crt_t cert2, unsigned is_ca) { int ret; unsigned result; @@ -59,12 +58,10 @@ _gnutls_check_if_same_key(gnutls_x509_crt_t cert1, if (ret == 0) return 0; - if (cert1->raw_spki.size > 0 - && (cert1->raw_spki.size == cert2->raw_spki.size) - && - (memcmp - (cert1->raw_spki.data, cert2->raw_spki.data, - cert1->raw_spki.size) == 0)) + if (cert1->raw_spki.size > 0 && + (cert1->raw_spki.size == cert2->raw_spki.size) && + (memcmp(cert1->raw_spki.data, cert2->raw_spki.data, + cert1->raw_spki.size) == 0)) result = 1; else result = 0; @@ -72,8 +69,8 @@ _gnutls_check_if_same_key(gnutls_x509_crt_t cert1, return result; } -unsigned -_gnutls_check_if_same_key2(gnutls_x509_crt_t cert1, gnutls_datum_t * cert2bin) +unsigned _gnutls_check_if_same_key2(gnutls_x509_crt_t cert1, + gnutls_datum_t *cert2bin) { int ret; gnutls_x509_crt_t cert2; @@ -111,9 +108,8 @@ static unsigned check_for_unknown_exts(gnutls_x509_crt_t cert) oid[0] = 0; critical = 0; - ret = - gnutls_x509_crt_get_extension_info(cert, i, oid, &oid_size, - &critical); + ret = gnutls_x509_crt_get_extension_info(cert, i, oid, + &oid_size, &critical); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { return 0; } else if (ret < 0) { @@ -128,8 +124,8 @@ static unsigned check_for_unknown_exts(gnutls_x509_crt_t cert) if (is_ext_oid_supported(oid, oid_size) == NULL) { gnutls_assert(); - _gnutls_debug_log - ("Unsupported critical extension: %s\n", oid); + _gnutls_debug_log( + "Unsupported critical extension: %s\n", oid); return 1; } } @@ -144,9 +140,8 @@ static unsigned check_for_unknown_exts(gnutls_x509_crt_t cert) * Returns true or false, if the issuer is a CA, * or not. */ -static unsigned -check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, - unsigned int *max_path, unsigned int flags) +static unsigned check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + unsigned int *max_path, unsigned int flags) { gnutls_datum_t cert_signed_data = { NULL, 0 }; gnutls_datum_t issuer_signed_data = { NULL, 0 }; @@ -161,33 +156,30 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, * certificates to be able to verify themselves. */ - ret = - _gnutls_x509_get_signed_data(issuer->cert, &issuer->der, - "tbsCertificate", &issuer_signed_data); + ret = _gnutls_x509_get_signed_data(issuer->cert, &issuer->der, + "tbsCertificate", + &issuer_signed_data); if (ret < 0) { gnutls_assert(); goto fail; } - ret = - _gnutls_x509_get_signed_data(cert->cert, &cert->der, - "tbsCertificate", &cert_signed_data); + ret = _gnutls_x509_get_signed_data(cert->cert, &cert->der, + "tbsCertificate", &cert_signed_data); if (ret < 0) { gnutls_assert(); goto fail; } - ret = - _gnutls_x509_get_signature(issuer->cert, "signature", - &issuer_signature); + ret = _gnutls_x509_get_signature(issuer->cert, "signature", + &issuer_signature); if (ret < 0) { gnutls_assert(); goto fail; } - ret = - _gnutls_x509_get_signature(cert->cert, "signature", - &cert_signature); + ret = _gnutls_x509_get_signature(cert->cert, "signature", + &cert_signature); if (ret < 0) { gnutls_assert(); goto fail; @@ -198,23 +190,19 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) if (cert_signed_data.size == issuer_signed_data.size) { - if ((memcmp - (cert_signed_data.data, - issuer_signed_data.data, - cert_signed_data.size) == 0) - && (cert_signature.size == issuer_signature.size) - && - (memcmp - (cert_signature.data, issuer_signature.data, - cert_signature.size) == 0)) { + if ((memcmp(cert_signed_data.data, + issuer_signed_data.data, + cert_signed_data.size) == 0) && + (cert_signature.size == issuer_signature.size) && + (memcmp(cert_signature.data, issuer_signature.data, + cert_signature.size) == 0)) { result = 1; goto cleanup; } } - ret = - gnutls_x509_crt_get_basic_constraints(issuer, NULL, &ca_status, - &pathlen); + ret = gnutls_x509_crt_get_basic_constraints(issuer, NULL, &ca_status, + &pathlen); if (ret < 0) { ca_status = 0; pathlen = -1; @@ -242,10 +230,10 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, gnutls_assert(); } - fail: +fail: result = 0; - cleanup: +cleanup: _gnutls_free_datum(&cert_signed_data); _gnutls_free_datum(&issuer_signed_data); _gnutls_free_datum(&cert_signature); @@ -268,8 +256,8 @@ static unsigned is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer) int ret; unsigned result; - if (_gnutls_x509_compare_raw_dn - (&cert->raw_issuer_dn, &issuer->raw_dn) != 0) + if (_gnutls_x509_compare_raw_dn(&cert->raw_issuer_dn, + &issuer->raw_dn) != 0) result = 1; else result = 0; @@ -279,9 +267,8 @@ static unsigned is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer) * of the issuer */ id1_size = sizeof(id1); - ret = - gnutls_x509_crt_get_authority_key_id(cert, id1, - &id1_size, NULL); + ret = gnutls_x509_crt_get_authority_key_id(cert, id1, &id1_size, + NULL); if (ret < 0) { /* If there is no authority key identifier in the * certificate, assume they match */ @@ -290,9 +277,8 @@ static unsigned is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer) } id2_size = sizeof(id2); - ret = - gnutls_x509_crt_get_subject_key_id(issuer, id2, - &id2_size, NULL); + ret = gnutls_x509_crt_get_subject_key_id(issuer, id2, &id2_size, + NULL); if (ret < 0) { /* If there is no subject key identifier in the * issuer certificate, assume they match */ @@ -307,7 +293,7 @@ static unsigned is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer) result = 0; } - cleanup: +cleanup: return result; } @@ -316,8 +302,8 @@ static unsigned is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer) */ static unsigned is_crl_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer) { - if (_gnutls_x509_compare_raw_dn - (&crl->raw_issuer_dn, &issuer->raw_dn) != 0) + if (_gnutls_x509_compare_raw_dn(&crl->raw_issuer_dn, &issuer->raw_dn) != + 0) return 1; else return 0; @@ -339,8 +325,8 @@ unsigned _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2) * are present, returns one that is activated and not expired. */ static inline gnutls_x509_crt_t -find_issuer(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * trusted_cas, int tcas_size) +find_issuer(gnutls_x509_crt_t cert, const gnutls_x509_crt_t *trusted_cas, + int tcas_size) { int i; gnutls_x509_crt_t issuer = NULL; @@ -354,12 +340,10 @@ find_issuer(gnutls_x509_crt_t cert, } else { time_t now = gnutls_time(0); - if (now < - gnutls_x509_crt_get_expiration_time - (trusted_cas[i]) - && now >= - gnutls_x509_crt_get_activation_time - (trusted_cas[i])) { + if (now < gnutls_x509_crt_get_expiration_time( + trusted_cas[i]) && + now >= gnutls_x509_crt_get_activation_time( + trusted_cas[i])) { issuer = trusted_cas[i]; } } @@ -375,14 +359,14 @@ static unsigned int check_time_status(gnutls_x509_crt_t crt, time_t now) time_t t; t = gnutls_x509_crt_get_activation_time(crt); - if (t == (time_t) - 1 || now < t) { + if (t == (time_t)-1 || now < t) { status |= GNUTLS_CERT_NOT_ACTIVATED; status |= GNUTLS_CERT_INVALID; return status; } t = gnutls_x509_crt_get_expiration_time(crt); - if (t == (time_t) - 1 || now > t) { + if (t == (time_t)-1 || now > t) { status |= GNUTLS_CERT_EXPIRED; status |= GNUTLS_CERT_INVALID; return status; @@ -391,7 +375,7 @@ static unsigned int check_time_status(gnutls_x509_crt_t crt, time_t now) return 0; } -unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st * se, +unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned int flags) { gnutls_digest_algorithm_t hash; @@ -401,55 +385,68 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st * se, return 1; /* the first two are for backwards compatibility */ - if ((se->id == GNUTLS_SIGN_RSA_MD2) - && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) + if ((se->id == GNUTLS_SIGN_RSA_MD2) && + (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) return 1; - if ((se->id == GNUTLS_SIGN_RSA_MD5) - && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)) + if ((se->id == GNUTLS_SIGN_RSA_MD5) && + (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)) return 1; hash = se->hash; - if (hash == GNUTLS_DIG_SHA1 - && (flags & GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1)) + if (hash == GNUTLS_DIG_SHA1 && + (flags & GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1)) return 1; return 0; } -#define CASE_SEC_PARAM(profile, level) \ - case profile: \ - sym_bits = gnutls_sec_param_to_symmetric_bits(level); \ - se = _gnutls_sign_to_entry(sigalg); \ - if (unlikely(se == NULL)) { \ - _gnutls_cert_log("cert", crt); \ - _gnutls_debug_log(#level": certificate's signature algorithm is unknown\n"); \ - return gnutls_assert_val(0); \ - } \ - if (unlikely(se->hash == GNUTLS_DIG_UNKNOWN)) { \ - _gnutls_cert_log("cert", crt); \ - _gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \ - return gnutls_assert_val(0); \ - } \ - if (!trusted && \ - _gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \ - _gnutls_cert_log("cert", crt); \ - _gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", _gnutls_sign_get_hash_strength(sigalg), sym_bits); \ - return gnutls_assert_val(0); \ - } \ - sp = gnutls_pk_bits_to_sec_param(pkalg, bits); \ - if (sp < level) { \ - _gnutls_cert_log("cert", crt); \ - _gnutls_debug_log(#level": certificate's security level is unacceptable\n"); \ - return gnutls_assert_val(0); \ - } \ - if (issuer) { \ - sp = gnutls_pk_bits_to_sec_param(issuer_pkalg, issuer_bits); \ - if (sp < level) { \ - _gnutls_cert_log("issuer", issuer); \ - _gnutls_debug_log(#level": certificate's issuer security level is unacceptable\n"); \ - return gnutls_assert_val(0); \ - } \ - } \ +#define CASE_SEC_PARAM(profile, level) \ + case profile: \ + sym_bits = gnutls_sec_param_to_symmetric_bits(level); \ + se = _gnutls_sign_to_entry(sigalg); \ + if (unlikely(se == NULL)) { \ + _gnutls_cert_log("cert", crt); \ + _gnutls_debug_log( \ + #level \ + ": certificate's signature algorithm is unknown\n"); \ + return gnutls_assert_val(0); \ + } \ + if (unlikely(se->hash == GNUTLS_DIG_UNKNOWN)) { \ + _gnutls_cert_log("cert", crt); \ + _gnutls_debug_log( \ + #level \ + ": certificate's signature hash is unknown\n"); \ + return gnutls_assert_val(0); \ + } \ + if (!trusted && \ + _gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \ + _gnutls_cert_log("cert", crt); \ + _gnutls_debug_log( \ + #level \ + ": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", \ + _gnutls_sign_get_hash_strength(sigalg), \ + sym_bits); \ + return gnutls_assert_val(0); \ + } \ + sp = gnutls_pk_bits_to_sec_param(pkalg, bits); \ + if (sp < level) { \ + _gnutls_cert_log("cert", crt); \ + _gnutls_debug_log( \ + #level \ + ": certificate's security level is unacceptable\n"); \ + return gnutls_assert_val(0); \ + } \ + if (issuer) { \ + sp = gnutls_pk_bits_to_sec_param(issuer_pkalg, \ + issuer_bits); \ + if (sp < level) { \ + _gnutls_cert_log("issuer", issuer); \ + _gnutls_debug_log( \ + #level \ + ": certificate's issuer security level is unacceptable\n"); \ + return gnutls_assert_val(0); \ + } \ + } \ break; /* Checks whether the provided certificates are acceptable @@ -469,7 +466,7 @@ static unsigned is_level_acceptable(gnutls_x509_crt_t crt, bool trusted, unsigned flags) { gnutls_certificate_verification_profiles_t profile = - GNUTLS_VFLAGS_TO_PROFILE(flags); + GNUTLS_VFLAGS_TO_PROFILE(flags); int issuer_pkalg = 0, pkalg, ret; unsigned bits = 0, issuer_bits = 0, sym_bits = 0; gnutls_pk_params_st params; @@ -496,7 +493,7 @@ static unsigned is_level_acceptable(gnutls_x509_crt_t crt, if (issuer) { issuer_pkalg = - gnutls_x509_crt_get_pk_algorithm(issuer, &issuer_bits); + gnutls_x509_crt_get_pk_algorithm(issuer, &issuer_bits); if (issuer_pkalg < 0) return gnutls_assert_val(0); } @@ -511,108 +508,104 @@ static unsigned is_level_acceptable(gnutls_x509_crt_t crt, CASE_SEC_PARAM(GNUTLS_PROFILE_ULTRA, GNUTLS_SEC_PARAM_ULTRA); CASE_SEC_PARAM(GNUTLS_PROFILE_FUTURE, GNUTLS_SEC_PARAM_FUTURE); case GNUTLS_PROFILE_SUITEB128: - case GNUTLS_PROFILE_SUITEB192:{ - unsigned curve, issuer_curve; + case GNUTLS_PROFILE_SUITEB192: { + unsigned curve, issuer_curve; - /* check suiteB params validity: rfc5759 */ + /* check suiteB params validity: rfc5759 */ - if (gnutls_x509_crt_get_version(crt) != 3) { - _gnutls_debug_log - ("SUITEB: certificate uses an unacceptable version number\n"); - return gnutls_assert_val(0); - } + if (gnutls_x509_crt_get_version(crt) != 3) { + _gnutls_debug_log( + "SUITEB: certificate uses an unacceptable version number\n"); + return gnutls_assert_val(0); + } - if (sigalg != GNUTLS_SIGN_ECDSA_SHA256 - && sigalg != GNUTLS_SIGN_ECDSA_SHA384) { - _gnutls_debug_log - ("SUITEB: certificate is not signed using ECDSA-SHA256 or ECDSA-SHA384\n"); - return gnutls_assert_val(0); - } + if (sigalg != GNUTLS_SIGN_ECDSA_SHA256 && + sigalg != GNUTLS_SIGN_ECDSA_SHA384) { + _gnutls_debug_log( + "SUITEB: certificate is not signed using ECDSA-SHA256 or ECDSA-SHA384\n"); + return gnutls_assert_val(0); + } - if (pkalg != GNUTLS_PK_EC) { - _gnutls_debug_log - ("SUITEB: certificate does not contain ECC parameters\n"); + if (pkalg != GNUTLS_PK_EC) { + _gnutls_debug_log( + "SUITEB: certificate does not contain ECC parameters\n"); + return gnutls_assert_val(0); + } + + if (issuer_pkalg != GNUTLS_PK_EC) { + _gnutls_debug_log( + "SUITEB: certificate's issuer does not have ECC parameters\n"); + return gnutls_assert_val(0); + } + + ret = _gnutls_x509_crt_get_mpis(crt, ¶ms); + if (ret < 0) { + _gnutls_debug_log( + "SUITEB: cannot read certificate params\n"); + return gnutls_assert_val(0); + } + + curve = params.curve; + gnutls_pk_params_release(¶ms); + + if (curve != GNUTLS_ECC_CURVE_SECP256R1 && + curve != GNUTLS_ECC_CURVE_SECP384R1) { + _gnutls_debug_log( + "SUITEB: certificate's ECC params do not contain SECP256R1 or SECP384R1\n"); + return gnutls_assert_val(0); + } + + if (profile == GNUTLS_PROFILE_SUITEB192) { + if (curve != GNUTLS_ECC_CURVE_SECP384R1) { + _gnutls_debug_log( + "SUITEB192: certificate does not use SECP384R1\n"); return gnutls_assert_val(0); } + } - if (issuer_pkalg != GNUTLS_PK_EC) { - _gnutls_debug_log - ("SUITEB: certificate's issuer does not have ECC parameters\n"); + if (issuer != NULL) { + if (gnutls_x509_crt_get_version(issuer) != 3) { + _gnutls_debug_log( + "SUITEB: certificate's issuer uses an unacceptable version number\n"); return gnutls_assert_val(0); } - ret = _gnutls_x509_crt_get_mpis(crt, ¶ms); + ret = _gnutls_x509_crt_get_mpis(issuer, ¶ms); if (ret < 0) { - _gnutls_debug_log - ("SUITEB: cannot read certificate params\n"); + _gnutls_debug_log( + "SUITEB: cannot read certificate params\n"); return gnutls_assert_val(0); } - curve = params.curve; + issuer_curve = params.curve; gnutls_pk_params_release(¶ms); - if (curve != GNUTLS_ECC_CURVE_SECP256R1 && - curve != GNUTLS_ECC_CURVE_SECP384R1) { - _gnutls_debug_log - ("SUITEB: certificate's ECC params do not contain SECP256R1 or SECP384R1\n"); + if (issuer_curve != GNUTLS_ECC_CURVE_SECP256R1 && + issuer_curve != GNUTLS_ECC_CURVE_SECP384R1) { + _gnutls_debug_log( + "SUITEB: certificate's issuer ECC params do not contain SECP256R1 or SECP384R1\n"); return gnutls_assert_val(0); } - if (profile == GNUTLS_PROFILE_SUITEB192) { - if (curve != GNUTLS_ECC_CURVE_SECP384R1) { - _gnutls_debug_log - ("SUITEB192: certificate does not use SECP384R1\n"); - return gnutls_assert_val(0); - } + if (issuer_curve < curve) { + _gnutls_debug_log( + "SUITEB: certificate's issuer ECC params are weaker than the certificate's\n"); + return gnutls_assert_val(0); } - if (issuer != NULL) { - if (gnutls_x509_crt_get_version(issuer) != 3) { - _gnutls_debug_log - ("SUITEB: certificate's issuer uses an unacceptable version number\n"); - return gnutls_assert_val(0); - } - - ret = - _gnutls_x509_crt_get_mpis(issuer, ¶ms); - if (ret < 0) { - _gnutls_debug_log - ("SUITEB: cannot read certificate params\n"); - return gnutls_assert_val(0); - } - - issuer_curve = params.curve; - gnutls_pk_params_release(¶ms); - - if (issuer_curve != GNUTLS_ECC_CURVE_SECP256R1 - && issuer_curve != - GNUTLS_ECC_CURVE_SECP384R1) { - _gnutls_debug_log - ("SUITEB: certificate's issuer ECC params do not contain SECP256R1 or SECP384R1\n"); - return gnutls_assert_val(0); - } - - if (issuer_curve < curve) { - _gnutls_debug_log - ("SUITEB: certificate's issuer ECC params are weaker than the certificate's\n"); - return gnutls_assert_val(0); - } - - if (sigalg == GNUTLS_SIGN_ECDSA_SHA256 && - issuer_curve == - GNUTLS_ECC_CURVE_SECP384R1) { - _gnutls_debug_log - ("SUITEB: certificate is signed with ECDSA-SHA256 when using SECP384R1\n"); - return gnutls_assert_val(0); - } + if (sigalg == GNUTLS_SIGN_ECDSA_SHA256 && + issuer_curve == GNUTLS_ECC_CURVE_SECP384R1) { + _gnutls_debug_log( + "SUITEB: certificate is signed with ECDSA-SHA256 when using SECP384R1\n"); + return gnutls_assert_val(0); } - - break; - case GNUTLS_PROFILE_UNKNOWN: /* already checked; avoid compiler warnings */ - _gnutls_debug_log - ("An unknown profile (%d) was encountered\n", - (int)profile); } + + break; + case GNUTLS_PROFILE_UNKNOWN: /* already checked; avoid compiler warnings */ + _gnutls_debug_log("An unknown profile (%d) was encountered\n", + (int)profile); + } } return 1; @@ -626,13 +619,16 @@ typedef struct verify_state_st { gnutls_verify_output_function *func; } verify_state_st; -#define MARK_INVALID(x) { gnutls_assert(); \ - out |= (x|GNUTLS_CERT_INVALID); \ - result = 0; } +#define MARK_INVALID(x) \ + { \ + gnutls_assert(); \ + out |= (x | GNUTLS_CERT_INVALID); \ + result = 0; \ + } static int _gnutls_x509_verify_data(gnutls_sign_algorithm_t sign, - const gnutls_datum_t * data, - const gnutls_datum_t * signature, + const gnutls_datum_t *data, + const gnutls_datum_t *signature, gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, unsigned vflags); @@ -650,10 +646,9 @@ static int _gnutls_x509_verify_data(gnutls_sign_algorithm_t sign, */ static unsigned verify_crt(gnutls_x509_trust_list_t tlist, gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size, unsigned int flags, - unsigned int *output, - verify_state_st * vparams, unsigned end_cert) + const gnutls_x509_crt_t *trusted_cas, int tcas_size, + unsigned int flags, unsigned int *output, + verify_state_st *vparams, unsigned end_cert) { gnutls_datum_t cert_signed_data = { NULL, 0 }; gnutls_datum_t cert_signature = { NULL, 0 }; @@ -677,25 +672,22 @@ static unsigned verify_crt(gnutls_x509_trust_list_t tlist, if (tcas_size >= 1) issuer = find_issuer(cert, trusted_cas, tcas_size); - ret = - _gnutls_x509_get_signed_data(cert->cert, &cert->der, - "tbsCertificate", &cert_signed_data); + ret = _gnutls_x509_get_signed_data(cert->cert, &cert->der, + "tbsCertificate", &cert_signed_data); if (ret < 0) { MARK_INVALID(0); cert_signed_data.data = NULL; } - ret = - _gnutls_x509_get_signature(cert->cert, "signature", - &cert_signature); + ret = _gnutls_x509_get_signature(cert->cert, "signature", + &cert_signature); if (ret < 0) { MARK_INVALID(0); cert_signature.data = NULL; } - ret = - _gnutls_x509_get_signature_algorithm(cert->cert, - "signatureAlgorithm"); + ret = _gnutls_x509_get_signature_algorithm(cert->cert, + "signatureAlgorithm"); if (ret < 0) { MARK_INVALID(0); } @@ -711,113 +703,107 @@ static unsigned verify_crt(gnutls_x509_trust_list_t tlist, } else { if (vparams->nc != NULL) { /* append the issuer's constraints */ - ret = - gnutls_x509_crt_get_name_constraints(issuer, - vparams->nc, - GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND, - NULL); - if (ret < 0 - && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - MARK_INVALID - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + ret = gnutls_x509_crt_get_name_constraints( + issuer, vparams->nc, + GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND, NULL); + if (ret < 0 && + ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + MARK_INVALID( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); goto nc_done; } /* only check name constraints in server certificates, not CAs */ if (end_cert != 0) { - ret = - gnutls_x509_name_constraints_check_crt - (vparams->nc, GNUTLS_SAN_DNSNAME, cert); + ret = gnutls_x509_name_constraints_check_crt( + vparams->nc, GNUTLS_SAN_DNSNAME, cert); if (ret == 0) { - MARK_INVALID - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + MARK_INVALID( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); goto nc_done; } - ret = - gnutls_x509_name_constraints_check_crt - (vparams->nc, GNUTLS_SAN_RFC822NAME, cert); + ret = gnutls_x509_name_constraints_check_crt( + vparams->nc, GNUTLS_SAN_RFC822NAME, + cert); if (ret == 0) { - MARK_INVALID - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + MARK_INVALID( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); goto nc_done; } - ret = - gnutls_x509_name_constraints_check_crt - (vparams->nc, GNUTLS_SAN_DN, cert); + ret = gnutls_x509_name_constraints_check_crt( + vparams->nc, GNUTLS_SAN_DN, cert); if (ret == 0) { - MARK_INVALID - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + MARK_INVALID( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); goto nc_done; } - ret = - gnutls_x509_name_constraints_check_crt - (vparams->nc, GNUTLS_SAN_URI, cert); + ret = gnutls_x509_name_constraints_check_crt( + vparams->nc, GNUTLS_SAN_URI, cert); if (ret == 0) { - MARK_INVALID - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + MARK_INVALID( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); goto nc_done; } - ret = - gnutls_x509_name_constraints_check_crt - (vparams->nc, GNUTLS_SAN_IPADDRESS, cert); + ret = gnutls_x509_name_constraints_check_crt( + vparams->nc, GNUTLS_SAN_IPADDRESS, + cert); if (ret == 0) { - MARK_INVALID - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + MARK_INVALID( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); goto nc_done; } } } - nc_done: + nc_done: if (vparams->tls_feat != NULL) { /* append the issuer's constraints */ - ret = - gnutls_x509_crt_get_tlsfeatures(issuer, - vparams->tls_feat, - GNUTLS_EXT_FLAG_APPEND, - NULL); - if (ret < 0 - && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - MARK_INVALID - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + ret = gnutls_x509_crt_get_tlsfeatures( + issuer, vparams->tls_feat, + GNUTLS_EXT_FLAG_APPEND, NULL); + if (ret < 0 && + ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + MARK_INVALID( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); goto feat_done; } - ret = - gnutls_x509_tlsfeatures_check_crt(vparams->tls_feat, - cert); + ret = gnutls_x509_tlsfeatures_check_crt( + vparams->tls_feat, cert); if (ret == 0) { - MARK_INVALID - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + MARK_INVALID( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); goto feat_done; } } - feat_done: + feat_done: issuer_version = gnutls_x509_crt_get_version(issuer); if (issuer_version < 0) { MARK_INVALID(0); } else if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && - ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) - || issuer_version != 1)) { - if (check_if_ca(cert, issuer, &vparams->max_path, flags) - != 1) { + ((flags & + GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) || + issuer_version != 1)) { + if (check_if_ca(cert, issuer, &vparams->max_path, + flags) != 1) { MARK_INVALID(GNUTLS_CERT_SIGNER_NOT_CA); } - ret = - gnutls_x509_crt_get_key_usage(issuer, &usage, NULL); + ret = gnutls_x509_crt_get_key_usage(issuer, &usage, + NULL); if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { if (ret < 0) { MARK_INVALID(0); - } else if (!(usage & GNUTLS_KEY_KEY_CERT_SIGN)) { - MARK_INVALID - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + } else if (!(usage & + GNUTLS_KEY_KEY_CERT_SIGN)) { + MARK_INVALID( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); } } } @@ -826,17 +812,16 @@ static unsigned verify_crt(gnutls_x509_trust_list_t tlist, MARK_INVALID(0); } else if (cert_signed_data.data != NULL && cert_signature.data != NULL) { - ret = - _gnutls_x509_verify_data(sigalg, - &cert_signed_data, - &cert_signature, - cert, issuer, flags); + ret = _gnutls_x509_verify_data(sigalg, + &cert_signed_data, + &cert_signature, cert, + issuer, flags); if (ret == GNUTLS_E_PK_SIG_VERIFY_FAILED) { MARK_INVALID(GNUTLS_CERT_SIGNATURE_FAILURE); } else if (ret == GNUTLS_E_CONSTRAINT_ERROR) { - MARK_INVALID - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + MARK_INVALID( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); } else if (ret < 0) { MARK_INVALID(0); } @@ -869,10 +854,10 @@ static unsigned verify_crt(gnutls_x509_trust_list_t tlist, * used are secure. If the certificate is self signed it doesn't * really matter. */ - if (_gnutls_sign_is_secure2 - (se, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0 - && _gnutls_is_broken_sig_allowed(se, flags) == 0 - && is_issuer(cert, cert) == 0) { + if (_gnutls_sign_is_secure2( + se, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0 && + _gnutls_is_broken_sig_allowed(se, flags) == 0 && + is_issuer(cert, cert) == 0) { MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM); } } @@ -897,7 +882,7 @@ static unsigned verify_crt(gnutls_x509_trust_list_t tlist, } } - cleanup: +cleanup: if (output) *output |= out; @@ -928,15 +913,14 @@ static unsigned verify_crt(gnutls_x509_trust_list_t tlist, * Returns: It will return true (1) if the given certificate is issued * by the given issuer, and false (0) if not. **/ -unsigned -gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer) +unsigned gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer) { return is_issuer(cert, issuer); } -static -unsigned check_ca_sanity(const gnutls_x509_crt_t issuer, - time_t now, unsigned int flags) +static unsigned check_ca_sanity(const gnutls_x509_crt_t issuer, time_t now, + unsigned int flags) { unsigned int status = 0; unsigned sigalg; @@ -950,19 +934,18 @@ unsigned check_ca_sanity(const gnutls_x509_crt_t issuer, status |= check_time_status(issuer, now); } - ret = - _gnutls_x509_get_signature_algorithm(issuer->cert, - "signatureAlgorithm"); + ret = _gnutls_x509_get_signature_algorithm(issuer->cert, + "signatureAlgorithm"); sigalg = ret; /* we explicitly allow CAs which we do not support their self-algorithms * to pass. */ - if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, true, flags)) { + if (ret >= 0 && + !is_level_acceptable(issuer, NULL, sigalg, true, flags)) { status |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; } return status; - } /* Verify X.509 certificate chain. @@ -972,15 +955,11 @@ unsigned check_ca_sanity(const gnutls_x509_crt_t issuer, * This function verifies a X.509 certificate list. The certificate * list should lead to a trusted certificate in order to be trusted. */ -unsigned int -_gnutls_verify_crt_status(gnutls_x509_trust_list_t tlist, - const gnutls_x509_crt_t * certificate_list, - int clist_size, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size, - unsigned int flags, - const char *purpose, - gnutls_verify_output_function func) +unsigned int _gnutls_verify_crt_status( + gnutls_x509_trust_list_t tlist, + const gnutls_x509_crt_t *certificate_list, int clist_size, + const gnutls_x509_crt_t *trusted_cas, int tcas_size, unsigned int flags, + const char *purpose, gnutls_verify_output_function func) { int i = 0, ret; unsigned int status = 0, output; @@ -997,9 +976,9 @@ _gnutls_verify_crt_status(gnutls_x509_trust_list_t tlist, * failures on some root self signed certificates that use the * MD2 algorithm. */ - if (gnutls_x509_crt_check_issuer - (certificate_list[clist_size - 1], - certificate_list[clist_size - 1]) != 0) { + if (gnutls_x509_crt_check_issuer( + certificate_list[clist_size - 1], + certificate_list[clist_size - 1]) != 0) { clist_size--; } } @@ -1010,9 +989,9 @@ _gnutls_verify_crt_status(gnutls_x509_trust_list_t tlist, * self-signed E but already removed above), and we trust B, remove * B, C and D. */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) - i = 0; /* also replace the first one */ + i = 0; /* also replace the first one */ else - i = 1; /* do not replace the first one */ + i = 1; /* do not replace the first one */ for (; i < clist_size; i++) { int j; @@ -1022,11 +1001,10 @@ _gnutls_verify_crt_status(gnutls_x509_trust_list_t tlist, * sent by the client, but will have the same name and key. That is * because it can happen that a CA certificate is upgraded from intermediate * CA to self-signed CA at some point. */ - if (_gnutls_check_if_same_key - (certificate_list[i], trusted_cas[j], i) != 0) { - - status |= - check_ca_sanity(trusted_cas[j], now, flags); + if (_gnutls_check_if_same_key(certificate_list[i], + trusted_cas[j], i) != 0) { + status |= check_ca_sanity(trusted_cas[j], now, + flags); if (func) func(certificate_list[i], @@ -1076,10 +1054,9 @@ _gnutls_verify_crt_status(gnutls_x509_trust_list_t tlist, */ output = 0; - ret = verify_crt(tlist, - certificate_list[clist_size - 1], - trusted_cas, tcas_size, flags, - &output, &vparams, clist_size == 1 ? 1 : 0); + ret = verify_crt(tlist, certificate_list[clist_size - 1], trusted_cas, + tcas_size, flags, &output, &vparams, + clist_size == 1 ? 1 : 0); if (ret != 1) { /* if the last certificate in the certificate * list is invalid, then the certificate is not @@ -1097,9 +1074,8 @@ _gnutls_verify_crt_status(gnutls_x509_trust_list_t tlist, output = 0; if (purpose != NULL) { - ret = - _gnutls_check_key_purpose(certificate_list[i], - purpose, 1); + ret = _gnutls_check_key_purpose(certificate_list[i], + purpose, 1); if (ret != 1) { gnutls_assert(); status |= GNUTLS_CERT_INVALID; @@ -1119,10 +1095,9 @@ _gnutls_verify_crt_status(gnutls_x509_trust_list_t tlist, flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT; } - if (!verify_crt(tlist, - certificate_list[i - 1], - &certificate_list[i], 1, - flags, &output, &vparams, i == 1 ? 1 : 0)) { + if (!verify_crt(tlist, certificate_list[i - 1], + &certificate_list[i], 1, flags, &output, + &vparams, i == 1 ? 1 : 0)) { gnutls_assert(); status |= output; status |= GNUTLS_CERT_INVALID; @@ -1130,7 +1105,7 @@ _gnutls_verify_crt_status(gnutls_x509_trust_list_t tlist, } } - cleanup: +cleanup: gnutls_x509_name_constraints_deinit(vparams.nc); gnutls_x509_tlsfeatures_deinit(vparams.tls_feat); return status; @@ -1157,9 +1132,8 @@ unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, * CA certs */ if (strcmp(purpose, GNUTLS_KP_TLS_WWW_SERVER) == 0) { unsigned ca_status; - ret = - gnutls_x509_crt_get_basic_constraints(cert, NULL, - &ca_status, NULL); + ret = gnutls_x509_crt_get_basic_constraints(cert, NULL, + &ca_status, NULL); if (ret < 0) ca_status = 0; @@ -1169,9 +1143,8 @@ unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, for (i = 0;; i++) { oid_size = sizeof(oid); - ret = - gnutls_x509_crt_get_key_purpose_oid(cert, i, oid, &oid_size, - &critical); + ret = gnutls_x509_crt_get_key_purpose_oid(cert, i, oid, + &oid_size, &critical); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { if (i == 0) { /* no key purpose in certificate, assume ANY */ @@ -1193,13 +1166,13 @@ unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, } } - if (strcmp(oid, purpose) == 0 - || (no_any == 0 && strcmp(oid, GNUTLS_KP_ANY) == 0)) { + if (strcmp(oid, purpose) == 0 || + (no_any == 0 && strcmp(oid, GNUTLS_KP_ANY) == 0)) { return 1; } - _gnutls_debug_log - ("looking for key purpose '%s', but have '%s'\n", purpose, - oid); + _gnutls_debug_log( + "looking for key purpose '%s', but have '%s'\n", + purpose, oid); } return 0; } @@ -1216,14 +1189,11 @@ unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, * This function verifies a X.509 certificate list. The certificate * list should lead to a trusted certificate in order to be trusted. */ -unsigned int -_gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, - const char *url, - const gnutls_x509_crt_t * certificate_list, - unsigned clist_size, - const char *purpose, - unsigned int flags, - gnutls_verify_output_function func) +unsigned int _gnutls_pkcs11_verify_crt_status( + gnutls_x509_trust_list_t tlist, const char *url, + const gnutls_x509_crt_t *certificate_list, unsigned clist_size, + const char *purpose, unsigned int flags, + gnutls_verify_output_function func) { int ret; unsigned int status = 0, i; @@ -1242,9 +1212,9 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, * failures on some root self signed certificates that use the * MD2 algorithm. */ - if (gnutls_x509_crt_check_issuer - (certificate_list[clist_size - 1], - certificate_list[clist_size - 1]) != 0) { + if (gnutls_x509_crt_check_issuer( + certificate_list[clist_size - 1], + certificate_list[clist_size - 1]) != 0) { clist_size--; } } @@ -1255,33 +1225,32 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, * self-signed E but already removed above), and we trust B, remove * B, C and D. */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) - i = 0; /* also replace the first one */ + i = 0; /* also replace the first one */ else - i = 1; /* do not replace the first one */ + i = 1; /* do not replace the first one */ for (; i < clist_size; i++) { unsigned vflags; gnutls_x509_crt_t trusted_cert; - if (i == 0) /* in the end certificate do full comparison */ + if (i == 0) /* in the end certificate do full comparison */ vflags = - GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE | - GNUTLS_PKCS11_OBJ_FLAG_COMPARE | - GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED; + GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE | + GNUTLS_PKCS11_OBJ_FLAG_COMPARE | + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED; else vflags = - GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE | - GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY | - GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED; - - if (_gnutls_pkcs11_crt_is_known - (url, certificate_list[i], vflags, &trusted_cert) != 0) { + GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE | + GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY | + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED; + if (_gnutls_pkcs11_crt_is_known(url, certificate_list[i], + vflags, &trusted_cert) != 0) { status |= check_ca_sanity(trusted_cert, now, flags); if (func) - func(trusted_cert, - certificate_list[i], NULL, status); + func(trusted_cert, certificate_list[i], NULL, + status); gnutls_x509_crt_deinit(trusted_cert); @@ -1303,11 +1272,11 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, /* check for blocklists */ for (i = 0; i < clist_size; i++) { - if (gnutls_pkcs11_crt_is_known(url, certificate_list[i], - GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE - | - GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED) - != 0) { + if (gnutls_pkcs11_crt_is_known( + url, certificate_list[i], + GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE | + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED) != + 0) { status |= GNUTLS_CERT_INVALID; status |= GNUTLS_CERT_REVOKED; if (func) @@ -1318,34 +1287,26 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, } /* check against issuer */ - ret = - gnutls_pkcs11_get_raw_issuer(url, certificate_list[clist_size - 1], - &raw_issuer, GNUTLS_X509_FMT_DER, - GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT - | - GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); + ret = gnutls_pkcs11_get_raw_issuer( + url, certificate_list[clist_size - 1], &raw_issuer, + GNUTLS_X509_FMT_DER, + GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT | + GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); if (ret < 0) { gnutls_assert(); - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - && clist_size > 2) { - + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && + clist_size > 2) { /* check if the last certificate in the chain is present * in our trusted list, and if yes, verify against it. */ - ret = - gnutls_pkcs11_crt_is_known(url, - certificate_list - [clist_size - 1], - GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED - | - GNUTLS_PKCS11_OBJ_FLAG_COMPARE); + ret = gnutls_pkcs11_crt_is_known( + url, certificate_list[clist_size - 1], + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED | + GNUTLS_PKCS11_OBJ_FLAG_COMPARE); if (ret != 0) { - return _gnutls_verify_crt_status(tlist, - certificate_list, - clist_size, - &certificate_list - [clist_size - - 1], 1, flags, - purpose, func); + return _gnutls_verify_crt_status( + tlist, certificate_list, clist_size, + &certificate_list[clist_size - 1], 1, + flags, purpose, func); } } @@ -1354,10 +1315,9 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, /* verify the certificate list against 0 trusted CAs in order * to get, any additional flags from the certificate list (e.g., * insecure algorithms or expired */ - status |= - _gnutls_verify_crt_status(tlist, certificate_list, - clist_size, NULL, 0, flags, - purpose, func); + status |= _gnutls_verify_crt_status(tlist, certificate_list, + clist_size, NULL, 0, flags, + purpose, func); goto cleanup; } @@ -1380,16 +1340,13 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, /* check if the raw issuer is assigned with a time-based * distrust and the certificate is issued after that period */ - distrust_after = - _gnutls_pkcs11_get_distrust_after(url, issuer, - purpose == NULL ? - GNUTLS_KP_TLS_WWW_SERVER : - purpose, - GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); - if (distrust_after != (time_t) - 1 - && distrust_after < - gnutls_x509_crt_get_activation_time(certificate_list - [clist_size - 1])) { + distrust_after = _gnutls_pkcs11_get_distrust_after( + url, issuer, + purpose == NULL ? GNUTLS_KP_TLS_WWW_SERVER : purpose, + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (distrust_after != (time_t)-1 && + distrust_after < gnutls_x509_crt_get_activation_time( + certificate_list[clist_size - 1])) { gnutls_assert(); status |= GNUTLS_CERT_INVALID; status |= GNUTLS_CERT_SIGNER_NOT_FOUND; @@ -1399,24 +1356,22 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, /* check if the raw issuer is distrusted (it can happen if * the issuer is both in the trusted list and the distrusted) */ - if (gnutls_pkcs11_crt_is_known(url, issuer, - GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE - | - GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED) - != 0) { + if (gnutls_pkcs11_crt_is_known( + url, issuer, + GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE | + GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED) != 0) { status |= GNUTLS_CERT_INVALID; - status |= GNUTLS_CERT_SIGNER_NOT_FOUND; /* if the signer is revoked - it is as if it doesn't exist */ + status |= + GNUTLS_CERT_SIGNER_NOT_FOUND; /* if the signer is revoked - it is as if it doesn't exist */ goto cleanup; } /* security modules that provide trust, bundle all certificates (of all purposes) * together. In software that doesn't specify any purpose assume the default to * be www-server. */ - ret = - _gnutls_check_key_purpose(issuer, - purpose == - NULL ? GNUTLS_KP_TLS_WWW_SERVER : purpose, - 0); + ret = _gnutls_check_key_purpose( + issuer, purpose == NULL ? GNUTLS_KP_TLS_WWW_SERVER : purpose, + 0); if (ret != 1) { gnutls_assert(); status |= GNUTLS_CERT_INVALID; @@ -1427,7 +1382,7 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, status = _gnutls_verify_crt_status(tlist, certificate_list, clist_size, &issuer, 1, flags, purpose, func); - cleanup: +cleanup: gnutls_free(raw_issuer.data); if (issuer != NULL) gnutls_x509_crt_deinit(issuer); @@ -1436,11 +1391,9 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, } #endif -static int -_gnutls_x509_validate_sign_params(gnutls_pk_algorithm_t pk_algorithm, - asn1_node cert, - const char *name, - gnutls_x509_spki_st * sig_params) +static int _gnutls_x509_validate_sign_params(gnutls_pk_algorithm_t pk_algorithm, + asn1_node cert, const char *name, + gnutls_x509_spki_st *sig_params) { /* The signature parameter validation is only needed for RSA-PSS */ if (pk_algorithm == GNUTLS_PK_RSA_PSS) { @@ -1481,12 +1434,11 @@ _gnutls_x509_validate_sign_params(gnutls_pk_algorithm_t pk_algorithm, * 'data' is the signed data * 'signature' is the signature! */ -static int -_gnutls_x509_verify_data(gnutls_sign_algorithm_t sign, - const gnutls_datum_t * data, - const gnutls_datum_t * signature, - gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer, unsigned vflags) +static int _gnutls_x509_verify_data(gnutls_sign_algorithm_t sign, + const gnutls_datum_t *data, + const gnutls_datum_t *signature, + gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer, unsigned vflags) { gnutls_pk_params_st params; gnutls_pk_algorithm_t issuer_pk; @@ -1506,20 +1458,18 @@ _gnutls_x509_verify_data(gnutls_sign_algorithm_t sign, se = _gnutls_sign_to_entry(sign); if (se == NULL) - return - gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + return gnutls_assert_val( + GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); if (cert != NULL) { - ret = _gnutls_x509_read_sign_params(cert->cert, - "signatureAlgorithm", - &sign_params); + ret = _gnutls_x509_read_sign_params( + cert->cert, "signatureAlgorithm", &sign_params); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = _gnutls_x509_validate_sign_params(issuer_pk, - issuer->cert, + ret = _gnutls_x509_validate_sign_params(issuer_pk, issuer->cert, "tbsCertificate." "subjectPublicKeyInfo." "algorithm", @@ -1536,14 +1486,13 @@ _gnutls_x509_verify_data(gnutls_sign_algorithm_t sign, sign_params.rsa_pss_dig = se->hash; } - ret = - pubkey_verify_data(se, hash_to_entry(se->hash), data, signature, - ¶ms, &sign_params, vflags); + ret = pubkey_verify_data(se, hash_to_entry(se->hash), data, signature, + ¶ms, &sign_params, vflags); if (ret < 0) { gnutls_assert(); } - cleanup: +cleanup: /* release all allocated MPIs */ gnutls_pk_params_release(¶ms); @@ -1578,14 +1527,13 @@ _gnutls_x509_verify_data(gnutls_sign_algorithm_t sign, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, - unsigned cert_list_length, - const gnutls_x509_crt_t * CA_list, - unsigned CA_list_length, - const gnutls_x509_crl_t * CRL_list, - unsigned CRL_list_length, unsigned int flags, - unsigned int *verify) +int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t *cert_list, + unsigned cert_list_length, + const gnutls_x509_crt_t *CA_list, + unsigned CA_list_length, + const gnutls_x509_crl_t *CRL_list, + unsigned CRL_list_length, unsigned int flags, + unsigned int *verify) { unsigned i; int ret; @@ -1599,16 +1547,15 @@ gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, /* Verify certificate */ *verify = _gnutls_verify_crt_status(tlist, cert_list, cert_list_length, - CA_list, CA_list_length, - flags, NULL, NULL); + CA_list, CA_list_length, flags, + NULL, NULL); /* Check for revoked certificates in the chain. */ for (i = 0; i < cert_list_length; i++) { - ret = gnutls_x509_crt_check_revocation(cert_list[i], - CRL_list, + ret = gnutls_x509_crt_check_revocation(cert_list[i], CRL_list, CRL_list_length); - if (ret == 1) { /* revoked */ + if (ret == 1) { /* revoked */ *verify |= GNUTLS_CERT_REVOKED; *verify |= GNUTLS_CERT_INVALID; } @@ -1636,11 +1583,10 @@ gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_verify(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * CA_list, - unsigned CA_list_length, unsigned int flags, - unsigned int *verify) +int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, + const gnutls_x509_crt_t *CA_list, + unsigned CA_list_length, unsigned int flags, + unsigned int *verify) { gnutls_x509_trust_list_t tlist; @@ -1648,9 +1594,8 @@ gnutls_x509_crt_verify(gnutls_x509_crt_t cert, /* Verify certificate */ - *verify = _gnutls_verify_crt_status(tlist, &cert, 1, - CA_list, CA_list_length, - flags, NULL, NULL); + *verify = _gnutls_verify_crt_status(tlist, &cert, 1, CA_list, + CA_list_length, flags, NULL, NULL); gnutls_x509_trust_list_deinit(tlist, 0); return 0; @@ -1667,15 +1612,15 @@ gnutls_x509_crt_verify(gnutls_x509_crt_t cert, * Returns: true (1) if the given CRL was issued by the given issuer, * and false (0) if not. **/ -unsigned -gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer) +unsigned gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer) { return is_crl_issuer(crl, issuer); } static inline gnutls_x509_crt_t -find_crl_issuer(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * trusted_cas, int tcas_size) +find_crl_issuer(gnutls_x509_crl_t crl, const gnutls_x509_crt_t *trusted_cas, + int tcas_size) { int i; @@ -1714,13 +1659,12 @@ find_crl_issuer(gnutls_x509_crl_t crl, * Returns: On success, %GNUTLS_E_SUCCESS (0), otherwise a * negative error value. **/ -int -gnutls_x509_crl_verify(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * trusted_cas, - unsigned tcas_size, unsigned int flags, - unsigned int *verify) +int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, + const gnutls_x509_crt_t *trusted_cas, + unsigned tcas_size, unsigned int flags, + unsigned int *verify) { -/* CRL is ignored for now */ + /* CRL is ignored for now */ gnutls_datum_t crl_signed_data = { NULL, 0 }; gnutls_datum_t crl_signature = { NULL, 0 }; gnutls_x509_crt_t issuer = NULL; @@ -1735,9 +1679,8 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, if (tcas_size >= 1) issuer = find_crl_issuer(crl, trusted_cas, tcas_size); - result = - _gnutls_x509_get_signed_data(crl->crl, &crl->der, "tbsCertList", - &crl_signed_data); + result = _gnutls_x509_get_signed_data(crl->crl, &crl->der, + "tbsCertList", &crl_signed_data); if (result < 0) { gnutls_assert(); if (verify) @@ -1745,8 +1688,8 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, goto cleanup; } - result = - _gnutls_x509_get_signature(crl->crl, "signature", &crl_signature); + result = _gnutls_x509_get_signature(crl->crl, "signature", + &crl_signature); if (result < 0) { gnutls_assert(); if (verify) @@ -1754,9 +1697,8 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, goto cleanup; } - sigalg = - _gnutls_x509_get_signature_algorithm(crl->crl, - "signatureAlgorithm"); + sigalg = _gnutls_x509_get_signature_algorithm(crl->crl, + "signatureAlgorithm"); if (sigalg < 0) { gnutls_assert(); if (verify) @@ -1770,20 +1712,19 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, if (issuer == NULL) { gnutls_assert(); if (verify) - *verify |= - GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; + *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND | + GNUTLS_CERT_INVALID; } else { if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN)) { if (gnutls_x509_crt_get_ca_status(issuer, NULL) != 1) { gnutls_assert(); if (verify) - *verify |= - GNUTLS_CERT_SIGNER_NOT_CA | - GNUTLS_CERT_INVALID; + *verify |= GNUTLS_CERT_SIGNER_NOT_CA | + GNUTLS_CERT_INVALID; } - result = - gnutls_x509_crt_get_key_usage(issuer, &usage, NULL); + result = gnutls_x509_crt_get_key_usage(issuer, &usage, + NULL); if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { if (result < 0) { gnutls_assert(); @@ -1793,16 +1734,15 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, gnutls_assert(); if (verify) *verify |= - GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE - | GNUTLS_CERT_INVALID; + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE | + GNUTLS_CERT_INVALID; } } } - result = - _gnutls_x509_verify_data(sigalg, - &crl_signed_data, &crl_signature, - NULL, issuer, flags); + result = _gnutls_x509_verify_data(sigalg, &crl_signed_data, + &crl_signature, NULL, issuer, + flags); if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED) { gnutls_assert(); /* error. ignore it */ @@ -1812,7 +1752,7 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, } else if (result == GNUTLS_E_CONSTRAINT_ERROR) { if (verify) *verify |= - GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE; + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE; result = 0; } else if (result < 0) { gnutls_assert(); @@ -1820,7 +1760,7 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, *verify |= GNUTLS_CERT_INVALID; goto cleanup; } else { - result = 0; /* everything ok */ + result = 0; /* everything ok */ } } @@ -1844,7 +1784,7 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, if (nextu != -1 && nextu < now && verify) *verify |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED; - cleanup: +cleanup: if (verify && *verify != 0) *verify |= GNUTLS_CERT_INVALID; diff --git a/lib/x509/virt-san.c b/lib/x509/virt-san.c index 71275dbca6..92fcab2c87 100644 --- a/lib/x509/virt-san.c +++ b/lib/x509/virt-san.c @@ -30,29 +30,27 @@ #include "krb5.h" #include "virt-san.h" -static -int san_othername_to_virtual(const char *oid, size_t size) +static int san_othername_to_virtual(const char *oid, size_t size) { if (oid) { - if ((unsigned)size == (sizeof(XMPP_OID) - 1) - && memcmp(oid, XMPP_OID, sizeof(XMPP_OID) - 1) == 0) + if ((unsigned)size == (sizeof(XMPP_OID) - 1) && + memcmp(oid, XMPP_OID, sizeof(XMPP_OID) - 1) == 0) return GNUTLS_SAN_OTHERNAME_XMPP; - else if ((unsigned)size == (sizeof(KRB5_PRINCIPAL_OID) - 1) - && memcmp(oid, KRB5_PRINCIPAL_OID, - sizeof(KRB5_PRINCIPAL_OID) - 1) == 0) + else if ((unsigned)size == (sizeof(KRB5_PRINCIPAL_OID) - 1) && + memcmp(oid, KRB5_PRINCIPAL_OID, + sizeof(KRB5_PRINCIPAL_OID) - 1) == 0) return GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL; else if ((unsigned)size == - (sizeof(MSUSER_PRINCIPAL_NAME_OID) - 1) - && memcmp(oid, MSUSER_PRINCIPAL_NAME_OID, - sizeof(MSUSER_PRINCIPAL_NAME_OID) - 1) == 0) + (sizeof(MSUSER_PRINCIPAL_NAME_OID) - 1) && + memcmp(oid, MSUSER_PRINCIPAL_NAME_OID, + sizeof(MSUSER_PRINCIPAL_NAME_OID) - 1) == 0) return GNUTLS_SAN_OTHERNAME_MSUSERPRINCIPAL; } return GNUTLS_SAN_OTHERNAME; } -static -const char *virtual_to_othername_oid(unsigned type) +static const char *virtual_to_othername_oid(unsigned type) { switch (type) { case GNUTLS_SAN_OTHERNAME_XMPP: @@ -67,7 +65,7 @@ const char *virtual_to_othername_oid(unsigned type) } int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, - gnutls_datum_t * san, + gnutls_datum_t *san, const char *othername_oid, unsigned raw) { gnutls_datum_t encoded = { NULL, 0 }; @@ -82,13 +80,13 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, gnutls_free(san->data); if (othername_oid) { - name->othername_oid.data = (uint8_t *) othername_oid; + name->othername_oid.data = (uint8_t *)othername_oid; name->othername_oid.size = strlen(othername_oid); } else { name->othername_oid.data = NULL; name->othername_oid.size = 0; } - } else { /* virtual types */ + } else { /* virtual types */ const char *oid = virtual_to_othername_oid(type); if (oid == NULL) @@ -97,9 +95,8 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, switch (type) { case GNUTLS_SAN_OTHERNAME_XMPP: - ret = - gnutls_idna_map((char *)san->data, san->size, &xmpp, - 0); + ret = gnutls_idna_map((char *)san->data, san->size, + &xmpp, 0); if (ret < 0) return gnutls_assert_val(ret); @@ -119,9 +116,8 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, break; case GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL: - ret = - _gnutls_krb5_principal_to_der((char *)san->data, - &name->san); + ret = _gnutls_krb5_principal_to_der((char *)san->data, + &name->san); if (ret < 0) return gnutls_assert_val(ret); @@ -155,9 +151,9 @@ int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, * Since: 3.3.8 **/ int gnutls_x509_othername_to_virtual(const char *oid, - const gnutls_datum_t * othername, + const gnutls_datum_t *othername, unsigned int *virt_type, - gnutls_datum_t * virt) + gnutls_datum_t *virt) { int ret; unsigned type; @@ -171,9 +167,9 @@ int gnutls_x509_othername_to_virtual(const char *oid, switch (type) { case GNUTLS_SAN_OTHERNAME_XMPP: - ret = _gnutls_x509_decode_string - (ASN1_ETYPE_UTF8_STRING, othername->data, - othername->size, virt, 0); + ret = _gnutls_x509_decode_string(ASN1_ETYPE_UTF8_STRING, + othername->data, + othername->size, virt, 0); if (ret < 0) { gnutls_assert(); return ret; @@ -187,9 +183,9 @@ int gnutls_x509_othername_to_virtual(const char *oid, } return 0; case GNUTLS_SAN_OTHERNAME_MSUSERPRINCIPAL: - ret = _gnutls_x509_decode_string - (ASN1_ETYPE_UTF8_STRING, othername->data, - othername->size, virt, 0); + ret = _gnutls_x509_decode_string(ASN1_ETYPE_UTF8_STRING, + othername->data, + othername->size, virt, 0); if (ret < 0) { gnutls_assert(); return ret; diff --git a/lib/x509/virt-san.h b/lib/x509/virt-san.h index 040b491125..e4ef0317e2 100644 --- a/lib/x509/virt-san.h +++ b/lib/x509/virt-san.h @@ -20,12 +20,12 @@ */ #ifndef GNUTLS_LIB_X509_VIRT_SAN_H -# define GNUTLS_LIB_X509_VIRT_SAN_H +#define GNUTLS_LIB_X509_VIRT_SAN_H -# include "x509_ext_int.h" +#include "x509_ext_int.h" int _gnutls_alt_name_assign_virt_type(struct name_st *name, unsigned type, - gnutls_datum_t * san, + gnutls_datum_t *san, const char *othername_oid, unsigned raw); -#endif /* GNUTLS_LIB_X509_VIRT_SAN_H */ +#endif /* GNUTLS_LIB_X509_VIRT_SAN_H */ diff --git a/lib/x509/x509.c b/lib/x509/x509.c index a2f84b1cb3..bfe50f7fbd 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -52,8 +52,8 @@ static int crt_reinit(gnutls_x509_crt_t crt) asn1_delete_structure(&crt->cert); - result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Certificate", &crt->cert); + result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Certificate", + &crt->cert); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); @@ -106,13 +106,13 @@ unsigned gnutls_x509_crt_equals(gnutls_x509_crt_t cert1, gnutls_datum_t tmp1, tmp2; /* on uninitialized or modified certificates, we have to re-encode */ - ret = - gnutls_x509_crt_export2(cert1, GNUTLS_X509_FMT_DER, &tmp1); + ret = gnutls_x509_crt_export2(cert1, GNUTLS_X509_FMT_DER, + &tmp1); if (ret < 0) return gnutls_assert_val(0); - ret = - gnutls_x509_crt_export2(cert2, GNUTLS_X509_FMT_DER, &tmp2); + ret = gnutls_x509_crt_export2(cert2, GNUTLS_X509_FMT_DER, + &tmp2); if (ret < 0) { gnutls_free(tmp1.data); return gnutls_assert_val(0); @@ -128,8 +128,8 @@ unsigned gnutls_x509_crt_equals(gnutls_x509_crt_t cert1, gnutls_free(tmp2.data); } else { if ((cert1->der.size == cert2->der.size) && - (memcmp(cert1->der.data, cert2->der.data, cert1->der.size) - == 0)) + (memcmp(cert1->der.data, cert2->der.data, + cert1->der.size) == 0)) result = 1; else result = 0; @@ -150,8 +150,8 @@ unsigned gnutls_x509_crt_equals(gnutls_x509_crt_t cert1, * * Since: 3.5.0 **/ -unsigned -gnutls_x509_crt_equals2(gnutls_x509_crt_t cert1, const gnutls_datum_t * der) +unsigned gnutls_x509_crt_equals2(gnutls_x509_crt_t cert1, + const gnutls_datum_t *der) { bool result; @@ -163,8 +163,8 @@ gnutls_x509_crt_equals2(gnutls_x509_crt_t cert1, const gnutls_datum_t * der) int ret; /* on uninitialized or modified certificates, we have to re-encode */ - ret = - gnutls_x509_crt_export2(cert1, GNUTLS_X509_FMT_DER, &tmp1); + ret = gnutls_x509_crt_export2(cert1, GNUTLS_X509_FMT_DER, + &tmp1); if (ret < 0) return gnutls_assert_val(0); @@ -195,7 +195,7 @@ gnutls_x509_crt_equals2(gnutls_x509_crt_t cert1, const gnutls_datum_t * der) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int gnutls_x509_crt_init(gnutls_x509_crt_t * cert) +int gnutls_x509_crt_init(gnutls_x509_crt_t *cert) { gnutls_x509_crt_t tmp; int result; @@ -208,8 +208,8 @@ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert) if (!tmp) return GNUTLS_E_MEMORY_ERROR; - result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Certificate", &tmp->cert); + result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Certificate", + &tmp->cert); if (result != ASN1_SUCCESS) { gnutls_assert(); gnutls_free(tmp); @@ -238,7 +238,7 @@ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert) *cert = tmp; - return 0; /* success */ + return 0; /* success */ } /*- @@ -309,35 +309,32 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) unsigned empty1 = 0, empty2 = 0; len1 = sizeof(oid1); - result = - asn1_read_value(cert->cert, "signatureAlgorithm.algorithm", oid1, - &len1); + result = asn1_read_value(cert->cert, "signatureAlgorithm.algorithm", + oid1, &len1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } len2 = sizeof(oid2); - result = - asn1_read_value(cert->cert, "tbsCertificate.signature.algorithm", - oid2, &len2); + result = asn1_read_value( + cert->cert, "tbsCertificate.signature.algorithm", oid2, &len2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } if (len1 != len2 || memcmp(oid1, oid2, len1) != 0) { - _gnutls_debug_log - ("signatureAlgorithm.algorithm differs from tbsCertificate.signature.algorithm: %s, %s\n", - oid1, oid2); + _gnutls_debug_log( + "signatureAlgorithm.algorithm differs from tbsCertificate.signature.algorithm: %s, %s\n", + oid1, oid2); gnutls_assert(); return GNUTLS_E_CERTIFICATE_ERROR; } /* compare the parameters */ - ret = - _gnutls_x509_read_value(cert->cert, "signatureAlgorithm.parameters", - &sp1); + ret = _gnutls_x509_read_value(cert->cert, + "signatureAlgorithm.parameters", &sp1); if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { empty1 = 1; } else if (ret < 0) { @@ -345,10 +342,8 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) return ret; } - ret = - _gnutls_x509_read_value(cert->cert, - "tbsCertificate.signature.parameters", - &sp2); + ret = _gnutls_x509_read_value( + cert->cert, "tbsCertificate.signature.parameters", &sp2); if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { empty2 = 1; } else if (ret < 0) { @@ -367,8 +362,7 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) _gnutls_free_datum(&sp2); } - if (empty1 != empty2 || - sp1.size != sp2.size || + if (empty1 != empty2 || sp1.size != sp2.size || (sp1.size > 0 && memcmp(sp1.data, sp2.data, sp1.size) != 0)) { gnutls_assert(); ret = GNUTLS_E_CERTIFICATE_ERROR; @@ -376,7 +370,7 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) } ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&sp1); _gnutls_free_datum(&sp2); return ret; @@ -388,31 +382,29 @@ static int cache_alt_names(gnutls_x509_crt_t cert) int ret; /* pre-parse subject alt name */ - ret = - _gnutls_x509_crt_get_extension(cert, "2.5.29.17", 0, &tmpder, NULL); + ret = _gnutls_x509_crt_get_extension(cert, "2.5.29.17", 0, &tmpder, + NULL); if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_free(tmpder.data); return gnutls_assert_val(ret); } if (ret >= 0) { - ret = - gnutls_x509_ext_import_subject_alt_names(&tmpder, cert->san, - 0); + ret = gnutls_x509_ext_import_subject_alt_names(&tmpder, + cert->san, 0); gnutls_free(tmpder.data); if (ret < 0) return gnutls_assert_val(ret); } - ret = - _gnutls_x509_crt_get_extension(cert, "2.5.29.18", 0, &tmpder, NULL); + ret = _gnutls_x509_crt_get_extension(cert, "2.5.29.18", 0, &tmpder, + NULL); if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) return gnutls_assert_val(ret); if (ret >= 0) { - ret = - gnutls_x509_ext_import_subject_alt_names(&tmpder, cert->ian, - 0); + ret = gnutls_x509_ext_import_subject_alt_names(&tmpder, + cert->ian, 0); gnutls_free(tmpder.data); if (ret < 0) return gnutls_assert_val(ret); @@ -452,8 +444,8 @@ static bool has_valid_serial(gnutls_x509_crt_t cert) } if (serial_size > 20) { - _gnutls_debug_log - ("error: serial number value is longer than 20 octets\n"); + _gnutls_debug_log( + "error: serial number value is longer than 20 octets\n"); return false; } @@ -479,7 +471,7 @@ static bool has_valid_serial(gnutls_x509_crt_t cert) } /* Check if extension can be successfully parsed */ -static bool is_valid_extension(const char *oid, gnutls_datum_t * der) +static bool is_valid_extension(const char *oid, gnutls_datum_t *der) { int err = 0, i; unsigned u; @@ -509,9 +501,8 @@ static bool is_valid_extension(const char *oid, gnutls_datum_t * der) } else if (!strcmp(oid, GNUTLS_X509EXT_OID_KEY_USAGE)) { err = gnutls_x509_ext_import_key_usage(der, &u); } else if (!strcmp(oid, GNUTLS_X509EXT_OID_PRIVATE_KEY_USAGE_PERIOD)) { - err = - gnutls_x509_ext_import_private_key_usage_period(der, &t1, - &t2); + err = gnutls_x509_ext_import_private_key_usage_period(der, &t1, + &t2); } else if (!strcmp(oid, GNUTLS_X509EXT_OID_EXTENDED_KEY_USAGE)) { gnutls_x509_key_purposes_t purposes; if (gnutls_x509_key_purpose_init(&purposes) < 0) @@ -568,7 +559,7 @@ static bool is_valid_extension(const char *oid, gnutls_datum_t * der) return err == 0; } -#endif /* STRICT_X509 */ +#endif /* STRICT_X509 */ int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert) { @@ -598,26 +589,23 @@ int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert) if (version < 3) { if (!cert->modified) { - ret = - _gnutls_x509_get_raw_field2(cert->cert, &cert->der, - "tbsCertificate.extensions", - &exts); + ret = _gnutls_x509_get_raw_field2( + cert->cert, &cert->der, + "tbsCertificate.extensions", &exts); if (ret >= 0 && exts.size > 0) { - _gnutls_debug_log - ("error: extensions present in certificate with version %d\n", - version); - return - gnutls_assert_val - (GNUTLS_E_X509_CERTIFICATE_ERROR); + _gnutls_debug_log( + "error: extensions present in certificate with version %d\n", + version); + return gnutls_assert_val( + GNUTLS_E_X509_CERTIFICATE_ERROR); } } else { if (cert->use_extensions) { - _gnutls_debug_log - ("error: extensions set in certificate with version %d\n", - version); - return - gnutls_assert_val - (GNUTLS_E_X509_CERTIFICATE_ERROR); + _gnutls_debug_log( + "error: extensions set in certificate with version %d\n", + version); + return gnutls_assert_val( + GNUTLS_E_X509_CERTIFICATE_ERROR); } } } else { @@ -627,18 +615,15 @@ int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert) size_t oid_size; char *o; - htable = - hash_initialize(16, NULL, hhasher, hcomparator, - gnutls_free); + htable = hash_initialize(16, NULL, hhasher, hcomparator, + gnutls_free); if (htable == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); for (i = 0;; i++) { oid_size = sizeof(oid); - ret = - gnutls_x509_crt_get_extension_info(cert, i, oid, - &oid_size, - &critical); + ret = gnutls_x509_crt_get_extension_info( + cert, i, oid, &oid_size, &critical); if (ret < 0) { if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) @@ -660,28 +645,26 @@ int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert) } else if (ret == 0) { /* duplicate */ gnutls_free(o); - _gnutls_debug_log - ("error: duplicate extension (%s) detected\n", - oid); - ret = - gnutls_assert_val - (GNUTLS_E_X509_DUPLICATE_EXTENSION); + _gnutls_debug_log( + "error: duplicate extension (%s) detected\n", + oid); + ret = gnutls_assert_val( + GNUTLS_E_X509_DUPLICATE_EXTENSION); goto cleanup; } #ifdef STRICT_X509 gnutls_datum_t der = { NULL, 0 }; - ret = - gnutls_x509_crt_get_extension_data2(cert, i, &der); + ret = gnutls_x509_crt_get_extension_data2(cert, i, + &der); if (ret < 0) continue; if (critical && !is_valid_extension(oid, &der)) { _gnutls_free_datum(&der); - _gnutls_debug_log - ("error: could not parse extension (%s)\n"); - return - gnutls_assert_val - (GNUTLS_E_X509_CERTIFICATE_ERROR); + _gnutls_debug_log( + "error: could not parse extension (%s)\n"); + return gnutls_assert_val( + GNUTLS_E_X509_CERTIFICATE_ERROR); } _gnutls_free_datum(&der); #endif @@ -698,22 +681,22 @@ int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert) id_size = sizeof(id); ret = gnutls_x509_crt_get_subject_unique_id(cert, id, &id_size); if (ret >= 0 || ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { - _gnutls_debug_log - ("error: subjectUniqueID present in certificate with version %d\n", - version); - ret = - gnutls_assert_val(GNUTLS_E_X509_CERTIFICATE_ERROR); + _gnutls_debug_log( + "error: subjectUniqueID present in certificate with version %d\n", + version); + ret = gnutls_assert_val( + GNUTLS_E_X509_CERTIFICATE_ERROR); goto cleanup; } id_size = sizeof(id); ret = gnutls_x509_crt_get_issuer_unique_id(cert, id, &id_size); if (ret >= 0 || ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { - _gnutls_debug_log - ("error: subjectUniqueID present in certificate with version %d\n", - version); - ret = - gnutls_assert_val(GNUTLS_E_X509_CERTIFICATE_ERROR); + _gnutls_debug_log( + "error: subjectUniqueID present in certificate with version %d\n", + version); + ret = gnutls_assert_val( + GNUTLS_E_X509_CERTIFICATE_ERROR); goto cleanup; } } @@ -727,15 +710,15 @@ int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert) if (gnutls_x509_crt_get_expiration_time(cert) == -1 || gnutls_x509_crt_get_activation_time(cert) == -1) { - _gnutls_debug_log - ("error: invalid expiration or activation time in certificate\n"); + _gnutls_debug_log( + "error: invalid expiration or activation time in certificate\n"); ret = gnutls_assert_val(GNUTLS_E_CERTIFICATE_TIME_ERROR); goto cleanup; } ret = 0; - cleanup: +cleanup: if (htable) hash_free(htable); return ret; @@ -757,10 +740,8 @@ int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_import(gnutls_x509_crt_t cert, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +int gnutls_x509_crt_import(gnutls_x509_crt_t cert, const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format) { int result; @@ -784,16 +765,14 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, */ if (format == GNUTLS_X509_FMT_PEM) { /* Try the first header */ - result = - _gnutls_fbase64_decode(PEM_X509_CERT2, data->data, - data->size, &cert->der); + result = _gnutls_fbase64_decode(PEM_X509_CERT2, data->data, + data->size, &cert->der); if (result < 0) { /* try for the second header */ - result = - _gnutls_fbase64_decode(PEM_X509_CERT, - data->data, data->size, - &cert->der); + result = _gnutls_fbase64_decode(PEM_X509_CERT, + data->data, data->size, + &cert->der); if (result < 0) { gnutls_assert(); @@ -811,9 +790,8 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, cert->expanded = 1; cert->modified = 0; - result = - _asn1_strict_der_decode(&cert->cert, cert->der.data, cert->der.size, - NULL); + result = _asn1_strict_der_decode(&cert->cert, cert->der.data, + cert->der.size, NULL); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); @@ -827,25 +805,25 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, } /* The following do not allocate but rather point to DER data */ - result = _gnutls_x509_get_raw_field2(cert->cert, &cert->der, - "tbsCertificate.issuer.rdnSequence", - &cert->raw_issuer_dn); + result = _gnutls_x509_get_raw_field2( + cert->cert, &cert->der, "tbsCertificate.issuer.rdnSequence", + &cert->raw_issuer_dn); if (result < 0) { gnutls_assert(); goto cleanup; } - result = _gnutls_x509_get_raw_field2(cert->cert, &cert->der, - "tbsCertificate.subject.rdnSequence", - &cert->raw_dn); + result = _gnutls_x509_get_raw_field2( + cert->cert, &cert->der, "tbsCertificate.subject.rdnSequence", + &cert->raw_dn); if (result < 0) { gnutls_assert(); goto cleanup; } - result = _gnutls_x509_get_raw_field2(cert->cert, &cert->der, - "tbsCertificate.subjectPublicKeyInfo", - &cert->raw_spki); + result = _gnutls_x509_get_raw_field2( + cert->cert, &cert->der, "tbsCertificate.subjectPublicKeyInfo", + &cert->raw_spki); if (result < 0) { gnutls_assert(); goto cleanup; @@ -869,7 +847,7 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, return 0; - cleanup: +cleanup: _gnutls_free_datum(&cert->der); return result; } @@ -895,9 +873,8 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, * with the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if * the DN does not exist, or another error value on error. On success 0 is returned. **/ -int -gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, - size_t *buf_size) +int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, + size_t *buf_size) { if (cert == NULL) { gnutls_assert(); @@ -905,8 +882,8 @@ gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, } return _gnutls_x509_parse_dn(cert->cert, - "tbsCertificate.issuer.rdnSequence", - buf, buf_size, GNUTLS_X509_DN_FLAG_COMPAT); + "tbsCertificate.issuer.rdnSequence", buf, + buf_size, GNUTLS_X509_DN_FLAG_COMPAT); } /** @@ -927,7 +904,7 @@ gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, * * Since: 3.1.10 **/ -int gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn) +int gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert, gnutls_datum_t *dn) { if (cert == NULL) { gnutls_assert(); @@ -935,8 +912,8 @@ int gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn) } return _gnutls_x509_get_dn(cert->cert, - "tbsCertificate.issuer.rdnSequence", - dn, GNUTLS_X509_DN_FLAG_COMPAT); + "tbsCertificate.issuer.rdnSequence", dn, + GNUTLS_X509_DN_FLAG_COMPAT); } /** @@ -959,18 +936,16 @@ int gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn) * * Since: 3.5.7 **/ -int -gnutls_x509_crt_get_issuer_dn3(gnutls_x509_crt_t cert, gnutls_datum_t * dn, - unsigned flags) +int gnutls_x509_crt_get_issuer_dn3(gnutls_x509_crt_t cert, gnutls_datum_t *dn, + unsigned flags) { if (cert == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn(cert->cert, - "tbsCertificate.issuer.rdnSequence", - dn, flags); + return _gnutls_x509_get_dn( + cert->cert, "tbsCertificate.issuer.rdnSequence", dn, flags); } /** @@ -1002,11 +977,10 @@ gnutls_x509_crt_get_issuer_dn3(gnutls_x509_crt_t cert, gnutls_datum_t * dn, * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there * are no data in the current index. On success 0 is returned. **/ -int -gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, - const char *oid, unsigned indx, - unsigned int raw_flag, void *buf, - size_t *buf_size) +int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, + const char *oid, unsigned indx, + unsigned int raw_flag, void *buf, + size_t *buf_size) { gnutls_datum_t td; int ret; @@ -1044,9 +1018,8 @@ gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there * are no data in the current index. On success 0 is returned. **/ -int -gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, - unsigned indx, void *oid, size_t *oid_size) +int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, unsigned indx, + void *oid, size_t *oid_size) { if (cert == NULL) { gnutls_assert(); @@ -1088,8 +1061,8 @@ int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf, size_t *buf_size) } return _gnutls_x509_parse_dn(cert->cert, - "tbsCertificate.subject.rdnSequence", - buf, buf_size, GNUTLS_X509_DN_FLAG_COMPAT); + "tbsCertificate.subject.rdnSequence", buf, + buf_size, GNUTLS_X509_DN_FLAG_COMPAT); } /** @@ -1110,7 +1083,7 @@ int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf, size_t *buf_size) * * Since: 3.1.10 **/ -int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn) +int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, gnutls_datum_t *dn) { if (cert == NULL) { gnutls_assert(); @@ -1118,8 +1091,8 @@ int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn) } return _gnutls_x509_get_dn(cert->cert, - "tbsCertificate.subject.rdnSequence", - dn, GNUTLS_X509_DN_FLAG_COMPAT); + "tbsCertificate.subject.rdnSequence", dn, + GNUTLS_X509_DN_FLAG_COMPAT); } /** @@ -1142,7 +1115,7 @@ int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn) * * Since: 3.5.7 **/ -int gnutls_x509_crt_get_dn3(gnutls_x509_crt_t cert, gnutls_datum_t * dn, +int gnutls_x509_crt_get_dn3(gnutls_x509_crt_t cert, gnutls_datum_t *dn, unsigned flags) { if (cert == NULL) { @@ -1150,9 +1123,8 @@ int gnutls_x509_crt_get_dn3(gnutls_x509_crt_t cert, gnutls_datum_t * dn, return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn(cert->cert, - "tbsCertificate.subject.rdnSequence", - dn, flags); + return _gnutls_x509_get_dn( + cert->cert, "tbsCertificate.subject.rdnSequence", dn, flags); } /** @@ -1184,10 +1156,9 @@ int gnutls_x509_crt_get_dn3(gnutls_x509_crt_t cert, gnutls_datum_t * dn, * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there * are no data in the current index. On success 0 is returned. **/ -int -gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, - unsigned indx, unsigned int raw_flag, - void *buf, size_t *buf_size) +int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, + unsigned indx, unsigned int raw_flag, + void *buf, size_t *buf_size) { gnutls_datum_t td; int ret; @@ -1225,9 +1196,8 @@ gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there * are no data in the current index. On success 0 is returned. **/ -int -gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, - unsigned indx, void *oid, size_t *oid_size) +int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, unsigned indx, void *oid, + size_t *oid_size) { if (cert == NULL) { gnutls_assert(); @@ -1255,8 +1225,8 @@ gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert) { - return map_errs_to_zero(_gnutls_x509_get_signature_algorithm(cert->cert, - "signatureAlgorithm")); + return map_errs_to_zero(_gnutls_x509_get_signature_algorithm( + cert->cert, "signatureAlgorithm")); } /** @@ -1282,9 +1252,8 @@ int gnutls_x509_crt_get_signature_oid(gnutls_x509_crt_t cert, char *oid, gnutls_datum_t out; len = sizeof(str); - result = - asn1_read_value(cert->cert, "signatureAlgorithm.algorithm", str, - &len); + result = asn1_read_value(cert->cert, "signatureAlgorithm.algorithm", + str, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1325,10 +1294,10 @@ int gnutls_x509_crt_get_pk_oid(gnutls_x509_crt_t cert, char *oid, gnutls_datum_t out; len = sizeof(str); - result = - asn1_read_value(cert->cert, - "tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm", - str, &len); + result = asn1_read_value( + cert->cert, + "tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm", str, + &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1357,9 +1326,8 @@ int gnutls_x509_crt_get_pk_oid(gnutls_x509_crt_t cert, char *oid, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, - char *sig, size_t *sig_size) +int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, char *sig, + size_t *sig_size) { gnutls_datum_t dsig = { NULL, 0 }; int ret; @@ -1371,14 +1339,14 @@ gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_copy_data(&dsig, (uint8_t *) sig, sig_size); + ret = _gnutls_copy_data(&dsig, (uint8_t *)sig, sig_size); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = 0; - cleanup: +cleanup: gnutls_free(dsig.data); return ret; } @@ -1414,7 +1382,7 @@ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert) { if (cert == NULL) { gnutls_assert(); - return (time_t) - 1; + return (time_t)-1; } return _gnutls_x509_get_time(cert->cert, @@ -1434,7 +1402,7 @@ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert) { if (cert == NULL) { gnutls_assert(); - return (time_t) - 1; + return (time_t)-1; } return _gnutls_x509_get_time(cert->cert, @@ -1455,11 +1423,10 @@ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE * if the extension is not present, otherwise a negative error value. **/ -int -gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t cert, - time_t * activation, - time_t * expiration, - unsigned int *critical) +int gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t cert, + time_t *activation, + time_t *expiration, + unsigned int *critical) { int ret; gnutls_datum_t der = { NULL, 0 }; @@ -1469,18 +1436,16 @@ gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t cert, return GNUTLS_E_INVALID_REQUEST; } - ret = - _gnutls_x509_crt_get_extension(cert, "2.5.29.16", 0, &der, - critical); + ret = _gnutls_x509_crt_get_extension(cert, "2.5.29.16", 0, &der, + critical); if (ret < 0) return gnutls_assert_val(ret); if (der.size == 0 || der.data == NULL) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - ret = - gnutls_x509_ext_import_private_key_usage_period(&der, activation, - expiration); + ret = gnutls_x509_ext_import_private_key_usage_period(&der, activation, + expiration); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1488,7 +1453,7 @@ gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t cert, ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&der); return ret; @@ -1508,9 +1473,8 @@ gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t cert, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result, - size_t *result_size) +int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result, + size_t *result_size) { int ret, len; @@ -1520,9 +1484,8 @@ gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result, } len = *result_size; - ret = - asn1_read_value(cert->cert, "tbsCertificate.serialNumber", - result, &len); + ret = asn1_read_value(cert->cert, "tbsCertificate.serialNumber", result, + &len); *result_size = len; if (ret != ASN1_SUCCESS) { @@ -1547,9 +1510,8 @@ gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE * if the extension is not present, otherwise a negative error value. **/ -int -gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void *ret, - size_t *ret_size, unsigned int *critical) +int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void *ret, + size_t *ret_size, unsigned int *critical) { int result; gnutls_datum_t id = { NULL, 0 }; @@ -1563,9 +1525,8 @@ gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void *ret, if (ret == NULL) *ret_size = 0; - if ((result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &der, - critical)) < 0) { + if ((result = _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &der, + critical)) < 0) { return result; } @@ -1583,7 +1544,7 @@ gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void *ret, result = 0; - cleanup: +cleanup: gnutls_free(der.data); gnutls_free(id.data); return result; @@ -1623,14 +1584,10 @@ inline static int is_type_printable(int type) * * Since: 3.0 **/ -int -gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert, - unsigned int seq, void *alt, - size_t *alt_size, - unsigned int *alt_type, - void *serial, - size_t *serial_size, - unsigned int *critical) +int gnutls_x509_crt_get_authority_key_gn_serial( + gnutls_x509_crt_t cert, unsigned int seq, void *alt, size_t *alt_size, + unsigned int *alt_type, void *serial, size_t *serial_size, + unsigned int *critical) { int ret; gnutls_datum_t der, san, iserial; @@ -1642,9 +1599,8 @@ gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert, return GNUTLS_E_INVALID_REQUEST; } - if ((ret = - _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &der, - critical)) < 0) { + if ((ret = _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &der, + critical)) < 0) { return gnutls_assert_val(ret); } @@ -1665,9 +1621,8 @@ gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert, goto cleanup; } - ret = - gnutls_x509_aki_get_cert_issuer(aki, seq, &san_type, &san, NULL, - &iserial); + ret = gnutls_x509_aki_get_cert_issuer(aki, seq, &san_type, &san, NULL, + &iserial); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1692,7 +1647,7 @@ gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert, } ret = 0; - cleanup: +cleanup: if (aki != NULL) gnutls_x509_aki_deinit(aki); gnutls_free(der.data); @@ -1717,9 +1672,9 @@ gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t cert, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE * if the extension is not present, otherwise a negative error value. **/ -int -gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id, - size_t *id_size, unsigned int *critical) +int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id, + size_t *id_size, + unsigned int *critical) { int ret; gnutls_datum_t der, l_id; @@ -1730,9 +1685,8 @@ gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id, return GNUTLS_E_INVALID_REQUEST; } - if ((ret = - _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &der, - critical)) < 0) { + if ((ret = _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &der, + critical)) < 0) { return gnutls_assert_val(ret); } @@ -1757,17 +1711,14 @@ gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id, if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_datum_t serial; - ret = - gnutls_x509_aki_get_cert_issuer(aki, 0, NULL, NULL, NULL, - &serial); + ret = gnutls_x509_aki_get_cert_issuer(aki, 0, NULL, NULL, NULL, + &serial); if (ret >= 0) { - ret = - gnutls_assert_val - (GNUTLS_E_X509_UNSUPPORTED_EXTENSION); + ret = gnutls_assert_val( + GNUTLS_E_X509_UNSUPPORTED_EXTENSION); } else { - ret = - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + ret = gnutls_assert_val( + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); } } @@ -1783,7 +1734,7 @@ gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *id, } ret = 0; - cleanup: +cleanup: if (aki != NULL) gnutls_x509_aki_deinit(aki); gnutls_free(der.data); @@ -1820,10 +1771,8 @@ int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, unsigned int *bits) if (bits) *bits = 0; - result = - _gnutls_x509_get_pk_algorithm(cert->cert, - "tbsCertificate.subjectPublicKeyInfo", - NULL, bits); + result = _gnutls_x509_get_pk_algorithm( + cert->cert, "tbsCertificate.subjectPublicKeyInfo", NULL, bits); if (result < 0) { gnutls_assert(); @@ -1844,9 +1793,8 @@ int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, unsigned int *bits) * * Since: 3.6.0 **/ -int -gnutls_x509_crt_get_spki(gnutls_x509_crt_t cert, gnutls_x509_spki_t spki, - unsigned int flags) +int gnutls_x509_crt_get_spki(gnutls_x509_crt_t cert, gnutls_x509_spki_t spki, + unsigned int flags) { int result; gnutls_x509_spki_st params; @@ -1885,10 +1833,9 @@ gnutls_x509_crt_get_spki(gnutls_x509_crt_t cert, gnutls_x509_spki_t spki, * @othername_oid: if the name is otherName return the OID * */ -int -_gnutls_parse_general_name2(asn1_node src, const char *src_name, - int seq, gnutls_datum_t * dname, - unsigned int *ret_type, int othername_oid) +int _gnutls_parse_general_name2(asn1_node src, const char *src_name, int seq, + gnutls_datum_t *dname, unsigned int *ret_type, + int othername_oid) { int len, ret; char nptr[MAX_NAME_SIZE]; @@ -1898,7 +1845,7 @@ _gnutls_parse_general_name2(asn1_node src, const char *src_name, gnutls_x509_subject_alt_name_t type; if (seq != -1) { - seq++; /* 0->1, 1->2 etc */ + seq++; /* 0->1, 1->2 etc */ if (src_name[0] != 0) snprintf(nptr, sizeof(nptr), "%s.?%d", src_name, seq); @@ -1910,7 +1857,8 @@ _gnutls_parse_general_name2(asn1_node src, const char *src_name, len = sizeof(choice_type); result = asn1_read_value(src, nptr, choice_type, &len); - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) { + if (result == ASN1_VALUE_NOT_FOUND || + result == ASN1_ELEMENT_NOT_FOUND) { return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -1920,7 +1868,7 @@ _gnutls_parse_general_name2(asn1_node src, const char *src_name, } type = _gnutls_x509_san_find_type(choice_type); - if (type == (gnutls_x509_subject_alt_name_t) - 1) { + if (type == (gnutls_x509_subject_alt_name_t)-1) { gnutls_assert(); return GNUTLS_E_X509_UNKNOWN_SAN; } @@ -1949,8 +1897,8 @@ _gnutls_parse_general_name2(asn1_node src, const char *src_name, if (src_name[0] != 0 && seq != -1) snprintf(nptr, sizeof(nptr), - "%s.?%d.otherName.type-id", - src_name, seq); + "%s.?%d.otherName.type-id", src_name, + seq); else if (src_name[0] != 0) snprintf(nptr, sizeof(nptr), "%s.otherName.type-id", src_name); @@ -2000,7 +1948,7 @@ _gnutls_parse_general_name2(asn1_node src, const char *src_name, return type; - cleanup: +cleanup: gnutls_free(tmp.data); return ret; } @@ -2008,18 +1956,16 @@ _gnutls_parse_general_name2(asn1_node src, const char *src_name, /* returns the type and the name on success. * Type is also returned as a parameter in case of an error. */ -int -_gnutls_parse_general_name(asn1_node src, const char *src_name, - int seq, void *name, size_t *name_size, - unsigned int *ret_type, int othername_oid) +int _gnutls_parse_general_name(asn1_node src, const char *src_name, int seq, + void *name, size_t *name_size, + unsigned int *ret_type, int othername_oid) { int ret; gnutls_datum_t res = { NULL, 0 }; unsigned type; - ret = - _gnutls_parse_general_name2(src, src_name, seq, &res, ret_type, - othername_oid); + ret = _gnutls_parse_general_name2(src, src_name, seq, &res, ret_type, + othername_oid); if (ret < 0) return gnutls_assert_val(ret); @@ -2037,16 +1983,14 @@ _gnutls_parse_general_name(asn1_node src, const char *src_name, } ret = type; - cleanup: +cleanup: gnutls_free(res.data); return ret; } -static int -get_alt_name(gnutls_subject_alt_names_t san, - unsigned int seq, uint8_t * alt, - size_t *alt_size, unsigned int *alt_type, - unsigned int *critical, int othername_oid) +static int get_alt_name(gnutls_subject_alt_names_t san, unsigned int seq, + uint8_t *alt, size_t *alt_size, unsigned int *alt_type, + unsigned int *critical, int othername_oid) { int ret; gnutls_datum_t ooid = { NULL, 0 }; @@ -2070,9 +2014,8 @@ get_alt_name(gnutls_subject_alt_names_t san, if (type == GNUTLS_SAN_OTHERNAME && ooid.data) { unsigned vtype; - ret = - gnutls_x509_othername_to_virtual((char *)ooid.data, &oname, - &vtype, &virt); + ret = gnutls_x509_othername_to_virtual((char *)ooid.data, + &oname, &vtype, &virt); if (ret >= 0) { type = vtype; oname.data = virt.data; @@ -2099,7 +2042,7 @@ get_alt_name(gnutls_subject_alt_names_t san, } ret = type; - cleanup: +cleanup: gnutls_free(virt.data); return ret; @@ -2135,10 +2078,10 @@ get_alt_name(gnutls_subject_alt_names_t san, * name with the specified sequence number then * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. **/ -int -gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, - unsigned int seq, void *san, - size_t *san_size, unsigned int *critical) +int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, + unsigned int seq, void *san, + size_t *san_size, + unsigned int *critical) { return get_alt_name(cert->san, seq, san, san_size, NULL, critical, 0); } @@ -2176,10 +2119,10 @@ gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, * * Since: 2.10.0 **/ -int -gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert, - unsigned int seq, void *ian, - size_t *ian_size, unsigned int *critical) +int gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert, + unsigned int seq, void *ian, + size_t *ian_size, + unsigned int *critical) { return get_alt_name(cert->ian, seq, ian, ian_size, NULL, critical, 0); } @@ -2208,15 +2151,14 @@ gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert, * Alternative name with the specified sequence number then * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. **/ -int -gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert, - unsigned int seq, void *san, - size_t *san_size, - unsigned int *san_type, - unsigned int *critical) +int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert, + unsigned int seq, void *san, + size_t *san_size, + unsigned int *san_type, + unsigned int *critical) { - return get_alt_name(cert->san, seq, san, san_size, - san_type, critical, 0); + return get_alt_name(cert->san, seq, san, san_size, san_type, critical, + 0); } /** @@ -2246,15 +2188,14 @@ gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert, * Since: 2.10.0 * **/ -int -gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t cert, - unsigned int seq, void *ian, - size_t *ian_size, - unsigned int *ian_type, - unsigned int *critical) +int gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t cert, + unsigned int seq, void *ian, + size_t *ian_size, + unsigned int *ian_type, + unsigned int *critical) { - return get_alt_name(cert->ian, seq, ian, ian_size, - ian_type, critical, 0); + return get_alt_name(cert->ian, seq, ian, ian_size, ian_type, critical, + 0); } /** @@ -2287,10 +2228,9 @@ gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t cert, * sequence number and with the otherName type then * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. **/ -int -gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert, - unsigned int seq, - void *oid, size_t *oid_size) +int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert, + unsigned int seq, void *oid, + size_t *oid_size) { return get_alt_name(cert->san, seq, oid, oid_size, NULL, NULL, 1); } @@ -2327,10 +2267,9 @@ gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert, * * Since: 2.10.0 **/ -int -gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, size_t *ret_size) +int gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t cert, + unsigned int seq, void *ret, + size_t *ret_size) { return get_alt_name(cert->ian, seq, ret, ret_size, NULL, NULL, 1); } @@ -2355,10 +2294,9 @@ gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t cert, * certificate does not contain the basicConstraints extension * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. **/ -int -gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, - unsigned int *critical, - unsigned int *ca, int *pathlen) +int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, + unsigned int *critical, + unsigned int *ca, int *pathlen) { int result; gnutls_datum_t basicConstraints; @@ -2369,9 +2307,8 @@ gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, return GNUTLS_E_INVALID_REQUEST; } - if ((result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.19", 0, - &basicConstraints, critical)) < 0) { + if ((result = _gnutls_x509_crt_get_extension( + cert, "2.5.29.19", 0, &basicConstraints, critical)) < 0) { return result; } @@ -2380,9 +2317,8 @@ gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = - gnutls_x509_ext_import_basic_constraints(&basicConstraints, &tmp_ca, - pathlen); + result = gnutls_x509_ext_import_basic_constraints(&basicConstraints, + &tmp_ca, pathlen); if (ca) *ca = tmp_ca; @@ -2415,8 +2351,8 @@ gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, * certificate does not contain the basicConstraints extension * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. **/ -int -gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, unsigned int *critical) +int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, + unsigned int *critical) { int pathlen; unsigned int ca; @@ -2443,9 +2379,9 @@ gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, unsigned int *critical) * extension %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be * returned. **/ -int -gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, - unsigned int *key_usage, unsigned int *critical) +int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, + unsigned int *key_usage, + unsigned int *critical) { int result; gnutls_datum_t keyUsage; @@ -2455,9 +2391,8 @@ gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, return GNUTLS_E_INVALID_REQUEST; } - if ((result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.15", 0, - &keyUsage, critical)) < 0) { + if ((result = _gnutls_x509_crt_get_extension( + cert, "2.5.29.15", 0, &keyUsage, critical)) < 0) { return result; } @@ -2496,10 +2431,9 @@ gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, * * Since: 3.6.0 **/ -int -gnutls_x509_crt_get_inhibit_anypolicy(gnutls_x509_crt_t cert, - unsigned int *skipcerts, - unsigned int *critical) +int gnutls_x509_crt_get_inhibit_anypolicy(gnutls_x509_crt_t cert, + unsigned int *skipcerts, + unsigned int *critical) { int ret; gnutls_datum_t ext; @@ -2509,9 +2443,8 @@ gnutls_x509_crt_get_inhibit_anypolicy(gnutls_x509_crt_t cert, return GNUTLS_E_INVALID_REQUEST; } - if ((ret = - _gnutls_x509_crt_get_extension(cert, "2.5.29.54", 0, - &ext, critical)) < 0) { + if ((ret = _gnutls_x509_crt_get_extension(cert, "2.5.29.54", 0, &ext, + critical)) < 0) { return ret; } @@ -2548,12 +2481,9 @@ gnutls_x509_crt_get_inhibit_anypolicy(gnutls_x509_crt_t cert, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, * otherwise a negative error code is returned. **/ -int -gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, - unsigned int *critical, - int *pathlen, - char **policyLanguage, - char **policy, size_t *sizeof_policy) +int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, unsigned int *critical, + int *pathlen, char **policyLanguage, + char **policy, size_t *sizeof_policy) { int result; gnutls_datum_t proxyCertInfo; @@ -2563,9 +2493,9 @@ gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, return GNUTLS_E_INVALID_REQUEST; } - if ((result = - _gnutls_x509_crt_get_extension(cert, "1.3.6.1.5.5.7.1.14", 0, - &proxyCertInfo, critical)) < 0) { + if ((result = _gnutls_x509_crt_get_extension(cert, "1.3.6.1.5.5.7.1.14", + 0, &proxyCertInfo, + critical)) < 0) { return result; } @@ -2574,9 +2504,8 @@ gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = gnutls_x509_ext_import_proxy(&proxyCertInfo, pathlen, - policyLanguage, - policy, sizeof_policy); + result = gnutls_x509_ext_import_proxy( + &proxyCertInfo, pathlen, policyLanguage, policy, sizeof_policy); _gnutls_free_datum(&proxyCertInfo); if (result < 0) { gnutls_assert(); @@ -2622,10 +2551,9 @@ void gnutls_x509_policy_release(struct gnutls_x509_policy_st *policy) * * Since: 3.1.5 **/ -int -gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, unsigned indx, - struct gnutls_x509_policy_st *policy, - unsigned int *critical) +int gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, unsigned indx, + struct gnutls_x509_policy_st *policy, + unsigned int *critical) { gnutls_datum_t tmpd = { NULL, 0 }; int ret; @@ -2642,9 +2570,8 @@ gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, unsigned indx, if (ret < 0) return gnutls_assert_val(ret); - if ((ret = - _gnutls_x509_crt_get_extension(crt, "2.5.29.32", 0, &tmpd, - critical)) < 0) { + if ((ret = _gnutls_x509_crt_get_extension(crt, "2.5.29.32", 0, &tmpd, + critical)) < 0) { goto cleanup; } @@ -2670,7 +2597,7 @@ gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, unsigned indx, ret = 0; - cleanup: +cleanup: if (policies != NULL) gnutls_x509_policies_deinit(policies); _gnutls_free_datum(&tmpd); @@ -2696,11 +2623,10 @@ gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, unsigned indx, * contain the specified extension * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. **/ -int -gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, - const char *oid, unsigned indx, - void *buf, size_t *buf_size, - unsigned int *critical) +int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, + const char *oid, unsigned indx, + void *buf, size_t *buf_size, + unsigned int *critical) { int result; gnutls_datum_t output; @@ -2710,9 +2636,8 @@ gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, return GNUTLS_E_INVALID_REQUEST; } - if ((result = - _gnutls_x509_crt_get_extension(cert, oid, indx, &output, - critical)) < 0) { + if ((result = _gnutls_x509_crt_get_extension(cert, oid, indx, &output, + critical)) < 0) { gnutls_assert(); return result; } @@ -2757,11 +2682,10 @@ gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, * * Since: 3.3.8 **/ -int -gnutls_x509_crt_get_extension_by_oid2(gnutls_x509_crt_t cert, - const char *oid, unsigned indx, - gnutls_datum_t * output, - unsigned int *critical) +int gnutls_x509_crt_get_extension_by_oid2(gnutls_x509_crt_t cert, + const char *oid, unsigned indx, + gnutls_datum_t *output, + unsigned int *critical) { int ret; @@ -2770,9 +2694,8 @@ gnutls_x509_crt_get_extension_by_oid2(gnutls_x509_crt_t cert, return GNUTLS_E_INVALID_REQUEST; } - if ((ret = - _gnutls_x509_crt_get_extension(cert, oid, indx, output, - critical)) < 0) { + if ((ret = _gnutls_x509_crt_get_extension(cert, oid, indx, output, + critical)) < 0) { gnutls_assert(); return ret; } @@ -2803,9 +2726,8 @@ gnutls_x509_crt_get_extension_by_oid2(gnutls_x509_crt_t cert, * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE * will be returned. **/ -int -gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, unsigned indx, - void *oid, size_t *oid_size) +int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, unsigned indx, + void *oid, size_t *oid_size) { int result; @@ -2820,7 +2742,6 @@ gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, unsigned indx, } return 0; - } /** @@ -2848,10 +2769,9 @@ gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, unsigned indx, * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE * will be returned. **/ -int -gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, unsigned indx, - void *oid, size_t *oid_size, - unsigned int *critical) +int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, unsigned indx, + void *oid, size_t *oid_size, + unsigned int *critical) { int result; char str_critical[10]; @@ -2863,8 +2783,8 @@ gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, unsigned indx, return GNUTLS_E_INVALID_REQUEST; } - snprintf(name, sizeof(name), - "tbsCertificate.extensions.?%u.extnID", indx + 1); + snprintf(name, sizeof(name), "tbsCertificate.extensions.?%u.extnID", + indx + 1); len = *oid_size; result = asn1_read_value(cert->cert, name, oid, &len); @@ -2878,7 +2798,7 @@ gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, unsigned indx, } /* remove any trailing null */ - if (oid && len > 0 && ((uint8_t *) oid)[len - 1] == 0) + if (oid && len > 0 && ((uint8_t *)oid)[len - 1] == 0) (*oid_size)--; if (critical) { @@ -2898,7 +2818,6 @@ gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, unsigned indx, } return 0; - } /** @@ -2922,9 +2841,8 @@ gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, unsigned indx, * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE * will be returned. **/ -int -gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, unsigned indx, - void *data, size_t *sizeof_data) +int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, unsigned indx, + void *data, size_t *sizeof_data) { int result, len; char name[MAX_NAME_SIZE]; @@ -2934,8 +2852,8 @@ gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, unsigned indx, return GNUTLS_E_INVALID_REQUEST; } - snprintf(name, sizeof(name), - "tbsCertificate.extensions.?%u.extnValue", indx + 1); + snprintf(name, sizeof(name), "tbsCertificate.extensions.?%u.extnValue", + indx + 1); len = *sizeof_data; result = asn1_read_value(cert->cert, name, data, &len); @@ -2968,16 +2886,15 @@ gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, unsigned indx, * negative error value.or a negative error code on error. * **/ -int -gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, gnutls_datum_t * dn) +int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, + gnutls_datum_t *dn) { if (cert->raw_issuer_dn.size > 0 && cert->modified == 0) { return _gnutls_set_datum(dn, cert->raw_issuer_dn.data, cert->raw_issuer_dn.size); } else { - return _gnutls_x509_get_raw_field(cert->cert, - "tbsCertificate.issuer.rdnSequence", - dn); + return _gnutls_x509_get_raw_field( + cert->cert, "tbsCertificate.issuer.rdnSequence", dn); } } @@ -2993,21 +2910,19 @@ gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, gnutls_datum_t * dn) * negative error value. or a negative error code on error. * **/ -int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, gnutls_datum_t * dn) +int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, gnutls_datum_t *dn) { if (cert->raw_dn.size > 0 && cert->modified == 0) { return _gnutls_set_datum(dn, cert->raw_dn.data, cert->raw_dn.size); } else { - return _gnutls_x509_get_raw_field(cert->cert, - "tbsCertificate.subject.rdnSequence", - dn); + return _gnutls_x509_get_raw_field( + cert->cert, "tbsCertificate.subject.rdnSequence", dn); } } -static int -get_dn(gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn, - unsigned subject) +static int get_dn(gnutls_x509_crt_t cert, const char *whom, + gnutls_x509_dn_t *dn, unsigned subject) { gnutls_x509_dn_st *store; @@ -3039,7 +2954,7 @@ get_dn(gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn, * * Returns: Returns 0 on success, or an error code. **/ -int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) +int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, gnutls_x509_dn_t *dn) { return get_dn(cert, "tbsCertificate.subject.rdnSequence", dn, 1); } @@ -3058,7 +2973,7 @@ int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) * * Returns: Returns 0 on success, or an error code. **/ -int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) +int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, gnutls_x509_dn_t *dn) { return get_dn(cert, "tbsCertificate.issuer.rdnSequence", dn, 0); } @@ -3080,10 +2995,9 @@ int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) * not long enough, and in that case the *buf_size will be updated * with the required size. On success 0 is returned. **/ -int -gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, - gnutls_digest_algorithm_t algo, - void *buf, size_t *buf_size) +int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, + gnutls_digest_algorithm_t algo, void *buf, + size_t *buf_size) { uint8_t *cert_buf; int cert_buf_size; @@ -3108,7 +3022,7 @@ gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, } result = - asn1_der_coding(cert->cert, "", cert_buf, &cert_buf_size, NULL); + asn1_der_coding(cert->cert, "", cert_buf, &cert_buf_size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -3145,10 +3059,8 @@ gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, * Returns: In case of failure a negative error code will be * returned, and 0 on success. **/ -int -gnutls_x509_crt_export(gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t *output_data_size) +int gnutls_x509_crt_export(gnutls_x509_crt_t cert, gnutls_x509_crt_fmt_t format, + void *output_data, size_t *output_data_size) { gnutls_datum_t out; int ret; @@ -3158,20 +3070,18 @@ gnutls_x509_crt_export(gnutls_x509_crt_t cert, return gnutls_assert_val(ret); if (format == GNUTLS_X509_FMT_PEM) - ret = - _gnutls_copy_string(&out, (uint8_t *) output_data, - output_data_size); + ret = _gnutls_copy_string(&out, (uint8_t *)output_data, + output_data_size); else - ret = - _gnutls_copy_data(&out, (uint8_t *) output_data, - output_data_size); + ret = _gnutls_copy_data(&out, (uint8_t *)output_data, + output_data_size); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = 0; - cleanup: +cleanup: gnutls_free(out.data); return ret; } @@ -3193,9 +3103,8 @@ gnutls_x509_crt_export(gnutls_x509_crt_t cert, * * Since: 3.1.3 **/ -int -gnutls_x509_crt_export2(gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) +int gnutls_x509_crt_export2(gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, gnutls_datum_t *out) { if (cert == NULL) { gnutls_assert(); @@ -3209,8 +3118,7 @@ gnutls_x509_crt_export2(gnutls_x509_crt_t cert, else { int ret = _gnutls_fbase64_encode(PEM_X509_CERT2, cert->der.data, - cert->der.size, - out); + cert->der.size, out); if (ret < 0) return ret; return 0; @@ -3221,18 +3129,16 @@ gnutls_x509_crt_export2(gnutls_x509_crt_t cert, out); } -int -_gnutls_get_key_id(gnutls_pk_params_st * params, - unsigned char *output_data, size_t *output_data_size, - unsigned flags) +int _gnutls_get_key_id(gnutls_pk_params_st *params, unsigned char *output_data, + size_t *output_data_size, unsigned flags) { int ret = 0; gnutls_datum_t der = { NULL, 0 }; gnutls_digest_algorithm_t hash = GNUTLS_DIG_SHA1; unsigned int digest_len; - if ((flags & GNUTLS_KEYID_USE_SHA512) - || (flags & GNUTLS_KEYID_USE_BEST_KNOWN)) + if ((flags & GNUTLS_KEYID_USE_SHA512) || + (flags & GNUTLS_KEYID_USE_BEST_KNOWN)) hash = GNUTLS_DIG_SHA512; else if (flags & GNUTLS_KEYID_USE_SHA256) hash = GNUTLS_DIG_SHA256; @@ -3258,7 +3164,7 @@ _gnutls_get_key_id(gnutls_pk_params_st * params, ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&der); return ret; @@ -3284,9 +3190,9 @@ _gnutls_get_key_id(gnutls_pk_params_st * params, * Returns: In case of failure a negative error code will be * returned, and 0 on success. **/ -int -gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, unsigned int flags, - unsigned char *output_data, size_t *output_data_size) +int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, unsigned int flags, + unsigned char *output_data, + size_t *output_data_size) { int ret = 0; gnutls_pk_params_st params; @@ -3312,8 +3218,8 @@ gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, unsigned int flags, static int crl_issuer_matches(gnutls_x509_crl_t crl, gnutls_x509_crt_t cert) { - if (_gnutls_x509_compare_raw_dn - (&crl->raw_issuer_dn, &cert->raw_issuer_dn) != 0) + if (_gnutls_x509_compare_raw_dn(&crl->raw_issuer_dn, + &cert->raw_issuer_dn) != 0) return 1; else return 0; @@ -3322,11 +3228,10 @@ static int crl_issuer_matches(gnutls_x509_crl_t crl, gnutls_x509_crt_t cert) /* This is exactly as gnutls_x509_crt_check_revocation() except that * it calls func. */ -int -_gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, - int crl_list_length, - gnutls_verify_output_function func) +int _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, + const gnutls_x509_crl_t *crl_list, + int crl_list_length, + gnutls_verify_output_function func) { uint8_t serial[128]; uint8_t cert_serial[128]; @@ -3339,7 +3244,7 @@ _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, return GNUTLS_E_INVALID_REQUEST; } - for (j = 0; j < crl_list_length; j++) { /* do for all the crls */ + for (j = 0; j < crl_list_length; j++) { /* do for all the crls */ /* Step 1. check if issuer's DN match */ @@ -3355,9 +3260,8 @@ _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, /* Step 2. Read the certificate's serial number */ cert_serial_size = sizeof(cert_serial); - ret = - gnutls_x509_crt_get_serial(cert, cert_serial, - &cert_serial_size); + ret = gnutls_x509_crt_get_serial(cert, cert_serial, + &cert_serial_size); if (ret < 0) { gnutls_assert(); return ret; @@ -3370,11 +3274,8 @@ _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, iter = NULL; do { serial_size = sizeof(serial); - ret = - gnutls_x509_crl_iter_crt_serial(crl_list[j], - &iter, - serial, - &serial_size, NULL); + ret = gnutls_x509_crl_iter_crt_serial( + crl_list[j], &iter, serial, &serial_size, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { break; } else if (ret < 0) { @@ -3383,15 +3284,14 @@ _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, } if (serial_size == cert_serial_size) { - if (memcmp - (serial, cert_serial, serial_size) == 0) { + if (memcmp(serial, cert_serial, serial_size) == + 0) { /* serials match */ if (func) - func(cert, NULL, - crl_list[j], + func(cert, NULL, crl_list[j], GNUTLS_CERT_REVOKED | - GNUTLS_CERT_INVALID); - ret = 1; /* revoked! */ + GNUTLS_CERT_INVALID); + ret = 1; /* revoked! */ goto fail; } } @@ -3402,11 +3302,10 @@ _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, if (func) func(cert, NULL, crl_list[j], 0); - } - return 0; /* not revoked. */ + return 0; /* not revoked. */ - fail: +fail: gnutls_x509_crl_iter_deinit(iter); return ret; } @@ -3423,10 +3322,9 @@ _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, * Returns: 0 if the certificate is NOT revoked, and 1 if it is. A * negative error code is returned on error. **/ -int -gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, - unsigned crl_list_length) +int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, + const gnutls_x509_crl_t *crl_list, + unsigned crl_list_length) { return _gnutls_x509_crt_check_revocation(cert, crl_list, crl_list_length, NULL); @@ -3446,13 +3344,11 @@ gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, * * Since: 3.5.6 **/ -unsigned -gnutls_x509_crt_check_key_purpose(gnutls_x509_crt_t cert, - const char *purpose, unsigned flags) +unsigned gnutls_x509_crt_check_key_purpose(gnutls_x509_crt_t cert, + const char *purpose, unsigned flags) { - return _gnutls_check_key_purpose(cert, purpose, - (flags & GNUTLS_KP_FLAG_DISALLOW_ANY) ? - 1 : 0); + return _gnutls_check_key_purpose( + cert, purpose, (flags & GNUTLS_KP_FLAG_DISALLOW_ANY) ? 1 : 0); } /** @@ -3472,10 +3368,9 @@ gnutls_x509_crt_check_key_purpose(gnutls_x509_crt_t cert, * * Since: 2.12.0 **/ -int -gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt, - gnutls_digest_algorithm_t * - hash, unsigned int *mand) +int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt, + gnutls_digest_algorithm_t *hash, + unsigned int *mand) { int ret; gnutls_pubkey_t pubkey; @@ -3501,7 +3396,7 @@ gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt, goto cleanup; } - cleanup: +cleanup: gnutls_pubkey_deinit(pubkey); return ret; } @@ -3527,12 +3422,11 @@ gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt, * sequence number then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is * returned. **/ -int -gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, - unsigned int seq, void *san, - size_t *san_size, - unsigned int *reason_flags, - unsigned int *critical) +int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, + unsigned int seq, void *san, + size_t *san_size, + unsigned int *reason_flags, + unsigned int *critical) { int ret; gnutls_datum_t dist_points = { NULL, 0 }; @@ -3552,9 +3446,8 @@ gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, if (reason_flags) *reason_flags = 0; - ret = - _gnutls_x509_crt_get_extension(cert, "2.5.29.31", 0, - &dist_points, critical); + ret = _gnutls_x509_crt_get_extension(cert, "2.5.29.31", 0, &dist_points, + critical); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -3572,9 +3465,8 @@ gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, goto cleanup; } - ret = - gnutls_x509_crl_dist_points_get(cdp, seq, &type, &t_san, - reason_flags); + ret = gnutls_x509_crl_dist_points_get(cdp, seq, &type, &t_san, + reason_flags); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -3588,7 +3480,7 @@ gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, ret = type; - cleanup: +cleanup: _gnutls_free_datum(&dist_points); if (cdp != NULL) gnutls_x509_crl_dist_points_deinit(cdp); @@ -3617,10 +3509,9 @@ gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, * not long enough, and in that case the *oid_size will be updated * with the required size. On success 0 is returned. **/ -int -gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, - unsigned indx, void *oid, size_t *oid_size, - unsigned int *critical) +int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, unsigned indx, + void *oid, size_t *oid_size, + unsigned int *critical) { int ret; gnutls_datum_t ext; @@ -3637,9 +3528,8 @@ gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, else *oid_size = 0; - if ((ret = - _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &ext, - critical)) < 0) { + if ((ret = _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &ext, + critical)) < 0) { return ret; } @@ -3674,7 +3564,7 @@ gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, ret = 0; - cleanup: +cleanup: gnutls_free(ext.data); if (p != NULL) gnutls_x509_key_purpose_deinit(p); @@ -3693,9 +3583,8 @@ gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. **/ -int -gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, - gnutls_datum_t * m, gnutls_datum_t * e) +int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, gnutls_datum_t *m, + gnutls_datum_t *e) { int ret; gnutls_pubkey_t pubkey; @@ -3721,7 +3610,7 @@ gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, goto cleanup; } - cleanup: +cleanup: gnutls_pubkey_deinit(pubkey); return ret; } @@ -3744,10 +3633,9 @@ gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, * * Since: 3.4.1 **/ -int -gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt, - gnutls_ecc_curve_t * curve, - gnutls_datum_t * x, gnutls_datum_t * y) +int gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt, + gnutls_ecc_curve_t *curve, gnutls_datum_t *x, + gnutls_datum_t *y) { int ret; gnutls_pubkey_t pubkey; @@ -3773,7 +3661,7 @@ gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt, goto cleanup; } - cleanup: +cleanup: gnutls_pubkey_deinit(pubkey); return ret; } @@ -3795,12 +3683,11 @@ gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt, * * Since: 3.6.3 **/ -int -gnutls_x509_crt_get_pk_gost_raw(gnutls_x509_crt_t crt, - gnutls_ecc_curve_t * curve, - gnutls_digest_algorithm_t * digest, - gnutls_gost_paramset_t * paramset, - gnutls_datum_t * x, gnutls_datum_t * y) +int gnutls_x509_crt_get_pk_gost_raw(gnutls_x509_crt_t crt, + gnutls_ecc_curve_t *curve, + gnutls_digest_algorithm_t *digest, + gnutls_gost_paramset_t *paramset, + gnutls_datum_t *x, gnutls_datum_t *y) { int ret; gnutls_pubkey_t pubkey; @@ -3820,14 +3707,14 @@ gnutls_x509_crt_get_pk_gost_raw(gnutls_x509_crt_t crt, goto cleanup; } - ret = gnutls_pubkey_export_gost_raw2(pubkey, curve, digest, - paramset, x, y, 0); + ret = gnutls_pubkey_export_gost_raw2(pubkey, curve, digest, paramset, x, + y, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - cleanup: +cleanup: gnutls_pubkey_deinit(pubkey); return ret; } @@ -3846,10 +3733,9 @@ gnutls_x509_crt_get_pk_gost_raw(gnutls_x509_crt_t crt, * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. **/ -int -gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) +int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, gnutls_datum_t *p, + gnutls_datum_t *q, gnutls_datum_t *g, + gnutls_datum_t *y) { int ret; gnutls_pubkey_t pubkey; @@ -3875,7 +3761,7 @@ gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, goto cleanup; } - cleanup: +cleanup: gnutls_pubkey_deinit(pubkey); return ret; } @@ -3902,11 +3788,10 @@ gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, * * Since: 3.0 **/ -int -gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs, - unsigned int *size, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags) +int gnutls_x509_crt_list_import2(gnutls_x509_crt_t **certs, unsigned int *size, + const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format, + unsigned int flags) { unsigned int init = 1024; int ret; @@ -3917,10 +3802,9 @@ gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs, return GNUTLS_E_MEMORY_ERROR; } - ret = - gnutls_x509_crt_list_import(*certs, &init, data, format, - flags | - GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); + ret = gnutls_x509_crt_list_import( + *certs, &init, data, format, + flags | GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { *certs = _gnutls_reallocarray_fast(*certs, init, sizeof(gnutls_x509_crt_t)); @@ -3929,9 +3813,8 @@ gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs, return GNUTLS_E_MEMORY_ERROR; } - ret = - gnutls_x509_crt_list_import(*certs, &init, data, - format, flags); + ret = gnutls_x509_crt_list_import(*certs, &init, data, format, + flags); } if (ret < 0) { @@ -3966,11 +3849,11 @@ gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs, * * Returns: the number of certificates read or a negative error value. **/ -int -gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, - unsigned int *cert_max, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags) +int gnutls_x509_crt_list_import(gnutls_x509_crt_t *certs, + unsigned int *cert_max, + const gnutls_datum_t *data, + gnutls_x509_crt_fmt_t format, + unsigned int flags) { int size; const char *ptr; @@ -3984,7 +3867,7 @@ gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, return GNUTLS_E_SHORT_MEMORY_BUFFER; } - count = 1; /* import only the first one */ + count = 1; /* import only the first one */ ret = gnutls_x509_crt_init(&certs[0]); if (ret < 0) { @@ -4004,11 +3887,11 @@ gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, /* move to the certificate */ - ptr = memmem(data->data, data->size, - PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1); + ptr = memmem(data->data, data->size, PEM_CERT_SEP, + sizeof(PEM_CERT_SEP) - 1); if (ptr == NULL) - ptr = memmem(data->data, data->size, - PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1); + ptr = memmem(data->data, data->size, PEM_CERT_SEP2, + sizeof(PEM_CERT_SEP2) - 1); if (ptr == NULL) return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND); @@ -4017,9 +3900,8 @@ gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, do { if (count >= *cert_max) { - if (! - (flags & - GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) + if (!(flags & + GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) break; else nocopy = 1; @@ -4035,9 +3917,8 @@ gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, tmp.data = (void *)ptr; tmp.size = data->size - (ptr - (char *)data->data); - ret = - gnutls_x509_crt_import(certs[count], &tmp, - GNUTLS_X509_FMT_PEM); + ret = gnutls_x509_crt_import(certs[count], &tmp, + GNUTLS_X509_FMT_PEM); if (ret < 0) { count++; gnutls_assert(); @@ -4057,9 +3938,8 @@ gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, if (size > 0) { char *ptr2; - ptr2 = - memmem(ptr, size, PEM_CERT_SEP, - sizeof(PEM_CERT_SEP) - 1); + ptr2 = memmem(ptr, size, PEM_CERT_SEP, + sizeof(PEM_CERT_SEP) - 1); if (ptr2 == NULL) ptr2 = memmem(ptr, size, PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1); @@ -4069,8 +3949,7 @@ gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, ptr = NULL; count++; - } - while (ptr != NULL); + } while (ptr != NULL); *cert_max = count; @@ -4103,7 +3982,7 @@ gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, ret = GNUTLS_E_SHORT_MEMORY_BUFFER; } - error: +error: for (j = 0; j < count; j++) gnutls_x509_crt_deinit(certs[j]); return ret; @@ -4130,20 +4009,18 @@ gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. **/ -int -gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t crt, char *buf, - size_t *buf_size) +int gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t crt, char *buf, + size_t *buf_size) { int result; gnutls_datum_t datum = { NULL, 0 }; - result = - _gnutls_x509_read_value(crt->cert, - "tbsCertificate.subjectUniqueID", &datum); + result = _gnutls_x509_read_value( + crt->cert, "tbsCertificate.subjectUniqueID", &datum); if (result < 0) return gnutls_assert_val(result); - if (datum.size > *buf_size) { /* then we're not going to fit */ + if (datum.size > *buf_size) { /* then we're not going to fit */ *buf_size = datum.size; result = GNUTLS_E_SHORT_MEMORY_BUFFER; } else { @@ -4179,20 +4056,18 @@ gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t crt, char *buf, * * Since: 2.12.0 **/ -int -gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t crt, char *buf, - size_t *buf_size) +int gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t crt, char *buf, + size_t *buf_size) { int result; gnutls_datum_t datum = { NULL, 0 }; - result = - _gnutls_x509_read_value(crt->cert, - "tbsCertificate.issuerUniqueID", &datum); + result = _gnutls_x509_read_value( + crt->cert, "tbsCertificate.issuerUniqueID", &datum); if (result < 0) return gnutls_assert_val(result); - if (datum.size > *buf_size) { /* then we're not going to fit */ + if (datum.size > *buf_size) { /* then we're not going to fit */ *buf_size = datum.size; result = GNUTLS_E_SHORT_MEMORY_BUFFER; } else { @@ -4205,9 +4080,8 @@ gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t crt, char *buf, return result; } -static int -legacy_parse_aia(asn1_node src, - unsigned int seq, int what, gnutls_datum_t * data) +static int legacy_parse_aia(asn1_node src, unsigned int seq, int what, + gnutls_datum_t *data) { int len; char nptr[MAX_NAME_SIZE]; @@ -4215,7 +4089,7 @@ legacy_parse_aia(asn1_node src, gnutls_datum_t d; const char *oid = NULL; - seq++; /* 0->1, 1->2 etc */ + seq++; /* 0->1, 1->2 etc */ switch (what) { case GNUTLS_IA_ACCESSMETHOD_OID: snprintf(nptr, sizeof(nptr), "?%u.accessMethod", seq); @@ -4238,21 +4112,19 @@ legacy_parse_aia(asn1_node src, len = sizeof(tmpoid); result = asn1_read_value(src, nptr, tmpoid, &len); - if (result == ASN1_VALUE_NOT_FOUND - || result == ASN1_ELEMENT_NOT_FOUND) - return - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + if (result == ASN1_VALUE_NOT_FOUND || + result == ASN1_ELEMENT_NOT_FOUND) + return gnutls_assert_val( + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - if ((unsigned)len != strlen(oid) + 1 - || memcmp(tmpoid, oid, len) != 0) - return - gnutls_assert_val - (GNUTLS_E_UNKNOWN_ALGORITHM); + if ((unsigned)len != strlen(oid) + 1 || + memcmp(tmpoid, oid, len) != 0) + return gnutls_assert_val( + GNUTLS_E_UNKNOWN_ALGORITHM); } FALLTHROUGH; @@ -4363,12 +4235,10 @@ legacy_parse_aia(asn1_node src, * * Since: 3.0 **/ -int -gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t crt, - unsigned int seq, - int what, - gnutls_datum_t * data, - unsigned int *critical) +int gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t crt, + unsigned int seq, int what, + gnutls_datum_t *data, + unsigned int *critical) { int ret; gnutls_datum_t aia; @@ -4379,9 +4249,8 @@ gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t crt, return GNUTLS_E_INVALID_REQUEST; } - if ((ret = - _gnutls_x509_crt_get_extension(crt, GNUTLS_OID_AIA, 0, &aia, - critical)) < 0) + if ((ret = _gnutls_x509_crt_get_extension(crt, GNUTLS_OID_AIA, 0, &aia, + critical)) < 0) return ret; if (aia.size == 0 || aia.data == NULL) { @@ -4461,21 +4330,18 @@ void gnutls_x509_crt_set_pin_function(gnutls_x509_crt_t crt, * * Since: 3.4.0 **/ -int -gnutls_x509_crt_import_url(gnutls_x509_crt_t crt, - const char *url, unsigned int flags) +int gnutls_x509_crt_import_url(gnutls_x509_crt_t crt, const char *url, + unsigned int flags) { int ret; unsigned i; for (i = 0; i < _gnutls_custom_urls_size; i++) { - if (strncmp - (url, _gnutls_custom_urls[i].name, - _gnutls_custom_urls[i].name_size) == 0) { + if (strncmp(url, _gnutls_custom_urls[i].name, + _gnutls_custom_urls[i].name_size) == 0) { if (_gnutls_custom_urls[i].import_crt) { - ret = - _gnutls_custom_urls[i].import_crt(crt, url, - flags); + ret = _gnutls_custom_urls[i].import_crt( + crt, url, flags); goto cleanup; } break; @@ -4492,7 +4358,7 @@ gnutls_x509_crt_import_url(gnutls_x509_crt_t crt, ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } - cleanup: +cleanup: return ret; } @@ -4519,12 +4385,10 @@ gnutls_x509_crt_import_url(gnutls_x509_crt_t crt, * * Since: 3.6.3 **/ -int -gnutls_x509_crt_list_import_url(gnutls_x509_crt_t ** certs, - unsigned int *size, - const char *url, - gnutls_pin_callback_t pin_fn, - void *pin_fn_userdata, unsigned int flags) +int gnutls_x509_crt_list_import_url(gnutls_x509_crt_t **certs, + unsigned int *size, const char *url, + gnutls_pin_callback_t pin_fn, + void *pin_fn_userdata, unsigned int flags) { int ret; unsigned i; @@ -4549,10 +4413,9 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t ** certs, } for (i = 1; i < DEFAULT_MAX_VERIFY_DEPTH; i++) { - ret = - _gnutls_get_raw_issuer(url, crts[i - 1], &issuer, - flags | - GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY); + ret = _gnutls_get_raw_issuer( + url, crts[i - 1], &issuer, + flags | GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY); if (ret < 0) { issuer.data = NULL; break; @@ -4574,9 +4437,8 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t ** certs, gnutls_x509_crt_set_pin_function(crts[i], pin_fn, pin_fn_userdata); - ret = - gnutls_x509_crt_import(crts[i], &issuer, - GNUTLS_X509_FMT_DER); + ret = gnutls_x509_crt_import(crts[i], &issuer, + GNUTLS_X509_FMT_DER); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -4595,7 +4457,7 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t ** certs, *size = total; return 0; - cleanup: +cleanup: gnutls_free(issuer.data); for (i = 0; i < total; i++) gnutls_x509_crt_deinit(crts[i]); @@ -4620,14 +4482,13 @@ gnutls_x509_crt_list_import_url(gnutls_x509_crt_t ** certs, * * Since: 3.5.6 -*/ -int -gnutls_x509_crt_verify_data3(gnutls_x509_crt_t crt, - gnutls_sign_algorithm_t algo, - gnutls_typed_vdata_st * vdata, - unsigned int vdata_size, - const gnutls_datum_t * data, - const gnutls_datum_t * signature, - unsigned int flags) +int gnutls_x509_crt_verify_data3(gnutls_x509_crt_t crt, + gnutls_sign_algorithm_t algo, + gnutls_typed_vdata_st *vdata, + unsigned int vdata_size, + const gnutls_datum_t *data, + const gnutls_datum_t *signature, + unsigned int flags) { int ret; gnutls_pubkey_t pubkey; @@ -4660,30 +4521,26 @@ gnutls_x509_crt_verify_data3(gnutls_x509_crt_t crt, } if (now < gnutls_x509_crt_get_activation_time(crt)) { - return - gnutls_assert_val - (GNUTLS_E_NOT_YET_ACTIVATED); + return gnutls_assert_val( + GNUTLS_E_NOT_YET_ACTIVATED); } } res = gnutls_x509_crt_get_key_usage(crt, &usage, NULL); if (res >= 0) { if (!(usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) { - return - gnutls_assert_val - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + return gnutls_assert_val( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); } } for (i = 0; i < vdata_size; i++) { if (vdata[i].type == GNUTLS_DT_KEY_PURPOSE_OID) { - res = _gnutls_check_key_purpose(crt, (char *) - vdata[i].data, - 0); + res = _gnutls_check_key_purpose( + crt, (char *)vdata[i].data, 0); if (res == 0) - return - gnutls_assert_val - (GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); + return gnutls_assert_val( + GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); break; } } @@ -4712,15 +4569,13 @@ gnutls_x509_crt_verify_data3(gnutls_x509_crt_t crt, * * Since: 3.4.0 **/ -int -gnutls_x509_crt_verify_data2(gnutls_x509_crt_t crt, - gnutls_sign_algorithm_t algo, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) +int gnutls_x509_crt_verify_data2(gnutls_x509_crt_t crt, + gnutls_sign_algorithm_t algo, + unsigned int flags, const gnutls_datum_t *data, + const gnutls_datum_t *signature) { - return gnutls_x509_crt_verify_data3(crt, algo, NULL, 0, - data, signature, flags); + return gnutls_x509_crt_verify_data3(crt, algo, NULL, 0, data, signature, + flags); } /** diff --git a/lib/x509/x509_dn.c b/lib/x509/x509_dn.c index a20e21e54c..83399237d8 100644 --- a/lib/x509/x509_dn.c +++ b/lib/x509/x509_dn.c @@ -35,9 +35,8 @@ typedef int (*set_dn_func)(void *, const char *oid, unsigned int raw_flag, const void *name, unsigned int name_size); -static -int dn_attr_crt_set(set_dn_func f, void *crt, const gnutls_datum_t * name, - const gnutls_datum_t * val, unsigned is_raw) +static int dn_attr_crt_set(set_dn_func f, void *crt, const gnutls_datum_t *name, + const gnutls_datum_t *val, unsigned is_raw) { char _oid[MAX_OID_SIZE]; gnutls_datum_t tmp; @@ -62,8 +61,8 @@ int dn_attr_crt_set(set_dn_func f, void *crt, const gnutls_datum_t * name, return gnutls_assert_val(GNUTLS_E_PARSING_ERROR); } } else { - oid = - _gnutls_ldap_string_to_oid((char *)name->data, name->size); + oid = _gnutls_ldap_string_to_oid((char *)name->data, + name->size); } if (oid == NULL) { @@ -88,23 +87,22 @@ int dn_attr_crt_set(set_dn_func f, void *crt, const gnutls_datum_t * name, /* unescape */ for (j = i = 0; i < tmp.size; i++) { if (1 + j != val->size && val->data[j] == '\\') { - if (val->data[j + 1] == ',' - || val->data[j + 1] == '#' - || val->data[j + 1] == ' ' - || val->data[j + 1] == '+' - || val->data[j + 1] == '"' - || val->data[j + 1] == '<' - || val->data[j + 1] == '>' - || val->data[j + 1] == ';' - || val->data[j + 1] == '\\' - || val->data[j + 1] == '=') { + if (val->data[j + 1] == ',' || + val->data[j + 1] == '#' || + val->data[j + 1] == ' ' || + val->data[j + 1] == '+' || + val->data[j + 1] == '"' || + val->data[j + 1] == '<' || + val->data[j + 1] == '>' || + val->data[j + 1] == ';' || + val->data[j + 1] == '\\' || + val->data[j + 1] == '=') { tmp.data[i] = val->data[j + 1]; j += 2; tmp.size--; } else { - ret = - gnutls_assert_val - (GNUTLS_E_PARSING_ERROR); + ret = gnutls_assert_val( + GNUTLS_E_PARSING_ERROR); goto fail; } } else { @@ -121,14 +119,13 @@ int dn_attr_crt_set(set_dn_func f, void *crt, const gnutls_datum_t * name, } ret = 0; - fail: +fail: gnutls_free(tmp.data); return ret; } -static int read_attr_and_val(const char **ptr, - gnutls_datum_t * name, gnutls_datum_t * val, - unsigned *is_raw) +static int read_attr_and_val(const char **ptr, gnutls_datum_t *name, + gnutls_datum_t *val, unsigned *is_raw) { const unsigned char *p = (void *)*ptr; @@ -162,8 +159,8 @@ static int read_attr_and_val(const char **ptr, /* Read value */ val->data = (void *)p; - while (*p != 0 && (*p != ',' || (*p == ',' && *(p - 1) == '\\')) - && *p != '\n') { + while (*p != 0 && (*p != ',' || (*p == ',' && *(p - 1) == '\\')) && + *p != '\n') { p++; } val->size = p - (val->data); @@ -198,8 +195,8 @@ typedef struct elem_list_st { struct elem_list_st *next; } elem_list_st; -static int add_new_elem(elem_list_st ** head, const gnutls_datum_t * name, - const gnutls_datum_t * val, const char *pos, +static int add_new_elem(elem_list_st **head, const gnutls_datum_t *name, + const gnutls_datum_t *val, const char *pos, unsigned is_raw) { elem_list_st *elem = gnutls_malloc(sizeof(*elem)); @@ -216,8 +213,8 @@ static int add_new_elem(elem_list_st ** head, const gnutls_datum_t * name, return 0; } -static int -crt_set_dn(set_dn_func f, void *crt, const char *dn, const char **err) +static int crt_set_dn(set_dn_func f, void *crt, const char *dn, + const char **err) { const char *p = dn; int ret; @@ -266,9 +263,8 @@ crt_set_dn(set_dn_func f, void *crt, const char *dn, const char **err) while (plist) { if (err) *err = plist->pos; - ret = - dn_attr_crt_set(f, crt, &plist->name, &plist->val, - plist->is_raw); + ret = dn_attr_crt_set(f, crt, &plist->name, &plist->val, + plist->is_raw); if (ret < 0) goto fail; @@ -276,7 +272,7 @@ crt_set_dn(set_dn_func f, void *crt, const char *dn, const char **err) } ret = 0; - fail: +fail: plist = list; while (plist) { next = plist->next; @@ -304,11 +300,11 @@ crt_set_dn(set_dn_func f, void *crt, const char *dn, const char **err) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn, const char **err) +int gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn, + const char **err) { - return crt_set_dn((set_dn_func) gnutls_x509_crt_set_dn_by_oid, crt, - dn, err); + return crt_set_dn((set_dn_func)gnutls_x509_crt_set_dn_by_oid, crt, dn, + err); } /** @@ -324,12 +320,11 @@ gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn, const char **err) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_issuer_dn(gnutls_x509_crt_t crt, const char *dn, - const char **err) +int gnutls_x509_crt_set_issuer_dn(gnutls_x509_crt_t crt, const char *dn, + const char **err) { - return crt_set_dn((set_dn_func) - gnutls_x509_crt_set_issuer_dn_by_oid, crt, dn, err); + return crt_set_dn((set_dn_func)gnutls_x509_crt_set_issuer_dn_by_oid, + crt, dn, err); } /** @@ -345,16 +340,16 @@ gnutls_x509_crt_set_issuer_dn(gnutls_x509_crt_t crt, const char *dn, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crq_set_dn(gnutls_x509_crq_t crq, const char *dn, const char **err) +int gnutls_x509_crq_set_dn(gnutls_x509_crq_t crq, const char *dn, + const char **err) { - return crt_set_dn((set_dn_func) gnutls_x509_crq_set_dn_by_oid, crq, - dn, err); + return crt_set_dn((set_dn_func)gnutls_x509_crq_set_dn_by_oid, crq, dn, + err); } -static -int set_dn_by_oid(gnutls_x509_dn_t dn, const char *oid, unsigned int raw_flag, - const void *name, unsigned name_size) +static int set_dn_by_oid(gnutls_x509_dn_t dn, const char *oid, + unsigned int raw_flag, const void *name, + unsigned name_size) { return _gnutls_x509_set_dn_oid(dn->asn, "", oid, raw_flag, name, name_size); @@ -375,15 +370,15 @@ int set_dn_by_oid(gnutls_x509_dn_t dn, const char *oid, unsigned int raw_flag, * * Since: 3.5.3 **/ -int -gnutls_x509_dn_set_str(gnutls_x509_dn_t dn, const char *str, const char **err) +int gnutls_x509_dn_set_str(gnutls_x509_dn_t dn, const char *str, + const char **err) { if (dn == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return crt_set_dn((set_dn_func) set_dn_by_oid, dn, str, err); + return crt_set_dn((set_dn_func)set_dn_by_oid, dn, str, err); } /** @@ -400,15 +395,14 @@ gnutls_x509_dn_set_str(gnutls_x509_dn_t dn, const char *str, const char **err) * * Since: 2.4.0 **/ -int gnutls_x509_dn_init(gnutls_x509_dn_t * dn) +int gnutls_x509_dn_init(gnutls_x509_dn_t *dn) { int result; *dn = gnutls_calloc(1, sizeof(gnutls_x509_dn_st)); - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &(*dn)->asn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Name", + &(*dn)->asn)) != ASN1_SUCCESS) { gnutls_assert(); gnutls_free(*dn); return _gnutls_asn2err(result); @@ -432,7 +426,7 @@ int gnutls_x509_dn_init(gnutls_x509_dn_t * dn) * * Since: 2.4.0 **/ -int gnutls_x509_dn_import(gnutls_x509_dn_t dn, const gnutls_datum_t * data) +int gnutls_x509_dn_import(gnutls_x509_dn_t dn, const gnutls_datum_t *data) { int result; char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; @@ -486,19 +480,17 @@ void gnutls_x509_dn_deinit(gnutls_x509_dn_t dn) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_dn_export(gnutls_x509_dn_t dn, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t *output_data_size) +int gnutls_x509_dn_export(gnutls_x509_dn_t dn, gnutls_x509_crt_fmt_t format, + void *output_data, size_t *output_data_size) { if (dn == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_export_int_named(dn->asn, "rdnSequence", - format, "NAME", - output_data, output_data_size); + return _gnutls_x509_export_int_named(dn->asn, "rdnSequence", format, + "NAME", output_data, + output_data_size); } /** @@ -519,17 +511,16 @@ gnutls_x509_dn_export(gnutls_x509_dn_t dn, * * Since: 3.1.3 **/ -int -gnutls_x509_dn_export2(gnutls_x509_dn_t dn, - gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) +int gnutls_x509_dn_export2(gnutls_x509_dn_t dn, gnutls_x509_crt_fmt_t format, + gnutls_datum_t *out) { if (dn == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_export_int_named2(dn->asn, "rdnSequence", - format, "NAME", out); + return _gnutls_x509_export_int_named2(dn->asn, "rdnSequence", format, + "NAME", out); } /** @@ -560,9 +551,8 @@ gnutls_x509_dn_export2(gnutls_x509_dn_t dn, * * Returns: Returns 0 on success, or an error code. **/ -int -gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, - int irdn, int iava, gnutls_x509_ava_st * ava) +int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, int irdn, int iava, + gnutls_x509_ava_st *ava) { asn1_node rdn, elem; asn1_data_node_st vnode; @@ -573,7 +563,7 @@ gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, const unsigned char *ptr; iava++; - irdn++; /* 0->1, 1->2 etc */ + irdn++; /* 0->1, 1->2 etc */ snprintf(rbuf, sizeof(rbuf), "rdnSequence.?%d.?%d", irdn, iava); rdn = asn1_find_node(dn->asn, rbuf); @@ -663,7 +653,7 @@ gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, * * Since: 3.4.2 **/ -int gnutls_x509_dn_get_str(gnutls_x509_dn_t dn, gnutls_datum_t * str) +int gnutls_x509_dn_get_str(gnutls_x509_dn_t dn, gnutls_datum_t *str) { if (dn == NULL) { gnutls_assert(); @@ -694,9 +684,8 @@ int gnutls_x509_dn_get_str(gnutls_x509_dn_t dn, gnutls_datum_t * str) * * Since: 3.5.7 **/ -int -gnutls_x509_dn_get_str2(gnutls_x509_dn_t dn, gnutls_datum_t * str, - unsigned flags) +int gnutls_x509_dn_get_str2(gnutls_x509_dn_t dn, gnutls_datum_t *str, + unsigned flags) { if (dn == NULL) { gnutls_assert(); diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index d369a47440..49314869cc 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -49,7 +49,7 @@ struct gnutls_subject_alt_names_st { * * Since: 3.3.0 **/ -int gnutls_subject_alt_names_init(gnutls_subject_alt_names_t * sans) +int gnutls_subject_alt_names_init(gnutls_subject_alt_names_t *sans) { *sans = gnutls_calloc(1, sizeof(struct gnutls_subject_alt_names_st)); if (*sans == NULL) { @@ -104,8 +104,8 @@ void gnutls_subject_alt_names_deinit(gnutls_subject_alt_names_t sans) **/ int gnutls_subject_alt_names_get(gnutls_subject_alt_names_t sans, unsigned int seq, unsigned int *san_type, - gnutls_datum_t * san, - gnutls_datum_t * othername_oid) + gnutls_datum_t *san, + gnutls_datum_t *othername_oid) { if (seq >= sans->size) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); @@ -117,8 +117,8 @@ int gnutls_subject_alt_names_get(gnutls_subject_alt_names_t sans, if (san_type) *san_type = sans->names[seq].type; - if (othername_oid != NULL - && sans->names[seq].type == GNUTLS_SAN_OTHERNAME) { + if (othername_oid != NULL && + sans->names[seq].type == GNUTLS_SAN_OTHERNAME) { othername_oid->data = sans->names[seq].othername_oid.data; othername_oid->size = sans->names[seq].othername_oid.size; } @@ -129,12 +129,9 @@ int gnutls_subject_alt_names_get(gnutls_subject_alt_names_t sans, /* This is the same as gnutls_subject_alt_names_set() but will not * copy the strings. It expects all the provided input to be already * allocated by gnutls. */ -static -int subject_alt_names_set(struct name_st **names, - unsigned int *size, - unsigned int san_type, - gnutls_datum_t * san, char *othername_oid, - unsigned raw) +static int subject_alt_names_set(struct name_st **names, unsigned int *size, + unsigned int san_type, gnutls_datum_t *san, + char *othername_oid, unsigned raw) { void *tmp; int ret; @@ -149,9 +146,8 @@ int subject_alt_names_set(struct name_st **names, } *names = tmp; - ret = - _gnutls_alt_name_assign_virt_type(&(*names)[*size], san_type, san, - othername_oid, raw); + ret = _gnutls_alt_name_assign_virt_type(&(*names)[*size], san_type, san, + othername_oid, raw); if (ret < 0) return gnutls_assert_val(ret); @@ -178,7 +174,7 @@ int subject_alt_names_set(struct name_st **names, **/ int gnutls_subject_alt_names_set(gnutls_subject_alt_names_t sans, unsigned int san_type, - const gnutls_datum_t * san, + const gnutls_datum_t *san, const char *othername_oid) { int ret; @@ -193,8 +189,8 @@ int gnutls_subject_alt_names_set(gnutls_subject_alt_names_t sans, ooc = gnutls_strdup(othername_oid); else ooc = NULL; - ret = subject_alt_names_set(&sans->names, &sans->size, - san_type, ©, ooc, 0); + ret = subject_alt_names_set(&sans->names, &sans->size, san_type, ©, + ooc, 0); if (ret < 0) { gnutls_free(copy.data); return gnutls_assert_val(ret); @@ -220,7 +216,7 @@ int gnutls_subject_alt_names_set(gnutls_subject_alt_names_t sans, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext, +int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t *ext, gnutls_subject_alt_names_t sans, unsigned int flags) { @@ -230,8 +226,8 @@ int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext, gnutls_datum_t san, othername_oid; unsigned type; - result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.GeneralNames", &c2); + result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.GeneralNames", + &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -254,10 +250,8 @@ int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext, break; if (type == GNUTLS_SAN_OTHERNAME) { - ret = - _gnutls_parse_general_name2(c2, "", i, - &othername_oid, - NULL, 1); + ret = _gnutls_parse_general_name2( + c2, "", i, &othername_oid, NULL, 1); if (ret < 0) break; @@ -266,9 +260,9 @@ int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext, break; } - ret = subject_alt_names_set(&sans->names, &sans->size, - type, &san, - (char *)othername_oid.data, 1); + ret = subject_alt_names_set(&sans->names, &sans->size, type, + &san, (char *)othername_oid.data, + 1); if (ret < 0) break; } @@ -282,7 +276,7 @@ int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext, } ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; } @@ -301,14 +295,14 @@ int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext, * Since: 3.3.0 **/ int gnutls_x509_ext_export_subject_alt_names(gnutls_subject_alt_names_t sans, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { asn1_node c2 = NULL; int result, ret; unsigned i; - result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.GeneralNames", &c2); + result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.GeneralNames", + &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -316,22 +310,16 @@ int gnutls_x509_ext_export_subject_alt_names(gnutls_subject_alt_names_t sans, for (i = 0; i < sans->size; i++) { if (sans->names[i].type == GNUTLS_SAN_OTHERNAME) { - ret = - _gnutls_write_new_othername(c2, "", - (char *)sans-> - names[i].othername_oid. - data, - sans->names[i].san.data, - sans->names[i]. - san.size); + ret = _gnutls_write_new_othername( + c2, "", + (char *)sans->names[i].othername_oid.data, + sans->names[i].san.data, + sans->names[i].san.size); } else { - ret = - _gnutls_write_new_general_name(c2, "", - sans->names[i].type, - sans->names[i]. - san.data, - sans->names[i]. - san.size); + ret = _gnutls_write_new_general_name( + c2, "", sans->names[i].type, + sans->names[i].san.data, + sans->names[i].san.size); } if (ret < 0) { @@ -348,7 +336,7 @@ int gnutls_x509_ext_export_subject_alt_names(gnutls_subject_alt_names_t sans, ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; } @@ -378,7 +366,7 @@ int gnutls_x509_ext_export_subject_alt_names(gnutls_subject_alt_names_t sans, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t * ext, +int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t *ext, gnutls_x509_name_constraints_t nc, unsigned int flags) { @@ -386,8 +374,8 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t * ext, asn1_node c2 = NULL; gnutls_x509_name_constraints_t nc2 = NULL; - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.NameConstraints", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.NameConstraints", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -408,17 +396,15 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t * ext, goto cleanup; } - ret = - _gnutls_extract_name_constraints(c2, "permittedSubtrees", - &nc2->permitted); + ret = _gnutls_extract_name_constraints(c2, "permittedSubtrees", + &nc2->permitted); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_extract_name_constraints(c2, "excludedSubtrees", - &nc2->excluded); + ret = _gnutls_extract_name_constraints(c2, "excludedSubtrees", + &nc2->excluded); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -433,17 +419,15 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t * ext, _gnutls_name_constraints_node_free(nc->permitted); _gnutls_name_constraints_node_free(nc->excluded); - ret = - _gnutls_extract_name_constraints(c2, "permittedSubtrees", - &nc->permitted); + ret = _gnutls_extract_name_constraints(c2, "permittedSubtrees", + &nc->permitted); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_extract_name_constraints(c2, "excludedSubtrees", - &nc->excluded); + ret = _gnutls_extract_name_constraints(c2, "excludedSubtrees", + &nc->excluded); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -452,7 +436,7 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t * ext, ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); if (nc2) gnutls_x509_name_constraints_deinit(nc2); @@ -474,7 +458,7 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t * ext, * Since: 3.3.0 **/ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { int ret, result; uint8_t null = 0; @@ -484,8 +468,8 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc, if (nc->permitted == NULL && nc->excluded == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.NameConstraints", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.NameConstraints", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -496,40 +480,34 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc, } else { tmp = nc->permitted; do { - result = - asn1_write_value(c2, "permittedSubtrees", "NEW", 1); + result = asn1_write_value(c2, "permittedSubtrees", + "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(c2, - "permittedSubtrees.?LAST.maximum", - NULL, 0); + result = asn1_write_value( + c2, "permittedSubtrees.?LAST.maximum", NULL, 0); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(c2, - "permittedSubtrees.?LAST.minimum", - &null, 1); + result = asn1_write_value( + c2, "permittedSubtrees.?LAST.minimum", &null, + 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - ret = - _gnutls_write_general_name(c2, - "permittedSubtrees.?LAST.base", - tmp->type, - tmp->name.data, - tmp->name.size); + ret = _gnutls_write_general_name( + c2, "permittedSubtrees.?LAST.base", tmp->type, + tmp->name.data, tmp->name.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -543,47 +521,39 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc, } else { tmp = nc->excluded; do { - result = - asn1_write_value(c2, "excludedSubtrees", "NEW", 1); + result = asn1_write_value(c2, "excludedSubtrees", "NEW", + 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(c2, - "excludedSubtrees.?LAST.maximum", - NULL, 0); + result = asn1_write_value( + c2, "excludedSubtrees.?LAST.maximum", NULL, 0); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - result = - asn1_write_value(c2, - "excludedSubtrees.?LAST.minimum", - &null, 1); + result = asn1_write_value( + c2, "excludedSubtrees.?LAST.minimum", &null, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - ret = - _gnutls_write_general_name(c2, - "excludedSubtrees.?LAST.base", - tmp->type, - tmp->name.data, - tmp->name.size); + ret = _gnutls_write_general_name( + c2, "excludedSubtrees.?LAST.base", tmp->type, + tmp->name.data, tmp->name.size); if (ret < 0) { gnutls_assert(); goto cleanup; } tmp = tmp->next; } while (tmp != NULL); - } ret = _gnutls_x509_der_encode(c2, "", ext, 0); @@ -594,7 +564,7 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc, ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; } @@ -613,8 +583,8 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_subject_key_id(const gnutls_datum_t * ext, - gnutls_datum_t * id) +int gnutls_x509_ext_import_subject_key_id(const gnutls_datum_t *ext, + gnutls_datum_t *id) { int result, ret; asn1_node c2 = NULL; @@ -624,8 +594,8 @@ int gnutls_x509_ext_import_subject_key_id(const gnutls_datum_t * ext, return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SubjectKeyIdentifier", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.SubjectKeyIdentifier", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -645,11 +615,10 @@ int gnutls_x509_ext_import_subject_key_id(const gnutls_datum_t * ext, } ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; - } /** @@ -666,15 +635,14 @@ int gnutls_x509_ext_import_subject_key_id(const gnutls_datum_t * ext, * * Since: 3.3.0 **/ -int gnutls_x509_ext_export_subject_key_id(const gnutls_datum_t * id, - gnutls_datum_t * ext) +int gnutls_x509_ext_export_subject_key_id(const gnutls_datum_t *id, + gnutls_datum_t *ext) { asn1_node c2 = NULL; int ret, result; - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.SubjectKeyIdentifier", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.SubjectKeyIdentifier", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -694,7 +662,7 @@ int gnutls_x509_ext_export_subject_key_id(const gnutls_datum_t * id, } ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; } @@ -715,7 +683,7 @@ struct gnutls_x509_aki_st { * * Since: 3.3.0 **/ -int gnutls_x509_aki_init(gnutls_x509_aki_t * aki) +int gnutls_x509_aki_init(gnutls_x509_aki_t *aki) { *aki = gnutls_calloc(1, sizeof(struct gnutls_x509_aki_st)); if (*aki == NULL) @@ -753,7 +721,7 @@ void gnutls_x509_aki_deinit(gnutls_x509_aki_t aki) * * Since: 3.3.0 **/ -int gnutls_x509_aki_get_id(gnutls_x509_aki_t aki, gnutls_datum_t * id) +int gnutls_x509_aki_get_id(gnutls_x509_aki_t aki, gnutls_datum_t *id) { if (aki->id.size == 0) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); @@ -774,7 +742,7 @@ int gnutls_x509_aki_get_id(gnutls_x509_aki_t aki, gnutls_datum_t * id) * * Since: 3.3.0 **/ -int gnutls_x509_aki_set_id(gnutls_x509_aki_t aki, const gnutls_datum_t * id) +int gnutls_x509_aki_set_id(gnutls_x509_aki_t aki, const gnutls_datum_t *id) { return _gnutls_set_datum(&aki->id, id->data, id->size); } @@ -800,9 +768,9 @@ int gnutls_x509_aki_set_id(gnutls_x509_aki_t aki, const gnutls_datum_t * id) **/ int gnutls_x509_aki_set_cert_issuer(gnutls_x509_aki_t aki, unsigned int san_type, - const gnutls_datum_t * san, + const gnutls_datum_t *san, const char *othername_oid, - const gnutls_datum_t * serial) + const gnutls_datum_t *serial) { int ret; gnutls_datum_t t_san, t_othername_oid = { NULL, 0 }; @@ -818,7 +786,7 @@ int gnutls_x509_aki_set_cert_issuer(gnutls_x509_aki_t aki, return gnutls_assert_val(ret); if (othername_oid) { - t_othername_oid.data = (uint8_t *) gnutls_strdup(othername_oid); + t_othername_oid.data = (uint8_t *)gnutls_strdup(othername_oid); if (t_othername_oid.data == NULL) { gnutls_free(t_san.data); return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); @@ -826,10 +794,9 @@ int gnutls_x509_aki_set_cert_issuer(gnutls_x509_aki_t aki, t_othername_oid.size = strlen(othername_oid); } - ret = - subject_alt_names_set(&aki->cert_issuer.names, - &aki->cert_issuer.size, san_type, &t_san, - (char *)t_othername_oid.data, 0); + ret = subject_alt_names_set(&aki->cert_issuer.names, + &aki->cert_issuer.size, san_type, &t_san, + (char *)t_othername_oid.data, 0); if (ret < 0) { gnutls_assert(); return ret; @@ -857,10 +824,9 @@ int gnutls_x509_aki_set_cert_issuer(gnutls_x509_aki_t aki, * Since: 3.3.0 **/ int gnutls_x509_aki_get_cert_issuer(gnutls_x509_aki_t aki, unsigned int seq, - unsigned int *san_type, - gnutls_datum_t * san, - gnutls_datum_t * othername_oid, - gnutls_datum_t * serial) + unsigned int *san_type, gnutls_datum_t *san, + gnutls_datum_t *othername_oid, + gnutls_datum_t *serial) { if (seq >= aki->cert_issuer.size) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); @@ -876,19 +842,18 @@ int gnutls_x509_aki_get_cert_issuer(gnutls_x509_aki_t aki, unsigned int seq, sizeof(gnutls_datum_t)); } - if (othername_oid != NULL - && aki->cert_issuer.names[seq].type == GNUTLS_SAN_OTHERNAME) { + if (othername_oid != NULL && + aki->cert_issuer.names[seq].type == GNUTLS_SAN_OTHERNAME) { othername_oid->data = - aki->cert_issuer.names[seq].othername_oid.data; + aki->cert_issuer.names[seq].othername_oid.data; othername_oid->size = - aki->cert_issuer.names[seq].othername_oid.size; + aki->cert_issuer.names[seq].othername_oid.size; } if (san_type) *san_type = aki->cert_issuer.names[seq].type; return 0; - } /** @@ -905,7 +870,7 @@ int gnutls_x509_aki_get_cert_issuer(gnutls_x509_aki_t aki, unsigned int seq, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, +int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t *ext, gnutls_x509_aki_t aki, unsigned int flags) { @@ -915,8 +880,8 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, gnutls_datum_t san, othername_oid; unsigned type; - ret = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", &c2); + ret = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.AuthorityKeyIdentifier", &c2); if (ret != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); @@ -941,19 +906,16 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, break; if (type == GNUTLS_SAN_OTHERNAME) { - ret = - _gnutls_parse_general_name2(c2, - "authorityCertIssuer", - i, - &othername_oid, - NULL, 1); + ret = _gnutls_parse_general_name2(c2, + "authorityCertIssuer", + i, &othername_oid, + NULL, 1); if (ret < 0) break; } ret = subject_alt_names_set(&aki->cert_issuer.names, - &aki->cert_issuer.size, - type, &san, + &aki->cert_issuer.size, type, &san, (char *)othername_oid.data, 1); if (ret < 0) break; @@ -961,8 +923,8 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, assert(ret < 0); aki->cert_issuer.size = i; - if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - && ret != GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && + ret != GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { gnutls_assert(); gnutls_free(san.data); gnutls_free(othername_oid.data); @@ -970,26 +932,25 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, } /* Read the serial number */ - ret = - _gnutls_x509_read_value(c2, "authorityCertSerialNumber", - &aki->serial); - if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - && ret != GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { + ret = _gnutls_x509_read_value(c2, "authorityCertSerialNumber", + &aki->serial); + if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && + ret != GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { gnutls_assert(); goto cleanup; } /* Read the key identifier */ ret = _gnutls_x509_read_value(c2, "keyIdentifier", &aki->id); - if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - && ret != GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { + if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && + ret != GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { gnutls_assert(); goto cleanup; } ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; @@ -1010,24 +971,22 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, * Since: 3.3.0 **/ int gnutls_x509_ext_export_authority_key_id(gnutls_x509_aki_t aki, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { asn1_node c2 = NULL; unsigned i; int result, ret; - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.AuthorityKeyIdentifier", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.AuthorityKeyIdentifier", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } if (aki->id.data != NULL) { - result = - asn1_write_value(c2, "keyIdentifier", aki->id.data, - aki->id.size); + result = asn1_write_value(c2, "keyIdentifier", aki->id.data, + aki->id.size); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -1038,9 +997,8 @@ int gnutls_x509_ext_export_authority_key_id(gnutls_x509_aki_t aki, } if (aki->serial.data != NULL) { - result = - asn1_write_value(c2, "authorityCertSerialNumber", - aki->serial.data, aki->serial.size); + result = asn1_write_value(c2, "authorityCertSerialNumber", + aki->serial.data, aki->serial.size); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -1055,16 +1013,11 @@ int gnutls_x509_ext_export_authority_key_id(gnutls_x509_aki_t aki, (void)asn1_write_value(c2, "authorityCertIssuer", NULL, 0); } else { for (i = 0; i < aki->cert_issuer.size; i++) { - ret = - _gnutls_write_new_general_name(c2, - "authorityCertIssuer", - aki->cert_issuer. - names[i].type, - aki-> - cert_issuer.names[i]. - san.data, - aki->cert_issuer. - names[i].san.size); + ret = _gnutls_write_new_general_name( + c2, "authorityCertIssuer", + aki->cert_issuer.names[i].type, + aki->cert_issuer.names[i].san.data, + aki->cert_issuer.names[i].san.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1079,10 +1032,9 @@ int gnutls_x509_ext_export_authority_key_id(gnutls_x509_aki_t aki, } ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; - } /** @@ -1105,7 +1057,7 @@ int gnutls_x509_ext_export_authority_key_id(gnutls_x509_aki_t aki, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_key_usage(const gnutls_datum_t * ext, +int gnutls_x509_ext_import_key_usage(const gnutls_datum_t *ext, unsigned int *key_usage) { asn1_node c2 = NULL; @@ -1115,8 +1067,8 @@ int gnutls_x509_ext_import_key_usage(const gnutls_datum_t * ext, str[0] = str[1] = 0; *key_usage = 0; - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.KeyUsage", &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.KeyUsage", + &c2)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -1145,7 +1097,7 @@ int gnutls_x509_ext_import_key_usage(const gnutls_datum_t * ext, static int _last_key_usage_set_bit(int usage) { -/* the byte ordering is a bit strange here, see how GNUTLS_KEY_* is laid out, and how + /* the byte ordering is a bit strange here, see how GNUTLS_KEY_* is laid out, and how * asn1_write_value() writes out BIT STRING objects. */ if (usage & GNUTLS_KEY_DECIPHER_ONLY) @@ -1184,7 +1136,7 @@ static int _last_key_usage_set_bit(int usage) * * Since: 3.3.0 **/ -int gnutls_x509_ext_export_key_usage(unsigned int usage, gnutls_datum_t * ext) +int gnutls_x509_ext_export_key_usage(unsigned int usage, gnutls_datum_t *ext) { asn1_node c2 = NULL; int result; @@ -1239,7 +1191,7 @@ int gnutls_x509_ext_export_key_usage(unsigned int usage, gnutls_datum_t * ext) * * Since: 3.6.0 **/ -int gnutls_x509_ext_import_inhibit_anypolicy(const gnutls_datum_t * ext, +int gnutls_x509_ext_import_inhibit_anypolicy(const gnutls_datum_t *ext, unsigned int *skipcerts) { int ret; @@ -1267,14 +1219,13 @@ int gnutls_x509_ext_import_inhibit_anypolicy(const gnutls_datum_t * ext, * Since: 3.6.0 **/ int gnutls_x509_ext_export_inhibit_anypolicy(unsigned int skipcerts, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { asn1_node c2 = NULL; int result, ret; - result = - asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", - &c2); + result = asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.DSAPublicKey", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1294,7 +1245,7 @@ int gnutls_x509_ext_export_inhibit_anypolicy(unsigned int skipcerts, ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; @@ -1315,15 +1266,15 @@ int gnutls_x509_ext_export_inhibit_anypolicy(unsigned int skipcerts, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_private_key_usage_period(const gnutls_datum_t * ext, - time_t * activation, - time_t * expiration) +int gnutls_x509_ext_import_private_key_usage_period(const gnutls_datum_t *ext, + time_t *activation, + time_t *expiration) { int result, ret; asn1_node c2 = NULL; - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.PrivateKeyUsagePeriod", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.PrivateKeyUsagePeriod", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); @@ -1345,7 +1296,7 @@ int gnutls_x509_ext_import_private_key_usage_period(const gnutls_datum_t * ext, ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; @@ -1370,14 +1321,13 @@ int gnutls_x509_ext_import_private_key_usage_period(const gnutls_datum_t * ext, **/ int gnutls_x509_ext_export_private_key_usage_period(time_t activation, time_t expiration, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { int result; asn1_node c2 = NULL; - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.PrivateKeyUsagePeriod", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.PrivateKeyUsagePeriod", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1401,11 +1351,10 @@ int gnutls_x509_ext_export_private_key_usage_period(time_t activation, goto cleanup; } - cleanup: +cleanup: asn1_delete_structure(&c2); return result; - } /** @@ -1422,16 +1371,16 @@ int gnutls_x509_ext_export_private_key_usage_period(time_t activation, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_basic_constraints(const gnutls_datum_t * ext, +int gnutls_x509_ext_import_basic_constraints(const gnutls_datum_t *ext, unsigned int *ca, int *pathlen) { asn1_node c2 = NULL; char str[128] = ""; int len, result; - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.BasicConstraints", - &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.BasicConstraints", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -1445,8 +1394,7 @@ int gnutls_x509_ext_import_basic_constraints(const gnutls_datum_t * ext, if (pathlen) { result = _gnutls_x509_read_uint(c2, "pathLenConstraint", - (unsigned int *) - pathlen); + (unsigned int *)pathlen); if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) *pathlen = -1; else if (result != GNUTLS_E_SUCCESS) { @@ -1466,11 +1414,10 @@ int gnutls_x509_ext_import_basic_constraints(const gnutls_datum_t * ext, *ca = 0; result = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return result; - } /** @@ -1491,7 +1438,7 @@ int gnutls_x509_ext_import_basic_constraints(const gnutls_datum_t * ext, * Since: 3.3.0 **/ int gnutls_x509_ext_export_basic_constraints(unsigned int ca, int pathlen, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { asn1_node c2 = NULL; const char *str; @@ -1502,9 +1449,8 @@ int gnutls_x509_ext_export_basic_constraints(unsigned int ca, int pathlen, else str = "TRUE"; - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.BasicConstraints", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.BasicConstraints", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1523,8 +1469,8 @@ int gnutls_x509_ext_export_basic_constraints(unsigned int ca, int pathlen, if (result < 0) result = _gnutls_asn2err(result); } else - result = - _gnutls_x509_write_uint32(c2, "pathLenConstraint", pathlen); + result = _gnutls_x509_write_uint32(c2, "pathLenConstraint", + pathlen); if (result < 0) { gnutls_assert(); goto cleanup; @@ -1538,10 +1484,9 @@ int gnutls_x509_ext_export_basic_constraints(unsigned int ca, int pathlen, result = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return result; - } /** @@ -1563,7 +1508,7 @@ int gnutls_x509_ext_export_basic_constraints(unsigned int ca, int pathlen, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, +int gnutls_x509_ext_import_proxy(const gnutls_datum_t *ext, int *pathlen, char **policyLanguage, char **policy, size_t *sizeof_policy) { @@ -1572,9 +1517,9 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, gnutls_datum_t value1 = { NULL, 0 }; gnutls_datum_t value2 = { NULL, 0 }; - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.ProxyCertInfo", - &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.ProxyCertInfo", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -1588,8 +1533,7 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, if (pathlen) { result = _gnutls_x509_read_uint(c2, "pCPathLenConstraint", - (unsigned int *) - pathlen); + (unsigned int *)pathlen); if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) *pathlen = -1; else if (result != GNUTLS_E_SUCCESS) { @@ -1630,7 +1574,7 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, } result = 0; - cleanup: +cleanup: gnutls_free(value1.data); gnutls_free(value2.data); asn1_delete_structure(&c2); @@ -1658,13 +1602,13 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, **/ int gnutls_x509_ext_export_proxy(int pathLenConstraint, const char *policyLanguage, const char *policy, - size_t sizeof_policy, gnutls_datum_t * ext) + size_t sizeof_policy, gnutls_datum_t *ext) { asn1_node c2 = NULL; int result; - result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.ProxyCertInfo", &c2); + result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.ProxyCertInfo", + &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -1678,9 +1622,8 @@ int gnutls_x509_ext_export_proxy(int pathLenConstraint, goto cleanup; } } else { - result = - _gnutls_x509_write_uint32(c2, "pCPathLenConstraint", - pathLenConstraint); + result = _gnutls_x509_write_uint32(c2, "pCPathLenConstraint", + pathLenConstraint); if (result < 0) { gnutls_assert(); @@ -1696,8 +1639,8 @@ int gnutls_x509_ext_export_proxy(int pathLenConstraint, goto cleanup; } - result = asn1_write_value(c2, "proxyPolicy.policy", - policy, sizeof_policy); + result = asn1_write_value(c2, "proxyPolicy.policy", policy, + sizeof_policy); if (result < 0) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -1711,14 +1654,13 @@ int gnutls_x509_ext_export_proxy(int pathLenConstraint, } result = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return result; - } static int decode_user_notice(const void *data, size_t size, - gnutls_datum_t * txt) + gnutls_datum_t *txt) { asn1_node c2 = NULL; int ret, len; @@ -1748,10 +1690,10 @@ static int decode_user_notice(const void *data, size_t size, goto cleanup; } - if (strcmp(choice_type, "utf8String") != 0 - && strcmp(choice_type, "ia5String") != 0 - && strcmp(choice_type, "bmpString") != 0 - && strcmp(choice_type, "visibleString") != 0) { + if (strcmp(choice_type, "utf8String") != 0 && + strcmp(choice_type, "ia5String") != 0 && + strcmp(choice_type, "bmpString") != 0 && + strcmp(choice_type, "visibleString") != 0) { gnutls_assert(); ret = GNUTLS_E_PARSING_ERROR; goto cleanup; @@ -1765,7 +1707,7 @@ static int decode_user_notice(const void *data, size_t size, goto cleanup; } - if (strcmp(choice_type, "bmpString") == 0) { /* convert to UTF-8 */ + if (strcmp(choice_type, "bmpString") == 0) { /* convert to UTF-8 */ ret = _gnutls_ucs2_to_utf8(td.data, td.size, &utd, 1); _gnutls_free_datum(&td); if (ret < 0) { @@ -1784,10 +1726,9 @@ static int decode_user_notice(const void *data, size_t size, txt->size = td.size; ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; - } struct gnutls_x509_policies_st { @@ -1805,7 +1746,7 @@ struct gnutls_x509_policies_st { * * Since: 3.3.0 **/ -int gnutls_x509_policies_init(gnutls_x509_policies_t * policies) +int gnutls_x509_policies_init(gnutls_x509_policies_t *policies) { *policies = gnutls_calloc(1, sizeof(struct gnutls_x509_policies_st)); if (*policies == NULL) @@ -1849,8 +1790,7 @@ void gnutls_x509_policies_deinit(gnutls_x509_policies_t policies) * * Since: 3.3.0 **/ -int gnutls_x509_policies_get(gnutls_x509_policies_t policies, - unsigned int seq, +int gnutls_x509_policies_get(gnutls_x509_policies_t policies, unsigned int seq, struct gnutls_x509_policy_st *policy) { if (seq >= policies->size) @@ -1900,18 +1840,18 @@ int gnutls_x509_policies_set(gnutls_x509_policies_t policies, for (i = 0; i < policy->qualifiers; i++) { policies->policy[policies->size].qualifier[i].type = - policy->qualifier[i].type; + policy->qualifier[i].type; policies->policy[policies->size].qualifier[i].size = - policy->qualifier[i].size; + policy->qualifier[i].size; policies->policy[policies->size].qualifier[i].data = - gnutls_malloc(policy->qualifier[i].size + 1); + gnutls_malloc(policy->qualifier[i].size + 1); if (policies->policy[policies->size].qualifier[i].data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); memcpy(policies->policy[policies->size].qualifier[i].data, policy->qualifier[i].data, policy->qualifier[i].size); - policies->policy[policies->size].qualifier[i].data[policy-> - qualifier[i]. - size] = 0; + policies->policy[policies->size] + .qualifier[i] + .data[policy->qualifier[i].size] = 0; } policies->policy[policies->size].qualifiers = policy->qualifiers; @@ -1933,7 +1873,7 @@ int gnutls_x509_policies_set(gnutls_x509_policies_t policies, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext, +int gnutls_x509_ext_import_policies(const gnutls_datum_t *ext, gnutls_x509_policies_t policies, unsigned int flags) { @@ -1944,8 +1884,8 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext, int ret, len; unsigned i, j, current = 0; - ret = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.certificatePolicies", &c2); + ret = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.certificatePolicies", &c2); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -1994,7 +1934,7 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext, ret = asn1_read_value(c2, tmpstr, tmpoid, &len); if (ret == ASN1_ELEMENT_NOT_FOUND) - break; /* finished */ + break; /* finished */ if (ret != ASN1_SUCCESS) { gnutls_assert(); @@ -2007,21 +1947,20 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext, "?%u.policyQualifiers.?%u.qualifier", j + 1, i + 1); - ret = - _gnutls_x509_read_string(c2, tmpstr, &td, - ASN1_ETYPE_IA5_STRING, - 0); + ret = _gnutls_x509_read_string( + c2, tmpstr, &td, ASN1_ETYPE_IA5_STRING, + 0); if (ret < 0) { gnutls_assert(); goto full_cleanup; } policies->policy[j].qualifier[i].data = - (void *)td.data; + (void *)td.data; policies->policy[j].qualifier[i].size = td.size; td.data = NULL; policies->policy[j].qualifier[i].type = - GNUTLS_X509_QUALIFIER_URI; + GNUTLS_X509_QUALIFIER_URI; } else if (strcmp(tmpoid, "1.3.6.1.5.5.7.2.2") == 0) { gnutls_datum_t txt = { NULL, 0 }; @@ -2035,8 +1974,8 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext, goto full_cleanup; } - ret = - decode_user_notice(td.data, td.size, &txt); + ret = decode_user_notice(td.data, td.size, + &txt); gnutls_free(td.data); if (ret < 0) { @@ -2045,18 +1984,17 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext, } policies->policy[j].qualifier[i].data = - (void *)txt.data; + (void *)txt.data; policies->policy[j].qualifier[i].size = - txt.size; + txt.size; policies->policy[j].qualifier[i].type = - GNUTLS_X509_QUALIFIER_NOTICE; + GNUTLS_X509_QUALIFIER_NOTICE; } else policies->policy[j].qualifier[i].type = - GNUTLS_X509_QUALIFIER_UNKNOWN; + GNUTLS_X509_QUALIFIER_UNKNOWN; policies->policy[j].qualifiers++; } - } policies->size = j; @@ -2064,26 +2002,25 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext, ret = 0; goto cleanup; - full_cleanup: +full_cleanup: for (j = 0; j < current; j++) gnutls_x509_policy_release(&policies->policy[j]); - cleanup: +cleanup: _gnutls_free_datum(&tmpd); asn1_delete_structure(&c2); return ret; - } -static int encode_user_notice(const gnutls_datum_t * txt, - gnutls_datum_t * der_data) +static int encode_user_notice(const gnutls_datum_t *txt, + gnutls_datum_t *der_data) { int result; asn1_node c2 = NULL; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.UserNotice", &c2)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.UserNotice", &c2)) != + ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto error; @@ -2104,9 +2041,8 @@ static int encode_user_notice(const gnutls_datum_t * txt, goto error; } - result = - asn1_write_value(c2, "explicitText.utf8String", txt->data, - txt->size); + result = asn1_write_value(c2, "explicitText.utf8String", txt->data, + txt->size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -2121,10 +2057,9 @@ static int encode_user_notice(const gnutls_datum_t * txt, result = 0; - error: +error: asn1_delete_structure(&c2); return result; - } /** @@ -2142,7 +2077,7 @@ static int encode_user_notice(const gnutls_datum_t * txt, * Since: 3.3.0 **/ int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { int result; unsigned i, j; @@ -2150,9 +2085,8 @@ int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies, asn1_node c2 = NULL; const char *oid; - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.certificatePolicies", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.certificatePolicies", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -2170,9 +2104,8 @@ int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies, /* 2. Add the OID. */ - result = - asn1_write_value(c2, "?LAST.policyIdentifier", - policies->policy[j].oid, 1); + result = asn1_write_value(c2, "?LAST.policyIdentifier", + policies->policy[j].oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -2181,9 +2114,8 @@ int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies, if (policies->policy[j].qualifiers == 0) { /* remove the optional policyQualifiers if none are present. */ - result = - asn1_write_value(c2, "?LAST.policyQualifiers", NULL, - 0); + result = asn1_write_value(c2, "?LAST.policyQualifiers", + NULL, 0); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -2191,12 +2123,11 @@ int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies, } } - for (i = 0; - i < MIN(policies->policy[j].qualifiers, - GNUTLS_MAX_QUALIFIERS); i++) { - result = - asn1_write_value(c2, "?LAST.policyQualifiers", - "NEW", 1); + for (i = 0; i < MIN(policies->policy[j].qualifiers, + GNUTLS_MAX_QUALIFIERS); + i++) { + result = asn1_write_value(c2, "?LAST.policyQualifiers", + "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -2210,15 +2141,15 @@ int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies, GNUTLS_X509_QUALIFIER_NOTICE) oid = "1.3.6.1.5.5.7.2.2"; else { - result = - gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + result = gnutls_assert_val( + GNUTLS_E_INVALID_REQUEST); goto cleanup; } - result = - asn1_write_value(c2, - "?LAST.policyQualifiers.?LAST.policyQualifierId", - oid, 1); + result = asn1_write_value( + c2, + "?LAST.policyQualifiers.?LAST.policyQualifierId", + oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -2227,27 +2158,26 @@ int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies, if (policies->policy[j].qualifier[i].type == GNUTLS_X509_QUALIFIER_URI) { - tmpd.data = - (void *)policies->policy[j].qualifier[i]. - data; + tmpd.data = (void *)policies->policy[j] + .qualifier[i] + .data; tmpd.size = - policies->policy[j].qualifier[i].size; - result = - _gnutls_x509_write_string(c2, - "?LAST.policyQualifiers.?LAST.qualifier", - &tmpd, - ASN1_ETYPE_IA5_STRING); + policies->policy[j].qualifier[i].size; + result = _gnutls_x509_write_string( + c2, + "?LAST.policyQualifiers.?LAST.qualifier", + &tmpd, ASN1_ETYPE_IA5_STRING); if (result < 0) { gnutls_assert(); goto cleanup; } } else if (policies->policy[j].qualifier[i].type == GNUTLS_X509_QUALIFIER_NOTICE) { - tmpd.data = - (void *)policies->policy[j].qualifier[i]. - data; + tmpd.data = (void *)policies->policy[j] + .qualifier[i] + .data; tmpd.size = - policies->policy[j].qualifier[i].size; + policies->policy[j].qualifier[i].size; if (tmpd.size > 200) { gnutls_assert(); @@ -2261,10 +2191,10 @@ int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies, goto cleanup; } - result = - _gnutls_x509_write_value(c2, - "?LAST.policyQualifiers.?LAST.qualifier", - &der_data); + result = _gnutls_x509_write_value( + c2, + "?LAST.policyQualifiers.?LAST.qualifier", + &der_data); _gnutls_free_datum(&der_data); if (result < 0) { gnutls_assert(); @@ -2280,7 +2210,7 @@ int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies, goto cleanup; } - cleanup: +cleanup: asn1_delete_structure(&c2); return result; @@ -2307,7 +2237,7 @@ struct gnutls_x509_crl_dist_points_st { * * Since: 3.3.0 **/ -int gnutls_x509_crl_dist_points_init(gnutls_x509_crl_dist_points_t * cdp) +int gnutls_x509_crl_dist_points_init(gnutls_x509_crl_dist_points_t *cdp) { *cdp = gnutls_calloc(1, sizeof(struct gnutls_x509_crl_dist_points_st)); if (*cdp == NULL) @@ -2352,7 +2282,7 @@ void gnutls_x509_crl_dist_points_deinit(gnutls_x509_crl_dist_points_t cdp) int gnutls_x509_crl_dist_points_get(gnutls_x509_crl_dist_points_t cdp, unsigned int seq, unsigned int *type, - gnutls_datum_t * san, unsigned int *reasons) + gnutls_datum_t *san, unsigned int *reasons) { if (seq >= cdp->size) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); @@ -2371,10 +2301,9 @@ int gnutls_x509_crl_dist_points_get(gnutls_x509_crl_dist_points_t cdp, return 0; } -static -int crl_dist_points_set(gnutls_x509_crl_dist_points_t cdp, - gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * san, unsigned int reasons) +static int crl_dist_points_set(gnutls_x509_crl_dist_points_t cdp, + gnutls_x509_subject_alt_name_t type, + const gnutls_datum_t *san, unsigned int reasons) { void *tmp; @@ -2397,7 +2326,6 @@ int crl_dist_points_set(gnutls_x509_crl_dist_points_t cdp, cdp->size++; return 0; - } /** @@ -2416,7 +2344,7 @@ int crl_dist_points_set(gnutls_x509_crl_dist_points_t cdp, **/ int gnutls_x509_crl_dist_points_set(gnutls_x509_crl_dist_points_t cdp, gnutls_x509_subject_alt_name_t type, - const gnutls_datum_t * san, + const gnutls_datum_t *san, unsigned int reasons) { int ret; @@ -2448,7 +2376,7 @@ int gnutls_x509_crl_dist_points_set(gnutls_x509_crl_dist_points_t cdp, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, +int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t *ext, gnutls_x509_crl_dist_points_t cdp, unsigned int flags) { @@ -2460,8 +2388,8 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, unsigned i, type, rflags, j; gnutls_datum_t san = { NULL, 0 }; - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.CRLDistributionPoints", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.CRLDistributionPoints", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -2494,24 +2422,23 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, break; } - if (result == ASN1_VALUE_NOT_FOUND - || result == ASN1_ELEMENT_NOT_FOUND) + if (result == ASN1_VALUE_NOT_FOUND || + result == ASN1_ELEMENT_NOT_FOUND) rflags = 0; else rflags = reasons[0] | (reasons[1] << 8); - snprintf(name, sizeof(name), - "?%u.distributionPoint.fullName", (unsigned)i + 1); + snprintf(name, sizeof(name), "?%u.distributionPoint.fullName", + (unsigned)i + 1); for (j = 0;; j++) { san.data = NULL; san.size = 0; - ret = - _gnutls_parse_general_name2(c2, name, j, &san, - &type, 0); - if (j > 0 - && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + ret = _gnutls_parse_general_name2(c2, name, j, &san, + &type, 0); + if (j > 0 && + ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { ret = 0; break; } @@ -2521,7 +2448,7 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, ret = crl_dist_points_set(cdp, type, &san, rflags); if (ret < 0) break; - san.data = NULL; /* it is now in cdp */ + san.data = NULL; /* it is now in cdp */ } i++; @@ -2534,7 +2461,7 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, } ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; } @@ -2554,16 +2481,15 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext, * Since: 3.3.0 **/ int gnutls_x509_ext_export_crl_dist_points(gnutls_x509_crl_dist_points_t cdp, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { asn1_node c2 = NULL; int result; uint8_t reasons[2]; unsigned i; - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.CRLDistributionPoints", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.CRLDistributionPoints", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -2571,9 +2497,8 @@ int gnutls_x509_ext_export_crl_dist_points(gnutls_x509_crl_dist_points_t cdp, } for (i = 0; i < cdp->size; i++) { - - if (i == 0 - || cdp->points[i].reasons != cdp->points[i - 1].reasons) { + if (i == 0 || + cdp->points[i].reasons != cdp->points[i - 1].reasons) { result = asn1_write_value(c2, "", "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -2585,13 +2510,11 @@ int gnutls_x509_ext_export_crl_dist_points(gnutls_x509_crl_dist_points_t cdp, reasons[0] = cdp->points[i].reasons & 0xff; reasons[1] = cdp->points[i].reasons >> 8; - result = - asn1_write_value(c2, "?LAST.reasons", - reasons, 2); + result = asn1_write_value(c2, "?LAST.reasons", + reasons, 2); } else { - result = - asn1_write_value(c2, "?LAST.reasons", NULL, - 0); + result = asn1_write_value(c2, "?LAST.reasons", + NULL, 0); } if (result != ASN1_SUCCESS) { @@ -2600,8 +2523,8 @@ int gnutls_x509_ext_export_crl_dist_points(gnutls_x509_crl_dist_points_t cdp, goto cleanup; } - result = - asn1_write_value(c2, "?LAST.cRLIssuer", NULL, 0); + result = asn1_write_value(c2, "?LAST.cRLIssuer", NULL, + 0); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -2609,9 +2532,8 @@ int gnutls_x509_ext_export_crl_dist_points(gnutls_x509_crl_dist_points_t cdp, } /* When used as type CHOICE. */ - result = - asn1_write_value(c2, "?LAST.distributionPoint", - "fullName", 1); + result = asn1_write_value(c2, "?LAST.distributionPoint", + "fullName", 1); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -2619,12 +2541,10 @@ int gnutls_x509_ext_export_crl_dist_points(gnutls_x509_crl_dist_points_t cdp, } } - result = - _gnutls_write_new_general_name(c2, - "?LAST.distributionPoint.fullName", - cdp->points[i].type, - cdp->points[i].san.data, - cdp->points[i].san.size); + result = _gnutls_write_new_general_name( + c2, "?LAST.distributionPoint.fullName", + cdp->points[i].type, cdp->points[i].san.data, + cdp->points[i].san.size); if (result < 0) { gnutls_assert(); goto cleanup; @@ -2639,11 +2559,10 @@ int gnutls_x509_ext_export_crl_dist_points(gnutls_x509_crl_dist_points_t cdp, result = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return result; - } struct gnutls_x509_aia_st { @@ -2665,7 +2584,7 @@ struct gnutls_x509_aia_st { * * Since: 3.3.0 **/ -int gnutls_x509_aia_init(gnutls_x509_aia_t * aia) +int gnutls_x509_aia_init(gnutls_x509_aia_t *aia) { *aia = gnutls_calloc(1, sizeof(struct gnutls_x509_aia_st)); if (*aia == NULL) @@ -2716,8 +2635,8 @@ void gnutls_x509_aia_deinit(gnutls_x509_aia_t aia) * Since: 3.3.0 **/ int gnutls_x509_aia_get(gnutls_x509_aia_t aia, unsigned int seq, - gnutls_datum_t * oid, - unsigned *san_type, gnutls_datum_t * san) + gnutls_datum_t *oid, unsigned *san_type, + gnutls_datum_t *san) { if (seq >= aia->size) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); @@ -2737,8 +2656,8 @@ int gnutls_x509_aia_get(gnutls_x509_aia_t aia, unsigned int seq, return 0; } -int _gnutls_alt_name_process(gnutls_datum_t * out, unsigned type, - const gnutls_datum_t * san, unsigned raw) +int _gnutls_alt_name_process(gnutls_datum_t *out, unsigned type, + const gnutls_datum_t *san, unsigned raw) { int ret; if (type == GNUTLS_SAN_DNSNAME && !raw) { @@ -2754,8 +2673,8 @@ int _gnutls_alt_name_process(gnutls_datum_t * out, unsigned type, } else if (type == GNUTLS_SAN_URI && !raw) { if (!_gnutls_str_is_print((char *)san->data, san->size)) { _gnutls_debug_log("non-ASCII URIs are not supported\n"); - return - gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + return gnutls_assert_val( + GNUTLS_E_UNIMPLEMENTED_FEATURE); } else { ret = _gnutls_set_strdatum(out, san->data, san->size); if (ret < 0) @@ -2791,9 +2710,8 @@ int _gnutls_alt_name_process(gnutls_datum_t * out, unsigned type, * * Since: 3.3.0 **/ -int gnutls_x509_aia_set(gnutls_x509_aia_t aia, - const char *oid, - unsigned san_type, const gnutls_datum_t * san) +int gnutls_x509_aia_set(gnutls_x509_aia_t aia, const char *oid, + unsigned san_type, const gnutls_datum_t *san) { int ret; void *tmp; @@ -2803,8 +2721,8 @@ int gnutls_x509_aia_set(gnutls_x509_aia_t aia, return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); } - tmp = - _gnutls_reallocarray(aia->aia, aia->size + 1, sizeof(aia->aia[0])); + tmp = _gnutls_reallocarray(aia->aia, aia->size + 1, + sizeof(aia->aia[0])); if (tmp == NULL) { return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); } @@ -2843,8 +2761,8 @@ static int parse_aia(asn1_node c2, gnutls_x509_aia_t aia) len = sizeof(tmpoid); result = asn1_read_value(c2, nptr, tmpoid, &len); - if (result == ASN1_VALUE_NOT_FOUND - || result == ASN1_ELEMENT_NOT_FOUND) { + if (result == ASN1_VALUE_NOT_FOUND || + result == ASN1_ELEMENT_NOT_FOUND) { ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; break; } @@ -2867,10 +2785,9 @@ static int parse_aia(asn1_node c2, gnutls_x509_aia_t aia) snprintf(nptr, sizeof(nptr), "?%u.accessLocation", i); - ret = - _gnutls_parse_general_name2(c2, nptr, -1, - &aia->aia[indx].san, - &aia->aia[indx].san_type, 0); + ret = _gnutls_parse_general_name2(c2, nptr, -1, + &aia->aia[indx].san, + &aia->aia[indx].san_type, 0); if (ret < 0) break; @@ -2909,8 +2826,8 @@ static int parse_aia(asn1_node c2, gnutls_x509_aia_t aia) * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_aia(const gnutls_datum_t * ext, - gnutls_x509_aia_t aia, unsigned int flags) +int gnutls_x509_ext_import_aia(const gnutls_datum_t *ext, gnutls_x509_aia_t aia, + unsigned int flags) { int ret; asn1_node c2 = NULL; @@ -2939,11 +2856,10 @@ int gnutls_x509_ext_import_aia(const gnutls_datum_t * ext, gnutls_assert(); } - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; - } /** @@ -2960,7 +2876,7 @@ int gnutls_x509_ext_import_aia(const gnutls_datum_t * ext, * * Since: 3.3.0 **/ -int gnutls_x509_ext_export_aia(gnutls_x509_aia_t aia, gnutls_datum_t * ext) +int gnutls_x509_ext_export_aia(gnutls_x509_aia_t aia, gnutls_datum_t *ext) { int ret, result; asn1_node c2 = NULL; @@ -2985,21 +2901,18 @@ int gnutls_x509_ext_export_aia(gnutls_x509_aia_t aia, gnutls_datum_t * ext) /* 2. Add the OID. */ - result = - asn1_write_value(c2, "?LAST.accessMethod", - aia->aia[i].oid.data, 1); + result = asn1_write_value(c2, "?LAST.accessMethod", + aia->aia[i].oid.data, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } - ret = - _gnutls_write_general_name(c2, - "?LAST.accessLocation", - aia->aia[i].san_type, - aia->aia[i].san.data, - aia->aia[i].san.size); + ret = _gnutls_write_general_name(c2, "?LAST.accessLocation", + aia->aia[i].san_type, + aia->aia[i].san.data, + aia->aia[i].san.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -3012,7 +2925,7 @@ int gnutls_x509_ext_export_aia(gnutls_x509_aia_t aia, gnutls_datum_t * ext) goto cleanup; } - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; @@ -3033,7 +2946,7 @@ struct gnutls_x509_key_purposes_st { * * Since: 3.3.0 **/ -int gnutls_x509_key_purpose_init(gnutls_x509_key_purposes_t * p) +int gnutls_x509_key_purpose_init(gnutls_x509_key_purposes_t *p) { *p = gnutls_calloc(1, sizeof(struct gnutls_x509_key_purposes_st)); if (*p == NULL) { @@ -3109,7 +3022,7 @@ int gnutls_x509_key_purpose_set(gnutls_x509_key_purposes_t p, const char *oid) * Since: 3.3.0 **/ int gnutls_x509_key_purpose_get(gnutls_x509_key_purposes_t p, unsigned idx, - gnutls_datum_t * oid) + gnutls_datum_t *oid) { if (idx >= p->size) return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); @@ -3134,7 +3047,7 @@ int gnutls_x509_key_purpose_get(gnutls_x509_key_purposes_t p, unsigned idx, * * Since: 3.3.0 **/ -int gnutls_x509_ext_import_key_purposes(const gnutls_datum_t * ext, +int gnutls_x509_ext_import_key_purposes(const gnutls_datum_t *ext, gnutls_x509_key_purposes_t p, unsigned int flags) { @@ -3144,8 +3057,8 @@ int gnutls_x509_ext_import_key_purposes(const gnutls_datum_t * ext, gnutls_datum_t oid = { NULL, 0 }; unsigned i; - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.ExtKeyUsageSyntax", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -3186,12 +3099,11 @@ int gnutls_x509_ext_import_key_purposes(const gnutls_datum_t * ext, } ret = 0; - cleanup: +cleanup: gnutls_free(oid.data); asn1_delete_structure(&c2); return ret; - } /** @@ -3208,14 +3120,14 @@ int gnutls_x509_ext_import_key_purposes(const gnutls_datum_t * ext, * Since: 3.3.0 **/ int gnutls_x509_ext_export_key_purposes(gnutls_x509_key_purposes_t p, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { int result, ret; asn1_node c2 = NULL; unsigned i; - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2); + result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.ExtKeyUsageSyntax", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -3251,7 +3163,7 @@ int gnutls_x509_ext_export_key_purposes(gnutls_x509_key_purposes_t p, ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; } @@ -3264,14 +3176,13 @@ int gnutls_x509_ext_export_key_purposes(gnutls_x509_key_purposes_t p, * * Since: 3.3.8 **/ -void gnutls_x509_ext_deinit(gnutls_x509_ext_st * ext) +void gnutls_x509_ext_deinit(gnutls_x509_ext_st *ext) { gnutls_free(ext->oid); gnutls_free(ext->data.data); } -int _gnutls_x509_decode_ext(const gnutls_datum_t * der, - gnutls_x509_ext_st * out) +int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out) { asn1_node c2 = NULL; char str_critical[10]; @@ -3282,7 +3193,7 @@ int _gnutls_x509_decode_ext(const gnutls_datum_t * der, /* decode der */ result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extension", &c2); + asn1_create_element(_gnutls_get_pkix(), "PKIX1.Extension", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -3317,8 +3228,8 @@ int _gnutls_x509_decode_ext(const gnutls_datum_t * der, out->critical = 0; ret = _gnutls_x509_read_value(c2, "extnValue", &out->data); - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - || ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE || + ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { out->data.data = NULL; out->data.size = 0; } else if (ret < 0) { @@ -3334,12 +3245,11 @@ int _gnutls_x509_decode_ext(const gnutls_datum_t * der, ret = 0; goto cleanup; - fail: +fail: memset(out, 0, sizeof(*out)); - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; - } /* flags can be zero or GNUTLS_EXT_FLAG_APPEND @@ -3361,8 +3271,8 @@ static int parse_tlsfeatures(asn1_node c2, gnutls_x509_tlsfeatures_t f, result = _gnutls_x509_read_uint(c2, nptr, &feature); - if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND - || result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) { + if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND || + result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) { break; } else if (result != GNUTLS_E_SUCCESS) { gnutls_assert(); @@ -3417,7 +3327,7 @@ static int parse_tlsfeatures(asn1_node c2, gnutls_x509_tlsfeatures_t f, * * Since: 3.5.1 **/ -int gnutls_x509_ext_import_tlsfeatures(const gnutls_datum_t * ext, +int gnutls_x509_ext_import_tlsfeatures(const gnutls_datum_t *ext, gnutls_x509_tlsfeatures_t f, unsigned int flags) { @@ -3447,7 +3357,7 @@ int gnutls_x509_ext_import_tlsfeatures(const gnutls_datum_t * ext, gnutls_assert(); } - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; @@ -3467,7 +3377,7 @@ int gnutls_x509_ext_import_tlsfeatures(const gnutls_datum_t * ext, * Since: 3.5.1 **/ int gnutls_x509_ext_export_tlsfeatures(gnutls_x509_tlsfeatures_t f, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { if (f == NULL) { gnutls_assert(); @@ -3485,7 +3395,6 @@ int gnutls_x509_ext_export_tlsfeatures(gnutls_x509_tlsfeatures_t f, } for (i = 0; i < f->size; ++i) { - ret = asn1_write_value(c2, "", "NEW", 1); if (ret != ASN1_SUCCESS) { gnutls_assert(); @@ -3508,7 +3417,7 @@ int gnutls_x509_ext_export_tlsfeatures(gnutls_x509_tlsfeatures_t f, ret = 0; - cleanup: +cleanup: asn1_delete_structure(&c2); return ret; } @@ -3575,7 +3484,7 @@ static void _gnutls_free_scts(struct gnutls_x509_ct_scts_st *scts) * * Returns: %GNUTLS_E_SUCCESS (0) on success, otherwise a negative error value. **/ -int gnutls_x509_ext_ct_scts_init(gnutls_x509_ct_scts_t * scts) +int gnutls_x509_ext_ct_scts_init(gnutls_x509_ct_scts_t *scts) { *scts = gnutls_calloc(1, sizeof(struct gnutls_x509_ct_scts_st)); if (*scts == NULL) @@ -3601,57 +3510,31 @@ struct sct_sign_algorithm_st { }; static const struct sct_sign_algorithm_st algos[] = { + { .codepoint = { 0x01, 0x01 }, .sign_algo = GNUTLS_SIGN_RSA_MD5 }, + { .codepoint = { 0x02, 0x01 }, .sign_algo = GNUTLS_SIGN_RSA_SHA1 }, + { .codepoint = { 0x03, 0x01 }, .sign_algo = GNUTLS_SIGN_RSA_SHA224 }, + { .codepoint = { 0x04, 0x01 }, .sign_algo = GNUTLS_SIGN_RSA_SHA256 }, + { .codepoint = { 0x05, 0x01 }, .sign_algo = GNUTLS_SIGN_RSA_SHA384 }, { - .codepoint = {0x01, 0x01}, - .sign_algo = GNUTLS_SIGN_RSA_MD5}, - { - .codepoint = {0x02, 0x01}, - .sign_algo = GNUTLS_SIGN_RSA_SHA1}, - { - .codepoint = {0x03, 0x01}, - .sign_algo = GNUTLS_SIGN_RSA_SHA224}, - { - .codepoint = {0x04, 0x01}, - .sign_algo = GNUTLS_SIGN_RSA_SHA256}, - { - .codepoint = {0x05, 0x01}, - .sign_algo = GNUTLS_SIGN_RSA_SHA384}, - { - .codepoint = {0x06, 0x01}, - .sign_algo = GNUTLS_SIGN_RSA_SHA512, - }, - { - .codepoint = {0x02, 0x02}, - .sign_algo = GNUTLS_SIGN_DSA_SHA1}, - { - .codepoint = {0x03, 0x02}, - .sign_algo = GNUTLS_SIGN_DSA_SHA224}, + .codepoint = { 0x06, 0x01 }, + .sign_algo = GNUTLS_SIGN_RSA_SHA512, + }, + { .codepoint = { 0x02, 0x02 }, .sign_algo = GNUTLS_SIGN_DSA_SHA1 }, + { .codepoint = { 0x03, 0x02 }, .sign_algo = GNUTLS_SIGN_DSA_SHA224 }, + { .codepoint = { 0x04, 0x02 }, .sign_algo = GNUTLS_SIGN_DSA_SHA256 }, + { .codepoint = { 0x05, 0x02 }, .sign_algo = GNUTLS_SIGN_DSA_SHA384 }, { - .codepoint = {0x04, 0x02}, - .sign_algo = GNUTLS_SIGN_DSA_SHA256}, + .codepoint = { 0x06, 0x02 }, + .sign_algo = GNUTLS_SIGN_DSA_SHA512, + }, + { .codepoint = { 0x02, 0x03 }, .sign_algo = GNUTLS_SIGN_ECDSA_SHA1 }, + { .codepoint = { 0x03, 0x03 }, .sign_algo = GNUTLS_SIGN_ECDSA_SHA224 }, + { .codepoint = { 0x04, 0x03 }, .sign_algo = GNUTLS_SIGN_ECDSA_SHA256 }, + { .codepoint = { 0x05, 0x03 }, .sign_algo = GNUTLS_SIGN_ECDSA_SHA384 }, { - .codepoint = {0x05, 0x02}, - .sign_algo = GNUTLS_SIGN_DSA_SHA384}, - { - .codepoint = {0x06, 0x02}, - .sign_algo = GNUTLS_SIGN_DSA_SHA512, - }, - { - .codepoint = {0x02, 0x03}, - .sign_algo = GNUTLS_SIGN_ECDSA_SHA1}, - { - .codepoint = {0x03, 0x03}, - .sign_algo = GNUTLS_SIGN_ECDSA_SHA224}, - { - .codepoint = {0x04, 0x03}, - .sign_algo = GNUTLS_SIGN_ECDSA_SHA256}, - { - .codepoint = {0x05, 0x03}, - .sign_algo = GNUTLS_SIGN_ECDSA_SHA384}, - { - .codepoint = {0x06, 0x03}, - .sign_algo = GNUTLS_SIGN_ECDSA_SHA512, - } + .codepoint = { 0x06, 0x03 }, + .sign_algo = GNUTLS_SIGN_ECDSA_SHA512, + } }; static gnutls_sign_algorithm_t get_sigalg(uint8_t hash_algo, uint8_t sig_algo) @@ -3664,8 +3547,8 @@ static gnutls_sign_algorithm_t get_sigalg(uint8_t hash_algo, uint8_t sig_algo) for (i = 0; i < num_algos; i++) { algo = &algos[i]; - if (algo->codepoint[0] == hash_algo - && algo->codepoint[1] == sig_algo) + if (algo->codepoint[0] == hash_algo && + algo->codepoint[1] == sig_algo) break; } @@ -3694,7 +3577,7 @@ static int write_sigalg(gnutls_sign_algorithm_t sigalg, uint8_t out[]) return 0; } -static int _gnutls_parse_ct_sct(uint8_t * ptr, uint16_t length, +static int _gnutls_parse_ct_sct(uint8_t *ptr, uint16_t length, struct ct_sct_st *sct) { uint16_t sig_length; @@ -3718,7 +3601,7 @@ static int _gnutls_parse_ct_sct(uint8_t * ptr, uint16_t length, /* Timestamp */ DECR_LENGTH_RET(length, sizeof(uint64_t), GNUTLS_E_PREMATURE_TERMINATION); - sct->timestamp = (uint64_t) _gnutls_read_uint64(ptr); + sct->timestamp = (uint64_t)_gnutls_read_uint64(ptr); ptr += sizeof(uint64_t); /* @@ -3743,8 +3626,8 @@ static int _gnutls_parse_ct_sct(uint8_t * ptr, uint16_t length, sct->sigalg = get_sigalg(hash_algo, sig_algo); if (sct->sigalg == GNUTLS_SIGN_UNKNOWN) - return - gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + return gnutls_assert_val( + GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); /* Signature, length and content */ DECR_LENGTH_RET(length, sizeof(uint16_t), @@ -3766,13 +3649,13 @@ static int _gnutls_parse_ct_sct(uint8_t * ptr, uint16_t length, return 0; } -static int _gnutls_ct_sct_add(struct ct_sct_st *sct, - struct ct_sct_st **scts, size_t *size) +static int _gnutls_ct_sct_add(struct ct_sct_st *sct, struct ct_sct_st **scts, + size_t *size) { struct ct_sct_st *new_scts; - new_scts = - _gnutls_reallocarray(*scts, *size + 1, sizeof(struct ct_sct_st)); + new_scts = _gnutls_reallocarray(*scts, *size + 1, + sizeof(struct ct_sct_st)); if (new_scts == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); @@ -3783,7 +3666,7 @@ static int _gnutls_ct_sct_add(struct ct_sct_st *sct, return 0; } -static int _gnutls_export_ct_v1_sct(gnutls_buffer_st * buf, +static int _gnutls_export_ct_v1_sct(gnutls_buffer_st *buf, const struct ct_sct_st *sct) { int ret; @@ -3798,27 +3681,23 @@ static int _gnutls_export_ct_v1_sct(gnutls_buffer_st * buf, return gnutls_assert_val(ret); /* Version */ - if ((ret = _gnutls_buffer_append_data(buf, - &sct->version, + if ((ret = _gnutls_buffer_append_data(buf, &sct->version, sizeof(uint8_t))) < 0) return gnutls_assert_val(ret); /* Log ID - has a fixed 32-byte size in version 1 */ - if ((ret = _gnutls_buffer_append_data(buf, - sct->logid, + if ((ret = _gnutls_buffer_append_data(buf, sct->logid, SCT_V1_LOGID_SIZE)) < 0) return gnutls_assert_val(ret); /* Timestamp */ _gnutls_write_uint64(sct->timestamp, tstamp_out); - if ((ret = _gnutls_buffer_append_data(buf, - tstamp_out, + if ((ret = _gnutls_buffer_append_data(buf, tstamp_out, sizeof(tstamp_out))) < 0) return gnutls_assert_val(ret); /* Extensions */ - if ((ret = _gnutls_buffer_append_data(buf, - extensions, + if ((ret = _gnutls_buffer_append_data(buf, extensions, sizeof(extensions))) < 0) return gnutls_assert_val(ret); @@ -3830,9 +3709,8 @@ static int _gnutls_export_ct_v1_sct(gnutls_buffer_st * buf, return gnutls_assert_val(ret); /* Signature */ - if ((ret = _gnutls_buffer_append_data_prefix(buf, 16, - sct->signature.data, - sct->signature.size)) < 0) + if ((ret = _gnutls_buffer_append_data_prefix( + buf, 16, sct->signature.data, sct->signature.size)) < 0) return gnutls_assert_val(ret); /* Fill the length */ @@ -3857,7 +3735,7 @@ static int _gnutls_export_ct_v1_sct(gnutls_buffer_st * buf, * * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error value. **/ -int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t * ext, +int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t *ext, gnutls_x509_ct_scts_t scts, unsigned int flags) { @@ -3870,9 +3748,8 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t * ext, if (flags != 0) return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); - retval = - _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, - ext->data, ext->size, &scts_content, 0); + retval = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, ext->data, + ext->size, &scts_content, 0); if (retval < 0) return gnutls_assert_val(retval); @@ -3935,7 +3812,7 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t * ext, * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error value. **/ int gnutls_x509_ext_ct_export_scts(const gnutls_x509_ct_scts_t scts, - gnutls_datum_t * ext) + gnutls_datum_t *ext) { int ret; gnutls_buffer_st buf; @@ -3947,7 +3824,8 @@ int gnutls_x509_ext_ct_export_scts(const gnutls_x509_ct_scts_t scts, _gnutls_buffer_append_prefix(&buf, 16, 0); for (size_t i = 0; i < scts->size; i++) { - if ((ret = _gnutls_export_ct_v1_sct(&buf, &scts->scts[i])) < 0) { + if ((ret = _gnutls_export_ct_v1_sct(&buf, &scts->scts[i])) < + 0) { gnutls_assert(); goto cleanup; } @@ -3957,8 +3835,8 @@ int gnutls_x509_ext_ct_export_scts(const gnutls_x509_ct_scts_t scts, _gnutls_write_uint16(buf.length - 2, buf.data); /* DER-encode the whole thing as an opaque OCTET STRING, as the spec mandates */ - ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING, - buf.data, buf.length, ext); + ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING, buf.data, + buf.length, ext); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -3966,7 +3844,7 @@ int gnutls_x509_ext_ct_export_scts(const gnutls_x509_ct_scts_t scts, ret = GNUTLS_E_SUCCESS; - cleanup: +cleanup: _gnutls_buffer_clear(&buf); return ret; } @@ -4027,10 +3905,9 @@ int gnutls_x509_ct_sct_get_version(gnutls_x509_ct_scts_t scts, unsigned idx, * or a negative error value. **/ int gnutls_x509_ct_sct_get(const gnutls_x509_ct_scts_t scts, unsigned idx, - time_t * timestamp, - gnutls_datum_t * logid, - gnutls_sign_algorithm_t * sigalg, - gnutls_datum_t * signature) + time_t *timestamp, gnutls_datum_t *logid, + gnutls_sign_algorithm_t *sigalg, + gnutls_datum_t *signature) { int retval = 0; struct ct_sct_st *sct; @@ -4043,16 +3920,15 @@ int gnutls_x509_ct_sct_get(const gnutls_x509_ct_scts_t scts, unsigned idx, return GNUTLS_E_INVALID_REQUEST; if (signature) { - retval = _gnutls_set_datum(signature, - sct->signature.data, + retval = _gnutls_set_datum(signature, sct->signature.data, sct->signature.size); if (retval < 0) return retval; } if (logid) { - retval = _gnutls_set_datum(logid, - sct->logid, SCT_V1_LOGID_SIZE); + retval = + _gnutls_set_datum(logid, sct->logid, SCT_V1_LOGID_SIZE); if (retval < 0) { _gnutls_free_datum(signature); return retval; diff --git a/lib/x509/x509_ext_int.h b/lib/x509/x509_ext_int.h index 23df542d7e..558d619565 100644 --- a/lib/x509/x509_ext_int.h +++ b/lib/x509/x509_ext_int.h @@ -20,16 +20,16 @@ */ #ifndef GNUTLS_LIB_X509_X509_EXT_INT_H -# define GNUTLS_LIB_X509_X509_EXT_INT_H +#define GNUTLS_LIB_X509_X509_EXT_INT_H -# include "gnutls_int.h" +#include "gnutls_int.h" struct name_st { unsigned int type; gnutls_datum_t san; gnutls_datum_t othername_oid; }; -int _gnutls_alt_name_process(gnutls_datum_t * out, unsigned type, - const gnutls_datum_t * san, unsigned raw); +int _gnutls_alt_name_process(gnutls_datum_t *out, unsigned type, + const gnutls_datum_t *san, unsigned raw); -#endif /* GNUTLS_LIB_X509_X509_EXT_INT_H */ +#endif /* GNUTLS_LIB_X509_X509_EXT_INT_H */ diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index cf2044d58d..204531f768 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -22,42 +22,42 @@ */ #ifndef GNUTLS_LIB_X509_X509_INT_H -# define GNUTLS_LIB_X509_X509_INT_H - -# include <gnutls/x509.h> -# include <gnutls/x509-ext.h> -# include <gnutls/abstract.h> - -# include <libtasn1.h> - -# define MAX_CRQ_EXTENSIONS_SIZE 8*1024 -# define MAX_OID_SIZE 128 -# define MAX_KEY_ID_SIZE 128 -# define MAX_SALT_SIZE 256 -# define MAX_NAME_SIZE (3*ASN1_MAX_NAME_SIZE) - -# define HASH_OID_SHA1 "1.3.14.3.2.26" -# define HASH_OID_MD5 "1.2.840.113549.2.5" -# define HASH_OID_MD2 "1.2.840.113549.2.2" -# define HASH_OID_RMD160 "1.3.36.3.2.1" -# define HASH_OID_SHA224 "2.16.840.1.101.3.4.2.4" -# define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1" -# define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2" -# define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" -# define HASH_OID_SHA3_224 "2.16.840.1.101.3.4.2.7" -# define HASH_OID_SHA3_256 "2.16.840.1.101.3.4.2.8" -# define HASH_OID_SHA3_384 "2.16.840.1.101.3.4.2.9" -# define HASH_OID_SHA3_512 "2.16.840.1.101.3.4.2.10" -# define HASH_OID_SHAKE_128 "2.16.840.1.101.3.4.2.11" -# define HASH_OID_SHAKE_256 "2.16.840.1.101.3.4.2.12" -# define HASH_OID_GOST_R_3411_94 "1.2.643.2.2.9" -# define HASH_OID_STREEBOG_256 "1.2.643.7.1.1.2.2" -# define HASH_OID_STREEBOG_512 "1.2.643.7.1.1.2.3" - -# define HASH_OID_GOST_R_3411_94_CRYPTOPRO_PARAMS "1.2.643.2.2.30.1" +#define GNUTLS_LIB_X509_X509_INT_H + +#include <gnutls/x509.h> +#include <gnutls/x509-ext.h> +#include <gnutls/abstract.h> + +#include <libtasn1.h> + +#define MAX_CRQ_EXTENSIONS_SIZE 8 * 1024 +#define MAX_OID_SIZE 128 +#define MAX_KEY_ID_SIZE 128 +#define MAX_SALT_SIZE 256 +#define MAX_NAME_SIZE (3 * ASN1_MAX_NAME_SIZE) + +#define HASH_OID_SHA1 "1.3.14.3.2.26" +#define HASH_OID_MD5 "1.2.840.113549.2.5" +#define HASH_OID_MD2 "1.2.840.113549.2.2" +#define HASH_OID_RMD160 "1.3.36.3.2.1" +#define HASH_OID_SHA224 "2.16.840.1.101.3.4.2.4" +#define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1" +#define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2" +#define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" +#define HASH_OID_SHA3_224 "2.16.840.1.101.3.4.2.7" +#define HASH_OID_SHA3_256 "2.16.840.1.101.3.4.2.8" +#define HASH_OID_SHA3_384 "2.16.840.1.101.3.4.2.9" +#define HASH_OID_SHA3_512 "2.16.840.1.101.3.4.2.10" +#define HASH_OID_SHAKE_128 "2.16.840.1.101.3.4.2.11" +#define HASH_OID_SHAKE_256 "2.16.840.1.101.3.4.2.12" +#define HASH_OID_GOST_R_3411_94 "1.2.643.2.2.9" +#define HASH_OID_STREEBOG_256 "1.2.643.7.1.1.2.2" +#define HASH_OID_STREEBOG_512 "1.2.643.7.1.1.2.3" + +#define HASH_OID_GOST_R_3411_94_CRYPTOPRO_PARAMS "1.2.643.2.2.30.1" /* from rfc8479 */ -# define OID_ATTR_PROV_SEED "1.3.6.1.4.1.2312.18.8.1" +#define OID_ATTR_PROV_SEED "1.3.6.1.4.1.2312.18.8.1" struct gnutls_x509_crl_iter { /* This is used to optimize reads by gnutls_x509_crl_iter_crt_serial() */ @@ -85,8 +85,8 @@ typedef struct gnutls_x509_dn_st { typedef struct gnutls_x509_crt_int { asn1_node cert; int use_extensions; - unsigned expanded; /* a certificate has been expanded */ - unsigned modified; /* the cached values below may no longer be valid */ + unsigned expanded; /* a certificate has been expanded */ + unsigned modified; /* the cached values below may no longer be valid */ unsigned flags; struct pin_info_st pin; @@ -109,7 +109,7 @@ typedef struct gnutls_x509_crt_int { gnutls_x509_dn_st idn; } gnutls_x509_crt_int; -# define MODIFIED(crt) crt->modified=1 +#define MODIFIED(crt) crt->modified = 1 typedef struct gnutls_x509_crq_int { asn1_node crq; @@ -154,272 +154,253 @@ typedef struct gnutls_x509_privkey_int { int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src); -int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, - const gnutls_datum_t * dn2); +int _gnutls_x509_compare_raw_dn(const gnutls_datum_t *dn1, + const gnutls_datum_t *dn2); int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src); int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, - gnutls_datum_t * dn); + gnutls_datum_t *dn); /* sign.c */ int _gnutls_x509_get_tbs(asn1_node cert, const char *tbs_name, - gnutls_datum_t * tbs); + gnutls_datum_t *tbs); int _gnutls_x509_pkix_sign(asn1_node src, const char *src_name, - gnutls_digest_algorithm_t, - unsigned int flags, + gnutls_digest_algorithm_t, unsigned int flags, gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key); int _gnutls_x509_crt_get_spki_params(gnutls_x509_crt_t issuer, - const gnutls_x509_spki_st * key_params, - gnutls_x509_spki_st * params); + const gnutls_x509_spki_st *key_params, + gnutls_x509_spki_st *params); -# define map_errs_to_zero(x) ((x)<0?0:(x)) +#define map_errs_to_zero(x) ((x) < 0 ? 0 : (x)) /* dn.c */ -# define OID_X520_COUNTRY_NAME "2.5.4.6" -# define OID_X520_ORGANIZATION_NAME "2.5.4.10" -# define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" -# define OID_X520_COMMON_NAME "2.5.4.3" -# define OID_X520_LOCALITY_NAME "2.5.4.7" -# define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8" -# define OID_LDAP_DC "0.9.2342.19200300.100.1.25" -# define OID_LDAP_UID "0.9.2342.19200300.100.1.1" -# define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" - -int _gnutls_x509_parse_dn(asn1_node asn1_struct, - const char *asn1_rdn_name, char *buf, - size_t *sizeof_buf, unsigned flags); - -int -_gnutls_x509_get_dn(asn1_node asn1_struct, - const char *asn1_rdn_name, gnutls_datum_t * dn, - unsigned flags); - -int -_gnutls_x509_parse_dn_oid(asn1_node asn1_struct, - const char *asn1_rdn_name, - const char *given_oid, int indx, - unsigned int raw_flag, gnutls_datum_t * out); - -int _gnutls_x509_set_dn_oid(asn1_node asn1_struct, - const char *asn1_rdn_name, const char *oid, - int raw_flag, const char *name, int sizeof_name); - -int _gnutls_x509_get_dn_oid(asn1_node asn1_struct, - const char *asn1_rdn_name, +#define OID_X520_COUNTRY_NAME "2.5.4.6" +#define OID_X520_ORGANIZATION_NAME "2.5.4.10" +#define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" +#define OID_X520_COMMON_NAME "2.5.4.3" +#define OID_X520_LOCALITY_NAME "2.5.4.7" +#define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8" +#define OID_LDAP_DC "0.9.2342.19200300.100.1.25" +#define OID_LDAP_UID "0.9.2342.19200300.100.1.1" +#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" + +int _gnutls_x509_parse_dn(asn1_node asn1_struct, const char *asn1_rdn_name, + char *buf, size_t *sizeof_buf, unsigned flags); + +int _gnutls_x509_get_dn(asn1_node asn1_struct, const char *asn1_rdn_name, + gnutls_datum_t *dn, unsigned flags); + +int _gnutls_x509_parse_dn_oid(asn1_node asn1_struct, const char *asn1_rdn_name, + const char *given_oid, int indx, + unsigned int raw_flag, gnutls_datum_t *out); + +int _gnutls_x509_set_dn_oid(asn1_node asn1_struct, const char *asn1_rdn_name, + const char *oid, int raw_flag, const char *name, + int sizeof_name); + +int _gnutls_x509_get_dn_oid(asn1_node asn1_struct, const char *asn1_rdn_name, int indx, void *_oid, size_t *sizeof_oid); int _gnutls_encode_othername_data(unsigned flags, const void *data, - unsigned data_size, gnutls_datum_t * output); + unsigned data_size, gnutls_datum_t *output); -int _gnutls_parse_general_name(asn1_node src, const char *src_name, - int seq, void *name, size_t *name_size, +int _gnutls_parse_general_name(asn1_node src, const char *src_name, int seq, + void *name, size_t *name_size, unsigned int *ret_type, int othername_oid); -int -_gnutls_parse_general_name2(asn1_node src, const char *src_name, - int seq, gnutls_datum_t * dname, - unsigned int *ret_type, int othername_oid); +int _gnutls_parse_general_name2(asn1_node src, const char *src_name, int seq, + gnutls_datum_t *dname, unsigned int *ret_type, + int othername_oid); -int -_gnutls_write_new_general_name(asn1_node ext, const char *ext_name, - gnutls_x509_subject_alt_name_t type, - const void *data, unsigned int data_size); +int _gnutls_write_new_general_name(asn1_node ext, const char *ext_name, + gnutls_x509_subject_alt_name_t type, + const void *data, unsigned int data_size); -int -_gnutls_write_new_othername(asn1_node ext, const char *ext_name, - const char *oid, - const void *data, unsigned int data_size); +int _gnutls_write_new_othername(asn1_node ext, const char *ext_name, + const char *oid, const void *data, + unsigned int data_size); /* dsa.c */ /* verify.c */ int gnutls_x509_crt_is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer); -int -_gnutls_x509_verify_algorithm(gnutls_digest_algorithm_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_algorithm_t pk, - gnutls_pk_params_st * issuer_params); +int _gnutls_x509_verify_algorithm(gnutls_digest_algorithm_t *hash, + const gnutls_datum_t *signature, + gnutls_pk_algorithm_t pk, + gnutls_pk_params_st *issuer_params); /* privkey.h */ void _gnutls_x509_privkey_reinit(gnutls_x509_privkey_t key); -asn1_node _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * - raw_key, +asn1_node _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t *raw_key, gnutls_x509_privkey_t pkey); -int _gnutls_privkey_decode_ecc_key(asn1_node * pkey_asn, const gnutls_datum_t * - raw_key, +int _gnutls_privkey_decode_ecc_key(asn1_node *pkey_asn, + const gnutls_datum_t *raw_key, gnutls_x509_privkey_t pkey, gnutls_ecc_curve_t curve); -int _gnutls_privkey_decode_eddsa_key(asn1_node * pkey_asn, - const gnutls_datum_t * raw_key, +int _gnutls_privkey_decode_eddsa_key(asn1_node *pkey_asn, + const gnutls_datum_t *raw_key, gnutls_x509_privkey_t pkey, gnutls_ecc_curve_t curve); -int -_gnutls_x509_read_ecc_params(uint8_t * der, int dersize, unsigned int *curve); +int _gnutls_x509_read_ecc_params(uint8_t *der, int dersize, + unsigned int *curve); -int -_gnutls_x509_read_gost_params(uint8_t * der, int dersize, - gnutls_pk_params_st * params, - gnutls_pk_algorithm_t algo); +int _gnutls_x509_read_gost_params(uint8_t *der, int dersize, + gnutls_pk_params_st *params, + gnutls_pk_algorithm_t algo); -int _gnutls_asn1_encode_privkey(asn1_node * c2, gnutls_pk_params_st * params); +int _gnutls_asn1_encode_privkey(asn1_node *c2, gnutls_pk_params_st *params); void _gnutls_x509_privkey_get_spki_params(gnutls_x509_privkey_t key, - gnutls_x509_spki_st * params); + gnutls_x509_spki_st *params); -int _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, - gnutls_x509_spki_st * params); -int _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st * params, - gnutls_datum_t * der); +int _gnutls_x509_read_rsa_pss_params(uint8_t *der, int dersize, + gnutls_x509_spki_st *params); +int _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st *params, + gnutls_datum_t *der); /* extensions.c */ -int _gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, - int indx, void *oid, size_t *sizeof_oid); +int _gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, int indx, + void *oid, size_t *sizeof_oid); -int _gnutls_x509_crl_set_extension(gnutls_x509_crl_t crl, - const char *ext_id, - const gnutls_datum_t * ext_data, +int _gnutls_x509_crl_set_extension(gnutls_x509_crl_t crl, const char *ext_id, + const gnutls_datum_t *ext_data, unsigned int critical); -int -_gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl, - const char *extension_id, int indx, - gnutls_datum_t * data, unsigned int *critical); +int _gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl, + const char *extension_id, int indx, + gnutls_datum_t *data, + unsigned int *critical); -int -_gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert, - const char *extension_id, int indx, - gnutls_datum_t * data, unsigned int *critical); +int _gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert, + const char *extension_id, int indx, + gnutls_datum_t *data, + unsigned int *critical); -int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, - int indx, void *ret, size_t *ret_size); +int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, int indx, + void *ret, size_t *ret_size); int _gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert, const char *extension_id, - const gnutls_datum_t * ext_data, + const gnutls_datum_t *ext_data, unsigned int critical); -int -_gnutls_x509_ext_extract_number(uint8_t * number, - size_t *nr_size, - uint8_t * extnValue, int extnValueLen); -int -_gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size, - gnutls_datum_t * der_ext); - -int -_gnutls_write_general_name(asn1_node ext, const char *ext_name, - gnutls_x509_subject_alt_name_t type, - const void *data, unsigned int data_size); - -int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t - type, +int _gnutls_x509_ext_extract_number(uint8_t *number, size_t *nr_size, + uint8_t *extnValue, int extnValueLen); +int _gnutls_x509_ext_gen_number(const uint8_t *number, size_t nr_size, + gnutls_datum_t *der_ext); + +int _gnutls_write_general_name(asn1_node ext, const char *ext_name, + gnutls_x509_subject_alt_name_t type, + const void *data, unsigned int data_size); + +int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t type, const char *othername_oid, const void *data, unsigned int data_size, - const gnutls_datum_t * prev_der_ext, - gnutls_datum_t * der_ext); + const gnutls_datum_t *prev_der_ext, + gnutls_datum_t *der_ext); int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, - gnutls_datum_t * der_data); + gnutls_datum_t *der_data); /* mpi.c */ int _gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert, gnutls_pk_params_st *); int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert, - gnutls_pk_params_st * params); + gnutls_pk_params_st *params); -int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t, uint8_t * der, - int dersize, gnutls_pk_params_st * params); -int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st * params); +int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t, uint8_t *der, + int dersize, gnutls_pk_params_st *params); +int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st *params); -int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t, uint8_t * der, - int dersize, gnutls_pk_params_st * params); +int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t, uint8_t *der, int dersize, + gnutls_pk_params_st *params); int _gnutls_x509_read_pubkey_signature_params(gnutls_pk_algorithm_t algo, - uint8_t * der, int dersize, - gnutls_pk_params_st * params); + uint8_t *der, int dersize, + gnutls_pk_params_st *params); int _gnutls_x509_write_ecc_params(const gnutls_ecc_curve_t curve, - gnutls_datum_t * der); -int _gnutls_x509_write_ecc_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der); + gnutls_datum_t *der); +int _gnutls_x509_write_ecc_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der); -int _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der); +int _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der); -int -_gnutls_x509_write_pubkey_params(const gnutls_pk_params_st * params, - gnutls_datum_t * der); -int _gnutls_x509_write_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der); +int _gnutls_x509_write_pubkey_params(const gnutls_pk_params_st *params, + gnutls_datum_t *der); +int _gnutls_x509_write_pubkey(const gnutls_pk_params_st *params, + gnutls_datum_t *der); int _gnutls_x509_read_uint(asn1_node node, const char *value, unsigned int *ret); -int _gnutls_x509_read_der_int(uint8_t * der, int dersize, bigint_t * out); -int _gnutls_x509_read_der_uint(uint8_t * der, int dersize, unsigned int *out); +int _gnutls_x509_read_der_int(uint8_t *der, int dersize, bigint_t *out); +int _gnutls_x509_read_der_uint(uint8_t *der, int dersize, unsigned int *out); -int _gnutls_x509_read_int(asn1_node node, const char *value, - bigint_t * ret_mpi); +int _gnutls_x509_read_int(asn1_node node, const char *value, bigint_t *ret_mpi); int _gnutls_x509_write_int(asn1_node node, const char *value, bigint_t mpi, int lz); int _gnutls_x509_write_uint32(asn1_node node, const char *value, uint32_t num); int _gnutls_x509_read_key_int(asn1_node node, const char *value, - bigint_t * ret_mpi); + bigint_t *ret_mpi); int _gnutls_x509_write_key_int(asn1_node node, const char *value, bigint_t mpi, int lz); int _gnutls_x509_read_key_int_le(asn1_node node, const char *value, - bigint_t * ret_mpi); + bigint_t *ret_mpi); int _gnutls_x509_write_key_int_le(asn1_node node, const char *value, bigint_t mpi); int _gnutls_x509_read_pkalgo_params(asn1_node src, const char *src_name, - gnutls_x509_spki_st * params, + gnutls_x509_spki_st *params, unsigned is_sig); int _gnutls_x509_write_sign_params(asn1_node dst, const char *dst_name, - const gnutls_sign_entry_st * se, - gnutls_x509_spki_st * params); + const gnutls_sign_entry_st *se, + gnutls_x509_spki_st *params); -# define _gnutls_x509_read_sign_params(src,name,params) _gnutls_x509_read_pkalgo_params(src,name,params,1) -# define _gnutls_x509_read_spki_params(src,name,params) _gnutls_x509_read_pkalgo_params(src,name,params,0) +#define _gnutls_x509_read_sign_params(src, name, params) \ + _gnutls_x509_read_pkalgo_params(src, name, params, 1) +#define _gnutls_x509_read_spki_params(src, name, params) \ + _gnutls_x509_read_pkalgo_params(src, name, params, 0) int _gnutls_x509_write_spki_params(asn1_node dst, const char *dst_name, - gnutls_x509_spki_st * params); + gnutls_x509_spki_st *params); -inline static int -_gnutls_x509_crt_read_spki_params(gnutls_x509_crt_t crt, - gnutls_x509_spki_st * params) +inline static int _gnutls_x509_crt_read_spki_params(gnutls_x509_crt_t crt, + gnutls_x509_spki_st *params) { return _gnutls_x509_read_spki_params(crt->cert, "tbsCertificate." "subjectPublicKeyInfo." - "algorithm", params); + "algorithm", + params); } -inline static int -_gnutls_x509_crq_read_spki_params(gnutls_x509_crq_t crt, - gnutls_x509_spki_st * params) +inline static int _gnutls_x509_crq_read_spki_params(gnutls_x509_crq_t crt, + gnutls_x509_spki_st *params) { return _gnutls_x509_read_spki_params(crt->crq, "certificationRequestInfo." "subjectPKInfo." - "algorithm", params); + "algorithm", + params); } /* pkcs12.h */ -# include <gnutls/pkcs12.h> +#include <gnutls/pkcs12.h> typedef struct gnutls_pkcs12_int { asn1_node pkcs12; unsigned expanded; } gnutls_pkcs12_int; -# define MAX_BAG_ELEMENTS 32 +#define MAX_BAG_ELEMENTS 32 struct bag_element { gnutls_datum_t data; @@ -433,84 +414,71 @@ typedef struct gnutls_pkcs12_bag_int { unsigned bag_elements; } gnutls_pkcs12_bag_int; -# define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1" -# define BAG_PKCS8_ENCRYPTED_KEY "1.2.840.113549.1.12.10.1.2" -# define BAG_CERTIFICATE "1.2.840.113549.1.12.10.1.3" -# define BAG_CRL "1.2.840.113549.1.12.10.1.4" -# define BAG_SECRET "1.2.840.113549.1.12.10.1.5" +#define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1" +#define BAG_PKCS8_ENCRYPTED_KEY "1.2.840.113549.1.12.10.1.2" +#define BAG_CERTIFICATE "1.2.840.113549.1.12.10.1.3" +#define BAG_CRL "1.2.840.113549.1.12.10.1.4" +#define BAG_SECRET "1.2.840.113549.1.12.10.1.5" /* Bag attributes */ -# define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20" -# define KEY_ID_OID "1.2.840.113549.1.9.21" +#define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20" +#define KEY_ID_OID "1.2.840.113549.1.9.21" -int -_gnutls_pkcs12_string_to_key(const mac_entry_st * me, - unsigned int id, const uint8_t * salt, - unsigned int salt_size, unsigned int iter, - const char *pw, unsigned int req_keylen, - uint8_t * keybuf); +int _gnutls_pkcs12_string_to_key(const mac_entry_st *me, unsigned int id, + const uint8_t *salt, unsigned int salt_size, + unsigned int iter, const char *pw, + unsigned int req_keylen, uint8_t *keybuf); -int _pkcs12_decode_safe_contents(const gnutls_datum_t * content, +int _pkcs12_decode_safe_contents(const gnutls_datum_t *content, gnutls_pkcs12_bag_t bag); -int -_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, asn1_node * content, - int *enc); +int _pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, asn1_node *content, + int *enc); int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * in, gnutls_datum_t * out); + const gnutls_datum_t *in, gnutls_datum_t *out); int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * raw, gnutls_datum_t * out); + const gnutls_datum_t *raw, gnutls_datum_t *out); /* crq */ -int _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq, - const char *ext_id, - const gnutls_datum_t * ext_data, +int _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq, const char *ext_id, + const gnutls_datum_t *ext_data, unsigned int critical); -int -gnutls_x509_crt_verify_data3(gnutls_x509_crt_t crt, - gnutls_sign_algorithm_t algo, - gnutls_typed_vdata_st * vdata, - unsigned int vdata_size, - const gnutls_datum_t * data, - const gnutls_datum_t * signature, - unsigned int flags); +int gnutls_x509_crt_verify_data3(gnutls_x509_crt_t crt, + gnutls_sign_algorithm_t algo, + gnutls_typed_vdata_st *vdata, + unsigned int vdata_size, + const gnutls_datum_t *data, + const gnutls_datum_t *signature, + unsigned int flags); int _gnutls_trust_list_get_issuer(gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert, - gnutls_x509_crt_t * issuer, + gnutls_x509_crt_t *issuer, unsigned int flags); -unsigned int -_gnutls_verify_crt_status(gnutls_x509_trust_list_t tlist, - const gnutls_x509_crt_t * certificate_list, - int clist_size, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size, - unsigned int flags, - const char *purpose, - gnutls_verify_output_function func); - -# ifdef ENABLE_PKCS11 -unsigned int -_gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, - const char *url, - const gnutls_x509_crt_t * certificate_list, - unsigned clist_size, - const char *purpose, - unsigned int flags, - gnutls_verify_output_function func); -# endif +unsigned int _gnutls_verify_crt_status( + gnutls_x509_trust_list_t tlist, + const gnutls_x509_crt_t *certificate_list, int clist_size, + const gnutls_x509_crt_t *trusted_cas, int tcas_size, unsigned int flags, + const char *purpose, gnutls_verify_output_function func); + +#ifdef ENABLE_PKCS11 +unsigned int _gnutls_pkcs11_verify_crt_status( + gnutls_x509_trust_list_t tlist, const char *url, + const gnutls_x509_crt_t *certificate_list, unsigned clist_size, + const char *purpose, unsigned int flags, + gnutls_verify_output_function func); +#endif int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert); -int -_gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, - int crl_list_length, - gnutls_verify_output_function func); +int _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, + const gnutls_x509_crl_t *crl_list, + int crl_list_length, + gnutls_verify_output_function func); typedef struct gnutls_name_constraints_st { struct name_constraints_node_st *permitted; @@ -524,8 +492,8 @@ typedef struct name_constraints_node_st { } name_constraints_node_st; int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr, - name_constraints_node_st ** _nc); -void _gnutls_name_constraints_node_free(name_constraints_node_st * node); + name_constraints_node_st **_nc); +void _gnutls_name_constraints_node_free(name_constraints_node_st *node); int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc, gnutls_x509_name_constraints_t nc2); @@ -537,7 +505,7 @@ struct gnutls_x509_tlsfeatures_st { unsigned int size; }; -unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st * se, +unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned int flags); -#endif /* GNUTLS_LIB_X509_X509_INT_H */ +#endif /* GNUTLS_LIB_X509_X509_INT_H */ diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index 786b683016..76ebb9eed3 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -60,10 +60,9 @@ static void disable_optional_stuff(gnutls_x509_crt_t cert); * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, const char *oid, - unsigned int raw_flag, const void *name, - unsigned int sizeof_name) +int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, const char *oid, + unsigned int raw_flag, const void *name, + unsigned int sizeof_name) { if (sizeof_name == 0 || name == NULL || crt == NULL) { return GNUTLS_E_INVALID_REQUEST; @@ -71,8 +70,8 @@ gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, const char *oid, MODIFIED(crt); - return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.subject", - oid, raw_flag, name, sizeof_name); + return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.subject", oid, + raw_flag, name, sizeof_name); } /** @@ -100,11 +99,10 @@ gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, const char *oid, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, unsigned int sizeof_name) +int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name) { if (sizeof_name == 0 || name == NULL || crt == NULL) { return GNUTLS_E_INVALID_REQUEST; @@ -112,8 +110,8 @@ gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, MODIFIED(crt); - return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.issuer", - oid, raw_flag, name, sizeof_name); + return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.issuer", oid, + raw_flag, name, sizeof_name); } /** @@ -133,11 +131,9 @@ gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt, - gnutls_x509_crt_t eecrt, - unsigned int raw_flag, const void *name, - unsigned int sizeof_name) +int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt, + unsigned int raw_flag, const void *name, + unsigned int sizeof_name) { int result; @@ -197,7 +193,7 @@ int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, unsigned int version) null--; result = - asn1_write_value(crt->cert, "tbsCertificate.version", &null, 1); + asn1_write_value(crt->cert, "tbsCertificate.version", &null, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -232,9 +228,8 @@ int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, gnutls_x509_privkey_t key) MODIFIED(crt); - result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert, - "tbsCertificate.subjectPublicKeyInfo", - &key->params); + result = _gnutls_x509_encode_and_copy_PKI_params( + crt->cert, "tbsCertificate.subjectPublicKeyInfo", &key->params); if (result < 0) { gnutls_assert(); @@ -274,17 +269,16 @@ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq) if (result < 0) return gnutls_assert_val(result); - result = asn1_copy_node(crt->cert, "tbsCertificate.subject", - crq->crq, "certificationRequestInfo.subject"); + result = asn1_copy_node(crt->cert, "tbsCertificate.subject", crq->crq, + "certificationRequestInfo.subject"); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - result = - asn1_copy_node(crt->cert, - "tbsCertificate.subjectPublicKeyInfo", crq->crq, - "certificationRequestInfo.subjectPKInfo"); + result = asn1_copy_node(crt->cert, + "tbsCertificate.subjectPublicKeyInfo", crq->crq, + "certificationRequestInfo.subjectPKInfo"); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -306,8 +300,8 @@ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq) * * Since: 2.8.0 **/ -int -gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq) +int gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt, + gnutls_x509_crq_t crq) { return gnutls_x509_crt_set_crq_extension_by_oid(crt, crq, NULL, 0); } @@ -327,10 +321,9 @@ gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq) * * Since: 3.5.1 **/ -int -gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt, - gnutls_x509_crq_t crq, const char *oid, - unsigned flags) +int gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt, + gnutls_x509_crq_t crq, + const char *oid, unsigned flags) { size_t i; @@ -351,9 +344,8 @@ gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt, gnutls_datum_t ext; local_oid_size = sizeof(local_oid); - result = gnutls_x509_crq_get_extension_info(crq, i, local_oid, - &local_oid_size, - &critical); + result = gnutls_x509_crq_get_extension_info( + crq, i, local_oid, &local_oid_size, &critical); if (result < 0) { if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; @@ -379,9 +371,8 @@ gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt, return GNUTLS_E_MEMORY_ERROR; } - result = - gnutls_x509_crq_get_extension_data(crq, i, extensions, - &extensions_size); + result = gnutls_x509_crq_get_extension_data(crq, i, extensions, + &extensions_size); if (result < 0) { gnutls_assert(); gnutls_free(extensions); @@ -391,9 +382,8 @@ gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt, ext.data = extensions; ext.size = extensions_size; - result = - _gnutls_x509_crt_set_extension(crt, local_oid, &ext, - critical); + result = _gnutls_x509_crt_set_extension(crt, local_oid, &ext, + critical); gnutls_free(extensions); if (result < 0) { gnutls_assert(); @@ -419,10 +409,9 @@ gnutls_x509_crt_set_crq_extension_by_oid(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, - const char *oid, const void *buf, - size_t sizeof_buf, unsigned int critical) +int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, const char *oid, + const void *buf, size_t sizeof_buf, + unsigned int critical) { int result; gnutls_datum_t der_data; @@ -442,7 +431,6 @@ gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, } return 0; - } /** @@ -458,9 +446,9 @@ gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt, - unsigned int ca, int pathLenConstraint) +int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt, + unsigned int ca, + int pathLenConstraint) { int result; gnutls_datum_t der_data; @@ -472,9 +460,8 @@ gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt, /* generate the extension. */ - result = - gnutls_x509_ext_export_basic_constraints(ca, pathLenConstraint, - &der_data); + result = gnutls_x509_ext_export_basic_constraints(ca, pathLenConstraint, + &der_data); if (result < 0) { gnutls_assert(); return result; @@ -559,9 +546,8 @@ int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, unsigned int usage) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_inhibit_anypolicy(gnutls_x509_crt_t crt, - unsigned int skipcerts) +int gnutls_x509_crt_set_inhibit_anypolicy(gnutls_x509_crt_t crt, + unsigned int skipcerts) { int ret; gnutls_datum_t der_data; @@ -608,10 +594,9 @@ gnutls_x509_crt_set_inhibit_anypolicy(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const char *data_string) +int gnutls_x509_crt_set_subject_alternative_name( + gnutls_x509_crt_t crt, gnutls_x509_subject_alt_name_t type, + const char *data_string) { if (crt == NULL) { gnutls_assert(); @@ -625,9 +610,8 @@ gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, return GNUTLS_E_INVALID_REQUEST; } - return gnutls_x509_crt_set_subject_alt_name(crt, type, data_string, - strlen(data_string), - GNUTLS_FSAN_SET); + return gnutls_x509_crt_set_subject_alt_name( + crt, type, data_string, strlen(data_string), GNUTLS_FSAN_SET); } /** @@ -652,11 +636,11 @@ gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, * * Since: 2.6.0 **/ -int -gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t type, - const void *data, - unsigned int data_size, unsigned int flags) +int gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t type, + const void *data, + unsigned int data_size, + unsigned int flags) { int result; gnutls_datum_t der_data = { NULL, 0 }; @@ -672,11 +656,10 @@ gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt, */ if (flags & GNUTLS_FSAN_APPEND) { - result = - _gnutls_x509_crt_get_extension(crt, "2.5.29.17", 0, - &prev_der_data, &critical); - if (result < 0 - && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + result = _gnutls_x509_crt_get_extension( + crt, "2.5.29.17", 0, &prev_der_data, &critical); + if (result < 0 && + result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_assert(); return result; } @@ -684,18 +667,16 @@ gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt, /* generate the extension. */ - result = - _gnutls_x509_ext_gen_subject_alt_name(type, NULL, data, data_size, - &prev_der_data, &der_data); + result = _gnutls_x509_ext_gen_subject_alt_name( + type, NULL, data, data_size, &prev_der_data, &der_data); if (result < 0) { gnutls_assert(); goto finish; } - result = - _gnutls_x509_crt_set_extension(crt, "2.5.29.17", &der_data, - critical); + result = _gnutls_x509_crt_set_extension(crt, "2.5.29.17", &der_data, + critical); _gnutls_free_datum(&der_data); @@ -706,7 +687,7 @@ gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt, result = 0; - finish: +finish: _gnutls_free_datum(&prev_der_data); return result; } @@ -730,11 +711,11 @@ gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt, * * Since: 3.3.0 **/ -int -gnutls_x509_crt_set_issuer_alt_name(gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t type, - const void *data, - unsigned int data_size, unsigned int flags) +int gnutls_x509_crt_set_issuer_alt_name(gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t type, + const void *data, + unsigned int data_size, + unsigned int flags) { int result; gnutls_datum_t der_data = { NULL, 0 }; @@ -750,11 +731,10 @@ gnutls_x509_crt_set_issuer_alt_name(gnutls_x509_crt_t crt, */ if (flags & GNUTLS_FSAN_APPEND) { - result = - _gnutls_x509_crt_get_extension(crt, "2.5.29.18", 0, - &prev_der_data, &critical); - if (result < 0 - && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + result = _gnutls_x509_crt_get_extension( + crt, "2.5.29.18", 0, &prev_der_data, &critical); + if (result < 0 && + result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_assert(); return result; } @@ -762,18 +742,16 @@ gnutls_x509_crt_set_issuer_alt_name(gnutls_x509_crt_t crt, /* generate the extension. */ - result = - _gnutls_x509_ext_gen_subject_alt_name(type, NULL, data, data_size, - &prev_der_data, &der_data); + result = _gnutls_x509_ext_gen_subject_alt_name( + type, NULL, data, data_size, &prev_der_data, &der_data); if (result < 0) { gnutls_assert(); goto finish; } - result = - _gnutls_x509_crt_set_extension(crt, "2.5.29.18", &der_data, - critical); + result = _gnutls_x509_crt_set_extension(crt, "2.5.29.18", &der_data, + critical); _gnutls_free_datum(&der_data); @@ -784,21 +762,21 @@ gnutls_x509_crt_set_issuer_alt_name(gnutls_x509_crt_t crt, result = 0; - finish: +finish: _gnutls_free_datum(&prev_der_data); return result; } int _gnutls_encode_othername_data(unsigned flags, const void *data, - unsigned data_size, gnutls_datum_t * output) + unsigned data_size, gnutls_datum_t *output) { int ret; if (flags & GNUTLS_FSAN_ENCODE_OCTET_STRING) { - ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING, - data, data_size, output); + ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING, data, + data_size, output); } else if (flags & GNUTLS_FSAN_ENCODE_UTF8_STRING) { - ret = _gnutls_x509_encode_string(ASN1_ETYPE_UTF8_STRING, - data, data_size, output); + ret = _gnutls_x509_encode_string(ASN1_ETYPE_UTF8_STRING, data, + data_size, output); } else { ret = _gnutls_set_datum(output, data, data_size); } @@ -825,12 +803,10 @@ int _gnutls_encode_othername_data(unsigned flags, const void *data, * * Since: 3.5.0 **/ -int -gnutls_x509_crt_set_subject_alt_othername(gnutls_x509_crt_t crt, - const char *oid, - const void *data, - unsigned int data_size, - unsigned int flags) +int gnutls_x509_crt_set_subject_alt_othername(gnutls_x509_crt_t crt, + const char *oid, const void *data, + unsigned int data_size, + unsigned int flags) { int result; gnutls_datum_t der_data = { NULL, 0 }; @@ -847,19 +823,17 @@ gnutls_x509_crt_set_subject_alt_othername(gnutls_x509_crt_t crt, */ if (flags & GNUTLS_FSAN_APPEND) { - result = - _gnutls_x509_crt_get_extension(crt, "2.5.29.17", 0, - &prev_der_data, &critical); - if (result < 0 - && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + result = _gnutls_x509_crt_get_extension( + crt, "2.5.29.17", 0, &prev_der_data, &critical); + if (result < 0 && + result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_assert(); return result; } } - result = - _gnutls_encode_othername_data(flags, data, data_size, - &encoded_data); + result = _gnutls_encode_othername_data(flags, data, data_size, + &encoded_data); if (result < 0) { gnutls_assert(); goto finish; @@ -867,20 +841,17 @@ gnutls_x509_crt_set_subject_alt_othername(gnutls_x509_crt_t crt, /* generate the extension. */ - result = - _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, - encoded_data.data, - encoded_data.size, - &prev_der_data, &der_data); + result = _gnutls_x509_ext_gen_subject_alt_name( + GNUTLS_SAN_OTHERNAME, oid, encoded_data.data, encoded_data.size, + &prev_der_data, &der_data); if (result < 0) { gnutls_assert(); goto finish; } - result = - _gnutls_x509_crt_set_extension(crt, "2.5.29.17", &der_data, - critical); + result = _gnutls_x509_crt_set_extension(crt, "2.5.29.17", &der_data, + critical); if (result < 0) { gnutls_assert(); @@ -889,7 +860,7 @@ gnutls_x509_crt_set_subject_alt_othername(gnutls_x509_crt_t crt, result = 0; - finish: +finish: _gnutls_free_datum(&der_data); _gnutls_free_datum(&prev_der_data); _gnutls_free_datum(&encoded_data); @@ -916,12 +887,10 @@ gnutls_x509_crt_set_subject_alt_othername(gnutls_x509_crt_t crt, * * Since: 3.5.0 **/ -int -gnutls_x509_crt_set_issuer_alt_othername(gnutls_x509_crt_t crt, - const char *oid, - const void *data, - unsigned int data_size, - unsigned int flags) +int gnutls_x509_crt_set_issuer_alt_othername(gnutls_x509_crt_t crt, + const char *oid, const void *data, + unsigned int data_size, + unsigned int flags) { int result; gnutls_datum_t der_data = { NULL, 0 }; @@ -938,19 +907,17 @@ gnutls_x509_crt_set_issuer_alt_othername(gnutls_x509_crt_t crt, */ if (flags & GNUTLS_FSAN_APPEND) { - result = - _gnutls_x509_crt_get_extension(crt, "2.5.29.18", 0, - &prev_der_data, &critical); - if (result < 0 - && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + result = _gnutls_x509_crt_get_extension( + crt, "2.5.29.18", 0, &prev_der_data, &critical); + if (result < 0 && + result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_assert(); return result; } } - result = - _gnutls_encode_othername_data(flags, data, data_size, - &encoded_data); + result = _gnutls_encode_othername_data(flags, data, data_size, + &encoded_data); if (result < 0) { gnutls_assert(); goto finish; @@ -958,19 +925,16 @@ gnutls_x509_crt_set_issuer_alt_othername(gnutls_x509_crt_t crt, /* generate the extension. */ - result = - _gnutls_x509_ext_gen_subject_alt_name(GNUTLS_SAN_OTHERNAME, oid, - encoded_data.data, - encoded_data.size, - &prev_der_data, &der_data); + result = _gnutls_x509_ext_gen_subject_alt_name( + GNUTLS_SAN_OTHERNAME, oid, encoded_data.data, encoded_data.size, + &prev_der_data, &der_data); if (result < 0) { gnutls_assert(); goto finish; } - result = - _gnutls_x509_crt_set_extension(crt, "2.5.29.18", &der_data, - critical); + result = _gnutls_x509_crt_set_extension(crt, "2.5.29.18", &der_data, + critical); if (result < 0) { gnutls_assert(); @@ -979,7 +943,7 @@ gnutls_x509_crt_set_issuer_alt_othername(gnutls_x509_crt_t crt, result = 0; - finish: +finish: _gnutls_free_datum(&der_data); _gnutls_free_datum(&prev_der_data); _gnutls_free_datum(&encoded_data); @@ -1001,11 +965,9 @@ gnutls_x509_crt_set_issuer_alt_othername(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt, - int pathLenConstraint, - const char *policyLanguage, - const char *policy, size_t sizeof_policy) +int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt, int pathLenConstraint, + const char *policyLanguage, const char *policy, + size_t sizeof_policy) { int result; gnutls_datum_t der_data; @@ -1017,8 +979,7 @@ gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt, /* generate the extension. */ - result = gnutls_x509_ext_export_proxy(pathLenConstraint, - policyLanguage, + result = gnutls_x509_ext_export_proxy(pathLenConstraint, policyLanguage, policy, sizeof_policy, &der_data); if (result < 0) { gnutls_assert(); @@ -1049,10 +1010,9 @@ gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt, - time_t activation, - time_t expiration) +int gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt, + time_t activation, + time_t expiration) { int result; gnutls_datum_t der_data; @@ -1062,9 +1022,8 @@ gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt, return GNUTLS_E_INVALID_REQUEST; } - result = gnutls_x509_ext_export_private_key_usage_period(activation, - expiration, - &der_data); + result = gnutls_x509_ext_export_private_key_usage_period( + activation, expiration, &der_data); if (result < 0) { gnutls_assert(); goto cleanup; @@ -1074,7 +1033,7 @@ gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt, _gnutls_free_datum(&der_data); - cleanup: +cleanup: return result; } @@ -1102,10 +1061,9 @@ gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, unsigned int flags) +int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, unsigned int flags) { int result; gnutls_privkey_t privkey; @@ -1137,7 +1095,7 @@ gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, result = 0; - fail: +fail: gnutls_privkey_deinit(privkey); return result; @@ -1157,9 +1115,8 @@ gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key) +int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key) { return gnutls_x509_crt_sign2(crt, issuer, issuer_key, 0, 0); } @@ -1184,9 +1141,8 @@ int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, time_t act_time) MODIFIED(cert); - return _gnutls_x509_set_time(cert->cert, - "tbsCertificate.validity.notBefore", - act_time, 0); + return _gnutls_x509_set_time( + cert->cert, "tbsCertificate.validity.notBefore", act_time, 0); } /** @@ -1210,9 +1166,8 @@ int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, time_t exp_time) MODIFIED(cert); - return _gnutls_x509_set_time(cert->cert, - "tbsCertificate.validity.notAfter", - exp_time, 0); + return _gnutls_x509_set_time( + cert->cert, "tbsCertificate.validity.notAfter", exp_time, 0); } /** @@ -1235,9 +1190,8 @@ int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, time_t exp_time) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void *serial, - size_t serial_size) +int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void *serial, + size_t serial_size) { int ret; unsigned all_zero, i; @@ -1264,16 +1218,14 @@ gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void *serial, MODIFIED(cert); - ret = - asn1_write_value(cert->cert, "tbsCertificate.serialNumber", - serial, serial_size); + ret = asn1_write_value(cert->cert, "tbsCertificate.serialNumber", + serial, serial_size); if (ret != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); } return 0; - } /** @@ -1289,9 +1241,8 @@ gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void *serial, * * Since: 3.4.7 **/ -int -gnutls_x509_crt_set_issuer_unique_id(gnutls_x509_crt_t cert, const void *id, - size_t id_size) +int gnutls_x509_crt_set_issuer_unique_id(gnutls_x509_crt_t cert, const void *id, + size_t id_size) { int ret; @@ -1302,9 +1253,8 @@ gnutls_x509_crt_set_issuer_unique_id(gnutls_x509_crt_t cert, const void *id, MODIFIED(cert); - ret = - asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", - id, id_size * 8); + ret = asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", id, + id_size * 8); if (ret != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); @@ -1326,9 +1276,8 @@ gnutls_x509_crt_set_issuer_unique_id(gnutls_x509_crt_t cert, const void *id, * * Since: 3.4.7 **/ -int -gnutls_x509_crt_set_subject_unique_id(gnutls_x509_crt_t cert, const void *id, - size_t id_size) +int gnutls_x509_crt_set_subject_unique_id(gnutls_x509_crt_t cert, + const void *id, size_t id_size) { int ret; @@ -1339,9 +1288,8 @@ gnutls_x509_crt_set_subject_unique_id(gnutls_x509_crt_t cert, const void *id, MODIFIED(cert); - ret = - asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID", - id, id_size * 8); + ret = asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID", id, + id_size * 8); if (ret != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(ret); @@ -1362,27 +1310,25 @@ static void disable_optional_stuff(gnutls_x509_crt_t cert) node = asn1_find_node(cert->cert, "tbsCertificate.issuerUniqueID"); if (node) { - if (asn1_read_node_value(node, &n) == ASN1_SUCCESS - && n.value_len != 0) + if (asn1_read_node_value(node, &n) == ASN1_SUCCESS && + n.value_len != 0) remove_issuer_unique_id = 0; } node = asn1_find_node(cert->cert, "tbsCertificate.subjectUniqueID"); if (node) { - if (asn1_read_node_value(node, &n) == ASN1_SUCCESS - && n.value_len != 0) + if (asn1_read_node_value(node, &n) == ASN1_SUCCESS && + n.value_len != 0) remove_subject_unique_id = 0; } if (remove_issuer_unique_id) - (void)asn1_write_value(cert->cert, - "tbsCertificate.issuerUniqueID", NULL, - 0); + (void)asn1_write_value( + cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0); if (remove_subject_unique_id) - (void)asn1_write_value(cert->cert, - "tbsCertificate.subjectUniqueID", NULL, - 0); + (void)asn1_write_value( + cert->cert, "tbsCertificate.subjectUniqueID", NULL, 0); if (cert->use_extensions == 0) { _gnutls_debug_log("Disabling X.509 extensions.\n"); @@ -1405,15 +1351,13 @@ static void disable_optional_stuff(gnutls_x509_crt_t cert) * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t type, - const void *data_string, - unsigned int reason_flags) +int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t type, + const void *data_string, + unsigned int reason_flags) { - return gnutls_x509_crt_set_crl_dist_points2(crt, type, data_string, - strlen(data_string), - reason_flags); + return gnutls_x509_crt_set_crl_dist_points2( + crt, type, data_string, strlen(data_string), reason_flags); } /** @@ -1431,12 +1375,11 @@ gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, * * Since: 2.6.0 **/ -int -gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t type, - const void *data, - unsigned int data_size, - unsigned int reason_flags) +int gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t type, + const void *data, + unsigned int data_size, + unsigned int reason_flags) { int ret; gnutls_datum_t der_data = { NULL, 0 }; @@ -1456,9 +1399,8 @@ gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt, /* Check if the extension already exists. */ - ret = - _gnutls_x509_crt_get_extension(crt, "2.5.29.31", 0, &old_der, - &critical); + ret = _gnutls_x509_crt_get_extension(crt, "2.5.29.31", 0, &old_der, + &critical); if (ret >= 0 && old_der.data != NULL) { ret = gnutls_x509_ext_import_crl_dist_points(&old_der, cdp, 0); @@ -1492,14 +1434,13 @@ gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt, } ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&der_data); _gnutls_free_datum(&old_der); if (cdp != NULL) gnutls_x509_crl_dist_points_deinit(cdp); return ret; - } /** @@ -1514,9 +1455,8 @@ gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, - gnutls_x509_crt_t src) +int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, + gnutls_x509_crt_t src) { int result; gnutls_datum_t der_data; @@ -1529,17 +1469,15 @@ gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, /* Check if the extension already exists. */ - result = - _gnutls_x509_crt_get_extension(src, "2.5.29.31", 0, &der_data, - &critical); + result = _gnutls_x509_crt_get_extension(src, "2.5.29.31", 0, &der_data, + &critical); if (result < 0) { gnutls_assert(); return result; } - result = - _gnutls_x509_crt_set_extension(dst, "2.5.29.31", &der_data, - critical); + result = _gnutls_x509_crt_set_extension(dst, "2.5.29.31", &der_data, + critical); _gnutls_free_datum(&der_data); if (result < 0) { @@ -1562,9 +1500,8 @@ gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, - const void *id, size_t id_size) +int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, const void *id, + size_t id_size) { int result; gnutls_datum_t old_id, der_data; @@ -1578,9 +1515,8 @@ gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, /* Check if the extension already exists. */ - result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &old_id, - &critical); + result = _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &old_id, + &critical); if (result >= 0) _gnutls_free_datum(&old_id); @@ -1601,7 +1537,7 @@ gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, } result = - _gnutls_x509_crt_set_extension(cert, "2.5.29.14", &der_data, 0); + _gnutls_x509_crt_set_extension(cert, "2.5.29.14", &der_data, 0); _gnutls_free_datum(&der_data); @@ -1625,9 +1561,8 @@ gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, - const void *id, size_t id_size) +int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, const void *id, + size_t id_size) { int result; gnutls_datum_t old_id, der_data; @@ -1640,9 +1575,8 @@ gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, /* Check if the extension already exists. */ - result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &old_id, - &critical); + result = _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &old_id, + &critical); if (result >= 0) _gnutls_free_datum(&old_id); @@ -1660,7 +1594,7 @@ gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, } result = - _gnutls_x509_crt_set_extension(cert, "2.5.29.35", &der_data, 0); + _gnutls_x509_crt_set_extension(cert, "2.5.29.35", &der_data, 0); _gnutls_free_datum(&der_data); @@ -1687,9 +1621,8 @@ gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, * otherwise a negative error code is returned. **/ -int -gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, - const void *oid, unsigned int critical) +int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, const void *oid, + unsigned int critical) { int ret; gnutls_datum_t old_id = { NULL, 0 }; @@ -1707,8 +1640,8 @@ gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, /* Check if the extension already exists. */ - ret = - _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &old_id, NULL); + ret = _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &old_id, + NULL); if (ret >= 0) { ret = gnutls_x509_ext_import_key_purposes(&old_id, p, 0); @@ -1737,14 +1670,13 @@ gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, } ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&der); _gnutls_free_datum(&old_id); if (p != NULL) gnutls_x509_key_purpose_deinit(p); return ret; - } /** @@ -1771,11 +1703,11 @@ gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ -int -gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt, - gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, unsigned int flags) +int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt, + gnutls_x509_crt_t issuer, + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags) { int result; @@ -1785,9 +1717,8 @@ gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt, } if (dig == 0) { - result = - gnutls_x509_crt_get_preferred_hash_algorithm(issuer, &dig, - NULL); + result = gnutls_x509_crt_get_preferred_hash_algorithm( + issuer, &dig, NULL); if (result < 0) return gnutls_assert_val(result); } @@ -1804,8 +1735,8 @@ gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt, return result; } - result = _gnutls_x509_pkix_sign(crt->cert, "tbsCertificate", - dig, flags, issuer, issuer_key); + result = _gnutls_x509_pkix_sign(crt->cert, "tbsCertificate", dig, flags, + issuer, issuer_key); if (result < 0) { gnutls_assert(); return result; @@ -1835,9 +1766,8 @@ gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt, * * Since: 3.0 **/ -int -gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt, - int what, gnutls_datum_t * data) +int gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt, int what, + gnutls_datum_t *data) { int ret; gnutls_datum_t der = { NULL, 0 }; @@ -1856,7 +1786,7 @@ gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt, } ret = _gnutls_x509_crt_get_extension(crt, GNUTLS_OID_AIA, 0, &der, &c); - if (ret >= 0) { /* decode it */ + if (ret >= 0) { /* decode it */ ret = gnutls_x509_ext_import_aia(&der, aia_ctx, 0); if (ret < 0) { gnutls_assert(); @@ -1888,7 +1818,7 @@ gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt, goto cleanup; } - cleanup: +cleanup: if (aia_ctx != NULL) gnutls_x509_aia_deinit(aia_ctx); _gnutls_free_datum(&new_der); @@ -1915,10 +1845,9 @@ gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t crt, * * Since: 3.1.5 **/ -int -gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, - const struct gnutls_x509_policy_st *policy, - unsigned int critical) +int gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, + const struct gnutls_x509_policy_st *policy, + unsigned int critical) { int ret; gnutls_datum_t der_data = { NULL, 0 }, prev_der_data = { NULL, 0 }; @@ -1943,8 +1872,8 @@ gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, } if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - ret = gnutls_x509_ext_import_policies(&prev_der_data, - policies, 0); + ret = gnutls_x509_ext_import_policies(&prev_der_data, policies, + 0); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1965,7 +1894,7 @@ gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, ret = _gnutls_x509_crt_set_extension(crt, "2.5.29.32", &der_data, 0); - cleanup: +cleanup: if (policies != NULL) gnutls_x509_policies_deinit(policies); _gnutls_free_datum(&prev_der_data); @@ -1993,9 +1922,8 @@ gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, * * Since: 3.6.0 **/ -int -gnutls_x509_crt_set_spki(gnutls_x509_crt_t crt, - const gnutls_x509_spki_t spki, unsigned int flags) +int gnutls_x509_crt_set_spki(gnutls_x509_crt_t crt, + const gnutls_x509_spki_t spki, unsigned int flags) { int ret; gnutls_pk_algorithm_t crt_pk; @@ -2089,7 +2017,7 @@ gnutls_x509_crt_set_spki(gnutls_x509_crt_t crt, } ret = 0; - cleanup: +cleanup: gnutls_pk_params_release(¶ms); return ret; } |