diff options
Diffstat (limited to 'lib')
49 files changed, 1237 insertions, 1102 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 2cd8b585a5..0dbba1f925 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -66,8 +66,7 @@ static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); */ static int _gnutls_copy_certificate_auth_info (cert_auth_info_t info, - gnutls_cert * cert, - size_t ncerts) + gnutls_cert * cert, size_t ncerts) { /* Copy peer's information to auth_info_t */ @@ -1026,14 +1025,17 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session, gnutls_assert (); goto cleanup; } - + /* check if signature algorithm is supported */ - ret = _gnutls_session_sign_algo_enabled(session, peer_certificate_list[j].sign_algo); + ret = + _gnutls_session_sign_algo_enabled (session, + peer_certificate_list + [j].sign_algo); if (ret < 0) - { - gnutls_assert(); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } p += len; } @@ -1360,7 +1362,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, return GNUTLS_E_UNKNOWN_PK_ALGORITHM; } - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) { /* read supported hashes */ int hash_num; @@ -1369,12 +1371,12 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, p += 2; DECR_LEN (dsize, hash_num); - ret = _gnutls_sign_algorithm_parse_data( session, p, hash_num); + ret = _gnutls_sign_algorithm_parse_data (session, p, hash_num); if (ret < 0) - { - gnutls_assert(); - return ret; - } + { + gnutls_assert (); + return ret; + } p += hash_num; } @@ -1420,7 +1422,7 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) int apr_cert_list_length, size; gnutls_datum_t signature; int total_data; - opaque* p; + opaque *p; gnutls_sign_algorithm_t sign_algo; gnutls_protocol_t ver = gnutls_protocol_get_version (session); @@ -1439,13 +1441,13 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) { if ((ret = _gnutls_handshake_sign_cert_vrfy (session, - &apr_cert_list[0], - apr_pkey, &signature)) < 0) + &apr_cert_list[0], + apr_pkey, &signature)) < 0) { gnutls_assert (); return ret; } - sign_algo = ret; + sign_algo = ret; } else { @@ -1455,9 +1457,9 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) total_data = signature.size + 2; /* add hash and signature algorithms */ - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) { - total_data+=2; + total_data += 2; } *data = gnutls_malloc (total_data); @@ -1468,20 +1470,20 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) } p = *data; - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) { sign_algorithm_st aid; /* error checking is not needed here since we have used those algorithms */ - aid = _gnutls_sign_to_tls_aid(sign_algo); + aid = _gnutls_sign_to_tls_aid (sign_algo); p[0] = aid.hash_algorithm; p[1] = aid.sign_algorithm; - p+=2; + p += 2; } size = signature.size; _gnutls_write_uint16 (size, p); - p+=2; + p += 2; memcpy (p, signature.data, size); _gnutls_free_datum (&signature); @@ -1509,27 +1511,27 @@ _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) { - sign_algorithm_st aid; + sign_algorithm_st aid; DECR_LEN (dsize, 2); aid.hash_algorithm = pdata[0]; aid.sign_algorithm = pdata[1]; - - sign_algo = _gnutls_tls_aid_to_sign(&aid); + + sign_algo = _gnutls_tls_aid_to_sign (&aid); if (sign_algo == GNUTLS_PK_UNKNOWN) - { - gnutls_assert(); - return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; - } - pdata+=2; + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + } + pdata += 2; } ret = _gnutls_session_sign_algo_enabled (session, sign_algo); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; } @@ -1552,7 +1554,9 @@ _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session, return ret; } - if ((ret = _gnutls_handshake_verify_cert_vrfy (session, &peer_cert, &sig, sign_algo)) < 0) + if ((ret = + _gnutls_handshake_verify_cert_vrfy (session, &peer_cert, &sig, + sign_algo)) < 0) { gnutls_assert (); _gnutls_gcert_deinit (&peer_cert); @@ -1571,7 +1575,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) int size, ret; opaque *pdata; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - const int signalgosize = 2+MAX_SIGNATURE_ALGORITHMS*2; + const int signalgosize = 2 + MAX_SIGNATURE_ALGORITHMS * 2; /* Now we need to generate the RDN sequence. This is * already in the CERTIFICATE_CRED structure, to improve @@ -1593,7 +1597,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) session->internals.ignore_rdn_sequence == 0) size += cred->x509_rdn_sequence.size; - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) /* Need two bytes to announce the number of supported hash functions (see below). */ size += signalgosize; @@ -1613,17 +1617,18 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) pdata[2] = DSA_SIGN; /* only these for now */ pdata += CERTTYPE_SIZE; - if (_gnutls_version_has_selectable_sighash(ver)) + if (_gnutls_version_has_selectable_sighash (ver)) { - ret = _gnutls_sign_algorithm_write_params(session, pdata, signalgosize); + ret = + _gnutls_sign_algorithm_write_params (session, pdata, signalgosize); if (ret < 0) - { - gnutls_assert(); - return ret; - } - + { + gnutls_assert (); + return ret; + } + /* recalculate size */ - size=size-signalgosize+ret; + size = size - signalgosize + ret; pdata += ret; } @@ -1915,23 +1920,29 @@ _gnutls_server_select_cert (gnutls_session_t session, for (i = 0; i < cred->ncerts; i++) { - /* find one compatible certificate + /* find one compatible certificate */ if (requested_algo == GNUTLS_PK_ANY || requested_algo == cred->cert_list[i][0].subject_pk_algorithm) { - /* if cert type and signature algorithm matches + /* if cert type and signature algorithm matches */ - if (session->security_parameters.cert_type == cred->cert_list[i][0].cert_type && - (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP || /* FIXME: make this a check for - * certificate type capabilities - */ - !_gnutls_version_has_selectable_sighash (gnutls_protocol_get_version (session)) || - _gnutls_session_sign_algo_requested(session, cred->cert_list[i][0].sign_algo) == 0)) + /* *INDENT-OFF* */ + if (session->security_parameters.cert_type + == cred->cert_list[i][0].cert_type + && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP + || /* FIXME: make this a check for certificate + type capabilities */ + !_gnutls_version_has_selectable_sighash + (gnutls_protocol_get_version (session)) + || + _gnutls_session_sign_algo_requested + (session, cred->cert_list[i][0].sign_algo) == 0)) { idx = i; break; } + /* *INDENT-ON* */ } } diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index 7026026f83..eca85b34fa 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -149,8 +149,8 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data) { if ((ret = _gnutls_handshake_sign_data (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature, - &sign_algo)) < 0) + apr_pkey, &ddata, &signature, + &sign_algo)) < 0) { gnutls_assert (); gnutls_free (*data); @@ -233,9 +233,9 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, { sign_algorithm_st aid; - DECR_LEN(data_size, 1); + DECR_LEN (data_size, 1); aid.hash_algorithm = *sigdata++; - DECR_LEN(data_size, 1); + DECR_LEN (data_size, 1); aid.sign_algorithm = *sigdata++; sign_algo = _gnutls_tls_aid_to_sign (&aid); if (sign_algo == GNUTLS_SIGN_UNKNOWN) @@ -261,7 +261,8 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, return ret; } - ret = _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, + ret = + _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, sign_algo); _gnutls_gcert_deinit (&peer_cert); diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 789a9498d5..52adff6be8 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -155,8 +155,8 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) { if ((ret = _gnutls_handshake_sign_data (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature, - &sign_algo)) < 0) + apr_pkey, &ddata, &signature, + &sign_algo)) < 0) { gnutls_assert (); gnutls_free (*data); @@ -310,7 +310,8 @@ proc_rsa_export_server_kx (gnutls_session_t session, return ret; } - ret = _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, + ret = + _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, GNUTLS_SIGN_UNKNOWN); _gnutls_gcert_deinit (&peer_cert); diff --git a/lib/auth_srp.c b/lib/auth_srp.c index 634749c196..6eac98d123 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -245,7 +245,7 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data) _gnutls_write_uint16 (n_b, data_b); - _gnutls_hard_log ("INT: SRP B[%d]: %s\n", (int)n_b, + _gnutls_hard_log ("INT: SRP B[%d]: %s\n", (int) n_b, _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf))); _gnutls_srp_entry_free (pwd_entry); @@ -364,7 +364,7 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data) return GNUTLS_E_MPI_PRINT_FAILED; } - _gnutls_hard_log ("INT: SRP A[%d]: %s\n", (int)n_a, + _gnutls_hard_log ("INT: SRP A[%d]: %s\n", (int) n_a, _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf))); _gnutls_mpi_release (&A); diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index 6a1e986761..46daf24e78 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -346,8 +346,8 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, /* Keep the last index in memory, so we can retrieve fake parameters (g,n) * when the user does not exist. */ - /* XXX: last_idx will not be read as both if block branches return. */ - last_idx = idx; + /* XXX: last_idx will not be read as both if block branches return. */ + last_idx = idx; if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0) { return 0; diff --git a/lib/auth_srp_rsa.c b/lib/auth_srp_rsa.c index e3192f751f..23d8e0d6a7 100644 --- a/lib/auth_srp_rsa.c +++ b/lib/auth_srp_rsa.c @@ -117,8 +117,8 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque ** data) if ((ret = _gnutls_handshake_sign_data (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature, - &sign_algo)) < 0) + apr_pkey, &ddata, &signature, + &sign_algo)) < 0) { gnutls_assert (); gnutls_free (*data); @@ -193,7 +193,8 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque * data, return ret; } - ret = _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, + ret = + _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, GNUTLS_SIGN_UNKNOWN); _gnutls_gcert_deinit (&peer_cert); diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c index 60fd2a05bb..c5a5a352ce 100644 --- a/lib/ext_cert_type.c +++ b/lib/ext_cert_type.c @@ -242,4 +242,3 @@ _gnutls_cert_type2num (int cert_type) } } - diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c index 1b8513a73f..14ac269396 100644 --- a/lib/ext_server_name.c +++ b/lib/ext_server_name.c @@ -331,7 +331,8 @@ gnutls_server_name_set (gnutls_session_t session, if (name_length > MAX_SERVER_NAME_SIZE) return GNUTLS_E_SHORT_MEMORY_BUFFER; - server_names = session->security_parameters.extensions.server_names_size + 1; + server_names = + session->security_parameters.extensions.server_names_size + 1; if (server_names > MAX_SERVER_NAME_EXTENSIONS) server_names = MAX_SERVER_NAME_EXTENSIONS; @@ -340,8 +341,9 @@ gnutls_server_name_set (gnutls_session_t session, [server_names - 1].type = type; memcpy (session->security_parameters.extensions. server_names[server_names - 1].name, name, name_length); - session->security_parameters.extensions.server_names - [server_names - 1].name_length = name_length; + session->security_parameters.extensions.server_names[server_names - + 1].name_length = + name_length; session->security_parameters.extensions.server_names_size++; diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c index dc5051a091..f51c2b88ef 100644 --- a/lib/ext_session_ticket.c +++ b/lib/ext_session_ticket.c @@ -42,7 +42,8 @@ #define MAC_SIZE 32 -struct ticket { +struct ticket +{ opaque key_name[KEY_NAME_SIZE]; opaque IV[IV_SIZE]; opaque *encrypted_state; @@ -51,7 +52,8 @@ struct ticket { }; static int -digest_ticket (const gnutls_datum_t *key, struct ticket *ticket, opaque *digest) +digest_ticket (const gnutls_datum_t * key, struct ticket *ticket, + opaque * digest) { digest_hd_st digest_hd; uint16_t length16; @@ -85,8 +87,8 @@ decrypt_ticket (gnutls_session_t session, struct ticket *ticket) int ret; /* Check the integrity of ticket using HMAC-SHA-256. */ - mac_secret.data = session->security_parameters.extensions. - session_ticket_key->mac_secret; + mac_secret.data = + session->security_parameters.extensions.session_ticket_key->mac_secret; mac_secret.size = MAC_SECRET_SIZE; ret = digest_ticket (&mac_secret, ticket, final); if (ret < 0) @@ -102,12 +104,12 @@ decrypt_ticket (gnutls_session_t session, struct ticket *ticket) } /* Decrypt encrypted_state using 128-bit AES in CBC mode. */ - key.data = session->security_parameters.extensions. - session_ticket_key->key; + key.data = session->security_parameters.extensions.session_ticket_key->key; key.size = KEY_SIZE; IV.data = ticket->IV; IV.size = IV_SIZE; - ret = _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV); + ret = + _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV); if (ret < 0) { gnutls_assert (); @@ -161,7 +163,8 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket) return ret; } blocksize = _gnutls_cipher_get_block_size (GNUTLS_CIPHER_AES_128_CBC); - encrypted_state.size = ((state.size + blocksize - 1) / blocksize) * blocksize; + encrypted_state.size = + ((state.size + blocksize - 1) / blocksize) * blocksize; encrypted_state.data = gnutls_malloc (encrypted_state.size); if (!encrypted_state.data) { @@ -178,7 +181,8 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket) key.size = KEY_SIZE; IV.data = session->security_parameters.extensions.session_ticket_IV; IV.size = IV_SIZE; - ret = _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV); + ret = + _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV); if (ret < 0) { gnutls_assert (); @@ -199,14 +203,13 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket) /* Fill the ticket structure to compute MAC. */ memcpy (ticket->key_name, session->security_parameters.extensions. - session_ticket_key->key_name, - KEY_NAME_SIZE); + session_ticket_key->key_name, KEY_NAME_SIZE); memcpy (ticket->IV, IV.data, IV.size); ticket->encrypted_state_len = encrypted_state.size; ticket->encrypted_state = encrypted_state.data; - mac_secret.data = session->security_parameters.extensions. - session_ticket_key->mac_secret; + mac_secret.data = + session->security_parameters.extensions.session_ticket_key->mac_secret; mac_secret.size = MAC_SECRET_SIZE; ret = digest_ticket (&mac_secret, ticket, ticket->mac); if (ret < 0) @@ -246,11 +249,10 @@ _gnutls_session_ticket_recv_params (gnutls_session_t session, data += KEY_NAME_SIZE; /* If the key name of the ticket does not match the one that we - hold, issue a new ticket. */ + hold, issue a new ticket. */ if (memcmp (ticket.key_name, session->security_parameters.extensions. - session_ticket_key->key_name, - KEY_NAME_SIZE)) + session_ticket_key->key_name, KEY_NAME_SIZE)) { session->internals.session_ticket_renew = 1; return 0; @@ -360,11 +362,11 @@ _gnutls_session_ticket_send_params (gnutls_session_t session, * Since: 2.10.0 **/ int -gnutls_session_ticket_key_generate (gnutls_datum_t *key) +gnutls_session_ticket_key_generate (gnutls_datum_t * key) { int ret; - key->size = sizeof(struct gnutls_session_ticket_key_st); + key->size = sizeof (struct gnutls_session_ticket_key_st); key->data = gnutls_malloc (key->size); if (!key->data) { @@ -424,12 +426,12 @@ gnutls_session_ticket_enable_client (gnutls_session_t session) **/ int gnutls_session_ticket_enable_server (gnutls_session_t session, - const gnutls_datum_t *key) + const gnutls_datum_t * key) { int ret; if (!session || !key - || key->size != sizeof(struct gnutls_session_ticket_key_st)) + || key->size != sizeof (struct gnutls_session_ticket_key_st)) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -445,7 +447,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t session, } session->security_parameters.extensions.session_ticket_key = - (struct gnutls_session_ticket_key_st *)key->data; + (struct gnutls_session_ticket_key_st *) key->data; session->internals.session_ticket_enable = 1; return 0; } @@ -489,9 +491,9 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again) if (again == 0) { /* XXX: Temporarily set write algorithms to be used. - _gnutls_write_connection_state_init() does this job, but it also - triggers encryption, while NewSessionTicket should not be - encrypted in the record layer. */ + _gnutls_write_connection_state_init() does this job, but it also + triggers encryption, while NewSessionTicket should not be + encrypted in the record layer. */ SAVE_WRITE_SECURITY_PARAMETERS; ret = _gnutls_set_write_cipher (session, _gnutls_cipher_suite_get_cipher_algo @@ -532,7 +534,7 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again) p = data; /* FIXME: ticket lifetime is fixed to 10 days, which should be - customizable. */ + customizable. */ _gnutls_write_uint32 (864000, p); p += 4; @@ -620,7 +622,7 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session) } return 0; - error: +error: gnutls_free (data); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } diff --git a/lib/ext_signature.c b/lib/ext_signature.c index 9be866dd3e..7dcea66866 100644 --- a/lib/ext_signature.c +++ b/lib/ext_signature.c @@ -90,10 +90,9 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session, sig = _gnutls_tls_aid_to_sign (&aid); if (sig != GNUTLS_SIGN_UNKNOWN) { - session->security_parameters. - extensions.sign_algorithms[session->security_parameters. - extensions. - sign_algorithms_size++] = sig; + session->security_parameters.extensions. + sign_algorithms[session->security_parameters.extensions. + sign_algorithms_size++] = sig; if (session->security_parameters.extensions.sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS) break; diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 8b04524942..bb1a5f193b 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -1238,14 +1238,15 @@ _gnutls_version_has_selectable_sighash (gnutls_protocol_t version) int _gnutls_version_has_extensions (gnutls_protocol_t version) { - switch(version) { - case GNUTLS_TLS1_0: - case GNUTLS_TLS1_1: - case GNUTLS_TLS1_2: - return 1; - default: - return 0; - } + switch (version) + { + case GNUTLS_TLS1_0: + case GNUTLS_TLS1_1: + case GNUTLS_TLS1_2: + return 1; + default: + return 0; + } } /* This function determines if the version specified has explicit IVs @@ -1253,27 +1254,30 @@ _gnutls_version_has_extensions (gnutls_protocol_t version) int _gnutls_version_has_explicit_iv (gnutls_protocol_t version) { - switch(version) { - case GNUTLS_TLS1_1: - case GNUTLS_TLS1_2: - return 1; - default: - return 0; - } + switch (version) + { + case GNUTLS_TLS1_1: + case GNUTLS_TLS1_2: + return 1; + default: + return 0; + } } /* This function determines if the version specified can have non-minimal padding. */ -int _gnutls_version_has_variable_padding (gnutls_protocol_t version) +int +_gnutls_version_has_variable_padding (gnutls_protocol_t version) { - switch(version) { - case GNUTLS_TLS1_0: - case GNUTLS_TLS1_1: - case GNUTLS_TLS1_2: - return 1; - default: - return 0; - } + switch (version) + { + case GNUTLS_TLS1_0: + case GNUTLS_TLS1_1: + case GNUTLS_TLS1_2: + return 1; + default: + return 0; + } } /* Type to KX mappings */ @@ -1849,7 +1853,8 @@ static const gnutls_sign_entry sign_algorithms[] = { GNUTLS_MAC_MD5, {1, 1}}, {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA, GNUTLS_MAC_MD2, TLS_SIGN_AID_UNKNOWN}, - {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}, + {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0, + TLS_SIGN_AID_UNKNOWN}, {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}, {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN} }; @@ -2021,16 +2026,15 @@ _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign) } gnutls_sign_algorithm_t -_gnutls_tls_aid_to_sign (const sign_algorithm_st *aid) +_gnutls_tls_aid_to_sign (const sign_algorithm_st * aid) { gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN; - GNUTLS_SIGN_LOOP ( if (p->aid.hash_algorithm == aid->hash_algorithm - && p->aid.sign_algorithm == aid->sign_algorithm) - { - ret = p->id; - break; - } ); + GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm + && p->aid.sign_algorithm == aid->sign_algorithm) + { + ret = p->id; break;} + ); return ret; } diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 75c3287e48..53e0e67dbd 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -134,19 +134,19 @@ _gnutls_record_buffer_put (content_type_t type, case GNUTLS_APPLICATION_DATA: buf = &session->internals.application_data_buffer; _gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; case GNUTLS_HANDSHAKE: buf = &session->internals.handshake_data_buffer; _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; case GNUTLS_INNER_APPLICATION: buf = &session->internals.ia_data_buffer; _gnutls_buffers_log ("BUF[IA]: Inserted %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; default: @@ -215,22 +215,25 @@ _gnutls_record_buffer_get (content_type_t type, switch (type) { case GNUTLS_APPLICATION_DATA: - _gnutls_buffer_get_data( &session->internals.application_data_buffer, data, &length); + _gnutls_buffer_get_data (&session->internals.application_data_buffer, + data, &length); _gnutls_buffers_log ("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; case GNUTLS_HANDSHAKE: - _gnutls_buffer_get_data( &session->internals.handshake_data_buffer, data, &length); + _gnutls_buffer_get_data (&session->internals.handshake_data_buffer, + data, &length); _gnutls_buffers_log ("BUF[REC][HD]: Read %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; case GNUTLS_INNER_APPLICATION: - _gnutls_buffer_get_data( &session->internals.ia_data_buffer, data, &length); + _gnutls_buffer_get_data (&session->internals.ia_data_buffer, data, + &length); _gnutls_buffers_log ("BUF[REC][IA]: Read %d bytes of Data(%d)\n", - (int)length, (int)type); + (int) length, (int) type); break; default: @@ -303,7 +306,7 @@ _gnutls_read (gnutls_session_t session, void *iptr, : errno; _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n", - (int)i, fd, errno, session->internals.errnum); + (int) i, fd, errno, session->internals.errnum); if (err == EAGAIN || err == EINTR) { @@ -311,7 +314,7 @@ _gnutls_read (gnutls_session_t session, void *iptr, { _gnutls_read_log ("READ: returning %d bytes from %p\n", - (int)(sizeOfPtr - left), fd); + (int) (sizeOfPtr - left), fd); goto finish; } @@ -330,7 +333,7 @@ _gnutls_read (gnutls_session_t session, void *iptr, else { - _gnutls_read_log ("READ: Got %d bytes from %p\n", (int)i, fd); + _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd); if (i == 0) break; /* EOF */ @@ -349,7 +352,7 @@ finish: _gnutls_read_log ("READ: read %d bytes from %p\n", - (int)(sizeOfPtr - left), fd); + (int) (sizeOfPtr - left), fd); for (x = 0; x < ((sizeOfPtr - left) / 16) + 1; x++) { @@ -508,12 +511,13 @@ _gnutls_io_read_buffered (gnutls_session_t session, opaque ** iptr, /* Allocate the data required to store the new packet. */ - ret = _gnutls_buffer_resize( &session->internals.record_recv_buffer, - recvdata + session->internals.record_recv_buffer.length); + ret = _gnutls_buffer_resize (&session->internals.record_recv_buffer, + recvdata + + session->internals.record_recv_buffer.length); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } @@ -542,8 +546,8 @@ _gnutls_io_read_buffered (gnutls_session_t session, opaque ** iptr, { _gnutls_read_log ("RB: Have %d bytes into buffer. Adding %d bytes.\n", - (int)session->internals.record_recv_buffer.length, (int)ret); - _gnutls_read_log ("RB: Requested %d bytes\n", (int)sizeOfPtr); + (int) session->internals.record_recv_buffer.length, (int) ret); + _gnutls_read_log ("RB: Requested %d bytes\n", (int) sizeOfPtr); session->internals.record_recv_buffer.length += ret; } @@ -565,10 +569,12 @@ _gnutls_io_read_buffered (gnutls_session_t session, opaque ** iptr, if (ret2 > 0) { - _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n", (int)ret2); + _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n", + (int) ret2); _gnutls_read_log ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", - (int)session->internals.record_recv_buffer.length, (int)ret2, (int)sizeOfPtr); + (int) session->internals.record_recv_buffer.length, (int) ret2, + (int) sizeOfPtr); session->internals.have_peeked_data = 1; session->internals.record_recv_buffer.length += ret2; @@ -653,16 +659,18 @@ _gnutls_io_write_buffered (gnutls_session_t session, { gnutls_datum_t bdata; /* checking is handled above */ - _gnutls_buffer_get_datum (&session->internals.record_send_buffer, &bdata, session->internals.record_send_buffer.length); + _gnutls_buffer_get_datum (&session->internals.record_send_buffer, + &bdata, + session->internals.record_send_buffer.length); ptr = bdata.data; n = bdata.size; _gnutls_write_log - ("WRITE: Restoring old write. (%d bytes to send)\n", (int)n); + ("WRITE: Restoring old write. (%d bytes to send)\n", (int) n); } - _gnutls_write_log ("WRITE: Will write %d bytes to %p.\n", (int)n, fd); + _gnutls_write_log ("WRITE: Will write %d bytes to %p.\n", (int) n, fd); left = n; while (left > 0) @@ -718,7 +726,7 @@ _gnutls_io_write_buffered (gnutls_session_t session, _gnutls_write_log ("WRITE: Interrupted. Stored %d bytes to buffer. Already sent %d bytes.\n", - (int)left, (int)(n - left)); + (int) left, (int) (n - left)); if (err == EAGAIN) return GNUTLS_E_AGAIN; @@ -741,7 +749,7 @@ _gnutls_io_write_buffered (gnutls_session_t session, _gnutls_write_log ("WRITE: wrote %d bytes to %p. Left %d bytes. Total %d bytes.\n", - (int)i, fd, (int)left, (int)n); + (int) i, fd, (int) left, (int) n); for (x = 0; x < (unsigned) ((i) / 16) + 1; x++) { line[0] = 0; @@ -790,8 +798,8 @@ _gnutls_io_write_flush (gnutls_session_t session) return 0; /* done */ ret = _gnutls_io_write_buffered (session, NULL, 0); - _gnutls_write_log ("WRITE FLUSH: %d [buffer: %d]\n", (int)ret, - (int)session->internals.record_send_buffer.length); + _gnutls_write_log ("WRITE FLUSH: %d [buffer: %d]\n", (int) ret, + (int) session->internals.record_send_buffer.length); return ret; } @@ -811,7 +819,7 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session) return ret; } - _gnutls_write_log ("HANDSHAKE_FLUSH: written[1] %d bytes\n", (int)ret); + _gnutls_write_log ("HANDSHAKE_FLUSH: written[1] %d bytes\n", (int) ret); if (session->internals.handshake_send_buffer.length == 0) { @@ -849,7 +857,10 @@ _gnutls_handshake_io_send_int (gnutls_session_t session, gnutls_assert (); /* checking is handled above */ - _gnutls_buffer_get_datum (&session->internals.handshake_send_buffer, &bdata, session->internals.handshake_send_buffer.length); + _gnutls_buffer_get_datum (&session->internals.handshake_send_buffer, + &bdata, + session->internals. + handshake_send_buffer.length); ptr = bdata.data; n = bdata.size; @@ -984,22 +995,24 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session, if (session->internals.handshake_recv_buffer.length > 0) { size_t tmp; - + /* if we have already received some data */ if (sizeOfPtr <= session->internals.handshake_recv_buffer.length) { /* if requested less data then return it. */ gnutls_assert (); - + tmp = sizeOfPtr; - _gnutls_string_get_data( &session->internals.handshake_recv_buffer, iptr, &tmp); + _gnutls_string_get_data (&session->internals.handshake_recv_buffer, + iptr, &tmp); return tmp; } gnutls_assert (); - tmp = sizeOfPtr; - _gnutls_string_get_data( &session->internals.handshake_recv_buffer, iptr, &tmp); + tmp = sizeOfPtr; + _gnutls_string_get_data (&session->internals.handshake_recv_buffer, + iptr, &tmp); left -= tmp; htype = session->internals.handshake_recv_buffer_htype; @@ -1017,8 +1030,9 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session, { gnutls_assert (); - _gnutls_buffer_append (&session->internals.handshake_recv_buffer, iptr, - dsize); + _gnutls_buffer_append (&session-> + internals.handshake_recv_buffer, iptr, + dsize); session->internals.handshake_recv_buffer_htype = htype; session->internals.handshake_recv_buffer_type = type; @@ -1063,7 +1077,7 @@ _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data, return GNUTLS_E_HANDSHAKE_TOO_LARGE; } - _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", (int)length); + _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", (int) length); if (_gnutls_buffer_append (&session->internals.handshake_hash_buffer, data, length) < 0) { @@ -1091,7 +1105,8 @@ _gnutls_handshake_buffer_get_ptr (gnutls_session_t session, if (length != NULL) *length = session->internals.handshake_hash_buffer.length; - _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", (int)session->internals.handshake_hash_buffer.length); + _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", + (int) session->internals.handshake_hash_buffer.length); if (data_ptr != NULL) *data_ptr = session->internals.handshake_hash_buffer.data; diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 5b110ad298..6e5dcef9ea 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -817,7 +817,7 @@ _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, memset (gcert, 0, sizeof (gnutls_cert)); gcert->cert_type = GNUTLS_CRT_X509; - gcert->sign_algo = gnutls_x509_crt_get_signature_algorithm(cert); + gcert->sign_algo = gnutls_x509_crt_get_signature_algorithm (cert); if (!(flags & CERT_NO_COPY)) { diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 525540e0b3..4d0dda2399 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -274,7 +274,8 @@ calc_enc_length (gnutls_session_t session, int data_size, *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd; length += *pad; - if (_gnutls_version_has_explicit_iv(session->security_parameters.version)) + if (_gnutls_version_has_explicit_iv + (session->security_parameters.version)) length += blocksize; /* for the IV */ break; @@ -343,7 +344,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, write_sequence_number), 8); _gnutls_hmac (&td, &type, 1); - if (_gnutls_version_has_variable_padding(ver)) + if (_gnutls_version_has_variable_padding (ver)) { /* TLS 1.0 or higher */ _gnutls_hmac (&td, &major, 1); _gnutls_hmac (&td, &minor, 1); @@ -375,7 +376,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, data_ptr = cipher_data; if (block_algo == CIPHER_BLOCK && - _gnutls_version_has_explicit_iv(session->security_parameters.version)) + _gnutls_version_has_explicit_iv (session->security_parameters.version)) { /* copy the random IV. */ @@ -476,7 +477,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, ciphertext.size)) < 0) { gnutls_assert (); - DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm); + DEINIT_MAC (td, ver, + session->security_parameters.write_mac_algorithm); return ret; @@ -489,7 +491,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0)) { gnutls_assert (); - DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm); + DEINIT_MAC (td, ver, + session->security_parameters.write_mac_algorithm); return GNUTLS_E_DECRYPTION_FAILED; } @@ -499,13 +502,15 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, ciphertext.size)) < 0) { gnutls_assert (); - DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm); + DEINIT_MAC (td, ver, + session->security_parameters.write_mac_algorithm); return ret; } /* ignore the IV in TLS 1.1. */ - if (_gnutls_version_has_explicit_iv(session->security_parameters.version)) + if (_gnutls_version_has_explicit_iv + (session->security_parameters.version)) { ciphertext.size -= blocksize; ciphertext.data += blocksize; @@ -513,7 +518,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, if (ciphertext.size == 0) { gnutls_assert (); - DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm); + DEINIT_MAC (td, ver, + session->security_parameters.write_mac_algorithm); return GNUTLS_E_DECRYPTION_FAILED; } } @@ -536,7 +542,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, /* Check the pading bytes (TLS 1.x) */ - if (_gnutls_version_has_variable_padding(ver) && pad_failed == 0) + if (_gnutls_version_has_variable_padding (ver) && pad_failed == 0) for (i = 2; i < pad; i++) { if (ciphertext.data[ciphertext.size - i] != @@ -546,7 +552,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, break; default: gnutls_assert (); - DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm); + DEINIT_MAC (td, ver, session->security_parameters.write_mac_algorithm); return GNUTLS_E_INTERNAL_ERROR; } @@ -564,7 +570,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, read_sequence_number), 8); _gnutls_hmac (&td, &type, 1); - if (_gnutls_version_has_variable_padding(ver)) + if (_gnutls_version_has_variable_padding (ver)) { /* TLS 1.x */ _gnutls_hmac (&td, &major, 1); _gnutls_hmac (&td, &minor, 1); diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index b5d8bb6cb1..fa81cd2b3f 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -433,14 +433,15 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) if (res != 0) { gnutls_assert (); - _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, (int)binlen); + _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, + (int) binlen); return; } - if (binlen > 1024*1024) + if (binlen > 1024 * 1024) { gnutls_assert (); - _gnutls_hard_log ("MPI: too large mpi (%d)\n", (int)binlen); + _gnutls_hard_log ("MPI: too large mpi (%d)\n", (int) binlen); return; } @@ -448,7 +449,7 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) if (!binbuf) { gnutls_assert (); - _gnutls_hard_log ("MPI: out of memory (%d)\n", (int)binlen); + _gnutls_hard_log ("MPI: out of memory (%d)\n", (int) binlen); return; } @@ -456,7 +457,8 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) if (res != 0) { gnutls_assert (); - _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, (int)binlen); + _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, + (int) binlen); gnutls_free (binbuf); return; } @@ -467,14 +469,15 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) if (!hexbuf) { gnutls_assert (); - _gnutls_hard_log ("MPI: out of memory (hex %d)\n", (int)hexlen); + _gnutls_hard_log ("MPI: out of memory (hex %d)\n", (int) hexlen); gnutls_free (binbuf); return; } _gnutls_bin2hex (binbuf, binlen, hexbuf, hexlen); - _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int)binlen, prefix, hexbuf); + _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix, + hexbuf); gnutls_free (hexbuf); gnutls_free (binbuf); diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 5f2c47cc6b..b3f388ce73 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -342,19 +342,19 @@ _gnutls_ext_init (void) #ifdef ENABLE_SESSION_TICKET ret = gnutls_ext_register (GNUTLS_EXTENSION_SESSION_TICKET, - "SESSION_TICKET", - GNUTLS_EXT_TLS, - _gnutls_session_ticket_recv_params, - _gnutls_session_ticket_send_params); + "SESSION_TICKET", + GNUTLS_EXT_TLS, + _gnutls_session_ticket_recv_params, + _gnutls_session_ticket_send_params); if (ret != GNUTLS_E_SUCCESS) return ret; #endif ret = gnutls_ext_register (GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - "SIGNATURE_ALGORITHMS", - GNUTLS_EXT_TLS, - _gnutls_signature_algorithm_recv_params, - _gnutls_signature_algorithm_send_params); + "SIGNATURE_ALGORITHMS", + GNUTLS_EXT_TLS, + _gnutls_signature_algorithm_recv_params, + _gnutls_signature_algorithm_send_params); if (ret != GNUTLS_E_SUCCESS) return ret; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index b7d5af3310..6c2787dcee 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -65,7 +65,7 @@ static int _gnutls_handshake_hash_init (gnutls_session_t session); static int _gnutls_server_select_comp_method (gnutls_session_t session, - opaque * data, int datalen); + opaque * data, int datalen); static int _gnutls_handshake_hash_add_recvd (gnutls_session_t session, gnutls_handshake_description_t recv_type, @@ -78,21 +78,21 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session, void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session) { - if (session->security_parameters. - handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) { - _gnutls_hash_deinit (&session->internals. - handshake_mac_handle.tls10.md5, NULL); - _gnutls_hash_deinit (&session->internals. - handshake_mac_handle.tls10.sha, NULL); + _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.md5, + NULL); + _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.sha, + NULL); } - else if (session->security_parameters. - handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) + else if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) { - _gnutls_hash_deinit (&session->internals. - handshake_mac_handle.tls12.sha256, NULL); - _gnutls_hash_deinit (&session->internals. - handshake_mac_handle.tls12.sha1, NULL); + _gnutls_hash_deinit (&session->internals.handshake_mac_handle. + tls12.sha256, NULL); + _gnutls_hash_deinit (&session->internals.handshake_mac_handle. + tls12.sha1, NULL); } session->security_parameters.handshake_mac_handle_type = 0; session->internals.handshake_mac_handle_init = 0; @@ -171,19 +171,23 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret) const char *mesg; int rc; - if (session->security_parameters. - handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) { - rc = _gnutls_hash_copy (&td_md5, &session->internals. - handshake_mac_handle.tls10.md5); + rc = + _gnutls_hash_copy (&td_md5, + &session->internals.handshake_mac_handle. + tls10.md5); if (rc < 0) { gnutls_assert (); return rc; } - rc = _gnutls_hash_copy (&td_sha, &session->internals. - handshake_mac_handle.tls10.sha); + rc = + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle. + tls10.sha); if (rc < 0) { gnutls_assert (); @@ -193,7 +197,7 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret) } else { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } @@ -228,27 +232,30 @@ static int _gnutls_finished (gnutls_session_t session, int type, void *ret) { const int siz = TLS_MSG_LEN; - opaque concat[MAX_HASH_SIZE+16/*MD5*/]; + opaque concat[MAX_HASH_SIZE + 16 /*MD5 */ ]; size_t len = 20 + 16; const char *mesg; digest_hd_st td_md5; digest_hd_st td_sha; int rc; - if (session->security_parameters. - handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) { rc = - _gnutls_hash_copy (&td_md5, &session->internals. - handshake_mac_handle.tls10.md5); + _gnutls_hash_copy (&td_md5, + &session->internals.handshake_mac_handle. + tls10.md5); if (rc < 0) { gnutls_assert (); return rc; } - rc = _gnutls_hash_copy (&td_sha, &session->internals. - handshake_mac_handle.tls10.sha); + rc = + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle. + tls10.sha); if (rc < 0) { gnutls_assert (); @@ -259,11 +266,13 @@ _gnutls_finished (gnutls_session_t session, int type, void *ret) _gnutls_hash_deinit (&td_md5, concat); _gnutls_hash_deinit (&td_sha, &concat[16]); } - else if (session->security_parameters. - handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) + else if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) { - rc = _gnutls_hash_copy (&td_sha, &session->internals. - handshake_mac_handle.tls12.sha256); + rc = + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle. + tls12.sha256); if (rc < 0) { gnutls_assert (); @@ -475,7 +484,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, /* Parse the extensions (if any) */ - if (_gnutls_version_has_extensions(neg_version)) + if (_gnutls_version_has_extensions (neg_version)) { ret = _gnutls_parse_extensions (session, GNUTLS_EXT_APPLICATION, &data[pos], len); @@ -494,7 +503,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, return ret; } - if (_gnutls_version_has_extensions(neg_version)) + if (_gnutls_version_has_extensions (neg_version)) { ret = _gnutls_parse_extensions (session, GNUTLS_EXT_TLS, &data[pos], len); @@ -514,9 +523,11 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, session->internals.resumed_security_parameters.session_id_size = session_id_len; - session->internals.resumed_security_parameters.max_record_recv_size = + session->internals. + resumed_security_parameters.max_record_recv_size = session->security_parameters.max_record_recv_size; - session->internals.resumed_security_parameters.max_record_send_size = + session->internals. + resumed_security_parameters.max_record_send_size = session->security_parameters.max_record_send_size; resume_copy_required_values (session); @@ -569,16 +580,22 @@ _gnutls_handshake_hash_pending (gnutls_session_t session) if (siz > 0) { - if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, data, siz); - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, data, siz); - } - else if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, data, siz); - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, data, siz); - } + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, + data, siz); + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, + data, siz); + } + else if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, + data, siz); + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, + data, siz); + } } _gnutls_handshake_buffer_empty (session); @@ -958,7 +975,8 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, { int ret; - if (session->security_parameters.entity == GNUTLS_CLIENT && type == GNUTLS_HANDSHAKE_CLIENT_HELLO) + if (session->security_parameters.entity == GNUTLS_CLIENT + && type == GNUTLS_HANDSHAKE_CLIENT_HELLO) { /* do not hash immediatelly since the hash has not yet been initialized */ if ((ret = @@ -978,20 +996,22 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) { - if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, dataptr, - datalen); - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, dataptr, - datalen); - } - else if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, dataptr, - datalen); - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, dataptr, - datalen); - } + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, + dataptr, datalen); + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, + dataptr, datalen); + } + else if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, + dataptr, datalen); + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, + dataptr, datalen); + } } return 0; @@ -1230,14 +1250,16 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session, /* The idea here is to hash the previous message we received, * and add the one we just received into the handshake_hash_buffer. */ - if ((session->security_parameters.entity == GNUTLS_SERVER || recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO) && - (session->security_parameters.entity == GNUTLS_CLIENT || recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)) + if ((session->security_parameters.entity == GNUTLS_SERVER + || recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO) + && (session->security_parameters.entity == GNUTLS_CLIENT + || recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)) { if ((ret = _gnutls_handshake_hash_pending (session)) < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } /* here we buffer the handshake messages - needed at Finished message */ @@ -1360,22 +1382,23 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, case GNUTLS_HANDSHAKE_CLIENT_HELLO: case GNUTLS_HANDSHAKE_SERVER_HELLO: ret = _gnutls_recv_hello (session, dataptr, length32); - + /* dataptr is freed because the caller does not * need it */ gnutls_free (dataptr); if (data != NULL) *data = NULL; - + if (ret < 0) - break; + break; /* initialize the hashes for both - (client will know server's version * and server as well at this point) */ - if ((ret = _gnutls_handshake_hash_init (session)) < 0) { - gnutls_assert(); - return ret; - } + if ((ret = _gnutls_handshake_hash_init (session)) < 0) + { + gnutls_assert (); + return ret; + } break; case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: @@ -1664,7 +1687,7 @@ _gnutls_read_server_hello (gnutls_session_t session, /* Parse extensions. */ - if (_gnutls_version_has_extensions(version)) + if (_gnutls_version_has_extensions (version)) { ret = _gnutls_parse_extensions (session, GNUTLS_EXT_ANY, &data[pos], len); @@ -1836,7 +1859,8 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) } extdatalen = MAX_EXT_DATA_LENGTH - + session->internals.resumed_security_parameters.extensions. + + + session->internals.resumed_security_parameters.extensions. session_ticket_len; extdata = gnutls_malloc (extdatalen); if (extdata == NULL) @@ -1850,12 +1874,12 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) * version number to the previously established. */ if (SessionID == NULL) - { - if (rehandshake) /* already negotiated version thus version_max == negotiated version */ - hver = session->security_parameters.version; - else - hver = _gnutls_version_max (session); - } + { + if (rehandshake) /* already negotiated version thus version_max == negotiated version */ + hver = session->security_parameters.version; + else + hver = _gnutls_version_max (session); + } else { /* we are resuming a session */ hver = session->internals.resumed_security_parameters.version; @@ -1877,24 +1901,24 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) */ _gnutls_set_adv_version (session, hver); - if (session->internals.priorities.ssl3_record_version) - { - /* Honor the SSL3_RECORD_VERSION option - */ - _gnutls_set_current_version (session, GNUTLS_SSL3); - } + if (session->internals.priorities.ssl3_record_version) + { + /* Honor the SSL3_RECORD_VERSION option + */ + _gnutls_set_current_version (session, GNUTLS_SSL3); + } else - { - /* Some old implementations do not interoperate if we send a - * different version in the record layer. - * It seems they prefer to read the record's version - * as the one we actually requested. - * The proper behaviour is to use the one in the client hello - * handshake packet and ignore the one in the packet's record - * header. - */ - _gnutls_set_current_version (session, hver); - } + { + /* Some old implementations do not interoperate if we send a + * different version in the record layer. + * It seems they prefer to read the record's version + * as the one we actually requested. + * The proper behaviour is to use the one in the client hello + * handshake packet and ignore the one in the packet's record + * header. + */ + _gnutls_set_current_version (session, hver); + } /* In order to know when this session was initiated. */ @@ -1978,7 +2002,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) /* Generate and copy TLS extensions. */ - if (_gnutls_version_has_extensions(hver)) + if (_gnutls_version_has_extensions (hver)) { ret = _gnutls_gen_extensions (session, extdata, extdatalen); @@ -2274,57 +2298,63 @@ _gnutls_handshake_hash_init (gnutls_session_t session) /* set the hash type for handshake message hashing */ if (_gnutls_version_has_selectable_prf (ver)) - session->security_parameters.handshake_mac_handle_type = HANDSHAKE_MAC_TYPE_12; + session->security_parameters.handshake_mac_handle_type = + HANDSHAKE_MAC_TYPE_12; else - session->security_parameters.handshake_mac_handle_type = HANDSHAKE_MAC_TYPE_10; + session->security_parameters.handshake_mac_handle_type = + HANDSHAKE_MAC_TYPE_10; - if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_10) - { - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10.md5, - GNUTLS_MAC_MD5); + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_10) + { + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle. + tls10.md5, GNUTLS_MAC_MD5); - if (ret < 0) - { + if (ret < 0) + { gnutls_assert (); return ret; } - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10.sha, - GNUTLS_MAC_SHA1); - if (ret < 0) + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle. + tls10.sha, GNUTLS_MAC_SHA1); + if (ret < 0) + { + gnutls_assert (); + _gnutls_hash_deinit (&session->internals. + handshake_mac_handle.tls10.md5, NULL); + return GNUTLS_E_MEMORY_ERROR; + } + } + else if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) + { + /* The algorithm to compute hash over handshake messages must be + same as the one used as the basis for PRF. By now we use + SHA256. */ + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle. + tls12.sha256, GNUTLS_DIG_SHA256); + if (ret < 0) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle. + tls12.sha1, GNUTLS_DIG_SHA1); + if (ret < 0) { gnutls_assert (); - _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.md5, NULL); + _gnutls_hash_deinit (&session->internals. + handshake_mac_handle.tls12.sha256, NULL); return GNUTLS_E_MEMORY_ERROR; } - } - else if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) - { - /* The algorithm to compute hash over handshake messages must be - same as the one used as the basis for PRF. By now we use - SHA256. */ - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12.sha256, - GNUTLS_DIG_SHA256); - if (ret < 0) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12.sha1, - GNUTLS_DIG_SHA1); - if (ret < 0) - { - gnutls_assert (); - _gnutls_hash_deinit(&session->internals.handshake_mac_handle.tls12.sha256, NULL); - return GNUTLS_E_MEMORY_ERROR; - } - } + } session->internals.handshake_mac_handle_init = 1; } @@ -2842,7 +2872,8 @@ _gnutls_handshake_common (gnutls_session_t session) case STATE40: if (session->internals.session_ticket_renew) { - ret = _gnutls_send_new_session_ticket (session, AGAIN(STATE40)); + ret = + _gnutls_send_new_session_ticket (session, AGAIN (STATE40)); STATE = STATE40; IMED_RET ("send handshake new session ticket", ret, 0); } @@ -2857,10 +2888,10 @@ _gnutls_handshake_common (gnutls_session_t session) /* only store if we are not resuming */ if (session->security_parameters.entity == GNUTLS_SERVER) - { - /* in order to support session resuming */ - _gnutls_server_register_current_session (session); - } + { + /* in order to support session resuming */ + _gnutls_server_register_current_session (session); + } } else { /* if we are a client not resuming - or we are a server resuming */ diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 5e5b2aa6e1..45cdbc6e54 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -121,7 +121,7 @@ _gnutls_hash_copy (digest_hd_st * dst, digest_hd_st * src) { int result; - memset(dst, 0, sizeof(*dst)); + memset (dst, 0, sizeof (*dst)); dst->algorithm = src->algorithm; dst->registered = src->registered; dst->active = 1; @@ -167,9 +167,10 @@ _gnutls_hash_output (digest_hd_st * handle, void *digest) void _gnutls_hash_deinit (digest_hd_st * handle, void *digest) { - if (handle->active != 1) { - return; - } + if (handle->active != 1) + { + return; + } if (digest != NULL) _gnutls_hash_output (handle, digest); @@ -334,9 +335,10 @@ _gnutls_hmac_output (digest_hd_st * handle, void *digest) void _gnutls_hmac_deinit (digest_hd_st * handle, void *digest) { - if (handle->active != 1) { - return; - } + if (handle->active != 1) + { + return; + } if (digest) _gnutls_hmac_output (handle, digest); diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index 8365d06928..8a71b0a636 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -341,10 +341,10 @@ _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi, result = _gnutls_mpi_print_lz (mpi, NULL, &s_len); else result = _gnutls_mpi_print (mpi, NULL, &s_len); - + if (result != 0) { - gnutls_assert(); + gnutls_assert (); return result; } diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 5248b4f1e1..7fab2c797d 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -452,8 +452,9 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) * This will be overridden later. */ if (session->internals.priorities.protocol.algorithms > 0) - _gnutls_set_current_version (session, session->internals. - priorities.protocol.priority[0]); + _gnutls_set_current_version (session, + session->internals.priorities. + protocol.priority[0]); return 0; } @@ -548,8 +549,7 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) **/ int gnutls_priority_init (gnutls_priority_t * priority_cache, - const char *priorities, - const char **err_pos) + const char *priorities, const char **err_pos) { char *broken_list[MAX_ELEMENTS]; int broken_list_size, i, j; @@ -599,14 +599,16 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, cipher_priority_performance); _set_priority (&(*priority_cache)->kx, kx_priority_performance); _set_priority (&(*priority_cache)->mac, mac_priority_performance); - _set_priority (&(*priority_cache)->sign_algo, sign_priority_default); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); } else if (strcasecmp (broken_list[i], "NORMAL") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_normal); _set_priority (&(*priority_cache)->kx, kx_priority_secure); _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, sign_priority_default); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); } else if (strcasecmp (broken_list[i], "SECURE256") == 0 || strcasecmp (broken_list[i], "SECURE") == 0) @@ -615,7 +617,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, cipher_priority_secure256); _set_priority (&(*priority_cache)->kx, kx_priority_secure); _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, sign_priority_secure256); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_secure256); } else if (strcasecmp (broken_list[i], "SECURE128") == 0) { @@ -623,14 +626,16 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, cipher_priority_secure128); _set_priority (&(*priority_cache)->kx, kx_priority_secure); _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, sign_priority_secure128); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_secure128); } else if (strcasecmp (broken_list[i], "EXPORT") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_export); _set_priority (&(*priority_cache)->kx, kx_priority_export); _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, sign_priority_default); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); } /* now check if the element is something like -ALGO */ else if (broken_list[i][0] == '!' || broken_list[i][0] == '+' || broken_list[i][0] == '-') @@ -655,8 +660,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, gnutls_protocol_get_id (&broken_list[i][6])) != GNUTLS_VERSION_UNKNOWN) fn (&(*priority_cache)->protocol, algo); - else - goto error; + else + goto error; } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0) { @@ -664,8 +669,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, gnutls_compression_get_id (&broken_list[i][6])) != GNUTLS_COMP_UNKNOWN) fn (&(*priority_cache)->compression, algo); - else - goto error; + else + goto error; } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0) { @@ -673,8 +678,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, gnutls_certificate_type_get_id (&broken_list[i][7])) != GNUTLS_CRT_UNKNOWN) fn (&(*priority_cache)->cert_type, algo); - else - goto error; + else + goto error; } /* now check if the element is something like -ALGO */ else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0) { @@ -682,8 +687,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, gnutls_sign_get_id (&broken_list[i][6])) != GNUTLS_SIGN_UNKNOWN) fn (&(*priority_cache)->sign_algo, algo); - else - goto error; + else + goto error; } /* now check if the element is something like -ALGO */ else goto error; @@ -694,11 +699,11 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, (*priority_cache)->no_padding = 1; else if (strcasecmp (&broken_list[i][1], "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) - { - prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); + { + prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); (*priority_cache)->additional_verify_flags |= - GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; - } + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; + } else if (strcasecmp (&broken_list[i][1], "SSL3_RECORD_VERSION") == 0) (*priority_cache)->ssl3_record_version = 1; @@ -760,8 +765,7 @@ gnutls_priority_deinit (gnutls_priority_t priority_cache) **/ int gnutls_priority_set_direct (gnutls_session_t session, - const char *priorities, - const char **err_pos) + const char *priorities, const char **err_pos) { gnutls_priority_t prio; int ret; diff --git a/lib/gnutls_psk.c b/lib/gnutls_psk.c index 5e8bc3c381..71b5ad2504 100644 --- a/lib/gnutls_psk.c +++ b/lib/gnutls_psk.c @@ -407,7 +407,7 @@ int gnutls_hex_encode (const gnutls_datum_t * data, char *result, size_t * result_size) { -size_t res = data->size + data->size + 1; + size_t res = data->size + data->size + 1; if (*result_size < res) { @@ -417,7 +417,7 @@ size_t res = data->size + data->size + 1; _gnutls_bin2hex (data->data, data->size, result, *result_size); *result_size = res; - + return 0; } diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 62df871517..9df7128096 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -373,7 +373,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, ("REC[%p]: Sending Packet[%d] %s(%d) with length: %d\n", session, (int) _gnutls_uint64touint32 (&session->connection_state. write_sequence_number), - _gnutls_packet2str (type), type, (int)sizeofdata); + _gnutls_packet2str (type), type, (int) sizeofdata); if (sizeofdata > MAX_RECORD_SEND_SIZE) data2send_size = MAX_RECORD_SEND_SIZE; @@ -744,12 +744,14 @@ record_check_type (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_SERVER) { gnutls_assert (); - ret = _gnutls_record_buffer_put (recv_type, session, (void *) data, data_size); - if (ret < 0) - { - gnutls_assert(); - return ret; - } + ret = + _gnutls_record_buffer_put (recv_type, session, (void *) data, + data_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } return GNUTLS_E_REHANDSHAKE; } @@ -947,7 +949,7 @@ begin: ("REC[%p]: Expected Packet[%d] %s(%d) with length: %d\n", session, (int) _gnutls_uint64touint32 (&session->connection_state. read_sequence_number), - _gnutls_packet2str (type), type, (int)sizeofdata); + _gnutls_packet2str (type), type, (int) sizeofdata); _gnutls_record_log ("REC[%p]: Received Packet[%d] %s(%d) with length: %d\n", session, (int) diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index 75b8870617..30c9e6b083 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -281,7 +281,8 @@ pack_certificate_auth_info (gnutls_session_t session, */ packed_session->data = gnutls_malloc (packed_session->size + MAX_SEC_PARAMS + 2 + - session->security_parameters.extensions.session_ticket_len); + session->security_parameters. + extensions.session_ticket_len); if (packed_session->data == NULL) { @@ -515,7 +516,8 @@ pack_srp_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session) */ packed_session->data = gnutls_malloc (packed_session->size + MAX_SEC_PARAMS + 2 + - session->security_parameters.extensions.session_ticket_len); + session->security_parameters. + extensions.session_ticket_len); if (packed_session->data == NULL) { @@ -621,7 +623,8 @@ pack_anon_auth_info (gnutls_session_t session, */ packed_session->data = gnutls_malloc (packed_session->size + MAX_SEC_PARAMS + 2 + - session->security_parameters.extensions.session_ticket_len); + session->security_parameters. + extensions.session_ticket_len); if (packed_session->data == NULL) { @@ -785,7 +788,8 @@ pack_psk_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session) */ packed_session->data = gnutls_malloc (packed_session->size + MAX_SEC_PARAMS + 2 + - session->security_parameters.extensions.session_ticket_len); + session->security_parameters. + extensions.session_ticket_len); if (packed_session->data == NULL) { @@ -1084,8 +1088,7 @@ pack_security_parameters (gnutls_session_t session, } _gnutls_write_uint16 (session->security_parameters.extensions. - session_ticket_len, - &packed_session->data[pos]); + session_ticket_len, &packed_session->data[pos]); pos += 2; memcpy (&packed_session->data[pos], session->security_parameters.extensions.session_ticket, @@ -1235,8 +1238,7 @@ unpack_security_parameters (gnutls_session_t session, gnutls_malloc (session->internals.resumed_security_parameters.extensions. session_ticket_len); memcpy (session->internals.resumed_security_parameters.extensions. - session_ticket, - &packed_session->data[pos], + session_ticket, &packed_session->data[pos], session->internals.resumed_security_parameters.extensions. session_ticket_len); diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 5e88241457..af14f6b029 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -126,9 +126,9 @@ _gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo, */ int _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, - gnutls_privkey * pkey, gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t * sign_algo) + gnutls_privkey * pkey, gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t * sign_algo) { gnutls_datum_t dconcat; int ret; @@ -137,8 +137,9 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, gnutls_protocol_t ver = gnutls_protocol_get_version (session); gnutls_digest_algorithm_t hash_algo; - *sign_algo = _gnutls_session_get_sign_algo(session, cert->subject_pk_algorithm, - &hash_algo); + *sign_algo = + _gnutls_session_get_sign_algo (session, cert->subject_pk_algorithm, + &hash_algo); if (*sign_algo == GNUTLS_SIGN_UNKNOWN) { gnutls_assert (); @@ -185,7 +186,7 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, dconcat.size = 36; } else - { /* TLS 1.2 way */ + { /* TLS 1.2 way */ gnutls_datum_t hash; _gnutls_hash_deinit (&td_sha, concat); @@ -202,10 +203,10 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, _gnutls_hash_deinit (&td_sha, concat); if (hash_algo != GNUTLS_DIG_SHA1) - { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } dconcat.data = concat; dconcat.size = 20; break; @@ -380,9 +381,9 @@ _gnutls_verify_sig (gnutls_cert * cert, */ int _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, - const gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t algo) + const gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t algo) { gnutls_datum_t dconcat; int ret; @@ -392,10 +393,10 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, gnutls_protocol_t ver = gnutls_protocol_get_version (session); gnutls_digest_algorithm_t hash_algo = GNUTLS_DIG_SHA1; - ret = _gnutls_session_sign_algo_enabled(session, algo); + ret = _gnutls_session_sign_algo_enabled (session, algo); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } @@ -455,7 +456,8 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, } ret = _gnutls_verify_sig (cert, &dconcat, signature, - dconcat.size - _gnutls_hash_get_algo_len (hash_algo), + dconcat.size - + _gnutls_hash_get_algo_len (hash_algo), _gnutls_sign_get_pk_algorithm (algo)); if (ret < 0) { @@ -472,8 +474,11 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, /* this is _gnutls_handshake_verify_cert_vrfy for TLS 1.2 */ -static int _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, gnutls_cert * cert, - gnutls_datum_t * signature, gnutls_sign_algorithm_t sign_algo) +static int +_gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, + gnutls_cert * cert, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t sign_algo) { int ret; opaque concat[MAX_SIG_SIZE]; @@ -481,26 +486,27 @@ static int _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, gnutl gnutls_datum_t dconcat; gnutls_sign_algorithm_t _sign_algo; gnutls_digest_algorithm_t hash_algo; - digest_hd_st* handshake_td; + digest_hd_st *handshake_td; handshake_td = &session->internals.handshake_mac_handle.tls12.sha1; hash_algo = handshake_td->algorithm; - _sign_algo = _gnutls_x509_pk_to_sign( cert->subject_pk_algorithm, hash_algo); + _sign_algo = + _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); if (_sign_algo != sign_algo) { handshake_td = &session->internals.handshake_mac_handle.tls12.sha256; hash_algo = handshake_td->algorithm; - _sign_algo = _gnutls_x509_pk_to_sign( cert->subject_pk_algorithm, hash_algo); + _sign_algo = + _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); if (sign_algo != _sign_algo) - { - gnutls_assert(); - return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; - } + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + } } - ret = - _gnutls_hash_copy (&td, handshake_td); + ret = _gnutls_hash_copy (&td, handshake_td); if (ret < 0) { gnutls_assert (); @@ -512,7 +518,9 @@ static int _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, gnutl dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len (hash_algo); - ret = _gnutls_verify_sig (cert, &dconcat, signature, 0, cert->subject_pk_algorithm); + ret = + _gnutls_verify_sig (cert, &dconcat, signature, 0, + cert->subject_pk_algorithm); if (ret < 0) { gnutls_assert (); @@ -527,8 +535,10 @@ static int _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, gnutl * verify message). */ int -_gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, gnutls_cert * cert, - gnutls_datum_t * signature, gnutls_sign_algorithm_t sign_algo) +_gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, + gnutls_cert * cert, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t sign_algo) { int ret; opaque concat[MAX_SIG_SIZE]; @@ -537,18 +547,22 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, gnutls_cert * cert gnutls_datum_t dconcat; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) { - return _gnutls_handshake_verify_cert_vrfy12(session, cert, signature, sign_algo); + return _gnutls_handshake_verify_cert_vrfy12 (session, cert, signature, + sign_algo); } - else if (session->security_parameters.handshake_mac_handle_type != HANDSHAKE_MAC_TYPE_10) + else if (session->security_parameters.handshake_mac_handle_type != + HANDSHAKE_MAC_TYPE_10) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } ret = - _gnutls_hash_copy (&td_md5, &session->internals.handshake_mac_handle.tls10.md5); + _gnutls_hash_copy (&td_md5, + &session->internals.handshake_mac_handle.tls10.md5); if (ret < 0) { gnutls_assert (); @@ -556,7 +570,8 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, gnutls_cert * cert } ret = - _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle.tls10.sha); + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle.tls10.sha); if (ret < 0) { gnutls_assert (); @@ -589,7 +604,9 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, gnutls_cert * cert dconcat.data = concat; dconcat.size = 20 + 16; /* md5+ sha */ - ret = _gnutls_verify_sig (cert, &dconcat, signature, 16, cert->subject_pk_algorithm); + ret = + _gnutls_verify_sig (cert, &dconcat, signature, 16, + cert->subject_pk_algorithm); if (ret < 0) { gnutls_assert (); @@ -602,9 +619,10 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, gnutls_cert * cert /* the same as _gnutls_handshake_sign_cert_vrfy except that it is made for TLS 1.2 */ -static int _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, - gnutls_cert * cert, gnutls_privkey * pkey, - gnutls_datum_t * signature) +static int +_gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, + gnutls_cert * cert, gnutls_privkey * pkey, + gnutls_datum_t * signature) { gnutls_datum_t dconcat; int ret; @@ -612,41 +630,47 @@ static int _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, digest_hd_st td; gnutls_sign_algorithm_t sign_algo; gnutls_digest_algorithm_t hash_algo; - digest_hd_st* handshake_td; + digest_hd_st *handshake_td; handshake_td = &session->internals.handshake_mac_handle.tls12.sha1; hash_algo = handshake_td->algorithm; - sign_algo = _gnutls_x509_pk_to_sign( cert->subject_pk_algorithm, hash_algo); + sign_algo = _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); /* The idea here is to try signing with the one of the algorithms * that have been initiated at handshake (SHA1, SHA256). If they * are not requested by peer... tough luck */ - ret = _gnutls_session_sign_algo_requested(session, sign_algo); + ret = _gnutls_session_sign_algo_requested (session, sign_algo); if (sign_algo == GNUTLS_SIGN_UNKNOWN || ret < 0) { handshake_td = &session->internals.handshake_mac_handle.tls12.sha256; hash_algo = handshake_td->algorithm; - sign_algo = _gnutls_x509_pk_to_sign( cert->subject_pk_algorithm, hash_algo); + sign_algo = + _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); if (sign_algo == GNUTLS_SIGN_UNKNOWN) - { - gnutls_assert(); - return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; - } - - ret = _gnutls_session_sign_algo_requested(session, sign_algo); + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + } + + ret = _gnutls_session_sign_algo_requested (session, sign_algo); if (ret < 0) - { - gnutls_assert(); - _gnutls_x509_log("Server did not allow either '%s' or '%s' for signing\n", gnutls_mac_get_name(hash_algo), gnutls_mac_get_name(session->internals.handshake_mac_handle.tls12.sha1.algorithm)); - return ret; - } + { + gnutls_assert (); + _gnutls_x509_log + ("Server did not allow either '%s' or '%s' for signing\n", + gnutls_mac_get_name (hash_algo), + gnutls_mac_get_name (session->internals. + handshake_mac_handle.tls12.sha1.algorithm)); + return ret; + } } - - _gnutls_x509_log("sign handshake cert vrfy: picked %s with %s\n", gnutls_sign_algorithm_get_name(sign_algo), gnutls_mac_get_name(hash_algo)); - ret = - _gnutls_hash_copy (&td, handshake_td); + _gnutls_x509_log ("sign handshake cert vrfy: picked %s with %s\n", + gnutls_sign_algorithm_get_name (sign_algo), + gnutls_mac_get_name (hash_algo)); + + ret = _gnutls_hash_copy (&td, handshake_td); if (ret < 0) { gnutls_assert (); @@ -678,8 +702,8 @@ static int _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, */ int _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, - gnutls_cert * cert, gnutls_privkey * pkey, - gnutls_datum_t * signature) + gnutls_cert * cert, gnutls_privkey * pkey, + gnutls_datum_t * signature) { gnutls_datum_t dconcat; int ret; @@ -688,18 +712,22 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, digest_hd_st td_sha; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - if (session->security_parameters.handshake_mac_handle_type == HANDSHAKE_MAC_TYPE_12) + if (session->security_parameters.handshake_mac_handle_type == + HANDSHAKE_MAC_TYPE_12) { - return _gnutls_handshake_sign_cert_vrfy12(session, cert, pkey, signature); + return _gnutls_handshake_sign_cert_vrfy12 (session, cert, pkey, + signature); } - else if (session->security_parameters.handshake_mac_handle_type != HANDSHAKE_MAC_TYPE_10) + else if (session->security_parameters.handshake_mac_handle_type != + HANDSHAKE_MAC_TYPE_10) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } - + ret = - _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle.tls10.sha); + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle.tls10.sha); if (ret < 0) { gnutls_assert (); @@ -727,7 +755,8 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, case GNUTLS_PK_RSA: ret = _gnutls_hash_copy (&td_md5, - &session->internals.handshake_mac_handle.tls10.md5); + &session->internals.handshake_mac_handle. + tls10.md5); if (ret < 0) { gnutls_assert (); diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 3ecca89b5d..3ba533b3c6 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -202,7 +202,7 @@ deinit_internal_params (gnutls_session_t session) if (session->internals.params.free_rsa_params) gnutls_rsa_params_deinit (session->internals.params.rsa_params); - _gnutls_handshake_hash_buffers_clear(session); + _gnutls_handshake_hash_buffers_clear (session); memset (&session->internals.params, 0, sizeof (session->internals.params)); } @@ -239,7 +239,7 @@ _gnutls_handshake_internal_state_init (gnutls_session_t session) void _gnutls_handshake_internal_state_clear (gnutls_session_t session) { - _gnutls_handshake_internal_state_init(session); + _gnutls_handshake_internal_state_init (session); _gnutls_free_datum (&session->internals.recv_buffer); @@ -913,7 +913,7 @@ _gnutls_PRF (gnutls_session_t session, memcpy (s_seed, label, label_size); memcpy (&s_seed[label_size], seed, seed_size); - if (_gnutls_version_has_selectable_prf(ver)) + if (_gnutls_version_has_selectable_prf (ver)) { result = _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size, @@ -1339,7 +1339,8 @@ _gnutls_rsa_pms_set_version (gnutls_session_t session, **/ void gnutls_handshake_set_post_client_hello_function (gnutls_session_t session, - gnutls_handshake_post_client_hello_func func) + gnutls_handshake_post_client_hello_func + func) { session->internals.user_hello_func = func; } @@ -1361,4 +1362,3 @@ gnutls_session_enable_compatibility_mode (gnutls_session_t session) { gnutls_record_disable_padding (session); } - diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c index a4c765e53f..4586b4b1ce 100644 --- a/lib/gnutls_str.c +++ b/lib/gnutls_str.c @@ -128,15 +128,15 @@ _gnutls_string_append_data (gnutls_string * dest, const void *data, if (dest->max_length >= tot_len) { - size_t unused = MEMSUB(dest->data, dest->allocd); - + size_t unused = MEMSUB (dest->data, dest->allocd); + if (dest->max_length - unused <= tot_len) - { - if (dest->length && dest->data) - memmove(dest->allocd, dest->data, dest->length); + { + if (dest->length && dest->data) + memmove (dest->allocd, dest->data, dest->length); - dest->data = dest->allocd; - } + dest->data = dest->allocd; + } memmove (&dest->data[dest->length], data, data_size); dest->length = tot_len; @@ -144,7 +144,7 @@ _gnutls_string_append_data (gnutls_string * dest, const void *data, } else { - size_t unused = MEMSUB(dest->data, dest->allocd); + size_t unused = MEMSUB (dest->data, dest->allocd); size_t new_len = MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); @@ -158,7 +158,7 @@ _gnutls_string_append_data (gnutls_string * dest, const void *data, dest->data = dest->allocd + unused; if (dest->length && dest->data) - memmove(dest->allocd, dest->data, dest->length); + memmove (dest->allocd, dest->data, dest->length); dest->data = dest->allocd; memcpy (&dest->data[dest->length], data, data_size); @@ -173,19 +173,19 @@ _gnutls_string_resize (gnutls_string * dest, size_t new_size) { if (dest->max_length >= new_size) { - size_t unused = MEMSUB(dest->data, dest->allocd); + size_t unused = MEMSUB (dest->data, dest->allocd); if (dest->max_length - unused <= new_size) - { - if (dest->length && dest->data) - memmove(dest->allocd, dest->data, dest->length); - dest->data = dest->allocd; - } + { + if (dest->length && dest->data) + memmove (dest->allocd, dest->data, dest->length); + dest->data = dest->allocd; + } return 0; } else { - size_t unused = MEMSUB(dest->data, dest->allocd); + size_t unused = MEMSUB (dest->data, dest->allocd); size_t alloc_len = MAX (new_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); @@ -199,7 +199,7 @@ _gnutls_string_resize (gnutls_string * dest, size_t new_size) dest->data = dest->allocd + unused; if (dest->length && dest->data) - memmove(dest->allocd, dest->data, dest->length); + memmove (dest->allocd, dest->data, dest->length); dest->data = dest->allocd; return 0; @@ -209,7 +209,7 @@ _gnutls_string_resize (gnutls_string * dest, size_t new_size) int _gnutls_string_append_str (gnutls_string * dest, const char *src) { - return _gnutls_string_append_data (dest, src, strlen(src)); + return _gnutls_string_append_data (dest, src, strlen (src)); } /* returns data from a string in a constant buffer. @@ -217,18 +217,19 @@ _gnutls_string_append_str (gnutls_string * dest, const char *src) * data are appended in the buffer. */ void -_gnutls_string_get_datum (gnutls_string * str, gnutls_datum_t *data, - size_t req_size) +_gnutls_string_get_datum (gnutls_string * str, gnutls_datum_t * data, + size_t req_size) { - if (str->length == 0) { + if (str->length == 0) + { data->data = NULL; data->size = 0; return; - } + } if (req_size > str->length) - req_size = str->length; + req_size = str->length; data->data = str->data; data->size = req_size; @@ -237,9 +238,10 @@ _gnutls_string_get_datum (gnutls_string * str, gnutls_datum_t *data, str->length -= req_size; /* if string becomes empty start from begining */ - if (str->length == 0) { + if (str->length == 0) + { str->data = str->allocd; - } + } return; } @@ -247,15 +249,14 @@ _gnutls_string_get_datum (gnutls_string * str, gnutls_datum_t *data, /* returns data from a string in a constant buffer. */ void -_gnutls_string_get_data (gnutls_string * str, void *data, - size_t *req_size) +_gnutls_string_get_data (gnutls_string * str, void *data, size_t * req_size) { gnutls_datum_t tdata; - _gnutls_string_get_datum( str, &tdata, *req_size); + _gnutls_string_get_datum (str, &tdata, *req_size); *req_size = tdata.size; - memcpy( data, tdata.data, tdata.size); + memcpy (data, tdata.data, tdata.size); return; } @@ -368,8 +369,7 @@ _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, */ int _gnutls_hostname_compare (const char *certname, - size_t certnamesize, - const char *hostname) + size_t certnamesize, const char *hostname) { /* find the first different character */ for (; *certname && *hostname && toupper (*certname) == toupper (*hostname); diff --git a/lib/gnutls_supplemental.c b/lib/gnutls_supplemental.c index d2439de12d..0e9a24c23b 100644 --- a/lib/gnutls_supplemental.c +++ b/lib/gnutls_supplemental.c @@ -141,7 +141,7 @@ _gnutls_gen_supplemental (gnutls_session_t session, gnutls_buffer * buf) buf->data[2] = (buf->length - 3) & 0xFF; _gnutls_debug_log ("EXT[%p]: Sending %d bytes of supplemental data\n", - session, (int)buf->length); + session, (int) buf->length); return buf->length; } diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index bb4f393e87..baed5fa556 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -289,7 +289,7 @@ gnutls_dh_get_secret_bits (gnutls_session_t session) } static int -mpi_buf2bits (gnutls_datum_t *mpi_buf) +mpi_buf2bits (gnutls_datum_t * mpi_buf) { bigint_t mpi; int rc; diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index ab7e44709f..810a569796 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -159,13 +159,13 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, return ret; } - + if (ret < 0) - { - gnutls_assert(); - CLEAR_CERTS; - return ret; - } + { + gnutls_assert (); + CLEAR_CERTS; + return ret; + } ret = check_bits (peer_certificate_list[i], cred->verify_bits); if (ret < 0) @@ -179,13 +179,14 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, /* Verify certificate */ - + ret = gnutls_x509_crt_list_verify (peer_certificate_list, peer_certificate_list_size, cred->x509_ca_list, cred->x509_ncas, cred->x509_crl_list, cred->x509_ncrls, - cred->verify_flags | session->internals.priorities.additional_verify_flags, - status); + cred->verify_flags | session-> + internals.priorities. + additional_verify_flags, status); CLEAR_CERTS; @@ -1577,7 +1578,7 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, *cert = NULL; *key = NULL; - *crl = NULL; + *crl = NULL; /* find the first private key */ for (;;) @@ -1649,12 +1650,12 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, { case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: case GNUTLS_BAG_PKCS8_KEY: - if (*key != NULL) /* too simple to continue */ - { - gnutls_assert(); - break; - } - + if (*key != NULL) /* too simple to continue */ + { + gnutls_assert (); + break; + } + ret = gnutls_x509_privkey_init (key); if (ret < 0) { @@ -1668,20 +1669,22 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_x509_privkey_deinit( *key); + gnutls_x509_privkey_deinit (*key); goto done; } - - key_id_size = sizeof(key_id); - ret = gnutls_x509_privkey_get_key_id( *key, 0, key_id, &key_id_size); + + key_id_size = sizeof (key_id); + ret = + gnutls_x509_privkey_get_key_id (*key, 0, key_id, + &key_id_size); if (ret < 0) { gnutls_assert (); - gnutls_x509_privkey_deinit( *key); + gnutls_x509_privkey_deinit (*key); goto done; } - - privkey_ok = 1; /* break */ + + privkey_ok = 1; /* break */ break; default: break; @@ -1690,14 +1693,14 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, idx++; gnutls_pkcs12_bag_deinit (bag); - - if (privkey_ok != 0) /* private key was found */ - break; + + if (privkey_ok != 0) /* private key was found */ + break; } - if (privkey_ok == 0) /* no private key */ + if (privkey_ok == 0) /* no private key */ { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -1773,11 +1776,11 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, switch (type) { case GNUTLS_BAG_CERTIFICATE: - if (*cert != NULL) /* no need to set it again */ - { - gnutls_assert(); - break; - } + if (*cert != NULL) /* no need to set it again */ + { + gnutls_assert (); + break; + } ret = gnutls_x509_crt_init (cert); if (ret < 0) @@ -1791,33 +1794,34 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_x509_crt_deinit( *cert); + gnutls_x509_crt_deinit (*cert); goto done; } /* check if the key id match */ - cert_id_size = sizeof(cert_id); - ret = gnutls_x509_crt_get_key_id( *cert, 0, cert_id, &cert_id_size); + cert_id_size = sizeof (cert_id); + ret = + gnutls_x509_crt_get_key_id (*cert, 0, cert_id, &cert_id_size); if (ret < 0) { gnutls_assert (); - gnutls_x509_crt_deinit( *cert); + gnutls_x509_crt_deinit (*cert); goto done; } - - if (memcmp( cert_id, key_id, cert_id_size) != 0) - { /* they don't match - skip the certificate */ - gnutls_x509_crt_deinit( *cert); - *cert = NULL; - } + + if (memcmp (cert_id, key_id, cert_id_size) != 0) + { /* they don't match - skip the certificate */ + gnutls_x509_crt_deinit (*cert); + *cert = NULL; + } break; case GNUTLS_BAG_CRL: if (*crl != NULL) - { - gnutls_assert(); - break; - } + { + gnutls_assert (); + break; + } ret = gnutls_x509_crl_init (crl); if (ret < 0) @@ -1830,7 +1834,7 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_x509_crl_deinit( *crl); + gnutls_x509_crl_deinit (*crl); goto done; } break; @@ -1905,9 +1909,11 @@ int gnutls_assert (); return GNUTLS_E_FILE_ERROR; } - - ret = gnutls_certificate_set_x509_simple_pkcs12_mem(res, &p12blob, type, password); - free(p12blob.data); + + ret = + gnutls_certificate_set_x509_simple_pkcs12_mem (res, &p12blob, type, + password); + free (p12blob.data); return ret; } @@ -1948,7 +1954,7 @@ int **/ int gnutls_certificate_set_x509_simple_pkcs12_mem - (gnutls_certificate_credentials_t res, const gnutls_datum_t *p12blob, + (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob, gnutls_x509_crt_fmt_t type, const char *password) { gnutls_pkcs12_t p12; diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c index b79002cd13..af94cea2e5 100644 --- a/lib/minitasn1/decoding.c +++ b/lib/minitasn1/decoding.c @@ -288,18 +288,20 @@ _asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len, leading = 1; for (k = 1; k < len; k++) { - + /* X.690 mandates that the leading byte must never be 0x80 */ - if (leading != 0 && der[len_len + k] == 0x80) return ASN1_DER_ERROR; + if (leading != 0 && der[len_len + k] == 0x80) + return ASN1_DER_ERROR; leading = 0; /* check for wrap around */ val = val << 7; val |= der[len_len + k] & 0x7F; - if (val < prev_val) return ASN1_DER_ERROR; + if (val < prev_val) + return ASN1_DER_ERROR; prev_val = val; @@ -313,7 +315,7 @@ _asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len, } } *ret_len = len + len_len; - + return ASN1_SUCCESS; } @@ -1054,8 +1056,9 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider, int len, move = RIGHT; break; case TYPE_OBJECT_ID: - result = _asn1_get_objectid_der (der + counter, len - counter, &len2, - temp, sizeof (temp)); + result = + _asn1_get_objectid_der (der + counter, len - counter, &len2, + temp, sizeof (temp)); if (result != ASN1_SUCCESS) { asn1_delete_structure (element); @@ -1670,12 +1673,13 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const char *elementName, case TYPE_OBJECT_ID: if (state == FOUND) { - result = _asn1_get_objectid_der (der + counter, len - counter, &len2, - temp, sizeof (temp)); - if (result != ASN1_SUCCESS) - { - return result; - } + result = + _asn1_get_objectid_der (der + counter, len - counter, + &len2, temp, sizeof (temp)); + if (result != ASN1_SUCCESS) + { + return result; + } tlen = strlen (temp); diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c index 5686809f01..3a08b5fda3 100644 --- a/lib/opencdk/armor.c +++ b/lib/opencdk/armor.c @@ -595,7 +595,8 @@ armor_decode (void *data, FILE * in, FILE * out) afx->crc_okay = (afx->crc == crc2) ? 1 : 0; if (!afx->crc_okay && !rc) { - _cdk_log_debug ("file crc=%08X afx_crc=%08X\n", (unsigned int)crc2, (unsigned int)afx->crc); + _cdk_log_debug ("file crc=%08X afx_crc=%08X\n", (unsigned int) crc2, + (unsigned int) afx->crc); rc = CDK_Armor_CRC_Error; } diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c index 314fefedc4..85281c69b5 100644 --- a/lib/opencdk/keydb.c +++ b/lib/opencdk/keydb.c @@ -663,7 +663,8 @@ keydb_cache_add (cdk_keydb_search_t dbs, off_t offset) k->next = dbs->cache; dbs->cache = k; dbs->ncache++; - _cdk_log_debug ("cache: add entry off=%d type=%d\n", (int)offset, (int)dbs->type); + _cdk_log_debug ("cache: add entry off=%d type=%d\n", (int) offset, + (int) dbs->type); return 0; } diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c index 1dde4a163e..d76f795654 100644 --- a/lib/opencdk/literal.c +++ b/lib/opencdk/literal.c @@ -121,7 +121,7 @@ literal_decode (void *data, FILE * in, FILE * out) while (!feof (in)) { _cdk_log_debug ("literal_decode: part on %d size %lu\n", - (int)pfx->blkmode.on, pfx->blkmode.size); + (int) pfx->blkmode.on, pfx->blkmode.size); if (pfx->blkmode.on) bufsize = pfx->blkmode.size; else @@ -200,7 +200,7 @@ literal_encode (void *data, FILE * in, FILE * out) filelen = strlen (pfx->filename); cdk_pkt_new (&pkt); pt = pkt->pkt.literal = cdk_calloc (1, sizeof *pt + filelen); - pt->name = (char*) pt + sizeof(*pt); + pt->name = (char *) pt + sizeof (*pt); if (!pt) { cdk_pkt_release (pkt); diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c index 0df82a1f15..1331253df6 100644 --- a/lib/opencdk/misc.c +++ b/lib/opencdk/misc.c @@ -97,7 +97,7 @@ cdk_strlist_add (cdk_strlist_t * list, const char *string) sl = cdk_calloc (1, sizeof *sl + strlen (string) + 2); if (!sl) return NULL; - sl->d = (char*) sl + sizeof(*sl); + sl->d = (char *) sl + sizeof (*sl); strcpy (sl->d, string); sl->next = *list; *list = sl; diff --git a/lib/opencdk/new-packet.c b/lib/opencdk/new-packet.c index 9159af0043..dc5304b8bb 100644 --- a/lib/opencdk/new-packet.c +++ b/lib/opencdk/new-packet.c @@ -388,7 +388,7 @@ _cdk_copy_userid (cdk_pkt_userid_t * dst, cdk_pkt_userid_t src) u = cdk_calloc (1, sizeof *u + strlen (src->name) + 2); if (!u) return CDK_Out_Of_Core; - u->name = (char*)u + sizeof(*u); + u->name = (char *) u + sizeof (*u); memcpy (u, src, sizeof *u); memcpy (u->name, src->name, strlen (src->name)); @@ -627,7 +627,7 @@ cdk_subpkt_new (size_t size) s = cdk_calloc (1, sizeof *s + size + 2); if (!s) return NULL; - s->d = (char*)s + sizeof(*s); + s->d = (char *) s + sizeof (*s); return s; } diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index 97e844be0f..a2ab51b166 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -128,15 +128,15 @@ read_mpi (cdk_stream_t inp, bigint_t * ret_m, int secure) if (nbits > MAX_MPI_BITS || nbits == 0) { - _cdk_log_debug ("read_mpi: too large %d bits\n",(int) nbits); + _cdk_log_debug ("read_mpi: too large %d bits\n", (int) nbits); return CDK_MPI_Error; /* Sanity check */ } rc = stream_read (inp, buf + 2, nread, &nread); if (!rc && nread != ((nbits + 7) / 8)) { - _cdk_log_debug ("read_mpi: too short %d < %d\n", (int)nread, - (int)((nbits + 7) / 8)); + _cdk_log_debug ("read_mpi: too short %d < %d\n", (int) nread, + (int) ((nbits + 7) / 8)); return CDK_MPI_Error; } @@ -197,7 +197,7 @@ read_pubkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_pubkey_enc: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_pubkey_enc: %d octets\n", (int) pktlen); if (pktlen < 12) return CDK_Inv_Packet; @@ -251,7 +251,7 @@ read_compressed (cdk_stream_t inp, size_t pktlen, cdk_pkt_compressed_t c) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_compressed: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_compressed: %d octets\n", (int) pktlen); c->algorithm = cdk_stream_getc (inp); if (c->algorithm > 3) @@ -278,7 +278,7 @@ read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_public_key: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_public_key: %d octets\n", (int) pktlen); pk->is_invalid = 1; /* default to detect missing self signatures */ pk->is_revoked = 0; @@ -336,7 +336,7 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_secret_key: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_secret_key: %d octets\n", (int) pktlen); p1 = cdk_stream_tell (inp); rc = read_public_key (inp, pktlen, sk->pk); @@ -631,7 +631,7 @@ read_onepass_sig (cdk_stream_t inp, size_t pktlen, cdk_pkt_onepass_sig_t sig) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_onepass_sig: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_onepass_sig: %d octets\n", (int) pktlen); if (pktlen != 13) return CDK_Inv_Packet; @@ -730,7 +730,7 @@ read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig) return CDK_Inv_Value; if (DEBUG_PKT) - _cdk_log_debug ("read_signature: %d octets\n", (int)pktlen); + _cdk_log_debug ("read_signature: %d octets\n", (int) pktlen); if (pktlen < 16) return CDK_Inv_Packet; @@ -836,7 +836,7 @@ read_literal (cdk_stream_t inp, size_t pktlen, *ret_pt = pt = cdk_realloc (pt, sizeof *pt + pt->namelen + 2); if (!pt) return CDK_Out_Of_Core; - pt->name = (char*)pt + sizeof(*pt); + pt->name = (char *) pt + sizeof (*pt); rc = stream_read (inp, pt->name, pt->namelen, &nread); if (rc) return rc; @@ -958,7 +958,8 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt) if (!(ctb & 0x80)) { _cdk_log_info ("cdk_pkt_read: no openpgp data found. " - "(ctb=%02X; fpos=%02X)\n",(int) ctb, (int)cdk_stream_tell (inp)); + "(ctb=%02X; fpos=%02X)\n", (int) ctb, + (int) cdk_stream_tell (inp)); return CDK_Inv_Packet; } @@ -998,7 +999,8 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt) + pkt->pktlen + 16 + 1); if (!pkt->pkt.user_id) return CDK_Out_Of_Core; - pkt->pkt.user_id->name = (char*)pkt->pkt.user_id + sizeof(*pkt->pkt.user_id); + pkt->pkt.user_id->name = + (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id); rc = read_attribute (inp, pktlen, pkt->pkt.user_id); pkt->pkttype = CDK_PKT_ATTRIBUTE; @@ -1009,7 +1011,8 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt) + pkt->pktlen + 1); if (!pkt->pkt.user_id) return CDK_Out_Of_Core; - pkt->pkt.user_id->name = (char*)pkt->pkt.user_id + sizeof(*pkt->pkt.user_id); + pkt->pkt.user_id->name = + (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id); rc = read_user_id (inp, pktlen, pkt->pkt.user_id); break; diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c index d4e2c74b9d..5dc9da6fd1 100644 --- a/lib/opencdk/sig-check.c +++ b/lib/opencdk/sig-check.c @@ -542,8 +542,8 @@ cdk_pk_check_sigs (cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status) } _cdk_log_debug ("signature %s: signer %08X keyid %08X\n", - rc == CDK_Bad_Sig ? "BAD" : "good", (unsigned int)sig->keyid[1], - (unsigned int)keyid); + rc == CDK_Bad_Sig ? "BAD" : "good", + (unsigned int) sig->keyid[1], (unsigned int) keyid); if (IS_UID_SIG (sig) && uid_name != NULL) { diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c index eaeb637587..82f8155b01 100644 --- a/lib/opencdk/stream.c +++ b/lib/opencdk/stream.c @@ -1056,7 +1056,7 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t count) memcpy (s->cache.buf, old, s->cache.size); cdk_free (old); _cdk_log_debug ("stream: enlarge cache to %d octets\n", - (int)s->cache.alloced); + (int) s->cache.alloced); } memcpy (s->cache.buf + s->cache.size, buf, count); s->cache.size += count; @@ -1575,7 +1575,8 @@ _cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes) { assert (s); - _cdk_log_debug ("stream: activate block mode with blocksize %d\n", (int)nbytes); + _cdk_log_debug ("stream: activate block mode with blocksize %d\n", + (int) nbytes); s->blkmode = nbytes; return 0; } diff --git a/lib/opencdk/verify.c b/lib/opencdk/verify.c index e6e560fae1..1b17940787 100644 --- a/lib/opencdk/verify.c +++ b/lib/opencdk/verify.c @@ -58,7 +58,8 @@ struct }; -static cdk_error_t file_verify_clearsign (cdk_ctx_t, const char *, const char *); +static cdk_error_t file_verify_clearsign (cdk_ctx_t, const char *, + const char *); /** diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c index fb50075390..0f2a9e059e 100644 --- a/lib/openpgp/gnutls_openpgp.c +++ b/lib/openpgp/gnutls_openpgp.c @@ -459,8 +459,8 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, * Since: 2.4.0 **/ int -gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t res, - const char *certfile, +gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t + res, const char *certfile, const char *keyfile, const char *subkey_id, gnutls_openpgp_crt_fmt_t format) @@ -566,8 +566,8 @@ gnutls_openpgp_count_key_names (const gnutls_datum_t * cert) * negative error value. **/ int -gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t c, - const char *file, +gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t + c, const char *file, gnutls_openpgp_crt_fmt_t format) { gnutls_datum_t ring; @@ -613,8 +613,8 @@ gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t c, * negative error value. **/ int -gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t c, - const opaque * data, +gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t + c, const opaque * data, size_t dlen, gnutls_openpgp_crt_fmt_t format) { @@ -800,7 +800,7 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) memset (gcert, 0, sizeof (gnutls_cert)); gcert->cert_type = GNUTLS_CRT_OPENPGP; - gcert->sign_algo = GNUTLS_SIGN_UNKNOWN; /* N/A here */ + gcert->sign_algo = GNUTLS_SIGN_UNKNOWN; /* N/A here */ gcert->version = gnutls_openpgp_crt_get_version (cert); gcert->params_size = MAX_PUBLIC_PARAMS_SIZE; diff --git a/lib/openpgp/output.c b/lib/openpgp/output.c index bd395841a6..58a6a1ab4d 100644 --- a/lib/openpgp/output.c +++ b/lib/openpgp/output.c @@ -520,7 +520,8 @@ gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert, print_oneline (&str, cert); else { - _gnutls_string_append_str (&str, _("OpenPGP Certificate Information:\n")); + _gnutls_string_append_str (&str, + _("OpenPGP Certificate Information:\n")); print_cert (&str, cert); } diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index aa2a235a23..0d62b36409 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -200,11 +200,11 @@ _gnutls_openpgp_export (cdk_kbnode_t node, *output_data_size = calc_size; if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } } return 0; @@ -363,7 +363,7 @@ gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, if (buf) { memcpy (buf, uid->name, uid->len); - buf[uid->len] = '\0'; /* make sure it's a string */ + buf[uid->len] = '\0'; /* make sure it's a string */ } *sizeof_buf = uid->len + 1; diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 74fa84235e..0702a2c186 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -791,9 +791,7 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) result = _gnutls_x509_encode_and_copy_PKI_params (crq->crq, "certificationRequestInfo.subjectPKInfo", - key->pk_algorithm, - key->params, - key->params_size); + key->pk_algorithm, key->params, key->params_size); if (result < 0) { @@ -923,9 +921,7 @@ gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq, result = _gnutls_x509_encode_and_copy_PKI_params (crq->crq, "certificationRequestInfo.subjectPKInfo", - GNUTLS_PK_RSA, - temp_params, - RSA_PUBLIC_PARAMS); + GNUTLS_PK_RSA, temp_params, RSA_PUBLIC_PARAMS); if (result < 0) { @@ -977,8 +973,7 @@ gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, result = _gnutls_x509_encode_and_write_attribute ("1.2.840.113549.1.9.7", crq->crq, - "certificationRequestInfo.attributes.?LAST", - pass, strlen (pass), 1); + "certificationRequestInfo.attributes.?LAST", pass, strlen (pass), 1); if (result < 0) { gnutls_assert (); @@ -1400,7 +1395,7 @@ gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx, result = 0; - out: +out: gnutls_free (extensions); return result; } @@ -1652,8 +1647,7 @@ get_subject_alt_name (gnutls_x509_crq_t crq, /* Extract extension. */ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0, - NULL, &dns_size, - critical); + NULL, &dns_size, critical); if (result < 0) { gnutls_assert (); @@ -2093,8 +2087,7 @@ gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, /* Extract extension. */ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0, - NULL, &prev_size, - critical); + NULL, &prev_size, critical); prev.size = prev_size; if (result < 0) @@ -2193,8 +2186,7 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, /* Read existing extension, if there is one. */ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0, - NULL, &prev_size, - &critical); + NULL, &prev_size, &critical); prev.size = prev_size; switch (result) @@ -2418,8 +2410,9 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, } pubkey.size = 0; - result = asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", - NULL, &pubkey.size, NULL); + result = + asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", NULL, + &pubkey.size, NULL); if (result != ASN1_MEM_ERROR) { gnutls_assert (); @@ -2433,8 +2426,9 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, return GNUTLS_E_MEMORY_ERROR; } - result = asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", - pubkey.data, &pubkey.size, NULL); + result = + asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", + pubkey.data, &pubkey.size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert (); diff --git a/lib/x509/dn.c b/lib/x509/dn.c index daf14dfece..89b84bd34b 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -308,7 +308,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, if (buf) { - _gnutls_string_get_data( &out_str, buf, sizeof_buf); + _gnutls_string_get_data (&out_str, buf, sizeof_buf); buf[*sizeof_buf] = 0; } else @@ -997,7 +997,7 @@ gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data) int result; char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - result = asn1_der_decoding ((ASN1_TYPE *) &dn, + result = asn1_der_decoding ((ASN1_TYPE *) & dn, data->data, data->size, err); if (result != ASN1_SUCCESS) { @@ -1022,7 +1022,7 @@ gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data) void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn) { - asn1_delete_structure ((ASN1_TYPE *) &dn); + asn1_delete_structure ((ASN1_TYPE *) & dn); } /** diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 6bfb402175..18d455d34f 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -52,7 +52,7 @@ _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, gnutls_datum_t auth_safe = { NULL, 0 }; int len, result; char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - + len = sizeof (oid) - 1; result = asn1_read_value (pkcs12, "authSafe.contentType", oid, &len); if (result != ASN1_SUCCESS) @@ -95,7 +95,7 @@ _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, if (result != ASN1_SUCCESS) { gnutls_assert (); - _gnutls_x509_log("DER error: %s\n", error_str); + _gnutls_x509_log ("DER error: %s\n", error_str); result = _gnutls_asn2err (result); goto cleanup; } @@ -233,11 +233,12 @@ gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, need_free = 1; } - result = asn1_der_decoding (&pkcs12->pkcs12, _data.data, _data.size, error_str); + result = + asn1_der_decoding (&pkcs12->pkcs12, _data.data, _data.size, error_str); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err (result); - _gnutls_x509_log("DER error: %s\n", error_str); + _gnutls_x509_log ("DER error: %s\n", error_str); gnutls_assert (); goto cleanup; } @@ -427,7 +428,8 @@ _pkcs12_decode_safe_contents (const gnutls_datum_t * content, goto cleanup; } - if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL || bag_type == GNUTLS_BAG_SECRET) + if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL + || bag_type == GNUTLS_BAG_SECRET) { gnutls_datum_t tmp = bag->element[i].data; diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index 9ed23af347..42ff1b4e23 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -182,90 +182,90 @@ _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type, int ret; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - switch(type) + switch (type) { - case GNUTLS_BAG_CERTIFICATE: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + case GNUTLS_BAG_CERTIFICATE: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-CertBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_der_decoding (&c2, in->data, in->size, NULL); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_read_value (c2, "certValue", out, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - case GNUTLS_BAG_CRL: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_der_decoding (&c2, in->data, in->size, NULL); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_read_value (c2, "certValue", out, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + case GNUTLS_BAG_CRL: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-CRLBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_der_decoding (&c2, in->data, in->size, NULL); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_read_value (c2, "crlValue", out, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - case GNUTLS_BAG_SECRET: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_der_decoding (&c2, in->data, in->size, NULL); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_read_value (c2, "crlValue", out, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + case GNUTLS_BAG_SECRET: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-SecretBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_der_decoding (&c2, in->data, in->size, NULL); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_read_value (c2, "secretValue", out, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - default: - gnutls_assert(); - asn1_delete_structure (&c2); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_der_decoding (&c2, in->data, in->size, NULL); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_read_value (c2, "secretValue", out, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + default: + gnutls_assert (); + asn1_delete_structure (&c2); + return GNUTLS_E_UNIMPLEMENTED_FEATURE; } asn1_delete_structure (&c2); @@ -287,90 +287,90 @@ _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type, int ret; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - switch(type) + switch (type) { - case GNUTLS_BAG_CERTIFICATE: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + case GNUTLS_BAG_CERTIFICATE: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-CertBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_write_value (c2, "certId", X509_CERT_OID, 1); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_write_value (c2, "certValue", raw, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - case GNUTLS_BAG_CRL: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_write_value (c2, "certId", X509_CERT_OID, 1); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_write_value (c2, "certValue", raw, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + case GNUTLS_BAG_CRL: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-CRLBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_write_value (c2, "crlId", X509_CRL_OID, 1); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_write_value (c2, "crlValue", raw, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - case GNUTLS_BAG_SECRET: - if ((ret = asn1_create_element (_gnutls_get_pkix (), + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_write_value (c2, "crlId", X509_CRL_OID, 1); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_write_value (c2, "crlValue", raw, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + case GNUTLS_BAG_SECRET: + if ((ret = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-SecretBag", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = asn1_write_value (c2, "secretTypeId", RANDOM_NONCE_OID, 1); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - ret = _gnutls_x509_write_value (c2, "secretValue", raw, 1); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; - - default: - gnutls_assert(); - asn1_delete_structure (&c2); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = asn1_write_value (c2, "secretTypeId", RANDOM_NONCE_OID, 1); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } + + ret = _gnutls_x509_write_value (c2, "secretValue", raw, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; + + default: + gnutls_assert (); + asn1_delete_structure (&c2); + return GNUTLS_E_UNIMPLEMENTED_FEATURE; } ret = _gnutls_x509_der_encode (c2, "", out, 0); @@ -805,7 +805,7 @@ gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, return GNUTLS_E_INVALID_REQUEST; } - id = _gnutls_pkcs_flags_to_schema(flags); + id = _gnutls_pkcs_flags_to_schema (flags); /* Now encrypt them. */ diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index fa14858b7d..24dce8b683 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -108,7 +108,7 @@ check_schema (const char *oid) { if (strcmp (oid, PBES2_OID) == 0) - return PBES2_GENERIC; /* ok */ + return PBES2_GENERIC; /* ok */ if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0) return PKCS12_3DES_SHA1; @@ -362,86 +362,96 @@ error: } -static const char* cipher_to_pkcs_params(int cipher, const char** oid) +static const char * +cipher_to_pkcs_params (int cipher, const char **oid) { - switch(cipher) - { - case GNUTLS_CIPHER_AES_128_CBC: - if (oid) *oid = AES_128_CBC_OID; - return "PKIX1.pkcs-5-aes128-CBC-params"; - break; - case GNUTLS_CIPHER_AES_192_CBC: - if (oid) *oid = AES_192_CBC_OID; - return "PKIX1.pkcs-5-aes192-CBC-params"; - break; - case GNUTLS_CIPHER_AES_256_CBC: - if (oid) *oid = AES_256_CBC_OID; - return "PKIX1.pkcs-5-aes256-CBC-params"; - break; - case GNUTLS_CIPHER_3DES_CBC: - if (oid) *oid = DES_EDE3_CBC_OID; - return "PKIX1.pkcs-5-des-EDE3-CBC-params"; - break; - default: - return NULL; - break; + switch (cipher) + { + case GNUTLS_CIPHER_AES_128_CBC: + if (oid) + *oid = AES_128_CBC_OID; + return "PKIX1.pkcs-5-aes128-CBC-params"; + break; + case GNUTLS_CIPHER_AES_192_CBC: + if (oid) + *oid = AES_192_CBC_OID; + return "PKIX1.pkcs-5-aes192-CBC-params"; + break; + case GNUTLS_CIPHER_AES_256_CBC: + if (oid) + *oid = AES_256_CBC_OID; + return "PKIX1.pkcs-5-aes256-CBC-params"; + break; + case GNUTLS_CIPHER_3DES_CBC: + if (oid) + *oid = DES_EDE3_CBC_OID; + return "PKIX1.pkcs-5-des-EDE3-CBC-params"; + break; + default: + return NULL; + break; } } -static int cipher_to_schema(int cipher) +static int +cipher_to_schema (int cipher) { - switch(cipher) - { - case GNUTLS_CIPHER_AES_128_CBC: - return PBES2_AES_128; - break; - case GNUTLS_CIPHER_AES_192_CBC: - return PBES2_AES_192; - break; - case GNUTLS_CIPHER_AES_256_CBC: - return PBES2_AES_256; - break; - case GNUTLS_CIPHER_3DES_CBC: - return PBES2_3DES; - break; - default: - return GNUTLS_E_UNKNOWN_CIPHER_TYPE; - break; + switch (cipher) + { + case GNUTLS_CIPHER_AES_128_CBC: + return PBES2_AES_128; + break; + case GNUTLS_CIPHER_AES_192_CBC: + return PBES2_AES_192; + break; + case GNUTLS_CIPHER_AES_256_CBC: + return PBES2_AES_256; + break; + case GNUTLS_CIPHER_3DES_CBC: + return PBES2_3DES; + break; + default: + return GNUTLS_E_UNKNOWN_CIPHER_TYPE; + break; } } -int _gnutls_pkcs_flags_to_schema(unsigned int flags) +int +_gnutls_pkcs_flags_to_schema (unsigned int flags) { -int schema; - - if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) - schema = PKCS12_ARCFOUR_SHA1; - else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) - schema = PKCS12_RC2_40_SHA1; - else if (flags & GNUTLS_PKCS_USE_PBES2_3DES) - schema = PBES2_3DES; - else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128) - schema = PBES2_AES_128; - else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192) - schema = PBES2_AES_192; - else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256) - schema = PBES2_AES_256; - else { - gnutls_assert(); + int schema; + + if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) + schema = PKCS12_ARCFOUR_SHA1; + else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) + schema = PKCS12_RC2_40_SHA1; + else if (flags & GNUTLS_PKCS_USE_PBES2_3DES) + schema = PBES2_3DES; + else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128) + schema = PBES2_AES_128; + else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192) + schema = PBES2_AES_192; + else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256) + schema = PBES2_AES_256; + else + { + gnutls_assert (); _gnutls_x509_log - ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", flags); + ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", + flags); schema = PKCS12_3DES_SHA1; } - return schema; + return schema; } /* returns the OID corresponding to given schema */ -static int schema_to_oid(schema_id schema, const char** str_oid) +static int +schema_to_oid (schema_id schema, const char **str_oid) { -int result = 0; + int result = 0; switch (schema) { @@ -461,11 +471,11 @@ int result = 0; *str_oid = PKCS12_PBE_RC2_40_SHA1_OID; break; default: - gnutls_assert(); + gnutls_assert (); result = GNUTLS_E_INTERNAL_ERROR; } - - return result; + + return result; } /* Converts a PKCS #8 private key info to @@ -481,7 +491,7 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; struct pbkdf2_params kdf_params; struct pbe_enc_params enc_params; - const char* str_oid; + const char *str_oid; if ((result = @@ -496,16 +506,15 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, /* Write the encryption schema OID */ - result = schema_to_oid(schema, &str_oid); + result = schema_to_oid (schema, &str_oid); if (result < 0) { - gnutls_assert(); + gnutls_assert (); return result; } result = - asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", - str_oid, 1); + asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", str_oid, 1); if (result != ASN1_SUCCESS) { @@ -628,7 +637,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, return ret; } - schema = _gnutls_pkcs_flags_to_schema(flags); + schema = _gnutls_pkcs_flags_to_schema (flags); if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) { @@ -669,7 +678,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, * schema ID. */ static int -read_pkcs_schema_params (schema_id *schema, const char *password, +read_pkcs_schema_params (schema_id * schema, const char *password, const opaque * data, int data_size, struct pbkdf2_params *kdf_params, struct pbe_enc_params *enc_params) @@ -726,14 +735,14 @@ read_pkcs_schema_params (schema_id *schema, const char *password, } asn1_delete_structure (&pbes2_asn); - - result = cipher_to_schema(enc_params->cipher); + + result = cipher_to_schema (enc_params->cipher); if (result < 0) - { - gnutls_assert(); - goto error; - } - + { + gnutls_assert (); + goto error; + } + *schema = result; return 0; @@ -803,9 +812,9 @@ read_pkcs_schema_params (schema_id *schema, const char *password, asn1_delete_structure (&pbes2_asn); return 0; - - default: - gnutls_assert(); + + default: + gnutls_assert (); } /* switch */ return GNUTLS_E_UNKNOWN_CIPHER_TYPE; @@ -893,7 +902,7 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key, if (result < 0) { - gnutls_assert(); + gnutls_assert (); goto error; } @@ -1443,26 +1452,22 @@ oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo) *algo = GNUTLS_CIPHER_3DES_CBC; return 0; } - else - if (strcmp (oid, DES_CBC_OID) == 0) + else if (strcmp (oid, DES_CBC_OID) == 0) { *algo = GNUTLS_CIPHER_DES_CBC; return 0; } - else - if (strcmp (oid, AES_128_CBC_OID) == 0) + else if (strcmp (oid, AES_128_CBC_OID) == 0) { *algo = GNUTLS_CIPHER_AES_128_CBC; return 0; } - else - if (strcmp (oid, AES_192_CBC_OID) == 0) + else if (strcmp (oid, AES_192_CBC_OID) == 0) { *algo = GNUTLS_CIPHER_AES_192_CBC; return 0; } - else - if (strcmp (oid, AES_256_CBC_OID) == 0) + else if (strcmp (oid, AES_256_CBC_OID) == 0) { *algo = GNUTLS_CIPHER_AES_256_CBC; return 0; @@ -1483,7 +1488,7 @@ read_pbe_enc_params (ASN1_TYPE pbes2_asn, int params_len, len, result; ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; char oid[64]; - const char* eparams; + const char *eparams; memset (params, 0, sizeof (params)); @@ -1518,17 +1523,16 @@ read_pbe_enc_params (ASN1_TYPE pbes2_asn, /* Now check the encryption parameters. */ - eparams = cipher_to_pkcs_params( params->cipher, NULL); + eparams = cipher_to_pkcs_params (params->cipher, NULL); if (eparams == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } if ((result = asn1_create_element (_gnutls_get_pkix (), - eparams, - &pbe_asn)) != ASN1_SUCCESS) + eparams, &pbe_asn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1617,35 +1621,35 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn, /* generate the key */ - switch(schema) + switch (schema) { - case PBES2_3DES: - case PBES2_AES_128: - case PBES2_AES_192: - case PBES2_AES_256: + case PBES2_3DES: + case PBES2_AES_128: + case PBES2_AES_192: + case PBES2_AES_256: - result = _gnutls_pbkdf2_sha1 (password, strlen (password), + result = _gnutls_pbkdf2_sha1 (password, strlen (password), kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, key, key_size); - if (result < 0) - { - gnutls_assert (); - goto error; - } - break; - default: - result = - _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, - kdf_params->salt_size, + if (result < 0) + { + gnutls_assert (); + goto error; + } + break; + default: + result = + _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, + kdf_params->salt_size, kdf_params->iter_count, password, key_size, key); - if (result < 0) - { - gnutls_assert (); - goto error; - } + if (result < 0) + { + gnutls_assert (); + goto error; + } } /* do the decryption. @@ -1810,20 +1814,18 @@ write_pbe_enc_params (ASN1_TYPE pbes2_asn, { int result; ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; - const char* oid, *eparams; + const char *oid, *eparams; /* Write the encryption algorithm */ - eparams = cipher_to_pkcs_params(params->cipher, &oid); + eparams = cipher_to_pkcs_params (params->cipher, &oid); if (eparams == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - result = - asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", - oid, 1); + result = asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", oid, 1); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1835,8 +1837,7 @@ write_pbe_enc_params (ASN1_TYPE pbes2_asn, */ if ((result = asn1_create_element (_gnutls_get_pkix (), - eparams, - &pbe_asn)) != ASN1_SUCCESS) + eparams, &pbe_asn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1895,36 +1896,36 @@ generate_key (schema_id schema, kdf_params->salt_size = MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10))); - switch(schema) - { - case PBES2_3DES: - enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; - break; - case PBES2_AES_128: - enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC; - break; - case PBES2_AES_192: - enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC; - break; - case PBES2_AES_256: - enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC; - break; + switch (schema) + { + case PBES2_3DES: + enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; + break; + case PBES2_AES_128: + enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC; + break; + case PBES2_AES_192: + enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC; + break; + case PBES2_AES_256: + enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC; + break; /* non PBES2 algorithms */ - case PKCS12_ARCFOUR_SHA1: - enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; - kdf_params->salt_size = 8; - break; - case PKCS12_3DES_SHA1: - enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; - kdf_params->salt_size = 8; - break; - case PKCS12_RC2_40_SHA1: - enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; - kdf_params->salt_size = 8; - break; - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + case PKCS12_ARCFOUR_SHA1: + enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; + kdf_params->salt_size = 8; + break; + case PKCS12_3DES_SHA1: + enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; + kdf_params->salt_size = 8; + break; + case PKCS12_RC2_40_SHA1: + enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; + kdf_params->salt_size = 8; + break; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt, @@ -1950,63 +1951,63 @@ generate_key (schema_id schema, /* now generate the key. */ - switch(schema) + switch (schema) { - case PBES2_3DES: - case PBES2_AES_128: - case PBES2_AES_192: - case PBES2_AES_256: + case PBES2_3DES: + case PBES2_AES_128: + case PBES2_AES_192: + case PBES2_AES_256: - ret = _gnutls_pbkdf2_sha1 (password, strlen (password), + ret = _gnutls_pbkdf2_sha1 (password, strlen (password), kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, key->data, kdf_params->key_size); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - if (enc_params->iv_size) - { - ret = _gnutls_rnd (GNUTLS_RND_NONCE, + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + if (enc_params->iv_size) + { + ret = _gnutls_rnd (GNUTLS_RND_NONCE, enc_params->iv, enc_params->iv_size); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } - break; - - default: - ret = - _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } + break; + + default: + ret = + _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, password, kdf_params->key_size, key->data); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - /* Now generate the IV - */ - if (enc_params->iv_size) - { - ret = - _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + /* Now generate the IV + */ + if (enc_params->iv_size) + { + ret = + _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, kdf_params->salt_size, kdf_params->iter_count, password, enc_params->iv_size, enc_params->iv); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } } @@ -2026,74 +2027,74 @@ write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, int result; ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; - switch(schema) + switch (schema) { - case PBES2_3DES: - case PBES2_AES_128: - case PBES2_AES_192: - case PBES2_AES_256: - if ((result = + case PBES2_3DES: + case PBES2_AES_128: + case PBES2_AES_192: + case PBES2_AES_256: + if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-5-PBES2-params", &pbes2_asn)) != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - result = write_pbkdf2_params (pbes2_asn, kdf_params); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - result = write_pbe_enc_params (pbes2_asn, enc_params); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + result = write_pbkdf2_params (pbes2_asn, kdf_params); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + result = write_pbe_enc_params (pbes2_asn, enc_params); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", pkcs8_asn, where, 0); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - asn1_delete_structure (&pbes2_asn); - break; - - default: - - if ((result = + if (result < 0) + { + gnutls_assert (); + goto error; + } + + asn1_delete_structure (&pbes2_asn); + break; + + default: + + if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-PbeParams", &pbes2_asn)) != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } - - result = write_pkcs12_kdf_params (pbes2_asn, kdf_params); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + result = write_pkcs12_kdf_params (pbes2_asn, kdf_params); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", pkcs8_asn, where, 0); - if (result < 0) - { - gnutls_assert (); - goto error; - } + if (result < 0) + { + gnutls_assert (); + goto error; + } - asn1_delete_structure (&pbes2_asn); + asn1_delete_structure (&pbes2_asn); } @@ -2297,7 +2298,7 @@ _gnutls_pkcs7_encrypt_data (schema_id schema, ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY; struct pbkdf2_params kdf_params; struct pbe_enc_params enc_params; - const char* str_oid; + const char *str_oid; if ((result = asn1_create_element (_gnutls_get_pkix (), @@ -2311,17 +2312,17 @@ _gnutls_pkcs7_encrypt_data (schema_id schema, /* Write the encryption schema OID */ - result = schema_to_oid(schema, &str_oid); + result = schema_to_oid (schema, &str_oid); if (result < 0) { - gnutls_assert(); + gnutls_assert (); return result; } result = - asn1_write_value (pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - str_oid, 1); + asn1_write_value (pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + str_oid, 1); if (result != ASN1_SUCCESS) { diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 8120da6ca7..2f8bc5c100 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -55,7 +55,9 @@ static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl, static int check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2) { - gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin = { NULL, 0 }; + gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin = + { + NULL, 0}; int result; result = _gnutls_x509_der_encode (cert1->cert, "", &cert1bin, 0); @@ -78,7 +80,7 @@ check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2) else result = 1; - cleanup: +cleanup: _gnutls_free_datum (&cert1bin); _gnutls_free_datum (&cert2bin); return result; @@ -427,7 +429,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, * MD2 algorithm. */ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], - certificate_list[clist_size - 1]) > 0) + certificate_list[clist_size - 1]) > 0) { clist_size--; } @@ -502,7 +504,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, for (i = 0; i < clist_size; i++) { t = gnutls_x509_crt_get_activation_time (certificate_list[i]); - if (t == (time_t) -1 || now < t) + if (t == (time_t) - 1 || now < t) { status |= GNUTLS_CERT_NOT_ACTIVATED; status |= GNUTLS_CERT_INVALID; @@ -510,7 +512,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, } t = gnutls_x509_crt_get_expiration_time (certificate_list[i]); - if (t == (time_t) -1 || now > t) + if (t == (time_t) - 1 || now > t) { status |= GNUTLS_CERT_EXPIRED; status |= GNUTLS_CERT_INVALID; @@ -670,27 +672,27 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text, if (prehash && prehash->data && prehash->size == digest_size) { - cmp = prehash->data; + cmp = prehash->data; } else { - if (!text) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_hash_init (&hd, hash); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - _gnutls_hash (&hd, text->data, text->size); - _gnutls_hash_deinit (&hd, md); - - cmp = md; + if (!text) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_hash_init (&hd, hash); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + _gnutls_hash (&hd, text->data, text->size); + _gnutls_hash_deinit (&hd, md); + + cmp = md; } if (memcmp (cmp, digest, digest_size) != 0) @@ -717,22 +719,22 @@ dsa_verify_sig (const gnutls_datum_t * text, if (hash && hash->data && hash->size == 20) { - digest = *hash; + digest = *hash; } else { - ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - _gnutls_hash (&hd, text->data, text->size); - _gnutls_hash_deinit (&hd, _digest); - - digest.data = _digest; - digest.size = 20; + ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + _gnutls_hash (&hd, text->data, text->size); + _gnutls_hash_deinit (&hd, _digest); + + digest.data = _digest; + digest.size = 20; } ret = _gnutls_dsa_verify (&digest, signature, params, params_len); @@ -783,7 +785,7 @@ verify_sig (const gnutls_datum_t * tbs, } int -_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t *hash, +_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash, const gnutls_datum_t * signature, const gnutls_x509_crt_t issuer) { @@ -797,16 +799,19 @@ _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t *hash, switch (gnutls_x509_crt_get_pk_algorithm (issuer, NULL)) { case GNUTLS_PK_DSA: - if (hash) *hash = GNUTLS_MAC_SHA1; + if (hash) + *hash = GNUTLS_MAC_SHA1; return 0; case GNUTLS_PK_RSA: issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; - ret = _gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size); + ret = + _gnutls_x509_crt_get_mpis (issuer, issuer_params, + &issuer_params_size); if (ret < 0) { - gnutls_assert (); - return ret; + gnutls_assert (); + return ret; } ret = @@ -815,30 +820,31 @@ _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t *hash, /* release allocated mpis */ for (i = 0; i < issuer_params_size; i++) - { - _gnutls_mpi_release (&issuer_params[i]); - } + { + _gnutls_mpi_release (&issuer_params[i]); + } if (ret < 0) { - gnutls_assert (); - return ret; + gnutls_assert (); + return ret; } digest_size = sizeof (digest); if ((ret = - decode_ber_digest_info (&decrypted, hash, digest, &digest_size)) != 0) + decode_ber_digest_info (&decrypted, hash, digest, + &digest_size)) != 0) { - gnutls_assert (); - _gnutls_free_datum (&decrypted); - return ret; + gnutls_assert (); + _gnutls_free_datum (&decrypted); + return ret; } _gnutls_free_datum (&decrypted); if (digest_size != _gnutls_hash_get_algo_len (*hash)) { - gnutls_assert (); - return GNUTLS_E_ASN1_GENERIC_ERROR; + gnutls_assert (); + return GNUTLS_E_ASN1_GENERIC_ERROR; } return 0; @@ -1188,7 +1194,8 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl, } ret = - _gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature, issuer); + _gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature, + issuer); if (ret < 0) { gnutls_assert (); diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index a57ccc287f..c5b7b13ca5 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -556,8 +556,8 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage) **/ int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t type, - const char *data_string) + gnutls_x509_subject_alt_name_t + type, const char *data_string) { if (crt == NULL) { @@ -1189,8 +1189,7 @@ gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, - const void *oid, - unsigned int critical) + const void *oid, unsigned int critical) { int result; gnutls_datum_t old_id, der_data; |